Commit 3116745e authored by Alexandre's avatar Alexandre
Browse files

[DoH] Define header value on command line

parent 2ac17769
......@@ -50,6 +50,7 @@ Possible options, besides `--dot`:
does not mention it, result is probably indefinite.
* --POST or -P: (DoH) Uses the POST HTTP method (default is GET)
* --insecure or -k: Does not check the certificate
* --header or -H: (DoH) header to include in the request (curl syntax)
* -4: Uses only IPv4
* -6: Uses only IPv6
* --dnssec: requests DNSSEC data (signatures)
......
......@@ -60,6 +60,8 @@ show_time = False
check = False
mandatory_level = None
check_additional = True
doh_header = []
doh_header_default = ["Accept: application/dns-message", "Content-type: application/dns-message"]
# Monitoring plugin only:
host = None
path = None
......@@ -470,7 +472,7 @@ class ConnectionDoT(Connection):
request.check_response(self.debug)
def create_handle(connection):
def create_handle(connection, header=doh_header_default):
def reset_opt_default(handle):
opts = {
pycurl.NOBODY: False,
......@@ -494,6 +496,8 @@ def create_handle(connection):
handle.setopt(pycurl.NOBODY, True)
dns_req = base64.urlsafe_b64encode(request.data).decode('UTF8').rstrip('=')
handle.setopt(pycurl.URL, connection.server + ("?dns=%s" % dns_req))
if hasattr(request, 'header') and len(request.header) > 0: # overwrite default header
handle.setopt(pycurl.HTTPHEADER, request.header)
handle.buffer = io.BytesIO()
handle.setopt(pycurl.WRITEDATA, handle.buffer)
handle.request = request
......@@ -514,8 +518,7 @@ def create_handle(connection):
if connection.connect is not None:
family, repraddress = check_ip_address(connection.connect, dot=False)
handle.setopt(pycurl.CONNECT_TO, [f'::{repraddress}:443',])
handle.setopt(pycurl.HTTPHEADER,
["Accept: application/dns-message", "Content-type: application/dns-message"])
handle.setopt(pycurl.HTTPHEADER, header)
handle.reset_opt_default = reset_opt_default
handle.prepare = prepare
return handle
......@@ -869,14 +872,14 @@ if not monitoring:
name = None
message = None
try:
optlist, args = getopt.getopt (sys.argv[1:], "hvPkeV:r:f:d:t46",
optlist, args = getopt.getopt (sys.argv[1:], "hvPkeV:r:f:d:t46H:",
["help", "verbose", "debug", "dot", "head",
"insecure", "POST", "vhost=", "multistreams",
"sync", "no-display-results", "time",
"dnssec", "noedns", "ecs", "repeat=", "file=", "delay=",
"key=", "nosni",
"v4only", "v6only",
"check", "mandatory-level="])
"header=", "check", "mandatory-level="])
for option, value in optlist:
if option == "--help" or option == "-h":
usage()
......@@ -935,6 +938,8 @@ if not monitoring:
check = True
elif option == "--mandatory-level":
mandatory_level = value
elif option == "--header" or option == "-H":
doh_header.append(value)
else:
error("Unknown option %s" % option)
except getopt.error as reason:
......@@ -979,6 +984,11 @@ if not monitoring:
if mandatory_level is None:
mandatory_level = "necessary"
mandatory_level = mandatory_levels[mandatory_level]
if len(doh_header) > 0 and dot:
usage("Header definition makes no sense with --dot")
sys.exit(1)
if len(doh_header) == 0 and not dot and not check:
doh_header = ["Accept: application/dns-message", "Content-type: application/dns-message"]
if ifile is None and (len(args) != 2 and len(args) != 3):
usage("Wrong number of arguments")
sys.exit(1)
......@@ -1135,6 +1145,7 @@ for connectTo in ip_set:
if not dot:
request.head = head
request.post = post
request.header = doh_header
try:
conn.do_test(request, synchronous = not multistreams)
except (OpenSSL.SSL.Error, CustomException) as e:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment