• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef NETD_RESOLV_PRIVATEDNSCONFIGURATION_H
18 #define NETD_RESOLV_PRIVATEDNSCONFIGURATION_H
19 
20 #include <list>
21 #include <map>
22 #include <mutex>
23 #include <vector>
24 
25 #include <android-base/thread_annotations.h>
26 
27 #include "DnsTlsServer.h"
28 
29 namespace android {
30 namespace net {
31 
32 // The DNS over TLS mode on a specific netId.
33 enum class PrivateDnsMode : uint8_t { OFF, OPPORTUNISTIC, STRICT };
34 
35 // Validation status of a DNS over TLS server (on a specific netId).
36 enum class Validation : uint8_t { in_process, success, fail, unknown_server, unknown_netid };
37 
38 struct PrivateDnsStatus {
39     PrivateDnsMode mode;
40     std::list<DnsTlsServer> validatedServers;
41 };
42 
43 // TODO: remove this C-style struct and use PrivateDnsStatus everywhere.
44 struct ExternalPrivateDnsStatus {
45     PrivateDnsMode mode;
46     int numServers;
47     struct PrivateDnsInfo {
48         sockaddr_storage ss;
49         const char* hostname;
50         Validation validation;
51     } serverStatus[MAXNS];
52 };
53 
54 class PrivateDnsConfiguration {
55   public:
56     int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,
57             const std::string& name, const std::set<std::vector<uint8_t>>& fingerprints);
58 
59     PrivateDnsStatus getStatus(unsigned netId);
60 
61     // DEPRECATED, use getStatus() above.
62     void getStatus(unsigned netId, ExternalPrivateDnsStatus* status);
63 
64     void clear(unsigned netId);
65 
66   private:
67     typedef std::map<DnsTlsServer, Validation, AddressComparator> PrivateDnsTracker;
68 
69     void validatePrivateDnsProvider(const DnsTlsServer& server, PrivateDnsTracker& tracker,
70                                     unsigned netId, uint32_t mark) REQUIRES(mPrivateDnsLock);
71 
72     bool recordPrivateDnsValidation(const DnsTlsServer& server, unsigned netId, bool success);
73 
74     // Start validation for newly added servers as well as any servers that have
75     // landed in Validation::fail state. Note that servers that have failed
76     // multiple validation attempts but for which there is still a validating
77     // thread running are marked as being Validation::in_process.
78     bool needsValidation(const PrivateDnsTracker& tracker, const DnsTlsServer& server);
79 
80     std::mutex mPrivateDnsLock;
81     std::map<unsigned, PrivateDnsMode> mPrivateDnsModes GUARDED_BY(mPrivateDnsLock);
82     // Structure for tracking the validation status of servers on a specific netId.
83     // Using the AddressComparator ensures at most one entry per IP address.
84     std::map<unsigned, PrivateDnsTracker> mPrivateDnsTransports GUARDED_BY(mPrivateDnsLock);
85 };
86 
87 extern PrivateDnsConfiguration gPrivateDnsConfiguration;
88 
89 }  // namespace net
90 }  // namespace android
91 
92 #endif /* NETD_RESOLV_PRIVATEDNSCONFIGURATION_H */
93