Make TlsBypass and PrefixDiscoveryBypassTls non-flaky am: 0ad80e97 am: 29e15f96

    return true;

    return true;

}

}

bool DnsTlsFrontend::waitForQueries(int number, int timeoutMs) const {

// TODO: use a condition variable instead of polling

// TODO: also clear queries_ to eliminate potential race conditions

bool DnsTlsFrontend::waitForQueries(int expected_count) const {

    constexpr int intervalMs = 20;

    constexpr int intervalMs = 20;

    constexpr int timeoutMs = 5000;

    int limit = timeoutMs / intervalMs;

    int limit = timeoutMs / intervalMs;

    for (int count = 0; count <= limit; ++count) {

    for (int count = 0; count <= limit; ++count) {

        bool done = queries_ >= number;

        bool done = queries_ >= expected_count;

        // Always sleep at least one more interval after we are done, to wait for

        // Always sleep at least one more interval after we are done, to wait for

        // any immediate post-query actions that the client may take (such as

        // any immediate post-query actions that the client may take (such as

        // marking this server as reachable during validation).

        // marking this server as reachable during validation).

    bool running() const { return socket_ != -1; }

    bool running() const { return socket_ != -1; }

    bool startServer();

    bool startServer();

    bool stopServer();

    bool stopServer();

    int queries() const { return queries_; }

    int queries() const { return queries_; }

    void clearQueries() { queries_ = 0; }

    void clearQueries() { queries_ = 0; }

    bool waitForQueries(int number, int timeoutMs) const;

    bool waitForQueries(int expected_count) const;

    void set_chain_length(int length) { chain_length_ = length; }

    void set_chain_length(int length) { chain_length_ = length; }

    void setHangOnHandshakeForTesting(bool hangOnHandshake) { hangOnHandshake_ = hangOnHandshake; }

    void setHangOnHandshakeForTesting(bool hangOnHandshake) { hangOnHandshake_ = hangOnHandshake; }

    EXPECT_EQ("1.2.3.1", ToString(result));

    EXPECT_EQ("1.2.3.1", ToString(result));

    // Wait for query to get counted.

    // Wait for query to get counted.

    EXPECT_TRUE(tls.waitForQueries(2, 5000));

    EXPECT_TRUE(tls.waitForQueries(2));

    // Stop the TLS server.  Since we're in opportunistic mode, queries will

    // Stop the TLS server.  Since we're in opportunistic mode, queries will

    // fall back to the locally-assigned (clear text) nameservers.

    // fall back to the locally-assigned (clear text) nameservers.

    EXPECT_EQ("1.2.3.1", ToString(result));

    EXPECT_EQ("1.2.3.1", ToString(result));

    // Wait for query to get counted.

    // Wait for query to get counted.

    EXPECT_TRUE(tls1.waitForQueries(2, 5000));

    EXPECT_TRUE(tls1.waitForQueries(2));

    // No new queries should have reached tls2.

    // No new queries should have reached tls2.

    EXPECT_EQ(1, tls2.queries());

    EXPECT_EQ(1, tls2.queries());

    EXPECT_EQ("1.2.3.4", ToString(result));

    EXPECT_EQ("1.2.3.4", ToString(result));

    // Wait for query to get counted.

    // Wait for query to get counted.

    EXPECT_TRUE(tls2.waitForQueries(2, 5000));

    EXPECT_TRUE(tls2.waitForQueries(2));

    // No additional queries should have reached the insecure servers.

    // No additional queries should have reached the insecure servers.

    EXPECT_EQ(2U, dns1.queries().size());

    EXPECT_EQ(2U, dns1.queries().size());

    EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")

    EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")

            << ", result_str='" << result_str << "'";

            << ", result_str='" << result_str << "'";

    // Wait for both A and AAAA queries to get counted.

    // Wait for both A and AAAA queries to get counted.

    EXPECT_TRUE(tls.waitForQueries(3, 5000));

    EXPECT_TRUE(tls.waitForQueries(3));

    // Clear TLS bit.

    // Clear TLS bit.

