Loading DnsProxyListener.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -45,13 +45,13 @@ #include <netdutils/Stopwatch.h> #include <netdutils/ThreadUtil.h> #include <private/android_filesystem_config.h> // AID_SYSTEM #include <resolv.h> #include <statslog_resolv.h> #include <sysutils/SocketClient.h> #include "DnsResolver.h" #include "NetdClient.h" // NETID_USE_LOCAL_NAMESERVERS #include "NetdPermissions.h" #include "PrivateDnsConfiguration.h" #include "ResolverEventReporter.h" #include "netd_resolv/stats.h" // RCODE_TIMEOUT #include "resolv_private.h" Loading Loading @@ -115,8 +115,9 @@ constexpr bool requestingUseLocalNameservers(unsigned flags) { } inline bool queryingViaTls(unsigned dns_netid) { // TODO: The simpler PrivateDnsStatus should suffice here. ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; resolv_get_private_dns_status_for_net(dns_netid, &privateDnsStatus); gPrivateDnsConfiguration.getStatus(dns_netid, &privateDnsStatus); switch (static_cast<PrivateDnsMode>(privateDnsStatus.mode)) { case PrivateDnsMode::OPPORTUNISTIC: for (int i = 0; i < privateDnsStatus.numServers; i++) { Loading PrivateDnsConfiguration.cpp +1 −21 Original line number Diff line number Diff line Loading @@ -28,8 +28,6 @@ #include "netd_resolv/resolv.h" #include "netdutils/BackoffSequence.h" using aidl::android::net::metrics::INetdEventListener; int resolv_set_private_dns_for_net(unsigned netid, uint32_t mark, const char** servers, const int numServers, const char* tlsName, const uint8_t** fingerprints, const int numFingerprint) { Loading @@ -52,14 +50,7 @@ void resolv_delete_private_dns_for_net(unsigned netid) { android::net::gPrivateDnsConfiguration.clear(netid); } void resolv_get_private_dns_status_for_net(unsigned netid, ExternalPrivateDnsStatus* status) { android::net::gPrivateDnsConfiguration.getStatus(netid, status); } namespace android { using android::netdutils::BackoffSequence; namespace net { std::string addrToString(const sockaddr_storage* addr) { Loading Loading @@ -151,12 +142,6 @@ int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark, PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) { PrivateDnsStatus status{PrivateDnsMode::OFF, {}}; // This mutex is on the critical path of every DNS lookup. // // If the overhead of mutex acquisition proves too high, we could reduce // it by maintaining an atomic_int32_t counter of TLS-enabled netids, or // by using an RWLock. std::lock_guard guard(mPrivateDnsLock); const auto mode = mPrivateDnsModes.find(netId); Loading @@ -176,11 +161,6 @@ PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) { } void PrivateDnsConfiguration::getStatus(unsigned netId, ExternalPrivateDnsStatus* status) { // This mutex is on the critical path of every DNS lookup. // // If the overhead of mutex acquisition proves too high, we could reduce // it by maintaining an atomic_int32_t counter of TLS-enabled netids, or // by using an RWLock. std::lock_guard guard(mPrivateDnsLock); const auto mode = mPrivateDnsModes.find(netId); Loading Loading @@ -238,7 +218,7 @@ void PrivateDnsConfiguration::validatePrivateDnsProvider(const DnsTlsServer& ser // such validation passes per day is about ~30MB per month, in the // worst case. Otherwise, this will cost ~600 SYNs per month // (6 SYNs per ip, 4 ips per validation pass, 24 passes per day). auto backoff = BackoffSequence<>::Builder() auto backoff = netdutils::BackoffSequence<>::Builder() .withInitialRetransmissionTime(std::chrono::seconds(60)) .withMaximumRetransmissionTime(std::chrono::seconds(3600)) .build(); Loading PrivateDnsConfiguration.h +18 −4 Original line number Diff line number Diff line Loading @@ -23,20 +23,34 @@ #include <vector> #include <android-base/thread_annotations.h> #include <netd_resolv/resolv.h> #include "DnsTlsServer.h" struct ExternalPrivateDnsStatus; // Defined in netd_resolv/resolv.h namespace android { namespace net { // The DNS over TLS mode on a specific netId. enum class PrivateDnsMode : uint8_t { OFF, OPPORTUNISTIC, STRICT }; // Validation status of a DNS over TLS server (on a specific netId). enum class Validation : uint8_t { in_process, success, fail, unknown_server, unknown_netid }; struct PrivateDnsStatus { PrivateDnsMode mode; std::list<DnsTlsServer> validatedServers; }; // TODO: remove this C-style struct and use PrivateDnsStatus everywhere. struct ExternalPrivateDnsStatus { PrivateDnsMode mode; int numServers; struct PrivateDnsInfo { sockaddr_storage ss; const char* hostname; Validation validation; } serverStatus[MAXNS]; }; class PrivateDnsConfiguration { public: int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers, Loading @@ -44,7 +58,7 @@ class PrivateDnsConfiguration { PrivateDnsStatus getStatus(unsigned netId); // Externally used for netd. // DEPRECATED, use getStatus() above. void