Lines Matching +full:ipv6 +full:- +full:multi +full:- +full:target
21 * SPDX-License-Identifier: curl
96 * the QNAME-encoding of the host name. in doh_encode()
98 * A valid DNS name may not contain a zero-length label, except at in doh_encode()
104 * QNAME-encoding is one byte longer than the host name. If (as is in doh_encode()
106 * trailing dot, then its QNAME-encoding will be two bytes longer in doh_encode()
113 * representing the zero-length root label, again increasing in doh_encode()
120 if(host[hostlen-1]!='.') in doh_encode()
147 labellen = dot - hostp; in doh_encode()
155 /* label is non-empty, process it */ in doh_encode()
165 *dnsp++ = 0; /* append zero-length label for root */ in doh_encode()
172 *dnsp++ = DNS_CLASS_IN; /* IN - "the Internet" */ in doh_encode()
174 *olen = dnsp - orig; in doh_encode()
214 /* called from multi.c when this DoH transfer is complete */
217 struct Curl_easy *data = doh->set.dohfor; in doh_done()
218 struct dohdata *dohp = data->req.doh; in doh_done()
220 dohp->pending--; in doh_done()
221 infof(doh, "a DoH request is completed, %u to go", dohp->pending); in doh_done()
225 if(!dohp->pending) { in doh_done()
227 curl_slist_free_all(dohp->headers); in doh_done()
228 dohp->headers = NULL; in doh_done()
246 const char *url, CURLM *multi, in dohprobe() argument
252 DOHcode d = doh_encode(host, dnstype, p->dohbuffer, sizeof(p->dohbuffer), in dohprobe()
253 &p->dohlen); in dohprobe()
259 p->dnstype = dnstype; in dohprobe()
260 Curl_dyn_init(&p->serverdoh, DYN_DOH_RESPONSE); in dohprobe()
272 struct dynbuf *resp = &p->serverdoh; in dohprobe()
273 doh->state.internal = true; in dohprobe()
275 doh->state.feat = &Curl_doh_trc; in dohprobe()
281 ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer); in dohprobe()
282 ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen); in dohprobe()
296 ERROR_CHECK_SETOPT(CURLOPT_SHARE, data->share); in dohprobe()
297 if(data->set.err && data->set.err != stderr) in dohprobe()
298 ERROR_CHECK_SETOPT(CURLOPT_STDERR, data->set.err); in dohprobe()
301 if(data->set.no_signal) in dohprobe()
305 data->set.doh_verifyhost ? 2L : 0L); in dohprobe()
307 data->set.doh_verifypeer ? 1L : 0L); in dohprobe()
309 data->set.doh_verifystatus ? 1L : 0L); in dohprobe()
312 best-guess as to which options are needed for compatibility. #3661 in dohprobe()
319 if(data->set.ssl.falsestart) in dohprobe()
321 if(data->set.str[STRING_SSL_CAFILE]) { in dohprobe()
323 data->set.str[STRING_SSL_CAFILE]); in dohprobe()
325 if(data->set.blobs[BLOB_CAINFO]) { in dohprobe()
327 data->set.blobs[BLOB_CAINFO]); in dohprobe()
329 if(data->set.str[STRING_SSL_CAPATH]) { in dohprobe()
331 data->set.str[STRING_SSL_CAPATH]); in dohprobe()
333 if(data->set.str[STRING_SSL_CRLFILE]) { in dohprobe()
335 data->set.str[STRING_SSL_CRLFILE]); in dohprobe()