    ASSERT_TRUE(mDnsClient.SetResolversForNetwork());

    ASSERT_TRUE(mDnsClient.SetResolversForNetwork());

        if (config.mode == OFF) {

        if (config.mode == OFF) {

            ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, kDefaultSearchDomains,

            ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, kDefaultSearchDomains,

                                                          kDefaultParams));

                                                          kDefaultParams));

        } else if (config.mode == OPPORTUNISTIC) {

        } else /* OPPORTUNISTIC or STRICT */ {

            const char* tls_hostname = (config.mode == STRICT) ? kDefaultPrivateDnsHostName : "";

            ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains,

            ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains,

                                                       kDefaultParams, ""));

                                                       kDefaultParams, tls_hostname));

            // Wait for the validation event. If the server is running, the validation should

            // Wait for the validation event. If the server is running, the validation should

            // be successful; otherwise, the validation should be failed.

            // succeed; otherwise, the validation should fail.

            EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), config.withWorkingTLS));

        } else if (config.mode == STRICT) {

            ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains,

                                                       kDefaultParams, kDefaultPrivateDnsHostName));

            // Wait for the validation event.

            EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), config.withWorkingTLS));

            EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), config.withWorkingTLS));

        }

            if (config.withWorkingTLS) {

                EXPECT_TRUE(tls.waitForQueries(1));

                tls.clearQueries();

                tls.clearQueries();

            }

        }

        const hostent* h_result = nullptr;

        const hostent* h_result = nullptr;

        ScopedAddrinfo ai_result;

        ScopedAddrinfo ai_result;

    constexpr char listen_addr[] = "::1";

    constexpr char listen_addr[] = "::1";

    test::DNSResponder dns(listen_addr);

    test::DNSResponder dns(listen_addr);

    StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});

    StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});

    const std::vector<std::string> servers = {listen_addr};

    const std::vector<std::string> servers = {listen_addr};

    ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));

    ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));

    // Setup OPPORTUNISTIC mode and wait for the validation complete.

    // Setup OPPORTUNISTIC mode and wait for the validation complete.

    ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams, ""));

    ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams, ""));

    EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));

    EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));

    EXPECT_TRUE(tls.waitForQueries(1));

    tls.clearQueries();

    tls.clearQueries();

    // Start NAT64 prefix discovery and wait for it complete.

    // Start NAT64 prefix discovery and wait for it complete.

    EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));

    EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));

    // Verify it bypassed TLS even though there's a TLS server available.

    // Verify it bypassed TLS even though there's a TLS server available.

    EXPECT_EQ(0, tls.queries());

    EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();

    EXPECT_EQ(1U, GetNumQueries(dns, dns64_name));

    EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();

    // Restart the testing network to reset the cache.

    // Restart the testing network to reset the cache.

    mDnsClient.TearDown();

    mDnsClient.TearDown();

    ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams,

    ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams,

                                               kDefaultPrivateDnsHostName));

                                               kDefaultPrivateDnsHostName));

    EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));

    EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));

    EXPECT_TRUE(tls.waitForQueries(1));

    tls.clearQueries();

    tls.clearQueries();

    // Start NAT64 prefix discovery and wait for it to complete.

    // Start NAT64 prefix discovery and wait for it to complete.

    EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));

    EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));

    // Verify it bypassed TLS despite STRICT mode.

    // Verify it bypassed TLS despite STRICT mode.

    EXPECT_EQ(0, tls.queries());

    EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();

    EXPECT_EQ(1U, GetNumQueries(dns, dns64_name));

    EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();

}

}

namespace {

namespace {

    const ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();

    const ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();

    ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));

    ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));

    EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));

    EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));

    dns.clearQueries();

    EXPECT_TRUE(tls.waitForQueries(1));

    tls.clearQueries();

    tls.clearQueries();

    dns.clearQueries();

    // The server becomes unresponsive to the handshake request.

    // The server becomes unresponsive to the handshake request.

    tls.setHangOnHandshakeForTesting(true);

    tls.setHangOnHandshakeForTesting(true);