Add: dns leak detection

crates/wtfnet-http/src/lib.rs

@@ -148,7 +148,11 @@ pub async fn request(url: &str, opts: HttpRequestOptions) -> Result<HttpReport,
                     });
                 }
                 Err(err) => {
-                    warnings.push(format!("http3 failed: {err}"));
+                    let err_string = err.to_string();
+                    let category = classify_http3_error(&err_string);
+                    warnings.push(format!(
+                        "http3 failed (category={category}): {err_string}"
+                    ));
                     if opts.http3_only {
                         return Err(err);
                     }
@@ -410,6 +414,37 @@ fn build_tls_connector() -> Result<TlsConnector, HttpError> {
     Ok(TlsConnector::from(Arc::new(config)))
 }
 
+#[cfg(feature = "http3")]
+fn classify_http3_error(message: &str) -> &'static str {
+    let message = message.to_ascii_lowercase();
+    if message.contains("timeout") || message.contains("timed out") {
+        return "timeout";
+    }
+    if message.contains("no resolved ips") || message.contains("no addresses resolved") {
+        return "resolve";
+    }
+    if message.contains("udp") && message.contains("blocked") {
+        return "udp_blocked";
+    }
+    if message.contains("quic") || message.contains("connection refused") {
+        return "connect";
+    }
+    if message.contains("alpn") || message.contains("application protocol") {
+        return "alpn";
+    }
+    if message.contains("tls")
+        || message.contains("certificate")
+        || message.contains("crypto")
+        || message.contains("handshake")
+    {
+        return "tls";
+    }
+    if message.contains("permission denied") || message.contains("access is denied") {
+        return "permission";
+    }
+    "unknown"
+}
+
 #[cfg(feature = "http3")]
 async fn http3_request(
     url: &str,