vasek00 Posted July 25, 2017 Share Posted July 25, 2017 Возможно ли поднять в OPKG lib библиотеку /opt/etc/init.d # opkg list | grep libsodium libsodium - 1.0.12-1 - NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools. Sodium is a portable, cross-compilable, installable, packageable fork of NaCl (based on the latest released upstream version nacl-20110221), with a compatible API. The design choices, particularly in regard to the Curve25519 Diffie-Hellman function, emphasize security (whereas NIST curves emphasize "performance" at the cost of security), and "magic constants" in NaCl/Sodium have clear rationales. The same cannot be said of NIST curves, where the specific origins of certain constants are not described by the standards. And despite the emphasis on higher security, primitives are faster across-the-board than most implementations of the NIST standards. /opt/etc/init.d # до релиза 1.0.13 https://github.com/jedisct1/dnscrypt-proxy/issues/542 Quote Link to comment Share on other sites More sharing options...
TheBB Posted August 5, 2017 Share Posted August 5, 2017 В 25.07.2017 в 16:02, vasek00 сказал: до релиза 1.0.13 E-3x mipsel ждём результата... ))) Quote Link to comment Share on other sites More sharing options...
vasek00 Posted August 5, 2017 Author Share Posted August 5, 2017 (edited) ОК и СПС Поставил, запустил. Разберусь с релизами сейчас. /opt/etc/init.d # lsof | grep libsodium dnscrypt- 5301 root mem REG 8,2 464288 4357 /opt/lib/libsodium.so.18.3.0 /opt/etc/init.d # Да это он _sodium_malloc 1.0.13 ... Edited August 5, 2017 by vasek00 Quote Link to comment Share on other sites More sharing options...
TheBB Posted August 5, 2017 Share Posted August 5, 2017 да, забыл... вот ещё: dnscrypt-proxy_1.9.5-4a_mipsel-3x.ipk dnscrypt-proxy-resolvers_1.9.5+git-20170530-60baef4-4a_mipsel-3x.ipk hostip_1.9.5-4a_mipsel-3x.ipk с плагинами ))) 1 Quote Link to comment Share on other sites More sharing options...
vasek00 Posted August 5, 2017 Author Share Posted August 5, 2017 (edited) Ну вообще порадовали. Пока все запустилось. Скрытый текст dnsmasq 5277 nobody cwd DIR 31,4 202 71 / dnsmasq 5277 nobody rtd DIR 31,4 202 71 / dnsmasq 5277 nobody txt REG 8,2 282388 6321 /opt/sbin/dnsmasq dnsmasq 5277 nobody mem REG 8,2 49680 4109 /opt/lib/libnss_files-2.25.so dnsmasq 5277 nobody mem REG 8,2 17764 4257 /opt/lib/libmnl.so.0.2.0 dnsmasq 5277 nobody mem REG 8,2 1616316 4129 /opt/lib/libc-2.25.so dnsmasq 5277 nobody mem REG 8,2 93848 4131 /opt/lib/libgcc_s.so.1 dnsmasq 5277 nobody mem REG 8,2 24944 4255 /opt/lib/libnfnetlink.so.0.2.0 dnsmasq 5277 nobody mem REG 8,2 118740 4253 /opt/lib/libnetfilter_conntrack.so.3.6.0 dnsmasq 5277 nobody mem REG 8,2 150220 4128 /opt/lib/ld-2.25.so dnsmasq 5277 nobody 0u CHR 1,3 0t0 1053 /dev/null dnsmasq 5277 nobody 1u CHR 1,3 0t0 1053 /dev/null dnsmasq 5277 nobody 2u CHR 1,3 0t0 1053 /dev/null dnsmasq 5277 nobody 3u netlink 0t0 91211 ROUTE dnsmasq 5277 nobody 4u IPv4 91213 0t0 UDP 192.168.1.100:domain dnsmasq 5277 nobody 5u IPv4 91214 0t0 TCP 192.168.1.100:domain (LISTEN) dnsmasq 5277 nobody 6u IPv4 91215 0t0 UDP localhost:domain dnsmasq 5277 nobody 7u IPv4 91216 0t0 TCP localhost:domain (LISTEN) dnsmasq 5277 nobody 8u IPv6 91217 0t0 UDP [fe80::...8]:domain dnsmasq 5277 nobody 9u IPv6 91218 0t0 TCP [fe80::...8]:domain (LISTEN) dnsmasq 5277 nobody 10u IPv6 91219 0t0 UDP localhost:domain dnsmasq 5277 nobody 11u IPv6 91220 0t0 TCP localhost:domain (LISTEN) dnsmasq 5277 nobody 12r a_inode 0,7 0 4 inotify dnsmasq 5277 nobody 13r FIFO 0,6 0t0 91225 pipe dnsmasq 5277 nobody 14w FIFO 0,6 0t0 91225 pipe dnsmasq 5277 nobody 15u unix 0x84c62800 0t0 89329 type=DGRAM dnscrypt- 6047 root cwd DIR 8,2 1024 245764 /opt/etc/init.d dnscrypt- 6047 root rtd DIR 31,4 202 71 / dnscrypt- 6047 root txt REG 8,2 158416 6327 /opt/sbin/dnscrypt-proxy dnscrypt- 6047 root mem REG 8,2 122696 4123 /opt/lib/libpthread-2.25.so dnscrypt- 6047 root mem REG 8,2 1616316 4129 /opt/lib/libc-2.25.so dnscrypt- 6047 root mem REG 8,2 93848 4131 /opt/lib/libgcc_s.so.1 dnscrypt- 6047 root mem REG 8,2 996704 4130 /opt/lib/libm-2.25.so dnscrypt- 6047 root mem REG 8,2 10664 4120 /opt/lib/libdl-2.25.so dnscrypt- 6047 root mem REG 8,2 464288 4357 /opt/lib/libsodium.so.18.3.0 dnscrypt- 6047 root mem REG 8,2 36628 4325 /opt/lib/libltdl.so.7.3.0 dnscrypt- 6047 root mem REG 8,2 150220 4128 /opt/lib/ld-2.25.so dnscrypt- 6047 root 0r CHR 1,3 0t0 1053 /dev/null dnscrypt- 6047 root 1w CHR 1,3 0t0 1053 /dev/null dnscrypt- 6047 root 2w CHR 1,3 0t0 1053 /dev/null dnscrypt- 6047 root 3r CHR 1,9 0t0 1070 /dev/urandom dnscrypt- 6047 root 4u unix 0x84c62e00 0t0 99913 type=DGRAM dnscrypt- 6047 root 5u a_inode 0,7 0 4 [eventpoll] dnscrypt- 6047 root 6u unix 0x84c62600 0t0 99914 type=STREAM dnscrypt- 6047 root 7u unix 0x85b0be00 0t0 99915 type=STREAM dnscrypt- 6047 root 8r CHR 1,9 0t0 1070 /dev/urandom dnscrypt- 6047 root 9u IPv4 99916 0t0 UDP localhost:60053 dnscrypt- 6047 root 10u IPv4 99917 0t0 UDP *:43689 dnscrypt- 6047 root 11u IPv4 99918 0t0 TCP localhost:60053 (LISTEN) Edited August 5, 2017 by vasek00 Quote Link to comment Share on other sites More sharing options...
TheBB Posted August 5, 2017 Share Posted August 5, 2017 нужны тесты, поставляется as is... радоваться рано Quote Link to comment Share on other sites More sharing options...
vasek00 Posted August 5, 2017 Author Share Posted August 5, 2017 1 час назад, TheBB сказал: нужны тесты, поставляется as is... радоваться рано Это понятно, нужно время на оценку возможной проблемы (по сравнению с той что была) и то что она случайная или постоянная. Quote Link to comment Share on other sites More sharing options...
