Loading DnsProxyListener.cpp +4 −11 Original line number Diff line number Diff line Loading @@ -118,18 +118,11 @@ constexpr bool requestingUseLocalNameservers(unsigned flags) { return (flags & NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS) != 0; } inline bool queryingViaTls(unsigned dns_netid) { // TODO: The simpler PrivateDnsStatus should suffice here. ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; gPrivateDnsConfiguration.getStatus(dns_netid, &privateDnsStatus); switch (static_cast<PrivateDnsMode>(privateDnsStatus.mode)) { bool queryingViaTls(unsigned dns_netid) { const auto privateDnsStatus = gPrivateDnsConfiguration.getStatus(dns_netid); switch (privateDnsStatus.mode) { case PrivateDnsMode::OPPORTUNISTIC: for (int i = 0; i < privateDnsStatus.numServers; i++) { if (privateDnsStatus.serverStatus[i].validation == Validation::success) { return true; } } return false; return !privateDnsStatus.validatedServers().empty(); case PrivateDnsMode::STRICT: return true; default: Loading PrivateDnsConfiguration.cpp +4 −25 Original line number Diff line number Diff line Loading @@ -126,37 +126,13 @@ PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) { const auto netPair = mPrivateDnsTransports.find(netId); if (netPair != mPrivateDnsTransports.end()) { for (const auto& serverPair : netPair->second) { if (serverPair.second == Validation::success) { status.validatedServers.push_back(serverPair.first); } status.serversMap.emplace(serverPair.first, serverPair.second); } } return status; } void PrivateDnsConfiguration::getStatus(unsigned netId, ExternalPrivateDnsStatus* status) { std::lock_guard guard(mPrivateDnsLock); const auto mode = mPrivateDnsModes.find(netId); if (mode == mPrivateDnsModes.end()) return; status->mode = mode->second; const auto netPair = mPrivateDnsTransports.find(netId); if (netPair != mPrivateDnsTransports.end()) { int count = 0; for (const auto& serverPair : netPair->second) { status->serverStatus[count].ss = serverPair.first.ss; status->serverStatus[count].hostname = serverPair.first.name.empty() ? "" : serverPair.first.name.c_str(); status->serverStatus[count].validation = serverPair.second; count++; if (count >= MAXNS) break; // Lose the rest } status->numServers = count; } } void PrivateDnsConfiguration::clear(unsigned netId) { LOG(DEBUG) << "PrivateDnsConfiguration::clear(" << netId << ")"; std::lock_guard guard(mPrivateDnsLock); Loading Loading @@ -242,6 +218,9 @@ bool PrivateDnsConfiguration::recordPrivateDnsValidation(const DnsTlsServer& ser auto& tracker = netPair->second; auto serverPair = tracker.find(server); if (serverPair == tracker.end()) { // TODO: Consider not adding this server to the tracker since this server is not expected // to be one of the private DNS servers for this network now. This could prevent this // server from being included when dumping status. LOG(WARNING) << "Server " << addrToString(&server.ss) << " was removed during private DNS validation"; success = false; Loading PrivateDnsConfiguration.h +16 −22 Original line number Diff line number Diff line Loading @@ -14,8 +14,7 @@ * limitations under the License. */ #ifndef NETD_RESOLV_PRIVATEDNSCONFIGURATION_H #define NETD_RESOLV_PRIVATEDNSCONFIGURATION_H #pragma once #include <list> #include <map> Loading @@ -37,31 +36,28 @@ enum class Validation : uint8_t { in_process, success, fail, unknown_server, unk struct PrivateDnsStatus { PrivateDnsMode mode; std::list<DnsTlsServer> validatedServers; }; // TODO: remove this C-style struct and use PrivateDnsStatus everywhere. struct ExternalPrivateDnsStatus { PrivateDnsMode mode; int numServers; struct PrivateDnsInfo { sockaddr_storage ss; const char* hostname; Validation validation; } serverStatus[MAXNS]; std::map<DnsTlsServer, Validation, AddressComparator> serversMap; std::list<DnsTlsServer> validatedServers() const { std::list<DnsTlsServer> servers; for (const auto& pair : serversMap) { if (pair.second == Validation::success) { servers.push_back(pair.first); } } return servers; } }; class PrivateDnsConfiguration { public: int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers, const std::string& name, const std::string& caCert); const std::string& name, const