Move ExternalPrivateDnsStatus away from libnetd_resolv's public headers (b8daf56c) · Commits · e / os / android_packages_modules_DnsResolver

DnsProxyListener.cpp

+3 −2

Original line number	Diff line number	Diff line
		@@ -45,13 +45,13 @@
		#include <netdutils/Stopwatch.h>
		#include <netdutils/ThreadUtil.h>
		#include <private/android_filesystem_config.h> // AID_SYSTEM
		#include <resolv.h>
		#include <statslog_resolv.h>
		#include <sysutils/SocketClient.h>

		#include "DnsResolver.h"
		#include "NetdClient.h" // NETID_USE_LOCAL_NAMESERVERS
		#include "NetdPermissions.h"
		#include "PrivateDnsConfiguration.h"
		#include "ResolverEventReporter.h"
		#include "netd_resolv/stats.h" // RCODE_TIMEOUT
		#include "resolv_private.h"
		@@ -115,8 +115,9 @@ constexpr bool requestingUseLocalNameservers(unsigned flags) {
		}

		inline bool queryingViaTls(unsigned dns_netid) {
		// TODO: The simpler PrivateDnsStatus should suffice here.
		ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}};
		resolv_get_private_dns_status_for_net(dns_netid, &privateDnsStatus);
		gPrivateDnsConfiguration.getStatus(dns_netid, &privateDnsStatus);
		switch (static_cast<PrivateDnsMode>(privateDnsStatus.mode)) {
		case PrivateDnsMode::OPPORTUNISTIC:
		for (int i = 0; i < privateDnsStatus.numServers; i++) {

PrivateDnsConfiguration.cpp

+1 −21

Original line number	Diff line number	Diff line
		@@ -28,8 +28,6 @@
		#include "netd_resolv/resolv.h"
		#include "netdutils/BackoffSequence.h"

		using aidl::android::net::metrics::INetdEventListener;

		int resolv_set_private_dns_for_net(unsigned netid, uint32_t mark, const char** servers,
		const int numServers, const char* tlsName,
		const uint8_t** fingerprints, const int numFingerprint) {
		@@ -52,14 +50,7 @@ void resolv_delete_private_dns_for_net(unsigned netid) {
		android::net::gPrivateDnsConfiguration.clear(netid);
		}

		void resolv_get_private_dns_status_for_net(unsigned netid, ExternalPrivateDnsStatus* status) {
		android::net::gPrivateDnsConfiguration.getStatus(netid, status);
		}

		namespace android {

		using android::netdutils::BackoffSequence;

		namespace net {

		std::string addrToString(const sockaddr_storage* addr) {
		@@ -151,12 +142,6 @@ int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark,

		PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) {
		PrivateDnsStatus status{PrivateDnsMode::OFF, {}};

		// This mutex is on the critical path of every DNS lookup.
		//
		// If the overhead of mutex acquisition proves too high, we could reduce
		// it by maintaining an atomic_int32_t counter of TLS-enabled netids, or
		// by using an RWLock.
		std::lock_guard guard(mPrivateDnsLock);

		const auto mode = mPrivateDnsModes.find(netId);
		@@ -176,11 +161,6 @@ PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) {
		}

		void PrivateDnsConfiguration::getStatus(unsigned netId, ExternalPrivateDnsStatus* status) {
		// This mutex is on the critical path of every DNS lookup.
		//
		// If the overhead of mutex acquisition proves too high, we could reduce
		// it by maintaining an atomic_int32_t counter of TLS-enabled netids, or
		// by using an RWLock.
		std::lock_guard guard(mPrivateDnsLock);

		const auto mode = mPrivateDnsModes.find(netId);
		@@ -238,7 +218,7 @@ void PrivateDnsConfiguration::validatePrivateDnsProvider(const DnsTlsServer& ser
		// such validation passes per day is about ~30MB per month, in the
		// worst case. Otherwise, this will cost ~600 SYNs per month
		// (6 SYNs per ip, 4 ips per validation pass, 24 passes per day).
		auto backoff = BackoffSequence<>::Builder()
		auto backoff = netdutils::BackoffSequence<>::Builder()
		.withInitialRetransmissionTime(std::chrono::seconds(60))
		.withMaximumRetransmissionTime(std::chrono::seconds(3600))
		.build();

