From 9bd1c5ff209096aa3257e117991b4ac35db815e5 Mon Sep 17 00:00:00 2001
From: Simone Basso <bassosimone@gmail.com>
Date: Mon, 29 Aug 2022 00:06:57 +0200
Subject: [PATCH] fix(oohelperd): refuse to measure bogons (#898)

See the explanatory newly-added comment for more information.

Closes https://github.com/ooni/probe/issues/2064
---
 internal/cmd/oohelperd/main.go | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/internal/cmd/oohelperd/main.go b/internal/cmd/oohelperd/main.go
index f0b2ca5..8760f09 100644
--- a/internal/cmd/oohelperd/main.go
+++ b/internal/cmd/oohelperd/main.go
@@ -61,7 +61,25 @@ func main() {
 		Indexer:           &atomicx.Int64{},
 		MaxAcceptableBody: maxAcceptableBody,
 		NewClient: func(logger model.Logger) model.HTTPClient {
-			return netxlite.NewHTTPClientWithResolver(logger, newResolver(logger))
+			// If the DoH resolver we're using insists that a given domain maps to
+			// bogons, make sure we're going to fail the HTTP measurement.
+			//
+			// The TCP measurements scheduler in ipinfo.go will also refuse to
+			// schedule TCP measurements for bogons.
+			//
+			// While this seems theoretical, as of 2022-08-28, I see:
+			//
+			//     % host polito.it
+			//     polito.it has address 192.168.59.6
+			//     polito.it has address 192.168.40.1
+			//     polito.it mail is handled by 10 mx.polito.it.
+			//
+			// So, it's better to consider this as a possible corner case.
+			reso := netxlite.MaybeWrapWithBogonResolver(
+				true, // enabled
+				newResolver(logger),
+			)
+			return netxlite.NewHTTPClientWithResolver(logger, reso)
 		},
 		NewDialer: func(logger model.Logger) model.Dialer {
 			return netxlite.NewDialerWithResolver(logger, newResolver(logger))