海运的博客

mosdns删除dns返回结果中的cname直接返回a记录插件

发布时间:January 18, 2022 // 分类: // No Comments

unbound做mosdns前置的时候会重新查询域名返回的dns cname记录,这样mosdns做dns域名分流的时候还要额外添加cname域名规则,写了一个mosdns插件删除cname信息直接返回a记录避免二次查询。

//dispatcher/plugin/executable/dcname/dcname.go
package dcname

import (
  "context"
  "github.com/IrineSistiana/mosdns/v3/dispatcher/handler"
  "github.com/IrineSistiana/mosdns/v3/dispatcher/pkg/dnsutils"
  "github.com/miekg/dns"
)

const (
  PluginType = "dcname"
)

func init() {
  handler.RegInitFunc(PluginType, Init, func() interface{} { return new(Args) })
}

var _ handler.ExecutablePlugin = (*dcname)(nil)

type Args struct {
}

type dcname struct {
  *handler.BP
  args *Args
}

func Init(bp *handler.BP, args interface{}) (p handler.Plugin, err error) {
  return newDcname(bp, args.(*Args)), nil
}

func newDcname(bp *handler.BP, args *Args) handler.Plugin {
  return &dcname{
    BP:   bp,
    args: args,
  }
}

func (t *dcname) Exec(ctx context.Context, qCtx *handler.Context, next handler.ExecutableChainNode) error {
  if r := qCtx.R(); r != nil {
    q := qCtx.Q()
    if (len(q.Question) == 1 && len(r.Answer) >= 1) {
      qname := q.Question[0].Name
      qtype := q.Question[0].Qtype
      rname := r.Answer[0].Header().Name
      rtype := r.Answer[0].Header().Rrtype
      if ((qtype == dns.TypeA || qtype == dns.TypeAAAA) && qname == rname && rtype == dns.TypeCNAME) {
        var Answer2 []dns.RR
        for i := range r.Answer {
          var rr2 dns.RR
          switch rr := r.Answer[i].(type) {
          case *dns.A:
            rr2 = &dns.A{
              Hdr: dns.RR_Header{
                Name:   qname,
                Rrtype: dns.TypeA,
                Class:  dns.ClassINET,
                Ttl:    r.Answer[i].Header().Ttl,
              },
              A: rr.A,
            }
          case *dns.AAAA:
            rr2 = &dns.AAAA{
              Hdr: dns.RR_Header{
                Name:   qname,
                Rrtype: dns.TypeAAAA,
                Class:  dns.ClassINET,
                Ttl:    r.Answer[i].Header().Ttl,
              },
              AAAA: rr.AAAA,
            }
          default:
            continue
          }
          Answer2 = append(Answer2, rr2)
        }
        r.Answer = Answer2
      }
    }
  }
  return handler.ExecChainNode(ctx, qCtx, next)
}

开启插件:

dispatcher/plugin/enabled_plugin.go 
_ "github.com/IrineSistiana/mosdns/v3/dispatcher/plugin/executable/dcname"

qCtx.Q()和qCtx.R()分别获取查询和返回的信息,*dns.Msg定义在:
https://github.com/miekg/dns/blob/master/msg.go#L109
查询信息Question []Question定义在:
https://github.com/miekg/dns/blob/master/types.go#L228
返回信息Answer RR[]定义在:
https://github.com/miekg/dns/blob/master/dns.go#L31
Answer Header:
https://github.com/miekg/dns/blob/master/dns.go#L67
DNS TYPE:
https://github.com/miekg/dns/blob/master/types.go#L25

此内容被密码保护

发布时间:January 14, 2022 // 分类: // No Comments

请输入密码访问

linux以普通用户执行程序

发布时间:December 28, 2021 // 分类: // No Comments

不切换到用户目录且用户不包含shell,runuser和sudo参数--为参数终止符,可通过alias调用。

runuser -u nobody -- id -un
sudo -u nobody -- id -un
su nobody -s /bin/bash -c 'id -un'

参考:
https://www.cyberciti.biz/open-source/linux-run-command-as-different-user/

caddy为nginx网站提供http3 quic支持

发布时间:December 27, 2021 // 分类: // No Comments

由于nginx监听了443端口,caddy监听其它端口,通过iptables dnat到caddy端口也能使用,但是caddy head会返回alt-svc包含监听的端口,通过使用docker桥接方式启动caddy可解决。
docker build安装caddy镜像:

FROM debian:bullseye
RUN apt update -y
RUN apt install curl net-tools vim iputils-ping -y
RUN curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | tee /etc/apt/trusted.gpg.d/caddy-stable.asc
RUN curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
RUN apt update -y
RUN apt install caddy
docker build --tag debian-caddy:v1 - < Dockerfile

