1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 #define LOG_TAG "resolv_integration_test"
19
20 #include <android-base/logging.h>
21 #include <android-base/parseint.h>
22 #include <android-base/result.h>
23 #include <android-base/unique_fd.h>
24 #include <android/multinetwork.h> // ResNsendFlags
25 #include <arpa/inet.h>
26 #include <arpa/nameser.h>
27 #include <binder/ProcessState.h>
28 #include <cutils/sockets.h>
29 #include <gmock/gmock-matchers.h>
30 #include <gtest/gtest.h>
31 #include <netdb.h>
32 #include <netdutils/InternetAddresses.h>
33 #include <netdutils/NetworkConstants.h> // SHA256_SIZE
34 #include <netdutils/ResponseCode.h>
35 #include <netdutils/Slice.h>
36 #include <netdutils/SocketOption.h>
37 #include <netdutils/Stopwatch.h>
38 #include <netinet/in.h>
39 #include <poll.h> /* poll */
40 #include <private/android_filesystem_config.h>
41 #include <resolv.h>
42 #include <stdarg.h>
43 #include <stdlib.h>
44 #include <sys/socket.h>
45 #include <sys/un.h>
46 #include <unistd.h>
47
48 #include <algorithm>
49 #include <chrono>
50 #include <iterator>
51 #include <numeric>
52 #include <thread>
53 #include <unordered_set>
54
55 #include <DnsProxydProtocol.h> // NETID_USE_LOCAL_NAMESERVERS
56 #include <aidl/android/net/IDnsResolver.h>
57 #include <android/binder_manager.h>
58 #include <android/binder_process.h>
59 #include <bpf/BpfUtils.h>
60 #include <util.h> // getApiLevel
61 #include "Experiments.h"
62 #include "NetdClient.h"
63 #include "ResolverStats.h"
64 #include "netid_client.h" // NETID_UNSET
65 #include "params.h" // MAXNS
66 #include "stats.h" // RCODE_TIMEOUT
67 #include "tests/dns_metrics_listener/dns_metrics_listener.h"
68 #include "tests/dns_responder/dns_responder.h"
69 #include "tests/dns_responder/dns_responder_client_ndk.h"
70 #include "tests/dns_responder/dns_tls_certificate.h"
71 #include "tests/dns_responder/dns_tls_frontend.h"
72 #include "tests/resolv_test_base.h"
73 #include "tests/resolv_test_utils.h"
74 #include "tests/tun_forwarder.h"
75 #include "tests/unsolicited_listener/unsolicited_event_listener.h"
76
77 // Valid VPN netId range is 100 ~ 65535
78 constexpr int TEST_VPN_NETID = 65502;
79 constexpr int MAXPACKET = (8 * 1024);
80
81 const std::string kSortNameserversFlag("persist.device_config.netd_native.sort_nameservers");
82 const std::string kDotConnectTimeoutMsFlag(
83 "persist.device_config.netd_native.dot_connect_timeout_ms");
84 const std::string kDotAsyncHandshakeFlag("persist.device_config.netd_native.dot_async_handshake");
85 const std::string kDotMaxretriesFlag("persist.device_config.netd_native.dot_maxtries");
86 const std::string kDotRevalidationThresholdFlag(
87 "persist.device_config.netd_native.dot_revalidation_threshold");
88 const std::string kDotXportUnusableThresholdFlag(
89 "persist.device_config.netd_native.dot_xport_unusable_threshold");
90 const std::string kDotQueryTimeoutMsFlag("persist.device_config.netd_native.dot_query_timeout_ms");
91 const std::string kDotValidationLatencyFactorFlag(
92 "persist.device_config.netd_native.dot_validation_latency_factor");
93 const std::string kDotValidationLatencyOffsetMsFlag(
94 "persist.device_config.netd_native.dot_validation_latency_offset_ms");
95 const std::string kDotQuickFallbackFlag("persist.device_config.netd_native.dot_quick_fallback");
96 // Semi-public Bionic hook used by the NDK (frameworks/base/native/android/net.c)
97 // Tested here for convenience.
98 extern "C" int android_getaddrinfofornet(const char* hostname, const char* servname,
99 const addrinfo* hints, unsigned netid, unsigned mark,
100 struct addrinfo** result);
101
102 using namespace std::chrono_literals;
103
104 using aidl::android::net::IDnsResolver;
105 using aidl::android::net::INetd;
106 using aidl::android::net::ResolverOptionsParcel;
107 using aidl::android::net::ResolverParamsParcel;
108 using aidl::android::net::metrics::INetdEventListener;
109 using aidl::android::net::resolv::aidl::DnsHealthEventParcel;
110 using aidl::android::net::resolv::aidl::IDnsResolverUnsolicitedEventListener;
111 using aidl::android::net::resolv::aidl::Nat64PrefixEventParcel;
112 using aidl::android::net::resolv::aidl::PrivateDnsValidationEventParcel;
113 using android::base::Error;
114 using android::base::GetProperty;
115 using android::base::ParseInt;
116 using android::base::Result;
117 using android::base::unique_fd;
118 using android::net::ResolverStats;
119 using android::net::TunForwarder;
120 using android::net::metrics::DnsMetricsListener;
121 using android::net::resolv::aidl::UnsolicitedEventListener;
122 using android::netdutils::enableSockopt;
123 using android::netdutils::makeSlice;
124 using android::netdutils::ResponseCode;
125 using android::netdutils::ScopedAddrinfo;
126 using android::netdutils::Stopwatch;
127 using android::netdutils::toHex;
128
129 namespace {
130
safe_getaddrinfo_time_taken(const char * node,const char * service,const addrinfo & hints)131 std::pair<ScopedAddrinfo, int> safe_getaddrinfo_time_taken(const char* node, const char* service,
132 const addrinfo& hints) {
133 Stopwatch s;
134 ScopedAddrinfo result = safe_getaddrinfo(node, service, &hints);
135 return {std::move(result), s.timeTakenUs() / 1000};
136 }
137
138 struct NameserverStats {
139 NameserverStats() = delete;
NameserverStats__anon17aebff70111::NameserverStats140 NameserverStats(const std::string server) : server(server) {}
setSuccesses__anon17aebff70111::NameserverStats141 NameserverStats& setSuccesses(int val) {
142 successes = val;
143 return *this;
144 }
setErrors__anon17aebff70111::NameserverStats145 NameserverStats& setErrors(int val) {
146 errors = val;
147 return *this;
148 }
setTimeouts__anon17aebff70111::NameserverStats149 NameserverStats& setTimeouts(int val) {
150 timeouts = val;
151 return *this;
152 }
setInternalErrors__anon17aebff70111::NameserverStats153 NameserverStats& setInternalErrors(int val) {
154 internal_errors = val;
155 return *this;
156 }
157
158 const std::string server;
159 int successes = 0;
160 int errors = 0;
161 int timeouts = 0;
162 int internal_errors = 0;
163 };
164
165 const bool isAtLeastR = (getApiLevel() >= 30);
166
167 } // namespace
168
169 class ResolverTest : public ResolvTestBase {
170 public:
SetUpTestSuite()171 static void SetUpTestSuite() {
172 // Get binder service.
173 // Note that |mDnsClient| is not used for getting binder service in this static function.
174 // The reason is that wants to keep |mDnsClient| as a non-static data member. |mDnsClient|
175 // which sets up device network configuration could be independent from every test.
176 // TODO: Perhaps add a static function in resolv_test_binder_utils.{cpp,h} to get binder
177 // service.
178
179 AIBinder* binder = AServiceManager_getService("dnsresolver");
180 sResolvBinder = ndk::SpAIBinder(binder);
181 auto resolvService = aidl::android::net::IDnsResolver::fromBinder(sResolvBinder);
182 ASSERT_NE(nullptr, resolvService.get());
183
184 // Subscribe the death recipient to the service IDnsResolver for detecting Netd death.
185 // GTEST assertion macros are not invoked for generating a test failure in the death
186 // recipient because the macros can't indicate failed test if Netd died between tests.
187 // Moreover, continuing testing may have no meaningful after Netd death. Therefore, the
188 // death recipient aborts process by GTEST_LOG_(FATAL) once Netd died.
189 sResolvDeathRecipient = AIBinder_DeathRecipient_new([](void*) {
190 constexpr char errorMessage[] = "Netd died";
191 LOG(ERROR) << errorMessage;
192 GTEST_LOG_(FATAL) << errorMessage;
193 });
194 ASSERT_EQ(STATUS_OK, AIBinder_linkToDeath(binder, sResolvDeathRecipient, nullptr));
195
196 // Subscribe the DNS listener for verifying DNS metrics event contents.
197 sDnsMetricsListener = ndk::SharedRefBase::make<DnsMetricsListener>(
198 TEST_NETID /*monitor specific network*/);
199 ASSERT_TRUE(resolvService->registerEventListener(sDnsMetricsListener).isOk());
200
201 // Subscribe the unsolicited event listener for verifying unsolicited event contents.
202 sUnsolicitedEventListener = ndk::SharedRefBase::make<UnsolicitedEventListener>(
203 TEST_NETID /*monitor specific network*/);
204 ASSERT_TRUE(
205 resolvService->registerUnsolicitedEventListener(sUnsolicitedEventListener).isOk());
206
207 // Start the binder thread pool for listening DNS metrics events and receiving death
208 // recipient.
209 ABinderProcess_startThreadPool();
210 }
TearDownTestSuite()211 static void TearDownTestSuite() { AIBinder_DeathRecipient_delete(sResolvDeathRecipient); }
212
213 protected:
SetUp()214 void SetUp() {
215 mDnsClient.SetUp();
216 sDnsMetricsListener->reset();
217 sUnsolicitedEventListener->reset();
218 SetMdnsRoute();
219 mIsResolverOptionIPCSupported =
220 DnsResponderClient::isRemoteVersionSupported(mDnsClient.resolvService(), 9);
221 }
222
TearDown()223 void TearDown() {
224 // Ensure the dump works at the end of each test.
225 DumpResolverService();
226 RemoveMdnsRoute();
227 mDnsClient.TearDown();
228 }
229
resetNetwork()230 void resetNetwork() {
231 EXPECT_EQ(mDnsClient.TearDownOemNetwork(TEST_NETID), 0);
232 EXPECT_EQ(mDnsClient.SetupOemNetwork(TEST_NETID), 0);
233 }
234
StartDns(test::DNSResponder & dns,const std::vector<DnsRecord> & records)235 void StartDns(test::DNSResponder& dns, const std::vector<DnsRecord>& records) {
236 for (const auto& r : records) {
237 dns.addMapping(r.host_name, r.type, r.addr);
238 }
239
240 ASSERT_TRUE(dns.startServer());
241 dns.clearQueries();
242 }
243
DumpResolverService()244 void DumpResolverService() {
245 unique_fd fd(open("/dev/null", O_WRONLY));
246 EXPECT_EQ(mDnsClient.resolvService()->dump(fd, nullptr, 0), 0);
247
248 const char* querylogCmd[] = {"querylog"}; // Keep it sync with DnsQueryLog::DUMP_KEYWORD.
249 EXPECT_EQ(mDnsClient.resolvService()->dump(fd, querylogCmd, std::size(querylogCmd)), 0);
250 }
251
WaitForNat64Prefix(ExpectNat64PrefixStatus status,std::chrono::milliseconds timeout=std::chrono::milliseconds (1000))252 bool WaitForNat64Prefix(ExpectNat64PrefixStatus status,
253 std::chrono::milliseconds timeout = std::chrono::milliseconds(1000)) {
254 return sDnsMetricsListener->waitForNat64Prefix(status, timeout) &&
255 sUnsolicitedEventListener->waitForNat64Prefix(
256 status == EXPECT_FOUND
257 ? IDnsResolverUnsolicitedEventListener::PREFIX_OPERATION_ADDED
258 : IDnsResolverUnsolicitedEventListener::PREFIX_OPERATION_REMOVED,
259 timeout);
260 }
261
WaitForPrivateDnsValidation(std::string serverAddr,bool validated)262 bool WaitForPrivateDnsValidation(std::string serverAddr, bool validated) {
263 return sDnsMetricsListener->waitForPrivateDnsValidation(serverAddr, validated) &&
264 sUnsolicitedEventListener->waitForPrivateDnsValidation(
265 serverAddr,
266 validated ? IDnsResolverUnsolicitedEventListener::VALIDATION_RESULT_SUCCESS
267 : IDnsResolverUnsolicitedEventListener::VALIDATION_RESULT_FAILURE,
268 IDnsResolverUnsolicitedEventListener::PROTOCOL_DOT);
269 }
270
hasUncaughtPrivateDnsValidation(const std::string & serverAddr)271 bool hasUncaughtPrivateDnsValidation(const std::string& serverAddr) {
272 return sDnsMetricsListener->findValidationRecord(serverAddr) &&
273 sUnsolicitedEventListener->findValidationRecord(
274 serverAddr, IDnsResolverUnsolicitedEventListener::PROTOCOL_DOT);
275 }
276
ExpectDnsEvent(int32_t eventType,int32_t returnCode,const std::string & hostname,const std::vector<std::string> & ipAddresses)277 void ExpectDnsEvent(int32_t eventType, int32_t returnCode, const std::string& hostname,
278 const std::vector<std::string>& ipAddresses) {
279 const DnsMetricsListener::DnsEvent expect = {
280 TEST_NETID, eventType, returnCode,
281 hostname, ipAddresses, static_cast<int32_t>(ipAddresses.size())};
282 do {
283 // Blocking call until timeout.
284 const auto dnsEvent = sDnsMetricsListener->popDnsEvent();
285 ASSERT_TRUE(dnsEvent.has_value()) << "Expected DnsEvent " << expect;
286 if (dnsEvent.value() == expect) break;
287 LOG(INFO) << "Skip unexpected DnsEvent: " << dnsEvent.value();
288 } while (true);
289
290 while (returnCode == 0 || returnCode == RCODE_TIMEOUT) {
291 // Blocking call until timeout.
292 Result<int> result = sUnsolicitedEventListener->popDnsHealthResult();
293 ASSERT_TRUE(result.ok()) << "Expected dns health result is " << returnCode;
294 if ((returnCode == 0 &&
295 result.value() == IDnsResolverUnsolicitedEventListener::DNS_HEALTH_RESULT_OK) ||
296 (returnCode == RCODE_TIMEOUT &&
297 result.value() ==
298 IDnsResolverUnsolicitedEventListener::DNS_HEALTH_RESULT_TIMEOUT)) {
299 break;
300 }
301 LOG(INFO) << "Skip unexpected dns health result:" << result.value();
302 }
303 }
304
305 enum class StatsCmp { LE, EQ };
306
expectStatsNotGreaterThan(const std::vector<NameserverStats> & nameserversStats)307 bool expectStatsNotGreaterThan(const std::vector<NameserverStats>& nameserversStats) {
308 return expectStatsFromGetResolverInfo(nameserversStats, StatsCmp::LE);
309 }
310
expectStatsEqualTo(const std::vector<NameserverStats> & nameserversStats)311 bool expectStatsEqualTo(const std::vector<NameserverStats>& nameserversStats) {
312 return expectStatsFromGetResolverInfo(nameserversStats, StatsCmp::EQ);
313 }
314
expectStatsFromGetResolverInfo(const std::vector<NameserverStats> & nameserversStats,const StatsCmp cmp)315 bool expectStatsFromGetResolverInfo(const std::vector<NameserverStats>& nameserversStats,
316 const StatsCmp cmp) {
317 std::vector<std::string> res_servers;
318 std::vector<std::string> res_domains;
319 std::vector<std::string> res_tls_servers;
320 res_params res_params;
321 std::vector<ResolverStats> res_stats;
322 int wait_for_pending_req_timeout_count;
323
324 if (!DnsResponderClient::GetResolverInfo(mDnsClient.resolvService(), TEST_NETID,
325 &res_servers, &res_domains, &res_tls_servers,
326 &res_params, &res_stats,
327 &wait_for_pending_req_timeout_count)) {
328 ADD_FAILURE() << "GetResolverInfo failed";
329 return false;
330 }
331
332 if (res_servers.size() != res_stats.size()) {
333 ADD_FAILURE() << fmt::format("res_servers.size() != res_stats.size(): {} != {}",
334 res_servers.size(), res_stats.size());
335 return false;
336 }
337 if (res_servers.size() != nameserversStats.size()) {
338 ADD_FAILURE() << fmt::format("res_servers.size() != nameserversStats.size(): {} != {}",
339 res_servers.size(), nameserversStats.size());
340 return false;
341 }
342
343 for (const auto& stats : nameserversStats) {
344 SCOPED_TRACE(stats.server);
345 const auto it = std::find(res_servers.begin(), res_servers.end(), stats.server);
346 if (it == res_servers.end()) {
347 ADD_FAILURE() << fmt::format("nameserver {} not found in the list {{{}}}",
348 stats.server, fmt::join(res_servers, ", "));
349 return false;
350 }
351 const int index = std::distance(res_servers.begin(), it);
352
353 // The check excludes rtt_avg, last_sample_time, and usable since they will be obsolete
354 // after |res_stats| is retrieved from NetConfig.dnsStats rather than NetConfig.nsstats.
355 switch (cmp) {
356 case StatsCmp::EQ:
357 EXPECT_EQ(res_stats[index].successes, stats.successes);
358 EXPECT_EQ(res_stats[index].errors, stats.errors);
359 EXPECT_EQ(res_stats[index].timeouts, stats.timeouts);
360 EXPECT_EQ(res_stats[index].internal_errors, stats.internal_errors);
361 break;
362 case StatsCmp::LE:
363 EXPECT_LE(res_stats[index].successes, stats.successes);
364 EXPECT_LE(res_stats[index].errors, stats.errors);
365 EXPECT_LE(res_stats[index].timeouts, stats.timeouts);
366 EXPECT_LE(res_stats[index].internal_errors, stats.internal_errors);
367 break;
368 default:
369 ADD_FAILURE() << "Unknown comparator " << static_cast<int>(cmp);
370 return false;
371 }
372 }
373
374 return true;
375 }
376
377 // Since there's no way to terminate private DNS validation threads at any time. Tests that
378 // focus on the results of private DNS validation can interfere with each other if they use the
379 // same IP address for test servers. getUniqueIPv4Address() is a workaround to reduce the
380 // possibility of tests being flaky. A feasible solution is to forbid the validation threads,
381 // which are considered as outdated (e.g. switch the resolver to private DNS OFF mode), updating
382 // the result to the PrivateDnsConfiguration instance.
getUniqueIPv4Address()383 static std::string getUniqueIPv4Address() {
384 static int counter = 0;
385 return fmt::format("127.0.100.{}", (++counter & 0xff));
386 }
387
388 DnsResponderClient mDnsClient;
389
390 bool mIsResolverOptionIPCSupported = false;
391
392 // Use a shared static DNS listener for all tests to avoid registering lots of listeners
393 // which may be released late until process terminated. Currently, registered DNS listener
394 // is removed by binder death notification which is fired when the process hosting an
395 // IBinder has gone away. If every test in ResolverTest registers its DNS listener, Netd
396 // may temporarily hold lots of dead listeners until the unit test process terminates.
397 // TODO: Perhaps add an unregistering listener binder call or fork a listener process which
398 // could be terminated earlier.
399 static std::shared_ptr<DnsMetricsListener>
400 sDnsMetricsListener; // Initialized in SetUpTestSuite.
401
402 inline static std::shared_ptr<UnsolicitedEventListener>
403 sUnsolicitedEventListener; // Initialized in SetUpTestSuite.
404
405 // Use a shared static death recipient to monitor the service death. The static death
406 // recipient could monitor the death not only during the test but also between tests.
407 static AIBinder_DeathRecipient* sResolvDeathRecipient; // Initialized in SetUpTestSuite.
408
409 // The linked AIBinder_DeathRecipient will be automatically unlinked if the binder is deleted.
410 // The binder needs to be retained throughout tests.
411 static ndk::SpAIBinder sResolvBinder;
412 };
413
414 // Initialize static member of class.
415 std::shared_ptr<DnsMetricsListener> ResolverTest::sDnsMetricsListener;
416 AIBinder_DeathRecipient* ResolverTest::sResolvDeathRecipient;
417 ndk::SpAIBinder ResolverTest::sResolvBinder;
418
TEST_F(ResolverTest,GetHostByName)419 TEST_F(ResolverTest, GetHostByName) {
420 constexpr char nonexistent_host_name[] = "nonexistent.example.com.";
421
422 test::DNSResponder dns;
423 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.3"}});
424 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
425
426 const hostent* result;
427 result = gethostbyname("nonexistent");
428 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
429 ASSERT_TRUE(result == nullptr);
430 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
431
432 dns.clearQueries();
433 result = gethostbyname("hello");
434 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
435 ASSERT_FALSE(result == nullptr);
436 ASSERT_EQ(4, result->h_length);
437 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
438 EXPECT_EQ("1.2.3.3", ToString(result));
439 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
440 }
441
TEST_F(ResolverTest,GetHostByName_NULL)442 TEST_F(ResolverTest, GetHostByName_NULL) {
443 // Most libc implementations would just crash on gethostbyname(NULL). Instead, Bionic
444 // serializes the null argument over dnsproxyd, causing the server-side to crash!
445 // This is a regression test.
446 const char* const testcases[] = {nullptr, "", "^"};
447 for (const char* name : testcases) {
448 SCOPED_TRACE(fmt::format("gethostbyname({})", name ? name : "NULL"));
449 const hostent* result = gethostbyname(name);
450 EXPECT_TRUE(result == nullptr);
451 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
452 }
453 }
454
TEST_F(ResolverTest,GetHostByName_cnames)455 TEST_F(ResolverTest, GetHostByName_cnames) {
456 constexpr char host_name[] = "host.example.com.";
457 size_t cnamecount = 0;
458 test::DNSResponder dns;
459
460 const std::vector<DnsRecord> records = {
461 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
462 {"a.example.com.", ns_type::ns_t_cname, "b.example.com."},
463 {"b.example.com.", ns_type::ns_t_cname, "c.example.com."},
464 {"c.example.com.", ns_type::ns_t_cname, "d.example.com."},
465 {"d.example.com.", ns_type::ns_t_cname, "e.example.com."},
466 {"e.example.com.", ns_type::ns_t_cname, host_name},
467 {host_name, ns_type::ns_t_a, "1.2.3.3"},
468 {host_name, ns_type::ns_t_aaaa, "2001:db8::42"},
469 };
470 StartDns(dns, records);
471 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
472
473 // using gethostbyname2() to resolve ipv4 hello.example.com. to 1.2.3.3
474 // Ensure the v4 address and cnames are correct
475 const hostent* result;
476 result = gethostbyname2("hello", AF_INET);
477 ASSERT_FALSE(result == nullptr);
478
479 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
480 std::string domain_name = records[i].host_name.substr(0, records[i].host_name.size() - 1);
481 EXPECT_EQ(result->h_aliases[i], domain_name);
482 cnamecount++;
483 }
484 // The size of "Non-cname type" record in DNS records is 2
485 ASSERT_EQ(cnamecount, records.size() - 2);
486 ASSERT_EQ(4, result->h_length);
487 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
488 EXPECT_EQ("1.2.3.3", ToString(result));
489 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
490 EXPECT_EQ(1U, dns.queries().size()) << dns.dumpQueries();
491
492 // using gethostbyname2() to resolve ipv6 hello.example.com. to 2001:db8::42
493 // Ensure the v6 address and cnames are correct
494 cnamecount = 0;
495 dns.clearQueries();
496 result = gethostbyname2("hello", AF_INET6);
497 for (unsigned i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
498 std::string domain_name = records[i].host_name.substr(0, records[i].host_name.size() - 1);
499 EXPECT_EQ(result->h_aliases[i], domain_name);
500 cnamecount++;
501 }
502 // The size of "Non-cname type" DNS record in records is 2
503 ASSERT_EQ(cnamecount, records.size() - 2);
504 ASSERT_FALSE(result == nullptr);
505 ASSERT_EQ(16, result->h_length);
506 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
507 EXPECT_EQ("2001:db8::42", ToString(result));
508 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
509 }
510
TEST_F(ResolverTest,GetHostByName_cnamesInfiniteLoop)511 TEST_F(ResolverTest, GetHostByName_cnamesInfiniteLoop) {
512 test::DNSResponder dns;
513 const std::vector<DnsRecord> records = {
514 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
515 {"a.example.com.", ns_type::ns_t_cname, kHelloExampleCom},
516 };
517 StartDns(dns, records);
518 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
519
520 const hostent* result;
521 result = gethostbyname2("hello", AF_INET);
522 ASSERT_TRUE(result == nullptr);
523
524 dns.clearQueries();
525 result = gethostbyname2("hello", AF_INET6);
526 ASSERT_TRUE(result == nullptr);
527 }
528
TEST_F(ResolverTest,GetHostByName_localhost)529 TEST_F(ResolverTest, GetHostByName_localhost) {
530 constexpr char name_camelcase[] = "LocalHost";
531 constexpr char name_ip6_dot[] = "ip6-localhost.";
532 constexpr char name_ip6_fqdn[] = "ip6-localhost.example.com.";
533
534 // Add a no-op nameserver which shouldn't receive any queries
535 test::DNSResponder dns;
536 StartDns(dns, {});
537 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
538
539 // Expect no DNS queries; localhost is resolved via /etc/hosts
540 const hostent* result = gethostbyname(kLocalHost);
541 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
542 ASSERT_FALSE(result == nullptr);
543 ASSERT_EQ(4, result->h_length);
544 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
545 EXPECT_EQ(kLocalHostAddr, ToString(result));
546 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
547
548 // Ensure the hosts file resolver ignores case of hostnames
549 result = gethostbyname(name_camelcase);
550 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
551 ASSERT_FALSE(result == nullptr);
552 ASSERT_EQ(4, result->h_length);
553 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
554 EXPECT_EQ(kLocalHostAddr, ToString(result));
555 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
556
557 // The hosts file also contains ip6-localhost, but gethostbyname() won't
558 // return it. This would be easy to
559 // change, but there's no point in changing the legacy behavior; new code
560 // should be calling getaddrinfo() anyway.
561 // So we check the legacy behavior, which results in amusing A-record
562 // lookups for ip6-localhost, with and without search domains appended.
563 dns.clearQueries();
564 result = gethostbyname(kIp6LocalHost);
565 EXPECT_EQ(2U, dns.queries().size()) << dns.dumpQueries();
566 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_dot)) << dns.dumpQueries();
567 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_fqdn)) << dns.dumpQueries();
568 ASSERT_TRUE(result == nullptr);
569
570 // Finally, use gethostbyname2() to resolve ip6-localhost to ::1 from
571 // the hosts file.
572 dns.clearQueries();
573 result = gethostbyname2(kIp6LocalHost, AF_INET6);
574 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
575 ASSERT_FALSE(result == nullptr);
576 ASSERT_EQ(16, result->h_length);
577 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
578 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
579 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
580 }
581
TEST_F(ResolverTest,GetHostByName_numeric)582 TEST_F(ResolverTest, GetHostByName_numeric) {
583 // Add a no-op nameserver which shouldn't receive any queries
584 test::DNSResponder dns;
585 StartDns(dns, {});
586 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
587
588 // Numeric v4 address: expect no DNS queries
589 constexpr char numeric_v4[] = "192.168.0.1";
590 const hostent* result = gethostbyname(numeric_v4);
591 EXPECT_EQ(0U, dns.queries().size());
592 ASSERT_FALSE(result == nullptr);
593 ASSERT_EQ(4, result->h_length); // v4
594 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
595 EXPECT_EQ(numeric_v4, ToString(result));
596 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
597
598 // gethostbyname() recognizes a v6 address, and fails with no DNS queries
599 constexpr char numeric_v6[] = "2001:db8::42";
600 dns.clearQueries();
601 result = gethostbyname(numeric_v6);
602 EXPECT_EQ(0U, dns.queries().size());
603 EXPECT_TRUE(result == nullptr);
604
605 // Numeric v6 address with gethostbyname2(): succeeds with no DNS queries
606 dns.clearQueries();
607 result = gethostbyname2(numeric_v6, AF_INET6);
608 EXPECT_EQ(0U, dns.queries().size());
609 ASSERT_FALSE(result == nullptr);
610 ASSERT_EQ(16, result->h_length); // v6
611 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
612 EXPECT_EQ(numeric_v6, ToString(result));
613 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
614
615 // Numeric v6 address with scope work with getaddrinfo(),
616 // but gethostbyname2() does not understand them; it issues two dns
617 // queries, then fails. This hardly ever happens, there's no point
618 // in fixing this. This test simply verifies the current (bogus)
619 // behavior to avoid further regressions (like crashes, or leaks).
620 constexpr char numeric_v6_scope[] = "fe80::1%lo";
621 dns.clearQueries();
622 result = gethostbyname2(numeric_v6_scope, AF_INET6);
623 EXPECT_EQ(2U, dns.queries().size()); // OUCH!
624 ASSERT_TRUE(result == nullptr);
625 }
626
TEST_F(ResolverTest,BinderSerialization)627 TEST_F(ResolverTest, BinderSerialization) {
628 std::vector<int> params_offsets = {
629 IDnsResolver::RESOLVER_PARAMS_SAMPLE_VALIDITY,
630 IDnsResolver::RESOLVER_PARAMS_SUCCESS_THRESHOLD,
631 IDnsResolver::RESOLVER_PARAMS_MIN_SAMPLES,
632 IDnsResolver::RESOLVER_PARAMS_MAX_SAMPLES,
633 IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC,
634 IDnsResolver::RESOLVER_PARAMS_RETRY_COUNT,
635 };
636 const int size = static_cast<int>(params_offsets.size());
637 EXPECT_EQ(size, IDnsResolver::RESOLVER_PARAMS_COUNT);
638 std::sort(params_offsets.begin(), params_offsets.end());
639 for (int i = 0; i < size; ++i) {
640 EXPECT_EQ(params_offsets[i], i);
641 }
642 }
643
TEST_F(ResolverTest,GetHostByName_Binder)644 TEST_F(ResolverTest, GetHostByName_Binder) {
645 std::vector<std::string> domains = {"example.com"};
646 std::vector<std::unique_ptr<test::DNSResponder>> dns;
647 std::vector<std::string> servers;
648 std::vector<DnsResponderClient::Mapping> mappings;
649 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupMappings(1, domains, &mappings));
650 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupDNSServers(4, mappings, &dns, &servers));
651 ASSERT_EQ(1U, mappings.size());
652 const DnsResponderClient::Mapping& mapping = mappings[0];
653
654 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains, kDefaultParams));
655
656 const hostent* result = gethostbyname(mapping.host.c_str());
657 const size_t total_queries =
658 std::accumulate(dns.begin(), dns.end(), 0, [&mapping](size_t total, auto& d) {
659 return total + GetNumQueriesForType(*d, ns_type::ns_t_a, mapping.entry.c_str());
660 });
661
662 EXPECT_LE(1U, total_queries);
663 ASSERT_FALSE(result == nullptr);
664 ASSERT_EQ(4, result->h_length);
665 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
666 EXPECT_EQ(mapping.ip4, ToString(result));
667 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
668
669 std::vector<std::string> res_servers;
670 std::vector<std::string> res_domains;
671 std::vector<std::string> res_tls_servers;
672 res_params res_params;
673 std::vector<ResolverStats> res_stats;
674 int wait_for_pending_req_timeout_count;
675 ASSERT_TRUE(DnsResponderClient::GetResolverInfo(
676 mDnsClient.resolvService(), TEST_NETID, &res_servers, &res_domains, &res_tls_servers,
677 &res_params, &res_stats, &wait_for_pending_req_timeout_count));
678 EXPECT_EQ(servers.size(), res_servers.size());
679 EXPECT_EQ(domains.size(), res_domains.size());
680 EXPECT_EQ(0U, res_tls_servers.size());
681 ASSERT_EQ(static_cast<size_t>(IDnsResolver::RESOLVER_PARAMS_COUNT), kDefaultParams.size());
682 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_SAMPLE_VALIDITY],
683 res_params.sample_validity);
684 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
685 res_params.success_threshold);
686 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
687 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
688 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
689 res_params.base_timeout_msec);
690 EXPECT_EQ(servers.size(), res_stats.size());
691
692 EXPECT_THAT(res_servers, testing::UnorderedElementsAreArray(servers));
693 EXPECT_THAT(res_domains, testing::UnorderedElementsAreArray(domains));
694 }
695
TEST_F(ResolverTest,GetAddrInfo)696 TEST_F(ResolverTest, GetAddrInfo) {
697 constexpr char listen_addr[] = "127.0.0.4";
698 constexpr char listen_addr2[] = "127.0.0.5";
699 constexpr char host_name[] = "howdy.example.com.";
700
701 const std::vector<DnsRecord> records = {
702 {host_name, ns_type::ns_t_a, "1.2.3.4"},
703 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
704 };
705 test::DNSResponder dns(listen_addr);
706 test::DNSResponder dns2(listen_addr2);
707 StartDns(dns, records);
708 StartDns(dns2, records);
709
710 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr}));
711 dns.clearQueries();
712 dns2.clearQueries();
713
714 ScopedAddrinfo result = safe_getaddrinfo("howdy", nullptr, nullptr);
715 EXPECT_TRUE(result != nullptr);
716 size_t found = GetNumQueries(dns, host_name);
717 EXPECT_LE(1U, found);
718 // Could be A or AAAA
719 std::string result_str = ToString(result);
720 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
721 << ", result_str='" << result_str << "'";
722
723 // Verify that the name is cached.
724 size_t old_found = found;
725 result = safe_getaddrinfo("howdy", nullptr, nullptr);
726 EXPECT_TRUE(result != nullptr);
727 found = GetNumQueries(dns, host_name);
728 EXPECT_LE(1U, found);
729 EXPECT_EQ(old_found, found);
730 result_str = ToString(result);
731 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") << result_str;
732
733 // Change the DNS resolver, ensure that queries are still cached.
734 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr2}));
735 dns.clearQueries();
736 dns2.clearQueries();
737
738 result = safe_getaddrinfo("howdy", nullptr, nullptr);
739 EXPECT_TRUE(result != nullptr);
740 found = GetNumQueries(dns, host_name);
741 size_t found2 = GetNumQueries(dns2, host_name);
742 EXPECT_EQ(0U, found);
743 EXPECT_LE(0U, found2);
744
745 // Could be A or AAAA
746 result_str = ToString(result);
747 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
748 << ", result_str='" << result_str << "'";
749 }
750
TEST_F(ResolverTest,GetAddrInfoV4)751 TEST_F(ResolverTest, GetAddrInfoV4) {
752 test::DNSResponder dns;
753 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.5"}});
754 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
755
756 const addrinfo hints = {.ai_family = AF_INET};
757 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
758 EXPECT_TRUE(result != nullptr);
759 EXPECT_EQ(1U, GetNumQueries(dns, kHelloExampleCom));
760 EXPECT_EQ("1.2.3.5", ToString(result));
761 }
762
TEST_F(ResolverTest,GetAddrInfo_localhost)763 TEST_F(ResolverTest, GetAddrInfo_localhost) {
764 // Add a no-op nameserver which shouldn't receive any queries
765 test::DNSResponder dns;
766 StartDns(dns, {});
767 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
768
769 ScopedAddrinfo result = safe_getaddrinfo(kLocalHost, nullptr, nullptr);
770 EXPECT_TRUE(result != nullptr);
771 // Expect no DNS queries; localhost is resolved via /etc/hosts
772 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
773 EXPECT_EQ(kLocalHostAddr, ToString(result));
774
775 result = safe_getaddrinfo(kIp6LocalHost, nullptr, nullptr);
776 EXPECT_TRUE(result != nullptr);
777 // Expect no DNS queries; ip6-localhost is resolved via /etc/hosts
778 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
779 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
780 }
781
TEST_F(ResolverTest,GetAddrInfo_InvalidSocketType)782 TEST_F(ResolverTest, GetAddrInfo_InvalidSocketType) {
783 test::DNSResponder dns;
784 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.5"}});
785 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
786
787 // TODO: Test other invalid socket types.
788 const addrinfo hints = {
789 .ai_family = AF_UNSPEC,
790 .ai_socktype = SOCK_PACKET,
791 };
792 addrinfo* result = nullptr;
793 // This is a valid hint, but the query won't be sent because the socket type is
794 // not supported.
795 EXPECT_EQ(EAI_NODATA, getaddrinfo("hello", nullptr, &hints, &result));
796 ScopedAddrinfo result_cleanup(result);
797 EXPECT_EQ(nullptr, result);
798 }
799
800 // Verify if the resolver correctly handle multiple queries simultaneously
801 // step 1: set dns server#1 into deferred responding mode.
802 // step 2: thread#1 query "hello.example.com." --> resolver send query to server#1.
803 // step 3: thread#2 query "hello.example.com." --> resolver hold the request and wait for
804 // response of previous pending query sent by thread#1.
805 // step 4: thread#3 query "konbanha.example.com." --> resolver send query to server#3. Server
806 // respond to resolver immediately.
807 // step 5: check if server#1 get 1 query by thread#1, server#2 get 0 query, server#3 get 1 query.
808 // step 6: resume dns server#1 to respond dns query in step#2.
809 // step 7: thread#1 and #2 should get returned from DNS query after step#6. Also, check the
810 // number of queries in server#2 is 0 to ensure thread#2 does not wake up unexpectedly
811 // before signaled by thread#1.
TEST_F(ResolverTest,GetAddrInfoV4_deferred_resp)812 TEST_F(ResolverTest, GetAddrInfoV4_deferred_resp) {
813 const char* listen_addr1 = "127.0.0.9";
814 const char* listen_addr2 = "127.0.0.10";
815 const char* listen_addr3 = "127.0.0.11";
816 const char* listen_srv = "53";
817 const char* host_name_deferred = "hello.example.com.";
818 const char* host_name_normal = "konbanha.example.com.";
819 test::DNSResponder dns1(listen_addr1, listen_srv, ns_rcode::ns_r_servfail);
820 test::DNSResponder dns2(listen_addr2, listen_srv, ns_rcode::ns_r_servfail);
821 test::DNSResponder dns3(listen_addr3, listen_srv, ns_rcode::ns_r_servfail);
822 dns1.addMapping(host_name_deferred, ns_type::ns_t_a, "1.2.3.4");
823 dns2.addMapping(host_name_deferred, ns_type::ns_t_a, "1.2.3.4");
824 dns3.addMapping(host_name_normal, ns_type::ns_t_a, "1.2.3.5");
825 ASSERT_TRUE(dns1.startServer());
826 ASSERT_TRUE(dns2.startServer());
827 ASSERT_TRUE(dns3.startServer());
828 const std::vector<std::string> servers_for_t1 = {listen_addr1};
829 const std::vector<std::string> servers_for_t2 = {listen_addr2};
830 const std::vector<std::string> servers_for_t3 = {listen_addr3};
831 addrinfo hints = {.ai_family = AF_INET};
832 const std::vector<int> params = {300, 25, 8, 8, 5000};
833 bool t3_task_done = false;
834
835 dns1.setDeferredResp(true);
836 std::thread t1([&, this]() {
837 ASSERT_TRUE(
838 mDnsClient.SetResolversForNetwork(servers_for_t1, kDefaultSearchDomains, params));
839 ScopedAddrinfo result = safe_getaddrinfo(host_name_deferred, nullptr, &hints);
840 // t3's dns query should got returned first
841 EXPECT_TRUE(t3_task_done);
842 EXPECT_EQ(1U, GetNumQueries(dns1, host_name_deferred));
843 EXPECT_TRUE(result != nullptr);
844 EXPECT_EQ("1.2.3.4", ToString(result));
845 });
846
847 // ensuring t1 and t2 handler functions are processed in order
848 usleep(100 * 1000);
849 std::thread t2([&, this]() {
850 ASSERT_TRUE(
851 mDnsClient.SetResolversForNetwork(servers_for_t2, kDefaultSearchDomains, params));
852 ScopedAddrinfo result = safe_getaddrinfo(host_name_deferred, nullptr, &hints);
853 EXPECT_TRUE(t3_task_done);
854 EXPECT_EQ(0U, GetNumQueries(dns2, host_name_deferred));
855 EXPECT_TRUE(result != nullptr);
856 EXPECT_EQ("1.2.3.4", ToString(result));
857
858 std::vector<std::string> res_servers;
859 std::vector<std::string> res_domains;
860 std::vector<std::string> res_tls_servers;
861 res_params res_params;
862 std::vector<ResolverStats> res_stats;
863 int wait_for_pending_req_timeout_count;
864 ASSERT_TRUE(DnsResponderClient::GetResolverInfo(
865 mDnsClient.resolvService(), TEST_NETID, &res_servers, &res_domains,
866 &res_tls_servers, &res_params, &res_stats, &wait_for_pending_req_timeout_count));
867 EXPECT_EQ(0, wait_for_pending_req_timeout_count);
868 });
869
870 // ensuring t2 and t3 handler functions are processed in order
871 usleep(100 * 1000);
872 std::thread t3([&, this]() {
873 ASSERT_TRUE(
874 mDnsClient.SetResolversForNetwork(servers_for_t3, kDefaultSearchDomains, params));
875 ScopedAddrinfo result = safe_getaddrinfo(host_name_normal, nullptr, &hints);
876 EXPECT_EQ(1U, GetNumQueries(dns1, host_name_deferred));
877 EXPECT_EQ(0U, GetNumQueries(dns2, host_name_deferred));
878 EXPECT_EQ(1U, GetNumQueries(dns3, host_name_normal));
879 EXPECT_TRUE(result != nullptr);
880 EXPECT_EQ("1.2.3.5", ToString(result));
881
882 t3_task_done = true;
883 dns1.setDeferredResp(false);
884 });
885 t3.join();
886 t1.join();
887 t2.join();
888 }
889
TEST_F(ResolverTest,GetAddrInfo_cnames)890 TEST_F(ResolverTest, GetAddrInfo_cnames) {
891 constexpr char host_name[] = "host.example.com.";
892 test::DNSResponder dns;
893 const std::vector<DnsRecord> records = {
894 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
895 {"a.example.com.", ns_type::ns_t_cname, "b.example.com."},
896 {"b.example.com.", ns_type::ns_t_cname, "c.example.com."},
897 {"c.example.com.", ns_type::ns_t_cname, "d.example.com."},
898 {"d.example.com.", ns_type::ns_t_cname, "e.example.com."},
899 {"e.example.com.", ns_type::ns_t_cname, host_name},
900 {host_name, ns_type::ns_t_a, "1.2.3.3"},
901 {host_name, ns_type::ns_t_aaaa, "2001:db8::42"},
902 };
903 StartDns(dns, records);
904 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
905
906 addrinfo hints = {.ai_family = AF_INET};
907 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
908 EXPECT_TRUE(result != nullptr);
909 EXPECT_EQ("1.2.3.3", ToString(result));
910
911 dns.clearQueries();
912 hints = {.ai_family = AF_INET6};
913 result = safe_getaddrinfo("hello", nullptr, &hints);
914 EXPECT_TRUE(result != nullptr);
915 EXPECT_EQ("2001:db8::42", ToString(result));
916 }
917
TEST_F(ResolverTest,GetAddrInfo_cnamesNoIpAddress)918 TEST_F(ResolverTest, GetAddrInfo_cnamesNoIpAddress) {
919 test::DNSResponder dns;
920 const std::vector<DnsRecord> records = {
921 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
922 };
923 StartDns(dns, records);
924 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
925
926 addrinfo hints = {.ai_family = AF_INET};
927 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
928 EXPECT_TRUE(result == nullptr);
929
930 dns.clearQueries();
931 hints = {.ai_family = AF_INET6};
932 result = safe_getaddrinfo("hello", nullptr, &hints);
933 EXPECT_TRUE(result == nullptr);
934 }
935
TEST_F(ResolverTest,GetAddrInfo_cnamesIllegalRdata)936 TEST_F(ResolverTest, GetAddrInfo_cnamesIllegalRdata) {
937 test::DNSResponder dns;
938 const std::vector<DnsRecord> records = {
939 {kHelloExampleCom, ns_type::ns_t_cname, ".!#?"},
940 };
941 StartDns(dns, records);
942 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
943
944 addrinfo hints = {.ai_family = AF_INET};
945 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
946 EXPECT_TRUE(result == nullptr);
947
948 dns.clearQueries();
949 hints = {.ai_family = AF_INET6};
950 result = safe_getaddrinfo("hello", nullptr, &hints);
951 EXPECT_TRUE(result == nullptr);
952 }
953
TEST_F(ResolverTest,GetAddrInfoForCaseInSensitiveDomains)954 TEST_F(ResolverTest, GetAddrInfoForCaseInSensitiveDomains) {
955 test::DNSResponder dns;
956 const char* host_name = "howdy.example.com.";
957 const char* host_name2 = "HOWDY.example.com.";
958 const std::vector<DnsRecord> records = {
959 {host_name, ns_type::ns_t_a, "1.2.3.4"},
960 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
961 {host_name2, ns_type::ns_t_a, "1.2.3.5"},
962 {host_name2, ns_type::ns_t_aaaa, "::1.2.3.5"},
963 };
964 StartDns(dns, records);
965 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
966
967 ScopedAddrinfo hostname_result = safe_getaddrinfo("howdy", nullptr, nullptr);
968 EXPECT_TRUE(hostname_result != nullptr);
969 const size_t hostname1_count_after_first_query = GetNumQueries(dns, host_name);
970 EXPECT_LE(1U, hostname1_count_after_first_query);
971 // Could be A or AAAA
972 std::string hostname_result_str = ToString(hostname_result);
973 EXPECT_TRUE(hostname_result_str == "1.2.3.4" || hostname_result_str == "::1.2.3.4");
974
975 // Verify that the name is cached.
