OpenWrt Forum Archive

Topic: DNSCrypt setup — securing DNS communications

The content of this topic has been archived between 29 Mar 2018 and 5 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

OpenDNS, the free DNS provider, offers new way to protect clients against attacks related to modification and manipulation of DNS traffic — DNSCrypt. The main objectives of DNSCrypt is full encryption of the communication channel between the client (you) and server (OpenDNS) — roughly as SSL is used to encrypt HTTP traffic. read more »


INSTALLATION FOR DESIGNATED DRIVER
Simply use:

opkg update
opkg install dnscrypt-proxy

INSTALLATION FOR CHAOS CALMER 15.05 AND BARRIER BREAKER 14.07
See README: https://github.com/black-roland/exOpenWrt#chaos-calmer


CONFIGURATION
Information about configuration can be found on the wiki page: http://wiki.openwrt.org/inbox/dnscrypt#configuration


BUILDING FROM SOURCE (EXOPENWRT)
Using OpenWrt Buildroot – Installation complete these steps:
Prepare Buildroot

$ mkdir ~/openwrt
$ cd ~/openwrt
$ svn co svn://svn.openwrt.org/openwrt/trunk/
$ cd trunk

Using OpenWrt Feeds add a new source to your feeds.conf:

$ echo "src-git exopenwrt https://github.com/black-roland/exOpenWrt.git" >> feeds.conf

Download and install feeds:

$ ./scripts/feeds update -a
$ ./scripts/feeds install dnscrypt-proxy

Configure target system:

make menuconfig

Select Target System and Target Profile, for example:

Target System (Atheros AR7xxx/AR9xxx)  --->
    (X) Atheros AR7xxx/AR9xxx
Target Profile (TP-LINK TL-MR3220)  --->
    (X) TP-LINK TL-MR3220

Select dnscrypt-proxy and hostip (optionaly), exit and save changes:

Network  --->
    IP Addresses and Names  --->
        <*> dnscrypt-proxy
        <*> hostip

Now compile tools and toolchain

$ make tools/install
$ make toolchain/install

Finally compile dnscrypt-proxy package:

$ make V=s package/feeds/exopenwrt/dnscrypt-proxy/{clean,compile}

Compiled dnscrypt-proxy_***_ar71xx.ipk package can be found in ~/openwrt/trunk/bin.


See also
DNSCrypt on wiki
DNS and DHCP configuration
OpenWrt Buildroot – Installation
How to Build a Single Package
OpenWrt Feeds

Links
My OpenWrt repo on GitHub
Introducing DNSCrypt
dnscrypt-proxy project on GitHub
Original Makefile (Thanks to ryzhovau)

-

I'm using this package and it appears to be working well plus it was easy to install and configure.

Can it be made an "official" OpenWRT package?

Great How-To, but it seems that it has some memory leak, this is what happened after lots of requests: (15k?) (this is my entire kernel log from luci)

Well, for some time I will keep it disabled.

