Add support for dnscrypt protocol

[UniverseXXX]

Here is the error log:

Sun Oct 22 11:33:06 2017 uucp.warn /usr/sbin/noddos[5167]: HostCache: Couldn't open /var/lib/noddos/DnsCache.json for reading Sun Oct 22 11:33:06 2017 uucp.info /usr/sbin/noddos[5167]: HostCache: DeviceMatches read: 0 Sun Oct 22 11:33:06 2017 uucp.crit /usr/sbin/noddos[5167]: Mdns: bind Sun Oct 22 11:33:06 2017 daemon.info procd: Instance noddos::instance1 s in a crash loop 6 crashes, 1 seconds since last crash

Installed version - 0.5.4-1

[tapper82]

Hi I am getting: Sun Oct 22 18:53:10 2017 uucp.warn /usr/sbin/noddos[8268]: HostCache: Couldn't open /var/lib/noddos/DnsCache.json for reading Sun Oct 22 18:53:10 2017 uucp.warn /usr/sbin/noddos[8268]: HostCache: Couldn't open /etc/noddos/DeviceMatches.json Sun Oct 22 18:53:10 2017 uucp.crit /usr/sbin/noddos[8268]: Mdns: bind

LEDE Model Linksys WRT3200ACM Firmware Version Lede Reboot SNAPSHOT r5113-2af10c30fe / LuCI Master (git-17.291.51172-a98548e) Kernel Version 4.9.57

I installed latest from here: https://noddos.io/dist/lede/releases/snapshots/arch/mvebu/packages/master/

[byoda]

The bind(2) call is failing. Can you please attach the output of `ifconfig -a' to this bug? Please review this output with the definition of LanInterfaces and WanInterfaces in /etc/noddos/noddos.conf and make any changes as necessary. Additionally, please install strace with 'opkg install strace', execute from the command line 'strace /usr/sbin/noddos -n -c /var/etc/noddos.conf' and attach the output to this bug.

[UniverseXXX]

Hi @StevenHessing

The /etc/noddos/noddos.conf-base has correct interfaces defined against "LanInterfaces": ["eth0", "br-lan"], "WanInterfaces": ["eth1"] ifconfig.txt

Here is the output of strace: strace.txt

Thanks.

[byoda]

Thanks for the strace. It shows that noddos can't bind to MDNS / 5353 UDP port. Do you have an MDNS daemon running like Avahi? (opkg install lsof; lsof -i 5353)

To test, please disable that daemon and start noddos again. If that resolves the issue then I'll need to see how noddos can run in parallel with any MDNS daemon.

Relevant strace output: bind(11, {sa_family=AF_INET, sin_port=htons(5353), sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EADDRINUSE (Address in use)

[UniverseXXX]

@StevenHessing I've got DNSCrypt installed (don't know if it affects noddos somehow). lsof -i 5353 output:

lsof: unknown protocol name (5353) in: -i 5353

[byoda]

Sorry, lsof -i :5353

[UniverseXXX]

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dnscrypt- 19340 nobody 7u IPv4 2624343 0t0 UDP localhost:mdns dnscrypt- 19340 nobody 9u IPv4 2624345 0t0 TCP localhost:mdns (LISTEN)

[byoda]

Yup, we have the culprit. Not sure if you want to stop using dnscrypt but would be helpful to confirm that this is the issue if you can temporarily stop dnscrypt (probably using 'service dnscrypt stop') and then launch noddos ('service noddos start'). If noddos launches successfully then you can stop noddos and restart dnscrypt (of course I would have rather that you skip the last step). Reading up a bit in dnscrypt, it could interfere with the capability of noddos to track DNS queries so would have to add support for the dnscrypt protocol to noddos.

