Change to use experiment flags to configure private DNS connect timeout (40e6707a) · Commits · e / os / android_packages_modules_DnsResolver

DnsTlsServer.h

+3 −1

Original line number	Diff line number	Diff line
		@@ -62,7 +62,9 @@ struct DnsTlsServer {
		// The time to wait for the attempt on connecting to the server.
		// Set the default value 127 seconds to be consistent with TCP connect timeout.
		// (presume net.ipv4.tcp_syn_retries = 6)
		std::chrono::milliseconds connectTimeout = std::chrono::milliseconds(127 * 1000);
		std::chrono::milliseconds connectTimeout = std::chrono::milliseconds(kDotConnectTimeoutMs);

		static constexpr int kDotConnectTimeoutMs = 127 * 1000;

		// Exact comparison of DnsTlsServer objects
		bool operator<(const DnsTlsServer& other) const;

PrivateDnsConfiguration.cpp

+21 −13

Original line number	Diff line number	Diff line
		@@ -19,9 +19,11 @@
		#include "PrivateDnsConfiguration.h"

		#include <android-base/logging.h>
		#include <android-base/parseint.h>
		#include <android-base/stringprintf.h>
		#include <netdb.h>
		#include <netdutils/ThreadUtil.h>
		#include <server_configurable_flags/get_flags.h>
		#include <sys/socket.h>

		#include "DnsTlsTransport.h"
		@@ -30,11 +32,23 @@
		#include "netdutils/BackoffSequence.h"
		#include "resolv_cache.h"

		using android::base::ParseInt;
		using server_configurable_flags::GetServerConfigurableFlag;
		using std::chrono::milliseconds;

		namespace android {
		namespace net {

		namespace {

		milliseconds getTimeoutFromExperimentFlag(const std::string& flagName, const int defaultValue) {
		int val = defaultValue;
		ParseInt(GetServerConfigurableFlag("netd_native", flagName, ""), &val);
		return (val < 1000) ? milliseconds(1000) : milliseconds(val);
		}

		} // namespace

		std::string addrToString(const sockaddr_storage* addr) {
		char out[INET6_ADDRSTRLEN] = {0};
		getnameinfo((const sockaddr*) addr, sizeof(sockaddr_storage), out, INET6_ADDRSTRLEN, nullptr, 0,
		@@ -62,30 +76,24 @@ bool parseServer(const char* server, sockaddr_storage* parsed) {

		int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark,
		const std::vector<std::string>& servers, const std::string& name,
		const std::string& caCert, int32_t connectTimeoutMs) {
		const std::string& caCert) {
		LOG(DEBUG) << "PrivateDnsConfiguration::set(" << netId << ", 0x" << std::hex << mark << std::dec
		<< ", " << servers.size() << ", " << name << ", " << connectTimeoutMs << "ms)";
		<< ", " << servers.size() << ", " << name << ")";

		// Parse the list of servers that has been passed in
		std::set<DnsTlsServer> tlsServers;
		for (size_t i = 0; i < servers.size(); ++i) {
		for (const auto& s : servers) {
		sockaddr_storage parsed;
		if (!parseServer(servers[i].c_str(), &parsed)) {
		if (!parseServer(s.c_str(), &parsed)) {
		return -EINVAL;
		}
		DnsTlsServer server(parsed);
		server.name = name;
		server.certificate = caCert;

		// connectTimeoutMs = 0: use the default timeout value.
		// connectTimeoutMs < 0: invalid timeout value.
		if (connectTimeoutMs > 0) {
		// Set a specific timeout value but limit it to be at least 1 second.
		server.connectTimeout =
		(connectTimeoutMs < 1000) ? milliseconds(1000) : milliseconds(connectTimeoutMs);
		}

		server.connectTimeout = getTimeoutFromExperimentFlag("dot_connect_timeout_ms",
		DnsTlsServer::kDotConnectTimeoutMs);
		tlsServers.insert(server);
		LOG(DEBUG) << "Set DoT connect timeout " << server.connectTimeout.count() << "ms for " << s;
		}

		std::lock_guard guard(mPrivateDnsLock);

PrivateDnsConfiguration.h

+1 −2

Original line number	Diff line number	Diff line
		@@ -53,8 +53,7 @@ struct PrivateDnsStatus {
		class PrivateDnsConfiguration {
		public:
		int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,
		const std::string& name, const std::string& caCert, int32_t connectTimeoutMs)
		EXCLUDES(mPrivateDnsLock);
		const std::string& name, const std::string& caCert) EXCLUDES(mPrivateDnsLock);

		PrivateDnsStatus getStatus(unsigned netId) EXCLUDES(mPrivateDnsLock);

ResolverController.cpp

+3 −3

Original line number	Diff line number	Diff line
		@@ -210,9 +210,9 @@ int ResolverController::setResolverConfiguration(const ResolverParamsParcel& res
		if (tlsServers.size() > MAXNS) {
		tlsServers.resize(MAXNS);
		}
		const int err = gPrivateDnsConfiguration.set(
		resolverParams.netId, fwmark.intValue, tlsServers, resolverParams.tlsName,
		resolverParams.caCertificate, resolverParams.tlsConnectTimeoutMs);
		const int err =
		gPrivateDnsConfiguration.set(resolverParams.netId, fwmark.intValue, tlsServers,
		resolverParams.tlsName, resolverParams.caCertificate);

		if (err != 0) {
		return err;

binder/android/net/ResolverParamsParcel.aidl

+2 −0

Original line number	Diff line number	Diff line
		@@ -93,6 +93,8 @@ parcelable ResolverParamsParcel {
		/**
		* The timeout for the connection attempt to a Private DNS server.
		* It's initialized to 0 to use the predefined default value.
		* Setting a non-zero value to it takes no effect anymore. The timeout is configurable only
		* by the experiement flag.
		*/
		int tlsConnectTimeoutMs = 0;
		}