启动:

docker run -d --name caddy-http3 -p 443:443/udp --dns=172.17.0.1 --restart=always -v /etc/caddy:/etc/caddy -v /data/www.haiyun.me:/data/www.haiyun.me -v /acme/haiyun.me:/acme/haiyun.me debian-caddy:v1 caddy run -config /etc/caddy/Caddyfile

caddy配置文件:

{
  admin off
  auto_https off
  servers  {
    protocol {
      experimental_http3
    }
  }
}
https://www.haiyun.me:443 {
  tls /acme/haiyun.me/haiyun.me.cer /acme/haiyun.me/haiyun.me.key
  reverse_proxy https://www.haiyun.me {
    header_up X-Forwarded-For {remote_host}
    header_down -server
  }
}

nginx添加head:

add_header Alt-Svc "h3=\":443\"; ma=86400,h3-29=\":443\"; ma=86400";

可通过编译curl支持http3测试。

编译curl http3 quic支持

发布时间:December 27, 2021 // 分类: // 2 Comments

方法一,使用openssl ngtcp2 nghttp3编译curl支持http3 quic:

apt install build-essential autoconf libtool pkg-config 
git clone --depth 1 -b OpenSSL_1_1_1m+quic https://github.com/quictls/openssl
cd openssl/
./config enable-tls1_3 --prefix=/usr/local/openssl
 make && make install
cd ../
git clone https://github.com/ngtcp2/nghttp3
cd nghttp3/
autoreconf -fi
./configure --prefix=/usr/local/nghttp3 --enable-lib-only
make && make install
cd ../
git clone https://github.com/ngtcp2/ngtcp2
cd ngtcp2/
autoreconf -fi
./configure PKG_CONFIG_PATH=/usr/local/openssl/lib/pkgconfig:/usr/local/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/usr/local/openssl/lib" --prefix=/usr/local/ngtcp2 --enable-lib-only 
 make && make install
cd ../
wget https://github.com/curl/curl/releases/download/curl-7_80_0/curl-7.80.0.tar.gz
tar zxf curl-7.80.0.tar.gz 
cd curl-7.80.0/
LDFLAGS="-Wl,-rpath,/usr/local/openssl/lib64" ./configure --with-openssl=/usr/local/openssl/ --with-nghttp3=/usr/local/nghttp3 --with-ngtcp2=/usr/local/ngtcp2 --prefix=/usr/local/curl
make && make install
LD_LIBRARY_PATH="/usr/local/curl/lib/:/usr/local/openssl/lib/" /usr/local/curl/bin/curl -V

方法二,通过quiche编译支持http3 quic:

apt install build-essential cmake pkg-config
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
git clone --recursive https://github.com/cloudflare/quiche
cd quiche/
cargo build --package quiche --release --features ffi,pkg-config-meta,qlog
mkdir quiche/deps/boringssl/src/lib
ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/
cd ../
wget https://github.com/curl/curl/releases/download/curl-7_80_0/curl-7.80.0.tar.gz
tar zxf curl-7.80.0.tar.gz 
cd curl-7.80.0/
./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-openssl=$PWD/../quiche/quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release --prefix=/usr/local/curl
make && make install
cp ../quiche/target/release/libquiche.so /usr/local/curl/lib/
LD_LIBRARY_PATH="/usr/local/curl/lib/"  /usr/local/curl/bin/curl -V

使用curl测试http3 quic:

LD_LIBRARY_PATH="/usr/local/curl/lib/:/usr/local/openssl/lib/"  /usr/local/curl/bin/curl --http3 https://www.haiyun.me  -I

使用中遇到的问题,quiche编译的curl下载一会后断流,openssl编译的curl下载速度很慢。
参考:
https://github.com/curl/curl/blob/master/docs/HTTP3.md

  1. 1
  2. ...
  3. 7
  4. 8
  5. 9
  6. 10
  7. 11
  8. 12
  9. 13
  10. ...
  11. 193
分类
最新文章
最近回复
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
  • 孤狼: 擦。。。。apcupsd会失联 nut在冲到到100的时候会ONBATT进入关机状态,我想想办...
  • 海运: 网络,找到相应的url编辑重发请求,firefox有此功能,其它未知。
  • knetxp: 用浏览器F12网络拦截或监听后编辑重发请求,修改url中的set为set_super,将POS...
  • Albert: 啊啊啊啊啊啊啊啊啊 我太激动了,终于好了英文区搜索了半天,翻遍了 pve 论坛没找到好方法,博...
归档