-
Notifications
You must be signed in to change notification settings - Fork 15
/
dnspolicy.go
72 lines (59 loc) · 1.97 KB
/
dnspolicy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package enginenetx
//
// HTTPS dialing policy where we generate tactics in the usual way
// by using a DNS resolver and using SNI == VerifyHostname
//
import (
"context"
"github.com/ooni/probe-engine/pkg/model"
"github.com/ooni/probe-engine/pkg/netxlite"
)
// dnsPolicy is the default TLS dialing policy where we use the
// given resolver and the domain as the SNI.
//
// The zero value is invalid; please, init all MANDATORY fields.
//
// This policy uses an Happy-Eyeballs-like algorithm.
type dnsPolicy struct {
// Logger is the MANDATORY logger.
Logger model.Logger
// Resolver is the MANDATORY resolver.
Resolver model.Resolver
}
var _ httpsDialerPolicy = &dnsPolicy{}
// LookupTactics implements httpsDialerPolicy.
func (p *dnsPolicy) LookupTactics(
ctx context.Context, domain, port string) <-chan *httpsDialerTactic {
out := make(chan *httpsDialerTactic)
go func() {
// make sure we close the output channel when done
// so the reader knows that we're done
defer close(out)
// Do not even start the DNS lookup if the context has already been canceled, which
// happens if some policy running before us had successfully connected
if err := ctx.Err(); err != nil {
p.Logger.Debugf("dnsPolicy: LookupTactics: %s", err.Error())
return
}
// See https://github.com/ooni/probe-cli/pull/1295#issuecomment-1731243994 for context
// on why here we MUST make sure we short-circuit IP addresses.
resoWithShortCircuit := &netxlite.ResolverShortCircuitIPAddr{Resolver: p.Resolver}
addrs, err := resoWithShortCircuit.LookupHost(ctx, domain)
if err != nil {
p.Logger.Warnf("resoWithShortCircuit.LookupHost: %s", err.Error())
return
}
// The tactics we generate here have SNI == VerifyHostname == domain
for idx, addr := range addrs {
tactic := &httpsDialerTactic{
Address: addr,
InitialDelay: happyEyeballsDelay(idx),
Port: port,
SNI: domain,
VerifyHostname: domain,
}
out <- tactic
}
}()
return out
}