1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 #define LOG_TAG "resolv_integration_test"
19
20 #include <android-base/logging.h>
21 #include <android-base/parseint.h>
22 #include <android-base/result.h>
23 #include <android-base/unique_fd.h>
24 #include <android/multinetwork.h> // ResNsendFlags
25 #include <arpa/inet.h>
26 #include <arpa/nameser.h>
27 #include <binder/ProcessState.h>
28 #include <cutils/sockets.h>
29 #include <gmock/gmock-matchers.h>
30 #include <gtest/gtest.h>
31 #include <netdb.h>
32 #include <netdutils/InternetAddresses.h>
33 #include <netdutils/NetNativeTestBase.h>
34 #include <netdutils/NetworkConstants.h> // SHA256_SIZE
35 #include <netdutils/ResponseCode.h>
36 #include <netdutils/Slice.h>
37 #include <netdutils/SocketOption.h>
38 #include <netdutils/Stopwatch.h>
39 #include <netinet/in.h>
40 #include <poll.h> /* poll */
41 #include <private/android_filesystem_config.h>
42 #include <resolv.h>
43 #include <stdarg.h>
44 #include <stdlib.h>
45 #include <sys/socket.h>
46 #include <sys/un.h>
47 #include <unistd.h>
48
49 #include <algorithm>
50 #include <chrono>
51 #include <functional>
52 #include <iterator>
53 #include <numeric>
54 #include <string_view>
55 #include <thread>
56 #include <unordered_set>
57
58 #include <DnsProxydProtocol.h> // NETID_USE_LOCAL_NAMESERVERS
59 #include <aidl/android/net/IDnsResolver.h>
60 #include <android/binder_manager.h>
61 #include <android/binder_process.h>
62 #include <bpf/BpfUtils.h>
63 #include <util.h> // getApiLevel
64 #include "Experiments.h"
65 #include "NetdClient.h"
66 #include "ResolverStats.h"
67 #include "netid_client.h" // NETID_UNSET
68 #include "params.h" // MAXNS
69 #include "stats.h" // RCODE_TIMEOUT
70 #include "tests/dns_metrics_listener/dns_metrics_listener.h"
71 #include "tests/dns_responder/dns_responder.h"
72 #include "tests/dns_responder/dns_responder_client_ndk.h"
73 #include "tests/dns_responder/dns_tls_certificate.h"
74 #include "tests/dns_responder/dns_tls_frontend.h"
75 #include "tests/resolv_test_utils.h"
76 #include "tests/tun_forwarder.h"
77 #include "tests/unsolicited_listener/unsolicited_event_listener.h"
78
79 using ::testing::IsNull;
80 using ::testing::NotNull;
81
82 // This mainline module test still needs to be able to run on pre-S devices,
83 // and thus may run across pre-4.9 non-eBPF capable devices like the Pixel 2.
84 #define SKIP_IF_BPF_NOT_SUPPORTED \
85 do { \
86 if (!android::bpf::isAtLeastKernelVersion(4, 9, 0)) \
87 GTEST_SKIP() << "Skip: bpf is not supported."; \
88 } while (0)
89
90 // Valid VPN netId range is 100 ~ 65535
91 constexpr int TEST_VPN_NETID = 65502;
92 constexpr int MAXPACKET = (8 * 1024);
93
94 // Sync from packages/modules/DnsResolver/resolv_private.h
95 constexpr int RES_TIMEOUT = 5000; /* min. milliseconds between retries */
96 constexpr int RES_DFLRETRY = 2; /* Default #/tries. */
97
98 // Semi-public Bionic hook used by the NDK (frameworks/base/native/android/net.c)
99 // Tested here for convenience.
100 extern "C" int android_getaddrinfofornet(const char* hostname, const char* servname,
101 const addrinfo* hints, unsigned netid, unsigned mark,
102 struct addrinfo** result);
103
104 using namespace std::chrono_literals;
105
106 using aidl::android::net::IDnsResolver;
107 using aidl::android::net::INetd;
108 using aidl::android::net::ResolverOptionsParcel;
109 using aidl::android::net::ResolverParamsParcel;
110 using aidl::android::net::UidRangeParcel;
111 using aidl::android::net::metrics::INetdEventListener;
112 using aidl::android::net::netd::aidl::NativeUidRangeConfig;
113 using aidl::android::net::resolv::aidl::DnsHealthEventParcel;
114 using aidl::android::net::resolv::aidl::IDnsResolverUnsolicitedEventListener;
115 using aidl::android::net::resolv::aidl::Nat64PrefixEventParcel;
116 using aidl::android::net::resolv::aidl::PrivateDnsValidationEventParcel;
117 using android::base::Error;
118 using android::base::GetProperty;
119 using android::base::ParseInt;
120 using android::base::Result;
121 using android::base::unique_fd;
122 using android::net::ResolverStats;
123 using android::net::TunForwarder;
124 using android::net::metrics::DnsMetricsListener;
125 using android::net::resolv::aidl::UnsolicitedEventListener;
126 using android::netdutils::enableSockopt;
127 using android::netdutils::makeSlice;
128 using android::netdutils::ResponseCode;
129 using android::netdutils::ScopedAddrinfo;
130 using android::netdutils::Stopwatch;
131 using android::netdutils::toHex;
132
133 namespace fs = std::filesystem;
134
135 namespace {
136
safe_getaddrinfo_time_taken(const char * node,const char * service,const addrinfo & hints)137 std::pair<ScopedAddrinfo, int> safe_getaddrinfo_time_taken(const char* node, const char* service,
138 const addrinfo& hints) {
139 Stopwatch s;
140 ScopedAddrinfo result = safe_getaddrinfo(node, service, &hints);
141 return {std::move(result), s.timeTakenUs() / 1000};
142 }
143
144 struct NameserverStats {
145 NameserverStats() = delete;
NameserverStats__anond9ff00010111::NameserverStats146 NameserverStats(const std::string server) : server(server) {}
setSuccesses__anond9ff00010111::NameserverStats147 NameserverStats& setSuccesses(int val) {
148 successes = val;
149 return *this;
150 }
setErrors__anond9ff00010111::NameserverStats151 NameserverStats& setErrors(int val) {
152 errors = val;
153 return *this;
154 }
setTimeouts__anond9ff00010111::NameserverStats155 NameserverStats& setTimeouts(int val) {
156 timeouts = val;
157 return *this;
158 }
setInternalErrors__anond9ff00010111::NameserverStats159 NameserverStats& setInternalErrors(int val) {
160 internal_errors = val;
161 return *this;
162 }
setRttAvg__anond9ff00010111::NameserverStats163 NameserverStats& setRttAvg(int val) {
164 rtt_avg = val;
165 return *this;
166 }
167
168 const std::string server;
169 int successes = 0;
170 int errors = 0;
171 int timeouts = 0;
172 int internal_errors = 0;
173 int rtt_avg = -1;
174 };
175
176 #define SKIP_IF_KERNEL_VERSION_LOWER_THAN(major, minor, sub) \
177 do { \
178 if (!android::bpf::isAtLeastKernelVersion(major, minor, sub)) \
179 GTEST_SKIP() << "Required kernel: " << (major) << "." << (minor) << "." << (sub); \
180 } while (0)
181
182 } // namespace
183
184 class ResolverTest : public NetNativeTestBase {
185 public:
SetUpTestSuite()186 static void SetUpTestSuite() {
187 // Get binder service.
188 // Note that |mDnsClient| is not used for getting binder service in this static function.
189 // The reason is that wants to keep |mDnsClient| as a non-static data member. |mDnsClient|
190 // which sets up device network configuration could be independent from every test.
191 // TODO: Perhaps add a static function in resolv_test_binder_utils.{cpp,h} to get binder
192 // service.
193
194 AIBinder* binder = AServiceManager_getService("dnsresolver");
195 sResolvBinder = ndk::SpAIBinder(binder);
196 auto resolvService = aidl::android::net::IDnsResolver::fromBinder(sResolvBinder);
197 ASSERT_NE(nullptr, resolvService.get());
198
199 // Subscribe the death recipient to the service IDnsResolver for detecting Netd death.
200 // GTEST assertion macros are not invoked for generating a test failure in the death
201 // recipient because the macros can't indicate failed test if Netd died between tests.
202 // Moreover, continuing testing may have no meaningful after Netd death. Therefore, the
203 // death recipient aborts process by GTEST_LOG_(FATAL) once Netd died.
204 sResolvDeathRecipient = AIBinder_DeathRecipient_new([](void*) {
205 constexpr char errorMessage[] = "Netd died";
206 LOG(ERROR) << errorMessage;
207 GTEST_LOG_(FATAL) << errorMessage;
208 });
209 ASSERT_EQ(STATUS_OK, AIBinder_linkToDeath(binder, sResolvDeathRecipient, nullptr));
210
211 // Subscribe the DNS listener for verifying DNS metrics event contents.
212 sDnsMetricsListener = ndk::SharedRefBase::make<DnsMetricsListener>(
213 TEST_NETID /*monitor specific network*/);
214 ASSERT_TRUE(resolvService->registerEventListener(sDnsMetricsListener).isOk());
215
216 // Subscribe the unsolicited event listener for verifying unsolicited event contents.
217 sUnsolicitedEventListener = ndk::SharedRefBase::make<UnsolicitedEventListener>(
218 TEST_NETID /*monitor specific network*/);
219 ASSERT_TRUE(
220 resolvService->registerUnsolicitedEventListener(sUnsolicitedEventListener).isOk());
221
222 // Start the binder thread pool for listening DNS metrics events and receiving death
223 // recipient.
224 ABinderProcess_startThreadPool();
225 AllowNetworkInBackground(TEST_UID, true);
226 AllowNetworkInBackground(TEST_UID2, true);
227 }
TearDownTestSuite()228 static void TearDownTestSuite() {
229 AIBinder_DeathRecipient_delete(sResolvDeathRecipient);
230 AllowNetworkInBackground(TEST_UID, false);
231 AllowNetworkInBackground(TEST_UID2, false);
232 }
233
234 protected:
SetUp()235 void SetUp() {
236 mDnsClient.SetUp();
237 sDnsMetricsListener->reset();
238 sUnsolicitedEventListener->reset();
239 SetMdnsRoute();
240 mIsResolverOptionIPCSupported =
241 DnsResponderClient::isRemoteVersionSupported(mDnsClient.resolvService(), 9);
242 }
243
TearDown()244 void TearDown() {
245 // Ensure the dump works at the end of each test.
246 DumpResolverService();
247 RemoveMdnsRoute();
248 mDnsClient.TearDown();
249 }
250
resetNetwork()251 void resetNetwork() {
252 EXPECT_EQ(mDnsClient.TearDownOemNetwork(TEST_NETID), 0);
253 EXPECT_EQ(mDnsClient.SetupOemNetwork(TEST_NETID), 0);
254 }
255
StartDns(test::DNSResponder & dns,const std::vector<DnsRecord> & records)256 void StartDns(test::DNSResponder& dns, const std::vector<DnsRecord>& records) {
257 for (const auto& r : records) {
258 dns.addMapping(r.host_name, r.type, r.addr);
259 }
260
261 ASSERT_TRUE(dns.startServer());
262 dns.clearQueries();
263 }
264
DumpResolverService()265 void DumpResolverService() {
266 unique_fd fd(open("/dev/null", O_WRONLY));
267 EXPECT_EQ(mDnsClient.resolvService()->dump(fd, nullptr, 0), 0);
268
269 const char* querylogCmd[] = {"querylog"}; // Keep it sync with DnsQueryLog::DUMP_KEYWORD.
270 EXPECT_EQ(mDnsClient.resolvService()->dump(fd, querylogCmd, std::size(querylogCmd)), 0);
271 }
272
WaitForNat64Prefix(ExpectNat64PrefixStatus status,std::chrono::milliseconds timeout=std::chrono::milliseconds (1000))273 bool WaitForNat64Prefix(ExpectNat64PrefixStatus status,
274 std::chrono::milliseconds timeout = std::chrono::milliseconds(1000)) {
275 return sDnsMetricsListener->waitForNat64Prefix(status, timeout) &&
276 sUnsolicitedEventListener->waitForNat64Prefix(
277 status == EXPECT_FOUND
278 ? IDnsResolverUnsolicitedEventListener::PREFIX_OPERATION_ADDED
279 : IDnsResolverUnsolicitedEventListener::PREFIX_OPERATION_REMOVED,
280 timeout);
281 }
282
WaitForPrivateDnsValidation(std::string serverAddr,bool validated)283 bool WaitForPrivateDnsValidation(std::string serverAddr, bool validated) {
284 return sDnsMetricsListener->waitForPrivateDnsValidation(serverAddr, validated) &&
285 sUnsolicitedEventListener->waitForPrivateDnsValidation(
286 serverAddr,
287 validated ? IDnsResolverUnsolicitedEventListener::VALIDATION_RESULT_SUCCESS
288 : IDnsResolverUnsolicitedEventListener::VALIDATION_RESULT_FAILURE,
289 IDnsResolverUnsolicitedEventListener::PROTOCOL_DOT);
290 }
291
hasUncaughtPrivateDnsValidation(const std::string & serverAddr)292 bool hasUncaughtPrivateDnsValidation(const std::string& serverAddr) {
293 return sDnsMetricsListener->findValidationRecord(serverAddr) &&
294 sUnsolicitedEventListener->findValidationRecord(
295 serverAddr, IDnsResolverUnsolicitedEventListener::PROTOCOL_DOT);
296 }
297
ExpectDnsEvent(int32_t eventType,int32_t returnCode,const std::string & hostname,const std::vector<std::string> & ipAddresses)298 void ExpectDnsEvent(int32_t eventType, int32_t returnCode, const std::string& hostname,
299 const std::vector<std::string>& ipAddresses) {
300 const DnsMetricsListener::DnsEvent expect = {
301 TEST_NETID, eventType, returnCode,
302 hostname, ipAddresses, static_cast<int32_t>(ipAddresses.size())};
303 do {
304 // Blocking call until timeout.
305 const auto dnsEvent = sDnsMetricsListener->popDnsEvent();
306 ASSERT_TRUE(dnsEvent.has_value()) << "Expected DnsEvent " << expect;
307 if (dnsEvent.value() == expect) break;
308 LOG(INFO) << "Skip unexpected DnsEvent: " << dnsEvent.value();
309 } while (true);
310
311 while (returnCode == 0 || returnCode == RCODE_TIMEOUT) {
312 // Blocking call until timeout.
313 Result<int> result = sUnsolicitedEventListener->popDnsHealthResult();
314 ASSERT_TRUE(result.ok()) << "Expected dns health result is " << returnCode;
315 if ((returnCode == 0 &&
316 result.value() == IDnsResolverUnsolicitedEventListener::DNS_HEALTH_RESULT_OK) ||
317 (returnCode == RCODE_TIMEOUT &&
318 result.value() ==
319 IDnsResolverUnsolicitedEventListener::DNS_HEALTH_RESULT_TIMEOUT)) {
320 break;
321 }
322 LOG(INFO) << "Skip unexpected dns health result:" << result.value();
323 }
324 }
325
326 enum class StatsCmp { LE, EQ };
327
expectStatsNotGreaterThan(const std::vector<NameserverStats> & nameserversStats)328 bool expectStatsNotGreaterThan(const std::vector<NameserverStats>& nameserversStats) {
329 return expectStatsFromGetResolverInfo(nameserversStats, StatsCmp::LE);
330 }
331
expectStatsEqualTo(const std::vector<NameserverStats> & nameserversStats)332 bool expectStatsEqualTo(const std::vector<NameserverStats>& nameserversStats) {
333 return expectStatsFromGetResolverInfo(nameserversStats, StatsCmp::EQ);
334 }
335
expectStatsFromGetResolverInfo(const std::vector<NameserverStats> & nameserversStats,const StatsCmp cmp)336 bool expectStatsFromGetResolverInfo(const std::vector<NameserverStats>& nameserversStats,
337 const StatsCmp cmp) {
338 constexpr int RTT_TOLERANCE_MS = 200;
339 const auto resolvInfo = mDnsClient.getResolverInfo();
340 if (!resolvInfo.ok()) {
341 ADD_FAILURE() << resolvInfo.error().message();
342 return false;
343 }
344 const std::vector<std::string>& res_servers = resolvInfo.value().dnsServers;
345 const std::vector<ResolverStats>& res_stats = resolvInfo.value().stats;
346
347 if (res_servers.size() != res_stats.size()) {
348 ADD_FAILURE() << fmt::format("res_servers.size() != res_stats.size(): {} != {}",
349 res_servers.size(), res_stats.size());
350 return false;
351 }
352 if (res_servers.size() != nameserversStats.size()) {
353 ADD_FAILURE() << fmt::format("res_servers.size() != nameserversStats.size(): {} != {}",
354 res_servers.size(), nameserversStats.size());
355 return false;
356 }
357
358 for (const auto& stats : nameserversStats) {
359 SCOPED_TRACE(stats.server);
360 const auto it = std::find(res_servers.begin(), res_servers.end(), stats.server);
361 if (it == res_servers.end()) {
362 ADD_FAILURE() << fmt::format("nameserver {} not found in the list {{{}}}",
363 stats.server, fmt::join(res_servers, ", "));
364 return false;
365 }
366 const int index = std::distance(res_servers.begin(), it);
367
368 // The check excludes last_sample_time and usable since they will be obsolete
369 // after |res_stats| is retrieved from NetConfig.dnsStats rather than NetConfig.nsstats.
370 switch (cmp) {
371 case StatsCmp::EQ:
372 EXPECT_EQ(res_stats[index].successes, stats.successes);
373 EXPECT_EQ(res_stats[index].errors, stats.errors);
374 EXPECT_EQ(res_stats[index].timeouts, stats.timeouts);
375 EXPECT_EQ(res_stats[index].internal_errors, stats.internal_errors);
376 // A negative rtt_avg means that there is no effective rtt in the
377 // stats. The value should be deterministic.
378 // See android_net_res_stats_aggregate() for mor details.
379 if (res_stats[index].rtt_avg < 0 || stats.rtt_avg < 0) {
380 EXPECT_EQ(res_stats[index].rtt_avg, stats.rtt_avg);
381 } else {
382 EXPECT_NEAR(res_stats[index].rtt_avg, stats.rtt_avg, RTT_TOLERANCE_MS);
383 }
384 break;
385 case StatsCmp::LE:
386 EXPECT_LE(res_stats[index].successes, stats.successes);
387 EXPECT_LE(res_stats[index].errors, stats.errors);
388 EXPECT_LE(res_stats[index].timeouts, stats.timeouts);
389 EXPECT_LE(res_stats[index].internal_errors, stats.internal_errors);
390 EXPECT_LE(res_stats[index].rtt_avg, stats.rtt_avg + RTT_TOLERANCE_MS);
391 break;
392 default:
393 ADD_FAILURE() << "Unknown comparator " << static_cast<int>(cmp);
394 return false;
395 }
396 }
397
398 return true;
399 }
400
401 // Since there's no way to terminate private DNS validation threads at any time. Tests that
402 // focus on the results of private DNS validation can interfere with each other if they use the
403 // same IP address for test servers. getUniqueIPv4Address() is a workaround to reduce the
404 // possibility of tests being flaky. A feasible solution is to forbid the validation threads,
405 // which are considered as outdated (e.g. switch the resolver to private DNS OFF mode), updating
406 // the result to the PrivateDnsConfiguration instance.
getUniqueIPv4Address()407 static std::string getUniqueIPv4Address() {
408 static int counter = 0;
409 return fmt::format("127.0.100.{}", (++counter & 0xff));
410 }
411
412 void runCancelledQueryTest(bool expectCancelled);
413
414 DnsResponderClient mDnsClient;
415
416 bool mIsResolverOptionIPCSupported = false;
417
418 // Use a shared static DNS listener for all tests to avoid registering lots of listeners
419 // which may be released late until process terminated. Currently, registered DNS listener
420 // is removed by binder death notification which is fired when the process hosting an
421 // IBinder has gone away. If every test in ResolverTest registers its DNS listener, Netd
422 // may temporarily hold lots of dead listeners until the unit test process terminates.
423 // TODO: Perhaps add an unregistering listener binder call or fork a listener process which
424 // could be terminated earlier.
425 static std::shared_ptr<DnsMetricsListener>
426 sDnsMetricsListener; // Initialized in SetUpTestSuite.
427
428 inline static std::shared_ptr<UnsolicitedEventListener>
429 sUnsolicitedEventListener; // Initialized in SetUpTestSuite.
430
431 // Use a shared static death recipient to monitor the service death. The static death
432 // recipient could monitor the death not only during the test but also between tests.
433 static AIBinder_DeathRecipient* sResolvDeathRecipient; // Initialized in SetUpTestSuite.
434
435 // The linked AIBinder_DeathRecipient will be automatically unlinked if the binder is deleted.
436 // The binder needs to be retained throughout tests.
437 static ndk::SpAIBinder sResolvBinder;
438 };
439
440 // Initialize static member of class.
441 std::shared_ptr<DnsMetricsListener> ResolverTest::sDnsMetricsListener;
442 AIBinder_DeathRecipient* ResolverTest::sResolvDeathRecipient;
443 ndk::SpAIBinder ResolverTest::sResolvBinder;
444
TEST_F(ResolverTest,GetHostByName)445 TEST_F(ResolverTest, GetHostByName) {
446 constexpr char nonexistent_host_name[] = "nonexistent.example.com.";
447
448 test::DNSResponder dns;
449 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.3"}});
450 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
451
452 const hostent* result;
453 result = gethostbyname("nonexistent");
454 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
455 ASSERT_TRUE(result == nullptr);
456 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
457
458 dns.clearQueries();
459 result = gethostbyname("hello");
460 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
461 ASSERT_FALSE(result == nullptr);
462 ASSERT_EQ(4, result->h_length);
463 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
464 EXPECT_EQ("1.2.3.3", ToString(result));
465 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
466 }
467
TEST_F(ResolverTest,GetHostByName_NULL)468 TEST_F(ResolverTest, GetHostByName_NULL) {
469 // Most libc implementations would just crash on gethostbyname(NULL). Instead, Bionic
470 // serializes the null argument over dnsproxyd, causing the server-side to crash!
