diff --git a/app/src/main/jni/netguard/dns.c b/app/src/main/jni/netguard/dns.c index 585e2856..b61927de 100644 --- a/app/src/main/jni/netguard/dns.c +++ b/app/src/main/jni/netguard/dns.c @@ -120,6 +120,7 @@ void parse_dns_response(const struct arguments *args, const struct ng_session *s } } + short svcb = 0; int32_t aoff = off; for (int a = 0; a < acount; a++) { off = get_qname(data, *datalen, (uint16_t) off, name); @@ -151,7 +152,12 @@ void parse_dns_response(const struct arguments *args, const struct ng_session *s log_android(ANDROID_LOG_DEBUG, "DNS answer %d qname %s qtype %d ttl %d data %s", a, name, qtype, ttl, rd); - + } else if (qclass == DNS_QCLASS_IN && + (qtype == DNS_SVCB || qtype == DNS_HTTPS)) { + // https://tools.ietf.org/id/draft-ietf-dnsop-svcb-https-01.html + svcb = 1; + log_android(ANDROID_LOG_WARN, + "SVCB answer %d qname %s qtype %d", a, name, qtype); } else log_android(ANDROID_LOG_DEBUG, "DNS answer %d qname %s qclass %d qtype %d ttl %d length %d", @@ -171,7 +177,8 @@ void parse_dns_response(const struct arguments *args, const struct ng_session *s } } - if (qcount > 0 && is_domain_blocked(args, qname)) { + if (qcount > 0 && + (svcb || is_domain_blocked(args, qname))) { dns->qr = 1; dns->aa = 0; dns->tc = 0; diff --git a/app/src/main/jni/netguard/netguard.h b/app/src/main/jni/netguard/netguard.h index 65139ea8..2edd4676 100644 --- a/app/src/main/jni/netguard/netguard.h +++ b/app/src/main/jni/netguard/netguard.h @@ -259,6 +259,9 @@ typedef struct pcaprec_hdr_s { #define DNS_QTYPE_A 1 // IPv4 #define DNS_QTYPE_AAAA 28 // IPv6 +#define DNS_SVCB 64 +#define DNS_HTTPS 65 + #define DNS_QNAME_MAX 255 #define DNS_TTL (10 * 60) // seconds