976 ScopedAddrinfo hostname2_result = safe_getaddrinfo("HOWDY", nullptr, nullptr);
977 EXPECT_TRUE(hostname2_result != nullptr);
978 const size_t hostname1_count_after_second_query = GetNumQueries(dns, host_name);
979 EXPECT_LE(1U, hostname1_count_after_second_query);
980
981 // verify that there is no change in num of queries for howdy.example.com
982 EXPECT_EQ(hostname1_count_after_first_query, hostname1_count_after_second_query);
983
984 // Number of queries for HOWDY.example.com would be >= 1 if domain names
985 // are considered case-sensitive, else number of queries should be 0.
986 const size_t hostname2_count = GetNumQueries(dns, host_name2);
987 EXPECT_EQ(0U,hostname2_count);
988 std::string hostname2_result_str = ToString(hostname2_result);
989 EXPECT_TRUE(hostname2_result_str == "1.2.3.4" || hostname2_result_str == "::1.2.3.4");
990
991 // verify that the result is still the same address even though
992 // mixed-case string is not in the DNS
993 ScopedAddrinfo result = safe_getaddrinfo("HowDY", nullptr, nullptr);
994 EXPECT_TRUE(result != nullptr);
995 std::string result_str = ToString(result);
996 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4");
997 }
998
TEST_F(ResolverTest,MultidomainResolution)999 TEST_F(ResolverTest, MultidomainResolution) {
1000 constexpr char host_name[] = "nihao.example2.com.";
1001 std::vector<std::string> searchDomains = {"example1.com", "example2.com", "example3.com"};
1002
1003 test::DNSResponder dns("127.0.0.6");
1004 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.3"}});
1005 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({"127.0.0.6"}, searchDomains));
1006
1007 const hostent* result = gethostbyname("nihao");
1008
1009 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
1010 ASSERT_FALSE(result == nullptr);
1011 ASSERT_EQ(4, result->h_length);
1012 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
1013 EXPECT_EQ("1.2.3.3", ToString(result));
1014 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
1015 }
1016
TEST_F(ResolverTest,GetAddrInfoV6_numeric)1017 TEST_F(ResolverTest, GetAddrInfoV6_numeric) {
1018 constexpr char host_name[] = "ohayou.example.com.";
1019 constexpr char numeric_addr[] = "fe80::1%lo";
1020
1021 test::DNSResponder dns;
1022 dns.setResponseProbability(0.0);
1023 StartDns(dns, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1024 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1025
1026 addrinfo hints = {.ai_family = AF_INET6};
1027 ScopedAddrinfo result = safe_getaddrinfo(numeric_addr, nullptr, &hints);
1028 EXPECT_TRUE(result != nullptr);
1029 EXPECT_EQ(numeric_addr, ToString(result));
1030 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
1031
1032 // Now try a non-numeric hostname query with the AI_NUMERICHOST flag set.
1033 // We should fail without sending out a DNS query.
1034 hints.ai_flags |= AI_NUMERICHOST;
1035 result = safe_getaddrinfo(host_name, nullptr, &hints);
1036 EXPECT_TRUE(result == nullptr);
1037 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
1038 }
1039
TEST_F(ResolverTest,GetAddrInfoV6_failing)1040 TEST_F(ResolverTest, GetAddrInfoV6_failing) {
1041 constexpr char listen_addr0[] = "127.0.0.7";
1042 constexpr char listen_addr1[] = "127.0.0.8";
1043 const char* host_name = "ohayou.example.com.";
1044
1045 test::DNSResponder dns0(listen_addr0);
1046 test::DNSResponder dns1(listen_addr1);
1047 dns0.setResponseProbability(0.0);
1048 StartDns(dns0, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1049 StartDns(dns1, {{host_name, ns_type::ns_t_aaaa, "2001:db8::6"}});
1050
1051 std::vector<std::string> servers = {listen_addr0, listen_addr1};
1052 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
1053 int sample_count = 8;
1054 const std::vector<int> params = {300, 25, sample_count, sample_count};
1055 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, kDefaultSearchDomains, params));
1056
1057 // Repeatedly perform resolutions for non-existing domains until MAXNSSAMPLES resolutions have
1058 // reached the dns0, which is set to fail. No more requests should then arrive at that server
1059 // for the next sample_lifetime seconds.
1060 // TODO: This approach is implementation-dependent, change once metrics reporting is available.
1061 const addrinfo hints = {.ai_family = AF_INET6};
1062 for (int i = 0; i < sample_count; ++i) {
1063 std::string domain = fmt::format("nonexistent{}", i);
1064 ScopedAddrinfo result = safe_getaddrinfo(domain.c_str(), nullptr, &hints);
1065 }
1066 // Due to 100% errors for all possible samples, the server should be ignored from now on and
1067 // only the second one used for all following queries, until NSSAMPLE_VALIDITY is reached.
1068 dns0.clearQueries();
1069 dns1.clearQueries();
1070 ScopedAddrinfo result = safe_getaddrinfo("ohayou", nullptr, &hints);
1071 EXPECT_TRUE(result != nullptr);
1072 EXPECT_EQ(0U, GetNumQueries(dns0, host_name));
1073 EXPECT_EQ(1U, GetNumQueries(dns1, host_name));
1074 }
1075
TEST_F(ResolverTest,GetAddrInfoV6_nonresponsive)1076 TEST_F(ResolverTest, GetAddrInfoV6_nonresponsive) {
1077 constexpr char listen_addr0[] = "127.0.0.7";
1078 constexpr char listen_addr1[] = "127.0.0.8";
1079 constexpr char listen_srv[] = "53";
1080 constexpr char host_name1[] = "ohayou.example.com.";
1081 constexpr char host_name2[] = "ciao.example.com.";
1082 const std::vector<std::string> defaultSearchDomain = {"example.com"};
1083 // The minimal timeout is 1000ms, so we can't decrease timeout
1084 // So reduce retry count.
1085 const std::vector<int> reduceRetryParams = {
1086 300, // sample validity in seconds
1087 25, // success threshod in percent
1088 8, 8, // {MIN,MAX}_SAMPLES
1089 1000, // BASE_TIMEOUT_MSEC
1090 1, // retry count
1091 };
1092 const std::vector<DnsRecord> records0 = {
1093 {host_name1, ns_type::ns_t_aaaa, "2001:db8::5"},
1094 {host_name2, ns_type::ns_t_aaaa, "2001:db8::5"},
1095 };
1096 const std::vector<DnsRecord> records1 = {
1097 {host_name1, ns_type::ns_t_aaaa, "2001:db8::6"},
1098 {host_name2, ns_type::ns_t_aaaa, "2001:db8::6"},
1099 };
1100
1101 // dns0 does not respond with 100% probability, while
1102 // dns1 responds normally, at least initially.
1103 test::DNSResponder dns0(listen_addr0, listen_srv, static_cast<ns_rcode>(-1));
1104 test::DNSResponder dns1(listen_addr1, listen_srv, static_cast<ns_rcode>(-1));
1105 dns0.setResponseProbability(0.0);
1106 StartDns(dns0, records0);
1107 StartDns(dns1, records1);
1108 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr0, listen_addr1}, defaultSearchDomain,
1109 reduceRetryParams));
1110
1111 // Specify ai_socktype to make getaddrinfo will only query 1 time
1112 const addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_STREAM};
1113
1114 // dns0 will ignore the request, and we'll fallback to dns1 after the first
1115 // retry.
1116 ScopedAddrinfo result = safe_getaddrinfo(host_name1, nullptr, &hints);
1117 EXPECT_TRUE(result != nullptr);
1118 EXPECT_EQ(1U, GetNumQueries(dns0, host_name1));
1119 EXPECT_EQ(1U, GetNumQueries(dns1, host_name1));
1120 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, 0, host_name1, {"2001:db8::6"});
1121
1122 // Now make dns1 also ignore 100% requests... The resolve should alternate
1123 // queries between the nameservers and fail
1124 dns1.setResponseProbability(0.0);
1125 addrinfo* result2 = nullptr;
1126 EXPECT_EQ(EAI_NODATA, getaddrinfo(host_name2, nullptr, &hints, &result2));
1127 EXPECT_EQ(nullptr, result2);
1128 EXPECT_EQ(1U, GetNumQueries(dns0, host_name2));
1129 EXPECT_EQ(1U, GetNumQueries(dns1, host_name2));
1130 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, RCODE_TIMEOUT, host_name2, {});
1131 }
1132
TEST_F(ResolverTest,GetAddrInfoV6_concurrent)1133 TEST_F(ResolverTest, GetAddrInfoV6_concurrent) {
1134 constexpr char listen_addr0[] = "127.0.0.9";
1135 constexpr char listen_addr1[] = "127.0.0.10";
1136 constexpr char listen_addr2[] = "127.0.0.11";
1137 constexpr char host_name[] = "konbanha.example.com.";
1138
1139 test::DNSResponder dns0(listen_addr0);
1140 test::DNSResponder dns1(listen_addr1);
1141 test::DNSResponder dns2(listen_addr2);
1142 StartDns(dns0, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1143 StartDns(dns1, {{host_name, ns_type::ns_t_aaaa, "2001:db8::6"}});
1144 StartDns(dns2, {{host_name, ns_type::ns_t_aaaa, "2001:db8::7"}});
1145
1146 const std::vector<std::string> servers = {listen_addr0, listen_addr1, listen_addr2};
1147 std::vector<std::thread> threads(10);
1148 for (std::thread& thread : threads) {
1149 thread = std::thread([this, &servers]() {
1150 unsigned delay = arc4random_uniform(1 * 1000 * 1000); // <= 1s
1151 usleep(delay);
1152 std::vector<std::string> serverSubset;
1153 for (const auto& server : servers) {
1154 if (arc4random_uniform(2)) {
1155 serverSubset.push_back(server);
1156 }
1157 }
1158 if (serverSubset.empty()) serverSubset = servers;
1159 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(serverSubset));
1160 const addrinfo hints = {.ai_family = AF_INET6};
1161 addrinfo* result = nullptr;
1162 int rv = getaddrinfo("konbanha", nullptr, &hints, &result);
1163 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
1164 if (result) {
1165 freeaddrinfo(result);
1166 result = nullptr;
1167 }
1168 });
1169 }
1170 for (std::thread& thread : threads) {
1171 thread.join();
1172 }
1173
1174 std::vector<std::string> res_servers;
1175 std::vector<std::string> res_domains;
1176 std::vector<std::string> res_tls_servers;
1177 res_params res_params;
1178 std::vector<ResolverStats> res_stats;
1179 int wait_for_pending_req_timeout_count;
1180 ASSERT_TRUE(DnsResponderClient::GetResolverInfo(
1181 mDnsClient.resolvService(), TEST_NETID, &res_servers, &res_domains, &res_tls_servers,
1182 &res_params, &res_stats, &wait_for_pending_req_timeout_count));
1183 EXPECT_EQ(0, wait_for_pending_req_timeout_count);
1184 }
1185
TEST_F(ResolverTest,SkipBadServersDueToInternalError)1186 TEST_F(ResolverTest, SkipBadServersDueToInternalError) {
1187 constexpr char listen_addr1[] = "fe80::1";
1188 constexpr char listen_addr2[] = "255.255.255.255";
1189 constexpr char listen_addr3[] = "127.0.0.3";
1190 int counter = 0; // To generate unique hostnames.
1191 test::DNSResponder dns(listen_addr3);
1192 ASSERT_TRUE(dns.startServer());
1193
1194 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1195 setupParams.servers = {listen_addr1, listen_addr2, listen_addr3};
1196 setupParams.minSamples = 2; // Recognize bad servers in two attempts when sorting not enabled.
1197
1198 ResolverParamsParcel cleanupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1199 cleanupParams.servers.clear();
1200 cleanupParams.tlsServers.clear();
1201
1202 for (const auto& sortNameserversFlag : {"" /* unset */, "0" /* off */, "1" /* on */}) {
1203 SCOPED_TRACE(fmt::format("sortNameversFlag_{}", sortNameserversFlag));
1204 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, sortNameserversFlag);
1205
1206 // Re-setup test network to make experiment flag take effect.
1207 resetNetwork();
1208
1209 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
1210
1211 // Start sending synchronized querying.
1212 for (int i = 0; i < 100; i++) {
1213 std::string hostName = fmt::format("hello{}.com.", counter++);
1214 dns.addMapping(hostName, ns_type::ns_t_a, "1.2.3.4");
1215 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1216 EXPECT_TRUE(safe_getaddrinfo(hostName.c_str(), nullptr, &hints) != nullptr);
1217 }
1218
1219 const std::vector<NameserverStats> targetStats = {
1220 NameserverStats(listen_addr1).setInternalErrors(5),
1221 NameserverStats(listen_addr2).setInternalErrors(5),
1222 NameserverStats(listen_addr3).setSuccesses(setupParams.maxSamples),
1223 };
1224 EXPECT_TRUE(expectStatsNotGreaterThan(targetStats));
1225
1226 // Also verify the number of queries received in the server because res_stats.successes has
1227 // a maximum.
1228 EXPECT_EQ(dns.queries().size(), 100U);
1229
1230 // Reset the state.
1231 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(cleanupParams));
1232 dns.clearQueries();
1233 }
1234 }
1235
TEST_F(ResolverTest,SkipBadServersDueToTimeout)1236 TEST_F(ResolverTest, SkipBadServersDueToTimeout) {
1237 constexpr char listen_addr1[] = "127.0.0.3";
1238 constexpr char listen_addr2[] = "127.0.0.4";
1239 int counter = 0; // To generate unique hostnames.
1240
1241 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1242 setupParams.servers = {listen_addr1, listen_addr2};
1243 setupParams.minSamples = 2; // Recognize bad servers in two attempts when sorting not enabled.
1244
1245 ResolverParamsParcel cleanupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1246 cleanupParams.servers.clear();
1247 cleanupParams.tlsServers.clear();
1248
1249 // Set dns1 non-responsive and dns2 workable.
1250 test::DNSResponder dns1(listen_addr1, test::kDefaultListenService, static_cast<ns_rcode>(-1));
1251 test::DNSResponder dns2(listen_addr2);
1252 dns1.setResponseProbability(0.0);
1253 ASSERT_TRUE(dns1.startServer());
1254 ASSERT_TRUE(dns2.startServer());
1255
1256 for (const auto& sortNameserversFlag : {"" /* unset */, "0" /* off */, "1" /* on */}) {
1257 SCOPED_TRACE(fmt::format("sortNameversFlag_{}", sortNameserversFlag));
1258 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, sortNameserversFlag);
1259
1260 // Re-setup test network to make experiment flag take effect.
1261 resetNetwork();
1262
1263 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
1264
1265 // Start sending synchronized querying.
1266 for (int i = 0; i < 100; i++) {
1267 std::string hostName = fmt::format("hello{}.com.", counter++);
1268 dns1.addMapping(hostName, ns_type::ns_t_a, "1.2.3.4");
1269 dns2.addMapping(hostName, ns_type::ns_t_a, "1.2.3.5");
1270 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1271 EXPECT_TRUE(safe_getaddrinfo(hostName.c_str(), nullptr, &hints) != nullptr);
1272 }
1273
1274 const std::vector<NameserverStats> targetStats = {
1275 NameserverStats(listen_addr1).setTimeouts(5),
1276 NameserverStats(listen_addr2).setSuccesses(setupParams.maxSamples),
1277 };
1278 EXPECT_TRUE(expectStatsNotGreaterThan(targetStats));
1279
1280 // Also verify the number of queries received in the server because res_stats.successes has
1281 // an upper bound.
1282 EXPECT_GT(dns1.queries().size(), 0U);
1283 EXPECT_LT(dns1.queries().size(), 5U);
1284 EXPECT_EQ(dns2.queries().size(), 100U);
1285
1286 // Reset the state.
1287 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(cleanupParams));
1288 dns1.clearQueries();
1289 dns2.clearQueries();
1290 }
1291 }
1292
TEST_F(ResolverTest,GetAddrInfoFromCustTable_InvalidInput)1293 TEST_F(ResolverTest, GetAddrInfoFromCustTable_InvalidInput) {
1294 constexpr char hostnameNoip[] = "noip.example.com.";
1295 constexpr char hostnameInvalidip[] = "invalidip.example.com.";
1296 const std::vector<aidl::android::net::ResolverHostsParcel> invalidCustHosts = {
1297 {"", hostnameNoip},
1298 {"wrong IP", hostnameInvalidip},
1299 };
1300 test::DNSResponder dns;
1301 StartDns(dns, {});
1302 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1303
1304 ResolverOptionsParcel resolverOptions;
1305 resolverOptions.hosts = invalidCustHosts;
1306 if (!mIsResolverOptionIPCSupported) {
1307 resolverParams.resolverOptions = resolverOptions;
1308 }
1309 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1310 if (mIsResolverOptionIPCSupported) {
1311 ASSERT_TRUE(mDnsClient.resolvService()
1312 ->setResolverOptions(resolverParams.netId, resolverOptions)
1313 .isOk());
1314 }
1315 for (const auto& hostname : {hostnameNoip, hostnameInvalidip}) {
1316 // The query won't get data from customized table because of invalid customized table
1317 // and DNSResponder also has no records. hostnameNoip has never registered and
1318 // hostnameInvalidip has registered but wrong IP.
1319 const addrinfo hints = {.ai_family = AF_UNSPEC};
1320 ScopedAddrinfo result = safe_getaddrinfo(hostname, nullptr, &hints);
1321 ASSERT_TRUE(result == nullptr);
1322 EXPECT_EQ(4U, GetNumQueries(dns, hostname));
1323 }
1324 }
1325
TEST_F(ResolverTest,GetAddrInfoFromCustTable)1326 TEST_F(ResolverTest, GetAddrInfoFromCustTable) {
1327 constexpr char hostnameV4[] = "v4only.example.com.";
1328 constexpr char hostnameV6[] = "v6only.example.com.";
1329 constexpr char hostnameV4V6[] = "v4v6.example.com.";
1330 constexpr char custAddrV4[] = "1.2.3.4";
1331 constexpr char custAddrV6[] = "::1.2.3.4";
1332 constexpr char dnsSvAddrV4[] = "1.2.3.5";
1333 constexpr char dnsSvAddrV6[] = "::1.2.3.5";
1334 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4 = {
1335 {custAddrV4, hostnameV4},
1336 };
1337 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV6 = {
1338 {custAddrV6, hostnameV6},
1339 };
1340 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4V6 = {
1341 {custAddrV4, hostnameV4V6},
1342 {custAddrV6, hostnameV4V6},
1343 };
1344 const std::vector<DnsRecord> dnsSvHostV4 = {
1345 {hostnameV4, ns_type::ns_t_a, dnsSvAddrV4},
1346 };
1347 const std::vector<DnsRecord> dnsSvHostV6 = {
1348 {hostnameV6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1349 };
1350 const std::vector<DnsRecord> dnsSvHostV4V6 = {
1351 {hostnameV4V6, ns_type::ns_t_a, dnsSvAddrV4},
1352 {hostnameV4V6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1353 };
1354 struct TestConfig {
1355 const std::string name;
1356 const std::vector<aidl::android::net::ResolverHostsParcel> customizedHosts;
1357 const std::vector<DnsRecord> dnsserverHosts;
1358 const std::vector<std::string> queryResult;
1359 std::string asParameters() const {
1360 return fmt::format("name: {}, customizedHosts: {}, dnsserverHosts: {}", name,
1361 customizedHosts.empty() ? "No" : "Yes",
1362 dnsserverHosts.empty() ? "No" : "Yes");
1363 }
1364 } testConfigs[]{
1365 // clang-format off
1366 {hostnameV4, {}, {}, {}},
1367 {hostnameV4, {}, dnsSvHostV4, {dnsSvAddrV4}},
1368 {hostnameV4, custHostV4, {}, {custAddrV4}},
1369 {hostnameV4, custHostV4, dnsSvHostV4, {custAddrV4}},
1370 {hostnameV6, {}, {}, {}},
1371 {hostnameV6, {}, dnsSvHostV6, {dnsSvAddrV6}},
1372 {hostnameV6, custHostV6, {}, {custAddrV6}},
1373 {hostnameV6, custHostV6, dnsSvHostV6, {custAddrV6}},
1374 {hostnameV4V6, {}, {}, {}},
1375 {hostnameV4V6, {}, dnsSvHostV4V6, {dnsSvAddrV4, dnsSvAddrV6}},
1376 {hostnameV4V6, custHostV4V6, {}, {custAddrV4, custAddrV6}},
1377 {hostnameV4V6, custHostV4V6, dnsSvHostV4V6, {custAddrV4, custAddrV6}},
1378 // clang-format on
1379 };
1380
1381 for (const auto& config : testConfigs) {
1382 SCOPED_TRACE(config.asParameters());
1383
1384 test::DNSResponder dns;
1385 StartDns(dns, config.dnsserverHosts);
1386
1387 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1388 ResolverOptionsParcel resolverOptions;
1389 resolverOptions.hosts = config.customizedHosts;
1390 if (!mIsResolverOptionIPCSupported) {
1391 resolverParams.resolverOptions = resolverOptions;
1392 }
1393 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1394
1395 if (mIsResolverOptionIPCSupported) {
1396 ASSERT_TRUE(mDnsClient.resolvService()
1397 ->setResolverOptions(resolverParams.netId, resolverOptions)
1398 .isOk());
1399 }
1400 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1401 ScopedAddrinfo result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
1402 if (config.customizedHosts.empty() && config.dnsserverHosts.empty()) {
1403 ASSERT_TRUE(result == nullptr);
1404 EXPECT_EQ(2U, GetNumQueries(dns, config.name.c_str()));
1405 } else {
1406 ASSERT_TRUE(result != nullptr);
1407 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.queryResult));
1408 EXPECT_EQ(config.customizedHosts.empty() ? 2U : 0U,
1409 GetNumQueries(dns, config.name.c_str()));
1410 }
1411
1412 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
1413 }
1414 }
1415
TEST_F(ResolverTest,GetAddrInfoFromCustTable_Modify)1416 TEST_F(ResolverTest, GetAddrInfoFromCustTable_Modify) {
1417 constexpr char hostnameV4V6[] = "v4v6.example.com.";
1418 constexpr char custAddrV4[] = "1.2.3.4";
1419 constexpr char custAddrV6[] = "::1.2.3.4";
1420 constexpr char dnsSvAddrV4[] = "1.2.3.5";
1421 constexpr char dnsSvAddrV6[] = "::1.2.3.5";
1422 const std::vector<DnsRecord> dnsSvHostV4V6 = {
1423 {hostnameV4V6, ns_type::ns_t_a, dnsSvAddrV4},
1424 {hostnameV4V6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1425 };
1426 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4V6 = {
1427 {custAddrV4, hostnameV4V6},
1428 {custAddrV6, hostnameV4V6},
1429 };
1430 test::DNSResponder dns;
1431 StartDns(dns, dnsSvHostV4V6);
1432 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1433
1434 ResolverOptionsParcel resolverOptions;
1435 resolverOptions.hosts = custHostV4V6;
1436 if (!mIsResolverOptionIPCSupported) {
1437 resolverParams.resolverOptions = resolverOptions;
1438 }
1439 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1440
1441 if (mIsResolverOptionIPCSupported) {
1442 ASSERT_TRUE(mDnsClient.resolvService()
1443 ->setResolverOptions(resolverParams.netId, resolverOptions)
1444 .isOk());
1445 }
1446
1447 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1448 ScopedAddrinfo result = safe_getaddrinfo(hostnameV4V6, nullptr, &hints);
1449 ASSERT_TRUE(result != nullptr);
1450 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray({custAddrV4, custAddrV6}));
1451 EXPECT_EQ(0U, GetNumQueries(dns, hostnameV4V6));
1452
1453 resolverOptions.hosts = {};
1454 if (!mIsResolverOptionIPCSupported) {
1455 resolverParams.resolverOptions = resolverOptions;
1456 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1457 } else {
1458 ASSERT_TRUE(mDnsClient.resolvService()
1459 ->setResolverOptions(resolverParams.netId, resolverOptions)
1460 .isOk());
1461 }
1462 result = safe_getaddrinfo(hostnameV4V6, nullptr, &hints);
1463 ASSERT_TRUE(result != nullptr);
1464 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray({dnsSvAddrV4, dnsSvAddrV6}));
1465 EXPECT_EQ(2U, GetNumQueries(dns, hostnameV4V6));
1466 }
1467
TEST_F(ResolverTest,EmptySetup)1468 TEST_F(ResolverTest, EmptySetup) {
1469 std::vector<std::string> servers;
1470 std::vector<std::string> domains;
1471 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1472 std::vector<std::string> res_servers;
1473 std::vector<std::string> res_domains;
1474 std::vector<std::string> res_tls_servers;
1475 res_params res_params;
1476 std::vector<ResolverStats> res_stats;
1477 int wait_for_pending_req_timeout_count;
1478 ASSERT_TRUE(DnsResponderClient::GetResolverInfo(
1479 mDnsClient.resolvService(), TEST_NETID, &res_servers, &res_domains, &res_tls_servers,
1480 &res_params, &res_stats, &wait_for_pending_req_timeout_count));
1481 EXPECT_EQ(0U, res_servers.size());
1482 EXPECT_EQ(0U, res_domains.size());
1483 EXPECT_EQ(0U, res_tls_servers.size());
1484 ASSERT_EQ(static_cast<size_t>(IDnsResolver::RESOLVER_PARAMS_COUNT), kDefaultParams.size());
1485 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_SAMPLE_VALIDITY],
1486 res_params.sample_validity);
1487 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
1488 res_params.success_threshold);
1489 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
1490 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
1491 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
1492 res_params.base_timeout_msec);
1493 EXPECT_EQ(kDefaultParams[IDnsResolver::RESOLVER_PARAMS_RETRY_COUNT], res_params.retry_count);
1494 }
1495
TEST_F(ResolverTest,SearchPathChange)1496 TEST_F(ResolverTest, SearchPathChange) {
1497 constexpr char listen_addr[] = "127.0.0.13";
1498 constexpr char host_name1[] = "test13.domain1.org.";
1499 constexpr char host_name2[] = "test13.domain2.org.";
1500 std::vector<std::string> servers = {listen_addr};
1501 std::vector<std::string> domains = {"domain1.org"};
1502
1503 const std::vector<DnsRecord> records = {
1504 {host_name1, ns_type::ns_t_aaaa, "2001:db8::13"},
1505 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13"},
1506 };
1507 test::DNSResponder dns(listen_addr);
1508 StartDns(dns, records);
1509 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1510
1511 const addrinfo hints = {.ai_family = AF_INET6};
1512 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
1513 EXPECT_TRUE(result != nullptr);
1514 EXPECT_EQ(1U, dns.queries().size());
1515 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
1516 EXPECT_EQ("2001:db8::13", ToString(result));
1517
1518 // Test that changing the domain search path on its own works.
1519 domains = {"domain2.org"};
1520 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1521 dns.clearQueries();
1522
1523 result = safe_getaddrinfo("test13", nullptr, &hints);
1524 EXPECT_TRUE(result != nullptr);
1525 EXPECT_EQ(1U, dns.queries().size());
1526 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
1527 EXPECT_EQ("2001:db8::1:13", ToString(result));
1528 }
1529
1530 namespace {
1531
getResolverDomains(aidl::android::net::IDnsResolver * dnsResolverService,unsigned netId)1532 std::vector<std::string> getResolverDomains(aidl::android::net::IDnsResolver* dnsResolverService,
1533 unsigned netId) {
1534 std::vector<std::string> res_servers;
1535 std::vector<std::string> res_domains;
1536 std::vector<std::string> res_tls_servers;
1537 res_params res_params;
1538 std::vector<ResolverStats> res_stats;
1539 int wait_for_pending_req_timeout_count;
1540 DnsResponderClient::GetResolverInfo(dnsResolverService, netId, &res_servers, &res_domains,
1541 &res_tls_servers, &res_params, &res_stats,
1542 &wait_for_pending_req_timeout_count);
1543 return res_domains;
1544 }
1545
1546 } // namespace
1547
TEST_F(ResolverTest,SearchPathPrune)1548 TEST_F(ResolverTest, SearchPathPrune) {
1549 constexpr size_t DUPLICATED_DOMAIN_NUM = 3;
1550 constexpr char listen_addr[] = "127.0.0.13";
1551 constexpr char domian_name1[] = "domain13.org.";
1552 constexpr char domian_name2[] = "domain14.org.";
1553 constexpr char host_name1[] = "test13.domain13.org.";
1554 constexpr char host_name2[] = "test14.domain14.org.";
1555 std::vector<std::string> servers = {listen_addr};
1556
1557 std::vector<std::string> testDomains1;
1558 std::vector<std::string> testDomains2;
1559 // Domain length should be <= 255
1560 // Max number of domains in search path is 6
1561 for (size_t i = 0; i < MAXDNSRCH + 1; i++) {
1562 // Fill up with invalid domain
1563 testDomains1.push_back(std::string(300, i + '0'));
1564 // Fill up with valid but duplicated domain
1565 testDomains2.push_back(fmt::format("domain{}.org", i % DUPLICATED_DOMAIN_NUM));
1566 }
1567
1568 // Add valid domain used for query.
1569 testDomains1.push_back(domian_name1);
1570
1571 // Add valid domain twice used for query.
1572 testDomains2.push_back(domian_name2);
1573 testDomains2.push_back(domian_name2);
1574
1575 const std::vector<DnsRecord> records = {
1576 {host_name1, ns_type::ns_t_aaaa, "2001:db8::13"},
1577 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13"},
1578 };
1579 test::DNSResponder dns(listen_addr);
1580 StartDns(dns, records);
1581 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, testDomains1));
1582
1583 const addrinfo hints = {.ai_family = AF_INET6};
1584 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
1585
1586 EXPECT_TRUE(result != nullptr);
1587
1588 EXPECT_EQ(1U, dns.queries().size());
1589 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
1590 EXPECT_EQ("2001:db8::13", ToString(result));
1591
1592 const auto& res_domains1 = getResolverDomains(mDnsClient.resolvService(), TEST_NETID);
1593 // Expect 1 valid domain, invalid domains are removed.
1594 ASSERT_EQ(1U, res_domains1.size());
1595 EXPECT_EQ(domian_name1, res_domains1[0]);
1596
1597 dns.clearQueries();
1598
1599 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, testDomains2));
1600
1601 result = safe_getaddrinfo("test14", nullptr, &hints);
1602 EXPECT_TRUE(result != nullptr);
1603
1604 // (3 domains * 2 retries) + 1 success query = 7
1605 EXPECT_EQ(7U, dns.queries().size());
1606 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
1607 EXPECT_EQ("2001:db8::1:13", ToString(result));
1608
1609 const auto& res_domains2 = getResolverDomains(mDnsClient.resolvService(), TEST_NETID);
1610 // Expect 4 valid domain, duplicate domains are removed.
1611 EXPECT_EQ(DUPLICATED_DOMAIN_NUM + 1U, res_domains2.size());
1612 EXPECT_THAT(
1613 std::vector<std::string>({"domain0.org", "domain1.org", "domain2.org", domian_name2}),
1614 testing::ElementsAreArray(res_domains2));
1615 }
1616
1617 // If we move this function to dns_responder_client, it will complicate the dependency need of
1618 // dns_tls_frontend.h.
setupTlsServers(const std::vector<std::string> & servers,std::vector<std::unique_ptr<test::DnsTlsFrontend>> * tls)1619 static void setupTlsServers(const std::vector<std::string>& servers,
1620 std::vector<std::unique_ptr<test::DnsTlsFrontend>>* tls) {
1621 constexpr char listen_udp[] = "53";
1622 constexpr char listen_tls[] = "853";
1623
1624 for (const auto& server : servers) {
1625 auto t = std::make_unique<test::DnsTlsFrontend>(server, listen_tls, server, listen_udp);
1626 t = std::make_unique<test::DnsTlsFrontend>(server, listen_tls, server, listen_udp);
1627 t->startServer();
1628 tls->push_back(std::move(t));
1629 }
1630 }
1631
TEST_F(ResolverTest,MaxServerPrune_Binder)1632 TEST_F(ResolverTest, MaxServerPrune_Binder) {
1633 std::vector<std::string> domains;
1634 std::vector<std::unique_ptr<test::DNSResponder>> dns;
1635 std::vector<std::unique_ptr<test::DnsTlsFrontend>> tls;
1636 std::vector<std::string> servers;
1637 std::vector<DnsResponderClient::Mapping> mappings;
1638
1639 for (unsigned i = 0; i < MAXDNSRCH + 1; i++) {
1640 domains.push_back(fmt::format("example{}.com", i));
1641 }
1642 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupMappings(1, domains, &mappings));
1643 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupDNSServers(MAXNS + 1, mappings, &dns, &servers));
1644 ASSERT_NO_FATAL_FAILURE(setupTlsServers(servers, &tls));
1645
1646 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, domains, kDefaultParams,
1647 kDefaultPrivateDnsHostName));
1648
1649 // If the private DNS validation hasn't completed yet before backend DNS servers stop,
1650 // TLS servers will get stuck in handleOneRequest(), which causes this test stuck in
1651 // ~DnsTlsFrontend() because the TLS server loop threads can't be terminated.
1652 // So, wait for private DNS validation done before stopping backend DNS servers.
1653 for (int i = 0; i < MAXNS; i++) {
1654 LOG(INFO) << "Waiting for private DNS validation on " << tls[i]->listen_address() << ".";
1655 EXPECT_TRUE(WaitForPrivateDnsValidation(tls[i]->listen_address(), true));
1656 LOG(INFO) << "private DNS validation on " << tls[i]->listen_address() << " done.";
1657 }
1658
1659 std::vector<std::string> res_servers;
1660 std::vector<std::string> res_domains;
1661 std::vector<std::string> res_tls_servers;
1662 res_params res_params;
1663 std::vector<ResolverStats> res_stats;
1664 int wait_for_pending_req_timeout_count;
1665 ASSERT_TRUE(DnsResponderClient::GetResolverInfo(
1666 mDnsClient.resolvService(), TEST_NETID, &res_servers, &res_domains, &res_tls_servers,
1667 &res_params, &res_stats, &wait_for_pending_req_timeout_count));
1668
1669 // Check the size of the stats and its contents.
1670 EXPECT_EQ(static_cast<size_t>(MAXNS), res_servers.size());
1671 EXPECT_EQ(static_cast<size_t>(MAXNS), res_tls_servers.size());
1672 EXPECT_EQ(static_cast<size_t>(MAXDNSRCH), res_domains.size());
1673 EXPECT_TRUE(std::equal(servers.begin(), servers.begin() + MAXNS, res_servers.begin()));
1674 EXPECT_TRUE(std::equal(servers.begin(), servers.begin() + MAXNS, res_tls_servers.begin()));
1675 EXPECT_TRUE(std::equal(domains.begin(), domains.begin() + MAXDNSRCH, res_domains.begin()));
1676 }
1677
TEST_F(ResolverTest,ResolverStats)1678 TEST_F(ResolverTest, ResolverStats) {
1679 constexpr char listen_addr1[] = "127.0.0.4";
1680 constexpr char listen_addr2[] = "127.0.0.5";
1681 constexpr char listen_addr3[] = "127.0.0.6";
1682
1683 // Set server 1 timeout.
1684 test::DNSResponder dns1(listen_addr1, "53", static_cast<ns_rcode>(-1));
1685 dns1.setResponseProbability(0.0);
1686 ASSERT_TRUE(dns1.startServer());
1687
1688 // Set server 2 responding server failure.
1689 test::DNSResponder dns2(listen_addr2);
1690 dns2.setResponseProbability(0.0);
1691 ASSERT_TRUE(dns2.startServer());
1692
1693 // Set server 3 workable.
1694 test::DNSResponder dns3(listen_addr3);
1695 dns3.addMapping(kHelloExampleCom, ns_type::ns_t_a, "1.2.3.4");
1696 ASSERT_TRUE(dns3.startServer());
1697
1698 std::vector<std::string> servers = {listen_addr1, listen_addr2, listen_addr3};
1699 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
1700
1701 dns3.clearQueries();
1702 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1703 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1704 size_t found = GetNumQueries(dns3, kHelloExampleCom);
1705 EXPECT_LE(1U, found);
1706 std::string result_str = ToString(result);
1707 EXPECT_TRUE(result_str == "1.2.3.4") << ", result_str='" << result_str << "'";
1708
1709 const std::vector<NameserverStats> expectedCleartextDnsStats = {
1710 NameserverStats(listen_addr1).setTimeouts(1),
1711 NameserverStats(listen_addr2).setErrors(1),
1712 NameserverStats(listen_addr3).setSuccesses(1),
1713 };
1714 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
1715 }
1716
TEST_F(ResolverTest,AlwaysUseLatestSetupParamsInLookups)1717 TEST_F(ResolverTest, AlwaysUseLatestSetupParamsInLookups) {
1718 constexpr char listen_addr1[] = "127.0.0.3";
1719 constexpr char listen_addr2[] = "255.255.255.255";
1720 constexpr char listen_addr3[] = "127.0.0.4";
1721 constexpr char hostname[] = "hello";
1722 constexpr char fqdn_with_search_domain[] = "hello.domain2.com.";
1723
1724 test::DNSResponder dns1(listen_addr1, test::kDefaultListenService, static_cast<ns_rcode>(-1));
1725 dns1.setResponseProbability(0.0);
1726 ASSERT_TRUE(dns1.startServer());
1727
1728 test::DNSResponder dns3(listen_addr3);
1729 StartDns(dns3, {{fqdn_with_search_domain, ns_type::ns_t_a, "1.2.3.4"}});
1730
1731 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
1732 parcel.tlsServers.clear();
1733 parcel.servers = {listen_addr1, listen_addr2};
1734 parcel.domains = {"domain1.com", "domain2.com"};
1735 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1736
1737 // Expect the things happening in t1:
1738 // 1. The lookup starts using the first domain for query. It sends queries to the populated
1739 // nameserver list {listen_addr1, listen_addr2} for the hostname "hello.domain1.com".
1740 // 2. A different list of nameservers is updated to the resolver. Revision ID is incremented.
1741 // 3. The query for the hostname times out. The lookup fails to add the timeout record to the
1742 // the stats because of the unmatched revision ID.
1743 // 4. The lookup starts using the second domain for query. It sends queries to the populated
1744 // nameserver list {listen_addr3, listen_addr1, listen_addr2} for another hostname
1745 // "hello.domain2.com".
1746 // 5. The lookup gets the answer and updates a success record to the stats.