337 if(data->set.ssl.certinfo) in dohprobe()
339 if(data->set.ssl.fsslctx) in dohprobe()
340 ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx); in dohprobe()
341 if(data->set.ssl.fsslctxp) in dohprobe()
342 ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_DATA, data->set.ssl.fsslctxp); in dohprobe()
343 if(data->set.fdebug) in dohprobe()
344 ERROR_CHECK_SETOPT(CURLOPT_DEBUGFUNCTION, data->set.fdebug); in dohprobe()
345 if(data->set.debugdata) in dohprobe()
346 ERROR_CHECK_SETOPT(CURLOPT_DEBUGDATA, data->set.debugdata); in dohprobe()
347 if(data->set.str[STRING_SSL_EC_CURVES]) { in dohprobe()
349 data->set.str[STRING_SSL_EC_CURVES]); in dohprobe()
354 (data->set.ssl.enable_beast ? in dohprobe()
356 (data->set.ssl.no_revoke ? in dohprobe()
358 (data->set.ssl.no_partialchain ? in dohprobe()
360 (data->set.ssl.revoke_best_effort ? in dohprobe()
362 (data->set.ssl.native_ca_store ? in dohprobe()
364 (data->set.ssl.auto_client_cert ? in dohprobe()
370 doh->set.fmultidone = doh_done; in dohprobe()
371 doh->set.dohfor = data; /* identify for which transfer this is done */ in dohprobe()
372 p->easy = doh; in dohprobe()
378 DEBUGASSERT(!doh->set.private_data); in dohprobe()
380 if(curl_multi_add_handle(multi, doh)) in dohprobe()
405 struct connectdata *conn = data->conn; in Curl_doh()
416 DEBUGASSERT(!data->req.doh); in Curl_doh()
420 dohp = data->req.doh = calloc(1, sizeof(struct dohdata)); in Curl_doh()
424 conn->bits.doh = TRUE; in Curl_doh()
425 dohp->host = hostname; in Curl_doh()
426 dohp->port = port; in Curl_doh()
427 dohp->headers = in Curl_doh()
429 "Content-Type: application/dns-message"); in Curl_doh()
430 if(!dohp->headers) in Curl_doh()
434 result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V4], in Curl_doh()
435 DNS_TYPE_A, hostname, data->set.str[STRING_DOH], in Curl_doh()
436 data->multi, dohp->headers); in Curl_doh()
439 dohp->pending++; in Curl_doh()
442 if((conn->ip_version != CURL_IPRESOLVE_V4) && Curl_ipv6works(data)) { in Curl_doh()
443 /* create IPv6 DoH request */ in Curl_doh()
444 result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V6], in Curl_doh()
445 DNS_TYPE_AAAA, hostname, data->set.str[STRING_DOH], in Curl_doh()
446 data->multi, dohp->headers); in Curl_doh()
449 dohp->pending++; in Curl_doh()
458 * where the additional request doesn't match the pre-cooked data in Curl_doh()
460 * in a non-ECH use-case. For the present, we'll only make the in Curl_doh()
465 if(data->set.tls_ech & CURLECH_ENABLE in Curl_doh()
466 || data->set.tls_ech & CURLECH_HARD) { in Curl_doh()
473 result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_HTTPS], in Curl_doh()
474 DNS_TYPE_HTTPS, qname, data->set.str[STRING_DOH], in Curl_doh()
475 data->multi, dohp->headers); in Curl_doh()
479 dohp->pending++; in Curl_doh()