[14074.160000] ath: skbuff alloc of size 1926 failed
[14074.160000] dnscrypt-proxy: page allocation failure: order:0, mode:0x4020
[14074.160000] Call Trace:[<802663e8>] 0x802663e8
[14074.160000] [<802663e8>] 0x802663e8
[14074.160000] [<800ad368>] 0x800ad368
[14074.160000] [<800af668>] 0x800af668
[14074.160000] [<802d0000>] 0x802d0000
[14074.160000] [<800d2e60>] 0x800d2e60
[14074.160000] [<80071ca4>] 0x80071ca4
[14074.160000] [<80267834>] 0x80267834
[14074.160000] [<800721e0>] 0x800721e0
[14074.160000] [<800d4838>] 0x800d4838
[14074.160000] [<801d6c44>] 0x801d6c44
[14074.160000] [<814bc0c0>] 0x814bc0c0
[14074.160000] [<801d6be8>] 0x801d6be8
[14074.160000] [<814bc0c0>] 0x814bc0c0
[14074.160000] [<81fa6d4c>] 0x81fa6d4c
[14074.160000] [<8008e064>] 0x8008e064
[14074.160000] [<8009659c>] 0x8009659c
[14074.160000] [<81fa4318>] 0x81fa4318
[14074.160000] [<80076300>] 0x80076300
[14074.160000] [<80076824>] 0x80076824
[14074.160000] [<80076a30>] 0x80076a30
[14074.160000] [<80089360>] 0x80089360
[14074.160000] [<80076c64>] 0x80076c64
[14074.160000] [<80062d2c>] 0x80062d2c
[14074.160000] 
[14074.160000] Mem-Info:
[14074.160000] Normal per-cpu:
[14074.160000] CPU    0: hi:    0, btch:   1 usd:   0
[14074.160000] active_anon:614 inactive_anon:18 isolated_anon:0
[14074.160000]  active_file:1164 inactive_file:1399 isolated_file:0
[14074.160000]  unevictable:0 dirty:0 writeback:0 unstable:0
[14074.160000]  free:68 slab_reclaimable:371 slab_unreclaimable:2725
[14074.160000]  mapped:473 shmem:56 pagetables:85 bounce:0
[14074.160000] Normal free:272kB min:720kB low:900kB high:1080kB active_anon:2456kB inactive_anon:72kB active_file:4656kB inactive_file:5596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:32512kB mlocked:0kB dirty:0kB writeback:0kB mapped:1892kB shmem:224kB slab_reclaimable:1484kB slab_unreclaimable:10900kB kernel_stack:368kB pagetables:340kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[14074.160000] lowmem_reserve[]: 0 0
[14074.160000] Normal: 54*4kB 1*8kB 1*16kB 1*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 272kB
[14074.160000] 2619 total pagecache pages
[14074.160000] 0 pages in swap cache
[14074.160000] Swap cache stats: add 0, delete 0, find 0/0
[14074.160000] Free swap  = 0kB
[14074.160000] Total swap = 0kB
[14074.160000] 8192 pages RAM
[14074.160000] 820 pages reserved
[14074.160000] 2465 pages shared
[14074.160000] 6165 pages non-shared
[14074.160000] SLUB: Unable to allocate memory on node -1 (gfp=0x20)
[14074.160000]   cache: kmalloc-4096, object size: 4096, buffer size: 4096, default order: 3, min order: 0
[14074.160000]   node 0: slabs: 0, objs: 0, free: 0
[14074.390000] ath: skbuff alloc of size 1926 failed
[14074.400000] dnscrypt-proxy: page allocation failure: order:0, mode:0x4020
[14074.400000] Call Trace:[<802663e8>] 0x802663e8
[14074.400000] [<802663e8>] 0x802663e8
[14074.400000] [<800ad368>] 0x800ad368
[14074.400000] [<800af668>] 0x800af668
[14074.400000] [<80194714>] 0x80194714
[14074.400000] [<802d0000>] 0x802d0000
[14074.400000] [<800d2e60>] 0x800d2e60
[14074.400000] [<80267834>] 0x80267834
[14074.400000] [<800721e0>] 0x800721e0
[14074.400000] [<80072200>] 0x80072200
[14074.400000] [<800d4838>] 0x800d4838
[14074.400000] [<801d6c44>] 0x801d6c44
[14074.400000] [<814bc0c0>] 0x814bc0c0
[14074.400000] [<801d6be8>] 0x801d6be8
[14074.400000] [<814bc0c0>] 0x814bc0c0
[14074.400000] [<81fa6d4c>] 0x81fa6d4c
[14074.400000] [<8008e064>] 0x8008e064
[14074.400000] [<8009659c>] 0x8009659c
[14074.400000] [<81fa4318>] 0x81fa4318
[14074.400000] [<80076300>] 0x80076300
[14074.400000] [<80076824>] 0x80076824
[14074.400000] [<80076a30>] 0x80076a30
[14074.400000] [<80089360>] 0x80089360
[14074.400000] [<80076c64>] 0x80076c64
[14074.400000] [<80062d2c>] 0x80062d2c
[14074.400000] 
[14074.400000] Mem-Info:
[14074.400000] Normal per-cpu:
[14074.400000] CPU    0: hi:    0, btch:   1 usd:   0
[14074.400000] active_anon:614 inactive_anon:18 isolated_anon:0
[14074.400000]  active_file:1164 inactive_file:1399 isolated_file:0
[14074.400000]  unevictable:0 dirty:0 writeback:0 unstable:0
[14074.400000]  free:68 slab_reclaimable:371 slab_unreclaimable:2725
[14074.400000]  mapped:473 shmem:56 pagetables:85 bounce:0
[14074.400000] Normal free:272kB min:720kB low:900kB high:1080kB active_anon:2456kB inactive_anon:72kB active_file:4656kB inactive_file:5596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:32512kB mlocked:0kB dirty:0kB writeback:0kB mapped:1892kB shmem:224kB slab_reclaimable:1484kB slab_unreclaimable:10900kB kernel_stack:368kB pagetables:340kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[14074.400000] lowmem_reserve[]: 0 0
[14074.400000] Normal: 54*4kB 1*8kB 1*16kB 1*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 272kB
[14074.400000] 2619 total pagecache pages
[14074.400000] 0 pages in swap cache
[14074.400000] Swap cache stats: add 0, delete 0, find 0/0
[14074.400000] Free swap  = 0kB
[14074.400000] Total swap = 0kB
[14074.400000] 8192 pages RAM
[14074.400000] 820 pages reserved
[14074.400000] 2465 pages shared