getStatus(unsigned netId, ExternalPrivateDnsStatus* status); void clear(unsigned netId); Loading ResolverController.cpp +3 −3 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ #include "Dns64Configuration.h" #include "DnsResolver.h" #include "Fwmark.h" #include "PrivateDnsConfiguration.h" #include "ResolverEventReporter.h" #include "ResolverStats.h" #include "netd_resolv/resolv.h" Loading Loading @@ -197,7 +198,6 @@ int ResolverController::createNetworkCache(unsigned netId) { // TODO: remove below functions and call into PrivateDnsConfiguration directly. // resolv_set_private_dns_for_net() // resolv_delete_private_dns_for_net() // resolv_get_private_dns_status_for_net() int ResolverController::setResolverConfiguration( const ResolverParamsParcel& resolverParams, const std::set<std::vector<uint8_t>>& tlsFingerprints) { Loading Loading @@ -278,7 +278,7 @@ int ResolverController::getResolverInfo(int32_t netId, std::vector<std::string>* ResolverStats::encodeAll(res_stats, stats); ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; resolv_get_private_dns_status_for_net(netId, &privateDnsStatus); gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus); for (int i = 0; i < privateDnsStatus.numServers; i++) { std::string tlsServer_str = addrToString(&(privateDnsStatus.serverStatus[i].ss)); tlsServers->push_back(std::move(tlsServer_str)); Loading Loading @@ -371,7 +371,7 @@ void ResolverController::dump(DumpWriter& dw, unsigned netId) { mDns64Configuration.dump(dw, netId); ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; resolv_get_private_dns_status_for_net(netId, &privateDnsStatus); gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus); dw.println("Private DNS mode: %s", getPrivateDnsModeString(static_cast<PrivateDnsMode>(privateDnsStatus.mode))); if (!privateDnsStatus.numServers) { Loading include/netd_resolv/params.h +0 −6 Original line number Diff line number Diff line Loading @@ -35,12 +35,6 @@ struct res_params { int retry_count; // number of retries }; // The DNS over TLS mode on a specific netId. enum class PrivateDnsMode : uint8_t { OFF, OPPORTUNISTIC, STRICT }; // Validation status of a DNS over TLS server (on a specific netId). enum class Validation : uint8_t { in_process, success, fail, unknown_server, unknown_netid }; #define LIBNETD_RESOLV_PUBLIC extern "C" [[gnu::visibility("default")]] #endif // NETD_RESOLV_PARAMS_H Loading
DnsProxyListener.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -45,13 +45,13 @@ #include <netdutils/Stopwatch.h> #include <netdutils/ThreadUtil.h> #include <private/android_filesystem_config.h> // AID_SYSTEM #include <resolv.h> #include <statslog_resolv.h> #include <sysutils/SocketClient.h> #include "DnsResolver.h" #include "NetdClient.h" // NETID_USE_LOCAL_NAMESERVERS #include "NetdPermissions.h" #include "PrivateDnsConfiguration.h" #include "ResolverEventReporter.h" #include "netd_resolv/stats.h" // RCODE_TIMEOUT #include "resolv_private.h" Loading Loading @@ -115,8 +115,9 @@ constexpr bool requestingUseLocalNameservers(unsigned flags) { } inline bool queryingViaTls(unsigned dns_netid) { // TODO: The simpler PrivateDnsStatus should suffice here. ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; resolv_get_private_dns_status_for_net(dns_netid, &privateDnsStatus); gPrivateDnsConfiguration.getStatus(dns_netid, &privateDnsStatus); switch (static_cast<PrivateDnsMode>(privateDnsStatus.mode)) { case PrivateDnsMode::OPPORTUNISTIC: for (int i = 0; i < privateDnsStatus.numServers; i++) { Loading
PrivateDnsConfiguration.cpp +1 −21 Original line number Diff line number Diff line Loading @@ -28,8 +28,6 @@ #include "netd_resolv/resolv.h" #include "netdutils/BackoffSequence.h" using aidl::android::net::metrics::INetdEventListener; int resolv_set_private_dns_for_net(unsigned netid, uint32_t mark, const char** servers, const int numServers, const char* tlsName, const uint8_t** fingerprints, const int numFingerprint) { Loading @@ -52,14 +50,7 @@ void resolv_delete_private_dns_for_net(unsigned netid) { android::net::gPrivateDnsConfiguration.clear(netid); } void resolv_get_private_dns_status_for_net(unsigned netid, ExternalPrivateDnsStatus* status) { android::net::gPrivateDnsConfiguration.getStatus(netid, status); } namespace android { using android::netdutils::BackoffSequence; namespace net { std::string addrToString(const sockaddr_storage* addr) { Loading Loading @@ -151,12 +142,6 @@ int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark, PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) { PrivateDnsStatus status{PrivateDnsMode::OFF, {}}; // This mutex is on the critical path of every DNS lookup. // // If the overhead of mutex acquisition proves too high, we could reduce // it by maintaining an atomic_int32_t counter of TLS-enabled