1747 std::thread t1([&hostname]() {
1748 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1749 ScopedAddrinfo result = safe_getaddrinfo(hostname, nullptr, &hints);
1750 EXPECT_NE(result.get(), nullptr);
1751 EXPECT_EQ(ToString(result), "1.2.3.4");
1752 });
1753
1754 // Wait for t1 to start the step 1.
1755 while (dns1.queries().size() == 0) {
1756 usleep(1000);
1757 }
1758
1759 // Update the resolver with three nameservers. This will increment the revision ID.
1760 parcel.servers = {listen_addr3, listen_addr1, listen_addr2};
1761 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1762
1763 t1.join();
1764 EXPECT_EQ(0U, GetNumQueriesForType(dns3, ns_type::ns_t_aaaa, fqdn_with_search_domain));
1765 EXPECT_EQ(1U, GetNumQueriesForType(dns3, ns_type::ns_t_a, fqdn_with_search_domain));
1766
1767 const std::vector<NameserverStats> expectedCleartextDnsStats = {
1768 NameserverStats(listen_addr1),
1769 NameserverStats(listen_addr2),
1770 NameserverStats(listen_addr3).setSuccesses(1),
1771 };
1772 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
1773 }
1774
1775 // Test what happens if the specified TLS server is nonexistent.
TEST_F(ResolverTest,GetHostByName_TlsMissing)1776 TEST_F(ResolverTest, GetHostByName_TlsMissing) {
1777 constexpr char listen_addr[] = "127.0.0.3";
1778 constexpr char host_name[] = "tlsmissing.example.com.";
1779
1780 test::DNSResponder dns;
1781 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.3"}});
1782 std::vector<std::string> servers = {listen_addr};
1783
1784 // There's nothing listening on this address, so validation will either fail or
1785 /// hang. Either way, queries will continue to flow to the DNSResponder.
1786 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams, ""));
1787
1788 const hostent* result;
1789
1790 result = gethostbyname("tlsmissing");
1791 ASSERT_FALSE(result == nullptr);
1792 EXPECT_EQ("1.2.3.3", ToString(result));
1793
1794 // Clear TLS bit.
1795 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1796 }
1797
1798 // Test what happens if the specified TLS server replies with garbage.
TEST_F(ResolverTest,GetHostByName_TlsBroken)1799 TEST_F(ResolverTest, GetHostByName_TlsBroken) {
1800 constexpr char listen_addr[] = "127.0.0.3";
1801 constexpr char host_name1[] = "tlsbroken1.example.com.";
1802 constexpr char host_name2[] = "tlsbroken2.example.com.";
1803 const std::vector<DnsRecord> records = {
1804 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
1805 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
1806 };
1807
1808 test::DNSResponder dns;
1809 StartDns(dns, records);
1810 std::vector<std::string> servers = {listen_addr};
1811
1812 // Bind the specified private DNS socket but don't respond to any client sockets yet.
1813 int s = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
1814 ASSERT_TRUE(s >= 0);
1815 struct sockaddr_in tlsServer = {
1816 .sin_family = AF_INET,
1817 .sin_port = htons(853),
1818 };
1819 ASSERT_TRUE(inet_pton(AF_INET, listen_addr, &tlsServer.sin_addr));
1820 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEPORT).ok());
1821 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEADDR).ok());
1822 ASSERT_FALSE(bind(s, reinterpret_cast<struct sockaddr*>(&tlsServer), sizeof(tlsServer)));
1823 ASSERT_FALSE(listen(s, 1));
1824
1825 // Trigger TLS validation.
1826 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams, ""));
1827
1828 struct sockaddr_storage cliaddr;
1829 socklen_t sin_size = sizeof(cliaddr);
1830 int new_fd = accept4(s, reinterpret_cast<struct sockaddr*>(&cliaddr), &sin_size, SOCK_CLOEXEC);
1831 ASSERT_TRUE(new_fd > 0);
1832
1833 // We've received the new file descriptor but not written to it or closed, so the
1834 // validation is still pending. Queries should still flow correctly because the
1835 // server is not used until validation succeeds.
1836 const hostent* result;
1837 result = gethostbyname("tlsbroken1");
1838 ASSERT_FALSE(result == nullptr);
1839 EXPECT_EQ("1.2.3.1", ToString(result));
1840
1841 // Now we cause the validation to fail.
1842 std::string garbage = "definitely not a valid TLS ServerHello";
1843 write(new_fd, garbage.data(), garbage.size());
1844 close(new_fd);
1845
1846 // Validation failure shouldn't interfere with lookups, because lookups won't be sent
1847 // to the TLS server unless validation succeeds.
1848 result = gethostbyname("tlsbroken2");
1849 ASSERT_FALSE(result == nullptr);
1850 EXPECT_EQ("1.2.3.2", ToString(result));
1851
1852 // Clear TLS bit.
1853 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1854 close(s);
1855 }
1856
TEST_F(ResolverTest,GetHostByName_Tls)1857 TEST_F(ResolverTest, GetHostByName_Tls) {
1858 constexpr char listen_addr[] = "127.0.0.3";
1859 constexpr char listen_udp[] = "53";
1860 constexpr char listen_tls[] = "853";
1861 constexpr char host_name1[] = "tls1.example.com.";
1862 constexpr char host_name2[] = "tls2.example.com.";
1863 constexpr char host_name3[] = "tls3.example.com.";
1864 const std::vector<DnsRecord> records = {
1865 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
1866 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
1867 {host_name3, ns_type::ns_t_a, "1.2.3.3"},
1868 };
1869
1870 test::DNSResponder dns;
1871 StartDns(dns, records);
1872 std::vector<std::string> servers = {listen_addr};
1873
1874 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1875 ASSERT_TRUE(tls.startServer());
1876 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams, ""));
1877 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
1878
1879 const hostent* result = gethostbyname("tls1");
1880 ASSERT_FALSE(result == nullptr);
1881 EXPECT_EQ("1.2.3.1", ToString(result));
1882
1883 // Wait for query to get counted.
1884 EXPECT_TRUE(tls.waitForQueries(2));
1885
1886 // Stop the TLS server. Since we're in opportunistic mode, queries will
1887 // fall back to the locally-assigned (clear text) nameservers.
1888 tls.stopServer();
1889
1890 dns.clearQueries();
1891 result = gethostbyname("tls2");
1892 EXPECT_FALSE(result == nullptr);
1893 EXPECT_EQ("1.2.3.2", ToString(result));
1894 const auto queries = dns.queries();
1895 EXPECT_EQ(1U, queries.size());
1896 EXPECT_EQ("tls2.example.com.", queries[0].name);
1897 EXPECT_EQ(ns_t_a, queries[0].type);
1898
1899 // Reset the resolvers without enabling TLS. Queries should still be routed
1900 // to the UDP endpoint.
1901 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1902
1903 result = gethostbyname("tls3");
1904 ASSERT_FALSE(result == nullptr);
1905 EXPECT_EQ("1.2.3.3", ToString(result));
1906 }
1907
TEST_F(ResolverTest,GetHostByName_TlsFailover)1908 TEST_F(ResolverTest, GetHostByName_TlsFailover) {
1909 constexpr char listen_addr1[] = "127.0.0.3";
1910 constexpr char listen_addr2[] = "127.0.0.4";
1911 constexpr char listen_udp[] = "53";
1912 constexpr char listen_tls[] = "853";
1913 constexpr char host_name1[] = "tlsfailover1.example.com.";
1914 constexpr char host_name2[] = "tlsfailover2.example.com.";
1915 const std::vector<DnsRecord> records1 = {
1916 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
1917 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
1918 };
1919 const std::vector<DnsRecord> records2 = {
1920 {host_name1, ns_type::ns_t_a, "1.2.3.3"},
1921 {host_name2, ns_type::ns_t_a, "1.2.3.4"},
1922 };
1923
1924 test::DNSResponder dns1(listen_addr1);
1925 test::DNSResponder dns2(listen_addr2);
1926 StartDns(dns1, records1);
1927 StartDns(dns2, records2);
1928
1929 std::vector<std::string> servers = {listen_addr1, listen_addr2};
1930
1931 test::DnsTlsFrontend tls1(listen_addr1, listen_tls, listen_addr1, listen_udp);
1932 test::DnsTlsFrontend tls2(listen_addr2, listen_tls, listen_addr2, listen_udp);
1933 ASSERT_TRUE(tls1.startServer());
1934 ASSERT_TRUE(tls2.startServer());
1935 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams,
1936 kDefaultPrivateDnsHostName));
1937 EXPECT_TRUE(WaitForPrivateDnsValidation(tls1.listen_address(), true));
1938 EXPECT_TRUE(WaitForPrivateDnsValidation(tls2.listen_address(), true));
1939
1940 const hostent* result = gethostbyname("tlsfailover1");
1941 ASSERT_FALSE(result == nullptr);
1942 EXPECT_EQ("1.2.3.1", ToString(result));
1943
1944 // Wait for query to get counted.
1945 EXPECT_TRUE(tls1.waitForQueries(2));
1946 // No new queries should have reached tls2.
1947 EXPECT_TRUE(tls2.waitForQueries(1));
1948
1949 // Stop tls1. Subsequent queries should attempt to reach tls1, fail, and retry to tls2.
1950 tls1.stopServer();
1951
1952 result = gethostbyname("tlsfailover2");
1953 EXPECT_EQ("1.2.3.4", ToString(result));
1954
1955 // Wait for query to get counted.
1956 EXPECT_TRUE(tls2.waitForQueries(2));
1957
1958 // No additional queries should have reached the insecure servers.
1959 EXPECT_EQ(2U, dns1.queries().size());
1960 EXPECT_EQ(2U, dns2.queries().size());
1961
1962 // Clear TLS bit.
1963 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
1964 }
1965
TEST_F(ResolverTest,GetHostByName_BadTlsName)1966 TEST_F(ResolverTest, GetHostByName_BadTlsName) {
1967 constexpr char listen_addr[] = "127.0.0.3";
1968 constexpr char listen_udp[] = "53";
1969 constexpr char listen_tls[] = "853";
1970 constexpr char host_name[] = "badtlsname.example.com.";
1971
1972 test::DNSResponder dns;
1973 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.1"}});
1974 std::vector<std::string> servers = {listen_addr};
1975
1976 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1977 ASSERT_TRUE(tls.startServer());
1978 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams,
1979 kDefaultIncorrectPrivateDnsHostName));
1980
1981 // The TLS handshake would fail because the name of TLS server doesn't
1982 // match with TLS server's certificate.
1983 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), false));
1984
1985 // The query should fail hard, because a name was specified.
1986 EXPECT_EQ(nullptr, gethostbyname("badtlsname"));
1987
1988 // Clear TLS bit.
1989 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1990 }
1991
TEST_F(ResolverTest,GetAddrInfo_Tls)1992 TEST_F(ResolverTest, GetAddrInfo_Tls) {
1993 constexpr char listen_addr[] = "127.0.0.3";
1994 constexpr char listen_udp[] = "53";
1995 constexpr char listen_tls[] = "853";
1996 constexpr char host_name[] = "addrinfotls.example.com.";
1997 const std::vector<DnsRecord> records = {
1998 {host_name, ns_type::ns_t_a, "1.2.3.4"},
1999 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2000 };
2001
2002 test::DNSResponder dns;
2003 StartDns(dns, records);
2004 std::vector<std::string> servers = {listen_addr};
2005
2006 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
2007 ASSERT_TRUE(tls.startServer());
2008 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams,
2009 kDefaultPrivateDnsHostName));
2010 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2011
2012 dns.clearQueries();
2013 ScopedAddrinfo result = safe_getaddrinfo("addrinfotls", nullptr, nullptr);
2014 EXPECT_TRUE(result != nullptr);
2015 size_t found = GetNumQueries(dns, host_name);
2016 EXPECT_LE(1U, found);
2017 // Could be A or AAAA
2018 std::string result_str = ToString(result);
2019 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
2020 << ", result_str='" << result_str << "'";
2021 // Wait for both A and AAAA queries to get counted.
2022 EXPECT_TRUE(tls.waitForQueries(3));
2023
2024 // Clear TLS bit.
2025 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2026 }
2027
TEST_F(ResolverTest,TlsBypass)2028 TEST_F(ResolverTest, TlsBypass) {
2029 const char OFF[] = "off";
2030 const char OPPORTUNISTIC[] = "opportunistic";
2031 const char STRICT[] = "strict";
2032
2033 const char GETHOSTBYNAME[] = "gethostbyname";
2034 const char GETADDRINFO[] = "getaddrinfo";
2035 const char GETADDRINFOFORNET[] = "getaddrinfofornet";
2036
2037 const unsigned BYPASS_NETID = NETID_USE_LOCAL_NAMESERVERS | TEST_NETID;
2038
2039 const char ADDR4[] = "192.0.2.1";
2040 const char ADDR6[] = "2001:db8::1";
2041
2042 const char cleartext_addr[] = "127.0.0.53";
2043 const char cleartext_port[] = "53";
2044 const char tls_port[] = "853";
2045 const std::vector<std::string> servers = {cleartext_addr};
2046
2047 test::DNSResponder dns(cleartext_addr);
2048 ASSERT_TRUE(dns.startServer());
2049
2050 test::DnsTlsFrontend tls(cleartext_addr, tls_port, cleartext_addr, cleartext_port);
2051 ASSERT_TRUE(tls.startServer());
2052
2053 // clang-format off
2054 struct TestConfig {
2055 const std::string mode;
2056 const bool withWorkingTLS;
2057 const std::string method;
2058
2059 std::string asHostName() const {
2060 return fmt::format("{}.{}.{}.", mode, withWorkingTLS ? "tlsOn" : "tlsOff",
2061 method);
2062 }
2063 } testConfigs[]{
2064 {OFF, true, GETHOSTBYNAME},
2065 {OPPORTUNISTIC, true, GETHOSTBYNAME},
2066 {STRICT, true, GETHOSTBYNAME},
2067 {OFF, true, GETADDRINFO},
2068 {OPPORTUNISTIC, true, GETADDRINFO},
2069 {STRICT, true, GETADDRINFO},
2070 {OFF, true, GETADDRINFOFORNET},
2071 {OPPORTUNISTIC, true, GETADDRINFOFORNET},
2072 {STRICT, true, GETADDRINFOFORNET},
2073 {OFF, false, GETHOSTBYNAME},
2074 {OPPORTUNISTIC, false, GETHOSTBYNAME},
2075 {STRICT, false, GETHOSTBYNAME},
2076 {OFF, false, GETADDRINFO},
2077 {OPPORTUNISTIC, false, GETADDRINFO},
2078 {STRICT, false, GETADDRINFO},
2079 {OFF, false, GETADDRINFOFORNET},
2080 {OPPORTUNISTIC, false, GETADDRINFOFORNET},
2081 {STRICT, false, GETADDRINFOFORNET},
2082 };
2083 // clang-format on
2084
2085 for (const auto& config : testConfigs) {
2086 const std::string testHostName = config.asHostName();
2087 SCOPED_TRACE(testHostName);
2088
2089 // Don't tempt test bugs due to caching.
2090 const char* host_name = testHostName.c_str();
2091 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
2092 dns.addMapping(host_name, ns_type::ns_t_aaaa, ADDR6);
2093
2094 if (config.withWorkingTLS) {
2095 if (!tls.running()) {
2096 ASSERT_TRUE(tls.startServer());
2097 }
2098 } else {
2099 if (tls.running()) {
2100 ASSERT_TRUE(tls.stopServer());
2101 }
2102 }
2103
2104 if (config.mode == OFF) {
2105 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, kDefaultSearchDomains,
2106 kDefaultParams));
2107 } else /* OPPORTUNISTIC or STRICT */ {
2108 const char* tls_hostname = (config.mode == STRICT) ? kDefaultPrivateDnsHostName : "";
2109 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains,
2110 kDefaultParams, tls_hostname));
2111
2112 // Wait for the validation event. If the server is running, the validation should
2113 // succeed; otherwise, the validation should fail.
2114 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), config.withWorkingTLS));
2115 if (config.withWorkingTLS) {
2116 EXPECT_TRUE(tls.waitForQueries(1));
2117 tls.clearQueries();
2118 }
2119 }
2120
2121 const hostent* h_result = nullptr;
2122 ScopedAddrinfo ai_result;
2123
2124 if (config.method == GETHOSTBYNAME) {
2125 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
2126 h_result = gethostbyname(host_name);
2127
2128 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
2129 ASSERT_FALSE(h_result == nullptr);
2130 ASSERT_EQ(4, h_result->h_length);
2131 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
2132 EXPECT_EQ(ADDR4, ToString(h_result));
2133 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
2134 } else if (config.method == GETADDRINFO) {
2135 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
2136 ai_result = safe_getaddrinfo(host_name, nullptr, nullptr);
2137 EXPECT_TRUE(ai_result != nullptr);
2138
2139 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2140 // Could be A or AAAA
2141 const std::string result_str = ToString(ai_result);
2142 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
2143 << ", result_str='" << result_str << "'";
2144 } else if (config.method == GETADDRINFOFORNET) {
2145 addrinfo* raw_ai_result = nullptr;
2146 EXPECT_EQ(0, android_getaddrinfofornet(host_name, /*servname=*/nullptr,
2147 /*hints=*/nullptr, BYPASS_NETID, MARK_UNSET,
2148 &raw_ai_result));
2149 ai_result.reset(raw_ai_result);
2150
2151 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2152 // Could be A or AAAA
2153 const std::string result_str = ToString(ai_result);
2154 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
2155 << ", result_str='" << result_str << "'";
2156 }
2157
2158 EXPECT_EQ(0, tls.queries());
2159
2160 // Clear per-process resolv netid.
2161 ASSERT_EQ(0, setNetworkForResolv(NETID_UNSET));
2162 dns.clearQueries();
2163 }
2164 }
2165
TEST_F(ResolverTest,StrictMode_NoTlsServers)2166 TEST_F(ResolverTest, StrictMode_NoTlsServers) {
2167 constexpr char cleartext_addr[] = "127.0.0.53";
2168 const std::vector<std::string> servers = {cleartext_addr};
2169 constexpr char host_name[] = "strictmode.notlsips.example.com.";
2170 const std::vector<DnsRecord> records = {
2171 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2172 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2173 };
2174
2175 test::DNSResponder dns(cleartext_addr);
2176 StartDns(dns, records);
2177
2178 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams,
2179 kDefaultIncorrectPrivateDnsHostName));
2180
2181 addrinfo* ai_result = nullptr;
2182 EXPECT_NE(0, getaddrinfo(host_name, nullptr, nullptr, &ai_result));
2183 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
2184 }
2185
2186 namespace {
2187
getAsyncResponse(int fd,int * rcode,uint8_t * buf,int bufLen)2188 int getAsyncResponse(int fd, int* rcode, uint8_t* buf, int bufLen) {
2189 struct pollfd wait_fd[1];
2190 wait_fd[0].fd = fd;
2191 wait_fd[0].events = POLLIN;
2192 short revents;
2193
2194 if (int ret = poll(wait_fd, 1, -1); ret <= 0) {
2195 return -1;
2196 }
2197 revents = wait_fd[0].revents;
2198 if (revents & POLLIN) {
2199 return resNetworkResult(fd, rcode, buf, bufLen);
2200 }
2201 return -1;
2202 }
2203
toString(uint8_t * buf,int bufLen,int ipType)2204 std::string toString(uint8_t* buf, int bufLen, int ipType) {
2205 ns_msg handle;
2206 ns_rr rr;
2207
2208 if (ns_initparse((const uint8_t*)buf, bufLen, &handle) >= 0) {
2209 if (ns_parserr(&handle, ns_s_an, 0, &rr) == 0) {
2210 const uint8_t* rdata = ns_rr_rdata(rr);
2211 char buffer[INET6_ADDRSTRLEN];
2212 if (inet_ntop(ipType, (const char*)rdata, buffer, sizeof(buffer))) {
2213 return buffer;
2214 }
2215 }
2216 }
2217 return "";
2218 }
2219
dns_open_proxy()2220 int dns_open_proxy() {
2221 int s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
2222 if (s == -1) {
2223 return -1;
2224 }
2225 const int one = 1;
2226 setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
2227
2228 static const struct sockaddr_un proxy_addr = {
2229 .sun_family = AF_UNIX,
2230 .sun_path = "/dev/socket/dnsproxyd",
2231 };
2232
2233 if (TEMP_FAILURE_RETRY(connect(s, (const struct sockaddr*)&proxy_addr, sizeof(proxy_addr))) !=
2234 0) {
2235 close(s);
2236 return -1;
2237 }
2238
2239 return s;
2240 }
2241
expectAnswersValid(int fd,int ipType,const std::string & expectedAnswer)2242 void expectAnswersValid(int fd, int ipType, const std::string& expectedAnswer) {
2243 int rcode = -1;
2244 uint8_t buf[MAXPACKET] = {};
2245
2246 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2247 EXPECT_GT(res, 0);
2248 EXPECT_EQ(expectedAnswer, toString(buf, res, ipType));
2249 }
2250
expectAnswersNotValid(int fd,int expectedErrno)2251 void expectAnswersNotValid(int fd, int expectedErrno) {
2252 int rcode = -1;
2253 uint8_t buf[MAXPACKET] = {};
2254
2255 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2256 EXPECT_EQ(expectedErrno, res);
2257 }
2258
2259 } // namespace
2260
TEST_F(ResolverTest,Async_NormalQueryV4V6)2261 TEST_F(ResolverTest, Async_NormalQueryV4V6) {
2262 constexpr char listen_addr[] = "127.0.0.4";
2263 constexpr char host_name[] = "howdy.example.com.";
2264 const std::vector<DnsRecord> records = {
2265 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2266 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2267 };
2268
2269 test::DNSResponder dns(listen_addr);
2270 StartDns(dns, records);
2271 std::vector<std::string> servers = {listen_addr};
2272 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2273
2274 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2275 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2276 EXPECT_TRUE(fd1 != -1);
2277 EXPECT_TRUE(fd2 != -1);
2278
2279 uint8_t buf[MAXPACKET] = {};
2280 int rcode;
2281 int res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2282 EXPECT_GT(res, 0);
2283 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2284
2285 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2286 EXPECT_GT(res, 0);
2287 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2288
2289 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
2290
2291 // Re-query verify cache works
2292 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2293 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2294
2295 EXPECT_TRUE(fd1 != -1);
2296 EXPECT_TRUE(fd2 != -1);
2297
2298 res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2299 EXPECT_GT(res, 0);
2300 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2301
2302 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2303 EXPECT_GT(res, 0);
2304 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2305
2306 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
2307 }
2308
TEST_F(ResolverTest,Async_BadQuery)2309 TEST_F(ResolverTest, Async_BadQuery) {
2310 constexpr char listen_addr[] = "127.0.0.4";
2311 constexpr char host_name[] = "howdy.example.com.";
2312 const std::vector<DnsRecord> records = {
2313 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2314 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2315 };
2316
2317 test::DNSResponder dns(listen_addr);
2318 StartDns(dns, records);
2319 std::vector<std::string> servers = {listen_addr};
2320 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2321
2322 static struct {
2323 int fd;
2324 const char* dname;
2325 const int queryType;
2326 const int expectRcode;
2327 } kTestData[] = {
2328 {-1, "", ns_t_aaaa, 0},
2329 {-1, "as65ass46", ns_t_aaaa, 0},
2330 {-1, "454564564564", ns_t_aaaa, 0},
2331 {-1, "h645235", ns_t_a, 0},
2332 {-1, "www.google.com", ns_t_a, 0},
2333 };
2334
2335 for (auto& td : kTestData) {
2336 SCOPED_TRACE(td.dname);
2337 td.fd = resNetworkQuery(TEST_NETID, td.dname, ns_c_in, td.queryType, 0);
2338 EXPECT_TRUE(td.fd != -1);
2339 }
2340
2341 // dns_responder return empty resp(packet only contains query part) with no error currently
2342 for (const auto& td : kTestData) {
2343 uint8_t buf[MAXPACKET] = {};
2344 int rcode;
2345 SCOPED_TRACE(td.dname);
2346 int res = getAsyncResponse(td.fd, &rcode, buf, MAXPACKET);
2347 EXPECT_GT(res, 0);
2348 EXPECT_EQ(rcode, td.expectRcode);
2349 }
2350 }
2351
TEST_F(ResolverTest,Async_EmptyAnswer)2352 TEST_F(ResolverTest, Async_EmptyAnswer) {
2353 constexpr char listen_addr[] = "127.0.0.4";
2354 constexpr char host_name[] = "howdy.example.com.";
2355 const std::vector<DnsRecord> records = {
2356 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2357 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2358 };
2359
2360 test::DNSResponder dns(listen_addr);
2361 StartDns(dns, records);
2362 std::vector<std::string> servers = {listen_addr};
2363 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2364
2365 // TODO: Disable retry to make this test explicit.
2366 auto& cv = dns.getCv();
2367 auto& cvMutex = dns.getCvMutex();
2368 int fd1;
2369 // Wait on the condition variable to ensure that the DNS server has handled our first query.
2370 {
2371 std::unique_lock lk(cvMutex);
2372 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2373 EXPECT_TRUE(fd1 != -1);
2374 EXPECT_EQ(std::cv_status::no_timeout, cv.wait_for(lk, std::chrono::seconds(1)));
2375 }
2376
2377 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, 0, "howdy.example.com", {"::1.2.3.4"});
2378 dns.setResponseProbability(0.0);
2379
2380 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2381 EXPECT_TRUE(fd2 != -1);
2382 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2383
2384 int fd3 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2385 EXPECT_TRUE(fd3 != -1);
2386 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2387
2388 uint8_t buf[MAXPACKET] = {};
2389 int rcode;
2390
2391 // expect no response
2392 int res = getAsyncResponse(fd3, &rcode, buf, MAXPACKET);
2393 EXPECT_EQ(-ETIMEDOUT, res);
2394
2395 // expect no response
2396 memset(buf, 0, MAXPACKET);
2397 res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2398 EXPECT_EQ(-ETIMEDOUT, res);
2399
2400 dns.setResponseProbability(1.0);
2401
2402 int fd4 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2403 EXPECT_TRUE(fd4 != -1);
2404 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, 0, "howdy.example.com", {"1.2.3.4"});
2405
2406 memset(buf, 0, MAXPACKET);
2407 res = getAsyncResponse(fd4, &rcode, buf, MAXPACKET);
2408 EXPECT_GT(res, 0);
2409 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2410
2411 memset(buf, 0, MAXPACKET);
2412 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2413 EXPECT_GT(res, 0);
2414 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2415 }
2416
TEST_F(ResolverTest,Async_MalformedQuery)2417 TEST_F(ResolverTest, Async_MalformedQuery) {
2418 constexpr char listen_addr[] = "127.0.0.4";
2419 constexpr char host_name[] = "howdy.example.com.";
2420 const std::vector<DnsRecord> records = {
2421 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2422 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2423 };
2424
2425 test::DNSResponder dns(listen_addr);
2426 StartDns(dns, records);
2427 std::vector<std::string> servers = {listen_addr};
2428 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2429
2430 int fd = dns_open_proxy();
2431 EXPECT_TRUE(fd > 0);
2432
2433 const std::string badMsg = "16-52512#";
2434 static const struct {
2435 const std::string cmd;
2436 const int expectErr;
2437 } kTestData[] = {
2438 // Too few arguments
2439 {"resnsend " + badMsg + '\0', -EINVAL},
2440 // Bad netId
2441 {"resnsend badnetId 0 " + badMsg + '\0', -EINVAL},
2442 // Bad raw data
2443 {"resnsend " + std::to_string(TEST_NETID) + " 0 " + badMsg + '\0', -EILSEQ},
2444 };
2445
2446 for (unsigned int i = 0; i < std::size(kTestData); i++) {
2447 auto& td = kTestData[i];
2448 SCOPED_TRACE(td.cmd);
2449 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, td.cmd.c_str(), td.cmd.size()));
2450 EXPECT_EQ(rc, static_cast<ssize_t>(td.cmd.size()));
2451
2452 int32_t tmp;
2453 rc = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
2454 EXPECT_TRUE(rc > 0);
2455 EXPECT_EQ(static_cast<int>(ntohl(tmp)), td.expectErr);
2456 }
2457 // Normal query with answer buffer
2458 // This is raw data of query "howdy.example.com" type 1 class 1
2459 std::string query = "81sBAAABAAAAAAAABWhvd2R5B2V4YW1wbGUDY29tAAABAAE=";
2460 std::string cmd = "resnsend " + std::to_string(TEST_NETID) + " 0 " + query + '\0';
2461 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
2462 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
2463
2464 uint8_t smallBuf[1] = {};
2465 int rcode;
2466 rc = getAsyncResponse(fd, &rcode, smallBuf, 1);
2467 EXPECT_EQ(-EMSGSIZE, rc);
2468
2469 // Do the normal test with large buffer again
2470 fd = dns_open_proxy();
2471 EXPECT_TRUE(fd > 0);
2472 rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
2473 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
2474 uint8_t buf[MAXPACKET] = {};
2475 rc = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2476 EXPECT_EQ("1.2.3.4", toString(buf, rc, AF_INET));
2477 }
2478
TEST_F(ResolverTest,Async_CacheFlags)2479 TEST_F(ResolverTest, Async_CacheFlags) {
2480 constexpr char listen_addr[] = "127.0.0.4";
2481 constexpr char host_name1[] = "howdy.example.com.";
2482 constexpr char host_name2[] = "howdy.example2.com.";
2483 constexpr char host_name3[] = "howdy.example3.com.";
2484 const std::vector<DnsRecord> records = {
2485 {host_name1, ns_type::ns_t_a, "1.2.3.4"}, {host_name1, ns_type::ns_t_aaaa, "::1.2.3.4"},
2486 {host_name2, ns_type::ns_t_a, "1.2.3.5"}, {host_name2, ns_type::ns_t_aaaa, "::1.2.3.5"},
2487 {host_name3, ns_type::ns_t_a, "1.2.3.6"}, {host_name3, ns_type::ns_t_aaaa, "::1.2.3.6"},
2488 };
2489
2490 test::DNSResponder dns(listen_addr);
2491 StartDns(dns, records);
2492 std::vector<std::string> servers = {listen_addr};
2493 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2494
2495 // ANDROID_RESOLV_NO_CACHE_STORE
2496 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2497 ANDROID_RESOLV_NO_CACHE_STORE);
2498 EXPECT_TRUE(fd1 != -1);
2499 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2500 ANDROID_RESOLV_NO_CACHE_STORE);
2501 EXPECT_TRUE(fd2 != -1);
2502 int fd3 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2503 ANDROID_RESOLV_NO_CACHE_STORE);
2504 EXPECT_TRUE(fd3 != -1);
2505
2506 expectAnswersValid(fd3, AF_INET, "1.2.3.4");
2507 expectAnswersValid(fd2, AF_INET, "1.2.3.4");
2508 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2509
2510 // No cache exists, expect 3 queries
2511 EXPECT_EQ(3U, GetNumQueries(dns, host_name1));
2512
2513 // Raise a query with no flags to ensure no cache exists. Also make an cache entry for the
2514 // query.
2515 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2516
2517 EXPECT_TRUE(fd1 != -1);
2518
2519 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2520
2521 // Expect 4 queries because there should be no cache before this query.
2522 EXPECT_EQ(4U, GetNumQueries(dns, host_name1));
2523
2524 // Now we have the cache entry, re-query with ANDROID_RESOLV_NO_CACHE_STORE to ensure
2525 // that ANDROID_RESOLV_NO_CACHE_STORE implied ANDROID_RESOLV_NO_CACHE_LOOKUP.
2526 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2527 ANDROID_RESOLV_NO_CACHE_STORE);
2528 EXPECT_TRUE(fd1 != -1);
2529 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2530 // Expect 5 queries because we shouldn't do cache lookup for the query which has
2531 // ANDROID_RESOLV_NO_CACHE_STORE.
2532 EXPECT_EQ(5U, GetNumQueries(dns, host_name1));
2533
2534 // ANDROID_RESOLV_NO_CACHE_LOOKUP
2535 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2536 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2537 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2538 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2539
2540 EXPECT_TRUE(fd1 != -1);
2541 EXPECT_TRUE(fd2 != -1);
2542
2543 expectAnswersValid(fd2, AF_INET, "1.2.3.4");
2544 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2545
2546 // Cache was skipped, expect 2 more queries.
2547 EXPECT_EQ(7U, GetNumQueries(dns, host_name1));
2548
2549 // Re-query verify cache works
2550 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2551 EXPECT_TRUE(fd1 != -1);
2552 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2553
2554 // Cache hits, expect still 7 queries
2555 EXPECT_EQ(7U, GetNumQueries(dns, host_name1));
2556
2557 // Start to verify if ANDROID_RESOLV_NO_CACHE_LOOKUP does write response into cache
2558 dns.clearQueries();
2559
2560 fd1 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa,
2561 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2562 fd2 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa,
2563 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2564
2565 EXPECT_TRUE(fd1 != -1);
2566 EXPECT_TRUE(fd2 != -1);
2567
2568 expectAnswersValid(fd2, AF_INET6, "::1.2.3.5");
2569 expectAnswersValid(fd1, AF_INET6, "::1.2.3.5");
2570
2571 // Skip cache, expect 2 queries
2572 EXPECT_EQ(2U, GetNumQueries(dns, host_name2));
2573
2574 // Re-query without flags
2575 fd1 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa, 0);
2576 fd2 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa, 0);
2577
2578 EXPECT_TRUE(fd1 != -1);
2579 EXPECT_TRUE(fd2 != -1);
2580
2581 expectAnswersValid(fd2, AF_INET6, "::1.2.3.5");
2582 expectAnswersValid(fd1, AF_INET6, "::1.2.3.5");
2583
2584 // Cache hits, expect still 2 queries
2585 EXPECT_EQ(2U, GetNumQueries(dns, host_name2));
2586
2587 // Test both ANDROID_RESOLV_NO_CACHE_STORE and ANDROID_RESOLV_NO_CACHE_LOOKUP are set
2588 dns.clearQueries();
2589
2590 // Make sure that the cache of "howdy.example3.com" exists.
2591 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_aaaa, 0);
2592 EXPECT_TRUE(fd1 != -1);
2593 expectAnswersValid(fd1, AF_INET6, "::1.2.3.6");
2594 EXPECT_EQ(1U, GetNumQueries(dns, host_name3));
2595
2596 // Re-query with testFlags
2597 const int testFlag = ANDROID_RESOLV_NO_CACHE_STORE | ANDROID_RESOLV_NO_CACHE_LOOKUP;
2598 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_aaaa, testFlag);
2599 EXPECT_TRUE(fd1 != -1);
2600 expectAnswersValid(fd1, AF_INET6, "::1.2.3.6");
2601 // Expect cache lookup is skipped.
2602 EXPECT_EQ(2U, GetNumQueries(dns, host_name3));
2603
2604 // Do another query with testFlags
2605 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_a, testFlag);
2606 EXPECT_TRUE(fd1 != -1);
2607 expectAnswersValid(fd1, AF_INET, "1.2.3.6");
2608 // Expect cache lookup is skipped.
2609 EXPECT_EQ(3U, GetNumQueries(dns, host_name3));
2610
2611 // Re-query with no flags
2612 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_a, 0);
2613 EXPECT_TRUE(fd1 != -1);
2614 expectAnswersValid(fd1, AF_INET, "1.2.3.6");
2615 // Expect no cache hit because cache storing is also skipped in previous query.
2616 EXPECT_EQ(4U, GetNumQueries(dns, host_name3));
2617 }
2618
TEST_F(ResolverTest,Async_NoCacheStoreFlagDoesNotRefreshStaleCacheEntry)2619 TEST_F(ResolverTest, Async_NoCacheStoreFlagDoesNotRefreshStaleCacheEntry) {
2620 constexpr char listen_addr[] = "127.0.0.4";
2621 constexpr char host_name[] = "howdy.example.com.";
2622 const std::vector<DnsRecord> records = {
2623 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2624 };
2625
2626 test::DNSResponder dns(listen_addr);
2627 StartDns(dns, records);
2628 std::vector<std::string> servers = {listen_addr};
2629 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2630
2631 const unsigned SHORT_TTL_SEC = 1;
2632 dns.setTtl(SHORT_TTL_SEC);
2633
2634 // Refer to b/148842821 for the purpose of below test steps.
2635 // Basically, this test is used to ensure stale cache case is handled
2636 // correctly with ANDROID_RESOLV_NO_CACHE_STORE.
2637 int fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2638 EXPECT_TRUE(fd != -1);
2639 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2640
2641 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2642 dns.clearQueries();
2643
2644 // Wait until cache expired
2645 sleep(SHORT_TTL_SEC + 0.5);
2646
2647 // Now request the same hostname again.
2648 // We should see a new DNS query because the entry in cache has become stale.
2649 // Due to ANDROID_RESOLV_NO_CACHE_STORE, this query must *not* refresh that stale entry.
2650 fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2651 ANDROID_RESOLV_NO_CACHE_STORE);
2652 EXPECT_TRUE(fd != -1);
2653 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2654 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2655 dns.clearQueries();
2656
2657 // If the cache is still stale, we expect to see one more DNS query
2658 // (this time the cache will be refreshed, but we're not checking for it).
2659 fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2660 EXPECT_TRUE(fd != -1);
2661 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2662 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2663 }
2664
TEST_F(ResolverTest,Async_NoRetryFlag)2665 TEST_F(ResolverTest, Async_NoRetryFlag) {
2666 constexpr char listen_addr0[] = "127.0.0.4";
2667 constexpr char listen_addr1[] = "127.0.0.6";
2668 constexpr char host_name[] = "howdy.example.com.";
2669 const std::vector<DnsRecord> records = {
2670 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2671 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2672 };
2673
2674 test::DNSResponder dns0(listen_addr0);
2675 test::DNSResponder dns1(listen_addr1);
2676 StartDns(dns0, records);
2677 StartDns(dns1, records);
2678 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr0, listen_addr1}));
2679
2680 dns0.clearQueries();
2681 dns1.clearQueries();
2682
2683 dns0.setResponseProbability(0.0);
2684 dns1.setResponseProbability(0.0);
2685
2686 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2687 ANDROID_RESOLV_NO_RETRY);
2688 EXPECT_TRUE(fd1 != -1);
2689
2690 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa,
2691 ANDROID_RESOLV_NO_RETRY);
2692 EXPECT_TRUE(fd2 != -1);
2693
2694 // expect no response
2695 expectAnswersNotValid(fd1, -ETIMEDOUT);
2696 expectAnswersNotValid(fd2, -ETIMEDOUT);
2697 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2698 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2699
2700 // No retry case, expect total 2 queries. The server is selected randomly.
2701 EXPECT_EQ(2U, GetNumQueries(dns0, host_name) + GetNumQueries(dns1, host_name));
2702
2703 dns0.clearQueries();
2704 dns1.clearQueries();
2705
2706 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2707 EXPECT_TRUE(fd1 != -1);
2708
2709 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2710 EXPECT_TRUE(fd2 != -1);
2711
2712 // expect no response
2713 expectAnswersNotValid(fd1, -ETIMEDOUT);
2714 expectAnswersNotValid(fd2, -ETIMEDOUT);
2715 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2716 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2717
2718 // Retry case, expect 4 queries
2719 EXPECT_EQ(4U, GetNumQueries(dns0, host_name));
2720 EXPECT_EQ(4U, GetNumQueries(dns1, host_name));
2721 }
2722
TEST_F(ResolverTest,Async_VerifyQueryID)2723 TEST_F(ResolverTest, Async_VerifyQueryID) {
2724 constexpr char listen_addr[] = "127.0.0.4";
2725 constexpr char host_name[] = "howdy.example.com.";
2726 const std::vector<DnsRecord> records = {
2727 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2728 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2729 };
2730
2731 test::DNSResponder dns(listen_addr);
2732 StartDns(dns, records);
2733 std::vector<std::string> servers = {listen_addr};
2734 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2735
2736 const uint8_t queryBuf1[] = {
2737 /* Header */
2738 0x55, 0x66, /* Transaction ID */
2739 0x01, 0x00, /* Flags */
2740 0x00, 0x01, /* Questions */
2741 0x00, 0x00, /* Answer RRs */
2742 0x00, 0x00, /* Authority RRs */
2743 0x00, 0x00, /* Additional RRs */
2744 /* Queries */
2745 0x05, 0x68, 0x6f, 0x77, 0x64, 0x79, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
2746 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name */
2747 0x00, 0x01, /* Type */
2748 0x00, 0x01 /* Class */
2749 };
2750
2751 int fd = resNetworkSend(TEST_NETID, queryBuf1, sizeof(queryBuf1), 0);
2752 EXPECT_TRUE(fd != -1);
2753
2754 uint8_t buf[MAXPACKET] = {};
2755 int rcode;
2756
2757 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2758 EXPECT_GT(res, 0);
2759 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2760
2761 auto hp = reinterpret_cast<HEADER*>(buf);
2762 EXPECT_EQ(21862U, htons(hp->id));
2763
2764 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2765
2766 const uint8_t queryBuf2[] = {
2767 /* Header */
2768 0x00, 0x53, /* Transaction ID */
2769 0x01, 0x00, /* Flags */
2770 0x00, 0x01, /* Questions */
2771 0x00, 0x00, /* Answer RRs */
2772 0x00, 0x00, /* Authority RRs */
2773 0x00, 0x00, /* Additional RRs */
2774 /* Queries */
2775 0x05, 0x68, 0x6f, 0x77, 0x64, 0x79, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
2776 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name */
2777 0x00, 0x01, /* Type */
2778 0x00, 0x01 /* Class */
2779 };
2780
2781 // Re-query verify cache works and query id is correct
2782 fd = resNetworkSend(TEST_NETID, queryBuf2, sizeof(queryBuf2), 0);
2783
2784 EXPECT_TRUE(fd != -1);
2785
2786 res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2787 EXPECT_GT(res, 0);
2788 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2789
2790 EXPECT_EQ(0x0053U, htons(hp->id));
2791
2792 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2793 }
2794
2795 // This test checks that the resolver should not generate the request containing OPT RR when using
2796 // cleartext DNS. If we query the DNS server not supporting EDNS0 and it reponds with
2797 // FORMERR_ON_EDNS, we will fallback to no EDNS0 and try again. If the server does no response, we
2798 // won't retry so that we get no answer.