471 // This is a regression test.
472 const char* const testcases[] = {nullptr, "", "^"};
473 for (const char* name : testcases) {
474 SCOPED_TRACE(fmt::format("gethostbyname({})", name ? name : "NULL"));
475 const hostent* result = gethostbyname(name);
476 EXPECT_TRUE(result == nullptr);
477 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
478 }
479 }
480
TEST_F(ResolverTest,GetHostByName_cnames)481 TEST_F(ResolverTest, GetHostByName_cnames) {
482 constexpr char host_name[] = "host.example.com.";
483 size_t cnamecount = 0;
484 test::DNSResponder dns;
485
486 const std::vector<DnsRecord> records = {
487 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
488 {"a.example.com.", ns_type::ns_t_cname, "b.example.com."},
489 {"b.example.com.", ns_type::ns_t_cname, "c.example.com."},
490 {"c.example.com.", ns_type::ns_t_cname, "d.example.com."},
491 {"d.example.com.", ns_type::ns_t_cname, "e.example.com."},
492 {"e.example.com.", ns_type::ns_t_cname, host_name},
493 {host_name, ns_type::ns_t_a, "1.2.3.3"},
494 {host_name, ns_type::ns_t_aaaa, "2001:db8::42"},
495 };
496 StartDns(dns, records);
497 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
498
499 // using gethostbyname2() to resolve ipv4 hello.example.com. to 1.2.3.3
500 // Ensure the v4 address and cnames are correct
501 const hostent* result;
502 result = gethostbyname2("hello", AF_INET);
503 ASSERT_FALSE(result == nullptr);
504
505 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
506 std::string domain_name = records[i].host_name.substr(0, records[i].host_name.size() - 1);
507 EXPECT_EQ(result->h_aliases[i], domain_name);
508 cnamecount++;
509 }
510 // The size of "Non-cname type" record in DNS records is 2
511 ASSERT_EQ(cnamecount, records.size() - 2);
512 ASSERT_EQ(4, result->h_length);
513 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
514 EXPECT_EQ("1.2.3.3", ToString(result));
515 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
516 EXPECT_EQ(1U, dns.queries().size()) << dns.dumpQueries();
517
518 // using gethostbyname2() to resolve ipv6 hello.example.com. to 2001:db8::42
519 // Ensure the v6 address and cnames are correct
520 cnamecount = 0;
521 dns.clearQueries();
522 result = gethostbyname2("hello", AF_INET6);
523 for (unsigned i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
524 std::string domain_name = records[i].host_name.substr(0, records[i].host_name.size() - 1);
525 EXPECT_EQ(result->h_aliases[i], domain_name);
526 cnamecount++;
527 }
528 // The size of "Non-cname type" DNS record in records is 2
529 ASSERT_EQ(cnamecount, records.size() - 2);
530 ASSERT_FALSE(result == nullptr);
531 ASSERT_EQ(16, result->h_length);
532 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
533 EXPECT_EQ("2001:db8::42", ToString(result));
534 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
535 }
536
TEST_F(ResolverTest,GetHostByName_cnamesInfiniteLoop)537 TEST_F(ResolverTest, GetHostByName_cnamesInfiniteLoop) {
538 test::DNSResponder dns;
539 const std::vector<DnsRecord> records = {
540 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
541 {"a.example.com.", ns_type::ns_t_cname, kHelloExampleCom},
542 };
543 StartDns(dns, records);
544 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
545
546 const hostent* result;
547 result = gethostbyname2("hello", AF_INET);
548 ASSERT_TRUE(result == nullptr);
549
550 dns.clearQueries();
551 result = gethostbyname2("hello", AF_INET6);
552 ASSERT_TRUE(result == nullptr);
553 }
554
TEST_F(ResolverTest,GetHostByName_localhost)555 TEST_F(ResolverTest, GetHostByName_localhost) {
556 constexpr char name_camelcase[] = "LocalHost";
557 constexpr char name_ip6_dot[] = "ip6-localhost.";
558 constexpr char name_ip6_fqdn[] = "ip6-localhost.example.com.";
559
560 // Add a no-op nameserver which shouldn't receive any queries
561 test::DNSResponder dns;
562 StartDns(dns, {});
563 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
564
565 // Expect no DNS queries; localhost is resolved via /etc/hosts
566 const hostent* result = gethostbyname(kLocalHost);
567 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
568 ASSERT_FALSE(result == nullptr);
569 ASSERT_EQ(4, result->h_length);
570 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
571 EXPECT_EQ(kLocalHostAddr, ToString(result));
572 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
573
574 // Ensure the hosts file resolver ignores case of hostnames
575 result = gethostbyname(name_camelcase);
576 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
577 ASSERT_FALSE(result == nullptr);
578 ASSERT_EQ(4, result->h_length);
579 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
580 EXPECT_EQ(kLocalHostAddr, ToString(result));
581 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
582
583 // The hosts file also contains ip6-localhost, but gethostbyname() won't
584 // return it. This would be easy to
585 // change, but there's no point in changing the legacy behavior; new code
586 // should be calling getaddrinfo() anyway.
587 // So we check the legacy behavior, which results in amusing A-record
588 // lookups for ip6-localhost, with and without search domains appended.
589 dns.clearQueries();
590 result = gethostbyname(kIp6LocalHost);
591 EXPECT_EQ(2U, dns.queries().size()) << dns.dumpQueries();
592 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_dot)) << dns.dumpQueries();
593 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_fqdn)) << dns.dumpQueries();
594 ASSERT_TRUE(result == nullptr);
595
596 // Finally, use gethostbyname2() to resolve ip6-localhost to ::1 from
597 // the hosts file.
598 dns.clearQueries();
599 result = gethostbyname2(kIp6LocalHost, AF_INET6);
600 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
601 ASSERT_FALSE(result == nullptr);
602 ASSERT_EQ(16, result->h_length);
603 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
604 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
605 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
606 }
607
TEST_F(ResolverTest,GetHostByName_numeric)608 TEST_F(ResolverTest, GetHostByName_numeric) {
609 // Add a no-op nameserver which shouldn't receive any queries
610 test::DNSResponder dns;
611 StartDns(dns, {});
612 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
613
614 // Numeric v4 address: expect no DNS queries
615 constexpr char numeric_v4[] = "192.168.0.1";
616 const hostent* result = gethostbyname(numeric_v4);
617 EXPECT_EQ(0U, dns.queries().size());
618 ASSERT_FALSE(result == nullptr);
619 ASSERT_EQ(4, result->h_length); // v4
620 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
621 EXPECT_EQ(numeric_v4, ToString(result));
622 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
623
624 // gethostbyname() recognizes a v6 address, and fails with no DNS queries
625 constexpr char numeric_v6[] = "2001:db8::42";
626 dns.clearQueries();
627 result = gethostbyname(numeric_v6);
628 EXPECT_EQ(0U, dns.queries().size());
629 EXPECT_TRUE(result == nullptr);
630
631 // Numeric v6 address with gethostbyname2(): succeeds with no DNS queries
632 dns.clearQueries();
633 result = gethostbyname2(numeric_v6, AF_INET6);
634 EXPECT_EQ(0U, dns.queries().size());
635 ASSERT_FALSE(result == nullptr);
636 ASSERT_EQ(16, result->h_length); // v6
637 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
638 EXPECT_EQ(numeric_v6, ToString(result));
639 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
640
641 // Numeric v6 address with scope work with getaddrinfo(),
642 // but gethostbyname2() does not understand them; it issues two dns
643 // queries, then fails. This hardly ever happens, there's no point
644 // in fixing this. This test simply verifies the current (bogus)
645 // behavior to avoid further regressions (like crashes, or leaks).
646 constexpr char numeric_v6_scope[] = "fe80::1%lo";
647 dns.clearQueries();
648 result = gethostbyname2(numeric_v6_scope, AF_INET6);
649 EXPECT_EQ(2U, dns.queries().size()); // OUCH!
650 ASSERT_TRUE(result == nullptr);
651 }
652
TEST_F(ResolverTest,BinderSerialization)653 TEST_F(ResolverTest, BinderSerialization) {
654 std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params_offsets = {
655 IDnsResolver::RESOLVER_PARAMS_SAMPLE_VALIDITY,
656 IDnsResolver::RESOLVER_PARAMS_SUCCESS_THRESHOLD,
657 IDnsResolver::RESOLVER_PARAMS_MIN_SAMPLES,
658 IDnsResolver::RESOLVER_PARAMS_MAX_SAMPLES,
659 IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC,
660 IDnsResolver::RESOLVER_PARAMS_RETRY_COUNT,
661 };
662 const int size = static_cast<int>(params_offsets.size());
663 EXPECT_EQ(size, IDnsResolver::RESOLVER_PARAMS_COUNT);
664 std::sort(params_offsets.begin(), params_offsets.end());
665 for (int i = 0; i < size; ++i) {
666 EXPECT_EQ(params_offsets[i], i);
667 }
668 }
669
TEST_F(ResolverTest,GetHostByName_Binder)670 TEST_F(ResolverTest, GetHostByName_Binder) {
671 std::vector<std::string> domains = {"example.com"};
672 std::vector<std::unique_ptr<test::DNSResponder>> dns;
673 std::vector<std::string> servers;
674 std::vector<DnsResponderClient::Mapping> mappings;
675 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupMappings(1, domains, &mappings));
676 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupDNSServers(4, mappings, &dns, &servers));
677 ASSERT_EQ(1U, mappings.size());
678 const DnsResponderClient::Mapping& mapping = mappings[0];
679
680 const auto resolverParams = ResolverParams::Builder()
681 .setDomains(domains)
682 .setDnsServers(servers)
683 .setDotServers({})
684 .build();
685 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(resolverParams));
686
687 const hostent* result = gethostbyname(mapping.host.c_str());
688 const size_t total_queries =
689 std::accumulate(dns.begin(), dns.end(), 0, [&mapping](size_t total, auto& d) {
690 return total + GetNumQueriesForType(*d, ns_type::ns_t_a, mapping.entry.c_str());
691 });
692
693 EXPECT_LE(1U, total_queries);
694 ASSERT_FALSE(result == nullptr);
695 ASSERT_EQ(4, result->h_length);
696 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
697 EXPECT_EQ(mapping.ip4, ToString(result));
698 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
699
700 const auto resolvInfo = mDnsClient.getResolverInfo();
701 ASSERT_RESULT_OK(resolvInfo);
702 EXPECT_EQ(servers.size(), resolvInfo.value().dnsServers.size());
703 EXPECT_EQ(domains.size(), resolvInfo.value().domains.size());
704 EXPECT_TRUE(resolvInfo.value().dotServers.empty());
705 EXPECT_EQ(resolverParams.sampleValiditySeconds, resolvInfo.value().params.sample_validity);
706 EXPECT_EQ(resolverParams.successThreshold, resolvInfo.value().params.success_threshold);
707 EXPECT_EQ(resolverParams.minSamples, resolvInfo.value().params.min_samples);
708 EXPECT_EQ(resolverParams.maxSamples, resolvInfo.value().params.max_samples);
709 EXPECT_EQ(resolverParams.baseTimeoutMsec, resolvInfo.value().params.base_timeout_msec);
710 EXPECT_EQ(resolverParams.retryCount, resolvInfo.value().params.retry_count);
711 EXPECT_EQ(servers.size(), resolvInfo.value().stats.size());
712
713 EXPECT_THAT(resolvInfo.value().dnsServers, testing::UnorderedElementsAreArray(servers));
714 EXPECT_THAT(resolvInfo.value().domains, testing::UnorderedElementsAreArray(domains));
715 }
716
TEST_F(ResolverTest,GetAddrInfo)717 TEST_F(ResolverTest, GetAddrInfo) {
718 constexpr char listen_addr[] = "127.0.0.4";
719 constexpr char listen_addr2[] = "127.0.0.5";
720 constexpr char host_name[] = "howdy.example.com.";
721
722 const std::vector<DnsRecord> records = {
723 {host_name, ns_type::ns_t_a, "1.2.3.4"},
724 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
725 };
726 test::DNSResponder dns(listen_addr);
727 test::DNSResponder dns2(listen_addr2);
728 StartDns(dns, records);
729 StartDns(dns2, records);
730
731 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr}));
732 dns.clearQueries();
733 dns2.clearQueries();
734
735 ScopedAddrinfo result = safe_getaddrinfo("howdy", nullptr, nullptr);
736 EXPECT_TRUE(result != nullptr);
737 size_t found = GetNumQueries(dns, host_name);
738 EXPECT_LE(1U, found);
739 // Could be A or AAAA
740 std::string result_str = ToString(result);
741 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
742 << ", result_str='" << result_str << "'";
743
744 // Verify that the name is cached.
745 size_t old_found = found;
746 result = safe_getaddrinfo("howdy", nullptr, nullptr);
747 EXPECT_TRUE(result != nullptr);
748 found = GetNumQueries(dns, host_name);
749 EXPECT_LE(1U, found);
750 EXPECT_EQ(old_found, found);
751 result_str = ToString(result);
752 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") << result_str;
753
754 // Change the DNS resolver, ensure that queries are still cached.
755 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr2}));
756 dns.clearQueries();
757 dns2.clearQueries();
758
759 result = safe_getaddrinfo("howdy", nullptr, nullptr);
760 EXPECT_TRUE(result != nullptr);
761 found = GetNumQueries(dns, host_name);
762 size_t found2 = GetNumQueries(dns2, host_name);
763 EXPECT_EQ(0U, found);
764 EXPECT_LE(0U, found2);
765
766 // Could be A or AAAA
767 result_str = ToString(result);
768 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
769 << ", result_str='" << result_str << "'";
770 }
771
TEST_F(ResolverTest,GetAddrInfoV4)772 TEST_F(ResolverTest, GetAddrInfoV4) {
773 test::DNSResponder dns;
774 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.5"}});
775 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
776
777 const addrinfo hints = {.ai_family = AF_INET};
778 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
779 EXPECT_TRUE(result != nullptr);
780 EXPECT_EQ(1U, GetNumQueries(dns, kHelloExampleCom));
781 EXPECT_EQ("1.2.3.5", ToString(result));
782 }
783
TEST_F(ResolverTest,GetAddrInfo_localhost)784 TEST_F(ResolverTest, GetAddrInfo_localhost) {
785 // Add a no-op nameserver which shouldn't receive any queries
786 test::DNSResponder dns;
787 StartDns(dns, {});
788 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
789
790 ScopedAddrinfo result = safe_getaddrinfo(kLocalHost, nullptr, nullptr);
791 EXPECT_TRUE(result != nullptr);
792 // Expect no DNS queries; localhost is resolved via /etc/hosts
793 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
794 EXPECT_EQ(kLocalHostAddr, ToString(result));
795
796 result = safe_getaddrinfo(kIp6LocalHost, nullptr, nullptr);
797 EXPECT_TRUE(result != nullptr);
798 // Expect no DNS queries; ip6-localhost is resolved via /etc/hosts
799 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
800 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
801 }
802
TEST_F(ResolverTest,GetAddrInfo_NumericHostname)803 TEST_F(ResolverTest, GetAddrInfo_NumericHostname) {
804 // Add a no-op nameserver which shouldn't receive any queries
805 test::DNSResponder dns;
806 StartDns(dns, {});
807 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
808
809 ScopedAddrinfo result = safe_getaddrinfo("1.2.3.4", nullptr, nullptr);
810 EXPECT_TRUE(result != nullptr);
811 // Expect no DNS queries. Numeric hostname doesn't need to resolve.
812 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
813 EXPECT_EQ("1.2.3.4", ToString(result));
814
815 result = safe_getaddrinfo("2001:db8::1", nullptr, nullptr);
816 EXPECT_TRUE(result != nullptr);
817 // Expect no DNS queries. Numeric hostname doesn't need to resolve.
818 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
819 EXPECT_EQ("2001:db8::1", ToString(result));
820 }
821
TEST_F(ResolverTest,GetAddrInfo_InvalidSocketType)822 TEST_F(ResolverTest, GetAddrInfo_InvalidSocketType) {
823 test::DNSResponder dns;
824 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, "1.2.3.5"}});
825 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
826
827 // TODO: Test other invalid socket types.
828 const addrinfo hints = {
829 .ai_family = AF_UNSPEC,
830 .ai_socktype = SOCK_PACKET,
831 };
832 addrinfo* result = nullptr;
833 // This is a valid hint, but the query won't be sent because the socket type is
834 // not supported.
835 EXPECT_EQ(EAI_NODATA, getaddrinfo("hello", nullptr, &hints, &result));
836 ScopedAddrinfo result_cleanup(result);
837 EXPECT_EQ(nullptr, result);
838 }
839
840 // Verify if the resolver correctly handle multiple queries simultaneously
841 // step 1: set dns server#1 into deferred responding mode.
842 // step 2: thread#1 query "hello.example.com." --> resolver send query to server#1.
843 // step 3: thread#2 query "hello.example.com." --> resolver hold the request and wait for
844 // response of previous pending query sent by thread#1.
845 // step 4: thread#3 query "konbanha.example.com." --> resolver send query to server#3. Server
846 // respond to resolver immediately.
847 // step 5: check if server#1 get 1 query by thread#1, server#2 get 0 query, server#3 get 1 query.
848 // step 6: resume dns server#1 to respond dns query in step#2.
849 // step 7: thread#1 and #2 should get returned from DNS query after step#6. Also, check the
850 // number of queries in server#2 is 0 to ensure thread#2 does not wake up unexpectedly
851 // before signaled by thread#1.
TEST_F(ResolverTest,GetAddrInfoV4_deferred_resp)852 TEST_F(ResolverTest, GetAddrInfoV4_deferred_resp) {
853 const char* listen_addr1 = "127.0.0.9";
854 const char* listen_addr2 = "127.0.0.10";
855 const char* listen_addr3 = "127.0.0.11";
856 const char* listen_srv = "53";
857 const char* host_name_deferred = "hello.example.com.";
858 const char* host_name_normal = "konbanha.example.com.";
859 test::DNSResponder dns1(listen_addr1, listen_srv, ns_rcode::ns_r_servfail);
860 test::DNSResponder dns2(listen_addr2, listen_srv, ns_rcode::ns_r_servfail);
861 test::DNSResponder dns3(listen_addr3, listen_srv, ns_rcode::ns_r_servfail);
862 dns1.addMapping(host_name_deferred, ns_type::ns_t_a, "1.2.3.4");
863 dns2.addMapping(host_name_deferred, ns_type::ns_t_a, "1.2.3.4");
864 dns3.addMapping(host_name_normal, ns_type::ns_t_a, "1.2.3.5");
865 ASSERT_TRUE(dns1.startServer());
866 ASSERT_TRUE(dns2.startServer());
867 ASSERT_TRUE(dns3.startServer());
868 const std::vector<std::string> servers_for_t1 = {listen_addr1};
869 const std::vector<std::string> servers_for_t2 = {listen_addr2};
870 const std::vector<std::string> servers_for_t3 = {listen_addr3};
871 addrinfo hints = {.ai_family = AF_INET};
872 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {300, 25, 8, 8, 5000, 0};
873 bool t3_task_done = false;
874 bool t2_sv_setup_done = false;
875
876 dns1.setDeferredResp(true);
877 std::thread t1([&, this]() {
878 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
879 .setDnsServers(servers_for_t1)
880 .setDotServers({})
881 .setParams(params)
882 .build()));
883 ScopedAddrinfo result = safe_getaddrinfo(host_name_deferred, nullptr, &hints);
884 // t3's dns query should got returned first
885 EXPECT_TRUE(t3_task_done);
886 EXPECT_EQ(1U, GetNumQueries(dns1, host_name_deferred));
887 EXPECT_TRUE(result != nullptr);
888 EXPECT_EQ("1.2.3.4", ToString(result));
889 });
890
891 // ensuring t1 and t2 handler functions are processed in order
892 EXPECT_TRUE(PollForCondition([&]() { return GetNumQueries(dns1, host_name_deferred); }));
893 std::thread t2([&, this]() {
894 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
895 .setDnsServers(servers_for_t2)
896 .setDotServers({})
897 .setParams(params)
898 .build()));
899 t2_sv_setup_done = true;
900 ScopedAddrinfo result = safe_getaddrinfo(host_name_deferred, nullptr, &hints);
901 EXPECT_TRUE(t3_task_done);
902 EXPECT_EQ(0U, GetNumQueries(dns2, host_name_deferred));
903 EXPECT_TRUE(result != nullptr);
904 EXPECT_EQ("1.2.3.4", ToString(result));
905 const auto resolvInfo = mDnsClient.getResolverInfo();
906 ASSERT_RESULT_OK(resolvInfo);
907 EXPECT_EQ(0, resolvInfo.value().waitForPendingReqTimeoutCount);
908 });
909
910 // ensuring t2 and t3 handler functions are processed in order
911 EXPECT_TRUE(PollForCondition([&]() { return t2_sv_setup_done; }));
912 std::thread t3([&, this]() {
913 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
914 .setDnsServers(servers_for_t3)
915 .setDotServers({})
916 .setParams(params)
917 .build()));
918 ScopedAddrinfo result = safe_getaddrinfo(host_name_normal, nullptr, &hints);
919 EXPECT_EQ(1U, GetNumQueries(dns1, host_name_deferred));
920 EXPECT_EQ(0U, GetNumQueries(dns2, host_name_deferred));
921 EXPECT_EQ(1U, GetNumQueries(dns3, host_name_normal));
922 EXPECT_TRUE(result != nullptr);
923 EXPECT_EQ("1.2.3.5", ToString(result));
924
925 t3_task_done = true;
926 dns1.setDeferredResp(false);
927 });
928 t3.join();
929 t1.join();
930 t2.join();
931 }
932
TEST_F(ResolverTest,GetAddrInfoV4_MultiAnswers)933 TEST_F(ResolverTest, GetAddrInfoV4_MultiAnswers) {
934 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
935 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponsesV4);
936 StartDns(dns, {});
937 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
938
939 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
940 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
941 ASSERT_FALSE(result == nullptr);
942
943 // Expect the DNS result order is the same as the RR order in the DNS response
944 // |kHelloExampleComResponsesV4| because none of rule in the native sorting
945 // function _rfc6724_compare() is matched.