[14074.400000] 6165 pages non-shared
[14074.400000] SLUB: Unable to allocate memory on node -1 (gfp=0x20)
[14074.400000]   cache: kmalloc-4096, object size: 4096, buffer size: 4096, default order: 3, min order: 0
[14074.400000]   node 0: slabs: 0, objs: 0, free: 0
[14074.640000] ath: skbuff alloc of size 1926 failed
[14074.640000] dnscrypt-proxy: page allocation failure: order:0, mode:0x4020
[14074.640000] Call Trace:[<802663e8>] 0x802663e8
[14074.640000] [<802663e8>] 0x802663e8
[14074.640000] [<800ad368>] 0x800ad368
[14074.640000] [<800af668>] 0x800af668
[14074.640000] [<802d0000>] 0x802d0000
[14074.640000] [<800d2e60>] 0x800d2e60
[14074.640000] [<80071ca4>] 0x80071ca4
[14074.640000] [<80267834>] 0x80267834
[14074.640000] [<800721e0>] 0x800721e0
[14074.640000] [<800d4838>] 0x800d4838
[14074.640000] [<801d6c44>] 0x801d6c44
[14074.640000] [<814bc0c0>] 0x814bc0c0
[14074.640000] [<801d6be8>] 0x801d6be8
[14074.640000] [<814bc0c0>] 0x814bc0c0
[14074.640000] [<81fa6d4c>] 0x81fa6d4c
[14074.640000] [<8008e064>] 0x8008e064
[14074.640000] [<8009659c>] 0x8009659c
[14074.640000] [<81fa4318>] 0x81fa4318
[14074.640000] [<80076300>] 0x80076300
[14074.640000] [<80076824>] 0x80076824
[14074.640000] [<80076a30>] 0x80076a30
[14074.640000] [<80089360>] 0x80089360
[14074.640000] [<80076c64>] 0x80076c64
[14074.640000] [<80062d2c>] 0x80062d2c
[14074.640000] 
[14074.640000] Mem-Info:
[14074.640000] Normal per-cpu:
[14074.640000] CPU    0: hi:    0, btch:   1 usd:   0
[14074.640000] active_anon:614 inactive_anon:18 isolated_anon:0
[14074.640000]  active_file:1164 inactive_file:1399 isolated_file:0
[14074.640000]  unevictable:0 dirty:0 writeback:0 unstable:0
[14074.640000]  free:68 slab_reclaimable:371 slab_unreclaimable:2725
[14074.640000]  mapped:473 shmem:56 pagetables:85 bounce:0
[14074.640000] Normal free:272kB min:720kB low:900kB high:1080kB active_anon:2456kB inactive_anon:72kB active_file:4656kB inactive_file:5596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:32512kB mlocked:0kB dirty:0kB writeback:0kB mapped:1892kB shmem:224kB slab_reclaimable:1484kB slab_unreclaimable:10900kB kernel_stack:368kB pagetables:340kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[14074.640000] lowmem_reserve[]: 0 0
[14074.640000] Normal: 54*4kB 1*8kB 1*16kB 1*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 272kB
[14074.640000] 2619 total pagecache pages
[14074.640000] 0 pages in swap cache
[14074.640000] Swap cache stats: add 0, delete 0, find 0/0
[14074.640000] Free swap  = 0kB
[14074.640000] Total swap = 0kB
[14074.640000] 8192 pages RAM
[14074.640000] 820 pages reserved
[14074.640000] 2465 pages shared
[14074.640000] 6165 pages non-shared
[14074.640000] SLUB: Unable to allocate memory on node -1 (gfp=0x20)
[14074.640000]   cache: kmalloc-4096, object size: 4096, buffer size: 4096, default order: 3, min order: 0
[14074.640000]   node 0: slabs: 0, objs: 0, free: 0
[14074.880000] ath: skbuff alloc of size 1926 failed
[14074.880000] dnscrypt-proxy: page allocation failure: order:0, mode:0x4020
[14074.880000] Call Trace:[<802663e8>] 0x802663e8
[14074.880000] [<802663e8>] 0x802663e8
[14074.880000] [<800ad368>] 0x800ad368
[14074.880000] [<800af668>] 0x800af668
[14074.880000] [<802d0000>] 0x802d0000
[14074.880000] [<800d2e60>] 0x800d2e60
[14074.880000] [<80071ca4>] 0x80071ca4
[14074.880000] [<80267834>] 0x80267834
[14074.880000] [<800721e0>] 0x800721e0
[14074.880000] [<800d4838>] 0x800d4838
[14074.880000] [<801d6c44>] 0x801d6c44
[14074.880000] [<814bc0c0>] 0x814bc0c0
[14074.880000] [<801d6be8>] 0x801d6be8
[14074.880000] [<814bc0c0>] 0x814bc0c0
[14074.880000] [<81fa6d4c>] 0x81fa6d4c
[14074.880000] [<8008e064>] 0x8008e064
[14074.880000] [<8009659c>] 0x8009659c
[14074.880000] [<81fa4318>] 0x81fa4318
[14074.880000] [<80076300>] 0x80076300
[14074.880000] [<80076824>] 0x80076824
[14074.880000] [<80076a30>] 0x80076a30
[14074.880000] [<80089360>] 0x80089360
[14074.880000] [<80076c64>] 0x80076c64
[14074.880000] [<80062d2c>] 0x80062d2c
[14074.880000] 
[14074.880000] Mem-Info:
[14074.880000] Normal per-cpu:
[14074.880000] CPU    0: hi:    0, btch:   1 usd:   0
[14074.880000] active_anon:614 inactive_anon:18 isolated_anon:0
[14074.880000]  active_file:1164 inactive_file:1399 isolated_file:0
[14074.880000]  unevictable:0 dirty:0 writeback:0 unstable:0
[14074.880000]  free:68 slab_reclaimable:371 slab_unreclaimable:2725
[14074.880000]  mapped:473 shmem:56 pagetables:85 bounce:0
[14074.880000] Normal free:272kB min:720kB low:900kB high:1080kB active_anon:2456kB inactive_anon:72kB active_file:4656kB inactive_file:5596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:32512kB mlocked:0kB dirty:0kB writeback:0kB mapped:1892kB shmem:224kB slab_reclaimable:1484kB slab_unreclaimable:10900kB kernel_stack:368kB pagetables:340kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[14074.880000] lowmem_reserve[]: 0 0
[14074.880000] Normal: 54*4kB 1*8kB 1*16kB 1*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 272kB
[14074.880000] 2619 total pagecache pages
