1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 #define LOG_TAG "resolv_integration_test"
19
20 #include <android-base/logging.h>
21 #include <android-base/parseint.h>
22 #include <android-base/result.h>
23 #include <android-base/unique_fd.h>
24 #include <android/multinetwork.h> // ResNsendFlags
25 #include <arpa/inet.h>
26 #include <arpa/nameser.h>
27 #include <binder/ProcessState.h>
28 #include <cutils/sockets.h>
29 #include <gmock/gmock-matchers.h>
30 #include <gtest/gtest.h>
31 #include <netdb.h>
32 #include <netdutils/InternetAddresses.h>
33 #include <netdutils/NetNativeTestBase.h>
34 #include <netdutils/NetworkConstants.h> // SHA256_SIZE
35 #include <netdutils/ResponseCode.h>
36 #include <netdutils/Slice.h>
37 #include <netdutils/SocketOption.h>
38 #include <netdutils/Stopwatch.h>
39 #include <netinet/in.h>
40 #include <poll.h> /* poll */
41 #include <private/android_filesystem_config.h>
42 #include <resolv.h>
43 #include <stdarg.h>
44 #include <stdlib.h>
45 #include <sys/socket.h>
46 #include <sys/un.h>
47 #include <unistd.h>
48
49 #include <algorithm>
50 #include <chrono>
51 #include <functional>
52 #include <iterator>
53 #include <numeric>
54 #include <string_view>
55 #include <thread>
56 #include <unordered_set>
57
58 #include <DnsProxydProtocol.h> // NETID_USE_LOCAL_NAMESERVERS
59 #include <aidl/android/net/IDnsResolver.h>
60 #include <android/binder_manager.h>
61 #include <android/binder_process.h>
62 #include <bpf/BpfUtils.h>
63 #include <util.h> // getApiLevel
64 #include "Experiments.h"
65 #include "NetdClient.h"
66 #include "ResolverStats.h"
67 #include "netid_client.h" // NETID_UNSET
68 #include "params.h" // MAXNS
69 #include "stats.h" // RCODE_TIMEOUT
70 #include "tests/dns_metrics_listener/dns_metrics_listener.h"
71 #include "tests/dns_responder/dns_responder.h"
72 #include "tests/dns_responder/dns_responder_client_ndk.h"
73 #include "tests/dns_responder/dns_tls_certificate.h"
74 #include "tests/dns_responder/dns_tls_frontend.h"
75 #include "tests/resolv_test_utils.h"
76 #include "tests/tun_forwarder.h"
77 #include "tests/unsolicited_listener/unsolicited_event_listener.h"
78
79 // This mainline module test still needs to be able to run on pre-S devices,
80 // and thus may run across pre-4.9 non-eBPF capable devices like the Pixel 2.
81 #define SKIP_IF_BPF_NOT_SUPPORTED \
82 do { \
83 if (!android::bpf::isAtLeastKernelVersion(4, 9, 0)) \
84 GTEST_SKIP() << "Skip: bpf is not supported."; \
85 } while (0)
86
87 // Valid VPN netId range is 100 ~ 65535
88 constexpr int TEST_VPN_NETID = 65502;
89 constexpr int MAXPACKET = (8 * 1024);
90
91 // Sync from packages/modules/DnsResolver/resolv_private.h
92 constexpr int RES_TIMEOUT = 5000; /* min. milliseconds between retries */
93 constexpr int RES_DFLRETRY = 2; /* Default #/tries. */
94
95 // Semi-public Bionic hook used by the NDK (frameworks/base/native/android/net.c)
96 // Tested here for convenience.
97 extern "C" int android_getaddrinfofornet(const char* hostname, const char* servname,
98 const addrinfo* hints, unsigned netid, unsigned mark,
99 struct addrinfo** result);
100
101 using namespace std::chrono_literals;
102
103 using aidl::android::net::IDnsResolver;
104 using aidl::android::net::INetd;
105 using aidl::android::net::ResolverOptionsParcel;
106 using aidl::android::net::ResolverParamsParcel;
107 using aidl::android::net::UidRangeParcel;
108 using aidl::android::net::metrics::INetdEventListener;
109 using aidl::android::net::netd::aidl::NativeUidRangeConfig;
110 using aidl::android::net::resolv::aidl::DnsHealthEventParcel;
111 using aidl::android::net::resolv::aidl::IDnsResolverUnsolicitedEventListener;
112 using aidl::android::net::resolv::aidl::Nat64PrefixEventParcel;
113 using aidl::android::net::resolv::aidl::PrivateDnsValidationEventParcel;
114 using android::base::Error;
115 using android::base::GetProperty;
116 using android::base::ParseInt;
117 using android::base::Result;
118 using android::base::unique_fd;
119 using android::net::ResolverStats;
120 using android::net::TunForwarder;
121 using android::net::metrics::DnsMetricsListener;
122 using android::net::resolv::aidl::UnsolicitedEventListener;
123 using android::netdutils::enableSockopt;
124 using android::netdutils::makeSlice;
125 using android::netdutils::ResponseCode;
126 using android::netdutils::ScopedAddrinfo;
127 using android::netdutils::Stopwatch;
128 using android::netdutils::toHex;
129
130 namespace fs = std::filesystem;
131
132 namespace {
133
safe_getaddrinfo_time_taken(const char * node,const char * service,const addrinfo & hints)134 std::pair<ScopedAddrinfo, int> safe_getaddrinfo_time_taken(const char* node, const char* service,
135 const addrinfo& hints) {
136 Stopwatch s;
137 ScopedAddrinfo result = safe_getaddrinfo(node, service, &hints);
138 return {std::move(result), s.timeTakenUs() / 1000};
139 }
140
141 struct NameserverStats {
142 NameserverStats() = delete;
NameserverStats__anon786885810111::NameserverStats143 NameserverStats(const std::string server) : server(server) {}
setSuccesses__anon786885810111::NameserverStats144 NameserverStats& setSuccesses(int val) {
145 successes = val;
146 return *this;
147 }
setErrors__anon786885810111::NameserverStats148 NameserverStats& setErrors(int val) {
149 errors = val;
150 return *this;
151 }
setTimeouts__anon786885810111::NameserverStats152 NameserverStats& setTimeouts(int val) {
153 timeouts = val;
154 return *this;
155 }
setInternalErrors__anon786885810111::NameserverStats156 NameserverStats& setInternalErrors(int val) {
157 internal_errors = val;
158 return *this;
159 }
setRttAvg__anon786885810111::NameserverStats160 NameserverStats& setRttAvg(int val) {
161 rtt_avg = val;
162 return *this;
163 }
164
165 const std::string server;
166 int successes = 0;
167 int errors = 0;
168 int timeouts = 0;
169 int internal_errors = 0;
170 int rtt_avg = -1;
171 };
172
173 #define SKIP_IF_KERNEL_VERSION_LOWER_THAN(major, minor, sub) \
174 do { \
175 if (!android::bpf::isAtLeastKernelVersion(major, minor, sub)) \
176 GTEST_SKIP() << "Required kernel: " << (major) << "." << (minor) << "." << (sub); \
177 } while (0)
178
179 } // namespace
180
181 class ResolverTest : public NetNativeTestBase {
182 public:
SetUpTestSuite()183 static void SetUpTestSuite() {
184 // Get binder service.
185 // Note that |mDnsClient| is not used for getting binder service in this static function.
186 // The reason is that wants to keep |mDnsClient| as a non-static data member. |mDnsClient|
187 // which sets up device network configuration could be independent from every test.
188 // TODO: Perhaps add a static function in resolv_test_binder_utils.{cpp,h} to get binder
189 // service.
190
191 AIBinder* binder = AServiceManager_getService("dnsresolver");
192 sResolvBinder = ndk::SpAIBinder(binder);
193 auto resolvService = aidl::android::net::IDnsResolver::fromBinder(sResolvBinder);
194 ASSERT_NE(nullptr, resolvService.get());
195
196 // Subscribe the death recipient to the service IDnsResolver for detecting Netd death.
197 // GTEST assertion macros are not invoked for generating a test failure in the death
198 // recipient because the macros can't indicate failed test if Netd died between tests.
199 // Moreover, continuing testing may have no meaningful after Netd death. Therefore, the
200 // death recipient aborts process by GTEST_LOG_(FATAL) once Netd died.
201 sResolvDeathRecipient = AIBinder_DeathRecipient_new([](void*) {
202 constexpr char errorMessage[] = "Netd died";
203 LOG(ERROR) << errorMessage;
204 GTEST_LOG_(FATAL) << errorMessage;
205 });
206 ASSERT_EQ(STATUS_OK, AIBinder_linkToDeath(binder, sResolvDeathRecipient, nullptr));
207
208 // Subscribe the DNS listener for verifying DNS metrics event contents.
209 sDnsMetricsListener = ndk::SharedRefBase::make<DnsMetricsListener>(
210 TEST_NETID /*monitor specific network*/);
211 ASSERT_TRUE(resolvService->registerEventListener(sDnsMetricsListener).isOk());
212
213 // Subscribe the unsolicited event listener for verifying unsolicited event contents.
214 sUnsolicitedEventListener = ndk::SharedRefBase::make<UnsolicitedEventListener>(
215 TEST_NETID /*monitor specific network*/);
216 ASSERT_TRUE(
217 resolvService->registerUnsolicitedEventListener(sUnsolicitedEventListener).isOk());
218
219 // Start the binder thread pool for listening DNS metrics events and receiving death
220 // recipient.
221 ABinderProcess_startThreadPool();
222 AllowNetworkInBackground(TEST_UID, true);
223 AllowNetworkInBackground(TEST_UID2, true);
224 }
TearDownTestSuite()225 static void TearDownTestSuite() {
226 AIBinder_DeathRecipient_delete(sResolvDeathRecipient);
227 AllowNetworkInBackground(TEST_UID, false);
228 AllowNetworkInBackground(TEST_UID2, false);
229 }
230
231 protected:
SetUp()232 void SetUp() {
233 mDnsClient.SetUp();
234 sDnsMetricsListener->reset();
235 sUnsolicitedEventListener->reset();
236 SetMdnsRoute();
237 mIsResolverOptionIPCSupported =
238 DnsResponderClient::isRemoteVersionSupported(mDnsClient.resolvService(), 9);
239 }
240
TearDown()241 void TearDown() {
242 // Ensure the dump works at the end of each test.
243 DumpResolverService();
244 RemoveMdnsRoute();
245 mDnsClient.TearDown();
246 }
247
resetNetwork()248 void resetNetwork() {
249 EXPECT_EQ(mDnsClient.TearDownOemNetwork(TEST_NETID), 0);
250 EXPECT_EQ(mDnsClient.SetupOemNetwork(TEST_NETID), 0);
251 }
252
StartDns(test::DNSResponder & dns,const std::vector<DnsRecord> & records)253 void StartDns(test::DNSResponder& dns, const std::vector<DnsRecord>& records) {
254 for (const auto& r : records) {
255 dns.addMapping(r.host_name, r.type, r.addr);
256 }
257
258 ASSERT_TRUE(dns.startServer());
259 dns.clearQueries();
260 }
261
DumpResolverService()262 void DumpResolverService() {
263 unique_fd fd(open("/dev/null", O_WRONLY));
264 EXPECT_EQ(mDnsClient.resolvService()->dump(fd, nullptr, 0), 0);
265
266 const char* querylogCmd[] = {"querylog"}; // Keep it sync with DnsQueryLog::DUMP_KEYWORD.
267 EXPECT_EQ(mDnsClient.resolvService()->dump(fd, querylogCmd, std::size(querylogCmd)), 0);
268 }
269
WaitForNat64Prefix(ExpectNat64PrefixStatus status,std::chrono::milliseconds timeout=std::chrono::milliseconds (1000))270 bool WaitForNat64Prefix(ExpectNat64PrefixStatus status,
271 std::chrono::milliseconds timeout = std::chrono::milliseconds(1000)) {
272 return sDnsMetricsListener->waitForNat64Prefix(status, timeout) &&
273 sUnsolicitedEventListener->waitForNat64Prefix(
274 status == EXPECT_FOUND
275 ? IDnsResolverUnsolicitedEventListener::PREFIX_OPERATION_ADDED
276 : IDnsResolverUnsolicitedEventListener::PREFIX_OPERATION_REMOVED,
277 timeout);
278 }
279
WaitForPrivateDnsValidation(std::string serverAddr,bool validated)280 bool WaitForPrivateDnsValidation(std::string serverAddr, bool validated) {
281 return sDnsMetricsListener->waitForPrivateDnsValidation(serverAddr, validated) &&
282 sUnsolicitedEventListener->waitForPrivateDnsValidation(
283 serverAddr,
284 validated ? IDnsResolverUnsolicitedEventListener::VALIDATION_RESULT_SUCCESS
285 : IDnsResolverUnsolicitedEventListener::VALIDATION_RESULT_FAILURE,
286 IDnsResolverUnsolicitedEventListener::PROTOCOL_DOT);
287 }
288
hasUncaughtPrivateDnsValidation(const std::string & serverAddr)289 bool hasUncaughtPrivateDnsValidation(const std::string& serverAddr) {
290 return sDnsMetricsListener->findValidationRecord(serverAddr) &&
291 sUnsolicitedEventListener->findValidationRecord(
292 serverAddr, IDnsResolverUnsolicitedEventListener::PROTOCOL_DOT);
293 }
294
ExpectDnsEvent(int32_t eventType,int32_t returnCode,const std::string & hostname,const std::vector<std::string> & ipAddresses)295 void ExpectDnsEvent(int32_t eventType, int32_t returnCode, const std::string& hostname,
296 const std::vector<std::string>& ipAddresses) {
297 const DnsMetricsListener::DnsEvent expect = {
298 TEST_NETID, eventType, returnCode,
299 hostname, ipAddresses, static_cast<int32_t>(ipAddresses.size())};
300 do {
301 // Blocking call until timeout.
302 const auto dnsEvent = sDnsMetricsListener->popDnsEvent();
303 ASSERT_TRUE(dnsEvent.has_value()) << "Expected DnsEvent " << expect;
304 if (dnsEvent.value() == expect) break;
305 LOG(INFO) << "Skip unexpected DnsEvent: " << dnsEvent.value();
306 } while (true);
307
308 while (returnCode == 0 || returnCode == RCODE_TIMEOUT) {
309 // Blocking call until timeout.
310 Result<int> result = sUnsolicitedEventListener->popDnsHealthResult();
311 ASSERT_TRUE(result.ok()) << "Expected dns health result is " << returnCode;
312 if ((returnCode == 0 &&
313 result.value() == IDnsResolverUnsolicitedEventListener::DNS_HEALTH_RESULT_OK) ||
314 (returnCode == RCODE_TIMEOUT &&
315 result.value() ==
316 IDnsResolverUnsolicitedEventListener::DNS_HEALTH_RESULT_TIMEOUT)) {
317 break;
318 }
319 LOG(INFO) << "Skip unexpected dns health result:" << result.value();
320 }
321 }
322
323 enum class StatsCmp { LE, EQ };
324
expectStatsNotGreaterThan(const std::vector<NameserverStats> & nameserversStats)325 bool expectStatsNotGreaterThan(const std::vector<NameserverStats>& nameserversStats) {
326 return expectStatsFromGetResolverInfo(nameserversStats, StatsCmp::LE);
327 }
328
expectStatsEqualTo(const std::vector<NameserverStats> & nameserversStats)329 bool expectStatsEqualTo(const std::vector<NameserverStats>& nameserversStats) {
330 return expectStatsFromGetResolverInfo(nameserversStats, StatsCmp::EQ);
331 }
332
expectStatsFromGetResolverInfo(const std::vector<NameserverStats> & nameserversStats,const StatsCmp cmp)333 bool expectStatsFromGetResolverInfo(const std::vector<NameserverStats>& nameserversStats,
334 const StatsCmp cmp) {
335 constexpr int RTT_TOLERANCE_MS = 200;
336 const auto resolvInfo = mDnsClient.getResolverInfo();
337 if (!resolvInfo.ok()) {
338 ADD_FAILURE() << resolvInfo.error().message();
339 return false;
340 }
341 const std::vector<std::string>& res_servers = resolvInfo.value().dnsServers;
342 const std::vector<ResolverStats>& res_stats = resolvInfo.value().stats;
343
344 if (res_servers.size() != res_stats.size()) {
345 ADD_FAILURE() << fmt::format("res_servers.size() != res_stats.size(): {} != {}",
346 res_servers.size(), res_stats.size());
347 return false;
348 }
349 if (res_servers.size() != nameserversStats.size()) {
350 ADD_FAILURE() << fmt::format("res_servers.size() != nameserversStats.size(): {} != {}",
351 res_servers.size(), nameserversStats.size());
352 return false;
353 }
354
355 for (const auto& stats : nameserversStats) {
356 SCOPED_TRACE(stats.server);
357 const auto it = std::find(res_servers.begin(), res_servers.end(), stats.server);
358 if (it == res_servers.end()) {
359 ADD_FAILURE() << fmt::format("nameserver {} not found in the list {{{}}}",
360 stats.server, fmt::join(res_servers, ", "));
361 return false;
362 }
363 const int index = std::distance(res_servers.begin(), it);
364
365 // The check excludes last_sample_time and usable since they will be obsolete
366 // after |res_stats| is retrieved from NetConfig.dnsStats rather than NetConfig.nsstats.
367 switch (cmp) {
368 case StatsCmp::EQ:
369 EXPECT_EQ(res_stats[index].successes, stats.successes);
370 EXPECT_EQ(res_stats[index].errors, stats.errors);
371 EXPECT_EQ(res_stats[index].timeouts, stats.timeouts);
372 EXPECT_EQ(res_stats[index].internal_errors, stats.internal_errors);
373 // A negative rtt_avg means that there is no effective rtt in the
374 // stats. The value should be deterministic.
375 // See android_net_res_stats_aggregate() for mor details.
376 if (res_stats[index].rtt_avg < 0 || stats.rtt_avg < 0) {
377 EXPECT_EQ(res_stats[index].rtt_avg, stats.rtt_avg);
378 } else {
379 EXPECT_NEAR(res_stats[index].rtt_avg, stats.rtt_avg, RTT_TOLERANCE_MS);
380 }
381 break;
382 case StatsCmp::LE:
383 EXPECT_LE(res_stats[index].successes, stats.successes);
384 EXPECT_LE(res_stats[index].errors, stats.errors);
385 EXPECT_LE(res_stats[index].timeouts, stats.timeouts);
386 EXPECT_LE(res_stats[index].internal_errors, stats.internal_errors);
387 EXPECT_LE(res_stats[index].rtt_avg, stats.rtt_avg + RTT_TOLERANCE_MS);
388 break;
389 default:
390 ADD_FAILURE() << "Unknown comparator " << static_cast<int>(cmp);
391 return false;
392 }
393 }
394
395 return true;
396 }
397
398 // Since there's no way to terminate private DNS validation threads at any time. Tests that
399 // focus on the results of private DNS validation can interfere with each other if they use the
400 // same IP address for test servers. getUniqueIPv4Address() is a workaround to reduce the
401 // possibility of tests being flaky. A feasible solution is to forbid the validation threads,
402 // which are considered as outdated (e.g. switch the resolver to private DNS OFF mode), updating
403 // the result to the PrivateDnsConfiguration instance.
getUniqueIPv4Address()404 static std::string getUniqueIPv4Address() {
405 static int counter = 0;
406 return fmt::format("127.0.100.{}", (++counter & 0xff));
407 }
408
409 DnsResponderClient mDnsClient;
410
411 bool mIsResolverOptionIPCSupported = false;
412
413 // Use a shared static DNS listener for all tests to avoid registering lots of listeners
414 // which may be released late until process terminated. Currently, registered DNS listener
415 // is removed by binder death notification which is fired when the process hosting an
416 // IBinder has gone away. If every test in ResolverTest registers its DNS listener, Netd
417 // may temporarily hold lots of dead listeners until the unit test process terminates.
418 // TODO: Perhaps add an unregistering listener binder call or fork a listener process which
419 // could be terminated earlier.
420 static std::shared_ptr<DnsMetricsListener>
421 sDnsMetricsListener; // Initialized in SetUpTestSuite.
422
423 inline static std::shared_ptr<UnsolicitedEventListener>
424 sUnsolicitedEventListener; // Initialized in SetUpTestSuite.
425
426 // Use a shared static death recipient to monitor the service death. The static death
427 // recipient could monitor the death not only during the test but also between tests.
428 static AIBinder_DeathRecipient* sResolvDeathRecipient; // Initialized in SetUpTestSuite.
429
430 // The linked AIBinder_DeathRecipient will be automatically unlinked if the binder is deleted.
431 // The binder needs to be retained throughout tests.
432 static ndk::SpAIBinder sResolvBinder;
433 };
434
435 // Initialize static member of class.
436 std::shared_ptr<DnsMetricsListener> ResolverTest::sDnsMetricsListener;
437 AIBinder_DeathRecipient* ResolverTest::sResolvDeathRecipient;
438 ndk::SpAIBinder ResolverTest::sResolvBinder;
439
TEST_F(ResolverTest,GetHostByName)440 TEST_F(ResolverTest, GetHostByName) {
441 constexpr char nonexistent_host_name[] = "nonexistent.example.com.";
442
443 test::DNSResponder dns;
444 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.3"}});
445 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
446
447 const hostent* result;
448 result = gethostbyname("nonexistent");
449 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
450 ASSERT_TRUE(result == nullptr);
451 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
452
453 dns.clearQueries();
454 result = gethostbyname("hello");
455 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
456 ASSERT_FALSE(result == nullptr);
457 ASSERT_EQ(4, result->h_length);
458 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
459 EXPECT_EQ("1.2.3.3", ToString(result));
460 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
461 }
462
TEST_F(ResolverTest,GetHostByName_NULL)463 TEST_F(ResolverTest, GetHostByName_NULL) {
464 // Most libc implementations would just crash on gethostbyname(NULL). Instead, Bionic
465 // serializes the null argument over dnsproxyd, causing the server-side to crash!
466 // This is a regression test.
467 const char* const testcases[] = {nullptr, "", "^"};
468 for (const char* name : testcases) {
469 SCOPED_TRACE(fmt::format("gethostbyname({})", name ? name : "NULL"));
470 const hostent* result = gethostbyname(name);
471 EXPECT_TRUE(result == nullptr);
472 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
473 }
474 }
475
TEST_F(ResolverTest,GetHostByName_cnames)476 TEST_F(ResolverTest, GetHostByName_cnames) {
477 constexpr char host_name[] = "host.example.com.";
478 size_t cnamecount = 0;
479 test::DNSResponder dns;
480
481 const std::vector<DnsRecord> records = {
482 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
483 {"a.example.com.", ns_type::ns_t_cname, "b.example.com."},
484 {"b.example.com.", ns_type::ns_t_cname, "c.example.com."},
485 {"c.example.com.", ns_type::ns_t_cname, "d.example.com."},
486 {"d.example.com.", ns_type::ns_t_cname, "e.example.com."},
487 {"e.example.com.", ns_type::ns_t_cname, host_name},
488 {host_name, ns_type::ns_t_a, "1.2.3.3"},
489 {host_name, ns_type::ns_t_aaaa, "2001:db8::42"},
490 };
491 StartDns(dns, records);
492 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
493
494 // using gethostbyname2() to resolve ipv4 hello.example.com. to 1.2.3.3
495 // Ensure the v4 address and cnames are correct
496 const hostent* result;
497 result = gethostbyname2("hello", AF_INET);
498 ASSERT_FALSE(result == nullptr);
499
500 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
501 std::string domain_name = records[i].host_name.substr(0, records[i].host_name.size() - 1);
502 EXPECT_EQ(result->h_aliases[i], domain_name);
503 cnamecount++;
504 }
505 // The size of "Non-cname type" record in DNS records is 2
506 ASSERT_EQ(cnamecount, records.size() - 2);
507 ASSERT_EQ(4, result->h_length);
508 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
509 EXPECT_EQ("1.2.3.3", ToString(result));
510 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
511 EXPECT_EQ(1U, dns.queries().size()) << dns.dumpQueries();
512
513 // using gethostbyname2() to resolve ipv6 hello.example.com. to 2001:db8::42
514 // Ensure the v6 address and cnames are correct
515 cnamecount = 0;
516 dns.clearQueries();
517 result = gethostbyname2("hello", AF_INET6);
518 for (unsigned i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
519 std::string domain_name = records[i].host_name.substr(0, records[i].host_name.size() - 1);
520 EXPECT_EQ(result->h_aliases[i], domain_name);
521 cnamecount++;
522 }
523 // The size of "Non-cname type" DNS record in records is 2
524 ASSERT_EQ(cnamecount, records.size() - 2);
525 ASSERT_FALSE(result == nullptr);
526 ASSERT_EQ(16, result->h_length);
527 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
528 EXPECT_EQ("2001:db8::42", ToString(result));
529 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
530 }
531
TEST_F(ResolverTest,GetHostByName_cnamesInfiniteLoop)532 TEST_F(ResolverTest, GetHostByName_cnamesInfiniteLoop) {
533 test::DNSResponder dns;
534 const std::vector<DnsRecord> records = {
535 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
536 {"a.example.com.", ns_type::ns_t_cname, kHelloExampleCom},
537 };
538 StartDns(dns, records);
539 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
540
541 const hostent* result;
542 result = gethostbyname2("hello", AF_INET);
543 ASSERT_TRUE(result == nullptr);
544
545 dns.clearQueries();
546 result = gethostbyname2("hello", AF_INET6);
547 ASSERT_TRUE(result == nullptr);
548 }
549
TEST_F(ResolverTest,GetHostByName_localhost)550 TEST_F(ResolverTest, GetHostByName_localhost) {
551 constexpr char name_camelcase[] = "LocalHost";
552 constexpr char name_ip6_dot[] = "ip6-localhost.";
553 constexpr char name_ip6_fqdn[] = "ip6-localhost.example.com.";
554
555 // Add a no-op nameserver which shouldn't receive any queries
556 test::DNSResponder dns;
557 StartDns(dns, {});
558 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
559
560 // Expect no DNS queries; localhost is resolved via /etc/hosts
561 const hostent* result = gethostbyname(kLocalHost);
562 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
563 ASSERT_FALSE(result == nullptr);
564 ASSERT_EQ(4, result->h_length);
565 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
566 EXPECT_EQ(kLocalHostAddr, ToString(result));
567 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
568
569 // Ensure the hosts file resolver ignores case of hostnames
570 result = gethostbyname(name_camelcase);
571 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
572 ASSERT_FALSE(result == nullptr);
573 ASSERT_EQ(4, result->h_length);
574 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
575 EXPECT_EQ(kLocalHostAddr, ToString(result));
576 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
577
578 // The hosts file also contains ip6-localhost, but gethostbyname() won't
579 // return it. This would be easy to
580 // change, but there's no point in changing the legacy behavior; new code
581 // should be calling getaddrinfo() anyway.
582 // So we check the legacy behavior, which results in amusing A-record
583 // lookups for ip6-localhost, with and without search domains appended.
584 dns.clearQueries();
585 result = gethostbyname(kIp6LocalHost);
586 EXPECT_EQ(2U, dns.queries().size()) << dns.dumpQueries();
587 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_dot)) << dns.dumpQueries();
588 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_fqdn)) << dns.dumpQueries();
589 ASSERT_TRUE(result == nullptr);
590
591 // Finally, use gethostbyname2() to resolve ip6-localhost to ::1 from
592 // the hosts file.
593 dns.clearQueries();
594 result = gethostbyname2(kIp6LocalHost, AF_INET6);
595 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
596 ASSERT_FALSE(result == nullptr);
597 ASSERT_EQ(16, result->h_length);
598 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
599 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
600 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
601 }
602
TEST_F(ResolverTest,GetHostByName_numeric)603 TEST_F(ResolverTest, GetHostByName_numeric) {
604 // Add a no-op nameserver which shouldn't receive any queries
605 test::DNSResponder dns;
606 StartDns(dns, {});
607 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
608
609 // Numeric v4 address: expect no DNS queries
610 constexpr char numeric_v4[] = "192.168.0.1";
611 const hostent* result = gethostbyname(numeric_v4);
612 EXPECT_EQ(0U, dns.queries().size());
613 ASSERT_FALSE(result == nullptr);
614 ASSERT_EQ(4, result->h_length); // v4
615 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
616 EXPECT_EQ(numeric_v4, ToString(result));
617 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
618
619 // gethostbyname() recognizes a v6 address, and fails with no DNS queries
620 constexpr char numeric_v6[] = "2001:db8::42";
621 dns.clearQueries();
622 result = gethostbyname(numeric_v6);
623 EXPECT_EQ(0U, dns.queries().size());
624 EXPECT_TRUE(result == nullptr);
625
626 // Numeric v6 address with gethostbyname2(): succeeds with no DNS queries
627 dns.clearQueries();
628 result = gethostbyname2(numeric_v6, AF_INET6);
629 EXPECT_EQ(0U, dns.queries().size());
630 ASSERT_FALSE(result == nullptr);
631 ASSERT_EQ(16, result->h_length); // v6
632 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
633 EXPECT_EQ(numeric_v6, ToString(result));
634 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
635
636 // Numeric v6 address with scope work with getaddrinfo(),
637 // but gethostbyname2() does not understand them; it issues two dns
638 // queries, then fails. This hardly ever happens, there's no point
639 // in fixing this. This test simply verifies the current (bogus)
640 // behavior to avoid further regressions (like crashes, or leaks).
641 constexpr char numeric_v6_scope[] = "fe80::1%lo";
642 dns.clearQueries();
643 result = gethostbyname2(numeric_v6_scope, AF_INET6);
644 EXPECT_EQ(2U, dns.queries().size()); // OUCH!
645 ASSERT_TRUE(result == nullptr);
646 }
647
TEST_F(ResolverTest,BinderSerialization)648 TEST_F(ResolverTest, BinderSerialization) {
649 std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params_offsets = {
650 IDnsResolver::RESOLVER_PARAMS_SAMPLE_VALIDITY,
651 IDnsResolver::RESOLVER_PARAMS_SUCCESS_THRESHOLD,
652 IDnsResolver::RESOLVER_PARAMS_MIN_SAMPLES,
653 IDnsResolver::RESOLVER_PARAMS_MAX_SAMPLES,
654 IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC,
655 IDnsResolver::RESOLVER_PARAMS_RETRY_COUNT,
656 };
657 const int size = static_cast<int>(params_offsets.size());
658 EXPECT_EQ(size, IDnsResolver::RESOLVER_PARAMS_COUNT);
659 std::sort(params_offsets.begin(), params_offsets.end());
660 for (int i = 0; i < size; ++i) {
661 EXPECT_EQ(params_offsets[i], i);
662 }
663 }
664
TEST_F(ResolverTest,GetHostByName_Binder)665 TEST_F(ResolverTest, GetHostByName_Binder) {
666 std::vector<std::string> domains = {"example.com"};
667 std::vector<std::unique_ptr<test::DNSResponder>> dns;
668 std::vector<std::string> servers;
669 std::vector<DnsResponderClient::Mapping> mappings;
670 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupMappings(1, domains, &mappings));
671 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupDNSServers(4, mappings, &dns, &servers));
672 ASSERT_EQ(1U, mappings.size());
673 const DnsResponderClient::Mapping& mapping = mappings[0];
674
675 const auto resolverParams = ResolverParams::Builder()
676 .setDomains(domains)
677 .setDnsServers(servers)
678 .setDotServers({})
679 .build();
680 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(resolverParams));
681
682 const hostent* result = gethostbyname(mapping.host.c_str());
683 const size_t total_queries =
684 std::accumulate(dns.begin(), dns.end(), 0, [&mapping](size_t total, auto& d) {
685 return total + GetNumQueriesForType(*d, ns_type::ns_t_a, mapping.entry.c_str());
686 });
687
688 EXPECT_LE(1U, total_queries);
689 ASSERT_FALSE(result == nullptr);
690 ASSERT_EQ(4, result->h_length);
691 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
692 EXPECT_EQ(mapping.ip4, ToString(result));
693 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
694
695 const auto resolvInfo = mDnsClient.getResolverInfo();
696 ASSERT_RESULT_OK(resolvInfo);
697 EXPECT_EQ(servers.size(), resolvInfo.value().dnsServers.size());
698 EXPECT_EQ(domains.size(), resolvInfo.value().domains.size());
699 EXPECT_TRUE(resolvInfo.value().dotServers.empty());
700 EXPECT_EQ(resolverParams.sampleValiditySeconds, resolvInfo.value().params.sample_validity);
701 EXPECT_EQ(resolverParams.successThreshold, resolvInfo.value().params.success_threshold);
702 EXPECT_EQ(resolverParams.minSamples, resolvInfo.value().params.min_samples);
703 EXPECT_EQ(resolverParams.maxSamples, resolvInfo.value().params.max_samples);
704 EXPECT_EQ(resolverParams.baseTimeoutMsec, resolvInfo.value().params.base_timeout_msec);
705 EXPECT_EQ(resolverParams.retryCount, resolvInfo.value().params.retry_count);
706 EXPECT_EQ(servers.size(), resolvInfo.value().stats.size());
707
708 EXPECT_THAT(resolvInfo.value().dnsServers, testing::UnorderedElementsAreArray(servers));
709 EXPECT_THAT(resolvInfo.value().domains, testing::UnorderedElementsAreArray(domains));
710 }
711
TEST_F(ResolverTest,GetAddrInfo)712 TEST_F(ResolverTest, GetAddrInfo) {
713 constexpr char listen_addr[] = "127.0.0.4";
714 constexpr char listen_addr2[] = "127.0.0.5";
715 constexpr char host_name[] = "howdy.example.com.";
716
717 const std::vector<DnsRecord> records = {
718 {host_name, ns_type::ns_t_a, "1.2.3.4"},
719 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
720 };
721 test::DNSResponder dns(listen_addr);
722 test::DNSResponder dns2(listen_addr2);
723 StartDns(dns, records);
724 StartDns(dns2, records);
725
726 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr}));
727 dns.clearQueries();
728 dns2.clearQueries();
729
730 ScopedAddrinfo result = safe_getaddrinfo("howdy", nullptr, nullptr);
731 EXPECT_TRUE(result != nullptr);
732 size_t found = GetNumQueries(dns, host_name);
733 EXPECT_LE(1U, found);
734 // Could be A or AAAA
735 std::string result_str = ToString(result);
736 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
737 << ", result_str='" << result_str << "'";
738
739 // Verify that the name is cached.
740 size_t old_found = found;
741 result = safe_getaddrinfo("howdy", nullptr, nullptr);
742 EXPECT_TRUE(result != nullptr);
743 found = GetNumQueries(dns, host_name);
744 EXPECT_LE(1U, found);
745 EXPECT_EQ(old_found, found);
746 result_str = ToString(result);
747 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") << result_str;
748
749 // Change the DNS resolver, ensure that queries are still cached.
750 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr2}));
751 dns.clearQueries();
752 dns2.clearQueries();
753
754 result = safe_getaddrinfo("howdy", nullptr, nullptr);
755 EXPECT_TRUE(result != nullptr);
756 found = GetNumQueries(dns, host_name);
757 size_t found2 = GetNumQueries(dns2, host_name);
758 EXPECT_EQ(0U, found);
759 EXPECT_LE(0U, found2);
760
761 // Could be A or AAAA
762 result_str = ToString(result);
763 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
764 << ", result_str='" << result_str << "'";
765 }
766
TEST_F(ResolverTest,GetAddrInfoV4)767 TEST_F(ResolverTest, GetAddrInfoV4) {
768 test::DNSResponder dns;
769 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.5"}});
770 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
771
772 const addrinfo hints = {.ai_family = AF_INET};
773 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
774 EXPECT_TRUE(result != nullptr);
775 EXPECT_EQ(1U, GetNumQueries(dns, kHelloExampleCom));
776 EXPECT_EQ("1.2.3.5", ToString(result));
777 }
778
TEST_F(ResolverTest,GetAddrInfo_localhost)779 TEST_F(ResolverTest, GetAddrInfo_localhost) {
780 // Add a no-op nameserver which shouldn't receive any queries
781 test::DNSResponder dns;
782 StartDns(dns, {});
783 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
784
785 ScopedAddrinfo result = safe_getaddrinfo(kLocalHost, nullptr, nullptr);
786 EXPECT_TRUE(result != nullptr);
787 // Expect no DNS queries; localhost is resolved via /etc/hosts
788 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
789 EXPECT_EQ(kLocalHostAddr, ToString(result));
790
791 result = safe_getaddrinfo(kIp6LocalHost, nullptr, nullptr);
792 EXPECT_TRUE(result != nullptr);
793 // Expect no DNS queries; ip6-localhost is resolved via /etc/hosts
794 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
795 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
796 }
797
TEST_F(ResolverTest,GetAddrInfo_NumericHostname)798 TEST_F(ResolverTest, GetAddrInfo_NumericHostname) {
799 // Add a no-op nameserver which shouldn't receive any queries
800 test::DNSResponder dns;
801 StartDns(dns, {});
802 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
803
804 ScopedAddrinfo result = safe_getaddrinfo("1.2.3.4", nullptr, nullptr);
805 EXPECT_TRUE(result != nullptr);
806 // Expect no DNS queries. Numeric hostname doesn't need to resolve.
807 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
808 EXPECT_EQ("1.2.3.4", ToString(result));
809
810 result = safe_getaddrinfo("2001:db8::1", nullptr, nullptr);
811 EXPECT_TRUE(result != nullptr);
812 // Expect no DNS queries. Numeric hostname doesn't need to resolve.
813 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
814 EXPECT_EQ("2001:db8::1", ToString(result));
815 }
816
TEST_F(ResolverTest,GetAddrInfo_InvalidSocketType)817 TEST_F(ResolverTest, GetAddrInfo_InvalidSocketType) {
818 test::DNSResponder dns;
819 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.5"}});
820 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
821
822 // TODO: Test other invalid socket types.
823 const addrinfo hints = {
824 .ai_family = AF_UNSPEC,
825 .ai_socktype = SOCK_PACKET,
826 };
827 addrinfo* result = nullptr;
828 // This is a valid hint, but the query won't be sent because the socket type is
829 // not supported.
830 EXPECT_EQ(EAI_NODATA, getaddrinfo("hello", nullptr, &hints, &result));
831 ScopedAddrinfo result_cleanup(result);
832 EXPECT_EQ(nullptr, result);
833 }
834
835 // Verify if the resolver correctly handle multiple queries simultaneously
836 // step 1: set dns server#1 into deferred responding mode.
837 // step 2: thread#1 query "hello.example.com." --> resolver send query to server#1.
838 // step 3: thread#2 query "hello.example.com." --> resolver hold the request and wait for
839 // response of previous pending query sent by thread#1.
840 // step 4: thread#3 query "konbanha.example.com." --> resolver send query to server#3. Server
841 // respond to resolver immediately.
842 // step 5: check if server#1 get 1 query by thread#1, server#2 get 0 query, server#3 get 1 query.
843 // step 6: resume dns server#1 to respond dns query in step#2.
844 // step 7: thread#1 and #2 should get returned from DNS query after step#6. Also, check the
845 // number of queries in server#2 is 0 to ensure thread#2 does not wake up unexpectedly
846 // before signaled by thread#1.
TEST_F(ResolverTest,GetAddrInfoV4_deferred_resp)847 TEST_F(ResolverTest, GetAddrInfoV4_deferred_resp) {
848 const char* listen_addr1 = "127.0.0.9";
849 const char* listen_addr2 = "127.0.0.10";
850 const char* listen_addr3 = "127.0.0.11";
851 const char* listen_srv = "53";
852 const char* host_name_deferred = "hello.example.com.";
853 const char* host_name_normal = "konbanha.example.com.";
854 test::DNSResponder dns1(listen_addr1, listen_srv, ns_rcode::ns_r_servfail);
855 test::DNSResponder dns2(listen_addr2, listen_srv, ns_rcode::ns_r_servfail);
856 test::DNSResponder dns3(listen_addr3, listen_srv, ns_rcode::ns_r_servfail);
857 dns1.addMapping(host_name_deferred, ns_type::ns_t_a, "1.2.3.4");
858 dns2.addMapping(host_name_deferred, ns_type::ns_t_a, "1.2.3.4");
859 dns3.addMapping(host_name_normal, ns_type::ns_t_a, "1.2.3.5");
860 ASSERT_TRUE(dns1.startServer());
861 ASSERT_TRUE(dns2.startServer());
862 ASSERT_TRUE(dns3.startServer());
863 const std::vector<std::string> servers_for_t1 = {listen_addr1};
864 const std::vector<std::string> servers_for_t2 = {listen_addr2};
865 const std::vector<std::string> servers_for_t3 = {listen_addr3};
866 addrinfo hints = {.ai_family = AF_INET};
867 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {300, 25, 8, 8, 5000, 0};
868 bool t3_task_done = false;
869 bool t2_sv_setup_done = false;
870
871 dns1.setDeferredResp(true);
872 std::thread t1([&, this]() {
873 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
874 .setDnsServers(servers_for_t1)
875 .setDotServers({})
876 .setParams(params)
877 .build()));
878 ScopedAddrinfo result = safe_getaddrinfo(host_name_deferred, nullptr, &hints);
879 // t3's dns query should got returned first
880 EXPECT_TRUE(t3_task_done);
881 EXPECT_EQ(1U, GetNumQueries(dns1, host_name_deferred));
882 EXPECT_TRUE(result != nullptr);
883 EXPECT_EQ("1.2.3.4", ToString(result));
884 });
885
886 // ensuring t1 and t2 handler functions are processed in order
887 EXPECT_TRUE(PollForCondition([&]() { return GetNumQueries(dns1, host_name_deferred); }));
888 std::thread t2([&, this]() {
889 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
890 .setDnsServers(servers_for_t2)
891 .setDotServers({})
892 .setParams(params)
893 .build()));
894 t2_sv_setup_done = true;
895 ScopedAddrinfo result = safe_getaddrinfo(host_name_deferred, nullptr, &hints);
896 EXPECT_TRUE(t3_task_done);
897 EXPECT_EQ(0U, GetNumQueries(dns2, host_name_deferred));
898 EXPECT_TRUE(result != nullptr);
899 EXPECT_EQ("1.2.3.4", ToString(result));
900 const auto resolvInfo = mDnsClient.getResolverInfo();
901 ASSERT_RESULT_OK(resolvInfo);
902 EXPECT_EQ(0, resolvInfo.value().waitForPendingReqTimeoutCount);
903 });
904
905 // ensuring t2 and t3 handler functions are processed in order
906 EXPECT_TRUE(PollForCondition([&]() { return t2_sv_setup_done; }));
907 std::thread t3([&, this]() {
908 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
909 .setDnsServers(servers_for_t3)
910 .setDotServers({})
911 .setParams(params)
912 .build()));
913 ScopedAddrinfo result = safe_getaddrinfo(host_name_normal, nullptr, &hints);
914 EXPECT_EQ(1U, GetNumQueries(dns1, host_name_deferred));
915 EXPECT_EQ(0U, GetNumQueries(dns2, host_name_deferred));
916 EXPECT_EQ(1U, GetNumQueries(dns3, host_name_normal));
917 EXPECT_TRUE(result != nullptr);
918 EXPECT_EQ("1.2.3.5", ToString(result));
919
920 t3_task_done = true;
921 dns1.setDeferredResp(false);
922 });
923 t3.join();
924 t1.join();
925 t2.join();
926 }
927
TEST_F(ResolverTest,GetAddrInfoV4_MultiAnswers)928 TEST_F(ResolverTest, GetAddrInfoV4_MultiAnswers) {
929 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
930 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponsesV4);
931 StartDns(dns, {});
932 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
933
934 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
935 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
936 ASSERT_FALSE(result == nullptr);
937
938 // Expect the DNS result order is the same as the RR order in the DNS response
939 // |kHelloExampleComResponsesV4| because none of rule in the native sorting
940 // function _rfc6724_compare() is matched.
941 //
942 // The reason is here for the sorting result from _rfc6724_compare.
943 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
944 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
945 // See rule#1 as well.
946 // (rule 3 is not implemented)
947 // (rule 4 is not implemented)
948 // For rule 5: prefer matching label, all addresses get the same label 4 for AF_INET.
949 // For rule 6: prefer higher precedence, all addresses get the same precedence 35 for AF_INET.
950 // (rule 7 is not implemented)
951 // For rule 8: prefer smaller scope, all destination addresses has the same scope.
952 // For rule 9: use longest matching prefix, IPv6 only.
953 // For rule 10: leave the order unchanged, these IPv4 DNS addresses meet this rule.
954 //
955 // See packages/modules/DnsResolver/getaddrinfo.cpp
956 EXPECT_THAT(ToStrings(result),
957 testing::ElementsAre(kHelloExampleComAddrV4, kHelloExampleComAddrV4_2,
958 kHelloExampleComAddrV4_3));
959
960 // .ai_socktype will be 0.
