Loading DnsResolver.cpp +12 −1 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,8 @@ #include "DnsProxyListener.h" #include "DnsProxyListener.h" #include "DnsResolverService.h" #include "DnsResolverService.h" #include "DnsTlsDispatcher.h" #include "PrivateDnsConfiguration.h" #include "netd_resolv/resolv.h" #include "netd_resolv/resolv.h" #include "res_debug.h" #include "res_debug.h" #include "util.h" #include "util.h" Loading @@ -28,7 +30,8 @@ bool resolv_init(const ResolverNetdCallbacks* callbacks) { android::base::InitLogging(/*argv=*/nullptr); android::base::InitLogging(/*argv=*/nullptr); android::base::SetDefaultTag("libnetd_resolv"); android::base::SetDefaultTag("libnetd_resolv"); LOG(INFO) << __func__ << ": Initializing resolver"; LOG(INFO) << __func__ << ": Initializing resolver"; resolv_set_log_severity(android::base::WARNING); // TODO(b/170539625): restore log level to WARNING after clarifying flaky tests. resolv_set_log_severity(isUserDebugBuild() ? android::base::DEBUG : android::base::WARNING); using android::net::gApiLevel; using android::net::gApiLevel; gApiLevel = getApiLevel(); gApiLevel = getApiLevel(); using android::net::gResNetdCallbacks; using android::net::gResNetdCallbacks; Loading Loading @@ -72,6 +75,14 @@ DnsResolver* DnsResolver::getInstance() { return &instance; return &instance; } } DnsResolver::DnsResolver() { // TODO: make them member variables after fixing the circular dependency: // DnsTlsDispatcher.h -> resolv_private.h -> DnsResolver.h -> DnsTlsDispatcher.h auto& dnsTlsDispatcher = DnsTlsDispatcher::getInstance(); auto& privateDnsConfiguration = PrivateDnsConfiguration::getInstance(); privateDnsConfiguration.setObserver(&dnsTlsDispatcher); } bool DnsResolver::start() { bool DnsResolver::start() { if (!verifyCallbacks()) { if (!verifyCallbacks()) { LOG(ERROR) << __func__ << ": Callback verification failed"; LOG(ERROR) << __func__ << ": Callback verification failed"; Loading DnsResolver.h +2 −1 Original line number Original line Diff line number Diff line Loading @@ -40,7 +40,8 @@ class DnsResolver { ResolverController resolverCtrl; ResolverController resolverCtrl; private: private: DnsResolver() {} DnsResolver(); DnsProxyListener mDnsProxyListener; DnsProxyListener mDnsProxyListener; DnsQueryLog mQueryLog; DnsQueryLog mQueryLog; }; }; Loading DnsTlsDispatcher.h +5 −1 Original line number Original line Diff line number Diff line Loading @@ -28,6 +28,7 @@ #include "DnsTlsServer.h" #include "DnsTlsServer.h" #include "DnsTlsTransport.h" #include "DnsTlsTransport.h" #include "IDnsTlsSocketFactory.h" #include "IDnsTlsSocketFactory.h" #include "PrivateDnsValidationObserver.h" #include "resolv_private.h" #include "resolv_private.h" namespace android { namespace android { Loading @@ -35,7 +36,7 @@ namespace net { // This is a singleton class that manages the collection of active DnsTlsTransports. // This is a singleton class that manages the collection of active DnsTlsTransports. // Queries made here are dispatched to an existing or newly constructed DnsTlsTransport. // Queries made here are dispatched to an existing or newly constructed DnsTlsTransport. class DnsTlsDispatcher { class DnsTlsDispatcher : public PrivateDnsValidationObserver { public: public: // Constructor with dependency injection for testing. // Constructor with dependency injection for testing. explicit DnsTlsDispatcher(std::unique_ptr<IDnsTlsSocketFactory> factory) explicit DnsTlsDispatcher(std::unique_ptr<IDnsTlsSocketFactory> factory) Loading @@ -60,6 +61,9 @@ class DnsTlsDispatcher { const netdutils::Slice query, const netdutils::Slice ans, const netdutils::Slice query, const netdutils::Slice ans, int* _Nonnull resplen, bool* _Nonnull connectTriggered); int* _Nonnull resplen, bool* _Nonnull connectTriggered); // Implement PrivateDnsValidationObserver. void