[14074.880000] 0 pages in swap cache
[14074.880000] Swap cache stats: add 0, delete 0, find 0/0
[14074.880000] Free swap  = 0kB
[14074.880000] Total swap = 0kB
[14074.880000] 8192 pages RAM
[14074.880000] 820 pages reserved
[14074.880000] 2465 pages shared
[14074.880000] 6165 pages non-shared
[14074.880000] SLUB: Unable to allocate memory on node -1 (gfp=0x20)
[14074.880000]   cache: kmalloc-4096, object size: 4096, buffer size: 4096, default order: 3, min order: 0
[14074.880000]   node 0: slabs: 0, objs: 0, free: 0
[14075.120000] ath: skbuff alloc of size 1926 failed
[14075.120000] dnscrypt-proxy: page allocation failure: order:0, mode:0x4020
[14075.120000] Call Trace:[<802663e8>] 0x802663e8
[14075.120000] [<802663e8>] 0x802663e8
[14075.120000] [<800ad368>] 0x800ad368
[14075.120000] [<800af668>] 0x800af668
[14075.120000] [<802d0000>] 0x802d0000
[14075.120000] [<800d2e60>] 0x800d2e60
[14075.120000] [<80071ca4>] 0x80071ca4
[14075.120000] [<80267834>] 0x80267834
[14075.120000] [<800721e0>] 0x800721e0
[14075.120000] [<800d4838>] 0x800d4838
[14075.120000] [<801d6c44>] 0x801d6c44
[14075.120000] [<814bc0c0>] 0x814bc0c0
[14075.120000] [<801d6be8>] 0x801d6be8
[14075.120000] [<814bc0c0>] 0x814bc0c0
[14075.120000] [<81fa6d4c>] 0x81fa6d4c
[14075.120000] [<8008e064>] 0x8008e064
[14075.120000] [<8009659c>] 0x8009659c
[14075.120000] [<8006da01>] 0x8006da01
[14075.120000] [<81fa4318>] 0x81fa4318
[14075.120000] [<80076300>] 0x80076300
[14075.120000] [<80076824>] 0x80076824
[14075.120000] [<80076a30>] 0x80076a30
[14075.120000] [<80089360>] 0x80089360
[14075.120000] [<80076c64>] 0x80076c64
[14075.120000] [<80062d2c>] 0x80062d2c
[14075.120000] 
[14075.120000] Mem-Info:
[14075.120000] Normal per-cpu:
[14075.120000] CPU    0: hi:    0, btch:   1 usd:   0
[14075.120000] active_anon:614 inactive_anon:18 isolated_anon:0
[14075.120000]  active_file:1164 inactive_file:1399 isolated_file:0
[14075.120000]  unevictable:0 dirty:0 writeback:0 unstable:0
[14075.120000]  free:68 slab_reclaimable:371 slab_unreclaimable:2725
[14075.120000]  mapped:473 shmem:56 pagetables:85 bounce:0
[14075.120000] Normal free:272kB min:720kB low:900kB high:1080kB active_anon:2456kB inactive_anon:72kB active_file:4656kB inactive_file:5596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:32512kB mlocked:0kB dirty:0kB writeback:0kB mapped:1892kB shmem:224kB slab_reclaimable:1484kB slab_unreclaimable:10900kB kernel_stack:368kB pagetables:340kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[14075.120000] lowmem_reserve[]: 0 0
[14075.120000] Normal: 54*4kB 1*8kB 1*16kB 1*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 272kB
[14075.120000] 2619 total pagecache pages
[14075.120000] 0 pages in swap cache
[14075.120000] Swap cache stats: add 0, delete 0, find 0/0
[14075.120000] Free swap  = 0kB
[14075.120000] Total swap = 0kB
[14075.120000] 8192 pages RAM
[14075.120000] 820 pages reserved
[14075.120000] 2465 pages shared
[14075.120000] 6165 pages non-shared
[14075.120000] SLUB: Unable to allocate memory on node -1 (gfp=0x20)
[14075.120000]   cache: kmalloc-4096, object size: 4096, buffer size: 4096, default order: 3, min order: 0
[14075.120000]   node 0: slabs: 0, objs: 0, free: 0
[14075.360000] ath: skbuff alloc of size 1926 failed
[14075.360000] ath: skbuff alloc of size 1926 failed
[14075.370000] ath: skbuff alloc of size 1926 failed
[14075.370000] ath: skbuff alloc of size 1926 failed
[14075.380000] ath: skbuff alloc of size 1926 failed
[14075.380000] ath: skbuff alloc of size 1926 failed
[14075.390000] ath: skbuff alloc of size 1926 failed
[14075.390000] ath: skbuff alloc of size 1926 failed
[14075.400000] ath: skbuff alloc of size 1926 failed
[14075.400000] ath: skbuff alloc of size 1926 failed
[14075.410000] ath: skbuff alloc of size 1926 failed
[14075.410000] ath: skbuff alloc of size 1926 failed
[14075.420000] ath: skbuff alloc of size 1926 failed
[14075.420000] ath: skbuff alloc of size 1926 failed
[14075.420000] ath: skbuff alloc of size 1926 failed
[14075.430000] ath: skbuff alloc of size 1926 failed
[14075.430000] ath: skbuff alloc of size 1926 failed
[14075.440000] ath: skbuff alloc of size 1926 failed
[14075.440000] ath: skbuff alloc of size 1926 failed
[14075.450000] ath: skbuff alloc of size 1926 failed
[14075.450000] ath: skbuff alloc of size 1926 failed
[14075.460000] ath: skbuff alloc of size 1926 failed
[14075.460000] ath: skbuff alloc of size 1926 failed
[14075.470000] ath: skbuff alloc of size 1926 failed
[14075.470000] ath: skbuff alloc of size 1926 failed
[14075.480000] ath: skbuff alloc of size 1926 failed
[14075.480000] ath: skbuff alloc of size 1926 failed
[14075.490000] ath: skbuff alloc of size 1926 failed
[14075.490000] ath: skbuff alloc of size 1926 failed
[14075.500000] ath: skbuff alloc of size 1926 failed
[14075.500000] ath: skbuff alloc of size 1926 failed
[14075.500000] ath: skbuff alloc of size 1926 failed
[14075.510000] ath: skbuff alloc of size 1926 failed
[14075.510000] ath: skbuff alloc of size 1926 failed
[14075.520000] eth1: out of memory