961 hints = {.ai_family = AF_UNSPEC};
962 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
963 ASSERT_FALSE(result == nullptr);
964
965 // The results are sorted in every querying by explore_options and then concatenates all sorted
966 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
967 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
968 // of each explore_options and concatenates all sorted results into one link list. The address
969 // order of the output addrinfo is:
970 // 1.2.3.4 (socktype=2, protocol=17) ->
971 // 8.8.8.8 (socktype=2, protocol=17) ->
972 // 81.117.21.202 (socktype=2, protocol=17) ->
973 // 1.2.3.4 (socktype=1, protocol=6) ->
974 // 8.8.8.8 (socktype=1, protocol=6) ->
975 // 81.117.21.202 (socktype=1, protocol=6)
976 //
977 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
978 EXPECT_THAT(ToStrings(result),
979 testing::ElementsAre(kHelloExampleComAddrV4, kHelloExampleComAddrV4_2,
980 kHelloExampleComAddrV4_3, kHelloExampleComAddrV4,
981 kHelloExampleComAddrV4_2, kHelloExampleComAddrV4_3));
982 }
983
TEST_F(ResolverTest,GetAddrInfoV6_MultiAnswers)984 TEST_F(ResolverTest, GetAddrInfoV6_MultiAnswers) {
985 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
986 dns.addMappingBinaryPacket(kHelloExampleComQueryV6, kHelloExampleComResponsesV6);
987 StartDns(dns, {});
988 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
989
990 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
991 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
992 ASSERT_FALSE(result == nullptr);
993
994 // Expect the DNS result order is GUA, teredo tunneling address and IPv4-compatible address
995 // because of the precedence comparison of RFC 6724.
996 //
997 // The reason is here for the sorting result from _rfc6724_compare.
998 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
999 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
1000 // See rule#1 as well.
1001 // (rule 3 is not implemented)
1002 // (rule 4 is not implemented)
1003 // For rule 5: prefer matching label, the source address is not valid and can't match the dns
1004 // reply addresses. See rule#1 as well.
1005 // For rule 6: prefer higher precedence, sorted by the order: gua(40), teredo(5) and
1006 // ipv4-compatible(1).
1007 // Ignore from rule 7 to rule 10 because the results has been sorted by rule 6.
1008 //
1009 // See _get_precedence, _rfc6724_compare in packages/modules/DnsResolver/getaddrinfo.cpp
1010 EXPECT_THAT(ToStrings(result),
1011 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV6_TEREDO,
1012 kHelloExampleComAddrV6_IPV4COMPAT));
1013
1014 hints = {.ai_family = AF_UNSPEC};
1015 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1016 ASSERT_FALSE(result == nullptr);
1017
1018 // The results are sorted in every querying by explore_options and then concatenates all sorted
1019 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
1020 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
1021 // of each explore_options and concatenates all sorted results into one link list. The address
1022 // order of the output addrinfo is:
1023 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1024 // 2001::47c1 (socktype=2, protocol=17) ->
1025 // ::1.2.3.4 (socktype=2, protocol=17) ->
1026 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1027 // 2001::47c1 (socktype=1, protocol=6) ->
1028 // ::1.2.3.4 (socktype=1, protocol=6)
1029 //
1030 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1031 EXPECT_THAT(
1032 ToStrings(result),
1033 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV6_TEREDO,
1034 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_GUA,
1035 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1036 }
1037
TEST_F(ResolverTest,GetAddrInfoV4V6_MultiAnswers)1038 TEST_F(ResolverTest, GetAddrInfoV4V6_MultiAnswers) {
1039 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
1040 // Use one IPv4 address only because we can't control IPv4 address ordering in this test
1041 // which uses a fake network.
1042 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponseV4);
1043 dns.addMappingBinaryPacket(kHelloExampleComQueryV6, kHelloExampleComResponsesV6);
1044 StartDns(dns, {});
1045 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1046
1047 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
1048 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1049 ASSERT_FALSE(result == nullptr);
1050
1051 // Expect the DNS result order is ipv6 global unicast address, IPv4 address, IPv6 teredo
1052 // tunneling address and IPv4-compatible IPv6 address because of the precedence comparison
1053 // of RFC 6724.
1054 //
1055 // The reason is here for the sorting result from _rfc6724_compare.
1056 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
1057 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
1058 // See rule#1 as well.
1059 // (rule 3 is not implemented)
1060 // (rule 4 is not implemented)
1061 // For rule 5: prefer matching label, the source address is not valid and can't match the dns
1062 // reply addresses. See rule#1 as well.
1063 // For rule 6: prefer higher precedence, sorted by the order: gua(40), ipv4(35), teredo(5) and
1064 // ipv4-compatible(1).
1065 // Ignore from rule 7 to rule 10 because the results has been sorted by rule 6.
1066 //
1067 // See _get_precedence, _rfc6724_compare in packages/modules/DnsResolver/getaddrinfo.cpp
1068 EXPECT_THAT(
1069 ToStrings(result),
1070 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1071 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1072
1073 hints = {.ai_family = AF_UNSPEC};
1074 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1075 ASSERT_FALSE(result == nullptr);
1076
1077 // The results are sorted in every querying by explore_options and then concatenates all sorted
1078 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
1079 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
1080 // of each explore_options and concatenates all sorted results into one link list. The address
1081 // order of the output addrinfo is:
1082 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1083 // 1.2.3.4 (socktype=2, protocol=17) ->
1084 // 2001::47c1 (socktype=2, protocol=17) ->
1085 // ::1.2.3.4 (socktype=2, protocol=17) ->
1086 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1087 // 1.2.3.4 (socktype=1, protocol=6) ->
1088 // 2001::47c1 (socktype=1, protocol=6) ->
1089 // ::1.2.3.4 (socktype=1, protocol=6)
1090 //
1091 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1092 EXPECT_THAT(
1093 ToStrings(result),
1094 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1095 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT,
1096 kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1097 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1098 }
1099
TEST_F(ResolverTest,GetAddrInfo_cnames)1100 TEST_F(ResolverTest, GetAddrInfo_cnames) {
1101 constexpr char host_name[] = "host.example.com.";
1102 test::DNSResponder dns;
1103 const std::vector<DnsRecord> records = {
1104 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
1105 {"a.example.com.", ns_type::ns_t_cname, "b.example.com."},
1106 {"b.example.com.", ns_type::ns_t_cname, "c.example.com."},
1107 {"c.example.com.", ns_type::ns_t_cname, "d.example.com."},
1108 {"d.example.com.", ns_type::ns_t_cname, "e.example.com."},
1109 {"e.example.com.", ns_type::ns_t_cname, host_name},
1110 {host_name, ns_type::ns_t_a, "1.2.3.3"},
1111 {host_name, ns_type::ns_t_aaaa, "2001:db8::42"},
1112 };
1113 StartDns(dns, records);
1114 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1115
1116 addrinfo hints = {.ai_family = AF_INET};
1117 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1118 EXPECT_TRUE(result != nullptr);
1119 EXPECT_EQ("1.2.3.3", ToString(result));
1120
1121 dns.clearQueries();
1122 hints = {.ai_family = AF_INET6};
1123 result = safe_getaddrinfo("hello", nullptr, &hints);
1124 EXPECT_TRUE(result != nullptr);
1125 EXPECT_EQ("2001:db8::42", ToString(result));
1126 }
1127
TEST_F(ResolverTest,GetAddrInfo_cnamesNoIpAddress)1128 TEST_F(ResolverTest, GetAddrInfo_cnamesNoIpAddress) {
1129 test::DNSResponder dns;
1130 const std::vector<DnsRecord> records = {
1131 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
1132 };
1133 StartDns(dns, records);
1134 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1135
1136 addrinfo hints = {.ai_family = AF_INET};
1137 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1138 EXPECT_TRUE(result == nullptr);
1139
1140 dns.clearQueries();
1141 hints = {.ai_family = AF_INET6};
1142 result = safe_getaddrinfo("hello", nullptr, &hints);
1143 EXPECT_TRUE(result == nullptr);
1144 }
1145
TEST_F(ResolverTest,GetAddrInfo_cnamesIllegalRdata)1146 TEST_F(ResolverTest, GetAddrInfo_cnamesIllegalRdata) {
1147 test::DNSResponder dns;
1148 const std::vector<DnsRecord> records = {
1149 {kHelloExampleCom, ns_type::ns_t_cname, ".!#?"},
1150 };
1151 StartDns(dns, records);
1152 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1153
1154 addrinfo hints = {.ai_family = AF_INET};
1155 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1156 EXPECT_TRUE(result == nullptr);
1157
1158 dns.clearQueries();
1159 hints = {.ai_family = AF_INET6};
1160 result = safe_getaddrinfo("hello", nullptr, &hints);
1161 EXPECT_TRUE(result == nullptr);
1162 }
1163
TEST_F(ResolverTest,GetAddrInfoForCaseInSensitiveDomains)1164 TEST_F(ResolverTest, GetAddrInfoForCaseInSensitiveDomains) {
1165 test::DNSResponder dns;
1166 const char* host_name = "howdy.example.com.";
1167 const char* host_name2 = "HOWDY.example.com.";
1168 const std::vector<DnsRecord> records = {
1169 {host_name, ns_type::ns_t_a, "1.2.3.4"},
1170 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
1171 {host_name2, ns_type::ns_t_a, "1.2.3.5"},
1172 {host_name2, ns_type::ns_t_aaaa, "::1.2.3.5"},
1173 };
1174 StartDns(dns, records);
1175 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1176
1177 ScopedAddrinfo hostname_result = safe_getaddrinfo("howdy", nullptr, nullptr);
1178 EXPECT_TRUE(hostname_result != nullptr);
1179 const size_t hostname1_count_after_first_query = GetNumQueries(dns, host_name);
1180 EXPECT_LE(1U, hostname1_count_after_first_query);
1181 // Could be A or AAAA
1182 std::string hostname_result_str = ToString(hostname_result);
1183 EXPECT_TRUE(hostname_result_str == "1.2.3.4" || hostname_result_str == "::1.2.3.4");
1184
1185 // Verify that the name is cached.
1186 ScopedAddrinfo hostname2_result = safe_getaddrinfo("HOWDY", nullptr, nullptr);
1187 EXPECT_TRUE(hostname2_result != nullptr);
1188 const size_t hostname1_count_after_second_query = GetNumQueries(dns, host_name);
1189 EXPECT_LE(1U, hostname1_count_after_second_query);
1190
1191 // verify that there is no change in num of queries for howdy.example.com
1192 EXPECT_EQ(hostname1_count_after_first_query, hostname1_count_after_second_query);
1193
1194 // Number of queries for HOWDY.example.com would be >= 1 if domain names
1195 // are considered case-sensitive, else number of queries should be 0.
1196 const size_t hostname2_count = GetNumQueries(dns, host_name2);
1197 EXPECT_EQ(0U,hostname2_count);
1198 std::string hostname2_result_str = ToString(hostname2_result);
1199 EXPECT_TRUE(hostname2_result_str == "1.2.3.4" || hostname2_result_str == "::1.2.3.4");
1200
1201 // verify that the result is still the same address even though
1202 // mixed-case string is not in the DNS
1203 ScopedAddrinfo result = safe_getaddrinfo("HowDY", nullptr, nullptr);
1204 EXPECT_TRUE(result != nullptr);
1205 std::string result_str = ToString(result);
1206 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4");
1207 }
1208
TEST_F(ResolverTest,MultidomainResolution)1209 TEST_F(ResolverTest, MultidomainResolution) {
1210 constexpr char host_name[] = "nihao.example2.com.";
1211 std::vector<std::string> searchDomains = {"example1.com", "example2.com", "example3.com"};
1212
1213 test::DNSResponder dns("127.0.0.6");
1214 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.3"}});
1215 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({"127.0.0.6"}, searchDomains));
1216
1217 const hostent* result = gethostbyname("nihao");
1218
1219 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
1220 ASSERT_FALSE(result == nullptr);
1221 ASSERT_EQ(4, result->h_length);
1222 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
1223 EXPECT_EQ("1.2.3.3", ToString(result));
1224 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
1225 }
1226
TEST_F(ResolverTest,GetAddrInfoV6_numeric)1227 TEST_F(ResolverTest, GetAddrInfoV6_numeric) {
1228 constexpr char host_name[] = "ohayou.example.com.";
1229 constexpr char numeric_addr[] = "fe80::1%lo";
1230
1231 test::DNSResponder dns;
1232 dns.setResponseProbability(0.0);
1233 StartDns(dns, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1234 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1235
1236 addrinfo hints = {.ai_family = AF_INET6};
1237 ScopedAddrinfo result = safe_getaddrinfo(numeric_addr, nullptr, &hints);
1238 EXPECT_TRUE(result != nullptr);
1239 EXPECT_EQ(numeric_addr, ToString(result));
1240 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
1241
1242 // Now try a non-numeric hostname query with the AI_NUMERICHOST flag set.
1243 // We should fail without sending out a DNS query.
1244 hints.ai_flags |= AI_NUMERICHOST;
1245 result = safe_getaddrinfo(host_name, nullptr, &hints);
1246 EXPECT_TRUE(result == nullptr);
1247 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
1248 }
1249
TEST_F(ResolverTest,GetAddrInfoV6_failing)1250 TEST_F(ResolverTest, GetAddrInfoV6_failing) {
1251 constexpr char listen_addr0[] = "127.0.0.7";
1252 constexpr char listen_addr1[] = "127.0.0.8";
1253 const char* host_name = "ohayou.example.com.";
1254
1255 test::DNSResponder dns0(listen_addr0);
1256 test::DNSResponder dns1(listen_addr1);
1257 dns0.setResponseProbability(0.0);
1258 StartDns(dns0, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1259 StartDns(dns1, {{host_name, ns_type::ns_t_aaaa, "2001:db8::6"}});
1260
1261 std::vector<std::string> servers = {listen_addr0, listen_addr1};
1262 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
1263 int sample_count = 8;
1264 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
1265 300, 25, sample_count, sample_count, 0, 0};
1266 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
1267 .setDnsServers(servers)
1268 .setDotServers({})
1269 .setParams(params)
1270 .build()));
1271
1272 // Repeatedly perform resolutions for non-existing domains until MAXNSSAMPLES resolutions have
1273 // reached the dns0, which is set to fail. No more requests should then arrive at that server
1274 // for the next sample_lifetime seconds.
1275 // TODO: This approach is implementation-dependent, change once metrics reporting is available.
1276 const addrinfo hints = {.ai_family = AF_INET6};
1277 for (int i = 0; i < sample_count; ++i) {
1278 std::string domain = fmt::format("nonexistent{}", i);
1279 ScopedAddrinfo result = safe_getaddrinfo(domain.c_str(), nullptr, &hints);
1280 }
1281 // Due to 100% errors for all possible samples, the server should be ignored from now on and
1282 // only the second one used for all following queries, until NSSAMPLE_VALIDITY is reached.
1283 dns0.clearQueries();
1284 dns1.clearQueries();
1285 ScopedAddrinfo result = safe_getaddrinfo("ohayou", nullptr, &hints);
1286 EXPECT_TRUE(result != nullptr);
1287 EXPECT_EQ(0U, GetNumQueries(dns0, host_name));
1288 EXPECT_EQ(1U, GetNumQueries(dns1, host_name));
1289 }
1290
TEST_F(ResolverTest,GetAddrInfoV6_nonresponsive)1291 TEST_F(ResolverTest, GetAddrInfoV6_nonresponsive) {
1292 constexpr char listen_addr0[] = "127.0.0.7";
1293 constexpr char listen_addr1[] = "127.0.0.8";
1294 constexpr char listen_srv[] = "53";
1295 constexpr char host_name1[] = "ohayou.example.com.";
1296 constexpr char host_name2[] = "ciao.example.com.";
1297 const std::vector<std::string> defaultSearchDomain = {"example.com"};
1298 // The minimal timeout is 1000ms, so we can't decrease timeout
1299 // So reduce retry count.
1300 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> reduceRetryParams = {
1301 300, // sample validity in seconds
1302 25, // success threshod in percent
1303 8, 8, // {MIN,MAX}_SAMPLES
1304 1000, // BASE_TIMEOUT_MSEC
1305 1, // retry count
1306 };
1307 const std::vector<DnsRecord> records0 = {
1308 {host_name1, ns_type::ns_t_aaaa, "2001:db8::5"},
1309 {host_name2, ns_type::ns_t_aaaa, "2001:db8::5"},
1310 };
1311 const std::vector<DnsRecord> records1 = {
1312 {host_name1, ns_type::ns_t_aaaa, "2001:db8::6"},
1313 {host_name2, ns_type::ns_t_aaaa, "2001:db8::6"},
1314 };
1315
1316 // dns0 does not respond with 100% probability, while
1317 // dns1 responds normally, at least initially.
1318 test::DNSResponder dns0(listen_addr0, listen_srv, static_cast<ns_rcode>(-1));
1319 test::DNSResponder dns1(listen_addr1, listen_srv, static_cast<ns_rcode>(-1));
1320 dns0.setResponseProbability(0.0);
1321 StartDns(dns0, records0);
1322 StartDns(dns1, records1);
1323 ASSERT_TRUE(
1324 mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
1325 .setDnsServers({listen_addr0, listen_addr1})
1326 .setDotServers({})
1327 .setParams(reduceRetryParams)
1328 .build()));
1329
1330 // Specify ai_socktype to make getaddrinfo will only query 1 time
1331 const addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_STREAM};
1332
1333 // dns0 will ignore the request, and we'll fallback to dns1 after the first
1334 // retry.
1335 ScopedAddrinfo result = safe_getaddrinfo(host_name1, nullptr, &hints);
1336 EXPECT_TRUE(result != nullptr);
1337 EXPECT_EQ(1U, GetNumQueries(dns0, host_name1));
1338 EXPECT_EQ(1U, GetNumQueries(dns1, host_name1));
1339 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, 0, host_name1, {"2001:db8::6"});
1340
1341 // Now make dns1 also ignore 100% requests... The resolve should alternate
1342 // queries between the nameservers and fail
1343 dns1.setResponseProbability(0.0);
1344 addrinfo* result2 = nullptr;
1345 EXPECT_EQ(EAI_NODATA, getaddrinfo(host_name2, nullptr, &hints, &result2));
1346 EXPECT_EQ(nullptr, result2);
1347 EXPECT_EQ(1U, GetNumQueries(dns0, host_name2));
1348 EXPECT_EQ(1U, GetNumQueries(dns1, host_name2));
1349 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, RCODE_TIMEOUT, host_name2, {});
1350 }
1351
TEST_F(ResolverTest,GetAddrInfoV6_concurrent)1352 TEST_F(ResolverTest, GetAddrInfoV6_concurrent) {
1353 constexpr char listen_addr0[] = "127.0.0.9";
1354 constexpr char listen_addr1[] = "127.0.0.10";
1355 constexpr char listen_addr2[] = "127.0.0.11";
1356 constexpr char host_name[] = "konbanha.example.com.";
1357
1358 test::DNSResponder dns0(listen_addr0);
1359 test::DNSResponder dns1(listen_addr1);
1360 test::DNSResponder dns2(listen_addr2);
1361 StartDns(dns0, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1362 StartDns(dns1, {{host_name, ns_type::ns_t_aaaa, "2001:db8::6"}});
1363 StartDns(dns2, {{host_name, ns_type::ns_t_aaaa, "2001:db8::7"}});
1364
1365 const std::vector<std::string> servers = {listen_addr0, listen_addr1, listen_addr2};
1366 std::vector<std::thread> threads(10);
1367 for (std::thread& thread : threads) {
1368 thread = std::thread([this, &servers]() {
1369 unsigned delay = arc4random_uniform(1 * 1000 * 1000); // <= 1s
1370 usleep(delay);
1371 std::vector<std::string> serverSubset;
1372 for (const auto& server : servers) {
1373 if (arc4random_uniform(2)) {
1374 serverSubset.push_back(server);
1375 }
1376 }
1377 if (serverSubset.empty()) serverSubset = servers;
1378 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(serverSubset));
1379 const addrinfo hints = {.ai_family = AF_INET6};
1380 addrinfo* result = nullptr;
1381 int rv = getaddrinfo("konbanha", nullptr, &hints, &result);
1382 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
1383 if (result) {
1384 freeaddrinfo(result);
1385 result = nullptr;
1386 }
1387 });
1388 }
1389 for (std::thread& thread : threads) {
1390 thread.join();
1391 }
1392
1393 const auto resolvInfo = mDnsClient.getResolverInfo();
1394 ASSERT_RESULT_OK(resolvInfo);
1395 EXPECT_EQ(0, resolvInfo.value().waitForPendingReqTimeoutCount);
1396 }
1397
TEST_F(ResolverTest,SkipBadServersDueToInternalError)1398 TEST_F(ResolverTest, SkipBadServersDueToInternalError) {
1399 constexpr char listen_addr1[] = "fe80::1";
1400 constexpr char listen_addr2[] = "255.255.255.255";
1401 constexpr char listen_addr3[] = "127.0.0.3";
1402 int counter = 0; // To generate unique hostnames.
1403 test::DNSResponder dns(listen_addr3);
1404 ASSERT_TRUE(dns.startServer());
1405
1406 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1407 setupParams.servers = {listen_addr1, listen_addr2, listen_addr3};
1408 setupParams.minSamples = 2; // Recognize bad servers in two attempts when sorting not enabled.
1409
1410 ResolverParamsParcel cleanupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1411 cleanupParams.servers.clear();
1412 cleanupParams.tlsServers.clear();
1413
1414 for (const auto& sortNameserversFlag : {"" /* unset */, "0" /* off */, "1" /* on */}) {
1415 SCOPED_TRACE(fmt::format("sortNameversFlag_{}", sortNameserversFlag));
1416 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, sortNameserversFlag);
1417
1418 // Re-setup test network to make experiment flag take effect.
1419 resetNetwork();
1420
1421 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
1422
1423 // Start sending synchronized querying.
1424 for (int i = 0; i < 100; i++) {
1425 std::string hostName = fmt::format("hello{}.com.", counter++);
1426 dns.addMapping(hostName, ns_type::ns_t_a, "1.2.3.4");
1427 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1428 EXPECT_TRUE(safe_getaddrinfo(hostName.c_str(), nullptr, &hints) != nullptr);
1429 }
1430
1431 const std::vector<NameserverStats> targetStats = {
1432 NameserverStats(listen_addr1).setInternalErrors(5),
1433 NameserverStats(listen_addr2).setInternalErrors(5),
1434 NameserverStats(listen_addr3).setSuccesses(setupParams.maxSamples).setRttAvg(1),
1435 };
1436 EXPECT_TRUE(expectStatsNotGreaterThan(targetStats));
1437
1438 // Also verify the number of queries received in the server because res_stats.successes has
1439 // a maximum.
1440 EXPECT_EQ(dns.queries().size(), 100U);
1441
1442 // Reset the state.
1443 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(cleanupParams));
1444 dns.clearQueries();
1445 }
1446 }
1447
TEST_F(ResolverTest,SkipBadServersDueToTimeout)1448 TEST_F(ResolverTest, SkipBadServersDueToTimeout) {
1449 constexpr char listen_addr1[] = "127.0.0.3";
1450 constexpr char listen_addr2[] = "127.0.0.4";
1451 int counter = 0; // To generate unique hostnames.
1452
1453 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1454 setupParams.servers = {listen_addr1, listen_addr2};
1455 setupParams.minSamples = 2; // Recognize bad servers in two attempts when sorting not enabled.
1456
1457 ResolverParamsParcel cleanupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1458 cleanupParams.servers.clear();
1459 cleanupParams.tlsServers.clear();
1460
1461 // Set dns1 non-responsive and dns2 workable.
1462 test::DNSResponder dns1(listen_addr1, test::kDefaultListenService, static_cast<ns_rcode>(-1));
1463 test::DNSResponder dns2(listen_addr2);
1464 dns1.setResponseProbability(0.0);
1465 ASSERT_TRUE(dns1.startServer());
1466 ASSERT_TRUE(dns2.startServer());
1467
1468 for (const auto& sortNameserversFlag : {"" /* unset */, "0" /* off */, "1" /* on */}) {
1469 SCOPED_TRACE(fmt::format("sortNameversFlag_{}", sortNameserversFlag));
1470 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, sortNameserversFlag);
1471
1472 // Re-setup test network to make experiment flag take effect.
1473 resetNetwork();
1474
1475 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
1476
1477 // Start sending synchronized querying.
1478 for (int i = 0; i < 100; i++) {
1479 std::string hostName = fmt::format("hello{}.com.", counter++);
1480 dns1.addMapping(hostName, ns_type::ns_t_a, "1.2.3.4");
1481 dns2.addMapping(hostName, ns_type::ns_t_a, "1.2.3.5");
1482 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1483 EXPECT_TRUE(safe_getaddrinfo(hostName.c_str(), nullptr, &hints) != nullptr);
1484 }
1485
1486 const std::vector<NameserverStats> targetStats = {
1487 NameserverStats(listen_addr1).setTimeouts(5),
1488 NameserverStats(listen_addr2).setSuccesses(setupParams.maxSamples).setRttAvg(1),
1489 };
1490 EXPECT_TRUE(expectStatsNotGreaterThan(targetStats));
1491
1492 // Also verify the number of queries received in the server because res_stats.successes has
1493 // an upper bound.
1494 EXPECT_GT(dns1.queries().size(), 0U);
1495 EXPECT_LT(dns1.queries().size(), 5U);
1496 EXPECT_EQ(dns2.queries().size(), 100U);
1497
1498 // Reset the state.
1499 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(cleanupParams));
1500 dns1.clearQueries();
1501 dns2.clearQueries();
1502 }
1503 }
1504
TEST_F(ResolverTest,GetAddrInfoFromCustTable_InvalidInput)1505 TEST_F(ResolverTest, GetAddrInfoFromCustTable_InvalidInput) {
1506 constexpr char hostnameNoip[] = "noip.example.com.";
1507 constexpr char hostnameInvalidip[] = "invalidip.example.com.";
1508 const std::vector<aidl::android::net::ResolverHostsParcel> invalidCustHosts = {
1509 {"", hostnameNoip},
1510 {"wrong IP", hostnameInvalidip},
1511 };
1512 test::DNSResponder dns;
1513 StartDns(dns, {});
1514 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1515
1516 ResolverOptionsParcel resolverOptions;
1517 resolverOptions.hosts = invalidCustHosts;
1518 if (!mIsResolverOptionIPCSupported) {
1519 resolverParams.resolverOptions = resolverOptions;
1520 }
1521 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1522 if (mIsResolverOptionIPCSupported) {
1523 ASSERT_TRUE(mDnsClient.resolvService()
1524 ->setResolverOptions(resolverParams.netId, resolverOptions)
1525 .isOk());
1526 }
1527 for (const auto& hostname : {hostnameNoip, hostnameInvalidip}) {
1528 // The query won't get data from customized table because of invalid customized table
1529 // and DNSResponder also has no records. hostnameNoip has never registered and
1530 // hostnameInvalidip has registered but wrong IP.
1531 const addrinfo hints = {.ai_family = AF_UNSPEC};
1532 ScopedAddrinfo result = safe_getaddrinfo(hostname, nullptr, &hints);
1533 ASSERT_TRUE(result == nullptr);
1534 EXPECT_EQ(4U, GetNumQueries(dns, hostname));
1535 }
1536 }
1537
TEST_F(ResolverTest,GetAddrInfoFromCustTable)1538 TEST_F(ResolverTest, GetAddrInfoFromCustTable) {
1539 constexpr char hostnameV4[] = "v4only.example.com.";
1540 constexpr char hostnameV6[] = "v6only.example.com.";
1541 constexpr char hostnameV4V6[] = "v4v6.example.com.";
1542 constexpr char custAddrV4[] = "1.2.3.4";
1543 constexpr char custAddrV6[] = "::1.2.3.4";
1544 constexpr char dnsSvAddrV4[] = "1.2.3.5";
1545 constexpr char dnsSvAddrV6[] = "::1.2.3.5";
1546 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4 = {
1547 {custAddrV4, hostnameV4},
1548 };
1549 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV6 = {
1550 {custAddrV6, hostnameV6},
1551 };
1552 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4V6 = {
1553 {custAddrV4, hostnameV4V6},
1554 {custAddrV6, hostnameV4V6},
1555 };
1556 const std::vector<DnsRecord> dnsSvHostV4 = {
1557 {hostnameV4, ns_type::ns_t_a, dnsSvAddrV4},
1558 };
1559 const std::vector<DnsRecord> dnsSvHostV6 = {
1560 {hostnameV6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1561 };
1562 const std::vector<DnsRecord> dnsSvHostV4V6 = {
1563 {hostnameV4V6, ns_type::ns_t_a, dnsSvAddrV4},
1564 {hostnameV4V6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1565 };
1566 struct TestConfig {
1567 const std::string name;
1568 const std::vector<aidl::android::net::ResolverHostsParcel> customizedHosts;
1569 const std::vector<DnsRecord> dnsserverHosts;
1570 const std::vector<std::string> queryResult;
1571 std::string asParameters() const {
1572 return fmt::format("name: {}, customizedHosts: {}, dnsserverHosts: {}", name,
1573 customizedHosts.empty() ? "No" : "Yes",
1574 dnsserverHosts.empty() ? "No" : "Yes");
1575 }
1576 } testConfigs[]{
1577 // clang-format off
1578 {hostnameV4, {}, {}, {}},
1579 {hostnameV4, {}, dnsSvHostV4, {dnsSvAddrV4}},
1580 {hostnameV4, custHostV4, {}, {custAddrV4}},
1581 {hostnameV4, custHostV4, dnsSvHostV4, {custAddrV4}},
1582 {hostnameV6, {}, {}, {}},
1583 {hostnameV6, {}, dnsSvHostV6, {dnsSvAddrV6}},
1584 {hostnameV6, custHostV6, {}, {custAddrV6}},
1585 {hostnameV6, custHostV6, dnsSvHostV6, {custAddrV6}},
1586 {hostnameV4V6, {}, {}, {}},
1587 {hostnameV4V6, {}, dnsSvHostV4V6, {dnsSvAddrV4, dnsSvAddrV6}},
1588 {hostnameV4V6, custHostV4V6, {}, {custAddrV4, custAddrV6}},
1589 {hostnameV4V6, custHostV4V6, dnsSvHostV4V6, {custAddrV4, custAddrV6}},
1590 // clang-format on
1591 };
1592
1593 for (const auto& config : testConfigs) {
1594 SCOPED_TRACE(config.asParameters());
1595
1596 test::DNSResponder dns;
1597 StartDns(dns, config.dnsserverHosts);
1598
1599 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1600 ResolverOptionsParcel resolverOptions;
1601 resolverOptions.hosts = config.customizedHosts;
1602 if (!mIsResolverOptionIPCSupported) {
1603 resolverParams.resolverOptions = resolverOptions;
1604 }
1605 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1606
1607 if (mIsResolverOptionIPCSupported) {
1608 ASSERT_TRUE(mDnsClient.resolvService()
1609 ->setResolverOptions(resolverParams.netId, resolverOptions)
1610 .isOk());
1611 }
1612 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1613 ScopedAddrinfo result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
1614 if (config.customizedHosts.empty() && config.dnsserverHosts.empty()) {
1615 ASSERT_TRUE(result == nullptr);
1616 EXPECT_EQ(2U, GetNumQueries(dns, config.name.c_str()));
1617 } else {
1618 ASSERT_TRUE(result != nullptr);
1619 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.queryResult));
1620 EXPECT_EQ(config.customizedHosts.empty() ? 2U : 0U,
1621 GetNumQueries(dns, config.name.c_str()));
1622 }
1623
1624 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
1625 }
1626 }
1627
TEST_F(ResolverTest,GetAddrInfoFromCustTable_Modify)1628 TEST_F(ResolverTest, GetAddrInfoFromCustTable_Modify) {
1629 constexpr char hostnameV4V6[] = "v4v6.example.com.";
1630 constexpr char custAddrV4[] = "1.2.3.4";
1631 constexpr char custAddrV6[] = "::1.2.3.4";
1632 constexpr char dnsSvAddrV4[] = "1.2.3.5";
1633 constexpr char dnsSvAddrV6[] = "::1.2.3.5";
1634 const std::vector<DnsRecord> dnsSvHostV4V6 = {
1635 {hostnameV4V6, ns_type::ns_t_a, dnsSvAddrV4},
1636 {hostnameV4V6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1637 };
1638 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4V6 = {
1639 {custAddrV4, hostnameV4V6},
1640 {custAddrV6, hostnameV4V6},
1641 };
1642 test::DNSResponder dns;
1643 StartDns(dns, dnsSvHostV4V6);
1644 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1645
1646 ResolverOptionsParcel resolverOptions;
1647 resolverOptions.hosts = custHostV4V6;
1648 if (!mIsResolverOptionIPCSupported) {
1649 resolverParams.resolverOptions = resolverOptions;
1650 }
1651 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1652
1653 if (mIsResolverOptionIPCSupported) {
1654 ASSERT_TRUE(mDnsClient.resolvService()
1655 ->setResolverOptions(resolverParams.netId, resolverOptions)
1656 .isOk());
1657 }
1658
1659 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1660 ScopedAddrinfo result = safe_getaddrinfo(hostnameV4V6, nullptr, &hints);
1661 ASSERT_TRUE(result != nullptr);
1662 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray({custAddrV4, custAddrV6}));
1663 EXPECT_EQ(0U, GetNumQueries(dns, hostnameV4V6));
1664
1665 resolverOptions.hosts = {};
1666 if (!mIsResolverOptionIPCSupported) {
1667 resolverParams.resolverOptions = resolverOptions;
1668 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1669 } else {
1670 ASSERT_TRUE(mDnsClient.resolvService()
1671 ->setResolverOptions(resolverParams.netId, resolverOptions)
1672 .isOk());
1673 }
1674 result = safe_getaddrinfo(hostnameV4V6, nullptr, &hints);
1675 ASSERT_TRUE(result != nullptr);
1676 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray({dnsSvAddrV4, dnsSvAddrV6}));
1677 EXPECT_EQ(2U, GetNumQueries(dns, hostnameV4V6));
1678 }
1679
TEST_F(ResolverTest,GetAddrInfoV4V6FromCustTable_MultiAnswers)1680 TEST_F(ResolverTest, GetAddrInfoV4V6FromCustTable_MultiAnswers) {
1681 test::DNSResponder dns;
1682 StartDns(dns, {});
1683
1684 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1685 ResolverOptionsParcel resolverOptions;
1686 resolverOptions.hosts = {
1687 {kHelloExampleComAddrV4, kHelloExampleCom},
1688 {kHelloExampleComAddrV6_GUA, kHelloExampleCom},
1689 {kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleCom},
1690 {kHelloExampleComAddrV6_TEREDO, kHelloExampleCom},
1691 };
1692 if (!mIsResolverOptionIPCSupported) {
1693 resolverParams.resolverOptions = resolverOptions;
1694 }
1695 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1696
1697 if (mIsResolverOptionIPCSupported) {
1698 ASSERT_TRUE(mDnsClient.resolvService()
1699 ->setResolverOptions(resolverParams.netId, resolverOptions)
1700 .isOk());
1701 }
1702
1703 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1704 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1705 ASSERT_TRUE(result != nullptr);
1706 // Expect the order is the same as the order of record insertion because the custom table uses
1707 // std::multimap to store and the queried results are not sorted by RFC 6724.
1708 // See getCustomHosts in packages/modules/DnsResolver/getaddrinfo.cpp
1709 EXPECT_THAT(ToStrings(result),
1710 testing::ElementsAreArray({kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1711 kHelloExampleComAddrV6_IPV4COMPAT,
1712 kHelloExampleComAddrV6_TEREDO}));
1713 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
1714
1715 hints = {.ai_family = AF_UNSPEC};
1716 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1717 ASSERT_TRUE(result != nullptr);
1718 // The overall result is the concatenation of each result from explore_fqdn().
1719 // resolv_getaddrinfo() calls explore_fqdn() many times by the different explore_options.
1720 // It means that the results of each explore_options keep the order and concatenates
1721 // all results into one link list. The address order of the output addrinfo is:
1722 // 1.2.3.4 (socktype=2, protocol=17) ->
1723 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1724 // ::1.2.3.4 (socktype=2, protocol=17) ->
1725 // 2001::47c1 (socktype=2, protocol=17) ->
1726 // 1.2.3.4 (socktype=1, protocol=6) ->
1727 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1728 // ::1.2.3.4 (socktype=1, protocol=6) ->
1729 // 2001::47c1 (socktype=1, protocol=6)
1730 //
1731 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1732 EXPECT_THAT(ToStrings(result),
1733 testing::ElementsAreArray(
1734 {kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1735 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_TEREDO,
1736 kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1737 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_TEREDO}));
1738 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
1739 }
1740
TEST_F(ResolverTest,EmptySetup)1741 TEST_F(ResolverTest, EmptySetup) {
1742 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParamsParcel{.netId = TEST_NETID}));
1743 const auto resolvInfo = mDnsClient.getResolverInfo();
1744 ASSERT_RESULT_OK(resolvInfo);
1745 EXPECT_TRUE(resolvInfo.value().dnsServers.empty());
1746 EXPECT_TRUE(resolvInfo.value().domains.empty());
1747 EXPECT_TRUE(resolvInfo.value().dotServers.empty());
1748 EXPECT_EQ(0U, resolvInfo.value().params.sample_validity);
1749 EXPECT_EQ(0U, resolvInfo.value().params.success_threshold);
1750 EXPECT_EQ(0U, resolvInfo.value().params.min_samples);
1751 EXPECT_EQ(0U, resolvInfo.value().params.max_samples);
1752 // We don't check baseTimeoutMsec and retryCount because their value differ depending on
1753 // the experiment flags.
1754 }
1755
TEST_F(ResolverTest,SearchPathChange)1756 TEST_F(ResolverTest, SearchPathChange) {
1757 constexpr char listen_addr[] = "127.0.0.13";
1758 constexpr char host_name1[] = "test13.domain1.org.";
1759 constexpr char host_name2[] = "test13.domain2.org.";
1760 std::vector<std::string> servers = {listen_addr};
1761 std::vector<std::string> domains = {"domain1.org"};
1762
1763 const std::vector<DnsRecord> records = {
1764 {host_name1, ns_type::ns_t_aaaa, "2001:db8::13"},
1765 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13"},
1766 };
1767 test::DNSResponder dns(listen_addr);
1768 StartDns(dns, records);
1769 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1770
1771 const addrinfo hints = {.ai_family = AF_INET6};
1772 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
1773 EXPECT_TRUE(result != nullptr);
1774 EXPECT_EQ(1U, dns.queries().size());
1775 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
1776 EXPECT_EQ("2001:db8::13", ToString(result));
1777
1778 // Test that changing the domain search path on its own works.
1779 domains = {"domain2.org"};
1780 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1781 dns.clearQueries();
1782
1783 result = safe_getaddrinfo("test13", nullptr, &hints);
1784 EXPECT_TRUE(result != nullptr);
1785 EXPECT_EQ(1U, dns.queries().size());
1786 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
1787 EXPECT_EQ("2001:db8::1:13", ToString(result));
1788 }
1789
TEST_F(ResolverTest,SearchPathPrune)1790 TEST_F(ResolverTest, SearchPathPrune) {
1791 constexpr size_t DUPLICATED_DOMAIN_NUM = 3;
1792 constexpr char listen_addr[] = "127.0.0.13";
1793 constexpr char domian_name1[] = "domain13.org.";
1794 constexpr char domian_name2[] = "domain14.org.";
1795 constexpr char host_name1[] = "test13.domain13.org.";
1796 constexpr char host_name2[] = "test14.domain14.org.";
1797 std::vector<std::string> servers = {listen_addr};
1798
1799 std::vector<std::string> testDomains1;
1800 std::vector<std::string> testDomains2;
1801 // Domain length should be <= 255
1802 // Max number of domains in search path is 6
1803 for (size_t i = 0; i < MAXDNSRCH + 1; i++) {
1804 // Fill up with invalid domain
1805 testDomains1.push_back(std::string(300, i + '0'));
1806 // Fill up with valid but duplicated domain
1807 testDomains2.push_back(fmt::format("domain{}.org", i % DUPLICATED_DOMAIN_NUM));
1808 }
1809
1810 // Add valid domain used for query.
1811 testDomains1.push_back(domian_name1);
1812
1813 // Add valid domain twice used for query.
1814 testDomains2.push_back(domian_name2);
1815 testDomains2.push_back(domian_name2);
1816
1817 const std::vector<DnsRecord> records = {
1818 {host_name1, ns_type::ns_t_aaaa, "2001:db8::13"},
1819 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13"},
1820 };
1821 test::DNSResponder dns(listen_addr);
1822 StartDns(dns, records);
1823 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, testDomains1));
1824
1825 const addrinfo hints = {.ai_family = AF_INET6};
1826 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
1827
1828 EXPECT_TRUE(result != nullptr);
1829
1830 EXPECT_EQ(1U, dns.queries().size());
1831 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
1832 EXPECT_EQ("2001:db8::13", ToString(result));
1833
1834 auto resolvInfo = mDnsClient.getResolverInfo();
1835 ASSERT_RESULT_OK(resolvInfo);
1836 const auto& res_domains1 = resolvInfo.value().domains;
1837 // Expect 1 valid domain, invalid domains are removed.
1838 ASSERT_EQ(1U, res_domains1.size());
1839 EXPECT_EQ(domian_name1, res_domains1[0]);
1840
1841 dns.clearQueries();
1842
1843 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, testDomains2));
1844
1845 result = safe_getaddrinfo("test14", nullptr, &hints);
1846 EXPECT_TRUE(result != nullptr);
1847
1848 // (3 domains * 2 retries) + 1 success query = 7
1849 EXPECT_EQ(7U, dns.queries().size());
1850 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
1851 EXPECT_EQ("2001:db8::1:13", ToString(result));
1852
1853 resolvInfo = mDnsClient.getResolverInfo();
1854 ASSERT_RESULT_OK(resolvInfo);
1855 const auto& res_domains2 = resolvInfo.value().domains;
1856 // Expect 4 valid domain, duplicate domains are removed.
1857 EXPECT_EQ(DUPLICATED_DOMAIN_NUM + 1U, res_domains2.size());
1858 EXPECT_THAT(
1859 std::vector<std::string>({"domain0.org", "domain1.org", "domain2.org", domian_name2}),
1860 testing::ElementsAreArray(res_domains2));
1861 }
1862
1863 // If we move this function to dns_responder_client, it will complicate the dependency need of
1864 // dns_tls_frontend.h.
setupTlsServers(const std::vector<std::string> & servers,std::vector<std::unique_ptr<test::DnsTlsFrontend>> * tls)1865 static void setupTlsServers(const std::vector<std::string>& servers,
1866 std::vector<std::unique_ptr<test::DnsTlsFrontend>>* tls) {
1867 constexpr char listen_udp[] = "53";
1868 constexpr char listen_tls[] = "853";
1869
1870 for (const auto& server : servers) {
1871 auto t = std::make_unique<test::DnsTlsFrontend>(server, listen_tls, server, listen_udp);
1872 t = std::make_unique<test::DnsTlsFrontend>(server, listen_tls, server, listen_udp);
1873 t->startServer();
1874 tls->push_back(std::move(t));
1875 }
1876 }
1877
TEST_F(ResolverTest,MaxServerPrune_Binder)1878 TEST_F(ResolverTest, MaxServerPrune_Binder) {
1879 std::vector<std::string> domains;
1880 std::vector<std::unique_ptr<test::DNSResponder>> dns;
1881 std::vector<std::unique_ptr<test::DnsTlsFrontend>> tls;
1882 std::vector<std::string> servers;
1883 std::vector<DnsResponderClient::Mapping> mappings;
1884
1885 for (unsigned i = 0; i < MAXDNSRCH + 1; i++) {
1886 domains.push_back(fmt::format("example{}.com", i));
1887 }
1888 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupMappings(1, domains, &mappings));
1889 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupDNSServers(MAXNS + 1, mappings, &dns, &servers));
1890 ASSERT_NO_FATAL_FAILURE(setupTlsServers(servers, &tls));
1891
1892 const auto parcel = ResolverParams::Builder()
1893 .setDomains(domains)
1894 .setDnsServers(servers)
1895 .setDotServers(servers)
1896 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
1897 .build();
1898 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1899
1900 // If the private DNS validation hasn't completed yet before backend DNS servers stop,
1901 // TLS servers will get stuck in handleOneRequest(), which causes this test stuck in
1902 // ~DnsTlsFrontend() because the TLS server loop threads can't be terminated.
1903 // So, wait for private DNS validation done before stopping backend DNS servers.
