1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 #define LOG_TAG "resolv_integration_test"
19
20 #include <android-base/logging.h>
21 #include <android-base/parseint.h>
22 #include <android-base/result.h>
23 #include <android-base/unique_fd.h>
24 #include <android/multinetwork.h> // ResNsendFlags
25 #include <arpa/inet.h>
26 #include <arpa/nameser.h>
27 #include <binder/ProcessState.h>
28 #include <cutils/sockets.h>
29 #include <gmock/gmock-matchers.h>
30 #include <gtest/gtest.h>
31 #include <netdb.h>
32 #include <netdutils/InternetAddresses.h>
33 #include <netdutils/NetNativeTestBase.h>
34 #include <netdutils/NetworkConstants.h> // SHA256_SIZE
35 #include <netdutils/ResponseCode.h>
36 #include <netdutils/Slice.h>
37 #include <netdutils/SocketOption.h>
38 #include <netdutils/Stopwatch.h>
39 #include <netinet/in.h>
40 #include <poll.h> /* poll */
41 #include <private/android_filesystem_config.h>
42 #include <resolv.h>
43 #include <stdarg.h>
44 #include <stdlib.h>
45 #include <sys/socket.h>
46 #include <sys/un.h>
47 #include <unistd.h>
48
49 #include <algorithm>
50 #include <chrono>
51 #include <iterator>
52 #include <numeric>
53 #include <string_view>
54 #include <thread>
55 #include <unordered_set>
56
57 #include <DnsProxydProtocol.h> // NETID_USE_LOCAL_NAMESERVERS
58 #include <aidl/android/net/IDnsResolver.h>
59 #include <android/binder_manager.h>
60 #include <android/binder_process.h>
61 #include <bpf/BpfUtils.h>
62 #include <util.h> // getApiLevel
63 #include "Experiments.h"
64 #include "NetdClient.h"
65 #include "ResolverStats.h"
66 #include "netid_client.h" // NETID_UNSET
67 #include "params.h" // MAXNS
68 #include "stats.h" // RCODE_TIMEOUT
69 #include "tests/dns_metrics_listener/dns_metrics_listener.h"
70 #include "tests/dns_responder/dns_responder.h"
71 #include "tests/dns_responder/dns_responder_client_ndk.h"
72 #include "tests/dns_responder/dns_tls_certificate.h"
73 #include "tests/dns_responder/dns_tls_frontend.h"
74 #include "tests/resolv_test_utils.h"
75 #include "tests/tun_forwarder.h"
76 #include "tests/unsolicited_listener/unsolicited_event_listener.h"
77
78 // This mainline module test still needs to be able to run on pre-S devices,
79 // and thus may run across pre-4.9 non-eBPF capable devices like the Pixel 2.
80 #define SKIP_IF_BPF_NOT_SUPPORTED \
81 do { \
82 if (!android::bpf::isAtLeastKernelVersion(4, 9, 0)) \
83 GTEST_SKIP() << "Skip: bpf is not supported."; \
84 } while (0)
85
86 // Valid VPN netId range is 100 ~ 65535
87 constexpr int TEST_VPN_NETID = 65502;
88 constexpr int MAXPACKET = (8 * 1024);
89
90 // Sync from packages/modules/DnsResolver/resolv_private.h
91 constexpr int RES_TIMEOUT = 5000; /* min. milliseconds between retries */
92 constexpr int RES_DFLRETRY = 2; /* Default #/tries. */
93
94 // Semi-public Bionic hook used by the NDK (frameworks/base/native/android/net.c)
95 // Tested here for convenience.
96 extern "C" int android_getaddrinfofornet(const char* hostname, const char* servname,
97 const addrinfo* hints, unsigned netid, unsigned mark,
98 struct addrinfo** result);
99
100 using namespace std::chrono_literals;
101
102 using aidl::android::net::IDnsResolver;
103 using aidl::android::net::INetd;
104 using aidl::android::net::ResolverOptionsParcel;
105 using aidl::android::net::ResolverParamsParcel;
106 using aidl::android::net::UidRangeParcel;
107 using aidl::android::net::metrics::INetdEventListener;
108 using aidl::android::net::netd::aidl::NativeUidRangeConfig;
109 using aidl::android::net::resolv::aidl::DnsHealthEventParcel;
110 using aidl::android::net::resolv::aidl::IDnsResolverUnsolicitedEventListener;
111 using aidl::android::net::resolv::aidl::Nat64PrefixEventParcel;
112 using aidl::android::net::resolv::aidl::PrivateDnsValidationEventParcel;
113 using android::base::Error;
114 using android::base::GetProperty;
115 using android::base::ParseInt;
116 using android::base::Result;
117 using android::base::unique_fd;
118 using android::net::ResolverStats;
119 using android::net::TunForwarder;
120 using android::net::metrics::DnsMetricsListener;
121 using android::net::resolv::aidl::UnsolicitedEventListener;
122 using android::netdutils::enableSockopt;
123 using android::netdutils::makeSlice;
124 using android::netdutils::ResponseCode;
125 using android::netdutils::ScopedAddrinfo;
126 using android::netdutils::Stopwatch;
127 using android::netdutils::toHex;
128
129 namespace {
130
safe_getaddrinfo_time_taken(const char * node,const char * service,const addrinfo & hints)131 std::pair<ScopedAddrinfo, int> safe_getaddrinfo_time_taken(const char* node, const char* service,
132 const addrinfo& hints) {
133 Stopwatch s;
134 ScopedAddrinfo result = safe_getaddrinfo(node, service, &hints);
135 return {std::move(result), s.timeTakenUs() / 1000};
136 }
137
138 struct NameserverStats {
139 NameserverStats() = delete;
NameserverStats__anon342dd5100111::NameserverStats140 NameserverStats(const std::string server) : server(server) {}
setSuccesses__anon342dd5100111::NameserverStats141 NameserverStats& setSuccesses(int val) {
142 successes = val;
143 return *this;
144 }
setErrors__anon342dd5100111::NameserverStats145 NameserverStats& setErrors(int val) {
146 errors = val;
147 return *this;
148 }
setTimeouts__anon342dd5100111::NameserverStats149 NameserverStats& setTimeouts(int val) {
150 timeouts = val;
151 return *this;
152 }
setInternalErrors__anon342dd5100111::NameserverStats153 NameserverStats& setInternalErrors(int val) {
154 internal_errors = val;
155 return *this;
156 }
setRttAvg__anon342dd5100111::NameserverStats157 NameserverStats& setRttAvg(int val) {
158 rtt_avg = val;
159 return *this;
160 }
161
162 const std::string server;
163 int successes = 0;
164 int errors = 0;
165 int timeouts = 0;
166 int internal_errors = 0;
167 int rtt_avg = -1;
168 };
169
170 const bool isAtLeastR = (getApiLevel() >= 30);
171
172 #define SKIP_IF_KERNEL_VERSION_LOWER_THAN(major, minor, sub) \
173 do { \
174 if (!android::bpf::isAtLeastKernelVersion(major, minor, sub)) \
175 GTEST_SKIP() << "Required kernel: " << (major) << "." << (minor) << "." << (sub); \
176 } while (0)
177
178 } // namespace
179
180 class ResolverTest : public NetNativeTestBase {
181 public:
SetUpTestSuite()182 static void SetUpTestSuite() {
183 // Get binder service.
184 // Note that |mDnsClient| is not used for getting binder service in this static function.
185 // The reason is that wants to keep |mDnsClient| as a non-static data member. |mDnsClient|
186 // which sets up device network configuration could be independent from every test.
187 // TODO: Perhaps add a static function in resolv_test_binder_utils.{cpp,h} to get binder
188 // service.
189
190 AIBinder* binder = AServiceManager_getService("dnsresolver");
191 sResolvBinder = ndk::SpAIBinder(binder);
192 auto resolvService = aidl::android::net::IDnsResolver::fromBinder(sResolvBinder);
193 ASSERT_NE(nullptr, resolvService.get());
194
195 // Subscribe the death recipient to the service IDnsResolver for detecting Netd death.
196 // GTEST assertion macros are not invoked for generating a test failure in the death
197 // recipient because the macros can't indicate failed test if Netd died between tests.
198 // Moreover, continuing testing may have no meaningful after Netd death. Therefore, the
199 // death recipient aborts process by GTEST_LOG_(FATAL) once Netd died.
200 sResolvDeathRecipient = AIBinder_DeathRecipient_new([](void*) {
201 constexpr char errorMessage[] = "Netd died";
202 LOG(ERROR) << errorMessage;
203 GTEST_LOG_(FATAL) << errorMessage;
204 });
205 ASSERT_EQ(STATUS_OK, AIBinder_linkToDeath(binder, sResolvDeathRecipient, nullptr));
206
207 // Subscribe the DNS listener for verifying DNS metrics event contents.
208 sDnsMetricsListener = ndk::SharedRefBase::make<DnsMetricsListener>(
209 TEST_NETID /*monitor specific network*/);
210 ASSERT_TRUE(resolvService->registerEventListener(sDnsMetricsListener).isOk());
211
212 // Subscribe the unsolicited event listener for verifying unsolicited event contents.
213 sUnsolicitedEventListener = ndk::SharedRefBase::make<UnsolicitedEventListener>(
214 TEST_NETID /*monitor specific network*/);
215 ASSERT_TRUE(
216 resolvService->registerUnsolicitedEventListener(sUnsolicitedEventListener).isOk());
217
218 // Start the binder thread pool for listening DNS metrics events and receiving death
219 // recipient.
220 ABinderProcess_startThreadPool();
221 }
TearDownTestSuite()222 static void TearDownTestSuite() { AIBinder_DeathRecipient_delete(sResolvDeathRecipient); }
223
224 protected:
SetUp()225 void SetUp() {
226 mDnsClient.SetUp();
227 sDnsMetricsListener->reset();
228 sUnsolicitedEventListener->reset();
229 SetMdnsRoute();
230 mIsResolverOptionIPCSupported =
231 DnsResponderClient::isRemoteVersionSupported(mDnsClient.resolvService(), 9);
232 }
233
TearDown()234 void TearDown() {
235 // Ensure the dump works at the end of each test.
236 DumpResolverService();
237 RemoveMdnsRoute();
238 mDnsClient.TearDown();
239 }
240
resetNetwork()241 void resetNetwork() {
242 EXPECT_EQ(mDnsClient.TearDownOemNetwork(TEST_NETID), 0);
243 EXPECT_EQ(mDnsClient.SetupOemNetwork(TEST_NETID), 0);
244 }
245
StartDns(test::DNSResponder & dns,const std::vector<DnsRecord> & records)246 void StartDns(test::DNSResponder& dns, const std::vector<DnsRecord>& records) {
247 for (const auto& r : records) {
248 dns.addMapping(r.host_name, r.type, r.addr);
249 }
250
251 ASSERT_TRUE(dns.startServer());
252 dns.clearQueries();
253 }
254
DumpResolverService()255 void DumpResolverService() {
256 unique_fd fd(open("/dev/null", O_WRONLY));
257 EXPECT_EQ(mDnsClient.resolvService()->dump(fd, nullptr, 0), 0);
258
259 const char* querylogCmd[] = {"querylog"}; // Keep it sync with DnsQueryLog::DUMP_KEYWORD.
260 EXPECT_EQ(mDnsClient.resolvService()->dump(fd, querylogCmd, std::size(querylogCmd)), 0);
261 }
262
WaitForNat64Prefix(ExpectNat64PrefixStatus status,std::chrono::milliseconds timeout=std::chrono::milliseconds (1000))263 bool WaitForNat64Prefix(ExpectNat64PrefixStatus status,
264 std::chrono::milliseconds timeout = std::chrono::milliseconds(1000)) {
265 return sDnsMetricsListener->waitForNat64Prefix(status, timeout) &&
266 sUnsolicitedEventListener->waitForNat64Prefix(
267 status == EXPECT_FOUND
268 ? IDnsResolverUnsolicitedEventListener::PREFIX_OPERATION_ADDED
269 : IDnsResolverUnsolicitedEventListener::PREFIX_OPERATION_REMOVED,
270 timeout);
271 }
272
WaitForPrivateDnsValidation(std::string serverAddr,bool validated)273 bool WaitForPrivateDnsValidation(std::string serverAddr, bool validated) {
274 return sDnsMetricsListener->waitForPrivateDnsValidation(serverAddr, validated) &&
275 sUnsolicitedEventListener->waitForPrivateDnsValidation(
276 serverAddr,
277 validated ? IDnsResolverUnsolicitedEventListener::VALIDATION_RESULT_SUCCESS
278 : IDnsResolverUnsolicitedEventListener::VALIDATION_RESULT_FAILURE,
279 IDnsResolverUnsolicitedEventListener::PROTOCOL_DOT);
280 }
281
hasUncaughtPrivateDnsValidation(const std::string & serverAddr)282 bool hasUncaughtPrivateDnsValidation(const std::string& serverAddr) {
283 return sDnsMetricsListener->findValidationRecord(serverAddr) &&
284 sUnsolicitedEventListener->findValidationRecord(
285 serverAddr, IDnsResolverUnsolicitedEventListener::PROTOCOL_DOT);
286 }
287
ExpectDnsEvent(int32_t eventType,int32_t returnCode,const std::string & hostname,const std::vector<std::string> & ipAddresses)288 void ExpectDnsEvent(int32_t eventType, int32_t returnCode, const std::string& hostname,
289 const std::vector<std::string>& ipAddresses) {
290 const DnsMetricsListener::DnsEvent expect = {
291 TEST_NETID, eventType, returnCode,
292 hostname, ipAddresses, static_cast<int32_t>(ipAddresses.size())};
293 do {
294 // Blocking call until timeout.
295 const auto dnsEvent = sDnsMetricsListener->popDnsEvent();
296 ASSERT_TRUE(dnsEvent.has_value()) << "Expected DnsEvent " << expect;
297 if (dnsEvent.value() == expect) break;
298 LOG(INFO) << "Skip unexpected DnsEvent: " << dnsEvent.value();
299 } while (true);
300
301 while (returnCode == 0 || returnCode == RCODE_TIMEOUT) {
302 // Blocking call until timeout.
303 Result<int> result = sUnsolicitedEventListener->popDnsHealthResult();
304 ASSERT_TRUE(result.ok()) << "Expected dns health result is " << returnCode;
305 if ((returnCode == 0 &&
306 result.value() == IDnsResolverUnsolicitedEventListener::DNS_HEALTH_RESULT_OK) ||
307 (returnCode == RCODE_TIMEOUT &&
308 result.value() ==
309 IDnsResolverUnsolicitedEventListener::DNS_HEALTH_RESULT_TIMEOUT)) {
310 break;
311 }
312 LOG(INFO) << "Skip unexpected dns health result:" << result.value();
313 }
314 }
315
316 enum class StatsCmp { LE, EQ };
317
expectStatsNotGreaterThan(const std::vector<NameserverStats> & nameserversStats)318 bool expectStatsNotGreaterThan(const std::vector<NameserverStats>& nameserversStats) {
319 return expectStatsFromGetResolverInfo(nameserversStats, StatsCmp::LE);
320 }
321
expectStatsEqualTo(const std::vector<NameserverStats> & nameserversStats)322 bool expectStatsEqualTo(const std::vector<NameserverStats>& nameserversStats) {
323 return expectStatsFromGetResolverInfo(nameserversStats, StatsCmp::EQ);
324 }
325
expectStatsFromGetResolverInfo(const std::vector<NameserverStats> & nameserversStats,const StatsCmp cmp)326 bool expectStatsFromGetResolverInfo(const std::vector<NameserverStats>& nameserversStats,
327 const StatsCmp cmp) {
328 constexpr int RTT_TOLERANCE_MS = 200;
329 const auto resolvInfo = mDnsClient.getResolverInfo();
330 if (!resolvInfo.ok()) {
331 ADD_FAILURE() << resolvInfo.error().message();
332 return false;
333 }
334 const std::vector<std::string>& res_servers = resolvInfo.value().dnsServers;
335 const std::vector<ResolverStats>& res_stats = resolvInfo.value().stats;
336
337 if (res_servers.size() != res_stats.size()) {
338 ADD_FAILURE() << fmt::format("res_servers.size() != res_stats.size(): {} != {}",
339 res_servers.size(), res_stats.size());
340 return false;
341 }
342 if (res_servers.size() != nameserversStats.size()) {
343 ADD_FAILURE() << fmt::format("res_servers.size() != nameserversStats.size(): {} != {}",
344 res_servers.size(), nameserversStats.size());
345 return false;
346 }
347
348 for (const auto& stats : nameserversStats) {
349 SCOPED_TRACE(stats.server);
350 const auto it = std::find(res_servers.begin(), res_servers.end(), stats.server);
351 if (it == res_servers.end()) {
352 ADD_FAILURE() << fmt::format("nameserver {} not found in the list {{{}}}",
353 stats.server, fmt::join(res_servers, ", "));
354 return false;
355 }
356 const int index = std::distance(res_servers.begin(), it);
357
358 // The check excludes last_sample_time and usable since they will be obsolete
359 // after |res_stats| is retrieved from NetConfig.dnsStats rather than NetConfig.nsstats.
360 switch (cmp) {
361 case StatsCmp::EQ:
362 EXPECT_EQ(res_stats[index].successes, stats.successes);
363 EXPECT_EQ(res_stats[index].errors, stats.errors);
364 EXPECT_EQ(res_stats[index].timeouts, stats.timeouts);
365 EXPECT_EQ(res_stats[index].internal_errors, stats.internal_errors);
366 // A negative rtt_avg means that there is no effective rtt in the
367 // stats. The value should be deterministic.
368 // See android_net_res_stats_aggregate() for mor details.
369 if (res_stats[index].rtt_avg < 0 || stats.rtt_avg < 0) {
370 EXPECT_EQ(res_stats[index].rtt_avg, stats.rtt_avg);
371 } else {
372 EXPECT_NEAR(res_stats[index].rtt_avg, stats.rtt_avg, RTT_TOLERANCE_MS);
373 }
374 break;
375 case StatsCmp::LE:
376 EXPECT_LE(res_stats[index].successes, stats.successes);
377 EXPECT_LE(res_stats[index].errors, stats.errors);
378 EXPECT_LE(res_stats[index].timeouts, stats.timeouts);
379 EXPECT_LE(res_stats[index].internal_errors, stats.internal_errors);
380 EXPECT_LE(res_stats[index].rtt_avg, stats.rtt_avg + RTT_TOLERANCE_MS);
381 break;
382 default:
383 ADD_FAILURE() << "Unknown comparator " << static_cast<int>(cmp);
384 return false;
385 }
386 }
387
388 return true;
389 }
390
391 // Since there's no way to terminate private DNS validation threads at any time. Tests that
392 // focus on the results of private DNS validation can interfere with each other if they use the
393 // same IP address for test servers. getUniqueIPv4Address() is a workaround to reduce the
394 // possibility of tests being flaky. A feasible solution is to forbid the validation threads,
395 // which are considered as outdated (e.g. switch the resolver to private DNS OFF mode), updating
396 // the result to the PrivateDnsConfiguration instance.
getUniqueIPv4Address()397 static std::string getUniqueIPv4Address() {
398 static int counter = 0;
399 return fmt::format("127.0.100.{}", (++counter & 0xff));
400 }
401
402 DnsResponderClient mDnsClient;
403
404 bool mIsResolverOptionIPCSupported = false;
405
406 // Use a shared static DNS listener for all tests to avoid registering lots of listeners
407 // which may be released late until process terminated. Currently, registered DNS listener
408 // is removed by binder death notification which is fired when the process hosting an
409 // IBinder has gone away. If every test in ResolverTest registers its DNS listener, Netd
410 // may temporarily hold lots of dead listeners until the unit test process terminates.
411 // TODO: Perhaps add an unregistering listener binder call or fork a listener process which
412 // could be terminated earlier.
413 static std::shared_ptr<DnsMetricsListener>
414 sDnsMetricsListener; // Initialized in SetUpTestSuite.
415
416 inline static std::shared_ptr<UnsolicitedEventListener>
417 sUnsolicitedEventListener; // Initialized in SetUpTestSuite.
418
419 // Use a shared static death recipient to monitor the service death. The static death
420 // recipient could monitor the death not only during the test but also between tests.
421 static AIBinder_DeathRecipient* sResolvDeathRecipient; // Initialized in SetUpTestSuite.
422
423 // The linked AIBinder_DeathRecipient will be automatically unlinked if the binder is deleted.
424 // The binder needs to be retained throughout tests.
425 static ndk::SpAIBinder sResolvBinder;
426 };
427
428 // Initialize static member of class.
429 std::shared_ptr<DnsMetricsListener> ResolverTest::sDnsMetricsListener;
430 AIBinder_DeathRecipient* ResolverTest::sResolvDeathRecipient;
431 ndk::SpAIBinder ResolverTest::sResolvBinder;
432
TEST_F(ResolverTest,GetHostByName)433 TEST_F(ResolverTest, GetHostByName) {
434 constexpr char nonexistent_host_name[] = "nonexistent.example.com.";
435
436 test::DNSResponder dns;
437 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.3"}});
438 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
439
440 const hostent* result;
441 result = gethostbyname("nonexistent");
442 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
443 ASSERT_TRUE(result == nullptr);
444 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
445
446 dns.clearQueries();
447 result = gethostbyname("hello");
448 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
449 ASSERT_FALSE(result == nullptr);
450 ASSERT_EQ(4, result->h_length);
451 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
452 EXPECT_EQ("1.2.3.3", ToString(result));
453 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
454 }
455
TEST_F(ResolverTest,GetHostByName_NULL)456 TEST_F(ResolverTest, GetHostByName_NULL) {
457 // Most libc implementations would just crash on gethostbyname(NULL). Instead, Bionic
458 // serializes the null argument over dnsproxyd, causing the server-side to crash!
459 // This is a regression test.
460 const char* const testcases[] = {nullptr, "", "^"};
461 for (const char* name : testcases) {
462 SCOPED_TRACE(fmt::format("gethostbyname({})", name ? name : "NULL"));
463 const hostent* result = gethostbyname(name);
464 EXPECT_TRUE(result == nullptr);
465 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
466 }
467 }
468
TEST_F(ResolverTest,GetHostByName_cnames)469 TEST_F(ResolverTest, GetHostByName_cnames) {
470 constexpr char host_name[] = "host.example.com.";
471 size_t cnamecount = 0;
472 test::DNSResponder dns;
473
474 const std::vector<DnsRecord> records = {
475 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
476 {"a.example.com.", ns_type::ns_t_cname, "b.example.com."},
477 {"b.example.com.", ns_type::ns_t_cname, "c.example.com."},
478 {"c.example.com.", ns_type::ns_t_cname, "d.example.com."},
479 {"d.example.com.", ns_type::ns_t_cname, "e.example.com."},
480 {"e.example.com.", ns_type::ns_t_cname, host_name},
481 {host_name, ns_type::ns_t_a, "1.2.3.3"},
482 {host_name, ns_type::ns_t_aaaa, "2001:db8::42"},
483 };
484 StartDns(dns, records);
485 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
486
487 // using gethostbyname2() to resolve ipv4 hello.example.com. to 1.2.3.3
488 // Ensure the v4 address and cnames are correct
489 const hostent* result;
490 result = gethostbyname2("hello", AF_INET);
491 ASSERT_FALSE(result == nullptr);
492
493 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
494 std::string domain_name = records[i].host_name.substr(0, records[i].host_name.size() - 1);
495 EXPECT_EQ(result->h_aliases[i], domain_name);
496 cnamecount++;
497 }
498 // The size of "Non-cname type" record in DNS records is 2
499 ASSERT_EQ(cnamecount, records.size() - 2);
500 ASSERT_EQ(4, result->h_length);
501 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
502 EXPECT_EQ("1.2.3.3", ToString(result));
503 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
504 EXPECT_EQ(1U, dns.queries().size()) << dns.dumpQueries();
505
506 // using gethostbyname2() to resolve ipv6 hello.example.com. to 2001:db8::42
507 // Ensure the v6 address and cnames are correct
508 cnamecount = 0;
509 dns.clearQueries();
510 result = gethostbyname2("hello", AF_INET6);
511 for (unsigned i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
512 std::string domain_name = records[i].host_name.substr(0, records[i].host_name.size() - 1);
513 EXPECT_EQ(result->h_aliases[i], domain_name);
514 cnamecount++;
515 }
516 // The size of "Non-cname type" DNS record in records is 2
517 ASSERT_EQ(cnamecount, records.size() - 2);
518 ASSERT_FALSE(result == nullptr);
519 ASSERT_EQ(16, result->h_length);
520 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
521 EXPECT_EQ("2001:db8::42", ToString(result));
522 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
523 }
524
TEST_F(ResolverTest,GetHostByName_cnamesInfiniteLoop)525 TEST_F(ResolverTest, GetHostByName_cnamesInfiniteLoop) {
526 test::DNSResponder dns;
527 const std::vector<DnsRecord> records = {
528 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
529 {"a.example.com.", ns_type::ns_t_cname, kHelloExampleCom},
530 };
531 StartDns(dns, records);
532 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
533
534 const hostent* result;
535 result = gethostbyname2("hello", AF_INET);
536 ASSERT_TRUE(result == nullptr);
537
538 dns.clearQueries();
539 result = gethostbyname2("hello", AF_INET6);
540 ASSERT_TRUE(result == nullptr);
541 }
542
TEST_F(ResolverTest,GetHostByName_localhost)543 TEST_F(ResolverTest, GetHostByName_localhost) {
544 constexpr char name_camelcase[] = "LocalHost";
545 constexpr char name_ip6_dot[] = "ip6-localhost.";
546 constexpr char name_ip6_fqdn[] = "ip6-localhost.example.com.";
547
548 // Add a no-op nameserver which shouldn't receive any queries
549 test::DNSResponder dns;
550 StartDns(dns, {});
551 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
552
553 // Expect no DNS queries; localhost is resolved via /etc/hosts
554 const hostent* result = gethostbyname(kLocalHost);
555 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
556 ASSERT_FALSE(result == nullptr);
557 ASSERT_EQ(4, result->h_length);
558 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
559 EXPECT_EQ(kLocalHostAddr, ToString(result));
560 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
561
562 // Ensure the hosts file resolver ignores case of hostnames
563 result = gethostbyname(name_camelcase);
564 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
565 ASSERT_FALSE(result == nullptr);
566 ASSERT_EQ(4, result->h_length);
567 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
568 EXPECT_EQ(kLocalHostAddr, ToString(result));
569 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
570
571 // The hosts file also contains ip6-localhost, but gethostbyname() won't
572 // return it. This would be easy to
573 // change, but there's no point in changing the legacy behavior; new code
574 // should be calling getaddrinfo() anyway.
575 // So we check the legacy behavior, which results in amusing A-record
576 // lookups for ip6-localhost, with and without search domains appended.
577 dns.clearQueries();
578 result = gethostbyname(kIp6LocalHost);
579 EXPECT_EQ(2U, dns.queries().size()) << dns.dumpQueries();
580 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_dot)) << dns.dumpQueries();
581 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_fqdn)) << dns.dumpQueries();
582 ASSERT_TRUE(result == nullptr);
583
584 // Finally, use gethostbyname2() to resolve ip6-localhost to ::1 from
585 // the hosts file.
586 dns.clearQueries();
587 result = gethostbyname2(kIp6LocalHost, AF_INET6);
588 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
589 ASSERT_FALSE(result == nullptr);
590 ASSERT_EQ(16, result->h_length);
591 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
592 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
593 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
594 }
595
TEST_F(ResolverTest,GetHostByName_numeric)596 TEST_F(ResolverTest, GetHostByName_numeric) {
597 // Add a no-op nameserver which shouldn't receive any queries
598 test::DNSResponder dns;
599 StartDns(dns, {});
600 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
601
602 // Numeric v4 address: expect no DNS queries
603 constexpr char numeric_v4[] = "192.168.0.1";
604 const hostent* result = gethostbyname(numeric_v4);
605 EXPECT_EQ(0U, dns.queries().size());
606 ASSERT_FALSE(result == nullptr);
607 ASSERT_EQ(4, result->h_length); // v4
608 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
609 EXPECT_EQ(numeric_v4, ToString(result));
610 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
611
612 // gethostbyname() recognizes a v6 address, and fails with no DNS queries
613 constexpr char numeric_v6[] = "2001:db8::42";
614 dns.clearQueries();
615 result = gethostbyname(numeric_v6);
616 EXPECT_EQ(0U, dns.queries().size());
617 EXPECT_TRUE(result == nullptr);
618
619 // Numeric v6 address with gethostbyname2(): succeeds with no DNS queries
620 dns.clearQueries();
621 result = gethostbyname2(numeric_v6, AF_INET6);
622 EXPECT_EQ(0U, dns.queries().size());
623 ASSERT_FALSE(result == nullptr);
624 ASSERT_EQ(16, result->h_length); // v6
625 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
626 EXPECT_EQ(numeric_v6, ToString(result));
627 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
628
629 // Numeric v6 address with scope work with getaddrinfo(),
630 // but gethostbyname2() does not understand them; it issues two dns
631 // queries, then fails. This hardly ever happens, there's no point
632 // in fixing this. This test simply verifies the current (bogus)
633 // behavior to avoid further regressions (like crashes, or leaks).
634 constexpr char numeric_v6_scope[] = "fe80::1%lo";
635 dns.clearQueries();
636 result = gethostbyname2(numeric_v6_scope, AF_INET6);
637 EXPECT_EQ(2U, dns.queries().size()); // OUCH!
638 ASSERT_TRUE(result == nullptr);
639 }
640
TEST_F(ResolverTest,BinderSerialization)641 TEST_F(ResolverTest, BinderSerialization) {
642 std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params_offsets = {
643 IDnsResolver::RESOLVER_PARAMS_SAMPLE_VALIDITY,
644 IDnsResolver::RESOLVER_PARAMS_SUCCESS_THRESHOLD,
645 IDnsResolver::RESOLVER_PARAMS_MIN_SAMPLES,
646 IDnsResolver::RESOLVER_PARAMS_MAX_SAMPLES,
647 IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC,
648 IDnsResolver::RESOLVER_PARAMS_RETRY_COUNT,
649 };
650 const int size = static_cast<int>(params_offsets.size());
651 EXPECT_EQ(size, IDnsResolver::RESOLVER_PARAMS_COUNT);
652 std::sort(params_offsets.begin(), params_offsets.end());
653 for (int i = 0; i < size; ++i) {
654 EXPECT_EQ(params_offsets[i], i);
655 }
656 }
657
TEST_F(ResolverTest,GetHostByName_Binder)658 TEST_F(ResolverTest, GetHostByName_Binder) {
659 std::vector<std::string> domains = {"example.com"};
660 std::vector<std::unique_ptr<test::DNSResponder>> dns;
661 std::vector<std::string> servers;
662 std::vector<DnsResponderClient::Mapping> mappings;
663 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupMappings(1, domains, &mappings));
664 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupDNSServers(4, mappings, &dns, &servers));
665 ASSERT_EQ(1U, mappings.size());
666 const DnsResponderClient::Mapping& mapping = mappings[0];
667
668 const auto resolverParams = ResolverParams::Builder()
669 .setDomains(domains)
670 .setDnsServers(servers)
671 .setDotServers({})
672 .build();
673 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(resolverParams));
674
675 const hostent* result = gethostbyname(mapping.host.c_str());
676 const size_t total_queries =
677 std::accumulate(dns.begin(), dns.end(), 0, [&mapping](size_t total, auto& d) {
678 return total + GetNumQueriesForType(*d, ns_type::ns_t_a, mapping.entry.c_str());
679 });
680
681 EXPECT_LE(1U, total_queries);
682 ASSERT_FALSE(result == nullptr);
683 ASSERT_EQ(4, result->h_length);
684 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
685 EXPECT_EQ(mapping.ip4, ToString(result));
686 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
687
688 const auto resolvInfo = mDnsClient.getResolverInfo();
689 ASSERT_RESULT_OK(resolvInfo);
690 EXPECT_EQ(servers.size(), resolvInfo.value().dnsServers.size());
691 EXPECT_EQ(domains.size(), resolvInfo.value().domains.size());
692 EXPECT_TRUE(resolvInfo.value().dotServers.empty());
693 EXPECT_EQ(resolverParams.sampleValiditySeconds, resolvInfo.value().params.sample_validity);
694 EXPECT_EQ(resolverParams.successThreshold, resolvInfo.value().params.success_threshold);
695 EXPECT_EQ(resolverParams.minSamples, resolvInfo.value().params.min_samples);
696 EXPECT_EQ(resolverParams.maxSamples, resolvInfo.value().params.max_samples);
697 EXPECT_EQ(resolverParams.baseTimeoutMsec, resolvInfo.value().params.base_timeout_msec);
698 EXPECT_EQ(resolverParams.retryCount, resolvInfo.value().params.retry_count);
699 EXPECT_EQ(servers.size(), resolvInfo.value().stats.size());
700
701 EXPECT_THAT(resolvInfo.value().dnsServers, testing::UnorderedElementsAreArray(servers));
702 EXPECT_THAT(resolvInfo.value().domains, testing::UnorderedElementsAreArray(domains));
703 }
704
TEST_F(ResolverTest,GetAddrInfo)705 TEST_F(ResolverTest, GetAddrInfo) {
706 constexpr char listen_addr[] = "127.0.0.4";
707 constexpr char listen_addr2[] = "127.0.0.5";
708 constexpr char host_name[] = "howdy.example.com.";
709
710 const std::vector<DnsRecord> records = {
711 {host_name, ns_type::ns_t_a, "1.2.3.4"},
712 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
713 };
714 test::DNSResponder dns(listen_addr);
715 test::DNSResponder dns2(listen_addr2);
716 StartDns(dns, records);
717 StartDns(dns2, records);
718
719 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr}));
720 dns.clearQueries();
721 dns2.clearQueries();
722
723 ScopedAddrinfo result = safe_getaddrinfo("howdy", nullptr, nullptr);
724 EXPECT_TRUE(result != nullptr);
725 size_t found = GetNumQueries(dns, host_name);
726 EXPECT_LE(1U, found);
727 // Could be A or AAAA
728 std::string result_str = ToString(result);
729 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
730 << ", result_str='" << result_str << "'";
731
732 // Verify that the name is cached.
733 size_t old_found = found;
734 result = safe_getaddrinfo("howdy", nullptr, nullptr);
735 EXPECT_TRUE(result != nullptr);
736 found = GetNumQueries(dns, host_name);
737 EXPECT_LE(1U, found);
738 EXPECT_EQ(old_found, found);
739 result_str = ToString(result);
740 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") << result_str;
741
742 // Change the DNS resolver, ensure that queries are still cached.
743 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr2}));
744 dns.clearQueries();
745 dns2.clearQueries();
746
747 result = safe_getaddrinfo("howdy", nullptr, nullptr);
748 EXPECT_TRUE(result != nullptr);
749 found = GetNumQueries(dns, host_name);
750 size_t found2 = GetNumQueries(dns2, host_name);
751 EXPECT_EQ(0U, found);
752 EXPECT_LE(0U, found2);
753
754 // Could be A or AAAA
755 result_str = ToString(result);
756 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
757 << ", result_str='" << result_str << "'";
758 }
759
TEST_F(ResolverTest,GetAddrInfoV4)760 TEST_F(ResolverTest, GetAddrInfoV4) {
761 test::DNSResponder dns;
762 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.5"}});
763 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
764
765 const addrinfo hints = {.ai_family = AF_INET};
766 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
767 EXPECT_TRUE(result != nullptr);
768 EXPECT_EQ(1U, GetNumQueries(dns, kHelloExampleCom));
769 EXPECT_EQ("1.2.3.5", ToString(result));
770 }
771
TEST_F(ResolverTest,GetAddrInfo_localhost)772 TEST_F(ResolverTest, GetAddrInfo_localhost) {
773 // Add a no-op nameserver which shouldn't receive any queries
774 test::DNSResponder dns;
775 StartDns(dns, {});
776 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
777
778 ScopedAddrinfo result = safe_getaddrinfo(kLocalHost, nullptr, nullptr);
779 EXPECT_TRUE(result != nullptr);
780 // Expect no DNS queries; localhost is resolved via /etc/hosts
781 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
782 EXPECT_EQ(kLocalHostAddr, ToString(result));
783
784 result = safe_getaddrinfo(kIp6LocalHost, nullptr, nullptr);
785 EXPECT_TRUE(result != nullptr);
786 // Expect no DNS queries; ip6-localhost is resolved via /etc/hosts
787 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
788 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
789 }
790
TEST_F(ResolverTest,GetAddrInfo_NumericHostname)791 TEST_F(ResolverTest, GetAddrInfo_NumericHostname) {
792 // Add a no-op nameserver which shouldn't receive any queries
793 test::DNSResponder dns;
794 StartDns(dns, {});
795 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
796
797 ScopedAddrinfo result = safe_getaddrinfo("1.2.3.4", nullptr, nullptr);
798 EXPECT_TRUE(result != nullptr);
799 // Expect no DNS queries. Numeric hostname doesn't need to resolve.
800 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
801 EXPECT_EQ("1.2.3.4", ToString(result));
802
803 result = safe_getaddrinfo("2001:db8::1", nullptr, nullptr);
804 EXPECT_TRUE(result != nullptr);
805 // Expect no DNS queries. Numeric hostname doesn't need to resolve.
806 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
807 EXPECT_EQ("2001:db8::1", ToString(result));
808 }
809
TEST_F(ResolverTest,GetAddrInfo_InvalidSocketType)810 TEST_F(ResolverTest, GetAddrInfo_InvalidSocketType) {
811 test::DNSResponder dns;
812 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.5"}});
813 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
814
815 // TODO: Test other invalid socket types.
816 const addrinfo hints = {
817 .ai_family = AF_UNSPEC,
818 .ai_socktype = SOCK_PACKET,
819 };
820 addrinfo* result = nullptr;
821 // This is a valid hint, but the query won't be sent because the socket type is
822 // not supported.
823 EXPECT_EQ(EAI_NODATA, getaddrinfo("hello", nullptr, &hints, &result));
824 ScopedAddrinfo result_cleanup(result);
825 EXPECT_EQ(nullptr, result);
826 }
827
828 // Verify if the resolver correctly handle multiple queries simultaneously
829 // step 1: set dns server#1 into deferred responding mode.
830 // step 2: thread#1 query "hello.example.com." --> resolver send query to server#1.
831 // step 3: thread#2 query "hello.example.com." --> resolver hold the request and wait for
832 // response of previous pending query sent by thread#1.
833 // step 4: thread#3 query "konbanha.example.com." --> resolver send query to server#3. Server
834 // respond to resolver immediately.
835 // step 5: check if server#1 get 1 query by thread#1, server#2 get 0 query, server#3 get 1 query.
836 // step 6: resume dns server#1 to respond dns query in step#2.
837 // step 7: thread#1 and #2 should get returned from DNS query after step#6. Also, check the
838 // number of queries in server#2 is 0 to ensure thread#2 does not wake up unexpectedly
839 // before signaled by thread#1.
TEST_F(ResolverTest,GetAddrInfoV4_deferred_resp)840 TEST_F(ResolverTest, GetAddrInfoV4_deferred_resp) {
841 const char* listen_addr1 = "127.0.0.9";
842 const char* listen_addr2 = "127.0.0.10";
843 const char* listen_addr3 = "127.0.0.11";
844 const char* listen_srv = "53";
845 const char* host_name_deferred = "hello.example.com.";
846 const char* host_name_normal = "konbanha.example.com.";
847 test::DNSResponder dns1(listen_addr1, listen_srv, ns_rcode::ns_r_servfail);
848 test::DNSResponder dns2(listen_addr2, listen_srv, ns_rcode::ns_r_servfail);
849 test::DNSResponder dns3(listen_addr3, listen_srv, ns_rcode::ns_r_servfail);
850 dns1.addMapping(host_name_deferred, ns_type::ns_t_a, "1.2.3.4");
851 dns2.addMapping(host_name_deferred, ns_type::ns_t_a, "1.2.3.4");
852 dns3.addMapping(host_name_normal, ns_type::ns_t_a, "1.2.3.5");
853 ASSERT_TRUE(dns1.startServer());
854 ASSERT_TRUE(dns2.startServer());
855 ASSERT_TRUE(dns3.startServer());
856 const std::vector<std::string> servers_for_t1 = {listen_addr1};
857 const std::vector<std::string> servers_for_t2 = {listen_addr2};
858 const std::vector<std::string> servers_for_t3 = {listen_addr3};
859 addrinfo hints = {.ai_family = AF_INET};
860 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {300, 25, 8, 8, 5000, 0};
861 bool t3_task_done = false;
862
863 dns1.setDeferredResp(true);
864 std::thread t1([&, this]() {
865 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
866 .setDnsServers(servers_for_t1)
867 .setDotServers({})
868 .setParams(params)
869 .build()));
870 ScopedAddrinfo result = safe_getaddrinfo(host_name_deferred, nullptr, &hints);
871 // t3's dns query should got returned first
872 EXPECT_TRUE(t3_task_done);
873 EXPECT_EQ(1U, GetNumQueries(dns1, host_name_deferred));
874 EXPECT_TRUE(result != nullptr);
875 EXPECT_EQ("1.2.3.4", ToString(result));
876 });
877
878 // ensuring t1 and t2 handler functions are processed in order
879 usleep(100 * 1000);
880 std::thread t2([&, this]() {
881 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
882 .setDnsServers(servers_for_t2)
883 .setDotServers({})
884 .setParams(params)
885 .build()));
886 ScopedAddrinfo result = safe_getaddrinfo(host_name_deferred, nullptr, &hints);
887 EXPECT_TRUE(t3_task_done);
888 EXPECT_EQ(0U, GetNumQueries(dns2, host_name_deferred));
889 EXPECT_TRUE(result != nullptr);
890 EXPECT_EQ("1.2.3.4", ToString(result));
891 const auto resolvInfo = mDnsClient.getResolverInfo();
892 ASSERT_RESULT_OK(resolvInfo);
893 EXPECT_EQ(0, resolvInfo.value().waitForPendingReqTimeoutCount);
894 });
895
896 // ensuring t2 and t3 handler functions are processed in order
897 usleep(100 * 1000);
898 std::thread t3([&, this]() {
899 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
900 .setDnsServers(servers_for_t3)
901 .setDotServers({})
902 .setParams(params)
903 .build()));
904 ScopedAddrinfo result = safe_getaddrinfo(host_name_normal, nullptr, &hints);
905 EXPECT_EQ(1U, GetNumQueries(dns1, host_name_deferred));
906 EXPECT_EQ(0U, GetNumQueries(dns2, host_name_deferred));
907 EXPECT_EQ(1U, GetNumQueries(dns3, host_name_normal));
908 EXPECT_TRUE(result != nullptr);
909 EXPECT_EQ("1.2.3.5", ToString(result));
910
911 t3_task_done = true;
912 dns1.setDeferredResp(false);
913 });
914 t3.join();
915 t1.join();
916 t2.join();
917 }
918
TEST_F(ResolverTest,GetAddrInfoV4_MultiAnswers)919 TEST_F(ResolverTest, GetAddrInfoV4_MultiAnswers) {
920 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
921 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponsesV4);
922 StartDns(dns, {});
923 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
924
925 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
926 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
927 ASSERT_FALSE(result == nullptr);
928
929 // Expect the DNS result order is the same as the RR order in the DNS response
930 // |kHelloExampleComResponsesV4| because none of rule in the native sorting
931 // function _rfc6724_compare() is matched.
932 //
933 // The reason is here for the sorting result from _rfc6724_compare.
934 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
935 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
936 // See rule#1 as well.
937 // (rule 3 is not implemented)
938 // (rule 4 is not implemented)
939 // For rule 5: prefer matching label, all addresses get the same label 4 for AF_INET.
940 // For rule 6: prefer higher precedence, all addresses get the same precedence 35 for AF_INET.
941 // (rule 7 is not implemented)
942 // For rule 8: prefer smaller scope, all destination addresses has the same scope.
943 // For rule 9: use longest matching prefix, IPv6 only.
944 // For rule 10: leave the order unchanged, these IPv4 DNS addresses meet this rule.
945 //
946 // See packages/modules/DnsResolver/getaddrinfo.cpp
947 EXPECT_THAT(ToStrings(result),
948 testing::ElementsAre(kHelloExampleComAddrV4, kHelloExampleComAddrV4_2,
949 kHelloExampleComAddrV4_3));
950
951 // .ai_socktype will be 0.
952 hints = {.ai_family = AF_UNSPEC};
953 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
954 ASSERT_FALSE(result == nullptr);
955
956 // The results are sorted in every querying by explore_options and then concatenates all sorted
957 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
958 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
959 // of each explore_options and concatenates all sorted results into one link list. The address
960 // order of the output addrinfo is:
961 // 1.2.3.4 (socktype=2, protocol=17) ->
962 // 8.8.8.8 (socktype=2, protocol=17) ->
963 // 81.117.21.202 (socktype=2, protocol=17) ->
964 // 1.2.3.4 (socktype=1, protocol=6) ->
965 // 8.8.8.8 (socktype=1, protocol=6) ->
966 // 81.117.21.202 (socktype=1, protocol=6)
967 //
968 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
969 EXPECT_THAT(ToStrings(result),
970 testing::ElementsAre(kHelloExampleComAddrV4, kHelloExampleComAddrV4_2,
971 kHelloExampleComAddrV4_3, kHelloExampleComAddrV4,
972 kHelloExampleComAddrV4_2, kHelloExampleComAddrV4_3));
973 }
974
TEST_F(ResolverTest,GetAddrInfoV6_MultiAnswers)975 TEST_F(ResolverTest, GetAddrInfoV6_MultiAnswers) {
976 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
977 dns.addMappingBinaryPacket(kHelloExampleComQueryV6, kHelloExampleComResponsesV6);
978 StartDns(dns, {});
979 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
980
981 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
982 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
983 ASSERT_FALSE(result == nullptr);
984
985 // Expect the DNS result order is GUA, teredo tunneling address and IPv4-compatible address
986 // because of the precedence comparison of RFC 6724.