std::string& caCert) EXCLUDES(mPrivateDnsLock); PrivateDnsStatus getStatus(unsigned netId); PrivateDnsStatus getStatus(unsigned netId) EXCLUDES(mPrivateDnsLock); // DEPRECATED, use getStatus() above. void getStatus(unsigned netId, ExternalPrivateDnsStatus* status); void clear(unsigned netId); void clear(unsigned netId) EXCLUDES(mPrivateDnsLock); private: typedef std::map<DnsTlsServer, Validation, AddressComparator> PrivateDnsTracker; Loading @@ -88,5 +84,3 @@ extern PrivateDnsConfiguration gPrivateDnsConfiguration; } // namespace net } // namespace android #endif /* NETD_RESOLV_PRIVATEDNSCONFIGURATION_H */ ResolverController.cpp +10 −15 Original line number Diff line number Diff line Loading @@ -249,11 +249,9 @@ int ResolverController::getResolverInfo(int32_t netId, std::vector<std::string>* // Serialize the information for binder. ResolverStats::encodeAll(res_stats, stats); ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus); for (int i = 0; i < privateDnsStatus.numServers; i++) { std::string tlsServer_str = addrToString(&(privateDnsStatus.serverStatus[i].ss)); tlsServers->push_back(std::move(tlsServer_str)); const auto privateDnsStatus = gPrivateDnsConfiguration.getStatus(netId); for (const auto& pair : privateDnsStatus.serversMap) { tlsServers->push_back(addrToString(&pair.first.ss)); } params->resize(IDnsResolver::RESOLVER_PARAMS_COUNT); Loading Loading @@ -344,20 +342,17 @@ void ResolverController::dump(DumpWriter& dw, unsigned netId) { } mDns64Configuration.dump(dw, netId); ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus); const auto privateDnsStatus = gPrivateDnsConfiguration.getStatus(netId); dw.println("Private DNS mode: %s", getPrivateDnsModeString(privateDnsStatus.mode)); if (!privateDnsStatus.numServers) { if (privateDnsStatus.serversMap.size() == 0) { dw.println("No Private DNS servers configured"); } else { dw.println("Private DNS configuration (%u entries)", privateDnsStatus.numServers); dw.println("Private DNS configuration (%u entries)", static_cast<uint32_t>(privateDnsStatus.serversMap.size())); dw.incIndent(); for (int i = 0; i < privateDnsStatus.numServers; i++) { dw.println("%s name{%s} status{%s}", addrToString(&(privateDnsStatus.serverStatus[i].ss)).c_str(), privateDnsStatus.serverStatus[i].hostname, validationStatusToString(static_cast<Validation>( privateDnsStatus.serverStatus[i].validation))); for (const auto& pair : privateDnsStatus.serversMap) { dw.println("%s name{%s} status{%s}", addrToString(&pair.first.ss).c_str(), pair.first.name.c_str(), validationStatusToString(pair.second)); } dw.decIndent(); } Loading res_send.cpp +6 −4 Original line number Diff line number Diff line Loading @@ -1223,7 +1223,7 @@ static int res_tls_send(res_state statp, const Slice query, const Slice answer, return -1; } if (privateDnsStatus.validatedServers.empty()) { if (privateDnsStatus.validatedServers().empty()) { if (privateDnsStatus.mode == PrivateDnsMode::OPPORTUNISTIC) { *fallback = true; return -1; Loading @@ -1242,12 +1242,14 @@ static int res_tls_send(res_state statp, const Slice query, const Slice answer, // network change. for (int i = 0; i < 42; i++) { std::this_thread::sleep_for(std::chrono::milliseconds(100)); if (!gPrivateDnsConfiguration.getStatus(netId).validatedServers.empty()) { // Calling getStatus() to merely check if there's any validated server seems // wasteful. Consider adding a new method in PrivateDnsConfiguration for speed ups. if (!gPrivateDnsConfiguration.getStatus(netId).validatedServers().empty()) { privateDnsStatus = gPrivateDnsConfiguration.getStatus(netId); break; } } if (privateDnsStatus.validatedServers.empty()) { if (privateDnsStatus.validatedServers().empty()) { return -1; } } Loading @@ -1255,7 +1257,7 @@ static int res_tls_send(res_state statp, const Slice query, const Slice answer, LOG(INFO) << __func__ << ": performing query over TLS"; const auto response = sDnsTlsDispatcher.query(privateDnsStatus.validatedServers, statp, query, const auto response = sDnsTlsDispatcher.query(privateDnsStatus.validatedServers(), statp, query, answer, &resplen); LOG(INFO) << __func__ << ": TLS query result: " << static_cast<int>(response); Loading Loading