1904 for (int i = 0; i < MAXNS; i++) {
1905 LOG(INFO) << "Waiting for private DNS validation on " << tls[i]->listen_address() << ".";
1906 EXPECT_TRUE(WaitForPrivateDnsValidation(tls[i]->listen_address(), true));
1907 LOG(INFO) << "private DNS validation on " << tls[i]->listen_address() << " done.";
1908 }
1909
1910 const auto resolvInfo = mDnsClient.getResolverInfo();
1911 ASSERT_RESULT_OK(resolvInfo);
1912 EXPECT_EQ(static_cast<size_t>(MAXNS), resolvInfo.value().dnsServers.size());
1913 EXPECT_EQ(static_cast<size_t>(MAXNS), resolvInfo.value().dotServers.size());
1914 EXPECT_EQ(static_cast<size_t>(MAXDNSRCH), resolvInfo.value().domains.size());
1915 EXPECT_TRUE(std::equal(servers.begin(), servers.begin() + MAXNS,
1916 resolvInfo.value().dnsServers.begin()));
1917 EXPECT_TRUE(std::equal(servers.begin(), servers.begin() + MAXNS,
1918 resolvInfo.value().dotServers.begin()));
1919 EXPECT_TRUE(std::equal(domains.begin(), domains.begin() + MAXDNSRCH,
1920 resolvInfo.value().domains.begin()));
1921 }
1922
TEST_F(ResolverTest,ResolverStats)1923 TEST_F(ResolverTest, ResolverStats) {
1924 constexpr char listen_addr1[] = "127.0.0.4";
1925 constexpr char listen_addr2[] = "127.0.0.5";
1926 constexpr char listen_addr3[] = "127.0.0.6";
1927
1928 // Set server 1 timeout.
1929 test::DNSResponder dns1(listen_addr1, "53", static_cast<ns_rcode>(-1));
1930 dns1.setResponseProbability(0.0);
1931 ASSERT_TRUE(dns1.startServer());
1932
1933 // Set server 2 responding server failure.
1934 test::DNSResponder dns2(listen_addr2);
1935 dns2.setResponseProbability(0.0);
1936 ASSERT_TRUE(dns2.startServer());
1937
1938 // Set server 3 workable.
1939 test::DNSResponder dns3(listen_addr3);
1940 dns3.addMapping(kHelloExampleCom, ns_type::ns_t_a, "1.2.3.4");
1941 ASSERT_TRUE(dns3.startServer());
1942
1943 std::vector<std::string> servers = {listen_addr1, listen_addr2, listen_addr3};
1944 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
1945
1946 dns3.clearQueries();
1947 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1948 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1949 size_t found = GetNumQueries(dns3, kHelloExampleCom);
1950 EXPECT_LE(1U, found);
1951 std::string result_str = ToString(result);
1952 EXPECT_TRUE(result_str == "1.2.3.4") << ", result_str='" << result_str << "'";
1953
1954 const std::vector<NameserverStats> expectedCleartextDnsStats = {
1955 NameserverStats(listen_addr1).setTimeouts(1),
1956 NameserverStats(listen_addr2).setErrors(1),
1957 NameserverStats(listen_addr3).setSuccesses(1).setRttAvg(1),
1958 };
1959 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
1960 }
1961
TEST_F(ResolverTest,AlwaysUseLatestSetupParamsInLookups)1962 TEST_F(ResolverTest, AlwaysUseLatestSetupParamsInLookups) {
1963 constexpr char listen_addr1[] = "127.0.0.3";
1964 constexpr char listen_addr2[] = "255.255.255.255";
1965 constexpr char listen_addr3[] = "127.0.0.4";
1966 constexpr char hostname[] = "hello";
1967 constexpr char fqdn_with_search_domain[] = "hello.domain2.com.";
1968
1969 test::DNSResponder dns1(listen_addr1, test::kDefaultListenService, static_cast<ns_rcode>(-1));
1970 dns1.setResponseProbability(0.0);
1971 ASSERT_TRUE(dns1.startServer());
1972
1973 test::DNSResponder dns3(listen_addr3);
1974 StartDns(dns3, {{fqdn_with_search_domain, ns_type::ns_t_a, "1.2.3.4"}});
1975
1976 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
1977 parcel.tlsServers.clear();
1978 parcel.servers = {listen_addr1, listen_addr2};
1979 parcel.domains = {"domain1.com", "domain2.com"};
1980 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1981
1982 // Expect the things happening in t1:
1983 // 1. The lookup starts using the first domain for query. It sends queries to the populated
1984 // nameserver list {listen_addr1, listen_addr2} for the hostname "hello.domain1.com".
1985 // 2. A different list of nameservers is updated to the resolver. Revision ID is incremented.
1986 // 3. The query for the hostname times out. The lookup fails to add the timeout record to the
1987 // the stats because of the unmatched revision ID.
1988 // 4. The lookup starts using the second domain for query. It sends queries to the populated
1989 // nameserver list {listen_addr3, listen_addr1, listen_addr2} for another hostname
1990 // "hello.domain2.com".
1991 // 5. The lookup gets the answer and updates a success record to the stats.
1992 std::thread t1([&hostname]() {
1993 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1994 ScopedAddrinfo result = safe_getaddrinfo(hostname, nullptr, &hints);
1995 EXPECT_NE(result.get(), nullptr);
1996 EXPECT_EQ(ToString(result), "1.2.3.4");
1997 });
1998
1999 // Wait for t1 to start the step 1.
2000 while (dns1.queries().size() == 0) {
2001 usleep(1000);
2002 }
2003
2004 // Update the resolver with three nameservers. This will increment the revision ID.
2005 parcel.servers = {listen_addr3, listen_addr1, listen_addr2};
2006 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
2007
2008 t1.join();
2009 EXPECT_EQ(0U, GetNumQueriesForType(dns3, ns_type::ns_t_aaaa, fqdn_with_search_domain));
2010 EXPECT_EQ(1U, GetNumQueriesForType(dns3, ns_type::ns_t_a, fqdn_with_search_domain));
2011
2012 const std::vector<NameserverStats> expectedCleartextDnsStats = {
2013 NameserverStats(listen_addr1),
2014 NameserverStats(listen_addr2),
2015 NameserverStats(listen_addr3).setSuccesses(1).setRttAvg(1),
2016 };
2017 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
2018 }
2019
2020 // Test what happens if the specified TLS server is nonexistent.
TEST_F(ResolverTest,GetHostByName_TlsMissing)2021 TEST_F(ResolverTest, GetHostByName_TlsMissing) {
2022 constexpr char host_name[] = "tlsmissing.example.com.";
2023 test::DNSResponder dns;
2024 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.3"}});
2025
2026 // There's nothing listening on this address, so validation will either fail or
2027 /// hang. Either way, queries will continue to flow to the DNSResponder.
2028 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2029
2030 const hostent* result;
2031 result = gethostbyname("tlsmissing");
2032 ASSERT_FALSE(result == nullptr);
2033 EXPECT_EQ("1.2.3.3", ToString(result));
2034 }
2035
2036 // Test what happens if the specified TLS server replies with garbage.
TEST_F(ResolverTest,GetHostByName_TlsBroken)2037 TEST_F(ResolverTest, GetHostByName_TlsBroken) {
2038 constexpr char host_name1[] = "tlsbroken1.example.com.";
2039 constexpr char host_name2[] = "tlsbroken2.example.com.";
2040 const std::vector<DnsRecord> records = {
2041 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2042 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2043 };
2044
2045 test::DNSResponder dns;
2046 StartDns(dns, records);
2047
2048 // Bind the specified private DNS socket but don't respond to any client sockets yet.
2049 int s = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
2050 ASSERT_TRUE(s >= 0);
2051 struct sockaddr_in tlsServer = {
2052 .sin_family = AF_INET,
2053 .sin_port = htons(853),
2054 };
2055 ASSERT_TRUE(inet_pton(AF_INET, kDefaultServer, &tlsServer.sin_addr));
2056 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEPORT).ok());
2057 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEADDR).ok());
2058 ASSERT_FALSE(bind(s, reinterpret_cast<struct sockaddr*>(&tlsServer), sizeof(tlsServer)));
2059 ASSERT_FALSE(listen(s, 1));
2060
2061 // Trigger TLS validation.
2062 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2063
2064 struct sockaddr_storage cliaddr;
2065 socklen_t sin_size = sizeof(cliaddr);
2066 int new_fd = accept4(s, reinterpret_cast<struct sockaddr*>(&cliaddr), &sin_size, SOCK_CLOEXEC);
2067 ASSERT_TRUE(new_fd > 0);
2068
2069 // We've received the new file descriptor but not written to it or closed, so the
2070 // validation is still pending. Queries should still flow correctly because the
2071 // server is not used until validation succeeds.
2072 const hostent* result;
2073 result = gethostbyname("tlsbroken1");
2074 ASSERT_FALSE(result == nullptr);
2075 EXPECT_EQ("1.2.3.1", ToString(result));
2076
2077 // Now we cause the validation to fail.
2078 std::string garbage = "definitely not a valid TLS ServerHello";
2079 write(new_fd, garbage.data(), garbage.size());
2080 close(new_fd);
2081
2082 // Validation failure shouldn't interfere with lookups, because lookups won't be sent
2083 // to the TLS server unless validation succeeds.
2084 result = gethostbyname("tlsbroken2");
2085 ASSERT_FALSE(result == nullptr);
2086 EXPECT_EQ("1.2.3.2", ToString(result));
2087
2088 // Clear TLS bit.
2089 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2090 close(s);
2091 }
2092
TEST_F(ResolverTest,GetHostByName_Tls)2093 TEST_F(ResolverTest, GetHostByName_Tls) {
2094 constexpr char listen_udp[] = "53";
2095 constexpr char listen_tls[] = "853";
2096 constexpr char host_name1[] = "tls1.example.com.";
2097 constexpr char host_name2[] = "tls2.example.com.";
2098 constexpr char host_name3[] = "tls3.example.com.";
2099 const std::vector<DnsRecord> records = {
2100 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2101 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2102 {host_name3, ns_type::ns_t_a, "1.2.3.3"},
2103 };
2104
2105 test::DNSResponder dns;
2106 StartDns(dns, records);
2107
2108 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2109 ASSERT_TRUE(tls.startServer());
2110 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2111 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2112
2113 const hostent* result = gethostbyname("tls1");
2114 ASSERT_FALSE(result == nullptr);
2115 EXPECT_EQ("1.2.3.1", ToString(result));
2116
2117 // Wait for query to get counted.
2118 EXPECT_TRUE(tls.waitForQueries(2));
2119
2120 // Stop the TLS server. Since we're in opportunistic mode, queries will
2121 // fall back to the locally-assigned (clear text) nameservers.
2122 tls.stopServer();
2123
2124 dns.clearQueries();
2125 result = gethostbyname("tls2");
2126 EXPECT_FALSE(result == nullptr);
2127 EXPECT_EQ("1.2.3.2", ToString(result));
2128 const auto queries = dns.queries();
2129 EXPECT_EQ(1U, queries.size());
2130 EXPECT_EQ("tls2.example.com.", queries[0].name);
2131 EXPECT_EQ(ns_t_a, queries[0].type);
2132
2133 // Reset the resolvers without enabling TLS. Queries should still be routed
2134 // to the UDP endpoint.
2135 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2136
2137 result = gethostbyname("tls3");
2138 ASSERT_FALSE(result == nullptr);
2139 EXPECT_EQ("1.2.3.3", ToString(result));
2140 }
2141
TEST_F(ResolverTest,GetHostByName_TlsFailover)2142 TEST_F(ResolverTest, GetHostByName_TlsFailover) {
2143 constexpr char listen_addr1[] = "127.0.0.3";
2144 constexpr char listen_addr2[] = "127.0.0.4";
2145 constexpr char listen_udp[] = "53";
2146 constexpr char listen_tls[] = "853";
2147 constexpr char host_name1[] = "tlsfailover1.example.com.";
2148 constexpr char host_name2[] = "tlsfailover2.example.com.";
2149 const std::vector<DnsRecord> records1 = {
2150 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2151 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2152 };
2153 const std::vector<DnsRecord> records2 = {
2154 {host_name1, ns_type::ns_t_a, "1.2.3.3"},
2155 {host_name2, ns_type::ns_t_a, "1.2.3.4"},
2156 };
2157
2158 test::DNSResponder dns1(listen_addr1);
2159 test::DNSResponder dns2(listen_addr2);
2160 StartDns(dns1, records1);
2161 StartDns(dns2, records2);
2162
2163 std::vector<std::string> servers = {listen_addr1, listen_addr2};
2164
2165 test::DnsTlsFrontend tls1(listen_addr1, listen_tls, listen_addr1, listen_udp);
2166 test::DnsTlsFrontend tls2(listen_addr2, listen_tls, listen_addr2, listen_udp);
2167 ASSERT_TRUE(tls1.startServer());
2168 ASSERT_TRUE(tls2.startServer());
2169 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2170 ResolverParams::Builder()
2171 .setDnsServers(servers)
2172 .setDotServers(servers)
2173 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
2174 .build()));
2175 EXPECT_TRUE(WaitForPrivateDnsValidation(tls1.listen_address(), true));
2176 EXPECT_TRUE(WaitForPrivateDnsValidation(tls2.listen_address(), true));
2177
2178 const hostent* result = gethostbyname("tlsfailover1");
2179 ASSERT_FALSE(result == nullptr);
2180 EXPECT_EQ("1.2.3.1", ToString(result));
2181
2182 // Wait for query to get counted.
2183 EXPECT_TRUE(tls1.waitForQueries(2));
2184 // No new queries should have reached tls2.
2185 EXPECT_TRUE(tls2.waitForQueries(1));
2186
2187 // Stop tls1. Subsequent queries should attempt to reach tls1, fail, and retry to tls2.
2188 tls1.stopServer();
2189
2190 result = gethostbyname("tlsfailover2");
2191 EXPECT_EQ("1.2.3.4", ToString(result));
2192
2193 // Wait for query to get counted.
2194 EXPECT_TRUE(tls2.waitForQueries(2));
2195
2196 // No additional queries should have reached the insecure servers.
2197 EXPECT_EQ(2U, dns1.queries().size());
2198 EXPECT_EQ(2U, dns2.queries().size());
2199
2200 // Clear TLS bit.
2201 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2202 }
2203
TEST_F(ResolverTest,GetHostByName_BadTlsName)2204 TEST_F(ResolverTest, GetHostByName_BadTlsName) {
2205 constexpr char listen_udp[] = "53";
2206 constexpr char listen_tls[] = "853";
2207 constexpr char host_name[] = "badtlsname.example.com.";
2208
2209 test::DNSResponder dns;
2210 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.1"}});
2211
2212 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2213 ASSERT_TRUE(tls.startServer());
2214 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2215 ResolverParams::Builder()
2216 .setPrivateDnsProvider(kDefaultIncorrectPrivateDnsHostName)
2217 .build()));
2218
2219 // The TLS handshake would fail because the name of TLS server doesn't
2220 // match with TLS server's certificate.
2221 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), false));
2222
2223 // The query should fail hard, because a name was specified.
2224 EXPECT_EQ(nullptr, gethostbyname("badtlsname"));
2225
2226 // Clear TLS bit.
2227 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2228 }
2229
TEST_F(ResolverTest,GetAddrInfo_Tls)2230 TEST_F(ResolverTest, GetAddrInfo_Tls) {
2231 constexpr char listen_udp[] = "53";
2232 constexpr char listen_tls[] = "853";
2233 constexpr char host_name[] = "addrinfotls.example.com.";
2234 const std::vector<DnsRecord> records = {
2235 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2236 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2237 };
2238
2239 test::DNSResponder dns;
2240 StartDns(dns, records);
2241
2242 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2243 ASSERT_TRUE(tls.startServer());
2244 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2245 ResolverParams::Builder().setPrivateDnsProvider(kDefaultPrivateDnsHostName).build()));
2246 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2247
2248 dns.clearQueries();
2249 ScopedAddrinfo result = safe_getaddrinfo("addrinfotls", nullptr, nullptr);
2250 EXPECT_TRUE(result != nullptr);
2251 size_t found = GetNumQueries(dns, host_name);
2252 EXPECT_LE(1U, found);
2253 // Could be A or AAAA
2254 std::string result_str = ToString(result);
2255 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
2256 << ", result_str='" << result_str << "'";
2257 // Wait for both A and AAAA queries to get counted.
2258 EXPECT_TRUE(tls.waitForQueries(3));
2259 }
2260
TEST_F(ResolverTest,TlsBypass)2261 TEST_F(ResolverTest, TlsBypass) {
2262 const char OFF[] = "off";
2263 const char OPPORTUNISTIC[] = "opportunistic";
2264 const char STRICT[] = "strict";
2265
2266 const char GETHOSTBYNAME[] = "gethostbyname";
2267 const char GETADDRINFO[] = "getaddrinfo";
2268 const char GETADDRINFOFORNET[] = "getaddrinfofornet";
2269
2270 const unsigned BYPASS_NETID = NETID_USE_LOCAL_NAMESERVERS | TEST_NETID;
2271
2272 const char ADDR4[] = "192.0.2.1";
2273 const char ADDR6[] = "2001:db8::1";
2274
2275 const char cleartext_addr[] = "127.0.0.53";
2276 const char cleartext_port[] = "53";
2277 const char tls_port[] = "853";
2278 const std::vector<std::string> servers = {cleartext_addr};
2279
2280 test::DNSResponder dns(cleartext_addr);
2281 ASSERT_TRUE(dns.startServer());
2282
2283 test::DnsTlsFrontend tls(cleartext_addr, tls_port, cleartext_addr, cleartext_port);
2284 ASSERT_TRUE(tls.startServer());
2285
2286 // clang-format off
2287 struct TestConfig {
2288 const std::string mode;
2289 const bool withWorkingTLS;
2290 const std::string method;
2291
2292 std::string asHostName() const {
2293 return fmt::format("{}.{}.{}.", mode, withWorkingTLS ? "tlsOn" : "tlsOff",
2294 method);
2295 }
2296 } testConfigs[]{
2297 {OFF, true, GETHOSTBYNAME},
2298 {OPPORTUNISTIC, true, GETHOSTBYNAME},
2299 {STRICT, true, GETHOSTBYNAME},
2300 {OFF, true, GETADDRINFO},
2301 {OPPORTUNISTIC, true, GETADDRINFO},
2302 {STRICT, true, GETADDRINFO},
2303 {OFF, true, GETADDRINFOFORNET},
2304 {OPPORTUNISTIC, true, GETADDRINFOFORNET},
2305 {STRICT, true, GETADDRINFOFORNET},
2306 {OFF, false, GETHOSTBYNAME},
2307 {OPPORTUNISTIC, false, GETHOSTBYNAME},
2308 {STRICT, false, GETHOSTBYNAME},
2309 {OFF, false, GETADDRINFO},
2310 {OPPORTUNISTIC, false, GETADDRINFO},
2311 {STRICT, false, GETADDRINFO},
2312 {OFF, false, GETADDRINFOFORNET},
2313 {OPPORTUNISTIC, false, GETADDRINFOFORNET},
2314 {STRICT, false, GETADDRINFOFORNET},
2315 };
2316 // clang-format on
2317
2318 for (const auto& config : testConfigs) {
2319 const std::string testHostName = config.asHostName();
2320 SCOPED_TRACE(testHostName);
2321
2322 // Don't tempt test bugs due to caching.
2323 const char* host_name = testHostName.c_str();
2324 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
2325 dns.addMapping(host_name, ns_type::ns_t_aaaa, ADDR6);
2326
2327 if (config.withWorkingTLS) {
2328 if (!tls.running()) {
2329 ASSERT_TRUE(tls.startServer());
2330 }
2331 } else {
2332 if (tls.running()) {
2333 ASSERT_TRUE(tls.stopServer());
2334 }
2335 }
2336
2337 if (config.mode == OFF) {
2338 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2339 } else /* OPPORTUNISTIC or STRICT */ {
2340 auto builder = ResolverParams::Builder().setDnsServers(servers).setDotServers(servers);
2341 if (config.mode == STRICT) builder.setPrivateDnsProvider(kDefaultPrivateDnsHostName);
2342 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.build()));
2343
2344 // Wait for the validation event. If the server is running, the validation should
2345 // succeed; otherwise, the validation should fail.
2346 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), config.withWorkingTLS));
2347 if (config.withWorkingTLS) {
2348 EXPECT_TRUE(tls.waitForQueries(1));
2349 tls.clearQueries();
2350 }
2351 }
2352
2353 const hostent* h_result = nullptr;
2354 ScopedAddrinfo ai_result;
2355
2356 if (config.method == GETHOSTBYNAME) {
2357 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
2358 h_result = gethostbyname(host_name);
2359
2360 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
2361 ASSERT_FALSE(h_result == nullptr);
2362 ASSERT_EQ(4, h_result->h_length);
2363 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
2364 EXPECT_EQ(ADDR4, ToString(h_result));
2365 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
2366 } else if (config.method == GETADDRINFO) {
2367 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
2368 ai_result = safe_getaddrinfo(host_name, nullptr, nullptr);
2369 EXPECT_TRUE(ai_result != nullptr);
2370
2371 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2372 // Could be A or AAAA
2373 const std::string result_str = ToString(ai_result);
2374 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
2375 << ", result_str='" << result_str << "'";
2376 } else if (config.method == GETADDRINFOFORNET) {
2377 addrinfo* raw_ai_result = nullptr;
2378 EXPECT_EQ(0, android_getaddrinfofornet(host_name, /*servname=*/nullptr,
2379 /*hints=*/nullptr, BYPASS_NETID, MARK_UNSET,
2380 &raw_ai_result));
2381 ai_result.reset(raw_ai_result);
2382
2383 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2384 // Could be A or AAAA
2385 const std::string result_str = ToString(ai_result);
2386 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
2387 << ", result_str='" << result_str << "'";
2388 }
2389
2390 EXPECT_EQ(0, tls.queries());
2391
2392 // Clear per-process resolv netid.
2393 ASSERT_EQ(0, setNetworkForResolv(NETID_UNSET));
2394 dns.clearQueries();
2395 }
2396 }
2397
TEST_F(ResolverTest,StrictMode_NoTlsServers)2398 TEST_F(ResolverTest, StrictMode_NoTlsServers) {
2399 constexpr char host_name[] = "strictmode.notlsips.example.com.";
2400 const std::vector<DnsRecord> records = {
2401 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2402 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2403 };
2404
2405 test::DNSResponder dns(kDefaultServer);
2406 StartDns(dns, records);
2407 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2408 ResolverParams::Builder()
2409 .setPrivateDnsProvider(kDefaultIncorrectPrivateDnsHostName)
2410 .build()));
2411
2412 addrinfo* ai_result = nullptr;
2413 EXPECT_NE(0, getaddrinfo(host_name, nullptr, nullptr, &ai_result));
2414 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
2415 }
2416
2417 namespace {
2418
getAsyncResponse(int fd,int * rcode,uint8_t * buf,int bufLen)2419 int getAsyncResponse(int fd, int* rcode, uint8_t* buf, int bufLen) {
2420 struct pollfd wait_fd[1];
2421 wait_fd[0].fd = fd;
2422 wait_fd[0].events = POLLIN;
2423 short revents;
2424
2425 if (int ret = poll(wait_fd, 1, -1); ret <= 0) {
2426 return -1;
2427 }
2428 revents = wait_fd[0].revents;
2429 if (revents & POLLIN) {
2430 return resNetworkResult(fd, rcode, buf, bufLen);
2431 }
2432 return -1;
2433 }
2434
toString(uint8_t * buf,int bufLen,int ipType)2435 std::string toString(uint8_t* buf, int bufLen, int ipType) {
2436 ns_msg handle;
2437 ns_rr rr;
2438
2439 if (ns_initparse((const uint8_t*)buf, bufLen, &handle) >= 0) {
2440 if (ns_parserr(&handle, ns_s_an, 0, &rr) == 0) {
2441 const uint8_t* rdata = ns_rr_rdata(rr);
2442 char buffer[INET6_ADDRSTRLEN];
2443 if (inet_ntop(ipType, (const char*)rdata, buffer, sizeof(buffer))) {
2444 return buffer;
2445 }
2446 }
2447 }
2448 return "";
2449 }
2450
dns_open_proxy()2451 int dns_open_proxy() {
2452 int s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
2453 if (s == -1) {
2454 return -1;
2455 }
2456 const int one = 1;
2457 setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
2458
2459 static const struct sockaddr_un proxy_addr = {
2460 .sun_family = AF_UNIX,
2461 .sun_path = "/dev/socket/dnsproxyd",
2462 };
2463
2464 if (TEMP_FAILURE_RETRY(connect(s, (const struct sockaddr*)&proxy_addr, sizeof(proxy_addr))) !=
2465 0) {
2466 close(s);
2467 return -1;
2468 }
2469
2470 return s;
2471 }
2472
expectAnswersValid(int fd,int ipType,const std::string & expectedAnswer)2473 void expectAnswersValid(int fd, int ipType, const std::string& expectedAnswer) {
2474 int rcode = -1;
2475 uint8_t buf[MAXPACKET] = {};
2476
2477 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2478 EXPECT_GT(res, 0);
2479 EXPECT_EQ(expectedAnswer, toString(buf, res, ipType));
2480 }
2481
expectAnswersNotValid(int fd,int expectedErrno)2482 void expectAnswersNotValid(int fd, int expectedErrno) {
2483 int rcode = -1;
2484 uint8_t buf[MAXPACKET] = {};
2485
2486 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2487 EXPECT_EQ(expectedErrno, res);
2488 }
2489
2490 } // namespace
2491
TEST_F(ResolverTest,Async_NormalQueryV4V6)2492 TEST_F(ResolverTest, Async_NormalQueryV4V6) {
2493 constexpr char listen_addr[] = "127.0.0.4";
2494 constexpr char host_name[] = "howdy.example.com.";
2495 const std::vector<DnsRecord> records = {
2496 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2497 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2498 };
2499
2500 test::DNSResponder dns(listen_addr);
2501 StartDns(dns, records);
2502 std::vector<std::string> servers = {listen_addr};
2503 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2504
2505 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2506 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2507 EXPECT_TRUE(fd1 != -1);
2508 EXPECT_TRUE(fd2 != -1);
2509
2510 uint8_t buf[MAXPACKET] = {};
2511 int rcode;
2512 int res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2513 EXPECT_GT(res, 0);
2514 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2515
2516 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2517 EXPECT_GT(res, 0);
2518 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2519
2520 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
2521
2522 // Re-query verify cache works
2523 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2524 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2525
2526 EXPECT_TRUE(fd1 != -1);
2527 EXPECT_TRUE(fd2 != -1);
2528
2529 res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2530 EXPECT_GT(res, 0);
2531 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2532
2533 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2534 EXPECT_GT(res, 0);
2535 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2536
2537 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
2538 }
2539
TEST_F(ResolverTest,Async_BadQuery)2540 TEST_F(ResolverTest, Async_BadQuery) {
2541 constexpr char listen_addr[] = "127.0.0.4";
2542 constexpr char host_name[] = "howdy.example.com.";
2543 const std::vector<DnsRecord> records = {
2544 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2545 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2546 };
2547
2548 test::DNSResponder dns(listen_addr);
2549 StartDns(dns, records);
2550 std::vector<std::string> servers = {listen_addr};
2551 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2552
2553 static struct {
2554 int fd;
2555 const char* dname;
2556 const int queryType;
2557 const int expectRcode;
2558 } kTestData[] = {
2559 {-1, "", ns_t_aaaa, 0},
2560 {-1, "as65ass46", ns_t_aaaa, 0},
2561 {-1, "454564564564", ns_t_aaaa, 0},
2562 {-1, "h645235", ns_t_a, 0},
2563 {-1, "www.google.com", ns_t_a, 0},
2564 };
2565
2566 for (auto& td : kTestData) {
2567 SCOPED_TRACE(td.dname);
2568 td.fd = resNetworkQuery(TEST_NETID, td.dname, ns_c_in, td.queryType, 0);
2569 EXPECT_TRUE(td.fd != -1);
2570 }
2571
2572 // dns_responder return empty resp(packet only contains query part) with no error currently
2573 for (const auto& td : kTestData) {
2574 uint8_t buf[MAXPACKET] = {};
2575 int rcode;
2576 SCOPED_TRACE(td.dname);
2577 int res = getAsyncResponse(td.fd, &rcode, buf, MAXPACKET);
2578 EXPECT_GT(res, 0);
2579 EXPECT_EQ(rcode, td.expectRcode);
2580 }
2581 }
2582
TEST_F(ResolverTest,Async_EmptyAnswer)2583 TEST_F(ResolverTest, Async_EmptyAnswer) {
2584 constexpr char listen_addr[] = "127.0.0.4";
2585 constexpr char host_name[] = "howdy.example.com.";
2586 const std::vector<DnsRecord> records = {
2587 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2588 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2589 };
2590
2591 test::DNSResponder dns(listen_addr);
2592 StartDns(dns, records);
2593 std::vector<std::string> servers = {listen_addr};
2594 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2595
2596 // TODO: Disable retry to make this test explicit.
2597 auto& cv = dns.getCv();
2598 auto& cvMutex = dns.getCvMutex();
2599 int fd1;
2600 // Wait on the condition variable to ensure that the DNS server has handled our first query.
2601 {
2602 std::unique_lock lk(cvMutex);
2603 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2604 EXPECT_TRUE(fd1 != -1);
2605 EXPECT_EQ(std::cv_status::no_timeout, cv.wait_for(lk, std::chrono::seconds(1)));
2606 }
2607
2608 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, 0, "howdy.example.com", {"::1.2.3.4"});
2609 dns.setResponseProbability(0.0);
2610
2611 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2612 EXPECT_TRUE(fd2 != -1);
2613 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2614
2615 int fd3 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2616 EXPECT_TRUE(fd3 != -1);
2617 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2618
2619 uint8_t buf[MAXPACKET] = {};
2620 int rcode;
2621
2622 // expect no response
2623 int res = getAsyncResponse(fd3, &rcode, buf, MAXPACKET);
2624 EXPECT_EQ(-ETIMEDOUT, res);
2625
2626 // expect no response
2627 memset(buf, 0, MAXPACKET);
2628 res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2629 EXPECT_EQ(-ETIMEDOUT, res);
2630
2631 dns.setResponseProbability(1.0);
2632
2633 int fd4 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2634 EXPECT_TRUE(fd4 != -1);
2635 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, 0, "howdy.example.com", {"1.2.3.4"});
2636
2637 memset(buf, 0, MAXPACKET);
2638 res = getAsyncResponse(fd4, &rcode, buf, MAXPACKET);
2639 EXPECT_GT(res, 0);
2640 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2641
2642 memset(buf, 0, MAXPACKET);
2643 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2644 EXPECT_GT(res, 0);
2645 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2646 }
2647
TEST_F(ResolverTest,Async_MalformedQuery)2648 TEST_F(ResolverTest, Async_MalformedQuery) {
2649 constexpr char listen_addr[] = "127.0.0.4";
2650 constexpr char host_name[] = "howdy.example.com.";
2651 const std::vector<DnsRecord> records = {
2652 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2653 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2654 };
2655
2656 test::DNSResponder dns(listen_addr);
2657 StartDns(dns, records);
2658 std::vector<std::string> servers = {listen_addr};
2659 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2660
2661 int fd = dns_open_proxy();
2662 EXPECT_TRUE(fd > 0);
2663
2664 const std::string badMsg = "16-52512#";
2665 static const struct {
2666 const std::string cmd;
2667 const int expectErr;
2668 } kTestData[] = {
2669 // Too few arguments
2670 {"resnsend " + badMsg + '\0', -EINVAL},
2671 // Bad netId
2672 {"resnsend badnetId 0 " + badMsg + '\0', -EINVAL},
2673 // Bad raw data
2674 {"resnsend " + std::to_string(TEST_NETID) + " 0 " + badMsg + '\0', -EILSEQ},
2675 };
2676
2677 for (unsigned int i = 0; i < std::size(kTestData); i++) {
2678 auto& td = kTestData[i];
2679 SCOPED_TRACE(td.cmd);
2680 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, td.cmd.c_str(), td.cmd.size()));
2681 EXPECT_EQ(rc, static_cast<ssize_t>(td.cmd.size()));
2682
2683 int32_t tmp;
2684 rc = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
2685 EXPECT_TRUE(rc > 0);
2686 EXPECT_EQ(static_cast<int>(ntohl(tmp)), td.expectErr);
2687 }
2688 // Normal query with answer buffer
2689 // This is raw data of query "howdy.example.com" type 1 class 1
2690 std::string query = "81sBAAABAAAAAAAABWhvd2R5B2V4YW1wbGUDY29tAAABAAE=";
2691 std::string cmd = "resnsend " + std::to_string(TEST_NETID) + " 0 " + query + '\0';
2692 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
2693 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
2694
2695 uint8_t smallBuf[1] = {};
2696 int rcode;
2697 rc = getAsyncResponse(fd, &rcode, smallBuf, 1);
2698 EXPECT_EQ(-EMSGSIZE, rc);
2699
2700 // Do the normal test with large buffer again
2701 fd = dns_open_proxy();
2702 EXPECT_TRUE(fd > 0);
2703 rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
2704 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
2705 uint8_t buf[MAXPACKET] = {};
2706 rc = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2707 EXPECT_EQ("1.2.3.4", toString(buf, rc, AF_INET));
2708 }
2709
TEST_F(ResolverTest,Async_CacheFlags)2710 TEST_F(ResolverTest, Async_CacheFlags) {
2711 constexpr char listen_addr[] = "127.0.0.4";
2712 constexpr char host_name1[] = "howdy.example.com.";
2713 constexpr char host_name2[] = "howdy.example2.com.";
2714 constexpr char host_name3[] = "howdy.example3.com.";
2715 const std::vector<DnsRecord> records = {
2716 {host_name1, ns_type::ns_t_a, "1.2.3.4"}, {host_name1, ns_type::ns_t_aaaa, "::1.2.3.4"},
2717 {host_name2, ns_type::ns_t_a, "1.2.3.5"}, {host_name2, ns_type::ns_t_aaaa, "::1.2.3.5"},
2718 {host_name3, ns_type::ns_t_a, "1.2.3.6"}, {host_name3, ns_type::ns_t_aaaa, "::1.2.3.6"},
2719 };
2720
2721 test::DNSResponder dns(listen_addr);
2722 StartDns(dns, records);
2723 std::vector<std::string> servers = {listen_addr};
2724 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2725
2726 // ANDROID_RESOLV_NO_CACHE_STORE
2727 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2728 ANDROID_RESOLV_NO_CACHE_STORE);
2729 EXPECT_TRUE(fd1 != -1);
2730 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2731 ANDROID_RESOLV_NO_CACHE_STORE);
2732 EXPECT_TRUE(fd2 != -1);
2733 int fd3 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2734 ANDROID_RESOLV_NO_CACHE_STORE);
2735 EXPECT_TRUE(fd3 != -1);
2736
2737 expectAnswersValid(fd3, AF_INET, "1.2.3.4");
2738 expectAnswersValid(fd2, AF_INET, "1.2.3.4");
2739 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2740
2741 // No cache exists, expect 3 queries
2742 EXPECT_EQ(3U, GetNumQueries(dns, host_name1));
2743
2744 // Raise a query with no flags to ensure no cache exists. Also make an cache entry for the
2745 // query.
2746 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2747
2748 EXPECT_TRUE(fd1 != -1);
2749
2750 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2751
2752 // Expect 4 queries because there should be no cache before this query.
2753 EXPECT_EQ(4U, GetNumQueries(dns, host_name1));
2754
2755 // Now we have the cache entry, re-query with ANDROID_RESOLV_NO_CACHE_STORE to ensure
2756 // that ANDROID_RESOLV_NO_CACHE_STORE implied ANDROID_RESOLV_NO_CACHE_LOOKUP.
2757 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2758 ANDROID_RESOLV_NO_CACHE_STORE);
2759 EXPECT_TRUE(fd1 != -1);
2760 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2761 // Expect 5 queries because we shouldn't do cache lookup for the query which has
2762 // ANDROID_RESOLV_NO_CACHE_STORE.
2763 EXPECT_EQ(5U, GetNumQueries(dns, host_name1));
2764
2765 // ANDROID_RESOLV_NO_CACHE_LOOKUP
2766 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2767 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2768 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2769 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2770
2771 EXPECT_TRUE(fd1 != -1);
2772 EXPECT_TRUE(fd2 != -1);
2773
2774 expectAnswersValid(fd2, AF_INET, "1.2.3.4");
2775 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2776
2777 // Cache was skipped, expect 2 more queries.
2778 EXPECT_EQ(7U, GetNumQueries(dns, host_name1));
2779
2780 // Re-query verify cache works
2781 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2782 EXPECT_TRUE(fd1 != -1);
2783 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2784
2785 // Cache hits, expect still 7 queries
2786 EXPECT_EQ(7U, GetNumQueries(dns, host_name1));
2787
2788 // Start to verify if ANDROID_RESOLV_NO_CACHE_LOOKUP does write response into cache
2789 dns.clearQueries();
2790
2791 fd1 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa,
2792 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2793 fd2 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa,
2794 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2795
2796 EXPECT_TRUE(fd1 != -1);
2797 EXPECT_TRUE(fd2 != -1);
2798
2799 expectAnswersValid(fd2, AF_INET6, "::1.2.3.5");
2800 expectAnswersValid(fd1, AF_INET6, "::1.2.3.5");
2801
2802 // Skip cache, expect 2 queries
2803 EXPECT_EQ(2U, GetNumQueries(dns, host_name2));
2804
2805 // Re-query without flags
2806 fd1 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa, 0);
2807 fd2 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa, 0);
2808
2809 EXPECT_TRUE(fd1 != -1);
2810 EXPECT_TRUE(fd2 != -1);
2811
2812 expectAnswersValid(fd2, AF_INET6, "::1.2.3.5");
2813 expectAnswersValid(fd1, AF_INET6, "::1.2.3.5");
2814
2815 // Cache hits, expect still 2 queries
2816 EXPECT_EQ(2U, GetNumQueries(dns, host_name2));
2817
2818 // Test both ANDROID_RESOLV_NO_CACHE_STORE and ANDROID_RESOLV_NO_CACHE_LOOKUP are set
2819 dns.clearQueries();
2820
2821 // Make sure that the cache of "howdy.example3.com" exists.
2822 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_aaaa, 0);
2823 EXPECT_TRUE(fd1 != -1);
2824 expectAnswersValid(fd1, AF_INET6, "::1.2.3.6");
2825 EXPECT_EQ(1U, GetNumQueries(dns, host_name3));
2826
2827 // Re-query with testFlags
2828 const int testFlag = ANDROID_RESOLV_NO_CACHE_STORE | ANDROID_RESOLV_NO_CACHE_LOOKUP;
2829 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_aaaa, testFlag);
2830 EXPECT_TRUE(fd1 != -1);
2831 expectAnswersValid(fd1, AF_INET6, "::1.2.3.6");
2832 // Expect cache lookup is skipped.
2833 EXPECT_EQ(2U, GetNumQueries(dns, host_name3));
2834
2835 // Do another query with testFlags
2836 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_a, testFlag);
2837 EXPECT_TRUE(fd1 != -1);
2838 expectAnswersValid(fd1, AF_INET, "1.2.3.6");
2839 // Expect cache lookup is skipped.
2840 EXPECT_EQ(3U, GetNumQueries(dns, host_name3));
2841
2842 // Re-query with no flags
2843 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_a, 0);
2844 EXPECT_TRUE(fd1 != -1);
2845 expectAnswersValid(fd1, AF_INET, "1.2.3.6");
2846 // Expect no cache hit because cache storing is also skipped in previous query.
2847 EXPECT_EQ(4U, GetNumQueries(dns, host_name3));
2848 }
2849
TEST_F(ResolverTest,Async_NoCacheStoreFlagDoesNotRefreshStaleCacheEntry)2850 TEST_F(ResolverTest, Async_NoCacheStoreFlagDoesNotRefreshStaleCacheEntry) {
2851 constexpr char listen_addr[] = "127.0.0.4";
2852 constexpr char host_name[] = "howdy.example.com.";
2853 const std::vector<DnsRecord> records = {
2854 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2855 };
2856
2857 test::DNSResponder dns(listen_addr);
2858 StartDns(dns, records);
2859 std::vector<std::string> servers = {listen_addr};
2860 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2861
2862 const unsigned SHORT_TTL_SEC = 1;
2863 dns.setTtl(SHORT_TTL_SEC);
2864
2865 // Refer to b/148842821 for the purpose of below test steps.
2866 // Basically, this test is used to ensure stale cache case is handled
2867 // correctly with ANDROID_RESOLV_NO_CACHE_STORE.
2868 int fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2869 EXPECT_TRUE(fd != -1);
2870 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2871
2872 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2873 dns.clearQueries();
2874
2875 // Wait until cache expired
2876 sleep(SHORT_TTL_SEC + 0.5);
2877
2878 // Now request the same hostname again.
2879 // We should see a new DNS query because the entry in cache has become stale.
2880 // Due to ANDROID_RESOLV_NO_CACHE_STORE, this query must *not* refresh that stale entry.
2881 fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2882 ANDROID_RESOLV_NO_CACHE_STORE);
2883 EXPECT_TRUE(fd != -1);
2884 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2885 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2886 dns.clearQueries();
2887
2888 // If the cache is still stale, we expect to see one more DNS query
2889 // (this time the cache will be refreshed, but we're not checking for it).
2890 fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2891 EXPECT_TRUE(fd != -1);
2892 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2893 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2894 }
2895
TEST_F(ResolverTest,Async_NoRetryFlag)2896 TEST_F(ResolverTest, Async_NoRetryFlag) {
2897 constexpr char listen_addr0[] = "127.0.0.4";
2898 constexpr char listen_addr1[] = "127.0.0.6";
2899 constexpr char host_name[] = "howdy.example.com.";
2900 const std::vector<DnsRecord> records = {
2901 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2902 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2903 };
2904
2905 test::DNSResponder dns0(listen_addr0);
2906 test::DNSResponder dns1(listen_addr1);
2907 StartDns(dns0, records);
2908 StartDns(dns1, records);
2909 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr0, listen_addr1}));
2910
2911 dns0.clearQueries();
2912 dns1.clearQueries();
2913
2914 dns0.setResponseProbability(0.0);
2915 dns1.setResponseProbability(0.0);
2916
2917 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2918 ANDROID_RESOLV_NO_RETRY);
2919 EXPECT_TRUE(fd1 != -1);
2920
2921 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa,
2922 ANDROID_RESOLV_NO_RETRY);
2923 EXPECT_TRUE(fd2 != -1);
2924
2925 // expect no response
2926 expectAnswersNotValid(fd1, -ETIMEDOUT);
2927 expectAnswersNotValid(fd2, -ETIMEDOUT);
2928 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2929 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2930
2931 // No retry case, expect total 2 queries. The server is selected randomly.
2932 EXPECT_EQ(2U, GetNumQueries(dns0, host_name) + GetNumQueries(dns1, host_name));
2933
2934 dns0.clearQueries();
2935 dns1.clearQueries();
2936
2937 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2938 EXPECT_TRUE(fd1 != -1);
2939
2940 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2941 EXPECT_TRUE(fd2 != -1);
2942
2943 // expect no response
2944 expectAnswersNotValid(fd1, -ETIMEDOUT);
2945 expectAnswersNotValid(fd2, -ETIMEDOUT);
2946 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2947 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2948
2949 // Retry case, expect 4 queries
2950 EXPECT_EQ(4U, GetNumQueries(dns0, host_name));
2951 EXPECT_EQ(4U, GetNumQueries(dns1, host_name));
2952 }
2953
TEST_F(ResolverTest,Async_VerifyQueryID)2954 TEST_F(ResolverTest, Async_VerifyQueryID) {
2955 constexpr char listen_addr[] = "127.0.0.4";
2956 constexpr char host_name[] = "howdy.example.com.";
2957 const std::vector<DnsRecord> records = {
2958 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2959 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2960 };
2961
2962 test::DNSResponder dns(listen_addr);
2963 StartDns(dns, records);
2964 std::vector<std::string> servers = {listen_addr};
2965 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2966
2967 const uint8_t queryBuf1[] = {
2968 /* Header */
2969 0x55, 0x66, /* Transaction ID */
2970 0x01, 0x00, /* Flags */
2971 0x00, 0x01, /* Questions */
2972 0x00, 0x00, /* Answer RRs */
2973 0x00, 0x00, /* Authority RRs */
2974 0x00, 0x00, /* Additional RRs */
2975 /* Queries */
2976 0x05, 0x68, 0x6f, 0x77, 0x64, 0x79, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
2977 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name */
2978 0x00, 0x01, /* Type */
2979 0x00, 0x01 /* Class */
2980 };
2981
2982 int fd = resNetworkSend(TEST_NETID, queryBuf1, sizeof(queryBuf1), 0);
2983 EXPECT_TRUE(fd != -1);
2984
2985 uint8_t buf[MAXPACKET] = {};
2986 int rcode;
2987
2988 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2989 EXPECT_GT(res, 0);
2990 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2991
2992 auto hp = reinterpret_cast<HEADER*>(buf);
2993 EXPECT_EQ(21862U, htons(hp->id));
2994
2995 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2996
2997 const uint8_t queryBuf2[] = {
2998 /* Header */
2999 0x00, 0x53, /* Transaction ID */
3000 0x01, 0x00, /* Flags */
3001 0x00, 0x01, /* Questions */
3002 0x00, 0x00, /* Answer RRs */
3003 0x00, 0x00, /* Authority RRs */
3004 0x00, 0x00, /* Additional RRs */
3005 /* Queries */
3006 0x05, 0x68, 0x6f, 0x77, 0x64, 0x79, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
3007 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name */
3008 0x00, 0x01, /* Type */
3009 0x00, 0x01 /* Class */
3010 };
3011
3012 // Re-query verify cache works and query id is correct
3013 fd = resNetworkSend(TEST_NETID, queryBuf2, sizeof(queryBuf2), 0);
3014
3015 EXPECT_TRUE(fd != -1);
3016
3017 res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
3018 EXPECT_GT(res, 0);
3019 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
3020
3021 EXPECT_EQ(0x0053U, htons(hp->id));
3022
3023 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3024 }
3025
3026 // This test checks that the resolver should not generate the request containing OPT RR when using
3027 // cleartext DNS. If we query the DNS server not supporting EDNS0 and it reponds with
3028 // FORMERR_ON_EDNS, we will fallback to no EDNS0 and try again. If the server does no response, we
3029 // won't retry so that we get no answer.
