Snap for 8189365 from 4742af65 to tm-frc-permission-release

        LOG(INFO) << __func__ << ": Upgrading server to DoH: " << name;

        LOG(INFO) << __func__ << ": Upgrading server to DoH: " << name;

        resolv_stats_set_addrs(netId, PROTO_DOH, {dohId.ipAddr}, kDohPort);

        resolv_stats_set_addrs(netId, PROTO_DOH, {dohId.ipAddr}, kDohPort);

        auto probeTimeout = getTimeoutFromFlag("doh_probe_timeout_ms", kDohProbeDefaultTimeoutMs);

        const FeatureFlags flags = {

        auto idleTimeout = getTimeoutFromFlag("doh_idle_timeout_ms", kDohIdleDefaultTimeoutMs);

                .probe_timeout_ms =

        LOG(DEBUG) << __func__ << ": probeTimeout " << probeTimeout << ", idleTimeout "

                        getTimeoutFromFlag("doh_probe_timeout_ms", kDohProbeDefaultTimeoutMs),

                   << idleTimeout;

                .idle_timeout_ms =

                        getTimeoutFromFlag("doh_idle_timeout_ms", kDohIdleDefaultTimeoutMs),

        };

        LOG(DEBUG) << __func__ << ": probe_timeout_ms=" << flags.probe_timeout_ms

                   << ", idle_timeout_ms=" << flags.idle_timeout_ms;

        return doh_net_new(mDohDispatcher, netId, dohId.httpsTemplate.c_str(), dohId.host.c_str(),

        return doh_net_new(mDohDispatcher, netId, dohId.httpsTemplate.c_str(), dohId.host.c_str(),

                           dohId.ipAddr.c_str(), mark, caCert.c_str(), probeTimeout, idleTimeout);

                           dohId.ipAddr.c_str(), mark, caCert.c_str(), &flags);

    }

    }

    LOG(INFO) << __func__ << ": No suitable DoH server found";

    LOG(INFO) << __func__ << ": No suitable DoH server found";

 * limitations under the License.

 * limitations under the License.

 */

 */

// This file is autogenerated by:

// This file can be autogenerated by the following command, but the generated file

//   cbindgen --config cbindgen.toml doh.rs >doh.h

// may not pass clang-format check.

// Don't modify manually.

//   cbindgen --config cbindgen.toml doh/doh.rs -o doh.h

#pragma once

#pragma once

/* Generated with cbindgen:0.20.0 */

#include <stdint.h>

#include <stdint.h>

#include <sys/types.h>

#include <sys/types.h>

/// Context for a running DoH engine.

/// Context for a running DoH engine.

struct DohDispatcher;

struct DohDispatcher;

struct FeatureFlags {

    uint64_t probe_timeout_ms;

    uint64_t idle_timeout_ms;

};

using ValidationCallback = void (*)(uint32_t net_id, bool success, const char* ip_addr,

using ValidationCallback = void (*)(uint32_t net_id, bool success, const char* ip_addr,

                                    const char* host);

                                    const char* host);

/// `url`, `domain`, `ip_addr`, `cert_path` are null terminated strings.

/// `url`, `domain`, `ip_addr`, `cert_path` are null terminated strings.

int32_t doh_net_new(DohDispatcher* doh, uint32_t net_id, const char* url, const char* domain,

int32_t doh_net_new(DohDispatcher* doh, uint32_t net_id, const char* url, const char* domain,

                    const char* ip_addr, uint32_t sk_mark, const char* cert_path,

                    const char* ip_addr, uint32_t sk_mark, const char* cert_path,

                    uint64_t probe_timeout_ms, uint64_t idle_timeout_ms);

                    const FeatureFlags* flags);

/// Sends a DNS query via the network associated to the given |net_id| and waits for the response.

/// Sends a DNS query via the network associated to the given |net_id| and waits for the response.

/// The return code should be either one of the public constant RESULT_* to indicate the error or

/// The return code should be either one of the public constant RESULT_* to indicate the error or

    extern "C" fn(net_id: uint32_t, success: bool, ip_addr: *const c_char, host: *const c_char);

    extern "C" fn(net_id: uint32_t, success: bool, ip_addr: *const c_char, host: *const c_char);

pub type TagSocketCallback = extern "C" fn(sock: RawFd);

pub type TagSocketCallback = extern "C" fn(sock: RawFd);

#[repr(C)]

pub struct FeatureFlags {

    probe_timeout_ms: uint64_t,

    idle_timeout_ms: uint64_t,

}

fn wrap_validation_callback(validation_fn: ValidationCallback) -> ValidationReporter {

fn wrap_validation_callback(validation_fn: ValidationCallback) -> ValidationReporter {

    Arc::new(move |info: &ServerInfo, success: bool| {

    Arc::new(move |info: &ServerInfo, success: bool| {

        async move {

        async move {

    ip_addr: *const c_char,

    ip_addr: *const c_char,

    sk_mark: libc::uint32_t,

    sk_mark: libc::uint32_t,

    cert_path: *const c_char,

    cert_path: *const c_char,

    probe_timeout_ms: libc::uint64_t,

    flags: &FeatureFlags,

    idle_timeout_ms: libc::uint64_t,

) -> int32_t {

) -> int32_t {

    let (url, domain, ip_addr, cert_path) = match (

    let (url, domain, ip_addr, cert_path) = match (

        std::ffi::CStr::from_ptr(url).to_str(),

        std::ffi::CStr::from_ptr(url).to_str(),

            domain,

            domain,

            sk_mark,

            sk_mark,

            cert_path,

            cert_path,

            idle_timeout_ms,

            idle_timeout_ms: flags.idle_timeout_ms,

        },

        },

        timeout: Duration::from_millis(probe_timeout_ms),

        timeout: Duration::from_millis(flags.probe_timeout_ms),

    };

