Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes from upstream #2

Open
wants to merge 68 commits into
base: upstream
Choose a base branch
from
Open

Changes from upstream #2

wants to merge 68 commits into from

Conversation

willscott
Copy link
Member

Creating a PR over local changes as a place to do code review

tanyav2 and others added 30 commits February 9, 2021 15:35
@tanyav2
Add more target tests, add invalid keyID error code
d13cf5c
@natesales
create gitignore
d309f3c
@natesales
simplify cli config with flags
8101246
@natesales
cleanup unnecessary constants
aa1dd21
@natesales
testing: cleanup error handling and consistency with Go code style
fdc9664
@natesales
move resolver to CLI flag
defbc4f
@natesales
ignore PEM files and output binary
3b4aa6f
@natesales
require cert and key flags
921ef4c
@natesales
proxy: handle errors safely
efb23da
@natesales
target: cleanup and handle errors
ce46005
@natesales
Merge branch 'master' into tanya/more-target-tests
daa7c73
@natesales
Merge pull request #1 from emeraldonion/tanya/more-target-tests
17c6d1b 
merge tanya/more-target-tests to master
@natesales
update readme info
b229226
@natesales
ci: fix tests from fork
f333972
@natesales
tests: target test consistency
178566a
@natesales
rename master to main
3992a08
@natesales
testing: fix resolver slice
b34be96
@natesales
fix error handling
66bb82f
@natesales
fix incorrect status code in test
71c9895
@natesales
bump module versions
f8d8dd3
@natesales
pass verbose flag into targetServer
3621823
@natesales
replace verbose bool with logging debug level
89f8fb0
@natesales
cleanup Makefile
cc42f5a
@natesales
remove target telemetry
160d0bb
@natesales
remove app deployment manifests
22eef66
@natesales
remove useless name function
8742f7d
@natesales
add badges
5c9f8c8
@natesales
go mod tidy
d23fd69
@natesales
add coverage badge
2cf438f
@natesales
add coverage testing
89be5e2
willscott
willscott commented Apr 22, 2021
View reviewed changes
.goreleaser.yml Outdated
homepage: https://packetframe.com
maintainer: Nate Sales <[email protected]>
description: Oblivious DNS over HTTPS server
license: GNU GPL-3.0
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given the use of MIT code from cloudflare, the easiest is to continue to mark this overall as an MIT package, if that's acceptable to you.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, that's a mistake on my part. Fixed in 9606a68

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And the hompage there is wrong too. Remnants from an old package. Fixed in 4f4ccc5

main.go Outdated
log.Fatal(err)
}

keyPair, err := odoh.CreateKeyPairFromSeed(hpke.DHKEM_X25519, hpke.KDF_HKDF_SHA256, hpke.AEAD_AESGCM128, seed)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it okay to have the keypair only rotate on process restart? is it worth having the seed periodically roll over within the lifetime of the process?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll have to look deeper into the IETF draft to see if there's an explicit policy about this. From an initial look I'm not seeing any reference to automated key rollover, so if we were to add this what interval would you recommend? Should it be a configurable parameter?

Also, one thing that we may add later is configuration for long lived TLS sessions that are set up when the process starts. We'd need to keep this in mind during key rollover.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i imagine this would be needed for resuming sessions more efficiently, or something of that nature? having it rotate once a day seems like a reasonable default there.
Based on how it's passed in / used, I would expect that long-lived connections would continue to use whatever key existed when they were initiated, right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll have to test to make sure, but it seems logical that we would keep any long lived sessions with their original key unless it's required by the protocol to keep it current.

main.go Outdated

target := &targetServer{
resolver: &targetResolver{
timeout: 2500 * time.Millisecond,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

possible to make this configurable?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. Timeouts are now configurable: 5e1a4dc

main.go Outdated
client: &http.Client{
Transport: &http.Transport{
MaxIdleConnsPerHost: 1024,
TLSHandshakeTimeout: 0 * time.Second,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't we force some sort of timeout here?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per #2 (comment), timeouts are now configurable in 5e1a4dc

natesales and others added 26 commits April 21, 2021 20:37
@natesales
update package license
9606a68
@natesales
Merge remote-tracking branch 'origin/main' into main
d6481d1
@natesales
add target and proxy timeouts
5e1a4dc
@github-actions
ci: update coverage
e76c210
@natesales
fix homepage URL
4f4ccc5
@natesales
Merge remote-tracking branch 'origin/main' into main
15949d4
@natesales
add target timeout test
d999871
@github-actions
ci: update coverage
2523041
@natesales
add main unit tests
f9c028d
@natesales
Merge remote-tracking branch 'origin/main'
ecda2a8
@github-actions
ci: update coverage
53a7f3f
@natesales
ignore cover.out
7210175
@natesales
Merge branch 'main' of https://github.com/emeraldonion/odoh-server-go
034946a
@natesales
feat: add TLS server test
817b60d
@natesales
feat: add prometheus metrics
6947aea
@natesales
feat: add prometheus metrics
2d2a588
@natesales
refactor: remove extra ci workflow
c19f7d6
@natesales
fix: generate self signed cert before test
28b14bf
@natesales
feat: add version flag
2647235
@github-actions
ci: update coverage
c633101
@natesales
bump to go 1.17 and update deps
f1a7743
@natesales
refactor: defer proxy response error handler
952e8b0
@natesales
feat: add docker build
ee6beb2
@github-actions
ci: update coverage
d5fbba6
@natesales
chore: bump dependencies
37ffe04
@natesales
refactor: remove ioutil and unused test code
d9989f6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@natesales natesales natesales left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@willscott @natesales @tanyav2