TEST_F(ResolverTest,BrokenEdns)3030 TEST_F(ResolverTest, BrokenEdns) {
3031 typedef test::DNSResponder::Edns Edns;
3032 enum ExpectResult { EXPECT_FAILURE, EXPECT_SUCCESS };
3033
3034 // Perform cleartext query in off mode.
3035 const char OFF[] = "off";
3036
3037 // Perform cleartext query when there's no private DNS server validated in opportunistic mode.
3038 const char OPPORTUNISTIC_UDP[] = "opportunistic_udp";
3039
3040 // Perform cleartext query when there is a private DNS server validated in opportunistic mode.
3041 const char OPPORTUNISTIC_FALLBACK_UDP[] = "opportunistic_fallback_udp";
3042
3043 // Perform cyphertext query in opportunistic mode.
3044 const char OPPORTUNISTIC_TLS[] = "opportunistic_tls";
3045
3046 // Perform cyphertext query in strict mode.
3047 const char STRICT[] = "strict";
3048
3049 const char GETHOSTBYNAME[] = "gethostbyname";
3050 const char GETADDRINFO[] = "getaddrinfo";
3051 const char ADDR4[] = "192.0.2.1";
3052 test::DNSResponder dns(kDefaultServer, "53", ns_rcode::ns_r_servfail);
3053 test::DnsTlsFrontend tls(kDefaultServer, "853", kDefaultServer, "53");
3054 ASSERT_TRUE(dns.startServer());
3055
3056 // clang-format off
3057 static const struct TestConfig {
3058 std::string mode;
3059 std::string method;
3060 Edns edns;
3061 ExpectResult expectResult;
3062
3063 std::string asHostName() const {
3064 const char* ednsString;
3065 switch (edns) {
3066 case Edns::ON:
3067 ednsString = "ednsOn";
3068 break;
3069 case Edns::FORMERR_ON_EDNS:
3070 ednsString = "ednsFormerr";
3071 break;
3072 case Edns::DROP:
3073 ednsString = "ednsDrop";
3074 break;
3075 default:
3076 ednsString = "";
3077 break;
3078 }
3079 return fmt::format("{}.{}.{}.", mode, method, ednsString);
3080 }
3081 } testConfigs[] = {
3082 // In OPPORTUNISTIC_TLS, if the DNS server doesn't support EDNS0 but TLS, the lookup
3083 // fails. Could such server exist? if so, we might need to fix it to fallback to
3084 // cleartext query. If the server still make no response for the queries with EDNS0, we
3085 // might also need to fix it to retry without EDNS0.
3086 // Another thing is that {OPPORTUNISTIC_TLS, Edns::DROP} and {STRICT, Edns::DROP} are
3087 // commented out since TLS timeout is not configurable.
3088 // TODO: Uncomment them after TLS timeout is configurable.
3089 {OFF, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3090 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3091 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3092 {OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3093 {STRICT, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3094 {OFF, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3095 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3096 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3097 {OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3098 {STRICT, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3099 {OFF, GETHOSTBYNAME, Edns::DROP, EXPECT_SUCCESS},
3100 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::DROP, EXPECT_SUCCESS},
3101
3102 // The failure is due to no retry on timeout. Maybe fix it?
3103 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3104
3105 //{OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3106 //{STRICT, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3107 {OFF, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3108 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3109 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3110 {OPPORTUNISTIC_TLS, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3111 {STRICT, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3112 {OFF, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3113 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3114 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3115 {OPPORTUNISTIC_TLS, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3116 {STRICT, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3117 {OFF, GETADDRINFO, Edns::DROP, EXPECT_SUCCESS},
3118 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::DROP, EXPECT_SUCCESS},
3119
3120 // The failure is due to no retry on timeout. Maybe fix it?
3121 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3122
3123 //{OPPORTUNISTIC_TLS, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3124 //{STRICT, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3125 };
3126 // clang-format on
3127
3128 for (const auto& config : testConfigs) {
3129 const std::string testHostName = config.asHostName();
3130 SCOPED_TRACE(testHostName);
3131
3132 // Don't skip unusable DoT servers and disable revalidation for this test.
3133 ScopedSystemProperties sp1(kDotXportUnusableThresholdFlag, "-1");
3134 ScopedSystemProperties sp2(kDotRevalidationThresholdFlag, "-1");
3135 resetNetwork();
3136
3137 const char* host_name = testHostName.c_str();
3138 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
3139 dns.setEdns(config.edns);
3140
3141 if (config.mode == OFF) {
3142 if (tls.running()) {
3143 ASSERT_TRUE(tls.stopServer());
3144 }
3145 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3146 } else if (config.mode == OPPORTUNISTIC_UDP) {
3147 if (tls.running()) {
3148 ASSERT_TRUE(tls.stopServer());
3149 }
3150 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3151 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), false));
3152 } else if (config.mode == OPPORTUNISTIC_TLS || config.mode == OPPORTUNISTIC_FALLBACK_UDP) {
3153 if (!tls.running()) {
3154 ASSERT_TRUE(tls.startServer());
3155 }
3156 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3157 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3158
3159 if (config.mode == OPPORTUNISTIC_FALLBACK_UDP) {
3160 // Force the resolver to fallback to cleartext queries.
3161 ASSERT_TRUE(tls.stopServer());
3162 }
3163 } else if (config.mode == STRICT) {
3164 if (!tls.running()) {
3165 ASSERT_TRUE(tls.startServer());
3166 }
3167 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
3168 ResolverParams::Builder()
3169 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
3170 .build()));
3171 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3172 }
3173
3174 if (config.method == GETHOSTBYNAME) {
3175 const hostent* h_result = gethostbyname(host_name);
3176 if (config.expectResult == EXPECT_SUCCESS) {
3177 EXPECT_LE(1U, GetNumQueries(dns, host_name));
3178 ASSERT_TRUE(h_result != nullptr);
3179 ASSERT_EQ(4, h_result->h_length);
3180 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
3181 EXPECT_EQ(ADDR4, ToString(h_result));
3182 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
3183 ExpectDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, 0, host_name, {ADDR4});
3184 } else {
3185 EXPECT_EQ(0U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
3186 ASSERT_TRUE(h_result == nullptr);
3187 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3188 int returnCode = (config.edns == Edns::DROP) ? RCODE_TIMEOUT : EAI_FAIL;
3189 ExpectDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, returnCode, host_name, {});
3190 }
3191 } else if (config.method == GETADDRINFO) {
3192 ScopedAddrinfo ai_result;
3193 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3194 ai_result = safe_getaddrinfo(host_name, nullptr, &hints);
3195 if (config.expectResult == EXPECT_SUCCESS) {
3196 EXPECT_TRUE(ai_result != nullptr);
3197 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3198 const std::string result_str = ToString(ai_result);
3199 EXPECT_EQ(ADDR4, result_str);
3200 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, 0, host_name, {ADDR4});
3201 } else {
3202 EXPECT_TRUE(ai_result == nullptr);
3203 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3204 int returnCode = (config.edns == Edns::DROP) ? RCODE_TIMEOUT : EAI_FAIL;
3205 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, returnCode, host_name, {});
3206 }
3207 } else {
3208 FAIL() << "Unsupported query method: " << config.method;
3209 }
3210
3211 tls.clearQueries();
3212 dns.clearQueries();
3213
3214 // Set the configuration to OFF mode, so the resolver can validate private DNS servers in
3215 // every test config.
3216 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3217 }
3218 }
3219
3220 // DNS-over-TLS validation success, but server does not respond to TLS query after a while.
3221 // Resolver should have a reasonable number of retries instead of spinning forever. We don't have
3222 // an efficient way to know if resolver is stuck in an infinite loop. However, test case will be
3223 // failed due to timeout.
TEST_F(ResolverTest,UnstableTls)3224 TEST_F(ResolverTest, UnstableTls) {
3225 const char CLEARTEXT_PORT[] = "53";
3226 const char TLS_PORT[] = "853";
3227 const char* host_name1 = "nonexistent1.example.com.";
3228 const char* host_name2 = "nonexistent2.example.com.";
3229
3230 test::DNSResponder dns(kDefaultServer, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
3231 ASSERT_TRUE(dns.startServer());
3232 dns.setEdns(test::DNSResponder::Edns::FORMERR_ON_EDNS);
3233 test::DnsTlsFrontend tls(kDefaultServer, TLS_PORT, kDefaultServer, CLEARTEXT_PORT);
3234 ASSERT_TRUE(tls.startServer());
3235 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3236 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3237
3238 // Shutdown TLS server to get an error. It's similar to no response case but without waiting.
3239 tls.stopServer();
3240
3241 const hostent* h_result = gethostbyname(host_name1);
3242 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
3243 ASSERT_TRUE(h_result == nullptr);
3244 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3245
3246 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3247 ScopedAddrinfo ai_result = safe_getaddrinfo(host_name2, nullptr, &hints);
3248 EXPECT_TRUE(ai_result == nullptr);
3249 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
3250 }
3251
3252 // DNS-over-TLS validation success, but server does not respond to TLS query after a while.
3253 // Moreover, server responds RCODE=FORMERR even on non-EDNS query.
TEST_F(ResolverTest,BogusDnsServer)3254 TEST_F(ResolverTest, BogusDnsServer) {
3255 const char CLEARTEXT_PORT[] = "53";
3256 const char TLS_PORT[] = "853";
3257 const char* host_name1 = "nonexistent1.example.com.";
3258 const char* host_name2 = "nonexistent2.example.com.";
3259
3260 test::DNSResponder dns(kDefaultServer, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
3261 ASSERT_TRUE(dns.startServer());
3262 test::DnsTlsFrontend tls(kDefaultServer, TLS_PORT, kDefaultServer, CLEARTEXT_PORT);
3263 ASSERT_TRUE(tls.startServer());
3264 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3265 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3266
3267 // Shutdown TLS server to get an error. It's similar to no response case but without waiting.
3268 tls.stopServer();
3269 dns.setEdns(test::DNSResponder::Edns::FORMERR_UNCOND);
3270
3271 const hostent* h_result = gethostbyname(host_name1);
3272 EXPECT_EQ(0U, GetNumQueries(dns, host_name1));
3273 ASSERT_TRUE(h_result == nullptr);
3274 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3275
3276 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3277 ScopedAddrinfo ai_result = safe_getaddrinfo(host_name2, nullptr, &hints);
3278 EXPECT_TRUE(ai_result == nullptr);
3279 EXPECT_EQ(0U, GetNumQueries(dns, host_name2));
3280 }
3281
TEST_F(ResolverTest,GetAddrInfo_Dns64Synthesize)3282 TEST_F(ResolverTest, GetAddrInfo_Dns64Synthesize) {
3283 constexpr char listen_addr[] = "::1";
3284 constexpr char host_name[] = "v4only.example.com.";
3285 const std::vector<DnsRecord> records = {
3286 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3287 };
3288
3289 test::DNSResponder dns(listen_addr);
3290 StartDns(dns, records);
3291
3292 std::vector<std::string> servers = {listen_addr};
3293 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3294 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3295
3296 // If the socket type is not specified, every address will appear twice, once for
3297 // SOCK_STREAM and one for SOCK_DGRAM. Just pick one because the addresses for
3298 // the second query of different socket type are responded by the cache.
3299 // See android_getaddrinfofornetcontext in packages/modules/DnsResolver/getaddrinfo.cpp
3300 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3301 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3302 EXPECT_TRUE(result != nullptr);
3303 // Expect that there are two queries, one AAAA (which returns no records) and one A
3304 // (which returns 1.2.3.4).
3305 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3306 EXPECT_THAT(ToStrings(result), testing::ElementsAre("64:ff9b::102:304", "1.2.3.4"));
3307
3308 // Stopping NAT64 prefix discovery disables synthesis.
3309 EXPECT_TRUE(mDnsClient.resolvService()->stopPrefix64Discovery(TEST_NETID).isOk());
3310 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
3311 dns.clearQueries();
3312
3313 result = safe_getaddrinfo("v4only", nullptr, &hints);
3314 EXPECT_TRUE(result != nullptr);
3315 // Expect that there is one query, an AAAA (which returns no records), because the
3316 // A is already cached.
3317 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3318 EXPECT_EQ(ToString(result), "1.2.3.4");
3319 }
3320
3321 // TODO: merge to #GetAddrInfo_Dns64Synthesize once DNSResponder supports multi DnsRecords for a
3322 // hostname.
TEST_F(ResolverTest,GetAddrInfo_Dns64SynthesizeMultiAnswers)3323 TEST_F(ResolverTest, GetAddrInfo_Dns64SynthesizeMultiAnswers) {
3324 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
3325 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponsesV4);
3326 StartDns(dns, {});
3327 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3328 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3329
3330 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3331 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
3332 ASSERT_FALSE(result == nullptr);
3333
3334 // Synthesize AAAA if there's no AAAA answer and AF_UNSPEC is specified.
3335 EXPECT_THAT(ToStrings(result),
3336 testing::ElementsAre("64:ff9b::102:304", "64:ff9b::808:808", "64:ff9b::5175:15ca",
3337 "1.2.3.4", "8.8.8.8", "81.117.21.202"));
3338 }
3339
TEST_F(ResolverTest,GetAddrInfo_Dns64Canonname)3340 TEST_F(ResolverTest, GetAddrInfo_Dns64Canonname) {
3341 constexpr char listen_addr[] = "::1";
3342 constexpr char host_name[] = "v4only.example.com.";
3343 const std::vector<DnsRecord> records = {
3344 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3345 };
3346
3347 test::DNSResponder dns(listen_addr);
3348 StartDns(dns, records);
3349
3350 std::vector<std::string> servers = {listen_addr};
3351 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3352 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3353
3354 // clang-format off
3355 static const struct TestConfig {
3356 int family;
3357 int flags;
3358 std::vector<std::string> expectedAddresses;
3359 const char* expectedCanonname;
3360
3361 std::string asParameters() const {
3362 return fmt::format("family={}, flags={}", family, flags);
3363 }
3364 } testConfigs[]{
3365 {AF_UNSPEC, 0, {"64:ff9b::102:304", "1.2.3.4"}, nullptr},
3366 {AF_UNSPEC, AI_CANONNAME, {"64:ff9b::102:304", "1.2.3.4"}, "v4only.example.com"},
3367 {AF_INET6, 0, {"64:ff9b::102:304"} , nullptr},
3368 {AF_INET6, AI_CANONNAME, {"64:ff9b::102:304"} , "v4only.example.com"},
3369 };
3370 // clang-format on
3371
3372 for (const auto& config : testConfigs) {
3373 SCOPED_TRACE(config.asParameters());
3374
3375 const addrinfo hints = {
3376 .ai_family = config.family, .ai_flags = config.flags, .ai_socktype = SOCK_DGRAM};
3377 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3378 ASSERT_TRUE(result != nullptr);
3379 EXPECT_THAT(ToStrings(result), testing::ElementsAreArray(config.expectedAddresses));
3380 for (const auto* ai = result.get(); ai != nullptr; ai = ai->ai_next) {
3381 EXPECT_STREQ(ai->ai_canonname, config.expectedCanonname);
3382 }
3383 }
3384 }
3385
TEST_F(ResolverTest,GetAddrInfo_Dns64QuerySpecified)3386 TEST_F(ResolverTest, GetAddrInfo_Dns64QuerySpecified) {
3387 constexpr char listen_addr[] = "::1";
3388 constexpr char host_name[] = "v4only.example.com.";
3389 const std::vector<DnsRecord> records = {
3390 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3391 };
3392
3393 test::DNSResponder dns(listen_addr);
3394 StartDns(dns, records);
3395 const std::vector<std::string> servers = {listen_addr};
3396 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3397 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3398
3399 // Synthesize AAAA if AF_INET6 is specified and there is A record only. Make sure that A record
3400 // is not returned as well.
3401 addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
3402 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3403 EXPECT_TRUE(result != nullptr);
3404 // One for AAAA query without an answer and one for A query which is used for DNS64 synthesis.
3405 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3406 EXPECT_EQ(ToString(result), "64:ff9b::102:304");
3407 dns.clearQueries();
3408
3409 // Don't synthesize AAAA if AF_INET is specified and there is A record only.
3410 hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3411 result = safe_getaddrinfo("v4only", nullptr, &hints);
3412 EXPECT_TRUE(result != nullptr);
3413 EXPECT_EQ(0U /*cached in previous queries*/, GetNumQueries(dns, host_name));
3414 EXPECT_EQ(ToString(result), "1.2.3.4");
3415 }
3416
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryUnspecifiedV6)3417 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryUnspecifiedV6) {
3418 constexpr char listen_addr[] = "::1";
3419 constexpr char host_name[] = "v4v6.example.com.";
3420 const std::vector<DnsRecord> records = {
3421 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3422 {host_name, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3423 };
3424
3425 test::DNSResponder dns(listen_addr);
3426 StartDns(dns, records);
3427 const std::vector<std::string> servers = {listen_addr};
3428 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3429 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3430
3431 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3432 ScopedAddrinfo result = safe_getaddrinfo("v4v6", nullptr, &hints);
3433 EXPECT_TRUE(result != nullptr);
3434 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3435
3436 // Do not synthesize AAAA if there's at least one AAAA answer.
3437 EXPECT_THAT(ToStrings(result), testing::ElementsAre("2001:db8::102:304", "1.2.3.4"));
3438 }
3439
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryUnspecifiedNoV6)3440 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryUnspecifiedNoV6) {
3441 constexpr char listen_addr[] = "::1";
3442 constexpr char host_name[] = "v4v6.example.com.";
3443 const std::vector<DnsRecord> records = {
3444 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3445 };
3446
3447 test::DNSResponder dns(listen_addr);
3448 StartDns(dns, records);
3449 const std::vector<std::string> servers = {listen_addr};
3450 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3451 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3452
3453 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3454 ScopedAddrinfo result = safe_getaddrinfo("v4v6", nullptr, &hints);
3455 EXPECT_TRUE(result != nullptr);
3456 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3457
3458 // Synthesize AAAA if there's no AAAA answer and AF_UNSPEC is specified.
3459 EXPECT_THAT(ToStrings(result), testing::ElementsAre("64:ff9b::102:304", "1.2.3.4"));
3460 }
3461
TEST_F(ResolverTest,GetAddrInfo_Dns64QuerySpecialUseIPv4Addresses)3462 TEST_F(ResolverTest, GetAddrInfo_Dns64QuerySpecialUseIPv4Addresses) {
3463 constexpr char THIS_NETWORK[] = "this_network";
3464 constexpr char LOOPBACK[] = "loopback";
3465 constexpr char LINK_LOCAL[] = "link_local";
3466 constexpr char MULTICAST[] = "multicast";
3467 constexpr char LIMITED_BROADCAST[] = "limited_broadcast";
3468
3469 constexpr char ADDR_THIS_NETWORK[] = "0.0.0.1";
3470 constexpr char ADDR_LOOPBACK[] = "127.0.0.1";
3471 constexpr char ADDR_LINK_LOCAL[] = "169.254.0.1";
3472 constexpr char ADDR_MULTICAST[] = "224.0.0.1";
3473 constexpr char ADDR_LIMITED_BROADCAST[] = "255.255.255.255";
3474
3475 constexpr char listen_addr[] = "::1";
3476
3477 test::DNSResponder dns(listen_addr);
3478 StartDns(dns, {});
3479 const std::vector<std::string> servers = {listen_addr};
3480 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3481 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3482
3483 // clang-format off
3484 static const struct TestConfig {
3485 std::string name;
3486 std::string addr;
3487
3488 std::string asHostName() const { return fmt::format("{}.example.com.", name); }
3489 } testConfigs[]{
3490 {THIS_NETWORK, ADDR_THIS_NETWORK},
3491 {LOOPBACK, ADDR_LOOPBACK},
3492 {LINK_LOCAL, ADDR_LINK_LOCAL},
3493 {MULTICAST, ADDR_MULTICAST},
3494 {LIMITED_BROADCAST, ADDR_LIMITED_BROADCAST}
3495 };
3496 // clang-format on
3497
3498 for (const auto& config : testConfigs) {
3499 const std::string testHostName = config.asHostName();
3500 SCOPED_TRACE(testHostName);
3501
3502 const char* host_name = testHostName.c_str();
3503 dns.addMapping(host_name, ns_type::ns_t_a, config.addr.c_str());
3504
3505 // Expect no result because AF_INET6 is specified and don't synthesize special use IPv4
3506 // address.
3507 addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
3508 ScopedAddrinfo result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
3509 EXPECT_TRUE(result == nullptr);
3510 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3511 dns.clearQueries();
3512
3513 // Expect special use IPv4 address only because AF_UNSPEC is specified and don't synthesize
3514 // special use IPv4 address.
3515 hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3516 result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
3517 EXPECT_TRUE(result != nullptr);
3518 // Expect IPv6 query only. IPv4 answer has been cached in previous query.
3519 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3520 EXPECT_EQ(ToString(result), config.addr);
3521 dns.clearQueries();
3522 }
3523 }
3524
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryWithNullArgumentHints)3525 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryWithNullArgumentHints) {
3526 constexpr char listen_addr[] = "::1";
3527 constexpr char host_name[] = "v4only.example.com.";
3528 constexpr char host_name2[] = "v4v6.example.com.";
3529 const std::vector<DnsRecord> records = {
3530 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3531 {host_name2, ns_type::ns_t_a, "1.2.3.4"},
3532 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3533 };
3534
3535 test::DNSResponder dns(listen_addr);
3536 StartDns(dns, records);
3537 const std::vector<std::string> servers = {listen_addr};
3538 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3539 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3540
3541 // Synthesize AAAA if there is A answer only and AF_UNSPEC (hints NULL) is specified.
3542 // Assign argument hints of getaddrinfo() as null is equivalent to set ai_family AF_UNSPEC,
3543 // ai_socktype 0 (any), and ai_protocol 0 (any). Note the setting ai_socktype 0 (any) causes
3544 // that every address will appear twice, once for SOCK_STREAM and one for SOCK_DGRAM.
3545 // See resolv_getaddrinfo in packages/modules/DnsResolver/getaddrinfo.cpp.
3546 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, nullptr);
3547 EXPECT_TRUE(result != nullptr);
3548 EXPECT_LE(2U, GetNumQueries(dns, host_name));
3549 EXPECT_THAT(ToStrings(result),
3550 testing::ElementsAre("64:ff9b::102:304", "64:ff9b::102:304", "1.2.3.4", "1.2.3.4"));
3551 dns.clearQueries();
3552
3553 // Do not synthesize AAAA if there's at least one AAAA answer.
3554 // The reason which the addresses appear twice is as mentioned above.
3555 result = safe_getaddrinfo("v4v6", nullptr, nullptr);
3556 EXPECT_TRUE(result != nullptr);
3557 EXPECT_LE(2U, GetNumQueries(dns, host_name2));
3558 EXPECT_THAT(ToStrings(result),
3559 testing::UnorderedElementsAre("2001:db8::102:304", "2001:db8::102:304", "1.2.3.4",
3560 "1.2.3.4"));
3561 }
3562
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryNullArgumentNode)3563 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryNullArgumentNode) {
3564 constexpr char ADDR_ANYADDR_V4[] = "0.0.0.0";
3565 constexpr char ADDR_ANYADDR_V6[] = "::";
3566 constexpr char ADDR_LOCALHOST_V4[] = "127.0.0.1";
3567 constexpr char ADDR_LOCALHOST_V6[] = "::1";
3568
3569 constexpr char PORT_NAME_HTTP[] = "http";
3570 constexpr char PORT_NUMBER_HTTP[] = "80";
3571
3572 constexpr char listen_addr[] = "::1";
3573
3574 test::DNSResponder dns(listen_addr);
3575 StartDns(dns, {});
3576 const std::vector<std::string> servers = {listen_addr};
3577 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3578 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3579
3580 // clang-format off
3581 // If node is null, return address is listed by libc/getaddrinfo.c as follows.
3582 // - passive socket -> anyaddr (0.0.0.0 or ::)
3583 // - non-passive socket -> localhost (127.0.0.1 or ::1)
3584 static const struct TestConfig {
3585 int flag;
3586 std::string addr_v4;
3587 std::string addr_v6;
3588
3589 std::string asParameters() const {
3590 return fmt::format("flag={}, addr_v4={}, addr_v6={}", flag, addr_v4,
3591 addr_v6);
3592 }
3593 } testConfigs[]{
3594 {0 /* non-passive */, ADDR_LOCALHOST_V4, ADDR_LOCALHOST_V6},
3595 {AI_PASSIVE, ADDR_ANYADDR_V4, ADDR_ANYADDR_V6}
3596 };
3597 // clang-format on
3598
3599 for (const auto& config : testConfigs) {
3600 SCOPED_TRACE(config.asParameters());
3601
3602 addrinfo hints = {
3603 .ai_flags = config.flag,
3604 .ai_family = AF_UNSPEC, // any address family
3605 .ai_socktype = 0, // any type
3606 .ai_protocol = 0, // any protocol
3607 };
3608
3609 // Assign hostname as null and service as port name.
3610 ScopedAddrinfo result = safe_getaddrinfo(nullptr, PORT_NAME_HTTP, &hints);
3611 ASSERT_TRUE(result != nullptr);
3612
3613 // Can't be synthesized because it should not get into Netd.
3614 // Every address appears twice, once for SOCK_STREAM and one for SOCK_DGRAM because the
3615 // socket type is not specified.
3616 EXPECT_THAT(ToStrings(result),
3617 testing::UnorderedElementsAre(config.addr_v4, config.addr_v4, config.addr_v6,
3618 config.addr_v6));
3619
3620 // Assign hostname as null and service as numeric port number.
3621 hints.ai_flags = config.flag | AI_NUMERICSERV;
3622 result = safe_getaddrinfo(nullptr, PORT_NUMBER_HTTP, &hints);
3623 ASSERT_TRUE(result != nullptr);
3624
3625 // Can't be synthesized because it should not get into Netd.
3626 // The reason which the addresses appear twice is as mentioned above.
3627 EXPECT_THAT(ToStrings(result),
3628 testing::UnorderedElementsAre(config.addr_v4, config.addr_v4, config.addr_v6,
3629 config.addr_v6));
3630 }
3631 }
3632
TEST_F(ResolverTest,GetHostByAddr_ReverseDnsQueryWithHavingNat64Prefix)3633 TEST_F(ResolverTest, GetHostByAddr_ReverseDnsQueryWithHavingNat64Prefix) {
3634 struct hostent* result = nullptr;
3635 struct in_addr v4addr;
3636 struct in6_addr v6addr;
3637
3638 constexpr char listen_addr[] = "::1";
3639 constexpr char ptr_name[] = "v4v6.example.com.";
3640 // PTR record for IPv4 address 1.2.3.4
3641 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3642 // PTR record for IPv6 address 2001:db8::102:304
3643 constexpr char ptr_addr_v6[] =
3644 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.";
3645 const std::vector<DnsRecord> records = {
3646 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3647 {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name},
3648 };
3649
3650 test::DNSResponder dns(listen_addr);
3651 StartDns(dns, records);
3652 const std::vector<std::string> servers = {listen_addr};
3653 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3654 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3655
3656 // Reverse IPv4 DNS query. Prefix should have no effect on it.
3657 inet_pton(AF_INET, "1.2.3.4", &v4addr);
3658 result = gethostbyaddr(&v4addr, sizeof(v4addr), AF_INET);
3659 ASSERT_TRUE(result != nullptr);
3660 std::string result_str = result->h_name ? result->h_name : "null";
3661 EXPECT_EQ(result_str, "v4v6.example.com");
3662
3663 // Reverse IPv6 DNS query. Prefix should have no effect on it.
3664 inet_pton(AF_INET6, "2001:db8::102:304", &v6addr);
3665 result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3666 ASSERT_TRUE(result != nullptr);
3667 result_str = result->h_name ? result->h_name : "null";
3668 EXPECT_EQ(result_str, "v4v6.example.com");
3669 }
3670
TEST_F(ResolverTest,GetHostByAddr_ReverseDns64Query)3671 TEST_F(ResolverTest, GetHostByAddr_ReverseDns64Query) {
3672 constexpr char listen_addr[] = "::1";
3673 constexpr char ptr_name[] = "v4only.example.com.";
3674 // PTR record for IPv4 address 1.2.3.4
3675 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3676 // PTR record for IPv6 address 64:ff9b::1.2.3.4
3677 constexpr char ptr_addr_v6_nomapping[] =
3678 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3679 constexpr char ptr_name_v6_synthesis[] = "v6synthesis.example.com.";
3680 // PTR record for IPv6 address 64:ff9b::5.6.7.8
3681 constexpr char ptr_addr_v6_synthesis[] =
3682 "8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3683 const std::vector<DnsRecord> records = {
3684 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3685 {ptr_addr_v6_synthesis, ns_type::ns_t_ptr, ptr_name_v6_synthesis},
3686 };
3687
3688 test::DNSResponder dns(listen_addr);
3689 StartDns(dns, records);
3690 // "ptr_addr_v6_nomapping" is not mapped in DNS server
3691 const std::vector<std::string> servers = {listen_addr};
3692 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3693 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3694
3695 // Synthesized PTR record doesn't exist on DNS server
3696 // Reverse IPv6 DNS64 query while DNS server doesn't have an answer for synthesized address.
3697 // After querying synthesized address failed, expect that prefix is removed from IPv6
3698 // synthesized address and do reverse IPv4 query instead.
3699 struct in6_addr v6addr;
3700 inet_pton(AF_INET6, "64:ff9b::1.2.3.4", &v6addr);
3701 struct hostent* result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3702 ASSERT_TRUE(result != nullptr);
3703 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_nomapping)); // PTR record not exist
3704 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4)); // PTR record exist
3705 std::string result_str = result->h_name ? result->h_name : "null";
3706 EXPECT_EQ(result_str, "v4only.example.com");
3707 // Check that return address has been mapped from IPv4 to IPv6 address because Netd
3708 // removes NAT64 prefix and does IPv4 DNS reverse lookup in this case. Then, Netd
3709 // fakes the return IPv4 address as original queried IPv6 address.
3710 result_str = ToString(result);
3711 EXPECT_EQ(result_str, "64:ff9b::102:304");
3712 dns.clearQueries();
3713
3714 // Synthesized PTR record exists on DNS server
3715 // Reverse IPv6 DNS64 query while DNS server has an answer for synthesized address.
3716 // Expect to Netd pass through synthesized address for DNS queries.
3717 inet_pton(AF_INET6, "64:ff9b::5.6.7.8", &v6addr);
3718 result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3719 ASSERT_TRUE(result != nullptr);
3720 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_synthesis));
3721 result_str = result->h_name ? result->h_name : "null";
3722 EXPECT_EQ(result_str, "v6synthesis.example.com");
3723 }
3724
TEST_F(ResolverTest,GetHostByAddr_ReverseDns64QueryFromHostFile)3725 TEST_F(ResolverTest, GetHostByAddr_ReverseDns64QueryFromHostFile) {
3726 constexpr char host_name[] = "localhost";
3727 // The address is synthesized by prefix64:localhost.
3728 constexpr char host_addr[] = "64:ff9b::7f00:1";
3729 constexpr char listen_addr[] = "::1";
3730
3731 test::DNSResponder dns(listen_addr);
3732 StartDns(dns, {});
3733 const std::vector<std::string> servers = {listen_addr};
3734 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3735 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3736
3737 // Using synthesized "localhost" address to be a trick for resolving host name
3738 // from host file /etc/hosts and "localhost" is the only name in /etc/hosts. Note that this is
3739 // not realistic: the code never synthesizes AAAA records for addresses in 127.0.0.0/8.
3740 struct in6_addr v6addr;
3741 inet_pton(AF_INET6, host_addr, &v6addr);
3742 struct hostent* result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3743 ASSERT_TRUE(result != nullptr);
3744 // Expect no DNS queries; localhost is resolved via /etc/hosts.
3745 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3746
3747 ASSERT_EQ(sizeof(in6_addr), (unsigned)result->h_length);
3748 ASSERT_EQ(AF_INET6, result->h_addrtype);
3749 std::string result_str = ToString(result);
3750 EXPECT_EQ(result_str, host_addr);
3751 result_str = result->h_name ? result->h_name : "null";
3752 EXPECT_EQ(result_str, host_name);
3753 }
3754
TEST_F(ResolverTest,GetHostByAddr_cnamesClasslessReverseDelegation)3755 TEST_F(ResolverTest, GetHostByAddr_cnamesClasslessReverseDelegation) {
3756 // IPv4 addresses in the subnet with notation '/' or '-'.
3757 constexpr char addr_slash[] = "192.0.2.1";
3758 constexpr char addr_hyphen[] = "192.0.3.1";
3759
3760 // Used to verify DNS reverse query for classless reverse lookup zone. See detail in RFC 2317
3761 // section 4.
3762 const static std::vector<DnsRecord> records = {
3763 // The records for reverse querying "192.0.2.1" in the subnet with notation '/'.
3764 {"1.2.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0/25.2.0.192.in-addr.arpa."},
3765 {"1.0/25.2.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3766
3767 // The records for reverse querying "192.0.3.1" in the subnet with notation '-'.
3768 {"1.3.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0-127.3.0.192.in-addr.arpa."},
3769 {"1.0-127.3.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3770 };
3771
3772 test::DNSResponder dns;
3773 StartDns(dns, records);
3774 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3775
3776 for (const auto& address : {addr_slash, addr_hyphen}) {
3777 SCOPED_TRACE(address);
3778
3779 in_addr v4addr;
3780 ASSERT_TRUE(inet_pton(AF_INET, address, &v4addr));
3781 hostent* result = gethostbyaddr(&v4addr, sizeof(v4addr), AF_INET);
3782 ASSERT_TRUE(result != nullptr);
3783 EXPECT_STREQ("hello.example.com", result->h_name);
3784 }
3785 }
3786
TEST_F(ResolverTest,GetNameInfo_ReverseDnsQueryWithHavingNat64Prefix)3787 TEST_F(ResolverTest, GetNameInfo_ReverseDnsQueryWithHavingNat64Prefix) {
3788 constexpr char listen_addr[] = "::1";
3789 constexpr char ptr_name[] = "v4v6.example.com.";
3790 // PTR record for IPv4 address 1.2.3.4
3791 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3792 // PTR record for IPv6 address 2001:db8::102:304
3793 constexpr char ptr_addr_v6[] =
3794 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.";
3795 const std::vector<DnsRecord> records = {
3796 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3797 {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name},
3798 };
3799
3800 test::DNSResponder dns(listen_addr);
3801 StartDns(dns, records);
3802 const std::vector<std::string> servers = {listen_addr};
3803 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3804 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3805
3806 // clang-format off
3807 static const struct TestConfig {
3808 int flag;
3809 int family;
3810 std::string addr;
3811 std::string host;
3812
3813 std::string asParameters() const {
3814 return fmt::format("flag={}, family={}, addr={}, host={}", flag, family, addr,
3815 host);
3816 }
3817 } testConfigs[]{
3818 {NI_NAMEREQD, AF_INET, "1.2.3.4", "v4v6.example.com"},
3819 {NI_NUMERICHOST, AF_INET, "1.2.3.4", "1.2.3.4"},
3820 {0, AF_INET, "1.2.3.4", "v4v6.example.com"},
3821 {0, AF_INET, "5.6.7.8", "5.6.7.8"}, // unmapped
3822 {NI_NAMEREQD, AF_INET6, "2001:db8::102:304", "v4v6.example.com"},
3823 {NI_NUMERICHOST, AF_INET6, "2001:db8::102:304", "2001:db8::102:304"},
3824 {0, AF_INET6, "2001:db8::102:304", "v4v6.example.com"},
3825 {0, AF_INET6, "2001:db8::506:708", "2001:db8::506:708"}, // unmapped
3826 };
3827 // clang-format on
3828
3829 // Reverse IPv4/IPv6 DNS query. Prefix should have no effect on it.
3830 for (const auto& config : testConfigs) {
3831 SCOPED_TRACE(config.asParameters());
3832
3833 int rv;
3834 char host[NI_MAXHOST];
3835 struct sockaddr_in sin;
3836 struct sockaddr_in6 sin6;
3837 if (config.family == AF_INET) {
3838 memset(&sin, 0, sizeof(sin));
3839 sin.sin_family = AF_INET;
3840 inet_pton(AF_INET, config.addr.c_str(), &sin.sin_addr);
3841 rv = getnameinfo((const struct sockaddr*)&sin, sizeof(sin), host, sizeof(host), nullptr,
3842 0, config.flag);
3843 if (config.flag == NI_NAMEREQD) EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4));
3844 } else if (config.family == AF_INET6) {
3845 memset(&sin6, 0, sizeof(sin6));
3846 sin6.sin6_family = AF_INET6;
3847 inet_pton(AF_INET6, config.addr.c_str(), &sin6.sin6_addr);
3848 rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host),
3849 nullptr, 0, config.flag);
3850 if (config.flag == NI_NAMEREQD) EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6));
3851 }
3852 ASSERT_EQ(0, rv);
3853 std::string result_str = host;
3854 EXPECT_EQ(result_str, config.host);
3855 dns.clearQueries();
3856 }
3857 }
3858
TEST_F(ResolverTest,GetNameInfo_ReverseDns64Query)3859 TEST_F(ResolverTest, GetNameInfo_ReverseDns64Query) {
3860 constexpr char listen_addr[] = "::1";
3861 constexpr char ptr_name[] = "v4only.example.com.";
3862 // PTR record for IPv4 address 1.2.3.4
3863 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3864 // PTR record for IPv6 address 64:ff9b::1.2.3.4
3865 constexpr char ptr_addr_v6_nomapping[] =
3866 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3867 constexpr char ptr_name_v6_synthesis[] = "v6synthesis.example.com.";
3868 // PTR record for IPv6 address 64:ff9b::5.6.7.8
3869 constexpr char ptr_addr_v6_synthesis[] =
3870 "8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3871 const std::vector<DnsRecord> records = {
3872 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3873 {ptr_addr_v6_synthesis, ns_type::ns_t_ptr, ptr_name_v6_synthesis},
3874 };
3875
3876 test::DNSResponder dns(listen_addr);
3877 StartDns(dns, records);
3878 const std::vector<std::string> servers = {listen_addr};
3879 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3880 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3881
3882 // clang-format off
3883 static const struct TestConfig {
3884 bool hasSynthesizedPtrRecord;
3885 int flag;
3886 std::string addr;
3887 std::string host;
3888
3889 std::string asParameters() const {
3890 return fmt::format("hasSynthesizedPtrRecord={}, flag={}, addr={}, host={}",
3891 hasSynthesizedPtrRecord, flag, addr, host);
3892 }
3893 } testConfigs[]{
3894 {false, NI_NAMEREQD, "64:ff9b::102:304", "v4only.example.com"},
3895 {false, NI_NUMERICHOST, "64:ff9b::102:304", "64:ff9b::102:304"},
3896 {false, 0, "64:ff9b::102:304", "v4only.example.com"},
3897 {true, NI_NAMEREQD, "64:ff9b::506:708", "v6synthesis.example.com"},
3898 {true, NI_NUMERICHOST, "64:ff9b::506:708", "64:ff9b::506:708"},
3899 {true, 0, "64:ff9b::506:708", "v6synthesis.example.com"}
3900 };
3901 // clang-format on
3902
3903 // hasSynthesizedPtrRecord = false
3904 // Synthesized PTR record doesn't exist on DNS server
3905 // Reverse IPv6 DNS64 query while DNS server doesn't have an answer for synthesized address.
3906 // After querying synthesized address failed, expect that prefix is removed from IPv6
3907 // synthesized address and do reverse IPv4 query instead.
3908 //
3909 // hasSynthesizedPtrRecord = true
3910 // Synthesized PTR record exists on DNS server
3911 // Reverse IPv6 DNS64 query while DNS server has an answer for synthesized address.
3912 // Expect to just pass through synthesized address for DNS queries.
3913 for (const auto& config : testConfigs) {
3914 SCOPED_TRACE(config.asParameters());
3915
3916 char host[NI_MAXHOST];
3917 struct sockaddr_in6 sin6;
3918 memset(&sin6, 0, sizeof(sin6));
3919 sin6.sin6_family = AF_INET6;
3920 inet_pton(AF_INET6, config.addr.c_str(), &sin6.sin6_addr);
3921 int rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host),
3922 nullptr, 0, config.flag);
3923 ASSERT_EQ(0, rv);
3924 if (config.flag == NI_NAMEREQD) {
3925 if (config.hasSynthesizedPtrRecord) {
3926 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_synthesis));
3927 } else {
3928 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_nomapping)); // PTR record not exist.
3929 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4)); // PTR record exist.
3930 }
3931 }
3932 std::string result_str = host;
3933 EXPECT_EQ(result_str, config.host);
3934 dns.clearQueries();
3935 }
3936 }
3937
TEST_F(ResolverTest,GetNameInfo_ReverseDns64QueryFromHostFile)3938 TEST_F(ResolverTest, GetNameInfo_ReverseDns64QueryFromHostFile) {
3939 constexpr char host_name[] = "localhost";
3940 // The address is synthesized by prefix64:localhost.
3941 constexpr char host_addr[] = "64:ff9b::7f00:1";
3942 constexpr char listen_addr[] = "::1";
3943
3944 test::DNSResponder dns(listen_addr);
3945
3946 StartDns(dns, {});
3947 const std::vector<std::string> servers = {listen_addr};
3948 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3949 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3950
3951 // Using synthesized "localhost" address to be a trick for resolving host name
3952 // from host file /etc/hosts and "localhost" is the only name in /etc/hosts. Note that this is
3953 // not realistic: the code never synthesizes AAAA records for addresses in 127.0.0.0/8.
3954 char host[NI_MAXHOST];
3955 struct sockaddr_in6 sin6 = {.sin6_family = AF_INET6};
3956 inet_pton(AF_INET6, host_addr, &sin6.sin6_addr);
3957 int rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host), nullptr,
3958 0, NI_NAMEREQD);
3959 ASSERT_EQ(0, rv);
3960 // Expect no DNS queries; localhost is resolved via /etc/hosts.
3961 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3962
3963 std::string result_str = host;
3964 EXPECT_EQ(result_str, host_name);
3965 }
3966
TEST_F(ResolverTest,GetNameInfo_cnamesClasslessReverseDelegation)3967 TEST_F(ResolverTest, GetNameInfo_cnamesClasslessReverseDelegation) {
3968 // IPv4 addresses in the subnet with notation '/' or '-'.
3969 constexpr char addr_slash[] = "192.0.2.1";
3970 constexpr char addr_hyphen[] = "192.0.3.1";
3971
3972 // Used to verify DNS reverse query for classless reverse lookup zone. See detail in RFC 2317
3973 // section 4.
3974 const static std::vector<DnsRecord> records = {
3975 // The records for reverse querying "192.0.2.1" in the subnet with notation '/'.
3976 {"1.2.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0/25.2.0.192.in-addr.arpa."},
3977 {"1.0/25.2.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3978
3979 // The records for reverse querying "192.0.3.1" in the subnet with notation '-'.
3980 {"1.3.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0-127.3.0.192.in-addr.arpa."},
3981 {"1.0-127.3.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3982 };
3983
3984 test::DNSResponder dns;
3985 StartDns(dns, records);
3986 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3987
3988 for (const auto& address : {addr_slash, addr_hyphen}) {
3989 SCOPED_TRACE(address);
3990
3991 char host[NI_MAXHOST];
3992 sockaddr_in sin = {.sin_family = AF_INET};
3993 ASSERT_TRUE(inet_pton(AF_INET, address, &sin.sin_addr));
3994 int rv = getnameinfo((const sockaddr*)&sin, sizeof(sin), host, sizeof(host), nullptr, 0,
3995 NI_NAMEREQD);
3996 ASSERT_EQ(0, rv);
3997 EXPECT_STREQ("hello.example.com", host);
3998 }
3999 }
4000
TEST_F(ResolverTest,GetHostByName2_Dns64Synthesize)4001 TEST_F(ResolverTest, GetHostByName2_Dns64Synthesize) {
4002 constexpr char listen_addr[] = "::1";
4003 constexpr char host_name[] = "ipv4only.example.com.";
4004 const std::vector<DnsRecord> records = {
4005 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4006 };
4007
4008 test::DNSResponder dns(listen_addr);
4009 StartDns(dns, records);
4010 const std::vector<std::string> servers = {listen_addr};
4011 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4012 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4013
4014 // Query an IPv4-only hostname. Expect that gets a synthesized address.
