Loading sethostent.cpp +6 −0 Original line number Diff line number Diff line Loading @@ -69,6 +69,8 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { char* aliases[MAXALIASES]; char* addr_ptrs[MAXADDRS]; // TODO: Wrap the 'hf' into a RAII class or std::shared_ptr and modify the // sethostent_r()/endhostent_r() to get rid of manually endhostent_r(&hf) everywhere. FILE* hf = NULL; sethostent_r(&hf); if (hf == NULL) { Loading @@ -80,6 +82,7 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { } if ((ptr = buf = (char*) malloc(len = info->buflen)) == NULL) { endhostent_r(&hf); return EAI_MEMORY; } Loading @@ -103,6 +106,7 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { if (hp->h_name == nullptr) { free(buf); endhostent_r(&hf); return EAI_FAIL; } const char* h_name = hp->h_name; Loading Loading @@ -131,6 +135,7 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { if (num >= MAXADDRS) goto nospc; if (hp->h_addr_list[0] == nullptr) { free(buf); endhostent_r(&hf); return EAI_FAIL; } const char* addr = hp->h_addr_list[0]; Loading Loading @@ -185,6 +190,7 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { free(buf); return 0; nospc: endhostent_r(&hf); free(buf); return EAI_MEMORY; } Loading tests/resolv_integration_test.cpp +56 −57 Original line number Diff line number Diff line Loading @@ -4827,20 +4827,35 @@ TEST_F(ResolverTest, ConnectTlsServerTimeout_ConcurrentQueries) { } } // Tests that the DoT query timeout is configurable via the feature flag "dot_query_timeout_ms". // The test DoT server is configured to postpone DNS queries for DOT_SERVER_UNRESPONSIVE_TIME_MS // (2s). If the feature flag is set to a positive value smaller than // DOT_SERVER_UNRESPONSIVE_TIME_MS, DoT queries should timeout. TEST_F(ResolverTest, QueryTlsServerTimeout) { constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP; constexpr int INFINITE_QUERY_TIMEOUT = -1; constexpr int DOT_SERVER_UNRESPONSIVE_TIME_MS = 5000; constexpr int DOT_SERVER_UNRESPONSIVE_TIME_MS = 2000; constexpr int TIMING_TOLERANCE_MS = 200; constexpr char hostname1[] = "query1.example.com."; constexpr char hostname2[] = "query2.example.com."; const std::vector<DnsRecord> records = { {hostname1, ns_type::ns_t_a, "1.2.3.4"}, {hostname2, ns_type::ns_t_a, "1.2.3.5"}, }; for (const int queryTimeoutMs : {INFINITE_QUERY_TIMEOUT, 1000}) { for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) { SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", dnsMode, queryTimeoutMs)); static const struct TestConfig { std::string dnsMode; int queryTimeoutMs; int expectResultTimedOut; int expectedTimeTakenMs; } testConfigs[] = { // clang-format off {"OPPORTUNISTIC", -1, false, DOT_SERVER_UNRESPONSIVE_TIME_MS}, {"OPPORTUNISTIC", 1000, false, 1000}, {"STRICT", -1, false, DOT_SERVER_UNRESPONSIVE_TIME_MS}, // `expectResultTimedOut` is true in the following testcase because in strict mode // DnsResolver doesn't try Do53 servers after the DoT query is timed out. {"STRICT", 1000, true, 1000}, // clang-format on }; for (const auto& config : testConfigs) { SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", config.dnsMode, config.queryTimeoutMs)); const std::string addr = getUniqueIPv4Address(); test::DNSResponder dns(addr); Loading @@ -4848,7 +4863,7 @@ TEST_F(ResolverTest, QueryTlsServerTimeout) { test::DnsTlsFrontend tls(addr, "853", addr, "53"); ASSERT_TRUE(tls.startServer()); ScopedSystemProperties sp(kDotQueryTimeoutMsFlag, std::to_string(queryTimeoutMs)); ScopedSystemProperties sp(kDotQueryTimeoutMsFlag, std::to_string(config.queryTimeoutMs)); // Don't skip unusable DoT servers and disable revalidation for this test. ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag, "-1"); Loading @@ -4858,46 +4873,30 @@ TEST_F(ResolverTest, QueryTlsServerTimeout) { auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel(); parcel.servers = {addr}; parcel.tlsServers = {addr}; if (dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName; if (config.dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName; ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel)); EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true)); EXPECT_TRUE(tls.waitForQueries(1)); tls.clearQueries(); // Set the DoT server to be unresponsive to DNS queries until either it receives // 2 queries or 5s later. tls.setDelayQueries(2); // Set the DoT server to be unresponsive to DNS queries for // `DOT_SERVER_UNRESPONSIVE_TIME_MS` ms. tls.setDelayQueries(999); tls.setDelayQueriesTimeout(DOT_SERVER_UNRESPONSIVE_TIME_MS); // First query. // Send a DNS query, and then check the result and the response time. Stopwatch s; int fd = resNetworkQuery(TEST_NETID, hostname1, ns_c_in, ns_t_a, cacheFlag); if (dnsMode == "STRICT" && queryTimeoutMs != INFINITE_QUERY_TIMEOUT) { int fd = resNetworkQuery(TEST_NETID, hostname1, ns_c_in, ns_t_a, ANDROID_RESOLV_NO_CACHE_LOOKUP); if (config.expectResultTimedOut) { expectAnswersNotValid(fd, -ETIMEDOUT); } else { expectAnswersValid(fd, AF_INET, "1.2.3.4"); } // Besides checking the result of the query, check how much time the // resolver processed the query. int timeTakenMs = s.getTimeAndResetUs() / 1000; const int expectedTimeTakenMs = (queryTimeoutMs == INFINITE_QUERY_TIMEOUT) ? DOT_SERVER_UNRESPONSIVE_TIME_MS : queryTimeoutMs; EXPECT_GE(timeTakenMs, expectedTimeTakenMs); EXPECT_LE(timeTakenMs, expectedTimeTakenMs + 1000); // Second query. tls.setDelayQueries(1); fd = resNetworkQuery(TEST_NETID, hostname2, ns_c_in, ns_t_a, cacheFlag); expectAnswersValid(fd, AF_INET, "1.2.3.5"); // Also check how much time the resolver processed the query. timeTakenMs = s.timeTakenUs() / 1000; EXPECT_LE(timeTakenMs, 500); EXPECT_TRUE(tls.waitForQueries(2)); } const int timeTakenMs = s.getTimeAndResetUs() / 1000; EXPECT_NEAR(config.expectedTimeTakenMs, timeTakenMs, TIMING_TOLERANCE_MS); EXPECT_TRUE(tls.waitForQueries(1)); } } Loading tests/resolv_private_dns_test.cpp +6 −1 Original line number Diff line number Diff line Loading @@ -571,7 +571,12 @@ TEST_P(TransportParameterizedTest, BlockDnsQuery) { // Block network access by enabling data saver. ScopedSetDataSaverByBPF scopedSetDataSaverByBPF(true); ScopedChangeUID scopedChangeUID(TEST_UID); // DataSaver information is only meaningful after V. // TODO: Add 'else' to check that DNS queries are not blocked before V. if (android::modules::sdklevel::IsAtLeastV()) { expectQueriesAreBlocked(); } } else { // Block network access by setting UID firewall rules. ScopeBlockedUIDRule scopeBlockUidRule(mDnsClient.netdService(), TEST_UID); Loading tests/resolv_stats_test_utils.cpp +3 −0 Original line number Diff line number Diff line Loading @@ -107,6 +107,8 @@ NetworkDnsEventReported fromNetworkDnsEventReportedStr(const std::string& str) { event.set_private_dns_modes(static_cast<PrivateDnsModes>(value)); } else if (protoField[1] == "sampling_rate_denom" && ParseInt(protoField[2], &value)) { event.set_sampling_rate_denom(value); } else if (protoField[1] == "uid" && ParseInt(protoField[2], &value)) { event.set_uid(value); } } // Parsing each field of the proto DnsQueryEvent Loading Loading @@ -169,6 +171,7 @@ void PrintTo(const NetworkDnsEventReported& event, std::ostream* os) { *os << " network_type: " << event.network_type() << "\n"; *os << " private_dns_modes: " << event.private_dns_modes() << "\n"; *os << " dns_query_event_size: " << event.dns_query_events().dns_query_event_size() << "\n"; *os << " uid: " << event.uid() << "\n"; *os << "}"; } Loading tests/resolv_stats_test_utils.h +3 −1 Original line number Diff line number Diff line Loading @@ -120,7 +120,9 @@ MATCHER_P(NetworkDnsEventEq, other, "") { */ ::testing::Property("dns_query_events", &android::net::NetworkDnsEventReported::dns_query_events, DnsQueryEventsEq(other.dns_query_events()))), DnsQueryEventsEq(other.dns_query_events())), ::testing::Property("uid", &android::net::NetworkDnsEventReported::uid, ::testing::Eq(other.uid()))), arg, result_listener); } Loading Loading
