From c453ec8380cd10de27fca8d8f0cbfd50058890db Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 19 Jun 2023 10:47:39 +0200
Subject: Adding upstream version 2.13.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/dnsperf.1.in | 7 +++++++
 src/dnsperf.c    | 7 +++++++
 src/net.c        | 2 ++
 src/net.h        | 2 ++
 src/net_doh.c    | 3 +++
 src/net_dot.c    | 3 +++
 src/resperf.c    | 7 +++++++
 7 files changed, 31 insertions(+)

(limited to 'src')

diff --git a/src/dnsperf.1.in b/src/dnsperf.1.in
index 76b694e..6c699fe 100644
--- a/src/dnsperf.1.in
+++ b/src/dnsperf.1.in
@@ -441,6 +441,13 @@ The HTTP method to use when querying with DNS-over-HTTPS, default is GET.
 Available methods are: GET, POST.
 .RE
 
+\fBtls-sni=\fISERVER_NAME\fR
+.br
+.RS
+The Server Name Indication (SNI) to use for TLS connections (such as DNS-over-TLS or DNS-over-HTTPS),
+defaults to leaving out the SNI extension in the client hello.
+.RE
+
 \fBsuppress=\fIMESSAGE[,MESSAGE,...]\fR
 .br
 .RS
diff --git a/src/dnsperf.c b/src/dnsperf.c
index 02bdd2c..cca4710 100644
--- a/src/dnsperf.c
+++ b/src/dnsperf.c
@@ -587,6 +587,7 @@ setup(int argc, char** argv, config_t* config)
     const char* doh_uri        = DEFAULT_DOH_URI;
     const char* doh_method     = DEFAULT_DOH_METHOD;
     const char* local_suppress = 0;
+    const char* tls_sni        = 0;
 
     memset(config, 0, sizeof(*config));
     config->argc = argc;
@@ -681,6 +682,8 @@ setup(int argc, char** argv, config_t* config)
 #endif
     perf_long_opt_add("qps-threshold-wait", perf_opt_zpint, "microseconds",
         "minimum threshold for enabling wait in rate limiting", stringify(config->qps_threshold_wait), &config->qps_threshold_wait);
+    perf_long_opt_add("tls-sni", perf_opt_string, "tls_sni",
+        "the TLS SNI to use for TLS connections", NULL, &tls_sni);
 
     bool log_stdout = false;
     perf_opt_add('W', perf_opt_boolean, NULL, "log warnings and errors to stdout instead of stderr", NULL, &log_stdout);
@@ -710,6 +713,10 @@ setup(int argc, char** argv, config_t* config)
         }
     }
 
+    if (tls_sni) {
+        perf_net_tls_sni = tls_sni;
+    }
+
     if (doh_uri) {
         perf_net_doh_parse_uri(doh_uri);
     }
diff --git a/src/net.c b/src/net.c
index 89e75e0..bb29661 100644
--- a/src/net.c
+++ b/src/net.c
@@ -31,6 +31,8 @@
 #include <netdb.h>
 #include <arpa/inet.h>
 
+const char* perf_net_tls_sni = 0;
+
 enum perf_net_mode perf_net_parsemode(const char* mode)
 {
     if (!strcmp(mode, "udp")) {
diff --git a/src/net.h b/src/net.h
index 1624be6..56de624 100644
--- a/src/net.h
+++ b/src/net.h
@@ -184,4 +184,6 @@ void perf_net_doh_stats_init();
 void perf_net_doh_stats_compile(struct perf_net_socket*);
 void perf_net_doh_stats_print();
 
+extern const char* perf_net_tls_sni;
+
 #endif
diff --git a/src/net_doh.c b/src/net_doh.c
index 2caeab8..56fd7ef 100644
--- a/src/net_doh.c
+++ b/src/net_doh.c
@@ -184,6 +184,9 @@ static void perf__doh_connect(struct perf_net_socket* sock)
     if (!(self->ssl = SSL_new(ssl_ctx))) {
         perf_log_fatal("SSL_new(): %s", ERR_error_string(ERR_get_error(), 0));
     }
+    if (perf_net_tls_sni && !(ret = SSL_set_tlsext_host_name(self->ssl, perf_net_tls_sni))) {
+        perf_log_fatal("SSL_set_tlsext_host_name(): %s", ERR_error_string(SSL_get_error(self->ssl, ret), 0));
+    }
     if (!(ret = SSL_set_fd(self->ssl, sock->fd))) {
         perf_log_fatal("SSL_set_fd(): %s", ERR_error_string(SSL_get_error(self->ssl, ret), 0));
     }
diff --git a/src/net_dot.c b/src/net_dot.c
index 02b54e4..c2985a3 100644
--- a/src/net_dot.c
+++ b/src/net_dot.c
@@ -82,6 +82,9 @@ static void perf__dot_connect(struct perf_net_socket* sock)
     if (!(self->ssl = SSL_new(ssl_ctx))) {
         perf_log_fatal("SSL_new(): %s", ERR_error_string(ERR_get_error(), 0));
     }
+    if (perf_net_tls_sni && !(ret = SSL_set_tlsext_host_name(self->ssl, perf_net_tls_sni))) {
+        perf_log_fatal("SSL_set_tlsext_host_name(): %s", ERR_error_string(SSL_get_error(self->ssl, ret), 0));
+    }
     if (!(ret = SSL_set_fd(self->ssl, sock->fd))) {
         perf_log_fatal("SSL_set_fd(): %s", ERR_error_string(SSL_get_error(self->ssl, ret), 0));
     }
diff --git a/src/resperf.c b/src/resperf.c
index ae4f9cd..031d751 100644
--- a/src/resperf.c
+++ b/src/resperf.c
@@ -253,6 +253,7 @@ static void setup(int argc, char** argv)
     const char*  edns_option_str = NULL;
     const char*  doh_uri         = DEFAULT_DOH_URI;
     const char*  doh_method      = DEFAULT_DOH_METHOD;
+    const char*  tls_sni         = 0;
     const char*  local_suppress  = 0;
 
     size_t num_queries_per_conn = 0;
@@ -337,6 +338,8 @@ static void setup(int argc, char** argv)
         "the URI to use for DNS-over-HTTPS", DEFAULT_DOH_URI, &doh_uri);
     perf_long_opt_add("doh-method", perf_opt_string, "doh_method",
         "the HTTP method to use for DNS-over-HTTPS: GET or POST", DEFAULT_DOH_METHOD, &doh_method);
+    perf_long_opt_add("tls-sni", perf_opt_string, "tls_sni",
+        "the TLS SNI to use for TLS connections", NULL, &tls_sni);
     perf_long_opt_add("suppress", perf_opt_string, "message[,message,...]",
         "suppress messages/warnings, see dnsperf(1) man-page for list of message types", NULL, &local_suppress);
     perf_long_opt_add("num-queries-per-conn", perf_opt_uint, "queries",
@@ -367,6 +370,10 @@ static void setup(int argc, char** argv)
         }
     }
 
+    if (tls_sni) {
+        perf_net_tls_sni = tls_sni;
+    }
+
     if (doh_uri) {
         perf_net_doh_parse_uri(doh_uri);
     }
-- 
cgit v1.2.3