Merge branch 'master' of github.com:DNSCrypt/dnscrypt-proxy

Author: Gedsh

.github/workflows/releases.yml

@@ -25,7 +25,14 @@ jobs:
     steps:
       - name: Get the version
         id: get_version
-        run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
+        run: |
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF/refs\/tags\//}
+          else
+            VERSION="dev-$(date +'%Y%m%d-%H%M%S')-${GITHUB_SHA::8}"
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "Tag version: $VERSION"
 
       - name: Check out code
         uses: actions/checkout@v4
@@ -45,12 +52,10 @@ jobs:
           cd -
 
       - name: Build all
-        if: startsWith(github.ref, 'refs/tags/')
         run: |
           .ci/ci-build.sh "${{ steps.get_version.outputs.VERSION }}"
 
       - name: Package
-        if: startsWith(github.ref, 'refs/tags/')
         run: |
           .ci/ci-package.sh "${{ steps.get_version.outputs.VERSION }}"
 
@@ -70,26 +75,63 @@ jobs:
           echo | /tmp/bin/minisign -s /tmp/minisign.key -Sm *.tar.gz *.zip
           ls -l dnscrypt-proxy*
 
-      - name: Create release
-        id: create_release
-        uses: actions/create-release@v1
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dnscrypt-proxy-${{ steps.get_version.outputs.VERSION }}
+          path: |
+            dnscrypt-proxy/*.zip
+            dnscrypt-proxy/*.tar.gz
+          retention-days: 30
+          if-no-files-found: error
+
+      - name: Check if release exists
+        id: check_release
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          TAG="${GITHUB_REF#refs/tags/}"
+          HTTP_CODE=$(curl -s -o response.json -w "%{http_code}" \
+            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            https://api.github.com/repos/${{ github.repository }}/releases/tags/$TAG)
+          if [ "$HTTP_CODE" = "200" ]; then
+            echo "release_exists=true" >> $GITHUB_ENV
+          else
+            echo "release_exists=false" >> $GITHUB_ENV
+          fi
+
+      - name: Debug Release Existence
         if: startsWith(github.ref, 'refs/tags/')
+        run: echo "Release exists? ${{ env.release_exists }}"
+
+      - name: Create release and upload assets
+        id: create_release
+        uses: softprops/action-gh-release@v2
+        if: startsWith(github.ref, 'refs/tags/') && env.release_exists == 'false'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag_name: ${{ github.ref }}
-          release_name: Release ${{ github.ref }}
+          name: Release ${{ github.ref }}
           draft: false
           prerelease: false
-
-      - name: Upload release assets
-        uses: softprops/action-gh-release@ab50eebb6488051c6788d97fa95232267c6a4e23
-        if: startsWith(github.ref, 'refs/tags/')
+          make_latest: true
+          fail_on_unmatched_files: false
+          files: |
+            dnscrypt-proxy/*.zip
+            dnscrypt-proxy/*.tar.gz
+            dnscrypt-proxy/*.minisig
+            dnscrypt-proxy/*.msi
+            
+      - name: Upload assets to existing release
+        id: upload_to_existing_release
+        uses: softprops/action-gh-release@v2
+        if: startsWith(github.ref, 'refs/tags/') && env.release_exists == 'true'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
+          tag_name: ${{ steps.get_version.outputs.VERSION }}
+          fail_on_unmatched_files: false
           files: |
             dnscrypt-proxy/*.zip
             dnscrypt-proxy/*.tar.gz
             dnscrypt-proxy/*.minisig
-            dnscrypt-proxy/*.msi
+            dnscrypt-proxy/*.msi

.github/workflows/shiftleft-analysis.yml

@@ -17,3 +17,4 @@ dnscrypt-proxy/dnscrypt-proxy
 contrib/msi/*.msi
 contrib/msi/*.wixpdb
 contrib/msi/*.wixobj
+TODO.md