987 //
988 // The reason is here for the sorting result from _rfc6724_compare.
989 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
990 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
991 // See rule#1 as well.
992 // (rule 3 is not implemented)
993 // (rule 4 is not implemented)
994 // For rule 5: prefer matching label, the source address is not valid and can't match the dns
995 // reply addresses. See rule#1 as well.
996 // For rule 6: prefer higher precedence, sorted by the order: gua(40), teredo(5) and
997 // ipv4-compatible(1).
998 // Ignore from rule 7 to rule 10 because the results has been sorted by rule 6.
999 //
1000 // See _get_precedence, _rfc6724_compare in packages/modules/DnsResolver/getaddrinfo.cpp
1001 EXPECT_THAT(ToStrings(result),
1002 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV6_TEREDO,
1003 kHelloExampleComAddrV6_IPV4COMPAT));
1004
1005 hints = {.ai_family = AF_UNSPEC};
1006 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1007 ASSERT_FALSE(result == nullptr);
1008
1009 // The results are sorted in every querying by explore_options and then concatenates all sorted
1010 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
1011 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
1012 // of each explore_options and concatenates all sorted results into one link list. The address
1013 // order of the output addrinfo is:
1014 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1015 // 2001::47c1 (socktype=2, protocol=17) ->
1016 // ::1.2.3.4 (socktype=2, protocol=17) ->
1017 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1018 // 2001::47c1 (socktype=1, protocol=6) ->
1019 // ::1.2.3.4 (socktype=1, protocol=6)
1020 //
1021 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1022 EXPECT_THAT(
1023 ToStrings(result),
1024 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV6_TEREDO,
1025 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_GUA,
1026 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1027 }
1028
TEST_F(ResolverTest,GetAddrInfoV4V6_MultiAnswers)1029 TEST_F(ResolverTest, GetAddrInfoV4V6_MultiAnswers) {
1030 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
1031 // Use one IPv4 address only because we can't control IPv4 address ordering in this test
1032 // which uses a fake network.
1033 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponseV4);
1034 dns.addMappingBinaryPacket(kHelloExampleComQueryV6, kHelloExampleComResponsesV6);
1035 StartDns(dns, {});
1036 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1037
1038 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
1039 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1040 ASSERT_FALSE(result == nullptr);
1041
1042 // Expect the DNS result order is ipv6 global unicast address, IPv4 address, IPv6 teredo
1043 // tunneling address and IPv4-compatible IPv6 address because of the precedence comparison
1044 // of RFC 6724.
1045 //
1046 // The reason is here for the sorting result from _rfc6724_compare.
1047 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
1048 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
1049 // See rule#1 as well.
1050 // (rule 3 is not implemented)
1051 // (rule 4 is not implemented)
1052 // For rule 5: prefer matching label, the source address is not valid and can't match the dns
1053 // reply addresses. See rule#1 as well.
1054 // For rule 6: prefer higher precedence, sorted by the order: gua(40), ipv4(35), teredo(5) and
1055 // ipv4-compatible(1).
1056 // Ignore from rule 7 to rule 10 because the results has been sorted by rule 6.
1057 //
1058 // See _get_precedence, _rfc6724_compare in packages/modules/DnsResolver/getaddrinfo.cpp
1059 EXPECT_THAT(
1060 ToStrings(result),
1061 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1062 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1063
1064 hints = {.ai_family = AF_UNSPEC};
1065 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1066 ASSERT_FALSE(result == nullptr);
1067
1068 // The results are sorted in every querying by explore_options and then concatenates all sorted
1069 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
1070 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
1071 // of each explore_options and concatenates all sorted results into one link list. The address
1072 // order of the output addrinfo is:
1073 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1074 // 1.2.3.4 (socktype=2, protocol=17) ->
1075 // 2001::47c1 (socktype=2, protocol=17) ->
1076 // ::1.2.3.4 (socktype=2, protocol=17) ->
1077 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1078 // 1.2.3.4 (socktype=1, protocol=6) ->
1079 // 2001::47c1 (socktype=1, protocol=6) ->
1080 // ::1.2.3.4 (socktype=1, protocol=6)
1081 //
1082 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1083 EXPECT_THAT(
1084 ToStrings(result),
1085 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1086 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT,
1087 kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1088 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1089 }
1090
TEST_F(ResolverTest,GetAddrInfo_cnames)1091 TEST_F(ResolverTest, GetAddrInfo_cnames) {
1092 constexpr char host_name[] = "host.example.com.";
1093 test::DNSResponder dns;
1094 const std::vector<DnsRecord> records = {
1095 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
1096 {"a.example.com.", ns_type::ns_t_cname, "b.example.com."},
1097 {"b.example.com.", ns_type::ns_t_cname, "c.example.com."},
1098 {"c.example.com.", ns_type::ns_t_cname, "d.example.com."},
1099 {"d.example.com.", ns_type::ns_t_cname, "e.example.com."},
1100 {"e.example.com.", ns_type::ns_t_cname, host_name},
1101 {host_name, ns_type::ns_t_a, "1.2.3.3"},
1102 {host_name, ns_type::ns_t_aaaa, "2001:db8::42"},
1103 };
1104 StartDns(dns, records);
1105 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1106
1107 addrinfo hints = {.ai_family = AF_INET};
1108 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1109 EXPECT_TRUE(result != nullptr);
1110 EXPECT_EQ("1.2.3.3", ToString(result));
1111
1112 dns.clearQueries();
1113 hints = {.ai_family = AF_INET6};
1114 result = safe_getaddrinfo("hello", nullptr, &hints);
1115 EXPECT_TRUE(result != nullptr);
1116 EXPECT_EQ("2001:db8::42", ToString(result));
1117 }
1118
TEST_F(ResolverTest,GetAddrInfo_cnamesNoIpAddress)1119 TEST_F(ResolverTest, GetAddrInfo_cnamesNoIpAddress) {
1120 test::DNSResponder dns;
1121 const std::vector<DnsRecord> records = {
1122 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
1123 };
1124 StartDns(dns, records);
1125 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1126
1127 addrinfo hints = {.ai_family = AF_INET};
1128 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1129 EXPECT_TRUE(result == nullptr);
1130
1131 dns.clearQueries();
1132 hints = {.ai_family = AF_INET6};
1133 result = safe_getaddrinfo("hello", nullptr, &hints);
1134 EXPECT_TRUE(result == nullptr);
1135 }
1136
TEST_F(ResolverTest,GetAddrInfo_cnamesIllegalRdata)1137 TEST_F(ResolverTest, GetAddrInfo_cnamesIllegalRdata) {
1138 test::DNSResponder dns;
1139 const std::vector<DnsRecord> records = {
1140 {kHelloExampleCom, ns_type::ns_t_cname, ".!#?"},
1141 };
1142 StartDns(dns, records);
1143 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1144
1145 addrinfo hints = {.ai_family = AF_INET};
1146 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1147 EXPECT_TRUE(result == nullptr);
1148
1149 dns.clearQueries();
1150 hints = {.ai_family = AF_INET6};
1151 result = safe_getaddrinfo("hello", nullptr, &hints);
1152 EXPECT_TRUE(result == nullptr);
1153 }
1154
TEST_F(ResolverTest,GetAddrInfoForCaseInSensitiveDomains)1155 TEST_F(ResolverTest, GetAddrInfoForCaseInSensitiveDomains) {
1156 test::DNSResponder dns;
1157 const char* host_name = "howdy.example.com.";
1158 const char* host_name2 = "HOWDY.example.com.";
1159 const std::vector<DnsRecord> records = {
1160 {host_name, ns_type::ns_t_a, "1.2.3.4"},
1161 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
1162 {host_name2, ns_type::ns_t_a, "1.2.3.5"},
1163 {host_name2, ns_type::ns_t_aaaa, "::1.2.3.5"},
1164 };
1165 StartDns(dns, records);
1166 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1167
1168 ScopedAddrinfo hostname_result = safe_getaddrinfo("howdy", nullptr, nullptr);
1169 EXPECT_TRUE(hostname_result != nullptr);
1170 const size_t hostname1_count_after_first_query = GetNumQueries(dns, host_name);
1171 EXPECT_LE(1U, hostname1_count_after_first_query);
1172 // Could be A or AAAA
1173 std::string hostname_result_str = ToString(hostname_result);
1174 EXPECT_TRUE(hostname_result_str == "1.2.3.4" || hostname_result_str == "::1.2.3.4");
1175
1176 // Verify that the name is cached.
1177 ScopedAddrinfo hostname2_result = safe_getaddrinfo("HOWDY", nullptr, nullptr);
1178 EXPECT_TRUE(hostname2_result != nullptr);
1179 const size_t hostname1_count_after_second_query = GetNumQueries(dns, host_name);
1180 EXPECT_LE(1U, hostname1_count_after_second_query);
1181
1182 // verify that there is no change in num of queries for howdy.example.com
1183 EXPECT_EQ(hostname1_count_after_first_query, hostname1_count_after_second_query);
1184
1185 // Number of queries for HOWDY.example.com would be >= 1 if domain names
1186 // are considered case-sensitive, else number of queries should be 0.
1187 const size_t hostname2_count = GetNumQueries(dns, host_name2);
1188 EXPECT_EQ(0U,hostname2_count);
1189 std::string hostname2_result_str = ToString(hostname2_result);
1190 EXPECT_TRUE(hostname2_result_str == "1.2.3.4" || hostname2_result_str == "::1.2.3.4");
1191
1192 // verify that the result is still the same address even though
1193 // mixed-case string is not in the DNS
1194 ScopedAddrinfo result = safe_getaddrinfo("HowDY", nullptr, nullptr);
1195 EXPECT_TRUE(result != nullptr);
1196 std::string result_str = ToString(result);
1197 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4");
1198 }
1199
TEST_F(ResolverTest,MultidomainResolution)1200 TEST_F(ResolverTest, MultidomainResolution) {
1201 constexpr char host_name[] = "nihao.example2.com.";
1202 std::vector<std::string> searchDomains = {"example1.com", "example2.com", "example3.com"};
1203
1204 test::DNSResponder dns("127.0.0.6");
1205 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.3"}});
1206 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({"127.0.0.6"}, searchDomains));
1207
1208 const hostent* result = gethostbyname("nihao");
1209
1210 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
1211 ASSERT_FALSE(result == nullptr);
1212 ASSERT_EQ(4, result->h_length);
1213 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
1214 EXPECT_EQ("1.2.3.3", ToString(result));
1215 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
1216 }
1217
TEST_F(ResolverTest,GetAddrInfoV6_numeric)1218 TEST_F(ResolverTest, GetAddrInfoV6_numeric) {
1219 constexpr char host_name[] = "ohayou.example.com.";
1220 constexpr char numeric_addr[] = "fe80::1%lo";
1221
1222 test::DNSResponder dns;
1223 dns.setResponseProbability(0.0);
1224 StartDns(dns, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1225 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1226
1227 addrinfo hints = {.ai_family = AF_INET6};
1228 ScopedAddrinfo result = safe_getaddrinfo(numeric_addr, nullptr, &hints);
1229 EXPECT_TRUE(result != nullptr);
1230 EXPECT_EQ(numeric_addr, ToString(result));
1231 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
1232
1233 // Now try a non-numeric hostname query with the AI_NUMERICHOST flag set.
1234 // We should fail without sending out a DNS query.
1235 hints.ai_flags |= AI_NUMERICHOST;
1236 result = safe_getaddrinfo(host_name, nullptr, &hints);
1237 EXPECT_TRUE(result == nullptr);
1238 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
1239 }
1240
TEST_F(ResolverTest,GetAddrInfoV6_failing)1241 TEST_F(ResolverTest, GetAddrInfoV6_failing) {
1242 constexpr char listen_addr0[] = "127.0.0.7";
1243 constexpr char listen_addr1[] = "127.0.0.8";
1244 const char* host_name = "ohayou.example.com.";
1245
1246 test::DNSResponder dns0(listen_addr0);
1247 test::DNSResponder dns1(listen_addr1);
1248 dns0.setResponseProbability(0.0);
1249 StartDns(dns0, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1250 StartDns(dns1, {{host_name, ns_type::ns_t_aaaa, "2001:db8::6"}});
1251
1252 std::vector<std::string> servers = {listen_addr0, listen_addr1};
1253 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
1254 int sample_count = 8;
1255 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
1256 300, 25, sample_count, sample_count, 0, 0};
1257 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
1258 .setDnsServers(servers)
1259 .setDotServers({})
1260 .setParams(params)
1261 .build()));
1262
1263 // Repeatedly perform resolutions for non-existing domains until MAXNSSAMPLES resolutions have
1264 // reached the dns0, which is set to fail. No more requests should then arrive at that server
1265 // for the next sample_lifetime seconds.
1266 // TODO: This approach is implementation-dependent, change once metrics reporting is available.
1267 const addrinfo hints = {.ai_family = AF_INET6};
1268 for (int i = 0; i < sample_count; ++i) {
1269 std::string domain = fmt::format("nonexistent{}", i);
1270 ScopedAddrinfo result = safe_getaddrinfo(domain.c_str(), nullptr, &hints);
1271 }
1272 // Due to 100% errors for all possible samples, the server should be ignored from now on and
1273 // only the second one used for all following queries, until NSSAMPLE_VALIDITY is reached.
1274 dns0.clearQueries();
1275 dns1.clearQueries();
1276 ScopedAddrinfo result = safe_getaddrinfo("ohayou", nullptr, &hints);
1277 EXPECT_TRUE(result != nullptr);
1278 EXPECT_EQ(0U, GetNumQueries(dns0, host_name));
1279 EXPECT_EQ(1U, GetNumQueries(dns1, host_name));
1280 }
1281
TEST_F(ResolverTest,GetAddrInfoV6_nonresponsive)1282 TEST_F(ResolverTest, GetAddrInfoV6_nonresponsive) {
1283 constexpr char listen_addr0[] = "127.0.0.7";
1284 constexpr char listen_addr1[] = "127.0.0.8";
1285 constexpr char listen_srv[] = "53";
1286 constexpr char host_name1[] = "ohayou.example.com.";
1287 constexpr char host_name2[] = "ciao.example.com.";
1288 const std::vector<std::string> defaultSearchDomain = {"example.com"};
1289 // The minimal timeout is 1000ms, so we can't decrease timeout
1290 // So reduce retry count.
1291 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> reduceRetryParams = {
1292 300, // sample validity in seconds
1293 25, // success threshod in percent
1294 8, 8, // {MIN,MAX}_SAMPLES
1295 1000, // BASE_TIMEOUT_MSEC
1296 1, // retry count
1297 };
1298 const std::vector<DnsRecord> records0 = {
1299 {host_name1, ns_type::ns_t_aaaa, "2001:db8::5"},
1300 {host_name2, ns_type::ns_t_aaaa, "2001:db8::5"},
1301 };
1302 const std::vector<DnsRecord> records1 = {
1303 {host_name1, ns_type::ns_t_aaaa, "2001:db8::6"},
1304 {host_name2, ns_type::ns_t_aaaa, "2001:db8::6"},
1305 };
1306
1307 // dns0 does not respond with 100% probability, while
1308 // dns1 responds normally, at least initially.
1309 test::DNSResponder dns0(listen_addr0, listen_srv, static_cast<ns_rcode>(-1));
1310 test::DNSResponder dns1(listen_addr1, listen_srv, static_cast<ns_rcode>(-1));
1311 dns0.setResponseProbability(0.0);
1312 StartDns(dns0, records0);
1313 StartDns(dns1, records1);
1314 ASSERT_TRUE(
1315 mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
1316 .setDnsServers({listen_addr0, listen_addr1})
1317 .setDotServers({})
1318 .setParams(reduceRetryParams)
1319 .build()));
1320
1321 // Specify ai_socktype to make getaddrinfo will only query 1 time
1322 const addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_STREAM};
1323
1324 // dns0 will ignore the request, and we'll fallback to dns1 after the first
1325 // retry.
1326 ScopedAddrinfo result = safe_getaddrinfo(host_name1, nullptr, &hints);
1327 EXPECT_TRUE(result != nullptr);
1328 EXPECT_EQ(1U, GetNumQueries(dns0, host_name1));
1329 EXPECT_EQ(1U, GetNumQueries(dns1, host_name1));
1330 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, 0, host_name1, {"2001:db8::6"});
1331
1332 // Now make dns1 also ignore 100% requests... The resolve should alternate
1333 // queries between the nameservers and fail
1334 dns1.setResponseProbability(0.0);
1335 addrinfo* result2 = nullptr;
1336 EXPECT_EQ(EAI_NODATA, getaddrinfo(host_name2, nullptr, &hints, &result2));
1337 EXPECT_EQ(nullptr, result2);
1338 EXPECT_EQ(1U, GetNumQueries(dns0, host_name2));
1339 EXPECT_EQ(1U, GetNumQueries(dns1, host_name2));
1340 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, RCODE_TIMEOUT, host_name2, {});
1341 }
1342
TEST_F(ResolverTest,GetAddrInfoV6_concurrent)1343 TEST_F(ResolverTest, GetAddrInfoV6_concurrent) {
1344 constexpr char listen_addr0[] = "127.0.0.9";
1345 constexpr char listen_addr1[] = "127.0.0.10";
1346 constexpr char listen_addr2[] = "127.0.0.11";
1347 constexpr char host_name[] = "konbanha.example.com.";
1348
1349 test::DNSResponder dns0(listen_addr0);
1350 test::DNSResponder dns1(listen_addr1);
1351 test::DNSResponder dns2(listen_addr2);
1352 StartDns(dns0, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1353 StartDns(dns1, {{host_name, ns_type::ns_t_aaaa, "2001:db8::6"}});
1354 StartDns(dns2, {{host_name, ns_type::ns_t_aaaa, "2001:db8::7"}});
1355
1356 const std::vector<std::string> servers = {listen_addr0, listen_addr1, listen_addr2};
1357 std::vector<std::thread> threads(10);
1358 for (std::thread& thread : threads) {
1359 thread = std::thread([this, &servers]() {
1360 unsigned delay = arc4random_uniform(1 * 1000 * 1000); // <= 1s
1361 usleep(delay);
1362 std::vector<std::string> serverSubset;
1363 for (const auto& server : servers) {
1364 if (arc4random_uniform(2)) {
1365 serverSubset.push_back(server);
1366 }
1367 }
1368 if (serverSubset.empty()) serverSubset = servers;
1369 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(serverSubset));
1370 const addrinfo hints = {.ai_family = AF_INET6};
1371 addrinfo* result = nullptr;
1372 int rv = getaddrinfo("konbanha", nullptr, &hints, &result);
1373 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
1374 if (result) {
1375 freeaddrinfo(result);
1376 result = nullptr;
1377 }
1378 });
1379 }
1380 for (std::thread& thread : threads) {
1381 thread.join();
1382 }
1383
1384 const auto resolvInfo = mDnsClient.getResolverInfo();
1385 ASSERT_RESULT_OK(resolvInfo);
1386 EXPECT_EQ(0, resolvInfo.value().waitForPendingReqTimeoutCount);
1387 }
1388
TEST_F(ResolverTest,SkipBadServersDueToInternalError)1389 TEST_F(ResolverTest, SkipBadServersDueToInternalError) {
1390 constexpr char listen_addr1[] = "fe80::1";
1391 constexpr char listen_addr2[] = "255.255.255.255";
1392 constexpr char listen_addr3[] = "127.0.0.3";
1393 int counter = 0; // To generate unique hostnames.
1394 test::DNSResponder dns(listen_addr3);
1395 ASSERT_TRUE(dns.startServer());
1396
1397 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1398 setupParams.servers = {listen_addr1, listen_addr2, listen_addr3};
1399 setupParams.minSamples = 2; // Recognize bad servers in two attempts when sorting not enabled.
1400
1401 ResolverParamsParcel cleanupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1402 cleanupParams.servers.clear();
1403 cleanupParams.tlsServers.clear();
1404
1405 for (const auto& sortNameserversFlag : {"" /* unset */, "0" /* off */, "1" /* on */}) {
1406 SCOPED_TRACE(fmt::format("sortNameversFlag_{}", sortNameserversFlag));
1407 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, sortNameserversFlag);
1408
1409 // Re-setup test network to make experiment flag take effect.
1410 resetNetwork();
1411
1412 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
1413
1414 // Start sending synchronized querying.
1415 for (int i = 0; i < 100; i++) {
1416 std::string hostName = fmt::format("hello{}.com.", counter++);
1417 dns.addMapping(hostName, ns_type::ns_t_a, "1.2.3.4");
1418 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1419 EXPECT_TRUE(safe_getaddrinfo(hostName.c_str(), nullptr, &hints) != nullptr);
1420 }
1421
1422 const std::vector<NameserverStats> targetStats = {
1423 NameserverStats(listen_addr1).setInternalErrors(5),
1424 NameserverStats(listen_addr2).setInternalErrors(5),
1425 NameserverStats(listen_addr3).setSuccesses(setupParams.maxSamples).setRttAvg(1),
1426 };
1427 EXPECT_TRUE(expectStatsNotGreaterThan(targetStats));
1428
1429 // Also verify the number of queries received in the server because res_stats.successes has
1430 // a maximum.
1431 EXPECT_EQ(dns.queries().size(), 100U);
1432
1433 // Reset the state.
1434 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(cleanupParams));
1435 dns.clearQueries();
1436 }
1437 }
1438
TEST_F(ResolverTest,SkipBadServersDueToTimeout)1439 TEST_F(ResolverTest, SkipBadServersDueToTimeout) {
1440 constexpr char listen_addr1[] = "127.0.0.3";
1441 constexpr char listen_addr2[] = "127.0.0.4";
1442 int counter = 0; // To generate unique hostnames.
1443
1444 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1445 setupParams.servers = {listen_addr1, listen_addr2};
1446 setupParams.minSamples = 2; // Recognize bad servers in two attempts when sorting not enabled.
1447
1448 ResolverParamsParcel cleanupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1449 cleanupParams.servers.clear();
1450 cleanupParams.tlsServers.clear();
1451
1452 // Set dns1 non-responsive and dns2 workable.
1453 test::DNSResponder dns1(listen_addr1, test::kDefaultListenService, static_cast<ns_rcode>(-1));
1454 test::DNSResponder dns2(listen_addr2);
1455 dns1.setResponseProbability(0.0);
1456 ASSERT_TRUE(dns1.startServer());
1457 ASSERT_TRUE(dns2.startServer());
1458
1459 for (const auto& sortNameserversFlag : {"" /* unset */, "0" /* off */, "1" /* on */}) {
1460 SCOPED_TRACE(fmt::format("sortNameversFlag_{}", sortNameserversFlag));
1461 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, sortNameserversFlag);
1462
1463 // Re-setup test network to make experiment flag take effect.
1464 resetNetwork();
1465
1466 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
1467
1468 // Start sending synchronized querying.
1469 for (int i = 0; i < 100; i++) {
1470 std::string hostName = fmt::format("hello{}.com.", counter++);
1471 dns1.addMapping(hostName, ns_type::ns_t_a, "1.2.3.4");
1472 dns2.addMapping(hostName, ns_type::ns_t_a, "1.2.3.5");
1473 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1474 EXPECT_TRUE(safe_getaddrinfo(hostName.c_str(), nullptr, &hints) != nullptr);
1475 }
1476
1477 const std::vector<NameserverStats> targetStats = {
1478 NameserverStats(listen_addr1).setTimeouts(5),
1479 NameserverStats(listen_addr2).setSuccesses(setupParams.maxSamples).setRttAvg(1),
1480 };
1481 EXPECT_TRUE(expectStatsNotGreaterThan(targetStats));
1482
1483 // Also verify the number of queries received in the server because res_stats.successes has
1484 // an upper bound.
1485 EXPECT_GT(dns1.queries().size(), 0U);
1486 EXPECT_LT(dns1.queries().size(), 5U);
1487 EXPECT_EQ(dns2.queries().size(), 100U);
1488
1489 // Reset the state.
1490 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(cleanupParams));
1491 dns1.clearQueries();
1492 dns2.clearQueries();
1493 }
1494 }
1495
TEST_F(ResolverTest,GetAddrInfoFromCustTable_InvalidInput)1496 TEST_F(ResolverTest, GetAddrInfoFromCustTable_InvalidInput) {
1497 constexpr char hostnameNoip[] = "noip.example.com.";
1498 constexpr char hostnameInvalidip[] = "invalidip.example.com.";
1499 const std::vector<aidl::android::net::ResolverHostsParcel> invalidCustHosts = {
1500 {"", hostnameNoip},
1501 {"wrong IP", hostnameInvalidip},
1502 };
1503 test::DNSResponder dns;
1504 StartDns(dns, {});
1505 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1506
1507 ResolverOptionsParcel resolverOptions;
1508 resolverOptions.hosts = invalidCustHosts;
1509 if (!mIsResolverOptionIPCSupported) {
1510 resolverParams.resolverOptions = resolverOptions;
1511 }
1512 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1513 if (mIsResolverOptionIPCSupported) {
1514 ASSERT_TRUE(mDnsClient.resolvService()
1515 ->setResolverOptions(resolverParams.netId, resolverOptions)
1516 .isOk());
1517 }
1518 for (const auto& hostname : {hostnameNoip, hostnameInvalidip}) {
1519 // The query won't get data from customized table because of invalid customized table
1520 // and DNSResponder also has no records. hostnameNoip has never registered and
1521 // hostnameInvalidip has registered but wrong IP.
1522 const addrinfo hints = {.ai_family = AF_UNSPEC};
1523 ScopedAddrinfo result = safe_getaddrinfo(hostname, nullptr, &hints);
1524 ASSERT_TRUE(result == nullptr);
1525 EXPECT_EQ(4U, GetNumQueries(dns, hostname));
1526 }
1527 }
1528
TEST_F(ResolverTest,GetAddrInfoFromCustTable)1529 TEST_F(ResolverTest, GetAddrInfoFromCustTable) {
1530 constexpr char hostnameV4[] = "v4only.example.com.";
1531 constexpr char hostnameV6[] = "v6only.example.com.";
1532 constexpr char hostnameV4V6[] = "v4v6.example.com.";
1533 constexpr char custAddrV4[] = "1.2.3.4";
1534 constexpr char custAddrV6[] = "::1.2.3.4";
1535 constexpr char dnsSvAddrV4[] = "1.2.3.5";
1536 constexpr char dnsSvAddrV6[] = "::1.2.3.5";
1537 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4 = {
1538 {custAddrV4, hostnameV4},
1539 };
1540 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV6 = {
1541 {custAddrV6, hostnameV6},
1542 };
1543 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4V6 = {
1544 {custAddrV4, hostnameV4V6},
1545 {custAddrV6, hostnameV4V6},
1546 };
1547 const std::vector<DnsRecord> dnsSvHostV4 = {
1548 {hostnameV4, ns_type::ns_t_a, dnsSvAddrV4},
1549 };
1550 const std::vector<DnsRecord> dnsSvHostV6 = {
1551 {hostnameV6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1552 };
1553 const std::vector<DnsRecord> dnsSvHostV4V6 = {
1554 {hostnameV4V6, ns_type::ns_t_a, dnsSvAddrV4},
1555 {hostnameV4V6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1556 };
1557 struct TestConfig {
1558 const std::string name;
1559 const std::vector<aidl::android::net::ResolverHostsParcel> customizedHosts;
1560 const std::vector<DnsRecord> dnsserverHosts;
1561 const std::vector<std::string> queryResult;
1562 std::string asParameters() const {
1563 return fmt::format("name: {}, customizedHosts: {}, dnsserverHosts: {}", name,
1564 customizedHosts.empty() ? "No" : "Yes",
1565 dnsserverHosts.empty() ? "No" : "Yes");
1566 }
1567 } testConfigs[]{
1568 // clang-format off
1569 {hostnameV4, {}, {}, {}},
1570 {hostnameV4, {}, dnsSvHostV4, {dnsSvAddrV4}},
1571 {hostnameV4, custHostV4, {}, {custAddrV4}},
1572 {hostnameV4, custHostV4, dnsSvHostV4, {custAddrV4}},
1573 {hostnameV6, {}, {}, {}},
1574 {hostnameV6, {}, dnsSvHostV6, {dnsSvAddrV6}},
1575 {hostnameV6, custHostV6, {}, {custAddrV6}},
1576 {hostnameV6, custHostV6, dnsSvHostV6, {custAddrV6}},
1577 {hostnameV4V6, {}, {}, {}},
1578 {hostnameV4V6, {}, dnsSvHostV4V6, {dnsSvAddrV4, dnsSvAddrV6}},
1579 {hostnameV4V6, custHostV4V6, {}, {custAddrV4, custAddrV6}},
1580 {hostnameV4V6, custHostV4V6, dnsSvHostV4V6, {custAddrV4, custAddrV6}},
1581 // clang-format on
1582 };
1583
1584 for (const auto& config : testConfigs) {
1585 SCOPED_TRACE(config.asParameters());
1586
1587 test::DNSResponder dns;
1588 StartDns(dns, config.dnsserverHosts);
1589
1590 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1591 ResolverOptionsParcel resolverOptions;
1592 resolverOptions.hosts = config.customizedHosts;
1593 if (!mIsResolverOptionIPCSupported) {
1594 resolverParams.resolverOptions = resolverOptions;
1595 }
1596 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1597
1598 if (mIsResolverOptionIPCSupported) {
1599 ASSERT_TRUE(mDnsClient.resolvService()
1600 ->setResolverOptions(resolverParams.netId, resolverOptions)
1601 .isOk());
1602 }
1603 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1604 ScopedAddrinfo result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
1605 if (config.customizedHosts.empty() && config.dnsserverHosts.empty()) {
1606 ASSERT_TRUE(result == nullptr);
1607 EXPECT_EQ(2U, GetNumQueries(dns, config.name.c_str()));
1608 } else {
1609 ASSERT_TRUE(result != nullptr);
1610 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.queryResult));
1611 EXPECT_EQ(config.customizedHosts.empty() ? 2U : 0U,
1612 GetNumQueries(dns, config.name.c_str()));
1613 }
1614
1615 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
1616 }
1617 }
1618
TEST_F(ResolverTest,GetAddrInfoFromCustTable_Modify)1619 TEST_F(ResolverTest, GetAddrInfoFromCustTable_Modify) {
1620 constexpr char hostnameV4V6[] = "v4v6.example.com.";
1621 constexpr char custAddrV4[] = "1.2.3.4";
1622 constexpr char custAddrV6[] = "::1.2.3.4";
1623 constexpr char dnsSvAddrV4[] = "1.2.3.5";
1624 constexpr char dnsSvAddrV6[] = "::1.2.3.5";
1625 const std::vector<DnsRecord> dnsSvHostV4V6 = {
1626 {hostnameV4V6, ns_type::ns_t_a, dnsSvAddrV4},
1627 {hostnameV4V6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1628 };
1629 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4V6 = {
1630 {custAddrV4, hostnameV4V6},
1631 {custAddrV6, hostnameV4V6},
1632 };
1633 test::DNSResponder dns;
1634 StartDns(dns, dnsSvHostV4V6);
1635 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1636
1637 ResolverOptionsParcel resolverOptions;
1638 resolverOptions.hosts = custHostV4V6;
1639 if (!mIsResolverOptionIPCSupported) {
1640 resolverParams.resolverOptions = resolverOptions;
1641 }
1642 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1643
1644 if (mIsResolverOptionIPCSupported) {
1645 ASSERT_TRUE(mDnsClient.resolvService()
1646 ->setResolverOptions(resolverParams.netId, resolverOptions)
1647 .isOk());
1648 }
1649
1650 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1651 ScopedAddrinfo result = safe_getaddrinfo(hostnameV4V6, nullptr, &hints);
1652 ASSERT_TRUE(result != nullptr);
1653 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray({custAddrV4, custAddrV6}));
1654 EXPECT_EQ(0U, GetNumQueries(dns, hostnameV4V6));
1655
1656 resolverOptions.hosts = {};
1657 if (!mIsResolverOptionIPCSupported) {
1658 resolverParams.resolverOptions = resolverOptions;
1659 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1660 } else {
1661 ASSERT_TRUE(mDnsClient.resolvService()
1662 ->setResolverOptions(resolverParams.netId, resolverOptions)
1663 .isOk());
1664 }
1665 result = safe_getaddrinfo(hostnameV4V6, nullptr, &hints);
1666 ASSERT_TRUE(result != nullptr);
1667 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray({dnsSvAddrV4, dnsSvAddrV6}));
1668 EXPECT_EQ(2U, GetNumQueries(dns, hostnameV4V6));
1669 }
1670
TEST_F(ResolverTest,GetAddrInfoV4V6FromCustTable_MultiAnswers)1671 TEST_F(ResolverTest, GetAddrInfoV4V6FromCustTable_MultiAnswers) {
1672 test::DNSResponder dns;
1673 StartDns(dns, {});
1674
1675 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1676 ResolverOptionsParcel resolverOptions;
1677 resolverOptions.hosts = {
1678 {kHelloExampleComAddrV4, kHelloExampleCom},
1679 {kHelloExampleComAddrV6_GUA, kHelloExampleCom},
1680 {kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleCom},
1681 {kHelloExampleComAddrV6_TEREDO, kHelloExampleCom},
1682 };
1683 if (!mIsResolverOptionIPCSupported) {
1684 resolverParams.resolverOptions = resolverOptions;
1685 }
1686 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1687
1688 if (mIsResolverOptionIPCSupported) {
1689 ASSERT_TRUE(mDnsClient.resolvService()
1690 ->setResolverOptions(resolverParams.netId, resolverOptions)
1691 .isOk());
1692 }
1693
1694 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1695 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1696 ASSERT_TRUE(result != nullptr);
1697 // Expect the order is the same as the order of record insertion because the custom table uses
1698 // std::multimap to store and the queried results are not sorted by RFC 6724.
1699 // See getCustomHosts in packages/modules/DnsResolver/getaddrinfo.cpp
1700 EXPECT_THAT(ToStrings(result),
1701 testing::ElementsAreArray({kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1702 kHelloExampleComAddrV6_IPV4COMPAT,
1703 kHelloExampleComAddrV6_TEREDO}));
1704 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
1705
1706 hints = {.ai_family = AF_UNSPEC};
1707 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1708 ASSERT_TRUE(result != nullptr);
1709 // The overall result is the concatenation of each result from explore_fqdn().
1710 // resolv_getaddrinfo() calls explore_fqdn() many times by the different explore_options.
1711 // It means that the results of each explore_options keep the order and concatenates
1712 // all results into one link list. The address order of the output addrinfo is:
1713 // 1.2.3.4 (socktype=2, protocol=17) ->
1714 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1715 // ::1.2.3.4 (socktype=2, protocol=17) ->
1716 // 2001::47c1 (socktype=2, protocol=17) ->
1717 // 1.2.3.4 (socktype=1, protocol=6) ->
1718 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1719 // ::1.2.3.4 (socktype=1, protocol=6) ->
1720 // 2001::47c1 (socktype=1, protocol=6)
1721 //
1722 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1723 EXPECT_THAT(ToStrings(result),
1724 testing::ElementsAreArray(
1725 {kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1726 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_TEREDO,
1727 kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1728 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_TEREDO}));
1729 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
1730 }
1731
TEST_F(ResolverTest,EmptySetup)1732 TEST_F(ResolverTest, EmptySetup) {
1733 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParamsParcel{.netId = TEST_NETID}));
1734 const auto resolvInfo = mDnsClient.getResolverInfo();
1735 ASSERT_RESULT_OK(resolvInfo);
1736 EXPECT_TRUE(resolvInfo.value().dnsServers.empty());
1737 EXPECT_TRUE(resolvInfo.value().domains.empty());
1738 EXPECT_TRUE(resolvInfo.value().dotServers.empty());
1739 EXPECT_EQ(0U, resolvInfo.value().params.sample_validity);
1740 EXPECT_EQ(0U, resolvInfo.value().params.success_threshold);
1741 EXPECT_EQ(0U, resolvInfo.value().params.min_samples);
1742 EXPECT_EQ(0U, resolvInfo.value().params.max_samples);
1743 // We don't check baseTimeoutMsec and retryCount because their value differ depending on
1744 // the experiment flags.
1745 }
1746
TEST_F(ResolverTest,SearchPathChange)1747 TEST_F(ResolverTest, SearchPathChange) {
1748 constexpr char listen_addr[] = "127.0.0.13";
1749 constexpr char host_name1[] = "test13.domain1.org.";
1750 constexpr char host_name2[] = "test13.domain2.org.";
1751 std::vector<std::string> servers = {listen_addr};
1752 std::vector<std::string> domains = {"domain1.org"};
1753
1754 const std::vector<DnsRecord> records = {
1755 {host_name1, ns_type::ns_t_aaaa, "2001:db8::13"},
1756 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13"},
1757 };
1758 test::DNSResponder dns(listen_addr);
1759 StartDns(dns, records);
1760 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1761
1762 const addrinfo hints = {.ai_family = AF_INET6};
1763 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
1764 EXPECT_TRUE(result != nullptr);
1765 EXPECT_EQ(1U, dns.queries().size());
1766 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
1767 EXPECT_EQ("2001:db8::13", ToString(result));
1768
1769 // Test that changing the domain search path on its own works.
1770 domains = {"domain2.org"};
1771 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1772 dns.clearQueries();
1773
1774 result = safe_getaddrinfo("test13", nullptr, &hints);
1775 EXPECT_TRUE(result != nullptr);
1776 EXPECT_EQ(1U, dns.queries().size());
1777 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
1778 EXPECT_EQ("2001:db8::1:13", ToString(result));
1779 }
1780
TEST_F(ResolverTest,SearchPathPrune)1781 TEST_F(ResolverTest, SearchPathPrune) {
1782 constexpr size_t DUPLICATED_DOMAIN_NUM = 3;
1783 constexpr char listen_addr[] = "127.0.0.13";
1784 constexpr char domian_name1[] = "domain13.org.";
1785 constexpr char domian_name2[] = "domain14.org.";
1786 constexpr char host_name1[] = "test13.domain13.org.";
1787 constexpr char host_name2[] = "test14.domain14.org.";
1788 std::vector<std::string> servers = {listen_addr};
1789
1790 std::vector<std::string> testDomains1;
1791 std::vector<std::string> testDomains2;
1792 // Domain length should be <= 255
1793 // Max number of domains in search path is 6
1794 for (size_t i = 0; i < MAXDNSRCH + 1; i++) {
1795 // Fill up with invalid domain
1796 testDomains1.push_back(std::string(300, i + '0'));
1797 // Fill up with valid but duplicated domain
1798 testDomains2.push_back(fmt::format("domain{}.org", i % DUPLICATED_DOMAIN_NUM));
1799 }
1800
1801 // Add valid domain used for query.
1802 testDomains1.push_back(domian_name1);
1803
1804 // Add valid domain twice used for query.
1805 testDomains2.push_back(domian_name2);
1806 testDomains2.push_back(domian_name2);
1807
1808 const std::vector<DnsRecord> records = {
1809 {host_name1, ns_type::ns_t_aaaa, "2001:db8::13"},
1810 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13"},
1811 };
1812 test::DNSResponder dns(listen_addr);
1813 StartDns(dns, records);
1814 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, testDomains1));
1815
1816 const addrinfo hints = {.ai_family = AF_INET6};
1817 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
1818
1819 EXPECT_TRUE(result != nullptr);
1820
1821 EXPECT_EQ(1U, dns.queries().size());
1822 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
1823 EXPECT_EQ("2001:db8::13", ToString(result));
1824
1825 auto resolvInfo = mDnsClient.getResolverInfo();
1826 ASSERT_RESULT_OK(resolvInfo);
1827 const auto& res_domains1 = resolvInfo.value().domains;
1828 // Expect 1 valid domain, invalid domains are removed.
1829 ASSERT_EQ(1U, res_domains1.size());
1830 EXPECT_EQ(domian_name1, res_domains1[0]);
1831
1832 dns.clearQueries();
1833
1834 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, testDomains2));
1835
1836 result = safe_getaddrinfo("test14", nullptr, &hints);
1837 EXPECT_TRUE(result != nullptr);
1838
1839 // (3 domains * 2 retries) + 1 success query = 7
1840 EXPECT_EQ(7U, dns.queries().size());
1841 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
1842 EXPECT_EQ("2001:db8::1:13", ToString(result));
1843
1844 resolvInfo = mDnsClient.getResolverInfo();
1845 ASSERT_RESULT_OK(resolvInfo);
1846 const auto& res_domains2 = resolvInfo.value().domains;
1847 // Expect 4 valid domain, duplicate domains are removed.
1848 EXPECT_EQ(DUPLICATED_DOMAIN_NUM + 1U, res_domains2.size());
1849 EXPECT_THAT(
1850 std::vector<std::string>({"domain0.org", "domain1.org", "domain2.org", domian_name2}),
1851 testing::ElementsAreArray(res_domains2));
1852 }
1853
1854 // If we move this function to dns_responder_client, it will complicate the dependency need of
1855 // dns_tls_frontend.h.
setupTlsServers(const std::vector<std::string> & servers,std::vector<std::unique_ptr<test::DnsTlsFrontend>> * tls)1856 static void setupTlsServers(const std::vector<std::string>& servers,
1857 std::vector<std::unique_ptr<test::DnsTlsFrontend>>* tls) {
1858 constexpr char listen_udp[] = "53";
1859 constexpr char listen_tls[] = "853";
1860
1861 for (const auto& server : servers) {
1862 auto t = std::make_unique<test::DnsTlsFrontend>(server, listen_tls, server, listen_udp);
1863 t = std::make_unique<test::DnsTlsFrontend>(server, listen_tls, server, listen_udp);
1864 t->startServer();
1865 tls->push_back(std::move(t));
1866 }
1867 }
1868
TEST_F(ResolverTest,MaxServerPrune_Binder)1869 TEST_F(ResolverTest, MaxServerPrune_Binder) {
1870 std::vector<std::string> domains;
1871 std::vector<std::unique_ptr<test::DNSResponder>> dns;
1872 std::vector<std::unique_ptr<test::DnsTlsFrontend>> tls;
1873 std::vector<std::string> servers;
1874 std::vector<DnsResponderClient::Mapping> mappings;
1875
1876 for (unsigned i = 0; i < MAXDNSRCH + 1; i++) {
1877 domains.push_back(fmt::format("example{}.com", i));
1878 }
1879 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupMappings(1, domains, &mappings));
1880 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupDNSServers(MAXNS + 1, mappings, &dns, &servers));
1881 ASSERT_NO_FATAL_FAILURE(setupTlsServers(servers, &tls));
1882
1883 const auto parcel = ResolverParams::Builder()
1884 .setDomains(domains)
1885 .setDnsServers(servers)
1886 .setDotServers(servers)
1887 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
1888 .build();
1889 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1890
1891 // If the private DNS validation hasn't completed yet before backend DNS servers stop,
1892 // TLS servers will get stuck in handleOneRequest(), which causes this test stuck in
1893 // ~DnsTlsFrontend() because the TLS server loop threads can't be terminated.
1894 // So, wait for private DNS validation done before stopping backend DNS servers.
1895 for (int i = 0; i < MAXNS; i++) {
1896 LOG(INFO) << "Waiting for private DNS validation on " << tls[i]->listen_address() << ".";
1897 EXPECT_TRUE(WaitForPrivateDnsValidation(tls[i]->listen_address(), true));
1898 LOG(INFO) << "private DNS validation on " << tls[i]->listen_address() << " done.";
1899 }
1900
1901 const auto resolvInfo = mDnsClient.getResolverInfo();
1902 ASSERT_RESULT_OK(resolvInfo);
1903 EXPECT_EQ(static_cast<size_t>(MAXNS), resolvInfo.value().dnsServers.size());
1904 EXPECT_EQ(static_cast<size_t>(MAXNS), resolvInfo.value().dotServers.size());
1905 EXPECT_EQ(static_cast<size_t>(MAXDNSRCH), resolvInfo.value().domains.size());
1906 EXPECT_TRUE(std::equal(servers.begin(), servers.begin() + MAXNS,
1907 resolvInfo.value().dnsServers.begin()));
1908 EXPECT_TRUE(std::equal(servers.begin(), servers.begin() + MAXNS,
1909 resolvInfo.value().dotServers.begin()));
1910 EXPECT_TRUE(std::equal(domains.begin(), domains.begin() + MAXDNSRCH,
1911 resolvInfo.value().domains.begin()));
1912 }
1913
TEST_F(ResolverTest,ResolverStats)1914 TEST_F(ResolverTest, ResolverStats) {
1915 constexpr char listen_addr1[] = "127.0.0.4";
1916 constexpr char listen_addr2[] = "127.0.0.5";
1917 constexpr char listen_addr3[] = "127.0.0.6";
1918
1919 // Set server 1 timeout.
1920 test::DNSResponder dns1(listen_addr1, "53", static_cast<ns_rcode>(-1));
1921 dns1.setResponseProbability(0.0);
1922 ASSERT_TRUE(dns1.startServer());
1923
1924 // Set server 2 responding server failure.
1925 test::DNSResponder dns2(listen_addr2);
1926 dns2.setResponseProbability(0.0);
1927 ASSERT_TRUE(dns2.startServer());
1928
1929 // Set server 3 workable.