onValidationStateUpdate(const std::string&, Validation, uint32_t) override{}; private: private: DnsTlsDispatcher(); DnsTlsDispatcher(); Loading DnsTlsServer.h +8 −10 Original line number Original line Diff line number Diff line Loading @@ -24,19 +24,11 @@ #include <params.h> #include <params.h> #include "PrivateDnsCommon.h" namespace android { namespace android { namespace net { namespace net { // Validation status of a DNS over TLS server (on a specific netId). enum class Validation : uint8_t { in_process, success, success_but_expired, fail, unknown_server, unknown_netid, }; // DnsTlsServer represents a recursive resolver that supports, or may support, a // DnsTlsServer represents a recursive resolver that supports, or may support, a // secure protocol. // secure protocol. struct DnsTlsServer { struct DnsTlsServer { Loading Loading @@ -74,6 +66,12 @@ struct DnsTlsServer { Validation validationState() const { return mValidation; } Validation validationState() const { return mValidation; } void setValidationState(Validation val) { mValidation = val; } void setValidationState(Validation val) { mValidation = val; } // The socket mark used for validation. // Note that the mark of a connection to which the DnsResolver sends app's DNS requests can // be different. // TODO: make it const. uint32_t mark = 0; // Return whether or not the server can be used for a network. It depends on // Return whether or not the server can be used for a network. It depends on // the resolver configuration. // the resolver configuration. bool active() const { return mActive; } bool active() const { return mActive; } Loading DnsTlsTransport.cpp +4 −4 Original line number Original line Diff line number Diff line Loading @@ -158,8 +158,8 @@ DnsTlsTransport::~DnsTlsTransport() { // static // static // TODO: Use this function to preheat the session cache. // TODO: Use this function to preheat the session cache. // That may require moving it to DnsTlsDispatcher. // That may require moving it to DnsTlsDispatcher. bool DnsTlsTransport::validate(const DnsTlsServer& server, unsigned netid, uint32_t mark) { bool DnsTlsTransport::validate(const DnsTlsServer& server, uint32_t mark) { LOG(DEBUG) << "Beginning validation on " << netid; LOG(DEBUG) << "Beginning validation with mark " << std::hex << mark; // Generate "<random>-dnsotls-ds.metric.gstatic.com", which we will lookup through |ss| in // Generate "<random>-dnsotls-ds.metric.gstatic.com", which we will lookup through |ss| in // order to prove that it is actually a working DNS over TLS server. // order to prove that it is actually a working DNS over TLS server. static const char kDnsSafeChars[] = static const char kDnsSafeChars[] = Loading Loading @@ -195,7 +195,7 @@ bool DnsTlsTransport::validate(const DnsTlsServer& server, unsigned netid, uint3 DnsTlsTransport transport(server, mark, &factory); DnsTlsTransport transport(server, mark, &factory); auto r = transport.query(netdutils::Slice(query, qlen)).get(); auto r = transport.query(netdutils::Slice(query, qlen)).get(); if (r.code != Response::success) { if (r.code != Response::success) { LOG(DEBUG) << "query failed"; LOG(WARNING) << "query failed"; return false; return false; } } Loading @@ -212,7 +212,7 @@ bool DnsTlsTransport::validate(const DnsTlsServer& server, unsigned netid, uint3 } } const int ancount = (recvbuf[6] << 8) | recvbuf[7]; const int ancount = (recvbuf[6] << 8) | recvbuf[7]; LOG(DEBUG) << netid << " answer count: " << ancount; LOG(DEBUG) << "answer count: " << ancount; // TODO: Further validate the response contents (check for valid AAAA record, ...). // TODO: Further validate the response contents (check for valid AAAA record, ...). // Note that currently, integration tests rely on this function accepting a // Note that currently, integration tests rely on this function accepting a Loading Loading