946 //
947 // The reason is here for the sorting result from _rfc6724_compare.
948 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
949 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
950 // See rule#1 as well.
951 // (rule 3 is not implemented)
952 // (rule 4 is not implemented)
953 // For rule 5: prefer matching label, all addresses get the same label 4 for AF_INET.
954 // For rule 6: prefer higher precedence, all addresses get the same precedence 35 for AF_INET.
955 // (rule 7 is not implemented)
956 // For rule 8: prefer smaller scope, all destination addresses has the same scope.
957 // For rule 9: use longest matching prefix, IPv6 only.
958 // For rule 10: leave the order unchanged, these IPv4 DNS addresses meet this rule.
959 //
960 // See packages/modules/DnsResolver/getaddrinfo.cpp
961 EXPECT_THAT(ToStrings(result),
962 testing::ElementsAre(kHelloExampleComAddrV4, kHelloExampleComAddrV4_2,
963 kHelloExampleComAddrV4_3));
964
965 // .ai_socktype will be 0.
966 hints = {.ai_family = AF_UNSPEC};
967 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
968 ASSERT_FALSE(result == nullptr);
969
970 // The results are sorted in every querying by explore_options and then concatenates all sorted
971 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
972 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
973 // of each explore_options and concatenates all sorted results into one link list. The address
974 // order of the output addrinfo is:
975 // 1.2.3.4 (socktype=2, protocol=17) ->
976 // 8.8.8.8 (socktype=2, protocol=17) ->
977 // 81.117.21.202 (socktype=2, protocol=17) ->
978 // 1.2.3.4 (socktype=1, protocol=6) ->
979 // 8.8.8.8 (socktype=1, protocol=6) ->
980 // 81.117.21.202 (socktype=1, protocol=6)
981 //
982 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
983 EXPECT_THAT(ToStrings(result),
984 testing::ElementsAre(kHelloExampleComAddrV4, kHelloExampleComAddrV4_2,
985 kHelloExampleComAddrV4_3, kHelloExampleComAddrV4,
986 kHelloExampleComAddrV4_2, kHelloExampleComAddrV4_3));
987 }
988
TEST_F(ResolverTest,GetAddrInfoV6_MultiAnswers)989 TEST_F(ResolverTest, GetAddrInfoV6_MultiAnswers) {
990 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
991 dns.addMappingBinaryPacket(kHelloExampleComQueryV6, kHelloExampleComResponsesV6);
992 StartDns(dns, {});
993 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
994
995 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
996 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
997 ASSERT_FALSE(result == nullptr);
998
999 // Expect the DNS result order is GUA, teredo tunneling address and IPv4-compatible address
1000 // because of the precedence comparison of RFC 6724.
1001 //
1002 // The reason is here for the sorting result from _rfc6724_compare.
1003 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
1004 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
1005 // See rule#1 as well.
1006 // (rule 3 is not implemented)
1007 // (rule 4 is not implemented)
1008 // For rule 5: prefer matching label, the source address is not valid and can't match the dns
1009 // reply addresses. See rule#1 as well.
1010 // For rule 6: prefer higher precedence, sorted by the order: gua(40), teredo(5) and
1011 // ipv4-compatible(1).
1012 // Ignore from rule 7 to rule 10 because the results has been sorted by rule 6.
1013 //
1014 // See _get_precedence, _rfc6724_compare in packages/modules/DnsResolver/getaddrinfo.cpp
1015 EXPECT_THAT(ToStrings(result),
1016 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV6_TEREDO,
1017 kHelloExampleComAddrV6_IPV4COMPAT));
1018
1019 hints = {.ai_family = AF_UNSPEC};
1020 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1021 ASSERT_FALSE(result == nullptr);
1022
1023 // The results are sorted in every querying by explore_options and then concatenates all sorted
1024 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
1025 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
1026 // of each explore_options and concatenates all sorted results into one link list. The address
1027 // order of the output addrinfo is:
1028 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1029 // 2001::47c1 (socktype=2, protocol=17) ->
1030 // ::1.2.3.4 (socktype=2, protocol=17) ->
1031 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1032 // 2001::47c1 (socktype=1, protocol=6) ->
1033 // ::1.2.3.4 (socktype=1, protocol=6)
1034 //
1035 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1036 EXPECT_THAT(
1037 ToStrings(result),
1038 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV6_TEREDO,
1039 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_GUA,
1040 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1041 }
1042
TEST_F(ResolverTest,GetAddrInfoV4V6_MultiAnswers)1043 TEST_F(ResolverTest, GetAddrInfoV4V6_MultiAnswers) {
1044 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
1045 // Use one IPv4 address only because we can't control IPv4 address ordering in this test
1046 // which uses a fake network.
1047 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponseV4);
1048 dns.addMappingBinaryPacket(kHelloExampleComQueryV6, kHelloExampleComResponsesV6);
1049 StartDns(dns, {});
1050 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1051
1052 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
1053 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1054 ASSERT_FALSE(result == nullptr);
1055
1056 // Expect the DNS result order is ipv6 global unicast address, IPv4 address, IPv6 teredo
1057 // tunneling address and IPv4-compatible IPv6 address because of the precedence comparison
1058 // of RFC 6724.
1059 //
1060 // The reason is here for the sorting result from _rfc6724_compare.
1061 // For rule 1: avoid unusable destinations, all addresses are unusable on a fake test network.
1062 // For rule 2: prefer matching scope, all addresses don't match because of no source address.
1063 // See rule#1 as well.
1064 // (rule 3 is not implemented)
1065 // (rule 4 is not implemented)
1066 // For rule 5: prefer matching label, the source address is not valid and can't match the dns
1067 // reply addresses. See rule#1 as well.
1068 // For rule 6: prefer higher precedence, sorted by the order: gua(40), ipv4(35), teredo(5) and
1069 // ipv4-compatible(1).
1070 // Ignore from rule 7 to rule 10 because the results has been sorted by rule 6.
1071 //
1072 // See _get_precedence, _rfc6724_compare in packages/modules/DnsResolver/getaddrinfo.cpp
1073 EXPECT_THAT(
1074 ToStrings(result),
1075 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1076 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1077
1078 hints = {.ai_family = AF_UNSPEC};
1079 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1080 ASSERT_FALSE(result == nullptr);
1081
1082 // The results are sorted in every querying by explore_options and then concatenates all sorted
1083 // results. resolv_getaddrinfo() calls explore_fqdn() many times by the different
1084 // explore_options. It means that resolv_rfc6724_sort() only sorts the ordering in the results
1085 // of each explore_options and concatenates all sorted results into one link list. The address
1086 // order of the output addrinfo is:
1087 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1088 // 1.2.3.4 (socktype=2, protocol=17) ->
1089 // 2001::47c1 (socktype=2, protocol=17) ->
1090 // ::1.2.3.4 (socktype=2, protocol=17) ->
1091 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1092 // 1.2.3.4 (socktype=1, protocol=6) ->
1093 // 2001::47c1 (socktype=1, protocol=6) ->
1094 // ::1.2.3.4 (socktype=1, protocol=6)
1095 //
1096 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1097 EXPECT_THAT(
1098 ToStrings(result),
1099 testing::ElementsAre(kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1100 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT,
1101 kHelloExampleComAddrV6_GUA, kHelloExampleComAddrV4,
1102 kHelloExampleComAddrV6_TEREDO, kHelloExampleComAddrV6_IPV4COMPAT));
1103 }
1104
TEST_F(ResolverTest,GetAddrInfo_cnames)1105 TEST_F(ResolverTest, GetAddrInfo_cnames) {
1106 constexpr char host_name[] = "host.example.com.";
1107 test::DNSResponder dns;
1108 const std::vector<DnsRecord> records = {
1109 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
1110 {"a.example.com.", ns_type::ns_t_cname, "b.example.com."},
1111 {"b.example.com.", ns_type::ns_t_cname, "c.example.com."},
1112 {"c.example.com.", ns_type::ns_t_cname, "d.example.com."},
1113 {"d.example.com.", ns_type::ns_t_cname, "e.example.com."},
1114 {"e.example.com.", ns_type::ns_t_cname, host_name},
1115 {host_name, ns_type::ns_t_a, "1.2.3.3"},
1116 {host_name, ns_type::ns_t_aaaa, "2001:db8::42"},
1117 };
1118 StartDns(dns, records);
1119 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1120
1121 addrinfo hints = {.ai_family = AF_INET};
1122 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1123 EXPECT_TRUE(result != nullptr);
1124 EXPECT_EQ("1.2.3.3", ToString(result));
1125
1126 dns.clearQueries();
1127 hints = {.ai_family = AF_INET6};
1128 result = safe_getaddrinfo("hello", nullptr, &hints);
1129 EXPECT_TRUE(result != nullptr);
1130 EXPECT_EQ("2001:db8::42", ToString(result));
1131 }
1132
TEST_F(ResolverTest,GetAddrInfo_cnamesNoIpAddress)1133 TEST_F(ResolverTest, GetAddrInfo_cnamesNoIpAddress) {
1134 test::DNSResponder dns;
1135 const std::vector<DnsRecord> records = {
1136 {kHelloExampleCom, ns_type::ns_t_cname, "a.example.com."},
1137 };
1138 StartDns(dns, records);
1139 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1140
1141 addrinfo hints = {.ai_family = AF_INET};
1142 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1143 EXPECT_TRUE(result == nullptr);
1144
1145 dns.clearQueries();
1146 hints = {.ai_family = AF_INET6};
1147 result = safe_getaddrinfo("hello", nullptr, &hints);
1148 EXPECT_TRUE(result == nullptr);
1149 }
1150
TEST_F(ResolverTest,GetAddrInfo_cnamesIllegalRdata)1151 TEST_F(ResolverTest, GetAddrInfo_cnamesIllegalRdata) {
1152 test::DNSResponder dns;
1153 const std::vector<DnsRecord> records = {
1154 {kHelloExampleCom, ns_type::ns_t_cname, ".!#?"},
1155 };
1156 StartDns(dns, records);
1157 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1158
1159 addrinfo hints = {.ai_family = AF_INET};
1160 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1161 EXPECT_TRUE(result == nullptr);
1162
1163 dns.clearQueries();
1164 hints = {.ai_family = AF_INET6};
1165 result = safe_getaddrinfo("hello", nullptr, &hints);
1166 EXPECT_TRUE(result == nullptr);
1167 }
1168
TEST_F(ResolverTest,GetAddrInfoForCaseInSensitiveDomains)1169 TEST_F(ResolverTest, GetAddrInfoForCaseInSensitiveDomains) {
1170 test::DNSResponder dns;
1171 const char* host_name = "howdy.example.com.";
1172 const char* host_name2 = "HOWDY.example.com.";
1173 const std::vector<DnsRecord> records = {
1174 {host_name, ns_type::ns_t_a, "1.2.3.4"},
1175 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
1176 {host_name2, ns_type::ns_t_a, "1.2.3.5"},
1177 {host_name2, ns_type::ns_t_aaaa, "::1.2.3.5"},
1178 };
1179 StartDns(dns, records);
1180 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1181
1182 ScopedAddrinfo hostname_result = safe_getaddrinfo("howdy", nullptr, nullptr);
1183 EXPECT_TRUE(hostname_result != nullptr);
1184 const size_t hostname1_count_after_first_query = GetNumQueries(dns, host_name);
1185 EXPECT_LE(1U, hostname1_count_after_first_query);
1186 // Could be A or AAAA
1187 std::string hostname_result_str = ToString(hostname_result);
1188 EXPECT_TRUE(hostname_result_str == "1.2.3.4" || hostname_result_str == "::1.2.3.4");
1189
1190 // Verify that the name is cached.
1191 ScopedAddrinfo hostname2_result = safe_getaddrinfo("HOWDY", nullptr, nullptr);
1192 EXPECT_TRUE(hostname2_result != nullptr);
1193 const size_t hostname1_count_after_second_query = GetNumQueries(dns, host_name);
1194 EXPECT_LE(1U, hostname1_count_after_second_query);
1195
1196 // verify that there is no change in num of queries for howdy.example.com
1197 EXPECT_EQ(hostname1_count_after_first_query, hostname1_count_after_second_query);
1198
1199 // Number of queries for HOWDY.example.com would be >= 1 if domain names
1200 // are considered case-sensitive, else number of queries should be 0.
1201 const size_t hostname2_count = GetNumQueries(dns, host_name2);
1202 EXPECT_EQ(0U,hostname2_count);
1203 std::string hostname2_result_str = ToString(hostname2_result);
1204 EXPECT_TRUE(hostname2_result_str == "1.2.3.4" || hostname2_result_str == "::1.2.3.4");
1205
1206 // verify that the result is still the same address even though
1207 // mixed-case string is not in the DNS
1208 ScopedAddrinfo result = safe_getaddrinfo("HowDY", nullptr, nullptr);
1209 EXPECT_TRUE(result != nullptr);
1210 std::string result_str = ToString(result);
1211 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4");
1212 }
1213
TEST_F(ResolverTest,MultidomainResolution)1214 TEST_F(ResolverTest, MultidomainResolution) {
1215 constexpr char host_name[] = "nihao.example2.com.";
1216 std::vector<std::string> searchDomains = {"example1.com", "example2.com", "example3.com"};
1217
1218 test::DNSResponder dns("127.0.0.6");
1219 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.3"}});
1220 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({"127.0.0.6"}, searchDomains));
1221
1222 const hostent* result = gethostbyname("nihao");
1223
1224 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
1225 ASSERT_FALSE(result == nullptr);
1226 ASSERT_EQ(4, result->h_length);
1227 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
1228 EXPECT_EQ("1.2.3.3", ToString(result));
1229 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
1230 }
1231
TEST_F(ResolverTest,GetAddrInfoV6_numeric)1232 TEST_F(ResolverTest, GetAddrInfoV6_numeric) {
1233 constexpr char host_name[] = "ohayou.example.com.";
1234 constexpr char numeric_addr[] = "fe80::1%lo";
1235
1236 test::DNSResponder dns;
1237 dns.setResponseProbability(0.0);
1238 StartDns(dns, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1239 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
1240
1241 addrinfo hints = {.ai_family = AF_INET6};
1242 ScopedAddrinfo result = safe_getaddrinfo(numeric_addr, nullptr, &hints);
1243 EXPECT_TRUE(result != nullptr);
1244 EXPECT_EQ(numeric_addr, ToString(result));
1245 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
1246
1247 // Now try a non-numeric hostname query with the AI_NUMERICHOST flag set.
1248 // We should fail without sending out a DNS query.
1249 hints.ai_flags |= AI_NUMERICHOST;
1250 result = safe_getaddrinfo(host_name, nullptr, &hints);
1251 EXPECT_TRUE(result == nullptr);
1252 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
1253 }
1254
TEST_F(ResolverTest,GetAddrInfoV6_failing)1255 TEST_F(ResolverTest, GetAddrInfoV6_failing) {
1256 constexpr char listen_addr0[] = "127.0.0.7";
1257 constexpr char listen_addr1[] = "127.0.0.8";
1258 const char* host_name = "ohayou.example.com.";
1259
1260 test::DNSResponder dns0(listen_addr0);
1261 test::DNSResponder dns1(listen_addr1);
1262 dns0.setResponseProbability(0.0);
1263 StartDns(dns0, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1264 StartDns(dns1, {{host_name, ns_type::ns_t_aaaa, "2001:db8::6"}});
1265
1266 std::vector<std::string> servers = {listen_addr0, listen_addr1};
1267 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
1268 int sample_count = 8;
1269 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
1270 300, 25, sample_count, sample_count, 0, 0};
1271 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
1272 .setDnsServers(servers)
1273 .setDotServers({})
1274 .setParams(params)
1275 .build()));
1276
1277 // Repeatedly perform resolutions for non-existing domains until MAXNSSAMPLES resolutions have
1278 // reached the dns0, which is set to fail. No more requests should then arrive at that server
1279 // for the next sample_lifetime seconds.
1280 // TODO: This approach is implementation-dependent, change once metrics reporting is available.
1281 const addrinfo hints = {.ai_family = AF_INET6};
1282 for (int i = 0; i < sample_count; ++i) {
1283 std::string domain = fmt::format("nonexistent{}", i);
1284 ScopedAddrinfo result = safe_getaddrinfo(domain.c_str(), nullptr, &hints);
1285 }
1286 // Due to 100% errors for all possible samples, the server should be ignored from now on and
1287 // only the second one used for all following queries, until NSSAMPLE_VALIDITY is reached.
1288 dns0.clearQueries();
1289 dns1.clearQueries();
1290 ScopedAddrinfo result = safe_getaddrinfo("ohayou", nullptr, &hints);
1291 EXPECT_TRUE(result != nullptr);
1292 EXPECT_EQ(0U, GetNumQueries(dns0, host_name));
1293 EXPECT_EQ(1U, GetNumQueries(dns1, host_name));
1294 }
1295
TEST_F(ResolverTest,GetAddrInfoV6_nonresponsive)1296 TEST_F(ResolverTest, GetAddrInfoV6_nonresponsive) {
1297 constexpr char listen_addr0[] = "127.0.0.7";
1298 constexpr char listen_addr1[] = "127.0.0.8";
1299 constexpr char listen_srv[] = "53";
1300 constexpr char host_name1[] = "ohayou.example.com.";
1301 constexpr char host_name2[] = "ciao.example.com.";
1302 const std::vector<std::string> defaultSearchDomain = {"example.com"};
1303 // The minimal timeout is 1000ms, so we can't decrease timeout
1304 // So reduce retry count.
1305 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> reduceRetryParams = {
1306 300, // sample validity in seconds
1307 25, // success threshod in percent
1308 8, 8, // {MIN,MAX}_SAMPLES
1309 1000, // BASE_TIMEOUT_MSEC
1310 1, // retry count
1311 };
1312 const std::vector<DnsRecord> records0 = {
1313 {host_name1, ns_type::ns_t_aaaa, "2001:db8::5"},
1314 {host_name2, ns_type::ns_t_aaaa, "2001:db8::5"},
1315 };
1316 const std::vector<DnsRecord> records1 = {
1317 {host_name1, ns_type::ns_t_aaaa, "2001:db8::6"},
1318 {host_name2, ns_type::ns_t_aaaa, "2001:db8::6"},
1319 };
1320
1321 // dns0 does not respond with 100% probability, while
1322 // dns1 responds normally, at least initially.
1323 test::DNSResponder dns0(listen_addr0, listen_srv, static_cast<ns_rcode>(-1));
1324 test::DNSResponder dns1(listen_addr1, listen_srv, static_cast<ns_rcode>(-1));
1325 dns0.setResponseProbability(0.0);
1326 StartDns(dns0, records0);
1327 StartDns(dns1, records1);
1328 ASSERT_TRUE(
1329 mDnsClient.SetResolversFromParcel(ResolverParams::Builder()
1330 .setDnsServers({listen_addr0, listen_addr1})
1331 .setDotServers({})
1332 .setParams(reduceRetryParams)
1333 .build()));
1334
1335 // Specify ai_socktype to make getaddrinfo will only query 1 time
1336 const addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_STREAM};
1337
1338 // dns0 will ignore the request, and we'll fallback to dns1 after the first
1339 // retry.
1340 ScopedAddrinfo result = safe_getaddrinfo(host_name1, nullptr, &hints);
1341 EXPECT_TRUE(result != nullptr);
1342 EXPECT_EQ(1U, GetNumQueries(dns0, host_name1));
1343 EXPECT_EQ(1U, GetNumQueries(dns1, host_name1));
1344 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, 0, host_name1, {"2001:db8::6"});
1345
1346 // Now make dns1 also ignore 100% requests... The resolve should alternate
1347 // queries between the nameservers and fail
1348 dns1.setResponseProbability(0.0);
1349 addrinfo* result2 = nullptr;
1350 EXPECT_EQ(EAI_NODATA, getaddrinfo(host_name2, nullptr, &hints, &result2));
1351 EXPECT_EQ(nullptr, result2);
1352 EXPECT_EQ(1U, GetNumQueries(dns0, host_name2));
1353 EXPECT_EQ(1U, GetNumQueries(dns1, host_name2));
1354 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, RCODE_TIMEOUT, host_name2, {});
1355 }
1356
TEST_F(ResolverTest,GetAddrInfoV6_concurrent)1357 TEST_F(ResolverTest, GetAddrInfoV6_concurrent) {
1358 constexpr char listen_addr0[] = "127.0.0.9";
1359 constexpr char listen_addr1[] = "127.0.0.10";
1360 constexpr char listen_addr2[] = "127.0.0.11";
1361 constexpr char host_name[] = "konbanha.example.com.";
1362
1363 test::DNSResponder dns0(listen_addr0);
1364 test::DNSResponder dns1(listen_addr1);
1365 test::DNSResponder dns2(listen_addr2);
1366 StartDns(dns0, {{host_name, ns_type::ns_t_aaaa, "2001:db8::5"}});
1367 StartDns(dns1, {{host_name, ns_type::ns_t_aaaa, "2001:db8::6"}});
1368 StartDns(dns2, {{host_name, ns_type::ns_t_aaaa, "2001:db8::7"}});
1369
1370 const std::vector<std::string> servers = {listen_addr0, listen_addr1, listen_addr2};
1371 std::vector<std::thread> threads(10);
1372 for (std::thread& thread : threads) {
1373 thread = std::thread([this, &servers]() {
1374 unsigned delay = arc4random_uniform(1 * 1000 * 1000); // <= 1s
1375 usleep(delay);
1376 std::vector<std::string> serverSubset;
1377 for (const auto& server : servers) {
1378 if (arc4random_uniform(2)) {
1379 serverSubset.push_back(server);
1380 }
1381 }
1382 if (serverSubset.empty()) serverSubset = servers;
1383 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(serverSubset));
1384 const addrinfo hints = {.ai_family = AF_INET6};
1385 addrinfo* result = nullptr;
1386 int rv = getaddrinfo("konbanha", nullptr, &hints, &result);
1387 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
1388 if (result) {
1389 freeaddrinfo(result);
1390 result = nullptr;
1391 }
1392 });
1393 }
1394 for (std::thread& thread : threads) {
1395 thread.join();
1396 }
1397
1398 const auto resolvInfo = mDnsClient.getResolverInfo();
1399 ASSERT_RESULT_OK(resolvInfo);
1400 EXPECT_EQ(0, resolvInfo.value().waitForPendingReqTimeoutCount);
1401 }
1402
TEST_F(ResolverTest,SkipBadServersDueToInternalError)1403 TEST_F(ResolverTest, SkipBadServersDueToInternalError) {
1404 constexpr char listen_addr1[] = "fe80::1";
1405 constexpr char listen_addr2[] = "255.255.255.255";
1406 constexpr char listen_addr3[] = "127.0.0.3";
1407 int counter = 0; // To generate unique hostnames.
