https-record: add noech (#2132)

etc/smartdns/smartdns.conf

@@ -321,7 +321,7 @@ log-level info
 # srv-record /_ldap._tcp.example.com/
 
 # https-record /domain/[target=][,port=][,priority=][,alph=][,ech=][,ipv4hint=][,ipv6hint=]
-# https-record noipv4hint,noipv6hint
+# https-record noipv4hint,noipv6hint,noech
 # https-record /www.example.com/ipv4hint=192.168.1.2
 
 # enable DNS64 feature

src/dns_conf/https_record.c

@@ -108,6 +108,8 @@ int _conf_domain_rule_https_record(const char *domain, const char *host)
 			https_record_rule->filter.no_ipv4hint = 1;
 		} else if (strncmp(key, "noipv6hint", sizeof("noipv6hint")) == 0) {
 			https_record_rule->filter.no_ipv6hint = 1;
+		} else if (strncmp(key, "noech", sizeof("noech")) == 0) {
+			https_record_rule->filter.no_ech = 1;
 		} else {
 			mode_type = 1;
 			https_record_rule->record.enable = 1;

src/dns_server/answer.c

@@ -240,18 +240,7 @@ static int _dns_server_process_answer_HTTPS(struct dns_rrs *rrs, struct dns_requ
 	struct dns_https_param *p = NULL;
 	int priority = 0;
 	struct dns_request_https *https_svcb;
-	int no_ipv4 = 0;
-	int no_ipv6 = 0;
 	struct dns_https_record_rule *https_record_rule = _dns_server_get_dns_rule(request, DOMAIN_RULE_HTTPS);
-	if (https_record_rule) {
-		if (https_record_rule->filter.no_ipv4hint) {
-			no_ipv4 = 1;
-		}
-
-		if (https_record_rule->filter.no_ipv6hint) {
-			no_ipv6 = 1;
-		}
-	}
 
 	ret = dns_get_HTTPS_svcparm_start(rrs, &p, name, DNS_MAX_CNAME_LEN, &ttl, &priority, target, DNS_MAX_CNAME_LEN);
 	if (ret != 0) {
@@ -290,7 +279,7 @@ static int _dns_server_process_answer_HTTPS(struct dns_rrs *rrs, struct dns_requ
 		} break;
 		case DNS_HTTPS_T_IPV4HINT: {
 			struct dns_rule_address_IPV4 *address_ipv4 = NULL;
-			if (_dns_server_is_return_soa_qtype(request, DNS_T_A) || no_ipv4 == 1) {
+			if (_dns_server_is_return_soa_qtype(request, DNS_T_A) || (https_record_rule && https_record_rule->filter.no_ipv4hint)) {
 				break;
 			}
 
@@ -311,6 +300,10 @@ static int _dns_server_process_answer_HTTPS(struct dns_rrs *rrs, struct dns_requ
 			}
 		} break;
 		case DNS_HTTPS_T_ECH: {
+			if (https_record_rule && https_record_rule->filter.no_ech) {
+				break;
+			}
+
 			if (p->len > sizeof(https_svcb->ech)) {
 				tlog(TLOG_WARN, "ech too long");
 				break;
@@ -321,7 +314,7 @@ static int _dns_server_process_answer_HTTPS(struct dns_rrs *rrs, struct dns_requ
 		case DNS_HTTPS_T_IPV6HINT: {
 			struct dns_rule_address_IPV6 *address_ipv6 = NULL;
 
-			if (_dns_server_is_return_soa_qtype(request, DNS_T_AAAA) || no_ipv6 == 1) {
+			if (_dns_server_is_return_soa_qtype(request, DNS_T_AAAA) || (https_record_rule && https_record_rule->filter.no_ipv6hint)) {
 				break;
 			}
 

src/include/smartdns/dns_conf.h

@@ -312,6 +312,7 @@ struct dns_https_record {
 struct dns_https_filter {
 	int no_ipv4hint;
 	int no_ipv6hint;
+	int no_ech;
 };
 
 struct dns_https_record_rule {

test/cases/test-https.cc

@@ -427,7 +427,7 @@ server 127.0.0.1:61053
 log-console yes
 dualstack-ip-selection no
 force-qtype-SOA 65
-https-record /a.com/noipv4hint,noipv6hint
+https-record /a.com/noipv4hint,noipv6hint,noech
 log-level debug
 cache-persist no)""");
 	smartdns::Client client;
@@ -451,7 +451,7 @@ cache-persist no)""");
 	EXPECT_EQ(client.GetStatus(), "NOERROR");
 	EXPECT_EQ(client.GetAnswer()[0].GetName(), "a.com");
 	EXPECT_EQ(client.GetAnswer()[0].GetType(), "HTTPS");
-	EXPECT_EQ(client.GetAnswer()[0].GetData(), "1 a.com. alpn=\"h2,h3-19\" port=443 ech=AEX+DQA=");
+	EXPECT_EQ(client.GetAnswer()[0].GetData(), "1 a.com. alpn=\"h2,h3-19\" port=443");
 }
 
 TEST_F(HTTPS, HTTPS_DOMAIN_RULE_IGN)
@@ -659,7 +659,7 @@ TEST_F(HTTPS, multi_not_support)
 server 127.0.0.1:61053
 log-console yes
 dualstack-ip-selection no
-https-record noipv4hint,noipv6hint
+https-record noipv4hint,noipv6hint,noech
 log-level debug
 cache-persist no)""");
 	smartdns::Client client;