corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
current
tubestation/netwerk/base/nsIProxyInfo.idl
Manuel Bucher acacdfe55c Bug 1741375 - Proxy DNS by default when using SOCKS v5 r=necko-reviewers,extension-reviewers,kershaw,perftest-reviewers,robwu,sparky 
Initially reported and discussed in Bug 610896.

The simple solution of just flipping the pref `network.proxy.socks_remote_dns`
is risky due to potentially breaking SOCKS4 proxy users.  Proxying
DNS on SOCKS4 isn't supported.  Therefore we speak the incompatible
SOCKS4a protocol when `socks_remote_dns` is enabled, potentially
breaking users setup.

To keep backwards compatibility on SOCKS4 proxy users, that don't have
SOCKS4a support, the pref `network.proxy.socks_remote_dns` is split into
two prefs:

* `network.proxy.socks_remote_dns`: remote DNS for SOCKS4
* `network.proxy.socks5_remote_dns`: remote DNS for SOCKS5.

This way we proxy DNS by default on SOCKS5 while keeping user settings
on SOCKS4.  This is a similar approach to the one described in
[Bug 610896 comment 17].

Proxying DNS in SOCKS4 by default is desireable (See [Bug 610896 comment 11]),
but out of scope for this patch.  [Telemetry] on proxy usage by socks
version indicated that changing the default for SOCKS4 is likely break
some users setup and needs to be taken with more care.

The default values of [proxyDNS] now defaults to true for SOCKS5 proxies.
When creating nsIProxyInfo objects of SOCKS4 proxies, the default value
false is kept.  Setting proxyDNS affects both SOCKS4 and SOCKS5 proxy by
modifying both `socks_remote_dns` and `socks5_remote_dns`.  Therefore no
extension breakage is expected.

The enterprise policy can also modify the new pref
`network.proxy.socks5_remote_dns`.

Follow up bugs filed while implementing:

* Bug 1890542 - Also disable Prefetch non-manual configurations of socks
                proxy
* Bug 1890554 - Use `ProxyInfo::TRANSPARENT_PROXY_RESOLVES_HOST` flag in
                `nsHttpChannel::GetProxyDNSStrategy`
* Bug 1890549 - nsHttpChannel implementation DNS resolve strategy for
                proxies incomplete
* Bug 1893670 - Proxy DNS by default for SOCK4 proxies. Defaulting to
                SOCKS4a

[Bug 610896 comment 17]: https://bugzilla.mozilla.org/show_bug.cgi?id=610896#c17
[Bug 610896 comment 11]: https://bugzilla.mozilla.org/show_bug.cgi?id=610896#c11
[Telemetry]: https://bugzilla.mozilla.org/show_bug.cgi?id=1741375#c27
[proxyDNS]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/proxy/settings#proxydns

Differential Revision: https://phabricator.services.mozilla.com/D207532
2024-05-21 11:55:26 +00:00

114 lines
3.6 KiB
Plaintext
Raw Permalink Blame History

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
/**
* This interface identifies a proxy server.
*/
[scriptable, uuid(63fff172-2564-4138-96c6-3ae7d245fbed)]
interface nsIProxyInfo : nsISupports
{
/**
* This attribute specifies the hostname of the proxy server.
*/
readonly attribute AUTF8String host;
/**
* This attribute specifies the port number of the proxy server.
*/
readonly attribute long port;
/**
* This attribute specifies the type of the proxy server as an ASCII string.
*
* Some special values for this attribute include (but are not limited to)
* the following:
* "http" HTTP proxy (or SSL CONNECT for HTTPS)
* "https" HTTP proxying over TLS connection to proxy
* "socks" SOCKS v5 proxy
* "socks4" SOCKS v4 proxy
* "direct" no proxy
* "unknown" unknown proxy (see nsIProtocolProxyService::resolve)
*
* A future version of this interface may define additional types.
*/
readonly attribute ACString type;
/**
* This attribute specifies flags that modify the proxy type. The value of
* this attribute is the bit-wise combination of the Proxy Flags defined
* below. Any undefined bits are reserved for future use.
*/
readonly attribute unsigned long flags;
/**
* This attribute specifies flags that were used by nsIProxyProtocolService when
* creating this ProxyInfo element.
*/
readonly attribute unsigned long resolveFlags;
/**
* Specifies a proxy username.
*/
readonly attribute ACString username;
/**
* Specifies a proxy password.
*/
readonly attribute ACString password;
/**
* This attribute specifies the failover timeout in seconds for this proxy.
* If a nsIProxyInfo is reported as failed via nsIProtocolProxyService::
* getFailoverForProxy, then the failed proxy will not be used again for this
* many seconds.
*/
readonly attribute unsigned long failoverTimeout;
/**
* This attribute specifies the proxy to failover to when this proxy fails.
*/
attribute nsIProxyInfo failoverProxy;
/**
* Specifies an ID related to the source of this proxy configuration. If
* it is created in response to an extension API, it will be the extension ID.
*/
attribute ACString sourceId;
/**
* Any non-empty value will be passed directly as Proxy-Authorization header
* value for the CONNECT request attempt. However, this header set on the
* resource request itself takes precedence.
*/
readonly attribute ACString proxyAuthorizationHeader;
/**
* An optional key used for additional isolation of this proxy connection.
*/
readonly attribute ACString connectionIsolationKey;
/**
* The following two constants can be used to compare against
* network.proxy.socks_version
*/
const unsigned short SOCKS_V4 = 4;
const unsigned short SOCKS_V5 = 5;
/****************************************************************************
* The following "Proxy Flags" may be bit-wise combined to construct the
* flags attribute defined on this interface. All unspecified bits are
* reserved for future use.
*/
/**
* This flag is set if the proxy is to perform name resolution itself. If
* this is the case, the hostname is used in some fashion, and we shouldn't
* do any form of DNS lookup ourselves.
*/
const unsigned short TRANSPARENT_PROXY_RESOLVES_HOST = 1 << 0;
};
Reference in New Issue View Git Blame Copy Permalink