Loading DnsTlsServer.h +3 −1 Original line number Diff line number Diff line Loading @@ -62,7 +62,9 @@ struct DnsTlsServer { // The time to wait for the attempt on connecting to the server. // Set the default value 127 seconds to be consistent with TCP connect timeout. // (presume net.ipv4.tcp_syn_retries = 6) std::chrono::milliseconds connectTimeout = std::chrono::milliseconds(127 * 1000); std::chrono::milliseconds connectTimeout = std::chrono::milliseconds(kDotConnectTimeoutMs); static constexpr int kDotConnectTimeoutMs = 127 * 1000; // Exact comparison of DnsTlsServer objects bool operator<(const DnsTlsServer& other) const; Loading PrivateDnsConfiguration.cpp +21 −13 Original line number Diff line number Diff line Loading @@ -19,9 +19,11 @@ #include "PrivateDnsConfiguration.h" #include <android-base/logging.h> #include <android-base/parseint.h> #include <android-base/stringprintf.h> #include <netdb.h> #include <netdutils/ThreadUtil.h> #include <server_configurable_flags/get_flags.h> #include <sys/socket.h> #include "DnsTlsTransport.h" Loading @@ -30,11 +32,23 @@ #include "netdutils/BackoffSequence.h" #include "resolv_cache.h" using android::base::ParseInt; using server_configurable_flags::GetServerConfigurableFlag; using std::chrono::milliseconds; namespace android { namespace net { namespace { milliseconds getTimeoutFromExperimentFlag(const std::string& flagName, const int defaultValue) { int val = defaultValue; ParseInt(GetServerConfigurableFlag("netd_native", flagName, ""), &val); return (val < 1000) ? milliseconds(1000) : milliseconds(val); } } // namespace std::string addrToString(const sockaddr_storage* addr) { char out[INET6_ADDRSTRLEN] = {0}; getnameinfo((const sockaddr*) addr, sizeof(sockaddr_storage), out, INET6_ADDRSTRLEN, nullptr, 0, Loading Loading @@ -62,30 +76,24 @@ bool parseServer(const char* server, sockaddr_storage* parsed) { int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers, const std::string& name, const std::string& caCert, int32_t connectTimeoutMs) { const std::string& caCert) { LOG(DEBUG) << "PrivateDnsConfiguration::set(" << netId << ", 0x" << std::hex << mark << std::dec << ", " << servers.size() << ", " << name << ", " << connectTimeoutMs << "ms)"; << ", " << servers.size() << ", " << name << ")"; // Parse the list of servers that has been passed in std::set<DnsTlsServer> tlsServers; for (size_t i = 0; i < servers.size(); ++i) { for (const auto& s : servers) { sockaddr_storage parsed; if (!parseServer(servers[i].c_str(), &parsed)) { if (!parseServer(s.c_str(), &parsed)) { return -EINVAL; } DnsTlsServer server(parsed); server.name = name; server.certificate = caCert; // connectTimeoutMs = 0: use the default timeout value. // connectTimeoutMs < 0: invalid timeout value. if (connectTimeoutMs > 0) { // Set a specific timeout value but limit it to be at least 1 second. server.connectTimeout = (connectTimeoutMs < 1000) ? milliseconds(1000) : milliseconds(connectTimeoutMs); } server.connectTimeout = getTimeoutFromExperimentFlag("dot_connect_timeout_ms", DnsTlsServer::kDotConnectTimeoutMs); tlsServers.insert(server); LOG(DEBUG) << "Set DoT connect timeout " << server.connectTimeout.count() << "ms for " << s; } std::lock_guard guard(mPrivateDnsLock); Loading PrivateDnsConfiguration.h +1 −2 Original line number Diff line number Diff line Loading @@ -53,8 +53,7 @@ struct PrivateDnsStatus { class PrivateDnsConfiguration { public: int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers, const std::string& name, const std::string& caCert, int32_t connectTimeoutMs) EXCLUDES(mPrivateDnsLock); const std::string& name, const std::string& caCert) EXCLUDES(mPrivateDnsLock); PrivateDnsStatus getStatus(unsigned netId) EXCLUDES(mPrivateDnsLock); Loading ResolverController.cpp +3 −3 Original line number Diff line number Diff line Loading @@ -210,9 +210,9 @@ int ResolverController::setResolverConfiguration(const ResolverParamsParcel& res if (tlsServers.size() > MAXNS) { tlsServers.resize(MAXNS); } const int err = gPrivateDnsConfiguration.set( resolverParams.netId, fwmark.intValue, tlsServers, resolverParams.tlsName, resolverParams.caCertificate, resolverParams.tlsConnectTimeoutMs); const int err = gPrivateDnsConfiguration.set(resolverParams.netId, fwmark.intValue, tlsServers, resolverParams.tlsName, resolverParams.caCertificate); if (err != 0) { return err; Loading binder/android/net/ResolverParamsParcel.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,8 @@ parcelable ResolverParamsParcel { /** * The timeout for the connection attempt to a Private DNS server. * It's initialized to 0 to use the predefined default value. * Setting a non-zero value to it takes no effect anymore. The timeout is configurable only * by the experiement flag. */ int tlsConnectTimeoutMs = 0; } Loading