vasek00 Posted August 6, 2017 Author Share Posted August 6, 2017 (edited) За сутки с небольшим - анализ работы на много лучше чем было ранее (ощущение по отзывчивости). Так проверял в основном udp работу при конфиге ниже : Скрытый текст DNSmasq no-resolv interface=br0 bind-interfaces listen-address=192.168.1.100 #except-interface=lo server=127.0.0.2#60053 addn-hosts=/opt/tmp/hosts0 addn-hosts=/opt/tmp/malwaredom_block.host addn-hosts=/opt/tmp/mvps_block.host cache-size=150 и так же с cache-size=0 log-queries log-facility=/opt/var/log/dnsmasq.log log-async=25 dnscrypt-proxy --local-address=127.0.0.2:65053 --daemonize –edns-payload-size=1252 -R cisco -l /opt/tmp/dnscrypt-proxy.60053.log -m 7 -m --loglevel=<level>: don't log events with priority above this level after the service has been started up. Default is 6, the value for LOG_INFO. Valid values are 0 (system is unusable), 1 (action must be taken immediately), 2 (critical conditions), 3 (error conditions), 4 (warning conditions), 5 (normal but significant condition), 6 (informational) and 7 (debug-level messages). Созданный dnscrypt-proxy.60053.log чистый с момента запуска в нем тишина. Пока без замечаний. Sun Aug 5 11:39:29 2017 [NOTICE] Starting dnscrypt-proxy 1.9.5 Sun Aug 5 11:39:29 2017 [INFO] Generating a new session key pair Sun Aug 5 11:39:29 2017 [INFO] Done Sun Aug 5 11:39:29 2017 [INFO] Server certificate with serial #1493333488 received Sun Aug 5 11:39:29 2017 [INFO] This certificate is valid Sun Aug 5 11:39:29 2017 [INFO] Chosen certificate #1493333488 is valid from [2017-03-24] to [2018-03-24] Sun Aug 5 11:39:29 2017 [INFO] The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy. Sun Aug 5 11:39:29 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778 Sun Aug 5 11:39:29 2017 [NOTICE] Proxying from 127.0.0.2:60053 to 208.67.220.220:443 Sun Aug 5 12:41:00 2017 [INFO] Refetching server certificates Sun Aug 5 12:41:00 2017 [INFO] Server certificate with serial #1493333488 received Sun Aug 5 12:41:00 2017 [INFO] This certificate is valid Sun Aug 5 12:41:00 2017 [INFO] Chosen certificate #1493333488 is valid from [2017-03-24] to [2018-03-24] Sun Aug 5 12:41:00 2017 [INFO] The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy. Sun Aug 5 12:41:00 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778 .... По dnsmasq log Скрытый текст Aug 5 14:17:22 dnsmasq[7303]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth no-DNSSEC no-ID loop-detect inotify Aug 5 14:17:22 dnsmasq[7303]: using nameserver 127.0.0.2#60053 Aug 5 14:17:23 dnsmasq[7303]: read /opt/etc/hosts - 2 addresses Aug 5 14:17:23 dnsmasq[7303]: read /opt/tmp/mvps_block.host - 13273 addresses Aug 5 14:17:23 dnsmasq[7303]: read /opt/tmp/malwaredom_block.host - 1157 addresses Aug 5 14:17:23 dnsmasq[7303]: read /opt/tmp/hosts0 - 101 addresses Aug 5 14:17:25 dnsmasq[7303]: query[A] teredo.ipv6.microsoft.com from 192.168.1.2 Aug 5 14:17:25 dnsmasq[7303]: forwarded teredo.ipv6.microsoft.com to 127.0.0.2 Aug 5 14:17:26 dnsmasq[7303]: query[A] teredo.ipv6.microsoft.com from 192.168.1.2 Aug 5 14:17:26 dnsmasq[7303]: forwarded teredo.ipv6.microsoft.com to 127.0.0.2 Aug 5 14:17:27 dnsmasq[7303]: query[A] teredo.ipv6.microsoft.com from 192.168.1.2 Aug 5 14:17:27 dnsmasq[7303]: forwarded teredo.ipv6.microsoft.com to 127.0.0.2 Aug 5 14:17:29 dnsmasq[7303]: query[A] teredo.ipv6.microsoft.com from 192.168.1.2 Aug 5 14:17:29 