4015 struct hostent* result = gethostbyname2("ipv4only", AF_INET6);
4016 ASSERT_TRUE(result != nullptr);
4017 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4018 std::string result_str = ToString(result);
4019 EXPECT_EQ(result_str, "64:ff9b::102:304");
4020 }
4021
TEST_F(ResolverTest,GetHostByName2_DnsQueryWithHavingNat64Prefix)4022 TEST_F(ResolverTest, GetHostByName2_DnsQueryWithHavingNat64Prefix) {
4023 constexpr char host_name[] = "v4v6.example.com.";
4024 constexpr char listen_addr[] = "::1";
4025 const std::vector<DnsRecord> records = {
4026 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4027 {host_name, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
4028 };
4029
4030 test::DNSResponder dns(listen_addr);
4031 StartDns(dns, records);
4032 const std::vector<std::string> servers = {listen_addr};
4033 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4034 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4035
4036 // IPv4 DNS query. Prefix should have no effect on it.
4037 struct hostent* result = gethostbyname2("v4v6", AF_INET);
4038 ASSERT_TRUE(result != nullptr);
4039 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4040 std::string result_str = ToString(result);
4041 EXPECT_EQ(result_str, "1.2.3.4");
4042 dns.clearQueries();
4043
4044 // IPv6 DNS query. Prefix should have no effect on it.
4045 result = gethostbyname2("v4v6", AF_INET6);
4046 ASSERT_TRUE(result != nullptr);
4047 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4048 result_str = ToString(result);
4049 EXPECT_EQ(result_str, "2001:db8::102:304");
4050 }
4051
TEST_F(ResolverTest,GetHostByName2_Dns64QuerySpecialUseIPv4Addresses)4052 TEST_F(ResolverTest, GetHostByName2_Dns64QuerySpecialUseIPv4Addresses) {
4053 constexpr char THIS_NETWORK[] = "this_network";
4054 constexpr char LOOPBACK[] = "loopback";
4055 constexpr char LINK_LOCAL[] = "link_local";
4056 constexpr char MULTICAST[] = "multicast";
4057 constexpr char LIMITED_BROADCAST[] = "limited_broadcast";
4058
4059 constexpr char ADDR_THIS_NETWORK[] = "0.0.0.1";
4060 constexpr char ADDR_LOOPBACK[] = "127.0.0.1";
4061 constexpr char ADDR_LINK_LOCAL[] = "169.254.0.1";
4062 constexpr char ADDR_MULTICAST[] = "224.0.0.1";
4063 constexpr char ADDR_LIMITED_BROADCAST[] = "255.255.255.255";
4064
4065 constexpr char listen_addr[] = "::1";
4066
4067 test::DNSResponder dns(listen_addr);
4068 StartDns(dns, {});
4069 const std::vector<std::string> servers = {listen_addr};
4070 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4071 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4072
4073 // clang-format off
4074 static const struct TestConfig {
4075 std::string name;
4076 std::string addr;
4077
4078 std::string asHostName() const {
4079 return fmt::format("{}.example.com.", name);
4080 }
4081 } testConfigs[]{
4082 {THIS_NETWORK, ADDR_THIS_NETWORK},
4083 {LOOPBACK, ADDR_LOOPBACK},
4084 {LINK_LOCAL, ADDR_LINK_LOCAL},
4085 {MULTICAST, ADDR_MULTICAST},
4086 {LIMITED_BROADCAST, ADDR_LIMITED_BROADCAST}
4087 };
4088 // clang-format on
4089
4090 for (const auto& config : testConfigs) {
4091 const std::string testHostName = config.asHostName();
4092 SCOPED_TRACE(testHostName);
4093
4094 const char* host_name = testHostName.c_str();
4095 dns.addMapping(host_name, ns_type::ns_t_a, config.addr.c_str());
4096
4097 struct hostent* result = gethostbyname2(config.name.c_str(), AF_INET6);
4098 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4099
4100 // In AF_INET6 case, don't synthesize special use IPv4 address.
4101 // Expect to have no answer
4102 EXPECT_EQ(nullptr, result);
4103
4104 dns.clearQueries();
4105 }
4106 }
4107
TEST_F(ResolverTest,PrefixDiscoveryBypassTls)4108 TEST_F(ResolverTest, PrefixDiscoveryBypassTls) {
4109 constexpr char listen_addr[] = "::1";
4110 constexpr char dns64_name[] = "ipv4only.arpa.";
4111 const std::vector<std::string> servers = {listen_addr};
4112
4113 test::DNSResponder dns(listen_addr);
4114 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});
4115 test::DnsTlsFrontend tls(listen_addr, "853", listen_addr, "53");
4116 ASSERT_TRUE(tls.startServer());
4117
4118 for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) {
4119 SCOPED_TRACE(fmt::format("testConfig: [{}]", dnsMode));
4120 auto builder = ResolverParams::Builder().setDnsServers(servers).setDotServers(servers);
4121 if (dnsMode == "STRICT") {
4122 builder.setPrivateDnsProvider(kDefaultPrivateDnsHostName);
4123 }
4124 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.build()));
4125 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4126 EXPECT_TRUE(tls.waitForQueries(1));
4127 tls.clearQueries();
4128
4129 // Start NAT64 prefix discovery.
4130 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
4131 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4132
4133 // Verify that the DNS query for the NAT64 prefix bypassed private DNS.
4134 EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();
4135 EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();
4136
4137 // Stop the prefix discovery to make DnsResolver send the prefix-removed event
4138 // earlier. Without this, DnsResolver still sends the event once the network
4139 // is destroyed; however, it will fail the next test if the test unexpectedly
4140 // receives the event that it doesn't want.
4141 EXPECT_TRUE(mDnsClient.resolvService()->stopPrefix64Discovery(TEST_NETID).isOk());
4142 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
4143
4144 dns.clearQueries();
4145 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
4146 }
4147
4148 EXPECT_EQ(0, sDnsMetricsListener->getUnexpectedNat64PrefixUpdates());
4149 EXPECT_EQ(0, sUnsolicitedEventListener->getUnexpectedNat64PrefixUpdates());
4150 }
4151
TEST_F(ResolverTest,SetAndClearNat64Prefix)4152 TEST_F(ResolverTest, SetAndClearNat64Prefix) {
4153 constexpr char host_name[] = "v4.example.com.";
4154 constexpr char listen_addr[] = "::1";
4155 const std::vector<DnsRecord> records = {
4156 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4157 };
4158
4159 test::DNSResponder dns(listen_addr);
4160 StartDns(dns, records);
4161 const std::vector<std::string> servers = {listen_addr};
4162 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4163
4164 auto resolvService = mDnsClient.resolvService();
4165 addrinfo hints = {.ai_family = AF_INET6};
4166
4167 // No NAT64 prefix, no AAAA record.
4168 ScopedAddrinfo result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4169 ASSERT_TRUE(result == nullptr);
4170
4171 // Set the prefix, and expect to get a synthesized AAAA record.
4172 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix2).isOk());
4173 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4174 ASSERT_FALSE(result == nullptr);
4175 EXPECT_EQ("2001:db8:6464::102:304", ToString(result));
4176
4177 // Update the prefix, expect to see AAAA records from the new prefix.
4178 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4179 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4180 ASSERT_FALSE(result == nullptr);
4181 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4182
4183 // Non-/96 prefixes are ignored.
4184 auto status = resolvService->setPrefix64(TEST_NETID, "64:ff9b::/64");
4185 EXPECT_FALSE(status.isOk());
4186 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4187 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4188
4189 // Invalid prefixes are ignored.
4190 status = resolvService->setPrefix64(TEST_NETID, "192.0.2.0/24");
4191 EXPECT_FALSE(status.isOk());
4192 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4193 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4194
4195 status = resolvService->setPrefix64(TEST_NETID, "192.0.2.1");
4196 EXPECT_FALSE(status.isOk());
4197 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4198 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4199
4200 status = resolvService->setPrefix64(TEST_NETID, "hello");
4201 EXPECT_FALSE(status.isOk());
4202 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4203 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4204
4205 // DNS64 synthesis is still working.
4206 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4207 ASSERT_FALSE(result == nullptr);
4208 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4209
4210 // Clear the prefix. No AAAA records any more.
4211 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, "").isOk());
4212 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4213 EXPECT_TRUE(result == nullptr);
4214
4215 // Calling startPrefix64Discovery clears the prefix.
4216 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4217 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4218 ASSERT_FALSE(result == nullptr);
4219 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4220
4221 EXPECT_TRUE(resolvService->startPrefix64Discovery(TEST_NETID).isOk());
4222 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4223 ASSERT_TRUE(result == nullptr);
4224
4225 // setPrefix64 fails if prefix discovery is started, even if no prefix is yet discovered...
4226 status = resolvService->setPrefix64(TEST_NETID, kNat64Prefix);
4227 EXPECT_FALSE(status.isOk());
4228 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4229 EXPECT_EQ(EEXIST, status.getServiceSpecificError());
4230
4231 // .. and clearing the prefix also has no effect.
4232 status = resolvService->setPrefix64(TEST_NETID, "");
4233 EXPECT_FALSE(status.isOk());
4234 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4235 EXPECT_EQ(ENOENT, status.getServiceSpecificError());
4236
4237 // setPrefix64 succeeds again when prefix discovery is stopped.
4238 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4239 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4240 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4241 ASSERT_FALSE(result == nullptr);
4242 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4243
4244 // Calling stopPrefix64Discovery clears the prefix.
4245 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4246 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4247 ASSERT_TRUE(result == nullptr);
4248
4249 // Set up NAT64 prefix discovery.
4250 constexpr char dns64_name[] = "ipv4only.arpa.";
4251 const std::vector<DnsRecord> newRecords = {
4252 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4253 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
4254 };
4255 dns.stopServer();
4256 StartDns(dns, newRecords);
4257
4258 EXPECT_TRUE(resolvService->startPrefix64Discovery(TEST_NETID).isOk());
4259 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4260 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4261 ASSERT_FALSE(result == nullptr);
4262 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4263
4264 // setPrefix64 fails if NAT64 prefix discovery has succeeded, and the discovered prefix
4265 // continues to be used.
4266 status = resolvService->setPrefix64(TEST_NETID, kNat64Prefix2);
4267 EXPECT_FALSE(status.isOk());
4268 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4269 EXPECT_EQ(EEXIST, status.getServiceSpecificError());
4270
4271 // Clearing the prefix also has no effect if discovery is started.
4272 status = resolvService->setPrefix64(TEST_NETID, "");
4273 EXPECT_FALSE(status.isOk());
4274 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4275 EXPECT_EQ(ENOENT, status.getServiceSpecificError());
4276
4277 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4278 ASSERT_FALSE(result == nullptr);
4279 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4280
4281 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4282 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
4283
4284 EXPECT_EQ(0, sDnsMetricsListener->getUnexpectedNat64PrefixUpdates());
4285 EXPECT_EQ(0, sUnsolicitedEventListener->getUnexpectedNat64PrefixUpdates());
4286 }
4287
4288 namespace {
4289
4290 class ScopedSetNetworkForProcess {
4291 public:
ScopedSetNetworkForProcess(unsigned netId)4292 explicit ScopedSetNetworkForProcess(unsigned netId) {
4293 mStoredNetId = getNetworkForProcess();
4294 if (netId == mStoredNetId) return;
4295 EXPECT_EQ(0, setNetworkForProcess(netId));
4296 }
~ScopedSetNetworkForProcess()4297 ~ScopedSetNetworkForProcess() { EXPECT_EQ(0, setNetworkForProcess(mStoredNetId)); }
4298
4299 private:
4300 unsigned mStoredNetId;
4301 };
4302
4303 class ScopedSetNetworkForResolv {
4304 public:
ScopedSetNetworkForResolv(unsigned netId)4305 explicit ScopedSetNetworkForResolv(unsigned netId) { EXPECT_EQ(0, setNetworkForResolv(netId)); }
~ScopedSetNetworkForResolv()4306 ~ScopedSetNetworkForResolv() { EXPECT_EQ(0, setNetworkForResolv(NETID_UNSET)); }
4307 };
4308
sendCommand(int fd,const std::string & cmd)4309 void sendCommand(int fd, const std::string& cmd) {
4310 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size() + 1));
4311 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size() + 1));
4312 }
4313
readBE32(int fd)4314 int32_t readBE32(int fd) {
4315 int32_t tmp;
4316 int n = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
4317 EXPECT_TRUE(n > 0);
4318 return ntohl(tmp);
4319 }
4320
readResponseCode(int fd)4321 int readResponseCode(int fd) {
4322 char buf[4];
4323 int n = TEMP_FAILURE_RETRY(read(fd, &buf, sizeof(buf)));
4324 EXPECT_TRUE(n > 0);
4325 // The format of response code is that 4 bytes for the code & null.
4326 buf[3] = '\0';
4327 int result;
4328 EXPECT_TRUE(ParseInt(buf, &result));
4329 return result;
4330 }
4331
checkAndClearUseLocalNameserversFlag(unsigned * netid)4332 bool checkAndClearUseLocalNameserversFlag(unsigned* netid) {
4333 if (netid == nullptr || ((*netid) & NETID_USE_LOCAL_NAMESERVERS) == 0) {
4334 return false;
4335 }
4336 *netid = (*netid) & ~NETID_USE_LOCAL_NAMESERVERS;
4337 return true;
4338 }
4339
makeUidRangeParcel(int start,int stop)4340 aidl::android::net::UidRangeParcel makeUidRangeParcel(int start, int stop) {
4341 aidl::android::net::UidRangeParcel res;
4342 res.start = start;
4343 res.stop = stop;
4344
4345 return res;
4346 }
4347
expectNetIdWithLocalNameserversFlag(unsigned netId)4348 void expectNetIdWithLocalNameserversFlag(unsigned netId) {
4349 unsigned dnsNetId = 0;
4350 EXPECT_EQ(0, getNetworkForDns(&dnsNetId));
4351 EXPECT_TRUE(checkAndClearUseLocalNameserversFlag(&dnsNetId));
4352 EXPECT_EQ(netId, static_cast<unsigned>(dnsNetId));
4353 }
4354
expectDnsNetIdEquals(unsigned netId)4355 void expectDnsNetIdEquals(unsigned netId) {
4356 unsigned dnsNetId = 0;
4357 EXPECT_EQ(0, getNetworkForDns(&dnsNetId));
4358 EXPECT_EQ(netId, static_cast<unsigned>(dnsNetId));
4359 }
4360
expectDnsNetIdIsDefaultNetwork(INetd * netdService)4361 void expectDnsNetIdIsDefaultNetwork(INetd* netdService) {
4362 int currentNetid;
4363 EXPECT_TRUE(netdService->networkGetDefault(¤tNetid).isOk());
4364 expectDnsNetIdEquals(currentNetid);
4365 }
4366
expectDnsNetIdWithVpn(INetd * netdService,unsigned vpnNetId,unsigned expectedNetId)4367 void expectDnsNetIdWithVpn(INetd* netdService, unsigned vpnNetId, unsigned expectedNetId) {
4368 if (DnsResponderClient::isRemoteVersionSupported(netdService, 6)) {
4369 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
4370 vpnNetId, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE, /*secure=*/false);
4371 EXPECT_TRUE(netdService->networkCreate(config).isOk());
4372 } else {
4373 #pragma clang diagnostic push
4374 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
4375 EXPECT_TRUE(netdService->networkCreateVpn(vpnNetId, false /* secure */).isOk());
4376 #pragma clang diagnostic pop
4377 }
4378
4379 uid_t uid = getuid();
4380 // Add uid to VPN
4381 EXPECT_TRUE(netdService->networkAddUidRanges(vpnNetId, {makeUidRangeParcel(uid, uid)}).isOk());
4382 expectDnsNetIdEquals(expectedNetId);
4383 EXPECT_TRUE(netdService->networkDestroy(vpnNetId).isOk());
4384 }
4385
4386 } // namespace
4387
TEST_F(ResolverTest,getDnsNetId)4388 TEST_F(ResolverTest, getDnsNetId) {
4389 // We've called setNetworkForProcess in SetupOemNetwork, so reset to default first.
4390 setNetworkForProcess(NETID_UNSET);
4391
4392 expectDnsNetIdIsDefaultNetwork(mDnsClient.netdService());
4393 expectDnsNetIdWithVpn(mDnsClient.netdService(), TEST_VPN_NETID, TEST_VPN_NETID);
4394
4395 // Test with setNetworkForProcess
4396 {
4397 ScopedSetNetworkForProcess scopedSetNetworkForProcess(TEST_NETID);
4398 expectDnsNetIdEquals(TEST_NETID);
4399 }
4400
4401 // Test with setNetworkForProcess with NETID_USE_LOCAL_NAMESERVERS
4402 {
4403 ScopedSetNetworkForProcess scopedSetNetworkForProcess(TEST_NETID |
4404 NETID_USE_LOCAL_NAMESERVERS);
4405 expectNetIdWithLocalNameserversFlag(TEST_NETID);
4406 }
4407
4408 // Test with setNetworkForResolv
4409 {
4410 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID);
4411 expectDnsNetIdEquals(TEST_NETID);
4412 }
4413
4414 // Test with setNetworkForResolv with NETID_USE_LOCAL_NAMESERVERS
4415 {
4416 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID |
4417 NETID_USE_LOCAL_NAMESERVERS);
4418 expectNetIdWithLocalNameserversFlag(TEST_NETID);
4419 }
4420
4421 // Test with setNetworkForResolv under bypassable vpn
4422 {
4423 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID);
4424 expectDnsNetIdWithVpn(mDnsClient.netdService(), TEST_VPN_NETID, TEST_NETID);
4425 }
4426
4427 // Create socket connected to DnsProxyListener
4428 int fd = dns_open_proxy();
4429 EXPECT_TRUE(fd > 0);
4430 unique_fd ufd(fd);
4431
4432 // Test command with wrong netId
4433 sendCommand(fd, "getdnsnetid abc");
4434 EXPECT_EQ(ResponseCode::DnsProxyQueryResult, readResponseCode(fd));
4435 EXPECT_EQ(-EINVAL, readBE32(fd));
4436
4437 // Test unsupported command
4438 sendCommand(fd, "getdnsnetidNotSupported");
4439 // Keep in sync with FrameworkListener.cpp (500, "Command not recognized")
4440 EXPECT_EQ(500, readResponseCode(fd));
4441 }
4442
TEST_F(ResolverTest,BlockDnsQueryWithUidRule)4443 TEST_F(ResolverTest, BlockDnsQueryWithUidRule) {
4444 SKIP_IF_BPF_NOT_SUPPORTED;
4445 constexpr char listen_addr1[] = "127.0.0.4";
4446 constexpr char listen_addr2[] = "::1";
4447 constexpr char host_name[] = "howdy.example.com.";
4448 const std::vector<DnsRecord> records = {
4449 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4450 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4451 };
4452 INetd* netdService = mDnsClient.netdService();
4453
4454 test::DNSResponder dns1(listen_addr1);
4455 test::DNSResponder dns2(listen_addr2);
4456 StartDns(dns1, records);
4457 StartDns(dns2, records);
4458
4459 std::vector<std::string> servers = {listen_addr1, listen_addr2};
4460 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4461 dns1.clearQueries();
4462 dns2.clearQueries();
4463
4464 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4465 // Dns Query
4466 int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4467 int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4468 EXPECT_TRUE(fd1 != -1);
4469 EXPECT_TRUE(fd2 != -1);
4470
4471 uint8_t buf1[MAXPACKET] = {};
4472 uint8_t buf2[MAXPACKET] = {};
4473 int rcode;
4474 int res2 = getAsyncResponse(fd2, &rcode, buf2, MAXPACKET);
4475 int res1 = getAsyncResponse(fd1, &rcode, buf1, MAXPACKET);
4476 // If API level >= 30 (R+), these queries should be blocked.
4477 EXPECT_EQ(res2, -ECONNREFUSED);
4478 EXPECT_EQ(res1, -ECONNREFUSED);
4479 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, EAI_SYSTEM, "howdy.example.com", {});
4480 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, EAI_SYSTEM, "howdy.example.com", {});
4481 }
4482
TEST_F(ResolverTest,GetAddrinfo_BlockDnsQueryWithUidRule)4483 TEST_F(ResolverTest, GetAddrinfo_BlockDnsQueryWithUidRule) {
4484 SKIP_IF_BPF_NOT_SUPPORTED;
4485 constexpr char listen_addr1[] = "127.0.0.4";
4486 constexpr char listen_addr2[] = "::1";
4487 constexpr char host_name[] = "howdy.example.com.";
4488 const std::vector<DnsRecord> records = {
4489 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4490 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4491 };
4492 test::DNSResponder dns1(listen_addr1);
4493 test::DNSResponder dns2(listen_addr2);
4494 StartDns(dns1, records);
4495 StartDns(dns2, records);
4496
4497 std::vector<std::string> servers = {listen_addr1, listen_addr2};
4498 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4499
4500 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
4501
4502 static struct {
4503 const char* hname;
4504 const int expectedErrorCode;
4505 } kTestData[] = {
4506 {host_name, (isAtLeastT() && fs::exists(DNS_HELPER)) ? EAI_FAIL : EAI_NODATA},
4507 // To test the query with search domain.
4508 {"howdy", (isAtLeastT() && fs::exists(DNS_HELPER)) ? EAI_FAIL : EAI_AGAIN},
4509 };
4510
4511 INetd* netdService = mDnsClient.netdService();
4512 for (auto& td : kTestData) {
4513 SCOPED_TRACE(td.hname);
4514 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4515 // If API level >= 30 (R+), these queries should be blocked.
4516 addrinfo* result = nullptr;
4517 // getaddrinfo() in bionic would convert all errors to EAI_NODATA
4518 // except EAI_SYSTEM.
4519 EXPECT_EQ(EAI_NODATA, getaddrinfo(td.hname, nullptr, &hints, &result));
4520 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, td.expectedErrorCode, td.hname, {});
4521 }
4522 }
4523
TEST_F(ResolverTest,EnforceDnsUid)4524 TEST_F(ResolverTest, EnforceDnsUid) {
4525 SKIP_IF_BPF_NOT_SUPPORTED;
4526 constexpr char listen_addr1[] = "127.0.0.4";
4527 constexpr char listen_addr2[] = "::1";
4528 constexpr char host_name[] = "howdy.example.com.";
4529 const std::vector<DnsRecord> records = {
4530 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4531 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4532 };
4533 INetd* netdService = mDnsClient.netdService();
4534
4535 test::DNSResponder dns1(listen_addr1);
4536 test::DNSResponder dns2(listen_addr2);
4537 StartDns(dns1, records);
4538 StartDns(dns2, records);
4539
4540 // switch uid of DNS queries from applications to AID_DNS
4541 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4542 parcel.servers = {listen_addr1, listen_addr2};
4543 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
4544
4545 uint8_t buf[MAXPACKET] = {};
4546 uint8_t buf2[MAXPACKET] = {};
4547 int rcode;
4548 {
4549 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4550 // Dns Queries should be blocked
4551 const int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4552 const int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4553 EXPECT_TRUE(fd1 != -1);
4554 EXPECT_TRUE(fd2 != -1);
4555
4556 const int res2 = getAsyncResponse(fd2, &rcode, buf2, MAXPACKET);
4557 const int res1 = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
4558 // If API level >= 30 (R+), the query should be blocked.
4559 EXPECT_EQ(res2, -ECONNREFUSED);
4560 EXPECT_EQ(res1, -ECONNREFUSED);
4561 }
4562
4563 memset(buf, 0, MAXPACKET);
4564 ResolverOptionsParcel resolverOptions;
4565 resolverOptions.enforceDnsUid = true;
4566 if (!mIsResolverOptionIPCSupported) {
4567 parcel.resolverOptions = resolverOptions;
4568 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
4569 } else {
4570 ASSERT_TRUE(mDnsClient.resolvService()
4571 ->setResolverOptions(parcel.netId, resolverOptions)
4572 .isOk());
4573 }
4574
4575 {
4576 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4577 // Dns Queries should NOT be blocked
4578 int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4579 int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4580 EXPECT_TRUE(fd1 != -1);
4581 EXPECT_TRUE(fd2 != -1);
4582
4583 int res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
4584 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
4585
4586 memset(buf, 0, MAXPACKET);
4587 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
4588 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
4589
4590 // @TODO: So far we know that uid of DNS queries are no more set to DNS requester. But we
4591 // don't check if they are actually being set to AID_DNS, because system uids are always
4592 // allowed in bpf_owner_match(). Audit by firewallSetUidRule(AID_DNS) + sending queries is
4593 // infeasible. Fix it if the behavior of bpf_owner_match() is changed in the future, or if
4594 // we have better idea to deal with this.
4595 }
4596 }
4597
TEST_F(ResolverTest,ConnectTlsServerTimeout)4598 TEST_F(ResolverTest, ConnectTlsServerTimeout) {
4599 constexpr char hostname1[] = "query1.example.com.";
4600 constexpr char hostname2[] = "query2.example.com.";
4601 const std::vector<DnsRecord> records = {
4602 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
4603 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
4604 };
4605
4606 // TODO: Remove it after b/254186357 is clarified.
4607 ASSERT_TRUE(mDnsClient.resolvService()
4608 ->setLogSeverity(aidl::android::net::IDnsResolver::DNS_RESOLVER_LOG_VERBOSE)
4609 .isOk());
4610
4611 static const struct TestConfig {
4612 bool asyncHandshake;
4613 int maxRetries;
4614
4615 // if asyncHandshake:
4616 // expectedTimeout = Min(DotQueryTimeoutMs, dotConnectTimeoutMs * maxRetries)
4617 // otherwise:
4618 // expectedTimeout = dotConnectTimeoutMs
4619 int expectedTimeout;
4620 } testConfigs[] = {
4621 // Test mis-configured dot_maxtries flag.
4622 {false, 0, 1000}, {true, 0, 1000},
4623
4624 {false, 1, 1000}, {false, 3, 1000}, {true, 1, 1000}, {true, 3, 3000},
4625 };
4626
4627 for (const auto& config : testConfigs) {
4628 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", config.asyncHandshake, config.maxRetries));
4629
4630 // Because a DnsTlsTransport lasts at least 5 minutes in spite of network
4631 // destroyed, let the resolver creates an unique DnsTlsTransport every time
4632 // so that the DnsTlsTransport won't interfere the other tests.
4633 const std::string addr = getUniqueIPv4Address();
4634 test::DNSResponder dns(addr);
4635 StartDns(dns, records);
4636 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4637 ASSERT_TRUE(tls.startServer());
4638
4639 // The resolver will adjust the timeout value to 1000ms since the value is too small.
4640 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag, "100");
4641
4642 // Infinite timeout.
4643 ScopedSystemProperties sp2(kDotQueryTimeoutMsFlag, "-1");
4644
4645 ScopedSystemProperties sp3(kDotAsyncHandshakeFlag, config.asyncHandshake ? "1" : "0");
4646 ScopedSystemProperties sp4(kDotMaxretriesFlag, std::to_string(config.maxRetries));
4647
4648 // Don't skip unusable DoT servers and disable revalidation for this test.
4649 ScopedSystemProperties sp5(kDotXportUnusableThresholdFlag, "-1");
4650 ScopedSystemProperties sp6(kDotRevalidationThresholdFlag, "-1");
4651 resetNetwork();
4652
4653 // Set up resolver to opportunistic mode.
4654 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4655 parcel.servers = {addr};
4656 parcel.tlsServers = {addr};
4657 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4658 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4659 EXPECT_TRUE(tls.waitForQueries(1));
4660 tls.clearQueries();
4661 dns.clearQueries();
4662
4663 // The server becomes unresponsive to the handshake request.
4664 tls.setHangOnHandshakeForTesting(true);
4665
4666 // Expect the things happening in getaddrinfo():
4667 // 1. Connect to the private DNS server.
4668 // 2. SSL handshake times out.
4669 // 3. Fallback to UDP transport, and then get the answer.
4670 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
4671 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(hostname1, nullptr, hints);
4672
4673 EXPECT_NE(nullptr, result);
4674 EXPECT_EQ(0, tls.queries());
4675 EXPECT_EQ(1U, GetNumQueries(dns, hostname1));
4676 EXPECT_EQ(records.at(0).addr, ToString(result));
4677
4678 // A loose upper bound is set by adding 1000ms buffer time. Theoretically, getaddrinfo()
4679 // should just take a bit more than expetTimeout milliseconds.
4680 EXPECT_GE(timeTakenMs, config.expectedTimeout);
4681 EXPECT_LE(timeTakenMs, config.expectedTimeout + 1000);
4682
4683 // Set the server to be responsive. Verify that the resolver will attempt to reconnect
4684 // to the server and then get the result within the timeout.
4685 tls.setHangOnHandshakeForTesting(false);
4686 std::tie(result, timeTakenMs) = safe_getaddrinfo_time_taken(hostname2, nullptr, hints);
4687
4688 EXPECT_NE(nullptr, result);
4689 EXPECT_TRUE(tls.waitForQueries(1));
4690 EXPECT_EQ(1U, GetNumQueries(dns, hostname2));
4691 EXPECT_EQ(records.at(1).addr, ToString(result));
4692
4693 EXPECT_LE(timeTakenMs, 1000);
4694 }
4695
4696 // TODO: Remove it after b/254186357 is clarified.
4697 ASSERT_TRUE(mDnsClient.resolvService()
4698 ->setLogSeverity(aidl::android::net::IDnsResolver::DNS_RESOLVER_LOG_INFO)
4699 .isOk());
4700 }
4701
TEST_F(ResolverTest,ConnectTlsServerTimeout_ConcurrentQueries)4702 TEST_F(ResolverTest, ConnectTlsServerTimeout_ConcurrentQueries) {
4703 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4704 constexpr char hostname[] = "hello.example.com.";
4705 const std::vector<DnsRecord> records = {
4706 {hostname, ns_type::ns_t_a, "1.2.3.4"},
4707 };
4708 int testConfigCount = 0;
4709
4710 static const struct TestConfig {
4711 bool asyncHandshake;
4712 int dotConnectTimeoutMs;
4713 int dotQueryTimeoutMs;
4714 int maxRetries;
4715 int concurrency;
4716
4717 // if asyncHandshake:
4718 // expectedTimeout = Min(DotQueryTimeoutMs, dotConnectTimeoutMs * maxRetries)
4719 // otherwise:
4720 // expectedTimeout = dotConnectTimeoutMs * concurrency
4721 int expectedTimeout;
4722 } testConfigs[] = {
4723 // clang-format off
4724 {false, 1000, 3000, 1, 5, 5000},
4725 {false, 1000, 3000, 3, 5, 5000},
4726 {false, 2000, 1500, 3, 2, 4000},
4727 {true, 1000, 3000, 1, 5, 1000},
4728 {true, 2500, 1500, 1, 10, 1500},
4729 {true, 1000, 5000, 3, 5, 3000},
4730 // clang-format on
4731 };
4732
4733 // Launch query threads. Expected behaviors are:
4734 // - when dot_async_handshake is disabled, one of the query threads triggers a
4735 // handshake and then times out. Then same as another query thread, and so forth.
4736 // - when dot_async_handshake is enabled, only one handshake is triggered, and then
4737 // all of the query threads time out at the same time.
4738 for (const auto& config : testConfigs) {
4739 testConfigCount++;
4740 ScopedSystemProperties sp1(kDotQueryTimeoutMsFlag,
4741 std::to_string(config.dotQueryTimeoutMs));
4742 ScopedSystemProperties sp2(kDotConnectTimeoutMsFlag,
4743 std::to_string(config.dotConnectTimeoutMs));
4744 ScopedSystemProperties sp3(kDotAsyncHandshakeFlag, config.asyncHandshake ? "1" : "0");
4745 ScopedSystemProperties sp4(kDotMaxretriesFlag, std::to_string(config.maxRetries));
4746
4747 // Don't skip unusable DoT servers and disable revalidation for this test.
4748 ScopedSystemProperties sp5(kDotXportUnusableThresholdFlag, "-1");
4749 ScopedSystemProperties sp6(kDotRevalidationThresholdFlag, "-1");
4750 resetNetwork();
4751
4752 for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) {
4753 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", testConfigCount, dnsMode));
4754
4755 // Because a DnsTlsTransport lasts at least 5 minutes in spite of network
4756 // destroyed, let the resolver creates an unique DnsTlsTransport every time
4757 // so that the DnsTlsTransport won't interfere the other tests.
4758 const std::string addr = getUniqueIPv4Address();
4759 test::DNSResponder dns(addr);
4760 StartDns(dns, records);
4761 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4762 ASSERT_TRUE(tls.startServer());
4763
4764 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4765 parcel.servers = {addr};
4766 parcel.tlsServers = {addr};
4767 if (dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4768 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4769 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4770 EXPECT_TRUE(tls.waitForQueries(1));
4771
4772 // The server becomes unresponsive to the handshake request.
4773 tls.setHangOnHandshakeForTesting(true);
4774
4775 Stopwatch s;
4776 std::vector<std::thread> threads(config.concurrency);
4777 for (std::thread& thread : threads) {
4778 thread = std::thread([&]() {
4779 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4780 dnsMode == "STRICT" ? expectAnswersNotValid(fd, -ETIMEDOUT)
4781 : expectAnswersValid(fd, AF_INET, "1.2.3.4");
4782 });
4783 }
4784 for (std::thread& thread : threads) {
4785 thread.join();
4786 }
4787
4788 const int timeTakenMs = s.timeTakenUs() / 1000;
4789 // A loose upper bound is set by adding 1000ms buffer time. Theoretically, it should
4790 // just take a bit more than expetTimeout milliseconds for the result.
4791 EXPECT_GE(timeTakenMs, config.expectedTimeout);
4792 EXPECT_LE(timeTakenMs, config.expectedTimeout + 1000);
4793
4794 // Recover the server from being unresponsive and try again.
4795 tls.setHangOnHandshakeForTesting(false);
4796 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4797 if (dnsMode == "STRICT" && config.asyncHandshake &&
4798 config.dotQueryTimeoutMs < (config.dotConnectTimeoutMs * config.maxRetries)) {
4799 // In this case, the connection handshake is supposed to be in progress. Queries
4800 // sent before the handshake finishes will time out (either due to connect timeout
4801 // or query timeout).
4802 expectAnswersNotValid(fd, -ETIMEDOUT);
4803 } else {
4804 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4805 }
4806 }
4807 }
4808 }
4809
4810 // Tests that the DoT query timeout is configurable via the feature flag "dot_query_timeout_ms".
4811 // The test DoT server is configured to postpone DNS queries for DOT_SERVER_UNRESPONSIVE_TIME_MS
4812 // (2s). If the feature flag is set to a positive value smaller than
4813 // DOT_SERVER_UNRESPONSIVE_TIME_MS, DoT queries should timeout.
TEST_F(ResolverTest,QueryTlsServerTimeout)4814 TEST_F(ResolverTest, QueryTlsServerTimeout) {
4815 constexpr int DOT_SERVER_UNRESPONSIVE_TIME_MS = 2000;
4816 constexpr int TIMING_TOLERANCE_MS = 500;
4817 constexpr char hostname1[] = "query1.example.com.";
4818 const std::vector<DnsRecord> records = {
4819 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
4820 };
4821
4822 static const struct TestConfig {
4823 std::string dnsMode;
4824 int queryTimeoutMs;
4825 int expectResultTimedOut;
4826 int expectedTimeTakenMs;
4827 } testConfigs[] = {
4828 // clang-format off
4829 {"OPPORTUNISTIC", -1, false, DOT_SERVER_UNRESPONSIVE_TIME_MS},
4830 {"OPPORTUNISTIC", 1000, false, 1000},
4831 {"STRICT", -1, false, DOT_SERVER_UNRESPONSIVE_TIME_MS},
4832 // `expectResultTimedOut` is true in the following testcase because in strict mode
4833 // DnsResolver doesn't try Do53 servers after the DoT query is timed out.
4834 {"STRICT", 1000, true, 1000},
4835 // clang-format on
4836 };
4837 for (const auto& config : testConfigs) {
4838 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", config.dnsMode, config.queryTimeoutMs));
4839
4840 const std::string addr = getUniqueIPv4Address();
4841 test::DNSResponder dns(addr);
4842 StartDns(dns, records);
4843 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4844 ASSERT_TRUE(tls.startServer());
4845
4846 ScopedSystemProperties sp(kDotQueryTimeoutMsFlag, std::to_string(config.queryTimeoutMs));
4847
4848 // Don't skip unusable DoT servers and disable revalidation for this test.
4849 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag, "-1");
4850 ScopedSystemProperties sp3(kDotRevalidationThresholdFlag, "-1");
4851 resetNetwork();
4852
4853 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4854 parcel.servers = {addr};
4855 parcel.tlsServers = {addr};
4856 if (config.dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4857
4858 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4859 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4860 EXPECT_TRUE(tls.waitForQueries(1));
4861 tls.clearQueries();
4862
4863 // Set the DoT server to be unresponsive to DNS queries for
4864 // `DOT_SERVER_UNRESPONSIVE_TIME_MS` ms.
4865 tls.setDelayQueries(999);
4866 tls.setDelayQueriesTimeout(DOT_SERVER_UNRESPONSIVE_TIME_MS);
4867
4868 // Send a DNS query, and then check the result and the response time.
4869 Stopwatch s;
4870 int fd = resNetworkQuery(TEST_NETID, hostname1, ns_c_in, ns_t_a,
4871 ANDROID_RESOLV_NO_CACHE_LOOKUP);
4872 if (config.expectResultTimedOut) {
4873 expectAnswersNotValid(fd, -ETIMEDOUT);
4874 } else {
4875 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4876 }
4877 const int timeTakenMs = s.getTimeAndResetUs() / 1000;
4878 EXPECT_NEAR(config.expectedTimeTakenMs, timeTakenMs, TIMING_TOLERANCE_MS);
4879 EXPECT_TRUE(tls.waitForQueries(1));
4880 }
4881 }
4882
4883 // Tests that the DnsResolver can skip using unusable DoT servers if dot_xport_unusable_threshold
4884 // flag is set. In this test, we make test DoT servers unresponsive during connection handshake,
4885 // so the DnsResolver will skip using a DoT server if the number of timed out queries reaches
4886 // the threshold.
TEST_F(ResolverTest,SkipUnusableTlsServer)4887 TEST_F(ResolverTest, SkipUnusableTlsServer) {
4888 constexpr int DOT_CONNECT_TIMEOUT_MS = 1000;
4889
4890 static const struct TestConfig {
4891 int dotXportUnusableThreshold;
4892 int queries;
4893 int expectedQueriesSentToDot1;
4894 int expectedQueriesSentToDot2;
4895 } testConfigs[] = {
4896 // clang-format off
4897 // expectedQueriesSentToDot2 is 0 because dot_quick_fallback flag is set.
4898 {-1, 3, 3, 0},
4899 { 1, 3, 1, 1},
4900 { 3, 10, 3, 3},
4901 // clang-format on
4902 };
4903
4904 for (const auto& config : testConfigs) {
4905 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}, {}]", config.dotXportUnusableThreshold,
4906 config.queries, config.expectedQueriesSentToDot1,
4907 config.expectedQueriesSentToDot2));
4908
4909 const std::string addr1 = getUniqueIPv4Address();
4910 const std::string addr2 = getUniqueIPv4Address();
4911 test::DNSResponder dns1(addr1);
4912 test::DNSResponder dns2(addr2);
4913 test::DnsTlsFrontend dot1(addr1, "853", addr1, "53");
4914 test::DnsTlsFrontend dot2(addr2, "853", addr2, "53");
4915 dns1.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
4916 dns2.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
4917 ASSERT_TRUE(dns1.startServer());
4918 ASSERT_TRUE(dns2.startServer());
4919 ASSERT_TRUE(dot1.startServer());
4920 ASSERT_TRUE(dot2.startServer());
4921
4922 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag,
4923 std::to_string(DOT_CONNECT_TIMEOUT_MS));
4924 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag,
4925 std::to_string(config.dotXportUnusableThreshold));
4926 ScopedSystemProperties sp3(kDotQuickFallbackFlag, "1");
4927 ScopedSystemProperties sp4(kDotRevalidationThresholdFlag, "-1");
4928 resetNetwork();
4929
4930 // Private DNS opportunistic mode.
4931 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4932 parcel.servers = {addr1, addr2};
4933 parcel.tlsServers = {addr1, addr2};
4934 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4935
4936 EXPECT_TRUE(WaitForPrivateDnsValidation(dot1.listen_address(), true));
4937 EXPECT_TRUE(WaitForPrivateDnsValidation(dot2.listen_address(), true));
4938 EXPECT_TRUE(dot1.waitForQueries(1));
4939 EXPECT_TRUE(dot2.waitForQueries(1));
4940 dot1.clearQueries();
4941 dot2.clearQueries();
4942 dot1.clearConnectionsCount();
4943 dot2.clearConnectionsCount();
4944
4945 // Set the DoT servers as unresponsive to connection handshake.
4946 dot1.setHangOnHandshakeForTesting(true);
4947 dot2.setHangOnHandshakeForTesting(true);
4948
4949 // Send sequential queries
4950 for (int i = 0; i < config.queries; i++) {
4951 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_aaaa,
4952 ANDROID_RESOLV_NO_CACHE_LOOKUP);
4953 expectAnswersValid(fd, AF_INET6, kHelloExampleComAddrV6);
4954 }
4955
4956 if (GetProperty(kDotAsyncHandshakeFlag, "0") == "0") {
4957 EXPECT_EQ(dot1.acceptConnectionsCount(), config.expectedQueriesSentToDot1);
4958 EXPECT_EQ(dot2.acceptConnectionsCount(), config.expectedQueriesSentToDot2);
4959 } else {
4960 // If the flag dot_async_handshake is set to 1, the DnsResolver will try
4961 // DoT connection establishment at most |retries| times.
4962 const int retries = std::stoi(GetProperty(kDotMaxretriesFlag, "3"));
4963 EXPECT_EQ(dot1.acceptConnectionsCount(), config.expectedQueriesSentToDot1 * retries);
4964 EXPECT_EQ(dot2.acceptConnectionsCount(), config.expectedQueriesSentToDot2 * retries);
4965 }
4966 }
4967 }
4968
4969 // Verifies that the DnsResolver re-validates the DoT server when several DNS queries to
4970 // the server fails in a row.
TEST_F(ResolverTest,TlsServerRevalidation)4971 TEST_F(ResolverTest, TlsServerRevalidation) {
4972 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4973 constexpr int dotXportUnusableThreshold = 10;
4974 constexpr int dotQueryTimeoutMs = 1000;
4975 constexpr char hostname[] = "hello.example.com.";
4976 const std::vector<DnsRecord> records = {
4977 {hostname, ns_type::ns_t_a, "1.2.3.4"},
4978 };
4979
4980 static const struct TestConfig {
4981 std::string dnsMode;
4982 int validationThreshold;
4983 int queries;
4984
4985 // Expected behavior in the DnsResolver.
4986 bool expectRevalidationHappen;
4987 bool expectDotUnusable;
4988 } testConfigs[] = {
4989 // clang-format off
4990 {"OPPORTUNISTIC", -1, 5, false, false},
4991 {"OPPORTUNISTIC", -1, 10, false, true},
4992 {"OPPORTUNISTIC", 5, 5, true, false},
4993 {"OPPORTUNISTIC", 5, 10, true, true},
4994 {"STRICT", -1, 5, false, false},
4995 {"STRICT", -1, 10, false, false},
4996 {"STRICT", 5, 5, false, false},
4997 {"STRICT", 5, 10, false, false},
4998 // clang-format on
4999 };
5000
5001 for (const auto& config : testConfigs) {
5002 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}]", config.dnsMode,
5003 config.validationThreshold, config.queries));
5004 const int queries = config.queries;
5005 const int delayQueriesTimeout = dotQueryTimeoutMs + 1000;
5006
5007 ScopedSystemProperties sp1(kDotRevalidationThresholdFlag,
5008 std::to_string(config.validationThreshold));
5009 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag,
5010 std::to_string(dotXportUnusableThreshold));
5011 ScopedSystemProperties sp3(kDotQueryTimeoutMsFlag, std::to_string(dotQueryTimeoutMs));
5012 resetNetwork();
5013
5014 // This test is sensitive to the number of queries sent in DoT validation.
5015 int latencyFactor;
5016 int latencyOffsetMs;
5017 // The feature is enabled by default in R.
5018 latencyFactor = std::stoi(GetProperty(kDotValidationLatencyFactorFlag, "3"));
5019 latencyOffsetMs = std::stoi(GetProperty(kDotValidationLatencyOffsetMsFlag, "100"));
5020 const bool dotValidationExtraProbes = (config.dnsMode == "OPPORTUNISTIC") &&
5021 (latencyFactor >= 0 && latencyOffsetMs >= 0 &&
5022 latencyFactor + latencyOffsetMs != 0);
5023
5024 const std::string addr = getUniqueIPv4Address();
5025 test::DNSResponder dns(addr);
5026 StartDns(dns, records);
5027 test::DnsTlsFrontend tls(addr, "853", addr, "53");
5028 ASSERT_TRUE(tls.startServer());
5029
5030 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5031 parcel.servers = {addr};
5032 parcel.tlsServers = {addr};
5033 if (config.dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
5034 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5035 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5036 if (dotValidationExtraProbes) {
5037 EXPECT_TRUE(tls.waitForQueries(2));
5038 } else {
5039 EXPECT_TRUE(tls.waitForQueries(1));
5040 }
5041 tls.clearQueries();
5042 dns.clearQueries();
5043
5044 // Expect the things happening in order:
5045 // 1. Configure the DoT server to postpone |queries + 1| DNS queries.