1930 test::DNSResponder dns3(listen_addr3);
1931 dns3.addMapping(kHelloExampleCom, ns_type::ns_t_a, "1.2.3.4");
1932 ASSERT_TRUE(dns3.startServer());
1933
1934 std::vector<std::string> servers = {listen_addr1, listen_addr2, listen_addr3};
1935 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
1936
1937 dns3.clearQueries();
1938 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1939 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1940 size_t found = GetNumQueries(dns3, kHelloExampleCom);
1941 EXPECT_LE(1U, found);
1942 std::string result_str = ToString(result);
1943 EXPECT_TRUE(result_str == "1.2.3.4") << ", result_str='" << result_str << "'";
1944
1945 const std::vector<NameserverStats> expectedCleartextDnsStats = {
1946 NameserverStats(listen_addr1).setTimeouts(1),
1947 NameserverStats(listen_addr2).setErrors(1),
1948 NameserverStats(listen_addr3).setSuccesses(1).setRttAvg(1),
1949 };
1950 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
1951 }
1952
TEST_F(ResolverTest,AlwaysUseLatestSetupParamsInLookups)1953 TEST_F(ResolverTest, AlwaysUseLatestSetupParamsInLookups) {
1954 constexpr char listen_addr1[] = "127.0.0.3";
1955 constexpr char listen_addr2[] = "255.255.255.255";
1956 constexpr char listen_addr3[] = "127.0.0.4";
1957 constexpr char hostname[] = "hello";
1958 constexpr char fqdn_with_search_domain[] = "hello.domain2.com.";
1959
1960 test::DNSResponder dns1(listen_addr1, test::kDefaultListenService, static_cast<ns_rcode>(-1));
1961 dns1.setResponseProbability(0.0);
1962 ASSERT_TRUE(dns1.startServer());
1963
1964 test::DNSResponder dns3(listen_addr3);
1965 StartDns(dns3, {{fqdn_with_search_domain, ns_type::ns_t_a, "1.2.3.4"}});
1966
1967 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
1968 parcel.tlsServers.clear();
1969 parcel.servers = {listen_addr1, listen_addr2};
1970 parcel.domains = {"domain1.com", "domain2.com"};
1971 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1972
1973 // Expect the things happening in t1:
1974 // 1. The lookup starts using the first domain for query. It sends queries to the populated
1975 // nameserver list {listen_addr1, listen_addr2} for the hostname "hello.domain1.com".
1976 // 2. A different list of nameservers is updated to the resolver. Revision ID is incremented.
1977 // 3. The query for the hostname times out. The lookup fails to add the timeout record to the
1978 // the stats because of the unmatched revision ID.
1979 // 4. The lookup starts using the second domain for query. It sends queries to the populated
1980 // nameserver list {listen_addr3, listen_addr1, listen_addr2} for another hostname
1981 // "hello.domain2.com".
1982 // 5. The lookup gets the answer and updates a success record to the stats.
1983 std::thread t1([&hostname]() {
1984 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1985 ScopedAddrinfo result = safe_getaddrinfo(hostname, nullptr, &hints);
1986 EXPECT_NE(result.get(), nullptr);
1987 EXPECT_EQ(ToString(result), "1.2.3.4");
1988 });
1989
1990 // Wait for t1 to start the step 1.
1991 while (dns1.queries().size() == 0) {
1992 usleep(1000);
1993 }
1994
1995 // Update the resolver with three nameservers. This will increment the revision ID.
1996 parcel.servers = {listen_addr3, listen_addr1, listen_addr2};
1997 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1998
1999 t1.join();
2000 EXPECT_EQ(0U, GetNumQueriesForType(dns3, ns_type::ns_t_aaaa, fqdn_with_search_domain));
2001 EXPECT_EQ(1U, GetNumQueriesForType(dns3, ns_type::ns_t_a, fqdn_with_search_domain));
2002
2003 const std::vector<NameserverStats> expectedCleartextDnsStats = {
2004 NameserverStats(listen_addr1),
2005 NameserverStats(listen_addr2),
2006 NameserverStats(listen_addr3).setSuccesses(1).setRttAvg(1),
2007 };
2008 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
2009 }
2010
2011 // Test what happens if the specified TLS server is nonexistent.
TEST_F(ResolverTest,GetHostByName_TlsMissing)2012 TEST_F(ResolverTest, GetHostByName_TlsMissing) {
2013 constexpr char host_name[] = "tlsmissing.example.com.";
2014 test::DNSResponder dns;
2015 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.3"}});
2016
2017 // There's nothing listening on this address, so validation will either fail or
2018 /// hang. Either way, queries will continue to flow to the DNSResponder.
2019 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2020
2021 const hostent* result;
2022 result = gethostbyname("tlsmissing");
2023 ASSERT_FALSE(result == nullptr);
2024 EXPECT_EQ("1.2.3.3", ToString(result));
2025 }
2026
2027 // Test what happens if the specified TLS server replies with garbage.
TEST_F(ResolverTest,GetHostByName_TlsBroken)2028 TEST_F(ResolverTest, GetHostByName_TlsBroken) {
2029 constexpr char host_name1[] = "tlsbroken1.example.com.";
2030 constexpr char host_name2[] = "tlsbroken2.example.com.";
2031 const std::vector<DnsRecord> records = {
2032 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2033 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2034 };
2035
2036 test::DNSResponder dns;
2037 StartDns(dns, records);
2038
2039 // Bind the specified private DNS socket but don't respond to any client sockets yet.
2040 int s = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
2041 ASSERT_TRUE(s >= 0);
2042 struct sockaddr_in tlsServer = {
2043 .sin_family = AF_INET,
2044 .sin_port = htons(853),
2045 };
2046 ASSERT_TRUE(inet_pton(AF_INET, kDefaultServer, &tlsServer.sin_addr));
2047 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEPORT).ok());
2048 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEADDR).ok());
2049 ASSERT_FALSE(bind(s, reinterpret_cast<struct sockaddr*>(&tlsServer), sizeof(tlsServer)));
2050 ASSERT_FALSE(listen(s, 1));
2051
2052 // Trigger TLS validation.
2053 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2054
2055 struct sockaddr_storage cliaddr;
2056 socklen_t sin_size = sizeof(cliaddr);
2057 int new_fd = accept4(s, reinterpret_cast<struct sockaddr*>(&cliaddr), &sin_size, SOCK_CLOEXEC);
2058 ASSERT_TRUE(new_fd > 0);
2059
2060 // We've received the new file descriptor but not written to it or closed, so the
2061 // validation is still pending. Queries should still flow correctly because the
2062 // server is not used until validation succeeds.
2063 const hostent* result;
2064 result = gethostbyname("tlsbroken1");
2065 ASSERT_FALSE(result == nullptr);
2066 EXPECT_EQ("1.2.3.1", ToString(result));
2067
2068 // Now we cause the validation to fail.
2069 std::string garbage = "definitely not a valid TLS ServerHello";
2070 write(new_fd, garbage.data(), garbage.size());
2071 close(new_fd);
2072
2073 // Validation failure shouldn't interfere with lookups, because lookups won't be sent
2074 // to the TLS server unless validation succeeds.
2075 result = gethostbyname("tlsbroken2");
2076 ASSERT_FALSE(result == nullptr);
2077 EXPECT_EQ("1.2.3.2", ToString(result));
2078
2079 // Clear TLS bit.
2080 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2081 close(s);
2082 }
2083
TEST_F(ResolverTest,GetHostByName_Tls)2084 TEST_F(ResolverTest, GetHostByName_Tls) {
2085 constexpr char listen_udp[] = "53";
2086 constexpr char listen_tls[] = "853";
2087 constexpr char host_name1[] = "tls1.example.com.";
2088 constexpr char host_name2[] = "tls2.example.com.";
2089 constexpr char host_name3[] = "tls3.example.com.";
2090 const std::vector<DnsRecord> records = {
2091 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2092 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2093 {host_name3, ns_type::ns_t_a, "1.2.3.3"},
2094 };
2095
2096 test::DNSResponder dns;
2097 StartDns(dns, records);
2098
2099 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2100 ASSERT_TRUE(tls.startServer());
2101 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2102 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2103
2104 const hostent* result = gethostbyname("tls1");
2105 ASSERT_FALSE(result == nullptr);
2106 EXPECT_EQ("1.2.3.1", ToString(result));
2107
2108 // Wait for query to get counted.
2109 EXPECT_TRUE(tls.waitForQueries(2));
2110
2111 // Stop the TLS server. Since we're in opportunistic mode, queries will
2112 // fall back to the locally-assigned (clear text) nameservers.
2113 tls.stopServer();
2114
2115 dns.clearQueries();
2116 result = gethostbyname("tls2");
2117 EXPECT_FALSE(result == nullptr);
2118 EXPECT_EQ("1.2.3.2", ToString(result));
2119 const auto queries = dns.queries();
2120 EXPECT_EQ(1U, queries.size());
2121 EXPECT_EQ("tls2.example.com.", queries[0].name);
2122 EXPECT_EQ(ns_t_a, queries[0].type);
2123
2124 // Reset the resolvers without enabling TLS. Queries should still be routed
2125 // to the UDP endpoint.
2126 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2127
2128 result = gethostbyname("tls3");
2129 ASSERT_FALSE(result == nullptr);
2130 EXPECT_EQ("1.2.3.3", ToString(result));
2131 }
2132
TEST_F(ResolverTest,GetHostByName_TlsFailover)2133 TEST_F(ResolverTest, GetHostByName_TlsFailover) {
2134 constexpr char listen_addr1[] = "127.0.0.3";
2135 constexpr char listen_addr2[] = "127.0.0.4";
2136 constexpr char listen_udp[] = "53";
2137 constexpr char listen_tls[] = "853";
2138 constexpr char host_name1[] = "tlsfailover1.example.com.";
2139 constexpr char host_name2[] = "tlsfailover2.example.com.";
2140 const std::vector<DnsRecord> records1 = {
2141 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2142 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2143 };
2144 const std::vector<DnsRecord> records2 = {
2145 {host_name1, ns_type::ns_t_a, "1.2.3.3"},
2146 {host_name2, ns_type::ns_t_a, "1.2.3.4"},
2147 };
2148
2149 test::DNSResponder dns1(listen_addr1);
2150 test::DNSResponder dns2(listen_addr2);
2151 StartDns(dns1, records1);
2152 StartDns(dns2, records2);
2153
2154 std::vector<std::string> servers = {listen_addr1, listen_addr2};
2155
2156 test::DnsTlsFrontend tls1(listen_addr1, listen_tls, listen_addr1, listen_udp);
2157 test::DnsTlsFrontend tls2(listen_addr2, listen_tls, listen_addr2, listen_udp);
2158 ASSERT_TRUE(tls1.startServer());
2159 ASSERT_TRUE(tls2.startServer());
2160 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2161 ResolverParams::Builder()
2162 .setDnsServers(servers)
2163 .setDotServers(servers)
2164 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
2165 .build()));
2166 EXPECT_TRUE(WaitForPrivateDnsValidation(tls1.listen_address(), true));
2167 EXPECT_TRUE(WaitForPrivateDnsValidation(tls2.listen_address(), true));
2168
2169 const hostent* result = gethostbyname("tlsfailover1");
2170 ASSERT_FALSE(result == nullptr);
2171 EXPECT_EQ("1.2.3.1", ToString(result));
2172
2173 // Wait for query to get counted.
2174 EXPECT_TRUE(tls1.waitForQueries(2));
2175 // No new queries should have reached tls2.
2176 EXPECT_TRUE(tls2.waitForQueries(1));
2177
2178 // Stop tls1. Subsequent queries should attempt to reach tls1, fail, and retry to tls2.
2179 tls1.stopServer();
2180
2181 result = gethostbyname("tlsfailover2");
2182 EXPECT_EQ("1.2.3.4", ToString(result));
2183
2184 // Wait for query to get counted.
2185 EXPECT_TRUE(tls2.waitForQueries(2));
2186
2187 // No additional queries should have reached the insecure servers.
2188 EXPECT_EQ(2U, dns1.queries().size());
2189 EXPECT_EQ(2U, dns2.queries().size());
2190
2191 // Clear TLS bit.
2192 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2193 }
2194
TEST_F(ResolverTest,GetHostByName_BadTlsName)2195 TEST_F(ResolverTest, GetHostByName_BadTlsName) {
2196 constexpr char listen_udp[] = "53";
2197 constexpr char listen_tls[] = "853";
2198 constexpr char host_name[] = "badtlsname.example.com.";
2199
2200 test::DNSResponder dns;
2201 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.1"}});
2202
2203 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2204 ASSERT_TRUE(tls.startServer());
2205 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2206 ResolverParams::Builder()
2207 .setPrivateDnsProvider(kDefaultIncorrectPrivateDnsHostName)
2208 .build()));
2209
2210 // The TLS handshake would fail because the name of TLS server doesn't
2211 // match with TLS server's certificate.
2212 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), false));
2213
2214 // The query should fail hard, because a name was specified.
2215 EXPECT_EQ(nullptr, gethostbyname("badtlsname"));
2216
2217 // Clear TLS bit.
2218 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2219 }
2220
TEST_F(ResolverTest,GetAddrInfo_Tls)2221 TEST_F(ResolverTest, GetAddrInfo_Tls) {
2222 constexpr char listen_udp[] = "53";
2223 constexpr char listen_tls[] = "853";
2224 constexpr char host_name[] = "addrinfotls.example.com.";
2225 const std::vector<DnsRecord> records = {
2226 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2227 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2228 };
2229
2230 test::DNSResponder dns;
2231 StartDns(dns, records);
2232
2233 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2234 ASSERT_TRUE(tls.startServer());
2235 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2236 ResolverParams::Builder().setPrivateDnsProvider(kDefaultPrivateDnsHostName).build()));
2237 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2238
2239 dns.clearQueries();
2240 ScopedAddrinfo result = safe_getaddrinfo("addrinfotls", nullptr, nullptr);
2241 EXPECT_TRUE(result != nullptr);
2242 size_t found = GetNumQueries(dns, host_name);
2243 EXPECT_LE(1U, found);
2244 // Could be A or AAAA
2245 std::string result_str = ToString(result);
2246 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
2247 << ", result_str='" << result_str << "'";
2248 // Wait for both A and AAAA queries to get counted.
2249 EXPECT_TRUE(tls.waitForQueries(3));
2250 }
2251
TEST_F(ResolverTest,TlsBypass)2252 TEST_F(ResolverTest, TlsBypass) {
2253 const char OFF[] = "off";
2254 const char OPPORTUNISTIC[] = "opportunistic";
2255 const char STRICT[] = "strict";
2256
2257 const char GETHOSTBYNAME[] = "gethostbyname";
2258 const char GETADDRINFO[] = "getaddrinfo";
2259 const char GETADDRINFOFORNET[] = "getaddrinfofornet";
2260
2261 const unsigned BYPASS_NETID = NETID_USE_LOCAL_NAMESERVERS | TEST_NETID;
2262
2263 const char ADDR4[] = "192.0.2.1";
2264 const char ADDR6[] = "2001:db8::1";
2265
2266 const char cleartext_addr[] = "127.0.0.53";
2267 const char cleartext_port[] = "53";
2268 const char tls_port[] = "853";
2269 const std::vector<std::string> servers = {cleartext_addr};
2270
2271 test::DNSResponder dns(cleartext_addr);
2272 ASSERT_TRUE(dns.startServer());
2273
2274 test::DnsTlsFrontend tls(cleartext_addr, tls_port, cleartext_addr, cleartext_port);
2275 ASSERT_TRUE(tls.startServer());
2276
2277 // clang-format off
2278 struct TestConfig {
2279 const std::string mode;
2280 const bool withWorkingTLS;
2281 const std::string method;
2282
2283 std::string asHostName() const {
2284 return fmt::format("{}.{}.{}.", mode, withWorkingTLS ? "tlsOn" : "tlsOff",
2285 method);
2286 }
2287 } testConfigs[]{
2288 {OFF, true, GETHOSTBYNAME},
2289 {OPPORTUNISTIC, true, GETHOSTBYNAME},
2290 {STRICT, true, GETHOSTBYNAME},
2291 {OFF, true, GETADDRINFO},
2292 {OPPORTUNISTIC, true, GETADDRINFO},
2293 {STRICT, true, GETADDRINFO},
2294 {OFF, true, GETADDRINFOFORNET},
2295 {OPPORTUNISTIC, true, GETADDRINFOFORNET},
2296 {STRICT, true, GETADDRINFOFORNET},
2297 {OFF, false, GETHOSTBYNAME},
2298 {OPPORTUNISTIC, false, GETHOSTBYNAME},
2299 {STRICT, false, GETHOSTBYNAME},
2300 {OFF, false, GETADDRINFO},
2301 {OPPORTUNISTIC, false, GETADDRINFO},
2302 {STRICT, false, GETADDRINFO},
2303 {OFF, false, GETADDRINFOFORNET},
2304 {OPPORTUNISTIC, false, GETADDRINFOFORNET},
2305 {STRICT, false, GETADDRINFOFORNET},
2306 };
2307 // clang-format on
2308
2309 for (const auto& config : testConfigs) {
2310 const std::string testHostName = config.asHostName();
2311 SCOPED_TRACE(testHostName);
2312
2313 // Don't tempt test bugs due to caching.
2314 const char* host_name = testHostName.c_str();
2315 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
2316 dns.addMapping(host_name, ns_type::ns_t_aaaa, ADDR6);
2317
2318 if (config.withWorkingTLS) {
2319 if (!tls.running()) {
2320 ASSERT_TRUE(tls.startServer());
2321 }
2322 } else {
2323 if (tls.running()) {
2324 ASSERT_TRUE(tls.stopServer());
2325 }
2326 }
2327
2328 if (config.mode == OFF) {
2329 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2330 } else /* OPPORTUNISTIC or STRICT */ {
2331 auto builder = ResolverParams::Builder().setDnsServers(servers).setDotServers(servers);
2332 if (config.mode == STRICT) builder.setPrivateDnsProvider(kDefaultPrivateDnsHostName);
2333 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.build()));
2334
2335 // Wait for the validation event. If the server is running, the validation should
2336 // succeed; otherwise, the validation should fail.
2337 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), config.withWorkingTLS));
2338 if (config.withWorkingTLS) {
2339 EXPECT_TRUE(tls.waitForQueries(1));
2340 tls.clearQueries();
2341 }
2342 }
2343
2344 const hostent* h_result = nullptr;
2345 ScopedAddrinfo ai_result;
2346
2347 if (config.method == GETHOSTBYNAME) {
2348 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
2349 h_result = gethostbyname(host_name);
2350
2351 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
2352 ASSERT_FALSE(h_result == nullptr);
2353 ASSERT_EQ(4, h_result->h_length);
2354 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
2355 EXPECT_EQ(ADDR4, ToString(h_result));
2356 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
2357 } else if (config.method == GETADDRINFO) {
2358 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
2359 ai_result = safe_getaddrinfo(host_name, nullptr, nullptr);
2360 EXPECT_TRUE(ai_result != nullptr);
2361
2362 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2363 // Could be A or AAAA
2364 const std::string result_str = ToString(ai_result);
2365 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
2366 << ", result_str='" << result_str << "'";
2367 } else if (config.method == GETADDRINFOFORNET) {
2368 addrinfo* raw_ai_result = nullptr;
2369 EXPECT_EQ(0, android_getaddrinfofornet(host_name, /*servname=*/nullptr,
2370 /*hints=*/nullptr, BYPASS_NETID, MARK_UNSET,
2371 &raw_ai_result));
2372 ai_result.reset(raw_ai_result);
2373
2374 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2375 // Could be A or AAAA
2376 const std::string result_str = ToString(ai_result);
2377 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
2378 << ", result_str='" << result_str << "'";
2379 }
2380
2381 EXPECT_EQ(0, tls.queries());
2382
2383 // Clear per-process resolv netid.
2384 ASSERT_EQ(0, setNetworkForResolv(NETID_UNSET));
2385 dns.clearQueries();
2386 }
2387 }
2388
TEST_F(ResolverTest,StrictMode_NoTlsServers)2389 TEST_F(ResolverTest, StrictMode_NoTlsServers) {
2390 constexpr char host_name[] = "strictmode.notlsips.example.com.";
2391 const std::vector<DnsRecord> records = {
2392 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2393 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2394 };
2395
2396 test::DNSResponder dns(kDefaultServer);
2397 StartDns(dns, records);
2398 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2399 ResolverParams::Builder()
2400 .setPrivateDnsProvider(kDefaultIncorrectPrivateDnsHostName)
2401 .build()));
2402
2403 addrinfo* ai_result = nullptr;
2404 EXPECT_NE(0, getaddrinfo(host_name, nullptr, nullptr, &ai_result));
2405 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
2406 }
2407
2408 namespace {
2409
getAsyncResponse(int fd,int * rcode,uint8_t * buf,int bufLen)2410 int getAsyncResponse(int fd, int* rcode, uint8_t* buf, int bufLen) {
2411 struct pollfd wait_fd[1];
2412 wait_fd[0].fd = fd;
2413 wait_fd[0].events = POLLIN;
2414 short revents;
2415
2416 if (int ret = poll(wait_fd, 1, -1); ret <= 0) {
2417 return -1;
2418 }
2419 revents = wait_fd[0].revents;
2420 if (revents & POLLIN) {
2421 return resNetworkResult(fd, rcode, buf, bufLen);
2422 }
2423 return -1;
2424 }
2425
toString(uint8_t * buf,int bufLen,int ipType)2426 std::string toString(uint8_t* buf, int bufLen, int ipType) {
2427 ns_msg handle;
2428 ns_rr rr;
2429
2430 if (ns_initparse((const uint8_t*)buf, bufLen, &handle) >= 0) {
2431 if (ns_parserr(&handle, ns_s_an, 0, &rr) == 0) {
2432 const uint8_t* rdata = ns_rr_rdata(rr);
2433 char buffer[INET6_ADDRSTRLEN];
2434 if (inet_ntop(ipType, (const char*)rdata, buffer, sizeof(buffer))) {
2435 return buffer;
2436 }
2437 }
2438 }
2439 return "";
2440 }
2441
dns_open_proxy()2442 int dns_open_proxy() {
2443 int s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
2444 if (s == -1) {
2445 return -1;
2446 }
2447 const int one = 1;
2448 setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
2449
2450 static const struct sockaddr_un proxy_addr = {
2451 .sun_family = AF_UNIX,
2452 .sun_path = "/dev/socket/dnsproxyd",
2453 };
2454
2455 if (TEMP_FAILURE_RETRY(connect(s, (const struct sockaddr*)&proxy_addr, sizeof(proxy_addr))) !=
2456 0) {
2457 close(s);
2458 return -1;
2459 }
2460
2461 return s;
2462 }
2463
expectAnswersValid(int fd,int ipType,const std::string & expectedAnswer)2464 void expectAnswersValid(int fd, int ipType, const std::string& expectedAnswer) {
2465 int rcode = -1;
2466 uint8_t buf[MAXPACKET] = {};
2467
2468 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2469 EXPECT_GT(res, 0);
2470 EXPECT_EQ(expectedAnswer, toString(buf, res, ipType));
2471 }
2472
expectAnswersNotValid(int fd,int expectedErrno)2473 void expectAnswersNotValid(int fd, int expectedErrno) {
2474 int rcode = -1;
2475 uint8_t buf[MAXPACKET] = {};
2476
2477 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2478 EXPECT_EQ(expectedErrno, res);
2479 }
2480
2481 } // namespace
2482
TEST_F(ResolverTest,Async_NormalQueryV4V6)2483 TEST_F(ResolverTest, Async_NormalQueryV4V6) {
2484 constexpr char listen_addr[] = "127.0.0.4";
2485 constexpr char host_name[] = "howdy.example.com.";
2486 const std::vector<DnsRecord> records = {
2487 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2488 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2489 };
2490
2491 test::DNSResponder dns(listen_addr);
2492 StartDns(dns, records);
2493 std::vector<std::string> servers = {listen_addr};
2494 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2495
2496 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2497 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2498 EXPECT_TRUE(fd1 != -1);
2499 EXPECT_TRUE(fd2 != -1);
2500
2501 uint8_t buf[MAXPACKET] = {};
2502 int rcode;
2503 int res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2504 EXPECT_GT(res, 0);
2505 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2506
2507 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2508 EXPECT_GT(res, 0);
2509 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2510
2511 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
2512
2513 // Re-query verify cache works
2514 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2515 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2516
2517 EXPECT_TRUE(fd1 != -1);
2518 EXPECT_TRUE(fd2 != -1);
2519
2520 res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2521 EXPECT_GT(res, 0);
2522 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2523
2524 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2525 EXPECT_GT(res, 0);
2526 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2527
2528 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
2529 }
2530
TEST_F(ResolverTest,Async_BadQuery)2531 TEST_F(ResolverTest, Async_BadQuery) {
2532 constexpr char listen_addr[] = "127.0.0.4";
2533 constexpr char host_name[] = "howdy.example.com.";
2534 const std::vector<DnsRecord> records = {
2535 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2536 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2537 };
2538
2539 test::DNSResponder dns(listen_addr);
2540 StartDns(dns, records);
2541 std::vector<std::string> servers = {listen_addr};
2542 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2543
2544 static struct {
2545 int fd;
2546 const char* dname;
2547 const int queryType;
2548 const int expectRcode;
2549 } kTestData[] = {
2550 {-1, "", ns_t_aaaa, 0},
2551 {-1, "as65ass46", ns_t_aaaa, 0},
2552 {-1, "454564564564", ns_t_aaaa, 0},
2553 {-1, "h645235", ns_t_a, 0},
2554 {-1, "www.google.com", ns_t_a, 0},
2555 };
2556
2557 for (auto& td : kTestData) {
2558 SCOPED_TRACE(td.dname);
2559 td.fd = resNetworkQuery(TEST_NETID, td.dname, ns_c_in, td.queryType, 0);
2560 EXPECT_TRUE(td.fd != -1);
2561 }
2562
2563 // dns_responder return empty resp(packet only contains query part) with no error currently
2564 for (const auto& td : kTestData) {
2565 uint8_t buf[MAXPACKET] = {};
2566 int rcode;
2567 SCOPED_TRACE(td.dname);
2568 int res = getAsyncResponse(td.fd, &rcode, buf, MAXPACKET);
2569 EXPECT_GT(res, 0);
2570 EXPECT_EQ(rcode, td.expectRcode);
2571 }
2572 }
2573
TEST_F(ResolverTest,Async_EmptyAnswer)2574 TEST_F(ResolverTest, Async_EmptyAnswer) {
2575 constexpr char listen_addr[] = "127.0.0.4";
2576 constexpr char host_name[] = "howdy.example.com.";
2577 const std::vector<DnsRecord> records = {
2578 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2579 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2580 };
2581
2582 test::DNSResponder dns(listen_addr);
2583 StartDns(dns, records);
2584 std::vector<std::string> servers = {listen_addr};
2585 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2586
2587 // TODO: Disable retry to make this test explicit.
2588 auto& cv = dns.getCv();
2589 auto& cvMutex = dns.getCvMutex();
2590 int fd1;
2591 // Wait on the condition variable to ensure that the DNS server has handled our first query.
2592 {
2593 std::unique_lock lk(cvMutex);
2594 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2595 EXPECT_TRUE(fd1 != -1);
2596 EXPECT_EQ(std::cv_status::no_timeout, cv.wait_for(lk, std::chrono::seconds(1)));
2597 }
2598
2599 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, 0, "howdy.example.com", {"::1.2.3.4"});
2600 dns.setResponseProbability(0.0);
2601
2602 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2603 EXPECT_TRUE(fd2 != -1);
2604 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2605
2606 int fd3 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2607 EXPECT_TRUE(fd3 != -1);
2608 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2609
2610 uint8_t buf[MAXPACKET] = {};
2611 int rcode;
2612
2613 // expect no response
2614 int res = getAsyncResponse(fd3, &rcode, buf, MAXPACKET);
2615 EXPECT_EQ(-ETIMEDOUT, res);
2616
2617 // expect no response
2618 memset(buf, 0, MAXPACKET);
2619 res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2620 EXPECT_EQ(-ETIMEDOUT, res);
2621
2622 dns.setResponseProbability(1.0);
2623
2624 int fd4 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2625 EXPECT_TRUE(fd4 != -1);
2626 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, 0, "howdy.example.com", {"1.2.3.4"});
2627
2628 memset(buf, 0, MAXPACKET);
2629 res = getAsyncResponse(fd4, &rcode, buf, MAXPACKET);
2630 EXPECT_GT(res, 0);
2631 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2632
2633 memset(buf, 0, MAXPACKET);
2634 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2635 EXPECT_GT(res, 0);
2636 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2637 }
2638
TEST_F(ResolverTest,Async_MalformedQuery)2639 TEST_F(ResolverTest, Async_MalformedQuery) {
2640 constexpr char listen_addr[] = "127.0.0.4";
2641 constexpr char host_name[] = "howdy.example.com.";
2642 const std::vector<DnsRecord> records = {
2643 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2644 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2645 };
2646
2647 test::DNSResponder dns(listen_addr);
2648 StartDns(dns, records);
2649 std::vector<std::string> servers = {listen_addr};
2650 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2651
2652 int fd = dns_open_proxy();
2653 EXPECT_TRUE(fd > 0);
2654
2655 const std::string badMsg = "16-52512#";
2656 static const struct {
2657 const std::string cmd;
2658 const int expectErr;
2659 } kTestData[] = {
2660 // Too few arguments
2661 {"resnsend " + badMsg + '\0', -EINVAL},
2662 // Bad netId
2663 {"resnsend badnetId 0 " + badMsg + '\0', -EINVAL},
2664 // Bad raw data
2665 {"resnsend " + std::to_string(TEST_NETID) + " 0 " + badMsg + '\0', -EILSEQ},
2666 };
2667
2668 for (unsigned int i = 0; i < std::size(kTestData); i++) {
2669 auto& td = kTestData[i];
2670 SCOPED_TRACE(td.cmd);
2671 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, td.cmd.c_str(), td.cmd.size()));
2672 EXPECT_EQ(rc, static_cast<ssize_t>(td.cmd.size()));
2673
2674 int32_t tmp;
2675 rc = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
2676 EXPECT_TRUE(rc > 0);
2677 EXPECT_EQ(static_cast<int>(ntohl(tmp)), td.expectErr);
2678 }
2679 // Normal query with answer buffer
2680 // This is raw data of query "howdy.example.com" type 1 class 1
2681 std::string query = "81sBAAABAAAAAAAABWhvd2R5B2V4YW1wbGUDY29tAAABAAE=";
2682 std::string cmd = "resnsend " + std::to_string(TEST_NETID) + " 0 " + query + '\0';
2683 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
2684 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
2685
2686 uint8_t smallBuf[1] = {};
2687 int rcode;
2688 rc = getAsyncResponse(fd, &rcode, smallBuf, 1);
2689 EXPECT_EQ(-EMSGSIZE, rc);
2690
2691 // Do the normal test with large buffer again
2692 fd = dns_open_proxy();
2693 EXPECT_TRUE(fd > 0);
2694 rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
2695 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
2696 uint8_t buf[MAXPACKET] = {};
2697 rc = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2698 EXPECT_EQ("1.2.3.4", toString(buf, rc, AF_INET));
2699 }
2700
TEST_F(ResolverTest,Async_CacheFlags)2701 TEST_F(ResolverTest, Async_CacheFlags) {
2702 constexpr char listen_addr[] = "127.0.0.4";
2703 constexpr char host_name1[] = "howdy.example.com.";
2704 constexpr char host_name2[] = "howdy.example2.com.";
2705 constexpr char host_name3[] = "howdy.example3.com.";
2706 const std::vector<DnsRecord> records = {
2707 {host_name1, ns_type::ns_t_a, "1.2.3.4"}, {host_name1, ns_type::ns_t_aaaa, "::1.2.3.4"},
2708 {host_name2, ns_type::ns_t_a, "1.2.3.5"}, {host_name2, ns_type::ns_t_aaaa, "::1.2.3.5"},
2709 {host_name3, ns_type::ns_t_a, "1.2.3.6"}, {host_name3, ns_type::ns_t_aaaa, "::1.2.3.6"},
2710 };
2711
2712 test::DNSResponder dns(listen_addr);
2713 StartDns(dns, records);
2714 std::vector<std::string> servers = {listen_addr};
2715 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2716
2717 // ANDROID_RESOLV_NO_CACHE_STORE
2718 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2719 ANDROID_RESOLV_NO_CACHE_STORE);
2720 EXPECT_TRUE(fd1 != -1);
2721 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2722 ANDROID_RESOLV_NO_CACHE_STORE);
2723 EXPECT_TRUE(fd2 != -1);
2724 int fd3 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2725 ANDROID_RESOLV_NO_CACHE_STORE);
2726 EXPECT_TRUE(fd3 != -1);
2727
2728 expectAnswersValid(fd3, AF_INET, "1.2.3.4");
2729 expectAnswersValid(fd2, AF_INET, "1.2.3.4");
2730 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2731
2732 // No cache exists, expect 3 queries
2733 EXPECT_EQ(3U, GetNumQueries(dns, host_name1));
2734
2735 // Raise a query with no flags to ensure no cache exists. Also make an cache entry for the
2736 // query.
2737 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2738
2739 EXPECT_TRUE(fd1 != -1);
2740
2741 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2742
2743 // Expect 4 queries because there should be no cache before this query.
2744 EXPECT_EQ(4U, GetNumQueries(dns, host_name1));
2745
2746 // Now we have the cache entry, re-query with ANDROID_RESOLV_NO_CACHE_STORE to ensure
2747 // that ANDROID_RESOLV_NO_CACHE_STORE implied ANDROID_RESOLV_NO_CACHE_LOOKUP.
2748 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2749 ANDROID_RESOLV_NO_CACHE_STORE);
2750 EXPECT_TRUE(fd1 != -1);
2751 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2752 // Expect 5 queries because we shouldn't do cache lookup for the query which has
2753 // ANDROID_RESOLV_NO_CACHE_STORE.
2754 EXPECT_EQ(5U, GetNumQueries(dns, host_name1));
2755
2756 // ANDROID_RESOLV_NO_CACHE_LOOKUP
2757 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2758 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2759 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2760 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2761
2762 EXPECT_TRUE(fd1 != -1);
2763 EXPECT_TRUE(fd2 != -1);
2764
2765 expectAnswersValid(fd2, AF_INET, "1.2.3.4");
2766 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2767
2768 // Cache was skipped, expect 2 more queries.
2769 EXPECT_EQ(7U, GetNumQueries(dns, host_name1));
2770
2771 // Re-query verify cache works
2772 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2773 EXPECT_TRUE(fd1 != -1);
2774 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2775
2776 // Cache hits, expect still 7 queries
2777 EXPECT_EQ(7U, GetNumQueries(dns, host_name1));
2778
2779 // Start to verify if ANDROID_RESOLV_NO_CACHE_LOOKUP does write response into cache
2780 dns.clearQueries();
2781
2782 fd1 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa,
2783 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2784 fd2 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa,
2785 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2786
2787 EXPECT_TRUE(fd1 != -1);
2788 EXPECT_TRUE(fd2 != -1);
2789
2790 expectAnswersValid(fd2, AF_INET6, "::1.2.3.5");
2791 expectAnswersValid(fd1, AF_INET6, "::1.2.3.5");
2792
2793 // Skip cache, expect 2 queries
2794 EXPECT_EQ(2U, GetNumQueries(dns, host_name2));
2795
2796 // Re-query without flags
2797 fd1 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa, 0);
2798 fd2 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa, 0);
2799
2800 EXPECT_TRUE(fd1 != -1);
2801 EXPECT_TRUE(fd2 != -1);
2802
2803 expectAnswersValid(fd2, AF_INET6, "::1.2.3.5");
2804 expectAnswersValid(fd1, AF_INET6, "::1.2.3.5");
2805
2806 // Cache hits, expect still 2 queries
2807 EXPECT_EQ(2U, GetNumQueries(dns, host_name2));
2808
2809 // Test both ANDROID_RESOLV_NO_CACHE_STORE and ANDROID_RESOLV_NO_CACHE_LOOKUP are set
2810 dns.clearQueries();
2811
2812 // Make sure that the cache of "howdy.example3.com" exists.
2813 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_aaaa, 0);
2814 EXPECT_TRUE(fd1 != -1);
2815 expectAnswersValid(fd1, AF_INET6, "::1.2.3.6");
2816 EXPECT_EQ(1U, GetNumQueries(dns, host_name3));
2817
2818 // Re-query with testFlags
2819 const int testFlag = ANDROID_RESOLV_NO_CACHE_STORE | ANDROID_RESOLV_NO_CACHE_LOOKUP;
2820 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_aaaa, testFlag);
2821 EXPECT_TRUE(fd1 != -1);
2822 expectAnswersValid(fd1, AF_INET6, "::1.2.3.6");
2823 // Expect cache lookup is skipped.
2824 EXPECT_EQ(2U, GetNumQueries(dns, host_name3));
2825
2826 // Do another query with testFlags
2827 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_a, testFlag);
2828 EXPECT_TRUE(fd1 != -1);
2829 expectAnswersValid(fd1, AF_INET, "1.2.3.6");
2830 // Expect cache lookup is skipped.
2831 EXPECT_EQ(3U, GetNumQueries(dns, host_name3));
2832
2833 // Re-query with no flags
2834 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_a, 0);
2835 EXPECT_TRUE(fd1 != -1);
2836 expectAnswersValid(fd1, AF_INET, "1.2.3.6");
2837 // Expect no cache hit because cache storing is also skipped in previous query.
2838 EXPECT_EQ(4U, GetNumQueries(dns, host_name3));
2839 }
2840
TEST_F(ResolverTest,Async_NoCacheStoreFlagDoesNotRefreshStaleCacheEntry)2841 TEST_F(ResolverTest, Async_NoCacheStoreFlagDoesNotRefreshStaleCacheEntry) {
2842 constexpr char listen_addr[] = "127.0.0.4";
2843 constexpr char host_name[] = "howdy.example.com.";
2844 const std::vector<DnsRecord> records = {
2845 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2846 };
2847
2848 test::DNSResponder dns(listen_addr);
2849 StartDns(dns, records);
2850 std::vector<std::string> servers = {listen_addr};
2851 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2852
2853 const unsigned SHORT_TTL_SEC = 1;
2854 dns.setTtl(SHORT_TTL_SEC);
2855
2856 // Refer to b/148842821 for the purpose of below test steps.
2857 // Basically, this test is used to ensure stale cache case is handled
2858 // correctly with ANDROID_RESOLV_NO_CACHE_STORE.
2859 int fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2860 EXPECT_TRUE(fd != -1);
2861 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2862
2863 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2864 dns.clearQueries();
2865
2866 // Wait until cache expired
2867 sleep(SHORT_TTL_SEC + 0.5);
2868
2869 // Now request the same hostname again.
2870 // We should see a new DNS query because the entry in cache has become stale.
2871 // Due to ANDROID_RESOLV_NO_CACHE_STORE, this query must *not* refresh that stale entry.
2872 fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2873 ANDROID_RESOLV_NO_CACHE_STORE);
2874 EXPECT_TRUE(fd != -1);
2875 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2876 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2877 dns.clearQueries();
2878
2879 // If the cache is still stale, we expect to see one more DNS query
2880 // (this time the cache will be refreshed, but we're not checking for it).
2881 fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2882 EXPECT_TRUE(fd != -1);
2883 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2884 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2885 }
2886
TEST_F(ResolverTest,Async_NoRetryFlag)2887 TEST_F(ResolverTest, Async_NoRetryFlag) {
2888 constexpr char listen_addr0[] = "127.0.0.4";
2889 constexpr char listen_addr1[] = "127.0.0.6";
2890 constexpr char host_name[] = "howdy.example.com.";
2891 const std::vector<DnsRecord> records = {
2892 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2893 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2894 };
2895
2896 test::DNSResponder dns0(listen_addr0);
2897 test::DNSResponder dns1(listen_addr1);
2898 StartDns(dns0, records);
2899 StartDns(dns1, records);
2900 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr0, listen_addr1}));
2901
2902 dns0.clearQueries();
2903 dns1.clearQueries();
2904
2905 dns0.setResponseProbability(0.0);
2906 dns1.setResponseProbability(0.0);
2907
2908 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2909 ANDROID_RESOLV_NO_RETRY);
2910 EXPECT_TRUE(fd1 != -1);
2911
2912 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa,
2913 ANDROID_RESOLV_NO_RETRY);
2914 EXPECT_TRUE(fd2 != -1);
2915
2916 // expect no response
2917 expectAnswersNotValid(fd1, -ETIMEDOUT);
2918 expectAnswersNotValid(fd2, -ETIMEDOUT);
2919 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2920 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2921
2922 // No retry case, expect total 2 queries. The server is selected randomly.
2923 EXPECT_EQ(2U, GetNumQueries(dns0, host_name) + GetNumQueries(dns1, host_name));
2924
2925 dns0.clearQueries();
2926 dns1.clearQueries();
2927
2928 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2929 EXPECT_TRUE(fd1 != -1);
2930
2931 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2932 EXPECT_TRUE(fd2 != -1);
2933
2934 // expect no response
2935 expectAnswersNotValid(fd1, -ETIMEDOUT);
2936 expectAnswersNotValid(fd2, -ETIMEDOUT);
2937 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2938 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2939
2940 // Retry case, expect 4 queries
2941 EXPECT_EQ(4U, GetNumQueries(dns0, host_name));
2942 EXPECT_EQ(4U, GetNumQueries(dns1, host_name));
2943 }
2944
TEST_F(ResolverTest,Async_VerifyQueryID)2945 TEST_F(ResolverTest, Async_VerifyQueryID) {
2946 constexpr char listen_addr[] = "127.0.0.4";
2947 constexpr char host_name[] = "howdy.example.com.";
2948 const std::vector<DnsRecord> records = {
2949 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2950 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2951 };
2952
2953 test::DNSResponder dns(listen_addr);
2954 StartDns(dns, records);
2955 std::vector<std::string> servers = {listen_addr};
2956 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2957
2958 const uint8_t queryBuf1[] = {
2959 /* Header */
2960 0x55, 0x66, /* Transaction ID */
2961 0x01, 0x00, /* Flags */
2962 0x00, 0x01, /* Questions */
2963 0x00, 0x00, /* Answer RRs */
2964 0x00, 0x00, /* Authority RRs */
2965 0x00, 0x00, /* Additional RRs */
2966 /* Queries */
2967 0x05, 0x68, 0x6f, 0x77, 0x64, 0x79, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
2968 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name */
2969 0x00, 0x01, /* Type */
2970 0x00, 0x01 /* Class */
2971 };
2972
2973 int fd = resNetworkSend(TEST_NETID, queryBuf1, sizeof(queryBuf1), 0);
2974 EXPECT_TRUE(fd != -1);
2975
2976 uint8_t buf[MAXPACKET] = {};
2977 int rcode;
2978
2979 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2980 EXPECT_GT(res, 0);
2981 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2982
2983 auto hp = reinterpret_cast<HEADER*>(buf);
2984 EXPECT_EQ(21862U, htons(hp->id));
2985
2986 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2987
2988 const uint8_t queryBuf2[] = {
2989 /* Header */
2990 0x00, 0x53, /* Transaction ID */
2991 0x01, 0x00, /* Flags */
2992 0x00, 0x01, /* Questions */
2993 0x00, 0x00, /* Answer RRs */
2994 0x00, 0x00, /* Authority RRs */
2995 0x00, 0x00, /* Additional RRs */
2996 /* Queries */
2997 0x05, 0x68, 0x6f, 0x77, 0x64, 0x79, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
2998 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name */
2999 0x00, 0x01, /* Type */
3000 0x00, 0x01 /* Class */
3001 };
3002
3003 // Re-query verify cache works and query id is correct
3004 fd = resNetworkSend(TEST_NETID, queryBuf2, sizeof(queryBuf2), 0);
3005
3006 EXPECT_TRUE(fd != -1);
3007
3008 res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
3009 EXPECT_GT(res, 0);
3010 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
3011
3012 EXPECT_EQ(0x0053U, htons(hp->id));
3013
3014 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3015 }
3016
3017 // This test checks that the resolver should not generate the request containing OPT RR when using
3018 // cleartext DNS. If we query the DNS server not supporting EDNS0 and it reponds with
3019 // FORMERR_ON_EDNS, we will fallback to no EDNS0 and try again. If the server does no response, we
3020 // won't retry so that we get no answer.
TEST_F(ResolverTest,BrokenEdns)3021 TEST_F(ResolverTest, BrokenEdns) {
3022 typedef test::DNSResponder::Edns Edns;
3023 enum ExpectResult { EXPECT_FAILURE, EXPECT_SUCCESS };
3024
3025 // Perform cleartext query in off mode.
3026 const char OFF[] = "off";
3027
3028 // Perform cleartext query when there's no private DNS server validated in opportunistic mode.
3029 const char OPPORTUNISTIC_UDP[] = "opportunistic_udp";
3030
3031 // Perform cleartext query when there is a private DNS server validated in opportunistic mode.
3032 const char OPPORTUNISTIC_FALLBACK_UDP[] = "opportunistic_fallback_udp";
3033
3034 // Perform cyphertext query in opportunistic mode.
3035 const char OPPORTUNISTIC_TLS[] = "opportunistic_tls";
3036
3037 // Perform cyphertext query in strict mode.