DnsTlsServer.h +3 −1 Original line number Diff line number Diff line Loading @@ -62,7 +62,9 @@ struct DnsTlsServer { // The time to wait for the attempt on connecting to the server. // Set the default value 127 seconds to be consistent with TCP connect timeout. // (presume net.ipv4.tcp_syn_retries = 6) std::chrono::milliseconds connectTimeout = std::chrono::milliseconds(127 * 1000); std::chrono::milliseconds connectTimeout = std::chrono::milliseconds(kDotConnectTimeoutMs); static constexpr int kDotConnectTimeoutMs = 127 * 1000; // Exact comparison of DnsTlsServer objects bool operator<(const DnsTlsServer& other) const; Loading
PrivateDnsConfiguration.cpp +21 −13 Original line number Diff line number Diff line Loading @@ -19,9 +19,11 @@ #include "PrivateDnsConfiguration.h" #include <android-base/logging.h> #include <android-base/parseint.h> #include <android-base/stringprintf.h> #include <netdb.h> #include <netdutils/ThreadUtil.h> #include <server_configurable_flags/get_flags.h> #include <sys/socket.h> #include "DnsTlsTransport.h" Loading @@ -30,11 +32,23 @@ #include "netdutils/BackoffSequence.h" #include "resolv_cache.h" using android::base::ParseInt; using server_configurable_flags::GetServerConfigurableFlag; using std::chrono::milliseconds; namespace android { namespace net { namespace { milliseconds getTimeoutFromExperimentFlag(const std::string& flagName, const int defaultValue) { int val = defaultValue; ParseInt(GetServerConfigurableFlag("netd_native", flagName, ""), &val); return (val < 1000) ? milliseconds(1000) : milliseconds(val); } } // namespace std::string addrToString(const sockaddr_storage* addr) { char out[INET6_ADDRSTRLEN] = {0}; getnameinfo((const sockaddr*) addr, sizeof(sockaddr_storage), out, INET6_ADDRSTRLEN, nullptr, 0, Loading Loading @@ -62,30 +76,24 @@ bool parseServer(const char* server, sockaddr_storage* parsed) { int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers, const std::string& name, const std::string& caCert, int32_t connectTimeoutMs) { const std::string& caCert) { LOG(DEBUG) << "PrivateDnsConfiguration::set(" << netId << ", 0x" << std::hex << mark << std::dec << ", " << servers.size() << ", " << name << ", " << connectTimeoutMs << "ms)"; << ", " << servers.size() << ", " << name << ")"; // Parse the list of servers that has been passed in std::set<DnsTlsServer> tlsServers; for (size_t i = 0; i < servers.size(); ++i) { for (const auto& s : servers) { sockaddr_storage parsed; if (!parseServer(servers[i].c_str(), &parsed)) { if (!parseServer(s.c_str(), &parsed)) { return -EINVAL; } DnsTlsServer server(parsed); server.name = name; server.certificate = caCert; // connectTimeoutMs = 0: use the default timeout value. // connectTimeoutMs < 0: invalid timeout value. if (connectTimeoutMs > 0) { // Set a specific timeout value but limit it to be at least 1 second. server.connectTimeout = (connectTimeoutMs < 1000) ? milliseconds(1000) : milliseconds(connectTimeoutMs); } server.connectTimeout = getTimeoutFromExperimentFlag("dot_connect_timeout_ms", DnsTlsServer::kDotConnectTimeoutMs); tlsServers.insert(server); LOG(DEBUG) << "Set DoT connect timeout " << server.connectTimeout.count() << "ms for " << s; } std::lock_guard guard(mPrivateDnsLock); Loading
PrivateDnsConfiguration.h +1 −2 Original line number Diff line number Diff line Loading @@ -53,8 +53,7 @@ struct PrivateDnsStatus { class PrivateDnsConfiguration { public: int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers, const std::string& name, const std::string& caCert, int32_t connectTimeoutMs) EXCLUDES(mPrivateDnsLock); const std::string& name, const std::string& caCert) EXCLUDES(mPrivateDnsLock); PrivateDnsStatus getStatus(unsigned netId) EXCLUDES(mPrivateDnsLock); Loading
ResolverController.cpp +3 −3 Original line number Diff line number Diff line Loading @@ -210,9 +210,9 @@ int ResolverController::setResolverConfiguration(const ResolverParamsParcel& res if (tlsServers.size() > MAXNS) { tlsServers.resize(MAXNS); } const int err = gPrivateDnsConfiguration.set( resolverParams.netId, fwmark.intValue, tlsServers, resolverParams.tlsName, resolverParams.caCertificate, resolverParams.tlsConnectTimeoutMs); const int err = gPrivateDnsConfiguration.set(resolverParams.netId, fwmark.intValue, tlsServers, resolverParams.tlsName, resolverParams.caCertificate); if (err != 0) { return err; Loading
binder/android/net/ResolverParamsParcel.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,8 @@ parcelable ResolverParamsParcel { /** * The timeout for the connection attempt to a Private DNS server. * It's initialized to 0 to use the predefined default value. * Setting a non-zero value to it takes no effect anymore. The timeout is configurable only * by the experiement flag. */ int tlsConnectTimeoutMs = 0; }