DnsProxyListener.cpp +4 −11 Original line number Diff line number Diff line Loading @@ -118,18 +118,11 @@ constexpr bool requestingUseLocalNameservers(unsigned flags) { return (flags & NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS) != 0; } inline bool queryingViaTls(unsigned dns_netid) { // TODO: The simpler PrivateDnsStatus should suffice here. ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; gPrivateDnsConfiguration.getStatus(dns_netid, &privateDnsStatus); switch (static_cast<PrivateDnsMode>(privateDnsStatus.mode)) { bool queryingViaTls(unsigned dns_netid) { const auto privateDnsStatus = gPrivateDnsConfiguration.getStatus(dns_netid); switch (privateDnsStatus.mode) { case PrivateDnsMode::OPPORTUNISTIC: for (int i = 0; i < privateDnsStatus.numServers; i++) { if (privateDnsStatus.serverStatus[i].validation == Validation::success) { return true; } } return false; return !privateDnsStatus.validatedServers().empty(); case PrivateDnsMode::STRICT: return true; default: Loading
PrivateDnsConfiguration.cpp +4 −25 Original line number Diff line number Diff line Loading @@ -126,37 +126,13 @@ PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) { const auto netPair = mPrivateDnsTransports.find(netId); if (netPair != mPrivateDnsTransports.end()) { for (const auto& serverPair : netPair->second) { if (serverPair.second == Validation::success) { status.validatedServers.push_back(serverPair.first); } status.serversMap.emplace(serverPair.first, serverPair.second); } } return status; } void PrivateDnsConfiguration::getStatus(unsigned netId, ExternalPrivateDnsStatus* status) { std::lock_guard guard(mPrivateDnsLock); const auto mode = mPrivateDnsModes.find(netId); if (mode == mPrivateDnsModes.end()) return; status->mode = mode->second; const auto netPair = mPrivateDnsTransports.find(netId); if (netPair != mPrivateDnsTransports.end()) { int count = 0; for (const auto& serverPair : netPair->second) { status->serverStatus[count].ss = serverPair.first.ss; status->serverStatus[count].hostname = serverPair.first.name.empty() ? "" : serverPair.first.name.c_str(); status->serverStatus[count].validation = serverPair.second; count++; if (count >= MAXNS) break; // Lose the rest } status->numServers = count; } } void PrivateDnsConfiguration::clear(unsigned netId) { LOG(DEBUG) << "PrivateDnsConfiguration::clear(" << netId << ")"; std::lock_guard guard(mPrivateDnsLock); Loading Loading @@ -242,6 +218,9 @@ bool PrivateDnsConfiguration::recordPrivateDnsValidation(const DnsTlsServer& ser auto& tracker = netPair->second; auto serverPair = tracker.find(server); if (serverPair == tracker.end()) { // TODO: Consider not adding this server to the tracker since this server is not expected // to be one of the private DNS servers for this network now. This could prevent this // server from being included when dumping status. LOG(WARNING) << "Server " << addrToString(&server.ss) << " was removed during private DNS validation"; success = false; Loading
PrivateDnsConfiguration.h +16 −22 Original line number Diff line number Diff line Loading @@ -14,8 +14,7 @@ * limitations under the License. */ #ifndef NETD_RESOLV_PRIVATEDNSCONFIGURATION_H #define NETD_RESOLV_PRIVATEDNSCONFIGURATION_H #pragma once #include <list> #include <map> Loading @@ -37,31 +36,28 @@ enum class Validation : uint8_t { in_process, success, fail, unknown_server, unk struct PrivateDnsStatus { PrivateDnsMode mode; std::list<DnsTlsServer> validatedServers; }; // TODO: remove this C-style struct and use PrivateDnsStatus everywhere. struct ExternalPrivateDnsStatus { PrivateDnsMode mode; int numServers; struct PrivateDnsInfo { sockaddr_storage ss; const char* hostname; Validation validation; } serverStatus[MAXNS]; std::map<DnsTlsServer, Validation, AddressComparator> serversMap; std::list<DnsTlsServer> validatedServers() const { std::list<DnsTlsServer> servers; for (const auto& pair : serversMap) { if (pair.second == Validation::success) { servers.push_back(pair.first); } } return servers; } }; class PrivateDnsConfiguration { public: int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers, const std::string& name, const std::string& caCert); const std::string& name, const std::string& caCert) EXCLUDES(mPrivateDnsLock); PrivateDnsStatus getStatus(unsigned netId); PrivateDnsStatus getStatus(unsigned netId) EXCLUDES(mPrivateDnsLock); // DEPRECATED, use getStatus() above. void getStatus(unsigned netId, ExternalPrivateDnsStatus* status); void clear(unsigned netId); void clear(unsigned netId) EXCLUDES(mPrivateDnsLock); private: typedef std::map<DnsTlsServer, Validation, AddressComparator> PrivateDnsTracker; Loading @@ -88,5 +84,3 @@ extern PrivateDnsConfiguration gPrivateDnsConfiguration; } // namespace net } // namespace android #endif /* NETD_RESOLV_PRIVATEDNSCONFIGURATION_H */