    };

    if let Err(e) = doh.lock().send_cmd(cmd) {

    if let Err(e) = doh.lock().send_cmd(cmd) {

        error!("Failed to send the probe: {:?}", e);

        error!("Failed to send the probe: {:?}", e);

    DohDispatcher* doh = doh_dispatcher_new(validation_cb, tag_socket_cb);

    DohDispatcher* doh = doh_dispatcher_new(validation_cb, tag_socket_cb);

    EXPECT_TRUE(doh != nullptr);

    EXPECT_TRUE(doh != nullptr);

    const FeatureFlags flags = {

            .probe_timeout_ms = TIMEOUT_MS,

            .idle_timeout_ms = TIMEOUT_MS,

    };

    // TODO: Use a local server instead of dns.google.

    // TODO: Use a local server instead of dns.google.

    // sk_mark doesn't matter here because this test doesn't have permission to set sk_mark.

    // sk_mark doesn't matter here because this test doesn't have permission to set sk_mark.

    // The DNS packet would be sent via default network.

    // The DNS packet would be sent via default network.

    EXPECT_EQ(doh_net_new(doh, dnsNetId, "https://dns.google/dns-query", /* domain */ "",

    EXPECT_EQ(doh_net_new(doh, dnsNetId, "https://dns.google/dns-query", /* domain */ "",

                          GOOGLE_SERVER_IP,

                          GOOGLE_SERVER_IP, /* sk_mark */ 0, /* cert_path */ "", &flags),

                          /* sk_mark */ 0, /* cert_path */ "", TIMEOUT_MS /* probe timeout */,

                          TIMEOUT_MS /* idle timeout */),

              0);

              0);

    {

    {

        std::unique_lock<std::mutex> lk(m);

        std::unique_lock<std::mutex> lk(m);

    EXPECT_EQ(500, readResponseCode(fd));

    EXPECT_EQ(500, readResponseCode(fd));

}

}

TEST_F(ResolverTest, BlockDnsQueryWithUidRule) {

// TODO(b/219434602): find an alternative way to block DNS packets or delete the test.

TEST_F(ResolverTest, DISABLED_BlockDnsQueryWithUidRule) {

    SKIP_IF_BPF_NOT_SUPPORTED;

    SKIP_IF_BPF_NOT_SUPPORTED;

    constexpr char listen_addr1[] = "127.0.0.4";

    constexpr char listen_addr1[] = "127.0.0.4";

    constexpr char listen_addr2[] = "::1";

    constexpr char listen_addr2[] = "::1";

    }

    }

}

}

TEST_F(ResolverTest, GetAddrinfo_BlockDnsQueryWithUidRule) {

// TODO(b/219434602): find an alternative way to block DNS packets or delete the test.

TEST_F(ResolverTest, DISABLED_GetAddrinfo_BlockDnsQueryWithUidRule) {

    SKIP_IF_BPF_NOT_SUPPORTED;

    SKIP_IF_BPF_NOT_SUPPORTED;

    constexpr char listen_addr1[] = "127.0.0.4";

    constexpr char listen_addr1[] = "127.0.0.4";

    constexpr char listen_addr2[] = "::1";

    constexpr char listen_addr2[] = "::1";

    }

    }

}

}

TEST_F(ResolverTest, EnforceDnsUid) {

// TODO(b/219434602): find an alternative way to block DNS packets or delete the test.

TEST_F(ResolverTest, DISABLED_EnforceDnsUid) {

    SKIP_IF_BPF_NOT_SUPPORTED;

    SKIP_IF_BPF_NOT_SUPPORTED;

    constexpr char listen_addr1[] = "127.0.0.4";

    constexpr char listen_addr1[] = "127.0.0.4";

    constexpr char listen_addr2[] = "::1";

    constexpr char listen_addr2[] = "::1";

    EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));

    EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));

}

}

TEST_F(ResolverTest, BlockDnsQueryUidDoesNotLeadToBadServer) {

// TODO(b/219434602): find an alternative way to block DNS packets or delete the test.

TEST_F(ResolverTest, DISABLED_BlockDnsQueryUidDoesNotLeadToBadServer) {

    SKIP_IF_BPF_NOT_SUPPORTED;

    SKIP_IF_BPF_NOT_SUPPORTED;

    constexpr char listen_addr1[] = "127.0.0.4";

    constexpr char listen_addr1[] = "127.0.0.4";

    constexpr char listen_addr2[] = "::1";

    constexpr char listen_addr2[] = "::1";

    EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);

    EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);

}

}

TEST_F(ResolverMultinetworkTest, DnsWithVpn) {

// TODO(b/219434602): find an alternative way to block DNS packets or delete the test.

TEST_F(ResolverMultinetworkTest, DISABLED_DnsWithVpn) {

    SKIP_IF_BPF_NOT_SUPPORTED;

    SKIP_IF_BPF_NOT_SUPPORTED;

    SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);

    SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);

    constexpr char host_name[] = "ohayou.example.com.";

    constexpr char host_name[] = "ohayou.example.com.";