.gitignore

@@ -1,3 +1,49 @@
+# Version 2.1.12
+ - A new Weighted Power of Two (WP2) load balancing strategy has been
+implemented as the default, providing improved distribution across resolvers.
+ - An optional Prometheus metrics endpoint has been added for monitoring and
+observability.
+ - Memory usage for the cache has been reduced.
+ - The monitoring dashboard has received significant improvements including
+better security, performance optimizations, WebSocket rate limiting, and HTTP
+caching headers.
+ - The monitoring UI has been refined with stable sorting to prevent
+flickering, query type limitations, and improved scrolling behavior.
+ - Additional records in queries are now properly removed before forwarding.
+ - The simple view UI has been removed as it provided limited utility.
+
+# Version 2.1.11
+ - The sievecache dependency was updated to fix a bug causing the cache to crash.
+
+# Version 2.1.10
+ - Hot-reloading of configuration files is now optional and disabled by default.
+It can be enabled by setting `enable_hot_reload = true` in the configuration file.
+ - The file system monitoring for hot-reloading now uses efficient OS-native 
+file notifications instead of polling, reducing CPU usage and improving responsiveness.
+
+# Version 2.1.9
+ - A live web-based monitoring UI has been added, allowing you to monitor DNS
+query activity and performance metrics through an interactive dashboard.
+ - Hot-reloading of configuration files has been implemented, allowing you to
+modify filtering rules and other configurations without restarting the proxy.
+Simply edit a configuration file (like blocked-names.txt) and changes are
+applied instantaneously.
+ - HTTP/3 probing is now supported via the `http3_probe` option, which will
+try HTTP/3 first for DoH servers, even if they don't advertise support via
+Alt-Svc.
+ - Authentication for the monitoring UI can be disabled by setting the
+username to an empty string in the configuration.
+ - Several race conditions have been fixed.
+ - Dependencies have been updated.
+ - DHCP DNS detector instances have been reduced to improve performance.
+ - Tor isolation for dnscrypt-proxy has been documented to enhance privacy.
+ - The default example configuration file has been improved for clarity and
+usability.
+ - The cache lock contention has been reduced to improve performance under
+high load.
+ - generate-domains-blocklist: added parallel downloading of block lists for
+significantly improved performance.
+
 # Version 2.1.8
  - Dependencies have been updated, notably the QUIC implementation,
 which could be vulnerable to denial-of-service attacks.

ChangeLog

@@ -28,6 +28,7 @@ Available as source code and pre-built binaries for most operating systems and a
 * Filtering: block ads, malware, and other unwanted content. Compatible with all DNS services
 * Time-based filtering, with a flexible weekly schedule
 * Transparent redirection of specific domains to specific resolvers
+* Optional hot-reloading of configuration files (disabled by default from v2.1.10)
 * DNS caching, to reduce latency and improve privacy
 * Local IPv6 blocking to reduce latency on IPv4-only networks
 * Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically measure and keep track of their speed, and balance the traffic across the fastest available ones.

README.md

@@ -8,6 +8,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"sync"
 	"unicode"
 )
 
@@ -40,6 +41,7 @@ var (
 var (
 	FileDescriptors   = make([]*os.File, 0)
 	FileDescriptorNum = uintptr(0)
+	FileDescriptorsMu sync.Mutex
 )
 
 const (
@@ -144,6 +146,8 @@ func TrimAndStripInlineComments(str string) string {
 	return strings.TrimSpace(str)
 }
 
+// ExtractHostAndPort parses a string containing a host and optional port.
+// If no port is present or cannot be parsed, the defaultPort is returned.
 func ExtractHostAndPort(str string, defaultPort int) (host string, port int) {
 	host, port = str, defaultPort
 	if idx := strings.LastIndex(str, ":"); idx >= 0 && idx < len(str)-1 {
@@ -154,11 +158,14 @@ func ExtractHostAndPort(str string, defaultPort int) (host string, port int) {
 	return
 }
 
+// ReadTextFile reads a file and returns its contents as a string.
+// It automatically removes UTF-8 BOM if present.
 func ReadTextFile(filename string) (string, error) {
 	bin, err := os.ReadFile(filename)
 	if err != nil {
 		return "", err
 	}
+	// Remove UTF-8 BOM if present
 	bin = bytes.TrimPrefix(bin, []byte{0xef, 0xbb, 0xbf})
 	return string(bin), nil
 }