1408 test::DNSResponder dns(listen_addr3);
1409 ASSERT_TRUE(dns.startServer());
1410
1411 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1412 setupParams.servers = {listen_addr1, listen_addr2, listen_addr3};
1413 setupParams.minSamples = 2; // Recognize bad servers in two attempts when sorting not enabled.
1414
1415 ResolverParamsParcel cleanupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1416 cleanupParams.servers.clear();
1417 cleanupParams.tlsServers.clear();
1418
1419 for (const auto& sortNameserversFlag : {"" /* unset */, "0" /* off */, "1" /* on */}) {
1420 SCOPED_TRACE(fmt::format("sortNameversFlag_{}", sortNameserversFlag));
1421 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, sortNameserversFlag);
1422
1423 // Re-setup test network to make experiment flag take effect.
1424 resetNetwork();
1425
1426 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
1427
1428 // Start sending synchronized querying.
1429 for (int i = 0; i < 100; i++) {
1430 std::string hostName = fmt::format("hello{}.com.", counter++);
1431 dns.addMapping(hostName, ns_type::ns_t_a, "1.2.3.4");
1432 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1433 EXPECT_TRUE(safe_getaddrinfo(hostName.c_str(), nullptr, &hints) != nullptr);
1434 }
1435
1436 const std::vector<NameserverStats> targetStats = {
1437 NameserverStats(listen_addr1).setInternalErrors(5),
1438 NameserverStats(listen_addr2).setInternalErrors(5),
1439 NameserverStats(listen_addr3).setSuccesses(setupParams.maxSamples).setRttAvg(1),
1440 };
1441 EXPECT_TRUE(expectStatsNotGreaterThan(targetStats));
1442
1443 // Also verify the number of queries received in the server because res_stats.successes has
1444 // a maximum.
1445 EXPECT_EQ(dns.queries().size(), 100U);
1446
1447 // Reset the state.
1448 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(cleanupParams));
1449 dns.clearQueries();
1450 }
1451 }
1452
TEST_F(ResolverTest,SkipBadServersDueToTimeout)1453 TEST_F(ResolverTest, SkipBadServersDueToTimeout) {
1454 constexpr char listen_addr1[] = "127.0.0.3";
1455 constexpr char listen_addr2[] = "127.0.0.4";
1456 int counter = 0; // To generate unique hostnames.
1457
1458 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1459 setupParams.servers = {listen_addr1, listen_addr2};
1460 setupParams.minSamples = 2; // Recognize bad servers in two attempts when sorting not enabled.
1461
1462 ResolverParamsParcel cleanupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1463 cleanupParams.servers.clear();
1464 cleanupParams.tlsServers.clear();
1465
1466 // Set dns1 non-responsive and dns2 workable.
1467 test::DNSResponder dns1(listen_addr1, test::kDefaultListenService, static_cast<ns_rcode>(-1));
1468 test::DNSResponder dns2(listen_addr2);
1469 dns1.setResponseProbability(0.0);
1470 ASSERT_TRUE(dns1.startServer());
1471 ASSERT_TRUE(dns2.startServer());
1472
1473 for (const auto& sortNameserversFlag : {"" /* unset */, "0" /* off */, "1" /* on */}) {
1474 SCOPED_TRACE(fmt::format("sortNameversFlag_{}", sortNameserversFlag));
1475 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, sortNameserversFlag);
1476
1477 // Re-setup test network to make experiment flag take effect.
1478 resetNetwork();
1479
1480 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
1481
1482 // Start sending synchronized querying.
1483 for (int i = 0; i < 100; i++) {
1484 std::string hostName = fmt::format("hello{}.com.", counter++);
1485 dns1.addMapping(hostName, ns_type::ns_t_a, "1.2.3.4");
1486 dns2.addMapping(hostName, ns_type::ns_t_a, "1.2.3.5");
1487 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1488 EXPECT_TRUE(safe_getaddrinfo(hostName.c_str(), nullptr, &hints) != nullptr);
1489 }
1490
1491 const std::vector<NameserverStats> targetStats = {
1492 NameserverStats(listen_addr1).setTimeouts(5),
1493 NameserverStats(listen_addr2).setSuccesses(setupParams.maxSamples).setRttAvg(1),
1494 };
1495 EXPECT_TRUE(expectStatsNotGreaterThan(targetStats));
1496
1497 // Also verify the number of queries received in the server because res_stats.successes has
1498 // an upper bound.
1499 EXPECT_GT(dns1.queries().size(), 0U);
1500 EXPECT_LT(dns1.queries().size(), 5U);
1501 EXPECT_EQ(dns2.queries().size(), 100U);
1502
1503 // Reset the state.
1504 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(cleanupParams));
1505 dns1.clearQueries();
1506 dns2.clearQueries();
1507 }
1508 }
1509
TEST_F(ResolverTest,GetAddrInfoFromCustTable_InvalidInput)1510 TEST_F(ResolverTest, GetAddrInfoFromCustTable_InvalidInput) {
1511 constexpr char hostnameNoip[] = "noip.example.com.";
1512 constexpr char hostnameInvalidip[] = "invalidip.example.com.";
1513 const std::vector<aidl::android::net::ResolverHostsParcel> invalidCustHosts = {
1514 {"", hostnameNoip},
1515 {"wrong IP", hostnameInvalidip},
1516 };
1517 test::DNSResponder dns;
1518 StartDns(dns, {});
1519 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1520
1521 ResolverOptionsParcel resolverOptions;
1522 resolverOptions.hosts = invalidCustHosts;
1523 if (!mIsResolverOptionIPCSupported) {
1524 resolverParams.resolverOptions = resolverOptions;
1525 }
1526 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1527 if (mIsResolverOptionIPCSupported) {
1528 ASSERT_TRUE(mDnsClient.resolvService()
1529 ->setResolverOptions(resolverParams.netId, resolverOptions)
1530 .isOk());
1531 }
1532 for (const auto& hostname : {hostnameNoip, hostnameInvalidip}) {
1533 // The query won't get data from customized table because of invalid customized table
1534 // and DNSResponder also has no records. hostnameNoip has never registered and
1535 // hostnameInvalidip has registered but wrong IP.
1536 const addrinfo hints = {.ai_family = AF_UNSPEC};
1537 ScopedAddrinfo result = safe_getaddrinfo(hostname, nullptr, &hints);
1538 ASSERT_TRUE(result == nullptr);
1539 EXPECT_EQ(4U, GetNumQueries(dns, hostname));
1540 }
1541 }
1542
TEST_F(ResolverTest,GetAddrInfoFromCustTable)1543 TEST_F(ResolverTest, GetAddrInfoFromCustTable) {
1544 constexpr char hostnameV4[] = "v4only.example.com.";
1545 constexpr char hostnameV6[] = "v6only.example.com.";
1546 constexpr char hostnameV4V6[] = "v4v6.example.com.";
1547 constexpr char custAddrV4[] = "1.2.3.4";
1548 constexpr char custAddrV6[] = "::1.2.3.4";
1549 constexpr char dnsSvAddrV4[] = "1.2.3.5";
1550 constexpr char dnsSvAddrV6[] = "::1.2.3.5";
1551 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4 = {
1552 {custAddrV4, hostnameV4},
1553 };
1554 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV6 = {
1555 {custAddrV6, hostnameV6},
1556 };
1557 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4V6 = {
1558 {custAddrV4, hostnameV4V6},
1559 {custAddrV6, hostnameV4V6},
1560 };
1561 const std::vector<DnsRecord> dnsSvHostV4 = {
1562 {hostnameV4, ns_type::ns_t_a, dnsSvAddrV4},
1563 };
1564 const std::vector<DnsRecord> dnsSvHostV6 = {
1565 {hostnameV6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1566 };
1567 const std::vector<DnsRecord> dnsSvHostV4V6 = {
1568 {hostnameV4V6, ns_type::ns_t_a, dnsSvAddrV4},
1569 {hostnameV4V6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1570 };
1571 struct TestConfig {
1572 const std::string name;
1573 const std::vector<aidl::android::net::ResolverHostsParcel> customizedHosts;
1574 const std::vector<DnsRecord> dnsserverHosts;
1575 const std::vector<std::string> queryResult;
1576 std::string asParameters() const {
1577 return fmt::format("name: {}, customizedHosts: {}, dnsserverHosts: {}", name,
1578 customizedHosts.empty() ? "No" : "Yes",
1579 dnsserverHosts.empty() ? "No" : "Yes");
1580 }
1581 } testConfigs[]{
1582 // clang-format off
1583 {hostnameV4, {}, {}, {}},
1584 {hostnameV4, {}, dnsSvHostV4, {dnsSvAddrV4}},
1585 {hostnameV4, custHostV4, {}, {custAddrV4}},
1586 {hostnameV4, custHostV4, dnsSvHostV4, {custAddrV4}},
1587 {hostnameV6, {}, {}, {}},
1588 {hostnameV6, {}, dnsSvHostV6, {dnsSvAddrV6}},
1589 {hostnameV6, custHostV6, {}, {custAddrV6}},
1590 {hostnameV6, custHostV6, dnsSvHostV6, {custAddrV6}},
1591 {hostnameV4V6, {}, {}, {}},
1592 {hostnameV4V6, {}, dnsSvHostV4V6, {dnsSvAddrV4, dnsSvAddrV6}},
1593 {hostnameV4V6, custHostV4V6, {}, {custAddrV4, custAddrV6}},
1594 {hostnameV4V6, custHostV4V6, dnsSvHostV4V6, {custAddrV4, custAddrV6}},
1595 // clang-format on
1596 };
1597
1598 for (const auto& config : testConfigs) {
1599 SCOPED_TRACE(config.asParameters());
1600
1601 test::DNSResponder dns;
1602 StartDns(dns, config.dnsserverHosts);
1603
1604 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1605 ResolverOptionsParcel resolverOptions;
1606 resolverOptions.hosts = config.customizedHosts;
1607 if (!mIsResolverOptionIPCSupported) {
1608 resolverParams.resolverOptions = resolverOptions;
1609 }
1610 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1611
1612 if (mIsResolverOptionIPCSupported) {
1613 ASSERT_TRUE(mDnsClient.resolvService()
1614 ->setResolverOptions(resolverParams.netId, resolverOptions)
1615 .isOk());
1616 }
1617 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1618 ScopedAddrinfo result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
1619 if (config.customizedHosts.empty() && config.dnsserverHosts.empty()) {
1620 ASSERT_TRUE(result == nullptr);
1621 EXPECT_EQ(2U, GetNumQueries(dns, config.name.c_str()));
1622 } else {
1623 ASSERT_TRUE(result != nullptr);
1624 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.queryResult));
1625 EXPECT_EQ(config.customizedHosts.empty() ? 2U : 0U,
1626 GetNumQueries(dns, config.name.c_str()));
1627 }
1628
1629 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
1630 }
1631 }
1632
TEST_F(ResolverTest,GetAddrInfoFromCustTable_Modify)1633 TEST_F(ResolverTest, GetAddrInfoFromCustTable_Modify) {
1634 constexpr char hostnameV4V6[] = "v4v6.example.com.";
1635 constexpr char custAddrV4[] = "1.2.3.4";
1636 constexpr char custAddrV6[] = "::1.2.3.4";
1637 constexpr char dnsSvAddrV4[] = "1.2.3.5";
1638 constexpr char dnsSvAddrV6[] = "::1.2.3.5";
1639 const std::vector<DnsRecord> dnsSvHostV4V6 = {
1640 {hostnameV4V6, ns_type::ns_t_a, dnsSvAddrV4},
1641 {hostnameV4V6, ns_type::ns_t_aaaa, dnsSvAddrV6},
1642 };
1643 const std::vector<aidl::android::net::ResolverHostsParcel> custHostV4V6 = {
1644 {custAddrV4, hostnameV4V6},
1645 {custAddrV6, hostnameV4V6},
1646 };
1647 test::DNSResponder dns;
1648 StartDns(dns, dnsSvHostV4V6);
1649 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1650
1651 ResolverOptionsParcel resolverOptions;
1652 resolverOptions.hosts = custHostV4V6;
1653 if (!mIsResolverOptionIPCSupported) {
1654 resolverParams.resolverOptions = resolverOptions;
1655 }
1656 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1657
1658 if (mIsResolverOptionIPCSupported) {
1659 ASSERT_TRUE(mDnsClient.resolvService()
1660 ->setResolverOptions(resolverParams.netId, resolverOptions)
1661 .isOk());
1662 }
1663
1664 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1665 ScopedAddrinfo result = safe_getaddrinfo(hostnameV4V6, nullptr, &hints);
1666 ASSERT_TRUE(result != nullptr);
1667 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray({custAddrV4, custAddrV6}));
1668 EXPECT_EQ(0U, GetNumQueries(dns, hostnameV4V6));
1669
1670 resolverOptions.hosts = {};
1671 if (!mIsResolverOptionIPCSupported) {
1672 resolverParams.resolverOptions = resolverOptions;
1673 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1674 } else {
1675 ASSERT_TRUE(mDnsClient.resolvService()
1676 ->setResolverOptions(resolverParams.netId, resolverOptions)
1677 .isOk());
1678 }
1679 result = safe_getaddrinfo(hostnameV4V6, nullptr, &hints);
1680 ASSERT_TRUE(result != nullptr);
1681 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray({dnsSvAddrV4, dnsSvAddrV6}));
1682 EXPECT_EQ(2U, GetNumQueries(dns, hostnameV4V6));
1683 }
1684
TEST_F(ResolverTest,GetAddrInfoV4V6FromCustTable_MultiAnswers)1685 TEST_F(ResolverTest, GetAddrInfoV4V6FromCustTable_MultiAnswers) {
1686 test::DNSResponder dns;
1687 StartDns(dns, {});
1688
1689 auto resolverParams = DnsResponderClient::GetDefaultResolverParamsParcel();
1690 ResolverOptionsParcel resolverOptions;
1691 resolverOptions.hosts = {
1692 {kHelloExampleComAddrV4, kHelloExampleCom},
1693 {kHelloExampleComAddrV6_GUA, kHelloExampleCom},
1694 {kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleCom},
1695 {kHelloExampleComAddrV6_TEREDO, kHelloExampleCom},
1696 };
1697 if (!mIsResolverOptionIPCSupported) {
1698 resolverParams.resolverOptions = resolverOptions;
1699 }
1700 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(resolverParams).isOk());
1701
1702 if (mIsResolverOptionIPCSupported) {
1703 ASSERT_TRUE(mDnsClient.resolvService()
1704 ->setResolverOptions(resolverParams.netId, resolverOptions)
1705 .isOk());
1706 }
1707
1708 addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM};
1709 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1710 ASSERT_TRUE(result != nullptr);
1711 // Expect the order is the same as the order of record insertion because the custom table uses
1712 // std::multimap to store and the queried results are not sorted by RFC 6724.
1713 // See getCustomHosts in packages/modules/DnsResolver/getaddrinfo.cpp
1714 EXPECT_THAT(ToStrings(result),
1715 testing::ElementsAreArray({kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1716 kHelloExampleComAddrV6_IPV4COMPAT,
1717 kHelloExampleComAddrV6_TEREDO}));
1718 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
1719
1720 hints = {.ai_family = AF_UNSPEC};
1721 result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
1722 ASSERT_TRUE(result != nullptr);
1723 // The overall result is the concatenation of each result from explore_fqdn().
1724 // resolv_getaddrinfo() calls explore_fqdn() many times by the different explore_options.
1725 // It means that the results of each explore_options keep the order and concatenates
1726 // all results into one link list. The address order of the output addrinfo is:
1727 // 1.2.3.4 (socktype=2, protocol=17) ->
1728 // 2404:6800::5175:15ca (socktype=2, protocol=17) ->
1729 // ::1.2.3.4 (socktype=2, protocol=17) ->
1730 // 2001::47c1 (socktype=2, protocol=17) ->
1731 // 1.2.3.4 (socktype=1, protocol=6) ->
1732 // 2404:6800::5175:15ca (socktype=1, protocol=6) ->
1733 // ::1.2.3.4 (socktype=1, protocol=6) ->
1734 // 2001::47c1 (socktype=1, protocol=6)
1735 //
1736 // See resolv_getaddrinfo, explore_fqdn and dns_getaddrinfo.
1737 EXPECT_THAT(ToStrings(result),
1738 testing::ElementsAreArray(
1739 {kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1740 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_TEREDO,
1741 kHelloExampleComAddrV4, kHelloExampleComAddrV6_GUA,
1742 kHelloExampleComAddrV6_IPV4COMPAT, kHelloExampleComAddrV6_TEREDO}));
1743 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
1744 }
1745
TEST_F(ResolverTest,EmptySetup)1746 TEST_F(ResolverTest, EmptySetup) {
1747 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParamsParcel{.netId = TEST_NETID}));
1748 const auto resolvInfo = mDnsClient.getResolverInfo();
1749 ASSERT_RESULT_OK(resolvInfo);
1750 EXPECT_TRUE(resolvInfo.value().dnsServers.empty());
1751 EXPECT_TRUE(resolvInfo.value().domains.empty());
1752 EXPECT_TRUE(resolvInfo.value().dotServers.empty());
1753 EXPECT_EQ(0U, resolvInfo.value().params.sample_validity);
1754 EXPECT_EQ(0U, resolvInfo.value().params.success_threshold);
1755 EXPECT_EQ(0U, resolvInfo.value().params.min_samples);
1756 EXPECT_EQ(0U, resolvInfo.value().params.max_samples);
1757 // We don't check baseTimeoutMsec and retryCount because their value differ depending on
1758 // the experiment flags.
1759 }
1760
TEST_F(ResolverTest,SearchPathChange)1761 TEST_F(ResolverTest, SearchPathChange) {
1762 constexpr char listen_addr[] = "127.0.0.13";
1763 constexpr char host_name1[] = "test13.domain1.org.";
1764 constexpr char host_name2[] = "test13.domain2.org.";
1765 std::vector<std::string> servers = {listen_addr};
1766 std::vector<std::string> domains = {"domain1.org"};
1767
1768 const std::vector<DnsRecord> records = {
1769 {host_name1, ns_type::ns_t_aaaa, "2001:db8::13"},
1770 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13"},
1771 };
1772 test::DNSResponder dns(listen_addr);
1773 StartDns(dns, records);
1774 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1775
1776 const addrinfo hints = {.ai_family = AF_INET6};
1777 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
1778 EXPECT_TRUE(result != nullptr);
1779 EXPECT_EQ(1U, dns.queries().size());
1780 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
1781 EXPECT_EQ("2001:db8::13", ToString(result));
1782
1783 // Test that changing the domain search path on its own works.
1784 domains = {"domain2.org"};
1785 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, domains));
1786 dns.clearQueries();
1787
1788 result = safe_getaddrinfo("test13", nullptr, &hints);
1789 EXPECT_TRUE(result != nullptr);
1790 EXPECT_EQ(1U, dns.queries().size());
1791 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
1792 EXPECT_EQ("2001:db8::1:13", ToString(result));
1793 }
1794
TEST_F(ResolverTest,SearchPathPrune)1795 TEST_F(ResolverTest, SearchPathPrune) {
1796 constexpr size_t DUPLICATED_DOMAIN_NUM = 3;
1797 constexpr char listen_addr[] = "127.0.0.13";
1798 constexpr char domian_name1[] = "domain13.org.";
1799 constexpr char domian_name2[] = "domain14.org.";
1800 constexpr char host_name1[] = "test13.domain13.org.";
1801 constexpr char host_name2[] = "test14.domain14.org.";
1802 std::vector<std::string> servers = {listen_addr};
1803
1804 std::vector<std::string> testDomains1;
1805 std::vector<std::string> testDomains2;
1806 // Domain length should be <= 255
1807 // Max number of domains in search path is 6
1808 for (size_t i = 0; i < MAXDNSRCH + 1; i++) {
1809 // Fill up with invalid domain
1810 testDomains1.push_back(std::string(300, i + '0'));
1811 // Fill up with valid but duplicated domain
1812 testDomains2.push_back(fmt::format("domain{}.org", i % DUPLICATED_DOMAIN_NUM));
1813 }
1814
1815 // Add valid domain used for query.
1816 testDomains1.push_back(domian_name1);
1817
1818 // Add valid domain twice used for query.
1819 testDomains2.push_back(domian_name2);
1820 testDomains2.push_back(domian_name2);
1821
1822 const std::vector<DnsRecord> records = {
1823 {host_name1, ns_type::ns_t_aaaa, "2001:db8::13"},
1824 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13"},
1825 };
1826 test::DNSResponder dns(listen_addr);
1827 StartDns(dns, records);
1828 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, testDomains1));
1829
1830 const addrinfo hints = {.ai_family = AF_INET6};
1831 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
1832
1833 EXPECT_TRUE(result != nullptr);
1834
1835 EXPECT_EQ(1U, dns.queries().size());
1836 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
1837 EXPECT_EQ("2001:db8::13", ToString(result));
1838
1839 auto resolvInfo = mDnsClient.getResolverInfo();
1840 ASSERT_RESULT_OK(resolvInfo);
1841 const auto& res_domains1 = resolvInfo.value().domains;
1842 // Expect 1 valid domain, invalid domains are removed.