DnsResolver.cpp +12 −1 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,8 @@ #include "DnsProxyListener.h" #include "DnsProxyListener.h" #include "DnsResolverService.h" #include "DnsResolverService.h" #include "DnsTlsDispatcher.h" #include "PrivateDnsConfiguration.h" #include "netd_resolv/resolv.h" #include "netd_resolv/resolv.h" #include "res_debug.h" #include "res_debug.h" #include "util.h" #include "util.h" Loading @@ -28,7 +30,8 @@ bool resolv_init(const ResolverNetdCallbacks* callbacks) { android::base::InitLogging(/*argv=*/nullptr); android::base::InitLogging(/*argv=*/nullptr); android::base::SetDefaultTag("libnetd_resolv"); android::base::SetDefaultTag("libnetd_resolv"); LOG(INFO) << __func__ << ": Initializing resolver"; LOG(INFO) << __func__ << ": Initializing resolver"; resolv_set_log_severity(android::base::WARNING); // TODO(b/170539625): restore log level to WARNING after clarifying flaky tests. resolv_set_log_severity(isUserDebugBuild() ? android::base::DEBUG : android::base::WARNING); using android::net::gApiLevel; using android::net::gApiLevel; gApiLevel = getApiLevel(); gApiLevel = getApiLevel(); using android::net::gResNetdCallbacks; using android::net::gResNetdCallbacks; Loading Loading @@ -72,6 +75,14 @@ DnsResolver* DnsResolver::getInstance() { return &instance; return &instance; } } DnsResolver::DnsResolver() { // TODO: make them member variables after fixing the circular dependency: // DnsTlsDispatcher.h -> resolv_private.h -> DnsResolver.h -> DnsTlsDispatcher.h auto& dnsTlsDispatcher = DnsTlsDispatcher::getInstance(); auto& privateDnsConfiguration = PrivateDnsConfiguration::getInstance(); privateDnsConfiguration.setObserver(&dnsTlsDispatcher); } bool DnsResolver::start() { bool DnsResolver::start() { if (!verifyCallbacks()) { if (!verifyCallbacks()) { LOG(ERROR) << __func__ << ": Callback verification failed"; LOG(ERROR) << __func__ << ": Callback verification failed"; Loading
DnsResolver.h +2 −1 Original line number Original line Diff line number Diff line Loading @@ -40,7 +40,8 @@ class DnsResolver { ResolverController resolverCtrl; ResolverController resolverCtrl; private: private: DnsResolver() {} DnsResolver(); DnsProxyListener mDnsProxyListener; DnsProxyListener mDnsProxyListener; DnsQueryLog mQueryLog; DnsQueryLog mQueryLog; }; }; Loading
DnsTlsDispatcher.h +5 −1 Original line number Original line Diff line number Diff line Loading @@ -28,6 +28,7 @@ #include "DnsTlsServer.h" #include "DnsTlsServer.h" #include "DnsTlsTransport.h" #include "DnsTlsTransport.h" #include "IDnsTlsSocketFactory.h" #include "IDnsTlsSocketFactory.h" #include "PrivateDnsValidationObserver.h" #include "resolv_private.h" #include "resolv_private.h" namespace android { namespace android { Loading @@ -35,7 +36,7 @@ namespace net { // This is a singleton class that manages the collection of active DnsTlsTransports. // This is a singleton class that manages the collection of active DnsTlsTransports. // Queries made here are dispatched to an existing or newly constructed DnsTlsTransport. // Queries made here are dispatched to an existing or newly constructed DnsTlsTransport. class DnsTlsDispatcher { class DnsTlsDispatcher : public PrivateDnsValidationObserver { public: public: // Constructor with dependency injection for testing. // Constructor with dependency injection for testing. explicit DnsTlsDispatcher(std::unique_ptr<IDnsTlsSocketFactory> factory) explicit DnsTlsDispatcher(std::unique_ptr<IDnsTlsSocketFactory> factory) Loading @@ -60,6 +61,9 @@ class DnsTlsDispatcher { const netdutils::Slice query, const netdutils::Slice ans, const netdutils::Slice query, const netdutils::Slice ans, int* _Nonnull resplen, bool* _Nonnull connectTriggered); int* _Nonnull resplen, bool* _Nonnull connectTriggered); // Implement PrivateDnsValidationObserver. void onValidationStateUpdate(const std::string&, Validation, uint32_t) override{}; private: private: DnsTlsDispatcher(); DnsTlsDispatcher(); Loading