TEST_F(ResolverTest,BrokenEdns)2799 TEST_F(ResolverTest, BrokenEdns) {
2800 typedef test::DNSResponder::Edns Edns;
2801 enum ExpectResult { EXPECT_FAILURE, EXPECT_SUCCESS };
2802
2803 // Perform cleartext query in off mode.
2804 const char OFF[] = "off";
2805
2806 // Perform cleartext query when there's no private DNS server validated in opportunistic mode.
2807 const char OPPORTUNISTIC_UDP[] = "opportunistic_udp";
2808
2809 // Perform cleartext query when there is a private DNS server validated in opportunistic mode.
2810 const char OPPORTUNISTIC_FALLBACK_UDP[] = "opportunistic_fallback_udp";
2811
2812 // Perform cyphertext query in opportunistic mode.
2813 const char OPPORTUNISTIC_TLS[] = "opportunistic_tls";
2814
2815 // Perform cyphertext query in strict mode.
2816 const char STRICT[] = "strict";
2817
2818 const char GETHOSTBYNAME[] = "gethostbyname";
2819 const char GETADDRINFO[] = "getaddrinfo";
2820 const char ADDR4[] = "192.0.2.1";
2821 const char CLEARTEXT_ADDR[] = "127.0.0.53";
2822 const char CLEARTEXT_PORT[] = "53";
2823 const char TLS_PORT[] = "853";
2824 const std::vector<std::string> servers = {CLEARTEXT_ADDR};
2825 ResolverParamsParcel paramsForCleanup = DnsResponderClient::GetDefaultResolverParamsParcel();
2826 paramsForCleanup.servers.clear();
2827 paramsForCleanup.tlsServers.clear();
2828
2829 test::DNSResponder dns(CLEARTEXT_ADDR, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
2830 ASSERT_TRUE(dns.startServer());
2831
2832 test::DnsTlsFrontend tls(CLEARTEXT_ADDR, TLS_PORT, CLEARTEXT_ADDR, CLEARTEXT_PORT);
2833
2834 // clang-format off
2835 static const struct TestConfig {
2836 std::string mode;
2837 std::string method;
2838 Edns edns;
2839 ExpectResult expectResult;
2840
2841 std::string asHostName() const {
2842 const char* ednsString;
2843 switch (edns) {
2844 case Edns::ON:
2845 ednsString = "ednsOn";
2846 break;
2847 case Edns::FORMERR_ON_EDNS:
2848 ednsString = "ednsFormerr";
2849 break;
2850 case Edns::DROP:
2851 ednsString = "ednsDrop";
2852 break;
2853 default:
2854 ednsString = "";
2855 break;
2856 }
2857 return fmt::format("{}.{}.{}.", mode, method, ednsString);
2858 }
2859 } testConfigs[] = {
2860 // In OPPORTUNISTIC_TLS, if the DNS server doesn't support EDNS0 but TLS, the lookup
2861 // fails. Could such server exist? if so, we might need to fix it to fallback to
2862 // cleartext query. If the server still make no response for the queries with EDNS0, we
2863 // might also need to fix it to retry without EDNS0.
2864 // Another thing is that {OPPORTUNISTIC_TLS, Edns::DROP} and {STRICT, Edns::DROP} are
2865 // commented out since TLS timeout is not configurable.
2866 // TODO: Uncomment them after TLS timeout is configurable.
2867 {OFF, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
2868 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
2869 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
2870 {OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
2871 {STRICT, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
2872 {OFF, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
2873 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
2874 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
2875 {OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
2876 {STRICT, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
2877 {OFF, GETHOSTBYNAME, Edns::DROP, EXPECT_SUCCESS},
2878 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::DROP, EXPECT_SUCCESS},
2879
2880 // The failure is due to no retry on timeout. Maybe fix it?
2881 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
2882
2883 //{OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
2884 //{STRICT, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
2885 {OFF, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
2886 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
2887 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
2888 {OPPORTUNISTIC_TLS, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
2889 {STRICT, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
2890 {OFF, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
2891 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
2892 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
2893 {OPPORTUNISTIC_TLS, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
2894 {STRICT, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
2895 {OFF, GETADDRINFO, Edns::DROP, EXPECT_SUCCESS},
2896 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::DROP, EXPECT_SUCCESS},
2897
2898 // The failure is due to no retry on timeout. Maybe fix it?
2899 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
2900
2901 //{OPPORTUNISTIC_TLS, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
2902 //{STRICT, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
2903 };
2904 // clang-format on
2905
2906 for (const auto& config : testConfigs) {
2907 const std::string testHostName = config.asHostName();
2908 SCOPED_TRACE(testHostName);
2909
2910 const char* host_name = testHostName.c_str();
2911 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
2912 dns.setEdns(config.edns);
2913
2914 if (config.mode == OFF) {
2915 if (tls.running()) {
2916 ASSERT_TRUE(tls.stopServer());
2917 }
2918 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2919 } else if (config.mode == OPPORTUNISTIC_UDP) {
2920 if (tls.running()) {
2921 ASSERT_TRUE(tls.stopServer());
2922 }
2923 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains,
2924 kDefaultParams, ""));
2925 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), false));
2926 } else if (config.mode == OPPORTUNISTIC_TLS || config.mode == OPPORTUNISTIC_FALLBACK_UDP) {
2927 if (!tls.running()) {
2928 ASSERT_TRUE(tls.startServer());
2929 }
2930 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains,
2931 kDefaultParams, ""));
2932 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2933
2934 if (config.mode == OPPORTUNISTIC_FALLBACK_UDP) {
2935 // Force the resolver to fallback to cleartext queries.
2936 ASSERT_TRUE(tls.stopServer());
2937 }
2938 } else if (config.mode == STRICT) {
2939 if (!tls.running()) {
2940 ASSERT_TRUE(tls.startServer());
2941 }
2942 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains,
2943 kDefaultParams, kDefaultPrivateDnsHostName));
2944 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2945 }
2946
2947 if (config.method == GETHOSTBYNAME) {
2948 const hostent* h_result = gethostbyname(host_name);
2949 if (config.expectResult == EXPECT_SUCCESS) {
2950 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2951 ASSERT_TRUE(h_result != nullptr);
2952 ASSERT_EQ(4, h_result->h_length);
2953 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
2954 EXPECT_EQ(ADDR4, ToString(h_result));
2955 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
2956 ExpectDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, 0, host_name, {ADDR4});
2957 } else {
2958 EXPECT_EQ(0U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
2959 ASSERT_TRUE(h_result == nullptr);
2960 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
2961 int returnCode = (config.edns == Edns::DROP) ? RCODE_TIMEOUT : EAI_FAIL;
2962 ExpectDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, returnCode, host_name, {});
2963 }
2964 } else if (config.method == GETADDRINFO) {
2965 ScopedAddrinfo ai_result;
2966 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
2967 ai_result = safe_getaddrinfo(host_name, nullptr, &hints);
2968 if (config.expectResult == EXPECT_SUCCESS) {
2969 EXPECT_TRUE(ai_result != nullptr);
2970 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2971 const std::string result_str = ToString(ai_result);
2972 EXPECT_EQ(ADDR4, result_str);
2973 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, 0, host_name, {ADDR4});
2974 } else {
2975 EXPECT_TRUE(ai_result == nullptr);
2976 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
2977 int returnCode = (config.edns == Edns::DROP) ? RCODE_TIMEOUT : EAI_FAIL;
2978 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, returnCode, host_name, {});
2979 }
2980 } else {
2981 FAIL() << "Unsupported query method: " << config.method;
2982 }
2983
2984 tls.clearQueries();
2985 dns.clearQueries();
2986
2987 // Clear the setup to force the resolver to validate private DNS servers in every test.
2988 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(paramsForCleanup));
2989 }
2990 }
2991
2992 // DNS-over-TLS validation success, but server does not respond to TLS query after a while.
2993 // Resolver should have a reasonable number of retries instead of spinning forever. We don't have
2994 // an efficient way to know if resolver is stuck in an infinite loop. However, test case will be
2995 // failed due to timeout.
TEST_F(ResolverTest,UnstableTls)2996 TEST_F(ResolverTest, UnstableTls) {
2997 const char CLEARTEXT_ADDR[] = "127.0.0.53";
2998 const char CLEARTEXT_PORT[] = "53";
2999 const char TLS_PORT[] = "853";
3000 const char* host_name1 = "nonexistent1.example.com.";
3001 const char* host_name2 = "nonexistent2.example.com.";
3002 const std::vector<std::string> servers = {CLEARTEXT_ADDR};
3003
3004 test::DNSResponder dns(CLEARTEXT_ADDR, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
3005 ASSERT_TRUE(dns.startServer());
3006 dns.setEdns(test::DNSResponder::Edns::FORMERR_ON_EDNS);
3007 test::DnsTlsFrontend tls(CLEARTEXT_ADDR, TLS_PORT, CLEARTEXT_ADDR, CLEARTEXT_PORT);
3008 ASSERT_TRUE(tls.startServer());
3009 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams, ""));
3010 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3011
3012 // Shutdown TLS server to get an error. It's similar to no response case but without waiting.
3013 tls.stopServer();
3014
3015 const hostent* h_result = gethostbyname(host_name1);
3016 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
3017 ASSERT_TRUE(h_result == nullptr);
3018 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3019
3020 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3021 ScopedAddrinfo ai_result = safe_getaddrinfo(host_name2, nullptr, &hints);
3022 EXPECT_TRUE(ai_result == nullptr);
3023 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
3024 }
3025
3026 // DNS-over-TLS validation success, but server does not respond to TLS query after a while.
3027 // Moreover, server responds RCODE=FORMERR even on non-EDNS query.
TEST_F(ResolverTest,BogusDnsServer)3028 TEST_F(ResolverTest, BogusDnsServer) {
3029 const char CLEARTEXT_ADDR[] = "127.0.0.53";
3030 const char CLEARTEXT_PORT[] = "53";
3031 const char TLS_PORT[] = "853";
3032 const char* host_name1 = "nonexistent1.example.com.";
3033 const char* host_name2 = "nonexistent2.example.com.";
3034 const std::vector<std::string> servers = {CLEARTEXT_ADDR};
3035
3036 test::DNSResponder dns(CLEARTEXT_ADDR, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
3037 ASSERT_TRUE(dns.startServer());
3038 test::DnsTlsFrontend tls(CLEARTEXT_ADDR, TLS_PORT, CLEARTEXT_ADDR, CLEARTEXT_PORT);
3039 ASSERT_TRUE(tls.startServer());
3040 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams, ""));
3041 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3042
3043 // Shutdown TLS server to get an error. It's similar to no response case but without waiting.
3044 tls.stopServer();
3045 dns.setEdns(test::DNSResponder::Edns::FORMERR_UNCOND);
3046
3047 const hostent* h_result = gethostbyname(host_name1);
3048 EXPECT_EQ(0U, GetNumQueries(dns, host_name1));
3049 ASSERT_TRUE(h_result == nullptr);
3050 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3051
3052 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3053 ScopedAddrinfo ai_result = safe_getaddrinfo(host_name2, nullptr, &hints);
3054 EXPECT_TRUE(ai_result == nullptr);
3055 EXPECT_EQ(0U, GetNumQueries(dns, host_name2));
3056 }
3057
TEST_F(ResolverTest,GetAddrInfo_Dns64Synthesize)3058 TEST_F(ResolverTest, GetAddrInfo_Dns64Synthesize) {
3059 constexpr char listen_addr[] = "::1";
3060 constexpr char dns64_name[] = "ipv4only.arpa.";
3061 constexpr char host_name[] = "v4only.example.com.";
3062 const std::vector<DnsRecord> records = {
3063 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3064 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3065 };
3066
3067 test::DNSResponder dns(listen_addr);
3068 StartDns(dns, records);
3069
3070 std::vector<std::string> servers = {listen_addr};
3071 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3072
3073 // Start NAT64 prefix discovery and wait for it to complete.
3074 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3075 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3076
3077 // If the socket type is not specified, every address will appear twice, once for
3078 // SOCK_STREAM and one for SOCK_DGRAM. Just pick one because the addresses for
3079 // the second query of different socket type are responded by the cache.
3080 // See android_getaddrinfofornetcontext in packages/modules/DnsResolver/getaddrinfo.cpp
3081 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3082 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3083 EXPECT_TRUE(result != nullptr);
3084 // Expect that there are two queries, one AAAA (which returns no records) and one A
3085 // (which returns 1.2.3.4).
3086 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3087 EXPECT_EQ(ToString(result), "64:ff9b::102:304");
3088
3089 // Stopping NAT64 prefix discovery disables synthesis.
3090 EXPECT_TRUE(mDnsClient.resolvService()->stopPrefix64Discovery(TEST_NETID).isOk());
3091 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
3092 dns.clearQueries();
3093
3094 result = safe_getaddrinfo("v4only", nullptr, &hints);
3095 EXPECT_TRUE(result != nullptr);
3096 // Expect that there is one query, an AAAA (which returns no records), because the
3097 // A is already cached.
3098 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3099 EXPECT_EQ(ToString(result), "1.2.3.4");
3100 }
3101
3102 // TODO: merge to #GetAddrInfo_Dns64Synthesize once DNSResponder supports multi DnsRecords for a
3103 // hostname.
TEST_F(ResolverTest,GetAddrInfo_Dns64SynthesizeMultiAnswers)3104 TEST_F(ResolverTest, GetAddrInfo_Dns64SynthesizeMultiAnswers) {
3105 const std::vector<uint8_t> kHelloExampleComResponsesV4 = {
3106 // scapy.DNS(
3107 // id=0,
3108 // qr=1,
3109 // ra=1,
3110 // qd=scapy.DNSQR(qname="hello.example.com",qtype="A"),
3111 // an=scapy.DNSRR(rrname="hello.example.com",type="A",ttl=0,rdata='1.2.3.4') /
3112 // scapy.DNSRR(rrname="hello.example.com",type="A",ttl=0,rdata='8.8.8.8') /
3113 // scapy.DNSRR(rrname="hello.example.com",type="A",ttl=0,rdata='81.117.21.202'))
3114 /* Header */
3115 0x00, 0x00, /* Transaction ID: 0x0000 */
3116 0x81, 0x80, /* Flags: qr rd ra */
3117 0x00, 0x01, /* Questions: 1 */
3118 0x00, 0x03, /* Answer RRs: 3 */
3119 0x00, 0x00, /* Authority RRs: 0 */
3120 0x00, 0x00, /* Additional RRs: 0 */
3121 /* Queries */
3122 0x05, 0x68, 0x65, 0x6C, 0x6C, 0x6F, 0x07, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65,
3123 0x03, 0x63, 0x6F, 0x6D, 0x00, /* Name: hello.example.com */
3124 0x00, 0x01, /* Type: A */
3125 0x00, 0x01, /* Class: IN */
3126 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
3127 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
3128 0x00, 0x01, /* Type: A */
3129 0x00, 0x01, /* Class: IN */
3130 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
3131 0x00, 0x04, /* Data length: 4 */
3132 0x01, 0x02, 0x03, 0x04, /* Address: 1.2.3.4 */
3133 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
3134 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
3135 0x00, 0x01, /* Type: A */
3136 0x00, 0x01, /* Class: IN */
3137 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
3138 0x00, 0x04, /* Data length: 4 */
3139 0x08, 0x08, 0x08, 0x08, /* Address: 8.8.8.8 */
3140 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
3141 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
3142 0x00, 0x01, /* Type: A */
3143 0x00, 0x01, /* Class: IN */
3144 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
3145 0x00, 0x04, /* Data length: 4 */
3146 0x51, 0x75, 0x15, 0xca /* Address: 81.117.21.202 */
3147 };
3148
3149 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
3150 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponsesV4);
3151 StartDns(dns, {});
3152 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3153
3154 // Set the prefix, and expect to get a synthesized AAAA record.
3155 EXPECT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3156
3157 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3158 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
3159 ASSERT_FALSE(result == nullptr);
3160
3161 // Synthesize AAAA if there's no AAAA answer and AF_UNSPEC is specified.
3162 EXPECT_THAT(ToStrings(result),
3163 testing::ElementsAre("64:ff9b::102:304", "64:ff9b::808:808", "64:ff9b::5175:15ca"));
3164 }
3165
TEST_F(ResolverTest,GetAddrInfo_Dns64Canonname)3166 TEST_F(ResolverTest, GetAddrInfo_Dns64Canonname) {
3167 constexpr char listen_addr[] = "::1";
3168 constexpr char dns64_name[] = "ipv4only.arpa.";
3169 constexpr char host_name[] = "v4only.example.com.";
3170 const std::vector<DnsRecord> records = {
3171 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3172 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3173 };
3174
3175 test::DNSResponder dns(listen_addr);
3176 StartDns(dns, records);
3177
3178 std::vector<std::string> servers = {listen_addr};
3179 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3180
3181 // Start NAT64 prefix discovery and wait for it to complete.
3182 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3183 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3184
3185 // clang-format off
3186 static const struct TestConfig {
3187 int family;
3188 int flags;
3189 std::vector<std::string> expectedAddresses;
3190 const char* expectedCanonname;
3191
3192 std::string asParameters() const {
3193 return fmt::format("family={}, flags={}", family, flags);
3194 }
3195 } testConfigs[]{
3196 {AF_UNSPEC, 0, {"64:ff9b::102:304"}, nullptr},
3197 {AF_UNSPEC, AI_CANONNAME, {"64:ff9b::102:304"}, "v4only.example.com"},
3198 {AF_INET6, 0, {"64:ff9b::102:304"}, nullptr},
3199 {AF_INET6, AI_CANONNAME, {"64:ff9b::102:304"}, "v4only.example.com"},
3200 };
3201 // clang-format on
3202
3203 for (const auto& config : testConfigs) {
3204 SCOPED_TRACE(config.asParameters());
3205
3206 const addrinfo hints = {
3207 .ai_family = config.family, .ai_flags = config.flags, .ai_socktype = SOCK_DGRAM};
3208 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3209 ASSERT_TRUE(result != nullptr);
3210 EXPECT_EQ(ToString(result), "64:ff9b::102:304");
3211 const auto* ai = result.get();
3212 ASSERT_TRUE(ai != nullptr);
3213 EXPECT_STREQ(ai->ai_canonname, config.expectedCanonname);
3214 }
3215 }
3216
TEST_F(ResolverTest,GetAddrInfo_Dns64QuerySpecified)3217 TEST_F(ResolverTest, GetAddrInfo_Dns64QuerySpecified) {
3218 constexpr char listen_addr[] = "::1";
3219 constexpr char dns64_name[] = "ipv4only.arpa.";
3220 constexpr char host_name[] = "v4only.example.com.";
3221 const std::vector<DnsRecord> records = {
3222 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3223 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3224 };
3225
3226 test::DNSResponder dns(listen_addr);
3227 StartDns(dns, records);
3228 const std::vector<std::string> servers = {listen_addr};
3229 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3230
3231 // Start NAT64 prefix discovery and wait for it to complete.
3232 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3233 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3234
3235 // Synthesize AAAA if AF_INET6 is specified and there is A record only. Make sure that A record
3236 // is not returned as well.
3237 addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
3238 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3239 EXPECT_TRUE(result != nullptr);
3240 // One for AAAA query without an answer and one for A query which is used for DNS64 synthesis.
3241 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3242 EXPECT_EQ(ToString(result), "64:ff9b::102:304");
3243 dns.clearQueries();
3244
3245 // Don't synthesize AAAA if AF_INET is specified and there is A record only.
3246 hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3247 result = safe_getaddrinfo("v4only", nullptr, &hints);
3248 EXPECT_TRUE(result != nullptr);
3249 EXPECT_EQ(0U /*cached in previous queries*/, GetNumQueries(dns, host_name));
3250 EXPECT_EQ(ToString(result), "1.2.3.4");
3251 }
3252
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryUnspecifiedV6)3253 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryUnspecifiedV6) {
3254 constexpr char listen_addr[] = "::1";
3255 constexpr char dns64_name[] = "ipv4only.arpa.";
3256 constexpr char host_name[] = "v4v6.example.com.";
3257 const std::vector<DnsRecord> records = {
3258 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3259 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3260 {host_name, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3261 };
3262
3263 test::DNSResponder dns(listen_addr);
3264 StartDns(dns, records);
3265 const std::vector<std::string> servers = {listen_addr};
3266 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3267
3268 // Start NAT64 prefix discovery and wait for it to complete.
3269 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3270 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3271
3272 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3273 ScopedAddrinfo result = safe_getaddrinfo("v4v6", nullptr, &hints);
3274 EXPECT_TRUE(result != nullptr);
3275 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3276
3277 // Do not synthesize AAAA if there's at least one AAAA answer.
3278 EXPECT_THAT(ToStrings(result), testing::ElementsAre("2001:db8::102:304", "1.2.3.4"));
3279 }
3280
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryUnspecifiedNoV6)3281 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryUnspecifiedNoV6) {
3282 constexpr char listen_addr[] = "::1";
3283 constexpr char dns64_name[] = "ipv4only.arpa.";
3284 constexpr char host_name[] = "v4v6.example.com.";
3285 const std::vector<DnsRecord> records = {
3286 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3287 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3288 };
3289
3290 test::DNSResponder dns(listen_addr);
3291 StartDns(dns, records);
3292 const std::vector<std::string> servers = {listen_addr};
3293 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3294
3295 // Start NAT64 prefix discovery and wait for it to complete.
3296 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3297 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3298
3299 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3300 ScopedAddrinfo result = safe_getaddrinfo("v4v6", nullptr, &hints);
3301 EXPECT_TRUE(result != nullptr);
3302 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3303
3304 // Synthesize AAAA if there's no AAAA answer and AF_UNSPEC is specified.
3305 EXPECT_EQ(ToString(result), "64:ff9b::102:304");
3306 }
3307
TEST_F(ResolverTest,GetAddrInfo_Dns64QuerySpecialUseIPv4Addresses)3308 TEST_F(ResolverTest, GetAddrInfo_Dns64QuerySpecialUseIPv4Addresses) {
3309 constexpr char THIS_NETWORK[] = "this_network";
3310 constexpr char LOOPBACK[] = "loopback";
3311 constexpr char LINK_LOCAL[] = "link_local";
3312 constexpr char MULTICAST[] = "multicast";
3313 constexpr char LIMITED_BROADCAST[] = "limited_broadcast";
3314
3315 constexpr char ADDR_THIS_NETWORK[] = "0.0.0.1";
3316 constexpr char ADDR_LOOPBACK[] = "127.0.0.1";
3317 constexpr char ADDR_LINK_LOCAL[] = "169.254.0.1";
3318 constexpr char ADDR_MULTICAST[] = "224.0.0.1";
3319 constexpr char ADDR_LIMITED_BROADCAST[] = "255.255.255.255";
3320
3321 constexpr char listen_addr[] = "::1";
3322 constexpr char dns64_name[] = "ipv4only.arpa.";
3323
3324 test::DNSResponder dns(listen_addr);
3325 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::"}});
3326 const std::vector<std::string> servers = {listen_addr};
3327 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3328
3329 // Start NAT64 prefix discovery and wait for it to complete.
3330 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3331 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3332
3333 // clang-format off
3334 static const struct TestConfig {
3335 std::string name;
3336 std::string addr;
3337
3338 std::string asHostName() const { return fmt::format("{}.example.com.", name); }
3339 } testConfigs[]{
3340 {THIS_NETWORK, ADDR_THIS_NETWORK},
3341 {LOOPBACK, ADDR_LOOPBACK},
3342 {LINK_LOCAL, ADDR_LINK_LOCAL},
3343 {MULTICAST, ADDR_MULTICAST},
3344 {LIMITED_BROADCAST, ADDR_LIMITED_BROADCAST}
3345 };
3346 // clang-format on
3347
3348 for (const auto& config : testConfigs) {
3349 const std::string testHostName = config.asHostName();
3350 SCOPED_TRACE(testHostName);
3351
3352 const char* host_name = testHostName.c_str();
3353 dns.addMapping(host_name, ns_type::ns_t_a, config.addr.c_str());
3354
3355 // Expect no result because AF_INET6 is specified and don't synthesize special use IPv4
3356 // address.
3357 addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
3358 ScopedAddrinfo result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
3359 EXPECT_TRUE(result == nullptr);
3360 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3361 dns.clearQueries();
3362
3363 // Expect special use IPv4 address only because AF_UNSPEC is specified and don't synthesize
3364 // special use IPv4 address.
3365 hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3366 result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
3367 EXPECT_TRUE(result != nullptr);
3368 // Expect IPv6 query only. IPv4 answer has been cached in previous query.
3369 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3370 EXPECT_EQ(ToString(result), config.addr);
3371 dns.clearQueries();
3372 }
3373 }
3374
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryWithNullArgumentHints)3375 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryWithNullArgumentHints) {
3376 constexpr char listen_addr[] = "::1";
3377 constexpr char dns64_name[] = "ipv4only.arpa.";
3378 constexpr char host_name[] = "v4only.example.com.";
3379 constexpr char host_name2[] = "v4v6.example.com.";
3380 const std::vector<DnsRecord> records = {
3381 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3382 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3383 {host_name2, ns_type::ns_t_a, "1.2.3.4"},
3384 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3385 };
3386
3387 test::DNSResponder dns(listen_addr);
3388 StartDns(dns, records);
3389 const std::vector<std::string> servers = {listen_addr};
3390 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3391
3392 // Start NAT64 prefix discovery and wait for it to complete.
3393 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3394 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3395
3396 // Synthesize AAAA if there is A answer only and AF_UNSPEC (hints NULL) is specified.
3397 // Assign argument hints of getaddrinfo() as null is equivalent to set ai_family AF_UNSPEC,
3398 // ai_socktype 0 (any), and ai_protocol 0 (any). Note the setting ai_socktype 0 (any) causes
3399 // that every address will appear twice, once for SOCK_STREAM and one for SOCK_DGRAM.
3400 // See resolv_getaddrinfo in packages/modules/DnsResolver/getaddrinfo.cpp.
3401 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, nullptr);
3402 EXPECT_TRUE(result != nullptr);
3403 EXPECT_LE(2U, GetNumQueries(dns, host_name));
3404 EXPECT_EQ(ToString(result), "64:ff9b::102:304");
3405 dns.clearQueries();
3406
3407 // Do not synthesize AAAA if there's at least one AAAA answer.
3408 // The reason which the addresses appear twice is as mentioned above.
3409 result = safe_getaddrinfo("v4v6", nullptr, nullptr);
3410 EXPECT_TRUE(result != nullptr);
3411 EXPECT_LE(2U, GetNumQueries(dns, host_name2));
3412 EXPECT_THAT(ToStrings(result),
3413 testing::UnorderedElementsAre("2001:db8::102:304", "2001:db8::102:304", "1.2.3.4",
3414 "1.2.3.4"));
3415 }
3416
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryNullArgumentNode)3417 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryNullArgumentNode) {
3418 constexpr char ADDR_ANYADDR_V4[] = "0.0.0.0";
3419 constexpr char ADDR_ANYADDR_V6[] = "::";
3420 constexpr char ADDR_LOCALHOST_V4[] = "127.0.0.1";
3421 constexpr char ADDR_LOCALHOST_V6[] = "::1";
3422
3423 constexpr char PORT_NAME_HTTP[] = "http";
3424 constexpr char PORT_NUMBER_HTTP[] = "80";
3425
3426 constexpr char listen_addr[] = "::1";
3427 constexpr char dns64_name[] = "ipv4only.arpa.";
3428
3429 test::DNSResponder dns(listen_addr);
3430 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::"}});
3431 const std::vector<std::string> servers = {listen_addr};
3432 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3433
3434 // Start NAT64 prefix discovery and wait for it to complete.
3435 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3436 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3437
3438 // clang-format off
3439 // If node is null, return address is listed by libc/getaddrinfo.c as follows.
3440 // - passive socket -> anyaddr (0.0.0.0 or ::)
3441 // - non-passive socket -> localhost (127.0.0.1 or ::1)
3442 static const struct TestConfig {
3443 int flag;
3444 std::string addr_v4;
3445 std::string addr_v6;
3446
3447 std::string asParameters() const {
3448 return fmt::format("flag={}, addr_v4={}, addr_v6={}", flag, addr_v4,
3449 addr_v6);
3450 }
3451 } testConfigs[]{
3452 {0 /* non-passive */, ADDR_LOCALHOST_V4, ADDR_LOCALHOST_V6},
3453 {AI_PASSIVE, ADDR_ANYADDR_V4, ADDR_ANYADDR_V6}
3454 };
3455 // clang-format on
3456
3457 for (const auto& config : testConfigs) {
3458 SCOPED_TRACE(config.asParameters());
3459
3460 addrinfo hints = {
3461 .ai_flags = config.flag,
3462 .ai_family = AF_UNSPEC, // any address family
3463 .ai_socktype = 0, // any type
3464 .ai_protocol = 0, // any protocol
3465 };
3466
3467 // Assign hostname as null and service as port name.
3468 ScopedAddrinfo result = safe_getaddrinfo(nullptr, PORT_NAME_HTTP, &hints);
3469 ASSERT_TRUE(result != nullptr);
3470
3471 // Can't be synthesized because it should not get into Netd.
3472 // Every address appears twice, once for SOCK_STREAM and one for SOCK_DGRAM because the
3473 // socket type is not specified.
3474 EXPECT_THAT(ToStrings(result),
3475 testing::UnorderedElementsAre(config.addr_v4, config.addr_v4, config.addr_v6,
3476 config.addr_v6));
3477
3478 // Assign hostname as null and service as numeric port number.
3479 hints.ai_flags = config.flag | AI_NUMERICSERV;
3480 result = safe_getaddrinfo(nullptr, PORT_NUMBER_HTTP, &hints);
3481 ASSERT_TRUE(result != nullptr);
3482
3483 // Can't be synthesized because it should not get into Netd.
3484 // The reason which the addresses appear twice is as mentioned above.
3485 EXPECT_THAT(ToStrings(result),
3486 testing::UnorderedElementsAre(config.addr_v4, config.addr_v4, config.addr_v6,
3487 config.addr_v6));
3488 }
3489 }
3490
TEST_F(ResolverTest,GetHostByAddr_ReverseDnsQueryWithHavingNat64Prefix)3491 TEST_F(ResolverTest, GetHostByAddr_ReverseDnsQueryWithHavingNat64Prefix) {
3492 struct hostent* result = nullptr;
3493 struct in_addr v4addr;
3494 struct in6_addr v6addr;
3495
3496 constexpr char listen_addr[] = "::1";
3497 constexpr char dns64_name[] = "ipv4only.arpa.";
3498 constexpr char ptr_name[] = "v4v6.example.com.";
3499 // PTR record for IPv4 address 1.2.3.4
3500 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3501 // PTR record for IPv6 address 2001:db8::102:304
3502 constexpr char ptr_addr_v6[] =
3503 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.";
3504 const std::vector<DnsRecord> records = {
3505 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3506 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3507 {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name},
3508 };
3509
3510 test::DNSResponder dns(listen_addr);
3511 StartDns(dns, records);
3512 const std::vector<std::string> servers = {listen_addr};
3513 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3514
3515 // Start NAT64 prefix discovery and wait for it to complete.
3516 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3517 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3518
3519 // Reverse IPv4 DNS query. Prefix should have no effect on it.
3520 inet_pton(AF_INET, "1.2.3.4", &v4addr);
3521 result = gethostbyaddr(&v4addr, sizeof(v4addr), AF_INET);
3522 ASSERT_TRUE(result != nullptr);
3523 std::string result_str = result->h_name ? result->h_name : "null";
3524 EXPECT_EQ(result_str, "v4v6.example.com");
3525
3526 // Reverse IPv6 DNS query. Prefix should have no effect on it.
3527 inet_pton(AF_INET6, "2001:db8::102:304", &v6addr);
3528 result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3529 ASSERT_TRUE(result != nullptr);
3530 result_str = result->h_name ? result->h_name : "null";
3531 EXPECT_EQ(result_str, "v4v6.example.com");
3532 }
3533
TEST_F(ResolverTest,GetHostByAddr_ReverseDns64Query)3534 TEST_F(ResolverTest, GetHostByAddr_ReverseDns64Query) {
3535 constexpr char listen_addr[] = "::1";
3536 constexpr char dns64_name[] = "ipv4only.arpa.";
3537 constexpr char ptr_name[] = "v4only.example.com.";
3538 // PTR record for IPv4 address 1.2.3.4
3539 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3540 // PTR record for IPv6 address 64:ff9b::1.2.3.4
3541 constexpr char ptr_addr_v6_nomapping[] =
3542 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3543 constexpr char ptr_name_v6_synthesis[] = "v6synthesis.example.com.";
3544 // PTR record for IPv6 address 64:ff9b::5.6.7.8
3545 constexpr char ptr_addr_v6_synthesis[] =
3546 "8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3547 const std::vector<DnsRecord> records = {
3548 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3549 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3550 {ptr_addr_v6_synthesis, ns_type::ns_t_ptr, ptr_name_v6_synthesis},
3551 };
3552
3553 test::DNSResponder dns(listen_addr);
3554 StartDns(dns, records);
3555 // "ptr_addr_v6_nomapping" is not mapped in DNS server
3556 const std::vector<std::string> servers = {listen_addr};
3557 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3558
3559 // Start NAT64 prefix discovery and wait for it to complete.
3560 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3561 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3562
3563 // Synthesized PTR record doesn't exist on DNS server
3564 // Reverse IPv6 DNS64 query while DNS server doesn't have an answer for synthesized address.
3565 // After querying synthesized address failed, expect that prefix is removed from IPv6
3566 // synthesized address and do reverse IPv4 query instead.
3567 struct in6_addr v6addr;
3568 inet_pton(AF_INET6, "64:ff9b::1.2.3.4", &v6addr);
3569 struct hostent* result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3570 ASSERT_TRUE(result != nullptr);
3571 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_nomapping)); // PTR record not exist
3572 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4)); // PTR record exist
3573 std::string result_str = result->h_name ? result->h_name : "null";
3574 EXPECT_EQ(result_str, "v4only.example.com");
3575 // Check that return address has been mapped from IPv4 to IPv6 address because Netd
3576 // removes NAT64 prefix and does IPv4 DNS reverse lookup in this case. Then, Netd
3577 // fakes the return IPv4 address as original queried IPv6 address.
3578 result_str = ToString(result);
3579 EXPECT_EQ(result_str, "64:ff9b::102:304");
3580 dns.clearQueries();
3581
3582 // Synthesized PTR record exists on DNS server
3583 // Reverse IPv6 DNS64 query while DNS server has an answer for synthesized address.
3584 // Expect to Netd pass through synthesized address for DNS queries.
3585 inet_pton(AF_INET6, "64:ff9b::5.6.7.8", &v6addr);
3586 result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3587 ASSERT_TRUE(result != nullptr);
3588 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_synthesis));
3589 result_str = result->h_name ? result->h_name : "null";
3590 EXPECT_EQ(result_str, "v6synthesis.example.com");
3591 }
3592
TEST_F(ResolverTest,GetHostByAddr_ReverseDns64QueryFromHostFile)3593 TEST_F(ResolverTest, GetHostByAddr_ReverseDns64QueryFromHostFile) {
3594 constexpr char dns64_name[] = "ipv4only.arpa.";
3595 constexpr char host_name[] = "localhost";
3596 // The address is synthesized by prefix64:localhost.
3597 constexpr char host_addr[] = "64:ff9b::7f00:1";
3598 constexpr char listen_addr[] = "::1";
3599
3600 test::DNSResponder dns(listen_addr);
3601 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});
3602 const std::vector<std::string> servers = {listen_addr};
3603 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3604
3605 // Start NAT64 prefix discovery and wait for it to complete.
3606 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3607 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3608
3609 // Using synthesized "localhost" address to be a trick for resolving host name
3610 // from host file /etc/hosts and "localhost" is the only name in /etc/hosts. Note that this is
3611 // not realistic: the code never synthesizes AAAA records for addresses in 127.0.0.0/8.
3612 struct in6_addr v6addr;
3613 inet_pton(AF_INET6, host_addr, &v6addr);
3614 struct hostent* result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3615 ASSERT_TRUE(result != nullptr);
3616 // Expect no DNS queries; localhost is resolved via /etc/hosts.
3617 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3618
3619 ASSERT_EQ(sizeof(in6_addr), (unsigned)result->h_length);
3620 ASSERT_EQ(AF_INET6, result->h_addrtype);
3621 std::string result_str = ToString(result);
3622 EXPECT_EQ(result_str, host_addr);
3623 result_str = result->h_name ? result->h_name : "null";
3624 EXPECT_EQ(result_str, host_name);
3625 }
3626
TEST_F(ResolverTest,GetHostByAddr_cnamesClasslessReverseDelegation)3627 TEST_F(ResolverTest, GetHostByAddr_cnamesClasslessReverseDelegation) {
3628 // IPv4 addresses in the subnet with notation '/' or '-'.
3629 constexpr char addr_slash[] = "192.0.2.1";
3630 constexpr char addr_hyphen[] = "192.0.3.1";
3631
3632 // Used to verify DNS reverse query for classless reverse lookup zone. See detail in RFC 2317
3633 // section 4.
3634 const static std::vector<DnsRecord> records = {
3635 // The records for reverse querying "192.0.2.1" in the subnet with notation '/'.
3636 {"1.2.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0/25.2.0.192.in-addr.arpa."},
3637 {"1.0/25.2.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3638
3639 // The records for reverse querying "192.0.3.1" in the subnet with notation '-'.
3640 {"1.3.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0-127.3.0.192.in-addr.arpa."},
3641 {"1.0-127.3.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3642 };
3643
3644 test::DNSResponder dns;
3645 StartDns(dns, records);
3646 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3647
3648 for (const auto& address : {addr_slash, addr_hyphen}) {
3649 SCOPED_TRACE(address);
3650
3651 in_addr v4addr;
3652 ASSERT_TRUE(inet_pton(AF_INET, address, &v4addr));
3653 hostent* result = gethostbyaddr(&v4addr, sizeof(v4addr), AF_INET);
3654 ASSERT_TRUE(result != nullptr);
3655 EXPECT_STREQ("hello.example.com", result->h_name);
3656 }
3657 }
3658
TEST_F(ResolverTest,GetNameInfo_ReverseDnsQueryWithHavingNat64Prefix)3659 TEST_F(ResolverTest, GetNameInfo_ReverseDnsQueryWithHavingNat64Prefix) {
3660 constexpr char listen_addr[] = "::1";
3661 constexpr char dns64_name[] = "ipv4only.arpa.";
3662 constexpr char ptr_name[] = "v4v6.example.com.";
3663 // PTR record for IPv4 address 1.2.3.4
3664 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3665 // PTR record for IPv6 address 2001:db8::102:304
3666 constexpr char ptr_addr_v6[] =
3667 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.";
3668 const std::vector<DnsRecord> records = {
3669 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3670 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3671 {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name},
3672 };
3673
3674 test::DNSResponder dns(listen_addr);
3675 StartDns(dns, records);
3676 const std::vector<std::string> servers = {listen_addr};
3677 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3678
3679 // Start NAT64 prefix discovery and wait for it to complete.
3680 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3681 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3682
3683 // clang-format off
3684 static const struct TestConfig {
3685 int flag;
3686 int family;
3687 std::string addr;
3688 std::string host;
3689
3690 std::string asParameters() const {
3691 return fmt::format("flag={}, family={}, addr={}, host={}", flag, family, addr,
3692 host);
3693 }
3694 } testConfigs[]{
3695 {NI_NAMEREQD, AF_INET, "1.2.3.4", "v4v6.example.com"},
3696 {NI_NUMERICHOST, AF_INET, "1.2.3.4", "1.2.3.4"},
3697 {0, AF_INET, "1.2.3.4", "v4v6.example.com"},
3698 {0, AF_INET, "5.6.7.8", "5.6.7.8"}, // unmapped
3699 {NI_NAMEREQD, AF_INET6, "2001:db8::102:304", "v4v6.example.com"},
3700 {NI_NUMERICHOST, AF_INET6, "2001:db8::102:304", "2001:db8::102:304"},
3701 {0, AF_INET6, "2001:db8::102:304", "v4v6.example.com"},
3702 {0, AF_INET6, "2001:db8::506:708", "2001:db8::506:708"}, // unmapped
3703 };
3704 // clang-format on
3705
3706 // Reverse IPv4/IPv6 DNS query. Prefix should have no effect on it.
3707 for (const auto& config : testConfigs) {
3708 SCOPED_TRACE(config.asParameters());
3709
3710 int rv;
3711 char host[NI_MAXHOST];
3712 struct sockaddr_in sin;
3713 struct sockaddr_in6 sin6;
3714 if (config.family == AF_INET) {
3715 memset(&sin, 0, sizeof(sin));
3716 sin.sin_family = AF_INET;
3717 inet_pton(AF_INET, config.addr.c_str(), &sin.sin_addr);
3718 rv = getnameinfo((const struct sockaddr*)&sin, sizeof(sin), host, sizeof(host), nullptr,
3719 0, config.flag);
3720 if (config.flag == NI_NAMEREQD) EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4));
3721 } else if (config.family == AF_INET6) {
3722 memset(&sin6, 0, sizeof(sin6));
3723 sin6.sin6_family = AF_INET6;
3724 inet_pton(AF_INET6, config.addr.c_str(), &sin6.sin6_addr);
3725 rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host),
3726 nullptr, 0, config.flag);
3727 if (config.flag == NI_NAMEREQD) EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6));
3728 }
3729 ASSERT_EQ(0, rv);
3730 std::string result_str = host;
3731 EXPECT_EQ(result_str, config.host);
3732 dns.clearQueries();
3733 }
3734 }
3735
TEST_F(ResolverTest,GetNameInfo_ReverseDns64Query)3736 TEST_F(ResolverTest, GetNameInfo_ReverseDns64Query) {
3737 constexpr char listen_addr[] = "::1";
3738 constexpr char dns64_name[] = "ipv4only.arpa.";
3739 constexpr char ptr_name[] = "v4only.example.com.";
3740 // PTR record for IPv4 address 1.2.3.4
3741 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3742 // PTR record for IPv6 address 64:ff9b::1.2.3.4
3743 constexpr char ptr_addr_v6_nomapping[] =
3744 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3745 constexpr char ptr_name_v6_synthesis[] = "v6synthesis.example.com.";
3746 // PTR record for IPv6 address 64:ff9b::5.6.7.8
3747 constexpr char ptr_addr_v6_synthesis[] =
3748 "8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3749 const std::vector<DnsRecord> records = {
3750 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3751 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3752 {ptr_addr_v6_synthesis, ns_type::ns_t_ptr, ptr_name_v6_synthesis},
3753 };
3754
3755 test::DNSResponder dns(listen_addr);
3756 StartDns(dns, records);
3757 const std::vector<std::string> servers = {listen_addr};
3758 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3759
3760 // Start NAT64 prefix discovery and wait for it to complete.