dnsmasq[7303]: forwarded teredo.ipv6.microsoft.com to 127.0.0.2 Aug 5 14:17:33 dnsmasq[7303]: query[A] teredo.ipv6.microsoft.com from 192.168.1.2 Aug 5 14:17:33 dnsmasq[7303]: forwarded teredo.ipv6.microsoft.com to 127.0.0.2 Aug 5 14:18:04 dnsmasq[7303]: query[A] mail.yandex.ru from 192.168.1.2 Aug 5 14:18:04 dnsmasq[7303]: forwarded mail.yandex.ru to 127.0.0.2 Aug 5 14:18:05 dnsmasq[7303]: query[A] mail.yandex.ru from 192.168.1.2 Aug 5 14:18:05 dnsmasq[7303]: forwarded mail.yandex.ru to 127.0.0.2 Aug 5 14:18:06 dnsmasq[7303]: query[A] mail.yandex.ru from 192.168.1.2 Aug 5 14:18:06 dnsmasq[7303]: forwarded mail.yandex.ru to 127.0.0.2 Aug 5 14:18:08 dnsmasq[7303]: query[A] mail.yandex.ru from 192.168.1.2 Aug 5 14:18:08 dnsmasq[7303]: forwarded mail.yandex.ru to 127.0.0.2 Aug 5 14:18:09 dnsmasq[7303]: query[A] teredo.ipv6.microsoft.com from 192.168.1.2 Aug 5 14:18:09 dnsmasq[7303]: forwarded teredo.ipv6.microsoft.com to 127.0.0.2 Aug 5 14:18:10 dnsmasq[7303]: query[A] teredo.ipv6.microsoft.com from 192.168.1.2 Aug 5 14:18:10 dnsmasq[7303]: forwarded teredo.ipv6.microsoft.com to 127.0.0.2 Aug 5 14:18:11 dnsmasq[7303]: query[A] teredo.ipv6.microsoft.com from 192.168.1.2 Aug 5 14:18:11 dnsmasq[7303]: forwarded teredo.ipv6.microsoft.com to 127.0.0.2 Aug 5 14:18:12 dnsmasq[7303]: query[A] mail.yandex.ru from 192.168.1.2 Aug 5 14:18:12 dnsmasq[7303]: forwarded mail.yandex.ru to 127.0.0.2 ... Aug 5 14:19:57 dnsmasq[7303]: query[A] fonts.googleapis.com from 192.168.1.2 Aug 5 14:19:57 dnsmasq[7303]: forwarded fonts.googleapis.com to 127.0.0.2 Aug 5 14:19:57 dnsmasq[7303]: reply fonts.googleapis.com is <CNAME> Aug 5 14:19:57 dnsmasq[7303]: reply googleadapis.l.google.com is 173.194.222.95 Aug 5 14:19:57 dnsmasq[7303]: query[A] googleadapis.l.google.com from 192.168.1.2 Aug 5 14:19:57 dnsmasq[7303]: forwarded googleadapis.l.google.com to 127.0.0.2 Aug 5 14:19:57 dnsmasq[7303]: reply googleadapis.l.google.com is 173.194.222.95 Aug 5 14:19:57 dnsmasq[7303]: query[AAAA] googleadapis.l.google.com from 192.168.1.2 Aug 5 14:19:57 dnsmasq[7303]: forwarded googleadapis.l.google.com to 127.0.0.2 Aug 5 14:19:57 dnsmasq[7303]: reply googleadapis.l.google.com is 2a00:1450:4010:c07::5f ... Aug 5 14:20:07 dnsmasq[7303]: query[A] rbc.ru from 192.168.1.2 Aug 5 14:20:07 dnsmasq[7303]: forwarded rbc.ru to 127.0.0.2 Aug 5 14:20:07 dnsmasq[7303]: reply rbc.ru is 80.68.253.9 Aug 5 14:20:07 dnsmasq[7303]: reply rbc.ru is 185.72.229.9 Aug 5 14:20:07 dnsmasq[7303]: query[A] rbc.ru from 192.168.1.2 Aug 5 14:20:07 dnsmasq[7303]: forwarded rbc.ru to 127.0.0.2 Aug 5 14:20:07 dnsmasq[7303]: reply rbc.ru is 80.68.253.9 Aug 5 14:20:07 dnsmasq[7303]: reply rbc.ru is 185.72.229.9 Aug 5 14:20:07 dnsmasq[7303]: query[AAAA] rbc.ru from 192.168.1.2 Aug 5 14:20:07 dnsmasq[7303]: forwarded rbc.ru to 127.0.0.2 Aug 5 14:20:07 dnsmasq[7303]: query[A] www.rbc.ru from 192.168.1.2 Aug 5 14:20:07 dnsmasq[7303]: forwarded www.rbc.ru to 127.0.0.2 Aug 5 14:20:07 dnsmasq[7303]: reply www.rbc.ru is 185.72.229.11 Aug 5 14:20:07 dnsmasq[7303]: reply www.rbc.ru is 80.68.253.11 Aug 5 14:20:07 dnsmasq[7303]: query[A] www.rbc.ru from 192.168.1.2 Aug 5 14:20:07 dnsmasq[7303]: forwarded www.rbc.ru to 127.0.0.2Aug 5 14:20:07 dnsmasq[7303]: reply rbc.ru is NODATA-IPv6 Aug 5 14:20:07 dnsmasq[7303]: reply www.rbc.ru is 185.72.229.11 Aug 5 14:20:07 dnsmasq[7303]: reply www.rbc.ru is 80.68.253.11 Aug 5 14:20:07 dnsmasq[7303]: query[AAAA] www.rbc.ru from 192.168.1.2 Aug 5 14:20:07 dnsmasq[7303]: forwarded www.rbc.ru to 127.0.0.2 Aug 5 14:20:07 dnsmasq[7303]: reply www.rbc.ru is NODATA-IPv6 ... Aug 5 14:28:39 dnsmasq[7303]: query[A] mail.radar.imgsmail.ru from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded mail.radar.imgsmail.ru to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: query[A] img.imgsmail.ru from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded img.imgsmail.ru to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: query[A] mc.yandex.ru from 192.168.1.2Aug 5 14:28:39 dnsmasq[7303]: /opt/tmp/mvps_block.host mc.yandex.ru is 0.0.0.0 Aug 5 14:28:39 dnsmasq[7303]: query[A] portal.mail.ru from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded portal.mail.ru to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: query[A] limg.imgsmail.ru from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded limg.imgsmail.ru to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: query[A] r.mradx.net from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded r.mradx.net to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: query[A] filin.mail.ru from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded filin.mail.ru to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: reply mail.radar.imgsmail.ru is <CNAME> Aug 5 14:28:39 dnsmasq[7303]: reply common.radar.imgsmail.ru is 185.5.137.179 Aug 5 14:28:39 dnsmasq[7303]: reply img.imgsmail.ru is 217.69.139.101 Aug 5 14:28:39 dnsmasq[7303]: reply portal.mail.ru is 217.69.139.59 Aug 5 14:28:39 dnsmasq[7303]: reply portal.mail.ru is 94.100.180.59 Aug 5 14:28:39 dnsmasq[7303]: reply portal.mail.ru is 217.69.139.58 Aug 5 14:28:39 dnsmasq[7303]: reply limg.imgsmail.ru is 217.69.139.209 Aug 5 14:28:39 dnsmasq[7303]: reply limg.imgsmail.ru is 94.100.180.211 Aug 5 14:28:39 dnsmasq[7303]: reply limg.imgsmail.ru is 217.69.139.211 Aug 5 14:28:39 dnsmasq[7303]: reply limg.imgsmail.ru is 94.100.180.209 Aug 5 14:28:39 dnsmasq[7303]: reply r.mradx.net is 217.69.139.244 Aug 5 14:28:39 dnsmasq[7303]: query[A] pass.yandex.ru from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded pass.yandex.ru to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: reply filin.mail.ru is 185.5.136.33 Aug 5 14:28:39 dnsmasq[7303]: reply pass.yandex.ru is 213.180.204.51 Aug 5 14:28:39 dnsmasq[7303]: query[A] bar.love.mail.ru from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded bar.love.mail.ru to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: query[A] ocsp2.globalsign.com from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded ocsp2.globalsign.com to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: query[A] ok.ru from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded ok.ru to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: reply bar.love.mail.ru is 193.0.170.53 Aug 5 14:28:39 dnsmasq[7303]: reply bar.love.mail.ru is 193.0.170.54 Aug 5 14:28:39 dnsmasq[7303]: reply ocsp2.globalsign.com is <CNAME> Aug 5 14:28:39 dnsmasq[7303]: reply cdn.globalsigncdn.com is 104.16.24.216 Aug 5 14:28:39 dnsmasq[7303]: reply cdn.globalsigncdn.com is 104.16.28.216 Aug 5 14:28:39 dnsmasq[7303]: reply cdn.globalsigncdn.com is 104.16.25.216 Aug 5 14:28:39 dnsmasq[7303]: reply cdn.globalsigncdn.com is 104.16.26.216 Aug 5 14:28:39 dnsmasq[7303]: reply cdn.globalsigncdn.com is 104.16.27.216 Aug 5 