5046 // 2. Send |queries| DNS queries, they will time out in 1 second.
5047 // 3. 1 second later, the DoT server still waits for one more DNS query until
5048 // |delayQueriesTimeout| times out.
5049 // 4. (opportunistic mode only) Meanwhile, DoT revalidation happens. The DnsResolver
5050 // creates a new connection and sends a query to the DoT server.
5051 // 5. 1 second later, |delayQueriesTimeout| times out. The DoT server flushes all of the
5052 // postponed DNS queries, and handles the query which comes from the revalidation.
5053 // 6. (opportunistic mode only) The revalidation succeeds.
5054 // 7. Send another DNS query, and expect it will succeed.
5055 // 8. (opportunistic mode only) If the DoT server has been deemed as unusable, the
5056 // DnsResolver skips trying the DoT server.
5057
5058 // Step 1.
5059 tls.setDelayQueries(queries + 1);
5060 tls.setDelayQueriesTimeout(delayQueriesTimeout);
5061
5062 // Step 2.
5063 std::vector<std::thread> threads1(queries);
5064 for (std::thread& thread : threads1) {
5065 thread = std::thread([&]() {
5066 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
5067 config.dnsMode == "STRICT" ? expectAnswersNotValid(fd, -ETIMEDOUT)
5068 : expectAnswersValid(fd, AF_INET, "1.2.3.4");
5069 });
5070 }
5071
5072 // Step 3 and 4.
5073 for (std::thread& thread : threads1) {
5074 thread.join();
5075 }
5076
5077 // Recover the config to make the revalidation can succeed.
5078 tls.setDelayQueries(1);
5079
5080 // Step 5 and 6.
5081 int expectedDotQueries = queries;
5082 int extraDnsProbe = 0;
5083 if (config.expectRevalidationHappen) {
5084 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5085 expectedDotQueries++;
5086
5087 if (dotValidationExtraProbes) {
5088 expectedDotQueries++;
5089 extraDnsProbe = 1;
5090 }
5091 }
5092
5093 // Step 7 and 8.
5094 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
5095 expectAnswersValid(fd, AF_INET, "1.2.3.4");
5096 expectedDotQueries++;
5097
5098 const int expectedDo53Queries =
5099 expectedDotQueries +
5100 (config.dnsMode == "OPPORTUNISTIC" ? (queries + extraDnsProbe) : 0);
5101
5102 if (config.expectDotUnusable) {
5103 // A DoT server can be deemed as unusable only in opportunistic mode. When it happens,
5104 // the DnsResolver doesn't use the DoT server for a certain period of time.
5105 expectedDotQueries--;
5106 }
5107
5108 // This code makes the test more robust to race condition.
5109 EXPECT_TRUE(tls.waitForQueries(expectedDotQueries));
5110
5111 EXPECT_EQ(dns.queries().size(), static_cast<unsigned>(expectedDo53Queries));
5112 EXPECT_EQ(tls.queries(), expectedDotQueries);
5113 }
5114 }
5115
5116 // Verifies that private DNS validation fails if DoT server is much slower than cleartext server.
TEST_F(ResolverTest,TlsServerValidation_UdpProbe)5117 TEST_F(ResolverTest, TlsServerValidation_UdpProbe) {
5118 constexpr char backend_addr[] = "127.0.0.3";
5119 test::DNSResponder backend(backend_addr);
5120 backend.setResponseDelayMs(200);
5121 ASSERT_TRUE(backend.startServer());
5122
5123 static const struct TestConfig {
5124 int latencyFactor;
5125 int latencyOffsetMs;
5126 bool udpProbeLost;
5127 size_t expectedUdpProbes;
5128 bool expectedValidationPass;
5129 } testConfigs[] = {
5130 // clang-format off
5131 {-1, -1, false, 0, true},
5132 {0, 0, false, 0, true},
5133 {1, 10, false, 1, false},
5134 {1, 10, true, 2, false},
5135 {5, 300, false, 1, true},
5136 {5, 300, true, 2, true},
5137 // clang-format on
5138 };
5139
5140 for (const auto& config : testConfigs) {
5141 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}]", config.latencyFactor,
5142 config.latencyOffsetMs, config.udpProbeLost));
5143
5144 const std::string addr = getUniqueIPv4Address();
5145 test::DNSResponder dns(addr, "53", static_cast<ns_rcode>(-1));
5146 test::DnsTlsFrontend tls(addr, "853", backend_addr, "53");
5147 dns.setResponseDelayMs(10);
5148 ASSERT_TRUE(dns.startServer());
5149 ASSERT_TRUE(tls.startServer());
5150
5151 ScopedSystemProperties sp1(kDotValidationLatencyFactorFlag,
5152 std::to_string(config.latencyFactor));
5153 ScopedSystemProperties sp2(kDotValidationLatencyOffsetMsFlag,
5154 std::to_string(config.latencyOffsetMs));
5155 resetNetwork();
5156
5157 std::unique_ptr<std::thread> thread;
5158 if (config.udpProbeLost) {
5159 thread.reset(new std::thread([&dns]() {
5160 // Simulate that the first UDP probe is lost and the second UDP probe succeeds.
5161 dns.setResponseProbability(0.0);
5162 std::this_thread::sleep_for(std::chrono::seconds(2));
5163 dns.setResponseProbability(1.0);
5164 }));
5165 }
5166
5167 // Set up opportunistic mode, and wait for the validation complete.
5168 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5169 parcel.servers = {addr};
5170 parcel.tlsServers = {addr};
5171 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5172
5173 // The timeout of WaitForPrivateDnsValidation is 5 seconds which is still enough for
5174 // the testcase of UDP probe lost because the retry of UDP probe happens after 3 seconds.
5175 EXPECT_TRUE(
5176 WaitForPrivateDnsValidation(tls.listen_address(), config.expectedValidationPass));
5177 EXPECT_EQ(dns.queries().size(), config.expectedUdpProbes);
5178 dns.clearQueries();
5179
5180 // Test that Private DNS validation always pass in strict mode.
5181 parcel.tlsName = kDefaultPrivateDnsHostName;
5182 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5183 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5184 EXPECT_EQ(dns.queries().size(), 0U);
5185
5186 if (thread) {
5187 thread->join();
5188 thread.reset();
5189 }
5190 }
5191 }
5192
5193 // Verifies that DNS queries can quick fall back to UDP if the first DoT server is unresponsive.
TEST_F(ResolverTest,DotQuickFallback)5194 TEST_F(ResolverTest, DotQuickFallback) {
5195 constexpr int DOT_CONNECT_TIMEOUT_MS = 1000;
5196 const std::string addr1 = getUniqueIPv4Address();
5197 const std::string addr2 = getUniqueIPv4Address();
5198 test::DNSResponder dns1(addr1);
5199 test::DNSResponder dns2(addr2);
5200 test::DnsTlsFrontend dot1(addr1, "853", addr1, "53");
5201 test::DnsTlsFrontend dot2(addr2, "853", addr2, "53");
5202
5203 dns1.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
5204 dns2.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
5205 ASSERT_TRUE(dns1.startServer());
5206 ASSERT_TRUE(dns2.startServer());
5207 ASSERT_TRUE(dot1.startServer());
5208 ASSERT_TRUE(dot2.startServer());
5209
5210 static const struct TestConfig {
5211 std::string privateDnsMode;
5212 int dotQuickFallbackFlag;
5213 } testConfigs[] = {
5214 // clang-format off
5215 {"OPPORTUNISTIC", 0},
5216 {"OPPORTUNISTIC", 1},
5217 {"STRICT", 0},
5218 {"STRICT", 1},
5219 // clang-format on
5220 };
5221
5222 for (const auto& config : testConfigs) {
5223 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", config.privateDnsMode,
5224 config.dotQuickFallbackFlag));
5225
5226 const bool canQuickFallback =
5227 (config.dotQuickFallbackFlag == 1) && (config.privateDnsMode == "OPPORTUNISTIC");
5228 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag,
5229 std::to_string(DOT_CONNECT_TIMEOUT_MS));
5230 ScopedSystemProperties sp2(kDotQuickFallbackFlag,
5231 std::to_string(config.dotQuickFallbackFlag));
5232
5233 // Disable revalidation because we are reusing the same IP address of DoT servers.
5234 ScopedSystemProperties sp3(kDotRevalidationThresholdFlag, "-1");
5235
5236 // TODO: Remove the flags and fix the test.
5237 ScopedSystemProperties sp4(kDotAsyncHandshakeFlag, "0");
5238 ScopedSystemProperties sp5(kDotMaxretriesFlag, "3");
5239 resetNetwork();
5240
5241 resetNetwork();
5242
5243 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5244 parcel.servers = {addr1, addr2};
5245 parcel.tlsServers = {addr1, addr2};
5246 parcel.tlsName = (config.privateDnsMode == "STRICT") ? kDefaultPrivateDnsHostName : "";
5247 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5248
5249 EXPECT_TRUE(WaitForPrivateDnsValidation(dot1.listen_address(), true));
5250 EXPECT_TRUE(WaitForPrivateDnsValidation(dot2.listen_address(), true));
5251 EXPECT_TRUE(dot1.waitForQueries(1));
5252 EXPECT_TRUE(dot2.waitForQueries(1));
5253 dot1.clearQueries();
5254 dot2.clearQueries();
5255 dot1.clearConnectionsCount();
5256 dot2.clearConnectionsCount();
5257
5258 // Set the DoT server unresponsive to connection handshake.
5259 dot1.setHangOnHandshakeForTesting(true);
5260
5261 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_aaaa,
5262 ANDROID_RESOLV_NO_CACHE_LOOKUP);
5263 expectAnswersValid(fd, AF_INET6, kHelloExampleComAddrV6);
5264
5265 EXPECT_EQ(dot1.acceptConnectionsCount(), 1);
5266 EXPECT_EQ(dot2.acceptConnectionsCount(), canQuickFallback ? 0 : 1);
5267 EXPECT_TRUE(dot2.waitForQueries(canQuickFallback ? 0 : 1));
5268
5269 dot1.setHangOnHandshakeForTesting(false);
5270 }
5271 }
5272
TEST_F(ResolverTest,FlushNetworkCache)5273 TEST_F(ResolverTest, FlushNetworkCache) {
5274 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5275 test::DNSResponder dns;
5276 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5277 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5278
5279 const hostent* result = gethostbyname("hello");
5280 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5281 std::function<bool()> HasTheExpectedResult = [result]() -> bool {
5282 if (result == nullptr) return false;
5283 EXPECT_EQ(4, result->h_length);
5284 if (result->h_addr_list[0] == nullptr) return false;
5285 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5286 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
5287 return true;
5288 };
5289 ASSERT_TRUE(HasTheExpectedResult());
5290
5291 // get result from cache
5292 result = gethostbyname("hello");
5293 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5294 ASSERT_TRUE(HasTheExpectedResult());
5295
5296 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5297
5298 result = gethostbyname("hello");
5299 EXPECT_EQ(2U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5300 ASSERT_TRUE(HasTheExpectedResult());
5301 }
5302
TEST_F(ResolverTest,FlushNetworkCache_random)5303 TEST_F(ResolverTest, FlushNetworkCache_random) {
5304 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5305 constexpr int num_flush = 10;
5306 constexpr int num_queries = 20;
5307 test::DNSResponder dns;
5308 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5309 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5310 const addrinfo hints = {.ai_family = AF_INET};
5311
5312 std::thread t([this]() {
5313 for (int i = 0; i < num_flush; ++i) {
5314 unsigned delay = arc4random_uniform(10 * 1000); // 10ms
5315 usleep(delay);
5316 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5317 }
5318 });
5319
5320 for (int i = 0; i < num_queries; ++i) {
5321 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5322 EXPECT_TRUE(result != nullptr);
5323 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5324 }
5325 t.join();
5326 }
5327
5328 // flush cache while one query is wait-for-response, another is pending.
TEST_F(ResolverTest,FlushNetworkCache_concurrent)5329 TEST_F(ResolverTest, FlushNetworkCache_concurrent) {
5330 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5331 const char* listen_addr1 = "127.0.0.9";
5332 const char* listen_addr2 = "127.0.0.10";
5333 test::DNSResponder dns1(listen_addr1);
5334 test::DNSResponder dns2(listen_addr2);
5335 StartDns(dns1, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5336 StartDns(dns2, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5337 addrinfo hints = {.ai_family = AF_INET};
5338
5339 // step 1: set server#1 into deferred responding mode
5340 dns1.setDeferredResp(true);
5341 std::thread t1([&listen_addr1, &hints, this]() {
5342 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr1}));
5343 // step 3: query
5344 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5345 // step 9: check result
5346 EXPECT_TRUE(result != nullptr);
5347 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5348 });
5349
5350 // step 2: wait for the query to reach the server
5351 while (GetNumQueries(dns1, kHelloExampleCom) == 0) {
5352 usleep(1000); // 1ms
5353 }
5354
5355 std::thread t2([&listen_addr2, &hints, &dns2, this]() {
5356 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr2}));
5357 // step 5: query (should be blocked in resolver)
5358 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5359 // step 7: check result
5360 EXPECT_TRUE(result != nullptr);
5361 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5362 EXPECT_EQ(1U, GetNumQueriesForType(dns2, ns_type::ns_t_a, kHelloExampleCom));
5363 });
5364
5365 // step 4: wait a bit for the 2nd query to enter pending state
5366 usleep(100 * 1000); // 100ms
5367 // step 6: flush cache (will unblock pending queries)
5368 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5369 t2.join();
5370
5371 // step 8: resume server#1
5372 dns1.setDeferredResp(false);
5373 t1.join();
5374
5375 // step 10: verify if result is correctly cached
5376 dns2.clearQueries();
5377 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5378 EXPECT_EQ(0U, GetNumQueries(dns2, kHelloExampleCom));
5379 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5380 }
5381
5382 // TODO: Perhaps to have a boundary conditions test for TCP and UDP.
TEST_F(ResolverTest,TcpQueryWithOversizePayload)5383 TEST_F(ResolverTest, TcpQueryWithOversizePayload) {
5384 test::DNSResponder dns;
5385 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5386 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5387
5388 int fd = dns_open_proxy();
5389 ASSERT_TRUE(fd > 0);
5390
5391 // Sending DNS query over TCP once the packet sizes exceed 512 bytes.
5392 // The raw data is combined with Question section and Additional section
5393 // Question section : query "hello.example.com", type A, class IN
5394 // Additional section : type OPT (41), Option PADDING, Option Length 546
5395 // Padding option which allows DNS clients and servers to artificially
5396 // increase the size of a DNS message by a variable number of bytes.
5397 // See also RFC7830, section 3
5398 const std::string query =
5399 "+c0BAAABAAAAAAABBWhlbGxvB2V4YW1wbGUDY29tAAABAAEAACkgAAAAgAACJgAMAiIAAAAAAAAAAAAAAAAAA"
5400 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5401 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5402 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5403 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5404 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5405 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5406 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5407 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5408 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
5409 const std::string cmd =
5410 "resnsend " + std::to_string(TEST_NETID) + " 0 " /* ResNsendFlags */ + query + '\0';
5411 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
5412 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
5413 expectAnswersValid(fd, AF_INET, kHelloExampleComAddrV4);
5414 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom));
5415 EXPECT_EQ(0U, GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom));
5416 }
5417
TEST_F(ResolverTest,TruncatedRspMode)5418 TEST_F(ResolverTest, TruncatedRspMode) {
5419 constexpr char listen_addr[] = "127.0.0.4";
5420 constexpr char listen_addr2[] = "127.0.0.5";
5421 constexpr char listen_srv[] = "53";
5422
5423 test::DNSResponder dns(listen_addr, listen_srv, static_cast<ns_rcode>(-1));
5424 test::DNSResponder dns2(listen_addr2, listen_srv, static_cast<ns_rcode>(-1));
5425 // dns supports UDP only, dns2 support UDP and TCP
5426 dns.setResponseProbability(0.0, IPPROTO_TCP);
5427 StartDns(dns, kLargeCnameChainRecords);
5428 StartDns(dns2, kLargeCnameChainRecords);
5429
5430 const struct TestConfig {
5431 const std::optional<int32_t> tcMode;
5432 const bool ret;
5433 const unsigned numQueries;
5434 std::string asParameters() const {
5435 return fmt::format("tcMode: {}, ret: {}, numQueries: {}", tcMode.value_or(-1),
5436 ret ? "true" : "false", numQueries);
5437 }
5438 } testConfigs[]{
5439 // clang-format off
5440 {std::nullopt, true, 0}, /* mode unset */
5441 {aidl::android::net::IDnsResolver::TC_MODE_DEFAULT, true, 0}, /* default mode */
5442 {-666, false, 0}, /* invalid input */
5443 {aidl::android::net::IDnsResolver::TC_MODE_UDP_TCP, true, 1}, /* alternative mode */
5444 // clang-format on
5445 };
5446
5447 for (const auto& config : testConfigs) {
5448 SCOPED_TRACE(config.asParameters());
5449
5450 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5451 parcel.servers = {listen_addr, listen_addr2};
5452 ResolverOptionsParcel resolverOptions;
5453 if (config.tcMode.has_value()) resolverOptions.tcMode = config.tcMode.value();
5454 if (!mIsResolverOptionIPCSupported) {
5455 parcel.resolverOptions = resolverOptions;
5456 ASSERT_EQ(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk(),
5457 config.ret);
5458 } else {
5459 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5460 }
5461 if (mIsResolverOptionIPCSupported) {
5462 ASSERT_EQ(mDnsClient.resolvService()
5463 ->setResolverOptions(parcel.netId, resolverOptions)
5464 .isOk(),
5465 config.ret);
5466 }
5467
5468 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5469 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5470 ASSERT_TRUE(result != nullptr);
5471 EXPECT_EQ(ToString(result), kHelloExampleComAddrV4);
5472 // TC_MODE_DEFAULT: resolver retries on TCP-only on each name server.
5473 // TC_MODE_UDP_TCP: resolver retries on TCP on the same server, falls back to UDP from next.
5474 ASSERT_EQ(GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom), 1U);
5475 ASSERT_EQ(GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom), 1U);
5476 ASSERT_EQ(GetNumQueriesForProtocol(dns2, IPPROTO_UDP, kHelloExampleCom), config.numQueries);
5477 ASSERT_EQ(GetNumQueriesForProtocol(dns2, IPPROTO_TCP, kHelloExampleCom), 1U);
5478
5479 dns.clearQueries();
5480 dns2.clearQueries();
5481 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5482
5483 // Clear the stats to make the resolver always choose the same server for the first query.
5484 parcel.servers.clear();
5485 parcel.tlsServers.clear();
5486 if (!mIsResolverOptionIPCSupported) {
5487 ASSERT_EQ(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk(),
5488 config.ret);
5489 } else {
5490 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5491 }
5492 }
5493 }
5494
TEST_F(ResolverTest,RepeatedSetup_ResolverStatusRemains)5495 TEST_F(ResolverTest, RepeatedSetup_ResolverStatusRemains) {
5496 constexpr char unusable_listen_addr[] = "127.0.0.3";
5497 constexpr char listen_addr[] = "127.0.0.4";
5498 constexpr char hostname[] = "a.hello.query.";
5499 const auto repeatedSetResolversFromParcel = [&](const ResolverParamsParcel& parcel) {
5500 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5501 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5502 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5503 };
5504
5505 test::DNSResponder dns(listen_addr);
5506 StartDns(dns, {{hostname, ns_type::ns_t_a, "1.2.3.3"}});
5507 test::DnsTlsFrontend tls1(listen_addr, "853", listen_addr, "53");
5508 ASSERT_TRUE(tls1.startServer());
5509
5510 // Private DNS off mode.
5511 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5512 parcel.servers = {unusable_listen_addr, listen_addr};
5513 parcel.tlsServers.clear();
5514 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5515
5516 // Send a query.
5517 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5518 EXPECT_NE(safe_getaddrinfo(hostname, nullptr, &hints), nullptr);
5519
5520 // Check the stats as expected.
5521 const std::vector<NameserverStats> expectedCleartextDnsStats = {
5522 NameserverStats(unusable_listen_addr).setInternalErrors(1),
5523 NameserverStats(listen_addr).setSuccesses(1).setRttAvg(1),
5524 };
5525 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5526 EXPECT_EQ(GetNumQueries(dns, hostname), 1U);
5527
5528 // The stats is supposed to remain as long as the list of cleartext DNS servers is unchanged.
5529 static const struct TestConfig {
5530 std::vector<std::string> servers;
5531 std::vector<std::string> tlsServers;
5532 std::string tlsName;
5533 } testConfigs[] = {
5534 // Private DNS opportunistic mode.
5535 {{listen_addr, unusable_listen_addr}, {listen_addr, unusable_listen_addr}, ""},
5536 {{unusable_listen_addr, listen_addr}, {unusable_listen_addr, listen_addr}, ""},
5537
5538 // Private DNS strict mode.
5539 {{listen_addr, unusable_listen_addr}, {"127.0.0.100"}, kDefaultPrivateDnsHostName},
5540 {{unusable_listen_addr, listen_addr}, {"127.0.0.100"}, kDefaultPrivateDnsHostName},
5541
5542 // Private DNS off mode.
5543 {{unusable_listen_addr, listen_addr}, {}, ""},
5544 {{listen_addr, unusable_listen_addr}, {}, ""},
5545 };
5546
5547 for (const auto& config : testConfigs) {
5548 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}] [{}]", fmt::join(config.servers, ","),
5549 fmt::join(config.tlsServers, ","), config.tlsName));
5550 parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5551 parcel.servers = config.servers;
5552 parcel.tlsServers = config.tlsServers;
5553 parcel.tlsName = config.tlsName;
5554 repeatedSetResolversFromParcel(parcel);
5555 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5556
5557 // The stats remains when the list of search domains changes.
5558 parcel.domains.push_back("tmp.domains");
5559 repeatedSetResolversFromParcel(parcel);
5560 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5561
5562 // The stats remains when the parameters change (except maxSamples).
5563 parcel.sampleValiditySeconds++;
5564 parcel.successThreshold++;
5565 parcel.minSamples++;
5566 parcel.baseTimeoutMsec++;
5567 parcel.retryCount++;
5568 repeatedSetResolversFromParcel(parcel);
5569 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5570 }
5571
5572 // The cache remains.
5573 EXPECT_NE(safe_getaddrinfo(hostname, nullptr, &hints), nullptr);
5574 EXPECT_EQ(GetNumQueries(dns, hostname), 1U);
5575 }
5576
TEST_F(ResolverTest,RepeatedSetup_NoRedundantPrivateDnsValidation)5577 TEST_F(ResolverTest, RepeatedSetup_NoRedundantPrivateDnsValidation) {
5578 const std::string addr1 = getUniqueIPv4Address(); // For a workable DNS server.
5579 const std::string addr2 = getUniqueIPv4Address(); // For an unresponsive DNS server.
5580 const std::string unusable_addr = getUniqueIPv4Address();
5581 const auto waitForPrivateDnsStateUpdated = []() {
5582 // A buffer time for the PrivateDnsConfiguration instance to update its map,
5583 // mPrivateDnsValidateThreads, which is used for tracking validation threads.
5584 // Since there is a time gap between when PrivateDnsConfiguration reports
5585 // onPrivateDnsValidationEvent and when PrivateDnsConfiguration updates the map, this is a
5586 // workaround to avoid the test starts a subsequent resolver setup during the time gap.
5587 // TODO: Report onPrivateDnsValidationEvent after all the relevant updates are complete.
5588 // Reference to b/152009023.
5589 std::this_thread::sleep_for(20ms);
5590 };
5591
5592 test::DNSResponder dns1(addr1);
5593 test::DNSResponder dns2(addr2);
5594 StartDns(dns1, {});
5595 StartDns(dns2, {});
5596 test::DnsTlsFrontend workableTls(addr1, "853", addr1, "53");
5597 test::DnsTlsFrontend unresponsiveTls(addr2, "853", addr2, "53");
5598 unresponsiveTls.setHangOnHandshakeForTesting(true);
5599 ASSERT_TRUE(workableTls.startServer());
5600 ASSERT_TRUE(unresponsiveTls.startServer());
5601
5602 // First setup.
5603 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5604 parcel.servers = {addr1, addr2, unusable_addr};
5605 parcel.tlsServers = {addr1, addr2, unusable_addr};
5606 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5607
5608 // Check the validation status before proceed. The validation for `unresponsiveTls`
5609 // should be running, and the other two should be finished.
5610 EXPECT_TRUE(WaitForPrivateDnsValidation(workableTls.listen_address(), true));
5611 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5612 EXPECT_TRUE(PollForCondition([&]() { return unresponsiveTls.acceptConnectionsCount() == 1; }));
5613 unresponsiveTls.clearConnectionsCount();
5614
5615 static const struct TestConfig {
5616 std::vector<std::string> tlsServers;
5617 std::string tlsName;
5618 } testConfigs[] = {
5619 {{addr1, addr2, unusable_addr}, ""},
5620 {{unusable_addr, addr1, addr2}, ""},
5621 {{unusable_addr, addr1, addr2}, kDefaultPrivateDnsHostName},
5622 {{addr1, addr2, unusable_addr}, kDefaultPrivateDnsHostName},
5623 };
5624
5625 std::string TlsNameLastTime;
5626 for (const auto& config : testConfigs) {
5627 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", fmt::join(config.tlsServers, ","),
5628 config.tlsName));
5629 parcel.servers = config.tlsServers;
5630 parcel.tlsServers = config.tlsServers;
5631 parcel.tlsName = config.tlsName;
5632 parcel.caCertificate = config.tlsName.empty() ? "" : kCaCert;
5633
5634 const bool dnsModeChanged = (TlsNameLastTime != config.tlsName);
5635 bool validationAttemptToUnresponsiveTls = false;
5636
5637 waitForPrivateDnsStateUpdated();
5638 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5639
5640 for (const auto& serverAddr : parcel.tlsServers) {
5641 SCOPED_TRACE(serverAddr);
5642 if (serverAddr == workableTls.listen_address()) {
5643 if (dnsModeChanged) {
5644 // Despite the identical IP address, the server is regarded as a different
5645 // server when DnsTlsServer.name is different. The resolver treats it as a
5646 // different object and begins the validation process.
5647 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, true));
5648 }
5649 } else if (serverAddr == unresponsiveTls.listen_address()) {
5650 if (dnsModeChanged) {
5651 // Despite the identical IP address, the server is regarded as a different
5652 // server when DnsTlsServer.name is different. The resolver treats it as a
5653 // different object and begins the validation process.
5654 validationAttemptToUnresponsiveTls = true;
5655
5656 // This is the limitation from DnsTlsFrontend. DnsTlsFrontend can't operate
5657 // concurrently. As soon as there's another connection request,
5658 // DnsTlsFrontend resets the unique_fd to the new connection.
5659 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, false));
5660 }
5661 } else {
5662 // Must be unusable_addr.
5663 // In opportunistic mode, when a validation for a private DNS server fails, the
5664 // resolver just marks the server as failed and doesn't re-evaluate it, but the
5665 // server can be re-evaluated when setResolverConfiguration() is called.
5666 // However, in strict mode, the resolver automatically re-evaluates the server and
5667 // marks the server as in_progress until the validation succeeds, so repeated setup
5668 // makes no effect.
5669 if (dnsModeChanged || config.tlsName.empty() /* not in strict mode */) {
5670 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, false));
5671 }
5672 }
5673 }
5674
5675 // Repeated setups make no effect in strict mode.
5676 waitForPrivateDnsStateUpdated();
5677 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5678 if (config.tlsName.empty()) {
5679 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5680 }
5681 waitForPrivateDnsStateUpdated();
5682 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5683 if (config.tlsName.empty()) {
5684 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5685 }
5686
5687 if (validationAttemptToUnresponsiveTls) {
5688 EXPECT_TRUE(PollForCondition(
5689 [&]() { return unresponsiveTls.acceptConnectionsCount() > 0; }));
5690 } else {
5691 EXPECT_EQ(unresponsiveTls.acceptConnectionsCount(), 0);
5692 }
5693
5694 TlsNameLastTime = config.tlsName;
5695 unresponsiveTls.clearConnectionsCount();
5696 }
5697
5698 // Check that all the validation results are caught.
5699 // Note: it doesn't mean no validation being in progress.
5700 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr1));
5701 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr2));
5702 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(unusable_addr));
5703 }
5704
TEST_F(ResolverTest,RepeatedSetup_KeepChangingPrivateDnsServers)5705 TEST_F(ResolverTest, RepeatedSetup_KeepChangingPrivateDnsServers) {
5706 enum TlsServerState { WORKING, UNSUPPORTED, UNRESPONSIVE };
5707 const std::string addr1 = getUniqueIPv4Address();
5708 const std::string addr2 = getUniqueIPv4Address();
5709 const auto waitForPrivateDnsStateUpdated = []() {
5710 // A buffer time for PrivateDnsConfiguration to update its state. It prevents this test
5711 // being flaky. See b/152009023 for the reason.
5712 std::this_thread::sleep_for(20ms);
5713 };
5714
5715 test::DNSResponder dns1(addr1);
5716 test::DNSResponder dns2(addr2);
5717 StartDns(dns1, {});
5718 StartDns(dns2, {});
5719 test::DnsTlsFrontend tls1(addr1, "853", addr1, "53");
5720 test::DnsTlsFrontend tls2(addr2, "853", addr2, "53");
5721 ASSERT_TRUE(tls1.startServer());
5722 ASSERT_TRUE(tls2.startServer());
5723
5724 static const struct TestConfig {
5725 std::string tlsServer;
5726 std::string tlsName;
5727 bool expectNothingHappenWhenServerUnsupported;
5728 bool expectNothingHappenWhenServerUnresponsive;
5729 std::string asTestName() const {
5730 return fmt::format("{}, {}, {}, {}", tlsServer, tlsName,
5731 expectNothingHappenWhenServerUnsupported,
5732 expectNothingHappenWhenServerUnresponsive);
5733 }
5734 } testConfigs[] = {
5735 {{addr1}, "", false, false},
5736 {{addr2}, "", false, false},
5737 {{addr1}, "", false, true},
5738 {{addr2}, "", false, true},
5739
5740 // expectNothingHappenWhenServerUnresponsive is false in the two cases because of the
5741 // limitation from DnsTlsFrontend which can't operate concurrently.
5742 {{addr1}, kDefaultPrivateDnsHostName, false, false},
5743 {{addr2}, kDefaultPrivateDnsHostName, false, false},
5744 {{addr1}, kDefaultPrivateDnsHostName, true, true},
5745 {{addr2}, kDefaultPrivateDnsHostName, true, true},
5746
5747 // expectNothingHappenWhenServerUnresponsive is true in the two cases because of the
5748 // limitation from DnsTlsFrontend which can't operate concurrently.
5749 {{addr1}, "", true, false},
5750 {{addr2}, "", true, false},
5751 {{addr1}, "", true, true},
5752 {{addr2}, "", true, true},
5753 };
5754
5755 for (const auto& serverState : {WORKING, UNSUPPORTED, UNRESPONSIVE}) {
5756 int testIndex = 0;
5757 for (const auto& config : testConfigs) {
5758 SCOPED_TRACE(fmt::format("serverState:{} testIndex:{} testConfig:[{}]",
5759 static_cast<int>(serverState), testIndex++,
5760 config.asTestName()));
5761 auto& tls = (config.tlsServer == addr1) ? tls1 : tls2;
5762
5763 if (serverState == UNSUPPORTED && tls.running()) ASSERT_TRUE(tls.stopServer());
5764 if (serverState != UNSUPPORTED && !tls.running()) ASSERT_TRUE(tls.startServer());
5765
5766 tls.setHangOnHandshakeForTesting(serverState == UNRESPONSIVE);
5767 const int connectCountsBefore = tls.acceptConnectionsCount();
5768
5769 waitForPrivateDnsStateUpdated();
5770 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5771 parcel.servers = {config.tlsServer};
5772 parcel.tlsServers = {config.tlsServer};
5773 parcel.tlsName = config.tlsName;
5774 parcel.caCertificate = config.tlsName.empty() ? "" : kCaCert;
5775 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5776
5777 if (serverState == WORKING) {
5778 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, true));
5779 } else if (serverState == UNSUPPORTED) {
5780 if (config.expectNothingHappenWhenServerUnsupported) {
5781 // It's possible that the resolver hasn't yet started to
5782 // connect. Wait a while.
5783 // TODO: See if we can get rid of the hard waiting time, such as comparing
5784 // the CountDiff across two tests.
5785 std::this_thread::sleep_for(100ms);
5786 EXPECT_EQ(tls.acceptConnectionsCount(), connectCountsBefore);
5787 } else {
5788 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, false));
5789 }
5790 } else {
5791 // Must be UNRESPONSIVE.
5792 // DnsTlsFrontend is the only signal for checking whether or not the resolver starts
5793 // another validation when the server is unresponsive.
5794
5795 // Wait for a while to avoid running the checker code too early.
5796 std::this_thread::sleep_for(200ms);
5797 if (!config.expectNothingHappenWhenServerUnresponsive) {
5798 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, false));
5799 }
5800 const auto condition = [&]() {
5801 const int connectCountsAfter = tls.acceptConnectionsCount();
5802 return config.expectNothingHappenWhenServerUnresponsive
5803 ? (connectCountsAfter == connectCountsBefore)
5804 : (connectCountsAfter > connectCountsBefore);
5805 };
5806 EXPECT_TRUE(PollForCondition(condition));
5807 }
5808 }
5809
5810 // Set to off mode to reset the PrivateDnsConfiguration state.
5811 ResolverParamsParcel setupOffmode = DnsResponderClient::GetDefaultResolverParamsParcel();
5812 setupOffmode.tlsServers.clear();
5813 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupOffmode));
5814 }
5815
5816 // Check that all the validation results are caught.
5817 // Note: it doesn't mean no validation being in progress.
5818 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr1));
5819 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr2));
5820 }
5821
TEST_F(ResolverTest,PermissionCheckOnCertificateInjection)5822 TEST_F(ResolverTest, PermissionCheckOnCertificateInjection) {
5823 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5824 parcel.caCertificate = kCaCert;
5825 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5826
5827 for (const uid_t uid : {AID_SYSTEM, TEST_UID}) {
5828 ScopedChangeUID scopedChangeUID(uid);
5829 auto status = mDnsClient.resolvService()->setResolverConfiguration(parcel);
5830 EXPECT_EQ(status.getExceptionCode(), EX_SECURITY);
5831 }
5832 }
5833
5834 // Parameterized tests.
5835 // TODO: Merge the existing tests as parameterized test if possible.
5836 // TODO: Perhaps move parameterized tests to an independent file.
5837 enum class CallType { GETADDRINFO, GETHOSTBYNAME };
5838 class ResolverParameterizedTest : public ResolverTest,
5839 public testing::WithParamInterface<CallType> {
5840 protected:
VerifyQueryHelloExampleComV4(const test::DNSResponder & dns,const CallType calltype,const bool verifyNumQueries=true)5841 void VerifyQueryHelloExampleComV4(const test::DNSResponder& dns, const CallType calltype,
5842 const bool verifyNumQueries = true) {
5843 if (calltype == CallType::GETADDRINFO) {
5844 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5845 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5846 ASSERT_TRUE(result != nullptr);
5847 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5848 } else if (calltype == CallType::GETHOSTBYNAME) {
5849 const hostent* result = gethostbyname("hello");
5850 ASSERT_TRUE(result != nullptr);
5851 ASSERT_EQ(4, result->h_length);
5852 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
5853 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5854 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
5855 } else {
5856 FAIL() << "Unsupported call type: " << static_cast<uint32_t>(calltype);
5857 }
5858 if (verifyNumQueries) EXPECT_EQ(1U, GetNumQueries(dns, kHelloExampleCom));
5859 }
5860 };
5861
5862 INSTANTIATE_TEST_SUITE_P(QueryCallTest, ResolverParameterizedTest,
5863 testing::Values(CallType::GETADDRINFO, CallType::GETHOSTBYNAME),
__anon786885811d02(const testing::TestParamInfo<CallType>& info) 5864 [](const testing::TestParamInfo<CallType>& info) {
5865 switch (info.param) {
5866 case CallType::GETADDRINFO:
5867 return "GetAddrInfo";
5868 case CallType::GETHOSTBYNAME:
5869 return "GetHostByName";
5870 default:
5871 return "InvalidParameter"; // Should not happen.
5872 }
5873 });
5874
TEST_P(ResolverParameterizedTest,AuthoritySectionAndAdditionalSection)5875 TEST_P(ResolverParameterizedTest, AuthoritySectionAndAdditionalSection) {
5876 // DNS response may have more information in authority section and additional section.
5877 // Currently, getanswer() of packages/modules/DnsResolver/getaddrinfo.cpp doesn't parse the
5878 // content of authority section and additional section. Test these sections if they crash
5879 // the resolver, just in case. See also RFC 1035 section 4.1.
5880 const auto& calltype = GetParam();
5881 test::DNSHeader header(kDefaultDnsHeader);
5882
5883 // Create a DNS response which has a authoritative nameserver record in authority
5884 // section and its relevant address record in additional section.
5885 //
5886 // Question
5887 // hello.example.com. IN A
5888 // Answer
5889 // hello.example.com. IN A 1.2.3.4
5890 // Authority:
5891 // hello.example.com. IN NS ns1.example.com.
5892 // Additional:
5893 // ns1.example.com. IN A 5.6.7.8
5894 //
5895 // A response may have only question, answer, and authority section. Current testing response
5896 // should be able to cover this condition.
5897
5898 // Question section.
5899 test::DNSQuestion question{
5900 .qname = {.name = kHelloExampleCom},
5901 .qtype = ns_type::ns_t_a,
5902 .qclass = ns_c_in,
5903 };
5904 header.questions.push_back(std::move(question));
5905
5906 // Answer section.
5907 test::DNSRecord recordAnswer{
5908 .name = {.name = kHelloExampleCom},
5909 .rtype = ns_type::ns_t_a,
5910 .rclass = ns_c_in,
5911 .ttl = 0, // no cache
5912 };
5913 EXPECT_TRUE(test::DNSResponder::fillRdata(kHelloExampleComAddrV4, recordAnswer));
5914 header.answers.push_back(std::move(recordAnswer));
5915
5916 // Authority section.
5917 test::DNSRecord recordAuthority{
5918 .name = {.name = kHelloExampleCom},
5919 .rtype = ns_type::ns_t_ns,
5920 .rclass = ns_c_in,
5921 .ttl = 0, // no cache
5922 };
5923 EXPECT_TRUE(test::DNSResponder::fillRdata("ns1.example.com.", recordAuthority));
5924 header.authorities.push_back(std::move(recordAuthority));
5925
5926 // Additional section.
5927 test::DNSRecord recordAdditional{
5928 .name = {.name = "ns1.example.com."},
5929 .rtype = ns_type::ns_t_a,
5930 .rclass = ns_c_in,
5931 .ttl = 0, // no cache
5932 };
5933 EXPECT_TRUE(test::DNSResponder::fillRdata("5.6.7.8", recordAdditional));
5934 header.additionals.push_back(std::move(recordAdditional));
5935
5936 // Start DNS server.
5937 test::DNSResponder dns(test::DNSResponder::MappingType::DNS_HEADER);
5938 dns.addMappingDnsHeader(kHelloExampleCom, ns_type::ns_t_a, header);
5939 ASSERT_TRUE(dns.startServer());
5940 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5941 dns.clearQueries();
5942
5943 // Expect that get the address and the resolver doesn't crash.
5944 VerifyQueryHelloExampleComV4(dns, calltype);
5945 }
5946
TEST_P(ResolverParameterizedTest,MessageCompression)5947 TEST_P(ResolverParameterizedTest, MessageCompression) {
5948 const auto& calltype = GetParam();
5949
5950 // The response with compressed domain name by a pointer. See RFC 1035 section 4.1.4.
5951 //
5952 // Ignoring the other fields of the message, the domain name of question section and answer
5953 // section are presented as:
5954 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5955 // 12 | 5 | h |
5956 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5957 // 14 | e | l |
5958 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5959 // 16 | l | o |
5960 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5961 // 18 | 7 | e |
5962 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5963 // 20 | x | a |
5964 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5965 // 22 | m | p |
5966 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5967 // 24 | l | e |
5968 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5969 // 26 | 3 | c |
5970 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5971 // 28 | o | m |
5972 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5973 // 30 | 0 | ... |
5974 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5975 //
5976 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5977 // 35 | 1 1| 12 |
5978 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5979 const std::vector<uint8_t> kResponseAPointer = {
5980 /* Header */
5981 0x00, 0x00, /* Transaction ID: 0x0000 */
5982 0x81, 0x80, /* Flags: qr rd ra */
5983 0x00, 0x01, /* Questions: 1 */
5984 0x00, 0x01, /* Answer RRs: 1 */
5985 0x00, 0x00, /* Authority RRs: 0 */
5986 0x00, 0x00, /* Additional RRs: 0 */
5987 /* Queries */
5988 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
5989 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
5990 0x00, 0x01, /* Type: A */
5991 0x00, 0x01, /* Class: IN */
5992 /* Answers */
5993 0xc0, 0x0c, /* Name: hello.example.com (a pointer) */
5994 0x00, 0x01, /* Type: A */
5995 0x00, 0x01, /* Class: IN */
5996 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
5997 0x00, 0x04, /* Data length: 4 */
5998 0x01, 0x02, 0x03, 0x04 /* Address: 1.2.3.4 */
5999 };
6000
6001 // The response with compressed domain name by a sequence of labels ending with a pointer. See
6002 // RFC 1035 section 4.1.4.
6003 //
6004 // Ignoring the other fields of the message, the domain name of question section and answer
6005 // section are presented as:
6006 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6007 // 12 | 5 | h |
6008 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6009 // 14 | e | l |
6010 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6011 // 16 | l | o |
6012 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6013 // 18 | 7 | e |
6014 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6015 // 20 | x | a |
6016 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6017 // 22 | m | p |
6018 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6019 // 24 | l | e |
6020 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6021 // 26 | 3 | c |
6022 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6023 // 28 | o | m |
6024 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6025 // 30 | 0 | ... |
6026 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6027 //
6028 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6029 // 35 | 5 | h |
6030 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6031 // 37 | e | l |
6032 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6033 // 39 | l | o |
6034 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6035 // 41 | 1 1| 18 |
6036 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6037 const std::vector<uint8_t> kResponseLabelEndingWithAPointer = {
6038 /* Header */
6039 0x00, 0x00, /* Transaction ID: 0x0000 */
6040 0x81, 0x80, /* Flags: qr rd ra */
6041 0x00, 0x01, /* Questions: 1 */
6042 0x00, 0x01, /* Answer RRs: 1 */
6043 0x00, 0x00, /* Authority RRs: 0 */
6044 0x00, 0x00, /* Additional RRs: 0 */
6045 /* Queries */
6046 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
6047 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
6048 0x00, 0x01, /* Type: A */
6049 0x00, 0x01, /* Class: IN */
6050 /* Answers */
6051 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0xc0,
6052 0x12, /* Name: hello.example.com (a label ending with a pointer) */
6053 0x00, 0x01, /* Type: A */
6054 0x00, 0x01, /* Class: IN */
6055 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
6056 0x00, 0x04, /* Data length: 4 */
6057 0x01, 0x02, 0x03, 0x04 /* Address: 1.2.3.4 */
6058 };
6059
6060 for (const auto& response : {kResponseAPointer, kResponseLabelEndingWithAPointer}) {
6061 SCOPED_TRACE(fmt::format("Hex dump: {}", toHex(makeSlice(response))));
6062
6063 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
6064 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, response);
6065 StartDns(dns, {});
6066 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6067
6068 // Expect no cache because the TTL of testing responses are 0.
6069 VerifyQueryHelloExampleComV4(dns, calltype);
6070 }
6071 }
6072
TEST_P(ResolverParameterizedTest,TruncatedResponse)6073 TEST_P(ResolverParameterizedTest, TruncatedResponse) {
6074 const auto& calltype = GetParam();
6075
6076 test::DNSResponder dns;
6077 StartDns(dns, kLargeCnameChainRecords);
6078 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6079
6080 // Expect UDP response is truncated. The resolver retries over TCP. See RFC 1035 section 4.2.1.
6081 VerifyQueryHelloExampleComV4(dns, calltype, false);
6082 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom));
6083 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom));
6084 }
6085
6086 // Tests that the DnsResolver can keep listening to the DNS response from previous DNS servers.
6087 // Test scenarios (The timeout for each server is 1 second):
6088 // 1. (During the first iteration of DNS servers) While waiting for the DNS response from the
6089 // second server, the DnsResolver receives the DNS response from the first server.
6090 // 2. (During the second iteration of DNS servers) While waiting for the DNS response from the
6091 // second server, the DnsResolver receives the DNS response from the first server.