3761 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3762 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3763
3764 // clang-format off
3765 static const struct TestConfig {
3766 bool hasSynthesizedPtrRecord;
3767 int flag;
3768 std::string addr;
3769 std::string host;
3770
3771 std::string asParameters() const {
3772 return fmt::format("hasSynthesizedPtrRecord={}, flag={}, addr={}, host={}",
3773 hasSynthesizedPtrRecord, flag, addr, host);
3774 }
3775 } testConfigs[]{
3776 {false, NI_NAMEREQD, "64:ff9b::102:304", "v4only.example.com"},
3777 {false, NI_NUMERICHOST, "64:ff9b::102:304", "64:ff9b::102:304"},
3778 {false, 0, "64:ff9b::102:304", "v4only.example.com"},
3779 {true, NI_NAMEREQD, "64:ff9b::506:708", "v6synthesis.example.com"},
3780 {true, NI_NUMERICHOST, "64:ff9b::506:708", "64:ff9b::506:708"},
3781 {true, 0, "64:ff9b::506:708", "v6synthesis.example.com"}
3782 };
3783 // clang-format on
3784
3785 // hasSynthesizedPtrRecord = false
3786 // Synthesized PTR record doesn't exist on DNS server
3787 // Reverse IPv6 DNS64 query while DNS server doesn't have an answer for synthesized address.
3788 // After querying synthesized address failed, expect that prefix is removed from IPv6
3789 // synthesized address and do reverse IPv4 query instead.
3790 //
3791 // hasSynthesizedPtrRecord = true
3792 // Synthesized PTR record exists on DNS server
3793 // Reverse IPv6 DNS64 query while DNS server has an answer for synthesized address.
3794 // Expect to just pass through synthesized address for DNS queries.
3795 for (const auto& config : testConfigs) {
3796 SCOPED_TRACE(config.asParameters());
3797
3798 char host[NI_MAXHOST];
3799 struct sockaddr_in6 sin6;
3800 memset(&sin6, 0, sizeof(sin6));
3801 sin6.sin6_family = AF_INET6;
3802 inet_pton(AF_INET6, config.addr.c_str(), &sin6.sin6_addr);
3803 int rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host),
3804 nullptr, 0, config.flag);
3805 ASSERT_EQ(0, rv);
3806 if (config.flag == NI_NAMEREQD) {
3807 if (config.hasSynthesizedPtrRecord) {
3808 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_synthesis));
3809 } else {
3810 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_nomapping)); // PTR record not exist.
3811 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4)); // PTR record exist.
3812 }
3813 }
3814 std::string result_str = host;
3815 EXPECT_EQ(result_str, config.host);
3816 dns.clearQueries();
3817 }
3818 }
3819
TEST_F(ResolverTest,GetNameInfo_ReverseDns64QueryFromHostFile)3820 TEST_F(ResolverTest, GetNameInfo_ReverseDns64QueryFromHostFile) {
3821 constexpr char dns64_name[] = "ipv4only.arpa.";
3822 constexpr char host_name[] = "localhost";
3823 // The address is synthesized by prefix64:localhost.
3824 constexpr char host_addr[] = "64:ff9b::7f00:1";
3825 constexpr char listen_addr[] = "::1";
3826
3827 test::DNSResponder dns(listen_addr);
3828
3829 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});
3830 const std::vector<std::string> servers = {listen_addr};
3831 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3832
3833 // Start NAT64 prefix discovery and wait for it to complete.
3834 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3835 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3836
3837 // Using synthesized "localhost" address to be a trick for resolving host name
3838 // from host file /etc/hosts and "localhost" is the only name in /etc/hosts. Note that this is
3839 // not realistic: the code never synthesizes AAAA records for addresses in 127.0.0.0/8.
3840 char host[NI_MAXHOST];
3841 struct sockaddr_in6 sin6 = {.sin6_family = AF_INET6};
3842 inet_pton(AF_INET6, host_addr, &sin6.sin6_addr);
3843 int rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host), nullptr,
3844 0, NI_NAMEREQD);
3845 ASSERT_EQ(0, rv);
3846 // Expect no DNS queries; localhost is resolved via /etc/hosts.
3847 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3848
3849 std::string result_str = host;
3850 EXPECT_EQ(result_str, host_name);
3851 }
3852
TEST_F(ResolverTest,GetNameInfo_cnamesClasslessReverseDelegation)3853 TEST_F(ResolverTest, GetNameInfo_cnamesClasslessReverseDelegation) {
3854 // IPv4 addresses in the subnet with notation '/' or '-'.
3855 constexpr char addr_slash[] = "192.0.2.1";
3856 constexpr char addr_hyphen[] = "192.0.3.1";
3857
3858 // Used to verify DNS reverse query for classless reverse lookup zone. See detail in RFC 2317
3859 // section 4.
3860 const static std::vector<DnsRecord> records = {
3861 // The records for reverse querying "192.0.2.1" in the subnet with notation '/'.
3862 {"1.2.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0/25.2.0.192.in-addr.arpa."},
3863 {"1.0/25.2.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3864
3865 // The records for reverse querying "192.0.3.1" in the subnet with notation '-'.
3866 {"1.3.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0-127.3.0.192.in-addr.arpa."},
3867 {"1.0-127.3.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3868 };
3869
3870 test::DNSResponder dns;
3871 StartDns(dns, records);
3872 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3873
3874 for (const auto& address : {addr_slash, addr_hyphen}) {
3875 SCOPED_TRACE(address);
3876
3877 char host[NI_MAXHOST];
3878 sockaddr_in sin = {.sin_family = AF_INET};
3879 ASSERT_TRUE(inet_pton(AF_INET, address, &sin.sin_addr));
3880 int rv = getnameinfo((const sockaddr*)&sin, sizeof(sin), host, sizeof(host), nullptr, 0,
3881 NI_NAMEREQD);
3882 ASSERT_EQ(0, rv);
3883 EXPECT_STREQ("hello.example.com", host);
3884 }
3885 }
3886
TEST_F(ResolverTest,GetHostByName2_Dns64Synthesize)3887 TEST_F(ResolverTest, GetHostByName2_Dns64Synthesize) {
3888 constexpr char listen_addr[] = "::1";
3889 constexpr char dns64_name[] = "ipv4only.arpa.";
3890 constexpr char host_name[] = "ipv4only.example.com.";
3891 const std::vector<DnsRecord> records = {
3892 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3893 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3894 };
3895
3896 test::DNSResponder dns(listen_addr);
3897 StartDns(dns, records);
3898 const std::vector<std::string> servers = {listen_addr};
3899 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3900
3901 // Start NAT64 prefix discovery and wait for it to complete.
3902 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3903 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3904
3905 // Query an IPv4-only hostname. Expect that gets a synthesized address.
3906 struct hostent* result = gethostbyname2("ipv4only", AF_INET6);
3907 ASSERT_TRUE(result != nullptr);
3908 EXPECT_LE(1U, GetNumQueries(dns, host_name));
3909 std::string result_str = ToString(result);
3910 EXPECT_EQ(result_str, "64:ff9b::102:304");
3911 }
3912
TEST_F(ResolverTest,GetHostByName2_DnsQueryWithHavingNat64Prefix)3913 TEST_F(ResolverTest, GetHostByName2_DnsQueryWithHavingNat64Prefix) {
3914 constexpr char dns64_name[] = "ipv4only.arpa.";
3915 constexpr char host_name[] = "v4v6.example.com.";
3916 constexpr char listen_addr[] = "::1";
3917 const std::vector<DnsRecord> records = {
3918 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
3919 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3920 {host_name, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3921 };
3922
3923 test::DNSResponder dns(listen_addr);
3924 StartDns(dns, records);
3925 const std::vector<std::string> servers = {listen_addr};
3926 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3927
3928 // Start NAT64 prefix discovery and wait for it to complete.
3929 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3930 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3931
3932 // IPv4 DNS query. Prefix should have no effect on it.
3933 struct hostent* result = gethostbyname2("v4v6", AF_INET);
3934 ASSERT_TRUE(result != nullptr);
3935 EXPECT_LE(1U, GetNumQueries(dns, host_name));
3936 std::string result_str = ToString(result);
3937 EXPECT_EQ(result_str, "1.2.3.4");
3938 dns.clearQueries();
3939
3940 // IPv6 DNS query. Prefix should have no effect on it.
3941 result = gethostbyname2("v4v6", AF_INET6);
3942 ASSERT_TRUE(result != nullptr);
3943 EXPECT_LE(1U, GetNumQueries(dns, host_name));
3944 result_str = ToString(result);
3945 EXPECT_EQ(result_str, "2001:db8::102:304");
3946 }
3947
TEST_F(ResolverTest,GetHostByName2_Dns64QuerySpecialUseIPv4Addresses)3948 TEST_F(ResolverTest, GetHostByName2_Dns64QuerySpecialUseIPv4Addresses) {
3949 constexpr char THIS_NETWORK[] = "this_network";
3950 constexpr char LOOPBACK[] = "loopback";
3951 constexpr char LINK_LOCAL[] = "link_local";
3952 constexpr char MULTICAST[] = "multicast";
3953 constexpr char LIMITED_BROADCAST[] = "limited_broadcast";
3954
3955 constexpr char ADDR_THIS_NETWORK[] = "0.0.0.1";
3956 constexpr char ADDR_LOOPBACK[] = "127.0.0.1";
3957 constexpr char ADDR_LINK_LOCAL[] = "169.254.0.1";
3958 constexpr char ADDR_MULTICAST[] = "224.0.0.1";
3959 constexpr char ADDR_LIMITED_BROADCAST[] = "255.255.255.255";
3960
3961 constexpr char listen_addr[] = "::1";
3962 constexpr char dns64_name[] = "ipv4only.arpa.";
3963
3964 test::DNSResponder dns(listen_addr);
3965 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::"}});
3966 const std::vector<std::string> servers = {listen_addr};
3967 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3968
3969 // Start NAT64 prefix discovery and wait for it to complete.
3970 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
3971 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
3972
3973 // clang-format off
3974 static const struct TestConfig {
3975 std::string name;
3976 std::string addr;
3977
3978 std::string asHostName() const {
3979 return fmt::format("{}.example.com.", name);
3980 }
3981 } testConfigs[]{
3982 {THIS_NETWORK, ADDR_THIS_NETWORK},
3983 {LOOPBACK, ADDR_LOOPBACK},
3984 {LINK_LOCAL, ADDR_LINK_LOCAL},
3985 {MULTICAST, ADDR_MULTICAST},
3986 {LIMITED_BROADCAST, ADDR_LIMITED_BROADCAST}
3987 };
3988 // clang-format on
3989
3990 for (const auto& config : testConfigs) {
3991 const std::string testHostName = config.asHostName();
3992 SCOPED_TRACE(testHostName);
3993
3994 const char* host_name = testHostName.c_str();
3995 dns.addMapping(host_name, ns_type::ns_t_a, config.addr.c_str());
3996
3997 struct hostent* result = gethostbyname2(config.name.c_str(), AF_INET6);
3998 EXPECT_LE(1U, GetNumQueries(dns, host_name));
3999
4000 // In AF_INET6 case, don't synthesize special use IPv4 address.
4001 // Expect to have no answer
4002 EXPECT_EQ(nullptr, result);
4003
4004 dns.clearQueries();
4005 }
4006 }
4007
TEST_F(ResolverTest,PrefixDiscoveryBypassTls)4008 TEST_F(ResolverTest, PrefixDiscoveryBypassTls) {
4009 constexpr char listen_addr[] = "::1";
4010 constexpr char cleartext_port[] = "53";
4011 constexpr char tls_port[] = "853";
4012 constexpr char dns64_name[] = "ipv4only.arpa.";
4013 const std::vector<std::string> servers = {listen_addr};
4014
4015 test::DNSResponder dns(listen_addr);
4016 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});
4017 test::DnsTlsFrontend tls(listen_addr, tls_port, listen_addr, cleartext_port);
4018 ASSERT_TRUE(tls.startServer());
4019
4020 // Setup OPPORTUNISTIC mode and wait for the validation complete.
4021 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams, ""));
4022 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4023 EXPECT_TRUE(tls.waitForQueries(1));
4024 tls.clearQueries();
4025
4026 // Start NAT64 prefix discovery and wait for it complete.
4027 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
4028 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4029
4030 // Verify it bypassed TLS even though there's a TLS server available.
4031 EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();
4032 EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();
4033
4034 // Restart the testing network to reset the cache.
4035 mDnsClient.TearDown();
4036 mDnsClient.SetUp();
4037 dns.clearQueries();
4038
4039 // Setup STRICT mode and wait for the validation complete.
4040 ASSERT_TRUE(mDnsClient.SetResolversWithTls(servers, kDefaultSearchDomains, kDefaultParams,
4041 kDefaultPrivateDnsHostName));
4042 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4043 EXPECT_TRUE(tls.waitForQueries(1));
4044 tls.clearQueries();
4045
4046 // Start NAT64 prefix discovery and wait for it to complete.
4047 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
4048 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4049
4050 // Verify it bypassed TLS despite STRICT mode.
4051 EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();
4052 EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();
4053 }
4054
TEST_F(ResolverTest,SetAndClearNat64Prefix)4055 TEST_F(ResolverTest, SetAndClearNat64Prefix) {
4056 constexpr char host_name[] = "v4.example.com.";
4057 constexpr char listen_addr[] = "::1";
4058 const std::vector<DnsRecord> records = {
4059 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4060 };
4061
4062 test::DNSResponder dns(listen_addr);
4063 StartDns(dns, records);
4064 const std::vector<std::string> servers = {listen_addr};
4065 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4066
4067 auto resolvService = mDnsClient.resolvService();
4068 addrinfo hints = {.ai_family = AF_INET6};
4069
4070 // No NAT64 prefix, no AAAA record.
4071 ScopedAddrinfo result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4072 ASSERT_TRUE(result == nullptr);
4073
4074 // Set the prefix, and expect to get a synthesized AAAA record.
4075 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix2).isOk());
4076 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4077 ASSERT_FALSE(result == nullptr);
4078 EXPECT_EQ("2001:db8:6464::102:304", ToString(result));
4079
4080 // Update the prefix, expect to see AAAA records from the new prefix.
4081 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4082 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4083 ASSERT_FALSE(result == nullptr);
4084 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4085
4086 // Non-/96 prefixes are ignored.
4087 auto status = resolvService->setPrefix64(TEST_NETID, "64:ff9b::/64");
4088 EXPECT_FALSE(status.isOk());
4089 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4090 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4091
4092 // Invalid prefixes are ignored.
4093 status = resolvService->setPrefix64(TEST_NETID, "192.0.2.0/24");
4094 EXPECT_FALSE(status.isOk());
4095 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4096 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4097
4098 status = resolvService->setPrefix64(TEST_NETID, "192.0.2.1");
4099 EXPECT_FALSE(status.isOk());
4100 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4101 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4102
4103 status = resolvService->setPrefix64(TEST_NETID, "hello");
4104 EXPECT_FALSE(status.isOk());
4105 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4106 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4107
4108 // DNS64 synthesis is still working.
4109 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4110 ASSERT_FALSE(result == nullptr);
4111 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4112
4113 // Clear the prefix. No AAAA records any more.
4114 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, "").isOk());
4115 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4116 EXPECT_TRUE(result == nullptr);
4117
4118 // Calling startPrefix64Discovery clears the prefix.
4119 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4120 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4121 ASSERT_FALSE(result == nullptr);
4122 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4123
4124 EXPECT_TRUE(resolvService->startPrefix64Discovery(TEST_NETID).isOk());
4125 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4126 ASSERT_TRUE(result == nullptr);
4127
4128 // setPrefix64 fails if prefix discovery is started, even if no prefix is yet discovered...
4129 status = resolvService->setPrefix64(TEST_NETID, kNat64Prefix);
4130 EXPECT_FALSE(status.isOk());
4131 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4132 EXPECT_EQ(EEXIST, status.getServiceSpecificError());
4133
4134 // .. and clearing the prefix also has no effect.
4135 status = resolvService->setPrefix64(TEST_NETID, "");
4136 EXPECT_FALSE(status.isOk());
4137 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4138 EXPECT_EQ(ENOENT, status.getServiceSpecificError());
4139
4140 // setPrefix64 succeeds again when prefix discovery is stopped.
4141 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4142 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4143 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4144 ASSERT_FALSE(result == nullptr);
4145 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4146
4147 // Calling stopPrefix64Discovery clears the prefix.
4148 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4149 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4150 ASSERT_TRUE(result == nullptr);
4151
4152 // Set up NAT64 prefix discovery.
4153 constexpr char dns64_name[] = "ipv4only.arpa.";
4154 const std::vector<DnsRecord> newRecords = {
4155 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4156 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
4157 };
4158 dns.stopServer();
4159 StartDns(dns, newRecords);
4160
4161 EXPECT_TRUE(resolvService->startPrefix64Discovery(TEST_NETID).isOk());
4162 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4163 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4164 ASSERT_FALSE(result == nullptr);
4165 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4166
4167 // setPrefix64 fails if NAT64 prefix discovery has succeeded, and the discovered prefix
4168 // continues to be used.
4169 status = resolvService->setPrefix64(TEST_NETID, kNat64Prefix2);
4170 EXPECT_FALSE(status.isOk());
4171 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4172 EXPECT_EQ(EEXIST, status.getServiceSpecificError());
4173
4174 // Clearing the prefix also has no effect if discovery is started.
4175 status = resolvService->setPrefix64(TEST_NETID, "");
4176 EXPECT_FALSE(status.isOk());
4177 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4178 EXPECT_EQ(ENOENT, status.getServiceSpecificError());
4179
4180 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4181 ASSERT_FALSE(result == nullptr);
4182 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4183
4184 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4185 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
4186
4187 EXPECT_EQ(0, sDnsMetricsListener->getUnexpectedNat64PrefixUpdates());
4188 EXPECT_EQ(0, sUnsolicitedEventListener->getUnexpectedNat64PrefixUpdates());
4189 }
4190
4191 namespace {
4192
4193 class ScopedSetNetworkForProcess {
4194 public:
ScopedSetNetworkForProcess(unsigned netId)4195 explicit ScopedSetNetworkForProcess(unsigned netId) {
4196 mStoredNetId = getNetworkForProcess();
4197 if (netId == mStoredNetId) return;
4198 EXPECT_EQ(0, setNetworkForProcess(netId));
4199 }
~ScopedSetNetworkForProcess()4200 ~ScopedSetNetworkForProcess() { EXPECT_EQ(0, setNetworkForProcess(mStoredNetId)); }
4201
4202 private:
4203 unsigned mStoredNetId;
4204 };
4205
4206 class ScopedSetNetworkForResolv {
4207 public:
ScopedSetNetworkForResolv(unsigned netId)4208 explicit ScopedSetNetworkForResolv(unsigned netId) { EXPECT_EQ(0, setNetworkForResolv(netId)); }
~ScopedSetNetworkForResolv()4209 ~ScopedSetNetworkForResolv() { EXPECT_EQ(0, setNetworkForResolv(NETID_UNSET)); }
4210 };
4211
sendCommand(int fd,const std::string & cmd)4212 void sendCommand(int fd, const std::string& cmd) {
4213 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size() + 1));
4214 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size() + 1));
4215 }
4216
readBE32(int fd)4217 int32_t readBE32(int fd) {
4218 int32_t tmp;
4219 int n = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
4220 EXPECT_TRUE(n > 0);
4221 return ntohl(tmp);
4222 }
4223
readResponseCode(int fd)4224 int readResponseCode(int fd) {
4225 char buf[4];
4226 int n = TEMP_FAILURE_RETRY(read(fd, &buf, sizeof(buf)));
4227 EXPECT_TRUE(n > 0);
4228 // The format of response code is that 4 bytes for the code & null.
4229 buf[3] = '\0';
4230 int result;
4231 EXPECT_TRUE(ParseInt(buf, &result));
4232 return result;
4233 }
4234
checkAndClearUseLocalNameserversFlag(unsigned * netid)4235 bool checkAndClearUseLocalNameserversFlag(unsigned* netid) {
4236 if (netid == nullptr || ((*netid) & NETID_USE_LOCAL_NAMESERVERS) == 0) {
4237 return false;
4238 }
4239 *netid = (*netid) & ~NETID_USE_LOCAL_NAMESERVERS;
4240 return true;
4241 }
4242
makeUidRangeParcel(int start,int stop)4243 aidl::android::net::UidRangeParcel makeUidRangeParcel(int start, int stop) {
4244 aidl::android::net::UidRangeParcel res;
4245 res.start = start;
4246 res.stop = stop;
4247
4248 return res;
4249 }
4250
expectNetIdWithLocalNameserversFlag(unsigned netId)4251 void expectNetIdWithLocalNameserversFlag(unsigned netId) {
4252 unsigned dnsNetId = 0;
4253 EXPECT_EQ(0, getNetworkForDns(&dnsNetId));
4254 EXPECT_TRUE(checkAndClearUseLocalNameserversFlag(&dnsNetId));
4255 EXPECT_EQ(netId, static_cast<unsigned>(dnsNetId));
4256 }
4257
expectDnsNetIdEquals(unsigned netId)4258 void expectDnsNetIdEquals(unsigned netId) {
4259 unsigned dnsNetId = 0;
4260 EXPECT_EQ(0, getNetworkForDns(&dnsNetId));
4261 EXPECT_EQ(netId, static_cast<unsigned>(dnsNetId));
4262 }
4263
expectDnsNetIdIsDefaultNetwork(INetd * netdService)4264 void expectDnsNetIdIsDefaultNetwork(INetd* netdService) {
4265 int currentNetid;
4266 EXPECT_TRUE(netdService->networkGetDefault(¤tNetid).isOk());
4267 expectDnsNetIdEquals(currentNetid);
4268 }
4269
expectDnsNetIdWithVpn(INetd * netdService,unsigned vpnNetId,unsigned expectedNetId)4270 void expectDnsNetIdWithVpn(INetd* netdService, unsigned vpnNetId, unsigned expectedNetId) {
4271 if (DnsResponderClient::isRemoteVersionSupported(netdService, 6)) {
4272 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
4273 vpnNetId, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE, /*secure=*/false);
4274 EXPECT_TRUE(netdService->networkCreate(config).isOk());
4275 } else {
4276 #pragma clang diagnostic push
4277 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
4278 EXPECT_TRUE(netdService->networkCreateVpn(vpnNetId, false /* secure */).isOk());
4279 #pragma clang diagnostic pop
4280 }
4281
4282 uid_t uid = getuid();
4283 // Add uid to VPN
4284 EXPECT_TRUE(netdService->networkAddUidRanges(vpnNetId, {makeUidRangeParcel(uid, uid)}).isOk());
4285 expectDnsNetIdEquals(expectedNetId);
4286 EXPECT_TRUE(netdService->networkDestroy(vpnNetId).isOk());
4287 }
4288
4289 } // namespace
4290
TEST_F(ResolverTest,getDnsNetId)4291 TEST_F(ResolverTest, getDnsNetId) {
4292 // We've called setNetworkForProcess in SetupOemNetwork, so reset to default first.
4293 setNetworkForProcess(NETID_UNSET);
4294
4295 expectDnsNetIdIsDefaultNetwork(mDnsClient.netdService());
4296 expectDnsNetIdWithVpn(mDnsClient.netdService(), TEST_VPN_NETID, TEST_VPN_NETID);
4297
4298 // Test with setNetworkForProcess
4299 {
4300 ScopedSetNetworkForProcess scopedSetNetworkForProcess(TEST_NETID);
4301 expectDnsNetIdEquals(TEST_NETID);
4302 }
4303
4304 // Test with setNetworkForProcess with NETID_USE_LOCAL_NAMESERVERS
4305 {
4306 ScopedSetNetworkForProcess scopedSetNetworkForProcess(TEST_NETID |
4307 NETID_USE_LOCAL_NAMESERVERS);
4308 expectNetIdWithLocalNameserversFlag(TEST_NETID);
4309 }
4310
4311 // Test with setNetworkForResolv
4312 {
4313 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID);
4314 expectDnsNetIdEquals(TEST_NETID);
4315 }
4316
4317 // Test with setNetworkForResolv with NETID_USE_LOCAL_NAMESERVERS
4318 {
4319 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID |
4320 NETID_USE_LOCAL_NAMESERVERS);
4321 expectNetIdWithLocalNameserversFlag(TEST_NETID);
4322 }
4323
4324 // Test with setNetworkForResolv under bypassable vpn
4325 {
4326 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID);
4327 expectDnsNetIdWithVpn(mDnsClient.netdService(), TEST_VPN_NETID, TEST_NETID);
4328 }
4329
4330 // Create socket connected to DnsProxyListener
4331 int fd = dns_open_proxy();
4332 EXPECT_TRUE(fd > 0);
4333 unique_fd ufd(fd);
4334
4335 // Test command with wrong netId
4336 sendCommand(fd, "getdnsnetid abc");
4337 EXPECT_EQ(ResponseCode::DnsProxyQueryResult, readResponseCode(fd));
4338 EXPECT_EQ(-EINVAL, readBE32(fd));
4339
4340 // Test unsupported command
4341 sendCommand(fd, "getdnsnetidNotSupported");
4342 // Keep in sync with FrameworkListener.cpp (500, "Command not recognized")
4343 EXPECT_EQ(500, readResponseCode(fd));
4344 }
4345
4346 // TODO(b/219434602): find an alternative way to block DNS packets on T+.
TEST_F(ResolverTest,BlockDnsQueryWithUidRule)4347 TEST_F(ResolverTest, BlockDnsQueryWithUidRule) {
4348 if (android::modules::sdklevel::IsAtLeastT()) GTEST_SKIP() << "T+ device.";
4349 SKIP_IF_BPF_NOT_SUPPORTED;
4350 constexpr char listen_addr1[] = "127.0.0.4";
4351 constexpr char listen_addr2[] = "::1";
4352 constexpr char host_name[] = "howdy.example.com.";
4353 const std::vector<DnsRecord> records = {
4354 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4355 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4356 };
4357 INetd* netdService = mDnsClient.netdService();
4358
4359 test::DNSResponder dns1(listen_addr1);
4360 test::DNSResponder dns2(listen_addr2);
4361 StartDns(dns1, records);
4362 StartDns(dns2, records);
4363
4364 std::vector<std::string> servers = {listen_addr1, listen_addr2};
4365 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4366 dns1.clearQueries();
4367 dns2.clearQueries();
4368
4369 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4370 // Dns Query
4371 int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4372 int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4373 EXPECT_TRUE(fd1 != -1);
4374 EXPECT_TRUE(fd2 != -1);
4375
4376 uint8_t buf1[MAXPACKET] = {};
4377 uint8_t buf2[MAXPACKET] = {};
4378 int rcode;
4379 int res2 = getAsyncResponse(fd2, &rcode, buf2, MAXPACKET);
4380 int res1 = getAsyncResponse(fd1, &rcode, buf1, MAXPACKET);
4381 // If API level >= 30 (R+), these queries should be blocked.
4382 if (isAtLeastR) {
4383 EXPECT_EQ(res2, -ECONNREFUSED);
4384 EXPECT_EQ(res1, -ECONNREFUSED);
4385 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, EAI_SYSTEM, "howdy.example.com", {});
4386 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, EAI_SYSTEM, "howdy.example.com", {});
4387 } else {
4388 EXPECT_GT(res2, 0);
4389 EXPECT_EQ("::1.2.3.4", toString(buf2, res2, AF_INET6));
4390 EXPECT_GT(res1, 0);
4391 EXPECT_EQ("1.2.3.4", toString(buf1, res1, AF_INET));
4392 // To avoid flaky test, do not evaluate DnsEvent since event order is not guaranteed.
4393 }
4394 }
4395
4396 // TODO(b/219434602): find an alternative way to block DNS packets on T+.
TEST_F(ResolverTest,GetAddrinfo_BlockDnsQueryWithUidRule)4397 TEST_F(ResolverTest, GetAddrinfo_BlockDnsQueryWithUidRule) {
4398 if (android::modules::sdklevel::IsAtLeastT()) GTEST_SKIP() << "T+ device.";
4399 SKIP_IF_BPF_NOT_SUPPORTED;
4400 constexpr char listen_addr1[] = "127.0.0.4";
4401 constexpr char listen_addr2[] = "::1";
4402 constexpr char host_name[] = "howdy.example.com.";
4403 const std::vector<DnsRecord> records = {
4404 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4405 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4406 };
4407 test::DNSResponder dns1(listen_addr1);
4408 test::DNSResponder dns2(listen_addr2);
4409 StartDns(dns1, records);
4410 StartDns(dns2, records);
4411
4412 std::vector<std::string> servers = {listen_addr1, listen_addr2};
4413 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, kDefaultSearchDomains, kDefaultParams));
4414
4415 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
4416
4417 static struct {
4418 const char* hname;
4419 const int expectedErrorCode;
4420 } kTestData[] = {
4421 {host_name, EAI_NODATA},
4422 // To test the query with search domain.
4423 {"howdy", EAI_AGAIN},
4424 };
4425
4426 INetd* netdService = mDnsClient.netdService();
4427 for (auto& td : kTestData) {
4428 SCOPED_TRACE(td.hname);
4429 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4430 // If API level >= 30 (R+), these queries should be blocked.
4431 if (isAtLeastR) {
4432 addrinfo* result = nullptr;
4433 // getaddrinfo() in bionic would convert all errors to EAI_NODATA
4434 // except EAI_SYSTEM.
4435 EXPECT_EQ(EAI_NODATA, getaddrinfo(td.hname, nullptr, &hints, &result));
4436 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, td.expectedErrorCode, td.hname,
4437 {});
4438 } else {
4439 ScopedAddrinfo result = safe_getaddrinfo(td.hname, nullptr, &hints);
4440 EXPECT_NE(nullptr, result);
4441 EXPECT_THAT(ToStrings(result),
4442 testing::UnorderedElementsAreArray({"1.2.3.4", "::1.2.3.4"}));
4443 // To avoid flaky test, do not evaluate DnsEvent since event order is not guaranteed.
4444 }
4445 }
4446 }
4447
4448 // TODO(b/219434602): find an alternative way to block DNS packets on T+.
TEST_F(ResolverTest,EnforceDnsUid)4449 TEST_F(ResolverTest, EnforceDnsUid) {
4450 if (android::modules::sdklevel::IsAtLeastT()) GTEST_SKIP() << "T+ device.";
4451 SKIP_IF_BPF_NOT_SUPPORTED;
4452 constexpr char listen_addr1[] = "127.0.0.4";
4453 constexpr char listen_addr2[] = "::1";
4454 constexpr char host_name[] = "howdy.example.com.";
4455 const std::vector<DnsRecord> records = {
4456 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4457 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4458 };
4459 INetd* netdService = mDnsClient.netdService();
4460
4461 test::DNSResponder dns1(listen_addr1);
4462 test::DNSResponder dns2(listen_addr2);
4463 StartDns(dns1, records);
4464 StartDns(dns2, records);
4465
4466 // switch uid of DNS queries from applications to AID_DNS
4467 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4468 parcel.servers = {listen_addr1, listen_addr2};
4469 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
4470
4471 uint8_t buf[MAXPACKET] = {};
4472 uint8_t buf2[MAXPACKET] = {};
4473 int rcode;
4474 {
4475 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4476 // Dns Queries should be blocked
4477 const int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4478 const int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4479 EXPECT_TRUE(fd1 != -1);
4480 EXPECT_TRUE(fd2 != -1);
4481
4482 const int res2 = getAsyncResponse(fd2, &rcode, buf2, MAXPACKET);
4483 const int res1 = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
4484 // If API level >= 30 (R+), the query should be blocked.
4485 if (isAtLeastR) {
4486 EXPECT_EQ(res2, -ECONNREFUSED);
4487 EXPECT_EQ(res1, -ECONNREFUSED);
4488 } else {
4489 EXPECT_GT(res2, 0);
4490 EXPECT_EQ("::1.2.3.4", toString(buf2, res2, AF_INET6));
4491 EXPECT_GT(res1, 0);
4492 EXPECT_EQ("1.2.3.4", toString(buf, res1, AF_INET));
4493 }
4494 }
4495
4496 memset(buf, 0, MAXPACKET);
4497 ResolverOptionsParcel resolverOptions;
4498 resolverOptions.enforceDnsUid = true;
4499 if (!mIsResolverOptionIPCSupported) {
4500 parcel.resolverOptions = resolverOptions;
4501 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
4502 } else {
4503 ASSERT_TRUE(mDnsClient.resolvService()
4504 ->setResolverOptions(parcel.netId, resolverOptions)
4505 .isOk());
4506 }
4507
4508 {
4509 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4510 // Dns Queries should NOT be blocked
4511 int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4512 int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4513 EXPECT_TRUE(fd1 != -1);
4514 EXPECT_TRUE(fd2 != -1);
4515
4516 int res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
4517 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
4518
4519 memset(buf, 0, MAXPACKET);
4520 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
4521 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
4522
4523 // @TODO: So far we know that uid of DNS queries are no more set to DNS requester. But we
4524 // don't check if they are actually being set to AID_DNS, because system uids are always
4525 // allowed in bpf_owner_match(). Audit by firewallSetUidRule(AID_DNS) + sending queries is
4526 // infeasible. Fix it if the behavior of bpf_owner_match() is changed in the future, or if
4527 // we have better idea to deal with this.
4528 }
4529 }
4530
TEST_F(ResolverTest,ConnectTlsServerTimeout)4531 TEST_F(ResolverTest, ConnectTlsServerTimeout) {
4532 constexpr char hostname1[] = "query1.example.com.";
4533 constexpr char hostname2[] = "query2.example.com.";
4534 const std::vector<DnsRecord> records = {
4535 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
4536 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
4537 };
4538
4539 static const struct TestConfig {
4540 bool asyncHandshake;
4541 int maxRetries;
4542
4543 // if asyncHandshake:
4544 // expectedTimeout = Min(DotQueryTimeoutMs, dotConnectTimeoutMs * maxRetries)
4545 // otherwise:
4546 // expectedTimeout = dotConnectTimeoutMs
4547 int expectedTimeout;
4548 } testConfigs[] = {
4549 // Test mis-configured dot_maxtries flag.
4550 {false, 0, 1000}, {true, 0, 1000},
4551
4552 {false, 1, 1000}, {false, 3, 1000}, {true, 1, 1000}, {true, 3, 3000},
4553 };
4554
4555 for (const auto& config : testConfigs) {
4556 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", config.asyncHandshake, config.maxRetries));
4557
4558 // Because a DnsTlsTransport lasts at least 5 minutes in spite of network
4559 // destroyed, let the resolver creates an unique DnsTlsTransport every time
4560 // so that the DnsTlsTransport won't interfere the other tests.
4561 const std::string addr = getUniqueIPv4Address();
4562 test::DNSResponder dns(addr);
4563 StartDns(dns, records);
4564 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4565 ASSERT_TRUE(tls.startServer());
4566
4567 // The resolver will adjust the timeout value to 1000ms since the value is too small.
4568 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag, "100");
4569
4570 // Infinite timeout.
4571 ScopedSystemProperties sp2(kDotQueryTimeoutMsFlag, "-1");
4572
4573 ScopedSystemProperties sp3(kDotAsyncHandshakeFlag, config.asyncHandshake ? "1" : "0");
4574 ScopedSystemProperties sp4(kDotMaxretriesFlag, std::to_string(config.maxRetries));
4575 resetNetwork();
4576
4577 // Set up resolver to opportunistic mode.
4578 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4579 parcel.servers = {addr};
4580 parcel.tlsServers = {addr};
4581 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4582 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4583 EXPECT_TRUE(tls.waitForQueries(1));
4584 tls.clearQueries();
4585 dns.clearQueries();
4586
4587 // The server becomes unresponsive to the handshake request.
4588 tls.setHangOnHandshakeForTesting(true);
4589
4590 // Expect the things happening in getaddrinfo():
4591 // 1. Connect to the private DNS server.
4592 // 2. SSL handshake times out.
4593 // 3. Fallback to UDP transport, and then get the answer.
4594 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
4595 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(hostname1, nullptr, hints);
4596
4597 EXPECT_NE(nullptr, result);
4598 EXPECT_EQ(0, tls.queries());
4599 EXPECT_EQ(1U, GetNumQueries(dns, hostname1));
4600 EXPECT_EQ(records.at(0).addr, ToString(result));
4601
4602 // A loose upper bound is set by adding 1000ms buffer time. Theoretically, getaddrinfo()
4603 // should just take a bit more than expetTimeout milliseconds.
4604 EXPECT_GE(timeTakenMs, config.expectedTimeout);
4605 EXPECT_LE(timeTakenMs, config.expectedTimeout + 1000);
4606
4607 // Set the server to be responsive. Verify that the resolver will attempt to reconnect
4608 // to the server and then get the result within the timeout.
4609 tls.setHangOnHandshakeForTesting(false);
4610 std::tie(result, timeTakenMs) = safe_getaddrinfo_time_taken(hostname2, nullptr, hints);
4611
4612 EXPECT_NE(nullptr, result);
4613 EXPECT_TRUE(tls.waitForQueries(1));
4614 EXPECT_EQ(1U, GetNumQueries(dns, hostname2));
4615 EXPECT_EQ(records.at(1).addr, ToString(result));
4616
4617 EXPECT_LE(timeTakenMs, 200);
4618 }
4619 }
4620
TEST_F(ResolverTest,ConnectTlsServerTimeout_ConcurrentQueries)4621 TEST_F(ResolverTest, ConnectTlsServerTimeout_ConcurrentQueries) {
4622 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4623 constexpr char hostname[] = "hello.example.com.";
4624 const std::vector<DnsRecord> records = {
4625 {hostname, ns_type::ns_t_a, "1.2.3.4"},
4626 };
4627 int testConfigCount = 0;
4628
4629 static const struct TestConfig {
4630 bool asyncHandshake;
4631 int dotConnectTimeoutMs;
4632 int dotQueryTimeoutMs;
4633 int maxRetries;
4634 int concurrency;
4635
4636 // if asyncHandshake:
4637 // expectedTimeout = Min(DotQueryTimeoutMs, dotConnectTimeoutMs * maxRetries)
4638 // otherwise:
4639 // expectedTimeout = dotConnectTimeoutMs * concurrency
4640 int expectedTimeout;
4641 } testConfigs[] = {
4642 // clang-format off
4643 {false, 1000, 3000, 1, 5, 5000},
4644 {false, 1000, 3000, 3, 5, 5000},
4645 {false, 2000, 1500, 3, 2, 4000},
4646 {true, 1000, 3000, 1, 5, 1000},
4647 {true, 2500, 1500, 1, 10, 1500},
4648 {true, 1000, 5000, 3, 5, 3000},
4649 // clang-format on
4650 };
4651
4652 // Launch query threads. Expected behaviors are:
4653 // - when dot_async_handshake is disabled, one of the query threads triggers a
4654 // handshake and then times out. Then same as another query thread, and so forth.
4655 // - when dot_async_handshake is enabled, only one handshake is triggered, and then
4656 // all of the query threads time out at the same time.
4657 for (const auto& config : testConfigs) {
4658 testConfigCount++;
4659 ScopedSystemProperties sp1(kDotQueryTimeoutMsFlag,
4660 std::to_string(config.dotQueryTimeoutMs));
4661 ScopedSystemProperties sp2(kDotConnectTimeoutMsFlag,
4662 std::to_string(config.dotConnectTimeoutMs));
4663 ScopedSystemProperties sp3(kDotAsyncHandshakeFlag, config.asyncHandshake ? "1" : "0");
4664 ScopedSystemProperties sp4(kDotMaxretriesFlag, std::to_string(config.maxRetries));
4665 resetNetwork();
4666
4667 for (const auto& dnsMode : {"OPPORTUNISTIC", "STRICT"}) {
4668 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", testConfigCount, dnsMode));
4669
4670 // Because a DnsTlsTransport lasts at least 5 minutes in spite of network
4671 // destroyed, let the resolver creates an unique DnsTlsTransport every time
4672 // so that the DnsTlsTransport won't interfere the other tests.
4673 const std::string addr = getUniqueIPv4Address();
4674 test::DNSResponder dns(addr);
4675 StartDns(dns, records);
4676 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4677 ASSERT_TRUE(tls.startServer());
4678
4679 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4680 parcel.servers = {addr};
4681 parcel.tlsServers = {addr};
4682 if (dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4683 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4684 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4685 EXPECT_TRUE(tls.waitForQueries(1));
4686
4687 // The server becomes unresponsive to the handshake request.
4688 tls.setHangOnHandshakeForTesting(true);
4689
4690 Stopwatch s;
4691 std::vector<std::thread> threads(config.concurrency);
4692 for (std::thread& thread : threads) {
4693 thread = std::thread([&]() {
4694 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4695 dnsMode == "STRICT" ? expectAnswersNotValid(fd, -ETIMEDOUT)
4696 : expectAnswersValid(fd, AF_INET, "1.2.3.4");
4697 });
4698 }
4699 for (std::thread& thread : threads) {
4700 thread.join();
4701 }
4702
4703 const int timeTakenMs = s.timeTakenUs() / 1000;
4704 // A loose upper bound is set by adding 1000ms buffer time. Theoretically, it should
4705 // just take a bit more than expetTimeout milliseconds for the result.
