Snap for 8902501 from a4b5b0a3 to mainline-go-tethering-release

bool setQueryId(span<uint8_t> msg, uint16_t query_id) {

bool setQueryId(span<uint8_t> msg, uint16_t query_id) {

    if ((size_t)msg.size() < sizeof(HEADER)) {

    if ((size_t)msg.size() < sizeof(HEADER)) {

        errno = EINVAL;

        LOG(ERROR) << __func__ << ": Invalid parameter";

        return false;

        return false;

    }

    }

    auto hp = reinterpret_cast<HEADER*>(msg.data());

    auto hp = reinterpret_cast<HEADER*>(msg.data());

        return;

        return;

    }

    }

    // Restore query id and send answer

    // Restore query id

    if (!setQueryId({ansBuf.data(), ansLen}, original_query_id) ||

    if (!setQueryId({ansBuf.data(), ansLen}, original_query_id)) {

        !sendLenAndData(mClient, ansLen, ansBuf.data())) {

        LOG(WARNING) << "ResNSendHandler::run: resnsend: failed to restore query id";

        return;

    }

    // Send answer

    if (!sendLenAndData(mClient, ansLen, ansBuf.data())) {

        PLOG(WARNING) << "ResNSendHandler::run: resnsend: failed to send answer to uid " << uid

        PLOG(WARNING) << "ResNSendHandler::run: resnsend: failed to send answer to uid " << uid

                      << " pid " << mClient->getPid();

                      << " pid " << mClient->getPid();

        return;

        return;

namespace android {

namespace android {

namespace net {

namespace net {

namespace {

bool ensureNoInvalidIp(const std::vector<std::string>& servers) {

    IPAddress ip;

    for (const auto& s : servers) {

        if (!IPAddress::forString(s, &ip)) {

            LOG(WARNING) << "Invalid IP address: " << s;

            return false;

        }

    }

    return true;

}

}  // namespace

int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark,

int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark,

                                 const std::vector<std::string>& servers, const std::string& name,

                                 const std::vector<std::string>& servers, const std::string& name,

                                 const std::string& caCert) {

                                 const std::string& caCert) {

    LOG(DEBUG) << "PrivateDnsConfiguration::set(" << netId << ", 0x" << std::hex << mark << std::dec

    LOG(DEBUG) << "PrivateDnsConfiguration::set(" << netId << ", 0x" << std::hex << mark << std::dec

               << ", " << servers.size() << ", " << name << ")";

               << ", " << servers.size() << ", " << name << ")";

    // Parse the list of servers that has been passed in

    if (!ensureNoInvalidIp(servers)) return -EINVAL;

    PrivateDnsTracker tmp;

    for (const auto& s : servers) {

        IPAddress ip;

        if (!IPAddress::forString(s, &ip)) {

            LOG(WARNING) << "Failed to parse server address (" << s << ")";

            return -EINVAL;

        }

        auto server = std::make_unique<DnsTlsServer>(ip);

        server->name = name;

        server->certificate = caCert;

        server->mark = mark;

        tmp[ServerIdentity(*server)] = std::move(server);

    }

    std::lock_guard guard(mPrivateDnsLock);

    std::lock_guard guard(mPrivateDnsLock);

    if (!name.empty()) {

    if (!name.empty()) {

        mPrivateDnsModes[netId] = PrivateDnsMode::STRICT;

        mPrivateDnsModes[netId] = PrivateDnsMode::STRICT;

    } else if (!tmp.empty()) {

    } else if (!servers.empty()) {

        mPrivateDnsModes[netId] = PrivateDnsMode::OPPORTUNISTIC;

        mPrivateDnsModes[netId] = PrivateDnsMode::OPPORTUNISTIC;

    } else {

    } else {

        mPrivateDnsModes[netId] = PrivateDnsMode::OFF;

        mPrivateDnsModes[netId] = PrivateDnsMode::OFF;

        mPrivateDnsTransports.erase(netId);

        clearDot(netId);

        clearDoh(netId);

        return 0;

        // TODO: signal validation threads to stop.

        // TODO: signal validation threads to stop.

    }

    if (int n = setDot(netId, mark, servers, name, caCert); n != 0) {

        return n;

    }

    if (isDoHEnabled()) {

        return setDoh(netId, mark, servers, name, caCert);

    }

    return 0;

    return 0;

}

}

int PrivateDnsConfiguration::setDot(int32_t netId, uint32_t mark,

                                    const std::vector<std::string>& servers,

                                    const std::string& name, const std::string& caCert) {

    // Parse the list of servers that has been passed in

    PrivateDnsTracker tmp;

    for (const auto& s : servers) {

        // The IP addresses are guaranteed to be valid.

        auto server = std::make_unique<DnsTlsServer>(IPAddress::forString(s));

        server->name = name;

        server->certificate = caCert;

        server->mark = mark;

        tmp[ServerIdentity(*server)] = std::move(server);