sethostent.cpp +6 −0 Original line number Diff line number Diff line Loading @@ -69,6 +69,8 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { char* aliases[MAXALIASES]; char* addr_ptrs[MAXADDRS]; // TODO: Wrap the 'hf' into a RAII class or std::shared_ptr and modify the // sethostent_r()/endhostent_r() to get rid of manually endhostent_r(&hf) everywhere. FILE* hf = NULL; sethostent_r(&hf); if (hf == NULL) { Loading @@ -80,6 +82,7 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { } if ((ptr = buf = (char*) malloc(len = info->buflen)) == NULL) { endhostent_r(&hf); return EAI_MEMORY; } Loading @@ -103,6 +106,7 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { if (hp->h_name == nullptr) { free(buf); endhostent_r(&hf); return EAI_FAIL; } const char* h_name = hp->h_name; Loading Loading @@ -131,6 +135,7 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { if (num >= MAXADDRS) goto nospc; if (hp->h_addr_list[0] == nullptr) { free(buf); endhostent_r(&hf); return EAI_FAIL; } const char* addr = hp->h_addr_list[0]; Loading Loading @@ -185,6 +190,7 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { free(buf); return 0; nospc: endhostent_r(&hf); free(buf); return EAI_MEMORY; } Loading
tests/resolv_integration_test.cpp +56 −57 Original line number Diff line number Diff line Loading @@ -4827,20 +4827,35 @@ TEST_F(ResolverTest, ConnectTlsServerTimeout_ConcurrentQueries) { } } // Tests that the DoT query timeout is configurable via the feature flag "dot_query_timeout_ms". // The test DoT server is configured to postpone DNS queries for DOT_SERVER_UNRESPONSIVE_TIME_MS // (2s). If the feature flag is set to a positive value smaller than // DOT_SERVER_UNRESPONSIVE_TIME_MS, DoT queries should timeout. TEST_F(ResolverTest, QueryTlsServerTimeout) { constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP; constexpr int INFINITE_QUERY_TIMEOUT = -1; constexpr int DOT_SERVER_UNRESPONSIVE_TIME_MS = 5000; constexpr int DOT_SERVER_UNRESPONSIVE_TIME_MS = 2000; constexpr int TIMING_TOLERANCE_MS = 200; constexpr char hostname1[] = "query1.example.com."; constexpr char hostname2[] = "query2.example.com."; const std::vector<DnsRecord> records = { {hostname1, ns_type::ns_t_a, "1.2.3.4"}, {hostname2, ns_type::ns_t_a, "1.2.3.5"}, }; for (const int queryTimeoutMs : {INFINITE_QUERY_TIMEOUT, 1000}) { for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) { SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", dnsMode, queryTimeoutMs)); static const struct TestConfig { std::string dnsMode; int queryTimeoutMs; int expectResultTimedOut; int expectedTimeTakenMs; } testConfigs[] = { // clang-format off {"OPPORTUNISTIC", -1, false, DOT_SERVER_UNRESPONSIVE_TIME_MS}, {"OPPORTUNISTIC", 1000, false, 1000}, {"STRICT", -1, false, DOT_SERVER_UNRESPONSIVE_TIME_MS}, // `expectResultTimedOut` is true in the following testcase because in strict mode // DnsResolver doesn't try Do53 servers after the DoT query is timed out. {"STRICT", 1000, true, 1000}, // clang-format on }; for (const auto& config : testConfigs) { SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", config.dnsMode, config.queryTimeoutMs)); const std::string addr = getUniqueIPv4Address(); test::DNSResponder dns(addr); Loading @@ -4848,7 +4863,7 @@ TEST_F(ResolverTest, QueryTlsServerTimeout) { test::DnsTlsFrontend tls(addr, "853", addr, "53"); ASSERT_TRUE(tls.startServer()); ScopedSystemProperties sp(kDotQueryTimeoutMsFlag, std::to_string(queryTimeoutMs)); ScopedSystemProperties sp(kDotQueryTimeoutMsFlag, std::to_string(config.queryTimeoutMs)); // Don't skip unusable DoT servers and disable revalidation for this test. ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag, "-1"); Loading @@ -4858,46 +4873,30 @@ TEST_F(ResolverTest, QueryTlsServerTimeout) { auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel(); parcel.servers = {addr}; parcel.tlsServers = {addr}; if (dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName; if (config.dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName; ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel)); EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true)); EXPECT_TRUE(tls.waitForQueries(1)); tls.clearQueries(); // Set the DoT server to be unresponsive to DNS queries until either it receives // 2 queries or 5s later. tls.setDelayQueries(2); // Set the DoT server to be unresponsive to DNS queries for // `DOT_SERVER_UNRESPONSIVE_TIME_MS` ms. tls.setDelayQueries(999); tls.setDelayQueriesTimeout(DOT_SERVER_UNRESPONSIVE_TIME_MS); // First query. // Send a DNS query, and then check the result and the response time. Stopwatch s; int fd = resNetworkQuery(TEST_NETID, hostname1, ns_c_in, ns_t_a, cacheFlag); if (dnsMode == "STRICT" && queryTimeoutMs != INFINITE_QUERY_TIMEOUT) { int fd = resNetworkQuery(TEST_NETID, hostname1, ns_c_in, ns_t_a, ANDROID_RESOLV_NO_CACHE_LOOKUP); if (config.expectResultTimedOut) { expectAnswersNotValid(fd, -ETIMEDOUT); } else { expectAnswersValid(fd, AF_INET, "1.2.3.4"); } // Besides checking the result of the query, check how much time the // resolver processed the query. int timeTakenMs = s.getTimeAndResetUs() / 1000; const int expectedTimeTakenMs = (queryTimeoutMs == INFINITE_QUERY_TIMEOUT) ? DOT_SERVER_UNRESPONSIVE_TIME_MS : queryTimeoutMs; EXPECT_GE(timeTakenMs, expectedTimeTakenMs); EXPECT_LE(timeTakenMs, expectedTimeTakenMs + 1000); // Second query. tls.setDelayQueries(1); fd = resNetworkQuery(TEST_NETID, hostname2, ns_c_in, ns_t_a, cacheFlag); expectAnswersValid(fd, AF_INET, "1.2.3.5"); // Also check how much time the resolver processed the query. timeTakenMs = s.timeTakenUs() / 1000; EXPECT_LE(timeTakenMs, 500); EXPECT_TRUE(tls.waitForQueries(2)); } const int timeTakenMs = s.getTimeAndResetUs() / 1000; EXPECT_NEAR(config.expectedTimeTakenMs, timeTakenMs, TIMING_TOLERANCE_MS); EXPECT_TRUE(tls.waitForQueries(1)); } } Loading
tests/resolv_private_dns_test.cpp +6 −1 Original line number Diff line number Diff line Loading @@ -571,7 +571,12 @@ TEST_P(TransportParameterizedTest, BlockDnsQuery) { // Block network access by enabling data saver. ScopedSetDataSaverByBPF scopedSetDataSaverByBPF(true); ScopedChangeUID scopedChangeUID(TEST_UID); // DataSaver information is only meaningful after V. // TODO: Add 'else' to check that DNS queries are not blocked before V. if (android::modules::sdklevel::IsAtLeastV()) { expectQueriesAreBlocked(); } } else { // Block network access by setting UID firewall rules. ScopeBlockedUIDRule scopeBlockUidRule(mDnsClient.netdService(), TEST_UID); Loading
tests/resolv_stats_test_utils.cpp +3 −0 Original line number Diff line number Diff line Loading @@ -107,6 +107,8 @@ NetworkDnsEventReported fromNetworkDnsEventReportedStr(const std::string& str) { event.set_private_dns_modes(static_cast<PrivateDnsModes>(value)); } else if (protoField[1] == "sampling_rate_denom" && ParseInt(protoField[2], &value)) { event.set_sampling_rate_denom(value); } else if (protoField[1] == "uid" && ParseInt(protoField[2], &value)) { event.set_uid(value); } } // Parsing each field of the proto DnsQueryEvent Loading Loading @@ -169,6 +171,7 @@ void PrintTo(const NetworkDnsEventReported& event, std::ostream* os) { *os << " network_type: " << event.network_type() << "\n"; *os << " private_dns_modes: " << event.private_dns_modes() << "\n"; *os << " dns_query_event_size: " << event.dns_query_events().dns_query_event_size() << "\n"; *os << " uid: " << event.uid() << "\n"; *os << "}"; } Loading
tests/resolv_stats_test_utils.h +3 −1 Original line number Diff line number Diff line Loading @@ -120,7 +120,9 @@ MATCHER_P(NetworkDnsEventEq, other, "") { */ ::testing::Property("dns_query_events", &android::net::NetworkDnsEventReported::dns_query_events, DnsQueryEventsEq(other.dns_query_events()))), DnsQueryEventsEq(other.dns_query_events())), ::testing::Property("uid", &android::net::NetworkDnsEventReported::uid, ::testing::Eq(other.uid()))), arg, result_listener); } Loading