3038 const char STRICT[] = "strict";
3039
3040 const char GETHOSTBYNAME[] = "gethostbyname";
3041 const char GETADDRINFO[] = "getaddrinfo";
3042 const char ADDR4[] = "192.0.2.1";
3043 test::DNSResponder dns(kDefaultServer, "53", ns_rcode::ns_r_servfail);
3044 test::DnsTlsFrontend tls(kDefaultServer, "853", kDefaultServer, "53");
3045 ASSERT_TRUE(dns.startServer());
3046
3047 // clang-format off
3048 static const struct TestConfig {
3049 std::string mode;
3050 std::string method;
3051 Edns edns;
3052 ExpectResult expectResult;
3053
3054 std::string asHostName() const {
3055 const char* ednsString;
3056 switch (edns) {
3057 case Edns::ON:
3058 ednsString = "ednsOn";
3059 break;
3060 case Edns::FORMERR_ON_EDNS:
3061 ednsString = "ednsFormerr";
3062 break;
3063 case Edns::DROP:
3064 ednsString = "ednsDrop";
3065 break;
3066 default:
3067 ednsString = "";
3068 break;
3069 }
3070 return fmt::format("{}.{}.{}.", mode, method, ednsString);
3071 }
3072 } testConfigs[] = {
3073 // In OPPORTUNISTIC_TLS, if the DNS server doesn't support EDNS0 but TLS, the lookup
3074 // fails. Could such server exist? if so, we might need to fix it to fallback to
3075 // cleartext query. If the server still make no response for the queries with EDNS0, we
3076 // might also need to fix it to retry without EDNS0.
3077 // Another thing is that {OPPORTUNISTIC_TLS, Edns::DROP} and {STRICT, Edns::DROP} are
3078 // commented out since TLS timeout is not configurable.
3079 // TODO: Uncomment them after TLS timeout is configurable.
3080 {OFF, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3081 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3082 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3083 {OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3084 {STRICT, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3085 {OFF, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3086 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3087 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3088 {OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3089 {STRICT, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3090 {OFF, GETHOSTBYNAME, Edns::DROP, EXPECT_SUCCESS},
3091 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::DROP, EXPECT_SUCCESS},
3092
3093 // The failure is due to no retry on timeout. Maybe fix it?
3094 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3095
3096 //{OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3097 //{STRICT, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3098 {OFF, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3099 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3100 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3101 {OPPORTUNISTIC_TLS, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3102 {STRICT, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3103 {OFF, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3104 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3105 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3106 {OPPORTUNISTIC_TLS, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3107 {STRICT, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3108 {OFF, GETADDRINFO, Edns::DROP, EXPECT_SUCCESS},
3109 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::DROP, EXPECT_SUCCESS},
3110
3111 // The failure is due to no retry on timeout. Maybe fix it?
3112 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3113
3114 //{OPPORTUNISTIC_TLS, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3115 //{STRICT, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3116 };
3117 // clang-format on
3118
3119 for (const auto& config : testConfigs) {
3120 const std::string testHostName = config.asHostName();
3121 SCOPED_TRACE(testHostName);
3122
3123 // Don't skip unusable DoT servers and disable revalidation for this test.
3124 ScopedSystemProperties sp1(kDotXportUnusableThresholdFlag, "-1");
3125 ScopedSystemProperties sp2(kDotRevalidationThresholdFlag, "-1");
3126 resetNetwork();
3127
3128 const char* host_name = testHostName.c_str();
3129 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
3130 dns.setEdns(config.edns);
3131
3132 if (config.mode == OFF) {
3133 if (tls.running()) {
3134 ASSERT_TRUE(tls.stopServer());
3135 }
3136 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3137 } else if (config.mode == OPPORTUNISTIC_UDP) {
3138 if (tls.running()) {
3139 ASSERT_TRUE(tls.stopServer());
3140 }
3141 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3142 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), false));
3143 } else if (config.mode == OPPORTUNISTIC_TLS || config.mode == OPPORTUNISTIC_FALLBACK_UDP) {
3144 if (!tls.running()) {
3145 ASSERT_TRUE(tls.startServer());
3146 }
3147 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3148 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3149
3150 if (config.mode == OPPORTUNISTIC_FALLBACK_UDP) {
3151 // Force the resolver to fallback to cleartext queries.
3152 ASSERT_TRUE(tls.stopServer());
3153 }
3154 } else if (config.mode == STRICT) {
3155 if (!tls.running()) {
3156 ASSERT_TRUE(tls.startServer());
3157 }
3158 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
3159 ResolverParams::Builder()
3160 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
3161 .build()));
3162 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3163 }
3164
3165 if (config.method == GETHOSTBYNAME) {
3166 const hostent* h_result = gethostbyname(host_name);
3167 if (config.expectResult == EXPECT_SUCCESS) {
3168 EXPECT_LE(1U, GetNumQueries(dns, host_name));
3169 ASSERT_TRUE(h_result != nullptr);
3170 ASSERT_EQ(4, h_result->h_length);
3171 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
3172 EXPECT_EQ(ADDR4, ToString(h_result));
3173 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
3174 ExpectDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, 0, host_name, {ADDR4});
3175 } else {
3176 EXPECT_EQ(0U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
3177 ASSERT_TRUE(h_result == nullptr);
3178 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3179 int returnCode = (config.edns == Edns::DROP) ? RCODE_TIMEOUT : EAI_FAIL;
3180 ExpectDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, returnCode, host_name, {});
3181 }
3182 } else if (config.method == GETADDRINFO) {
3183 ScopedAddrinfo ai_result;
3184 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3185 ai_result = safe_getaddrinfo(host_name, nullptr, &hints);
3186 if (config.expectResult == EXPECT_SUCCESS) {
3187 EXPECT_TRUE(ai_result != nullptr);
3188 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3189 const std::string result_str = ToString(ai_result);
3190 EXPECT_EQ(ADDR4, result_str);
3191 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, 0, host_name, {ADDR4});
3192 } else {
3193 EXPECT_TRUE(ai_result == nullptr);
3194 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3195 int returnCode = (config.edns == Edns::DROP) ? RCODE_TIMEOUT : EAI_FAIL;
3196 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, returnCode, host_name, {});
3197 }
3198 } else {
3199 FAIL() << "Unsupported query method: " << config.method;
3200 }
3201
3202 tls.clearQueries();
3203 dns.clearQueries();
3204
3205 // Set the configuration to OFF mode, so the resolver can validate private DNS servers in
3206 // every test config.
3207 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3208 }
3209 }
3210
3211 // DNS-over-TLS validation success, but server does not respond to TLS query after a while.
3212 // Resolver should have a reasonable number of retries instead of spinning forever. We don't have
3213 // an efficient way to know if resolver is stuck in an infinite loop. However, test case will be
3214 // failed due to timeout.
TEST_F(ResolverTest,UnstableTls)3215 TEST_F(ResolverTest, UnstableTls) {
3216 const char CLEARTEXT_PORT[] = "53";
3217 const char TLS_PORT[] = "853";
3218 const char* host_name1 = "nonexistent1.example.com.";
3219 const char* host_name2 = "nonexistent2.example.com.";
3220
3221 test::DNSResponder dns(kDefaultServer, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
3222 ASSERT_TRUE(dns.startServer());
3223 dns.setEdns(test::DNSResponder::Edns::FORMERR_ON_EDNS);
3224 test::DnsTlsFrontend tls(kDefaultServer, TLS_PORT, kDefaultServer, CLEARTEXT_PORT);
3225 ASSERT_TRUE(tls.startServer());
3226 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3227 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3228
3229 // Shutdown TLS server to get an error. It's similar to no response case but without waiting.
3230 tls.stopServer();
3231
3232 const hostent* h_result = gethostbyname(host_name1);
3233 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
3234 ASSERT_TRUE(h_result == nullptr);
3235 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3236
3237 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3238 ScopedAddrinfo ai_result = safe_getaddrinfo(host_name2, nullptr, &hints);
3239 EXPECT_TRUE(ai_result == nullptr);
3240 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
3241 }
3242
3243 // DNS-over-TLS validation success, but server does not respond to TLS query after a while.
3244 // Moreover, server responds RCODE=FORMERR even on non-EDNS query.
TEST_F(ResolverTest,BogusDnsServer)3245 TEST_F(ResolverTest, BogusDnsServer) {
3246 const char CLEARTEXT_PORT[] = "53";
3247 const char TLS_PORT[] = "853";
3248 const char* host_name1 = "nonexistent1.example.com.";
3249 const char* host_name2 = "nonexistent2.example.com.";
3250
3251 test::DNSResponder dns(kDefaultServer, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
3252 ASSERT_TRUE(dns.startServer());
3253 test::DnsTlsFrontend tls(kDefaultServer, TLS_PORT, kDefaultServer, CLEARTEXT_PORT);
3254 ASSERT_TRUE(tls.startServer());
3255 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3256 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3257
3258 // Shutdown TLS server to get an error. It's similar to no response case but without waiting.
3259 tls.stopServer();
3260 dns.setEdns(test::DNSResponder::Edns::FORMERR_UNCOND);
3261
3262 const hostent* h_result = gethostbyname(host_name1);
3263 EXPECT_EQ(0U, GetNumQueries(dns, host_name1));
3264 ASSERT_TRUE(h_result == nullptr);
3265 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3266
3267 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3268 ScopedAddrinfo ai_result = safe_getaddrinfo(host_name2, nullptr, &hints);
3269 EXPECT_TRUE(ai_result == nullptr);
3270 EXPECT_EQ(0U, GetNumQueries(dns, host_name2));
3271 }
3272
TEST_F(ResolverTest,GetAddrInfo_Dns64Synthesize)3273 TEST_F(ResolverTest, GetAddrInfo_Dns64Synthesize) {
3274 constexpr char listen_addr[] = "::1";
3275 constexpr char host_name[] = "v4only.example.com.";
3276 const std::vector<DnsRecord> records = {
3277 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3278 };
3279
3280 test::DNSResponder dns(listen_addr);
3281 StartDns(dns, records);
3282
3283 std::vector<std::string> servers = {listen_addr};
3284 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3285 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3286
3287 // If the socket type is not specified, every address will appear twice, once for
3288 // SOCK_STREAM and one for SOCK_DGRAM. Just pick one because the addresses for
3289 // the second query of different socket type are responded by the cache.
3290 // See android_getaddrinfofornetcontext in packages/modules/DnsResolver/getaddrinfo.cpp
3291 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3292 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3293 EXPECT_TRUE(result != nullptr);
3294 // Expect that there are two queries, one AAAA (which returns no records) and one A
3295 // (which returns 1.2.3.4).
3296 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3297 EXPECT_THAT(ToStrings(result), testing::ElementsAre("64:ff9b::102:304", "1.2.3.4"));
3298
3299 // Stopping NAT64 prefix discovery disables synthesis.
3300 EXPECT_TRUE(mDnsClient.resolvService()->stopPrefix64Discovery(TEST_NETID).isOk());
3301 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
3302 dns.clearQueries();
3303
3304 result = safe_getaddrinfo("v4only", nullptr, &hints);
3305 EXPECT_TRUE(result != nullptr);
3306 // Expect that there is one query, an AAAA (which returns no records), because the
3307 // A is already cached.
3308 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3309 EXPECT_EQ(ToString(result), "1.2.3.4");
3310 }
3311
3312 // TODO: merge to #GetAddrInfo_Dns64Synthesize once DNSResponder supports multi DnsRecords for a
3313 // hostname.
TEST_F(ResolverTest,GetAddrInfo_Dns64SynthesizeMultiAnswers)3314 TEST_F(ResolverTest, GetAddrInfo_Dns64SynthesizeMultiAnswers) {
3315 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
3316 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponsesV4);
3317 StartDns(dns, {});
3318 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3319 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3320
3321 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3322 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
3323 ASSERT_FALSE(result == nullptr);
3324
3325 // Synthesize AAAA if there's no AAAA answer and AF_UNSPEC is specified.
3326 EXPECT_THAT(ToStrings(result),
3327 testing::ElementsAre("64:ff9b::102:304", "64:ff9b::808:808", "64:ff9b::5175:15ca",
3328 "1.2.3.4", "8.8.8.8", "81.117.21.202"));
3329 }
3330
TEST_F(ResolverTest,GetAddrInfo_Dns64Canonname)3331 TEST_F(ResolverTest, GetAddrInfo_Dns64Canonname) {
3332 constexpr char listen_addr[] = "::1";
3333 constexpr char host_name[] = "v4only.example.com.";
3334 const std::vector<DnsRecord> records = {
3335 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3336 };
3337
3338 test::DNSResponder dns(listen_addr);
3339 StartDns(dns, records);
3340
3341 std::vector<std::string> servers = {listen_addr};
3342 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3343 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3344
3345 // clang-format off
3346 static const struct TestConfig {
3347 int family;
3348 int flags;
3349 std::vector<std::string> expectedAddresses;
3350 const char* expectedCanonname;
3351
3352 std::string asParameters() const {
3353 return fmt::format("family={}, flags={}", family, flags);
3354 }
3355 } testConfigs[]{
3356 {AF_UNSPEC, 0, {"64:ff9b::102:304", "1.2.3.4"}, nullptr},
3357 {AF_UNSPEC, AI_CANONNAME, {"64:ff9b::102:304", "1.2.3.4"}, "v4only.example.com"},
3358 {AF_INET6, 0, {"64:ff9b::102:304"} , nullptr},
3359 {AF_INET6, AI_CANONNAME, {"64:ff9b::102:304"} , "v4only.example.com"},
3360 };
3361 // clang-format on
3362
3363 for (const auto& config : testConfigs) {
3364 SCOPED_TRACE(config.asParameters());
3365
3366 const addrinfo hints = {
3367 .ai_family = config.family, .ai_flags = config.flags, .ai_socktype = SOCK_DGRAM};
3368 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3369 ASSERT_TRUE(result != nullptr);
3370 EXPECT_THAT(ToStrings(result), testing::ElementsAreArray(config.expectedAddresses));
3371 for (const auto* ai = result.get(); ai != nullptr; ai = ai->ai_next) {
3372 EXPECT_STREQ(ai->ai_canonname, config.expectedCanonname);
3373 }
3374 }
3375 }
3376
TEST_F(ResolverTest,GetAddrInfo_Dns64QuerySpecified)3377 TEST_F(ResolverTest, GetAddrInfo_Dns64QuerySpecified) {
3378 constexpr char listen_addr[] = "::1";
3379 constexpr char host_name[] = "v4only.example.com.";
3380 const std::vector<DnsRecord> records = {
3381 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3382 };
3383
3384 test::DNSResponder dns(listen_addr);
3385 StartDns(dns, records);
3386 const std::vector<std::string> servers = {listen_addr};
3387 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3388 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3389
3390 // Synthesize AAAA if AF_INET6 is specified and there is A record only. Make sure that A record
3391 // is not returned as well.
3392 addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
3393 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3394 EXPECT_TRUE(result != nullptr);
3395 // One for AAAA query without an answer and one for A query which is used for DNS64 synthesis.
3396 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3397 EXPECT_EQ(ToString(result), "64:ff9b::102:304");
3398 dns.clearQueries();
3399
3400 // Don't synthesize AAAA if AF_INET is specified and there is A record only.
3401 hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3402 result = safe_getaddrinfo("v4only", nullptr, &hints);
3403 EXPECT_TRUE(result != nullptr);
3404 EXPECT_EQ(0U /*cached in previous queries*/, GetNumQueries(dns, host_name));
3405 EXPECT_EQ(ToString(result), "1.2.3.4");
3406 }
3407
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryUnspecifiedV6)3408 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryUnspecifiedV6) {
3409 constexpr char listen_addr[] = "::1";
3410 constexpr char host_name[] = "v4v6.example.com.";
3411 const std::vector<DnsRecord> records = {
3412 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3413 {host_name, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3414 };
3415
3416 test::DNSResponder dns(listen_addr);
3417 StartDns(dns, records);
3418 const std::vector<std::string> servers = {listen_addr};
3419 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3420 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3421
3422 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3423 ScopedAddrinfo result = safe_getaddrinfo("v4v6", nullptr, &hints);
3424 EXPECT_TRUE(result != nullptr);
3425 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3426
3427 // Do not synthesize AAAA if there's at least one AAAA answer.
3428 EXPECT_THAT(ToStrings(result), testing::ElementsAre("2001:db8::102:304", "1.2.3.4"));
3429 }
3430
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryUnspecifiedNoV6)3431 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryUnspecifiedNoV6) {
3432 constexpr char listen_addr[] = "::1";
3433 constexpr char host_name[] = "v4v6.example.com.";
3434 const std::vector<DnsRecord> records = {
3435 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3436 };
3437
3438 test::DNSResponder dns(listen_addr);
3439 StartDns(dns, records);
3440 const std::vector<std::string> servers = {listen_addr};
3441 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3442 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3443
3444 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3445 ScopedAddrinfo result = safe_getaddrinfo("v4v6", nullptr, &hints);
3446 EXPECT_TRUE(result != nullptr);
3447 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3448
3449 // Synthesize AAAA if there's no AAAA answer and AF_UNSPEC is specified.
3450 EXPECT_THAT(ToStrings(result), testing::ElementsAre("64:ff9b::102:304", "1.2.3.4"));
3451 }
3452
TEST_F(ResolverTest,GetAddrInfo_Dns64QuerySpecialUseIPv4Addresses)3453 TEST_F(ResolverTest, GetAddrInfo_Dns64QuerySpecialUseIPv4Addresses) {
3454 constexpr char THIS_NETWORK[] = "this_network";
3455 constexpr char LOOPBACK[] = "loopback";
3456 constexpr char LINK_LOCAL[] = "link_local";
3457 constexpr char MULTICAST[] = "multicast";
3458 constexpr char LIMITED_BROADCAST[] = "limited_broadcast";
3459
3460 constexpr char ADDR_THIS_NETWORK[] = "0.0.0.1";
3461 constexpr char ADDR_LOOPBACK[] = "127.0.0.1";
3462 constexpr char ADDR_LINK_LOCAL[] = "169.254.0.1";
3463 constexpr char ADDR_MULTICAST[] = "224.0.0.1";
3464 constexpr char ADDR_LIMITED_BROADCAST[] = "255.255.255.255";
3465
3466 constexpr char listen_addr[] = "::1";
3467
3468 test::DNSResponder dns(listen_addr);
3469 StartDns(dns, {});
3470 const std::vector<std::string> servers = {listen_addr};
3471 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3472 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3473
3474 // clang-format off
3475 static const struct TestConfig {
3476 std::string name;
3477 std::string addr;
3478
3479 std::string asHostName() const { return fmt::format("{}.example.com.", name); }
3480 } testConfigs[]{
3481 {THIS_NETWORK, ADDR_THIS_NETWORK},
3482 {LOOPBACK, ADDR_LOOPBACK},
3483 {LINK_LOCAL, ADDR_LINK_LOCAL},
3484 {MULTICAST, ADDR_MULTICAST},
3485 {LIMITED_BROADCAST, ADDR_LIMITED_BROADCAST}
3486 };
3487 // clang-format on
3488
3489 for (const auto& config : testConfigs) {
3490 const std::string testHostName = config.asHostName();
3491 SCOPED_TRACE(testHostName);
3492
3493 const char* host_name = testHostName.c_str();
3494 dns.addMapping(host_name, ns_type::ns_t_a, config.addr.c_str());
3495
3496 // Expect no result because AF_INET6 is specified and don't synthesize special use IPv4
3497 // address.
3498 addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
3499 ScopedAddrinfo result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
3500 EXPECT_TRUE(result == nullptr);
3501 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3502 dns.clearQueries();
3503
3504 // Expect special use IPv4 address only because AF_UNSPEC is specified and don't synthesize
3505 // special use IPv4 address.
3506 hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3507 result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
3508 EXPECT_TRUE(result != nullptr);
3509 // Expect IPv6 query only. IPv4 answer has been cached in previous query.
3510 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3511 EXPECT_EQ(ToString(result), config.addr);
3512 dns.clearQueries();
3513 }
3514 }
3515
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryWithNullArgumentHints)3516 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryWithNullArgumentHints) {
3517 constexpr char listen_addr[] = "::1";
3518 constexpr char host_name[] = "v4only.example.com.";
3519 constexpr char host_name2[] = "v4v6.example.com.";
3520 const std::vector<DnsRecord> records = {
3521 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3522 {host_name2, ns_type::ns_t_a, "1.2.3.4"},
3523 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3524 };
3525
3526 test::DNSResponder dns(listen_addr);
3527 StartDns(dns, records);
3528 const std::vector<std::string> servers = {listen_addr};
3529 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3530 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3531
3532 // Synthesize AAAA if there is A answer only and AF_UNSPEC (hints NULL) is specified.
3533 // Assign argument hints of getaddrinfo() as null is equivalent to set ai_family AF_UNSPEC,
3534 // ai_socktype 0 (any), and ai_protocol 0 (any). Note the setting ai_socktype 0 (any) causes
3535 // that every address will appear twice, once for SOCK_STREAM and one for SOCK_DGRAM.
3536 // See resolv_getaddrinfo in packages/modules/DnsResolver/getaddrinfo.cpp.
3537 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, nullptr);
3538 EXPECT_TRUE(result != nullptr);
3539 EXPECT_LE(2U, GetNumQueries(dns, host_name));
3540 EXPECT_THAT(ToStrings(result),
3541 testing::ElementsAre("64:ff9b::102:304", "64:ff9b::102:304", "1.2.3.4", "1.2.3.4"));
3542 dns.clearQueries();
3543
3544 // Do not synthesize AAAA if there's at least one AAAA answer.
3545 // The reason which the addresses appear twice is as mentioned above.
3546 result = safe_getaddrinfo("v4v6", nullptr, nullptr);
3547 EXPECT_TRUE(result != nullptr);
3548 EXPECT_LE(2U, GetNumQueries(dns, host_name2));
3549 EXPECT_THAT(ToStrings(result),
3550 testing::UnorderedElementsAre("2001:db8::102:304", "2001:db8::102:304", "1.2.3.4",
3551 "1.2.3.4"));
3552 }
3553
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryNullArgumentNode)3554 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryNullArgumentNode) {
3555 constexpr char ADDR_ANYADDR_V4[] = "0.0.0.0";
3556 constexpr char ADDR_ANYADDR_V6[] = "::";
3557 constexpr char ADDR_LOCALHOST_V4[] = "127.0.0.1";
3558 constexpr char ADDR_LOCALHOST_V6[] = "::1";
3559
3560 constexpr char PORT_NAME_HTTP[] = "http";
3561 constexpr char PORT_NUMBER_HTTP[] = "80";
3562
3563 constexpr char listen_addr[] = "::1";
3564
3565 test::DNSResponder dns(listen_addr);
3566 StartDns(dns, {});
3567 const std::vector<std::string> servers = {listen_addr};
3568 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3569 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3570
3571 // clang-format off
3572 // If node is null, return address is listed by libc/getaddrinfo.c as follows.
3573 // - passive socket -> anyaddr (0.0.0.0 or ::)
3574 // - non-passive socket -> localhost (127.0.0.1 or ::1)
3575 static const struct TestConfig {
3576 int flag;
3577 std::string addr_v4;
3578 std::string addr_v6;
3579
3580 std::string asParameters() const {
3581 return fmt::format("flag={}, addr_v4={}, addr_v6={}", flag, addr_v4,
3582 addr_v6);
3583 }
3584 } testConfigs[]{
3585 {0 /* non-passive */, ADDR_LOCALHOST_V4, ADDR_LOCALHOST_V6},
3586 {AI_PASSIVE, ADDR_ANYADDR_V4, ADDR_ANYADDR_V6}
3587 };
3588 // clang-format on
3589
3590 for (const auto& config : testConfigs) {
3591 SCOPED_TRACE(config.asParameters());
3592
3593 addrinfo hints = {
3594 .ai_flags = config.flag,
3595 .ai_family = AF_UNSPEC, // any address family
3596 .ai_socktype = 0, // any type
3597 .ai_protocol = 0, // any protocol
3598 };
3599
3600 // Assign hostname as null and service as port name.
3601 ScopedAddrinfo result = safe_getaddrinfo(nullptr, PORT_NAME_HTTP, &hints);
3602 ASSERT_TRUE(result != nullptr);
3603
3604 // Can't be synthesized because it should not get into Netd.
3605 // Every address appears twice, once for SOCK_STREAM and one for SOCK_DGRAM because the
3606 // socket type is not specified.
3607 EXPECT_THAT(ToStrings(result),
3608 testing::UnorderedElementsAre(config.addr_v4, config.addr_v4, config.addr_v6,
3609 config.addr_v6));
3610
3611 // Assign hostname as null and service as numeric port number.
3612 hints.ai_flags = config.flag | AI_NUMERICSERV;
3613 result = safe_getaddrinfo(nullptr, PORT_NUMBER_HTTP, &hints);
3614 ASSERT_TRUE(result != nullptr);
3615
3616 // Can't be synthesized because it should not get into Netd.
3617 // The reason which the addresses appear twice is as mentioned above.
3618 EXPECT_THAT(ToStrings(result),
3619 testing::UnorderedElementsAre(config.addr_v4, config.addr_v4, config.addr_v6,
3620 config.addr_v6));
3621 }
3622 }
3623
TEST_F(ResolverTest,GetHostByAddr_ReverseDnsQueryWithHavingNat64Prefix)3624 TEST_F(ResolverTest, GetHostByAddr_ReverseDnsQueryWithHavingNat64Prefix) {
3625 struct hostent* result = nullptr;
3626 struct in_addr v4addr;
3627 struct in6_addr v6addr;
3628
3629 constexpr char listen_addr[] = "::1";
3630 constexpr char ptr_name[] = "v4v6.example.com.";
3631 // PTR record for IPv4 address 1.2.3.4
3632 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3633 // PTR record for IPv6 address 2001:db8::102:304
3634 constexpr char ptr_addr_v6[] =
3635 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.";
3636 const std::vector<DnsRecord> records = {
3637 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3638 {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name},
3639 };
3640
3641 test::DNSResponder dns(listen_addr);
3642 StartDns(dns, records);
3643 const std::vector<std::string> servers = {listen_addr};
3644 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3645 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3646
3647 // Reverse IPv4 DNS query. Prefix should have no effect on it.
3648 inet_pton(AF_INET, "1.2.3.4", &v4addr);
3649 result = gethostbyaddr(&v4addr, sizeof(v4addr), AF_INET);
3650 ASSERT_TRUE(result != nullptr);
3651 std::string result_str = result->h_name ? result->h_name : "null";
3652 EXPECT_EQ(result_str, "v4v6.example.com");
3653
3654 // Reverse IPv6 DNS query. Prefix should have no effect on it.
3655 inet_pton(AF_INET6, "2001:db8::102:304", &v6addr);
3656 result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3657 ASSERT_TRUE(result != nullptr);
3658 result_str = result->h_name ? result->h_name : "null";
3659 EXPECT_EQ(result_str, "v4v6.example.com");
3660 }
3661
TEST_F(ResolverTest,GetHostByAddr_ReverseDns64Query)3662 TEST_F(ResolverTest, GetHostByAddr_ReverseDns64Query) {
3663 constexpr char listen_addr[] = "::1";
3664 constexpr char ptr_name[] = "v4only.example.com.";
3665 // PTR record for IPv4 address 1.2.3.4
3666 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3667 // PTR record for IPv6 address 64:ff9b::1.2.3.4
3668 constexpr char ptr_addr_v6_nomapping[] =
3669 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3670 constexpr char ptr_name_v6_synthesis[] = "v6synthesis.example.com.";
3671 // PTR record for IPv6 address 64:ff9b::5.6.7.8
3672 constexpr char ptr_addr_v6_synthesis[] =
3673 "8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3674 const std::vector<DnsRecord> records = {
3675 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3676 {ptr_addr_v6_synthesis, ns_type::ns_t_ptr, ptr_name_v6_synthesis},
3677 };
3678
3679 test::DNSResponder dns(listen_addr);
3680 StartDns(dns, records);
3681 // "ptr_addr_v6_nomapping" is not mapped in DNS server
3682 const std::vector<std::string> servers = {listen_addr};
3683 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3684 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3685
3686 // Synthesized PTR record doesn't exist on DNS server
3687 // Reverse IPv6 DNS64 query while DNS server doesn't have an answer for synthesized address.
3688 // After querying synthesized address failed, expect that prefix is removed from IPv6
3689 // synthesized address and do reverse IPv4 query instead.
3690 struct in6_addr v6addr;
3691 inet_pton(AF_INET6, "64:ff9b::1.2.3.4", &v6addr);
3692 struct hostent* result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3693 ASSERT_TRUE(result != nullptr);
3694 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_nomapping)); // PTR record not exist
3695 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4)); // PTR record exist
3696 std::string result_str = result->h_name ? result->h_name : "null";
3697 EXPECT_EQ(result_str, "v4only.example.com");
3698 // Check that return address has been mapped from IPv4 to IPv6 address because Netd
3699 // removes NAT64 prefix and does IPv4 DNS reverse lookup in this case. Then, Netd
3700 // fakes the return IPv4 address as original queried IPv6 address.
3701 result_str = ToString(result);
3702 EXPECT_EQ(result_str, "64:ff9b::102:304");
3703 dns.clearQueries();
3704
3705 // Synthesized PTR record exists on DNS server
3706 // Reverse IPv6 DNS64 query while DNS server has an answer for synthesized address.
3707 // Expect to Netd pass through synthesized address for DNS queries.
3708 inet_pton(AF_INET6, "64:ff9b::5.6.7.8", &v6addr);
3709 result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3710 ASSERT_TRUE(result != nullptr);
3711 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_synthesis));
3712 result_str = result->h_name ? result->h_name : "null";
3713 EXPECT_EQ(result_str, "v6synthesis.example.com");
3714 }
3715
TEST_F(ResolverTest,GetHostByAddr_ReverseDns64QueryFromHostFile)3716 TEST_F(ResolverTest, GetHostByAddr_ReverseDns64QueryFromHostFile) {
3717 constexpr char host_name[] = "localhost";
3718 // The address is synthesized by prefix64:localhost.
3719 constexpr char host_addr[] = "64:ff9b::7f00:1";
3720 constexpr char listen_addr[] = "::1";
3721
3722 test::DNSResponder dns(listen_addr);
3723 StartDns(dns, {});
3724 const std::vector<std::string> servers = {listen_addr};
3725 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3726 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3727
3728 // Using synthesized "localhost" address to be a trick for resolving host name
3729 // from host file /etc/hosts and "localhost" is the only name in /etc/hosts. Note that this is
3730 // not realistic: the code never synthesizes AAAA records for addresses in 127.0.0.0/8.
3731 struct in6_addr v6addr;
3732 inet_pton(AF_INET6, host_addr, &v6addr);
3733 struct hostent* result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3734 ASSERT_TRUE(result != nullptr);
3735 // Expect no DNS queries; localhost is resolved via /etc/hosts.
3736 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3737
3738 ASSERT_EQ(sizeof(in6_addr), (unsigned)result->h_length);
3739 ASSERT_EQ(AF_INET6, result->h_addrtype);
3740 std::string result_str = ToString(result);
3741 EXPECT_EQ(result_str, host_addr);
3742 result_str = result->h_name ? result->h_name : "null";
3743 EXPECT_EQ(result_str, host_name);
3744 }
3745
TEST_F(ResolverTest,GetHostByAddr_cnamesClasslessReverseDelegation)3746 TEST_F(ResolverTest, GetHostByAddr_cnamesClasslessReverseDelegation) {
3747 // IPv4 addresses in the subnet with notation '/' or '-'.
3748 constexpr char addr_slash[] = "192.0.2.1";
3749 constexpr char addr_hyphen[] = "192.0.3.1";
3750
3751 // Used to verify DNS reverse query for classless reverse lookup zone. See detail in RFC 2317
3752 // section 4.
3753 const static std::vector<DnsRecord> records = {
3754 // The records for reverse querying "192.0.2.1" in the subnet with notation '/'.
3755 {"1.2.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0/25.2.0.192.in-addr.arpa."},
3756 {"1.0/25.2.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3757
3758 // The records for reverse querying "192.0.3.1" in the subnet with notation '-'.
3759 {"1.3.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0-127.3.0.192.in-addr.arpa."},
3760 {"1.0-127.3.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3761 };
3762
3763 test::DNSResponder dns;
3764 StartDns(dns, records);
3765 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3766
3767 for (const auto& address : {addr_slash, addr_hyphen}) {
3768 SCOPED_TRACE(address);
3769
3770 in_addr v4addr;
3771 ASSERT_TRUE(inet_pton(AF_INET, address, &v4addr));
3772 hostent* result = gethostbyaddr(&v4addr, sizeof(v4addr), AF_INET);
3773 ASSERT_TRUE(result != nullptr);
3774 EXPECT_STREQ("hello.example.com", result->h_name);
3775 }
3776 }
3777
TEST_F(ResolverTest,GetNameInfo_ReverseDnsQueryWithHavingNat64Prefix)3778 TEST_F(ResolverTest, GetNameInfo_ReverseDnsQueryWithHavingNat64Prefix) {
3779 constexpr char listen_addr[] = "::1";
3780 constexpr char ptr_name[] = "v4v6.example.com.";
3781 // PTR record for IPv4 address 1.2.3.4
3782 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3783 // PTR record for IPv6 address 2001:db8::102:304
3784 constexpr char ptr_addr_v6[] =
3785 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.";
3786 const std::vector<DnsRecord> records = {
3787 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3788 {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name},
3789 };
3790
3791 test::DNSResponder dns(listen_addr);
3792 StartDns(dns, records);
3793 const std::vector<std::string> servers = {listen_addr};
3794 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3795 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3796
3797 // clang-format off
3798 static const struct TestConfig {
3799 int flag;
3800 int family;
3801 std::string addr;
3802 std::string host;
3803
3804 std::string asParameters() const {
3805 return fmt::format("flag={}, family={}, addr={}, host={}", flag, family, addr,
3806 host);
3807 }
3808 } testConfigs[]{
3809 {NI_NAMEREQD, AF_INET, "1.2.3.4", "v4v6.example.com"},
3810 {NI_NUMERICHOST, AF_INET, "1.2.3.4", "1.2.3.4"},
3811 {0, AF_INET, "1.2.3.4", "v4v6.example.com"},
3812 {0, AF_INET, "5.6.7.8", "5.6.7.8"}, // unmapped
3813 {NI_NAMEREQD, AF_INET6, "2001:db8::102:304", "v4v6.example.com"},
3814 {NI_NUMERICHOST, AF_INET6, "2001:db8::102:304", "2001:db8::102:304"},
3815 {0, AF_INET6, "2001:db8::102:304", "v4v6.example.com"},
3816 {0, AF_INET6, "2001:db8::506:708", "2001:db8::506:708"}, // unmapped
3817 };
3818 // clang-format on
3819
3820 // Reverse IPv4/IPv6 DNS query. Prefix should have no effect on it.
3821 for (const auto& config : testConfigs) {
3822 SCOPED_TRACE(config.asParameters());
3823
3824 int rv;
3825 char host[NI_MAXHOST];
3826 struct sockaddr_in sin;
3827 struct sockaddr_in6 sin6;
3828 if (config.family == AF_INET) {
3829 memset(&sin, 0, sizeof(sin));
3830 sin.sin_family = AF_INET;
3831 inet_pton(AF_INET, config.addr.c_str(), &sin.sin_addr);
3832 rv = getnameinfo((const struct sockaddr*)&sin, sizeof(sin), host, sizeof(host), nullptr,
3833 0, config.flag);
3834 if (config.flag == NI_NAMEREQD) EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4));
3835 } else if (config.family == AF_INET6) {
3836 memset(&sin6, 0, sizeof(sin6));
3837 sin6.sin6_family = AF_INET6;
3838 inet_pton(AF_INET6, config.addr.c_str(), &sin6.sin6_addr);
3839 rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host),
3840 nullptr, 0, config.flag);
3841 if (config.flag == NI_NAMEREQD) EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6));
3842 }
3843 ASSERT_EQ(0, rv);
3844 std::string result_str = host;
3845 EXPECT_EQ(result_str, config.host);
3846 dns.clearQueries();
3847 }
3848 }
3849
TEST_F(ResolverTest,GetNameInfo_ReverseDns64Query)3850 TEST_F(ResolverTest, GetNameInfo_ReverseDns64Query) {
3851 constexpr char listen_addr[] = "::1";
3852 constexpr char ptr_name[] = "v4only.example.com.";
3853 // PTR record for IPv4 address 1.2.3.4
3854 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3855 // PTR record for IPv6 address 64:ff9b::1.2.3.4
3856 constexpr char ptr_addr_v6_nomapping[] =
3857 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3858 constexpr char ptr_name_v6_synthesis[] = "v6synthesis.example.com.";
3859 // PTR record for IPv6 address 64:ff9b::5.6.7.8
3860 constexpr char ptr_addr_v6_synthesis[] =
3861 "8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3862 const std::vector<DnsRecord> records = {
3863 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3864 {ptr_addr_v6_synthesis, ns_type::ns_t_ptr, ptr_name_v6_synthesis},
3865 };
3866
3867 test::DNSResponder dns(listen_addr);
3868 StartDns(dns, records);
3869 const std::vector<std::string> servers = {listen_addr};
3870 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3871 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3872
3873 // clang-format off
3874 static const struct TestConfig {
3875 bool hasSynthesizedPtrRecord;
3876 int flag;
3877 std::string addr;
3878 std::string host;
3879
3880 std::string asParameters() const {
3881 return fmt::format("hasSynthesizedPtrRecord={}, flag={}, addr={}, host={}",
3882 hasSynthesizedPtrRecord, flag, addr, host);
3883 }
3884 } testConfigs[]{
3885 {false, NI_NAMEREQD, "64:ff9b::102:304", "v4only.example.com"},
3886 {false, NI_NUMERICHOST, "64:ff9b::102:304", "64:ff9b::102:304"},
3887 {false, 0, "64:ff9b::102:304", "v4only.example.com"},
3888 {true, NI_NAMEREQD, "64:ff9b::506:708", "v6synthesis.example.com"},
3889 {true, NI_NUMERICHOST, "64:ff9b::506:708", "64:ff9b::506:708"},
3890 {true, 0, "64:ff9b::506:708", "v6synthesis.example.com"}
3891 };
3892 // clang-format on
3893
3894 // hasSynthesizedPtrRecord = false
3895 // Synthesized PTR record doesn't exist on DNS server
3896 // Reverse IPv6 DNS64 query while DNS server doesn't have an answer for synthesized address.
3897 // After querying synthesized address failed, expect that prefix is removed from IPv6
3898 // synthesized address and do reverse IPv4 query instead.
3899 //
3900 // hasSynthesizedPtrRecord = true
3901 // Synthesized PTR record exists on DNS server
3902 // Reverse IPv6 DNS64 query while DNS server has an answer for synthesized address.
3903 // Expect to just pass through synthesized address for DNS queries.
3904 for (const auto& config : testConfigs) {
3905 SCOPED_TRACE(config.asParameters());
3906
3907 char host[NI_MAXHOST];
3908 struct sockaddr_in6 sin6;
3909 memset(&sin6, 0, sizeof(sin6));
3910 sin6.sin6_family = AF_INET6;
3911 inet_pton(AF_INET6, config.addr.c_str(), &sin6.sin6_addr);
3912 int rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host),
3913 nullptr, 0, config.flag);
3914 ASSERT_EQ(0, rv);
3915 if (config.flag == NI_NAMEREQD) {
3916 if (config.hasSynthesizedPtrRecord) {
3917 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_synthesis));
3918 } else {
3919 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_nomapping)); // PTR record not exist.
3920 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4)); // PTR record exist.
3921 }
3922 }
3923 std::string result_str = host;
3924 EXPECT_EQ(result_str, config.host);
3925 dns.clearQueries();
3926 }
3927 }
3928
TEST_F(ResolverTest,GetNameInfo_ReverseDns64QueryFromHostFile)3929 TEST_F(ResolverTest, GetNameInfo_ReverseDns64QueryFromHostFile) {
3930 constexpr char host_name[] = "localhost";
3931 // The address is synthesized by prefix64:localhost.
3932 constexpr char host_addr[] = "64:ff9b::7f00:1";
3933 constexpr char listen_addr[] = "::1";
3934
3935 test::DNSResponder dns(listen_addr);
3936
3937 StartDns(dns, {});
3938 const std::vector<std::string> servers = {listen_addr};
3939 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3940 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3941
3942 // Using synthesized "localhost" address to be a trick for resolving host name
3943 // from host file /etc/hosts and "localhost" is the only name in /etc/hosts. Note that this is
3944 // not realistic: the code never synthesizes AAAA records for addresses in 127.0.0.0/8.
3945 char host[NI_MAXHOST];
3946 struct sockaddr_in6 sin6 = {.sin6_family = AF_INET6};
3947 inet_pton(AF_INET6, host_addr, &sin6.sin6_addr);
3948 int rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host), nullptr,
3949 0, NI_NAMEREQD);
3950 ASSERT_EQ(0, rv);
3951 // Expect no DNS queries; localhost is resolved via /etc/hosts.
3952 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3953
3954 std::string result_str = host;
3955 EXPECT_EQ(result_str, host_name);
3956 }
3957
TEST_F(ResolverTest,GetNameInfo_cnamesClasslessReverseDelegation)3958 TEST_F(ResolverTest, GetNameInfo_cnamesClasslessReverseDelegation) {
3959 // IPv4 addresses in the subnet with notation '/' or '-'.
3960 constexpr char addr_slash[] = "192.0.2.1";
3961 constexpr char addr_hyphen[] = "192.0.3.1";
3962
3963 // Used to verify DNS reverse query for classless reverse lookup zone. See detail in RFC 2317
3964 // section 4.
3965 const static std::vector<DnsRecord> records = {
3966 // The records for reverse querying "192.0.2.1" in the subnet with notation '/'.
3967 {"1.2.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0/25.2.0.192.in-addr.arpa."},
3968 {"1.0/25.2.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3969
3970 // The records for reverse querying "192.0.3.1" in the subnet with notation '-'.
3971 {"1.3.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0-127.3.0.192.in-addr.arpa."},
3972 {"1.0-127.3.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3973 };
3974
3975 test::DNSResponder dns;
3976 StartDns(dns, records);
3977 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3978
3979 for (const auto& address : {addr_slash, addr_hyphen}) {
3980 SCOPED_TRACE(address);
3981
3982 char host[NI_MAXHOST];
3983 sockaddr_in sin = {.sin_family = AF_INET};
3984 ASSERT_TRUE(inet_pton(AF_INET, address, &sin.sin_addr));
3985 int rv = getnameinfo((const sockaddr*)&sin, sizeof(sin), host, sizeof(host), nullptr, 0,
3986 NI_NAMEREQD);
3987 ASSERT_EQ(0, rv);
3988 EXPECT_STREQ("hello.example.com", host);
3989 }
3990 }
3991
TEST_F(ResolverTest,GetHostByName2_Dns64Synthesize)3992 TEST_F(ResolverTest, GetHostByName2_Dns64Synthesize) {
3993 constexpr char listen_addr[] = "::1";
3994 constexpr char host_name[] = "ipv4only.example.com.";
3995 const std::vector<DnsRecord> records = {
3996 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3997 };
3998
3999 test::DNSResponder dns(listen_addr);
4000 StartDns(dns, records);
4001 const std::vector<std::string> servers = {listen_addr};
4002 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4003 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4004
4005 // Query an IPv4-only hostname. Expect that gets a synthesized address.
4006 struct hostent* result = gethostbyname2("ipv4only", AF_INET6);
4007 ASSERT_TRUE(result != nullptr);
4008 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4009 std::string result_str = ToString(result);
4010 EXPECT_EQ(result_str, "64:ff9b::102:304");
4011 }
4012
TEST_F(ResolverTest,GetHostByName2_DnsQueryWithHavingNat64Prefix)4013 TEST_F(ResolverTest, GetHostByName2_DnsQueryWithHavingNat64Prefix) {
4014 constexpr char host_name[] = "v4v6.example.com.";
4015 constexpr char listen_addr[] = "::1";
4016 const std::vector<DnsRecord> records = {
4017 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4018 {host_name, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
4019 };
4020
4021 test::DNSResponder dns(listen_addr);
4022 StartDns(dns, records);
4023 const std::vector<std::string> servers = {listen_addr};
4024 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4025 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4026
4027 // IPv4 DNS query. Prefix should have no effect on it.
4028 struct hostent* result = gethostbyname2("v4v6", AF_INET);
4029 ASSERT_TRUE(result != nullptr);
4030 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4031 std::string result_str = ToString(result);
4032 EXPECT_EQ(result_str, "1.2.3.4");
4033 dns.clearQueries();
4034
4035 // IPv6 DNS query. Prefix should have no effect on it.