4706 EXPECT_GE(timeTakenMs, config.expectedTimeout);
4707 EXPECT_LE(timeTakenMs, config.expectedTimeout + 1000);
4708
4709 // Recover the server from being unresponsive and try again.
4710 tls.setHangOnHandshakeForTesting(false);
4711 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4712 if (dnsMode == "STRICT" && config.asyncHandshake &&
4713 config.dotQueryTimeoutMs < (config.dotConnectTimeoutMs * config.maxRetries)) {
4714 // In this case, the connection handshake is supposed to be in progress. Queries
4715 // sent before the handshake finishes will time out (either due to connect timeout
4716 // or query timeout).
4717 expectAnswersNotValid(fd, -ETIMEDOUT);
4718 } else {
4719 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4720 }
4721 }
4722 }
4723 }
4724
TEST_F(ResolverTest,QueryTlsServerTimeout)4725 TEST_F(ResolverTest, QueryTlsServerTimeout) {
4726 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4727 constexpr int INFINITE_QUERY_TIMEOUT = -1;
4728 constexpr int DOT_SERVER_UNRESPONSIVE_TIME_MS = 5000;
4729 constexpr char hostname1[] = "query1.example.com.";
4730 constexpr char hostname2[] = "query2.example.com.";
4731 const std::vector<DnsRecord> records = {
4732 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
4733 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
4734 };
4735
4736 for (const int queryTimeoutMs : {INFINITE_QUERY_TIMEOUT, 1000}) {
4737 for (const auto& dnsMode : {"OPPORTUNISTIC", "STRICT"}) {
4738 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", dnsMode, queryTimeoutMs));
4739
4740 const std::string addr = getUniqueIPv4Address();
4741 test::DNSResponder dns(addr);
4742 StartDns(dns, records);
4743 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4744 ASSERT_TRUE(tls.startServer());
4745
4746 ScopedSystemProperties sp(kDotQueryTimeoutMsFlag, std::to_string(queryTimeoutMs));
4747 resetNetwork();
4748
4749 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4750 parcel.servers = {addr};
4751 parcel.tlsServers = {addr};
4752 if (dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4753
4754 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4755 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4756 EXPECT_TRUE(tls.waitForQueries(1));
4757 tls.clearQueries();
4758
4759 // Set the DoT server to be unresponsive to DNS queries until either it receives
4760 // 2 queries or 5s later.
4761 tls.setDelayQueries(2);
4762 tls.setDelayQueriesTimeout(DOT_SERVER_UNRESPONSIVE_TIME_MS);
4763
4764 // First query.
4765 Stopwatch s;
4766 int fd = resNetworkQuery(TEST_NETID, hostname1, ns_c_in, ns_t_a, cacheFlag);
4767 if (dnsMode == "STRICT" && queryTimeoutMs != INFINITE_QUERY_TIMEOUT) {
4768 expectAnswersNotValid(fd, -ETIMEDOUT);
4769 } else {
4770 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4771 }
4772
4773 // Besides checking the result of the query, check how much time the
4774 // resolver processed the query.
4775 int timeTakenMs = s.getTimeAndResetUs() / 1000;
4776 const int expectedTimeTakenMs = (queryTimeoutMs == INFINITE_QUERY_TIMEOUT)
4777 ? DOT_SERVER_UNRESPONSIVE_TIME_MS
4778 : queryTimeoutMs;
4779 EXPECT_GE(timeTakenMs, expectedTimeTakenMs);
4780 EXPECT_LE(timeTakenMs, expectedTimeTakenMs + 1000);
4781
4782 // Second query.
4783 tls.setDelayQueries(1);
4784 fd = resNetworkQuery(TEST_NETID, hostname2, ns_c_in, ns_t_a, cacheFlag);
4785 expectAnswersValid(fd, AF_INET, "1.2.3.5");
4786
4787 // Also check how much time the resolver processed the query.
4788 timeTakenMs = s.timeTakenUs() / 1000;
4789 EXPECT_LE(timeTakenMs, 500);
4790 EXPECT_EQ(2, tls.queries());
4791 }
4792 }
4793 }
4794
4795 // Verifies that the DnsResolver re-validates the DoT server when several DNS queries to
4796 // the server fails in a row.
TEST_F(ResolverTest,TlsServerRevalidation)4797 TEST_F(ResolverTest, TlsServerRevalidation) {
4798 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4799 constexpr int dotXportUnusableThreshold = 10;
4800 constexpr int dotQueryTimeoutMs = 1000;
4801 constexpr char hostname[] = "hello.example.com.";
4802 const std::vector<DnsRecord> records = {
4803 {hostname, ns_type::ns_t_a, "1.2.3.4"},
4804 };
4805
4806 static const struct TestConfig {
4807 std::string dnsMode;
4808 int validationThreshold;
4809 int queries;
4810
4811 // Expected behavior in the DnsResolver.
4812 bool expectRevalidationHappen;
4813 bool expectDotUnusable;
4814 } testConfigs[] = {
4815 // clang-format off
4816 {"OPPORTUNISTIC", -1, 5, false, false},
4817 {"OPPORTUNISTIC", -1, 10, false, false},
4818 {"OPPORTUNISTIC", 5, 5, true, false},
4819 {"OPPORTUNISTIC", 5, 10, true, true},
4820 {"STRICT", -1, 5, false, false},
4821 {"STRICT", -1, 10, false, false},
4822 {"STRICT", 5, 5, false, false},
4823 {"STRICT", 5, 10, false, false},
4824 // clang-format on
4825 };
4826
4827 for (const auto& config : testConfigs) {
4828 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}]", config.dnsMode,
4829 config.validationThreshold, config.queries));
4830 const int queries = config.queries;
4831 const int delayQueriesTimeout = dotQueryTimeoutMs + 1000;
4832
4833 ScopedSystemProperties sp1(kDotRevalidationThresholdFlag,
4834 std::to_string(config.validationThreshold));
4835 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag,
4836 std::to_string(dotXportUnusableThreshold));
4837 ScopedSystemProperties sp3(kDotQueryTimeoutMsFlag, std::to_string(dotQueryTimeoutMs));
4838 resetNetwork();
4839
4840 // This test is sensitive to the number of queries sent in DoT validation.
4841 int latencyFactor;
4842 int latencyOffsetMs;
4843 if (isAtLeastR) {
4844 // The feature is enabled by default in R.
4845 latencyFactor = std::stoi(GetProperty(kDotValidationLatencyFactorFlag, "3"));
4846 latencyOffsetMs = std::stoi(GetProperty(kDotValidationLatencyOffsetMsFlag, "100"));
4847 } else {
4848 // The feature is disabled by default in Q.
4849 latencyFactor = std::stoi(GetProperty(kDotValidationLatencyFactorFlag, "-1"));
4850 latencyOffsetMs = std::stoi(GetProperty(kDotValidationLatencyOffsetMsFlag, "-1"));
4851 }
4852 const bool dotValidationExtraProbes = (config.dnsMode == "OPPORTUNISTIC") &&
4853 (latencyFactor >= 0 && latencyOffsetMs >= 0 &&
4854 latencyFactor + latencyOffsetMs != 0);
4855
4856 const std::string addr = getUniqueIPv4Address();
4857 test::DNSResponder dns(addr);
4858 StartDns(dns, records);
4859 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4860 ASSERT_TRUE(tls.startServer());
4861
4862 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4863 parcel.servers = {addr};
4864 parcel.tlsServers = {addr};
4865 if (config.dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4866 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4867 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4868 if (dotValidationExtraProbes) {
4869 EXPECT_TRUE(tls.waitForQueries(2));
4870 } else {
4871 EXPECT_TRUE(tls.waitForQueries(1));
4872 }
4873 tls.clearQueries();
4874 dns.clearQueries();
4875
4876 // Expect the things happening in order:
4877 // 1. Configure the DoT server to postpone |queries + 1| DNS queries.
4878 // 2. Send |queries| DNS queries, they will time out in 1 second.
4879 // 3. 1 second later, the DoT server still waits for one more DNS query until
4880 // |delayQueriesTimeout| times out.
4881 // 4. (opportunistic mode only) Meanwhile, DoT revalidation happens. The DnsResolver
4882 // creates a new connection and sends a query to the DoT server.
4883 // 5. 1 second later, |delayQueriesTimeout| times out. The DoT server flushes all of the
4884 // postponed DNS queries, and handles the query which comes from the revalidation.
4885 // 6. (opportunistic mode only) The revalidation succeeds.
4886 // 7. Send another DNS query, and expect it will succeed.
4887 // 8. (opportunistic mode only) If the DoT server has been deemed as unusable, the
4888 // DnsResolver skips trying the DoT server.
4889
4890 // Step 1.
4891 tls.setDelayQueries(queries + 1);
4892 tls.setDelayQueriesTimeout(delayQueriesTimeout);
4893
4894 // Step 2.
4895 std::vector<std::thread> threads1(queries);
4896 for (std::thread& thread : threads1) {
4897 thread = std::thread([&]() {
4898 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4899 config.dnsMode == "STRICT" ? expectAnswersNotValid(fd, -ETIMEDOUT)
4900 : expectAnswersValid(fd, AF_INET, "1.2.3.4");
4901 });
4902 }
4903
4904 // Step 3 and 4.
4905 for (std::thread& thread : threads1) {
4906 thread.join();
4907 }
4908
4909 // Recover the config to make the revalidation can succeed.
4910 tls.setDelayQueries(1);
4911
4912 // Step 5 and 6.
4913 int expectedDotQueries = queries;
4914 int extraDnsProbe = 0;
4915 if (config.expectRevalidationHappen) {
4916 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4917 expectedDotQueries++;
4918
4919 if (dotValidationExtraProbes) {
4920 expectedDotQueries++;
4921 extraDnsProbe = 1;
4922 }
4923 }
4924
4925 // Step 7 and 8.
4926 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4927 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4928 expectedDotQueries++;
4929
4930 const int expectedDo53Queries =
4931 expectedDotQueries +
4932 (config.dnsMode == "OPPORTUNISTIC" ? (queries + extraDnsProbe) : 0);
4933
4934 if (config.expectDotUnusable) {
4935 // A DoT server can be deemed as unusable only in opportunistic mode. When it happens,
4936 // the DnsResolver doesn't use the DoT server for a certain period of time.
4937 expectedDotQueries--;
4938 }
4939
4940 // This code makes the test more robust to race condition.
4941 EXPECT_TRUE(tls.waitForQueries(expectedDotQueries));
4942
4943 EXPECT_EQ(dns.queries().size(), static_cast<unsigned>(expectedDo53Queries));
4944 EXPECT_EQ(tls.queries(), expectedDotQueries);
4945 }
4946 }
4947
4948 // Verifies that private DNS validation fails if DoT server is much slower than cleartext server.
TEST_F(ResolverTest,TlsServerValidation_UdpProbe)4949 TEST_F(ResolverTest, TlsServerValidation_UdpProbe) {
4950 constexpr char backend_addr[] = "127.0.0.3";
4951 test::DNSResponder backend(backend_addr);
4952 backend.setResponseDelayMs(200);
4953 ASSERT_TRUE(backend.startServer());
4954
4955 static const struct TestConfig {
4956 int latencyFactor;
4957 int latencyOffsetMs;
4958 bool udpProbeLost;
4959 size_t expectedUdpProbes;
4960 bool expectedValidationPass;
4961 } testConfigs[] = {
4962 // clang-format off
4963 {-1, -1, false, 0, true},
4964 {0, 0, false, 0, true},
4965 {1, 10, false, 1, false},
4966 {1, 10, true, 2, false},
4967 {5, 300, false, 1, true},
4968 {5, 300, true, 2, true},
4969 // clang-format on
4970 };
4971
4972 for (const auto& config : testConfigs) {
4973 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}]", config.latencyFactor,
4974 config.latencyOffsetMs, config.udpProbeLost));
4975
4976 const std::string addr = getUniqueIPv4Address();
4977 test::DNSResponder dns(addr, "53", static_cast<ns_rcode>(-1));
4978 test::DnsTlsFrontend tls(addr, "853", backend_addr, "53");
4979 dns.setResponseDelayMs(10);
4980 ASSERT_TRUE(dns.startServer());
4981 ASSERT_TRUE(tls.startServer());
4982
4983 ScopedSystemProperties sp1(kDotValidationLatencyFactorFlag,
4984 std::to_string(config.latencyFactor));
4985 ScopedSystemProperties sp2(kDotValidationLatencyOffsetMsFlag,
4986 std::to_string(config.latencyOffsetMs));
4987 resetNetwork();
4988
4989 std::unique_ptr<std::thread> thread;
4990 if (config.udpProbeLost) {
4991 thread.reset(new std::thread([&dns]() {
4992 // Simulate that the first UDP probe is lost and the second UDP probe succeeds.
4993 dns.setResponseProbability(0.0);
4994 std::this_thread::sleep_for(std::chrono::seconds(2));
4995 dns.setResponseProbability(1.0);
4996 }));
4997 }
4998
4999 // Set up opportunistic mode, and wait for the validation complete.
5000 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5001 parcel.servers = {addr};
5002 parcel.tlsServers = {addr};
5003 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5004
5005 // The timeout of WaitForPrivateDnsValidation is 5 seconds which is still enough for
5006 // the testcase of UDP probe lost because the retry of UDP probe happens after 3 seconds.
5007 EXPECT_TRUE(
5008 WaitForPrivateDnsValidation(tls.listen_address(), config.expectedValidationPass));
5009 EXPECT_EQ(dns.queries().size(), config.expectedUdpProbes);
5010 dns.clearQueries();
5011
5012 // Test that Private DNS validation always pass in strict mode.
5013 parcel.tlsName = kDefaultPrivateDnsHostName;
5014 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5015 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5016 EXPECT_EQ(dns.queries().size(), 0U);
5017
5018 if (thread) {
5019 thread->join();
5020 thread.reset();
5021 }
5022 }
5023 }
5024
5025 // Verifies that DNS queries can quick fall back to UDP if the first DoT server is unresponsive.
TEST_F(ResolverTest,DotQuickFallback)5026 TEST_F(ResolverTest, DotQuickFallback) {
5027 constexpr int DOT_CONNECT_TIMEOUT_MS = 1000;
5028 const std::string addr1 = getUniqueIPv4Address();
5029 const std::string addr2 = getUniqueIPv4Address();
5030 test::DNSResponder dns1(addr1);
5031 test::DNSResponder dns2(addr2);
5032 test::DnsTlsFrontend dot1(addr1, "853", addr1, "53");
5033 test::DnsTlsFrontend dot2(addr2, "853", addr2, "53");
5034
5035 dns1.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
5036 dns2.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
5037 ASSERT_TRUE(dns1.startServer());
5038 ASSERT_TRUE(dns2.startServer());
5039 ASSERT_TRUE(dot1.startServer());
5040 ASSERT_TRUE(dot2.startServer());
5041
5042 static const struct TestConfig {
5043 std::string privateDnsMode;
5044 int dotQuickFallbackFlag;
5045 } testConfigs[] = {
5046 // clang-format off
5047 {"OPPORTUNISTIC", 0},
5048 {"OPPORTUNISTIC", 1},
5049 {"STRICT", 0},
5050 {"STRICT", 1},
5051 // clang-format on
5052 };
5053
5054 for (const auto& config : testConfigs) {
5055 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", config.privateDnsMode,
5056 config.dotQuickFallbackFlag));
5057
5058 const bool canQuickFallback =
5059 (config.dotQuickFallbackFlag == 1) && (config.privateDnsMode == "OPPORTUNISTIC");
5060 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag,
5061 std::to_string(DOT_CONNECT_TIMEOUT_MS));
5062 ScopedSystemProperties sp2(kDotQuickFallbackFlag,
5063 std::to_string(config.dotQuickFallbackFlag));
5064 resetNetwork();
5065
5066 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5067 parcel.servers = {addr1, addr2};
5068 parcel.tlsServers = {addr1, addr2};
5069 parcel.tlsName = (config.privateDnsMode == "STRICT") ? kDefaultPrivateDnsHostName : "";
5070 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5071
5072 EXPECT_TRUE(WaitForPrivateDnsValidation(dot1.listen_address(), true));
5073 EXPECT_TRUE(WaitForPrivateDnsValidation(dot2.listen_address(), true));
5074 EXPECT_TRUE(dot1.waitForQueries(1));
5075 EXPECT_TRUE(dot2.waitForQueries(1));
5076 dot1.clearQueries();
5077 dot2.clearQueries();
5078 dot1.clearConnectionsCount();
5079 dot2.clearConnectionsCount();
5080
5081 // Set the DoT server unresponsive to connection handshake.
5082 dot1.setHangOnHandshakeForTesting(true);
5083
5084 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_aaaa,
5085 ANDROID_RESOLV_NO_CACHE_LOOKUP);
5086 expectAnswersValid(fd, AF_INET6, kHelloExampleComAddrV6);
5087
5088 EXPECT_EQ(dot1.acceptConnectionsCount(), 1);
5089 EXPECT_EQ(dot2.acceptConnectionsCount(), canQuickFallback ? 0 : 1);
5090 EXPECT_EQ(dot2.queries(), canQuickFallback ? 0 : 1);
5091
5092 dot1.setHangOnHandshakeForTesting(false);
5093 }
5094 }
5095
TEST_F(ResolverTest,FlushNetworkCache)5096 TEST_F(ResolverTest, FlushNetworkCache) {
5097 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5098 test::DNSResponder dns;
5099 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5100 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5101
5102 const hostent* result = gethostbyname("hello");
5103 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5104 std::function<bool()> HasTheExpectedResult = [result]() -> bool {
5105 if (result == nullptr) return false;
5106 EXPECT_EQ(4, result->h_length);
5107 if (result->h_addr_list[0] == nullptr) return false;
5108 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5109 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
5110 return true;
5111 };
5112 ASSERT_TRUE(HasTheExpectedResult());
5113
5114 // get result from cache
5115 result = gethostbyname("hello");
5116 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5117 ASSERT_TRUE(HasTheExpectedResult());
5118
5119 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5120
5121 result = gethostbyname("hello");
5122 EXPECT_EQ(2U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5123 ASSERT_TRUE(HasTheExpectedResult());
5124 }
5125
TEST_F(ResolverTest,FlushNetworkCache_random)5126 TEST_F(ResolverTest, FlushNetworkCache_random) {
5127 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5128 constexpr int num_flush = 10;
5129 constexpr int num_queries = 20;
5130 test::DNSResponder dns;
5131 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5132 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5133 const addrinfo hints = {.ai_family = AF_INET};
5134
5135 std::thread t([this]() {
5136 for (int i = 0; i < num_flush; ++i) {
5137 unsigned delay = arc4random_uniform(10 * 1000); // 10ms
5138 usleep(delay);
5139 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5140 }
5141 });
5142
5143 for (int i = 0; i < num_queries; ++i) {
5144 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5145 EXPECT_TRUE(result != nullptr);
5146 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5147 }
5148 t.join();
5149 }
5150
5151 // flush cache while one query is wait-for-response, another is pending.
TEST_F(ResolverTest,FlushNetworkCache_concurrent)5152 TEST_F(ResolverTest, FlushNetworkCache_concurrent) {
5153 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5154 const char* listen_addr1 = "127.0.0.9";
5155 const char* listen_addr2 = "127.0.0.10";
5156 test::DNSResponder dns1(listen_addr1);
5157 test::DNSResponder dns2(listen_addr2);
5158 StartDns(dns1, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5159 StartDns(dns2, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5160 addrinfo hints = {.ai_family = AF_INET};
5161
5162 // step 1: set server#1 into deferred responding mode
5163 dns1.setDeferredResp(true);
5164 std::thread t1([&listen_addr1, &hints, this]() {
5165 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr1}));
5166 // step 3: query
5167 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5168 // step 9: check result
5169 EXPECT_TRUE(result != nullptr);
5170 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5171 });
5172
5173 // step 2: wait for the query to reach the server
5174 while (GetNumQueries(dns1, kHelloExampleCom) == 0) {
5175 usleep(1000); // 1ms
5176 }
5177
5178 std::thread t2([&listen_addr2, &hints, &dns2, this]() {
5179 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr2}));
5180 // step 5: query (should be blocked in resolver)
5181 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5182 // step 7: check result
5183 EXPECT_TRUE(result != nullptr);
5184 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5185 EXPECT_EQ(1U, GetNumQueriesForType(dns2, ns_type::ns_t_a, kHelloExampleCom));
5186 });
5187
5188 // step 4: wait a bit for the 2nd query to enter pending state
5189 usleep(100 * 1000); // 100ms
5190 // step 6: flush cache (will unblock pending queries)
5191 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5192 t2.join();
5193
5194 // step 8: resume server#1
5195 dns1.setDeferredResp(false);
5196 t1.join();
5197
5198 // step 10: verify if result is correctly cached
5199 dns2.clearQueries();
5200 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5201 EXPECT_EQ(0U, GetNumQueries(dns2, kHelloExampleCom));
5202 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5203 }
5204
5205 // TODO: Perhaps to have a boundary conditions test for TCP and UDP.
TEST_F(ResolverTest,TcpQueryWithOversizePayload)5206 TEST_F(ResolverTest, TcpQueryWithOversizePayload) {
5207 test::DNSResponder dns;
5208 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5209 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5210
5211 int fd = dns_open_proxy();
5212 ASSERT_TRUE(fd > 0);
5213
5214 // Sending DNS query over TCP once the packet sizes exceed 512 bytes.
5215 // The raw data is combined with Question section and Additional section
5216 // Question section : query "hello.example.com", type A, class IN
5217 // Additional section : type OPT (41), Option PADDING, Option Length 546
5218 // Padding option which allows DNS clients and servers to artificially
5219 // increase the size of a DNS message by a variable number of bytes.
5220 // See also RFC7830, section 3
5221 const std::string query =
5222 "+c0BAAABAAAAAAABBWhlbGxvB2V4YW1wbGUDY29tAAABAAEAACkgAAAAgAACJgAMAiIAAAAAAAAAAAAAAAAAA"
5223 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5224 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5225 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5226 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5227 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5228 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5229 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5230 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5231 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
5232 const std::string cmd =
5233 "resnsend " + std::to_string(TEST_NETID) + " 0 " /* ResNsendFlags */ + query + '\0';
5234 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
5235 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
5236 expectAnswersValid(fd, AF_INET, kHelloExampleComAddrV4);
5237 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom));
5238 EXPECT_EQ(0U, GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom));
5239 }
5240
TEST_F(ResolverTest,TruncatedRspMode)5241 TEST_F(ResolverTest, TruncatedRspMode) {
5242 constexpr char listen_addr[] = "127.0.0.4";
5243 constexpr char listen_addr2[] = "127.0.0.5";
5244 constexpr char listen_srv[] = "53";
5245
5246 test::DNSResponder dns(listen_addr, listen_srv, static_cast<ns_rcode>(-1));
5247 test::DNSResponder dns2(listen_addr2, listen_srv, static_cast<ns_rcode>(-1));
5248 // dns supports UDP only, dns2 support UDP and TCP
5249 dns.setResponseProbability(0.0, IPPROTO_TCP);
5250 StartDns(dns, kLargeCnameChainRecords);
5251 StartDns(dns2, kLargeCnameChainRecords);
5252
5253 const struct TestConfig {
5254 const std::optional<int32_t> tcMode;
5255 const bool ret;
5256 const unsigned numQueries;
5257 std::string asParameters() const {
5258 return fmt::format("tcMode: {}, ret: {}, numQueries: {}", tcMode.value_or(-1),
5259 ret ? "true" : "false", numQueries);
5260 }
5261 } testConfigs[]{
5262 // clang-format off
5263 {std::nullopt, true, 0}, /* mode unset */
5264 {aidl::android::net::IDnsResolver::TC_MODE_DEFAULT, true, 0}, /* default mode */
5265 {-666, false, 0}, /* invalid input */
5266 {aidl::android::net::IDnsResolver::TC_MODE_UDP_TCP, true, 1}, /* alternative mode */
5267 // clang-format on
5268 };
5269
5270 for (const auto& config : testConfigs) {
5271 SCOPED_TRACE(config.asParameters());
5272
5273 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5274 parcel.servers = {listen_addr, listen_addr2};
5275 ResolverOptionsParcel resolverOptions;
5276 if (config.tcMode.has_value()) resolverOptions.tcMode = config.tcMode.value();
5277 if (!mIsResolverOptionIPCSupported) {
5278 parcel.resolverOptions = resolverOptions;
5279 ASSERT_EQ(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk(),
5280 config.ret);
5281 } else {
5282 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5283 }
5284 if (mIsResolverOptionIPCSupported) {
5285 ASSERT_EQ(mDnsClient.resolvService()
5286 ->setResolverOptions(parcel.netId, resolverOptions)
5287 .isOk(),
5288 config.ret);
5289 }
5290
5291 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5292 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5293 ASSERT_TRUE(result != nullptr);
5294 EXPECT_EQ(ToString(result), kHelloExampleComAddrV4);
5295 // TC_MODE_DEFAULT: resolver retries on TCP-only on each name server.
5296 // TC_MODE_UDP_TCP: resolver retries on TCP on the same server, falls back to UDP from next.
5297 ASSERT_EQ(GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom), 1U);
5298 ASSERT_EQ(GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom), 1U);
5299 ASSERT_EQ(GetNumQueriesForProtocol(dns2, IPPROTO_UDP, kHelloExampleCom), config.numQueries);
5300 ASSERT_EQ(GetNumQueriesForProtocol(dns2, IPPROTO_TCP, kHelloExampleCom), 1U);
5301
5302 dns.clearQueries();
5303 dns2.clearQueries();
5304 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5305
5306 // Clear the stats to make the resolver always choose the same server for the first query.
5307 parcel.servers.clear();
5308 parcel.tlsServers.clear();
5309 if (!mIsResolverOptionIPCSupported) {
5310 ASSERT_EQ(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk(),
5311 config.ret);
5312 } else {
5313 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5314 }
5315 }
5316 }
5317
TEST_F(ResolverTest,RepeatedSetup_ResolverStatusRemains)5318 TEST_F(ResolverTest, RepeatedSetup_ResolverStatusRemains) {
5319 constexpr char unusable_listen_addr[] = "127.0.0.3";
5320 constexpr char listen_addr[] = "127.0.0.4";
5321 constexpr char hostname[] = "a.hello.query.";
5322 const auto repeatedSetResolversFromParcel = [&](const ResolverParamsParcel& parcel) {
5323 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5324 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5325 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5326 };
5327
5328 test::DNSResponder dns(listen_addr);
5329 StartDns(dns, {{hostname, ns_type::ns_t_a, "1.2.3.3"}});
5330 test::DnsTlsFrontend tls1(listen_addr, "853", listen_addr, "53");
5331 ASSERT_TRUE(tls1.startServer());
5332
5333 // Private DNS off mode.
5334 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5335 parcel.servers = {unusable_listen_addr, listen_addr};
5336 parcel.tlsServers.clear();
5337 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5338
5339 // Send a query.
5340 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5341 EXPECT_NE(safe_getaddrinfo(hostname, nullptr, &hints), nullptr);
5342
5343 // Check the stats as expected.
5344 const std::vector<NameserverStats> expectedCleartextDnsStats = {
5345 NameserverStats(unusable_listen_addr).setInternalErrors(1),
5346 NameserverStats(listen_addr).setSuccesses(1),
5347 };
5348 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5349 EXPECT_EQ(GetNumQueries(dns, hostname), 1U);
5350
5351 // The stats is supposed to remain as long as the list of cleartext DNS servers is unchanged.
5352 static const struct TestConfig {
5353 std::vector<std::string> servers;
5354 std::vector<std::string> tlsServers;
5355 std::string tlsName;
5356 } testConfigs[] = {
5357 // Private DNS opportunistic mode.
5358 {{listen_addr, unusable_listen_addr}, {listen_addr, unusable_listen_addr}, ""},
5359 {{unusable_listen_addr, listen_addr}, {unusable_listen_addr, listen_addr}, ""},
5360
5361 // Private DNS strict mode.
5362 {{listen_addr, unusable_listen_addr}, {"127.0.0.100"}, kDefaultPrivateDnsHostName},
5363 {{unusable_listen_addr, listen_addr}, {"127.0.0.100"}, kDefaultPrivateDnsHostName},
5364
5365 // Private DNS off mode.
5366 {{unusable_listen_addr, listen_addr}, {}, ""},
5367 {{listen_addr, unusable_listen_addr}, {}, ""},
5368 };
5369
5370 for (const auto& config : testConfigs) {
5371 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}] [{}]", fmt::join(config.servers, ","),
5372 fmt::join(config.tlsServers, ","), config.tlsName));
5373 parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5374 parcel.servers = config.servers;
5375 parcel.tlsServers = config.tlsServers;
5376 parcel.tlsName = config.tlsName;
5377 repeatedSetResolversFromParcel(parcel);
5378 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5379
5380 // The stats remains when the list of search domains changes.
5381 parcel.domains.push_back("tmp.domains");
5382 repeatedSetResolversFromParcel(parcel);
5383 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5384
5385 // The stats remains when the parameters change (except maxSamples).
5386 parcel.sampleValiditySeconds++;
5387 parcel.successThreshold++;
5388 parcel.minSamples++;
5389 parcel.baseTimeoutMsec++;
5390 parcel.retryCount++;
5391 repeatedSetResolversFromParcel(parcel);
5392 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5393 }
5394
5395 // The cache remains.
5396 EXPECT_NE(safe_getaddrinfo(hostname, nullptr, &hints), nullptr);
5397 EXPECT_EQ(GetNumQueries(dns, hostname), 1U);
5398 }
5399
TEST_F(ResolverTest,RepeatedSetup_NoRedundantPrivateDnsValidation)5400 TEST_F(ResolverTest, RepeatedSetup_NoRedundantPrivateDnsValidation) {
5401 const std::string addr1 = getUniqueIPv4Address(); // For a workable DNS server.
5402 const std::string addr2 = getUniqueIPv4Address(); // For an unresponsive DNS server.
5403 const std::string unusable_addr = getUniqueIPv4Address();
5404 const auto waitForPrivateDnsStateUpdated = []() {
5405 // A buffer time for the PrivateDnsConfiguration instance to update its map,
5406 // mPrivateDnsValidateThreads, which is used for tracking validation threads.
5407 // Since there is a time gap between when PrivateDnsConfiguration reports
5408 // onPrivateDnsValidationEvent and when PrivateDnsConfiguration updates the map, this is a
5409 // workaround to avoid the test starts a subsequent resolver setup during the time gap.
5410 // TODO: Report onPrivateDnsValidationEvent after all the relevant updates are complete.
5411 // Reference to b/152009023.
5412 std::this_thread::sleep_for(20ms);
5413 };
5414
5415 test::DNSResponder dns1(addr1);
5416 test::DNSResponder dns2(addr2);
5417 StartDns(dns1, {});
5418 StartDns(dns2, {});
5419 test::DnsTlsFrontend workableTls(addr1, "853", addr1, "53");
5420 test::DnsTlsFrontend unresponsiveTls(addr2, "853", addr2, "53");
5421 int validationAttemptsToUnresponsiveTls = 1;
5422 unresponsiveTls.setHangOnHandshakeForTesting(true);
5423 ASSERT_TRUE(workableTls.startServer());
5424 ASSERT_TRUE(unresponsiveTls.startServer());
5425
5426 // First setup.
5427 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5428 parcel.servers = {addr1, addr2, unusable_addr};
5429 parcel.tlsServers = {addr1, addr2, unusable_addr};
5430 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5431
5432 // Check the validation results.
5433 EXPECT_TRUE(WaitForPrivateDnsValidation(workableTls.listen_address(), true));
5434 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5435
5436 // The validation is still in progress.
5437 EXPECT_EQ(unresponsiveTls.acceptConnectionsCount(), validationAttemptsToUnresponsiveTls);
5438
5439 static const struct TestConfig {
5440 std::vector<std::string> tlsServers;
5441 std::string tlsName;
5442 } testConfigs[] = {
5443 {{addr1, addr2, unusable_addr}, ""},
5444 {{unusable_addr, addr1, addr2}, ""},
5445 {{unusable_addr, addr1, addr2}, kDefaultPrivateDnsHostName},
5446 {{addr1, addr2, unusable_addr}, kDefaultPrivateDnsHostName},
5447 };
5448
5449 std::string TlsNameLastTime;
5450 for (const auto& config : testConfigs) {
5451 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", fmt::join(config.tlsServers, ","),
5452 config.tlsName));
5453 parcel.servers = config.tlsServers;
5454 parcel.tlsServers = config.tlsServers;
5455 parcel.tlsName = config.tlsName;
5456 parcel.caCertificate = config.tlsName.empty() ? "" : kCaCert;
5457
5458 const bool dnsModeChanged = (TlsNameLastTime != config.tlsName);
5459
5460 waitForPrivateDnsStateUpdated();
5461 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5462
5463 for (const auto& serverAddr : parcel.tlsServers) {
5464 SCOPED_TRACE(serverAddr);
5465 if (serverAddr == workableTls.listen_address()) {
5466 if (dnsModeChanged) {
5467 // Despite the identical IP address, the server is regarded as a different
5468 // server when DnsTlsServer.name is different. The resolver treats it as a
5469 // different object and begins the validation process.
5470 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, true));
5471 }
5472 } else if (serverAddr == unresponsiveTls.listen_address()) {
5473 if (dnsModeChanged) {
5474 // Despite the identical IP address, the server is regarded as a different
5475 // server when DnsTlsServer.name is different. The resolver treats it as a
5476 // different object and begins the validation process.
5477 validationAttemptsToUnresponsiveTls++;
5478
5479 // This is the limitation from DnsTlsFrontend. DnsTlsFrontend can't operate
5480 // concurrently. As soon as there's another connection request,
5481 // DnsTlsFrontend resets the unique_fd to the new connection.
5482 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, false));
5483 }
5484 } else {
5485 // Must be unusable_addr.
5486 // In opportunistic mode, when a validation for a private DNS server fails, the
5487 // resolver just marks the server as failed and doesn't re-evaluate it, but the
5488 // server can be re-evaluated when setResolverConfiguration() is called.
5489 // However, in strict mode, the resolver automatically re-evaluates the server and
5490 // marks the server as in_progress until the validation succeeds, so repeated setup
5491 // makes no effect.
5492 if (dnsModeChanged || config.tlsName.empty() /* not in strict mode */) {
5493 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, false));
5494 }
5495 }
5496 }
5497
5498 // Repeated setups make no effect in strict mode.
5499 waitForPrivateDnsStateUpdated();
5500 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5501 if (config.tlsName.empty()) {
5502 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5503 }
5504 waitForPrivateDnsStateUpdated();
5505 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5506 if (config.tlsName.empty()) {
5507 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5508 }
5509
5510 EXPECT_EQ(unresponsiveTls.acceptConnectionsCount(), validationAttemptsToUnresponsiveTls);
5511
5512 TlsNameLastTime = config.tlsName;
5513 }
5514
5515 // Check that all the validation results are caught.
5516 // Note: it doesn't mean no validation being in progress.
5517 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr1));
5518 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr2));
5519 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(unusable_addr));
5520 }
5521
TEST_F(ResolverTest,RepeatedSetup_KeepChangingPrivateDnsServers)5522 TEST_F(ResolverTest, RepeatedSetup_KeepChangingPrivateDnsServers) {
5523 enum TlsServerState { WORKING, UNSUPPORTED, UNRESPONSIVE };
5524 const std::string addr1 = getUniqueIPv4Address();
5525 const std::string addr2 = getUniqueIPv4Address();
5526 const auto waitForPrivateDnsStateUpdated = []() {
5527 // A buffer time for PrivateDnsConfiguration to update its state. It prevents this test
5528 // being flaky. See b/152009023 for the reason.
5529 std::this_thread::sleep_for(20ms);
5530 };
5531
5532 test::DNSResponder dns1(addr1);
5533 test::DNSResponder dns2(addr2);
5534 StartDns(dns1, {});
5535 StartDns(dns2, {});
5536 test::DnsTlsFrontend tls1(addr1, "853", addr1, "53");
5537 test::DnsTlsFrontend tls2(addr2, "853", addr2, "53");
5538 ASSERT_TRUE(tls1.startServer());
5539 ASSERT_TRUE(tls2.startServer());
5540
5541 static const struct TestConfig {
5542 std::string tlsServer;
5543 std::string tlsName;
5544 bool expectNothingHappenWhenServerUnsupported;
5545 bool expectNothingHappenWhenServerUnresponsive;
5546 std::string asTestName() const {
5547 return fmt::format("{}, {}, {}, {}", tlsServer, tlsName,
5548 expectNothingHappenWhenServerUnsupported,
5549 expectNothingHappenWhenServerUnresponsive);
5550 }
5551 } testConfigs[] = {
5552 {{addr1}, "", false, false},
5553 {{addr2}, "", false, false},
5554 {{addr1}, "", false, true},
5555 {{addr2}, "", false, true},
5556
5557 // expectNothingHappenWhenServerUnresponsive is false in the two cases because of the
5558 // limitation from DnsTlsFrontend which can't operate concurrently.
5559 {{addr1}, kDefaultPrivateDnsHostName, false, false},
5560 {{addr2}, kDefaultPrivateDnsHostName, false, false},
5561 {{addr1}, kDefaultPrivateDnsHostName, true, true},
5562 {{addr2}, kDefaultPrivateDnsHostName, true, true},
5563
5564 // expectNothingHappenWhenServerUnresponsive is true in the two cases because of the
5565 // limitation from DnsTlsFrontend which can't operate concurrently.
5566 {{addr1}, "", true, false},
5567 {{addr2}, "", true, false},
5568 {{addr1}, "", true, true},
5569 {{addr2}, "", true, true},
5570 };
5571
5572 for (const auto& serverState : {WORKING, UNSUPPORTED, UNRESPONSIVE}) {
5573 int testIndex = 0;
5574 for (const auto& config : testConfigs) {
5575 SCOPED_TRACE(fmt::format("serverState:{} testIndex:{} testConfig:[{}]", serverState,
5576 testIndex++, config.asTestName()));
5577 auto& tls = (config.tlsServer == addr1) ? tls1 : tls2;
5578
5579 if (serverState == UNSUPPORTED && tls.running()) ASSERT_TRUE(tls.stopServer());
5580 if (serverState != UNSUPPORTED && !tls.running()) ASSERT_TRUE(tls.startServer());
5581
5582 tls.setHangOnHandshakeForTesting(serverState == UNRESPONSIVE);
5583 const int connectCountsBefore = tls.acceptConnectionsCount();
5584
5585 waitForPrivateDnsStateUpdated();
5586 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5587 parcel.servers = {config.tlsServer};
5588 parcel.tlsServers = {config.tlsServer};
5589 parcel.tlsName = config.tlsName;
5590 parcel.caCertificate = config.tlsName.empty() ? "" : kCaCert;
5591 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5592
5593 if (serverState == WORKING) {
5594 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, true));
5595 } else if (serverState == UNSUPPORTED) {
5596 if (config.expectNothingHappenWhenServerUnsupported) {
5597 // It's possible that the resolver hasn't yet started to
5598 // connect. Wait a while.
5599 // TODO: See if we can get rid of the hard waiting time, such as comparing
5600 // the CountDiff across two tests.
5601 std::this_thread::sleep_for(100ms);
5602 EXPECT_EQ(tls.acceptConnectionsCount(), connectCountsBefore);
5603 } else {
5604 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, false));
5605 }
5606 } else {
5607 // Must be UNRESPONSIVE.
5608 // DnsTlsFrontend is the only signal for checking whether or not the resolver starts
5609 // another validation when the server is unresponsive.
5610 const int expectCountDiff =
5611 config.expectNothingHappenWhenServerUnresponsive ? 0 : 1;
5612 if (expectCountDiff == 0) {
5613 // It's possible that the resolver hasn't yet started to
5614 // connect. Wait a while.
5615 std::this_thread::sleep_for(100ms);
5616 } else {
5617 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, false));
5618 }
5619 const auto condition = [&]() {
5620 return tls.acceptConnectionsCount() == connectCountsBefore + expectCountDiff;
5621 };
5622 EXPECT_TRUE(PollForCondition(condition));
5623 }
5624 }
5625
5626 // Set to off mode to reset the PrivateDnsConfiguration state.
5627 ResolverParamsParcel setupOffmode = DnsResponderClient::GetDefaultResolverParamsParcel();
5628 setupOffmode.tlsServers.clear();
5629 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupOffmode));
5630 }
5631
5632 // Check that all the validation results are caught.
5633 // Note: it doesn't mean no validation being in progress.
5634 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr1));
5635 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr2));
5636 }
5637
TEST_F(ResolverTest,PermissionCheckOnCertificateInjection)5638 TEST_F(ResolverTest, PermissionCheckOnCertificateInjection) {
5639 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5640 parcel.caCertificate = kCaCert;
5641 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5642
5643 for (const uid_t uid : {AID_SYSTEM, TEST_UID}) {
5644 ScopedChangeUID scopedChangeUID(uid);
5645 auto status = mDnsClient.resolvService()->setResolverConfiguration(parcel);
5646 EXPECT_EQ(status.getExceptionCode(), EX_SECURITY);
5647 }
5648 }
5649
5650 // Parameterized tests.
5651 // TODO: Merge the existing tests as parameterized test if possible.
5652 // TODO: Perhaps move parameterized tests to an independent file.