System log:

May 19 22:50:09 OpenWrt kern.info kernel: emory on node -1 (gfp=0x20)
May 19 22:50:09 OpenWrt kern.warn kernel: [14073.920000]   cache: kmalloc-4096, object size: 4096, buffer size: 4096, default order: 3, min order: 0
May 19 22:50:09 OpenWrt kern.warn kernel: [14073.920000]   node 0: slabs: 0, objs: 0, free: 0
May 19 22:50:09 OpenWrt kern.err kernel: [14074.160000] ath: skbuff alloc of size 1926 failed
May 19 22:50:09 OpenWrt kern.warn kernel: [14074.160000] dnscrypt-proxy: page allocation failure: order:0, mode:0x4020
May 19 22:50:09 OpenWrt kern.warn kernel: [14074.160000] Call Trace:[<802663e8>] 0x802663e8
May 19 22:50:09 OpenWrt kern.warn kernel: [14074.160000] [<802663e8>] 0x802663e8
May 19 22:50:09 OpenWrt kern.warn kernel: [14074.160000] [<800ad368>] 0x800ad368
May 19 22:50:09 OpenWrt kern.warn kernel: [14074.160000] [<800af668>] 0x800af668
May 19 22:50:09 OpenWrt kern.warn kernel: [14074.160000] [<802d0000>] 0x802d0000
May 19 22:50:09 OpenWrt kern.warn kernel: [14074.160000] [<800d2e60>] 0x800d2e60
May 19 22:50:09 OpenWrt kern.warn kernel: [14074.160000] [<80071ca4>] 0x80071ca4