4036 result = gethostbyname2("v4v6", AF_INET6);
4037 ASSERT_TRUE(result != nullptr);
4038 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4039 result_str = ToString(result);
4040 EXPECT_EQ(result_str, "2001:db8::102:304");
4041 }
4042
TEST_F(ResolverTest,GetHostByName2_Dns64QuerySpecialUseIPv4Addresses)4043 TEST_F(ResolverTest, GetHostByName2_Dns64QuerySpecialUseIPv4Addresses) {
4044 constexpr char THIS_NETWORK[] = "this_network";
4045 constexpr char LOOPBACK[] = "loopback";
4046 constexpr char LINK_LOCAL[] = "link_local";
4047 constexpr char MULTICAST[] = "multicast";
4048 constexpr char LIMITED_BROADCAST[] = "limited_broadcast";
4049
4050 constexpr char ADDR_THIS_NETWORK[] = "0.0.0.1";
4051 constexpr char ADDR_LOOPBACK[] = "127.0.0.1";
4052 constexpr char ADDR_LINK_LOCAL[] = "169.254.0.1";
4053 constexpr char ADDR_MULTICAST[] = "224.0.0.1";
4054 constexpr char ADDR_LIMITED_BROADCAST[] = "255.255.255.255";
4055
4056 constexpr char listen_addr[] = "::1";
4057
4058 test::DNSResponder dns(listen_addr);
4059 StartDns(dns, {});
4060 const std::vector<std::string> servers = {listen_addr};
4061 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4062 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4063
4064 // clang-format off
4065 static const struct TestConfig {
4066 std::string name;
4067 std::string addr;
4068
4069 std::string asHostName() const {
4070 return fmt::format("{}.example.com.", name);
4071 }
4072 } testConfigs[]{
4073 {THIS_NETWORK, ADDR_THIS_NETWORK},
4074 {LOOPBACK, ADDR_LOOPBACK},
4075 {LINK_LOCAL, ADDR_LINK_LOCAL},
4076 {MULTICAST, ADDR_MULTICAST},
4077 {LIMITED_BROADCAST, ADDR_LIMITED_BROADCAST}
4078 };
4079 // clang-format on
4080
4081 for (const auto& config : testConfigs) {
4082 const std::string testHostName = config.asHostName();
4083 SCOPED_TRACE(testHostName);
4084
4085 const char* host_name = testHostName.c_str();
4086 dns.addMapping(host_name, ns_type::ns_t_a, config.addr.c_str());
4087
4088 struct hostent* result = gethostbyname2(config.name.c_str(), AF_INET6);
4089 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4090
4091 // In AF_INET6 case, don't synthesize special use IPv4 address.
4092 // Expect to have no answer
4093 EXPECT_EQ(nullptr, result);
4094
4095 dns.clearQueries();
4096 }
4097 }
4098
TEST_F(ResolverTest,PrefixDiscoveryBypassTls)4099 TEST_F(ResolverTest, PrefixDiscoveryBypassTls) {
4100 constexpr char listen_addr[] = "::1";
4101 constexpr char cleartext_port[] = "53";
4102 constexpr char tls_port[] = "853";
4103 constexpr char dns64_name[] = "ipv4only.arpa.";
4104 const std::vector<std::string> servers = {listen_addr};
4105
4106 test::DNSResponder dns(listen_addr);
4107 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});
4108 test::DnsTlsFrontend tls(listen_addr, tls_port, listen_addr, cleartext_port);
4109 ASSERT_TRUE(tls.startServer());
4110
4111 // Setup OPPORTUNISTIC mode and wait for the validation complete.
4112 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
4113 ResolverParams::Builder().setDnsServers(servers).setDotServers(servers).build()));
4114 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4115 EXPECT_TRUE(tls.waitForQueries(1));
4116 tls.clearQueries();
4117
4118 // Start NAT64 prefix discovery and wait for it complete.
4119 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
4120 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4121
4122 // Verify it bypassed TLS even though there's a TLS server available.
4123 EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();
4124 EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();
4125
4126 // Restart the testing network to reset the cache.
4127 mDnsClient.TearDown();
4128 mDnsClient.SetUp();
4129 dns.clearQueries();
4130
4131 // Setup STRICT mode and wait for the validation complete.
4132 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
4133 ResolverParams::Builder()
4134 .setDnsServers(servers)
4135 .setDotServers(servers)
4136 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
4137 .build()));
4138 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4139 EXPECT_TRUE(tls.waitForQueries(1));
4140 tls.clearQueries();
4141
4142 // Start NAT64 prefix discovery and wait for it to complete.
4143 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
4144 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4145
4146 // Verify it bypassed TLS despite STRICT mode.
4147 EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();
4148 EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();
4149 }
4150
TEST_F(ResolverTest,SetAndClearNat64Prefix)4151 TEST_F(ResolverTest, SetAndClearNat64Prefix) {
4152 constexpr char host_name[] = "v4.example.com.";
4153 constexpr char listen_addr[] = "::1";
4154 const std::vector<DnsRecord> records = {
4155 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4156 };
4157
4158 test::DNSResponder dns(listen_addr);
4159 StartDns(dns, records);
4160 const std::vector<std::string> servers = {listen_addr};
4161 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4162
4163 auto resolvService = mDnsClient.resolvService();
4164 addrinfo hints = {.ai_family = AF_INET6};
4165
4166 // No NAT64 prefix, no AAAA record.
4167 ScopedAddrinfo result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4168 ASSERT_TRUE(result == nullptr);
4169
4170 // Set the prefix, and expect to get a synthesized AAAA record.
4171 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix2).isOk());
4172 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4173 ASSERT_FALSE(result == nullptr);
4174 EXPECT_EQ("2001:db8:6464::102:304", ToString(result));
4175
4176 // Update the prefix, expect to see AAAA records from the new prefix.
4177 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4178 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4179 ASSERT_FALSE(result == nullptr);
4180 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4181
4182 // Non-/96 prefixes are ignored.
4183 auto status = resolvService->setPrefix64(TEST_NETID, "64:ff9b::/64");
4184 EXPECT_FALSE(status.isOk());
4185 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4186 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4187
4188 // Invalid prefixes are ignored.
4189 status = resolvService->setPrefix64(TEST_NETID, "192.0.2.0/24");
4190 EXPECT_FALSE(status.isOk());
4191 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4192 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4193
4194 status = resolvService->setPrefix64(TEST_NETID, "192.0.2.1");
4195 EXPECT_FALSE(status.isOk());
4196 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4197 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4198
4199 status = resolvService->setPrefix64(TEST_NETID, "hello");
4200 EXPECT_FALSE(status.isOk());
4201 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4202 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4203
4204 // DNS64 synthesis is still working.
4205 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4206 ASSERT_FALSE(result == nullptr);
4207 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4208
4209 // Clear the prefix. No AAAA records any more.
4210 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, "").isOk());
4211 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4212 EXPECT_TRUE(result == nullptr);
4213
4214 // Calling startPrefix64Discovery clears the prefix.
4215 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4216 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4217 ASSERT_FALSE(result == nullptr);
4218 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4219
4220 EXPECT_TRUE(resolvService->startPrefix64Discovery(TEST_NETID).isOk());
4221 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4222 ASSERT_TRUE(result == nullptr);
4223
4224 // setPrefix64 fails if prefix discovery is started, even if no prefix is yet discovered...
4225 status = resolvService->setPrefix64(TEST_NETID, kNat64Prefix);
4226 EXPECT_FALSE(status.isOk());
4227 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4228 EXPECT_EQ(EEXIST, status.getServiceSpecificError());
4229
4230 // .. and clearing the prefix also has no effect.
4231 status = resolvService->setPrefix64(TEST_NETID, "");
4232 EXPECT_FALSE(status.isOk());
4233 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4234 EXPECT_EQ(ENOENT, status.getServiceSpecificError());
4235
4236 // setPrefix64 succeeds again when prefix discovery is stopped.
4237 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4238 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4239 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4240 ASSERT_FALSE(result == nullptr);
4241 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4242
4243 // Calling stopPrefix64Discovery clears the prefix.
4244 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4245 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4246 ASSERT_TRUE(result == nullptr);
4247
4248 // Set up NAT64 prefix discovery.
4249 constexpr char dns64_name[] = "ipv4only.arpa.";
4250 const std::vector<DnsRecord> newRecords = {
4251 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4252 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
4253 };
4254 dns.stopServer();
4255 StartDns(dns, newRecords);
4256
4257 EXPECT_TRUE(resolvService->startPrefix64Discovery(TEST_NETID).isOk());
4258 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4259 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4260 ASSERT_FALSE(result == nullptr);
4261 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4262
4263 // setPrefix64 fails if NAT64 prefix discovery has succeeded, and the discovered prefix
4264 // continues to be used.
4265 status = resolvService->setPrefix64(TEST_NETID, kNat64Prefix2);
4266 EXPECT_FALSE(status.isOk());
4267 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4268 EXPECT_EQ(EEXIST, status.getServiceSpecificError());
4269
4270 // Clearing the prefix also has no effect if discovery is started.
4271 status = resolvService->setPrefix64(TEST_NETID, "");
4272 EXPECT_FALSE(status.isOk());
4273 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4274 EXPECT_EQ(ENOENT, status.getServiceSpecificError());
4275
4276 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4277 ASSERT_FALSE(result == nullptr);
4278 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4279
4280 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4281 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
4282
4283 EXPECT_EQ(0, sDnsMetricsListener->getUnexpectedNat64PrefixUpdates());
4284 EXPECT_EQ(0, sUnsolicitedEventListener->getUnexpectedNat64PrefixUpdates());
4285 }
4286
4287 namespace {
4288
4289 class ScopedSetNetworkForProcess {
4290 public:
ScopedSetNetworkForProcess(unsigned netId)4291 explicit ScopedSetNetworkForProcess(unsigned netId) {
4292 mStoredNetId = getNetworkForProcess();
4293 if (netId == mStoredNetId) return;
4294 EXPECT_EQ(0, setNetworkForProcess(netId));
4295 }
~ScopedSetNetworkForProcess()4296 ~ScopedSetNetworkForProcess() { EXPECT_EQ(0, setNetworkForProcess(mStoredNetId)); }
4297
4298 private:
4299 unsigned mStoredNetId;
4300 };
4301
4302 class ScopedSetNetworkForResolv {
4303 public:
ScopedSetNetworkForResolv(unsigned netId)4304 explicit ScopedSetNetworkForResolv(unsigned netId) { EXPECT_EQ(0, setNetworkForResolv(netId)); }
~ScopedSetNetworkForResolv()4305 ~ScopedSetNetworkForResolv() { EXPECT_EQ(0, setNetworkForResolv(NETID_UNSET)); }
4306 };
4307
sendCommand(int fd,const std::string & cmd)4308 void sendCommand(int fd, const std::string& cmd) {
4309 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size() + 1));
4310 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size() + 1));
4311 }
4312
readBE32(int fd)4313 int32_t readBE32(int fd) {
4314 int32_t tmp;
4315 int n = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
4316 EXPECT_TRUE(n > 0);
4317 return ntohl(tmp);
4318 }
4319
readResponseCode(int fd)4320 int readResponseCode(int fd) {
4321 char buf[4];
4322 int n = TEMP_FAILURE_RETRY(read(fd, &buf, sizeof(buf)));
4323 EXPECT_TRUE(n > 0);
4324 // The format of response code is that 4 bytes for the code & null.
4325 buf[3] = '\0';
4326 int result;
4327 EXPECT_TRUE(ParseInt(buf, &result));
4328 return result;
4329 }
4330
checkAndClearUseLocalNameserversFlag(unsigned * netid)4331 bool checkAndClearUseLocalNameserversFlag(unsigned* netid) {
4332 if (netid == nullptr || ((*netid) & NETID_USE_LOCAL_NAMESERVERS) == 0) {
4333 return false;
4334 }
4335 *netid = (*netid) & ~NETID_USE_LOCAL_NAMESERVERS;
4336 return true;
4337 }
4338
makeUidRangeParcel(int start,int stop)4339 aidl::android::net::UidRangeParcel makeUidRangeParcel(int start, int stop) {
4340 aidl::android::net::UidRangeParcel res;
4341 res.start = start;
4342 res.stop = stop;
4343
4344 return res;
4345 }
4346
expectNetIdWithLocalNameserversFlag(unsigned netId)4347 void expectNetIdWithLocalNameserversFlag(unsigned netId) {
4348 unsigned dnsNetId = 0;
4349 EXPECT_EQ(0, getNetworkForDns(&dnsNetId));
4350 EXPECT_TRUE(checkAndClearUseLocalNameserversFlag(&dnsNetId));
4351 EXPECT_EQ(netId, static_cast<unsigned>(dnsNetId));
4352 }
4353
expectDnsNetIdEquals(unsigned netId)4354 void expectDnsNetIdEquals(unsigned netId) {
4355 unsigned dnsNetId = 0;
4356 EXPECT_EQ(0, getNetworkForDns(&dnsNetId));
4357 EXPECT_EQ(netId, static_cast<unsigned>(dnsNetId));
4358 }
4359
expectDnsNetIdIsDefaultNetwork(INetd * netdService)4360 void expectDnsNetIdIsDefaultNetwork(INetd* netdService) {
4361 int currentNetid;
4362 EXPECT_TRUE(netdService->networkGetDefault(¤tNetid).isOk());
4363 expectDnsNetIdEquals(currentNetid);
4364 }
4365
expectDnsNetIdWithVpn(INetd * netdService,unsigned vpnNetId,unsigned expectedNetId)4366 void expectDnsNetIdWithVpn(INetd* netdService, unsigned vpnNetId, unsigned expectedNetId) {
4367 if (DnsResponderClient::isRemoteVersionSupported(netdService, 6)) {
4368 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
4369 vpnNetId, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE, /*secure=*/false);
4370 EXPECT_TRUE(netdService->networkCreate(config).isOk());
4371 } else {
4372 #pragma clang diagnostic push
4373 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
4374 EXPECT_TRUE(netdService->networkCreateVpn(vpnNetId, false /* secure */).isOk());
4375 #pragma clang diagnostic pop
4376 }
4377
4378 uid_t uid = getuid();
4379 // Add uid to VPN
4380 EXPECT_TRUE(netdService->networkAddUidRanges(vpnNetId, {makeUidRangeParcel(uid, uid)}).isOk());
4381 expectDnsNetIdEquals(expectedNetId);
4382 EXPECT_TRUE(netdService->networkDestroy(vpnNetId).isOk());
4383 }
4384
4385 } // namespace
4386
TEST_F(ResolverTest,getDnsNetId)4387 TEST_F(ResolverTest, getDnsNetId) {
4388 // We've called setNetworkForProcess in SetupOemNetwork, so reset to default first.
4389 setNetworkForProcess(NETID_UNSET);
4390
4391 expectDnsNetIdIsDefaultNetwork(mDnsClient.netdService());
4392 expectDnsNetIdWithVpn(mDnsClient.netdService(), TEST_VPN_NETID, TEST_VPN_NETID);
4393
4394 // Test with setNetworkForProcess
4395 {
4396 ScopedSetNetworkForProcess scopedSetNetworkForProcess(TEST_NETID);
4397 expectDnsNetIdEquals(TEST_NETID);
4398 }
4399
4400 // Test with setNetworkForProcess with NETID_USE_LOCAL_NAMESERVERS
4401 {
4402 ScopedSetNetworkForProcess scopedSetNetworkForProcess(TEST_NETID |
4403 NETID_USE_LOCAL_NAMESERVERS);
4404 expectNetIdWithLocalNameserversFlag(TEST_NETID);
4405 }
4406
4407 // Test with setNetworkForResolv
4408 {
4409 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID);
4410 expectDnsNetIdEquals(TEST_NETID);
4411 }
4412
4413 // Test with setNetworkForResolv with NETID_USE_LOCAL_NAMESERVERS
4414 {
4415 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID |
4416 NETID_USE_LOCAL_NAMESERVERS);
4417 expectNetIdWithLocalNameserversFlag(TEST_NETID);
4418 }
4419
4420 // Test with setNetworkForResolv under bypassable vpn
4421 {
4422 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID);
4423 expectDnsNetIdWithVpn(mDnsClient.netdService(), TEST_VPN_NETID, TEST_NETID);
4424 }
4425
4426 // Create socket connected to DnsProxyListener
4427 int fd = dns_open_proxy();
4428 EXPECT_TRUE(fd > 0);
4429 unique_fd ufd(fd);
4430
4431 // Test command with wrong netId
4432 sendCommand(fd, "getdnsnetid abc");
4433 EXPECT_EQ(ResponseCode::DnsProxyQueryResult, readResponseCode(fd));
4434 EXPECT_EQ(-EINVAL, readBE32(fd));
4435
4436 // Test unsupported command
4437 sendCommand(fd, "getdnsnetidNotSupported");
4438 // Keep in sync with FrameworkListener.cpp (500, "Command not recognized")
4439 EXPECT_EQ(500, readResponseCode(fd));
4440 }
4441
TEST_F(ResolverTest,BlockDnsQueryWithUidRule)4442 TEST_F(ResolverTest, BlockDnsQueryWithUidRule) {
4443 SKIP_IF_BPF_NOT_SUPPORTED;
4444 constexpr char listen_addr1[] = "127.0.0.4";
4445 constexpr char listen_addr2[] = "::1";
4446 constexpr char host_name[] = "howdy.example.com.";
4447 const std::vector<DnsRecord> records = {
4448 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4449 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4450 };
4451 INetd* netdService = mDnsClient.netdService();
4452
4453 test::DNSResponder dns1(listen_addr1);
4454 test::DNSResponder dns2(listen_addr2);
4455 StartDns(dns1, records);
4456 StartDns(dns2, records);
4457
4458 std::vector<std::string> servers = {listen_addr1, listen_addr2};
4459 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4460 dns1.clearQueries();
4461 dns2.clearQueries();
4462
4463 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4464 // Dns Query
4465 int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4466 int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4467 EXPECT_TRUE(fd1 != -1);
4468 EXPECT_TRUE(fd2 != -1);
4469
4470 uint8_t buf1[MAXPACKET] = {};
4471 uint8_t buf2[MAXPACKET] = {};
4472 int rcode;
4473 int res2 = getAsyncResponse(fd2, &rcode, buf2, MAXPACKET);
4474 int res1 = getAsyncResponse(fd1, &rcode, buf1, MAXPACKET);
4475 // If API level >= 30 (R+), these queries should be blocked.
4476 if (isAtLeastR) {
4477 EXPECT_EQ(res2, -ECONNREFUSED);
4478 EXPECT_EQ(res1, -ECONNREFUSED);
4479 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, EAI_SYSTEM, "howdy.example.com", {});
4480 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, EAI_SYSTEM, "howdy.example.com", {});
4481 } else {
4482 EXPECT_GT(res2, 0);
4483 EXPECT_EQ("::1.2.3.4", toString(buf2, res2, AF_INET6));
4484 EXPECT_GT(res1, 0);
4485 EXPECT_EQ("1.2.3.4", toString(buf1, res1, AF_INET));
4486 // To avoid flaky test, do not evaluate DnsEvent since event order is not guaranteed.
4487 }
4488 }
4489
TEST_F(ResolverTest,GetAddrinfo_BlockDnsQueryWithUidRule)4490 TEST_F(ResolverTest, GetAddrinfo_BlockDnsQueryWithUidRule) {
4491 SKIP_IF_BPF_NOT_SUPPORTED;
4492 constexpr char listen_addr1[] = "127.0.0.4";
4493 constexpr char listen_addr2[] = "::1";
4494 constexpr char host_name[] = "howdy.example.com.";
4495 const std::vector<DnsRecord> records = {
4496 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4497 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4498 };
4499 test::DNSResponder dns1(listen_addr1);
4500 test::DNSResponder dns2(listen_addr2);
4501 StartDns(dns1, records);
4502 StartDns(dns2, records);
4503
4504 std::vector<std::string> servers = {listen_addr1, listen_addr2};
4505 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4506
4507 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
4508
4509 static struct {
4510 const char* hname;
4511 const int expectedErrorCode;
4512 } kTestData[] = {
4513 {host_name, EAI_NODATA},
4514 // To test the query with search domain.
4515 {"howdy", EAI_AGAIN},
4516 };
4517
4518 INetd* netdService = mDnsClient.netdService();
4519 for (auto& td : kTestData) {
4520 SCOPED_TRACE(td.hname);
4521 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4522 // If API level >= 30 (R+), these queries should be blocked.
4523 if (isAtLeastR) {
4524 addrinfo* result = nullptr;
4525 // getaddrinfo() in bionic would convert all errors to EAI_NODATA
4526 // except EAI_SYSTEM.
4527 EXPECT_EQ(EAI_NODATA, getaddrinfo(td.hname, nullptr, &hints, &result));
4528 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, td.expectedErrorCode, td.hname,
4529 {});
4530 } else {
4531 ScopedAddrinfo result = safe_getaddrinfo(td.hname, nullptr, &hints);
4532 EXPECT_NE(nullptr, result);
4533 EXPECT_THAT(ToStrings(result),
4534 testing::UnorderedElementsAreArray({"1.2.3.4", "::1.2.3.4"}));
4535 // To avoid flaky test, do not evaluate DnsEvent since event order is not guaranteed.
4536 }
4537 }
4538 }
4539
TEST_F(ResolverTest,EnforceDnsUid)4540 TEST_F(ResolverTest, EnforceDnsUid) {
4541 SKIP_IF_BPF_NOT_SUPPORTED;
4542 constexpr char listen_addr1[] = "127.0.0.4";
4543 constexpr char listen_addr2[] = "::1";
4544 constexpr char host_name[] = "howdy.example.com.";
4545 const std::vector<DnsRecord> records = {
4546 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4547 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4548 };
4549 INetd* netdService = mDnsClient.netdService();
4550
4551 test::DNSResponder dns1(listen_addr1);
4552 test::DNSResponder dns2(listen_addr2);
4553 StartDns(dns1, records);
4554 StartDns(dns2, records);
4555
4556 // switch uid of DNS queries from applications to AID_DNS
4557 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4558 parcel.servers = {listen_addr1, listen_addr2};
4559 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
4560
4561 uint8_t buf[MAXPACKET] = {};
4562 uint8_t buf2[MAXPACKET] = {};
4563 int rcode;
4564 {
4565 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4566 // Dns Queries should be blocked
4567 const int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4568 const int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4569 EXPECT_TRUE(fd1 != -1);
4570 EXPECT_TRUE(fd2 != -1);
4571
4572 const int res2 = getAsyncResponse(fd2, &rcode, buf2, MAXPACKET);
4573 const int res1 = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
4574 // If API level >= 30 (R+), the query should be blocked.
4575 if (isAtLeastR) {
4576 EXPECT_EQ(res2, -ECONNREFUSED);
4577 EXPECT_EQ(res1, -ECONNREFUSED);
4578 } else {
4579 EXPECT_GT(res2, 0);
4580 EXPECT_EQ("::1.2.3.4", toString(buf2, res2, AF_INET6));
4581 EXPECT_GT(res1, 0);
4582 EXPECT_EQ("1.2.3.4", toString(buf, res1, AF_INET));
4583 }
4584 }
4585
4586 memset(buf, 0, MAXPACKET);
4587 ResolverOptionsParcel resolverOptions;
4588 resolverOptions.enforceDnsUid = true;
4589 if (!mIsResolverOptionIPCSupported) {
4590 parcel.resolverOptions = resolverOptions;
4591 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
4592 } else {
4593 ASSERT_TRUE(mDnsClient.resolvService()
4594 ->setResolverOptions(parcel.netId, resolverOptions)
4595 .isOk());
4596 }
4597
4598 {
4599 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4600 // Dns Queries should NOT be blocked
4601 int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4602 int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4603 EXPECT_TRUE(fd1 != -1);
4604 EXPECT_TRUE(fd2 != -1);
4605
4606 int res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
4607 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
4608
4609 memset(buf, 0, MAXPACKET);
4610 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
4611 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
4612
4613 // @TODO: So far we know that uid of DNS queries are no more set to DNS requester. But we
4614 // don't check if they are actually being set to AID_DNS, because system uids are always
4615 // allowed in bpf_owner_match(). Audit by firewallSetUidRule(AID_DNS) + sending queries is
4616 // infeasible. Fix it if the behavior of bpf_owner_match() is changed in the future, or if
4617 // we have better idea to deal with this.
4618 }
4619 }
4620
TEST_F(ResolverTest,ConnectTlsServerTimeout)4621 TEST_F(ResolverTest, ConnectTlsServerTimeout) {
4622 constexpr char hostname1[] = "query1.example.com.";
4623 constexpr char hostname2[] = "query2.example.com.";
4624 const std::vector<DnsRecord> records = {
4625 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
4626 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
4627 };
4628
4629 // TODO: Remove it after b/254186357 is clarified.
4630 ASSERT_TRUE(mDnsClient.resolvService()
4631 ->setLogSeverity(aidl::android::net::IDnsResolver::DNS_RESOLVER_LOG_VERBOSE)
4632 .isOk());
4633
4634 static const struct TestConfig {
4635 bool asyncHandshake;
4636 int maxRetries;
4637
4638 // if asyncHandshake:
4639 // expectedTimeout = Min(DotQueryTimeoutMs, dotConnectTimeoutMs * maxRetries)
4640 // otherwise:
4641 // expectedTimeout = dotConnectTimeoutMs
4642 int expectedTimeout;
4643 } testConfigs[] = {
4644 // Test mis-configured dot_maxtries flag.
4645 {false, 0, 1000}, {true, 0, 1000},
4646
4647 {false, 1, 1000}, {false, 3, 1000}, {true, 1, 1000}, {true, 3, 3000},
4648 };
4649
4650 for (const auto& config : testConfigs) {
4651 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", config.asyncHandshake, config.maxRetries));
4652
4653 // Because a DnsTlsTransport lasts at least 5 minutes in spite of network
4654 // destroyed, let the resolver creates an unique DnsTlsTransport every time
4655 // so that the DnsTlsTransport won't interfere the other tests.
4656 const std::string addr = getUniqueIPv4Address();
4657 test::DNSResponder dns(addr);
4658 StartDns(dns, records);
4659 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4660 ASSERT_TRUE(tls.startServer());
4661
4662 // The resolver will adjust the timeout value to 1000ms since the value is too small.
4663 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag, "100");
4664
4665 // Infinite timeout.
4666 ScopedSystemProperties sp2(kDotQueryTimeoutMsFlag, "-1");
4667
4668 ScopedSystemProperties sp3(kDotAsyncHandshakeFlag, config.asyncHandshake ? "1" : "0");
4669 ScopedSystemProperties sp4(kDotMaxretriesFlag, std::to_string(config.maxRetries));
4670
4671 // Don't skip unusable DoT servers and disable revalidation for this test.
4672 ScopedSystemProperties sp5(kDotXportUnusableThresholdFlag, "-1");
4673 ScopedSystemProperties sp6(kDotRevalidationThresholdFlag, "-1");
4674 resetNetwork();
4675
4676 // Set up resolver to opportunistic mode.
4677 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4678 parcel.servers = {addr};
4679 parcel.tlsServers = {addr};
4680 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4681 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4682 EXPECT_TRUE(tls.waitForQueries(1));
4683 tls.clearQueries();
4684 dns.clearQueries();
4685
4686 // The server becomes unresponsive to the handshake request.
4687 tls.setHangOnHandshakeForTesting(true);
4688
4689 // Expect the things happening in getaddrinfo():
4690 // 1. Connect to the private DNS server.
4691 // 2. SSL handshake times out.
4692 // 3. Fallback to UDP transport, and then get the answer.
4693 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
4694 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(hostname1, nullptr, hints);
4695
4696 EXPECT_NE(nullptr, result);
4697 EXPECT_EQ(0, tls.queries());
4698 EXPECT_EQ(1U, GetNumQueries(dns, hostname1));
4699 EXPECT_EQ(records.at(0).addr, ToString(result));
4700
4701 // A loose upper bound is set by adding 1000ms buffer time. Theoretically, getaddrinfo()
4702 // should just take a bit more than expetTimeout milliseconds.
4703 EXPECT_GE(timeTakenMs, config.expectedTimeout);
4704 EXPECT_LE(timeTakenMs, config.expectedTimeout + 1000);
4705
4706 // Set the server to be responsive. Verify that the resolver will attempt to reconnect
4707 // to the server and then get the result within the timeout.
4708 tls.setHangOnHandshakeForTesting(false);
4709 std::tie(result, timeTakenMs) = safe_getaddrinfo_time_taken(hostname2, nullptr, hints);
4710
4711 EXPECT_NE(nullptr, result);
4712 EXPECT_TRUE(tls.waitForQueries(1));
4713 EXPECT_EQ(1U, GetNumQueries(dns, hostname2));
4714 EXPECT_EQ(records.at(1).addr, ToString(result));
4715
4716 EXPECT_LE(timeTakenMs, 1000);
4717 }
4718
4719 // TODO: Remove it after b/254186357 is clarified.
4720 ASSERT_TRUE(mDnsClient.resolvService()
4721 ->setLogSeverity(aidl::android::net::IDnsResolver::DNS_RESOLVER_LOG_INFO)
4722 .isOk());
4723 }
4724
TEST_F(ResolverTest,ConnectTlsServerTimeout_ConcurrentQueries)4725 TEST_F(ResolverTest, ConnectTlsServerTimeout_ConcurrentQueries) {
4726 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4727 constexpr char hostname[] = "hello.example.com.";
4728 const std::vector<DnsRecord> records = {
4729 {hostname, ns_type::ns_t_a, "1.2.3.4"},
4730 };
4731 int testConfigCount = 0;
4732
4733 static const struct TestConfig {
4734 bool asyncHandshake;
4735 int dotConnectTimeoutMs;
4736 int dotQueryTimeoutMs;
4737 int maxRetries;
4738 int concurrency;
4739
4740 // if asyncHandshake:
4741 // expectedTimeout = Min(DotQueryTimeoutMs, dotConnectTimeoutMs * maxRetries)
4742 // otherwise:
4743 // expectedTimeout = dotConnectTimeoutMs * concurrency
4744 int expectedTimeout;
4745 } testConfigs[] = {
4746 // clang-format off
4747 {false, 1000, 3000, 1, 5, 5000},
4748 {false, 1000, 3000, 3, 5, 5000},
4749 {false, 2000, 1500, 3, 2, 4000},
4750 {true, 1000, 3000, 1, 5, 1000},
4751 {true, 2500, 1500, 1, 10, 1500},
4752 {true, 1000, 5000, 3, 5, 3000},
4753 // clang-format on
4754 };
4755
4756 // Launch query threads. Expected behaviors are:
4757 // - when dot_async_handshake is disabled, one of the query threads triggers a
4758 // handshake and then times out. Then same as another query thread, and so forth.
4759 // - when dot_async_handshake is enabled, only one handshake is triggered, and then
4760 // all of the query threads time out at the same time.
4761 for (const auto& config : testConfigs) {
4762 testConfigCount++;
4763 ScopedSystemProperties sp1(kDotQueryTimeoutMsFlag,
4764 std::to_string(config.dotQueryTimeoutMs));
4765 ScopedSystemProperties sp2(kDotConnectTimeoutMsFlag,
4766 std::to_string(config.dotConnectTimeoutMs));
4767 ScopedSystemProperties sp3(kDotAsyncHandshakeFlag, config.asyncHandshake ? "1" : "0");
4768 ScopedSystemProperties sp4(kDotMaxretriesFlag, std::to_string(config.maxRetries));
4769
4770 // Don't skip unusable DoT servers and disable revalidation for this test.
4771 ScopedSystemProperties sp5(kDotXportUnusableThresholdFlag, "-1");
4772 ScopedSystemProperties sp6(kDotRevalidationThresholdFlag, "-1");
4773 resetNetwork();
4774
4775 for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) {
4776 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", testConfigCount, dnsMode));
4777
4778 // Because a DnsTlsTransport lasts at least 5 minutes in spite of network
4779 // destroyed, let the resolver creates an unique DnsTlsTransport every time
4780 // so that the DnsTlsTransport won't interfere the other tests.
4781 const std::string addr = getUniqueIPv4Address();
4782 test::DNSResponder dns(addr);
4783 StartDns(dns, records);
4784 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4785 ASSERT_TRUE(tls.startServer());
4786
4787 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4788 parcel.servers = {addr};
4789 parcel.tlsServers = {addr};
4790 if (dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4791 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4792 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4793 EXPECT_TRUE(tls.waitForQueries(1));
4794
4795 // The server becomes unresponsive to the handshake request.
4796 tls.setHangOnHandshakeForTesting(true);
4797
4798 Stopwatch s;
4799 std::vector<std::thread> threads(config.concurrency);
4800 for (std::thread& thread : threads) {
4801 thread = std::thread([&]() {
4802 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4803 dnsMode == "STRICT" ? expectAnswersNotValid(fd, -ETIMEDOUT)
4804 : expectAnswersValid(fd, AF_INET, "1.2.3.4");
4805 });
4806 }
4807 for (std::thread& thread : threads) {
4808 thread.join();
4809 }
4810
4811 const int timeTakenMs = s.timeTakenUs() / 1000;
4812 // A loose upper bound is set by adding 1000ms buffer time. Theoretically, it should
4813 // just take a bit more than expetTimeout milliseconds for the result.
4814 EXPECT_GE(timeTakenMs, config.expectedTimeout);
4815 EXPECT_LE(timeTakenMs, config.expectedTimeout + 1000);
4816
4817 // Recover the server from being unresponsive and try again.
4818 tls.setHangOnHandshakeForTesting(false);
4819 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4820 if (dnsMode == "STRICT" && config.asyncHandshake &&
4821 config.dotQueryTimeoutMs < (config.dotConnectTimeoutMs * config.maxRetries)) {
4822 // In this case, the connection handshake is supposed to be in progress. Queries
4823 // sent before the handshake finishes will time out (either due to connect timeout
4824 // or query timeout).
4825 expectAnswersNotValid(fd, -ETIMEDOUT);
4826 } else {
4827 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4828 }
4829 }
4830 }
4831 }
4832
TEST_F(ResolverTest,QueryTlsServerTimeout)4833 TEST_F(ResolverTest, QueryTlsServerTimeout) {
4834 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4835 constexpr int INFINITE_QUERY_TIMEOUT = -1;
4836 constexpr int DOT_SERVER_UNRESPONSIVE_TIME_MS = 5000;
4837 constexpr char hostname1[] = "query1.example.com.";
4838 constexpr char hostname2[] = "query2.example.com.";
4839 const std::vector<DnsRecord> records = {
4840 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
4841 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
4842 };
4843
4844 for (const int queryTimeoutMs : {INFINITE_QUERY_TIMEOUT, 1000}) {
4845 for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) {
4846 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", dnsMode, queryTimeoutMs));
4847
4848 const std::string addr = getUniqueIPv4Address();
4849 test::DNSResponder dns(addr);
4850 StartDns(dns, records);
4851 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4852 ASSERT_TRUE(tls.startServer());
4853
4854 ScopedSystemProperties sp(kDotQueryTimeoutMsFlag, std::to_string(queryTimeoutMs));
4855
4856 // Don't skip unusable DoT servers and disable revalidation for this test.
4857 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag, "-1");
4858 ScopedSystemProperties sp3(kDotRevalidationThresholdFlag, "-1");
4859 resetNetwork();
4860
4861 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4862 parcel.servers = {addr};
4863 parcel.tlsServers = {addr};
4864 if (dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4865
4866 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4867 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4868 EXPECT_TRUE(tls.waitForQueries(1));
4869 tls.clearQueries();
4870
4871 // Set the DoT server to be unresponsive to DNS queries until either it receives
4872 // 2 queries or 5s later.
4873 tls.setDelayQueries(2);
4874 tls.setDelayQueriesTimeout(DOT_SERVER_UNRESPONSIVE_TIME_MS);
4875
4876 // First query.
4877 Stopwatch s;
4878 int fd = resNetworkQuery(TEST_NETID, hostname1, ns_c_in, ns_t_a, cacheFlag);
4879 if (dnsMode == "STRICT" && queryTimeoutMs != INFINITE_QUERY_TIMEOUT) {
4880 expectAnswersNotValid(fd, -ETIMEDOUT);
4881 } else {
4882 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4883 }
4884
4885 // Besides checking the result of the query, check how much time the
4886 // resolver processed the query.
4887 int timeTakenMs = s.getTimeAndResetUs() / 1000;
4888 const int expectedTimeTakenMs = (queryTimeoutMs == INFINITE_QUERY_TIMEOUT)
4889 ? DOT_SERVER_UNRESPONSIVE_TIME_MS
4890 : queryTimeoutMs;
4891 EXPECT_GE(timeTakenMs, expectedTimeTakenMs);
4892 EXPECT_LE(timeTakenMs, expectedTimeTakenMs + 1000);
4893
4894 // Second query.
4895 tls.setDelayQueries(1);
4896 fd = resNetworkQuery(TEST_NETID, hostname2, ns_c_in, ns_t_a, cacheFlag);
4897 expectAnswersValid(fd, AF_INET, "1.2.3.5");
4898
4899 // Also check how much time the resolver processed the query.
4900 timeTakenMs = s.timeTakenUs() / 1000;
4901 EXPECT_LE(timeTakenMs, 500);
4902 EXPECT_TRUE(tls.waitForQueries(2));
4903 }
4904 }
4905 }
4906
4907 // Tests that the DnsResolver can skip using unusable DoT servers if dot_xport_unusable_threshold
4908 // flag is set. In this test, we make test DoT servers unresponsive during connection handshake,
4909 // so the DnsResolver will skip using a DoT server if the number of timed out queries reaches
4910 // the threshold.
TEST_F(ResolverTest,SkipUnusableTlsServer)4911 TEST_F(ResolverTest, SkipUnusableTlsServer) {
4912 constexpr int DOT_CONNECT_TIMEOUT_MS = 1000;
4913
4914 static const struct TestConfig {
4915 int dotXportUnusableThreshold;
4916 int queries;
4917 int expectedQueriesSentToDot1;
4918 int expectedQueriesSentToDot2;
4919 } testConfigs[] = {
4920 // clang-format off
4921 // expectedQueriesSentToDot2 is 0 because dot_quick_fallback flag is set.
4922 {-1, 3, 3, 0},
4923 { 1, 3, 1, 1},
4924 { 3, 10, 3, 3},
4925 // clang-format on
4926 };
4927
4928 for (const auto& config : testConfigs) {
4929 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}, {}]", config.dotXportUnusableThreshold,
4930 config.queries, config.expectedQueriesSentToDot1,
4931 config.expectedQueriesSentToDot2));
4932
4933 const std::string addr1 = getUniqueIPv4Address();
4934 const std::string addr2 = getUniqueIPv4Address();
4935 test::DNSResponder dns1(addr1);
4936 test::DNSResponder dns2(addr2);
4937 test::DnsTlsFrontend dot1(addr1, "853", addr1, "53");
4938 test::DnsTlsFrontend dot2(addr2, "853", addr2, "53");
4939 dns1.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
4940 dns2.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
4941 ASSERT_TRUE(dns1.startServer());
4942 ASSERT_TRUE(dns2.startServer());
4943 ASSERT_TRUE(dot1.startServer());
4944 ASSERT_TRUE(dot2.startServer());
4945
4946 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag,
4947 std::to_string(DOT_CONNECT_TIMEOUT_MS));
4948 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag,
4949 std::to_string(config.dotXportUnusableThreshold));
4950 ScopedSystemProperties sp3(kDotQuickFallbackFlag, "1");
4951 ScopedSystemProperties sp4(kDotRevalidationThresholdFlag, "-1");
4952 resetNetwork();
4953
4954 // Private DNS opportunistic mode.
4955 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4956 parcel.servers = {addr1, addr2};
4957 parcel.tlsServers = {addr1, addr2};
4958 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4959
4960 EXPECT_TRUE(WaitForPrivateDnsValidation(dot1.listen_address(), true));
4961 EXPECT_TRUE(WaitForPrivateDnsValidation(dot2.listen_address(), true));
4962 EXPECT_TRUE(dot1.waitForQueries(1));
4963 EXPECT_TRUE(dot2.waitForQueries(1));
4964 dot1.clearQueries();
4965 dot2.clearQueries();
4966 dot1.clearConnectionsCount();
4967 dot2.clearConnectionsCount();
4968
4969 // Set the DoT servers as unresponsive to connection handshake.
4970 dot1.setHangOnHandshakeForTesting(true);
4971 dot2.setHangOnHandshakeForTesting(true);
4972
4973 // Send sequential queries
4974 for (int i = 0; i < config.queries; i++) {
4975 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_aaaa,
4976 ANDROID_RESOLV_NO_CACHE_LOOKUP);
4977 expectAnswersValid(fd, AF_INET6, kHelloExampleComAddrV6);
4978 }
4979
4980 if (GetProperty(kDotAsyncHandshakeFlag, "0") == "0") {
4981 EXPECT_EQ(dot1.acceptConnectionsCount(), config.expectedQueriesSentToDot1);
4982 EXPECT_EQ(dot2.acceptConnectionsCount(), config.expectedQueriesSentToDot2);
4983 } else {
4984 // If the flag dot_async_handshake is set to 1, the DnsResolver will try
4985 // DoT connection establishment at most |retries| times.
4986 const int retries = std::stoi(GetProperty(kDotMaxretriesFlag, "3"));
4987 EXPECT_EQ(dot1.acceptConnectionsCount(), config.expectedQueriesSentToDot1 * retries);
4988 EXPECT_EQ(dot2.acceptConnectionsCount(), config.expectedQueriesSentToDot2 * retries);
4989 }
4990 }
4991 }
4992
4993 // Verifies that the DnsResolver re-validates the DoT server when several DNS queries to
4994 // the server fails in a row.
TEST_F(ResolverTest,TlsServerRevalidation)4995 TEST_F(ResolverTest, TlsServerRevalidation) {
4996 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4997 constexpr int dotXportUnusableThreshold = 10;
4998 constexpr int dotQueryTimeoutMs = 1000;
4999 constexpr char hostname[] = "hello.example.com.";
5000 const std::vector<DnsRecord> records = {
5001 {hostname, ns_type::ns_t_a, "1.2.3.4"},
5002 };
5003
5004 static const struct TestConfig {
5005 std::string dnsMode;
5006 int validationThreshold;
5007 int queries;
5008
5009 // Expected behavior in the DnsResolver.
5010 bool expectRevalidationHappen;
5011 bool expectDotUnusable;
5012 } testConfigs[] = {
5013 // clang-format off
5014 {"OPPORTUNISTIC", -1, 5, false, false},
5015 {"OPPORTUNISTIC", -1, 10, false, true},
5016 {"OPPORTUNISTIC", 5, 5, true, false},
5017 {"OPPORTUNISTIC", 5, 10, true, true},
5018 {"STRICT", -1, 5, false, false},
5019 {"STRICT", -1, 10, false, false},
5020 {"STRICT", 5, 5, false, false},
5021 {"STRICT", 5, 10, false, false},
5022 // clang-format on
5023 };
5024
5025 for (const auto& config : testConfigs) {
5026 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}]", config.dnsMode,
5027 config.validationThreshold, config.queries));
5028 const int queries = config.queries;
5029 const int delayQueriesTimeout = dotQueryTimeoutMs + 1000;
5030
5031 ScopedSystemProperties sp1(kDotRevalidationThresholdFlag,
5032 std::to_string(config.validationThreshold));
5033 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag,
5034 std::to_string(dotXportUnusableThreshold));
5035 ScopedSystemProperties sp3(kDotQueryTimeoutMsFlag, std::to_string(dotQueryTimeoutMs));
5036 resetNetwork();
5037
5038 // This test is sensitive to the number of queries sent in DoT validation.
5039 int latencyFactor;
5040 int latencyOffsetMs;
5041 if (isAtLeastR) {
5042 // The feature is enabled by default in R.
5043 latencyFactor = std::stoi(GetProperty(kDotValidationLatencyFactorFlag, "3"));
5044 latencyOffsetMs = std::stoi(GetProperty(kDotValidationLatencyOffsetMsFlag, "100"));
5045 } else {
5046 // The feature is disabled by default in Q.
5047 latencyFactor = std::stoi(GetProperty(kDotValidationLatencyFactorFlag, "-1"));
5048 latencyOffsetMs = std::stoi(GetProperty(kDotValidationLatencyOffsetMsFlag, "-1"));
5049 }
5050 const bool dotValidationExtraProbes = (config.dnsMode == "OPPORTUNISTIC") &&
5051 (latencyFactor >= 0 && latencyOffsetMs >= 0 &&
5052 latencyFactor + latencyOffsetMs != 0);
5053
5054 const std::string addr = getUniqueIPv4Address();
5055 test::DNSResponder dns(addr);
5056 StartDns(dns, records);
5057 test::DnsTlsFrontend tls(addr, "853", addr, "53");
5058 ASSERT_TRUE(tls.startServer());
5059
5060 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5061 parcel.servers = {addr};
5062 parcel.tlsServers = {addr};
5063 if (config.dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
5064 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5065 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5066 if (dotValidationExtraProbes) {
5067 EXPECT_TRUE(tls.waitForQueries(2));
5068 } else {
5069 EXPECT_TRUE(tls.waitForQueries(1));
5070 }
5071 tls.clearQueries();
5072 dns.clearQueries();
5073
5074 // Expect the things happening in order:
5075 // 1. Configure the DoT server to postpone |queries + 1| DNS queries.
5076 // 2. Send |queries| DNS queries, they will time out in 1 second.
5077 // 3. 1 second later, the DoT server still waits for one more DNS query until
5078 // |delayQueriesTimeout| times out.
5079 // 4. (opportunistic mode only) Meanwhile, DoT revalidation happens. The DnsResolver
5080 // creates a new connection and sends a query to the DoT server.
5081 // 5. 1 second later, |delayQueriesTimeout| times out. The DoT server flushes all of the
5082 // postponed DNS queries, and handles the query which comes from the revalidation.
5083 // 6. (opportunistic mode only) The revalidation succeeds.
5084 // 7. Send another DNS query, and expect it will succeed.
5085 // 8. (opportunistic mode only) If the DoT server has been deemed as unusable, the
5086 // DnsResolver skips trying the DoT server.
5087
5088 // Step 1.
5089 tls.setDelayQueries(queries + 1);
5090 tls.setDelayQueriesTimeout(delayQueriesTimeout);
5091
5092 // Step 2.