5653 enum class CallType { GETADDRINFO, GETHOSTBYNAME };
5654 class ResolverParameterizedTest : public ResolverTest,
5655 public testing::WithParamInterface<CallType> {
5656 protected:
VerifyQueryHelloExampleComV4(const test::DNSResponder & dns,const CallType calltype,const bool verifyNumQueries=true)5657 void VerifyQueryHelloExampleComV4(const test::DNSResponder& dns, const CallType calltype,
5658 const bool verifyNumQueries = true) {
5659 if (calltype == CallType::GETADDRINFO) {
5660 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5661 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5662 ASSERT_TRUE(result != nullptr);
5663 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5664 } else if (calltype == CallType::GETHOSTBYNAME) {
5665 const hostent* result = gethostbyname("hello");
5666 ASSERT_TRUE(result != nullptr);
5667 ASSERT_EQ(4, result->h_length);
5668 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
5669 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5670 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
5671 } else {
5672 FAIL() << "Unsupported call type: " << static_cast<uint32_t>(calltype);
5673 }
5674 if (verifyNumQueries) EXPECT_EQ(1U, GetNumQueries(dns, kHelloExampleCom));
5675 }
5676 };
5677
5678 INSTANTIATE_TEST_SUITE_P(QueryCallTest, ResolverParameterizedTest,
5679 testing::Values(CallType::GETADDRINFO, CallType::GETHOSTBYNAME),
__anon17aebff71a02(const testing::TestParamInfo<CallType>& info) 5680 [](const testing::TestParamInfo<CallType>& info) {
5681 switch (info.param) {
5682 case CallType::GETADDRINFO:
5683 return "GetAddrInfo";
5684 case CallType::GETHOSTBYNAME:
5685 return "GetHostByName";
5686 default:
5687 return "InvalidParameter"; // Should not happen.
5688 }
5689 });
5690
TEST_P(ResolverParameterizedTest,AuthoritySectionAndAdditionalSection)5691 TEST_P(ResolverParameterizedTest, AuthoritySectionAndAdditionalSection) {
5692 // DNS response may have more information in authority section and additional section.
5693 // Currently, getanswer() of packages/modules/DnsResolver/getaddrinfo.cpp doesn't parse the
5694 // content of authority section and additional section. Test these sections if they crash
5695 // the resolver, just in case. See also RFC 1035 section 4.1.
5696 const auto& calltype = GetParam();
5697 test::DNSHeader header(kDefaultDnsHeader);
5698
5699 // Create a DNS response which has a authoritative nameserver record in authority
5700 // section and its relevant address record in additional section.
5701 //
5702 // Question
5703 // hello.example.com. IN A
5704 // Answer
5705 // hello.example.com. IN A 1.2.3.4
5706 // Authority:
5707 // hello.example.com. IN NS ns1.example.com.
5708 // Additional:
5709 // ns1.example.com. IN A 5.6.7.8
5710 //
5711 // A response may have only question, answer, and authority section. Current testing response
5712 // should be able to cover this condition.
5713
5714 // Question section.
5715 test::DNSQuestion question{
5716 .qname = {.name = kHelloExampleCom},
5717 .qtype = ns_type::ns_t_a,
5718 .qclass = ns_c_in,
5719 };
5720 header.questions.push_back(std::move(question));
5721
5722 // Answer section.
5723 test::DNSRecord recordAnswer{
5724 .name = {.name = kHelloExampleCom},
5725 .rtype = ns_type::ns_t_a,
5726 .rclass = ns_c_in,
5727 .ttl = 0, // no cache
5728 };
5729 EXPECT_TRUE(test::DNSResponder::fillRdata(kHelloExampleComAddrV4, recordAnswer));
5730 header.answers.push_back(std::move(recordAnswer));
5731
5732 // Authority section.
5733 test::DNSRecord recordAuthority{
5734 .name = {.name = kHelloExampleCom},
5735 .rtype = ns_type::ns_t_ns,
5736 .rclass = ns_c_in,
5737 .ttl = 0, // no cache
5738 };
5739 EXPECT_TRUE(test::DNSResponder::fillRdata("ns1.example.com.", recordAuthority));
5740 header.authorities.push_back(std::move(recordAuthority));
5741
5742 // Additional section.
5743 test::DNSRecord recordAdditional{
5744 .name = {.name = "ns1.example.com."},
5745 .rtype = ns_type::ns_t_a,
5746 .rclass = ns_c_in,
5747 .ttl = 0, // no cache
5748 };
5749 EXPECT_TRUE(test::DNSResponder::fillRdata("5.6.7.8", recordAdditional));
5750 header.additionals.push_back(std::move(recordAdditional));
5751
5752 // Start DNS server.
5753 test::DNSResponder dns(test::DNSResponder::MappingType::DNS_HEADER);
5754 dns.addMappingDnsHeader(kHelloExampleCom, ns_type::ns_t_a, header);
5755 ASSERT_TRUE(dns.startServer());
5756 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5757 dns.clearQueries();
5758
5759 // Expect that get the address and the resolver doesn't crash.
5760 VerifyQueryHelloExampleComV4(dns, calltype);
5761 }
5762
TEST_P(ResolverParameterizedTest,MessageCompression)5763 TEST_P(ResolverParameterizedTest, MessageCompression) {
5764 const auto& calltype = GetParam();
5765
5766 // The response with compressed domain name by a pointer. See RFC 1035 section 4.1.4.
5767 //
5768 // Ignoring the other fields of the message, the domain name of question section and answer
5769 // section are presented as:
5770 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5771 // 12 | 5 | h |
5772 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5773 // 14 | e | l |
5774 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5775 // 16 | l | o |
5776 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5777 // 18 | 7 | e |
5778 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5779 // 20 | x | a |
5780 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5781 // 22 | m | p |
5782 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5783 // 24 | l | e |
5784 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5785 // 26 | 3 | c |
5786 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5787 // 28 | o | m |
5788 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5789 // 30 | 0 | ... |
5790 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5791 //
5792 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5793 // 35 | 1 1| 12 |
5794 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5795 const std::vector<uint8_t> kResponseAPointer = {
5796 /* Header */
5797 0x00, 0x00, /* Transaction ID: 0x0000 */
5798 0x81, 0x80, /* Flags: qr rd ra */
5799 0x00, 0x01, /* Questions: 1 */
5800 0x00, 0x01, /* Answer RRs: 1 */
5801 0x00, 0x00, /* Authority RRs: 0 */
5802 0x00, 0x00, /* Additional RRs: 0 */
5803 /* Queries */
5804 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
5805 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
5806 0x00, 0x01, /* Type: A */
5807 0x00, 0x01, /* Class: IN */
5808 /* Answers */
5809 0xc0, 0x0c, /* Name: hello.example.com (a pointer) */
5810 0x00, 0x01, /* Type: A */
5811 0x00, 0x01, /* Class: IN */
5812 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
5813 0x00, 0x04, /* Data length: 4 */
5814 0x01, 0x02, 0x03, 0x04 /* Address: 1.2.3.4 */
5815 };
5816
5817 // The response with compressed domain name by a sequence of labels ending with a pointer. See
5818 // RFC 1035 section 4.1.4.
5819 //
5820 // Ignoring the other fields of the message, the domain name of question section and answer
5821 // section are presented as:
5822 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5823 // 12 | 5 | h |
5824 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5825 // 14 | e | l |
5826 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5827 // 16 | l | o |
5828 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5829 // 18 | 7 | e |
5830 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5831 // 20 | x | a |
5832 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5833 // 22 | m | p |
5834 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5835 // 24 | l | e |
5836 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5837 // 26 | 3 | c |
5838 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5839 // 28 | o | m |
5840 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5841 // 30 | 0 | ... |
5842 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5843 //
5844 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5845 // 35 | 5 | h |
5846 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5847 // 37 | e | l |
5848 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5849 // 39 | l | o |
5850 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5851 // 41 | 1 1| 18 |
5852 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5853 const std::vector<uint8_t> kResponseLabelEndingWithAPointer = {
5854 /* Header */
5855 0x00, 0x00, /* Transaction ID: 0x0000 */
5856 0x81, 0x80, /* Flags: qr rd ra */
5857 0x00, 0x01, /* Questions: 1 */
5858 0x00, 0x01, /* Answer RRs: 1 */
5859 0x00, 0x00, /* Authority RRs: 0 */
5860 0x00, 0x00, /* Additional RRs: 0 */
5861 /* Queries */
5862 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
5863 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
5864 0x00, 0x01, /* Type: A */
5865 0x00, 0x01, /* Class: IN */
5866 /* Answers */
5867 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0xc0,
5868 0x12, /* Name: hello.example.com (a label ending with a pointer) */
5869 0x00, 0x01, /* Type: A */
5870 0x00, 0x01, /* Class: IN */
5871 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
5872 0x00, 0x04, /* Data length: 4 */
5873 0x01, 0x02, 0x03, 0x04 /* Address: 1.2.3.4 */
5874 };
5875
5876 for (const auto& response : {kResponseAPointer, kResponseLabelEndingWithAPointer}) {
5877 SCOPED_TRACE(fmt::format("Hex dump: {}", toHex(makeSlice(response))));
5878
5879 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
5880 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, response);
5881 StartDns(dns, {});
5882 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5883
5884 // Expect no cache because the TTL of testing responses are 0.
5885 VerifyQueryHelloExampleComV4(dns, calltype);
5886 }
5887 }
5888
TEST_P(ResolverParameterizedTest,TruncatedResponse)5889 TEST_P(ResolverParameterizedTest, TruncatedResponse) {
5890 const auto& calltype = GetParam();
5891
5892 test::DNSResponder dns;
5893 StartDns(dns, kLargeCnameChainRecords);
5894 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5895
5896 // Expect UDP response is truncated. The resolver retries over TCP. See RFC 1035 section 4.2.1.
5897 VerifyQueryHelloExampleComV4(dns, calltype, false);
5898 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom));
5899 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom));
5900 }
5901
TEST_F(ResolverTest,KeepListeningUDP)5902 TEST_F(ResolverTest, KeepListeningUDP) {
5903 constexpr char listen_addr1[] = "127.0.0.4";
5904 constexpr char listen_addr2[] = "127.0.0.5";
5905 constexpr char host_name[] = "howdy.example.com.";
5906 const std::vector<DnsRecord> records = {
5907 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
5908 };
5909 const std::vector<int> params = {300, 25, 8, 8, 1000 /* BASE_TIMEOUT_MSEC */,
5910 1 /* retry count */};
5911 const int delayTimeMs = 1500;
5912
5913 test::DNSResponder neverRespondDns(listen_addr2, "53", static_cast<ns_rcode>(-1));
5914 neverRespondDns.setResponseProbability(0.0);
5915 StartDns(neverRespondDns, records);
5916 ScopedSystemProperties scopedSystemProperties(
5917 "persist.device_config.netd_native.keep_listening_udp", "1");
5918 // Re-setup test network to make experiment flag take effect.
5919 resetNetwork();
5920
5921 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr1, listen_addr2},
5922 kDefaultSearchDomains, params));
5923 // There are 2 DNS servers for this test.
5924 // |delayedDns| will be blocked for |delayTimeMs|, then start to respond to requests.
5925 // |neverRespondDns| will never respond.
5926 // In the first try, resolver will send query to |delayedDns| but get timeout error
5927 // because |delayTimeMs| > DNS timeout.
5928 // Then it's the second try, resolver will send query to |neverRespondDns| and
5929 // listen on both servers. Resolver will receive the answer coming from |delayedDns|.
5930
5931 test::DNSResponder delayedDns(listen_addr1);
5932 delayedDns.setResponseDelayMs(delayTimeMs);
5933 StartDns(delayedDns, records);
5934
5935 // Specify hints to ensure resolver doing query only 1 round.
5936 const addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
5937 ScopedAddrinfo result = safe_getaddrinfo(host_name, nullptr, &hints);
5938 EXPECT_TRUE(result != nullptr);
5939
5940 std::string result_str = ToString(result);
5941 EXPECT_TRUE(result_str == "::1.2.3.4") << ", result_str='" << result_str << "'";
5942 }
5943
TEST_F(ResolverTest,GetAddrInfoParallelLookupTimeout)5944 TEST_F(ResolverTest, GetAddrInfoParallelLookupTimeout) {
5945 constexpr char listen_addr[] = "127.0.0.4";
5946 constexpr char host_name[] = "howdy.example.com.";
5947 constexpr int TIMING_TOLERANCE_MS = 200;
5948 constexpr int DNS_TIMEOUT_MS = 1000;
5949 const std::vector<DnsRecord> records = {
5950 {host_name, ns_type::ns_t_a, "1.2.3.4"},
5951 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
5952 };
5953 const std::vector<int> params = {300, 25, 8, 8, DNS_TIMEOUT_MS /* BASE_TIMEOUT_MSEC */,
5954 1 /* retry count */};
5955 test::DNSResponder neverRespondDns(listen_addr, "53", static_cast<ns_rcode>(-1));
5956 neverRespondDns.setResponseProbability(0.0);
5957 StartDns(neverRespondDns, records);
5958 ScopedSystemProperties scopedSystemProperties(
5959 "persist.device_config.netd_native.parallel_lookup_release", "1");
5960 // The default value of parallel_lookup_sleep_time should be very small
5961 // that we can ignore in this test case.
5962 // Re-setup test network to make experiment flag take effect.
5963 resetNetwork();
5964
5965 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr}, kDefaultSearchDomains, params));
5966 neverRespondDns.clearQueries();
5967
5968 // Use a never respond DNS server to verify if the A/AAAA queries are sent in parallel.
5969 // The resolver parameters are set to timeout 1s and retry 1 times.
5970 // So we expect the safe_getaddrinfo_time_taken() might take ~1s to
5971 // return when parallel lookup is enabled. And the DNS server should receive 2 queries.
5972 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
5973 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(host_name, nullptr, hints);
5974
5975 EXPECT_TRUE(result == nullptr);
5976 EXPECT_NEAR(DNS_TIMEOUT_MS, timeTakenMs, TIMING_TOLERANCE_MS)
5977 << "took time should approximate equal timeout";
5978 EXPECT_EQ(2U, GetNumQueries(neverRespondDns, host_name));
5979 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, RCODE_TIMEOUT, host_name, {});
5980 }
5981
TEST_F(ResolverTest,GetAddrInfoParallelLookupSleepTime)5982 TEST_F(ResolverTest, GetAddrInfoParallelLookupSleepTime) {
5983 constexpr char listen_addr[] = "127.0.0.4";
5984 constexpr int TIMING_TOLERANCE_MS = 200;
5985 const std::vector<DnsRecord> records = {
5986 {kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4},
5987 {kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6},
5988 };
5989 const std::vector<int> params = {300, 25, 8, 8, 1000 /* BASE_TIMEOUT_MSEC */,
5990 1 /* retry count */};
5991 test::DNSResponder dns(listen_addr);
5992 StartDns(dns, records);
5993 ScopedSystemProperties scopedSystemProperties1(
5994 "persist.device_config.netd_native.parallel_lookup_release", "1");
5995 constexpr int PARALLEL_LOOKUP_SLEEP_TIME_MS = 500;
5996 ScopedSystemProperties scopedSystemProperties2(
5997 "persist.device_config.netd_native.parallel_lookup_sleep_time",
5998 std::to_string(PARALLEL_LOOKUP_SLEEP_TIME_MS));
5999 // Re-setup test network to make experiment flag take effect.
6000 resetNetwork();
6001
6002 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr}, kDefaultSearchDomains, params));
6003 dns.clearQueries();
6004
6005 // Expect the safe_getaddrinfo_time_taken() might take ~500ms to return because we set
6006 // parallel_lookup_sleep_time to 500ms.
6007 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
6008 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(kHelloExampleCom, nullptr, hints);
6009
6010 EXPECT_NE(nullptr, result);
6011 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(
6012 {kHelloExampleComAddrV4, kHelloExampleComAddrV6}));
6013 EXPECT_NEAR(PARALLEL_LOOKUP_SLEEP_TIME_MS, timeTakenMs, TIMING_TOLERANCE_MS)
6014 << "took time should approximate equal timeout";
6015 EXPECT_EQ(2U, GetNumQueries(dns, kHelloExampleCom));
6016
6017 // Expect the PARALLEL_LOOKUP_SLEEP_TIME_MS won't affect the query under cache hit case.
6018 dns.clearQueries();
6019 std::tie(result, timeTakenMs) = safe_getaddrinfo_time_taken(kHelloExampleCom, nullptr, hints);
6020 EXPECT_NE(nullptr, result);
6021 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(
6022 {kHelloExampleComAddrV4, kHelloExampleComAddrV6}));
6023 EXPECT_GT(PARALLEL_LOOKUP_SLEEP_TIME_MS, timeTakenMs);
6024 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
6025 }
6026
6027 // TODO(b/219434602): find an alternative way to block DNS packets on T+.
TEST_F(ResolverTest,BlockDnsQueryUidDoesNotLeadToBadServer)6028 TEST_F(ResolverTest, BlockDnsQueryUidDoesNotLeadToBadServer) {
6029 if (android::modules::sdklevel::IsAtLeastT()) GTEST_SKIP() << "T+ device.";
6030 SKIP_IF_BPF_NOT_SUPPORTED;
6031 constexpr char listen_addr1[] = "127.0.0.4";
6032 constexpr char listen_addr2[] = "::1";
6033 test::DNSResponder dns1(listen_addr1);
6034 test::DNSResponder dns2(listen_addr2);
6035 StartDns(dns1, {});
6036 StartDns(dns2, {});
6037
6038 std::vector<std::string> servers = {listen_addr1, listen_addr2};
6039 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
6040 dns1.clearQueries();
6041 dns2.clearQueries();
6042 {
6043 ScopeBlockedUIDRule scopeBlockUidRule(mDnsClient.netdService(), TEST_UID);
6044 // Start querying ten times.
6045 for (int i = 0; i < 10; i++) {
6046 std::string hostName = fmt::format("blocked{}.com", i);
6047 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
6048 // The query result between R+ and Q would be different, but we don't really care
6049 // about the result here because this test is only used to ensure blocked uid rule
6050 // won't cause bad servers.
6051 safe_getaddrinfo(hostName.c_str(), nullptr, &hints);
6052 }
6053 }
6054 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6055 // If api level >= 30 (R+), expect all query packets to be blocked, hence we should not see any
6056 // of their stats show up. Otherwise, all queries should succeed.
6057 const std::vector<NameserverStats> expectedDnsStats = {
6058 NameserverStats(listen_addr1).setSuccesses(isAtLeastR ? 0 : setupParams.maxSamples),
6059 NameserverStats(listen_addr2),
6060 };
6061 expectStatsEqualTo(expectedDnsStats);
6062 // If api level >= 30 (R+), expect server won't receive any queries,
6063 // otherwise expect 20 == 10 * (setupParams.domains.size() + 1) queries.
6064 EXPECT_EQ(dns1.queries().size(), isAtLeastR ? 0U : 10 * (setupParams.domains.size() + 1));
6065 EXPECT_EQ(dns2.queries().size(), 0U);
6066 }
6067
TEST_F(ResolverTest,DnsServerSelection)6068 TEST_F(ResolverTest, DnsServerSelection) {
6069 test::DNSResponder dns1("127.0.0.3");
6070 test::DNSResponder dns2("127.0.0.4");
6071 test::DNSResponder dns3("127.0.0.5");
6072
6073 dns1.setResponseDelayMs(10);
6074 dns2.setResponseDelayMs(50);
6075 dns3.setResponseDelayMs(100);
6076 StartDns(dns1, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6077 StartDns(dns2, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6078 StartDns(dns3, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6079
6080 // NOTE: the servers must be sorted alphabetically.
6081 std::vector<std::string> serverList = {
6082 dns1.listen_address(),
6083 dns2.listen_address(),
6084 dns3.listen_address(),
6085 };
6086
6087 do {
6088 SCOPED_TRACE(fmt::format("testConfig: [{}]", fmt::join(serverList, ", ")));
6089 const int queryNum = 50;
6090 int64_t accumulatedTime = 0;
6091
6092 // The flag can be reset any time. It's better to re-setup the flag in each iteration.
6093 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, "1");
6094
6095 // Restart the testing network to 1) make the flag take effect and 2) reset the statistics.
6096 resetNetwork();
6097
6098 // DnsServerSelection doesn't apply to private DNS.
6099 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6100 setupParams.servers = serverList;
6101 setupParams.tlsServers.clear();
6102 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6103
6104 // DNSResponder doesn't handle queries concurrently, so don't allow more than
6105 // one in-flight query.
6106 for (int i = 0; i < queryNum; i++) {
6107 Stopwatch s;
6108 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_a,
6109 ANDROID_RESOLV_NO_CACHE_LOOKUP);
6110 expectAnswersValid(fd, AF_INET, kHelloExampleComAddrV4);
6111 accumulatedTime += s.timeTakenUs();
6112 }
6113
6114 const int dns1Count = dns1.queries().size();
6115 const int dns2Count = dns2.queries().size();
6116 const int dns3Count = dns3.queries().size();
6117
6118 // All of the servers have ever been selected. In addition, the less latency server
6119 // is selected more frequently.
6120 EXPECT_GT(dns1Count, 0);
6121 EXPECT_GT(dns2Count, 0);
6122 EXPECT_GT(dns3Count, 0);
6123 EXPECT_GE(dns1Count, dns2Count);
6124 EXPECT_GE(dns2Count, dns3Count);
6125
6126 const int averageTime = accumulatedTime / queryNum;
6127 LOG(INFO) << "ResolverTest#DnsServerSelection: averageTime " << averageTime << "us";
6128
6129 dns1.clearQueries();
6130 dns2.clearQueries();
6131 dns3.clearQueries();
6132 } while (std::next_permutation(serverList.begin(), serverList.end()));
6133 }
6134
TEST_F(ResolverTest,MultipleDotQueriesInOnePacket)6135 TEST_F(ResolverTest, MultipleDotQueriesInOnePacket) {
6136 constexpr char hostname1[] = "query1.example.com.";
6137 constexpr char hostname2[] = "query2.example.com.";
6138 const std::vector<DnsRecord> records = {
6139 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
6140 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
6141 };
6142
6143 const std::string addr = getUniqueIPv4Address();
6144 test::DNSResponder dns(addr);
6145 StartDns(dns, records);
6146 test::DnsTlsFrontend tls(addr, "853", addr, "53");
6147 ASSERT_TRUE(tls.startServer());
6148
6149 // Set up resolver to strict mode.
6150 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
6151 parcel.servers = {addr};
6152 parcel.tlsServers = {addr};
6153 parcel.tlsName = kDefaultPrivateDnsHostName;
6154 parcel.caCertificate = kCaCert;
6155 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
6156 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
6157 EXPECT_TRUE(tls.waitForQueries(1));
6158 tls.clearQueries();
6159 dns.clearQueries();
6160
6161 const auto queryAndCheck = [&](const std::string& hostname,
6162 const std::vector<DnsRecord>& records) {
6163 SCOPED_TRACE(hostname);
6164
6165 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
6166 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(hostname.c_str(), nullptr, hints);
6167
6168 std::vector<std::string> expectedAnswers;
6169 for (const auto& r : records) {
6170 if (r.host_name == hostname) expectedAnswers.push_back(r.addr);
6171 }
6172
6173 EXPECT_LE(timeTakenMs, 200);
6174 ASSERT_NE(result, nullptr);
6175 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(expectedAnswers));
6176 };
6177
6178 // Set tls to reply DNS responses in one TCP packet and not to close the connection from its
6179 // side.
6180 tls.setDelayQueries(2);
6181 tls.setDelayQueriesTimeout(500);
6182 tls.setPassiveClose(true);
6183
6184 // Start sending DNS requests at the same time.
6185 std::array<std::thread, 2> threads;
6186 threads[0] = std::thread(queryAndCheck, hostname1, records);
6187 threads[1] = std::thread(queryAndCheck, hostname2, records);
6188
6189 threads[0].join();
6190 threads[1].join();
6191
6192 // Also check no additional queries due to DoT reconnection.
6193 EXPECT_TRUE(tls.waitForQueries(2));
6194 }
6195
TEST_F(ResolverTest,MdnsGetHostByName)6196 TEST_F(ResolverTest, MdnsGetHostByName) {
6197 constexpr char v6addr[] = "::127.0.0.3";
6198 constexpr char v4addr[] = "127.0.0.3";
6199 constexpr char host_name[] = "hello.local.";
6200 constexpr char nonexistent_host_name[] = "nonexistent.local.";
6201
6202 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6203 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6204 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6205 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6206
6207 ASSERT_TRUE(mdnsv4.startServer());
6208 ASSERT_TRUE(mdnsv6.startServer());
6209 mdnsv4.clearQueries();
6210 mdnsv6.clearQueries();
6211
6212 std::vector<bool> keep_listening_udp_enable = {false, true};
6213 for (int value : keep_listening_udp_enable) {
6214 if (value == true) {
6215 // Set keep_listening_udp enable
6216 ScopedSystemProperties scopedSystemProperties(
6217 "persist.device_config.netd_native.keep_listening_udp", "1");
6218 // Re-setup test network to make experiment flag take effect.
6219 resetNetwork();
6220 }
6221 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6222
6223 static const struct TestConfig {
6224 int ai_family;
6225 const std::string expected_addr;
6226 } testConfigs[]{
6227 {AF_INET, v4addr},
6228 {AF_INET6, v6addr},
6229 };
6230
6231 for (const auto& config : testConfigs) {
6232 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6233 const hostent* result = nullptr;
6234
6235 // No response for "nonexistent.local".
6236 result = gethostbyname2("nonexistent.local", config.ai_family);
6237 ASSERT_TRUE(result == nullptr);
6238 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6239 EXPECT_EQ(1U, GetNumQueries(mdns, nonexistent_host_name));
6240 mdns.clearQueries();
6241 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
6242
6243 // Normal mDns query
6244 result = gethostbyname2("hello.local", config.ai_family);
6245 ASSERT_FALSE(result == nullptr);
6246 EXPECT_EQ(1U, GetNumQueries(mdns, host_name));
6247 int length = config.ai_family == AF_INET ? 4 : 16;
6248 ASSERT_EQ(length, result->h_length);
6249 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6250 EXPECT_EQ(config.expected_addr, ToString(result));
6251 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6252 mdns.clearQueries();
6253
6254 // Ensure the query result is still cached.
6255 result = gethostbyname2("hello.local", config.ai_family);
6256 EXPECT_EQ(0U, GetNumQueries(mdnsv4, "hello.local."));
6257 ASSERT_FALSE(result == nullptr);
6258 EXPECT_EQ(config.expected_addr, ToString(result));
6259 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6260 }
6261 }
6262 }
6263
6264 namespace {
6265
6266 static const struct TransportTypeConfig {
6267 const std::vector<int32_t>& transportTypes;
6268 bool useMdns;
6269 } transportTypeConfig[]{
6270 // clang-format off
6271 {{}, true},
6272 {{IDnsResolver::TRANSPORT_CELLULAR}, false},
6273 {{IDnsResolver::TRANSPORT_WIFI}, true},
6274 {{IDnsResolver::TRANSPORT_BLUETOOTH}, true},
6275 {{IDnsResolver::TRANSPORT_ETHERNET}, true},
6276 {{IDnsResolver::TRANSPORT_VPN}, false},
6277 {{IDnsResolver::TRANSPORT_WIFI_AWARE}, true},
6278 {{IDnsResolver::TRANSPORT_LOWPAN}, true},
6279 {{IDnsResolver::TRANSPORT_TEST}, true},
6280 {{IDnsResolver::TRANSPORT_USB}, true},
6281 {{IDnsResolver::TRANSPORT_CELLULAR, IDnsResolver::TRANSPORT_VPN}, false},
6282 {{IDnsResolver::TRANSPORT_WIFI, IDnsResolver::TRANSPORT_VPN}, false},
6283 {{IDnsResolver::TRANSPORT_BLUETOOTH, IDnsResolver::TRANSPORT_VPN}, false},
6284 {{IDnsResolver::TRANSPORT_ETHERNET, IDnsResolver::TRANSPORT_VPN}, false},
6285 {{IDnsResolver::TRANSPORT_CELLULAR, IDnsResolver::TRANSPORT_WIFI,
6286 IDnsResolver::TRANSPORT_VPN}, false},
6287 {{IDnsResolver::TRANSPORT_WIFI_AWARE, IDnsResolver::TRANSPORT_VPN}, false},
6288 {{IDnsResolver::TRANSPORT_LOWPAN, IDnsResolver::TRANSPORT_VPN}, false},
6289 {{IDnsResolver::TRANSPORT_TEST, IDnsResolver::TRANSPORT_VPN}, false},
6290 {{IDnsResolver::TRANSPORT_USB, IDnsResolver::TRANSPORT_VPN}, false},
6291 // clang-format on
6292 };
6293
6294 } // namespace
6295
TEST_F(ResolverTest,MdnsGetHostByName_transportTypes)6296 TEST_F(ResolverTest, MdnsGetHostByName_transportTypes) {
6297 constexpr char v6addr[] = "::127.0.0.3";
6298 constexpr char v4addr[] = "127.0.0.3";
6299 constexpr char host_name[] = "hello.local.";
6300
6301 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6302 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6303 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6304 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6305 ASSERT_TRUE(mdnsv4.startServer());
6306 ASSERT_TRUE(mdnsv6.startServer());
6307
6308 const std::vector<DnsRecord> records = {
6309 {host_name, ns_type::ns_t_a, v4addr},
6310 {host_name, ns_type::ns_t_aaaa, v6addr},
6311 };
6312 test::DNSResponder dns(v4addr);
6313 StartDns(dns, records);
6314
6315 for (const auto& tpConfig : transportTypeConfig) {
6316 SCOPED_TRACE(fmt::format("transportTypes: [{}], useMdns: {}",
6317 fmt::join(tpConfig.transportTypes, ","), tpConfig.useMdns));
6318 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6319 setupParams.transportTypes = tpConfig.transportTypes;
6320 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6321
6322 static const struct TestConfig {
6323 int ai_family;
6324 const std::string expected_addr;
6325 } testConfigs[]{
6326 {AF_INET, v4addr},
6327 {AF_INET6, v6addr},
6328 };
6329
6330 for (const auto& config : testConfigs) {
6331 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6332 const hostent* result = nullptr;
6333 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6334
6335 result = gethostbyname2("hello.local", config.ai_family);
6336 ASSERT_FALSE(result == nullptr);
6337 if (tpConfig.useMdns) {
6338 EXPECT_EQ(1U, GetNumQueries(mdns, host_name));
6339 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
6340 } else {
6341 EXPECT_EQ(0U, GetNumQueries(mdns, host_name));
6342 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6343 }
6344 int length = config.ai_family == AF_INET ? 4 : 16;
6345 ASSERT_EQ(length, result->h_length);
6346 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6347 EXPECT_EQ(config.expected_addr, ToString(result));
6348 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6349
6350 mdns.clearQueries();
6351 dns.clearQueries();
6352 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6353 }
6354 }
6355 }
6356
TEST_F(ResolverTest,MdnsGetHostByName_cnames)6357 TEST_F(ResolverTest, MdnsGetHostByName_cnames) {
6358 constexpr char v6addr[] = "::127.0.0.3";
6359 constexpr char v4addr[] = "127.0.0.3";
6360 constexpr char host_name[] = "hello.local.";
6361 const std::vector<DnsRecord> records = {
6362 {"hi.local.", ns_type::ns_t_cname, "a.local."},
6363 {"a.local.", ns_type::ns_t_cname, "b.local."},
6364 {"b.local.", ns_type::ns_t_cname, "c.local."},
6365 {"c.local.", ns_type::ns_t_cname, "d.local."},
6366 {"d.local.", ns_type::ns_t_cname, "e.local."},
6367 {"e.local.", ns_type::ns_t_cname, host_name},
6368 {host_name, ns_type::ns_t_a, v4addr},
6369 {host_name, ns_type::ns_t_aaaa, v6addr},
6370 };
6371 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6372 for (const auto& r : records) {
6373 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6374 }
6375 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6376 for (const auto& r : records) {
6377 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6378 }
6379 ASSERT_TRUE(mdnsv4.startServer());
6380 ASSERT_TRUE(mdnsv6.startServer());
6381 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6382 mdnsv4.clearQueries();
6383 mdnsv6.clearQueries();
6384
6385 static const struct TestConfig {
6386 int ai_family;
6387 const std::string expected_addr;
6388 } testConfigs[]{
6389 {AF_INET, v4addr},
6390 {AF_INET6, v6addr},
6391 };
6392
6393 for (const auto& config : testConfigs) {
6394 size_t cnamecount = 0;
6395 // using gethostbyname2() to resolve ipv4 hello.local. to 127.0.0.3
6396 // or ipv6 hello.local. to ::127.0.0.3.
6397 // Ensure the v4 address and cnames are correct
6398 const hostent* result;
6399 result = gethostbyname2("hi.local", config.ai_family);
6400 ASSERT_FALSE(result == nullptr);
6401
6402 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
6403 std::string domain_name =
6404 records[i].host_name.substr(0, records[i].host_name.size() - 1);
6405 EXPECT_EQ(result->h_aliases[i], domain_name);
6406 cnamecount++;
6407 }
6408 // The size of "Non-cname type" record in DNS records is 2
6409 ASSERT_EQ(cnamecount, records.size() - 2);
6410 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6411 EXPECT_EQ(1U, mdnsv4.queries().size()) << mdns.dumpQueries();
6412 int length = config.ai_family == AF_INET ? 4 : 16;
6413 ASSERT_EQ(length, result->h_length);
6414
6415 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6416 EXPECT_EQ(config.expected_addr, ToString(result));
6417 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6418 }
6419 }
6420
TEST_F(ResolverTest,MdnsGetHostByName_cnamesInfiniteLoop)6421 TEST_F(ResolverTest, MdnsGetHostByName_cnamesInfiniteLoop) {
6422 constexpr char host_name1[] = "hello.local.";
6423 constexpr char host_name2[] = "hi.local.";
6424 const std::vector<DnsRecord> records = {
6425 {host_name1, ns_type::ns_t_cname, host_name2},
6426 {host_name2, ns_type::ns_t_cname, host_name1},
6427 };
6428
6429 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6430 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6431 for (const auto& r : records) {
6432 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6433 }
6434 for (const auto& r : records) {
6435 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6436 }
6437 ASSERT_TRUE(mdnsv4.startServer());
6438 ASSERT_TRUE(mdnsv6.startServer());
6439 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6440 mdnsv4.clearQueries();
6441 mdnsv6.clearQueries();
6442
6443 const hostent* result;
6444 result = gethostbyname2("hello.local", AF_INET);
6445 ASSERT_TRUE(result == nullptr);
6446
6447 result = gethostbyname2("hello.local", AF_INET6);
6448 ASSERT_TRUE(result == nullptr);
6449 }
6450
TEST_F(ResolverTest,MdnsGetAddrInfo)6451 TEST_F(ResolverTest, MdnsGetAddrInfo) {
6452 constexpr char v6addr[] = "::127.0.0.3";
6453 constexpr char v4addr[] = "127.0.0.3";
6454 constexpr char host_name[] = "hello.local.";
6455 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6456 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6457 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6458 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6459 ASSERT_TRUE(mdnsv4.startServer());
6460 ASSERT_TRUE(mdnsv6.startServer());
6461
6462 std::vector<bool> keep_listening_udp_enable = {false, true};
6463 for (int value : keep_listening_udp_enable) {
6464 if (value == true) {
6465 // Set keep_listening_udp enable
6466 ScopedSystemProperties scopedSystemProperties(
6467 "persist.device_config.netd_native.keep_listening_udp", "1");
6468 // Re-setup test network to make experiment flag take effect.
6469 resetNetwork();
6470 }
6471
6472 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6473 static const struct TestConfig {
6474 int ai_family;
6475 const std::vector<std::string> expected_addr;
6476 } testConfigs[]{
6477 {AF_INET, {v4addr}},
6478 {AF_INET6, {v6addr}},
6479 {AF_UNSPEC, {v4addr, v6addr}},
6480 };
6481
6482 for (const auto& config : testConfigs) {
6483 mdnsv4.clearQueries();
6484 mdnsv6.clearQueries();
6485 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6486 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6487
6488 EXPECT_TRUE(result != nullptr);
6489 if (config.ai_family == AF_INET) {
6490 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6491 mdnsv4.clearQueries();
6492 } else if (config.ai_family == AF_INET6) {
6493 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6494 mdnsv6.clearQueries();
6495 } else if (config.ai_family == AF_UNSPEC) {
6496 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6497 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6498 mdnsv4.clearQueries();
6499 mdnsv6.clearQueries();
6500 }
6501 std::string result_str = ToString(result);
6502 EXPECT_THAT(ToStrings(result),
6503 testing::UnorderedElementsAreArray(config.expected_addr));
6504
6505 // Ensure the query results are still cached.
6506 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6507 EXPECT_TRUE(result != nullptr);
6508 if (config.ai_family == AF_INET)
6509 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6510 else if (config.ai_family == AF_INET6)
6511 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6512 else if (config.ai_family == AF_UNSPEC) {
6513 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6514 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6515 }
6516 result_str = ToString(result);
6517 EXPECT_THAT(ToStrings(result),
6518 testing::UnorderedElementsAreArray(config.expected_addr));
6519 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6520 }
6521 }
6522 }
6523
TEST_F(ResolverTest,MdnsGetAddrInfo_transportTypes)6524 TEST_F(ResolverTest, MdnsGetAddrInfo_transportTypes) {
6525 constexpr char v6addr[] = "::127.0.0.3";
6526 constexpr char v4addr[] = "127.0.0.3";
6527 constexpr char host_name[] = "hello.local.";
6528 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6529 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6530 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6531 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6532 ASSERT_TRUE(mdnsv4.startServer());
6533 ASSERT_TRUE(mdnsv6.startServer());
6534
6535 const std::vector<DnsRecord> records = {
6536 {host_name, ns_type::ns_t_a, v4addr},
6537 {host_name, ns_type::ns_t_aaaa, v6addr},
6538 };
6539 test::DNSResponder dns(v4addr);
6540 StartDns(dns, records);
6541
6542 for (const auto& tpConfig : transportTypeConfig) {
6543 SCOPED_TRACE(fmt::format("transportTypes: [{}], useMdns: {}",
6544 fmt::join(tpConfig.transportTypes, ","), tpConfig.useMdns));
6545 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6546 setupParams.transportTypes = tpConfig.transportTypes;
6547 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6548
6549 static const struct TestConfig {
6550 int ai_family;
6551 const std::vector<std::string> expected_addr;
6552 } testConfigs[]{
6553 {AF_INET, {v4addr}},
6554 {AF_INET6, {v6addr}},
6555 {AF_UNSPEC, {v4addr, v6addr}},
6556 };
6557
6558 for (const auto& config : testConfigs) {
6559 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6560 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6561
6562 EXPECT_TRUE(result != nullptr);
6563 if (tpConfig.useMdns) {
6564 if (config.ai_family == AF_INET) {
6565 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6566 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6567 } else if (config.ai_family == AF_INET6) {
6568 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6569 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6570 } else {
6571 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6572 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6573 }
6574 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
6575 } else {
6576 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6577 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6578 if (config.ai_family == AF_INET || config.ai_family == AF_INET6) {
6579 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6580 } else {
6581 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
6582 }
6583 }
6584 std::string result_str = ToString(result);
6585 EXPECT_THAT(ToStrings(result),
6586 testing::UnorderedElementsAreArray(config.expected_addr));
6587
6588 mdnsv4.clearQueries();
6589 mdnsv6.clearQueries();
6590 dns.clearQueries();
6591 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6592 }
6593 }
6594 }
6595
TEST_F(ResolverTest,MdnsGetAddrInfo_InvalidSocketType)6596 TEST_F(ResolverTest, MdnsGetAddrInfo_InvalidSocketType) {
6597 constexpr char v6addr[] = "::127.0.0.3";
6598 constexpr char host_name[] = "hello.local.";
6599
6600 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6601 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6602 ASSERT_TRUE(mdnsv6.startServer());
6603 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6604
6605 // TODO: Test other invalid socket types.
6606 const addrinfo hints = {
6607 .ai_family = AF_UNSPEC,
6608 .ai_socktype = SOCK_PACKET,
6609 };
6610 addrinfo* result = nullptr;
6611 // This is a valid hint, but the query won't be sent because the socket type is
6612 // not supported.
6613 EXPECT_EQ(EAI_NODATA, getaddrinfo("howdy.local", nullptr, &hints, &result));
6614 ScopedAddrinfo result_cleanup(result);
6615 EXPECT_EQ(nullptr, result);
6616 }
6617
TEST_F(ResolverTest,MdnsGetAddrInfo_cnames)6618 TEST_F(ResolverTest, MdnsGetAddrInfo_cnames) {
6619 constexpr char v6addr[] = "::127.0.0.3";
6620 constexpr char v4addr[] = "127.0.0.3";
6621 constexpr char host_name[] = "hello.local.";
6622 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6623 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6624 const std::vector<DnsRecord> records = {
6625 {"hi.local.", ns_type::ns_t_cname, "a.local."},
6626 {"a.local.", ns_type::ns_t_cname, "b.local."},
6627 {"b.local.", ns_type::ns_t_cname, "c.local."},
6628 {"c.local.", ns_type::ns_t_cname, "d.local."},
6629 {"d.local.", ns_type::ns_t_cname, "e.local."},
6630 {"e.local.", ns_type::ns_t_cname, host_name},
6631 {host_name, ns_type::ns_t_a, v4addr},
6632 {host_name, ns_type::ns_t_aaaa, v6addr},
6633 };
6634 for (const auto& r : records) {
6635 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6636 }
6637 for (const auto& r : records) {
6638 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6639 }
6640 ASSERT_TRUE(mdnsv4.startServer());
6641 ASSERT_TRUE(mdnsv6.startServer());
6642 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6643
6644 static const struct TestConfig {
6645 int ai_family;
6646 const std::vector<std::string> expected_addr;
6647 } testConfigs[]{
6648 {AF_INET, {v4addr}},
6649 {AF_INET6, {v6addr}},
6650 {AF_UNSPEC, {v4addr, v6addr}},
6651 };
6652 for (const auto& config : testConfigs) {
6653 mdnsv4.clearQueries();
6654 mdnsv6.clearQueries();
6655 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6656 ScopedAddrinfo result = safe_getaddrinfo("hi.local", nullptr, &hints);
6657 EXPECT_TRUE(result != nullptr);
6658 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.expected_addr));
6659 }
6660 }
6661
TEST_F(ResolverTest,MdnsGetAddrInfo_cnamesNoIpAddress)6662 TEST_F(ResolverTest, MdnsGetAddrInfo_cnamesNoIpAddress) {
6663 constexpr char host_name[] = "hello.local.";
6664 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6665 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6666 mdnsv4.addMapping(host_name, ns_type::ns_t_cname, "a.local.");
6667 mdnsv6.addMapping(host_name, ns_type::ns_t_cname, "a.local.");
6668 ASSERT_TRUE(mdnsv4.startServer());
6669 ASSERT_TRUE(mdnsv6.startServer());
6670 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6671
6672 addrinfo hints = {.ai_family = AF_INET};
6673 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6674 EXPECT_TRUE(result == nullptr);
6675
6676 mdnsv4.clearQueries();
6677 hints = {.ai_family = AF_INET6};
6678 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6679 EXPECT_TRUE(result == nullptr);
6680
6681 mdnsv6.clearQueries();
6682 hints = {.ai_family = AF_UNSPEC};
6683 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6684 EXPECT_TRUE(result == nullptr);
6685 }
6686
TEST_F(ResolverTest,MdnsGetAddrInfo_cnamesIllegalRdata)6687 TEST_F(ResolverTest, MdnsGetAddrInfo_cnamesIllegalRdata) {
6688 constexpr char host_name[] = "hello.local.";
6689 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6690 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6691 mdnsv4.addMapping(host_name, ns_type::ns_t_cname, ".!#?");
6692 mdnsv6.addMapping(host_name, ns_type::ns_t_cname, ".!#?");
6693 ASSERT_TRUE(mdnsv4.startServer());
6694 ASSERT_TRUE(mdnsv6.startServer());
6695 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6696
6697 addrinfo hints = {.ai_family = AF_INET};
6698 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6699 EXPECT_TRUE(result == nullptr);
6700
6701 mdnsv4.clearQueries();
6702 hints = {.ai_family = AF_INET6};
6703 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6704 EXPECT_TRUE(result == nullptr);
6705
6706 mdnsv6.clearQueries();
6707 hints = {.ai_family = AF_UNSPEC};
6708 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6709 EXPECT_TRUE(result == nullptr);
6710 }
6711
6712 // Test if .local resolution will try unicast when multicast is failed.