lagonauta, I also noticed an increase of VSZ after several incorrect certificate requests. I'll try write a bug report to the author.
How much memory is available on your router (run free command)?

https://github.com/opendns/dnscrypt-proxy/issues/8

Black Roland wrote:

lagonauta, I also noticed an increase of VSZ after several incorrect certificate requests. I'll try write a bug report to the author.
How much memory is available on your router (run free command)?

https://github.com/opendns/dnscrypt-proxy/issues/8

Here it is: (with dnscrypt disabled)

             total         used         free       shared      buffers
Mem:         29488        26684         2804            0         2160
-/+ buffers:              24524         4964
Swap:            0            0            0

lagonauta, Try with --max-active-requests=64 option. Please test using a different values (less than 64).
Sample init script (/etc/init.d/dnscrypt-proxy):

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2012 OpenWrt.org

START=50

LISTEN_ADDR=127.0.0.1
LISTEN_PORT=2053

start() {
    service_start /usr/sbin/dnscrypt-proxy -d \
        -a $LISTEN_ADDR \
        -P $LISTEN_PORT \
        --max-active-requests=64 \
        -u nobody
}

stop() {
    service_stop /usr/sbin/dnscrypt-proxy
}

On my router after >1000 queries the memory does not increase.

Thanks, I will test tomorrow smile

But won't this hinder the performance?

lagonauta, Insignificantly. If you are single router user, the performance will not change. For me benchmark test are similar.

Black Roland wrote:

lagonauta, Insignificantly. If you are single router user, the performance will not change. For me benchmark test are similar.

Yes. It does not matter whether we like it or not, it depends on available RAM on a router. Let me quote DNSCrypt's author:

jedisct1 wrote:

Also, by default, dnscrypt accepts and processes up to 250 parallel connections. That can take up to 15 Mb RAM.

If this is way too much for your device, lower this value to something more reasonable (each connection needs 64 Kb) with --max-active-requests=...

PS Glad my package is useful for someone.
PPS Package updated to v0.9.4. Is it better to link it with a nacl library from packages instead of bundled one? Or it may causes performance decrease?