1843 ASSERT_EQ(1U, res_domains1.size());
1844 EXPECT_EQ(domian_name1, res_domains1[0]);
1845
1846 dns.clearQueries();
1847
1848 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers, testDomains2));
1849
1850 result = safe_getaddrinfo("test14", nullptr, &hints);
1851 EXPECT_TRUE(result != nullptr);
1852
1853 // (3 domains * 2 retries) + 1 success query = 7
1854 EXPECT_EQ(7U, dns.queries().size());
1855 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
1856 EXPECT_EQ("2001:db8::1:13", ToString(result));
1857
1858 resolvInfo = mDnsClient.getResolverInfo();
1859 ASSERT_RESULT_OK(resolvInfo);
1860 const auto& res_domains2 = resolvInfo.value().domains;
1861 // Expect 4 valid domain, duplicate domains are removed.
1862 EXPECT_EQ(DUPLICATED_DOMAIN_NUM + 1U, res_domains2.size());
1863 EXPECT_THAT(
1864 std::vector<std::string>({"domain0.org", "domain1.org", "domain2.org", domian_name2}),
1865 testing::ElementsAreArray(res_domains2));
1866 }
1867
1868 // If we move this function to dns_responder_client, it will complicate the dependency need of
1869 // dns_tls_frontend.h.
setupTlsServers(const std::vector<std::string> & servers,std::vector<std::unique_ptr<test::DnsTlsFrontend>> * tls)1870 static void setupTlsServers(const std::vector<std::string>& servers,
1871 std::vector<std::unique_ptr<test::DnsTlsFrontend>>* tls) {
1872 constexpr char listen_udp[] = "53";
1873 constexpr char listen_tls[] = "853";
1874
1875 for (const auto& server : servers) {
1876 auto t = std::make_unique<test::DnsTlsFrontend>(server, listen_tls, server, listen_udp);
1877 t = std::make_unique<test::DnsTlsFrontend>(server, listen_tls, server, listen_udp);
1878 t->startServer();
1879 tls->push_back(std::move(t));
1880 }
1881 }
1882
TEST_F(ResolverTest,MaxServerPrune_Binder)1883 TEST_F(ResolverTest, MaxServerPrune_Binder) {
1884 std::vector<std::string> domains;
1885 std::vector<std::unique_ptr<test::DNSResponder>> dns;
1886 std::vector<std::unique_ptr<test::DnsTlsFrontend>> tls;
1887 std::vector<std::string> servers;
1888 std::vector<DnsResponderClient::Mapping> mappings;
1889
1890 for (unsigned i = 0; i < MAXDNSRCH + 1; i++) {
1891 domains.push_back(fmt::format("example{}.com", i));
1892 }
1893 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupMappings(1, domains, &mappings));
1894 ASSERT_NO_FATAL_FAILURE(mDnsClient.SetupDNSServers(MAXNS + 1, mappings, &dns, &servers));
1895 ASSERT_NO_FATAL_FAILURE(setupTlsServers(servers, &tls));
1896
1897 const auto parcel = ResolverParams::Builder()
1898 .setDomains(domains)
1899 .setDnsServers(servers)
1900 .setDotServers(servers)
1901 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
1902 .build();
1903 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1904
1905 // If the private DNS validation hasn't completed yet before backend DNS servers stop,
1906 // TLS servers will get stuck in handleOneRequest(), which causes this test stuck in
1907 // ~DnsTlsFrontend() because the TLS server loop threads can't be terminated.
1908 // So, wait for private DNS validation done before stopping backend DNS servers.
1909 for (int i = 0; i < MAXNS; i++) {
1910 LOG(INFO) << "Waiting for private DNS validation on " << tls[i]->listen_address() << ".";
1911 EXPECT_TRUE(WaitForPrivateDnsValidation(tls[i]->listen_address(), true));
1912 LOG(INFO) << "private DNS validation on " << tls[i]->listen_address() << " done.";
1913 }
1914
1915 const auto resolvInfo = mDnsClient.getResolverInfo();
1916 ASSERT_RESULT_OK(resolvInfo);
1917 EXPECT_EQ(static_cast<size_t>(MAXNS), resolvInfo.value().dnsServers.size());
1918 EXPECT_EQ(static_cast<size_t>(MAXNS), resolvInfo.value().dotServers.size());
1919 EXPECT_EQ(static_cast<size_t>(MAXDNSRCH), resolvInfo.value().domains.size());
1920 EXPECT_TRUE(std::equal(servers.begin(), servers.begin() + MAXNS,
1921 resolvInfo.value().dnsServers.begin()));
1922 EXPECT_TRUE(std::equal(servers.begin(), servers.begin() + MAXNS,
1923 resolvInfo.value().dotServers.begin()));
1924 EXPECT_TRUE(std::equal(domains.begin(), domains.begin() + MAXDNSRCH,
1925 resolvInfo.value().domains.begin()));
1926 }
1927
TEST_F(ResolverTest,ResolverStats)1928 TEST_F(ResolverTest, ResolverStats) {
1929 constexpr char listen_addr1[] = "127.0.0.4";
1930 constexpr char listen_addr2[] = "127.0.0.5";
1931 constexpr char listen_addr3[] = "127.0.0.6";
1932
1933 // Set server 1 timeout.
1934 test::DNSResponder dns1(listen_addr1, "53", static_cast<ns_rcode>(-1));
1935 dns1.setResponseProbability(0.0);
1936 ASSERT_TRUE(dns1.startServer());
1937
1938 // Set server 2 responding server failure.
1939 test::DNSResponder dns2(listen_addr2);
1940 dns2.setResponseProbability(0.0);
1941 ASSERT_TRUE(dns2.startServer());
1942
1943 // Set server 3 workable.
1944 test::DNSResponder dns3(listen_addr3);
1945 dns3.addMapping(kHelloExampleCom, ns_type::ns_t_a, "1.2.3.4");
1946 ASSERT_TRUE(dns3.startServer());
1947
1948 std::vector<std::string> servers = {listen_addr1, listen_addr2, listen_addr3};
1949 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
1950
1951 dns3.clearQueries();
1952 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1953 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
1954 size_t found = GetNumQueries(dns3, kHelloExampleCom);
1955 EXPECT_LE(1U, found);
1956 std::string result_str = ToString(result);
1957 EXPECT_TRUE(result_str == "1.2.3.4") << ", result_str='" << result_str << "'";
1958
1959 const std::vector<NameserverStats> expectedCleartextDnsStats = {
1960 NameserverStats(listen_addr1).setTimeouts(1),
1961 NameserverStats(listen_addr2).setErrors(1),
1962 NameserverStats(listen_addr3).setSuccesses(1).setRttAvg(1),
1963 };
1964 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
1965 }
1966
TEST_F(ResolverTest,AlwaysUseLatestSetupParamsInLookups)1967 TEST_F(ResolverTest, AlwaysUseLatestSetupParamsInLookups) {
1968 constexpr char listen_addr1[] = "127.0.0.3";
1969 constexpr char listen_addr2[] = "255.255.255.255";
1970 constexpr char listen_addr3[] = "127.0.0.4";
1971 constexpr char hostname[] = "hello";
1972 constexpr char fqdn_with_search_domain[] = "hello.domain2.com.";
1973
1974 test::DNSResponder dns1(listen_addr1, test::kDefaultListenService, static_cast<ns_rcode>(-1));
1975 dns1.setResponseProbability(0.0);
1976 ASSERT_TRUE(dns1.startServer());
1977
1978 test::DNSResponder dns3(listen_addr3);
1979 StartDns(dns3, {{fqdn_with_search_domain, ns_type::ns_t_a, "1.2.3.4"}});
1980
1981 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
1982 parcel.tlsServers.clear();
1983 parcel.servers = {listen_addr1, listen_addr2};
1984 parcel.domains = {"domain1.com", "domain2.com"};
1985 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
1986
1987 // Expect the things happening in t1:
1988 // 1. The lookup starts using the first domain for query. It sends queries to the populated
1989 // nameserver list {listen_addr1, listen_addr2} for the hostname "hello.domain1.com".
1990 // 2. A different list of nameservers is updated to the resolver. Revision ID is incremented.
1991 // 3. The query for the hostname times out. The lookup fails to add the timeout record to the
1992 // the stats because of the unmatched revision ID.
1993 // 4. The lookup starts using the second domain for query. It sends queries to the populated
1994 // nameserver list {listen_addr3, listen_addr1, listen_addr2} for another hostname
1995 // "hello.domain2.com".
1996 // 5. The lookup gets the answer and updates a success record to the stats.
1997 std::thread t1([&hostname]() {
1998 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
1999 ScopedAddrinfo result = safe_getaddrinfo(hostname, nullptr, &hints);
2000 EXPECT_NE(result.get(), nullptr);
2001 EXPECT_EQ(ToString(result), "1.2.3.4");
2002 });
2003
2004 // Wait for t1 to start the step 1.
2005 while (dns1.queries().size() == 0) {
2006 usleep(1000);
2007 }
2008
2009 // Update the resolver with three nameservers. This will increment the revision ID.
2010 parcel.servers = {listen_addr3, listen_addr1, listen_addr2};
2011 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
2012
2013 t1.join();
2014 EXPECT_EQ(0U, GetNumQueriesForType(dns3, ns_type::ns_t_aaaa, fqdn_with_search_domain));
2015 EXPECT_EQ(1U, GetNumQueriesForType(dns3, ns_type::ns_t_a, fqdn_with_search_domain));
2016
2017 const std::vector<NameserverStats> expectedCleartextDnsStats = {
2018 NameserverStats(listen_addr1),
2019 NameserverStats(listen_addr2),
2020 NameserverStats(listen_addr3).setSuccesses(1).setRttAvg(1),
2021 };
2022 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
2023 }
2024
2025 // Test what happens if the specified TLS server is nonexistent.
TEST_F(ResolverTest,GetHostByName_TlsMissing)2026 TEST_F(ResolverTest, GetHostByName_TlsMissing) {
2027 constexpr char host_name[] = "tlsmissing.example.com.";
2028 test::DNSResponder dns;
2029 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.3"}});
2030
2031 // There's nothing listening on this address, so validation will either fail or
2032 /// hang. Either way, queries will continue to flow to the DNSResponder.
2033 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2034
2035 const hostent* result;
2036 result = gethostbyname("tlsmissing");
2037 ASSERT_FALSE(result == nullptr);
2038 EXPECT_EQ("1.2.3.3", ToString(result));
2039 }
2040
2041 // Test what happens if the specified TLS server replies with garbage.
TEST_F(ResolverTest,GetHostByName_TlsBroken)2042 TEST_F(ResolverTest, GetHostByName_TlsBroken) {
2043 constexpr char host_name1[] = "tlsbroken1.example.com.";
2044 constexpr char host_name2[] = "tlsbroken2.example.com.";
2045 const std::vector<DnsRecord> records = {
2046 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2047 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2048 };
2049
2050 test::DNSResponder dns;
2051 StartDns(dns, records);
2052
2053 // Bind the specified private DNS socket but don't respond to any client sockets yet.
2054 int s = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
2055 ASSERT_TRUE(s >= 0);
2056 struct sockaddr_in tlsServer = {
2057 .sin_family = AF_INET,
2058 .sin_port = htons(853),
2059 };
2060 ASSERT_TRUE(inet_pton(AF_INET, kDefaultServer, &tlsServer.sin_addr));
2061 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEPORT).ok());
2062 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEADDR).ok());
2063 ASSERT_FALSE(bind(s, reinterpret_cast<struct sockaddr*>(&tlsServer), sizeof(tlsServer)));
2064 ASSERT_FALSE(listen(s, 1));
2065
2066 // Trigger TLS validation.
2067 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2068
2069 struct sockaddr_storage cliaddr;
2070 socklen_t sin_size = sizeof(cliaddr);
2071 int new_fd = accept4(s, reinterpret_cast<struct sockaddr*>(&cliaddr), &sin_size, SOCK_CLOEXEC);
2072 ASSERT_TRUE(new_fd > 0);
2073
2074 // We've received the new file descriptor but not written to it or closed, so the
2075 // validation is still pending. Queries should still flow correctly because the
2076 // server is not used until validation succeeds.
2077 const hostent* result;
2078 result = gethostbyname("tlsbroken1");
2079 ASSERT_FALSE(result == nullptr);
2080 EXPECT_EQ("1.2.3.1", ToString(result));
2081
2082 // Now we cause the validation to fail.
2083 std::string garbage = "definitely not a valid TLS ServerHello";
2084 write(new_fd, garbage.data(), garbage.size());
2085 close(new_fd);
2086
2087 // Validation failure shouldn't interfere with lookups, because lookups won't be sent
2088 // to the TLS server unless validation succeeds.
2089 result = gethostbyname("tlsbroken2");
2090 ASSERT_FALSE(result == nullptr);
2091 EXPECT_EQ("1.2.3.2", ToString(result));
2092
2093 // Clear TLS bit.
2094 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2095 close(s);
2096 }
2097
TEST_F(ResolverTest,GetHostByName_Tls)2098 TEST_F(ResolverTest, GetHostByName_Tls) {
2099 constexpr char listen_udp[] = "53";
2100 constexpr char listen_tls[] = "853";
2101 constexpr char host_name1[] = "tls1.example.com.";
2102 constexpr char host_name2[] = "tls2.example.com.";
2103 constexpr char host_name3[] = "tls3.example.com.";
2104 const std::vector<DnsRecord> records = {
2105 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2106 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2107 {host_name3, ns_type::ns_t_a, "1.2.3.3"},
2108 };
2109
2110 test::DNSResponder dns;
2111 StartDns(dns, records);
2112
2113 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2114 ASSERT_TRUE(tls.startServer());
2115 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
2116 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2117
2118 const hostent* result = gethostbyname("tls1");
2119 ASSERT_FALSE(result == nullptr);
2120 EXPECT_EQ("1.2.3.1", ToString(result));
2121
2122 // Wait for query to get counted.
2123 EXPECT_TRUE(tls.waitForQueries(2));
2124
2125 // Stop the TLS server. Since we're in opportunistic mode, queries will
2126 // fall back to the locally-assigned (clear text) nameservers.
2127 tls.stopServer();
2128
2129 dns.clearQueries();
2130 result = gethostbyname("tls2");
2131 EXPECT_FALSE(result == nullptr);
2132 EXPECT_EQ("1.2.3.2", ToString(result));
2133 const auto queries = dns.queries();
2134 EXPECT_EQ(1U, queries.size());
2135 EXPECT_EQ("tls2.example.com.", queries[0].name);
2136 EXPECT_EQ(ns_t_a, queries[0].type);
2137
2138 // Reset the resolvers without enabling TLS. Queries should still be routed
2139 // to the UDP endpoint.
2140 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2141
2142 result = gethostbyname("tls3");
2143 ASSERT_FALSE(result == nullptr);
2144 EXPECT_EQ("1.2.3.3", ToString(result));
2145 }
2146
TEST_F(ResolverTest,GetHostByName_TlsFailover)2147 TEST_F(ResolverTest, GetHostByName_TlsFailover) {
2148 constexpr char listen_addr1[] = "127.0.0.3";
2149 constexpr char listen_addr2[] = "127.0.0.4";
2150 constexpr char listen_udp[] = "53";
2151 constexpr char listen_tls[] = "853";
2152 constexpr char host_name1[] = "tlsfailover1.example.com.";
2153 constexpr char host_name2[] = "tlsfailover2.example.com.";
2154 const std::vector<DnsRecord> records1 = {
2155 {host_name1, ns_type::ns_t_a, "1.2.3.1"},
2156 {host_name2, ns_type::ns_t_a, "1.2.3.2"},
2157 };
2158 const std::vector<DnsRecord> records2 = {
2159 {host_name1, ns_type::ns_t_a, "1.2.3.3"},
2160 {host_name2, ns_type::ns_t_a, "1.2.3.4"},
2161 };
2162
2163 test::DNSResponder dns1(listen_addr1);
2164 test::DNSResponder dns2(listen_addr2);
2165 StartDns(dns1, records1);
2166 StartDns(dns2, records2);
2167
2168 std::vector<std::string> servers = {listen_addr1, listen_addr2};
2169
2170 test::DnsTlsFrontend tls1(listen_addr1, listen_tls, listen_addr1, listen_udp);
2171 test::DnsTlsFrontend tls2(listen_addr2, listen_tls, listen_addr2, listen_udp);
2172 ASSERT_TRUE(tls1.startServer());
2173 ASSERT_TRUE(tls2.startServer());
2174 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2175 ResolverParams::Builder()
2176 .setDnsServers(servers)
2177 .setDotServers(servers)
2178 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
2179 .build()));
2180 EXPECT_TRUE(WaitForPrivateDnsValidation(tls1.listen_address(), true));
2181 EXPECT_TRUE(WaitForPrivateDnsValidation(tls2.listen_address(), true));
2182
2183 const hostent* result = gethostbyname("tlsfailover1");
2184 ASSERT_FALSE(result == nullptr);
2185 EXPECT_EQ("1.2.3.1", ToString(result));
2186
2187 // Wait for query to get counted.
2188 EXPECT_TRUE(tls1.waitForQueries(2));
2189 // No new queries should have reached tls2.
2190 EXPECT_TRUE(tls2.waitForQueries(1));
2191
2192 // Stop tls1. Subsequent queries should attempt to reach tls1, fail, and retry to tls2.
2193 tls1.stopServer();
2194
2195 result = gethostbyname("tlsfailover2");
2196 EXPECT_EQ("1.2.3.4", ToString(result));
2197
2198 // Wait for query to get counted.
2199 EXPECT_TRUE(tls2.waitForQueries(2));
2200
2201 // No additional queries should have reached the insecure servers.
2202 EXPECT_EQ(2U, dns1.queries().size());
2203 EXPECT_EQ(2U, dns2.queries().size());
2204
2205 // Clear TLS bit.
2206 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2207 }
2208
TEST_F(ResolverTest,GetHostByName_BadTlsName)2209 TEST_F(ResolverTest, GetHostByName_BadTlsName) {
2210 constexpr char listen_udp[] = "53";
2211 constexpr char listen_tls[] = "853";
2212 constexpr char host_name[] = "badtlsname.example.com.";
2213
2214 test::DNSResponder dns;
2215 StartDns(dns, {{host_name, ns_type::ns_t_a, "1.2.3.1"}});
2216
2217 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2218 ASSERT_TRUE(tls.startServer());
2219 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2220 ResolverParams::Builder()
2221 .setPrivateDnsProvider(kDefaultIncorrectPrivateDnsHostName)
2222 .build()));
2223
2224 // The TLS handshake would fail because the name of TLS server doesn't
2225 // match with TLS server's certificate.
2226 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), false));
2227
2228 // The query should fail hard, because a name was specified.
2229 EXPECT_EQ(nullptr, gethostbyname("badtlsname"));
2230
2231 // Clear TLS bit.
2232 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
2233 }
2234
TEST_F(ResolverTest,GetAddrInfo_Tls)2235 TEST_F(ResolverTest, GetAddrInfo_Tls) {
2236 constexpr char listen_udp[] = "53";
2237 constexpr char listen_tls[] = "853";
2238 constexpr char host_name[] = "addrinfotls.example.com.";
2239 const std::vector<DnsRecord> records = {
2240 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2241 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2242 };
2243
2244 test::DNSResponder dns;
2245 StartDns(dns, records);
2246
2247 test::DnsTlsFrontend tls(kDefaultServer, listen_tls, kDefaultServer, listen_udp);
2248 ASSERT_TRUE(tls.startServer());
2249 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2250 ResolverParams::Builder().setPrivateDnsProvider(kDefaultPrivateDnsHostName).build()));
2251 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
2252
2253 dns.clearQueries();
2254 ScopedAddrinfo result = safe_getaddrinfo("addrinfotls", nullptr, nullptr);
2255 EXPECT_TRUE(result != nullptr);
2256 size_t found = GetNumQueries(dns, host_name);
2257 EXPECT_LE(1U, found);
2258 // Could be A or AAAA
2259 std::string result_str = ToString(result);
2260 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
2261 << ", result_str='" << result_str << "'";
2262 // Wait for both A and AAAA queries to get counted.
2263 EXPECT_TRUE(tls.waitForQueries(3));
2264 }
2265
TEST_F(ResolverTest,TlsBypass)2266 TEST_F(ResolverTest, TlsBypass) {
2267 const char OFF[] = "off";
2268 const char OPPORTUNISTIC[] = "opportunistic";
2269 const char STRICT[] = "strict";
2270
2271 const char GETHOSTBYNAME[] = "gethostbyname";
2272 const char GETADDRINFO[] = "getaddrinfo";
2273 const char GETADDRINFOFORNET[] = "getaddrinfofornet";
2274
2275 const unsigned BYPASS_NETID = NETID_USE_LOCAL_NAMESERVERS | TEST_NETID;
2276
2277 const char ADDR4[] = "192.0.2.1";
2278 const char ADDR6[] = "2001:db8::1";
2279
2280 const char cleartext_addr[] = "127.0.0.53";
2281 const char cleartext_port[] = "53";
2282 const char tls_port[] = "853";
2283 const std::vector<std::string> servers = {cleartext_addr};
2284
2285 test::DNSResponder dns(cleartext_addr);
2286 ASSERT_TRUE(dns.startServer());
2287
2288 test::DnsTlsFrontend tls(cleartext_addr, tls_port, cleartext_addr, cleartext_port);
2289 ASSERT_TRUE(tls.startServer());
2290
2291 // clang-format off
2292 struct TestConfig {
2293 const std::string mode;
2294 const bool withWorkingTLS;
2295 const std::string method;
2296
2297 std::string asHostName() const {
2298 return fmt::format("{}.{}.{}.", mode, withWorkingTLS ? "tlsOn" : "tlsOff",
2299 method);
2300 }
2301 } testConfigs[]{
2302 {OFF, true, GETHOSTBYNAME},
2303 {OPPORTUNISTIC, true, GETHOSTBYNAME},
2304 {STRICT, true, GETHOSTBYNAME},
2305 {OFF, true, GETADDRINFO},
2306 {OPPORTUNISTIC, true, GETADDRINFO},
2307 {STRICT, true, GETADDRINFO},
2308 {OFF, true, GETADDRINFOFORNET},
2309 {OPPORTUNISTIC, true, GETADDRINFOFORNET},
2310 {STRICT, true, GETADDRINFOFORNET},
2311 {OFF, false, GETHOSTBYNAME},
2312 {OPPORTUNISTIC, false, GETHOSTBYNAME},
2313 {STRICT, false, GETHOSTBYNAME},
2314 {OFF, false, GETADDRINFO},
2315 {OPPORTUNISTIC, false, GETADDRINFO},
2316 {STRICT, false, GETADDRINFO},
2317 {OFF, false, GETADDRINFOFORNET},
2318 {OPPORTUNISTIC, false, GETADDRINFOFORNET},
2319 {STRICT, false, GETADDRINFOFORNET},
2320 };
2321 // clang-format on
2322
2323 for (const auto& config : testConfigs) {
2324 const std::string testHostName = config.asHostName();
2325 SCOPED_TRACE(testHostName);
2326
2327 // Don't tempt test bugs due to caching.
