blockcheck: support URIs, support disabling HEAD for https

blockcheck.sh

@@ -247,7 +247,7 @@ mdig_vars()
 	# $1 - ip version 4/6
 	# $2 - hostname
 
-	hostvar=$(echo $2 | sed -e 's/[\.-]/_/g')
+	hostvar=$(echo $2 | sed -e 's/[\.-/?&#@%*$^~=!()]/_/g')
 	cachevar=DNSCACHE_${hostvar}_$1
 	countvar=${cachevar}_COUNT
 	eval count=\$${countvar}
@@ -278,17 +278,18 @@ mdig_cache()
 mdig_resolve()
 {
 	# $1 - ip version 4/6
-	# $2 - hostname
+	# $2 - hostname, possibly with uri : rutracker.org/xxx/xxxx
+	local hostvar cachevar countvar count ip n sdom
 
-	local hostvar cachevar countvar count ip n
+	split_by_separator "$2" / sdom
-	mdig_vars "$@"
+	mdig_vars "$1" "$sdom"
 	if [ -n "$count" ]; then
 		n=$(random 0 $(($count-1)))
 		eval ip=\$${cachevar}_$n
 		echo $ip
 		return 0
 	else
-		mdig_cache "$@" && mdig_resolve "$@"
+		mdig_cache "$1" "$sdom" && mdig_resolve "$1" "$sdom"
 	fi
 }
 mdig_resolve_all()
@@ -297,7 +298,9 @@ mdig_resolve_all()
 	# $2 - hostname
 
 	local hostvar cachevar countvar count ip ips n
-	mdig_vars "$@"
+
+	split_by_separator "$2" / sdom
+	mdig_vars "$1" "$sdom"
 	if [ -n "$count" ]; then
 		n=0
 		while [ "$n" -le $count ]; do
@@ -312,7 +315,7 @@ mdig_resolve_all()
 		echo "$ips"
 		return 0
 	else
-		mdig_cache "$@" && mdig_resolve_all "$@"
+		mdig_cache "$1" "$sdom" && mdig_resolve_all "$1" "$sdom"
 	fi
 }
 
@@ -645,15 +648,16 @@ hdrfile_location()
 curl_with_subst_ip()
 {
 	# $1 - domain
-	# $2 - port
+	# $2 - uri
-	# $3 - ip
+	# $3 - port
-	# $4+ - curl params
+	# $4 - ip
-	local ip="$3"
+	# $5+ - curl params
+	local ip="$4"
 	case "$ip" in
 		*:*) ip="[$ip]" ;;
 	esac
-	local connect_to="--connect-to $1::$ip${2:+:$2}" arg
+	local connect_to="--connect-to $1::$ip${3:+:$3}" arg
-	shift ; shift ; shift
+	shift ; shift ; shift; shift
 	[ "$CURL_VERBOSE" = 1 ] && arg="-v"
 	[ "$CURL_CMD" = 1 ] && echo $CURL ${arg:+$arg }$connect_to "$@"
 	ALL_PROXY="$ALL_PROXY" $CURL ${arg:+$arg }$connect_to "$@"
@@ -665,10 +669,13 @@ curl_with_dig()
 	# $3 - port
 	# $4+ - curl params
 	local dom=$2 port=$3
-	local ip=$(mdig_resolve $1 $dom)
+	local sdom suri ip
+
+	split_by_separator "$dom" / sdom suri
+	ip=$(mdig_resolve $1 $sdom)
 	shift ; shift ; shift
 	if [ -n "$ip" ]; then
-		curl_with_subst_ip $dom $port $ip "$@"
+		curl_with_subst_ip "$sdom" "$suri" $port $ip "$@"
 	else
 		return 6
 	fi
@@ -731,7 +738,7 @@ curl_test_https_tls12()
 	# $3 - subst ip
 
 	# do not use tls 1.3 to make sure server certificate is not encrypted
-	curl_probe $1 $2 $HTTPS_PORT "$3" -ISs -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.2 $TLSMAX12 "https://$2" -o /dev/null 2>&1
+	curl_probe $1 $2 $HTTPS_PORT "$3" $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.2 $TLSMAX12 "https://$2" -o /dev/null 2>&1
 }
 curl_test_https_tls13()
 {
@@ -740,7 +747,7 @@ curl_test_https_tls13()
 	# $3 - subst ip
 