487 curl_slist_free_all(dohp->headers); in Curl_doh()
488 data->req.doh->headers = NULL; in Curl_doh()
490 (void)curl_multi_remove_handle(data->multi, dohp->probe[slot].easy); in Curl_doh()
491 Curl_close(&dohp->probe[slot].easy); in Curl_doh()
493 Curl_safefree(data->req.doh); in Curl_doh()
542 if(d->numaddr < DOH_MAX_ADDR) { in store_a()
543 struct dohaddr *a = &d->addr[d->numaddr]; in store_a()
544 a->type = DNS_TYPE_A; in store_a()
545 memcpy(&a->ip.v4, &doh[index], 4); in store_a()
546 d->numaddr++; in store_a()
556 if(d->numaddr < DOH_MAX_ADDR) { in store_aaaa()
557 struct dohaddr *a = &d->addr[d->numaddr]; in store_aaaa()
558 a->type = DNS_TYPE_AAAA; in store_aaaa()
559 memcpy(&a->ip.v6, &doh[index], 16); in store_aaaa()
560 d->numaddr++; in store_aaaa()
572 if(d->numhttps_rrs < DOH_MAX_HTTPS) { in store_https()
573 struct dohhttps_rr *h = &d->https_rrs[d->numhttps_rrs]; in store_https()
574 h->val = Curl_memdup(&doh[index], len); in store_https()
575 if(!h->val) in store_https()
577 h->len = len; in store_https()
578 d->numhttps_rrs++; in store_https()
593 if(d->numcname == DOH_MAX_CNAME) in store_cname()
596 c = &d->cname[d->numcname++]; in store_cname()
629 } while(length && --loop); in store_cname()
644 - A (TYPE 1): 4 bytes in rdata()
645 - AAAA (TYPE 28): 16 bytes in rdata()
646 - NS (TYPE 2): N bytes in rdata()
647 - HTTPS (TYPE 65): N bytes */ in rdata()
691 de->ttl = INT_MAX; in de_init()
693 Curl_dyn_init(&de->cname[i], DYN_DOH_CNAME); in de_init()
728 qdcount--; in doh_decode()
762 if(ttl < d->ttl) in doh_decode()
763 d->ttl = ttl; in doh_decode()
778 ancount--; in doh_decode()
800 nscount--; in doh_decode()
822 arcount--; in doh_decode()
829 if((type != DNS_TYPE_NS) && !d->numcname && !d->numaddr && !d->numhttps_rrs) in doh_decode()
831 if((type != DNS_TYPE_NS) && !d->numcname && !d->numaddr) in doh_decode()
844 infof(data, "[DoH] TTL: %u seconds", d->ttl); in showdoh()
845 for(i = 0; i < d->numaddr; i++) { in showdoh()
846 const struct dohaddr *a = &d->addr[i]; in showdoh()
847 if(a->type == DNS_TYPE_A) { in showdoh()
849 a->ip.v4[0], a->ip.v4[1], in showdoh()
850 a->ip.v4[2], a->ip.v4[3]); in showdoh()
852 else if(a->type == DNS_TYPE_AAAA) { in showdoh()
859 len = sizeof(buffer) - len; in showdoh()
862 msnprintf(ptr, len, "%s%02x%02x", j?":":"", d->addr[i].ip.v6[j], in showdoh()
863 d->addr[i].ip.v6[j + 1]); in showdoh()
865 len -= l; in showdoh()
872 for(i = 0; i < d->numhttps_rrs; i++) { in showdoh()
875 d->https_rrs[i].val, d->https_rrs[i].len); in showdoh()
877 infof(data, "DoH HTTPS RR: length %d", d->https_rrs[i].len); in showdoh()
881 for(i = 0; i < d->numcname; i++) { in showdoh()
882 infof(data, "CNAME: %s", Curl_dyn_ptr(&d->cname[i])); in showdoh()
895 * a IPv6 stack, but usable also for IPv4, all hosts and environments.
