v1.0.0
First stable version! Egress eddie has been successfully used by me for months, and I've stabilized the config format so I finally feel comfortable cutting a stable release.
Summary of Changes
- Update config format to allow IPv4 and IPV6 to be filtered simultaneously
- Greatly expand fuzz test and include corpus as a submodule
- Validate hostnames in config
- Drop DNS replies with disallowed hostnames in answers
- Directly support MX and NS DNS answers
- Overhaul logging of DNS traffic
- Wait to start filtering traffic until after seccomp filters have been set
Full Changelog: v0.5.0...v1.0.0
Breaking Changes
The ipv6 config option is gone in favor of explicitly specifying IPv4 and IPv6 nfqueue queue numbers. For example, this config:
inboundDNSQueue = 1
ipv6 = false
[[filters]]
name = "example"
dnsQueue = 1000
trafficQueue = 1001
ipv6 = false
allowAnswersFor = "5m"
allowedHostnames = [
"github.com",
]now becomes:
inboundDNSQueue.ipv4 = 1
[[filters]]
name = "example"
dnsQueue.ipv4 = 1000
trafficQueue.ipv4 = 1001
allowAnswersFor = "5m"
allowedHostnames = [
"github.com",
]This change is necessary to allow filtering IPv4 and IPv6 at the same time, which was impossible with the old config format.