5093 std::vector<std::thread> threads1(queries);
5094 for (std::thread& thread : threads1) {
5095 thread = std::thread([&]() {
5096 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
5097 config.dnsMode == "STRICT" ? expectAnswersNotValid(fd, -ETIMEDOUT)
5098 : expectAnswersValid(fd, AF_INET, "1.2.3.4");
5099 });
5100 }
5101
5102 // Step 3 and 4.
5103 for (std::thread& thread : threads1) {
5104 thread.join();
5105 }
5106
5107 // Recover the config to make the revalidation can succeed.
5108 tls.setDelayQueries(1);
5109
5110 // Step 5 and 6.
5111 int expectedDotQueries = queries;
5112 int extraDnsProbe = 0;
5113 if (config.expectRevalidationHappen) {
5114 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5115 expectedDotQueries++;
5116
5117 if (dotValidationExtraProbes) {
5118 expectedDotQueries++;
5119 extraDnsProbe = 1;
5120 }
5121 }
5122
5123 // Step 7 and 8.
5124 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
5125 expectAnswersValid(fd, AF_INET, "1.2.3.4");
5126 expectedDotQueries++;
5127
5128 const int expectedDo53Queries =
5129 expectedDotQueries +
5130 (config.dnsMode == "OPPORTUNISTIC" ? (queries + extraDnsProbe) : 0);
5131
5132 if (config.expectDotUnusable) {
5133 // A DoT server can be deemed as unusable only in opportunistic mode. When it happens,
5134 // the DnsResolver doesn't use the DoT server for a certain period of time.
5135 expectedDotQueries--;
5136 }
5137
5138 // This code makes the test more robust to race condition.
5139 EXPECT_TRUE(tls.waitForQueries(expectedDotQueries));
5140
5141 EXPECT_EQ(dns.queries().size(), static_cast<unsigned>(expectedDo53Queries));
5142 EXPECT_EQ(tls.queries(), expectedDotQueries);
5143 }
5144 }
5145
5146 // Verifies that private DNS validation fails if DoT server is much slower than cleartext server.
TEST_F(ResolverTest,TlsServerValidation_UdpProbe)5147 TEST_F(ResolverTest, TlsServerValidation_UdpProbe) {
5148 constexpr char backend_addr[] = "127.0.0.3";
5149 test::DNSResponder backend(backend_addr);
5150 backend.setResponseDelayMs(200);
5151 ASSERT_TRUE(backend.startServer());
5152
5153 static const struct TestConfig {
5154 int latencyFactor;
5155 int latencyOffsetMs;
5156 bool udpProbeLost;
5157 size_t expectedUdpProbes;
5158 bool expectedValidationPass;
5159 } testConfigs[] = {
5160 // clang-format off
5161 {-1, -1, false, 0, true},
5162 {0, 0, false, 0, true},
5163 {1, 10, false, 1, false},
5164 {1, 10, true, 2, false},
5165 {5, 300, false, 1, true},
5166 {5, 300, true, 2, true},
5167 // clang-format on
5168 };
5169
5170 for (const auto& config : testConfigs) {
5171 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}]", config.latencyFactor,
5172 config.latencyOffsetMs, config.udpProbeLost));
5173
5174 const std::string addr = getUniqueIPv4Address();
5175 test::DNSResponder dns(addr, "53", static_cast<ns_rcode>(-1));
5176 test::DnsTlsFrontend tls(addr, "853", backend_addr, "53");
5177 dns.setResponseDelayMs(10);
5178 ASSERT_TRUE(dns.startServer());
5179 ASSERT_TRUE(tls.startServer());
5180
5181 ScopedSystemProperties sp1(kDotValidationLatencyFactorFlag,
5182 std::to_string(config.latencyFactor));
5183 ScopedSystemProperties sp2(kDotValidationLatencyOffsetMsFlag,
5184 std::to_string(config.latencyOffsetMs));
5185 resetNetwork();
5186
5187 std::unique_ptr<std::thread> thread;
5188 if (config.udpProbeLost) {
5189 thread.reset(new std::thread([&dns]() {
5190 // Simulate that the first UDP probe is lost and the second UDP probe succeeds.
5191 dns.setResponseProbability(0.0);
5192 std::this_thread::sleep_for(std::chrono::seconds(2));
5193 dns.setResponseProbability(1.0);
5194 }));
5195 }
5196
5197 // Set up opportunistic mode, and wait for the validation complete.
5198 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5199 parcel.servers = {addr};
5200 parcel.tlsServers = {addr};
5201 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5202
5203 // The timeout of WaitForPrivateDnsValidation is 5 seconds which is still enough for
5204 // the testcase of UDP probe lost because the retry of UDP probe happens after 3 seconds.
5205 EXPECT_TRUE(
5206 WaitForPrivateDnsValidation(tls.listen_address(), config.expectedValidationPass));
5207 EXPECT_EQ(dns.queries().size(), config.expectedUdpProbes);
5208 dns.clearQueries();
5209
5210 // Test that Private DNS validation always pass in strict mode.
5211 parcel.tlsName = kDefaultPrivateDnsHostName;
5212 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5213 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5214 EXPECT_EQ(dns.queries().size(), 0U);
5215
5216 if (thread) {
5217 thread->join();
5218 thread.reset();
5219 }
5220 }
5221 }
5222
5223 // Verifies that DNS queries can quick fall back to UDP if the first DoT server is unresponsive.
TEST_F(ResolverTest,DotQuickFallback)5224 TEST_F(ResolverTest, DotQuickFallback) {
5225 constexpr int DOT_CONNECT_TIMEOUT_MS = 1000;
5226 const std::string addr1 = getUniqueIPv4Address();
5227 const std::string addr2 = getUniqueIPv4Address();
5228 test::DNSResponder dns1(addr1);
5229 test::DNSResponder dns2(addr2);
5230 test::DnsTlsFrontend dot1(addr1, "853", addr1, "53");
5231 test::DnsTlsFrontend dot2(addr2, "853", addr2, "53");
5232
5233 dns1.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
5234 dns2.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
5235 ASSERT_TRUE(dns1.startServer());
5236 ASSERT_TRUE(dns2.startServer());
5237 ASSERT_TRUE(dot1.startServer());
5238 ASSERT_TRUE(dot2.startServer());
5239
5240 static const struct TestConfig {
5241 std::string privateDnsMode;
5242 int dotQuickFallbackFlag;
5243 } testConfigs[] = {
5244 // clang-format off
5245 {"OPPORTUNISTIC", 0},
5246 {"OPPORTUNISTIC", 1},
5247 {"STRICT", 0},
5248 {"STRICT", 1},
5249 // clang-format on
5250 };
5251
5252 for (const auto& config : testConfigs) {
5253 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", config.privateDnsMode,
5254 config.dotQuickFallbackFlag));
5255
5256 const bool canQuickFallback =
5257 (config.dotQuickFallbackFlag == 1) && (config.privateDnsMode == "OPPORTUNISTIC");
5258 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag,
5259 std::to_string(DOT_CONNECT_TIMEOUT_MS));
5260 ScopedSystemProperties sp2(kDotQuickFallbackFlag,
5261 std::to_string(config.dotQuickFallbackFlag));
5262
5263 // Disable revalidation because we are reusing the same IP address of DoT servers.
5264 ScopedSystemProperties sp3(kDotRevalidationThresholdFlag, "-1");
5265
5266 // TODO: Remove the flags and fix the test.
5267 ScopedSystemProperties sp4(kDotAsyncHandshakeFlag, "0");
5268 ScopedSystemProperties sp5(kDotMaxretriesFlag, "3");
5269 resetNetwork();
5270
5271 resetNetwork();
5272
5273 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5274 parcel.servers = {addr1, addr2};
5275 parcel.tlsServers = {addr1, addr2};
5276 parcel.tlsName = (config.privateDnsMode == "STRICT") ? kDefaultPrivateDnsHostName : "";
5277 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5278
5279 EXPECT_TRUE(WaitForPrivateDnsValidation(dot1.listen_address(), true));
5280 EXPECT_TRUE(WaitForPrivateDnsValidation(dot2.listen_address(), true));
5281 EXPECT_TRUE(dot1.waitForQueries(1));
5282 EXPECT_TRUE(dot2.waitForQueries(1));
5283 dot1.clearQueries();
5284 dot2.clearQueries();
5285 dot1.clearConnectionsCount();
5286 dot2.clearConnectionsCount();
5287
5288 // Set the DoT server unresponsive to connection handshake.
5289 dot1.setHangOnHandshakeForTesting(true);
5290
5291 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_aaaa,
5292 ANDROID_RESOLV_NO_CACHE_LOOKUP);
5293 expectAnswersValid(fd, AF_INET6, kHelloExampleComAddrV6);
5294
5295 EXPECT_EQ(dot1.acceptConnectionsCount(), 1);
5296 EXPECT_EQ(dot2.acceptConnectionsCount(), canQuickFallback ? 0 : 1);
5297 EXPECT_TRUE(dot2.waitForQueries(canQuickFallback ? 0 : 1));
5298
5299 dot1.setHangOnHandshakeForTesting(false);
5300 }
5301 }
5302
TEST_F(ResolverTest,FlushNetworkCache)5303 TEST_F(ResolverTest, FlushNetworkCache) {
5304 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5305 test::DNSResponder dns;
5306 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5307 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5308
5309 const hostent* result = gethostbyname("hello");
5310 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5311 std::function<bool()> HasTheExpectedResult = [result]() -> bool {
5312 if (result == nullptr) return false;
5313 EXPECT_EQ(4, result->h_length);
5314 if (result->h_addr_list[0] == nullptr) return false;
5315 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5316 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
5317 return true;
5318 };
5319 ASSERT_TRUE(HasTheExpectedResult());
5320
5321 // get result from cache
5322 result = gethostbyname("hello");
5323 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5324 ASSERT_TRUE(HasTheExpectedResult());
5325
5326 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5327
5328 result = gethostbyname("hello");
5329 EXPECT_EQ(2U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5330 ASSERT_TRUE(HasTheExpectedResult());
5331 }
5332
TEST_F(ResolverTest,FlushNetworkCache_random)5333 TEST_F(ResolverTest, FlushNetworkCache_random) {
5334 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5335 constexpr int num_flush = 10;
5336 constexpr int num_queries = 20;
5337 test::DNSResponder dns;
5338 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5339 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5340 const addrinfo hints = {.ai_family = AF_INET};
5341
5342 std::thread t([this]() {
5343 for (int i = 0; i < num_flush; ++i) {
5344 unsigned delay = arc4random_uniform(10 * 1000); // 10ms
5345 usleep(delay);
5346 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5347 }
5348 });
5349
5350 for (int i = 0; i < num_queries; ++i) {
5351 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5352 EXPECT_TRUE(result != nullptr);
5353 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5354 }
5355 t.join();
5356 }
5357
5358 // flush cache while one query is wait-for-response, another is pending.
TEST_F(ResolverTest,FlushNetworkCache_concurrent)5359 TEST_F(ResolverTest, FlushNetworkCache_concurrent) {
5360 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5361 const char* listen_addr1 = "127.0.0.9";
5362 const char* listen_addr2 = "127.0.0.10";
5363 test::DNSResponder dns1(listen_addr1);
5364 test::DNSResponder dns2(listen_addr2);
5365 StartDns(dns1, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5366 StartDns(dns2, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5367 addrinfo hints = {.ai_family = AF_INET};
5368
5369 // step 1: set server#1 into deferred responding mode
5370 dns1.setDeferredResp(true);
5371 std::thread t1([&listen_addr1, &hints, this]() {
5372 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr1}));
5373 // step 3: query
5374 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5375 // step 9: check result
5376 EXPECT_TRUE(result != nullptr);
5377 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5378 });
5379
5380 // step 2: wait for the query to reach the server
5381 while (GetNumQueries(dns1, kHelloExampleCom) == 0) {
5382 usleep(1000); // 1ms
5383 }
5384
5385 std::thread t2([&listen_addr2, &hints, &dns2, this]() {
5386 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr2}));
5387 // step 5: query (should be blocked in resolver)
5388 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5389 // step 7: check result
5390 EXPECT_TRUE(result != nullptr);
5391 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5392 EXPECT_EQ(1U, GetNumQueriesForType(dns2, ns_type::ns_t_a, kHelloExampleCom));
5393 });
5394
5395 // step 4: wait a bit for the 2nd query to enter pending state
5396 usleep(100 * 1000); // 100ms
5397 // step 6: flush cache (will unblock pending queries)
5398 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5399 t2.join();
5400
5401 // step 8: resume server#1
5402 dns1.setDeferredResp(false);
5403 t1.join();
5404
5405 // step 10: verify if result is correctly cached
5406 dns2.clearQueries();
5407 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5408 EXPECT_EQ(0U, GetNumQueries(dns2, kHelloExampleCom));
5409 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5410 }
5411
5412 // TODO: Perhaps to have a boundary conditions test for TCP and UDP.
TEST_F(ResolverTest,TcpQueryWithOversizePayload)5413 TEST_F(ResolverTest, TcpQueryWithOversizePayload) {
5414 test::DNSResponder dns;
5415 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5416 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5417
5418 int fd = dns_open_proxy();
5419 ASSERT_TRUE(fd > 0);
5420
5421 // Sending DNS query over TCP once the packet sizes exceed 512 bytes.
5422 // The raw data is combined with Question section and Additional section
5423 // Question section : query "hello.example.com", type A, class IN
5424 // Additional section : type OPT (41), Option PADDING, Option Length 546
5425 // Padding option which allows DNS clients and servers to artificially
5426 // increase the size of a DNS message by a variable number of bytes.
5427 // See also RFC7830, section 3
5428 const std::string query =
5429 "+c0BAAABAAAAAAABBWhlbGxvB2V4YW1wbGUDY29tAAABAAEAACkgAAAAgAACJgAMAiIAAAAAAAAAAAAAAAAAA"
5430 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5431 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5432 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5433 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5434 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5435 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5436 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5437 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5438 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
5439 const std::string cmd =
5440 "resnsend " + std::to_string(TEST_NETID) + " 0 " /* ResNsendFlags */ + query + '\0';
5441 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
5442 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
5443 expectAnswersValid(fd, AF_INET, kHelloExampleComAddrV4);
5444 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom));
5445 EXPECT_EQ(0U, GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom));
5446 }
5447
TEST_F(ResolverTest,TruncatedRspMode)5448 TEST_F(ResolverTest, TruncatedRspMode) {
5449 constexpr char listen_addr[] = "127.0.0.4";
5450 constexpr char listen_addr2[] = "127.0.0.5";
5451 constexpr char listen_srv[] = "53";
5452
5453 test::DNSResponder dns(listen_addr, listen_srv, static_cast<ns_rcode>(-1));
5454 test::DNSResponder dns2(listen_addr2, listen_srv, static_cast<ns_rcode>(-1));
5455 // dns supports UDP only, dns2 support UDP and TCP
5456 dns.setResponseProbability(0.0, IPPROTO_TCP);
5457 StartDns(dns, kLargeCnameChainRecords);
5458 StartDns(dns2, kLargeCnameChainRecords);
5459
5460 const struct TestConfig {
5461 const std::optional<int32_t> tcMode;
5462 const bool ret;
5463 const unsigned numQueries;
5464 std::string asParameters() const {
5465 return fmt::format("tcMode: {}, ret: {}, numQueries: {}", tcMode.value_or(-1),
5466 ret ? "true" : "false", numQueries);
5467 }
5468 } testConfigs[]{
5469 // clang-format off
5470 {std::nullopt, true, 0}, /* mode unset */
5471 {aidl::android::net::IDnsResolver::TC_MODE_DEFAULT, true, 0}, /* default mode */
5472 {-666, false, 0}, /* invalid input */
5473 {aidl::android::net::IDnsResolver::TC_MODE_UDP_TCP, true, 1}, /* alternative mode */
5474 // clang-format on
5475 };
5476
5477 for (const auto& config : testConfigs) {
5478 SCOPED_TRACE(config.asParameters());
5479
5480 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5481 parcel.servers = {listen_addr, listen_addr2};
5482 ResolverOptionsParcel resolverOptions;
5483 if (config.tcMode.has_value()) resolverOptions.tcMode = config.tcMode.value();
5484 if (!mIsResolverOptionIPCSupported) {
5485 parcel.resolverOptions = resolverOptions;
5486 ASSERT_EQ(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk(),
5487 config.ret);
5488 } else {
5489 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5490 }
5491 if (mIsResolverOptionIPCSupported) {
5492 ASSERT_EQ(mDnsClient.resolvService()
5493 ->setResolverOptions(parcel.netId, resolverOptions)
5494 .isOk(),
5495 config.ret);
5496 }
5497
5498 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5499 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5500 ASSERT_TRUE(result != nullptr);
5501 EXPECT_EQ(ToString(result), kHelloExampleComAddrV4);
5502 // TC_MODE_DEFAULT: resolver retries on TCP-only on each name server.
5503 // TC_MODE_UDP_TCP: resolver retries on TCP on the same server, falls back to UDP from next.
5504 ASSERT_EQ(GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom), 1U);
5505 ASSERT_EQ(GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom), 1U);
5506 ASSERT_EQ(GetNumQueriesForProtocol(dns2, IPPROTO_UDP, kHelloExampleCom), config.numQueries);
5507 ASSERT_EQ(GetNumQueriesForProtocol(dns2, IPPROTO_TCP, kHelloExampleCom), 1U);
5508
5509 dns.clearQueries();
5510 dns2.clearQueries();
5511 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5512
5513 // Clear the stats to make the resolver always choose the same server for the first query.
5514 parcel.servers.clear();
5515 parcel.tlsServers.clear();
5516 if (!mIsResolverOptionIPCSupported) {
5517 ASSERT_EQ(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk(),
5518 config.ret);
5519 } else {
5520 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5521 }
5522 }
5523 }
5524
TEST_F(ResolverTest,RepeatedSetup_ResolverStatusRemains)5525 TEST_F(ResolverTest, RepeatedSetup_ResolverStatusRemains) {
5526 constexpr char unusable_listen_addr[] = "127.0.0.3";
5527 constexpr char listen_addr[] = "127.0.0.4";
5528 constexpr char hostname[] = "a.hello.query.";
5529 const auto repeatedSetResolversFromParcel = [&](const ResolverParamsParcel& parcel) {
5530 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5531 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5532 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5533 };
5534
5535 test::DNSResponder dns(listen_addr);
5536 StartDns(dns, {{hostname, ns_type::ns_t_a, "1.2.3.3"}});
5537 test::DnsTlsFrontend tls1(listen_addr, "853", listen_addr, "53");
5538 ASSERT_TRUE(tls1.startServer());
5539
5540 // Private DNS off mode.
5541 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5542 parcel.servers = {unusable_listen_addr, listen_addr};
5543 parcel.tlsServers.clear();
5544 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5545
5546 // Send a query.
5547 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5548 EXPECT_NE(safe_getaddrinfo(hostname, nullptr, &hints), nullptr);
5549
5550 // Check the stats as expected.
5551 const std::vector<NameserverStats> expectedCleartextDnsStats = {
5552 NameserverStats(unusable_listen_addr).setInternalErrors(1),
5553 NameserverStats(listen_addr).setSuccesses(1).setRttAvg(1),
5554 };
5555 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5556 EXPECT_EQ(GetNumQueries(dns, hostname), 1U);
5557
5558 // The stats is supposed to remain as long as the list of cleartext DNS servers is unchanged.
5559 static const struct TestConfig {
5560 std::vector<std::string> servers;
5561 std::vector<std::string> tlsServers;
5562 std::string tlsName;
5563 } testConfigs[] = {
5564 // Private DNS opportunistic mode.
5565 {{listen_addr, unusable_listen_addr}, {listen_addr, unusable_listen_addr}, ""},
5566 {{unusable_listen_addr, listen_addr}, {unusable_listen_addr, listen_addr}, ""},
5567
5568 // Private DNS strict mode.
5569 {{listen_addr, unusable_listen_addr}, {"127.0.0.100"}, kDefaultPrivateDnsHostName},
5570 {{unusable_listen_addr, listen_addr}, {"127.0.0.100"}, kDefaultPrivateDnsHostName},
5571
5572 // Private DNS off mode.
5573 {{unusable_listen_addr, listen_addr}, {}, ""},
5574 {{listen_addr, unusable_listen_addr}, {}, ""},
5575 };
5576
5577 for (const auto& config : testConfigs) {
5578 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}] [{}]", fmt::join(config.servers, ","),
5579 fmt::join(config.tlsServers, ","), config.tlsName));
5580 parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5581 parcel.servers = config.servers;
5582 parcel.tlsServers = config.tlsServers;
5583 parcel.tlsName = config.tlsName;
5584 repeatedSetResolversFromParcel(parcel);
5585 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5586
5587 // The stats remains when the list of search domains changes.
5588 parcel.domains.push_back("tmp.domains");
5589 repeatedSetResolversFromParcel(parcel);
5590 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5591
5592 // The stats remains when the parameters change (except maxSamples).
5593 parcel.sampleValiditySeconds++;
5594 parcel.successThreshold++;
5595 parcel.minSamples++;
5596 parcel.baseTimeoutMsec++;
5597 parcel.retryCount++;
5598 repeatedSetResolversFromParcel(parcel);
5599 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5600 }
5601
5602 // The cache remains.
5603 EXPECT_NE(safe_getaddrinfo(hostname, nullptr, &hints), nullptr);
5604 EXPECT_EQ(GetNumQueries(dns, hostname), 1U);
5605 }
5606
TEST_F(ResolverTest,RepeatedSetup_NoRedundantPrivateDnsValidation)5607 TEST_F(ResolverTest, RepeatedSetup_NoRedundantPrivateDnsValidation) {
5608 const std::string addr1 = getUniqueIPv4Address(); // For a workable DNS server.
5609 const std::string addr2 = getUniqueIPv4Address(); // For an unresponsive DNS server.
5610 const std::string unusable_addr = getUniqueIPv4Address();
5611 const auto waitForPrivateDnsStateUpdated = []() {
5612 // A buffer time for the PrivateDnsConfiguration instance to update its map,
5613 // mPrivateDnsValidateThreads, which is used for tracking validation threads.
5614 // Since there is a time gap between when PrivateDnsConfiguration reports
5615 // onPrivateDnsValidationEvent and when PrivateDnsConfiguration updates the map, this is a
5616 // workaround to avoid the test starts a subsequent resolver setup during the time gap.
5617 // TODO: Report onPrivateDnsValidationEvent after all the relevant updates are complete.
5618 // Reference to b/152009023.
5619 std::this_thread::sleep_for(20ms);
5620 };
5621
5622 test::DNSResponder dns1(addr1);
5623 test::DNSResponder dns2(addr2);
5624 StartDns(dns1, {});
5625 StartDns(dns2, {});
5626 test::DnsTlsFrontend workableTls(addr1, "853", addr1, "53");
5627 test::DnsTlsFrontend unresponsiveTls(addr2, "853", addr2, "53");
5628 unresponsiveTls.setHangOnHandshakeForTesting(true);
5629 ASSERT_TRUE(workableTls.startServer());
5630 ASSERT_TRUE(unresponsiveTls.startServer());
5631
5632 // First setup.
5633 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5634 parcel.servers = {addr1, addr2, unusable_addr};
5635 parcel.tlsServers = {addr1, addr2, unusable_addr};
5636 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5637
5638 // Check the validation results.
5639 EXPECT_TRUE(WaitForPrivateDnsValidation(workableTls.listen_address(), true));
5640 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5641
5642 // The validation is still in progress.
5643 EXPECT_EQ(unresponsiveTls.acceptConnectionsCount(), 1);
5644 unresponsiveTls.clearConnectionsCount();
5645
5646 static const struct TestConfig {
5647 std::vector<std::string> tlsServers;
5648 std::string tlsName;
5649 } testConfigs[] = {
5650 {{addr1, addr2, unusable_addr}, ""},
5651 {{unusable_addr, addr1, addr2}, ""},
5652 {{unusable_addr, addr1, addr2}, kDefaultPrivateDnsHostName},
5653 {{addr1, addr2, unusable_addr}, kDefaultPrivateDnsHostName},
5654 };
5655
5656 std::string TlsNameLastTime;
5657 for (const auto& config : testConfigs) {
5658 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", fmt::join(config.tlsServers, ","),
5659 config.tlsName));
5660 parcel.servers = config.tlsServers;
5661 parcel.tlsServers = config.tlsServers;
5662 parcel.tlsName = config.tlsName;
5663 parcel.caCertificate = config.tlsName.empty() ? "" : kCaCert;
5664
5665 const bool dnsModeChanged = (TlsNameLastTime != config.tlsName);
5666 bool validationAttemptToUnresponsiveTls = false;
5667
5668 waitForPrivateDnsStateUpdated();
5669 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5670
5671 for (const auto& serverAddr : parcel.tlsServers) {
5672 SCOPED_TRACE(serverAddr);
5673 if (serverAddr == workableTls.listen_address()) {
5674 if (dnsModeChanged) {
5675 // Despite the identical IP address, the server is regarded as a different
5676 // server when DnsTlsServer.name is different. The resolver treats it as a
5677 // different object and begins the validation process.
5678 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, true));
5679 }
5680 } else if (serverAddr == unresponsiveTls.listen_address()) {
5681 if (dnsModeChanged) {
5682 // Despite the identical IP address, the server is regarded as a different
5683 // server when DnsTlsServer.name is different. The resolver treats it as a
5684 // different object and begins the validation process.
5685 validationAttemptToUnresponsiveTls = true;
5686
5687 // This is the limitation from DnsTlsFrontend. DnsTlsFrontend can't operate
5688 // concurrently. As soon as there's another connection request,
5689 // DnsTlsFrontend resets the unique_fd to the new connection.
5690 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, false));
5691 }
5692 } else {
5693 // Must be unusable_addr.
5694 // In opportunistic mode, when a validation for a private DNS server fails, the
5695 // resolver just marks the server as failed and doesn't re-evaluate it, but the
5696 // server can be re-evaluated when setResolverConfiguration() is called.
5697 // However, in strict mode, the resolver automatically re-evaluates the server and
5698 // marks the server as in_progress until the validation succeeds, so repeated setup
5699 // makes no effect.
5700 if (dnsModeChanged || config.tlsName.empty() /* not in strict mode */) {
5701 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, false));
5702 }
5703 }
5704 }
5705
5706 // Repeated setups make no effect in strict mode.
5707 waitForPrivateDnsStateUpdated();
5708 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5709 if (config.tlsName.empty()) {
5710 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5711 }
5712 waitForPrivateDnsStateUpdated();
5713 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5714 if (config.tlsName.empty()) {
5715 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5716 }
5717
5718 if (validationAttemptToUnresponsiveTls) {
5719 EXPECT_GT(unresponsiveTls.acceptConnectionsCount(), 0);
5720 } else {
5721 EXPECT_EQ(unresponsiveTls.acceptConnectionsCount(), 0);
5722 }
5723
5724 TlsNameLastTime = config.tlsName;
5725 unresponsiveTls.clearConnectionsCount();
5726 }
5727
5728 // Check that all the validation results are caught.
5729 // Note: it doesn't mean no validation being in progress.
5730 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr1));
5731 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr2));
5732 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(unusable_addr));
5733 }
5734
TEST_F(ResolverTest,RepeatedSetup_KeepChangingPrivateDnsServers)5735 TEST_F(ResolverTest, RepeatedSetup_KeepChangingPrivateDnsServers) {
5736 enum TlsServerState { WORKING, UNSUPPORTED, UNRESPONSIVE };
5737 const std::string addr1 = getUniqueIPv4Address();
5738 const std::string addr2 = getUniqueIPv4Address();
5739 const auto waitForPrivateDnsStateUpdated = []() {
5740 // A buffer time for PrivateDnsConfiguration to update its state. It prevents this test
5741 // being flaky. See b/152009023 for the reason.
5742 std::this_thread::sleep_for(20ms);
5743 };
5744
5745 test::DNSResponder dns1(addr1);
5746 test::DNSResponder dns2(addr2);
5747 StartDns(dns1, {});
5748 StartDns(dns2, {});
5749 test::DnsTlsFrontend tls1(addr1, "853", addr1, "53");
5750 test::DnsTlsFrontend tls2(addr2, "853", addr2, "53");
5751 ASSERT_TRUE(tls1.startServer());
5752 ASSERT_TRUE(tls2.startServer());
5753
5754 static const struct TestConfig {
5755 std::string tlsServer;
5756 std::string tlsName;
5757 bool expectNothingHappenWhenServerUnsupported;
5758 bool expectNothingHappenWhenServerUnresponsive;
5759 std::string asTestName() const {
5760 return fmt::format("{}, {}, {}, {}", tlsServer, tlsName,
5761 expectNothingHappenWhenServerUnsupported,
5762 expectNothingHappenWhenServerUnresponsive);
5763 }
5764 } testConfigs[] = {
5765 {{addr1}, "", false, false},
5766 {{addr2}, "", false, false},
5767 {{addr1}, "", false, true},
5768 {{addr2}, "", false, true},
5769
5770 // expectNothingHappenWhenServerUnresponsive is false in the two cases because of the
5771 // limitation from DnsTlsFrontend which can't operate concurrently.
5772 {{addr1}, kDefaultPrivateDnsHostName, false, false},
5773 {{addr2}, kDefaultPrivateDnsHostName, false, false},
5774 {{addr1}, kDefaultPrivateDnsHostName, true, true},
5775 {{addr2}, kDefaultPrivateDnsHostName, true, true},
5776
5777 // expectNothingHappenWhenServerUnresponsive is true in the two cases because of the
5778 // limitation from DnsTlsFrontend which can't operate concurrently.
5779 {{addr1}, "", true, false},
5780 {{addr2}, "", true, false},
5781 {{addr1}, "", true, true},
5782 {{addr2}, "", true, true},
5783 };
5784
5785 for (const auto& serverState : {WORKING, UNSUPPORTED, UNRESPONSIVE}) {
5786 int testIndex = 0;
5787 for (const auto& config : testConfigs) {
5788 SCOPED_TRACE(fmt::format("serverState:{} testIndex:{} testConfig:[{}]", serverState,
5789 testIndex++, config.asTestName()));
5790 auto& tls = (config.tlsServer == addr1) ? tls1 : tls2;
5791
5792 if (serverState == UNSUPPORTED && tls.running()) ASSERT_TRUE(tls.stopServer());
5793 if (serverState != UNSUPPORTED && !tls.running()) ASSERT_TRUE(tls.startServer());
5794
5795 tls.setHangOnHandshakeForTesting(serverState == UNRESPONSIVE);
5796 const int connectCountsBefore = tls.acceptConnectionsCount();
5797
5798 waitForPrivateDnsStateUpdated();
5799 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5800 parcel.servers = {config.tlsServer};
5801 parcel.tlsServers = {config.tlsServer};
5802 parcel.tlsName = config.tlsName;
5803 parcel.caCertificate = config.tlsName.empty() ? "" : kCaCert;
5804 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5805
5806 if (serverState == WORKING) {
5807 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, true));
5808 } else if (serverState == UNSUPPORTED) {
5809 if (config.expectNothingHappenWhenServerUnsupported) {
5810 // It's possible that the resolver hasn't yet started to
5811 // connect. Wait a while.
5812 // TODO: See if we can get rid of the hard waiting time, such as comparing
5813 // the CountDiff across two tests.
5814 std::this_thread::sleep_for(100ms);
5815 EXPECT_EQ(tls.acceptConnectionsCount(), connectCountsBefore);
5816 } else {
5817 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, false));
5818 }
5819 } else {
5820 // Must be UNRESPONSIVE.
5821 // DnsTlsFrontend is the only signal for checking whether or not the resolver starts
5822 // another validation when the server is unresponsive.
5823
5824 // Wait for a while to avoid running the checker code too early.
5825 std::this_thread::sleep_for(200ms);
5826 if (!config.expectNothingHappenWhenServerUnresponsive) {
5827 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, false));
5828 }
5829 const auto condition = [&]() {
5830 const int connectCountsAfter = tls.acceptConnectionsCount();
5831 return config.expectNothingHappenWhenServerUnresponsive
5832 ? (connectCountsAfter == connectCountsBefore)
5833 : (connectCountsAfter > connectCountsBefore);
5834 };
5835 EXPECT_TRUE(PollForCondition(condition));
5836 }
5837 }
5838
5839 // Set to off mode to reset the PrivateDnsConfiguration state.
5840 ResolverParamsParcel setupOffmode = DnsResponderClient::GetDefaultResolverParamsParcel();
5841 setupOffmode.tlsServers.clear();
5842 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupOffmode));
5843 }
5844
5845 // Check that all the validation results are caught.
5846 // Note: it doesn't mean no validation being in progress.
5847 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr1));
5848 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr2));
5849 }
5850
TEST_F(ResolverTest,PermissionCheckOnCertificateInjection)5851 TEST_F(ResolverTest, PermissionCheckOnCertificateInjection) {
5852 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5853 parcel.caCertificate = kCaCert;
5854 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5855
5856 for (const uid_t uid : {AID_SYSTEM, TEST_UID}) {
5857 ScopedChangeUID scopedChangeUID(uid);
5858 auto status = mDnsClient.resolvService()->setResolverConfiguration(parcel);
5859 EXPECT_EQ(status.getExceptionCode(), EX_SECURITY);
5860 }
5861 }
5862
5863 // Parameterized tests.
5864 // TODO: Merge the existing tests as parameterized test if possible.
5865 // TODO: Perhaps move parameterized tests to an independent file.
5866 enum class CallType { GETADDRINFO, GETHOSTBYNAME };
5867 class ResolverParameterizedTest : public ResolverTest,
5868 public testing::WithParamInterface<CallType> {
5869 protected:
VerifyQueryHelloExampleComV4(const test::DNSResponder & dns,const CallType calltype,const bool verifyNumQueries=true)5870 void VerifyQueryHelloExampleComV4(const test::DNSResponder& dns, const CallType calltype,
5871 const bool verifyNumQueries = true) {
5872 if (calltype == CallType::GETADDRINFO) {
5873 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5874 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5875 ASSERT_TRUE(result != nullptr);
5876 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5877 } else if (calltype == CallType::GETHOSTBYNAME) {
5878 const hostent* result = gethostbyname("hello");
5879 ASSERT_TRUE(result != nullptr);
5880 ASSERT_EQ(4, result->h_length);
5881 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
5882 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5883 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
5884 } else {
5885 FAIL() << "Unsupported call type: " << static_cast<uint32_t>(calltype);
5886 }
5887 if (verifyNumQueries) EXPECT_EQ(1U, GetNumQueries(dns, kHelloExampleCom));
5888 }
5889 };
5890
5891 INSTANTIATE_TEST_SUITE_P(QueryCallTest, ResolverParameterizedTest,
5892 testing::Values(CallType::GETADDRINFO, CallType::GETHOSTBYNAME),
__anon342dd5101902(const testing::TestParamInfo<CallType>& info) 5893 [](const testing::TestParamInfo<CallType>& info) {
5894 switch (info.param) {
5895 case CallType::GETADDRINFO:
5896 return "GetAddrInfo";
5897 case CallType::GETHOSTBYNAME:
5898 return "GetHostByName";
5899 default:
5900 return "InvalidParameter"; // Should not happen.
5901 }
5902 });
5903
TEST_P(ResolverParameterizedTest,AuthoritySectionAndAdditionalSection)5904 TEST_P(ResolverParameterizedTest, AuthoritySectionAndAdditionalSection) {
5905 // DNS response may have more information in authority section and additional section.
5906 // Currently, getanswer() of packages/modules/DnsResolver/getaddrinfo.cpp doesn't parse the
5907 // content of authority section and additional section. Test these sections if they crash
5908 // the resolver, just in case. See also RFC 1035 section 4.1.
5909 const auto& calltype = GetParam();
5910 test::DNSHeader header(kDefaultDnsHeader);
5911
5912 // Create a DNS response which has a authoritative nameserver record in authority
5913 // section and its relevant address record in additional section.
5914 //
5915 // Question
5916 // hello.example.com. IN A
5917 // Answer
5918 // hello.example.com. IN A 1.2.3.4
5919 // Authority:
5920 // hello.example.com. IN NS ns1.example.com.
5921 // Additional:
5922 // ns1.example.com. IN A 5.6.7.8
5923 //
5924 // A response may have only question, answer, and authority section. Current testing response
5925 // should be able to cover this condition.
5926
5927 // Question section.
5928 test::DNSQuestion question{
5929 .qname = {.name = kHelloExampleCom},
5930 .qtype = ns_type::ns_t_a,
5931 .qclass = ns_c_in,
5932 };
5933 header.questions.push_back(std::move(question));
5934
5935 // Answer section.
5936 test::DNSRecord recordAnswer{
5937 .name = {.name = kHelloExampleCom},
5938 .rtype = ns_type::ns_t_a,
5939 .rclass = ns_c_in,
5940 .ttl = 0, // no cache
5941 };
5942 EXPECT_TRUE(test::DNSResponder::fillRdata(kHelloExampleComAddrV4, recordAnswer));
5943 header.answers.push_back(std::move(recordAnswer));
5944
5945 // Authority section.
5946 test::DNSRecord recordAuthority{
5947 .name = {.name = kHelloExampleCom},
5948 .rtype = ns_type::ns_t_ns,
5949 .rclass = ns_c_in,
5950 .ttl = 0, // no cache
5951 };
5952 EXPECT_TRUE(test::DNSResponder::fillRdata("ns1.example.com.", recordAuthority));
5953 header.authorities.push_back(std::move(recordAuthority));
5954
5955 // Additional section.
5956 test::DNSRecord recordAdditional{
5957 .name = {.name = "ns1.example.com."},
5958 .rtype = ns_type::ns_t_a,
5959 .rclass = ns_c_in,
5960 .ttl = 0, // no cache
5961 };
5962 EXPECT_TRUE(test::DNSResponder::fillRdata("5.6.7.8", recordAdditional));
5963 header.additionals.push_back(std::move(recordAdditional));
5964
5965 // Start DNS server.
5966 test::DNSResponder dns(test::DNSResponder::MappingType::DNS_HEADER);
5967 dns.addMappingDnsHeader(kHelloExampleCom, ns_type::ns_t_a, header);
5968 ASSERT_TRUE(dns.startServer());
5969 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5970 dns.clearQueries();
5971
5972 // Expect that get the address and the resolver doesn't crash.
5973 VerifyQueryHelloExampleComV4(dns, calltype);
5974 }
5975
TEST_P(ResolverParameterizedTest,MessageCompression)5976 TEST_P(ResolverParameterizedTest, MessageCompression) {
5977 const auto& calltype = GetParam();
5978
5979 // The response with compressed domain name by a pointer. See RFC 1035 section 4.1.4.
5980 //
5981 // Ignoring the other fields of the message, the domain name of question section and answer
5982 // section are presented as:
5983 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5984 // 12 | 5 | h |
5985 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5986 // 14 | e | l |
5987 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5988 // 16 | l | o |
5989 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5990 // 18 | 7 | e |
5991 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5992 // 20 | x | a |
5993 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5994 // 22 | m | p |
5995 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5996 // 24 | l | e |
5997 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
5998 // 26 | 3 | c |
5999 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6000 // 28 | o | m |
6001 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6002 // 30 | 0 | ... |
6003 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6004 //
6005 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6006 // 35 | 1 1| 12 |
6007 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6008 const std::vector<uint8_t> kResponseAPointer = {
6009 /* Header */
6010 0x00, 0x00, /* Transaction ID: 0x0000 */
6011 0x81, 0x80, /* Flags: qr rd ra */
6012 0x00, 0x01, /* Questions: 1 */
6013 0x00, 0x01, /* Answer RRs: 1 */
6014 0x00, 0x00, /* Authority RRs: 0 */
6015 0x00, 0x00, /* Additional RRs: 0 */
6016 /* Queries */
6017 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
6018 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
6019 0x00, 0x01, /* Type: A */
6020 0x00, 0x01, /* Class: IN */
6021 /* Answers */
6022 0xc0, 0x0c, /* Name: hello.example.com (a pointer) */
6023 0x00, 0x01, /* Type: A */
6024 0x00, 0x01, /* Class: IN */
6025 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
6026 0x00, 0x04, /* Data length: 4 */
6027 0x01, 0x02, 0x03, 0x04 /* Address: 1.2.3.4 */
6028 };
6029
6030 // The response with compressed domain name by a sequence of labels ending with a pointer. See
6031 // RFC 1035 section 4.1.4.
6032 //
6033 // Ignoring the other fields of the message, the domain name of question section and answer
6034 // section are presented as:
6035 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6036 // 12 | 5 | h |
6037 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6038 // 14 | e | l |
6039 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6040 // 16 | l | o |
6041 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6042 // 18 | 7 | e |
6043 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6044 // 20 | x | a |
6045 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6046 // 22 | m | p |
6047 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6048 // 24 | l | e |
6049 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6050 // 26 | 3 | c |
6051 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6052 // 28 | o | m |
6053 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6054 // 30 | 0 | ... |
6055 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6056 //
6057 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6058 // 35 | 5 | h |
6059 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6060 // 37 | e | l |
6061 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6062 // 39 | l | o |
6063 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6064 // 41 | 1 1| 18 |
6065 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6066 const std::vector<uint8_t> kResponseLabelEndingWithAPointer = {
6067 /* Header */
6068 0x00, 0x00, /* Transaction ID: 0x0000 */
6069 0x81, 0x80, /* Flags: qr rd ra */
6070 0x00, 0x01, /* Questions: 1 */
6071 0x00, 0x01, /* Answer RRs: 1 */
6072 0x00, 0x00, /* Authority RRs: 0 */
6073 0x00, 0x00, /* Additional RRs: 0 */
6074 /* Queries */
6075 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
6076 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
6077 0x00, 0x01, /* Type: A */
6078 0x00, 0x01, /* Class: IN */
6079 /* Answers */
6080 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0xc0,
6081 0x12, /* Name: hello.example.com (a label ending with a pointer) */
6082 0x00, 0x01, /* Type: A */
6083 0x00, 0x01, /* Class: IN */
6084 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
6085 0x00, 0x04, /* Data length: 4 */
6086 0x01, 0x02, 0x03, 0x04 /* Address: 1.2.3.4 */
6087 };
6088
6089 for (const auto& response : {kResponseAPointer, kResponseLabelEndingWithAPointer}) {
6090 SCOPED_TRACE(fmt::format("Hex dump: {}", toHex(makeSlice(response))));
6091
6092 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
6093 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, response);
6094 StartDns(dns, {});
6095 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6096
6097 // Expect no cache because the TTL of testing responses are 0.
6098 VerifyQueryHelloExampleComV4(dns, calltype);
6099 }
6100 }
6101
TEST_P(ResolverParameterizedTest,TruncatedResponse)6102 TEST_P(ResolverParameterizedTest, TruncatedResponse) {
6103 const auto& calltype = GetParam();
6104
6105 test::DNSResponder dns;
6106 StartDns(dns, kLargeCnameChainRecords);
6107 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6108
6109 // Expect UDP response is truncated. The resolver retries over TCP. See RFC 1035 section 4.2.1.
6110 VerifyQueryHelloExampleComV4(dns, calltype, false);
6111 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom));
6112 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom));
6113 }
6114
6115 // Tests that the DnsResolver can keep listening to the DNS response from previous DNS servers.
6116 // Test scenarios (The timeout for each server is 1 second):
6117 // 1. (During the first iteration of DNS servers) While waiting for the DNS response from the
6118 // second server, the DnsResolver receives the DNS response from the first server.
6119 // 2. (During the second iteration of DNS servers) While waiting for the DNS response from the
6120 // second server, the DnsResolver receives the DNS response from the first server.
TEST_F(ResolverTest,KeepListeningUDP)6121 TEST_F(ResolverTest, KeepListeningUDP) {
6122 constexpr char listen_addr1[] = "127.0.0.4";
6123 constexpr char listen_addr2[] = "127.0.0.5";
6124 constexpr char host_name[] = "howdy.example.com.";
6125 const std::vector<DnsRecord> records = {
6126 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
6127 };
6128 auto builder =
6129 ResolverParams::Builder().setDnsServers({listen_addr1, listen_addr2}).setDotServers({});
6130
6131 test::DNSResponder neverRespondDns(listen_addr2, "53", static_cast<ns_rcode>(-1));
6132 neverRespondDns.setResponseProbability(0.0);
6133 StartDns(neverRespondDns, records);
6134 test::DNSResponder delayedDns(listen_addr1);
6135 StartDns(delayedDns, records);
6136
6137 const struct TestConfig {
6138 int retryCount;
6139 int delayTimeMs;
6140 int expectedDns1Successes;
6141 int expectedDns1Timeouts;
6142 int expectedDns2Timeouts;
6143 } testConfigs[]{
6144 {1, 1500, 1, 1, 0},
6145 // Actually, there will be two timeouts and one success for DNS1. However, the
6146 // DnsResolver doesn't record the stats during the second iteration of DNS servers, so
6147 // the success and timeout of DNS1 is 0 and 1, respectively.