    }

    // Create the tracker if it was not present

    // Create the tracker if it was not present

    auto& tracker = mPrivateDnsTransports[netId];

    auto& tracker = mPrivateDnsTransports[netId];

        }

        }

    }

    }

    return 0;

    return resolv_stats_set_addrs(netId, PROTO_DOT, servers, kDotPort);

}

void PrivateDnsConfiguration::clearDot(int32_t netId) {

    mPrivateDnsTransports.erase(netId);

    resolv_stats_set_addrs(netId, PROTO_DOT, {}, kDotPort);

}

}

PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) const {

PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) const {

    LOG(DEBUG) << "PrivateDnsConfiguration::clear(" << netId << ")";

    LOG(DEBUG) << "PrivateDnsConfiguration::clear(" << netId << ")";

    std::lock_guard guard(mPrivateDnsLock);

    std::lock_guard guard(mPrivateDnsLock);

    mPrivateDnsModes.erase(netId);

    mPrivateDnsModes.erase(netId);

    mPrivateDnsTransports.erase(netId);

    clearDot(netId);

    clearDoh(netId);

    // Notify the relevant private DNS validations, if they are waiting, to finish.

    // Notify the relevant private DNS validations, if they are waiting, to finish.

    mCv.notify_all();

    mCv.notify_all();

                                    const std::string& name, const std::string& caCert) {

                                    const std::string& name, const std::string& caCert) {

    LOG(DEBUG) << "PrivateDnsConfiguration::setDoh(" << netId << ", 0x" << std::hex << mark

    LOG(DEBUG) << "PrivateDnsConfiguration::setDoh(" << netId << ", 0x" << std::hex << mark

               << std::dec << ", " << servers.size() << ", " << name << ")";

               << std::dec << ", " << servers.size() << ", " << name << ")";

    std::lock_guard guard(mPrivateDnsLock);

    if (servers.empty()) {

    if (servers.empty()) {

        clearDohLocked(netId);

        clearDoh(netId);

        return 0;

        return 0;

    }

    }

    }

    }

    LOG(INFO) << __func__ << ": No suitable DoH server found";

    LOG(INFO) << __func__ << ": No suitable DoH server found";

    clearDohLocked(netId);

    clearDoh(netId);

    return 0;

    return 0;

}

}

void PrivateDnsConfiguration::clearDohLocked(unsigned netId) {

void PrivateDnsConfiguration::clearDoh(unsigned netId) {

    LOG(DEBUG) << "PrivateDnsConfiguration::clearDohLocked (" << netId << ")";

    LOG(DEBUG) << "PrivateDnsConfiguration::clearDoh (" << netId << ")";

    if (mDohDispatcher != nullptr) doh_net_delete(mDohDispatcher, netId);

    if (mDohDispatcher != nullptr) doh_net_delete(mDohDispatcher, netId);

    mDohTracker.erase(netId);

    mDohTracker.erase(netId);

    resolv_stats_set_addrs(netId, PROTO_DOH, {}, kDohPort);

    resolv_stats_set_addrs(netId, PROTO_DOH, {}, kDohPort);

}

}

void PrivateDnsConfiguration::clearDoh(unsigned netId) {

    std::lock_guard guard(mPrivateDnsLock);

    clearDohLocked(netId);

}

ssize_t PrivateDnsConfiguration::dohQuery(unsigned netId, const Slice query, const Slice answer,

ssize_t PrivateDnsConfiguration::dohQuery(unsigned netId, const Slice query, const Slice answer,

                                          uint64_t timeoutMs) {

                                          uint64_t timeoutMs) {

    {

    {

    void initDoh() EXCLUDES(mPrivateDnsLock);

    void initDoh() EXCLUDES(mPrivateDnsLock);

    int setDoh(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,

               const std::string& name, const std::string& caCert) EXCLUDES(mPrivateDnsLock);

    PrivateDnsStatus getStatus(unsigned netId) const EXCLUDES(mPrivateDnsLock);

    PrivateDnsStatus getStatus(unsigned netId) const EXCLUDES(mPrivateDnsLock);

    void clear(unsigned netId) EXCLUDES(mPrivateDnsLock);

    void clear(unsigned netId) EXCLUDES(mPrivateDnsLock);

    void clearDoh(unsigned netId) EXCLUDES(mPrivateDnsLock);

    ssize_t dohQuery(unsigned netId, const netdutils::Slice query, const netdutils::Slice answer,

    ssize_t dohQuery(unsigned netId, const netdutils::Slice query, const netdutils::Slice answer,

                     uint64_t timeoutMs) EXCLUDES(mPrivateDnsLock);

                     uint64_t timeoutMs) EXCLUDES(mPrivateDnsLock);

    PrivateDnsConfiguration() = default;

    PrivateDnsConfiguration() = default;

    int setDot(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,

               const std::string& name, const std::string& caCert) REQUIRES(mPrivateDnsLock);

    void clearDot(int32_t netId) REQUIRES(mPrivateDnsLock);

    // Launchs a thread to run the validation for |server| on the network |netId|.