DnsTlsServer.h +8 −10 Original line number Original line Diff line number Diff line Loading @@ -24,19 +24,11 @@ #include <params.h> #include <params.h> #include "PrivateDnsCommon.h" namespace android { namespace android { namespace net { namespace net { // Validation status of a DNS over TLS server (on a specific netId). enum class Validation : uint8_t { in_process, success, success_but_expired, fail, unknown_server, unknown_netid, }; // DnsTlsServer represents a recursive resolver that supports, or may support, a // DnsTlsServer represents a recursive resolver that supports, or may support, a // secure protocol. // secure protocol. struct DnsTlsServer { struct DnsTlsServer { Loading Loading @@ -74,6 +66,12 @@ struct DnsTlsServer { Validation validationState() const { return mValidation; } Validation validationState() const { return mValidation; } void setValidationState(Validation val) { mValidation = val; } void setValidationState(Validation val) { mValidation = val; } // The socket mark used for validation. // Note that the mark of a connection to which the DnsResolver sends app's DNS requests can // be different. // TODO: make it const. uint32_t mark = 0; // Return whether or not the server can be used for a network. It depends on // Return whether or not the server can be used for a network. It depends on // the resolver configuration. // the resolver configuration. bool active() const { return mActive; } bool active() const { return mActive; } Loading
DnsTlsTransport.cpp +4 −4 Original line number Original line Diff line number Diff line Loading @@ -158,8 +158,8 @@ DnsTlsTransport::~DnsTlsTransport() { // static // static // TODO: Use this function to preheat the session cache. // TODO: Use this function to preheat the session cache. // That may require moving it to DnsTlsDispatcher. // That may require moving it to DnsTlsDispatcher. bool DnsTlsTransport::validate(const DnsTlsServer& server, unsigned netid, uint32_t mark) { bool DnsTlsTransport::validate(const DnsTlsServer& server, uint32_t mark) { LOG(DEBUG) << "Beginning validation on " << netid; LOG(DEBUG) << "Beginning validation with mark " << std::hex << mark; // Generate "<random>-dnsotls-ds.metric.gstatic.com", which we will lookup through |ss| in // Generate "<random>-dnsotls-ds.metric.gstatic.com", which we will lookup through |ss| in // order to prove that it is actually a working DNS over TLS server. // order to prove that it is actually a working DNS over TLS server. static const char kDnsSafeChars[] = static const char kDnsSafeChars[] = Loading Loading @@ -195,7 +195,7 @@ bool DnsTlsTransport::validate(const DnsTlsServer& server, unsigned netid, uint3 DnsTlsTransport transport(server, mark, &factory); DnsTlsTransport transport(server, mark, &factory); auto r = transport.query(netdutils::Slice(query, qlen)).get(); auto r = transport.query(netdutils::Slice(query, qlen)).get(); if (r.code != Response::success) { if (r.code != Response::success) { LOG(DEBUG) << "query failed"; LOG(WARNING) << "query failed"; return false; return false; } } Loading @@ -212,7 +212,7 @@ bool DnsTlsTransport::validate(const DnsTlsServer& server, unsigned netid, uint3 } } const int ancount = (recvbuf[6] << 8) | recvbuf[7]; const int ancount = (recvbuf[6] << 8) | recvbuf[7]; LOG(DEBUG) << netid << " answer count: " << ancount; LOG(DEBUG) << "answer count: " << ancount; // TODO: Further validate the response contents (check for valid AAAA record, ...). // TODO: Further validate the response contents (check for valid AAAA record, ...). // Note that currently, integration tests rely on this function accepting a // Note that currently, integration tests rely on this function accepting a Loading