914 size_t hostlen = strlen(hostname) + 1; /* include null-terminator */ in doh2ai()
918 if(!de->numaddr) in doh2ai()
921 for(i = 0; i < de->numaddr; i++) { in doh2ai()
924 if(de->addr[i].type == DNS_TYPE_AAAA) { in doh2ai()
926 /* we can't handle IPv6 addresses */ in doh2ai()
943 ai->ai_addr = (void *)((char *)ai + sizeof(struct Curl_addrinfo)); in doh2ai()
944 ai->ai_canonname = (void *)((char *)ai->ai_addr + ss_size); in doh2ai()
945 memcpy(ai->ai_canonname, hostname, hostlen); in doh2ai()
953 prevai->ai_next = ai; in doh2ai()
955 ai->ai_family = addrtype; in doh2ai()
958 the type must be ignored and conn->socktype be used instead! */ in doh2ai()
959 ai->ai_socktype = SOCK_STREAM; in doh2ai()
961 ai->ai_addrlen = (curl_socklen_t)ss_size; in doh2ai()
965 switch(ai->ai_family) { in doh2ai()
967 addr = (void *)ai->ai_addr; /* storage area for this info */ in doh2ai()
968 DEBUGASSERT(sizeof(struct in_addr) == sizeof(de->addr[i].ip.v4)); in doh2ai()
969 memcpy(&addr->sin_addr, &de->addr[i].ip.v4, sizeof(struct in_addr)); in doh2ai()
970 addr->sin_family = addrtype; in doh2ai()
971 addr->sin_port = htons((unsigned short)port); in doh2ai()
976 addr6 = (void *)ai->ai_addr; /* storage area for this info */ in doh2ai()
977 DEBUGASSERT(sizeof(struct in6_addr) == sizeof(de->addr[i].ip.v6)); in doh2ai()
978 memcpy(&addr6->sin6_addr, &de->addr[i].ip.v6, sizeof(struct in6_addr)); in doh2ai()
979 addr6->sin6_family = addrtype; in doh2ai()
980 addr6->sin6_port = htons((unsigned short)port); in doh2ai()
1018 for(i = 0; i < d->numcname; i++) { in de_cleanup()
1019 Curl_dyn_free(&d->cname[i]); in de_cleanup()
1022 for(i = 0; i < d->numhttps_rrs; i++) in de_cleanup()
1023 free(d->https_rrs[i].val); in de_cleanup()
1037 * https://tools.ietf.org/html/rfc1035#section-3.1
1041 * that's why it's an "unsigned char **" :-)
1063 /* special case - return "." as name */ in local_decode_rdata_name()
1077 rem -= (clen + 1); in local_decode_rdata_name()
1085 *remaining = rem - 1; in local_decode_rdata_name()
1094 * spec here is as per draft-ietf-dnsop-svcb-https, section-7.1.1 in local_decode_rdata_alpn()
1097 * output is comma-sep list of the strings in local_decode_rdata_alpn()
1101 * backslash - same goes for a backslash character, and of course in local_decode_rdata_alpn()
1102 * we need to use two backslashes in strings when we mean one;-) in local_decode_rdata_alpn()
1121 remaining--; in local_decode_rdata_alpn()
1133 remaining -= (int)tlen; in local_decode_rdata_alpn()
1149 /* we'll use an example from draft-ietf-dnsop-svcb, figure 10 */ in test_alpn_escapes()
1187 lhrr->val = Curl_memdup(rrval, len); in Curl_doh_decode_httpsrr()
1188 if(!lhrr->val) in Curl_doh_decode_httpsrr()
1190 lhrr->len = len; in Curl_doh_decode_httpsrr()
1193 lhrr->priority = (uint16_t)((cp[0] << 8) + cp[1]); in Curl_doh_decode_httpsrr()
1195 remaining -= (uint16_t)2; in Curl_doh_decode_httpsrr()
1198 lhrr->target = dnsname; in Curl_doh_decode_httpsrr()
1204 remaining -= 4; in Curl_doh_decode_httpsrr()
1206 if(local_decode_rdata_alpn(cp, plen, &lhrr->alpns) != CURLE_OK) in Curl_doh_decode_httpsrr()
1210 lhrr->no_def_alpn = TRUE; in Curl_doh_decode_httpsrr()
1212 lhrr->ipv4hints = Curl_memdup(cp, plen); in Curl_doh_decode_httpsrr()
1213 if(!lhrr->ipv4hints) in Curl_doh_decode_httpsrr()
