Snap for 10623102 from 578683bc to mainline-mediaprovider-release

TEST_F(ResolverTest, PrefixDiscoveryBypassTls) {

    constexpr char listen_addr[] = "::1";

    constexpr char cleartext_port[] = "53";

    constexpr char tls_port[] = "853";

    constexpr char dns64_name[] = "ipv4only.arpa.";

    const std::vector<std::string> servers = {listen_addr};

    test::DNSResponder dns(listen_addr);

    StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});

    test::DnsTlsFrontend tls(listen_addr, tls_port, listen_addr, cleartext_port);

    test::DnsTlsFrontend tls(listen_addr, "853", listen_addr, "53");

    ASSERT_TRUE(tls.startServer());

    // Setup OPPORTUNISTIC mode and wait for the validation complete.

    ASSERT_TRUE(mDnsClient.SetResolversFromParcel(

            ResolverParams::Builder().setDnsServers(servers).setDotServers(servers).build()));

    EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));

    EXPECT_TRUE(tls.waitForQueries(1));

    tls.clearQueries();

    // Start NAT64 prefix discovery and wait for it complete.

    EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());

    EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));

    // Verify it bypassed TLS even though there's a TLS server available.

    EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();

    EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();

    EXPECT_TRUE(mDnsClient.resolvService()->stopPrefix64Discovery(TEST_NETID).isOk());

    EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));

    // Restart the testing network to reset the cache.

    mDnsClient.TearDown();

    mDnsClient.SetUp();

    dns.clearQueries();

    // Setup STRICT mode and wait for the validation complete.

    ASSERT_TRUE(mDnsClient.SetResolversFromParcel(

            ResolverParams::Builder()

                    .setDnsServers(servers)

                    .setDotServers(servers)

                    .setPrivateDnsProvider(kDefaultPrivateDnsHostName)

                    .build()));

    for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) {

        SCOPED_TRACE(fmt::format("testConfig: [{}]", dnsMode));

        auto builder = ResolverParams::Builder().setDnsServers(servers).setDotServers(servers);

        if (dnsMode == "STRICT") {

            builder.setPrivateDnsProvider(kDefaultPrivateDnsHostName);

        }

        ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.build()));

        EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));

        EXPECT_TRUE(tls.waitForQueries(1));

        tls.clearQueries();

    // Start NAT64 prefix discovery and wait for it to complete.

        // Start NAT64 prefix discovery.

        EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());

        EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));

    // Verify it bypassed TLS despite STRICT mode.

        // Verify that the DNS query for the NAT64 prefix bypassed private DNS.

        EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();

        EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();

        EXPECT_TRUE(mDnsClient.resolvService()->stopPrefix64Discovery(TEST_NETID).isOk());

        EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));

        dns.clearQueries();

        EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());

    }

    EXPECT_EQ(0, sDnsMetricsListener->getUnexpectedNat64PrefixUpdates());

    EXPECT_EQ(0, sUnsolicitedEventListener->getUnexpectedNat64PrefixUpdates());

}