(Last edited by ryzhov_al on 22 May 2012, 07:17)

Here it is like seven router users, hehe. Will test anyway smile

EDIT:

It seems that after some time the process just kills itself o.O
I couldn't find it with the command top, and my browser was resolving the names. But according to OpenDNS website I wasn't using it!

I have nothing on my log about that, it was full of wireless authentications.
Will keep monitoring.

EDIT2:

Just confirmed: it is killing itself and not writing anything on the log.
I am using latest version here, and I compiled it myself.

(Last edited by lagonauta on 23 May 2012, 00:07)

lagonauta, I thought this problem only for me smile It is segmentation fault error. I don't know reason of this, but I try to test latest git version. P.S. 0.9.3 version works fine: http://bit.ly/LtkQxE

UPD
I think this bug in libuv, but I don't know how to fix it. PC version works good.

Black Roland, please test last version with my patch.

I suspect it's my fault initially. I turned off  -fstack-protector but forgot about -D_FORTIFY_SOURCE=2, also removed some weird linker flags.

dnscrypt-proxy 0.9.5 tested for two days under quite heavy load (~8000 DNS names resolved) and there is no sign of memleak (under Valgrind too). Memory heap raised from 60 to 600Kb and stops growing at this point.

(Last edited by ryzhov_al on 8 Jun 2012, 14:55)

ryzhov_al, Without any changes sad
Makefile:

#
# Copyright (C) 2006-2012 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=dnscrypt-proxy
PKG_VERSION:=0.9.5
PKG_RELEASE:=1

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://github.com/opendns/dnscrypt-proxy/downloads
PKG_MD5SUM:=446c3063bcc5af09e94d2d686781592a
PKG_INSTALL:=1

include $(INCLUDE_DIR)/package.mk

define Package/dnscrypt-proxy
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=IP Addresses and Names
  DEPENDS:= +libpthread
  TITLE:=A tool for securing DNS requests
  URL:=http://www.opendns.com/technology/dnscrypt
endef

define Package/dnscrypt-proxy/description
dnscrypt-proxy is a slight variation on DNSCurve.
DNSCurve improves the confidentiality and integrity of DNS requests using
high-speed high-security elliptic-curve cryptography. Best of all, DNSCurve
has very low overhead and adds virtually no latency to queries.
endef

define Package/dnscrypt-proxy/install
    $(INSTALL_DIR) $(1)/usr/sbin
    $(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnscrypt-proxy $(1)/usr/sbin/
    $(INSTALL_DIR) $(1)/etc/init.d
    $(INSTALL_BIN) ./files/dnscrypt-proxy.init $(1)/etc/init.d/dnscrypt-proxy
endef

$(eval $(call BuildPackage,dnscrypt-proxy))

Black Roland wrote:

Without any changes sad

It crashed in a one hour? Leaks out and die?
Please, put a line in cron's job for a while:

 $ cat /proc/`pidof dnscrypt-proxy`/smaps | awk 'NR%8==1,NR%8==3 >> /tmp/dnscrypt-memusage.log

We must show to Frank Denis how it leaks (if it really leaks).

ryzhov_al, ? ???? ????????? ?????? ??? ?????? ??? ????? ? ????? (? ?? VSZ). ?? ??????? ?????? ? lagonauta ????? (????? ?????? ?????? ?? ???????). ?????? ????????? ?????? ??????, ???????????.

English: nothing interesting smile

Yes, there is libuv memory leak fix commit, but it useless:

- Dnscrypt-proxy 0.9.5 + new libuv (with leak fix) - leaks!
- Dnscrypt-proxy 0.9.5 + old libuv (like in 0.9.3) - leaks!

Now we may drop libuv-driven version because there is libevent-driven version released. We tested it, looks cool:

- no leaks!
- 20% smaller binary size,
- less RAM consumption.

Makefiles here.

(Last edited by ryzhov_al on 18 Jun 2012, 13:56)

Added latest Git version: 1e7edae (Makefile) (ipk) (Changelog)
Please test with -u nobody option

Black Roland wrote:

Added latest Git version: 1e7edae (Makefile) (ipk) (Changelog)
Please test with -u nobody option

#!/bin/sh /etc/rc.common

START=50

LISTEN_ADDR=127.0.0.1
LISTEN_PORT=2053

start() {
        /usr/sbin/dnscrypt-proxy -d \
                -a $LISTEN_ADDR \
                -P $LISTEN_PORT \
                -n 64
                -u nobody
}

stop() {
        /usr/sbin/dnscrypt-proxy
}

~
~
~
~
root@OpenWrt:/# /etc/init.d/dnscrypt-proxy stop
[INFO] Generating a new key pair
[ERROR] Unable to bind: 127.0.0.1:53 (TCP)
root@OpenWrt:/# /etc/init.d/dnscrypt-proxy start
/etc/rc.common: line 78: -u: not found
root@OpenWrt:/# /etc/init.d/dnscrypt-proxy stop
[INFO] Generating a new key pair
[ERROR] Unable to bind: 127.0.0.1:53 (TCP)
root@OpenWrt:/# /etc/init.d/dnscrypt-proxy start
/etc/rc.common: line 78: -u: not found
root@OpenWrt:/#

(Last edited by buffl on 18 Jun 2012, 19:54)

buffl wrote:


                -n 64
                -u nobody

You missed "\" symbol, please try this init-script:

# cat /etc/init.d/dnscrypt-proxy
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2012 OpenWrt.org

START=50

LISTEN_ADDR=127.0.0.1
LISTEN_PORT=2053

start() {
    service_start /usr/sbin/dnscrypt-proxy -d \
        -a $LISTEN_ADDR \
        -P $LISTEN_PORT \
        -n 64 \
        -u nobody
}

stop() {
    service_stop /usr/sbin/dnscrypt-proxy
}

or this command:

# dnscrypt-proxy -P 2053 -u nobody

It is for me:

# dnscrypt-proxy -P 2053 -u nobody
[INFO] Generating a new key pair
[INFO] Stopping proxy
[INFO] TCP listener shut down
Segmentation fault
# dmesg | tail -1
[  110.370000] warning: process `dnscrypt-proxy' used the deprecated sysctl system call with 1.40.6.

I can't bring up dnscrypt at boot.Notice these in system log:
Jun 19 06:21:12 OpenWrt daemon.info dnscrypt-proxy[1172]: Generating a new key pair
Jun 19 06:21:13 OpenWrt daemon.err dnscrypt-proxy[1172]: Unable to bind [127.0.0.1] (TCP)
Full log is here:
http://pastebin.com/bGt1e4Hi

Anyone kind enough to help?

Sorry for my english,too:)

axishero, 0.9.3 version with standard init.d/dnscrypt-proxy script? I think 2053 port is already in use (# netstat  -a -n for check), or permissions denied.
In /etc/init.d/dncrypt-proxy try to change LISTEN_PORT to any another more than 1024 (and in /etc/config/dhcp too) or change dnscrypt-proxy arguments (remove -u nobody):

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2012 OpenWrt.org

START=50

LISTEN_ADDR=127.0.0.1
LISTEN_PORT=7953

start() {
        service_start /usr/sbin/dnscrypt-proxy -d \
                -a $LISTEN_ADDR \
                -P $LISTEN_PORT \
                -n 64

}

stop() {
        service_stop /usr/sbin/dnscrypt-proxy
}

Black Roland wrote:

It is for me:
# dnscrypt-proxy -P 2053 -u nobody
[INFO] Generating a new key pair
[INFO] Stopping proxy
[INFO] TCP listener shut down
Segmentation fault
# dmesg | tail -1
[  110.370000] warning: process `dnscrypt-proxy' used the deprecated sysctl system call with 1.40.6.

corrected

root@OpenWrt:/# dnscrypt-proxy -P 2053 -u nobody
[INFO] Generating a new key pair
[ERROR] Unable to bind: 127.0.0.1:2053 (TCP)
root@OpenWrt:/# dmesg | tail -1
ar71xx-wdt: enabling watchdog timer

buffl, It works normal with error? O_o

buffl wrote:

[ERROR] Unable to bind: 127.0.0.1:2053 (TCP)

Black Roland wrote:

axishero, 0.9.3 version with standard init.d/dnscrypt-proxy script? I think 2053 port is already in use (# netstat  -a -n for check), or permissions denied.

I am using the init script from your #1 post.
Dnscrypt can't be up at boot.But it can be up by ssh into and '/etc/init.d/dnscrypt-proxy start' after boot.For this case,it's running on tplink wr1041n which has only one switch named eth0 divided into eth0.1 and eth0.2 as wan and lan.