TEST_F(ResolverTest,KeepListeningUDP)6092 TEST_F(ResolverTest, KeepListeningUDP) {
6093 constexpr char listen_addr1[] = "127.0.0.4";
6094 constexpr char listen_addr2[] = "127.0.0.5";
6095 constexpr char host_name[] = "howdy.example.com.";
6096 const std::vector<DnsRecord> records = {
6097 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
6098 };
6099 auto builder =
6100 ResolverParams::Builder().setDnsServers({listen_addr1, listen_addr2}).setDotServers({});
6101
6102 test::DNSResponder neverRespondDns(listen_addr2, "53", static_cast<ns_rcode>(-1));
6103 neverRespondDns.setResponseProbability(0.0);
6104 StartDns(neverRespondDns, records);
6105 test::DNSResponder delayedDns(listen_addr1);
6106 StartDns(delayedDns, records);
6107
6108 const struct TestConfig {
6109 int retryCount;
6110 int delayTimeMs;
6111 int expectedDns1Successes;
6112 int expectedDns1Timeouts;
6113 int expectedDns2Timeouts;
6114 } testConfigs[]{
6115 {1, 1500, 1, 1, 0},
6116 // Actually, there will be two timeouts and one success for DNS1. However, the
6117 // DnsResolver doesn't record the stats during the second iteration of DNS servers, so
6118 // the success and timeout of DNS1 is 0 and 1, respectively.
6119 {2, 3500, 0, 1, 1},
6120 };
6121 for (const std::string_view callType : {"getaddrinfo", "resnsend"}) {
6122 for (const auto& cfg : testConfigs) {
6123 SCOPED_TRACE(fmt::format("callType={}, retryCount={}, delayTimeMs={}", callType,
6124 cfg.retryCount, cfg.delayTimeMs));
6125 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6126 300, 25, 8, 8, 1000 /* BASE_TIMEOUT_MSEC */, cfg.retryCount /* retry count */};
6127
6128 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6129 resetNetwork();
6130 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.setParams(params).build()));
6131
6132 delayedDns.setDeferredResp(true);
6133 std::thread thread([&]() {
6134 std::this_thread::sleep_for(std::chrono::milliseconds(cfg.delayTimeMs));
6135 delayedDns.setDeferredResp(false);
6136 });
6137
6138 if (callType == "getaddrinfo") {
6139 const addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
6140 ScopedAddrinfo result = safe_getaddrinfo(host_name, nullptr, &hints);
6141 EXPECT_EQ("::1.2.3.4", ToString(result));
6142 } else {
6143 int fd = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
6144 expectAnswersValid(fd, AF_INET6, "::1.2.3.4");
6145 }
6146 const std::vector<NameserverStats> expectedCleartextDnsStats = {
6147 NameserverStats(listen_addr1)
6148 .setSuccesses(cfg.expectedDns1Successes)
6149 .setTimeouts(cfg.expectedDns1Timeouts)
6150 .setRttAvg(cfg.retryCount == 1 ? 1500 : -1),
6151 NameserverStats(listen_addr2)
6152 .setTimeouts(cfg.expectedDns2Timeouts)
6153 .setRttAvg(-1),
6154 };
6155 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
6156 thread.join();
6157 }
6158 }
6159 }
6160
TEST_F(ResolverTest,GetAddrInfoParallelLookupTimeout)6161 TEST_F(ResolverTest, GetAddrInfoParallelLookupTimeout) {
6162 constexpr char host_name[] = "howdy.example.com.";
6163 constexpr int TIMING_TOLERANCE_MS = 200;
6164 constexpr int DNS_TIMEOUT_MS = 1000;
6165 const std::vector<DnsRecord> records = {
6166 {host_name, ns_type::ns_t_a, "1.2.3.4"},
6167 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
6168 };
6169 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6170 300, 25, 8, 8, DNS_TIMEOUT_MS /* BASE_TIMEOUT_MSEC */, 1 /* retry count */};
6171 test::DNSResponder neverRespondDns(kDefaultServer, "53", static_cast<ns_rcode>(-1));
6172 neverRespondDns.setResponseProbability(0.0);
6173 StartDns(neverRespondDns, records);
6174
6175 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
6176 ResolverParams::Builder().setDotServers({}).setParams(params).build()));
6177 neverRespondDns.clearQueries();
6178
6179 // Use a never respond DNS server to verify if the A/AAAA queries are sent in parallel.
6180 // The resolver parameters are set to timeout 1s and retry 1 times.
6181 // So we expect the safe_getaddrinfo_time_taken() might take ~1s to
6182 // return when parallel lookup is enabled. And the DNS server should receive 2 queries.
6183 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
6184 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(host_name, nullptr, hints);
6185
6186 EXPECT_TRUE(result == nullptr);
6187 EXPECT_NEAR(DNS_TIMEOUT_MS, timeTakenMs, TIMING_TOLERANCE_MS)
6188 << "took time should approximate equal timeout";
6189 EXPECT_EQ(2U, GetNumQueries(neverRespondDns, host_name));
6190 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, RCODE_TIMEOUT, host_name, {});
6191 }
6192
TEST_F(ResolverTest,GetAddrInfoParallelLookupSleepTime)6193 TEST_F(ResolverTest, GetAddrInfoParallelLookupSleepTime) {
6194 constexpr int TIMING_TOLERANCE_MS = 200;
6195 const std::vector<DnsRecord> records = {
6196 {kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4},
6197 {kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6},
6198 };
6199 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6200 300, 25, 8, 8, 1000 /* BASE_TIMEOUT_MSEC */, 1 /* retry count */};
6201 test::DNSResponder dns(kDefaultServer);
6202 StartDns(dns, records);
6203 constexpr int PARALLEL_LOOKUP_SLEEP_TIME_MS = 500;
6204 ScopedSystemProperties sp2(kParallelLookupSleepTimeFlag,
6205 std::to_string(PARALLEL_LOOKUP_SLEEP_TIME_MS));
6206 // Re-setup test network to make experiment flag take effect.
6207 resetNetwork();
6208
6209 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
6210 ResolverParams::Builder().setDotServers({}).setParams(params).build()));
6211 dns.clearQueries();
6212
6213 // Expect the safe_getaddrinfo_time_taken() might take ~500ms to return because we set
6214 // parallel_lookup_sleep_time to 500ms.
6215 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
6216 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(kHelloExampleCom, nullptr, hints);
6217
6218 EXPECT_NE(nullptr, result);
6219 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(
6220 {kHelloExampleComAddrV4, kHelloExampleComAddrV6}));
6221 EXPECT_NEAR(PARALLEL_LOOKUP_SLEEP_TIME_MS, timeTakenMs, TIMING_TOLERANCE_MS)
6222 << "took time should approximate equal timeout";
6223 EXPECT_EQ(2U, GetNumQueries(dns, kHelloExampleCom));
6224
6225 // Expect the PARALLEL_LOOKUP_SLEEP_TIME_MS won't affect the query under cache hit case.
6226 dns.clearQueries();
6227 std::tie(result, timeTakenMs) = safe_getaddrinfo_time_taken(kHelloExampleCom, nullptr, hints);
6228 EXPECT_NE(nullptr, result);
6229 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(
6230 {kHelloExampleComAddrV4, kHelloExampleComAddrV6}));
6231 EXPECT_GT(PARALLEL_LOOKUP_SLEEP_TIME_MS, timeTakenMs);
6232 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
6233 }
6234
TEST_F(ResolverTest,BlockDnsQueryUidDoesNotLeadToBadServer)6235 TEST_F(ResolverTest, BlockDnsQueryUidDoesNotLeadToBadServer) {
6236 SKIP_IF_BPF_NOT_SUPPORTED;
6237 constexpr char listen_addr1[] = "127.0.0.4";
6238 constexpr char listen_addr2[] = "::1";
6239 test::DNSResponder dns1(listen_addr1);
6240 test::DNSResponder dns2(listen_addr2);
6241 StartDns(dns1, {});
6242 StartDns(dns2, {});
6243
6244 std::vector<std::string> servers = {listen_addr1, listen_addr2};
6245 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
6246 dns1.clearQueries();
6247 dns2.clearQueries();
6248 {
6249 ScopeBlockedUIDRule scopeBlockUidRule(mDnsClient.netdService(), TEST_UID);
6250 // Start querying ten times.
6251 for (int i = 0; i < 10; i++) {
6252 std::string hostName = fmt::format("blocked{}.com", i);
6253 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
6254 // The query result between R+ and Q would be different, but we don't really care
6255 // about the result here because this test is only used to ensure blocked uid rule
6256 // won't cause bad servers.
6257 safe_getaddrinfo(hostName.c_str(), nullptr, &hints);
6258 }
6259 }
6260 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6261 // If api level >= 30 (R+), expect all query packets to be blocked, hence we should not see any
6262 // of their stats show up. Otherwise, all queries should succeed.
6263 const std::vector<NameserverStats> expectedDnsStats = {
6264 NameserverStats(listen_addr1).setSuccesses(0).setRttAvg(-1),
6265 NameserverStats(listen_addr2),
6266 };
6267 expectStatsEqualTo(expectedDnsStats);
6268 // If api level >= 30 (R+), expect server won't receive any queries,
6269 // otherwise expect 20 == 10 * (setupParams.domains.size() + 1) queries.
6270 EXPECT_EQ(dns1.queries().size(), 0U);
6271 EXPECT_EQ(dns2.queries().size(), 0U);
6272 }
6273
TEST_F(ResolverTest,DnsServerSelection)6274 TEST_F(ResolverTest, DnsServerSelection) {
6275 test::DNSResponder dns1("127.0.0.3");
6276 test::DNSResponder dns2("127.0.0.4");
6277 test::DNSResponder dns3("127.0.0.5");
6278
6279 dns1.setResponseDelayMs(10);
6280 dns2.setResponseDelayMs(50);
6281 dns3.setResponseDelayMs(100);
6282 StartDns(dns1, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6283 StartDns(dns2, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6284 StartDns(dns3, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6285
6286 // NOTE: the servers must be sorted alphabetically.
6287 std::vector<std::string> serverList = {
6288 dns1.listen_address(),
6289 dns2.listen_address(),
6290 dns3.listen_address(),
6291 };
6292
6293 do {
6294 SCOPED_TRACE(fmt::format("testConfig: [{}]", fmt::join(serverList, ", ")));
6295 const int queryNum = 50;
6296 int64_t accumulatedTime = 0;
6297
6298 // The flag can be reset any time. It's better to re-setup the flag in each iteration.
6299 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, "1");
6300
6301 // Restart the testing network to 1) make the flag take effect and 2) reset the statistics.
6302 resetNetwork();
6303
6304 // DnsServerSelection doesn't apply to private DNS.
6305 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6306 setupParams.servers = serverList;
6307 setupParams.tlsServers.clear();
6308 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6309
6310 // DNSResponder doesn't handle queries concurrently, so don't allow more than
6311 // one in-flight query.
6312 for (int i = 0; i < queryNum; i++) {
6313 Stopwatch s;
6314 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_a,
6315 ANDROID_RESOLV_NO_CACHE_LOOKUP);
6316 expectAnswersValid(fd, AF_INET, kHelloExampleComAddrV4);
6317 accumulatedTime += s.timeTakenUs();
6318 }
6319
6320 const int dns1Count = dns1.queries().size();
6321 const int dns2Count = dns2.queries().size();
6322 const int dns3Count = dns3.queries().size();
6323
6324 // All of the servers have ever been selected. In addition, the less latency server
6325 // is selected more frequently.
6326 EXPECT_GT(dns1Count, 0);
6327 EXPECT_GT(dns2Count, 0);
6328 EXPECT_GT(dns3Count, 0);
6329 EXPECT_GE(dns1Count, dns2Count);
6330 EXPECT_GE(dns2Count, dns3Count);
6331
6332 const int averageTime = accumulatedTime / queryNum;
6333 LOG(INFO) << "ResolverTest#DnsServerSelection: averageTime " << averageTime << "us";
6334
6335 dns1.clearQueries();
6336 dns2.clearQueries();
6337 dns3.clearQueries();
6338 } while (std::next_permutation(serverList.begin(), serverList.end()));
6339 }
6340
TEST_F(ResolverTest,MultipleDotQueriesInOnePacket)6341 TEST_F(ResolverTest, MultipleDotQueriesInOnePacket) {
6342 constexpr char hostname1[] = "query1.example.com.";
6343 constexpr char hostname2[] = "query2.example.com.";
6344 const std::vector<DnsRecord> records = {
6345 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
6346 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
6347 };
6348
6349 const std::string addr = getUniqueIPv4Address();
6350 test::DNSResponder dns(addr);
6351 StartDns(dns, records);
6352 test::DnsTlsFrontend tls(addr, "853", addr, "53");
6353 ASSERT_TRUE(tls.startServer());
6354
6355 // Set up resolver to strict mode.
6356 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
6357 parcel.servers = {addr};
6358 parcel.tlsServers = {addr};
6359 parcel.tlsName = kDefaultPrivateDnsHostName;
6360 parcel.caCertificate = kCaCert;
6361 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
6362 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
6363 EXPECT_TRUE(tls.waitForQueries(1));
6364 tls.clearQueries();
6365 dns.clearQueries();
6366
6367 const auto queryAndCheck = [&](const std::string& hostname,
6368 const std::vector<DnsRecord>& records) {
6369 SCOPED_TRACE(hostname);
6370
6371 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
6372 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(hostname.c_str(), nullptr, hints);
6373
6374 std::vector<std::string> expectedAnswers;
6375 for (const auto& r : records) {
6376 if (r.host_name == hostname) expectedAnswers.push_back(r.addr);
6377 }
6378
6379 EXPECT_LE(timeTakenMs, 200);
6380 ASSERT_NE(result, nullptr);
6381 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(expectedAnswers));
6382 };
6383
6384 // Set tls to reply DNS responses in one TCP packet and not to close the connection from its
6385 // side.
6386 tls.setDelayQueries(2);
6387 tls.setDelayQueriesTimeout(500);
6388 tls.setPassiveClose(true);
6389
6390 // Start sending DNS requests at the same time.
6391 std::array<std::thread, 2> threads;
6392 threads[0] = std::thread(queryAndCheck, hostname1, records);
6393 threads[1] = std::thread(queryAndCheck, hostname2, records);
6394
6395 threads[0].join();
6396 threads[1].join();
6397
6398 // Also check no additional queries due to DoT reconnection.
6399 EXPECT_TRUE(tls.waitForQueries(2));
6400 }
6401
TEST_F(ResolverTest,MdnsGetHostByName)6402 TEST_F(ResolverTest, MdnsGetHostByName) {
6403 constexpr char v6addr[] = "::127.0.0.3";
6404 constexpr char v4addr[] = "127.0.0.3";
6405 constexpr char host_name[] = "hello.local.";
6406 constexpr char nonexistent_host_name[] = "nonexistent.local.";
6407
6408 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6409 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6410 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6411 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6412
6413 ASSERT_TRUE(mdnsv4.startServer());
6414 ASSERT_TRUE(mdnsv6.startServer());
6415 mdnsv4.clearQueries();
6416 mdnsv6.clearQueries();
6417
6418 std::vector<bool> keep_listening_udp_enable = {false, true};
6419 for (int value : keep_listening_udp_enable) {
6420 if (value == true) {
6421 // Set keep_listening_udp enable
6422 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6423 // Re-setup test network to make experiment flag take effect.
6424 resetNetwork();
6425 }
6426 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6427
6428 static const struct TestConfig {
6429 int ai_family;
6430 const std::string expected_addr;
6431 } testConfigs[]{
6432 {AF_INET, v4addr},
6433 {AF_INET6, v6addr},
6434 };
6435
6436 for (const auto& config : testConfigs) {
6437 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6438 const hostent* result = nullptr;
6439
6440 // No response for "nonexistent.local".
6441 result = gethostbyname2("nonexistent.local", config.ai_family);
6442 ASSERT_TRUE(result == nullptr);
6443 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6444 EXPECT_EQ(1U, GetNumQueries(mdns, nonexistent_host_name));
6445 mdns.clearQueries();
6446 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
6447
6448 // Normal mDns query
6449 result = gethostbyname2("hello.local", config.ai_family);
6450 ASSERT_FALSE(result == nullptr);
6451 EXPECT_EQ(1U, GetNumQueries(mdns, host_name));
6452 int length = config.ai_family == AF_INET ? 4 : 16;
6453 ASSERT_EQ(length, result->h_length);
6454 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6455 EXPECT_EQ(config.expected_addr, ToString(result));
6456 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6457 mdns.clearQueries();
6458
6459 // Ensure the query result is still cached.
6460 result = gethostbyname2("hello.local", config.ai_family);
6461 EXPECT_EQ(0U, GetNumQueries(mdnsv4, "hello.local."));
6462 ASSERT_FALSE(result == nullptr);
6463 EXPECT_EQ(config.expected_addr, ToString(result));
6464 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6465 }
6466 }
6467 }
6468
6469 namespace {
6470
6471 static const struct TransportTypeConfig {
6472 const std::vector<int32_t>& transportTypes;
6473 bool useMdns;
6474 } transportTypeConfig[]{
6475 // clang-format off
6476 {{}, true},
6477 {{IDnsResolver::TRANSPORT_CELLULAR}, false},
6478 {{IDnsResolver::TRANSPORT_WIFI}, true},
6479 {{IDnsResolver::TRANSPORT_BLUETOOTH}, true},
6480 {{IDnsResolver::TRANSPORT_ETHERNET}, true},
6481 {{IDnsResolver::TRANSPORT_VPN}, false},
6482 {{IDnsResolver::TRANSPORT_WIFI_AWARE}, true},
6483 {{IDnsResolver::TRANSPORT_LOWPAN}, true},
6484 {{IDnsResolver::TRANSPORT_TEST}, true},
6485 {{IDnsResolver::TRANSPORT_USB}, true},
6486 {{IDnsResolver::TRANSPORT_CELLULAR, IDnsResolver::TRANSPORT_VPN}, false},
6487 {{IDnsResolver::TRANSPORT_WIFI, IDnsResolver::TRANSPORT_VPN}, false},
6488 {{IDnsResolver::TRANSPORT_BLUETOOTH, IDnsResolver::TRANSPORT_VPN}, false},
6489 {{IDnsResolver::TRANSPORT_ETHERNET, IDnsResolver::TRANSPORT_VPN}, false},
6490 {{IDnsResolver::TRANSPORT_CELLULAR, IDnsResolver::TRANSPORT_WIFI,
6491 IDnsResolver::TRANSPORT_VPN}, false},
6492 {{IDnsResolver::TRANSPORT_WIFI_AWARE, IDnsResolver::TRANSPORT_VPN}, false},
6493 {{IDnsResolver::TRANSPORT_LOWPAN, IDnsResolver::TRANSPORT_VPN}, false},
6494 {{IDnsResolver::TRANSPORT_TEST, IDnsResolver::TRANSPORT_VPN}, false},
6495 {{IDnsResolver::TRANSPORT_USB, IDnsResolver::TRANSPORT_VPN}, false},
6496 // clang-format on
6497 };
6498
6499 } // namespace
6500
TEST_F(ResolverTest,MdnsGetHostByName_transportTypes)6501 TEST_F(ResolverTest, MdnsGetHostByName_transportTypes) {
6502 constexpr char v6addr[] = "::127.0.0.3";
6503 constexpr char v4addr[] = "127.0.0.3";
6504 constexpr char host_name[] = "hello.local.";
6505
6506 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6507 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6508 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6509 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6510 ASSERT_TRUE(mdnsv4.startServer());
6511 ASSERT_TRUE(mdnsv6.startServer());
6512
6513 const std::vector<DnsRecord> records = {
6514 {host_name, ns_type::ns_t_a, v4addr},
6515 {host_name, ns_type::ns_t_aaaa, v6addr},
6516 };
6517 test::DNSResponder dns(v4addr);
6518 StartDns(dns, records);
6519
6520 for (const auto& tpConfig : transportTypeConfig) {
6521 SCOPED_TRACE(fmt::format("transportTypes: [{}], useMdns: {}",
6522 fmt::join(tpConfig.transportTypes, ","), tpConfig.useMdns));
6523 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6524 setupParams.transportTypes = tpConfig.transportTypes;
6525 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6526
6527 static const struct TestConfig {
6528 int ai_family;
6529 const std::string expected_addr;
6530 } testConfigs[]{
6531 {AF_INET, v4addr},
6532 {AF_INET6, v6addr},
6533 };
6534
6535 for (const auto& config : testConfigs) {
6536 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6537 const hostent* result = nullptr;
6538 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6539
6540 result = gethostbyname2("hello.local", config.ai_family);
6541 ASSERT_FALSE(result == nullptr);
6542 if (tpConfig.useMdns) {
6543 EXPECT_EQ(1U, GetNumQueries(mdns, host_name));
6544 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
6545 } else {
6546 EXPECT_EQ(0U, GetNumQueries(mdns, host_name));
6547 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6548 }
6549 int length = config.ai_family == AF_INET ? 4 : 16;
6550 ASSERT_EQ(length, result->h_length);
6551 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6552 EXPECT_EQ(config.expected_addr, ToString(result));
6553 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6554
6555 mdns.clearQueries();
6556 dns.clearQueries();
6557 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6558 }
6559 }
6560 }
6561
TEST_F(ResolverTest,MdnsGetHostByName_cnames)6562 TEST_F(ResolverTest, MdnsGetHostByName_cnames) {
6563 constexpr char v6addr[] = "::127.0.0.3";
6564 constexpr char v4addr[] = "127.0.0.3";
6565 constexpr char host_name[] = "hello.local.";
6566 const std::vector<DnsRecord> records = {
6567 {"hi.local.", ns_type::ns_t_cname, "a.local."},
6568 {"a.local.", ns_type::ns_t_cname, "b.local."},
6569 {"b.local.", ns_type::ns_t_cname, "c.local."},
6570 {"c.local.", ns_type::ns_t_cname, "d.local."},
6571 {"d.local.", ns_type::ns_t_cname, "e.local."},
6572 {"e.local.", ns_type::ns_t_cname, host_name},
6573 {host_name, ns_type::ns_t_a, v4addr},
6574 {host_name, ns_type::ns_t_aaaa, v6addr},
6575 };
6576 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6577 for (const auto& r : records) {
6578 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6579 }
6580 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6581 for (const auto& r : records) {
6582 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6583 }
6584 ASSERT_TRUE(mdnsv4.startServer());
6585 ASSERT_TRUE(mdnsv6.startServer());
6586 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6587 mdnsv4.clearQueries();
6588 mdnsv6.clearQueries();
6589
6590 static const struct TestConfig {
6591 int ai_family;
6592 const std::string expected_addr;
6593 } testConfigs[]{
6594 {AF_INET, v4addr},
6595 {AF_INET6, v6addr},
6596 };
6597
6598 for (const auto& config : testConfigs) {
6599 size_t cnamecount = 0;
6600 // using gethostbyname2() to resolve ipv4 hello.local. to 127.0.0.3
6601 // or ipv6 hello.local. to ::127.0.0.3.
6602 // Ensure the v4 address and cnames are correct
6603 const hostent* result;
6604 result = gethostbyname2("hi.local", config.ai_family);
6605 ASSERT_FALSE(result == nullptr);
6606
6607 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
6608 std::string domain_name =
6609 records[i].host_name.substr(0, records[i].host_name.size() - 1);
6610 EXPECT_EQ(result->h_aliases[i], domain_name);
6611 cnamecount++;
6612 }
6613 // The size of "Non-cname type" record in DNS records is 2
6614 ASSERT_EQ(cnamecount, records.size() - 2);
6615 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6616 EXPECT_EQ(1U, mdnsv4.queries().size()) << mdns.dumpQueries();
6617 int length = config.ai_family == AF_INET ? 4 : 16;
6618 ASSERT_EQ(length, result->h_length);
6619
6620 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6621 EXPECT_EQ(config.expected_addr, ToString(result));
6622 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6623 }
6624 }
6625
TEST_F(ResolverTest,MdnsGetHostByName_cnamesInfiniteLoop)6626 TEST_F(ResolverTest, MdnsGetHostByName_cnamesInfiniteLoop) {
6627 constexpr char host_name1[] = "hello.local.";
6628 constexpr char host_name2[] = "hi.local.";
6629 const std::vector<DnsRecord> records = {
6630 {host_name1, ns_type::ns_t_cname, host_name2},
6631 {host_name2, ns_type::ns_t_cname, host_name1},
6632 };
6633
6634 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6635 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6636 for (const auto& r : records) {
6637 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6638 }
6639 for (const auto& r : records) {
6640 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6641 }
6642 ASSERT_TRUE(mdnsv4.startServer());
6643 ASSERT_TRUE(mdnsv6.startServer());
6644 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6645 mdnsv4.clearQueries();
6646 mdnsv6.clearQueries();
6647
6648 const hostent* result;
6649 result = gethostbyname2("hello.local", AF_INET);
6650 ASSERT_TRUE(result == nullptr);
6651
6652 result = gethostbyname2("hello.local", AF_INET6);
6653 ASSERT_TRUE(result == nullptr);
6654 }
6655
TEST_F(ResolverTest,MdnsGetAddrInfo)6656 TEST_F(ResolverTest, MdnsGetAddrInfo) {
6657 constexpr char v6addr[] = "::127.0.0.3";
6658 constexpr char v4addr[] = "127.0.0.3";
6659 constexpr char host_name[] = "hello.local.";
6660 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6661 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6662 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6663 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6664 ASSERT_TRUE(mdnsv4.startServer());
6665 ASSERT_TRUE(mdnsv6.startServer());
6666
6667 std::vector<bool> keep_listening_udp_enable = {false, true};
6668 for (int value : keep_listening_udp_enable) {
6669 if (value == true) {
6670 // Set keep_listening_udp enable
6671 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6672 // Re-setup test network to make experiment flag take effect.
6673 resetNetwork();
6674 }
6675
6676 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6677 static const struct TestConfig {
6678 int ai_family;
6679 const std::vector<std::string> expected_addr;
6680 } testConfigs[]{
6681 {AF_INET, {v4addr}},
6682 {AF_INET6, {v6addr}},
6683 {AF_UNSPEC, {v4addr, v6addr}},
6684 };
6685
6686 for (const auto& config : testConfigs) {
6687 mdnsv4.clearQueries();
6688 mdnsv6.clearQueries();
6689 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6690 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6691
6692 EXPECT_TRUE(result != nullptr);
6693 if (config.ai_family == AF_INET) {
6694 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6695 mdnsv4.clearQueries();
6696 } else if (config.ai_family == AF_INET6) {
6697 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6698 mdnsv6.clearQueries();
6699 } else if (config.ai_family == AF_UNSPEC) {
6700 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6701 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6702 mdnsv4.clearQueries();
6703 mdnsv6.clearQueries();
6704 }
6705 std::string result_str = ToString(result);
6706 EXPECT_THAT(ToStrings(result),
6707 testing::UnorderedElementsAreArray(config.expected_addr));
6708
6709 // Ensure the query results are still cached.
6710 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6711 EXPECT_TRUE(result != nullptr);
6712 if (config.ai_family == AF_INET)
6713 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6714 else if (config.ai_family == AF_INET6)
6715 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6716 else if (config.ai_family == AF_UNSPEC) {
6717 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6718 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6719 }
6720 result_str = ToString(result);
6721 EXPECT_THAT(ToStrings(result),
6722 testing::UnorderedElementsAreArray(config.expected_addr));
6723 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6724 }
6725 }
6726 }
6727
TEST_F(ResolverTest,MdnsGetAddrInfo_transportTypes)6728 TEST_F(ResolverTest, MdnsGetAddrInfo_transportTypes) {
6729 constexpr char v6addr[] = "::127.0.0.3";
6730 constexpr char v4addr[] = "127.0.0.3";
6731 constexpr char host_name[] = "hello.local.";
6732 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6733 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6734 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6735 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6736 ASSERT_TRUE(mdnsv4.startServer());
6737 ASSERT_TRUE(mdnsv6.startServer());
6738
6739 const std::vector<DnsRecord> records = {
6740 {host_name, ns_type::ns_t_a, v4addr},
6741 {host_name, ns_type::ns_t_aaaa, v6addr},
6742 };
6743 test::DNSResponder dns(v4addr);
6744 StartDns(dns, records);
6745
6746 for (const auto& tpConfig : transportTypeConfig) {
6747 SCOPED_TRACE(fmt::format("transportTypes: [{}], useMdns: {}",
6748 fmt::join(tpConfig.transportTypes, ","), tpConfig.useMdns));
6749 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6750 setupParams.transportTypes = tpConfig.transportTypes;
6751 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6752
6753 static const struct TestConfig {
6754 int ai_family;
6755 const std::vector<std::string> expected_addr;
6756 } testConfigs[]{
6757 {AF_INET, {v4addr}},
6758 {AF_INET6, {v6addr}},
6759 {AF_UNSPEC, {v4addr, v6addr}},
6760 };
6761
6762 for (const auto& config : testConfigs) {
6763 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6764 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6765
6766 EXPECT_TRUE(result != nullptr);
6767 if (tpConfig.useMdns) {
6768 if (config.ai_family == AF_INET) {
6769 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6770 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6771 } else if (config.ai_family == AF_INET6) {
6772 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6773 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6774 } else {
6775 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6776 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6777 }
6778 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
6779 } else {
6780 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6781 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6782 if (config.ai_family == AF_INET || config.ai_family == AF_INET6) {
6783 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6784 } else {
6785 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
6786 }
6787 }
6788 std::string result_str = ToString(result);
6789 EXPECT_THAT(ToStrings(result),
6790 testing::UnorderedElementsAreArray(config.expected_addr));
6791
6792 mdnsv4.clearQueries();
6793 mdnsv6.clearQueries();
6794 dns.clearQueries();
6795 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6796 }
6797 }
6798 }
6799
TEST_F(ResolverTest,MdnsGetAddrInfo_InvalidSocketType)6800 TEST_F(ResolverTest, MdnsGetAddrInfo_InvalidSocketType) {
6801 constexpr char v6addr[] = "::127.0.0.3";
6802 constexpr char host_name[] = "hello.local.";
6803
6804 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6805 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6806 ASSERT_TRUE(mdnsv6.startServer());
6807 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6808
6809 // TODO: Test other invalid socket types.
6810 const addrinfo hints = {
6811 .ai_family = AF_UNSPEC,
6812 .ai_socktype = SOCK_PACKET,
6813 };
6814 addrinfo* result = nullptr;
6815 // This is a valid hint, but the query won't be sent because the socket type is
6816 // not supported.
6817 EXPECT_EQ(EAI_NODATA, getaddrinfo("howdy.local", nullptr, &hints, &result));
6818 ScopedAddrinfo result_cleanup(result);
6819 EXPECT_EQ(nullptr, result);
6820 }
6821
TEST_F(ResolverTest,MdnsGetAddrInfo_cnames)6822 TEST_F(ResolverTest, MdnsGetAddrInfo_cnames) {
6823 constexpr char v6addr[] = "::127.0.0.3";
6824 constexpr char v4addr[] = "127.0.0.3";
6825 constexpr char host_name[] = "hello.local.";
6826 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6827 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6828 const std::vector<DnsRecord> records = {
6829 {"hi.local.", ns_type::ns_t_cname, "a.local."},
6830 {"a.local.", ns_type::ns_t_cname, "b.local."},
6831 {"b.local.", ns_type::ns_t_cname, "c.local."},
6832 {"c.local.", ns_type::ns_t_cname, "d.local."},
6833 {"d.local.", ns_type::ns_t_cname, "e.local."},
6834 {"e.local.", ns_type::ns_t_cname, host_name},
6835 {host_name, ns_type::ns_t_a, v4addr},
6836 {host_name, ns_type::ns_t_aaaa, v6addr},
6837 };
6838 for (const auto& r : records) {
6839 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6840 }
6841 for (const auto& r : records) {
6842 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6843 }
6844 ASSERT_TRUE(mdnsv4.startServer());
6845 ASSERT_TRUE(mdnsv6.startServer());
6846 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6847
6848 static const struct TestConfig {
6849 int ai_family;
6850 const std::vector<std::string> expected_addr;
6851 } testConfigs[]{
6852 {AF_INET, {v4addr}},
6853 {AF_INET6, {v6addr}},
6854 {AF_UNSPEC, {v4addr, v6addr}},
6855 };
6856 for (const auto& config : testConfigs) {
6857 mdnsv4.clearQueries();
6858 mdnsv6.clearQueries();
6859 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6860 ScopedAddrinfo result = safe_getaddrinfo("hi.local", nullptr, &hints);
6861 EXPECT_TRUE(result != nullptr);
6862 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.expected_addr));
6863 }
6864 }
6865
TEST_F(ResolverTest,MdnsGetAddrInfo_cnamesNoIpAddress)6866 TEST_F(ResolverTest, MdnsGetAddrInfo_cnamesNoIpAddress) {
6867 constexpr char host_name[] = "hello.local.";
6868 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6869 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6870 mdnsv4.addMapping(host_name, ns_type::ns_t_cname, "a.local.");
6871 mdnsv6.addMapping(host_name, ns_type::ns_t_cname, "a.local.");
6872 ASSERT_TRUE(mdnsv4.startServer());
6873 ASSERT_TRUE(mdnsv6.startServer());
6874 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6875
6876 addrinfo hints = {.ai_family = AF_INET};
6877 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6878 EXPECT_TRUE(result == nullptr);
6879
6880 mdnsv4.clearQueries();
6881 hints = {.ai_family = AF_INET6};
6882 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6883 EXPECT_TRUE(result == nullptr);
6884
6885 mdnsv6.clearQueries();
6886 hints = {.ai_family = AF_UNSPEC};
6887 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6888 EXPECT_TRUE(result == nullptr);
6889 }
6890
TEST_F(ResolverTest,MdnsGetAddrInfo_cnamesIllegalRdata)6891 TEST_F(ResolverTest, MdnsGetAddrInfo_cnamesIllegalRdata) {
6892 constexpr char host_name[] = "hello.local.";
6893 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6894 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6895 mdnsv4.addMapping(host_name, ns_type::ns_t_cname, ".!#?");
6896 mdnsv6.addMapping(host_name, ns_type::ns_t_cname, ".!#?");
6897 ASSERT_TRUE(mdnsv4.startServer());
6898 ASSERT_TRUE(mdnsv6.startServer());
6899 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6900
6901 addrinfo hints = {.ai_family = AF_INET};
6902 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6903 EXPECT_TRUE(result == nullptr);
6904
6905 mdnsv4.clearQueries();
6906 hints = {.ai_family = AF_INET6};
6907 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6908 EXPECT_TRUE(result == nullptr);
6909
6910 mdnsv6.clearQueries();
6911 hints = {.ai_family = AF_UNSPEC};
6912 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6913 EXPECT_TRUE(result == nullptr);
6914 }
6915
6916 // Test if .local resolution will try unicast when multicast is failed.
TEST_F(ResolverTest,MdnsGetAddrInfo_fallback)6917 TEST_F(ResolverTest, MdnsGetAddrInfo_fallback) {
6918 constexpr char v6addr[] = "::1.2.3.4";
6919 constexpr char v4addr[] = "1.2.3.4";
6920 constexpr char host_name[] = "hello.local.";
6921 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService,
6922 static_cast<ns_rcode>(-1));
6923 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService, static_cast<ns_rcode>(-1));
6924 // Set unresponsive on multicast.
6925 mdnsv4.setResponseProbability(0.0);
6926 mdnsv6.setResponseProbability(0.0);
6927 ASSERT_TRUE(mdnsv4.startServer());
6928 ASSERT_TRUE(mdnsv6.startServer());
6929
6930 const std::vector<DnsRecord> records = {
6931 {host_name, ns_type::ns_t_a, v4addr},
6932 {host_name, ns_type::ns_t_aaaa, v6addr},
6933 };
6934 test::DNSResponder dns("127.0.0.3");
6935 StartDns(dns, records);
6936 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6937
6938 static const struct TestConfig {
6939 int ai_family;
6940 const std::vector<std::string> expected_addr;
6941 } testConfigs[]{
6942 {AF_INET, {v4addr}},
6943 {AF_INET6, {v6addr}},
6944 {AF_UNSPEC, {v4addr, v6addr}},
6945 };
6946
6947 for (const auto& config : testConfigs) {
6948 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6949 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6950 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6951 EXPECT_TRUE(result != nullptr);
6952 if (config.ai_family == AF_INET) {
6953 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6954 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6955 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6956 } else if (config.ai_family == AF_INET6) {
6957 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6958 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6959 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6960 } else {
6961 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6962 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6963 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
6964 }
6965 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.expected_addr));
6966
6967 mdnsv4.clearQueries();
6968 mdnsv6.clearQueries();
6969 dns.clearQueries();
6970 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6971 }
6972 }
6973
6974 // ResolverMultinetworkTest is used to verify multinetwork functionality. Here's how it works:
6975 // The resolver sends queries to address A, and then there will be a TunForwarder helping forward
6976 // the packets to address B, which is the address on which the testing server is listening. The
6977 // answer packets responded from the testing server go through the reverse path back to the
6978 // resolver.
6979 //
6980 // To achieve the that, it needs to set up a interface with routing rules. Tests are not
6981 // supposed to initiate DNS servers on their own; instead, some utilities are added to the class to
6982 // help the setup.
6983 //
6984 // An example of how to use it:
6985 // TEST_F() {
6986 // ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(V4);
6987 // network.init();
6988 //
6989 // auto dns = network.addIpv4Dns();
6990 // StartDns(dns.dnsServer, {});
6991 //
6992 // network.setDnsConfiguration();
6993 // network.startTunForwarder();
6994 //
6995 // // Send queries here
6996 // }
6997
6998 class ResolverMultinetworkTest : public ResolverTest {
6999 protected:
7000 enum class ConnectivityType { V4, V6, V4V6 };
7001 static constexpr int TEST_NETID_BASE = 10000;
7002
7003 struct DnsServerPair {
DnsServerPairResolverMultinetworkTest::DnsServerPair7004 DnsServerPair(std::shared_ptr<test::DNSResponder> server, std::string addr)
7005 : dnsServer(server), dnsAddr(addr) {}
7006 std::shared_ptr<test::DNSResponder> dnsServer;
7007 std::string dnsAddr; // The DNS server address used for setResolverConfiguration().
7008 // TODO: Add test::DnsTlsFrontend* and std::string for DoT.
7009 };
7010
7011 class ScopedNetwork {
7012 public:
ScopedNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * networkName)7013 ScopedNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7014 IDnsResolver* dnsResolvSrv, const char* networkName)
7015 : mNetId(netId),
7016 mConnectivityType(type),
7017 mNetdSrv(netdSrv),
7018 mDnsResolvSrv(dnsResolvSrv),
7019 mNetworkName(networkName) {
7020 mIfname = fmt::format("testtun{}", netId);
7021 }
~ScopedNetwork()7022 virtual ~ScopedNetwork() {
7023 if (mNetdSrv != nullptr) mNetdSrv->networkDestroy(mNetId);
7024 if (mDnsResolvSrv != nullptr) mDnsResolvSrv->destroyNetworkCache(mNetId);
7025 }
7026
7027 Result<void> init();
addIpv4Dns()7028 Result<DnsServerPair> addIpv4Dns() { return addDns(ConnectivityType::V4); }
addIpv6Dns()7029 Result<DnsServerPair> addIpv6Dns() { return addDns(ConnectivityType::V6); }
startTunForwarder()7030 bool startTunForwarder() { return mTunForwarder->startForwarding(); }
7031 bool setDnsConfiguration() const;
7032 bool clearDnsConfiguration() const;
netId() const7033 unsigned netId() const { return mNetId; }
name() const7034 std::string name() const { return mNetworkName; }
addUser(uid_t uid) const7035 Result<void> addUser(uid_t uid) const { return addUidRange(uid, uid); }
addUidRange(uid_t from,uid_t to) const7036 Result<void> addUidRange(uid_t from, uid_t to) const {
7037 if (auto r = mNetdSrv->networkAddUidRanges(mNetId, {makeUidRangeParcel(from, to)});
7038 !r.isOk()) {
7039 return Error() << r.getMessage();
7040 }
7041 return {};
7042 }
7043
addUserFromParcel(uid_t uid,int32_t subPriority) const7044 Result<void> addUserFromParcel(uid_t uid, int32_t subPriority) const {
7045 return addUidRangeFromParcel(uid, uid, subPriority);
7046 }
7047
addUidRangeFromParcel(uid_t from,uid_t to,int32_t subPriority) const7048 Result<void> addUidRangeFromParcel(uid_t from, uid_t to, int32_t subPriority) const {
7049 NativeUidRangeConfig cfg =
7050 makeNativeUidRangeConfig(mNetId, {makeUidRangeParcel(from, to)}, subPriority);
7051 if (auto r = mNetdSrv->networkAddUidRangesParcel(cfg); !r.isOk()) {
7052 return Error() << r.getMessage();
7053 }
7054 return {};
7055 }
7056
ifname()7057 const std::string& ifname() { return mIfname; }
7058 // Assuming mNetId is unique during ResolverMultinetworkTest, make the
7059 // address based on it to avoid conflicts.
makeIpv4AddrString(uint8_t n) const7060 std::string makeIpv4AddrString(uint8_t n) const {
7061 return fmt::format("192.168.{}.{}", (mNetId - TEST_NETID_BASE), n);
7062 }
makeIpv6AddrString(uint8_t n) const7063 std::string makeIpv6AddrString(uint8_t n) const {
7064 return fmt::format("2001:db8:{}::{}", (mNetId - TEST_NETID_BASE), n);
7065 }
7066
7067 protected:
7068 // Subclasses should implement it to decide which network should be create.
7069 virtual Result<void> createNetwork() const = 0;
7070
7071 const unsigned mNetId;
7072 const ConnectivityType mConnectivityType;
7073 INetd* mNetdSrv;
7074 IDnsResolver* mDnsResolvSrv;
7075 const std::string mNetworkName;
7076 std::string mIfname;
7077 std::unique_ptr<TunForwarder> mTunForwarder;
7078 std::vector<DnsServerPair> mDnsServerPairs;
7079
7080 private:
7081 Result<DnsServerPair> addDns(ConnectivityType connectivity);
7082 };
7083
7084 class ScopedPhysicalNetwork : public ScopedNetwork {
7085 public:
ScopedPhysicalNetwork(unsigned netId,const char * networkName)7086 ScopedPhysicalNetwork(unsigned netId, const char* networkName)
7087 : ScopedNetwork(netId, ConnectivityType::V4V6, nullptr, nullptr, networkName) {}
ScopedPhysicalNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * name="Physical")7088 ScopedPhysicalNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7089 IDnsResolver* dnsResolvSrv, const char* name = "Physical")
7090 : ScopedNetwork(netId, type, netdSrv, dnsResolvSrv, name) {}
7091
7092 protected:
createNetwork() const7093 Result<void> createNetwork() const override {
7094 ::ndk::ScopedAStatus r;
7095 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
7096 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
7097 mNetId, NativeNetworkType::PHYSICAL, INetd::PERMISSION_NONE,
7098 /*secure=*/false);
7099 r = mNetdSrv->networkCreate(config);
7100 } else {
7101 #pragma clang diagnostic push
7102 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
7103 r = mNetdSrv->networkCreatePhysical(mNetId, INetd::PERMISSION_NONE);
7104 #pragma clang diagnostic pop
7105 }
7106
7107 if (!r.isOk()) {
7108 return Error() << r.getMessage();
7109 }
7110 return {};
7111 }
7112 };
7113
7114 class ScopedVirtualNetwork : public ScopedNetwork {
7115 public:
ScopedVirtualNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * name,bool isSecure)7116 ScopedVirtualNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7117 IDnsResolver* dnsResolvSrv, const char* name, bool isSecure)
7118 : ScopedNetwork(netId, type, netdSrv, dnsResolvSrv, name), mIsSecure(isSecure) {
7119 if (android::modules::sdklevel::IsAtLeastT()) {
7120 mFw = Firewall::getInstance();
7121 }
7122 }
~ScopedVirtualNetwork()7123 ~ScopedVirtualNetwork() {
7124 if (!mVpnIsolationUids.empty()) {
7125 const std::vector<int> tmpUids(mVpnIsolationUids.begin(), mVpnIsolationUids.end());
7126 mNetdSrv->firewallRemoveUidInterfaceRules(tmpUids);
7127 }
7128 }
7129 // Enable VPN isolation. Ensures that uid can only receive packets on mIfname.
enableVpnIsolation(int uid)7130 Result<void> enableVpnIsolation(int uid) {
7131 if (android::modules::sdklevel::IsAtLeastT()) {
7132 if (auto r = mFw->addUidInterfaceRules(mIfname, {uid}); !r.ok()) {
7133 return r;
7134 }
7135 } else if (auto r = mNetdSrv->firewallAddUidInterfaceRules(mIfname, {uid}); !r.isOk()) {
7136 return Error() << r.getMessage();
7137 }
7138 mVpnIsolationUids.insert(uid);
7139 return {};
7140 }
disableVpnIsolation(int uid)7141 Result<void> disableVpnIsolation(int uid) {
7142 if (android::modules::sdklevel::IsAtLeastT()) {
7143 if (auto r = mFw->removeUidInterfaceRules({uid}); !r.ok()) {
7144 return r;
7145 }
7146 } else if (auto r = mNetdSrv->firewallRemoveUidInterfaceRules({uid}); !r.isOk()) {
7147 return Error() << r.getMessage();
7148 }
7149 mVpnIsolationUids.erase(uid);
7150 return {};
7151 }
7152
7153 protected:
createNetwork() const7154 Result<void> createNetwork() const override {
7155 ::ndk::ScopedAStatus r;
7156 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
7157 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
7158 mNetId, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE, mIsSecure);
7159 r = mNetdSrv->networkCreate(config);
7160 } else {
7161 #pragma clang diagnostic push
7162 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
7163 r = mNetdSrv->networkCreateVpn(mNetId, mIsSecure);
7164 #pragma clang diagnostic pop
7165 }
7166
7167 if (!r.isOk()) {
7168 return Error() << r.getMessage();
7169 }
7170 return {};
7171 }
7172
7173 bool mIsSecure = false;
7174 std::unordered_set<int> mVpnIsolationUids;
7175 Firewall* mFw;
7176 };
7177
SetUp()7178 void SetUp() override {
7179 ResolverTest::SetUp();
7180 ASSERT_NE(mDnsClient.netdService(), nullptr);
7181 ASSERT_NE(mDnsClient.resolvService(), nullptr);
7182 }
7183
TearDown()7184 void TearDown() override {
7185 ResolverTest::TearDown();
7186 // Restore default network
7187 if (mStoredDefaultNetwork >= 0) {
7188 mDnsClient.netdService()->networkSetDefault(mStoredDefaultNetwork);
7189 }
7190 }
7191
CreateScopedPhysicalNetwork(ConnectivityType type,const char * name="Physical")7192 ScopedPhysicalNetwork CreateScopedPhysicalNetwork(ConnectivityType type,
7193 const char* name = "Physical") {
7194 return {getFreeNetId(), type, mDnsClient.netdService(), mDnsClient.resolvService(), name};
7195 }
CreateScopedVirtualNetwork(ConnectivityType type,bool isSecure,const char * name="Virtual")7196 ScopedVirtualNetwork CreateScopedVirtualNetwork(ConnectivityType type, bool isSecure,
7197 const char* name = "Virtual") {
7198 return {getFreeNetId(), type, mDnsClient.netdService(), mDnsClient.resolvService(),
7199 name, isSecure};
7200 }
7201 void StartDns(test::DNSResponder& dns, const std::vector<DnsRecord>& records);
setDefaultNetwork(int netId)7202 void setDefaultNetwork(int netId) {
7203 // Save current default network at the first call.
