Skip to content

Commit 07d44fa

Browse files
ignoramousignoramous
committed
doh: add ech prefix iff used
1 parent ddf1e34 commit 07d44fa

File tree

2 files changed

+21
-18
lines changed

2 files changed

+21
-18
lines changed

intra/doh/doh.go

Lines changed: 16 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -367,7 +367,7 @@ func (t *transport) httpClientFor(p ipn.Proxy) (c3, c *http.Client) {
367367
// Independent of the query's success or failure, this function also returns the
368368
// address of the server on a best-effort basis, or nil if the address could not
369369
// be determined.
370-
func (t *transport) doDoh(pid string, q *dns.Msg) (response *dns.Msg, blocklists, region string, elapsed time.Duration, qerr *dnsx.QueryError) {
370+
func (t *transport) doDoh(pid string, q *dns.Msg) (response *dns.Msg, blocklists, region string, ech bool, elapsed time.Duration, qerr *dnsx.QueryError) {
371371
start := time.Now()
372372
padQuery(q)
373373

@@ -383,7 +383,7 @@ func (t *transport) doDoh(pid string, q *dns.Msg) (response *dns.Msg, blocklists
383383
return
384384
}
385385

386-
response, blocklists, region, elapsed, qerr = t.send(pid, req)
386+
response, blocklists, region, ech, elapsed, qerr = t.send(pid, req)
387387

388388
// restore dns query id
389389
q.Id = id
@@ -420,7 +420,8 @@ func (t *transport) fetch(pid string, req *http.Request) (*http.Response, error)
420420

421421
r, err := t.multifetch(req, c3, c)
422422
if err != nil {
423-
log.W("doh: fetch: %s, err: %v", ustr, err)
423+
log.W("doh: fetch: %s, mayech? %t, err: %v",
424+
ustr, t.echconfig != nil, err)
424425
return r, uerr(err)
425426
}
426427
return r, nil
@@ -500,13 +501,12 @@ func (t *transport) prepare(pid string) (c3, c *http.Client, err error) {
500501
return
501502
}
502503

503-
func (t *transport) do(pid string, req *http.Request) (ans []byte, blocklists, region string, elapsed time.Duration, qerr *dnsx.QueryError) {
504+
func (t *transport) do(pid string, req *http.Request) (ans []byte, blocklists, region string, withech bool, elapsed time.Duration, qerr *dnsx.QueryError) {
504505
var server net.Addr
505506
var conn net.Conn
506507
start := time.Now()
507508
// either t.hostname or t.odohtargetname or t.odohproxy
508509
hostname := req.URL.Hostname()
509-
withech := false
510510

511511
// Error cleanup function. If the query fails, this function will close the
512512
// underlying socket and disconfirm the server IP. Empirically, sockets often
@@ -608,10 +608,10 @@ func (t *transport) do(pid string, req *http.Request) (ans []byte, blocklists, r
608608
return
609609
}
610610

611-
func (t *transport) send(pid string, req *http.Request) (msg *dns.Msg, blocklists, region string, elapsed time.Duration, qerr *dnsx.QueryError) {
611+
func (t *transport) send(pid string, req *http.Request) (msg *dns.Msg, blocklists, region string, ech bool, elapsed time.Duration, qerr *dnsx.QueryError) {
612612
var ans []byte
613613
var err error
614-
ans, blocklists, region, elapsed, qerr = t.do(pid, req)
614+
ans, blocklists, region, ech, elapsed, qerr = t.do(pid, req)
615615
if qerr != nil {
616616
return
617617
}
@@ -671,19 +671,23 @@ func (t *transport) Type() string {
671671

672672
func (t *transport) Query(network string, q *dns.Msg, smm *x.DNSSummary) (r *dns.Msg, err error) {
673673
var blocklists, region string
674+
var ech bool
674675
var elapsed time.Duration
675676
var qerr *dnsx.QueryError
676677

677678
_, pid := xdns.Net2ProxyID(network)
678679
if t.typ == dnsx.DOH {
679-
r, blocklists, region, elapsed, qerr = t.doDoh(pid, q)
680-
smm.Server = t.GetAddr()
680+
r, blocklists, region, ech, elapsed, qerr = t.doDoh(pid, q)
681681
} else {
682-
r, elapsed, qerr = t.doOdoh(pid, q)
683-
smm.Server = t.GetAddr()
682+
r, ech, elapsed, qerr = t.doOdoh(pid, q)
684683
smm.RelayServer = t.odohproxyname
685684
}
686685

686+
smm.Server = t.GetAddr()
687+
if ech {
688+
smm.Server = dnsx.EchPrefix + smm.Server
689+
}
690+
687691
status := dnsx.Complete
688692

689693
if qerr != nil {
@@ -726,9 +730,7 @@ func (t *transport) GetAddr() string {
726730
addr = t.odohtargetname
727731
}
728732

729-
if t.echconfig != nil {
730-
addr = dnsx.EchPrefix + addr
731-
} else if t.skipTLSVerify {
733+
if t.skipTLSVerify {
732734
addr = dnsx.NoPkiPrefix + addr
733735
}
734736
// doh transports could be "dnsx.Bootstrap"

intra/doh/odoh.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ var (
4444

4545
// targets: github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-servers.md
4646
// endpoints: github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh-relays.md
47-
func (d *transport) doOdoh(pid string, q *dns.Msg) (res *dns.Msg, elapsed time.Duration, qerr *dnsx.QueryError) {
47+
func (d *transport) doOdoh(pid string, q *dns.Msg) (res *dns.Msg, ech bool, elapsed time.Duration, qerr *dnsx.QueryError) {
4848
var ans []byte
4949
viaproxy := len(d.odohproxyurl) > 0
5050

@@ -62,8 +62,9 @@ func (d *transport) doOdoh(pid string, q *dns.Msg) (res *dns.Msg, elapsed time.D
6262
return
6363
}
6464

65-
ans, _, _, elapsed, qerr = d.do(pid, req)
66-
log.V("odoh: send; proxy? %t, elapsed: %s; err? %v", viaproxy, elapsed, qerr)
65+
ans, _, _, ech, elapsed, qerr = d.do(pid, req)
66+
log.V("odoh: send; proxy? %t, ech? %t, elapsed: %s; err? %v",
67+
viaproxy, ech, elapsed, qerr)
6768
if qerr != nil {
6869
// datatracker.ietf.org/doc/rfc9230 section 4.3 and section 7
6970
// 401 authorization error on hpke failure
@@ -244,7 +245,7 @@ func (d *transport) refreshTargetKeyDNS() (ocfg *odoh.ObliviousDoHConfig, exp ti
244245
var req *http.Request
245246
// fetch odoh-config from odohconfigdns
246247
if req, err = d.asDohRequest(cmsg); err == nil {
247-
cres, _, _, _, err = d.send(dnsx.NetNoProxy, req)
248+
cres, _, _, _, _, err = d.send(dnsx.NetNoProxy, req)
248249
}
249250
}
250251

0 commit comments

Comments
 (0)