diff --git a/lib/isc/include/isc/netmgr.h b/lib/isc/include/isc/netmgr.h index 8388b0a51c..f662421a55 100644 --- a/lib/isc/include/isc/netmgr.h +++ b/lib/isc/include/isc/netmgr.h @@ -502,6 +502,17 @@ isc_nm_tlsdnsconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer, bool isc_nm_is_tlsdns_handle(isc_nmhandle_t *handle); +/*%< + * Returns 'true' iff 'handle' is associated with a socket of type + * 'isc_nm_tlsdnssocket'. + */ + +bool +isc_nm_is_http_handle(isc_nmhandle_t *handle); +/*%< + * Returns 'true' iff 'handle' is associated with a socket of type + * 'isc_nm_httpsocket'. + */ #if HAVE_LIBNGHTTP2 @@ -578,11 +589,12 @@ isc_nm_http_endpoints_detach(isc_nm_http_endpoints_t **restrict epsp); * isc_nm_http_endpoints_t object. */ -bool -isc_nm_is_http_handle(isc_nmhandle_t *handle); - bool isc_nm_http_path_isvalid(const char *path); +/*%< + * Returns 'true' if 'path' matches the format requirements for + * the path component of a URI as defined in RFC 3986 section 3.3. + */ void isc_nm_http_makeuri(const bool https, const isc_sockaddr_t *sa, diff --git a/lib/isc/netmgr/http.c b/lib/isc/netmgr/http.c index 1056bdc093..776f0e2b77 100644 --- a/lib/isc/netmgr/http.c +++ b/lib/isc/netmgr/http.c @@ -2847,14 +2847,6 @@ failed_read_cb(isc_result_t result, isc_nm_http_session_t *session) { } } -bool -isc_nm_is_http_handle(isc_nmhandle_t *handle) { - REQUIRE(VALID_NMHANDLE(handle)); - REQUIRE(VALID_NMSOCK(handle->sock)); - - return (handle->sock->type == isc_nm_httpsocket); -} - void isc__nm_http_set_maxage(isc_nmhandle_t *handle, const uint32_t ttl) { isc_nm_http_session_t *session; diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c index 0c727a7bf7..e2d57f0ac1 100644 --- a/lib/isc/netmgr/netmgr.c +++ b/lib/isc/netmgr/netmgr.c @@ -3456,14 +3456,26 @@ isc_nm_is_tlsdns_handle(isc_nmhandle_t *handle) { return (handle->sock->type == isc_nm_tlsdnssocket); } +bool +isc_nm_is_http_handle(isc_nmhandle_t *handle) { + REQUIRE(VALID_NMHANDLE(handle)); + REQUIRE(VALID_NMSOCK(handle->sock)); + + return (handle->sock->type == isc_nm_httpsocket); +} + void isc_nm_set_maxage(isc_nmhandle_t *handle, const uint32_t ttl) { - isc_nmsocket_t *sock; + isc_nmsocket_t *sock = NULL; REQUIRE(VALID_NMHANDLE(handle)); REQUIRE(VALID_NMSOCK(handle->sock)); REQUIRE(!atomic_load(&handle->sock->client)); +#if !HAVE_LIBNGHTTP2 + UNUSED(ttl); +#endif + sock = handle->sock; switch (sock->type) { #if HAVE_LIBNGHTTP2 diff --git a/lib/ns/query.c b/lib/ns/query.c index 1c942ebce6..7470def2c4 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -12034,32 +12034,33 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { break; /* Let the query logic handle it. */ case dns_rdatatype_ixfr: case dns_rdatatype_axfr: -#if HAVE_LIBNGHTTP2 if (isc_nm_is_http_handle(handle)) { - /* We cannot use DoH for zone transfers. - * According to RFC8484 a DoH request contains + /* + * We cannot use DoH for zone transfers. + * According to RFC 8484 a DoH request contains * exactly one DNS message (see Section 6: * Definition of the "application/dns-message" - * Media Type, - * https://datatracker.ietf.org/doc/html/rfc8484#section-6). + * Media Type). + * * This makes DoH unsuitable for zone transfers * as often (and usually!) these need more than * one DNS message, especially for larger zones. * As zone transfers over DoH are not (yet) - * standardised, nor discussed in the RFC8484, + * standardised, nor discussed in RFC 8484, * the best thing we can do is to return "not - * implemented". */ + * implemented". + */ query_error(client, DNS_R_NOTIMP, __LINE__); return; } -#endif if (isc_nm_is_tlsdns_handle(handle) && !isc_nm_xfr_allowed(handle)) { - /* Currently this code is here for DoT, which + /* + * Currently this code is here for DoT, which * has more complex requirements for zone - * transfers compared to - * other stream protocols. See RFC9103 for - * the details. */ + * transfers compared to other stream + * protocols. See RFC 9103 for details. + */ query_error(client, DNS_R_REFUSED, __LINE__); return; }