2328 const char* host_name = testHostName.c_str();
2329 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
2330 dns.addMapping(host_name, ns_type::ns_t_aaaa, ADDR6);
2331
2332 if (config.withWorkingTLS) {
2333 if (!tls.running()) {
2334 ASSERT_TRUE(tls.startServer());
2335 }
2336 } else {
2337 if (tls.running()) {
2338 ASSERT_TRUE(tls.stopServer());
2339 }
2340 }
2341
2342 if (config.mode == OFF) {
2343 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2344 } else /* OPPORTUNISTIC or STRICT */ {
2345 auto builder = ResolverParams::Builder().setDnsServers(servers).setDotServers(servers);
2346 if (config.mode == STRICT) builder.setPrivateDnsProvider(kDefaultPrivateDnsHostName);
2347 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.build()));
2348
2349 // Wait for the validation event. If the server is running, the validation should
2350 // succeed; otherwise, the validation should fail.
2351 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), config.withWorkingTLS));
2352 if (config.withWorkingTLS) {
2353 EXPECT_TRUE(tls.waitForQueries(1));
2354 tls.clearQueries();
2355 }
2356 }
2357
2358 const hostent* h_result = nullptr;
2359 ScopedAddrinfo ai_result;
2360
2361 if (config.method == GETHOSTBYNAME) {
2362 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
2363 h_result = gethostbyname(host_name);
2364
2365 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
2366 ASSERT_FALSE(h_result == nullptr);
2367 ASSERT_EQ(4, h_result->h_length);
2368 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
2369 EXPECT_EQ(ADDR4, ToString(h_result));
2370 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
2371 } else if (config.method == GETADDRINFO) {
2372 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
2373 ai_result = safe_getaddrinfo(host_name, nullptr, nullptr);
2374 EXPECT_TRUE(ai_result != nullptr);
2375
2376 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2377 // Could be A or AAAA
2378 const std::string result_str = ToString(ai_result);
2379 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
2380 << ", result_str='" << result_str << "'";
2381 } else if (config.method == GETADDRINFOFORNET) {
2382 addrinfo* raw_ai_result = nullptr;
2383 EXPECT_EQ(0, android_getaddrinfofornet(host_name, /*servname=*/nullptr,
2384 /*hints=*/nullptr, BYPASS_NETID, MARK_UNSET,
2385 &raw_ai_result));
2386 ai_result.reset(raw_ai_result);
2387
2388 EXPECT_LE(1U, GetNumQueries(dns, host_name));
2389 // Could be A or AAAA
2390 const std::string result_str = ToString(ai_result);
2391 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
2392 << ", result_str='" << result_str << "'";
2393 }
2394
2395 EXPECT_EQ(0, tls.queries());
2396
2397 // Clear per-process resolv netid.
2398 ASSERT_EQ(0, setNetworkForResolv(NETID_UNSET));
2399 dns.clearQueries();
2400 }
2401 }
2402
TEST_F(ResolverTest,StrictMode_NoTlsServers)2403 TEST_F(ResolverTest, StrictMode_NoTlsServers) {
2404 constexpr char host_name[] = "strictmode.notlsips.example.com.";
2405 const std::vector<DnsRecord> records = {
2406 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2407 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2408 };
2409
2410 test::DNSResponder dns(kDefaultServer);
2411 StartDns(dns, records);
2412 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
2413 ResolverParams::Builder()
2414 .setPrivateDnsProvider(kDefaultIncorrectPrivateDnsHostName)
2415 .build()));
2416
2417 addrinfo* ai_result = nullptr;
2418 EXPECT_NE(0, getaddrinfo(host_name, nullptr, nullptr, &ai_result));
2419 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
2420 }
2421
2422 namespace {
2423
getAsyncResponse(int fd,int * rcode,uint8_t * buf,int bufLen)2424 int getAsyncResponse(int fd, int* rcode, uint8_t* buf, int bufLen) {
2425 struct pollfd wait_fd[1];
2426 wait_fd[0].fd = fd;
2427 wait_fd[0].events = POLLIN;
2428 short revents;
2429
2430 if (int ret = poll(wait_fd, 1, -1); ret <= 0) {
2431 return -1;
2432 }
2433 revents = wait_fd[0].revents;
2434 if (revents & POLLIN) {
2435 return resNetworkResult(fd, rcode, buf, bufLen);
2436 }
2437 return -1;
2438 }
2439
toString(uint8_t * buf,int bufLen,int ipType)2440 std::string toString(uint8_t* buf, int bufLen, int ipType) {
2441 ns_msg handle;
2442 ns_rr rr;
2443
2444 if (ns_initparse((const uint8_t*)buf, bufLen, &handle) >= 0) {
2445 if (ns_parserr(&handle, ns_s_an, 0, &rr) == 0) {
2446 const uint8_t* rdata = ns_rr_rdata(rr);
2447 char buffer[INET6_ADDRSTRLEN];
2448 if (inet_ntop(ipType, (const char*)rdata, buffer, sizeof(buffer))) {
2449 return buffer;
2450 }
2451 }
2452 }
2453 return "";
2454 }
2455
dns_open_proxy()2456 int dns_open_proxy() {
2457 int s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
2458 if (s == -1) {
2459 return -1;
2460 }
2461 const int one = 1;
2462 setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
2463
2464 static const struct sockaddr_un proxy_addr = {
2465 .sun_family = AF_UNIX,
2466 .sun_path = "/dev/socket/dnsproxyd",
2467 };
2468
2469 if (TEMP_FAILURE_RETRY(connect(s, (const struct sockaddr*)&proxy_addr, sizeof(proxy_addr))) !=
2470 0) {
2471 close(s);
2472 return -1;
2473 }
2474
2475 return s;
2476 }
2477
expectAnswersValid(int fd,int ipType,const std::string & expectedAnswer)2478 void expectAnswersValid(int fd, int ipType, const std::string& expectedAnswer) {
2479 int rcode = -1;
2480 uint8_t buf[MAXPACKET] = {};
2481
2482 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2483 EXPECT_GT(res, 0);
2484 EXPECT_EQ(expectedAnswer, toString(buf, res, ipType));
2485 }
2486
expectAnswersNotValid(int fd,int expectedErrno)2487 void expectAnswersNotValid(int fd, int expectedErrno) {
2488 int rcode = -1;
2489 uint8_t buf[MAXPACKET] = {};
2490
2491 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2492 EXPECT_EQ(expectedErrno, res);
2493 }
2494
2495 } // namespace
2496
TEST_F(ResolverTest,Async_NormalQueryV4V6)2497 TEST_F(ResolverTest, Async_NormalQueryV4V6) {
2498 constexpr char listen_addr[] = "127.0.0.4";
2499 constexpr char host_name[] = "howdy.example.com.";
2500 const std::vector<DnsRecord> records = {
2501 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2502 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2503 };
2504
2505 test::DNSResponder dns(listen_addr);
2506 StartDns(dns, records);
2507 std::vector<std::string> servers = {listen_addr};
2508 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2509
2510 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2511 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2512 EXPECT_TRUE(fd1 != -1);
2513 EXPECT_TRUE(fd2 != -1);
2514
2515 uint8_t buf[MAXPACKET] = {};
2516 int rcode;
2517 int res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2518 EXPECT_GT(res, 0);
2519 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2520
2521 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2522 EXPECT_GT(res, 0);
2523 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2524
2525 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
2526
2527 // Re-query verify cache works
2528 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2529 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2530
2531 EXPECT_TRUE(fd1 != -1);
2532 EXPECT_TRUE(fd2 != -1);
2533
2534 res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2535 EXPECT_GT(res, 0);
2536 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2537
2538 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2539 EXPECT_GT(res, 0);
2540 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2541
2542 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
2543 }
2544
TEST_F(ResolverTest,Async_BadQuery)2545 TEST_F(ResolverTest, Async_BadQuery) {
2546 constexpr char listen_addr[] = "127.0.0.4";
2547 constexpr char host_name[] = "howdy.example.com.";
2548 const std::vector<DnsRecord> records = {
2549 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2550 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2551 };
2552
2553 test::DNSResponder dns(listen_addr);
2554 StartDns(dns, records);
2555 std::vector<std::string> servers = {listen_addr};
2556 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2557
2558 static struct {
2559 int fd;
2560 const char* dname;
2561 const int queryType;
2562 const int expectRcode;
2563 } kTestData[] = {
2564 {-1, "", ns_t_aaaa, 0},
2565 {-1, "as65ass46", ns_t_aaaa, 0},
2566 {-1, "454564564564", ns_t_aaaa, 0},
2567 {-1, "h645235", ns_t_a, 0},
2568 {-1, "www.google.com", ns_t_a, 0},
2569 };
2570
2571 for (auto& td : kTestData) {
2572 SCOPED_TRACE(td.dname);
2573 td.fd = resNetworkQuery(TEST_NETID, td.dname, ns_c_in, td.queryType, 0);
2574 EXPECT_TRUE(td.fd != -1);
2575 }
2576
2577 // dns_responder return empty resp(packet only contains query part) with no error currently
2578 for (const auto& td : kTestData) {
2579 uint8_t buf[MAXPACKET] = {};
2580 int rcode;
2581 SCOPED_TRACE(td.dname);
2582 int res = getAsyncResponse(td.fd, &rcode, buf, MAXPACKET);
2583 EXPECT_GT(res, 0);
2584 EXPECT_EQ(rcode, td.expectRcode);
2585 }
2586 }
2587
TEST_F(ResolverTest,Async_EmptyAnswer)2588 TEST_F(ResolverTest, Async_EmptyAnswer) {
2589 constexpr char listen_addr[] = "127.0.0.4";
2590 constexpr char host_name[] = "howdy.example.com.";
2591 const std::vector<DnsRecord> records = {
2592 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2593 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2594 };
2595
2596 test::DNSResponder dns(listen_addr);
2597 StartDns(dns, records);
2598 std::vector<std::string> servers = {listen_addr};
2599 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2600
2601 // TODO: Disable retry to make this test explicit.
2602 auto& cv = dns.getCv();
2603 auto& cvMutex = dns.getCvMutex();
2604 int fd1;
2605 // Wait on the condition variable to ensure that the DNS server has handled our first query.
2606 {
2607 std::unique_lock lk(cvMutex);
2608 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2609 EXPECT_TRUE(fd1 != -1);
2610 EXPECT_EQ(std::cv_status::no_timeout, cv.wait_for(lk, std::chrono::seconds(1)));
2611 }
2612
2613 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, 0, "howdy.example.com", {"::1.2.3.4"});
2614 dns.setResponseProbability(0.0);
2615
2616 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2617 EXPECT_TRUE(fd2 != -1);
2618 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2619
2620 int fd3 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2621 EXPECT_TRUE(fd3 != -1);
2622 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2623
2624 uint8_t buf[MAXPACKET] = {};
2625 int rcode;
2626
2627 // expect no response
2628 int res = getAsyncResponse(fd3, &rcode, buf, MAXPACKET);
2629 EXPECT_EQ(-ETIMEDOUT, res);
2630
2631 // expect no response
2632 memset(buf, 0, MAXPACKET);
2633 res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
2634 EXPECT_EQ(-ETIMEDOUT, res);
2635
2636 dns.setResponseProbability(1.0);
2637
2638 int fd4 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2639 EXPECT_TRUE(fd4 != -1);
2640 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, 0, "howdy.example.com", {"1.2.3.4"});
2641
2642 memset(buf, 0, MAXPACKET);
2643 res = getAsyncResponse(fd4, &rcode, buf, MAXPACKET);
2644 EXPECT_GT(res, 0);
2645 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2646
2647 memset(buf, 0, MAXPACKET);
2648 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
2649 EXPECT_GT(res, 0);
2650 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
2651 }
2652
TEST_F(ResolverTest,Async_MalformedQuery)2653 TEST_F(ResolverTest, Async_MalformedQuery) {
2654 constexpr char listen_addr[] = "127.0.0.4";
2655 constexpr char host_name[] = "howdy.example.com.";
2656 const std::vector<DnsRecord> records = {
2657 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2658 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2659 };
2660
2661 test::DNSResponder dns(listen_addr);
2662 StartDns(dns, records);
2663 std::vector<std::string> servers = {listen_addr};
2664 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2665
2666 int fd = dns_open_proxy();
2667 EXPECT_TRUE(fd > 0);
2668
2669 const std::string badMsg = "16-52512#";
2670 static const struct {
2671 const std::string cmd;
2672 const int expectErr;
2673 } kTestData[] = {
2674 // Too few arguments
2675 {"resnsend " + badMsg + '\0', -EINVAL},
2676 // Bad netId
2677 {"resnsend badnetId 0 " + badMsg + '\0', -EINVAL},
2678 // Bad raw data
2679 {"resnsend " + std::to_string(TEST_NETID) + " 0 " + badMsg + '\0', -EILSEQ},
2680 };
2681
2682 for (unsigned int i = 0; i < std::size(kTestData); i++) {
2683 auto& td = kTestData[i];
2684 SCOPED_TRACE(td.cmd);
2685 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, td.cmd.c_str(), td.cmd.size()));
2686 EXPECT_EQ(rc, static_cast<ssize_t>(td.cmd.size()));
2687
2688 int32_t tmp;
2689 rc = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
2690 EXPECT_TRUE(rc > 0);
2691 EXPECT_EQ(static_cast<int>(ntohl(tmp)), td.expectErr);
2692 }
2693 // Normal query with answer buffer
2694 // This is raw data of query "howdy.example.com" type 1 class 1
2695 std::string query = "81sBAAABAAAAAAAABWhvd2R5B2V4YW1wbGUDY29tAAABAAE=";
2696 std::string cmd = "resnsend " + std::to_string(TEST_NETID) + " 0 " + query + '\0';
2697 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
2698 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
2699
2700 uint8_t smallBuf[1] = {};
2701 int rcode;
2702 rc = getAsyncResponse(fd, &rcode, smallBuf, 1);
2703 EXPECT_EQ(-EMSGSIZE, rc);
2704
2705 // Do the normal test with large buffer again
2706 fd = dns_open_proxy();
2707 EXPECT_TRUE(fd > 0);
2708 rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
2709 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
2710 uint8_t buf[MAXPACKET] = {};
2711 rc = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2712 EXPECT_EQ("1.2.3.4", toString(buf, rc, AF_INET));
2713 }
2714
TEST_F(ResolverTest,Async_CacheFlags)2715 TEST_F(ResolverTest, Async_CacheFlags) {
2716 constexpr char listen_addr[] = "127.0.0.4";
2717 constexpr char host_name1[] = "howdy.example.com.";
2718 constexpr char host_name2[] = "howdy.example2.com.";
2719 constexpr char host_name3[] = "howdy.example3.com.";
2720 const std::vector<DnsRecord> records = {
2721 {host_name1, ns_type::ns_t_a, "1.2.3.4"}, {host_name1, ns_type::ns_t_aaaa, "::1.2.3.4"},
2722 {host_name2, ns_type::ns_t_a, "1.2.3.5"}, {host_name2, ns_type::ns_t_aaaa, "::1.2.3.5"},
2723 {host_name3, ns_type::ns_t_a, "1.2.3.6"}, {host_name3, ns_type::ns_t_aaaa, "::1.2.3.6"},
2724 };
2725
2726 test::DNSResponder dns(listen_addr);
2727 StartDns(dns, records);
2728 std::vector<std::string> servers = {listen_addr};
2729 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2730
2731 // ANDROID_RESOLV_NO_CACHE_STORE
2732 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2733 ANDROID_RESOLV_NO_CACHE_STORE);
2734 EXPECT_TRUE(fd1 != -1);
2735 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2736 ANDROID_RESOLV_NO_CACHE_STORE);
2737 EXPECT_TRUE(fd2 != -1);
2738 int fd3 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2739 ANDROID_RESOLV_NO_CACHE_STORE);
2740 EXPECT_TRUE(fd3 != -1);
2741
2742 expectAnswersValid(fd3, AF_INET, "1.2.3.4");
2743 expectAnswersValid(fd2, AF_INET, "1.2.3.4");
2744 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2745
2746 // No cache exists, expect 3 queries
2747 EXPECT_EQ(3U, GetNumQueries(dns, host_name1));
2748
2749 // Raise a query with no flags to ensure no cache exists. Also make an cache entry for the
2750 // query.
2751 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2752
2753 EXPECT_TRUE(fd1 != -1);
2754
2755 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2756
2757 // Expect 4 queries because there should be no cache before this query.
2758 EXPECT_EQ(4U, GetNumQueries(dns, host_name1));
2759
2760 // Now we have the cache entry, re-query with ANDROID_RESOLV_NO_CACHE_STORE to ensure
2761 // that ANDROID_RESOLV_NO_CACHE_STORE implied ANDROID_RESOLV_NO_CACHE_LOOKUP.
2762 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2763 ANDROID_RESOLV_NO_CACHE_STORE);
2764 EXPECT_TRUE(fd1 != -1);
2765 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2766 // Expect 5 queries because we shouldn't do cache lookup for the query which has
2767 // ANDROID_RESOLV_NO_CACHE_STORE.
2768 EXPECT_EQ(5U, GetNumQueries(dns, host_name1));
2769
2770 // ANDROID_RESOLV_NO_CACHE_LOOKUP
2771 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2772 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2773 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2774 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2775
2776 EXPECT_TRUE(fd1 != -1);
2777 EXPECT_TRUE(fd2 != -1);
2778
2779 expectAnswersValid(fd2, AF_INET, "1.2.3.4");
2780 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2781
2782 // Cache was skipped, expect 2 more queries.
2783 EXPECT_EQ(7U, GetNumQueries(dns, host_name1));
2784
2785 // Re-query verify cache works
2786 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2787 EXPECT_TRUE(fd1 != -1);
2788 expectAnswersValid(fd1, AF_INET, "1.2.3.4");
2789
2790 // Cache hits, expect still 7 queries
2791 EXPECT_EQ(7U, GetNumQueries(dns, host_name1));
2792
2793 // Start to verify if ANDROID_RESOLV_NO_CACHE_LOOKUP does write response into cache
2794 dns.clearQueries();
2795
2796 fd1 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa,
2797 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2798 fd2 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa,
2799 ANDROID_RESOLV_NO_CACHE_LOOKUP);
2800
2801 EXPECT_TRUE(fd1 != -1);
2802 EXPECT_TRUE(fd2 != -1);
2803
2804 expectAnswersValid(fd2, AF_INET6, "::1.2.3.5");
2805 expectAnswersValid(fd1, AF_INET6, "::1.2.3.5");
2806
2807 // Skip cache, expect 2 queries
2808 EXPECT_EQ(2U, GetNumQueries(dns, host_name2));
2809
2810 // Re-query without flags
2811 fd1 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa, 0);
2812 fd2 = resNetworkQuery(TEST_NETID, "howdy.example2.com", ns_c_in, ns_t_aaaa, 0);
2813
2814 EXPECT_TRUE(fd1 != -1);
2815 EXPECT_TRUE(fd2 != -1);
2816
2817 expectAnswersValid(fd2, AF_INET6, "::1.2.3.5");
2818 expectAnswersValid(fd1, AF_INET6, "::1.2.3.5");
2819
2820 // Cache hits, expect still 2 queries
2821 EXPECT_EQ(2U, GetNumQueries(dns, host_name2));
2822
2823 // Test both ANDROID_RESOLV_NO_CACHE_STORE and ANDROID_RESOLV_NO_CACHE_LOOKUP are set
2824 dns.clearQueries();
2825
2826 // Make sure that the cache of "howdy.example3.com" exists.
2827 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_aaaa, 0);
2828 EXPECT_TRUE(fd1 != -1);
2829 expectAnswersValid(fd1, AF_INET6, "::1.2.3.6");
2830 EXPECT_EQ(1U, GetNumQueries(dns, host_name3));
2831
2832 // Re-query with testFlags
2833 const int testFlag = ANDROID_RESOLV_NO_CACHE_STORE | ANDROID_RESOLV_NO_CACHE_LOOKUP;
2834 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_aaaa, testFlag);
2835 EXPECT_TRUE(fd1 != -1);
2836 expectAnswersValid(fd1, AF_INET6, "::1.2.3.6");
2837 // Expect cache lookup is skipped.
2838 EXPECT_EQ(2U, GetNumQueries(dns, host_name3));
2839
2840 // Do another query with testFlags
2841 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_a, testFlag);
2842 EXPECT_TRUE(fd1 != -1);
2843 expectAnswersValid(fd1, AF_INET, "1.2.3.6");
2844 // Expect cache lookup is skipped.
2845 EXPECT_EQ(3U, GetNumQueries(dns, host_name3));
2846
2847 // Re-query with no flags
2848 fd1 = resNetworkQuery(TEST_NETID, "howdy.example3.com", ns_c_in, ns_t_a, 0);
2849 EXPECT_TRUE(fd1 != -1);
2850 expectAnswersValid(fd1, AF_INET, "1.2.3.6");
2851 // Expect no cache hit because cache storing is also skipped in previous query.