14:28:39 dnsmasq[7303]: reply ok.ru is 5.61.23.11 Aug 5 14:28:39 dnsmasq[7303]: reply ok.ru is 217.20.155.13 Aug 5 14:28:39 dnsmasq[7303]: reply ok.ru is 217.20.156.167 Aug 5 14:28:39 dnsmasq[7303]: query[A] clients1.google.com from 192.168.1.2 Aug 5 14:28:39 dnsmasq[7303]: forwarded clients1.google.com to 127.0.0.2 Aug 5 14:28:39 dnsmasq[7303]: reply clients1.google.com is <CNAME> Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.78 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.69 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.72 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.66 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.65 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.70 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.73 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.64 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.71 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.68 Aug 5 14:28:39 dnsmasq[7303]: reply clients.l.google.com is 173.194.44.67 Выяснился еще один баг или точнее не баг, а то как настроена система. Клиент ping на адрес из /opt/tmp/malwaredom_block.host - "0.0.0.0 www.w......o.com" на клиенте все нормально, но если выполнять локально на роутере, то получаем Скрытый текст 1. с клиента если "ping www.w......o.com" имеем Aug 6 12:01:00 dnsmasq[24293]: query[A] www.w......o.com from 192.168.1.2 Aug 6 12:01:00 dnsmasq[24293]: /opt/tmp/malwaredom_block.host www.wigglewoo.com is 0.0.0.0 или если ping 0.0.0.0 то сбой передачи 2. с роутера /opt/etc/init.d # ping www.w......o.com PING www.wigglewoo.com (85.13.149.245): 56 data bytes 64 bytes from 85.13.149.245: seq=0 ttl=59 time=64.597 ms ^C --- www.w......o.com ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 64.597/64.597/64.597 ms /opt/etc/init.d # ping 0.0.0.0 PING 0.0.0.0 (0.0.0.0): 56 data bytes 64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.434 ms 64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.363 ms ^C --- 0.0.0.0 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.363/0.398/0.434 ms /opt/etc/init.d # Решение проблемы настройка более правельнее ниже Скрытый текст DNSmasq no-resolv interface=br0 bind-interfaces listen-address=192.168.1.100 except-interface=lo server=127.0.0.2#60053 addn-hosts=/opt/tmp/hosts0 addn-hosts=/opt/tmp/malwaredom_block.host addn-hosts=/opt/tmp/mvps_block.host cache-size=0 Теперь все правельно. Скрытый текст из списка malwaredom_block /opt/etc/init.d # /opt/etc/init.d # ping yo.......com PING youtuhe.com (34.196.13.28): 56 data bytes ^C --- yo.......com ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss /opt/etc/init.d # netstat -tulap | grep dns tcp 0 0 192.168.1.100:domain 0.0.0.0:* LISTEN 27271/dnsmasq tcp 0 0 127.0.0.2:60053 0.0.0.0:* LISTEN 24266/dnscrypt-prox tcp 0 0 fe80::......a8:domain :::* LISTEN 27271/dnsmasq udp 0 0 127.0.0.2:60053 0.0.0.0:* 24266/dnscrypt-prox udp 0 0 192.168.1.100:domain 0.0.0.0:* 27271/dnsmasq udp 0 0 0.0.0.0:35326 0.0.0.0:* 24266/dnscrypt-prox udp 0 0 fe80::.....a8:domain :::* 27271/dnsmasq /opt/etc/init.d # Текущий конфиг для DNSmasq более оптимальный для работы, вопрос открытый только по какому варианту работает ПРОШИВКА если ей нужно обратиться по мнемонике - тут два варианта "localhost:domain" или по интерфейсу "br0:domain" Edited August 6, 2017 by vasek00 1 Quote Link to comment Share on other sites More sharing options...