[UniverseXXX]

Disabling DNSCrypt and Adblock(just in case) seems to be fixing the issue as I can see some noddos actions in the log:

Sat Oct 28 15:47:48 2017 uucp.notice /usr/sbin/noddos[2657]: HostCache: Got invalid ARP entry 00:00:00:00:00:00 for fd42:19f3:38c3::a1b Sat Oct 28 15:47:48 2017 uucp.notice /usr/sbin/noddos[2657]: HostCache: Got invalid ARP entry 00:00:00:00:00:00 for fd42:19f3:38c3::a1b Sat Oct 28 15:47:48 2017 uucp.notice /usr/sbin/noddos[2657]: HostCache: Got invalid ARP entry 00:00:00:00:00:00 for fd42:19f3:38c3::a1b Sat Oct 28 15:47:49 2017 uucp.notice /usr/sbin/noddos[2657]: HostCache: Got invalid ARP entry 00:00:00:00:00:00 for fd42:19f3:38c3::a1b Sat Oct 28 15:48:25 2017 uucp.notice /usr/sbin/noddos[2657]: HostCache: Got invalid ARP entry 00:00:00:00:00:00 for fe80::1cf1:2a9c:8c29:3842 Sat Oct 28 15:48:27 2017 uucp.notice /usr/sbin/noddos[2657]: HostCache: Got invalid ARP entry 00:00:00:00:00:00 for fe80::9610:3eff:fe18:470a

[byoda]

You can ignore those log messages, they are harmless and in the upcoming v0.5.5 demoted to debug messages..

Try starting DNScrypt while noddos is running?

[UniverseXXX]

Started. No crash message on the log. Still can see above errors(2657). noddos screen with un/recognised clients has nothing.

[byoda]

See if there are /etc/noddos/DeviceMatches.json and /var/lib/noddos/DeviceDump.json files and what their contents are.

[UniverseXXX]

DeviceDump is empty.

DeviceMatches.txt

[tapper82]

Hi I was running dnscrypt to. Is there any way to get noddos to work along side dnscrypt. When a new test build with the latest fixs comes out I will test with dnscrypt uninstalled. Thanks for your hard work.

[byoda]

Keep this issue open for new feature: noddos to support DNScrypt.

Will open another issue for noddos to run together with other daemons listening to UDP:5353

[byoda]

Btw, I have added the Naim Mu-so to the list of device profiles. If you download the latest profiles and reload noddos then it should now be recognized; you'll see a value for the Uuid in DeviceMatches.json and you'll see it listed in the Luci Noddos Clients UI. The Naim Mu-so is now also present on https://stats.noddos.io/ so if you enable upload of data then you'll see the traffic destinations of the device there.

Downloading new device profiles: /usr/bin/getnoddosdeviceprofiles; if [ $? -gt 0 ]; then service noddos reload; fi

[tapper82]

This is still broken in latest LEDE snapshot. I realy want to give this a chance but.... Is the package in the openwrt packages the latest code?

[tapper82]

I am still getting: Wed Jan 17 20:21:07 2018 uucp.warn /usr/sbin/noddos[8530]: HostCache: Couldn't open /var/lib/noddos/DnsCache.json for reading Wed Jan 17 20:21:07 2018 uucp.warn /usr/sbin/noddos[8530]: HostCache: Couldn't open /etc/noddos/DeviceMatches.json Wed Jan 17 20:21:07 2018 uucp.crit /usr/sbin/noddos[8530]: Mdns: bind What about this bit in the wiki? Also edit the LanInterfaces list. You should put both physical LAN interfaces and bridge interfaces. For example, on a Linksys WRT 1200 AC, the entry would be ['eth0', 'br-lan'] and this is the default configuration. I am running this on a wrt3200acm and cant find were to do this. Were is the LAN interfaces list?

[byoda]

The LAN interfaces are automatically discovered by the /etc/init.d/noddos script by executing $(uci get network.lan.ifname) and $(uci get network.lan.type). If you want to make manual changes you can edit /var/etc/noddos.yml and manually restart noddos. Don't use the init.d script (or 'service noddos stop/start) in this case as it will override your changes.

[tapper82]

Hi still cant get it to work. When will you do a new build with the dns fixes?

[byoda]

Current work on DNS fixes are not related to your issue and I don't have an ETA for them. If you stop dnscrypt and then start noddos, does noddos start successfully?

On Thu, Jan 18, 2018 at 2:21 AM, tapper82 notifications@github.com wrote:

Hi still cant get it to work. When will you do a new build with the dns fixes?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/noddos/noddos/issues/35#issuecomment-358602728, or mute the thread https://github.com/notifications/unsubscribe-auth/AWiy-dA34JBAwxG1QADCS-XEfhSct4cqks5tLxs0gaJpZM4QB5r7 .

[tapper82]

Hi noddos still will not work any news?

[byoda]

As per my previous message: if you stop dnscrypt and then start noddos, does noddos start successfully?