1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <set> 20 #include <string> 21 #include <vector> 22 23 #include <netinet/in.h> 24 25 #include <params.h> 26 27 #include "IPrivateDnsServer.h" 28 29 namespace android { 30 namespace net { 31 32 // DnsTlsServer represents a recursive resolver that supports, or may support, a 33 // secure protocol. 34 struct DnsTlsServer : public IPrivateDnsServer { 35 // Default constructor. DnsTlsServerDnsTlsServer36 DnsTlsServer() {} 37 DnsTlsServerDnsTlsServer38 explicit DnsTlsServer(const netdutils::IPAddress& ip) 39 : DnsTlsServer(netdutils::IPSockAddr(ip, 853)) {} DnsTlsServerDnsTlsServer40 explicit DnsTlsServer(const netdutils::IPSockAddr& addr) : ss(addr) {} 41 42 // The server location, including IP and port. 43 // TODO: make it const. 44 sockaddr_storage ss = {}; 45 46 // The server's hostname. If this string is nonempty, the server must present a 47 // certificate that indicates this name and has a valid chain to a trusted root CA. 48 // TODO: make it const. 49 std::string name; 50 51 // The certificate of the CA that signed the server's certificate. 52 // It is used to store temporary test CA certificate for internal tests. 53 // TODO: make it const. 54 std::string certificate; 55 56 // Placeholder. More protocols might be defined in the future. 57 // TODO: make it const. 58 int protocol = IPPROTO_TCP; 59 60 // Exact comparison of DnsTlsServer objects 61 bool operator<(const DnsTlsServer& other) const; 62 bool operator==(const DnsTlsServer& other) const; 63 64 bool wasExplicitlyConfigured() const; 65 std::string toIpString() const; 66 transportDnsTlsServer67 PrivateDnsTransport transport() const override { return PrivateDnsTransport::kDot; } providerDnsTlsServer68 std::string provider() const override { return name; } addrDnsTlsServer69 netdutils::IPSockAddr addr() const override { return netdutils::IPSockAddr::toIPSockAddr(ss); } validationMarkDnsTlsServer70 uint32_t validationMark() const override { return mark; } 71 validationStateDnsTlsServer72 Validation validationState() const override { return mValidation; } setValidationStateDnsTlsServer73 void setValidationState(Validation val) override { mValidation = val; } probeDnsTlsServer74 bool probe() override { 75 // TODO: implement it. 76 return false; 77 } 78 79 // The socket mark used for validation. 80 // Note that the mark of a connection to which the DnsResolver sends app's DNS requests can 81 // be different. 82 // TODO: make it const. 83 uint32_t mark = 0; 84 85 // Return whether or not the server can be used for a network. It depends on 86 // the resolver configuration. activeDnsTlsServer87 bool active() const override { return mActive; } setActiveDnsTlsServer88 void setActive(bool val) override { mActive = val; } 89 90 private: 91 // State, unrelated to the comparison of DnsTlsServer objects. 92 Validation mValidation = Validation::unknown_server; 93 bool mActive = false; 94 }; 95 96 // This comparison only checks the IP address. It ignores ports, names, and fingerprints. 97 struct AddressComparator { 98 bool operator()(const DnsTlsServer& x, const DnsTlsServer& y) const; 99 }; 100 101 } // namespace net 102 } // namespace android 103