PrivateDnsConfiguration.h

+18 −4

Original line number	Diff line number	Diff line
		@@ -23,20 +23,34 @@
		#include <vector>

		#include <android-base/thread_annotations.h>
		#include <netd_resolv/resolv.h>

		#include "DnsTlsServer.h"

		struct ExternalPrivateDnsStatus; // Defined in netd_resolv/resolv.h

		namespace android {
		namespace net {

		// The DNS over TLS mode on a specific netId.
		enum class PrivateDnsMode : uint8_t { OFF, OPPORTUNISTIC, STRICT };

		// Validation status of a DNS over TLS server (on a specific netId).
		enum class Validation : uint8_t { in_process, success, fail, unknown_server, unknown_netid };

		struct PrivateDnsStatus {
		PrivateDnsMode mode;
		std::list<DnsTlsServer> validatedServers;
		};

		// TODO: remove this C-style struct and use PrivateDnsStatus everywhere.
		struct ExternalPrivateDnsStatus {
		PrivateDnsMode mode;
		int numServers;
		struct PrivateDnsInfo {
		sockaddr_storage ss;
		const char* hostname;
		Validation validation;
		} serverStatus[MAXNS];
		};

		class PrivateDnsConfiguration {
		public:
		int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,
		@@ -44,7 +58,7 @@ class PrivateDnsConfiguration {

		PrivateDnsStatus getStatus(unsigned netId);

		// Externally used for netd.
		// DEPRECATED, use getStatus() above.
		void getStatus(unsigned netId, ExternalPrivateDnsStatus* status);

		void clear(unsigned netId);

ResolverController.cpp

+3 −3

Original line number	Diff line number	Diff line
		@@ -31,6 +31,7 @@
		#include "Dns64Configuration.h"
		#include "DnsResolver.h"
		#include "Fwmark.h"
		#include "PrivateDnsConfiguration.h"
		#include "ResolverEventReporter.h"
		#include "ResolverStats.h"
		#include "netd_resolv/resolv.h"
		@@ -197,7 +198,6 @@ int ResolverController::createNetworkCache(unsigned netId) {
		// TODO: remove below functions and call into PrivateDnsConfiguration directly.
		// resolv_set_private_dns_for_net()
		// resolv_delete_private_dns_for_net()
		// resolv_get_private_dns_status_for_net()
		int ResolverController::setResolverConfiguration(
		const ResolverParamsParcel& resolverParams,
		const std::set<std::vector<uint8_t>>& tlsFingerprints) {
		@@ -278,7 +278,7 @@ int ResolverController::getResolverInfo(int32_t netId, std::vector<std::string>*
		ResolverStats::encodeAll(res_stats, stats);

		ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}};
		resolv_get_private_dns_status_for_net(netId, &privateDnsStatus);
		gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus);
		for (int i = 0; i < privateDnsStatus.numServers; i++) {
		std::string tlsServer_str = addrToString(&(privateDnsStatus.serverStatus[i].ss));
		tlsServers->push_back(std::move(tlsServer_str));
		@@ -371,7 +371,7 @@ void ResolverController::dump(DumpWriter& dw, unsigned netId) {

		mDns64Configuration.dump(dw, netId);
		ExternalPrivateDnsStatus privateDnsStatus = {PrivateDnsMode::OFF, 0, {}};
		resolv_get_private_dns_status_for_net(netId, &privateDnsStatus);
		gPrivateDnsConfiguration.getStatus(netId, &privateDnsStatus);
		dw.println("Private DNS mode: %s",
		getPrivateDnsModeString(static_cast<PrivateDnsMode>(privateDnsStatus.mode)));
		if (!privateDnsStatus.numServers) {

include/netd_resolv/params.h

+0 −6

Original line number	Diff line number	Diff line
		@@ -35,12 +35,6 @@ struct res_params {
		int retry_count; // number of retries
		};

		// The DNS over TLS mode on a specific netId.
		enum class PrivateDnsMode : uint8_t { OFF, OPPORTUNISTIC, STRICT };

		// Validation status of a DNS over TLS server (on a specific netId).
		enum class Validation : uint8_t { in_process, success, fail, unknown_server, unknown_netid };

		#define LIBNETD_RESOLV_PUBLIC extern "C" [[gnu::visibility("default")]]

		#endif // NETD_RESOLV_PARAMS_H