2852 EXPECT_EQ(4U, GetNumQueries(dns, host_name3));
2853 }
2854
TEST_F(ResolverTest,Async_NoCacheStoreFlagDoesNotRefreshStaleCacheEntry)2855 TEST_F(ResolverTest, Async_NoCacheStoreFlagDoesNotRefreshStaleCacheEntry) {
2856 constexpr char listen_addr[] = "127.0.0.4";
2857 constexpr char host_name[] = "howdy.example.com.";
2858 const std::vector<DnsRecord> records = {
2859 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2860 };
2861
2862 test::DNSResponder dns(listen_addr);
2863 StartDns(dns, records);
2864 std::vector<std::string> servers = {listen_addr};
2865 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2866
2867 const unsigned SHORT_TTL_SEC = 1;
2868 dns.setTtl(SHORT_TTL_SEC);
2869
2870 // Refer to b/148842821 for the purpose of below test steps.
2871 // Basically, this test is used to ensure stale cache case is handled
2872 // correctly with ANDROID_RESOLV_NO_CACHE_STORE.
2873 int fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2874 EXPECT_TRUE(fd != -1);
2875 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2876
2877 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2878 dns.clearQueries();
2879
2880 // Wait until cache expired
2881 sleep(SHORT_TTL_SEC + 0.5);
2882
2883 // Now request the same hostname again.
2884 // We should see a new DNS query because the entry in cache has become stale.
2885 // Due to ANDROID_RESOLV_NO_CACHE_STORE, this query must *not* refresh that stale entry.
2886 fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2887 ANDROID_RESOLV_NO_CACHE_STORE);
2888 EXPECT_TRUE(fd != -1);
2889 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2890 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2891 dns.clearQueries();
2892
2893 // If the cache is still stale, we expect to see one more DNS query
2894 // (this time the cache will be refreshed, but we're not checking for it).
2895 fd = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2896 EXPECT_TRUE(fd != -1);
2897 expectAnswersValid(fd, AF_INET, "1.2.3.4");
2898 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
2899 }
2900
TEST_F(ResolverTest,Async_NoRetryFlag)2901 TEST_F(ResolverTest, Async_NoRetryFlag) {
2902 constexpr char listen_addr0[] = "127.0.0.4";
2903 constexpr char listen_addr1[] = "127.0.0.6";
2904 constexpr char host_name[] = "howdy.example.com.";
2905 const std::vector<DnsRecord> records = {
2906 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2907 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2908 };
2909
2910 test::DNSResponder dns0(listen_addr0);
2911 test::DNSResponder dns1(listen_addr1);
2912 StartDns(dns0, records);
2913 StartDns(dns1, records);
2914 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr0, listen_addr1}));
2915
2916 dns0.clearQueries();
2917 dns1.clearQueries();
2918
2919 dns0.setResponseProbability(0.0);
2920 dns1.setResponseProbability(0.0);
2921
2922 int fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a,
2923 ANDROID_RESOLV_NO_RETRY);
2924 EXPECT_TRUE(fd1 != -1);
2925
2926 int fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa,
2927 ANDROID_RESOLV_NO_RETRY);
2928 EXPECT_TRUE(fd2 != -1);
2929
2930 // expect no response
2931 expectAnswersNotValid(fd1, -ETIMEDOUT);
2932 expectAnswersNotValid(fd2, -ETIMEDOUT);
2933 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2934 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2935
2936 // No retry case, expect total 2 queries. The server is selected randomly.
2937 EXPECT_EQ(2U, GetNumQueries(dns0, host_name) + GetNumQueries(dns1, host_name));
2938
2939 dns0.clearQueries();
2940 dns1.clearQueries();
2941
2942 fd1 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_a, 0);
2943 EXPECT_TRUE(fd1 != -1);
2944
2945 fd2 = resNetworkQuery(TEST_NETID, "howdy.example.com", ns_c_in, ns_t_aaaa, 0);
2946 EXPECT_TRUE(fd2 != -1);
2947
2948 // expect no response
2949 expectAnswersNotValid(fd1, -ETIMEDOUT);
2950 expectAnswersNotValid(fd2, -ETIMEDOUT);
2951 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2952 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, RCODE_TIMEOUT, "howdy.example.com", {});
2953
2954 // Retry case, expect 4 queries
2955 EXPECT_EQ(4U, GetNumQueries(dns0, host_name));
2956 EXPECT_EQ(4U, GetNumQueries(dns1, host_name));
2957 }
2958
TEST_F(ResolverTest,Async_VerifyQueryID)2959 TEST_F(ResolverTest, Async_VerifyQueryID) {
2960 constexpr char listen_addr[] = "127.0.0.4";
2961 constexpr char host_name[] = "howdy.example.com.";
2962 const std::vector<DnsRecord> records = {
2963 {host_name, ns_type::ns_t_a, "1.2.3.4"},
2964 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
2965 };
2966
2967 test::DNSResponder dns(listen_addr);
2968 StartDns(dns, records);
2969 std::vector<std::string> servers = {listen_addr};
2970 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
2971
2972 const uint8_t queryBuf1[] = {
2973 /* Header */
2974 0x55, 0x66, /* Transaction ID */
2975 0x01, 0x00, /* Flags */
2976 0x00, 0x01, /* Questions */
2977 0x00, 0x00, /* Answer RRs */
2978 0x00, 0x00, /* Authority RRs */
2979 0x00, 0x00, /* Additional RRs */
2980 /* Queries */
2981 0x05, 0x68, 0x6f, 0x77, 0x64, 0x79, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
2982 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name */
2983 0x00, 0x01, /* Type */
2984 0x00, 0x01 /* Class */
2985 };
2986
2987 int fd = resNetworkSend(TEST_NETID, queryBuf1, sizeof(queryBuf1), 0);
2988 EXPECT_TRUE(fd != -1);
2989
2990 uint8_t buf[MAXPACKET] = {};
2991 int rcode;
2992
2993 int res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
2994 EXPECT_GT(res, 0);
2995 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
2996
2997 auto hp = reinterpret_cast<HEADER*>(buf);
2998 EXPECT_EQ(21862U, htons(hp->id));
2999
3000 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3001
3002 const uint8_t queryBuf2[] = {
3003 /* Header */
3004 0x00, 0x53, /* Transaction ID */
3005 0x01, 0x00, /* Flags */
3006 0x00, 0x01, /* Questions */
3007 0x00, 0x00, /* Answer RRs */
3008 0x00, 0x00, /* Authority RRs */
3009 0x00, 0x00, /* Additional RRs */
3010 /* Queries */
3011 0x05, 0x68, 0x6f, 0x77, 0x64, 0x79, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
3012 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name */
3013 0x00, 0x01, /* Type */
3014 0x00, 0x01 /* Class */
3015 };
3016
3017 // Re-query verify cache works and query id is correct
3018 fd = resNetworkSend(TEST_NETID, queryBuf2, sizeof(queryBuf2), 0);
3019
3020 EXPECT_TRUE(fd != -1);
3021
3022 res = getAsyncResponse(fd, &rcode, buf, MAXPACKET);
3023 EXPECT_GT(res, 0);
3024 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
3025
3026 EXPECT_EQ(0x0053U, htons(hp->id));
3027
3028 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3029 }
3030
runCancelledQueryTest(bool expectCancelled)3031 void ResolverTest::runCancelledQueryTest(bool expectCancelled) {
3032 resetNetwork();
3033 constexpr char listen_addr[] = "127.0.0.4";
3034 constexpr char host_name_1[] = "howdy1.example.com.";
3035 constexpr char host_name_2[] = "howdy2.example.com.";
3036 const std::vector<DnsRecord> records = {
3037 {host_name_1, ns_type::ns_t_aaaa, "::1.2.3.4"},
3038 {host_name_2, ns_type::ns_t_aaaa, "::1.2.3.4"},
3039 };
3040
3041 test::DNSResponder dns(listen_addr);
3042 StartDns(dns, records);
3043 dns.setResponseProbability(0.0);
3044 std::vector<std::string> servers = {listen_addr};
3045 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3046
3047 int fd1 = resNetworkQuery(TEST_NETID, host_name_1, ns_c_in, ns_t_aaaa, 0);
3048 int fd2 = resNetworkQuery(TEST_NETID, host_name_2, ns_c_in, ns_t_aaaa, 0);
3049
3050 // Immediately cancel the first query
3051 resNetworkCancel(fd1);
3052
3053 expectAnswersNotValid(fd2, -ETIMEDOUT);
3054
3055 if (expectCancelled) {
3056 // Expect multiple retries on the second query, but only one attempt on the first one
3057 EXPECT_GT(GetNumQueries(dns, host_name_2), 1U);
3058 EXPECT_EQ(1U, GetNumQueries(dns, host_name_1));
3059 } else {
3060 // The queries are not actually cancelled and multiple are sent. Poll as in some cases the
3061 // timeout for query 2 will come before queries are done for query 1.
3062 EXPECT_TRUE(PollForCondition([&]() { return GetNumQueries(dns, host_name_1) > 1U; }));
3063 }
3064 }
3065
TEST_F(ResolverTest,Async_CancelledQuery)3066 TEST_F(ResolverTest, Async_CancelledQuery) {
3067 ScopedSystemProperties sp(kNoRetryAfterCancelFlag, "1");
3068 ASSERT_NO_FATAL_FAILURE(runCancelledQueryTest(/*expectCancelled=*/true));
3069 }
3070
TEST_F(ResolverTest,Async_CancelledQueryWithFlagDisabled)3071 TEST_F(ResolverTest, Async_CancelledQueryWithFlagDisabled) {
3072 ScopedSystemProperties sp(kNoRetryAfterCancelFlag, "0");
3073 ASSERT_NO_FATAL_FAILURE(runCancelledQueryTest(/*expectCancelled=*/false));
3074 }
3075
3076 // This test checks that the resolver should not generate the request containing OPT RR when using
3077 // cleartext DNS. If we query the DNS server not supporting EDNS0 and it reponds with
3078 // FORMERR_ON_EDNS, we will fallback to no EDNS0 and try again. If the server does no response, we
3079 // won't retry so that we get no answer.
TEST_F(ResolverTest,BrokenEdns)3080 TEST_F(ResolverTest, BrokenEdns) {
3081 typedef test::DNSResponder::Edns Edns;
3082 enum ExpectResult { EXPECT_FAILURE, EXPECT_SUCCESS };
3083
3084 // Perform cleartext query in off mode.
3085 const char OFF[] = "off";
3086
3087 // Perform cleartext query when there's no private DNS server validated in opportunistic mode.
3088 const char OPPORTUNISTIC_UDP[] = "opportunistic_udp";
3089
3090 // Perform cleartext query when there is a private DNS server validated in opportunistic mode.
3091 const char OPPORTUNISTIC_FALLBACK_UDP[] = "opportunistic_fallback_udp";
3092
3093 // Perform cyphertext query in opportunistic mode.
3094 const char OPPORTUNISTIC_TLS[] = "opportunistic_tls";
3095
3096 // Perform cyphertext query in strict mode.
3097 const char STRICT[] = "strict";
3098
3099 const char GETHOSTBYNAME[] = "gethostbyname";
3100 const char GETADDRINFO[] = "getaddrinfo";
3101 const char ADDR4[] = "192.0.2.1";
3102 test::DNSResponder dns(kDefaultServer, "53", ns_rcode::ns_r_servfail);
3103 test::DnsTlsFrontend tls(kDefaultServer, "853", kDefaultServer, "53");
3104 ASSERT_TRUE(dns.startServer());
3105
3106 // clang-format off
3107 static const struct TestConfig {
3108 std::string mode;
3109 std::string method;
3110 Edns edns;
3111 ExpectResult expectResult;
3112
3113 std::string asHostName() const {
3114 const char* ednsString;
3115 switch (edns) {
3116 case Edns::ON:
3117 ednsString = "ednsOn";
3118 break;
3119 case Edns::FORMERR_ON_EDNS:
3120 ednsString = "ednsFormerr";
3121 break;
3122 case Edns::DROP:
3123 ednsString = "ednsDrop";
3124 break;
3125 default:
3126 ednsString = "";
3127 break;
3128 }
3129 return fmt::format("{}.{}.{}.", mode, method, ednsString);
3130 }
3131 } testConfigs[] = {
3132 // In OPPORTUNISTIC_TLS, if the DNS server doesn't support EDNS0 but TLS, the lookup
3133 // fails. Could such server exist? if so, we might need to fix it to fallback to
3134 // cleartext query. If the server still make no response for the queries with EDNS0, we
3135 // might also need to fix it to retry without EDNS0.
3136 // Another thing is that {OPPORTUNISTIC_TLS, Edns::DROP} and {STRICT, Edns::DROP} are
3137 // commented out since TLS timeout is not configurable.
3138 // TODO: Uncomment them after TLS timeout is configurable.
3139 {OFF, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3140 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3141 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3142 {OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3143 {STRICT, GETHOSTBYNAME, Edns::ON, EXPECT_SUCCESS},
3144 {OFF, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3145 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3146 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3147 {OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3148 {STRICT, GETHOSTBYNAME, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3149 {OFF, GETHOSTBYNAME, Edns::DROP, EXPECT_SUCCESS},
3150 {OPPORTUNISTIC_UDP, GETHOSTBYNAME, Edns::DROP, EXPECT_SUCCESS},
3151
3152 // The failure is due to no retry on timeout. Maybe fix it?
3153 {OPPORTUNISTIC_FALLBACK_UDP, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3154
3155 //{OPPORTUNISTIC_TLS, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3156 //{STRICT, GETHOSTBYNAME, Edns::DROP, EXPECT_FAILURE},
3157 {OFF, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3158 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3159 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3160 {OPPORTUNISTIC_TLS, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3161 {STRICT, GETADDRINFO, Edns::ON, EXPECT_SUCCESS},
3162 {OFF, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3163 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3164 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_SUCCESS},
3165 {OPPORTUNISTIC_TLS, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3166 {STRICT, GETADDRINFO, Edns::FORMERR_ON_EDNS, EXPECT_FAILURE},
3167 {OFF, GETADDRINFO, Edns::DROP, EXPECT_SUCCESS},
3168 {OPPORTUNISTIC_UDP, GETADDRINFO, Edns::DROP, EXPECT_SUCCESS},
3169
3170 // The failure is due to no retry on timeout. Maybe fix it?
3171 {OPPORTUNISTIC_FALLBACK_UDP, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3172
3173 //{OPPORTUNISTIC_TLS, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3174 //{STRICT, GETADDRINFO, Edns::DROP, EXPECT_FAILURE},
3175 };
3176 // clang-format on
3177
3178 for (const auto& config : testConfigs) {
3179 const std::string testHostName = config.asHostName();
3180 SCOPED_TRACE(testHostName);
3181
3182 // Don't skip unusable DoT servers and disable revalidation for this test.
3183 ScopedSystemProperties sp1(kDotXportUnusableThresholdFlag, "-1");
3184 ScopedSystemProperties sp2(kDotRevalidationThresholdFlag, "-1");
3185 resetNetwork();
3186
3187 const char* host_name = testHostName.c_str();
3188 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
3189 dns.setEdns(config.edns);
3190
3191 if (config.mode == OFF) {
3192 if (tls.running()) {
3193 ASSERT_TRUE(tls.stopServer());
3194 }
3195 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3196 } else if (config.mode == OPPORTUNISTIC_UDP) {
3197 if (tls.running()) {
3198 ASSERT_TRUE(tls.stopServer());
3199 }
3200 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3201 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), false));
3202 } else if (config.mode == OPPORTUNISTIC_TLS || config.mode == OPPORTUNISTIC_FALLBACK_UDP) {
3203 if (!tls.running()) {
3204 ASSERT_TRUE(tls.startServer());
3205 }
3206 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3207 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3208
3209 if (config.mode == OPPORTUNISTIC_FALLBACK_UDP) {
3210 // Force the resolver to fallback to cleartext queries.
3211 ASSERT_TRUE(tls.stopServer());
3212 }
3213 } else if (config.mode == STRICT) {
3214 if (!tls.running()) {
3215 ASSERT_TRUE(tls.startServer());
3216 }
3217 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
3218 ResolverParams::Builder()
3219 .setPrivateDnsProvider(kDefaultPrivateDnsHostName)
3220 .build()));
3221 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3222 }
3223
3224 if (config.method == GETHOSTBYNAME) {
3225 const hostent* h_result = gethostbyname(host_name);
3226 if (config.expectResult == EXPECT_SUCCESS) {
3227 EXPECT_LE(1U, GetNumQueries(dns, host_name));
3228 ASSERT_TRUE(h_result != nullptr);
3229 ASSERT_EQ(4, h_result->h_length);
3230 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
3231 EXPECT_EQ(ADDR4, ToString(h_result));
3232 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
3233 ExpectDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, 0, host_name, {ADDR4});
3234 } else {
3235 EXPECT_EQ(0U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
3236 ASSERT_TRUE(h_result == nullptr);
3237 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3238 int returnCode = (config.edns == Edns::DROP) ? RCODE_TIMEOUT : EAI_FAIL;
3239 ExpectDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, returnCode, host_name, {});
3240 }
3241 } else if (config.method == GETADDRINFO) {
3242 ScopedAddrinfo ai_result;
3243 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3244 ai_result = safe_getaddrinfo(host_name, nullptr, &hints);
3245 if (config.expectResult == EXPECT_SUCCESS) {
3246 EXPECT_TRUE(ai_result != nullptr);
3247 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3248 const std::string result_str = ToString(ai_result);
3249 EXPECT_EQ(ADDR4, result_str);
3250 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, 0, host_name, {ADDR4});
3251 } else {
3252 EXPECT_TRUE(ai_result == nullptr);
3253 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3254 int returnCode = (config.edns == Edns::DROP) ? RCODE_TIMEOUT : EAI_FAIL;
3255 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, returnCode, host_name, {});
3256 }
3257 } else {
3258 FAIL() << "Unsupported query method: " << config.method;
3259 }
3260
3261 tls.clearQueries();
3262 dns.clearQueries();
3263
3264 // Set the configuration to OFF mode, so the resolver can validate private DNS servers in
3265 // every test config.
3266 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3267 }
3268 }
3269
3270 // DNS-over-TLS validation success, but server does not respond to TLS query after a while.
3271 // Resolver should have a reasonable number of retries instead of spinning forever. We don't have
3272 // an efficient way to know if resolver is stuck in an infinite loop. However, test case will be
3273 // failed due to timeout.
TEST_F(ResolverTest,UnstableTls)3274 TEST_F(ResolverTest, UnstableTls) {
3275 const char CLEARTEXT_PORT[] = "53";
3276 const char TLS_PORT[] = "853";
3277 const char* host_name1 = "nonexistent1.example.com.";
3278 const char* host_name2 = "nonexistent2.example.com.";
3279
3280 test::DNSResponder dns(kDefaultServer, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
3281 ASSERT_TRUE(dns.startServer());
3282 dns.setEdns(test::DNSResponder::Edns::FORMERR_ON_EDNS);
3283 test::DnsTlsFrontend tls(kDefaultServer, TLS_PORT, kDefaultServer, CLEARTEXT_PORT);
3284 ASSERT_TRUE(tls.startServer());
3285 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3286 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3287
3288 // Shutdown TLS server to get an error. It's similar to no response case but without waiting.
3289 tls.stopServer();
3290
3291 const hostent* h_result = gethostbyname(host_name1);
3292 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
3293 ASSERT_TRUE(h_result == nullptr);
3294 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3295
3296 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3297 ScopedAddrinfo ai_result = safe_getaddrinfo(host_name2, nullptr, &hints);
3298 EXPECT_TRUE(ai_result == nullptr);
3299 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
3300 }
3301
3302 // DNS-over-TLS validation success, but server does not respond to TLS query after a while.
3303 // Moreover, server responds RCODE=FORMERR even on non-EDNS query.
TEST_F(ResolverTest,BogusDnsServer)3304 TEST_F(ResolverTest, BogusDnsServer) {
3305 const char CLEARTEXT_PORT[] = "53";
3306 const char TLS_PORT[] = "853";
3307 const char* host_name1 = "nonexistent1.example.com.";
3308 const char* host_name2 = "nonexistent2.example.com.";
3309
3310 test::DNSResponder dns(kDefaultServer, CLEARTEXT_PORT, ns_rcode::ns_r_servfail);
3311 ASSERT_TRUE(dns.startServer());
3312 test::DnsTlsFrontend tls(kDefaultServer, TLS_PORT, kDefaultServer, CLEARTEXT_PORT);
3313 ASSERT_TRUE(tls.startServer());
3314 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(ResolverParams::Builder().build()));
3315 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
3316
3317 // Shutdown TLS server to get an error. It's similar to no response case but without waiting.
3318 tls.stopServer();
3319 dns.setEdns(test::DNSResponder::Edns::FORMERR_UNCOND);
3320
3321 const hostent* h_result = gethostbyname(host_name1);
3322 EXPECT_EQ(0U, GetNumQueries(dns, host_name1));
3323 ASSERT_TRUE(h_result == nullptr);
3324 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
3325
3326 addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3327 ScopedAddrinfo ai_result = safe_getaddrinfo(host_name2, nullptr, &hints);
3328 EXPECT_TRUE(ai_result == nullptr);
3329 EXPECT_EQ(0U, GetNumQueries(dns, host_name2));
3330 }
3331
TEST_F(ResolverTest,GetAddrInfo_Dns64Synthesize)3332 TEST_F(ResolverTest, GetAddrInfo_Dns64Synthesize) {
3333 constexpr char listen_addr[] = "::1";
3334 constexpr char host_name[] = "v4only.example.com.";
3335 const std::vector<DnsRecord> records = {
3336 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3337 };
3338
3339 test::DNSResponder dns(listen_addr);
3340 StartDns(dns, records);
3341
3342 std::vector<std::string> servers = {listen_addr};
3343 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3344 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3345
3346 // If the socket type is not specified, every address will appear twice, once for
3347 // SOCK_STREAM and one for SOCK_DGRAM. Just pick one because the addresses for
3348 // the second query of different socket type are responded by the cache.