TEST_F(ResolverTest,MdnsGetAddrInfo_fallback)6713 TEST_F(ResolverTest, MdnsGetAddrInfo_fallback) {
6714 constexpr char v6addr[] = "::1.2.3.4";
6715 constexpr char v4addr[] = "1.2.3.4";
6716 constexpr char host_name[] = "hello.local.";
6717 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService,
6718 static_cast<ns_rcode>(-1));
6719 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService, static_cast<ns_rcode>(-1));
6720 // Set unresponsive on multicast.
6721 mdnsv4.setResponseProbability(0.0);
6722 mdnsv6.setResponseProbability(0.0);
6723 ASSERT_TRUE(mdnsv4.startServer());
6724 ASSERT_TRUE(mdnsv6.startServer());
6725
6726 const std::vector<DnsRecord> records = {
6727 {host_name, ns_type::ns_t_a, v4addr},
6728 {host_name, ns_type::ns_t_aaaa, v6addr},
6729 };
6730 test::DNSResponder dns("127.0.0.3");
6731 StartDns(dns, records);
6732 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6733
6734 static const struct TestConfig {
6735 int ai_family;
6736 const std::vector<std::string> expected_addr;
6737 } testConfigs[]{
6738 {AF_INET, {v4addr}},
6739 {AF_INET6, {v6addr}},
6740 {AF_UNSPEC, {v4addr, v6addr}},
6741 };
6742
6743 for (const auto& config : testConfigs) {
6744 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6745 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6746 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6747 EXPECT_TRUE(result != nullptr);
6748 if (config.ai_family == AF_INET) {
6749 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6750 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6751 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6752 } else if (config.ai_family == AF_INET6) {
6753 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6754 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6755 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6756 } else {
6757 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6758 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6759 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
6760 }
6761 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.expected_addr));
6762
6763 mdnsv4.clearQueries();
6764 mdnsv6.clearQueries();
6765 dns.clearQueries();
6766 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6767 }
6768 }
6769
6770 // ResolverMultinetworkTest is used to verify multinetwork functionality. Here's how it works:
6771 // The resolver sends queries to address A, and then there will be a TunForwarder helping forward
6772 // the packets to address B, which is the address on which the testing server is listening. The
6773 // answer packets responded from the testing server go through the reverse path back to the
6774 // resolver.
6775 //
6776 // To achieve the that, it needs to set up a interface with routing rules. Tests are not
6777 // supposed to initiate DNS servers on their own; instead, some utilities are added to the class to
6778 // help the setup.
6779 //
6780 // An example of how to use it:
6781 // TEST_F() {
6782 // ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(V4);
6783 // network.init();
6784 //
6785 // auto dns = network.addIpv4Dns();
6786 // StartDns(dns.dnsServer, {});
6787 //
6788 // network.setDnsConfiguration();
6789 // network.startTunForwarder();
6790 //
6791 // // Send queries here
6792 // }
6793
6794 class ResolverMultinetworkTest : public ResolverTest {
6795 protected:
6796 enum class ConnectivityType { V4, V6, V4V6 };
6797 static constexpr int TEST_NETID_BASE = 10000;
6798
6799 struct DnsServerPair {
DnsServerPairResolverMultinetworkTest::DnsServerPair6800 DnsServerPair(std::shared_ptr<test::DNSResponder> server, std::string addr)
6801 : dnsServer(server), dnsAddr(addr) {}
6802 std::shared_ptr<test::DNSResponder> dnsServer;
6803 std::string dnsAddr; // The DNS server address used for setResolverConfiguration().
6804 // TODO: Add test::DnsTlsFrontend* and std::string for DoT.
6805 };
6806
6807 class ScopedNetwork {
6808 public:
ScopedNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * networkName)6809 ScopedNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
6810 IDnsResolver* dnsResolvSrv, const char* networkName)
6811 : mNetId(netId),
6812 mConnectivityType(type),
6813 mNetdSrv(netdSrv),
6814 mDnsResolvSrv(dnsResolvSrv),
6815 mNetworkName(networkName) {
6816 mIfname = fmt::format("testtun{}", netId);
6817 }
~ScopedNetwork()6818 virtual ~ScopedNetwork() {
6819 if (mNetdSrv != nullptr) mNetdSrv->networkDestroy(mNetId);
6820 if (mDnsResolvSrv != nullptr) mDnsResolvSrv->destroyNetworkCache(mNetId);
6821 }
6822
6823 Result<void> init();
addIpv4Dns()6824 Result<DnsServerPair> addIpv4Dns() { return addDns(ConnectivityType::V4); }
addIpv6Dns()6825 Result<DnsServerPair> addIpv6Dns() { return addDns(ConnectivityType::V6); }
startTunForwarder()6826 bool startTunForwarder() { return mTunForwarder->startForwarding(); }
6827 bool setDnsConfiguration() const;
6828 bool clearDnsConfiguration() const;
netId() const6829 unsigned netId() const { return mNetId; }
name() const6830 std::string name() const { return mNetworkName; }
addUser(uid_t uid) const6831 Result<void> addUser(uid_t uid) const { return addUidRange(uid, uid); }
addUidRange(uid_t from,uid_t to) const6832 Result<void> addUidRange(uid_t from, uid_t to) const {
6833 if (auto r = mNetdSrv->networkAddUidRanges(mNetId, {makeUidRangeParcel(from, to)});
6834 !r.isOk()) {
6835 return Error() << r.getMessage();
6836 }
6837 return {};
6838 }
6839
6840 protected:
6841 // Subclasses should implement it to decide which network should be create.
6842 virtual Result<void> createNetwork() const = 0;
6843
6844 const unsigned mNetId;
6845 const ConnectivityType mConnectivityType;
6846 INetd* mNetdSrv;
6847 IDnsResolver* mDnsResolvSrv;
6848 const std::string mNetworkName;
6849 std::string mIfname;
6850 std::unique_ptr<TunForwarder> mTunForwarder;
6851 std::vector<DnsServerPair> mDnsServerPairs;
6852
6853 private:
6854 Result<DnsServerPair> addDns(ConnectivityType connectivity);
6855 // Assuming mNetId is unique during ResolverMultinetworkTest, make the
6856 // address based on it to avoid conflicts.
makeIpv4AddrString(uint8_t n) const6857 std::string makeIpv4AddrString(uint8_t n) const {
6858 return fmt::format("192.168.{}.{}", (mNetId - TEST_NETID_BASE), n);
6859 }
makeIpv6AddrString(uint8_t n) const6860 std::string makeIpv6AddrString(uint8_t n) const {
6861 return fmt::format("2001:db8:{}::{}", (mNetId - TEST_NETID_BASE), n);
6862 }
6863 };
6864
6865 class ScopedPhysicalNetwork : public ScopedNetwork {
6866 public:
ScopedPhysicalNetwork(unsigned netId,const char * networkName)6867 ScopedPhysicalNetwork(unsigned netId, const char* networkName)
6868 : ScopedNetwork(netId, ConnectivityType::V4V6, nullptr, nullptr, networkName) {}
ScopedPhysicalNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * name="Physical")6869 ScopedPhysicalNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
6870 IDnsResolver* dnsResolvSrv, const char* name = "Physical")
6871 : ScopedNetwork(netId, type, netdSrv, dnsResolvSrv, name) {}
6872
6873 protected:
createNetwork() const6874 Result<void> createNetwork() const override {
6875 ::ndk::ScopedAStatus r;
6876 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
6877 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
6878 mNetId, NativeNetworkType::PHYSICAL, INetd::PERMISSION_NONE,
6879 /*secure=*/false);
6880 r = mNetdSrv->networkCreate(config);
6881 } else {
6882 #pragma clang diagnostic push
6883 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
6884 r = mNetdSrv->networkCreatePhysical(mNetId, INetd::PERMISSION_NONE);
6885 #pragma clang diagnostic pop
6886 }
6887
6888 if (!r.isOk()) {
6889 return Error() << r.getMessage();
6890 }
6891 return {};
6892 }
6893 };
6894
6895 class ScopedVirtualNetwork : public ScopedNetwork {
6896 public:
ScopedVirtualNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * name,bool isSecure)6897 ScopedVirtualNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
6898 IDnsResolver* dnsResolvSrv, const char* name, bool isSecure)
6899 : ScopedNetwork(netId, type, netdSrv, dnsResolvSrv, name), mIsSecure(isSecure) {}
~ScopedVirtualNetwork()6900 ~ScopedVirtualNetwork() {
6901 if (!mVpnIsolationUids.empty()) {
6902 const std::vector<int> tmpUids(mVpnIsolationUids.begin(), mVpnIsolationUids.end());
6903 mNetdSrv->firewallRemoveUidInterfaceRules(tmpUids);
6904 }
6905 }
6906 // Enable VPN isolation. Ensures that uid can only receive packets on mIfname.
enableVpnIsolation(int uid)6907 Result<void> enableVpnIsolation(int uid) {
6908 if (auto r = mNetdSrv->firewallAddUidInterfaceRules(mIfname, {uid}); !r.isOk()) {
6909 return Error() << r.getMessage();
6910 }
6911 mVpnIsolationUids.insert(uid);
6912 return {};
6913 }
disableVpnIsolation(int uid)6914 Result<void> disableVpnIsolation(int uid) {
6915 if (auto r = mNetdSrv->firewallRemoveUidInterfaceRules({static_cast<int>(uid)});
6916 !r.isOk()) {
6917 return Error() << r.getMessage();
6918 }
6919 mVpnIsolationUids.erase(uid);
6920 return {};
6921 }
6922
6923 protected:
createNetwork() const6924 Result<void> createNetwork() const override {
6925 ::ndk::ScopedAStatus r;
6926 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
6927 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
6928 mNetId, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE, mIsSecure);
6929 r = mNetdSrv->networkCreate(config);
6930 } else {
6931 #pragma clang diagnostic push
6932 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
6933 r = mNetdSrv->networkCreateVpn(mNetId, mIsSecure);
6934 #pragma clang diagnostic pop
6935 }
6936
6937 if (!r.isOk()) {
6938 return Error() << r.getMessage();
6939 }
6940 return {};
6941 }
6942
6943 bool mIsSecure = false;
6944 std::unordered_set<int> mVpnIsolationUids;
6945 };
6946
SetUp()6947 void SetUp() override {
6948 ResolverTest::SetUp();
6949 ASSERT_NE(mDnsClient.netdService(), nullptr);
6950 ASSERT_NE(mDnsClient.resolvService(), nullptr);
6951 }
6952
TearDown()6953 void TearDown() override {
6954 ResolverTest::TearDown();
6955 // Restore default network
6956 if (mStoredDefaultNetwork >= 0) {
6957 mDnsClient.netdService()->networkSetDefault(mStoredDefaultNetwork);
6958 }
6959 }
6960
CreateScopedPhysicalNetwork(ConnectivityType type,const char * name="Physical")6961 ScopedPhysicalNetwork CreateScopedPhysicalNetwork(ConnectivityType type,
6962 const char* name = "Physical") {
6963 return {getFreeNetId(), type, mDnsClient.netdService(), mDnsClient.resolvService(), name};
6964 }
CreateScopedVirtualNetwork(ConnectivityType type,bool isSecure,const char * name="Virtual")6965 ScopedVirtualNetwork CreateScopedVirtualNetwork(ConnectivityType type, bool isSecure,
6966 const char* name = "Virtual") {
6967 return {getFreeNetId(), type, mDnsClient.netdService(), mDnsClient.resolvService(),
6968 name, isSecure};
6969 }
6970 void StartDns(test::DNSResponder& dns, const std::vector<DnsRecord>& records);
setDefaultNetwork(int netId)6971 void setDefaultNetwork(int netId) {
6972 // Save current default network at the first call.
6973 std::call_once(defaultNetworkFlag, [&]() {
6974 ASSERT_TRUE(mDnsClient.netdService()->networkGetDefault(&mStoredDefaultNetwork).isOk());
6975 });
6976 ASSERT_TRUE(mDnsClient.netdService()->networkSetDefault(netId).isOk());
6977 }
getFreeNetId()6978 unsigned getFreeNetId() {
6979 if (mNextNetId == TEST_NETID_BASE + 256) mNextNetId = TEST_NETID_BASE;
6980 return mNextNetId++;
6981 }
6982 Result<std::shared_ptr<test::DNSResponder>> setupDns(ConnectivityType type, ScopedNetwork* nw,
6983 const char* host_name,
6984 const char* ipv4_addr,
6985 const char* ipv6_addr);
6986
expectDnsQueryCountsFn(std::shared_ptr<test::DNSResponder> dnsServer,const char * host_name,size_t count,unsigned expectedDnsNetId)6987 void expectDnsQueryCountsFn(std::shared_ptr<test::DNSResponder> dnsServer,
6988 const char* host_name, size_t count, unsigned expectedDnsNetId) {
6989 EXPECT_EQ(GetNumQueries(*dnsServer, host_name), count);
6990 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(expectedDnsNetId).isOk());
6991 dnsServer->clearQueries();
6992 }
6993
6994 private:
6995 // Use a different netId because this class inherits from the class ResolverTest which
6996 // always creates TEST_NETID in setup. It's incremented when CreateScoped{Physical,
6997 // Virtual}Network() is called.
6998 // Note: 255 is the maximum number of (mNextNetId - TEST_NETID_BASE) here as mNextNetId
6999 // is used to create address.
7000 unsigned mNextNetId = TEST_NETID_BASE;
7001 // Use -1 to represent that default network was not modified because
7002 // real netId must be an unsigned value.
7003 int mStoredDefaultNetwork = -1;
7004 std::once_flag defaultNetworkFlag;
7005 };
7006
init()7007 Result<void> ResolverMultinetworkTest::ScopedNetwork::init() {
7008 if (mNetdSrv == nullptr || mDnsResolvSrv == nullptr) return Error() << "srv not available";
7009 unique_fd ufd = TunForwarder::createTun(mIfname);
7010 if (!ufd.ok()) {
7011 return Errorf("createTun for {} failed", mIfname);
7012 }
7013 mTunForwarder = std::make_unique<TunForwarder>(std::move(ufd));
7014
7015 if (auto r = createNetwork(); !r.ok()) {
7016 return r;
7017 }
7018 if (auto r = mDnsResolvSrv->createNetworkCache(mNetId); !r.isOk()) {
7019 return Error() << r.getMessage();
7020 }
7021 if (auto r = mNetdSrv->networkAddInterface(mNetId, mIfname); !r.isOk()) {
7022 return Error() << r.getMessage();
7023 }
7024
7025 if (mConnectivityType == ConnectivityType::V4 || mConnectivityType == ConnectivityType::V4V6) {
7026 const std::string v4Addr = makeIpv4AddrString(1);
7027 if (auto r = mNetdSrv->interfaceAddAddress(mIfname, v4Addr, 32); !r.isOk()) {
7028 return Error() << r.getMessage();
7029 }
7030 if (auto r = mNetdSrv->networkAddRoute(mNetId, mIfname, "0.0.0.0/0", ""); !r.isOk()) {
7031 return Error() << r.getMessage();
7032 }
7033 }
7034 if (mConnectivityType == ConnectivityType::V6 || mConnectivityType == ConnectivityType::V4V6) {
7035 const std::string v6Addr = makeIpv6AddrString(1);
7036 if (auto r = mNetdSrv->interfaceAddAddress(mIfname, v6Addr, 128); !r.isOk()) {
7037 return Error() << r.getMessage();
7038 }
7039 if (auto r = mNetdSrv->networkAddRoute(mNetId, mIfname, "::/0", ""); !r.isOk()) {
7040 return Error() << r.getMessage();
7041 }
7042 }
7043
7044 return {};
7045 }
7046
StartDns(test::DNSResponder & dns,const std::vector<DnsRecord> & records)7047 void ResolverMultinetworkTest::StartDns(test::DNSResponder& dns,
7048 const std::vector<DnsRecord>& records) {
7049 ResolverTest::StartDns(dns, records);
7050
7051 // Bind the DNSResponder's sockets to the network if specified.
7052 if (std::optional<unsigned> netId = dns.getNetwork(); netId.has_value()) {
7053 setNetworkForSocket(netId.value(), dns.getUdpSocket());
7054 setNetworkForSocket(netId.value(), dns.getTcpSocket());
7055 }
7056 }
7057
setupDns(ConnectivityType type,ScopedNetwork * nw,const char * host_name,const char * ipv4_addr,const char * ipv6_addr)7058 Result<std::shared_ptr<test::DNSResponder>> ResolverMultinetworkTest::setupDns(
7059 ConnectivityType type, ScopedNetwork* nw, const char* host_name, const char* ipv4_addr,
7060 const char* ipv6_addr) {
7061 // Add a testing DNS server to networks.
7062 const Result<DnsServerPair> dnsSvPair =
7063 (type == ConnectivityType::V4) ? nw->addIpv4Dns() : nw->addIpv6Dns();
7064 if (!dnsSvPair.ok()) return Error() << dnsSvPair.error();
7065
7066 StartDns(*dnsSvPair->dnsServer,
7067 {{host_name, ns_type::ns_t_a, ipv4_addr}, {host_name, ns_type::ns_t_aaaa, ipv6_addr}});
7068 if (!nw->setDnsConfiguration()) return Error() << "setDnsConfiguration() failed";
7069 if (!nw->startTunForwarder()) return Error() << "startTunForwarder() failed";
7070 return dnsSvPair->dnsServer;
7071 }
7072
addDns(ConnectivityType type)7073 Result<ResolverMultinetworkTest::DnsServerPair> ResolverMultinetworkTest::ScopedNetwork::addDns(
7074 ConnectivityType type) {
7075 const int index = mDnsServerPairs.size();
7076 const int prefixLen = (type == ConnectivityType::V4) ? 32 : 128;
7077
7078 const std::function<std::string(unsigned)> makeIpString =
7079 std::bind((type == ConnectivityType::V4) ? &ScopedNetwork::makeIpv4AddrString
7080 : &ScopedNetwork::makeIpv6AddrString,
7081 this, std::placeholders::_1);
7082
7083 std::string src1 = makeIpString(1); // The address from which the resolver will send.
7084 std::string dst1 = makeIpString(
7085 index + 100 +
7086 (mNetId - TEST_NETID_BASE)); // The address to which the resolver will send.
7087 std::string src2 = dst1; // The address translated from src1.
7088 std::string dst2 = makeIpString(
7089 index + 200 + (mNetId - TEST_NETID_BASE)); // The address translated from dst2.
7090
7091 if (!mTunForwarder->addForwardingRule({src1, dst1}, {src2, dst2}) ||
7092 !mTunForwarder->addForwardingRule({dst2, src2}, {dst1, src1})) {
7093 return Errorf("Failed to add the rules ({}, {}, {}, {})", src1, dst1, src2, dst2);
7094 }
7095
7096 if (!mNetdSrv->interfaceAddAddress(mIfname, dst2, prefixLen).isOk()) {
7097 return Errorf("interfaceAddAddress({}, {}, {}) failed", mIfname, dst2, prefixLen);
7098 }
7099
7100 return mDnsServerPairs.emplace_back(std::make_shared<test::DNSResponder>(mNetId, dst2), dst1);
7101 }
7102
setDnsConfiguration() const7103 bool ResolverMultinetworkTest::ScopedNetwork::setDnsConfiguration() const {
7104 if (mDnsResolvSrv == nullptr) return false;
7105 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
7106 parcel.tlsServers.clear();
7107 parcel.netId = mNetId;
7108 parcel.servers.clear();
7109 for (const auto& pair : mDnsServerPairs) {
7110 parcel.servers.push_back(pair.dnsAddr);
7111 }
7112 return mDnsResolvSrv->setResolverConfiguration(parcel).isOk();
7113 }
7114
clearDnsConfiguration() const7115 bool ResolverMultinetworkTest::ScopedNetwork::clearDnsConfiguration() const {
7116 if (mDnsResolvSrv == nullptr) return false;
7117 return mDnsResolvSrv->destroyNetworkCache(mNetId).isOk() &&
7118 mDnsResolvSrv->createNetworkCache(mNetId).isOk();
7119 }
7120
7121 namespace {
7122
7123 // Convenient wrapper for making getaddrinfo call like framework.
android_getaddrinfofornet_wrapper(const char * name,int netId)7124 Result<ScopedAddrinfo> android_getaddrinfofornet_wrapper(const char* name, int netId) {
7125 // Use the same parameter as libcore/ojluni/src/main/java/java/net/Inet6AddressImpl.java.
7126 static const addrinfo hints = {
7127 .ai_flags = AI_ADDRCONFIG,
7128 .ai_family = AF_UNSPEC,
7129 .ai_socktype = SOCK_STREAM,
7130 };
7131 addrinfo* result = nullptr;
7132 if (int r = android_getaddrinfofornet(name, nullptr, &hints, netId, MARK_UNSET, &result)) {
7133 return Error() << r;
7134 }
7135 return ScopedAddrinfo(result);
7136 }
7137
expectDnsWorksForUid(const char * name,unsigned netId,uid_t uid,const std::vector<std::string> & expectedResult)7138 void expectDnsWorksForUid(const char* name, unsigned netId, uid_t uid,
7139 const std::vector<std::string>& expectedResult) {
7140 ScopedChangeUID scopedChangeUID(uid);
7141 auto result = android_getaddrinfofornet_wrapper(name, netId);
7142 ASSERT_RESULT_OK(result);
7143 ScopedAddrinfo ai_result(std::move(result.value()));
7144 std::vector<std::string> result_strs = ToStrings(ai_result);
7145 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(expectedResult));
7146 }
7147
7148 } // namespace
7149
TEST_F(ResolverMultinetworkTest,GetAddrInfo_AI_ADDRCONFIG)7150 TEST_F(ResolverMultinetworkTest, GetAddrInfo_AI_ADDRCONFIG) {
7151 constexpr char host_name[] = "ohayou.example.com.";
7152
7153 const std::array<ConnectivityType, 3> allTypes = {
7154 ConnectivityType::V4,
7155 ConnectivityType::V6,
7156 ConnectivityType::V4V6,
7157 };
7158 for (const auto& type : allTypes) {
7159 SCOPED_TRACE(fmt::format("ConnectivityType: {}", type));
7160
7161 // Create a network.
7162 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(type);
7163 ASSERT_RESULT_OK(network.init());
7164
7165 // Add a testing DNS server.
7166 const Result<DnsServerPair> dnsPair =
7167 (type == ConnectivityType::V4) ? network.addIpv4Dns() : network.addIpv6Dns();
7168 ASSERT_RESULT_OK(dnsPair);
7169 StartDns(*dnsPair->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"},
7170 {host_name, ns_type::ns_t_aaaa, "2001:db8:cafe:d00d::31"}});
7171
7172 // Set up resolver and start forwarding.
7173 ASSERT_TRUE(network.setDnsConfiguration());
7174 ASSERT_TRUE(network.startTunForwarder());
7175
7176 auto result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7177 ASSERT_RESULT_OK(result);
7178 ScopedAddrinfo ai_result(std::move(result.value()));
7179 std::vector<std::string> result_strs = ToStrings(ai_result);
7180 std::vector<std::string> expectedResult;
7181 size_t expectedQueries = 0;
7182
7183 if (type == ConnectivityType::V6 || type == ConnectivityType::V4V6) {
7184 expectedResult.emplace_back("2001:db8:cafe:d00d::31");
7185 expectedQueries++;
7186 }
7187 if (type == ConnectivityType::V4 || type == ConnectivityType::V4V6) {
7188 expectedResult.emplace_back("192.0.2.0");
7189 expectedQueries++;
7190 }
7191 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(expectedResult));
7192 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), expectedQueries);
7193 }
7194 }
7195
TEST_F(ResolverMultinetworkTest,NetworkDestroyedDuringQueryInFlight)7196 TEST_F(ResolverMultinetworkTest, NetworkDestroyedDuringQueryInFlight) {
7197 constexpr char host_name[] = "ohayou.example.com.";
7198
7199 // Create a network and add an ipv4 DNS server.
7200 auto network = std::make_unique<ScopedPhysicalNetwork>(getFreeNetId(), ConnectivityType::V4V6,
7201 mDnsClient.netdService(),
7202 mDnsClient.resolvService());
7203 ASSERT_RESULT_OK(network->init());
7204 const Result<DnsServerPair> dnsPair = network->addIpv4Dns();
7205 ASSERT_RESULT_OK(dnsPair);
7206
7207 // Set the DNS server unresponsive.
7208 dnsPair->dnsServer->setResponseProbability(0.0);
7209 dnsPair->dnsServer->setErrorRcode(static_cast<ns_rcode>(-1));
7210 StartDns(*dnsPair->dnsServer, {});
7211
7212 // Set up resolver and start forwarding.
7213 ASSERT_TRUE(network->setDnsConfiguration());
7214 ASSERT_TRUE(network->startTunForwarder());
7215
7216 // Expect the things happening in order:
7217 // 1. The thread sends the query to the dns server which is unresponsive.
7218 // 2. The network is destroyed while the thread is waiting for the response from the dns server.
7219 // 3. After the dns server timeout, the thread retries but fails to connect.
7220 std::thread lookup([&]() {
7221 int fd = resNetworkQuery(network->netId(), host_name, ns_c_in, ns_t_a, 0);
7222 EXPECT_TRUE(fd != -1);
7223 expectAnswersNotValid(fd, -ETIMEDOUT);
7224 });
7225
7226 // Tear down the network as soon as the dns server receives the query.
7227 const auto condition = [&]() { return GetNumQueries(*dnsPair->dnsServer, host_name) == 1U; };
7228 EXPECT_TRUE(PollForCondition(condition));
7229 network.reset();
7230
7231 lookup.join();
7232 }
7233
TEST_F(ResolverMultinetworkTest,OneCachePerNetwork)7234 TEST_F(ResolverMultinetworkTest, OneCachePerNetwork) {
7235 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
7236 constexpr char host_name[] = "ohayou.example.com.";
7237
7238 ScopedPhysicalNetwork network1 = CreateScopedPhysicalNetwork(ConnectivityType::V4V6);
7239 ScopedPhysicalNetwork network2 = CreateScopedPhysicalNetwork(ConnectivityType::V4V6);
7240 ASSERT_RESULT_OK(network1.init());
7241 ASSERT_RESULT_OK(network2.init());
7242
7243 const Result<DnsServerPair> dnsPair1 = network1.addIpv4Dns();
7244 const Result<DnsServerPair> dnsPair2 = network2.addIpv4Dns();
7245 ASSERT_RESULT_OK(dnsPair1);
7246 ASSERT_RESULT_OK(dnsPair2);
7247 StartDns(*dnsPair1->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"}});
7248 StartDns(*dnsPair2->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.1"}});
7249
7250 // Set up resolver for network 1 and start forwarding.
7251 ASSERT_TRUE(network1.setDnsConfiguration());
7252 ASSERT_TRUE(network1.startTunForwarder());
7253
7254 // Set up resolver for network 2 and start forwarding.
7255 ASSERT_TRUE(network2.setDnsConfiguration());
7256 ASSERT_TRUE(network2.startTunForwarder());
7257
7258 // Send the same queries to both networks.
7259 int fd1 = resNetworkQuery(network1.netId(), host_name, ns_c_in, ns_t_a, 0);
7260 int fd2 = resNetworkQuery(network2.netId(), host_name, ns_c_in, ns_t_a, 0);
7261
7262 expectAnswersValid(fd1, AF_INET, "192.0.2.0");
7263 expectAnswersValid(fd2, AF_INET, "192.0.2.1");
7264 EXPECT_EQ(GetNumQueries(*dnsPair1->dnsServer, host_name), 1U);
7265 EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);
7266
7267 // Flush the cache of network 1, and send the queries again.
7268 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(network1.netId()).isOk());
7269 fd1 = resNetworkQuery(network1.netId(), host_name, ns_c_in, ns_t_a, 0);
7270 fd2 = resNetworkQuery(network2.netId(), host_name, ns_c_in, ns_t_a, 0);
7271
7272 expectAnswersValid(fd1, AF_INET, "192.0.2.0");
7273 expectAnswersValid(fd2, AF_INET, "192.0.2.1");
7274 EXPECT_EQ(GetNumQueries(*dnsPair1->dnsServer, host_name), 2U);
7275 EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);
7276 }
7277
7278 // TODO(b/219434602): find an alternative way to block DNS packets on T+.
TEST_F(ResolverMultinetworkTest,DnsWithVpn)7279 TEST_F(ResolverMultinetworkTest, DnsWithVpn) {
7280 if (android::modules::sdklevel::IsAtLeastT()) GTEST_SKIP() << "T+ device.";
7281 SKIP_IF_BPF_NOT_SUPPORTED;
7282 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
7283 constexpr char host_name[] = "ohayou.example.com.";
7284 constexpr char ipv4_addr[] = "192.0.2.0";
7285 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7286
7287 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7288 {ConnectivityType::V4, {ipv4_addr}},
7289 {ConnectivityType::V6, {ipv6_addr}},
7290 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7291 };
7292 for (const auto& [type, result] : testPairs) {
7293 SCOPED_TRACE(fmt::format("ConnectivityType: {}", type));
7294
7295 // Create a network.
7296 ScopedPhysicalNetwork underlyingNetwork = CreateScopedPhysicalNetwork(type, "Underlying");
7297 ScopedVirtualNetwork bypassableVpnNetwork =
7298 CreateScopedVirtualNetwork(type, false, "BypassableVpn");
7299 ScopedVirtualNetwork secureVpnNetwork = CreateScopedVirtualNetwork(type, true, "SecureVpn");
7300
7301 ASSERT_RESULT_OK(underlyingNetwork.init());
7302 ASSERT_RESULT_OK(bypassableVpnNetwork.init());
7303 ASSERT_RESULT_OK(secureVpnNetwork.init());
7304 ASSERT_RESULT_OK(bypassableVpnNetwork.addUser(TEST_UID));
7305 ASSERT_RESULT_OK(secureVpnNetwork.addUser(TEST_UID2));
7306
7307 // Set up resolver and start forwarding for networks.
7308 auto underlyingNwDnsSv =
7309 setupDns(type, &underlyingNetwork, host_name, ipv4_addr, ipv6_addr);
7310 ASSERT_RESULT_OK(underlyingNwDnsSv);
7311 auto bypassableVpnDnsSv =
7312 setupDns(type, &bypassableVpnNetwork, host_name, ipv4_addr, ipv6_addr);
7313 ASSERT_RESULT_OK(bypassableVpnDnsSv);
7314 auto secureVpnDnsSv = setupDns(type, &secureVpnNetwork, host_name, ipv4_addr, ipv6_addr);
7315 ASSERT_RESULT_OK(secureVpnDnsSv);
7316
7317 setDefaultNetwork(underlyingNetwork.netId());
7318 const unsigned underlyingNetId = underlyingNetwork.netId();
7319 const unsigned bypassableVpnNetId = bypassableVpnNetwork.netId();
7320 const unsigned secureVpnNetId = secureVpnNetwork.netId();
7321 // We've called setNetworkForProcess in SetupOemNetwork, so reset to default first.
7322 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7323
7324 // Create a object to represent default network, do not init it.
7325 ScopedPhysicalNetwork defaultNetwork{NETID_UNSET, "Default"};
7326
7327 // Test VPN with DNS server under 4 different network selection scenarios.
7328 // See the test config for the expectation.
7329 const struct TestConfig {
7330 ScopedNetwork* selectedNetwork;
7331 unsigned expectedDnsNetId;
7332 std::shared_ptr<test::DNSResponder> expectedDnsServer;
7333 } vpnWithDnsServerConfigs[]{
7334 // clang-format off
7335 // Queries use the bypassable VPN by default.
7336 {&defaultNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7337 // Choosing the underlying network works because the VPN is bypassable.
7338 {&underlyingNetwork, underlyingNetId, *underlyingNwDnsSv},
7339 // Selecting the VPN sends the query on the VPN.
7340 {&bypassableVpnNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7341 // TEST_UID does not have access to the secure VPN.
7342 {&secureVpnNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7343 // clang-format on
7344 };
7345 for (const auto& config : vpnWithDnsServerConfigs) {
7346 SCOPED_TRACE(fmt::format("Bypassble VPN with DnsServer, selectedNetwork = {}",
7347 config.selectedNetwork->name()));
7348 expectDnsWorksForUid(host_name, config.selectedNetwork->netId(), TEST_UID, result);
7349 expectDnsQueryCountsFn(config.expectedDnsServer, host_name, result.size(),
7350 config.expectedDnsNetId);
7351 }
7352
7353 std::vector<ScopedNetwork*> nwVec{&defaultNetwork, &underlyingNetwork,
7354 &bypassableVpnNetwork, &secureVpnNetwork};
7355 // Test the VPN without DNS server with the same combination as before.
7356 ASSERT_TRUE(bypassableVpnNetwork.clearDnsConfiguration());
7357 // Test bypassable VPN, TEST_UID
7358 for (const auto* selectedNetwork : nwVec) {
7359 SCOPED_TRACE(fmt::format("Bypassble VPN without DnsServer, selectedNetwork = {}",
7360 selectedNetwork->name()));
7361 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID, result);
7362 expectDnsQueryCountsFn(*underlyingNwDnsSv, host_name, result.size(), underlyingNetId);
7363 }
7364
7365 // The same test scenario as before plus enableVpnIsolation for secure VPN, TEST_UID2.
7366 for (bool enableVpnIsolation : {false, true}) {
7367 SCOPED_TRACE(fmt::format("enableVpnIsolation = {}", enableVpnIsolation));
7368 if (enableVpnIsolation) {
7369 EXPECT_RESULT_OK(secureVpnNetwork.enableVpnIsolation(TEST_UID2));
7370 }
7371
7372 // Test secure VPN without DNS server.
7373 ASSERT_TRUE(secureVpnNetwork.clearDnsConfiguration());
7374 for (const auto* selectedNetwork : nwVec) {
7375 SCOPED_TRACE(fmt::format("Secure VPN without DnsServer, selectedNetwork = {}",
7376 selectedNetwork->name()));
7377 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID2, result);
7378 expectDnsQueryCountsFn(*underlyingNwDnsSv, host_name, result.size(),
7379 underlyingNetId);
7380 }
7381
7382 // Test secure VPN with DNS server.
7383 ASSERT_TRUE(secureVpnNetwork.setDnsConfiguration());
7384 for (const auto* selectedNetwork : nwVec) {
7385 SCOPED_TRACE(fmt::format("Secure VPN with DnsServer, selectedNetwork = {}",
7386 selectedNetwork->name()));
7387 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID2, result);
7388 expectDnsQueryCountsFn(*secureVpnDnsSv, host_name, result.size(), secureVpnNetId);
7389 }
7390
7391 if (enableVpnIsolation) {
7392 EXPECT_RESULT_OK(secureVpnNetwork.disableVpnIsolation(TEST_UID2));
7393 }
7394 }
7395 }
7396 }
7397
7398 // verify per-application default network selection on DNS.
TEST_F(ResolverMultinetworkTest,PerAppDefaultNetwork)7399 TEST_F(ResolverMultinetworkTest, PerAppDefaultNetwork) {
7400 // Netd supports uid ranges on physical network from v6.
7401 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.netdService(), 6);
7402
7403 constexpr char host_name[] = "ohayou.example.com.";
7404 constexpr char ipv4_addr[] = "192.0.2.0";
7405 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7406
7407 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7408 {ConnectivityType::V4, {ipv4_addr}},
7409 {ConnectivityType::V6, {ipv6_addr}},
7410 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7411 };
7412 for (const auto& [ipVersion, expectedDnsReply] : testPairs) {
7413 SCOPED_TRACE(fmt::format("ConnectivityType: {}", ipVersion));
7414
7415 // Create networks.
7416 ScopedPhysicalNetwork sysDefaultNetwork =
7417 CreateScopedPhysicalNetwork(ipVersion, "SysDefault");
7418 ScopedPhysicalNetwork appDefaultNetwork =
7419 CreateScopedPhysicalNetwork(ipVersion, "AppDefault");
7420 ScopedVirtualNetwork vpn = CreateScopedVirtualNetwork(ipVersion, false, "Vpn");
7421
7422 ASSERT_RESULT_OK(sysDefaultNetwork.init());
7423 ASSERT_RESULT_OK(appDefaultNetwork.init());
7424 ASSERT_RESULT_OK(vpn.init());
7425
7426 // Set up resolver and start forwarding for networks.
7427 auto sysDefaultNwDnsSv =
7428 setupDns(ipVersion, &sysDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7429 ASSERT_RESULT_OK(sysDefaultNwDnsSv);
7430 auto appDefaultNwDnsSv =
7431 setupDns(ipVersion, &appDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7432 ASSERT_RESULT_OK(appDefaultNwDnsSv);
7433 auto vpnDnsSv = setupDns(ipVersion, &vpn, host_name, ipv4_addr, ipv6_addr);
7434 ASSERT_RESULT_OK(vpnDnsSv);
7435
7436 const unsigned systemDefaultNetId = sysDefaultNetwork.netId();
7437 const unsigned appDefaultNetId = appDefaultNetwork.netId();
7438 const unsigned vpnNetId = vpn.netId();
7439
7440 setDefaultNetwork(systemDefaultNetId);
7441 EXPECT_TRUE(
7442 mDnsClient.netdService()
7443 ->networkSetPermissionForNetwork(appDefaultNetId, INetd::PERMISSION_SYSTEM)
7444 .isOk());
7445
7446 // We've called setNetworkForProcess in SetupOemNetwork, reset to default first.
7447 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7448
7449 // Test DNS query without selecting a network. --> use system default network.
7450 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
7451 expectDnsQueryCountsFn(*sysDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7452 systemDefaultNetId);
7453 // Add user to app default network. --> use app default network.
7454 ASSERT_RESULT_OK(appDefaultNetwork.addUser(TEST_UID));
7455 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
7456 expectDnsQueryCountsFn(*appDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7457 appDefaultNetId);
7458
7459 // Test DNS query with a selected network.
7460 // App default network applies to uid, vpn does not applies to uid.
7461 const struct TestConfig {
7462 ScopedNetwork* selectedNetwork;
7463 unsigned expectedDnsNetId;
7464 std::shared_ptr<test::DNSResponder> expectedDnsServer;
7465 } vpnWithDnsServerConfigs[]{
7466 // clang-format off
7467 // App can select the system default network without any permission.
7468 {&sysDefaultNetwork, systemDefaultNetId, *sysDefaultNwDnsSv},
7469 // App can select the restricted network, since its uid was assigned to the network.
7470 {&appDefaultNetwork, appDefaultNetId, *appDefaultNwDnsSv},
7471 // App does not have access to the VPN. --> fallback to app default network.
7472 {&vpn, appDefaultNetId, *appDefaultNwDnsSv},
7473 // clang-format on
7474 };
7475 for (const auto& config : vpnWithDnsServerConfigs) {
7476 SCOPED_TRACE(fmt::format("Dns over app default network, selectedNetwork = {}",
7477 config.selectedNetwork->name()));
7478 expectDnsWorksForUid(host_name, config.selectedNetwork->netId(), TEST_UID,
7479 expectedDnsReply);
7480 expectDnsQueryCountsFn(config.expectedDnsServer, host_name, expectedDnsReply.size(),
7481 config.expectedDnsNetId);
7482 }
7483
7484 // App default network applies to uid, vpn applies to uid. --> use vpn.
7485 ASSERT_RESULT_OK(vpn.addUser(TEST_UID));
7486 expectDnsWorksForUid(host_name, vpn.netId(), TEST_UID, expectedDnsReply);
7487 expectDnsQueryCountsFn(*vpnDnsSv, host_name, expectedDnsReply.size(), vpnNetId);
7488
7489 // vpn without server. --> fallback to app default network.
7490 ASSERT_TRUE(vpn.clearDnsConfiguration());
7491 expectDnsWorksForUid(host_name, vpn.netId(), TEST_UID, expectedDnsReply);
7492 expectDnsQueryCountsFn(*appDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7493 appDefaultNetId);
7494 }
7495 }
7496