1215 lhrr->ipv4hints_len = (size_t)plen; in Curl_doh_decode_httpsrr()
1218 lhrr->echconfiglist = Curl_memdup(cp, plen); in Curl_doh_decode_httpsrr()
1219 if(!lhrr->echconfiglist) in Curl_doh_decode_httpsrr()
1221 lhrr->echconfiglist_len = (size_t)plen; in Curl_doh_decode_httpsrr()
1224 lhrr->ipv6hints = Curl_memdup(cp, plen); in Curl_doh_decode_httpsrr()
1225 if(!lhrr->ipv6hints) in Curl_doh_decode_httpsrr()
1227 lhrr->ipv6hints_len = (size_t)plen; in Curl_doh_decode_httpsrr()
1231 remaining -= plen; in Curl_doh_decode_httpsrr()
1239 free(lhrr->target); in Curl_doh_decode_httpsrr()
1240 free(lhrr->echconfiglist); in Curl_doh_decode_httpsrr()
1241 free(lhrr->val); in Curl_doh_decode_httpsrr()
1252 infof(data, "HTTPS RR: priority %d, target: %s", in local_print_httpsrr()
1253 hrr->priority, hrr->target); in local_print_httpsrr()
1254 if(hrr->alpns) in local_print_httpsrr()
1255 infof(data, "HTTPS RR: alpns %s", hrr->alpns); in local_print_httpsrr()
1258 if(hrr->no_def_alpn) in local_print_httpsrr()
1262 if(hrr->ipv4hints) { in local_print_httpsrr()
1264 hrr->ipv4hints, hrr->ipv4hints_len); in local_print_httpsrr()
1268 if(hrr->echconfiglist) { in local_print_httpsrr()
1270 hrr->echconfiglist, hrr->echconfiglist_len); in local_print_httpsrr()
1274 if(hrr->ipv6hints) { in local_print_httpsrr()
1276 hrr->ipv6hints, hrr->ipv6hints_len); in local_print_httpsrr()
1289 struct dohdata *dohp = data->req.doh; in Curl_doh_is_resolved()
1294 if(!dohp->probe[DOH_PROBE_SLOT_IPADDR_V4].easy && in Curl_doh_is_resolved()
1295 !dohp->probe[DOH_PROBE_SLOT_IPADDR_V6].easy) { in Curl_doh_is_resolved()
1296 failf(data, "Could not DoH-resolve: %s", data->state.async.hostname); in Curl_doh_is_resolved()
1297 return CONN_IS_PROXIED(data->conn)?CURLE_COULDNT_RESOLVE_PROXY: in Curl_doh_is_resolved()
1300 else if(!dohp->pending) { in Curl_doh_is_resolved()
1312 /* remove DoH handles from multi handle and close them */ in Curl_doh_is_resolved()
1314 curl_multi_remove_handle(data->multi, dohp->probe[slot].easy); in Curl_doh_is_resolved()
1315 Curl_close(&dohp->probe[slot].easy); in Curl_doh_is_resolved()
1320 struct dnsprobe *p = &dohp->probe[slot]; in Curl_doh_is_resolved()
1321 if(!p->dnstype) in Curl_doh_is_resolved()
1323 rc[slot] = doh_decode(Curl_dyn_uptr(&p->serverdoh), in Curl_doh_is_resolved()
1324 Curl_dyn_len(&p->serverdoh), in Curl_doh_is_resolved()
1325 p->dnstype, in Curl_doh_is_resolved()
1327 Curl_dyn_free(&p->serverdoh); in Curl_doh_is_resolved()
1331 type2name(p->dnstype), dohp->host); in Curl_doh_is_resolved()
1344 infof(data, "[DoH] Host name: %s", dohp->host); in Curl_doh_is_resolved()
1348 result = doh2ai(&de, dohp->host, dohp->port, &ai); in Curl_doh_is_resolved()
1354 if(data->share) in Curl_doh_is_resolved()
1358 dns = Curl_cache_addr(data, ai, dohp->host, 0, dohp->port); in Curl_doh_is_resolved()
1360 if(data->share) in Curl_doh_is_resolved()
1368 data->state.async.dns = dns; in Curl_doh_is_resolved()
1374 /* Now process any build-specific attributes retrieved from DNS */ in Curl_doh_is_resolved()
1378 result = Curl_doh_decode_httpsrr(de.https_rrs->val, de.https_rrs->len, in Curl_doh_is_resolved()
1388 (*dnsp)->hinfo = hrr; in Curl_doh_is_resolved()
1394 Curl_safefree(data->req.doh); in Curl_doh_is_resolved()
1397 } /* !dohp->pending */ in Curl_doh_is_resolved()