netids, or // by using an RWLock. std::lock_guard guard(mPrivateDnsLock); const auto mode = mPrivateDnsModes.find(netId); Loading @@ -176,11 +161,6 @@ PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) { } void PrivateDnsConfiguration::getStatus(unsigned netId, ExternalPrivateDnsStatus* status) { // This mutex is on the critical path of every DNS lookup. // // If the overhead of mutex acquisition proves too high, we could reduce // it by maintaining an atomic_int32_t counter of TLS-enabled netids, or // by using an RWLock. std::lock_guard guard(mPrivateDnsLock); const auto mode = mPrivateDnsModes.find(netId); Loading Loading @@ -238,7 +218,7 @@ void PrivateDnsConfiguration::validatePrivateDnsProvider(const DnsTlsServer& ser // such validation passes per day is about ~30MB per month, in the // worst case. Otherwise, this will cost ~600 SYNs per month // (6 SYNs per ip, 4 ips per validation pass, 24 passes per day). auto backoff = BackoffSequence<>::Builder() auto backoff = netdutils::BackoffSequence<>::Builder() .withInitialRetransmissionTime(std::chrono::seconds(60)) .withMaximumRetransmissionTime(std::chrono::seconds(3600)) .build(); Loading
PrivateDnsConfiguration.h +18 −4 Original line number Diff line number Diff line Loading @@ -23,20 +23,34 @@ #include <vector> #include <android-base/thread_annotations.h> #include <netd_resolv/resolv.h> #include "DnsTlsServer.h" struct ExternalPrivateDnsStatus; // Defined in netd_resolv/resolv.h namespace android { namespace net { // The DNS over TLS mode on a specific netId. enum class PrivateDnsMode : uint8_t { OFF, OPPORTUNISTIC, STRICT }; // Validation status of a DNS over TLS server (on a specific netId). enum class Validation : uint8_t { in_process, success, fail, unknown_server, unknown_netid }; struct PrivateDnsStatus { PrivateDnsMode mode; std::list<DnsTlsServer> validatedServers; }; // TODO: remove this C-style struct and use PrivateDnsStatus everywhere. struct ExternalPrivateDnsStatus { PrivateDnsMode mode; int numServers; struct PrivateDnsInfo { sockaddr_storage ss; const char* hostname; Validation validation; } serverStatus[MAXNS]; }; class PrivateDnsConfiguration { public: int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers, Loading @@ -44,7 +58,7 @@ class PrivateDnsConfiguration { PrivateDnsStatus getStatus(unsigned netId); // Externally used for netd. // DEPRECATED, use getStatus() above. void getStatus(unsigned netId, ExternalPrivateDnsStatus* status); void clear(unsigned netId); Loading
ResolverController.cpp +3 −3 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ #include "Dns64Configuration.h" #include "DnsResolver.h" #include "Fwmark.h" #include "PrivateDnsConfiguration.h" #include "ResolverEventReporter.h" #include "ResolverStats.h" #include "netd_resolv/resolv.h" Loading Loading @@ -197,7 +198,6 @@ int ResolverController::createNetworkCache(unsigned netId) { // TODO: remove below functions and call into PrivateDnsConfiguration directly. // resolv_set_private_dns_for_net() // resolv_delete_private_dns_for_net() // resolv_get_private_dns_status_for_net() int ResolverController::setResolverConfiguration( const ResolverParamsParcel& resolverParams, const std::set<std::vector<uint8_t>>& tlsFingerprints) { Loading Loading @@ -278,7 +278,7 @@ int ResolverController::getResolverInfo(int32_t netId, std::vector<std::string>* ResolverStats::encodeAll(res_stats, stats); ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; resolv_get_private_dns_status_for_net(netId, &privateDnsStatus); gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus); for (int i = 0; i < privateDnsStatus.numServers; i++) { std::string tlsServer_str = addrToString(&(privateDnsStatus.serverStatus[i].ss)); tlsServers->push_back(std::move(tlsServer_str)); Loading Loading @@ -371,7 +371,7 @@ void ResolverController::dump(DumpWriter& dw, unsigned netId) { mDns64Configuration.dump(dw, netId); ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; resolv_get_private_dns_status_for_net(netId, &privateDnsStatus); gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus); dw.println("Private DNS mode: %s", getPrivateDnsModeString(static_cast<PrivateDnsMode>(privateDnsStatus.mode))); if (!privateDnsStatus.numServers) { Loading
include/netd_resolv/params.h +0 −6 Original line number Diff line number Diff line Loading @@ -35,12 +35,6 @@ struct res_params { int retry_count; // number of retries }; // The DNS over TLS mode on a specific netId. enum class PrivateDnsMode : uint8_t { OFF, OPPORTUNISTIC, STRICT }; // Validation status of a DNS over TLS server (on a specific netId). enum class Validation : uint8_t { in_process, success, fail, unknown_server, unknown_netid }; #define LIBNETD_RESOLV_PUBLIC extern "C" [[gnu::visibility("default")]] #endif // NETD_RESOLV_PARAMS_H