vasek00 Posted August 10, 2017 Author Share Posted August 10, 2017 (edited) Скрытый текст Sat Aug 5 14:18:35 2017 [NOTICE] Starting dnscrypt-proxy 1.9.5 ... Sun Aug 6 12:42:21 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778 Sun Aug 6 13:16:38 2017 [NOTICE] Stopping proxy Sun Aug 6 13:16:38 2017 [INFO] UDP listener shut down Sun Aug 6 13:16:38 2017 [INFO] TCP listener shut down Sun Aug 6 13:17:39 2017 [NOTICE] Starting dnscrypt-proxy 1.9.5 Sun Aug 6 13:17:40 2017 [INFO] Generating a new session key pair ... Sun Aug 6 13:17:40 2017 [NOTICE] Proxying from 127.0.0.2:65053 to 208.67.220.220:443 Sun Aug 6 13:55:42 2017 [NOTICE] Stopping proxy Sun Aug 6 13:55:42 2017 [INFO] UDP listener shut down Sun Aug 6 13:55:42 2017 [INFO] TCP listener shut down Sun Aug 6 13:56:49 2017 [NOTICE] Starting dnscrypt-proxy 1.9.5 Sun Aug 6 13:56:49 2017 [INFO] Generating a new session key pair Sun Aug 6 13:56:49 2017 [INFO] Done ... все хорошо до Mon Aug 7 09:10:04 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778 Mon Aug 7 09:28:26 2017 [DEBUG] resolver timeout (UDP) Mon Aug 7 09:28:29 2017 [DEBUG] resolver timeout (UDP) Mon Aug 7 10:11:14 2017 [INFO] Refetching server certificates ... опять хорошо до Wed Aug 9 07:49:20 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778 Wed Aug 9 08:39:53 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 08:39:54 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 08:39:55 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 08:39:57 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 08:40:01 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 08:40:06 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 08:41:34 2017 [NOTICE] Stopping proxy Wed Aug 9 08:41:34 2017 [INFO] UDP listener shut down Wed Aug 9 08:41:34 2017 [INFO] TCP listener shut down Wed Aug 9 08:42:37 2017 [NOTICE] Starting dnscrypt-proxy 1.9.5 Wed Aug 9 08:42:37 2017 [INFO] Generating a new session key pair Wed Aug 9 08:42:37 2017 [INFO] Done ... хорошо до Wed Aug 9 16:49:03 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778 Wed Aug 9 17:46:57 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:46:57 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:46:58 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:46:58 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:46:59 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:46:59 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:48:21 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:49:06 2017 [INFO] Refetching server certificates Wed Aug 9 17:49:06 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:49:06 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:49:07 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:49:07 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:49:07 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:49:09 2017 [DEBUG] resolver timeout (UDP) Wed Aug 9 17:49:11 2017 [INFO] Server certificate with serial #1493333338 received Wed Aug 9 17:49:11 2017 [INFO] This certificate is valid ... ... хорошо до сегодня 100817 12:00 Смотрю дальше, проблем пока не видно, если не смотреть данный лог от dnscrypt-proxy то все ОК. Сервер пока один cisco протокл UDP. Edited August 11, 2017 by vasek00 1 Quote Link to comment Share on other sites More sharing options...
vasek00 Posted August 13, 2017 Author Share Posted August 13, 2017 Скрытый текст dnscrypt-proxy Thu Aug 10 15:41:19 2017 [DEBUG] resolver timeout (UDP) Thu Aug 10 15:59:33 2017 [INFO] Refetching server certificates .... Fri Aug 11 14:06:18 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778 Fri Aug 11 14:09:58 2017 [DEBUG] resolver timeout (UDP) Fri Aug 11 14:10:07 2017 [DEBUG] resolver timeout (UDP) Fri Aug 11 14:10:13 2017 [DEBUG] resolver timeout (UDP) Fri Aug 11 15:07:41 2017 [INFO] Refetching server certificates ... Sun Aug 13 09:38:33 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778 За Aug 11 всего один раз, за Aug 12 не разу. Quote Link to comment Share on other sites More sharing options...
