tryURLUpgrade connects to u, and tries to upgrade it to a net.Conn. If optAddr is valid, then no DNS is used and the connection will be made to the provided address. Only the provided ctx is used, not a.ctx.
(ctx context.Context, u *url.URL, optAddr netip.Addr, optACEHost string, init []byte)
| 403 | // |
| 404 | // Only the provided ctx is used, not a.ctx. |
| 405 | func (a *Dialer) tryURLUpgrade(ctx context.Context, u *url.URL, optAddr netip.Addr, optACEHost string, init []byte) (_ net.Conn, retErr error) { |
| 406 | var dns *dnscache.Resolver |
| 407 | |
| 408 | // If we were provided an address to dial, then create a resolver that just |
| 409 | // returns that value; otherwise, fall back to DNS. |
| 410 | if optAddr.IsValid() { |
| 411 | dns = &dnscache.Resolver{ |
| 412 | SingleHostStaticResult: []netip.Addr{optAddr}, |
| 413 | SingleHost: u.Hostname(), |
| 414 | Logf: a.Logf, // not a.logf method; we want to propagate nil-ness |
| 415 | } |
| 416 | } else { |
| 417 | dns = a.resolver() |
| 418 | } |
| 419 | |
| 420 | var dialer netx.DialFunc |
| 421 | if a.Dialer != nil { |
| 422 | dialer = a.Dialer |
| 423 | } else { |
| 424 | dialer = stdDialer.DialContext |
| 425 | } |
| 426 | |
| 427 | if optACEHost != "" { |
| 428 | if !buildfeatures.HasACE { |
| 429 | return nil, feature.ErrUnavailable |
| 430 | } |
| 431 | f, ok := HookMakeACEDialer.GetOk() |
| 432 | if !ok { |
| 433 | return nil, feature.ErrUnavailable |
| 434 | } |
| 435 | dialer = f(dialer, optACEHost, optAddr) |
| 436 | } |
| 437 | |
| 438 | // On macOS, see if Screen Time is blocking things. |
| 439 | if runtime.GOOS == "darwin" { |
| 440 | var proxydIntercepted atomic.Bool // intercepted by macOS webfilterproxyd |
| 441 | origDialer := dialer |
| 442 | dialer = func(ctx context.Context, network, address string) (net.Conn, error) { |
| 443 | c, err := origDialer(ctx, network, address) |
| 444 | if err != nil { |
| 445 | return nil, err |
| 446 | } |
| 447 | if isLoopback(c.LocalAddr()) && isLoopback(c.RemoteAddr()) { |
| 448 | proxydIntercepted.Store(true) |
| 449 | } |
| 450 | return c, nil |
| 451 | } |
| 452 | defer func() { |
| 453 | if retErr != nil && proxydIntercepted.Load() { |
| 454 | a.HealthTracker.SetUnhealthy(macOSScreenTime, nil) |
| 455 | retErr = fmt.Errorf("macOS Screen Time is blocking network access: %w", retErr) |
| 456 | } else { |
| 457 | a.HealthTracker.SetHealthy(macOSScreenTime) |
| 458 | } |
| 459 | }() |
| 460 | } |
| 461 | |
| 462 | tr := netutil.NewDefaultTransport() |
no test coverage detected