Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0434e4fe authored by Mike Yu's avatar Mike Yu Committed by Automerger Merge Worker
Browse files

Drop the dependency of Fwmark am: d5389f15 

Change-Id: I1526f6465f308aa746a97ed01f04116df3af9505
parents 931e609a d5389f15

DnsTlsDispatcher.cpp

+4 −0
Original line number Diff line number Diff line
@@ -147,6 +147,10 @@ DnsTlsTransport::Response DnsTlsDispatcher::query(const DnsTlsServer& server, un 
                                                  const Slice query, const Slice ans, int* resplen,

                                                  bool* connectTriggered) {

    int connectCounter;



    // TODO: This can cause the resolver to create multiple connections to the same DoT server

    // merely due to different mark, such as the bit explicitlySelected unset.

    // See if we can save them and just create one connection for one DoT server.

    const Key key = std::make_pair(mark, server);

    Transport* xport;

    {

ResolverController.cpp

+9 −9
Original line number Diff line number Diff line
@@ -24,7 +24,6 @@ 


#include <netdb.h>



#include <Fwmark.h>

#include <aidl/android/net/IDnsResolver.h>

#include <android-base/logging.h>

#include <android-base/strings.h>
@@ -202,21 +201,22 @@ int ResolverController::flushNetworkCache(unsigned netId) { 
int ResolverController::setResolverConfiguration(const ResolverParamsParcel& resolverParams) {

    using aidl::android::net::IDnsResolver;



    // At private DNS validation time, we only know the netId, so we have to guess/compute the

    // corresponding socket mark.

    Fwmark fwmark;

    fwmark.netId = resolverParams.netId;

    fwmark.explicitlySelected = true;

    fwmark.protectedFromVpn = true;

    fwmark.permission = PERMISSION_SYSTEM;

    // Expect to get the mark with system permission.

    android_net_context netcontext;

    gResNetdCallbacks.get_network_context(resolverParams.netId, 0 /* uid */, &netcontext);



    // Allow at most MAXNS private DNS servers in a network to prevent too many broken servers.

    std::vector<std::string> tlsServers = resolverParams.tlsServers;

    if (tlsServers.size() > MAXNS) {

        tlsServers.resize(MAXNS);

    }



    // Use app_mark for DoT connection. Using dns_mark might result in reaching the DoT servers

    // through a different network. For example, on a VPN with no DNS servers (Do53), if the VPN

    // applies to UID 0, dns_mark is assigned for default network rathan the VPN. (note that it's

    // possible that a VPN doesn't have any DNS servers but DoT servers in DNS strict mode)

    const int err =

            gPrivateDnsConfiguration.set(resolverParams.netId, fwmark.intValue, tlsServers,

            gPrivateDnsConfiguration.set(resolverParams.netId, netcontext.app_mark, tlsServers,

                                         resolverParams.tlsName, resolverParams.caCertificate);



    if (err != 0) {