7204 std::call_once(defaultNetworkFlag, [&]() {
7205 ASSERT_TRUE(mDnsClient.netdService()->networkGetDefault(&mStoredDefaultNetwork).isOk());
7206 });
7207 ASSERT_TRUE(mDnsClient.netdService()->networkSetDefault(netId).isOk());
7208 }
getFreeNetId()7209 unsigned getFreeNetId() {
7210 if (mNextNetId == TEST_NETID_BASE + 256) mNextNetId = TEST_NETID_BASE;
7211 return mNextNetId++;
7212 }
7213 Result<std::shared_ptr<test::DNSResponder>> setupDns(ConnectivityType type, ScopedNetwork* nw,
7214 const char* host_name,
7215 const char* ipv4_addr,
7216 const char* ipv6_addr);
7217
expectDnsQueryCountsFn(std::shared_ptr<test::DNSResponder> dnsServer,const char * host_name,size_t count,unsigned expectedDnsNetId)7218 void expectDnsQueryCountsFn(std::shared_ptr<test::DNSResponder> dnsServer,
7219 const char* host_name, size_t count, unsigned expectedDnsNetId) {
7220 EXPECT_EQ(GetNumQueries(*dnsServer, host_name), count);
7221 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(expectedDnsNetId).isOk());
7222 dnsServer->clearQueries();
7223 }
7224
makeNativeUidRangeConfig(unsigned netId,std::vector<UidRangeParcel> uidRanges,int32_t subPriority)7225 static NativeUidRangeConfig makeNativeUidRangeConfig(unsigned netId,
7226 std::vector<UidRangeParcel> uidRanges,
7227 int32_t subPriority) {
7228 NativeUidRangeConfig res;
7229 res.netId = netId;
7230 res.uidRanges = std::move(uidRanges);
7231 res.subPriority = subPriority;
7232
7233 return res;
7234 }
7235
7236 private:
7237 // Use a different netId because this class inherits from the class ResolverTest which
7238 // always creates TEST_NETID in setup. It's incremented when CreateScoped{Physical,
7239 // Virtual}Network() is called.
7240 // Note: 255 is the maximum number of (mNextNetId - TEST_NETID_BASE) here as mNextNetId
7241 // is used to create address.
7242 unsigned mNextNetId = TEST_NETID_BASE;
7243 // Use -1 to represent that default network was not modified because
7244 // real netId must be an unsigned value.
7245 int mStoredDefaultNetwork = -1;
7246 std::once_flag defaultNetworkFlag;
7247 };
7248
init()7249 Result<void> ResolverMultinetworkTest::ScopedNetwork::init() {
7250 if (mNetdSrv == nullptr || mDnsResolvSrv == nullptr) return Error() << "srv not available";
7251 unique_fd ufd = TunForwarder::createTun(mIfname);
7252 if (!ufd.ok()) {
7253 return Errorf("createTun for {} failed", mIfname);
7254 }
7255 mTunForwarder = std::make_unique<TunForwarder>(std::move(ufd));
7256
7257 if (auto r = createNetwork(); !r.ok()) {
7258 return r;
7259 }
7260 if (auto r = mDnsResolvSrv->createNetworkCache(mNetId); !r.isOk()) {
7261 return Error() << r.getMessage();
7262 }
7263 if (auto r = mNetdSrv->networkAddInterface(mNetId, mIfname); !r.isOk()) {
7264 return Error() << r.getMessage();
7265 }
7266
7267 if (mConnectivityType == ConnectivityType::V4 || mConnectivityType == ConnectivityType::V4V6) {
7268 const std::string v4Addr = makeIpv4AddrString(1);
7269 if (auto r = mNetdSrv->interfaceAddAddress(mIfname, v4Addr, 32); !r.isOk()) {
7270 return Error() << r.getMessage();
7271 }
7272 if (auto r = mNetdSrv->networkAddRoute(mNetId, mIfname, "0.0.0.0/0", ""); !r.isOk()) {
7273 return Error() << r.getMessage();
7274 }
7275 }
7276 if (mConnectivityType == ConnectivityType::V6 || mConnectivityType == ConnectivityType::V4V6) {
7277 const std::string v6Addr = makeIpv6AddrString(1);
7278 if (auto r = mNetdSrv->interfaceAddAddress(mIfname, v6Addr, 128); !r.isOk()) {
7279 return Error() << r.getMessage();
7280 }
7281 if (auto r = mNetdSrv->networkAddRoute(mNetId, mIfname, "::/0", ""); !r.isOk()) {
7282 return Error() << r.getMessage();
7283 }
7284 }
7285
7286 return {};
7287 }
7288
StartDns(test::DNSResponder & dns,const std::vector<DnsRecord> & records)7289 void ResolverMultinetworkTest::StartDns(test::DNSResponder& dns,
7290 const std::vector<DnsRecord>& records) {
7291 ResolverTest::StartDns(dns, records);
7292
7293 // Bind the DNSResponder's sockets to the network if specified.
7294 if (std::optional<unsigned> netId = dns.getNetwork(); netId.has_value()) {
7295 setNetworkForSocket(netId.value(), dns.getUdpSocket());
7296 setNetworkForSocket(netId.value(), dns.getTcpSocket());
7297 }
7298 }
7299
setupDns(ConnectivityType type,ScopedNetwork * nw,const char * host_name,const char * ipv4_addr,const char * ipv6_addr)7300 Result<std::shared_ptr<test::DNSResponder>> ResolverMultinetworkTest::setupDns(
7301 ConnectivityType type, ScopedNetwork* nw, const char* host_name, const char* ipv4_addr,
7302 const char* ipv6_addr) {
7303 // Add a testing DNS server to networks.
7304 const Result<DnsServerPair> dnsSvPair =
7305 (type == ConnectivityType::V4) ? nw->addIpv4Dns() : nw->addIpv6Dns();
7306 if (!dnsSvPair.ok()) return Error() << dnsSvPair.error();
7307
7308 StartDns(*dnsSvPair->dnsServer,
7309 {{host_name, ns_type::ns_t_a, ipv4_addr}, {host_name, ns_type::ns_t_aaaa, ipv6_addr}});
7310 if (!nw->setDnsConfiguration()) return Error() << "setDnsConfiguration() failed";
7311 if (!nw->startTunForwarder()) return Error() << "startTunForwarder() failed";
7312 return dnsSvPair->dnsServer;
7313 }
7314
addDns(ConnectivityType type)7315 Result<ResolverMultinetworkTest::DnsServerPair> ResolverMultinetworkTest::ScopedNetwork::addDns(
7316 ConnectivityType type) {
7317 const int index = mDnsServerPairs.size();
7318 const int prefixLen = (type == ConnectivityType::V4) ? 32 : 128;
7319
7320 const std::function<std::string(unsigned)> makeIpString =
7321 std::bind((type == ConnectivityType::V4) ? &ScopedNetwork::makeIpv4AddrString
7322 : &ScopedNetwork::makeIpv6AddrString,
7323 this, std::placeholders::_1);
7324
7325 std::string src1 = makeIpString(1); // The address from which the resolver will send.
7326 std::string dst1 = makeIpString(
7327 index + 100 +
7328 (mNetId - TEST_NETID_BASE)); // The address to which the resolver will send.
7329 std::string src2 = dst1; // The address translated from src1.
7330 std::string dst2 = makeIpString(
7331 index + 200 + (mNetId - TEST_NETID_BASE)); // The address translated from dst2.
7332
7333 if (!mTunForwarder->addForwardingRule({src1, dst1}, {src2, dst2}) ||
7334 !mTunForwarder->addForwardingRule({dst2, src2}, {dst1, src1})) {
7335 return Errorf("Failed to add the rules ({}, {}, {}, {})", src1, dst1, src2, dst2);
7336 }
7337
7338 if (!mNetdSrv->interfaceAddAddress(mIfname, dst2, prefixLen).isOk()) {
7339 return Errorf("interfaceAddAddress({}, {}, {}) failed", mIfname, dst2, prefixLen);
7340 }
7341
7342 return mDnsServerPairs.emplace_back(std::make_shared<test::DNSResponder>(mNetId, dst2), dst1);
7343 }
7344
setDnsConfiguration() const7345 bool ResolverMultinetworkTest::ScopedNetwork::setDnsConfiguration() const {
7346 if (mDnsResolvSrv == nullptr) return false;
7347 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
7348 parcel.tlsServers.clear();
7349 parcel.netId = mNetId;
7350 parcel.servers.clear();
7351 parcel.interfaceNames.push_back(mIfname);
7352 for (const auto& pair : mDnsServerPairs) {
7353 parcel.servers.push_back(pair.dnsAddr);
7354 }
7355 return mDnsResolvSrv->setResolverConfiguration(parcel).isOk();
7356 }
7357
clearDnsConfiguration() const7358 bool ResolverMultinetworkTest::ScopedNetwork::clearDnsConfiguration() const {
7359 if (mDnsResolvSrv == nullptr) return false;
7360 return mDnsResolvSrv->destroyNetworkCache(mNetId).isOk() &&
7361 mDnsResolvSrv->createNetworkCache(mNetId).isOk();
7362 }
7363
7364 namespace {
7365
7366 // Convenient wrapper for making getaddrinfo call like framework.
android_getaddrinfofornet_wrapper(const char * name,int netId)7367 Result<ScopedAddrinfo> android_getaddrinfofornet_wrapper(const char* name, int netId) {
7368 // Use the same parameter as libcore/ojluni/src/main/java/java/net/Inet6AddressImpl.java.
7369 static const addrinfo hints = {
7370 .ai_flags = AI_ADDRCONFIG,
7371 .ai_family = AF_UNSPEC,
7372 .ai_socktype = SOCK_STREAM,
7373 };
7374 addrinfo* result = nullptr;
7375 if (int r = android_getaddrinfofornet(name, nullptr, &hints, netId, MARK_UNSET, &result)) {
7376 return Error() << r;
7377 }
7378 return ScopedAddrinfo(result);
7379 }
7380
expectDnsWorksForUid(const char * name,unsigned netId,uid_t uid,const std::vector<std::string> & expectedResult)7381 void expectDnsWorksForUid(const char* name, unsigned netId, uid_t uid,
7382 const std::vector<std::string>& expectedResult) {
7383 ScopedChangeUID scopedChangeUID(uid);
7384 auto result = android_getaddrinfofornet_wrapper(name, netId);
7385 ASSERT_RESULT_OK(result);
7386 ScopedAddrinfo ai_result(std::move(result.value()));
7387 std::vector<std::string> result_strs = ToStrings(ai_result);
7388 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(expectedResult));
7389 }
7390
expectDnsFailedForUid(const char * name,unsigned netId,uid_t uid)7391 void expectDnsFailedForUid(const char* name, unsigned netId, uid_t uid) {
7392 ScopedChangeUID scopedChangeUID(uid);
7393 ASSERT_FALSE(android_getaddrinfofornet_wrapper(name, netId).ok());
7394 }
7395
7396 } // namespace
7397
TEST_F(ResolverMultinetworkTest,GetAddrInfo_AI_ADDRCONFIG)7398 TEST_F(ResolverMultinetworkTest, GetAddrInfo_AI_ADDRCONFIG) {
7399 constexpr char host_name[] = "ohayou.example.com.";
7400
7401 const std::array<ConnectivityType, 3> allTypes = {
7402 ConnectivityType::V4,
7403 ConnectivityType::V6,
7404 ConnectivityType::V4V6,
7405 };
7406 for (const auto& type : allTypes) {
7407 SCOPED_TRACE(fmt::format("ConnectivityType: {}", static_cast<int>(type)));
7408
7409 // Create a network.
7410 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(type);
7411 ASSERT_RESULT_OK(network.init());
7412
7413 // Add a testing DNS server.
7414 const Result<DnsServerPair> dnsPair =
7415 (type == ConnectivityType::V4) ? network.addIpv4Dns() : network.addIpv6Dns();
7416 ASSERT_RESULT_OK(dnsPair);
7417 StartDns(*dnsPair->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"},
7418 {host_name, ns_type::ns_t_aaaa, "2001:db8:cafe:d00d::31"}});
7419
7420 // Set up resolver and start forwarding.
7421 ASSERT_TRUE(network.setDnsConfiguration());
7422 ASSERT_TRUE(network.startTunForwarder());
7423
7424 auto result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7425 ASSERT_RESULT_OK(result);
7426 ScopedAddrinfo ai_result(std::move(result.value()));
7427 std::vector<std::string> result_strs = ToStrings(ai_result);
7428 std::vector<std::string> expectedResult;
7429 size_t expectedQueries = 0;
7430
7431 if (type == ConnectivityType::V6 || type == ConnectivityType::V4V6) {
7432 expectedResult.emplace_back("2001:db8:cafe:d00d::31");
7433 expectedQueries++;
7434 }
7435 if (type == ConnectivityType::V4 || type == ConnectivityType::V4V6) {
7436 expectedResult.emplace_back("192.0.2.0");
7437 expectedQueries++;
7438 }
7439 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(expectedResult));
7440 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), expectedQueries);
7441 }
7442 }
7443
TEST_F(ResolverMultinetworkTest,NetworkDestroyedDuringQueryInFlight)7444 TEST_F(ResolverMultinetworkTest, NetworkDestroyedDuringQueryInFlight) {
7445 constexpr char host_name[] = "ohayou.example.com.";
7446
7447 // Create a network and add an ipv4 DNS server.
7448 auto network = std::make_unique<ScopedPhysicalNetwork>(getFreeNetId(), ConnectivityType::V4V6,
7449 mDnsClient.netdService(),
7450 mDnsClient.resolvService());
7451 ASSERT_RESULT_OK(network->init());
7452 const Result<DnsServerPair> dnsPair = network->addIpv4Dns();
7453 ASSERT_RESULT_OK(dnsPair);
7454
7455 // Set the DNS server unresponsive.
7456 dnsPair->dnsServer->setResponseProbability(0.0);
7457 dnsPair->dnsServer->setErrorRcode(static_cast<ns_rcode>(-1));
7458 StartDns(*dnsPair->dnsServer, {});
7459
7460 // Set up resolver and start forwarding.
7461 ASSERT_TRUE(network->setDnsConfiguration());
7462 ASSERT_TRUE(network->startTunForwarder());
7463
7464 // Expect the things happening in order:
7465 // 1. The thread sends the query to the dns server which is unresponsive.
7466 // 2. The network is destroyed while the thread is waiting for the response from the dns server.
7467 // 3. After the dns server timeout, the thread retries but fails to connect.
7468 std::thread lookup([&]() {
7469 int fd = resNetworkQuery(network->netId(), host_name, ns_c_in, ns_t_a, 0);
7470 EXPECT_TRUE(fd != -1);
7471 expectAnswersNotValid(fd, -ETIMEDOUT);
7472 });
7473
7474 // Tear down the network as soon as the dns server receives the query.
7475 const auto condition = [&]() { return GetNumQueries(*dnsPair->dnsServer, host_name) == 1U; };
7476 EXPECT_TRUE(PollForCondition(condition));
7477 network.reset();
7478
7479 lookup.join();
7480 }
7481
TEST_F(ResolverMultinetworkTest,OneCachePerNetwork)7482 TEST_F(ResolverMultinetworkTest, OneCachePerNetwork) {
7483 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
7484 constexpr char host_name[] = "ohayou.example.com.";
7485
7486 ScopedPhysicalNetwork network1 = CreateScopedPhysicalNetwork(ConnectivityType::V4V6);
7487 ScopedPhysicalNetwork network2 = CreateScopedPhysicalNetwork(ConnectivityType::V4V6);
7488 ASSERT_RESULT_OK(network1.init());
7489 ASSERT_RESULT_OK(network2.init());
7490
7491 const Result<DnsServerPair> dnsPair1 = network1.addIpv4Dns();
7492 const Result<DnsServerPair> dnsPair2 = network2.addIpv4Dns();
7493 ASSERT_RESULT_OK(dnsPair1);
7494 ASSERT_RESULT_OK(dnsPair2);
7495 StartDns(*dnsPair1->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"}});
7496 StartDns(*dnsPair2->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.1"}});
7497
7498 // Set up resolver for network 1 and start forwarding.
7499 ASSERT_TRUE(network1.setDnsConfiguration());
7500 ASSERT_TRUE(network1.startTunForwarder());
7501
7502 // Set up resolver for network 2 and start forwarding.
7503 ASSERT_TRUE(network2.setDnsConfiguration());
7504 ASSERT_TRUE(network2.startTunForwarder());
7505
7506 // Send the same queries to both networks.
7507 int fd1 = resNetworkQuery(network1.netId(), host_name, ns_c_in, ns_t_a, 0);
7508 int fd2 = resNetworkQuery(network2.netId(), host_name, ns_c_in, ns_t_a, 0);
7509
7510 expectAnswersValid(fd1, AF_INET, "192.0.2.0");
7511 expectAnswersValid(fd2, AF_INET, "192.0.2.1");
7512 EXPECT_EQ(GetNumQueries(*dnsPair1->dnsServer, host_name), 1U);
7513 EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);
7514
7515 // Flush the cache of network 1, and send the queries again.
7516 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(network1.netId()).isOk());
7517 fd1 = resNetworkQuery(network1.netId(), host_name, ns_c_in, ns_t_a, 0);
7518 fd2 = resNetworkQuery(network2.netId(), host_name, ns_c_in, ns_t_a, 0);
7519
7520 expectAnswersValid(fd1, AF_INET, "192.0.2.0");
7521 expectAnswersValid(fd2, AF_INET, "192.0.2.1");
7522 EXPECT_EQ(GetNumQueries(*dnsPair1->dnsServer, host_name), 2U);
7523 EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);
7524 }
7525
TEST_F(ResolverMultinetworkTest,DnsWithVpn)7526 TEST_F(ResolverMultinetworkTest, DnsWithVpn) {
7527 SKIP_IF_BPF_NOT_SUPPORTED;
7528 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
7529 constexpr char host_name[] = "ohayou.example.com.";
7530 constexpr char ipv4_addr[] = "192.0.2.0";
7531 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7532
7533 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7534 {ConnectivityType::V4, {ipv4_addr}},
7535 {ConnectivityType::V6, {ipv6_addr}},
7536 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7537 };
7538 for (const auto& [type, result] : testPairs) {
7539 SCOPED_TRACE(fmt::format("ConnectivityType: {}", static_cast<int>(type)));
7540
7541 // Create a network.
7542 ScopedPhysicalNetwork underlyingNetwork = CreateScopedPhysicalNetwork(type, "Underlying");
7543 ScopedVirtualNetwork bypassableVpnNetwork =
7544 CreateScopedVirtualNetwork(type, false, "BypassableVpn");
7545 ScopedVirtualNetwork secureVpnNetwork = CreateScopedVirtualNetwork(type, true, "SecureVpn");
7546
7547 ASSERT_RESULT_OK(underlyingNetwork.init());
7548 ASSERT_RESULT_OK(bypassableVpnNetwork.init());
7549 ASSERT_RESULT_OK(secureVpnNetwork.init());
7550 ASSERT_RESULT_OK(bypassableVpnNetwork.addUser(TEST_UID));
7551 ASSERT_RESULT_OK(secureVpnNetwork.addUser(TEST_UID2));
7552
7553 // Set up resolver and start forwarding for networks.
7554 auto underlyingNwDnsSv =
7555 setupDns(type, &underlyingNetwork, host_name, ipv4_addr, ipv6_addr);
7556 ASSERT_RESULT_OK(underlyingNwDnsSv);
7557 auto bypassableVpnDnsSv =
7558 setupDns(type, &bypassableVpnNetwork, host_name, ipv4_addr, ipv6_addr);
7559 ASSERT_RESULT_OK(bypassableVpnDnsSv);
7560 auto secureVpnDnsSv = setupDns(type, &secureVpnNetwork, host_name, ipv4_addr, ipv6_addr);
7561 ASSERT_RESULT_OK(secureVpnDnsSv);
7562
7563 setDefaultNetwork(underlyingNetwork.netId());
7564 const unsigned underlyingNetId = underlyingNetwork.netId();
7565 const unsigned bypassableVpnNetId = bypassableVpnNetwork.netId();
7566 const unsigned secureVpnNetId = secureVpnNetwork.netId();
7567 // We've called setNetworkForProcess in SetupOemNetwork, so reset to default first.
7568 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7569
7570 // Create a object to represent default network, do not init it.
7571 ScopedPhysicalNetwork defaultNetwork{NETID_UNSET, "Default"};
7572
7573 // Test VPN with DNS server under 4 different network selection scenarios.
7574 // See the test config for the expectation.
7575 const struct TestConfig {
7576 ScopedNetwork* selectedNetwork;
7577 unsigned expectedDnsNetId;
7578 std::shared_ptr<test::DNSResponder> expectedDnsServer;
7579 } vpnWithDnsServerConfigs[]{
7580 // clang-format off
7581 // Queries use the bypassable VPN by default.
7582 {&defaultNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7583 // Choosing the underlying network works because the VPN is bypassable.
7584 {&underlyingNetwork, underlyingNetId, *underlyingNwDnsSv},
7585 // Selecting the VPN sends the query on the VPN.
7586 {&bypassableVpnNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7587 // TEST_UID does not have access to the secure VPN.
7588 {&secureVpnNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7589 // clang-format on
7590 };
7591 for (const auto& config : vpnWithDnsServerConfigs) {
7592 SCOPED_TRACE(fmt::format("Bypassble VPN with DnsServer, selectedNetwork = {}",
7593 config.selectedNetwork->name()));
7594 expectDnsWorksForUid(host_name, config.selectedNetwork->netId(), TEST_UID, result);
7595 expectDnsQueryCountsFn(config.expectedDnsServer, host_name, result.size(),
7596 config.expectedDnsNetId);
7597 }
7598
7599 std::vector<ScopedNetwork*> nwVec{&defaultNetwork, &underlyingNetwork,
7600 &bypassableVpnNetwork, &secureVpnNetwork};
7601 // Test the VPN without DNS server with the same combination as before.
7602 ASSERT_TRUE(bypassableVpnNetwork.clearDnsConfiguration());
7603 // Test bypassable VPN, TEST_UID
7604 for (const auto* selectedNetwork : nwVec) {
7605 SCOPED_TRACE(fmt::format("Bypassble VPN without DnsServer, selectedNetwork = {}",
7606 selectedNetwork->name()));
7607 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID, result);
7608 expectDnsQueryCountsFn(*underlyingNwDnsSv, host_name, result.size(), underlyingNetId);
7609 }
7610
7611 // The same test scenario as before plus enableVpnIsolation for secure VPN, TEST_UID2.
7612 for (bool enableVpnIsolation : {false, true}) {
7613 SCOPED_TRACE(fmt::format("enableVpnIsolation = {}", enableVpnIsolation));
7614 if (enableVpnIsolation) {
7615 EXPECT_RESULT_OK(secureVpnNetwork.enableVpnIsolation(TEST_UID2));
7616 }
7617
7618 // Test secure VPN without DNS server.
7619 ASSERT_TRUE(secureVpnNetwork.clearDnsConfiguration());
7620 for (const auto* selectedNetwork : nwVec) {
7621 SCOPED_TRACE(fmt::format("Secure VPN without DnsServer, selectedNetwork = {}",
7622 selectedNetwork->name()));
7623 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID2, result);
7624 expectDnsQueryCountsFn(*underlyingNwDnsSv, host_name, result.size(),
7625 underlyingNetId);
7626 }
7627
7628 // Test secure VPN with DNS server.
7629 ASSERT_TRUE(secureVpnNetwork.setDnsConfiguration());
7630 for (const auto* selectedNetwork : nwVec) {
7631 SCOPED_TRACE(fmt::format("Secure VPN with DnsServer, selectedNetwork = {}",
7632 selectedNetwork->name()));
7633 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID2, result);
7634 expectDnsQueryCountsFn(*secureVpnDnsSv, host_name, result.size(), secureVpnNetId);
7635 }
7636
7637 if (enableVpnIsolation) {
7638 EXPECT_RESULT_OK(secureVpnNetwork.disableVpnIsolation(TEST_UID2));
7639 }
7640 }
7641 }
7642 }
7643
7644 // verify per-application default network selection on DNS.
TEST_F(ResolverMultinetworkTest,PerAppDefaultNetwork)7645 TEST_F(ResolverMultinetworkTest, PerAppDefaultNetwork) {
7646 // Netd supports uid ranges on physical network from v6.
7647 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.netdService(), 6);
7648
7649 constexpr char host_name[] = "ohayou.example.com.";
7650 constexpr char ipv4_addr[] = "192.0.2.0";
7651 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7652
7653 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7654 {ConnectivityType::V4, {ipv4_addr}},
7655 {ConnectivityType::V6, {ipv6_addr}},
7656 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7657 };
7658 for (const auto& [ipVersion, expectedDnsReply] : testPairs) {
7659 SCOPED_TRACE(fmt::format("ConnectivityType: {}", static_cast<int>(ipVersion)));
7660
7661 // Create networks.
7662 ScopedPhysicalNetwork sysDefaultNetwork =
7663 CreateScopedPhysicalNetwork(ipVersion, "SysDefault");
7664 ScopedPhysicalNetwork appDefaultNetwork =
7665 CreateScopedPhysicalNetwork(ipVersion, "AppDefault");
7666 ScopedVirtualNetwork vpn = CreateScopedVirtualNetwork(ipVersion, false, "Vpn");
7667
7668 ASSERT_RESULT_OK(sysDefaultNetwork.init());
7669 ASSERT_RESULT_OK(appDefaultNetwork.init());
7670 ASSERT_RESULT_OK(vpn.init());
7671
7672 // Set up resolver and start forwarding for networks.
7673 auto sysDefaultNwDnsSv =
7674 setupDns(ipVersion, &sysDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7675 ASSERT_RESULT_OK(sysDefaultNwDnsSv);
7676 auto appDefaultNwDnsSv =
7677 setupDns(ipVersion, &appDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7678 ASSERT_RESULT_OK(appDefaultNwDnsSv);
7679 auto vpnDnsSv = setupDns(ipVersion, &vpn, host_name, ipv4_addr, ipv6_addr);
7680 ASSERT_RESULT_OK(vpnDnsSv);
7681
7682 const unsigned systemDefaultNetId = sysDefaultNetwork.netId();
7683 const unsigned appDefaultNetId = appDefaultNetwork.netId();
7684 const unsigned vpnNetId = vpn.netId();
7685
7686 setDefaultNetwork(systemDefaultNetId);
7687 EXPECT_TRUE(
7688 mDnsClient.netdService()
7689 ->networkSetPermissionForNetwork(appDefaultNetId, INetd::PERMISSION_SYSTEM)
7690 .isOk());
7691
7692 // We've called setNetworkForProcess in SetupOemNetwork, reset to default first.
7693 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7694
7695 // Test DNS query without selecting a network. --> use system default network.
7696 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
7697 expectDnsQueryCountsFn(*sysDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7698 systemDefaultNetId);
7699 // Add user to app default network. --> use app default network.
7700 ASSERT_RESULT_OK(appDefaultNetwork.addUser(TEST_UID));
7701 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
7702 expectDnsQueryCountsFn(*appDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7703 appDefaultNetId);
7704
7705 // Test DNS query with a selected network.
7706 // App default network applies to uid, vpn does not applies to uid.
7707 const struct TestConfig {
7708 ScopedNetwork* selectedNetwork;
7709 unsigned expectedDnsNetId;
7710 std::shared_ptr<test::DNSResponder> expectedDnsServer;
7711 } vpnWithDnsServerConfigs[]{
7712 // clang-format off
7713 // App can select the system default network without any permission.
7714 {&sysDefaultNetwork, systemDefaultNetId, *sysDefaultNwDnsSv},
7715 // App can select the restricted network, since its uid was assigned to the network.
7716 {&appDefaultNetwork, appDefaultNetId, *appDefaultNwDnsSv},
7717 // App does not have access to the VPN. --> fallback to app default network.
7718 {&vpn, appDefaultNetId, *appDefaultNwDnsSv},
7719 // clang-format on
7720 };
7721 for (const auto& config : vpnWithDnsServerConfigs) {
7722 SCOPED_TRACE(fmt::format("Dns over app default network, selectedNetwork = {}",
7723 config.selectedNetwork->name()));
7724 expectDnsWorksForUid(host_name, config.selectedNetwork->netId(), TEST_UID,
7725 expectedDnsReply);
7726 expectDnsQueryCountsFn(config.expectedDnsServer, host_name, expectedDnsReply.size(),
7727 config.expectedDnsNetId);
7728 }
7729
7730 // App default network applies to uid, vpn applies to uid. --> use vpn.
7731 ASSERT_RESULT_OK(vpn.addUser(TEST_UID));
7732 expectDnsWorksForUid(host_name, vpn.netId(), TEST_UID, expectedDnsReply);
7733 expectDnsQueryCountsFn(*vpnDnsSv, host_name, expectedDnsReply.size(), vpnNetId);
7734
7735 // vpn without server. --> fallback to app default network.
7736 ASSERT_TRUE(vpn.clearDnsConfiguration());
7737 expectDnsWorksForUid(host_name, vpn.netId(), TEST_UID, expectedDnsReply);
7738 expectDnsQueryCountsFn(*appDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7739 appDefaultNetId);
7740 }
7741 }
7742
7743 // Do not send AAAA query when IPv6 address is link-local with a default route.
TEST_F(ResolverMultinetworkTest,IPv6LinkLocalWithDefaultRoute)7744 TEST_F(ResolverMultinetworkTest, IPv6LinkLocalWithDefaultRoute) {
7745 constexpr char host_name[] = "ohayou.example.com.";
7746 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::V4);
7747 ASSERT_RESULT_OK(network.init());
7748
7749 // Add IPv6 default route
7750 ASSERT_TRUE(mDnsClient.netdService()
7751 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
7752 .isOk());
7753
7754 const Result<DnsServerPair> dnsPair = network.addIpv4Dns();
7755 ASSERT_RESULT_OK(dnsPair);
7756 StartDns(*dnsPair->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"},
7757 {host_name, ns_type::ns_t_aaaa, "2001:db8:cafe:d00d::31"}});
7758
7759 ASSERT_TRUE(network.setDnsConfiguration());
7760 ASSERT_TRUE(network.startTunForwarder());
7761
7762 auto result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7763 ASSERT_RESULT_OK(result);
7764 ScopedAddrinfo ai_result(std::move(result.value()));
7765 EXPECT_EQ(ToString(ai_result), "192.0.2.0");
7766 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_a, host_name), 1U);
7767 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_aaaa, host_name), 0U);
7768
7769 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(network.netId()).isOk());
7770 dnsPair->dnsServer->clearQueries();
7771
7772 // Add an IPv6 global address. Resolver starts issuing AAAA queries as well as A queries.
7773 const std::string v6Addr = network.makeIpv6AddrString(1);
7774 EXPECT_TRUE(
7775 mDnsClient.netdService()->interfaceAddAddress(network.ifname(), v6Addr, 128).isOk());
7776 // Ensuring that address is applied. This is required for mainline test (b/249225311).
7777 usleep(1000 * 1000);
7778
7779 result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7780 ASSERT_RESULT_OK(result);
7781 ScopedAddrinfo ai_results(std::move(result.value()));
7782 std::vector<std::string> result_strs = ToStrings(ai_results);
7783 EXPECT_THAT(result_strs,
7784 testing::UnorderedElementsAreArray({"192.0.2.0", "2001:db8:cafe:d00d::31"}));
7785 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_a, host_name), 1U);
7786 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_aaaa, host_name), 1U);
7787 }
7788
7789 // v6 mdns is expected to be sent when the IPv6 address is a link-local with a default route.
TEST_F(ResolverMultinetworkTest,MdnsIPv6LinkLocalWithDefaultRoute)7790 TEST_F(ResolverMultinetworkTest, MdnsIPv6LinkLocalWithDefaultRoute) {
7791 // Kernel 4.4 does not provide an IPv6 link-local address when an interface is added to a
7792 // network. Skip it because v6 link-local address is a prerequisite for this test.
7793 SKIP_IF_KERNEL_VERSION_LOWER_THAN(4, 9, 0);
7794
7795 constexpr char v6addr[] = "::127.0.0.3";
7796 constexpr char v4addr[] = "127.0.0.3";
7797 constexpr char host_name[] = "hello.local.";
7798 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::V4);
7799 ASSERT_RESULT_OK(network.init());
7800
7801 // Add IPv6 default route
7802 ASSERT_TRUE(mDnsClient.netdService()
7803 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
7804 .isOk());
7805 // Ensuring that routing is applied. This is required for mainline test (b/247693272).
7806 usleep(1000 * 1000);
7807
7808 const Result<DnsServerPair> dnsPair = network.addIpv4Dns();
7809 ASSERT_RESULT_OK(dnsPair);
7810 StartDns(*dnsPair->dnsServer, {});
7811
7812 ASSERT_TRUE(network.setDnsConfiguration());
7813 ASSERT_TRUE(network.startTunForwarder());
7814
7815 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
7816 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
7817 mdnsv4.setNetwork(network.netId());
7818 mdnsv6.setNetwork(network.netId());
7819 StartDns(mdnsv4, {{host_name, ns_type::ns_t_a, v4addr}});
7820 StartDns(mdnsv6, {{host_name, ns_type::ns_t_aaaa, v6addr}});
7821
7822 auto result = android_getaddrinfofornet_wrapper("hello.local", network.netId());
7823 ASSERT_RESULT_OK(result);
7824 ScopedAddrinfo ai_result(std::move(result.value()));
7825 EXPECT_THAT(ToStrings(ai_result), testing::UnorderedElementsAreArray({v4addr, v6addr}));
7826
7827 // make sure queries were sent & received via mdns.
7828 EXPECT_EQ(GetNumQueries(mdnsv4, host_name), 1U);
7829 EXPECT_EQ(GetNumQueries(mdnsv6, host_name), 1U);
7830 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_a, host_name), 0U);
7831 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_aaaa, host_name), 0U);
7832 }
7833
TEST_F(ResolverTest,NegativeValueInExperimentFlag)7834 TEST_F(ResolverTest, NegativeValueInExperimentFlag) {
7835 // Test setting up different retry count and BASE_TIMEOUT_MSEC in DNS server.
7836 const struct TestConfig {
7837 int retryCount;
7838 int baseTimeoutMsec;
7839 int expectedRetryCount;
7840 int expectedBaseTimeoutMsec;
7841 } TestConfigs[]{{2, 1000, 2, 1000}, {0, 0, RES_DFLRETRY, RES_TIMEOUT}};
7842
7843 for (const auto& config : TestConfigs) {
7844 SCOPED_TRACE(fmt::format("Setting up retryCount = {}, baseTimeoutMsec = {}",
7845 config.retryCount, config.baseTimeoutMsec));
7846 // Initiate negative values in experiment flags.
7847 ScopedSystemProperties sp1(kRetryCountFlag, "-2");
7848 ScopedSystemProperties sp2(kRetransIntervalFlag, "-3000");
7849 resetNetwork();
7850
7851 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
7852 setupParams.retryCount = config.retryCount;
7853 setupParams.baseTimeoutMsec = config.baseTimeoutMsec;
7854 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
7855
7856 const auto resolvInfo = mDnsClient.getResolverInfo();
7857 ASSERT_RESULT_OK(resolvInfo);
7858 EXPECT_EQ(config.expectedRetryCount, resolvInfo.value().params.retry_count);
7859 EXPECT_EQ(config.expectedBaseTimeoutMsec, resolvInfo.value().params.base_timeout_msec);
7860 }
7861 }
7862
7863 // Verify that DNS queries can be made for hostnames that exist in etc/hosts when the default
7864 // network is not set and the application does not specify a network. (See
7865 // NetworkController::isUidAllowed for implementation details.)
TEST_F(ResolverTest,NetworkUnspecified_localhost)7866 TEST_F(ResolverTest, NetworkUnspecified_localhost) {
7867 ScopedDefaultNetwork scopedDefaultNetwork(mDnsClient.netdService(), NETID_UNSET);
7868 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7869
7870 ScopedAddrinfo result = safe_getaddrinfo(kLocalHost, nullptr, nullptr);
7871 EXPECT_TRUE(result != nullptr);
7872 EXPECT_EQ(kLocalHostAddr, ToString(result));
7873
7874 result = safe_getaddrinfo(kIp6LocalHost, nullptr, nullptr);
7875 EXPECT_TRUE(result != nullptr);
7876 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
7877 }
7878
7879 // Verify uid-based network permission on DNS, which is controlled by INetd::setNetworkAllowlist().
7880 //
7881 // Scenario:
7882 // 1. There are three neworks at the same time:
7883 // - system default network
7884 // - enterprise network #1
7885 // - enterprise network #2
7886 //
7887 // 2. Simulate ConnectivityService calling INetd::setNetworkAllowlist so that
7888 // - TEST_UID can select only enterprise network #1 and #2. Can not select system default network.
7889 // - TEST_UID2 is unrestricted on all networks.
TEST_F(ResolverMultinetworkTest,UidAllowedNetworks)7890 TEST_F(ResolverMultinetworkTest, UidAllowedNetworks) {
7891 // Netd supports it from v13.
7892 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.netdService(), 13);
7893
7894 constexpr char host_name[] = "ohayou.example.com.";
7895 constexpr char ipv4_addr[] = "192.0.2.0";
7896 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7897
7898 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7899 {ConnectivityType::V4, {ipv4_addr}},
7900 {ConnectivityType::V6, {ipv6_addr}},
7901 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7902 };
7903 for (const auto& [ipVersion, expectedDnsReply] : testPairs) {
7904 SCOPED_TRACE(fmt::format("ConnectivityType: {}", static_cast<int>(ipVersion)));
7905
7906 // Create networks.
7907 ScopedPhysicalNetwork sysDefaultNetwork =
7908 CreateScopedPhysicalNetwork(ipVersion, "SysDefault");
7909 ScopedPhysicalNetwork enterpriseNetwork_1 =
7910 CreateScopedPhysicalNetwork(ipVersion, "enterprise_1");
7911 ScopedPhysicalNetwork enterpriseNetwork_2 =
7912 CreateScopedPhysicalNetwork(ipVersion, "enterprise_2");
7913 ASSERT_RESULT_OK(sysDefaultNetwork.init());
7914 ASSERT_RESULT_OK(enterpriseNetwork_1.init());
7915 ASSERT_RESULT_OK(enterpriseNetwork_2.init());
7916
7917 // Set up resolver and start forwarding for networks.
7918 auto sysDefaultNwDnsSv =
7919 setupDns(ipVersion, &sysDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7920 ASSERT_RESULT_OK(sysDefaultNwDnsSv);
7921 auto enterpriseNw1DnsSv =
7922 setupDns(ipVersion, &enterpriseNetwork_1, host_name, ipv4_addr, ipv6_addr);
7923 ASSERT_RESULT_OK(enterpriseNw1DnsSv);
7924 auto enterpriseNw2DnsSv =
7925 setupDns(ipVersion, &enterpriseNetwork_2, host_name, ipv4_addr, ipv6_addr);
7926 ASSERT_RESULT_OK(enterpriseNw2DnsSv);
7927
7928 const unsigned systemDefaultNetId = sysDefaultNetwork.netId();
7929 const unsigned enterprise1NetId = enterpriseNetwork_1.netId();
7930 const unsigned enterprise2NetId = enterpriseNetwork_2.netId();
7931
7932 setDefaultNetwork(systemDefaultNetId);
7933
7934 // We've called setNetworkForProcess in SetupOemNetwork, reset to default first.
7935 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7936
7937 // Add profile app default network for UID. DNS should be sent on it.
7938 // Note: subPriority 20 = PREFERENCE_ORDER_PROFILE, which is defined
7939 // in ConnectivityService.java. The value here doesn't really matter.
7940 ASSERT_RESULT_OK(enterpriseNetwork_1.addUserFromParcel(TEST_UID, /*subPriority*/ 20));
7941 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
7942 expectDnsQueryCountsFn(*enterpriseNw1DnsSv, host_name, expectedDnsReply.size(),
7943 enterprise1NetId);
7944
7945 // Set allowed networks for UIDs. To simplify test, assumes overall UID range is
7946 // {0, 1, 2, ..., TEST_UID2, TEST_UID}.
7947 // TEST_UID can't select the system default network. 0 - TEST_UID2 are allowed.
7948 NativeUidRangeConfig nwDefaultUserConfig = makeNativeUidRangeConfig(
7949 systemDefaultNetId, {makeUidRangeParcel(0, TEST_UID2)}, /*unused*/ 0);
7950 // All UIDs can select the enterprise network #1. 0 - TEST_UID are allowed.
7951 NativeUidRangeConfig nw1UserConfig = makeNativeUidRangeConfig(
7952 enterprise1NetId, {makeUidRangeParcel(0, TEST_UID)}, /*unused*/ 0);
7953 // All UIDs can select the enterprise network #2. 0 - TEST_UID are allowed.
7954 NativeUidRangeConfig nw2UserConfig = makeNativeUidRangeConfig(
7955 enterprise2NetId, {makeUidRangeParcel(0, TEST_UID)}, /*unused*/ 0);
7956 EXPECT_TRUE(
7957 mDnsClient.netdService()
7958 ->setNetworkAllowlist({nwDefaultUserConfig, nw1UserConfig, nw2UserConfig})
7959 .isOk());
7960
7961 // Verify that DNS is behaving as the setting.
7962 struct TestConfig {
7963 int uid;
7964 const ScopedNetwork& selectedNetwork;
7965 bool expectedSuccess;
7966 } configs[]{
7967 // clang-format off
7968 {TEST_UID, sysDefaultNetwork, false},
7969 {TEST_UID, enterpriseNetwork_1, true},
7970 {TEST_UID, enterpriseNetwork_2, true},
7971 {TEST_UID2, sysDefaultNetwork, true},
7972 {TEST_UID2, enterpriseNetwork_1, true},
7973 {TEST_UID2, enterpriseNetwork_2, true},
7974 // clang-format on
7975 };
7976 for (const auto& cfg : configs) {
7977 SCOPED_TRACE(fmt::format("Dns over UID {}, selectedNetwork {}", cfg.uid,
7978 cfg.selectedNetwork.name()));
7979 if (cfg.expectedSuccess) {
7980 expectDnsWorksForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid,
7981 expectedDnsReply);
7982 } else {
7983 expectDnsFailedForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid);
7984 }
7985 }
7986
7987 // Clear network restrictions.
7988 EXPECT_TRUE(mDnsClient.netdService()->setNetworkAllowlist({}).isOk());
7989 // TEST_UID and TEST_UID2 can both select all networks.
7990 for (const auto& cfg : configs) {
7991 SCOPED_TRACE(fmt::format("Dns over UID {}, selectedNetwork {}", cfg.uid,
7992 cfg.selectedNetwork.name()));
7993 expectDnsWorksForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid, expectedDnsReply);
7994 }
7995 }
7996 }
7997