    // Launchs a thread to run the validation for |server| on the network |netId|.

    // |isRevalidation| is true if this call is due to a revalidation request.

    // |isRevalidation| is true if this call is due to a revalidation request.

    void startValidation(const ServerIdentity& identity, unsigned netId, bool isRevalidation)

    void startValidation(const ServerIdentity& identity, unsigned netId, bool isRevalidation)

                                                         unsigned netId) REQUIRES(mPrivateDnsLock);

                                                         unsigned netId) REQUIRES(mPrivateDnsLock);

    void initDohLocked() REQUIRES(mPrivateDnsLock);

    void initDohLocked() REQUIRES(mPrivateDnsLock);

    void clearDohLocked(unsigned netId) REQUIRES(mPrivateDnsLock);

    int setDoh(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,

               const std::string& name, const std::string& caCert) REQUIRES(mPrivateDnsLock);

    void clearDoh(unsigned netId) REQUIRES(mPrivateDnsLock);

    mutable std::mutex mPrivateDnsLock;

    mutable std::mutex mPrivateDnsLock;

    std::map<unsigned, PrivateDnsMode> mPrivateDnsModes GUARDED_BY(mPrivateDnsLock);

    std::map<unsigned, PrivateDnsMode> mPrivateDnsModes GUARDED_BY(mPrivateDnsLock);

#include <netdutils/NetNativeTestBase.h>

#include <netdutils/NetNativeTestBase.h>

#include "PrivateDnsConfiguration.h"

#include "PrivateDnsConfiguration.h"

#include "resolv_cache.h"

#include "tests/dns_responder/dns_responder.h"

#include "tests/dns_responder/dns_responder.h"

#include "tests/dns_responder/dns_tls_frontend.h"

#include "tests/dns_responder/dns_tls_frontend.h"

#include "tests/resolv_test_utils.h"

#include "tests/resolv_test_utils.h"

                    std::lock_guard guard(mObserver.lock);

                    std::lock_guard guard(mObserver.lock);

                    mObserver.serverStateMap[server] = validation;

                    mObserver.serverStateMap[server] = validation;

                });

                });

        // Create a NetConfig for stats.

        EXPECT_EQ(0, resolv_create_cache_for_net(kNetId));

    }

    }

    void TearDown() { resolv_delete_cache_for_net(kNetId); }

  protected:

  protected:

    class MockObserver : public PrivateDnsValidationObserver {

    class MockObserver : public PrivateDnsValidationObserver {

      public:

      public:

    resolv_delete_cache_for_net(netId);

    resolv_delete_cache_for_net(netId);

    mDns64Configuration.stopPrefixDiscovery(netId);

    mDns64Configuration.stopPrefixDiscovery(netId);

    PrivateDnsConfiguration::getInstance().clear(netId);

    PrivateDnsConfiguration::getInstance().clear(netId);

    if (isDoHEnabled()) PrivateDnsConfiguration::getInstance().clearDoh(netId);

    // Don't get this instance in PrivateDnsConfiguration. It's probe to deadlock.

    // Don't get this instance in PrivateDnsConfiguration. It's probe to deadlock.

    DnsTlsDispatcher::getInstance().forceCleanup(netId);

    DnsTlsDispatcher::getInstance().forceCleanup(netId);

        return err;

        return err;

    }

    }

    if (err = resolv_stats_set_addrs(resolverParams.netId, PROTO_DOT, tlsServers, 853);

        err != 0) {

        return err;

    }

    if (is_mdns_supported_transport_types(resolverParams.transportTypes)) {

    if (is_mdns_supported_transport_types(resolverParams.transportTypes)) {

        if (err = resolv_stats_set_addrs(resolverParams.netId, PROTO_MDNS,

        if (err = resolv_stats_set_addrs(resolverParams.netId, PROTO_MDNS,

                                         {"ff02::fb", "224.0.0.251"}, 5353);

                                         {"ff02::fb", "224.0.0.251"}, 5353);

        }

        }

    }

    }

    if (isDoHEnabled()) {

        err = privateDnsConfiguration.setDoh(resolverParams.netId, netcontext.app_mark, tlsServers,

                                             resolverParams.tlsName, resolverParams.caCertificate);

        if (err != 0) {

            return err;

        }

    }

    res_params res_params = {};

    res_params res_params = {};

    res_params.sample_validity = resolverParams.sampleValiditySeconds;

    res_params.sample_validity = resolverParams.sampleValiditySeconds;

    res_params.success_threshold = resolverParams.successThreshold;

    res_params.success_threshold = resolverParams.successThreshold;