 	# force TLS1.3 mode
-	curl_probe $1 $2 $HTTPS_PORT "$3" -ISs -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.3 $TLSMAX13 "https://$2" -o /dev/null 2>&1
+	curl_probe $1 $2 $HTTPS_PORT "$3" $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME $CURL_OPT --tlsv1.3 $TLSMAX13 "https://$2" -o /dev/null 2>&1
 }
 
 curl_test_http3()
@@ -749,7 +756,7 @@ curl_test_http3()
 	# $2 - domain name
 
 	# force QUIC only mode without tcp
-	curl_with_dig $1 $2 $QUIC_PORT -ISs -A "$USER_AGENT" --max-time $CURL_MAX_TIME_QUIC --http3-only $CURL_OPT "https://$2" -o /dev/null 2>&1
+	curl_with_dig $1 $2 $QUIC_PORT $HTTPS_HEAD -Ss -A "$USER_AGENT" --max-time $CURL_MAX_TIME_QUIC --http3-only $CURL_OPT "https://$2" -o /dev/null 2>&1
 }
 
 ipt_aux_scheme()
@@ -1857,6 +1864,9 @@ configure_curl_opt()
 	curl_supports_tls13 && TLS13=1
 	HTTP3=
 	curl_supports_http3 && HTTP3=1
+
+	HTTPS_HEAD=-I
+	[ "$CURL_HTTPS_GET" = 1 ] && HTTPS_HEAD=
 }
 
 linux_ipv6_defrag_can_be_disabled()
@@ -1925,7 +1935,7 @@ ask_params()
 	[ -n "$DOMAINS" ] || {
 		DOMAINS="$DOMAINS_DEFAULT"
 		[ "$BATCH" = 1 ] || {
-			echo "specify domain(s) to test. multiple domains are space separated."
+			echo "specify domain(s) to test. multiple domains are space separated. URIs are supported (rutracker.org/forum/index.php)"
 			printf "domain(s) (default: $DOMAINS) : "
 			read dom
 			[ -n "$dom" ] && DOMAINS="$dom"
@@ -2268,7 +2278,6 @@ sigsilent()
 	exit 1
 }
 
-
 fsleep_setup
 fix_sbin_path
 check_system

common/base.sh

@@ -93,6 +93,18 @@ trim()
 {
 	awk '{gsub(/^ +| +$/,"")}1'
 }
+split_by_separator()
+{
+	# $1 - string
+	# $2 - separator
+	# $3 - var name to get "before" part
+	# $4 - var name to get "after" part
+	local before="${1%%$2*}"
+	local after="${1#*$2}"
+	[ "$after" = "$1" ] && after=
+	[ -n "$3" ] && eval $3="\$before"
+	[ -n "$4" ] && eval $4="\$after"
+}
 
 dir_is_not_empty()
 {

docs/changes.txt

@@ -568,3 +568,7 @@ nfqws: --wssize-forced-cutoff
 nfqws: --orig-tcp-flags, --dup-tcp-flags, --dpi-desync-tcp-flags
 nfqws: --dup-ip-id
 
+73.3
+
+blockcheck: support URIs
+blockcheck: CURL_HTTPS_GET=1 suppresses -I curl option for https (HEAD -> GET)

docs/readme.md

@@ -1,4 +1,4 @@
-# zapret v72.2
+# zapret v72.3
 
 # ВНИМАНИЕ, остерегайтесь мошенников
 
@@ -1816,6 +1816,7 @@ CURL_MAX_TIME_QUIC - время таймаута curl для quic. если не
 CURL_MAX_TIME_DOH - время таймаута curl для DoH серверов
 CURL_CMD=1 - показывать команды curl
 CURL_OPT - дополнительные параметры curl. `-k` - игнор сертификатов. `-v` - подробный вывод протокола
+CURL_HTTPS_GET=1 - использовать метод GET вместо HEAD для https
 DOMAINS - список тестируемых доменов через пробел
 IPVS=4|6|46 - тестируемые версии ip протокола
 ENABLE_HTTP=0|1 - включить тест plain http