6148 {2, 3500, 0, 1, 1},
6149 };
6150 for (const std::string_view callType : {"getaddrinfo", "resnsend"}) {
6151 for (const auto& cfg : testConfigs) {
6152 SCOPED_TRACE(fmt::format("callType={}, retryCount={}, delayTimeMs={}", callType,
6153 cfg.retryCount, cfg.delayTimeMs));
6154 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6155 300, 25, 8, 8, 1000 /* BASE_TIMEOUT_MSEC */, cfg.retryCount /* retry count */};
6156
6157 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6158 resetNetwork();
6159 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.setParams(params).build()));
6160
6161 delayedDns.setDeferredResp(true);
6162 std::thread thread([&]() {
6163 std::this_thread::sleep_for(std::chrono::milliseconds(cfg.delayTimeMs));
6164 delayedDns.setDeferredResp(false);
6165 });
6166
6167 if (callType == "getaddrinfo") {
6168 const addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
6169 ScopedAddrinfo result = safe_getaddrinfo(host_name, nullptr, &hints);
6170 EXPECT_EQ("::1.2.3.4", ToString(result));
6171 } else {
6172 int fd = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
6173 expectAnswersValid(fd, AF_INET6, "::1.2.3.4");
6174 }
6175 const std::vector<NameserverStats> expectedCleartextDnsStats = {
6176 NameserverStats(listen_addr1)
6177 .setSuccesses(cfg.expectedDns1Successes)
6178 .setTimeouts(cfg.expectedDns1Timeouts)
6179 .setRttAvg(cfg.retryCount == 1 ? 1500 : -1),
6180 NameserverStats(listen_addr2)
6181 .setTimeouts(cfg.expectedDns2Timeouts)
6182 .setRttAvg(-1),
6183 };
6184 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
6185 thread.join();
6186 }
6187 }
6188 }
6189
TEST_F(ResolverTest,GetAddrInfoParallelLookupTimeout)6190 TEST_F(ResolverTest, GetAddrInfoParallelLookupTimeout) {
6191 constexpr char host_name[] = "howdy.example.com.";
6192 constexpr int TIMING_TOLERANCE_MS = 200;
6193 constexpr int DNS_TIMEOUT_MS = 1000;
6194 const std::vector<DnsRecord> records = {
6195 {host_name, ns_type::ns_t_a, "1.2.3.4"},
6196 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
6197 };
6198 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6199 300, 25, 8, 8, DNS_TIMEOUT_MS /* BASE_TIMEOUT_MSEC */, 1 /* retry count */};
6200 test::DNSResponder neverRespondDns(kDefaultServer, "53", static_cast<ns_rcode>(-1));
6201 neverRespondDns.setResponseProbability(0.0);
6202 StartDns(neverRespondDns, records);
6203
6204 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
6205 ResolverParams::Builder().setDotServers({}).setParams(params).build()));
6206 neverRespondDns.clearQueries();
6207
6208 // Use a never respond DNS server to verify if the A/AAAA queries are sent in parallel.
6209 // The resolver parameters are set to timeout 1s and retry 1 times.
6210 // So we expect the safe_getaddrinfo_time_taken() might take ~1s to
6211 // return when parallel lookup is enabled. And the DNS server should receive 2 queries.
6212 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
6213 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(host_name, nullptr, hints);
6214
6215 EXPECT_TRUE(result == nullptr);
6216 EXPECT_NEAR(DNS_TIMEOUT_MS, timeTakenMs, TIMING_TOLERANCE_MS)
6217 << "took time should approximate equal timeout";
6218 EXPECT_EQ(2U, GetNumQueries(neverRespondDns, host_name));
6219 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, RCODE_TIMEOUT, host_name, {});
6220 }
6221
TEST_F(ResolverTest,GetAddrInfoParallelLookupSleepTime)6222 TEST_F(ResolverTest, GetAddrInfoParallelLookupSleepTime) {
6223 constexpr int TIMING_TOLERANCE_MS = 200;
6224 const std::vector<DnsRecord> records = {
6225 {kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4},
6226 {kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6},
6227 };
6228 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6229 300, 25, 8, 8, 1000 /* BASE_TIMEOUT_MSEC */, 1 /* retry count */};
6230 test::DNSResponder dns(kDefaultServer);
6231 StartDns(dns, records);
6232 constexpr int PARALLEL_LOOKUP_SLEEP_TIME_MS = 500;
6233 ScopedSystemProperties sp2(kParallelLookupSleepTimeFlag,
6234 std::to_string(PARALLEL_LOOKUP_SLEEP_TIME_MS));
6235 // Re-setup test network to make experiment flag take effect.
6236 resetNetwork();
6237
6238 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
6239 ResolverParams::Builder().setDotServers({}).setParams(params).build()));
6240 dns.clearQueries();
6241
6242 // Expect the safe_getaddrinfo_time_taken() might take ~500ms to return because we set
6243 // parallel_lookup_sleep_time to 500ms.
6244 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
6245 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(kHelloExampleCom, nullptr, hints);
6246
6247 EXPECT_NE(nullptr, result);
6248 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(
6249 {kHelloExampleComAddrV4, kHelloExampleComAddrV6}));
6250 EXPECT_NEAR(PARALLEL_LOOKUP_SLEEP_TIME_MS, timeTakenMs, TIMING_TOLERANCE_MS)
6251 << "took time should approximate equal timeout";
6252 EXPECT_EQ(2U, GetNumQueries(dns, kHelloExampleCom));
6253
6254 // Expect the PARALLEL_LOOKUP_SLEEP_TIME_MS won't affect the query under cache hit case.
6255 dns.clearQueries();
6256 std::tie(result, timeTakenMs) = safe_getaddrinfo_time_taken(kHelloExampleCom, nullptr, hints);
6257 EXPECT_NE(nullptr, result);
6258 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(
6259 {kHelloExampleComAddrV4, kHelloExampleComAddrV6}));
6260 EXPECT_GT(PARALLEL_LOOKUP_SLEEP_TIME_MS, timeTakenMs);
6261 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
6262 }
6263
TEST_F(ResolverTest,BlockDnsQueryUidDoesNotLeadToBadServer)6264 TEST_F(ResolverTest, BlockDnsQueryUidDoesNotLeadToBadServer) {
6265 SKIP_IF_BPF_NOT_SUPPORTED;
6266 constexpr char listen_addr1[] = "127.0.0.4";
6267 constexpr char listen_addr2[] = "::1";
6268 test::DNSResponder dns1(listen_addr1);
6269 test::DNSResponder dns2(listen_addr2);
6270 StartDns(dns1, {});
6271 StartDns(dns2, {});
6272
6273 std::vector<std::string> servers = {listen_addr1, listen_addr2};
6274 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
6275 dns1.clearQueries();
6276 dns2.clearQueries();
6277 {
6278 ScopeBlockedUIDRule scopeBlockUidRule(mDnsClient.netdService(), TEST_UID);
6279 // Start querying ten times.
6280 for (int i = 0; i < 10; i++) {
6281 std::string hostName = fmt::format("blocked{}.com", i);
6282 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
6283 // The query result between R+ and Q would be different, but we don't really care
6284 // about the result here because this test is only used to ensure blocked uid rule
6285 // won't cause bad servers.
6286 safe_getaddrinfo(hostName.c_str(), nullptr, &hints);
6287 }
6288 }
6289 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6290 // If api level >= 30 (R+), expect all query packets to be blocked, hence we should not see any
6291 // of their stats show up. Otherwise, all queries should succeed.
6292 const std::vector<NameserverStats> expectedDnsStats = {
6293 NameserverStats(listen_addr1)
6294 .setSuccesses(isAtLeastR ? 0 : setupParams.maxSamples)
6295 .setRttAvg(isAtLeastR ? -1 : 1),
6296 NameserverStats(listen_addr2),
6297 };
6298 expectStatsEqualTo(expectedDnsStats);
6299 // If api level >= 30 (R+), expect server won't receive any queries,
6300 // otherwise expect 20 == 10 * (setupParams.domains.size() + 1) queries.
6301 EXPECT_EQ(dns1.queries().size(), isAtLeastR ? 0U : 10 * (setupParams.domains.size() + 1));
6302 EXPECT_EQ(dns2.queries().size(), 0U);
6303 }
6304
TEST_F(ResolverTest,DnsServerSelection)6305 TEST_F(ResolverTest, DnsServerSelection) {
6306 test::DNSResponder dns1("127.0.0.3");
6307 test::DNSResponder dns2("127.0.0.4");
6308 test::DNSResponder dns3("127.0.0.5");
6309
6310 dns1.setResponseDelayMs(10);
6311 dns2.setResponseDelayMs(50);
6312 dns3.setResponseDelayMs(100);
6313 StartDns(dns1, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6314 StartDns(dns2, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6315 StartDns(dns3, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6316
6317 // NOTE: the servers must be sorted alphabetically.
6318 std::vector<std::string> serverList = {
6319 dns1.listen_address(),
6320 dns2.listen_address(),
6321 dns3.listen_address(),
6322 };
6323
6324 do {
6325 SCOPED_TRACE(fmt::format("testConfig: [{}]", fmt::join(serverList, ", ")));
6326 const int queryNum = 50;
6327 int64_t accumulatedTime = 0;
6328
6329 // The flag can be reset any time. It's better to re-setup the flag in each iteration.
6330 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, "1");
6331
6332 // Restart the testing network to 1) make the flag take effect and 2) reset the statistics.
6333 resetNetwork();
6334
6335 // DnsServerSelection doesn't apply to private DNS.
6336 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6337 setupParams.servers = serverList;
6338 setupParams.tlsServers.clear();
6339 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6340
6341 // DNSResponder doesn't handle queries concurrently, so don't allow more than
6342 // one in-flight query.
6343 for (int i = 0; i < queryNum; i++) {
6344 Stopwatch s;
6345 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_a,
6346 ANDROID_RESOLV_NO_CACHE_LOOKUP);
6347 expectAnswersValid(fd, AF_INET, kHelloExampleComAddrV4);
6348 accumulatedTime += s.timeTakenUs();
6349 }
6350
6351 const int dns1Count = dns1.queries().size();
6352 const int dns2Count = dns2.queries().size();
6353 const int dns3Count = dns3.queries().size();
6354
6355 // All of the servers have ever been selected. In addition, the less latency server
6356 // is selected more frequently.
6357 EXPECT_GT(dns1Count, 0);
6358 EXPECT_GT(dns2Count, 0);
6359 EXPECT_GT(dns3Count, 0);
6360 EXPECT_GE(dns1Count, dns2Count);
6361 EXPECT_GE(dns2Count, dns3Count);
6362
6363 const int averageTime = accumulatedTime / queryNum;
6364 LOG(INFO) << "ResolverTest#DnsServerSelection: averageTime " << averageTime << "us";
6365
6366 dns1.clearQueries();
6367 dns2.clearQueries();
6368 dns3.clearQueries();
6369 } while (std::next_permutation(serverList.begin(), serverList.end()));
6370 }
6371
TEST_F(ResolverTest,MultipleDotQueriesInOnePacket)6372 TEST_F(ResolverTest, MultipleDotQueriesInOnePacket) {
6373 constexpr char hostname1[] = "query1.example.com.";
6374 constexpr char hostname2[] = "query2.example.com.";
6375 const std::vector<DnsRecord> records = {
6376 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
6377 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
6378 };
6379
6380 const std::string addr = getUniqueIPv4Address();
6381 test::DNSResponder dns(addr);
6382 StartDns(dns, records);
6383 test::DnsTlsFrontend tls(addr, "853", addr, "53");
6384 ASSERT_TRUE(tls.startServer());
6385
6386 // Set up resolver to strict mode.
6387 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
6388 parcel.servers = {addr};
6389 parcel.tlsServers = {addr};
6390 parcel.tlsName = kDefaultPrivateDnsHostName;
6391 parcel.caCertificate = kCaCert;
6392 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
6393 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
6394 EXPECT_TRUE(tls.waitForQueries(1));
6395 tls.clearQueries();
6396 dns.clearQueries();
6397
6398 const auto queryAndCheck = [&](const std::string& hostname,
6399 const std::vector<DnsRecord>& records) {
6400 SCOPED_TRACE(hostname);
6401
6402 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
6403 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(hostname.c_str(), nullptr, hints);
6404
6405 std::vector<std::string> expectedAnswers;
6406 for (const auto& r : records) {
6407 if (r.host_name == hostname) expectedAnswers.push_back(r.addr);
6408 }
6409
6410 EXPECT_LE(timeTakenMs, 200);
6411 ASSERT_NE(result, nullptr);
6412 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(expectedAnswers));
6413 };
6414
6415 // Set tls to reply DNS responses in one TCP packet and not to close the connection from its
6416 // side.
6417 tls.setDelayQueries(2);
6418 tls.setDelayQueriesTimeout(500);
6419 tls.setPassiveClose(true);
6420
6421 // Start sending DNS requests at the same time.
6422 std::array<std::thread, 2> threads;
6423 threads[0] = std::thread(queryAndCheck, hostname1, records);
6424 threads[1] = std::thread(queryAndCheck, hostname2, records);
6425
6426 threads[0].join();
6427 threads[1].join();
6428
6429 // Also check no additional queries due to DoT reconnection.
6430 EXPECT_TRUE(tls.waitForQueries(2));
6431 }
6432
TEST_F(ResolverTest,MdnsGetHostByName)6433 TEST_F(ResolverTest, MdnsGetHostByName) {
6434 constexpr char v6addr[] = "::127.0.0.3";
6435 constexpr char v4addr[] = "127.0.0.3";
6436 constexpr char host_name[] = "hello.local.";
6437 constexpr char nonexistent_host_name[] = "nonexistent.local.";
6438
6439 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6440 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6441 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6442 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6443
6444 ASSERT_TRUE(mdnsv4.startServer());
6445 ASSERT_TRUE(mdnsv6.startServer());
6446 mdnsv4.clearQueries();
6447 mdnsv6.clearQueries();
6448
6449 std::vector<bool> keep_listening_udp_enable = {false, true};
6450 for (int value : keep_listening_udp_enable) {
6451 if (value == true) {
6452 // Set keep_listening_udp enable
6453 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6454 // Re-setup test network to make experiment flag take effect.
6455 resetNetwork();
6456 }
6457 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6458
6459 static const struct TestConfig {
6460 int ai_family;
6461 const std::string expected_addr;
6462 } testConfigs[]{
6463 {AF_INET, v4addr},
6464 {AF_INET6, v6addr},
6465 };
6466
6467 for (const auto& config : testConfigs) {
6468 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6469 const hostent* result = nullptr;
6470
6471 // No response for "nonexistent.local".
6472 result = gethostbyname2("nonexistent.local", config.ai_family);
6473 ASSERT_TRUE(result == nullptr);
6474 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6475 EXPECT_EQ(1U, GetNumQueries(mdns, nonexistent_host_name));
6476 mdns.clearQueries();
6477 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
6478
6479 // Normal mDns query
6480 result = gethostbyname2("hello.local", config.ai_family);
6481 ASSERT_FALSE(result == nullptr);
6482 EXPECT_EQ(1U, GetNumQueries(mdns, host_name));
6483 int length = config.ai_family == AF_INET ? 4 : 16;
6484 ASSERT_EQ(length, result->h_length);
6485 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6486 EXPECT_EQ(config.expected_addr, ToString(result));
6487 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6488 mdns.clearQueries();
6489
6490 // Ensure the query result is still cached.
6491 result = gethostbyname2("hello.local", config.ai_family);
6492 EXPECT_EQ(0U, GetNumQueries(mdnsv4, "hello.local."));
6493 ASSERT_FALSE(result == nullptr);
6494 EXPECT_EQ(config.expected_addr, ToString(result));
6495 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6496 }
6497 }
6498 }
6499
6500 namespace {
6501
6502 static const struct TransportTypeConfig {
6503 const std::vector<int32_t>& transportTypes;
6504 bool useMdns;
6505 } transportTypeConfig[]{
6506 // clang-format off
6507 {{}, true},
6508 {{IDnsResolver::TRANSPORT_CELLULAR}, false},
6509 {{IDnsResolver::TRANSPORT_WIFI}, true},
6510 {{IDnsResolver::TRANSPORT_BLUETOOTH}, true},
6511 {{IDnsResolver::TRANSPORT_ETHERNET}, true},
6512 {{IDnsResolver::TRANSPORT_VPN}, false},
6513 {{IDnsResolver::TRANSPORT_WIFI_AWARE}, true},
6514 {{IDnsResolver::TRANSPORT_LOWPAN}, true},
6515 {{IDnsResolver::TRANSPORT_TEST}, true},
6516 {{IDnsResolver::TRANSPORT_USB}, true},
6517 {{IDnsResolver::TRANSPORT_CELLULAR, IDnsResolver::TRANSPORT_VPN}, false},
6518 {{IDnsResolver::TRANSPORT_WIFI, IDnsResolver::TRANSPORT_VPN}, false},
6519 {{IDnsResolver::TRANSPORT_BLUETOOTH, IDnsResolver::TRANSPORT_VPN}, false},
6520 {{IDnsResolver::TRANSPORT_ETHERNET, IDnsResolver::TRANSPORT_VPN}, false},
6521 {{IDnsResolver::TRANSPORT_CELLULAR, IDnsResolver::TRANSPORT_WIFI,
6522 IDnsResolver::TRANSPORT_VPN}, false},
6523 {{IDnsResolver::TRANSPORT_WIFI_AWARE, IDnsResolver::TRANSPORT_VPN}, false},
6524 {{IDnsResolver::TRANSPORT_LOWPAN, IDnsResolver::TRANSPORT_VPN}, false},
6525 {{IDnsResolver::TRANSPORT_TEST, IDnsResolver::TRANSPORT_VPN}, false},
6526 {{IDnsResolver::TRANSPORT_USB, IDnsResolver::TRANSPORT_VPN}, false},
6527 // clang-format on
6528 };
6529
6530 } // namespace
6531
TEST_F(ResolverTest,MdnsGetHostByName_transportTypes)6532 TEST_F(ResolverTest, MdnsGetHostByName_transportTypes) {
6533 constexpr char v6addr[] = "::127.0.0.3";
6534 constexpr char v4addr[] = "127.0.0.3";
6535 constexpr char host_name[] = "hello.local.";
6536
6537 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6538 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6539 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6540 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6541 ASSERT_TRUE(mdnsv4.startServer());
6542 ASSERT_TRUE(mdnsv6.startServer());
6543
6544 const std::vector<DnsRecord> records = {
6545 {host_name, ns_type::ns_t_a, v4addr},
6546 {host_name, ns_type::ns_t_aaaa, v6addr},
6547 };
6548 test::DNSResponder dns(v4addr);
6549 StartDns(dns, records);
6550
6551 for (const auto& tpConfig : transportTypeConfig) {
6552 SCOPED_TRACE(fmt::format("transportTypes: [{}], useMdns: {}",
6553 fmt::join(tpConfig.transportTypes, ","), tpConfig.useMdns));
6554 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6555 setupParams.transportTypes = tpConfig.transportTypes;
6556 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6557
6558 static const struct TestConfig {
6559 int ai_family;
6560 const std::string expected_addr;
6561 } testConfigs[]{
6562 {AF_INET, v4addr},
6563 {AF_INET6, v6addr},
6564 };
6565
6566 for (const auto& config : testConfigs) {
6567 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6568 const hostent* result = nullptr;
6569 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6570
6571 result = gethostbyname2("hello.local", config.ai_family);
6572 ASSERT_FALSE(result == nullptr);
6573 if (tpConfig.useMdns) {
6574 EXPECT_EQ(1U, GetNumQueries(mdns, host_name));
6575 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
6576 } else {
6577 EXPECT_EQ(0U, GetNumQueries(mdns, host_name));
6578 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6579 }
6580 int length = config.ai_family == AF_INET ? 4 : 16;
6581 ASSERT_EQ(length, result->h_length);
6582 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6583 EXPECT_EQ(config.expected_addr, ToString(result));
6584 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6585
6586 mdns.clearQueries();
6587 dns.clearQueries();
6588 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6589 }
6590 }
6591 }
6592
TEST_F(ResolverTest,MdnsGetHostByName_cnames)6593 TEST_F(ResolverTest, MdnsGetHostByName_cnames) {
6594 constexpr char v6addr[] = "::127.0.0.3";
6595 constexpr char v4addr[] = "127.0.0.3";
6596 constexpr char host_name[] = "hello.local.";
6597 const std::vector<DnsRecord> records = {
6598 {"hi.local.", ns_type::ns_t_cname, "a.local."},
6599 {"a.local.", ns_type::ns_t_cname, "b.local."},
6600 {"b.local.", ns_type::ns_t_cname, "c.local."},
6601 {"c.local.", ns_type::ns_t_cname, "d.local."},
6602 {"d.local.", ns_type::ns_t_cname, "e.local."},
6603 {"e.local.", ns_type::ns_t_cname, host_name},
6604 {host_name, ns_type::ns_t_a, v4addr},
6605 {host_name, ns_type::ns_t_aaaa, v6addr},
6606 };
6607 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6608 for (const auto& r : records) {
6609 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6610 }
6611 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6612 for (const auto& r : records) {
6613 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6614 }
6615 ASSERT_TRUE(mdnsv4.startServer());
6616 ASSERT_TRUE(mdnsv6.startServer());
6617 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6618 mdnsv4.clearQueries();
6619 mdnsv6.clearQueries();
6620
6621 static const struct TestConfig {
6622 int ai_family;
6623 const std::string expected_addr;
6624 } testConfigs[]{
6625 {AF_INET, v4addr},
6626 {AF_INET6, v6addr},
6627 };
6628
6629 for (const auto& config : testConfigs) {
6630 size_t cnamecount = 0;
6631 // using gethostbyname2() to resolve ipv4 hello.local. to 127.0.0.3
6632 // or ipv6 hello.local. to ::127.0.0.3.
6633 // Ensure the v4 address and cnames are correct
6634 const hostent* result;
6635 result = gethostbyname2("hi.local", config.ai_family);
6636 ASSERT_FALSE(result == nullptr);
6637
6638 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
6639 std::string domain_name =
6640 records[i].host_name.substr(0, records[i].host_name.size() - 1);
6641 EXPECT_EQ(result->h_aliases[i], domain_name);
6642 cnamecount++;
6643 }
6644 // The size of "Non-cname type" record in DNS records is 2
6645 ASSERT_EQ(cnamecount, records.size() - 2);
6646 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6647 EXPECT_EQ(1U, mdnsv4.queries().size()) << mdns.dumpQueries();
6648 int length = config.ai_family == AF_INET ? 4 : 16;
6649 ASSERT_EQ(length, result->h_length);
6650
6651 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6652 EXPECT_EQ(config.expected_addr, ToString(result));
6653 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6654 }
6655 }
6656
TEST_F(ResolverTest,MdnsGetHostByName_cnamesInfiniteLoop)6657 TEST_F(ResolverTest, MdnsGetHostByName_cnamesInfiniteLoop) {
6658 constexpr char host_name1[] = "hello.local.";
6659 constexpr char host_name2[] = "hi.local.";
6660 const std::vector<DnsRecord> records = {
6661 {host_name1, ns_type::ns_t_cname, host_name2},
6662 {host_name2, ns_type::ns_t_cname, host_name1},
6663 };
6664
6665 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6666 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6667 for (const auto& r : records) {
6668 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6669 }
6670 for (const auto& r : records) {
6671 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6672 }
6673 ASSERT_TRUE(mdnsv4.startServer());
6674 ASSERT_TRUE(mdnsv6.startServer());
6675 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6676 mdnsv4.clearQueries();
6677 mdnsv6.clearQueries();
6678
6679 const hostent* result;
6680 result = gethostbyname2("hello.local", AF_INET);
6681 ASSERT_TRUE(result == nullptr);
6682
6683 result = gethostbyname2("hello.local", AF_INET6);
6684 ASSERT_TRUE(result == nullptr);
6685 }
6686
TEST_F(ResolverTest,MdnsGetAddrInfo)6687 TEST_F(ResolverTest, MdnsGetAddrInfo) {
6688 constexpr char v6addr[] = "::127.0.0.3";
6689 constexpr char v4addr[] = "127.0.0.3";
6690 constexpr char host_name[] = "hello.local.";
6691 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6692 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6693 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6694 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6695 ASSERT_TRUE(mdnsv4.startServer());
6696 ASSERT_TRUE(mdnsv6.startServer());
6697
6698 std::vector<bool> keep_listening_udp_enable = {false, true};
6699 for (int value : keep_listening_udp_enable) {
6700 if (value == true) {
6701 // Set keep_listening_udp enable
6702 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6703 // Re-setup test network to make experiment flag take effect.
6704 resetNetwork();
6705 }
6706
6707 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6708 static const struct TestConfig {
6709 int ai_family;
6710 const std::vector<std::string> expected_addr;
6711 } testConfigs[]{
6712 {AF_INET, {v4addr}},
6713 {AF_INET6, {v6addr}},
6714 {AF_UNSPEC, {v4addr, v6addr}},
6715 };
6716
6717 for (const auto& config : testConfigs) {
6718 mdnsv4.clearQueries();
6719 mdnsv6.clearQueries();
6720 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6721 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6722
6723 EXPECT_TRUE(result != nullptr);
6724 if (config.ai_family == AF_INET) {
6725 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6726 mdnsv4.clearQueries();
6727 } else if (config.ai_family == AF_INET6) {
6728 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6729 mdnsv6.clearQueries();
6730 } else if (config.ai_family == AF_UNSPEC) {
6731 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6732 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6733 mdnsv4.clearQueries();
6734 mdnsv6.clearQueries();
6735 }
6736 std::string result_str = ToString(result);
6737 EXPECT_THAT(ToStrings(result),
6738 testing::UnorderedElementsAreArray(config.expected_addr));
6739
6740 // Ensure the query results are still cached.
6741 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6742 EXPECT_TRUE(result != nullptr);
6743 if (config.ai_family == AF_INET)
6744 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6745 else if (config.ai_family == AF_INET6)
6746 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6747 else if (config.ai_family == AF_UNSPEC) {
6748 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6749 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6750 }
6751 result_str = ToString(result);
6752 EXPECT_THAT(ToStrings(result),
6753 testing::UnorderedElementsAreArray(config.expected_addr));
6754 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6755 }
6756 }
6757 }
6758
TEST_F(ResolverTest,MdnsGetAddrInfo_transportTypes)6759 TEST_F(ResolverTest, MdnsGetAddrInfo_transportTypes) {
6760 constexpr char v6addr[] = "::127.0.0.3";
6761 constexpr char v4addr[] = "127.0.0.3";
6762 constexpr char host_name[] = "hello.local.";
6763 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6764 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6765 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6766 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6767 ASSERT_TRUE(mdnsv4.startServer());
6768 ASSERT_TRUE(mdnsv6.startServer());
6769
6770 const std::vector<DnsRecord> records = {
6771 {host_name, ns_type::ns_t_a, v4addr},
6772 {host_name, ns_type::ns_t_aaaa, v6addr},
6773 };
6774 test::DNSResponder dns(v4addr);
6775 StartDns(dns, records);
6776
6777 for (const auto& tpConfig : transportTypeConfig) {
6778 SCOPED_TRACE(fmt::format("transportTypes: [{}], useMdns: {}",
6779 fmt::join(tpConfig.transportTypes, ","), tpConfig.useMdns));
6780 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6781 setupParams.transportTypes = tpConfig.transportTypes;
6782 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6783
6784 static const struct TestConfig {
6785 int ai_family;
6786 const std::vector<std::string> expected_addr;
6787 } testConfigs[]{
6788 {AF_INET, {v4addr}},
6789 {AF_INET6, {v6addr}},
6790 {AF_UNSPEC, {v4addr, v6addr}},
6791 };
6792
6793 for (const auto& config : testConfigs) {
6794 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6795 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6796
6797 EXPECT_TRUE(result != nullptr);
6798 if (tpConfig.useMdns) {
6799 if (config.ai_family == AF_INET) {
6800 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6801 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6802 } else if (config.ai_family == AF_INET6) {
6803 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6804 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6805 } else {
6806 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6807 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6808 }
6809 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
6810 } else {
6811 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6812 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6813 if (config.ai_family == AF_INET || config.ai_family == AF_INET6) {
6814 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6815 } else {
6816 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
6817 }
6818 }
6819 std::string result_str = ToString(result);
6820 EXPECT_THAT(ToStrings(result),
6821 testing::UnorderedElementsAreArray(config.expected_addr));
6822
6823 mdnsv4.clearQueries();
6824 mdnsv6.clearQueries();
6825 dns.clearQueries();
6826 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6827 }
6828 }
6829 }
6830
TEST_F(ResolverTest,MdnsGetAddrInfo_InvalidSocketType)6831 TEST_F(ResolverTest, MdnsGetAddrInfo_InvalidSocketType) {
6832 constexpr char v6addr[] = "::127.0.0.3";
6833 constexpr char host_name[] = "hello.local.";
6834
6835 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6836 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6837 ASSERT_TRUE(mdnsv6.startServer());
6838 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6839
6840 // TODO: Test other invalid socket types.
6841 const addrinfo hints = {
6842 .ai_family = AF_UNSPEC,
6843 .ai_socktype = SOCK_PACKET,
6844 };
6845 addrinfo* result = nullptr;
6846 // This is a valid hint, but the query won't be sent because the socket type is
6847 // not supported.
6848 EXPECT_EQ(EAI_NODATA, getaddrinfo("howdy.local", nullptr, &hints, &result));
6849 ScopedAddrinfo result_cleanup(result);
6850 EXPECT_EQ(nullptr, result);
6851 }
6852
TEST_F(ResolverTest,MdnsGetAddrInfo_cnames)6853 TEST_F(ResolverTest, MdnsGetAddrInfo_cnames) {
6854 constexpr char v6addr[] = "::127.0.0.3";
6855 constexpr char v4addr[] = "127.0.0.3";
6856 constexpr char host_name[] = "hello.local.";
6857 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6858 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6859 const std::vector<DnsRecord> records = {
6860 {"hi.local.", ns_type::ns_t_cname, "a.local."},
6861 {"a.local.", ns_type::ns_t_cname, "b.local."},
6862 {"b.local.", ns_type::ns_t_cname, "c.local."},
6863 {"c.local.", ns_type::ns_t_cname, "d.local."},
6864 {"d.local.", ns_type::ns_t_cname, "e.local."},
6865 {"e.local.", ns_type::ns_t_cname, host_name},
6866 {host_name, ns_type::ns_t_a, v4addr},
6867 {host_name, ns_type::ns_t_aaaa, v6addr},
6868 };
6869 for (const auto& r : records) {
6870 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6871 }
6872 for (const auto& r : records) {
6873 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6874 }
6875 ASSERT_TRUE(mdnsv4.startServer());
6876 ASSERT_TRUE(mdnsv6.startServer());
6877 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6878
6879 static const struct TestConfig {
6880 int ai_family;
6881 const std::vector<std::string> expected_addr;
6882 } testConfigs[]{
6883 {AF_INET, {v4addr}},
6884 {AF_INET6, {v6addr}},
6885 {AF_UNSPEC, {v4addr, v6addr}},
6886 };
6887 for (const auto& config : testConfigs) {
6888 mdnsv4.clearQueries();
6889 mdnsv6.clearQueries();
6890 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6891 ScopedAddrinfo result = safe_getaddrinfo("hi.local", nullptr, &hints);
6892 EXPECT_TRUE(result != nullptr);
6893 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.expected_addr));
6894 }
6895 }
6896
TEST_F(ResolverTest,MdnsGetAddrInfo_cnamesNoIpAddress)6897 TEST_F(ResolverTest, MdnsGetAddrInfo_cnamesNoIpAddress) {
6898 constexpr char host_name[] = "hello.local.";
6899 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6900 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6901 mdnsv4.addMapping(host_name, ns_type::ns_t_cname, "a.local.");
6902 mdnsv6.addMapping(host_name, ns_type::ns_t_cname, "a.local.");
6903 ASSERT_TRUE(mdnsv4.startServer());
6904 ASSERT_TRUE(mdnsv6.startServer());
6905 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6906
6907 addrinfo hints = {.ai_family = AF_INET};
6908 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6909 EXPECT_TRUE(result == nullptr);
6910
6911 mdnsv4.clearQueries();
6912 hints = {.ai_family = AF_INET6};
6913 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6914 EXPECT_TRUE(result == nullptr);
6915
6916 mdnsv6.clearQueries();
6917 hints = {.ai_family = AF_UNSPEC};
6918 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6919 EXPECT_TRUE(result == nullptr);
6920 }
6921
TEST_F(ResolverTest,MdnsGetAddrInfo_cnamesIllegalRdata)6922 TEST_F(ResolverTest, MdnsGetAddrInfo_cnamesIllegalRdata) {
6923 constexpr char host_name[] = "hello.local.";
6924 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6925 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6926 mdnsv4.addMapping(host_name, ns_type::ns_t_cname, ".!#?");
6927 mdnsv6.addMapping(host_name, ns_type::ns_t_cname, ".!#?");
6928 ASSERT_TRUE(mdnsv4.startServer());
6929 ASSERT_TRUE(mdnsv6.startServer());
6930 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6931
6932 addrinfo hints = {.ai_family = AF_INET};
6933 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6934 EXPECT_TRUE(result == nullptr);
6935
6936 mdnsv4.clearQueries();
6937 hints = {.ai_family = AF_INET6};
6938 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6939 EXPECT_TRUE(result == nullptr);
6940
6941 mdnsv6.clearQueries();
6942 hints = {.ai_family = AF_UNSPEC};
6943 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6944 EXPECT_TRUE(result == nullptr);
6945 }
6946
6947 // Test if .local resolution will try unicast when multicast is failed.
TEST_F(ResolverTest,MdnsGetAddrInfo_fallback)6948 TEST_F(ResolverTest, MdnsGetAddrInfo_fallback) {
6949 constexpr char v6addr[] = "::1.2.3.4";
6950 constexpr char v4addr[] = "1.2.3.4";
6951 constexpr char host_name[] = "hello.local.";
6952 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService,
6953 static_cast<ns_rcode>(-1));
6954 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService, static_cast<ns_rcode>(-1));
6955 // Set unresponsive on multicast.
6956 mdnsv4.setResponseProbability(0.0);
6957 mdnsv6.setResponseProbability(0.0);
6958 ASSERT_TRUE(mdnsv4.startServer());
6959 ASSERT_TRUE(mdnsv6.startServer());
6960
6961 const std::vector<DnsRecord> records = {
6962 {host_name, ns_type::ns_t_a, v4addr},
6963 {host_name, ns_type::ns_t_aaaa, v6addr},
6964 };
6965 test::DNSResponder dns("127.0.0.3");
6966 StartDns(dns, records);
6967 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6968
6969 static const struct TestConfig {
6970 int ai_family;
6971 const std::vector<std::string> expected_addr;
6972 } testConfigs[]{
6973 {AF_INET, {v4addr}},
6974 {AF_INET6, {v6addr}},
6975 {AF_UNSPEC, {v4addr, v6addr}},
6976 };
6977
6978 for (const auto& config : testConfigs) {
6979 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6980 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6981 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6982 EXPECT_TRUE(result != nullptr);
6983 if (config.ai_family == AF_INET) {
6984 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6985 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6986 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6987 } else if (config.ai_family == AF_INET6) {
6988 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6989 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6990 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6991 } else {
6992 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6993 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6994 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
6995 }
6996 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.expected_addr));
6997
6998 mdnsv4.clearQueries();
6999 mdnsv6.clearQueries();
7000 dns.clearQueries();
7001 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
7002 }
7003 }
7004
7005 // ResolverMultinetworkTest is used to verify multinetwork functionality. Here's how it works:
7006 // The resolver sends queries to address A, and then there will be a TunForwarder helping forward
7007 // the packets to address B, which is the address on which the testing server is listening. The
7008 // answer packets responded from the testing server go through the reverse path back to the
7009 // resolver.
7010 //
7011 // To achieve the that, it needs to set up a interface with routing rules. Tests are not
7012 // supposed to initiate DNS servers on their own; instead, some utilities are added to the class to
7013 // help the setup.
7014 //
7015 // An example of how to use it:
7016 // TEST_F() {
7017 // ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(V4);
7018 // network.init();
7019 //
7020 // auto dns = network.addIpv4Dns();
7021 // StartDns(dns.dnsServer, {});
7022 //
7023 // network.setDnsConfiguration();
7024 // network.startTunForwarder();
7025 //
7026 // // Send queries here
7027 // }
7028
7029 class ResolverMultinetworkTest : public ResolverTest {
7030 protected:
7031 enum class ConnectivityType { V4, V6, V4V6 };
7032 static constexpr int TEST_NETID_BASE = 10000;
7033
7034 struct DnsServerPair {
DnsServerPairResolverMultinetworkTest::DnsServerPair7035 DnsServerPair(std::shared_ptr<test::DNSResponder> server, std::string addr)
7036 : dnsServer(server), dnsAddr(addr) {}
7037 std::shared_ptr<test::DNSResponder> dnsServer;
7038 std::string dnsAddr; // The DNS server address used for setResolverConfiguration().
7039 // TODO: Add test::DnsTlsFrontend* and std::string for DoT.
7040 };
7041
7042 class ScopedNetwork {
7043 public:
ScopedNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * networkName)7044 ScopedNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7045 IDnsResolver* dnsResolvSrv, const char* networkName)
7046 : mNetId(netId),
7047 mConnectivityType(type),
7048 mNetdSrv(netdSrv),
7049 mDnsResolvSrv(dnsResolvSrv),
7050 mNetworkName(networkName) {
7051 mIfname = fmt::format("testtun{}", netId);
7052 }
~ScopedNetwork()7053 virtual ~ScopedNetwork() {
7054 if (mNetdSrv != nullptr) mNetdSrv->networkDestroy(mNetId);
7055 if (mDnsResolvSrv != nullptr) mDnsResolvSrv->destroyNetworkCache(mNetId);
7056 }
7057
7058 Result<void> init();
addIpv4Dns()7059 Result<DnsServerPair> addIpv4Dns() { return addDns(ConnectivityType::V4); }
addIpv6Dns()7060 Result<DnsServerPair> addIpv6Dns() { return addDns(ConnectivityType::V6); }
startTunForwarder()7061 bool startTunForwarder() { return mTunForwarder->startForwarding(); }
7062 bool setDnsConfiguration() const;
7063 bool clearDnsConfiguration() const;
netId() const7064 unsigned netId() const { return mNetId; }
name() const7065 std::string name() const { return mNetworkName; }
addUser(uid_t uid) const7066 Result<void> addUser(uid_t uid) const { return addUidRange(uid, uid); }
addUidRange(uid_t from,uid_t to) const7067 Result<void> addUidRange(uid_t from, uid_t to) const {
7068 if (auto r = mNetdSrv->networkAddUidRanges(mNetId, {makeUidRangeParcel(from, to)});
7069 !r.isOk()) {
7070 return Error() << r.getMessage();
7071 }
7072 return {};
7073 }
7074
addUserFromParcel(uid_t uid,int32_t subPriority) const7075 Result<void> addUserFromParcel(uid_t uid, int32_t subPriority) const {
7076 return addUidRangeFromParcel(uid, uid, subPriority);
7077 }
7078
addUidRangeFromParcel(uid_t from,uid_t to,int32_t subPriority) const7079 Result<void> addUidRangeFromParcel(uid_t from, uid_t to, int32_t subPriority) const {
7080 NativeUidRangeConfig cfg =
7081 makeNativeUidRangeConfig(mNetId, {makeUidRangeParcel(from, to)}, subPriority);
7082 if (auto r = mNetdSrv->networkAddUidRangesParcel(cfg); !r.isOk()) {
7083 return Error() << r.getMessage();
7084 }
7085 return {};
7086 }
7087
ifname()7088 const std::string& ifname() { return mIfname; }
7089 // Assuming mNetId is unique during ResolverMultinetworkTest, make the
7090 // address based on it to avoid conflicts.
makeIpv4AddrString(uint8_t n) const7091 std::string makeIpv4AddrString(uint8_t n) const {
7092 return fmt::format("192.168.{}.{}", (mNetId - TEST_NETID_BASE), n);
7093 }
makeIpv6AddrString(uint8_t n) const7094 std::string makeIpv6AddrString(uint8_t n) const {
7095 return fmt::format("2001:db8:{}::{}", (mNetId - TEST_NETID_BASE), n);
7096 }
7097
7098 protected:
7099 // Subclasses should implement it to decide which network should be create.
7100 virtual Result<void> createNetwork() const = 0;
7101
7102 const unsigned mNetId;
7103 const ConnectivityType mConnectivityType;
7104 INetd* mNetdSrv;
7105 IDnsResolver* mDnsResolvSrv;
7106 const std::string mNetworkName;
7107 std::string mIfname;
7108 std::unique_ptr<TunForwarder> mTunForwarder;
7109 std::vector<DnsServerPair> mDnsServerPairs;
7110
7111 private:
7112 Result<DnsServerPair> addDns(ConnectivityType connectivity);
7113 };
7114
7115 class ScopedPhysicalNetwork : public ScopedNetwork {
7116 public:
ScopedPhysicalNetwork(unsigned netId,const char * networkName)7117 ScopedPhysicalNetwork(unsigned netId, const char* networkName)
7118 : ScopedNetwork(netId, ConnectivityType::V4V6, nullptr, nullptr, networkName) {}
ScopedPhysicalNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * name="Physical")7119 ScopedPhysicalNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7120 IDnsResolver* dnsResolvSrv, const char* name = "Physical")
7121 : ScopedNetwork(netId, type, netdSrv, dnsResolvSrv, name) {}
7122
7123 protected:
createNetwork() const7124 Result<void> createNetwork() const override {
7125 ::ndk::ScopedAStatus r;
7126 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
7127 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
7128 mNetId, NativeNetworkType::PHYSICAL, INetd::PERMISSION_NONE,
7129 /*secure=*/false);
7130 r = mNetdSrv->networkCreate(config);
7131 } else {
7132 #pragma clang diagnostic push
7133 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
7134 r = mNetdSrv->networkCreatePhysical(mNetId, INetd::PERMISSION_NONE);
7135 #pragma clang diagnostic pop
7136 }
7137
7138 if (!r.isOk()) {
7139 return Error() << r.getMessage();
7140 }
7141 return {};
7142 }
7143 };
7144
7145 class ScopedVirtualNetwork : public ScopedNetwork {
7146 public:
ScopedVirtualNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * name,bool isSecure)7147 ScopedVirtualNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7148 IDnsResolver* dnsResolvSrv, const char* name, bool isSecure)
7149 : ScopedNetwork(netId, type, netdSrv, dnsResolvSrv, name), mIsSecure(isSecure) {
7150 if (android::modules::sdklevel::IsAtLeastT()) {
7151 mFw = Firewall::getInstance();
7152 }
7153 }
~ScopedVirtualNetwork()7154 ~ScopedVirtualNetwork() {
7155 if (!mVpnIsolationUids.empty()) {
7156 const std::vector<int> tmpUids(mVpnIsolationUids.begin(), mVpnIsolationUids.end());
7157 mNetdSrv->firewallRemoveUidInterfaceRules(tmpUids);
7158 }
7159 }
7160 // Enable VPN isolation. Ensures that uid can only receive packets on mIfname.
enableVpnIsolation(int uid)7161 Result<void> enableVpnIsolation(int uid) {
7162 if (android::modules::sdklevel::IsAtLeastT()) {
7163 if (auto r = mFw->addUidInterfaceRules(mIfname, {uid}); !r.ok()) {
7164 return r;
7165 }
7166 } else if (auto r = mNetdSrv->firewallAddUidInterfaceRules(mIfname, {uid}); !r.isOk()) {
7167 return Error() << r.getMessage();
7168 }
7169 mVpnIsolationUids.insert(uid);
7170 return {};
7171 }
disableVpnIsolation(int uid)7172 Result<void> disableVpnIsolation(int uid) {
7173 if (android::modules::sdklevel::IsAtLeastT()) {
7174 if (auto r = mFw->removeUidInterfaceRules({uid}); !r.ok()) {
7175 return r;
7176 }
7177 } else if (auto r = mNetdSrv->firewallRemoveUidInterfaceRules({uid}); !r.isOk()) {
7178 return Error() << r.getMessage();
7179 }
7180 mVpnIsolationUids.erase(uid);
7181 return {};
7182 }
7183
7184 protected:
createNetwork() const7185 Result<void> createNetwork() const override {
7186 ::ndk::ScopedAStatus r;
7187 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
7188 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
7189 mNetId, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE, mIsSecure);
7190 r = mNetdSrv->networkCreate(config);
7191 } else {
7192 #pragma clang diagnostic push
7193 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
7194 r = mNetdSrv->networkCreateVpn(mNetId, mIsSecure);
7195 #pragma clang diagnostic pop
7196 }
7197
7198 if (!r.isOk()) {
7199 return Error() << r.getMessage();
7200 }
7201 return {};
7202 }
7203
7204 bool mIsSecure = false;
7205 std::unordered_set<int> mVpnIsolationUids;
7206 Firewall* mFw;
7207 };
7208
SetUp()7209 void SetUp() override {
7210 ResolverTest::SetUp();
7211 ASSERT_NE(mDnsClient.netdService(), nullptr);
7212 ASSERT_NE(mDnsClient.resolvService(), nullptr);
7213 }
7214
TearDown()7215 void TearDown() override {
7216 ResolverTest::TearDown();
7217 // Restore default network
7218 if (mStoredDefaultNetwork >= 0) {
7219 mDnsClient.netdService()->networkSetDefault(mStoredDefaultNetwork);
7220 }
7221 }
7222
CreateScopedPhysicalNetwork(ConnectivityType type,const char * name="Physical")7223 ScopedPhysicalNetwork CreateScopedPhysicalNetwork(ConnectivityType type,
7224 const char* name = "Physical") {
7225 return {getFreeNetId(), type, mDnsClient.netdService(), mDnsClient.resolvService(), name};
7226 }
CreateScopedVirtualNetwork(ConnectivityType type,bool isSecure,const char * name="Virtual")7227 ScopedVirtualNetwork CreateScopedVirtualNetwork(ConnectivityType type, bool isSecure,
7228 const char* name = "Virtual") {
7229 return {getFreeNetId(), type, mDnsClient.netdService(), mDnsClient.resolvService(),
7230 name, isSecure};
7231 }
7232 void StartDns(test::DNSResponder& dns, const std::vector<DnsRecord>& records);
setDefaultNetwork(int netId)7233 void setDefaultNetwork(int netId) {
7234 // Save current default network at the first call.