ResolverController.cpp +10 −15 Original line number Diff line number Diff line Loading @@ -249,11 +249,9 @@ int ResolverController::getResolverInfo(int32_t netId, std::vector<std::string>* // Serialize the information for binder. ResolverStats::encodeAll(res_stats, stats); ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus); for (int i = 0; i < privateDnsStatus.numServers; i++) { std::string tlsServer_str = addrToString(&(privateDnsStatus.serverStatus[i].ss)); tlsServers->push_back(std::move(tlsServer_str)); const auto privateDnsStatus = gPrivateDnsConfiguration.getStatus(netId); for (const auto& pair : privateDnsStatus.serversMap) { tlsServers->push_back(addrToString(&pair.first.ss)); } params->resize(IDnsResolver::RESOLVER_PARAMS_COUNT); Loading Loading @@ -344,20 +342,17 @@ void ResolverController::dump(DumpWriter& dw, unsigned netId) { } mDns64Configuration.dump(dw, netId); ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}}; gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus); const auto privateDnsStatus = gPrivateDnsConfiguration.getStatus(netId); dw.println("Private DNS mode: %s", getPrivateDnsModeString(privateDnsStatus.mode)); if (!privateDnsStatus.numServers) { if (privateDnsStatus.serversMap.size() == 0) { dw.println("No Private DNS servers configured"); } else { dw.println("Private DNS configuration (%u entries)", privateDnsStatus.numServers); dw.println("Private DNS configuration (%u entries)", static_cast<uint32_t>(privateDnsStatus.serversMap.size())); dw.incIndent(); for (int i = 0; i < privateDnsStatus.numServers; i++) { dw.println("%s name{%s} status{%s}", addrToString(&(privateDnsStatus.serverStatus[i].ss)).c_str(), privateDnsStatus.serverStatus[i].hostname, validationStatusToString(static_cast<Validation>( privateDnsStatus.serverStatus[i].validation))); for (const auto& pair : privateDnsStatus.serversMap) { dw.println("%s name{%s} status{%s}", addrToString(&pair.first.ss).c_str(), pair.first.name.c_str(), validationStatusToString(pair.second)); } dw.decIndent(); } Loading
res_send.cpp +6 −4 Original line number Diff line number Diff line Loading @@ -1223,7 +1223,7 @@ static int res_tls_send(res_state statp, const Slice query, const Slice answer, return -1; } if (privateDnsStatus.validatedServers.empty()) { if (privateDnsStatus.validatedServers().empty()) { if (privateDnsStatus.mode == PrivateDnsMode::OPPORTUNISTIC) { *fallback = true; return -1; Loading @@ -1242,12 +1242,14 @@ static int res_tls_send(res_state statp, const Slice query, const Slice answer, // network change. for (int i = 0; i < 42; i++) { std::this_thread::sleep_for(std::chrono::milliseconds(100)); if (!gPrivateDnsConfiguration.getStatus(netId).validatedServers.empty()) { // Calling getStatus() to merely check if there's any validated server seems // wasteful. Consider adding a new method in PrivateDnsConfiguration for speed ups. if (!gPrivateDnsConfiguration.getStatus(netId).validatedServers().empty()) { privateDnsStatus = gPrivateDnsConfiguration.getStatus(netId); break; } } if (privateDnsStatus.validatedServers.empty()) { if (privateDnsStatus.validatedServers().empty()) { return -1; } } Loading @@ -1255,7 +1257,7 @@ static int res_tls_send(res_state statp, const Slice query, const Slice answer, LOG(INFO) << __func__ << ": performing query over TLS"; const auto response = sDnsTlsDispatcher.query(privateDnsStatus.validatedServers, statp, query, const auto response = sDnsTlsDispatcher.query(privateDnsStatus.validatedServers(), statp, query, answer, &resplen); LOG(INFO) << __func__ << ": TLS query result: " << static_cast<int>(response); Loading