vasek00 Posted August 15, 2017 Author Share Posted August 15, 2017 Словил ошибку, все больше склоняюсь что все таки на роутере что-то забывает соединения, после продолжительного времени без действия клиента (не пользованием браузером минут 40) вчера сменил cisco на dnscrypt-proxy --local-address=127.0.0.2:65053 --daemonize dns-payload-size=1252 -R cypherpunks.ru dnscrypt-proxy Tue Aug 15 10:23:57 2017 [INFO] Server key fingerprint is CC02:411D:EA4B:F44D:0E5F:7A18:957B:E8DD:F059:C259:B504:473E:4453:F3BB:CB95:8203 Tue Aug 15 11:23:59 2017 [INFO] Refetching server certificates Tue Aug 15 11:23:59 2017 [INFO] Server certificate with serial #1493333335 received Tue Aug 15 11:23:59 2017 [INFO] This certificate is valid Tue Aug 15 11:23:59 2017 [INFO] Chosen certificate #14933333335 is valid from [2017-05-26] to [2018-05-26] Tue Aug 15 11:23:59 2017 [INFO] The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy. Tue Aug 15 11:23:59 2017 [INFO] Server key fingerprint is CC02:411D:EA4B:F44D:0E5F:7A18:957B:E8DD:F059:C259:B504:473E:4453:F3BB:CB95:8203 Tue Aug 15 11:50:20 2017 [DEBUG] resolver timeout (UDP) Tue Aug 15 11:50:20 2017 [DEBUG] resolver timeout (UDP) Tue Aug 15 11:50:20 2017 [DEBUG] resolver timeout (UDP) Tue Aug 15 11:50:21 2017 [DEBUG] resolver timeout (UDP) Tue Aug 15 11:50:21 2017 [DEBUG] resolver timeout (UDP) Tue Aug 15 11:50:21 2017 [DEBUG] resolver timeout (UDP) Tue Aug 15 11:51:21 2017 [DEBUG] resolver timeout (UDP) По Dnsmasq Aug 15 11:50:24 dnsmasq[789]: query[A] dns.msftncsi.com from 192.168.130.2 Aug 15 11:50:24 dnsmasq[789]: forwarded dns.msftncsi.com to 127.0.0.2 ... Aug 15 11:50:26 dnsmasq[789]: query[A] avatars.mds.yandex.net from 192.168.130.2 Aug 15 11:50:26 dnsmasq[789]: forwarded avatars.mds.yandex.net to 127.0.0.2 Aug 15 11:50:26 dnsmasq[789]: query[A] yastatic.net from 192.168.130.2 Aug 15 11:50:26 dnsmasq[789]: forwarded yastatic.net to 127.0.0.2 ... Aug 15 11:50:30 dnsmasq[789]: query[A] forum.keenetic.net from 192.168.130.2 Aug 15 11:50:30 dnsmasq[789]: forwarded forum.keenetic.net to 127.0.0.2 Aug 15 11:50:30 dnsmasq[789]: query[A] forum.keenetic.net from 192.168.130.2 Aug 15 11:50:30 dnsmasq[789]: forwarded forum.keenetic.net to 127.0.0.2 сегодня в 11:50 попытка просмотреть страницу которая открылась спустя наверное 1-1,5минуту после повторного нажатия открытия. Дерганье netfilter.d Tue Aug 15 11:14:46 MSK 2017 track --- tables = filter Tue Aug 15 11:57:07 MSK 2017 track --- tables = filter Log роутера Aug 15 11:14:46ndm kernel: IPv4 conntrack lan: flushed 1 entries with address 192.168.130.19 Aug 15 11:14:46ndm kernel: SWNAT bind table cleared Aug 15 11:57:07ndm kernel: SWNAT bind table cleared Quote Link to comment Share on other sites More sharing options...
Александр Рыжов Posted August 15, 2017 Share Posted August 15, 2017 Держите нас в курсе:) Quote Link to comment Share on other sites More sharing options...
vasek00 Posted August 17, 2017 Author Share Posted August 17, 2017 С 15.08 с того что выше по логам Tue Aug 15 11:50:21 2017 [DEBUG] resolver timeout (UDP) Tue Aug 15 11:51:21 2017 [DEBUG] resolver timeout (UDP) по 17.08 13:23 тишина - все ОК, 15.08 после этой ошибки в 12:00 вернулся на cisco resolv, до этого был cypherpunks.ru Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.