7235 std::call_once(defaultNetworkFlag, [&]() {
7236 ASSERT_TRUE(mDnsClient.netdService()->networkGetDefault(&mStoredDefaultNetwork).isOk());
7237 });
7238 ASSERT_TRUE(mDnsClient.netdService()->networkSetDefault(netId).isOk());
7239 }
getFreeNetId()7240 unsigned getFreeNetId() {
7241 if (mNextNetId == TEST_NETID_BASE + 256) mNextNetId = TEST_NETID_BASE;
7242 return mNextNetId++;
7243 }
7244 Result<std::shared_ptr<test::DNSResponder>> setupDns(ConnectivityType type, ScopedNetwork* nw,
7245 const char* host_name,
7246 const char* ipv4_addr,
7247 const char* ipv6_addr);
7248
expectDnsQueryCountsFn(std::shared_ptr<test::DNSResponder> dnsServer,const char * host_name,size_t count,unsigned expectedDnsNetId)7249 void expectDnsQueryCountsFn(std::shared_ptr<test::DNSResponder> dnsServer,
7250 const char* host_name, size_t count, unsigned expectedDnsNetId) {
7251 EXPECT_EQ(GetNumQueries(*dnsServer, host_name), count);
7252 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(expectedDnsNetId).isOk());
7253 dnsServer->clearQueries();
7254 }
7255
makeNativeUidRangeConfig(unsigned netId,std::vector<UidRangeParcel> uidRanges,int32_t subPriority)7256 static NativeUidRangeConfig makeNativeUidRangeConfig(unsigned netId,
7257 std::vector<UidRangeParcel> uidRanges,
7258 int32_t subPriority) {
7259 NativeUidRangeConfig res;
7260 res.netId = netId;
7261 res.uidRanges = std::move(uidRanges);
7262 res.subPriority = subPriority;
7263
7264 return res;
7265 }
7266
7267 private:
7268 // Use a different netId because this class inherits from the class ResolverTest which
7269 // always creates TEST_NETID in setup. It's incremented when CreateScoped{Physical,
7270 // Virtual}Network() is called.
7271 // Note: 255 is the maximum number of (mNextNetId - TEST_NETID_BASE) here as mNextNetId
7272 // is used to create address.
7273 unsigned mNextNetId = TEST_NETID_BASE;
7274 // Use -1 to represent that default network was not modified because
7275 // real netId must be an unsigned value.
7276 int mStoredDefaultNetwork = -1;
7277 std::once_flag defaultNetworkFlag;
7278 };
7279
init()7280 Result<void> ResolverMultinetworkTest::ScopedNetwork::init() {
7281 if (mNetdSrv == nullptr || mDnsResolvSrv == nullptr) return Error() << "srv not available";
7282 unique_fd ufd = TunForwarder::createTun(mIfname);
7283 if (!ufd.ok()) {
7284 return Errorf("createTun for {} failed", mIfname);
7285 }
7286 mTunForwarder = std::make_unique<TunForwarder>(std::move(ufd));
7287
7288 if (auto r = createNetwork(); !r.ok()) {
7289 return r;
7290 }
7291 if (auto r = mDnsResolvSrv->createNetworkCache(mNetId); !r.isOk()) {
7292 return Error() << r.getMessage();
7293 }
7294 if (auto r = mNetdSrv->networkAddInterface(mNetId, mIfname); !r.isOk()) {
7295 return Error() << r.getMessage();
7296 }
7297
7298 if (mConnectivityType == ConnectivityType::V4 || mConnectivityType == ConnectivityType::V4V6) {
7299 const std::string v4Addr = makeIpv4AddrString(1);
7300 if (auto r = mNetdSrv->interfaceAddAddress(mIfname, v4Addr, 32); !r.isOk()) {
7301 return Error() << r.getMessage();
7302 }
7303 if (auto r = mNetdSrv->networkAddRoute(mNetId, mIfname, "0.0.0.0/0", ""); !r.isOk()) {
7304 return Error() << r.getMessage();
7305 }
7306 }
7307 if (mConnectivityType == ConnectivityType::V6 || mConnectivityType == ConnectivityType::V4V6) {
7308 const std::string v6Addr = makeIpv6AddrString(1);
7309 if (auto r = mNetdSrv->interfaceAddAddress(mIfname, v6Addr, 128); !r.isOk()) {
7310 return Error() << r.getMessage();
7311 }
7312 if (auto r = mNetdSrv->networkAddRoute(mNetId, mIfname, "::/0", ""); !r.isOk()) {
7313 return Error() << r.getMessage();
7314 }
7315 }
7316
7317 return {};
7318 }
7319
StartDns(test::DNSResponder & dns,const std::vector<DnsRecord> & records)7320 void ResolverMultinetworkTest::StartDns(test::DNSResponder& dns,
7321 const std::vector<DnsRecord>& records) {
7322 ResolverTest::StartDns(dns, records);
7323
7324 // Bind the DNSResponder's sockets to the network if specified.
7325 if (std::optional<unsigned> netId = dns.getNetwork(); netId.has_value()) {
7326 setNetworkForSocket(netId.value(), dns.getUdpSocket());
7327 setNetworkForSocket(netId.value(), dns.getTcpSocket());
7328 }
7329 }
7330
setupDns(ConnectivityType type,ScopedNetwork * nw,const char * host_name,const char * ipv4_addr,const char * ipv6_addr)7331 Result<std::shared_ptr<test::DNSResponder>> ResolverMultinetworkTest::setupDns(
7332 ConnectivityType type, ScopedNetwork* nw, const char* host_name, const char* ipv4_addr,
7333 const char* ipv6_addr) {
7334 // Add a testing DNS server to networks.
7335 const Result<DnsServerPair> dnsSvPair =
7336 (type == ConnectivityType::V4) ? nw->addIpv4Dns() : nw->addIpv6Dns();
7337 if (!dnsSvPair.ok()) return Error() << dnsSvPair.error();
7338
7339 StartDns(*dnsSvPair->dnsServer,
7340 {{host_name, ns_type::ns_t_a, ipv4_addr}, {host_name, ns_type::ns_t_aaaa, ipv6_addr}});
7341 if (!nw->setDnsConfiguration()) return Error() << "setDnsConfiguration() failed";
7342 if (!nw->startTunForwarder()) return Error() << "startTunForwarder() failed";
7343 return dnsSvPair->dnsServer;
7344 }
7345
addDns(ConnectivityType type)7346 Result<ResolverMultinetworkTest::DnsServerPair> ResolverMultinetworkTest::ScopedNetwork::addDns(
7347 ConnectivityType type) {
7348 const int index = mDnsServerPairs.size();
7349 const int prefixLen = (type == ConnectivityType::V4) ? 32 : 128;
7350
7351 const std::function<std::string(unsigned)> makeIpString =
7352 std::bind((type == ConnectivityType::V4) ? &ScopedNetwork::makeIpv4AddrString
7353 : &ScopedNetwork::makeIpv6AddrString,
7354 this, std::placeholders::_1);
7355
7356 std::string src1 = makeIpString(1); // The address from which the resolver will send.
7357 std::string dst1 = makeIpString(
7358 index + 100 +
7359 (mNetId - TEST_NETID_BASE)); // The address to which the resolver will send.
7360 std::string src2 = dst1; // The address translated from src1.
7361 std::string dst2 = makeIpString(
7362 index + 200 + (mNetId - TEST_NETID_BASE)); // The address translated from dst2.
7363
7364 if (!mTunForwarder->addForwardingRule({src1, dst1}, {src2, dst2}) ||
7365 !mTunForwarder->addForwardingRule({dst2, src2}, {dst1, src1})) {
7366 return Errorf("Failed to add the rules ({}, {}, {}, {})", src1, dst1, src2, dst2);
7367 }
7368
7369 if (!mNetdSrv->interfaceAddAddress(mIfname, dst2, prefixLen).isOk()) {
7370 return Errorf("interfaceAddAddress({}, {}, {}) failed", mIfname, dst2, prefixLen);
7371 }
7372
7373 return mDnsServerPairs.emplace_back(std::make_shared<test::DNSResponder>(mNetId, dst2), dst1);
7374 }
7375
setDnsConfiguration() const7376 bool ResolverMultinetworkTest::ScopedNetwork::setDnsConfiguration() const {
7377 if (mDnsResolvSrv == nullptr) return false;
7378 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
7379 parcel.tlsServers.clear();
7380 parcel.netId = mNetId;
7381 parcel.servers.clear();
7382 for (const auto& pair : mDnsServerPairs) {
7383 parcel.servers.push_back(pair.dnsAddr);
7384 }
7385 return mDnsResolvSrv->setResolverConfiguration(parcel).isOk();
7386 }
7387
clearDnsConfiguration() const7388 bool ResolverMultinetworkTest::ScopedNetwork::clearDnsConfiguration() const {
7389 if (mDnsResolvSrv == nullptr) return false;
7390 return mDnsResolvSrv->destroyNetworkCache(mNetId).isOk() &&
7391 mDnsResolvSrv->createNetworkCache(mNetId).isOk();
7392 }
7393
7394 namespace {
7395
7396 // Convenient wrapper for making getaddrinfo call like framework.
android_getaddrinfofornet_wrapper(const char * name,int netId)7397 Result<ScopedAddrinfo> android_getaddrinfofornet_wrapper(const char* name, int netId) {
7398 // Use the same parameter as libcore/ojluni/src/main/java/java/net/Inet6AddressImpl.java.
7399 static const addrinfo hints = {
7400 .ai_flags = AI_ADDRCONFIG,
7401 .ai_family = AF_UNSPEC,
7402 .ai_socktype = SOCK_STREAM,
7403 };
7404 addrinfo* result = nullptr;
7405 if (int r = android_getaddrinfofornet(name, nullptr, &hints, netId, MARK_UNSET, &result)) {
7406 return Error() << r;
7407 }
7408 return ScopedAddrinfo(result);
7409 }
7410
expectDnsWorksForUid(const char * name,unsigned netId,uid_t uid,const std::vector<std::string> & expectedResult)7411 void expectDnsWorksForUid(const char* name, unsigned netId, uid_t uid,
7412 const std::vector<std::string>& expectedResult) {
7413 ScopedChangeUID scopedChangeUID(uid);
7414 auto result = android_getaddrinfofornet_wrapper(name, netId);
7415 ASSERT_RESULT_OK(result);
7416 ScopedAddrinfo ai_result(std::move(result.value()));
7417 std::vector<std::string> result_strs = ToStrings(ai_result);
7418 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(expectedResult));
7419 }
7420
expectDnsFailedForUid(const char * name,unsigned netId,uid_t uid)7421 void expectDnsFailedForUid(const char* name, unsigned netId, uid_t uid) {
7422 ScopedChangeUID scopedChangeUID(uid);
7423 ASSERT_FALSE(android_getaddrinfofornet_wrapper(name, netId).ok());
7424 }
7425
7426 } // namespace
7427
TEST_F(ResolverMultinetworkTest,GetAddrInfo_AI_ADDRCONFIG)7428 TEST_F(ResolverMultinetworkTest, GetAddrInfo_AI_ADDRCONFIG) {
7429 constexpr char host_name[] = "ohayou.example.com.";
7430
7431 const std::array<ConnectivityType, 3> allTypes = {
7432 ConnectivityType::V4,
7433 ConnectivityType::V6,
7434 ConnectivityType::V4V6,
7435 };
7436 for (const auto& type : allTypes) {
7437 SCOPED_TRACE(fmt::format("ConnectivityType: {}", type));
7438
7439 // Create a network.
7440 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(type);
7441 ASSERT_RESULT_OK(network.init());
7442
7443 // Add a testing DNS server.
7444 const Result<DnsServerPair> dnsPair =
7445 (type == ConnectivityType::V4) ? network.addIpv4Dns() : network.addIpv6Dns();
7446 ASSERT_RESULT_OK(dnsPair);
7447 StartDns(*dnsPair->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"},
7448 {host_name, ns_type::ns_t_aaaa, "2001:db8:cafe:d00d::31"}});
7449
7450 // Set up resolver and start forwarding.
7451 ASSERT_TRUE(network.setDnsConfiguration());
7452 ASSERT_TRUE(network.startTunForwarder());
7453
7454 auto result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7455 ASSERT_RESULT_OK(result);
7456 ScopedAddrinfo ai_result(std::move(result.value()));
7457 std::vector<std::string> result_strs = ToStrings(ai_result);
7458 std::vector<std::string> expectedResult;
7459 size_t expectedQueries = 0;
7460
7461 if (type == ConnectivityType::V6 || type == ConnectivityType::V4V6) {
7462 expectedResult.emplace_back("2001:db8:cafe:d00d::31");
7463 expectedQueries++;
7464 }
7465 if (type == ConnectivityType::V4 || type == ConnectivityType::V4V6) {
7466 expectedResult.emplace_back("192.0.2.0");
7467 expectedQueries++;
7468 }
7469 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(expectedResult));
7470 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), expectedQueries);
7471 }
7472 }
7473
TEST_F(ResolverMultinetworkTest,NetworkDestroyedDuringQueryInFlight)7474 TEST_F(ResolverMultinetworkTest, NetworkDestroyedDuringQueryInFlight) {
7475 constexpr char host_name[] = "ohayou.example.com.";
7476
7477 // Create a network and add an ipv4 DNS server.
7478 auto network = std::make_unique<ScopedPhysicalNetwork>(getFreeNetId(), ConnectivityType::V4V6,
7479 mDnsClient.netdService(),
7480 mDnsClient.resolvService());
7481 ASSERT_RESULT_OK(network->init());
7482 const Result<DnsServerPair> dnsPair = network->addIpv4Dns();
7483 ASSERT_RESULT_OK(dnsPair);
7484
7485 // Set the DNS server unresponsive.
7486 dnsPair->dnsServer->setResponseProbability(0.0);
7487 dnsPair->dnsServer->setErrorRcode(static_cast<ns_rcode>(-1));
7488 StartDns(*dnsPair->dnsServer, {});
7489
7490 // Set up resolver and start forwarding.
7491 ASSERT_TRUE(network->setDnsConfiguration());
7492 ASSERT_TRUE(network->startTunForwarder());
7493
7494 // Expect the things happening in order:
7495 // 1. The thread sends the query to the dns server which is unresponsive.
7496 // 2. The network is destroyed while the thread is waiting for the response from the dns server.
7497 // 3. After the dns server timeout, the thread retries but fails to connect.
7498 std::thread lookup([&]() {
7499 int fd = resNetworkQuery(network->netId(), host_name, ns_c_in, ns_t_a, 0);
7500 EXPECT_TRUE(fd != -1);
7501 expectAnswersNotValid(fd, -ETIMEDOUT);
7502 });
7503
7504 // Tear down the network as soon as the dns server receives the query.
7505 const auto condition = [&]() { return GetNumQueries(*dnsPair->dnsServer, host_name) == 1U; };
7506 EXPECT_TRUE(PollForCondition(condition));
7507 network.reset();
7508
7509 lookup.join();
7510 }
7511
TEST_F(ResolverMultinetworkTest,OneCachePerNetwork)7512 TEST_F(ResolverMultinetworkTest, OneCachePerNetwork) {
7513 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
7514 constexpr char host_name[] = "ohayou.example.com.";
7515
7516 ScopedPhysicalNetwork network1 = CreateScopedPhysicalNetwork(ConnectivityType::V4V6);
7517 ScopedPhysicalNetwork network2 = CreateScopedPhysicalNetwork(ConnectivityType::V4V6);
7518 ASSERT_RESULT_OK(network1.init());
7519 ASSERT_RESULT_OK(network2.init());
7520
7521 const Result<DnsServerPair> dnsPair1 = network1.addIpv4Dns();
7522 const Result<DnsServerPair> dnsPair2 = network2.addIpv4Dns();
7523 ASSERT_RESULT_OK(dnsPair1);
7524 ASSERT_RESULT_OK(dnsPair2);
7525 StartDns(*dnsPair1->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"}});
7526 StartDns(*dnsPair2->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.1"}});
7527
7528 // Set up resolver for network 1 and start forwarding.
7529 ASSERT_TRUE(network1.setDnsConfiguration());
7530 ASSERT_TRUE(network1.startTunForwarder());
7531
7532 // Set up resolver for network 2 and start forwarding.
7533 ASSERT_TRUE(network2.setDnsConfiguration());
7534 ASSERT_TRUE(network2.startTunForwarder());
7535
7536 // Send the same queries to both networks.
7537 int fd1 = resNetworkQuery(network1.netId(), host_name, ns_c_in, ns_t_a, 0);
7538 int fd2 = resNetworkQuery(network2.netId(), host_name, ns_c_in, ns_t_a, 0);
7539
7540 expectAnswersValid(fd1, AF_INET, "192.0.2.0");
7541 expectAnswersValid(fd2, AF_INET, "192.0.2.1");
7542 EXPECT_EQ(GetNumQueries(*dnsPair1->dnsServer, host_name), 1U);
7543 EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);
7544
7545 // Flush the cache of network 1, and send the queries again.
7546 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(network1.netId()).isOk());
7547 fd1 = resNetworkQuery(network1.netId(), host_name, ns_c_in, ns_t_a, 0);
7548 fd2 = resNetworkQuery(network2.netId(), host_name, ns_c_in, ns_t_a, 0);
7549
7550 expectAnswersValid(fd1, AF_INET, "192.0.2.0");
7551 expectAnswersValid(fd2, AF_INET, "192.0.2.1");
7552 EXPECT_EQ(GetNumQueries(*dnsPair1->dnsServer, host_name), 2U);
7553 EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);
7554 }
7555
TEST_F(ResolverMultinetworkTest,DnsWithVpn)7556 TEST_F(ResolverMultinetworkTest, DnsWithVpn) {
7557 SKIP_IF_BPF_NOT_SUPPORTED;
7558 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
7559 constexpr char host_name[] = "ohayou.example.com.";
7560 constexpr char ipv4_addr[] = "192.0.2.0";
7561 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7562
7563 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7564 {ConnectivityType::V4, {ipv4_addr}},
7565 {ConnectivityType::V6, {ipv6_addr}},
7566 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7567 };
7568 for (const auto& [type, result] : testPairs) {
7569 SCOPED_TRACE(fmt::format("ConnectivityType: {}", type));
7570
7571 // Create a network.
7572 ScopedPhysicalNetwork underlyingNetwork = CreateScopedPhysicalNetwork(type, "Underlying");
7573 ScopedVirtualNetwork bypassableVpnNetwork =
7574 CreateScopedVirtualNetwork(type, false, "BypassableVpn");
7575 ScopedVirtualNetwork secureVpnNetwork = CreateScopedVirtualNetwork(type, true, "SecureVpn");
7576
7577 ASSERT_RESULT_OK(underlyingNetwork.init());
7578 ASSERT_RESULT_OK(bypassableVpnNetwork.init());
7579 ASSERT_RESULT_OK(secureVpnNetwork.init());
7580 ASSERT_RESULT_OK(bypassableVpnNetwork.addUser(TEST_UID));
7581 ASSERT_RESULT_OK(secureVpnNetwork.addUser(TEST_UID2));
7582
7583 // Set up resolver and start forwarding for networks.
7584 auto underlyingNwDnsSv =
7585 setupDns(type, &underlyingNetwork, host_name, ipv4_addr, ipv6_addr);
7586 ASSERT_RESULT_OK(underlyingNwDnsSv);
7587 auto bypassableVpnDnsSv =
7588 setupDns(type, &bypassableVpnNetwork, host_name, ipv4_addr, ipv6_addr);
7589 ASSERT_RESULT_OK(bypassableVpnDnsSv);
7590 auto secureVpnDnsSv = setupDns(type, &secureVpnNetwork, host_name, ipv4_addr, ipv6_addr);
7591 ASSERT_RESULT_OK(secureVpnDnsSv);
7592
7593 setDefaultNetwork(underlyingNetwork.netId());
7594 const unsigned underlyingNetId = underlyingNetwork.netId();
7595 const unsigned bypassableVpnNetId = bypassableVpnNetwork.netId();
7596 const unsigned secureVpnNetId = secureVpnNetwork.netId();
7597 // We've called setNetworkForProcess in SetupOemNetwork, so reset to default first.
7598 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7599
7600 // Create a object to represent default network, do not init it.
7601 ScopedPhysicalNetwork defaultNetwork{NETID_UNSET, "Default"};
7602
7603 // Test VPN with DNS server under 4 different network selection scenarios.
7604 // See the test config for the expectation.
7605 const struct TestConfig {
7606 ScopedNetwork* selectedNetwork;
7607 unsigned expectedDnsNetId;
7608 std::shared_ptr<test::DNSResponder> expectedDnsServer;
7609 } vpnWithDnsServerConfigs[]{
7610 // clang-format off
7611 // Queries use the bypassable VPN by default.
7612 {&defaultNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7613 // Choosing the underlying network works because the VPN is bypassable.
7614 {&underlyingNetwork, underlyingNetId, *underlyingNwDnsSv},
7615 // Selecting the VPN sends the query on the VPN.
7616 {&bypassableVpnNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7617 // TEST_UID does not have access to the secure VPN.
7618 {&secureVpnNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7619 // clang-format on
7620 };
7621 for (const auto& config : vpnWithDnsServerConfigs) {
7622 SCOPED_TRACE(fmt::format("Bypassble VPN with DnsServer, selectedNetwork = {}",
7623 config.selectedNetwork->name()));
7624 expectDnsWorksForUid(host_name, config.selectedNetwork->netId(), TEST_UID, result);
7625 expectDnsQueryCountsFn(config.expectedDnsServer, host_name, result.size(),
7626 config.expectedDnsNetId);
7627 }
7628
7629 std::vector<ScopedNetwork*> nwVec{&defaultNetwork, &underlyingNetwork,
7630 &bypassableVpnNetwork, &secureVpnNetwork};
7631 // Test the VPN without DNS server with the same combination as before.
7632 ASSERT_TRUE(bypassableVpnNetwork.clearDnsConfiguration());
7633 // Test bypassable VPN, TEST_UID
7634 for (const auto* selectedNetwork : nwVec) {
7635 SCOPED_TRACE(fmt::format("Bypassble VPN without DnsServer, selectedNetwork = {}",
7636 selectedNetwork->name()));
7637 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID, result);
7638 expectDnsQueryCountsFn(*underlyingNwDnsSv, host_name, result.size(), underlyingNetId);
7639 }
7640
7641 // The same test scenario as before plus enableVpnIsolation for secure VPN, TEST_UID2.
7642 for (bool enableVpnIsolation : {false, true}) {
7643 SCOPED_TRACE(fmt::format("enableVpnIsolation = {}", enableVpnIsolation));
7644 if (enableVpnIsolation) {
7645 EXPECT_RESULT_OK(secureVpnNetwork.enableVpnIsolation(TEST_UID2));
7646 }
7647
7648 // Test secure VPN without DNS server.
7649 ASSERT_TRUE(secureVpnNetwork.clearDnsConfiguration());
7650 for (const auto* selectedNetwork : nwVec) {
7651 SCOPED_TRACE(fmt::format("Secure VPN without DnsServer, selectedNetwork = {}",
7652 selectedNetwork->name()));
7653 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID2, result);
7654 expectDnsQueryCountsFn(*underlyingNwDnsSv, host_name, result.size(),
7655 underlyingNetId);
7656 }
7657
7658 // Test secure VPN with DNS server.
7659 ASSERT_TRUE(secureVpnNetwork.setDnsConfiguration());
7660 for (const auto* selectedNetwork : nwVec) {
7661 SCOPED_TRACE(fmt::format("Secure VPN with DnsServer, selectedNetwork = {}",
7662 selectedNetwork->name()));
7663 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID2, result);
7664 expectDnsQueryCountsFn(*secureVpnDnsSv, host_name, result.size(), secureVpnNetId);
7665 }
7666
7667 if (enableVpnIsolation) {
7668 EXPECT_RESULT_OK(secureVpnNetwork.disableVpnIsolation(TEST_UID2));
7669 }
7670 }
7671 }
7672 }
7673
7674 // verify per-application default network selection on DNS.
TEST_F(ResolverMultinetworkTest,PerAppDefaultNetwork)7675 TEST_F(ResolverMultinetworkTest, PerAppDefaultNetwork) {
7676 // Netd supports uid ranges on physical network from v6.
7677 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.netdService(), 6);
7678
7679 constexpr char host_name[] = "ohayou.example.com.";
7680 constexpr char ipv4_addr[] = "192.0.2.0";
7681 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7682
7683 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7684 {ConnectivityType::V4, {ipv4_addr}},
7685 {ConnectivityType::V6, {ipv6_addr}},
7686 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7687 };
7688 for (const auto& [ipVersion, expectedDnsReply] : testPairs) {
7689 SCOPED_TRACE(fmt::format("ConnectivityType: {}", ipVersion));
7690
7691 // Create networks.
7692 ScopedPhysicalNetwork sysDefaultNetwork =
7693 CreateScopedPhysicalNetwork(ipVersion, "SysDefault");
7694 ScopedPhysicalNetwork appDefaultNetwork =
7695 CreateScopedPhysicalNetwork(ipVersion, "AppDefault");
7696 ScopedVirtualNetwork vpn = CreateScopedVirtualNetwork(ipVersion, false, "Vpn");
7697
7698 ASSERT_RESULT_OK(sysDefaultNetwork.init());
7699 ASSERT_RESULT_OK(appDefaultNetwork.init());
7700 ASSERT_RESULT_OK(vpn.init());
7701
7702 // Set up resolver and start forwarding for networks.
7703 auto sysDefaultNwDnsSv =
7704 setupDns(ipVersion, &sysDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7705 ASSERT_RESULT_OK(sysDefaultNwDnsSv);
7706 auto appDefaultNwDnsSv =
7707 setupDns(ipVersion, &appDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7708 ASSERT_RESULT_OK(appDefaultNwDnsSv);
7709 auto vpnDnsSv = setupDns(ipVersion, &vpn, host_name, ipv4_addr, ipv6_addr);
7710 ASSERT_RESULT_OK(vpnDnsSv);
7711
7712 const unsigned systemDefaultNetId = sysDefaultNetwork.netId();
7713 const unsigned appDefaultNetId = appDefaultNetwork.netId();
7714 const unsigned vpnNetId = vpn.netId();
7715
7716 setDefaultNetwork(systemDefaultNetId);
7717 EXPECT_TRUE(
7718 mDnsClient.netdService()
7719 ->networkSetPermissionForNetwork(appDefaultNetId, INetd::PERMISSION_SYSTEM)
7720 .isOk());
7721
7722 // We've called setNetworkForProcess in SetupOemNetwork, reset to default first.
7723 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7724
7725 // Test DNS query without selecting a network. --> use system default network.
7726 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
7727 expectDnsQueryCountsFn(*sysDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7728 systemDefaultNetId);
7729 // Add user to app default network. --> use app default network.
7730 ASSERT_RESULT_OK(appDefaultNetwork.addUser(TEST_UID));
7731 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
7732 expectDnsQueryCountsFn(*appDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7733 appDefaultNetId);
7734
7735 // Test DNS query with a selected network.
7736 // App default network applies to uid, vpn does not applies to uid.
7737 const struct TestConfig {
7738 ScopedNetwork* selectedNetwork;
7739 unsigned expectedDnsNetId;
7740 std::shared_ptr<test::DNSResponder> expectedDnsServer;
7741 } vpnWithDnsServerConfigs[]{
7742 // clang-format off
7743 // App can select the system default network without any permission.
7744 {&sysDefaultNetwork, systemDefaultNetId, *sysDefaultNwDnsSv},
7745 // App can select the restricted network, since its uid was assigned to the network.
7746 {&appDefaultNetwork, appDefaultNetId, *appDefaultNwDnsSv},
7747 // App does not have access to the VPN. --> fallback to app default network.
7748 {&vpn, appDefaultNetId, *appDefaultNwDnsSv},
7749 // clang-format on
7750 };
7751 for (const auto& config : vpnWithDnsServerConfigs) {
7752 SCOPED_TRACE(fmt::format("Dns over app default network, selectedNetwork = {}",
7753 config.selectedNetwork->name()));
7754 expectDnsWorksForUid(host_name, config.selectedNetwork->netId(), TEST_UID,
7755 expectedDnsReply);
7756 expectDnsQueryCountsFn(config.expectedDnsServer, host_name, expectedDnsReply.size(),
7757 config.expectedDnsNetId);
7758 }
7759
7760 // App default network applies to uid, vpn applies to uid. --> use vpn.
7761 ASSERT_RESULT_OK(vpn.addUser(TEST_UID));
7762 expectDnsWorksForUid(host_name, vpn.netId(), TEST_UID, expectedDnsReply);
7763 expectDnsQueryCountsFn(*vpnDnsSv, host_name, expectedDnsReply.size(), vpnNetId);
7764
7765 // vpn without server. --> fallback to app default network.
7766 ASSERT_TRUE(vpn.clearDnsConfiguration());
7767 expectDnsWorksForUid(host_name, vpn.netId(), TEST_UID, expectedDnsReply);
7768 expectDnsQueryCountsFn(*appDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7769 appDefaultNetId);
7770 }
7771 }
7772
7773 // Do not send AAAA query when IPv6 address is link-local with a default route.
TEST_F(ResolverMultinetworkTest,IPv6LinkLocalWithDefaultRoute)7774 TEST_F(ResolverMultinetworkTest, IPv6LinkLocalWithDefaultRoute) {
7775 constexpr char host_name[] = "ohayou.example.com.";
7776 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::V4);
7777 ASSERT_RESULT_OK(network.init());
7778
7779 // Add IPv6 default route
7780 ASSERT_TRUE(mDnsClient.netdService()
7781 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
7782 .isOk());
7783
7784 const Result<DnsServerPair> dnsPair = network.addIpv4Dns();
7785 ASSERT_RESULT_OK(dnsPair);
7786 StartDns(*dnsPair->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"},
7787 {host_name, ns_type::ns_t_aaaa, "2001:db8:cafe:d00d::31"}});
7788
7789 ASSERT_TRUE(network.setDnsConfiguration());
7790 ASSERT_TRUE(network.startTunForwarder());
7791
7792 auto result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7793 ASSERT_RESULT_OK(result);
7794 ScopedAddrinfo ai_result(std::move(result.value()));
7795 EXPECT_EQ(ToString(ai_result), "192.0.2.0");
7796 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_a, host_name), 1U);
7797 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_aaaa, host_name), 0U);
7798
7799 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(network.netId()).isOk());
7800 dnsPair->dnsServer->clearQueries();
7801
7802 // Add an IPv6 global address. Resolver starts issuing AAAA queries as well as A queries.
7803 const std::string v6Addr = network.makeIpv6AddrString(1);
7804 EXPECT_TRUE(
7805 mDnsClient.netdService()->interfaceAddAddress(network.ifname(), v6Addr, 128).isOk());
7806 // Ensuring that address is applied. This is required for mainline test (b/249225311).
7807 usleep(1000 * 1000);
7808
7809 result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7810 ASSERT_RESULT_OK(result);
7811 ScopedAddrinfo ai_results(std::move(result.value()));
7812 std::vector<std::string> result_strs = ToStrings(ai_results);
7813 EXPECT_THAT(result_strs,
7814 testing::UnorderedElementsAreArray({"192.0.2.0", "2001:db8:cafe:d00d::31"}));
7815 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_a, host_name), 1U);
7816 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_aaaa, host_name), 1U);
7817 }
7818
7819 // Test if the "do not send AAAA query when IPv6 address is link-local with a default route" feature
7820 // can be toggled by flag.
TEST_F(ResolverMultinetworkTest,IPv6LinkLocalWithDefaultRouteFlag)7821 TEST_F(ResolverMultinetworkTest, IPv6LinkLocalWithDefaultRouteFlag) {
7822 // Kernel 4.4 does not provide an IPv6 link-local address when an interface is added to a
7823 // network. Skip it because v6 link-local address is a prerequisite for this test.
7824 SKIP_IF_KERNEL_VERSION_LOWER_THAN(4, 9, 0);
7825
7826 constexpr char host_name[] = "ohayou.example.com.";
7827 const struct TestConfig {
7828 std::string flagValue;
7829 std::vector<std::string> ips;
7830 unsigned numOfQuadAQuery;
7831 } TestConfigs[]{{"0", {"192.0.2.0", "2001:db8:cafe:d00d::31"}, 1U}, {"1", {"192.0.2.0"}, 0U}};
7832
7833 for (const auto& config : TestConfigs) {
7834 SCOPED_TRACE(fmt::format("flagValue = {}, numOfQuadAQuery = {}", config.flagValue,
7835 config.numOfQuadAQuery));
7836
7837 ScopedSystemProperties sp1(kSkip4aQueryOnV6LinklocalAddrFlag, config.flagValue);
7838 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::V4);
7839 ASSERT_RESULT_OK(network.init());
7840
7841 // Add IPv6 default route
7842 ASSERT_TRUE(mDnsClient.netdService()
7843 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
7844 .isOk());
7845
7846 // Ensuring that routing is applied. This is required for mainline test (b/257404586).
7847 usleep(1000 * 1000);
7848
7849 const Result<DnsServerPair> dnsPair = network.addIpv4Dns();
7850 ASSERT_RESULT_OK(dnsPair);
7851 StartDns(*dnsPair->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"},
7852 {host_name, ns_type::ns_t_aaaa, "2001:db8:cafe:d00d::31"}});
7853
7854 ASSERT_TRUE(network.setDnsConfiguration());
7855 ASSERT_TRUE(network.startTunForwarder());
7856
7857 auto result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7858 ASSERT_RESULT_OK(result);
7859 ScopedAddrinfo ai_results(std::move(result.value()));
7860 std::vector<std::string> result_strs = ToStrings(ai_results);
7861 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(config.ips));
7862 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_a, host_name), 1U);
7863 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_aaaa, host_name),
7864 config.numOfQuadAQuery);
7865 }
7866 }
7867
7868 // v6 mdns is expected to be sent when the IPv6 address is a link-local with a default route.
TEST_F(ResolverMultinetworkTest,MdnsIPv6LinkLocalWithDefaultRoute)7869 TEST_F(ResolverMultinetworkTest, MdnsIPv6LinkLocalWithDefaultRoute) {
7870 // Kernel 4.4 does not provide an IPv6 link-local address when an interface is added to a
7871 // network. Skip it because v6 link-local address is a prerequisite for this test.
7872 SKIP_IF_KERNEL_VERSION_LOWER_THAN(4, 9, 0);
7873
7874 constexpr char v6addr[] = "::127.0.0.3";
7875 constexpr char v4addr[] = "127.0.0.3";
7876 constexpr char host_name[] = "hello.local.";
7877 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::V4);
7878 ASSERT_RESULT_OK(network.init());
7879
7880 // Add IPv6 default route
7881 ASSERT_TRUE(mDnsClient.netdService()
7882 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
7883 .isOk());
7884 // Ensuring that routing is applied. This is required for mainline test (b/247693272).
7885 usleep(1000 * 1000);
7886
7887 const Result<DnsServerPair> dnsPair = network.addIpv4Dns();
7888 ASSERT_RESULT_OK(dnsPair);
7889 StartDns(*dnsPair->dnsServer, {});
7890
7891 ASSERT_TRUE(network.setDnsConfiguration());
7892 ASSERT_TRUE(network.startTunForwarder());
7893
7894 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
7895 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
7896 mdnsv4.setNetwork(network.netId());
7897 mdnsv6.setNetwork(network.netId());
7898 StartDns(mdnsv4, {{host_name, ns_type::ns_t_a, v4addr}});
7899 StartDns(mdnsv6, {{host_name, ns_type::ns_t_aaaa, v6addr}});
7900
7901 auto result = android_getaddrinfofornet_wrapper("hello.local", network.netId());
7902 ASSERT_RESULT_OK(result);
7903 ScopedAddrinfo ai_result(std::move(result.value()));
7904 EXPECT_THAT(ToStrings(ai_result), testing::UnorderedElementsAreArray({v4addr, v6addr}));
7905
7906 // make sure queries were sent & received via mdns.
7907 EXPECT_EQ(GetNumQueries(mdnsv4, host_name), 1U);
7908 EXPECT_EQ(GetNumQueries(mdnsv6, host_name), 1U);
7909 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_a, host_name), 0U);
7910 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_aaaa, host_name), 0U);
7911 }
7912
TEST_F(ResolverTest,NegativeValueInExperimentFlag)7913 TEST_F(ResolverTest, NegativeValueInExperimentFlag) {
7914 // Test setting up different retry count and BASE_TIMEOUT_MSEC in DNS server.
7915 const struct TestConfig {
7916 int retryCount;
7917 int baseTimeoutMsec;
7918 int expectedRetryCount;
7919 int expectedBaseTimeoutMsec;
7920 } TestConfigs[]{{2, 1000, 2, 1000}, {0, 0, RES_DFLRETRY, RES_TIMEOUT}};
7921
7922 for (const auto& config : TestConfigs) {
7923 SCOPED_TRACE(fmt::format("Setting up retryCount = {}, baseTimeoutMsec = {}",
7924 config.retryCount, config.baseTimeoutMsec));
7925 // Initiate negative values in experiment flags.
7926 ScopedSystemProperties sp1(kRetryCountFlag, "-2");
7927 ScopedSystemProperties sp2(kRetransIntervalFlag, "-3000");
7928 resetNetwork();
7929
7930 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
7931 setupParams.retryCount = config.retryCount;
7932 setupParams.baseTimeoutMsec = config.baseTimeoutMsec;
7933 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
7934
7935 const auto resolvInfo = mDnsClient.getResolverInfo();
7936 ASSERT_RESULT_OK(resolvInfo);
7937 EXPECT_EQ(config.expectedRetryCount, resolvInfo.value().params.retry_count);
7938 EXPECT_EQ(config.expectedBaseTimeoutMsec, resolvInfo.value().params.base_timeout_msec);
7939 }
7940 }
7941
7942 // Verify that DNS queries can be made for hostnames that exist in etc/hosts when the default
7943 // network is not set and the application does not specify a network. (See
7944 // NetworkController::isUidAllowed for implementation details.)
TEST_F(ResolverTest,NetworkUnspecified_localhost)7945 TEST_F(ResolverTest, NetworkUnspecified_localhost) {
7946 ScopedDefaultNetwork scopedDefaultNetwork(mDnsClient.netdService(), NETID_UNSET);
7947 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7948
7949 ScopedAddrinfo result = safe_getaddrinfo(kLocalHost, nullptr, nullptr);
7950 EXPECT_TRUE(result != nullptr);
7951 EXPECT_EQ(kLocalHostAddr, ToString(result));
7952
7953 result = safe_getaddrinfo(kIp6LocalHost, nullptr, nullptr);
7954 EXPECT_TRUE(result != nullptr);
7955 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
7956 }
7957
7958 // Verify uid-based network permission on DNS, which is controlled by INetd::setNetworkAllowlist().
7959 //
7960 // Scenario:
7961 // 1. There are three neworks at the same time:
7962 // - system default network
7963 // - enterprise network #1
7964 // - enterprise network #2
7965 //
7966 // 2. Simulate ConnectivityService calling INetd::setNetworkAllowlist so that
7967 // - TEST_UID can select only enterprise network #1 and #2. Can not select system default network.
7968 // - TEST_UID2 is unrestricted on all networks.
TEST_F(ResolverMultinetworkTest,UidAllowedNetworks)7969 TEST_F(ResolverMultinetworkTest, UidAllowedNetworks) {
7970 // Netd supports it from v13.
7971 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.netdService(), 13);
7972
7973 constexpr char host_name[] = "ohayou.example.com.";
7974 constexpr char ipv4_addr[] = "192.0.2.0";
7975 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7976
7977 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7978 {ConnectivityType::V4, {ipv4_addr}},
7979 {ConnectivityType::V6, {ipv6_addr}},
7980 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7981 };
7982 for (const auto& [ipVersion, expectedDnsReply] : testPairs) {
7983 SCOPED_TRACE(fmt::format("ConnectivityType: {}", ipVersion));
7984
7985 // Create networks.
7986 ScopedPhysicalNetwork sysDefaultNetwork =
7987 CreateScopedPhysicalNetwork(ipVersion, "SysDefault");
7988 ScopedPhysicalNetwork enterpriseNetwork_1 =
7989 CreateScopedPhysicalNetwork(ipVersion, "enterprise_1");
7990 ScopedPhysicalNetwork enterpriseNetwork_2 =
7991 CreateScopedPhysicalNetwork(ipVersion, "enterprise_2");
7992 ASSERT_RESULT_OK(sysDefaultNetwork.init());
7993 ASSERT_RESULT_OK(enterpriseNetwork_1.init());
7994 ASSERT_RESULT_OK(enterpriseNetwork_2.init());
7995
7996 // Set up resolver and start forwarding for networks.
7997 auto sysDefaultNwDnsSv =
7998 setupDns(ipVersion, &sysDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7999 ASSERT_RESULT_OK(sysDefaultNwDnsSv);
8000 auto enterpriseNw1DnsSv =
8001 setupDns(ipVersion, &enterpriseNetwork_1, host_name, ipv4_addr, ipv6_addr);
8002 ASSERT_RESULT_OK(enterpriseNw1DnsSv);
8003 auto enterpriseNw2DnsSv =
8004 setupDns(ipVersion, &enterpriseNetwork_2, host_name, ipv4_addr, ipv6_addr);
8005 ASSERT_RESULT_OK(enterpriseNw2DnsSv);
8006
8007 const unsigned systemDefaultNetId = sysDefaultNetwork.netId();
8008 const unsigned enterprise1NetId = enterpriseNetwork_1.netId();
8009 const unsigned enterprise2NetId = enterpriseNetwork_2.netId();
8010
8011 setDefaultNetwork(systemDefaultNetId);
8012
8013 // We've called setNetworkForProcess in SetupOemNetwork, reset to default first.
8014 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
8015
8016 // Add profile app default network for UID. DNS should be sent on it.
8017 // Note: subPriority 20 = PREFERENCE_ORDER_PROFILE, which is defined
8018 // in ConnectivityService.java. The value here doesn't really matter.
8019 ASSERT_RESULT_OK(enterpriseNetwork_1.addUserFromParcel(TEST_UID, /*subPriority*/ 20));
8020 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
8021 expectDnsQueryCountsFn(*enterpriseNw1DnsSv, host_name, expectedDnsReply.size(),
8022 enterprise1NetId);
8023
8024 // Set allowed networks for UIDs. To simplify test, assumes overall UID range is
8025 // {0, 1, 2, ..., TEST_UID2, TEST_UID}.
8026 // TEST_UID can't select the system default network. 0 - TEST_UID2 are allowed.
8027 NativeUidRangeConfig nwDefaultUserConfig = makeNativeUidRangeConfig(
8028 systemDefaultNetId, {makeUidRangeParcel(0, TEST_UID2)}, /*unused*/ 0);
8029 // All UIDs can select the enterprise network #1. 0 - TEST_UID are allowed.
8030 NativeUidRangeConfig nw1UserConfig = makeNativeUidRangeConfig(
8031 enterprise1NetId, {makeUidRangeParcel(0, TEST_UID)}, /*unused*/ 0);
8032 // All UIDs can select the enterprise network #2. 0 - TEST_UID are allowed.
8033 NativeUidRangeConfig nw2UserConfig = makeNativeUidRangeConfig(
8034 enterprise2NetId, {makeUidRangeParcel(0, TEST_UID)}, /*unused*/ 0);
8035 EXPECT_TRUE(
8036 mDnsClient.netdService()
8037 ->setNetworkAllowlist({nwDefaultUserConfig, nw1UserConfig, nw2UserConfig})
8038 .isOk());
8039
8040 // Verify that DNS is behaving as the setting.
8041 struct TestConfig {
8042 int uid;
8043 const ScopedNetwork& selectedNetwork;
8044 bool expectedSuccess;
8045 } configs[]{
8046 // clang-format off
8047 {TEST_UID, sysDefaultNetwork, false},
8048 {TEST_UID, enterpriseNetwork_1, true},
8049 {TEST_UID, enterpriseNetwork_2, true},
8050 {TEST_UID2, sysDefaultNetwork, true},
8051 {TEST_UID2, enterpriseNetwork_1, true},
8052 {TEST_UID2, enterpriseNetwork_2, true},
8053 // clang-format on
8054 };
8055 for (const auto& cfg : configs) {
8056 SCOPED_TRACE(fmt::format("Dns over UID {}, selectedNetwork {}", cfg.uid,
8057 cfg.selectedNetwork.name()));
8058 if (cfg.expectedSuccess) {
8059 expectDnsWorksForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid,
8060 expectedDnsReply);
8061 } else {
8062 expectDnsFailedForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid);
8063 }
8064 }
8065
8066 // Clear network restrictions.
8067 EXPECT_TRUE(mDnsClient.netdService()->setNetworkAllowlist({}).isOk());
8068 // TEST_UID and TEST_UID2 can both select all networks.
8069 for (const auto& cfg : configs) {
8070 SCOPED_TRACE(fmt::format("Dns over UID {}, selectedNetwork {}", cfg.uid,
8071 cfg.selectedNetwork.name()));
8072 expectDnsWorksForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid, expectedDnsReply);
8073 }
8074 }
8075 }
8076