3349 // See android_getaddrinfofornetcontext in packages/modules/DnsResolver/getaddrinfo.cpp
3350 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3351 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3352 EXPECT_TRUE(result != nullptr);
3353 // Expect that there are two queries, one AAAA (which returns no records) and one A
3354 // (which returns 1.2.3.4).
3355 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3356 EXPECT_THAT(ToStrings(result), testing::ElementsAre("64:ff9b::102:304", "1.2.3.4"));
3357
3358 // Stopping NAT64 prefix discovery disables synthesis.
3359 EXPECT_TRUE(mDnsClient.resolvService()->stopPrefix64Discovery(TEST_NETID).isOk());
3360 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
3361 dns.clearQueries();
3362
3363 result = safe_getaddrinfo("v4only", nullptr, &hints);
3364 EXPECT_TRUE(result != nullptr);
3365 // Expect that there is one query, an AAAA (which returns no records), because the
3366 // A is already cached.
3367 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3368 EXPECT_EQ(ToString(result), "1.2.3.4");
3369 }
3370
3371 // TODO: merge to #GetAddrInfo_Dns64Synthesize once DNSResponder supports multi DnsRecords for a
3372 // hostname.
TEST_F(ResolverTest,GetAddrInfo_Dns64SynthesizeMultiAnswers)3373 TEST_F(ResolverTest, GetAddrInfo_Dns64SynthesizeMultiAnswers) {
3374 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
3375 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, kHelloExampleComResponsesV4);
3376 StartDns(dns, {});
3377 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3378 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3379
3380 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3381 ScopedAddrinfo result = safe_getaddrinfo(kHelloExampleCom, nullptr, &hints);
3382 ASSERT_FALSE(result == nullptr);
3383
3384 // Synthesize AAAA if there's no AAAA answer and AF_UNSPEC is specified.
3385 EXPECT_THAT(ToStrings(result),
3386 testing::ElementsAre("64:ff9b::102:304", "64:ff9b::808:808", "64:ff9b::5175:15ca",
3387 "1.2.3.4", "8.8.8.8", "81.117.21.202"));
3388 }
3389
TEST_F(ResolverTest,GetAddrInfo_Dns64Canonname)3390 TEST_F(ResolverTest, GetAddrInfo_Dns64Canonname) {
3391 constexpr char listen_addr[] = "::1";
3392 constexpr char host_name[] = "v4only.example.com.";
3393 const std::vector<DnsRecord> records = {
3394 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3395 };
3396
3397 test::DNSResponder dns(listen_addr);
3398 StartDns(dns, records);
3399
3400 std::vector<std::string> servers = {listen_addr};
3401 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3402 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3403
3404 // clang-format off
3405 static const struct TestConfig {
3406 int family;
3407 int flags;
3408 std::vector<std::string> expectedAddresses;
3409 const char* expectedCanonname;
3410
3411 std::string asParameters() const {
3412 return fmt::format("family={}, flags={}", family, flags);
3413 }
3414 } testConfigs[]{
3415 {AF_UNSPEC, 0, {"64:ff9b::102:304", "1.2.3.4"}, nullptr},
3416 {AF_UNSPEC, AI_CANONNAME, {"64:ff9b::102:304", "1.2.3.4"}, "v4only.example.com"},
3417 {AF_INET6, 0, {"64:ff9b::102:304"} , nullptr},
3418 {AF_INET6, AI_CANONNAME, {"64:ff9b::102:304"} , "v4only.example.com"},
3419 };
3420 // clang-format on
3421
3422 for (const auto& config : testConfigs) {
3423 SCOPED_TRACE(config.asParameters());
3424
3425 const addrinfo hints = {
3426 .ai_family = config.family, .ai_flags = config.flags, .ai_socktype = SOCK_DGRAM};
3427 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3428 ASSERT_TRUE(result != nullptr);
3429 EXPECT_THAT(ToStrings(result), testing::ElementsAreArray(config.expectedAddresses));
3430 for (const auto* ai = result.get(); ai != nullptr; ai = ai->ai_next) {
3431 EXPECT_STREQ(ai->ai_canonname, config.expectedCanonname);
3432 }
3433 }
3434 }
3435
TEST_F(ResolverTest,GetAddrInfo_Dns64QuerySpecified)3436 TEST_F(ResolverTest, GetAddrInfo_Dns64QuerySpecified) {
3437 constexpr char listen_addr[] = "::1";
3438 constexpr char host_name[] = "v4only.example.com.";
3439 const std::vector<DnsRecord> records = {
3440 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3441 };
3442
3443 test::DNSResponder dns(listen_addr);
3444 StartDns(dns, records);
3445 const std::vector<std::string> servers = {listen_addr};
3446 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3447 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3448
3449 // Synthesize AAAA if AF_INET6 is specified and there is A record only. Make sure that A record
3450 // is not returned as well.
3451 addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
3452 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, &hints);
3453 EXPECT_TRUE(result != nullptr);
3454 // One for AAAA query without an answer and one for A query which is used for DNS64 synthesis.
3455 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3456 EXPECT_EQ(ToString(result), "64:ff9b::102:304");
3457 dns.clearQueries();
3458
3459 // Don't synthesize AAAA if AF_INET is specified and there is A record only.
3460 hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
3461 result = safe_getaddrinfo("v4only", nullptr, &hints);
3462 EXPECT_TRUE(result != nullptr);
3463 EXPECT_EQ(0U /*cached in previous queries*/, GetNumQueries(dns, host_name));
3464 EXPECT_EQ(ToString(result), "1.2.3.4");
3465 }
3466
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryUnspecifiedV6)3467 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryUnspecifiedV6) {
3468 constexpr char listen_addr[] = "::1";
3469 constexpr char host_name[] = "v4v6.example.com.";
3470 const std::vector<DnsRecord> records = {
3471 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3472 {host_name, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3473 };
3474
3475 test::DNSResponder dns(listen_addr);
3476 StartDns(dns, records);
3477 const std::vector<std::string> servers = {listen_addr};
3478 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3479 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3480
3481 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3482 ScopedAddrinfo result = safe_getaddrinfo("v4v6", nullptr, &hints);
3483 EXPECT_TRUE(result != nullptr);
3484 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3485
3486 // Do not synthesize AAAA if there's at least one AAAA answer.
3487 EXPECT_THAT(ToStrings(result), testing::ElementsAre("2001:db8::102:304", "1.2.3.4"));
3488 }
3489
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryUnspecifiedNoV6)3490 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryUnspecifiedNoV6) {
3491 constexpr char listen_addr[] = "::1";
3492 constexpr char host_name[] = "v4v6.example.com.";
3493 const std::vector<DnsRecord> records = {
3494 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3495 };
3496
3497 test::DNSResponder dns(listen_addr);
3498 StartDns(dns, records);
3499 const std::vector<std::string> servers = {listen_addr};
3500 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3501 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3502
3503 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3504 ScopedAddrinfo result = safe_getaddrinfo("v4v6", nullptr, &hints);
3505 EXPECT_TRUE(result != nullptr);
3506 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3507
3508 // Synthesize AAAA if there's no AAAA answer and AF_UNSPEC is specified.
3509 EXPECT_THAT(ToStrings(result), testing::ElementsAre("64:ff9b::102:304", "1.2.3.4"));
3510 }
3511
TEST_F(ResolverTest,GetAddrInfo_Dns64QuerySpecialUseIPv4Addresses)3512 TEST_F(ResolverTest, GetAddrInfo_Dns64QuerySpecialUseIPv4Addresses) {
3513 constexpr char THIS_NETWORK[] = "this_network";
3514 constexpr char LOOPBACK[] = "loopback";
3515 constexpr char LINK_LOCAL[] = "link_local";
3516 constexpr char MULTICAST[] = "multicast";
3517 constexpr char LIMITED_BROADCAST[] = "limited_broadcast";
3518
3519 constexpr char ADDR_THIS_NETWORK[] = "0.0.0.1";
3520 constexpr char ADDR_LOOPBACK[] = "127.0.0.1";
3521 constexpr char ADDR_LINK_LOCAL[] = "169.254.0.1";
3522 constexpr char ADDR_MULTICAST[] = "224.0.0.1";
3523 constexpr char ADDR_LIMITED_BROADCAST[] = "255.255.255.255";
3524
3525 constexpr char listen_addr[] = "::1";
3526
3527 test::DNSResponder dns(listen_addr);
3528 StartDns(dns, {});
3529 const std::vector<std::string> servers = {listen_addr};
3530 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3531 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3532
3533 // clang-format off
3534 static const struct TestConfig {
3535 std::string name;
3536 std::string addr;
3537
3538 std::string asHostName() const { return fmt::format("{}.example.com.", name); }
3539 } testConfigs[]{
3540 {THIS_NETWORK, ADDR_THIS_NETWORK},
3541 {LOOPBACK, ADDR_LOOPBACK},
3542 {LINK_LOCAL, ADDR_LINK_LOCAL},
3543 {MULTICAST, ADDR_MULTICAST},
3544 {LIMITED_BROADCAST, ADDR_LIMITED_BROADCAST}
3545 };
3546 // clang-format on
3547
3548 for (const auto& config : testConfigs) {
3549 const std::string testHostName = config.asHostName();
3550 SCOPED_TRACE(testHostName);
3551
3552 const char* host_name = testHostName.c_str();
3553 dns.addMapping(host_name, ns_type::ns_t_a, config.addr.c_str());
3554
3555 // Expect no result because AF_INET6 is specified and don't synthesize special use IPv4
3556 // address.
3557 addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
3558 ScopedAddrinfo result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
3559 EXPECT_TRUE(result == nullptr);
3560 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
3561 dns.clearQueries();
3562
3563 // Expect special use IPv4 address only because AF_UNSPEC is specified and don't synthesize
3564 // special use IPv4 address.
3565 hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
3566 result = safe_getaddrinfo(config.name.c_str(), nullptr, &hints);
3567 EXPECT_TRUE(result != nullptr);
3568 // Expect IPv6 query only. IPv4 answer has been cached in previous query.
3569 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
3570 EXPECT_EQ(ToString(result), config.addr);
3571 dns.clearQueries();
3572 }
3573 }
3574
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryWithNullArgumentHints)3575 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryWithNullArgumentHints) {
3576 constexpr char listen_addr[] = "::1";
3577 constexpr char host_name[] = "v4only.example.com.";
3578 constexpr char host_name2[] = "v4v6.example.com.";
3579 const std::vector<DnsRecord> records = {
3580 {host_name, ns_type::ns_t_a, "1.2.3.4"},
3581 {host_name2, ns_type::ns_t_a, "1.2.3.4"},
3582 {host_name2, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
3583 };
3584
3585 test::DNSResponder dns(listen_addr);
3586 StartDns(dns, records);
3587 const std::vector<std::string> servers = {listen_addr};
3588 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3589 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3590
3591 // Synthesize AAAA if there is A answer only and AF_UNSPEC (hints NULL) is specified.
3592 // Assign argument hints of getaddrinfo() as null is equivalent to set ai_family AF_UNSPEC,
3593 // ai_socktype 0 (any), and ai_protocol 0 (any). Note the setting ai_socktype 0 (any) causes
3594 // that every address will appear twice, once for SOCK_STREAM and one for SOCK_DGRAM.
3595 // See resolv_getaddrinfo in packages/modules/DnsResolver/getaddrinfo.cpp.
3596 ScopedAddrinfo result = safe_getaddrinfo("v4only", nullptr, nullptr);
3597 EXPECT_TRUE(result != nullptr);
3598 EXPECT_LE(2U, GetNumQueries(dns, host_name));
3599 EXPECT_THAT(ToStrings(result),
3600 testing::ElementsAre("64:ff9b::102:304", "64:ff9b::102:304", "1.2.3.4", "1.2.3.4"));
3601 dns.clearQueries();
3602
3603 // Do not synthesize AAAA if there's at least one AAAA answer.
3604 // The reason which the addresses appear twice is as mentioned above.
3605 result = safe_getaddrinfo("v4v6", nullptr, nullptr);
3606 EXPECT_TRUE(result != nullptr);
3607 EXPECT_LE(2U, GetNumQueries(dns, host_name2));
3608 EXPECT_THAT(ToStrings(result),
3609 testing::UnorderedElementsAre("2001:db8::102:304", "2001:db8::102:304", "1.2.3.4",
3610 "1.2.3.4"));
3611 }
3612
TEST_F(ResolverTest,GetAddrInfo_Dns64QueryNullArgumentNode)3613 TEST_F(ResolverTest, GetAddrInfo_Dns64QueryNullArgumentNode) {
3614 constexpr char ADDR_ANYADDR_V4[] = "0.0.0.0";
3615 constexpr char ADDR_ANYADDR_V6[] = "::";
3616 constexpr char ADDR_LOCALHOST_V4[] = "127.0.0.1";
3617 constexpr char ADDR_LOCALHOST_V6[] = "::1";
3618
3619 constexpr char PORT_NAME_HTTP[] = "http";
3620 constexpr char PORT_NUMBER_HTTP[] = "80";
3621
3622 constexpr char listen_addr[] = "::1";
3623
3624 test::DNSResponder dns(listen_addr);
3625 StartDns(dns, {});
3626 const std::vector<std::string> servers = {listen_addr};
3627 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3628 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3629
3630 // clang-format off
3631 // If node is null, return address is listed by libc/getaddrinfo.c as follows.
3632 // - passive socket -> anyaddr (0.0.0.0 or ::)
3633 // - non-passive socket -> localhost (127.0.0.1 or ::1)
3634 static const struct TestConfig {
3635 int flag;
3636 std::string addr_v4;
3637 std::string addr_v6;
3638
3639 std::string asParameters() const {
3640 return fmt::format("flag={}, addr_v4={}, addr_v6={}", flag, addr_v4,
3641 addr_v6);
3642 }
3643 } testConfigs[]{
3644 {0 /* non-passive */, ADDR_LOCALHOST_V4, ADDR_LOCALHOST_V6},
3645 {AI_PASSIVE, ADDR_ANYADDR_V4, ADDR_ANYADDR_V6}
3646 };
3647 // clang-format on
3648
3649 for (const auto& config : testConfigs) {
3650 SCOPED_TRACE(config.asParameters());
3651
3652 addrinfo hints = {
3653 .ai_flags = config.flag,
3654 .ai_family = AF_UNSPEC, // any address family
3655 .ai_socktype = 0, // any type
3656 .ai_protocol = 0, // any protocol
3657 };
3658
3659 // Assign hostname as null and service as port name.
3660 ScopedAddrinfo result = safe_getaddrinfo(nullptr, PORT_NAME_HTTP, &hints);
3661 ASSERT_TRUE(result != nullptr);
3662
3663 // Can't be synthesized because it should not get into Netd.
3664 // Every address appears twice, once for SOCK_STREAM and one for SOCK_DGRAM because the
3665 // socket type is not specified.
3666 EXPECT_THAT(ToStrings(result),
3667 testing::UnorderedElementsAre(config.addr_v4, config.addr_v4, config.addr_v6,
3668 config.addr_v6));
3669
3670 // Assign hostname as null and service as numeric port number.
3671 hints.ai_flags = config.flag | AI_NUMERICSERV;
3672 result = safe_getaddrinfo(nullptr, PORT_NUMBER_HTTP, &hints);
3673 ASSERT_TRUE(result != nullptr);
3674
3675 // Can't be synthesized because it should not get into Netd.
3676 // The reason which the addresses appear twice is as mentioned above.
3677 EXPECT_THAT(ToStrings(result),
3678 testing::UnorderedElementsAre(config.addr_v4, config.addr_v4, config.addr_v6,
3679 config.addr_v6));
3680 }
3681 }
3682
TEST_F(ResolverTest,GetHostByAddr_ReverseDnsQueryWithHavingNat64Prefix)3683 TEST_F(ResolverTest, GetHostByAddr_ReverseDnsQueryWithHavingNat64Prefix) {
3684 struct hostent* result = nullptr;
3685 struct in_addr v4addr;
3686 struct in6_addr v6addr;
3687
3688 constexpr char listen_addr[] = "::1";
3689 constexpr char ptr_name[] = "v4v6.example.com.";
3690 // PTR record for IPv4 address 1.2.3.4
3691 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3692 // PTR record for IPv6 address 2001:db8::102:304
3693 constexpr char ptr_addr_v6[] =
3694 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.";
3695 const std::vector<DnsRecord> records = {
3696 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3697 {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name},
3698 };
3699
3700 test::DNSResponder dns(listen_addr);
3701 StartDns(dns, records);
3702 const std::vector<std::string> servers = {listen_addr};
3703 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3704 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3705
3706 // Reverse IPv4 DNS query. Prefix should have no effect on it.
3707 inet_pton(AF_INET, "1.2.3.4", &v4addr);
3708 result = gethostbyaddr(&v4addr, sizeof(v4addr), AF_INET);
3709 ASSERT_TRUE(result != nullptr);
3710 std::string result_str = result->h_name ? result->h_name : "null";
3711 EXPECT_EQ(result_str, "v4v6.example.com");
3712
3713 // Reverse IPv6 DNS query. Prefix should have no effect on it.
3714 inet_pton(AF_INET6, "2001:db8::102:304", &v6addr);
3715 result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3716 ASSERT_TRUE(result != nullptr);
3717 result_str = result->h_name ? result->h_name : "null";
3718 EXPECT_EQ(result_str, "v4v6.example.com");
3719 }
3720
TEST_F(ResolverTest,GetHostByAddr_ReverseDns64Query)3721 TEST_F(ResolverTest, GetHostByAddr_ReverseDns64Query) {
3722 constexpr char listen_addr[] = "::1";
3723 constexpr char ptr_name[] = "v4only.example.com.";
3724 // PTR record for IPv4 address 1.2.3.4
3725 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3726 // PTR record for IPv6 address 64:ff9b::1.2.3.4
3727 constexpr char ptr_addr_v6_nomapping[] =
3728 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3729 constexpr char ptr_name_v6_synthesis[] = "v6synthesis.example.com.";
3730 // PTR record for IPv6 address 64:ff9b::5.6.7.8
3731 constexpr char ptr_addr_v6_synthesis[] =
3732 "8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3733 const std::vector<DnsRecord> records = {
3734 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3735 {ptr_addr_v6_synthesis, ns_type::ns_t_ptr, ptr_name_v6_synthesis},
3736 };
3737
3738 test::DNSResponder dns(listen_addr);
3739 StartDns(dns, records);
3740 // "ptr_addr_v6_nomapping" is not mapped in DNS server
3741 const std::vector<std::string> servers = {listen_addr};
3742 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3743 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3744
3745 // Synthesized PTR record doesn't exist on DNS server
3746 // Reverse IPv6 DNS64 query while DNS server doesn't have an answer for synthesized address.
3747 // After querying synthesized address failed, expect that prefix is removed from IPv6
3748 // synthesized address and do reverse IPv4 query instead.
3749 struct in6_addr v6addr;
3750 inet_pton(AF_INET6, "64:ff9b::1.2.3.4", &v6addr);
3751 struct hostent* result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3752 ASSERT_TRUE(result != nullptr);
3753 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_nomapping)); // PTR record not exist
3754 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4)); // PTR record exist
3755 std::string result_str = result->h_name ? result->h_name : "null";
3756 EXPECT_EQ(result_str, "v4only.example.com");
3757 // Check that return address has been mapped from IPv4 to IPv6 address because Netd
3758 // removes NAT64 prefix and does IPv4 DNS reverse lookup in this case. Then, Netd
3759 // fakes the return IPv4 address as original queried IPv6 address.
3760 result_str = ToString(result);
3761 EXPECT_EQ(result_str, "64:ff9b::102:304");
3762 dns.clearQueries();
3763
3764 // Synthesized PTR record exists on DNS server
3765 // Reverse IPv6 DNS64 query while DNS server has an answer for synthesized address.
3766 // Expect to Netd pass through synthesized address for DNS queries.
3767 inet_pton(AF_INET6, "64:ff9b::5.6.7.8", &v6addr);
3768 result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3769 ASSERT_TRUE(result != nullptr);
3770 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_synthesis));
3771 result_str = result->h_name ? result->h_name : "null";
3772 EXPECT_EQ(result_str, "v6synthesis.example.com");
3773 }
3774
TEST_F(ResolverTest,GetHostByAddr_ReverseDns64QueryFromHostFile)3775 TEST_F(ResolverTest, GetHostByAddr_ReverseDns64QueryFromHostFile) {
3776 constexpr char host_name[] = "localhost";
3777 // The address is synthesized by prefix64:localhost.
3778 constexpr char host_addr[] = "64:ff9b::7f00:1";
3779 constexpr char listen_addr[] = "::1";
3780
3781 test::DNSResponder dns(listen_addr);
3782 StartDns(dns, {});
3783 const std::vector<std::string> servers = {listen_addr};
3784 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3785 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3786
3787 // Using synthesized "localhost" address to be a trick for resolving host name
3788 // from host file /etc/hosts and "localhost" is the only name in /etc/hosts. Note that this is
3789 // not realistic: the code never synthesizes AAAA records for addresses in 127.0.0.0/8.
3790 struct in6_addr v6addr;
3791 inet_pton(AF_INET6, host_addr, &v6addr);
3792 struct hostent* result = gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6);
3793 ASSERT_TRUE(result != nullptr);
3794 // Expect no DNS queries; localhost is resolved via /etc/hosts.
3795 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
3796
3797 ASSERT_EQ(sizeof(in6_addr), (unsigned)result->h_length);
3798 ASSERT_EQ(AF_INET6, result->h_addrtype);
3799 std::string result_str = ToString(result);
3800 EXPECT_EQ(result_str, host_addr);
3801 result_str = result->h_name ? result->h_name : "null";
3802 EXPECT_EQ(result_str, host_name);
3803 }
3804
TEST_F(ResolverTest,GetHostByAddr_cnamesClasslessReverseDelegation)3805 TEST_F(ResolverTest, GetHostByAddr_cnamesClasslessReverseDelegation) {
3806 // IPv4 addresses in the subnet with notation '/' or '-'.
3807 constexpr char addr_slash[] = "192.0.2.1";
3808 constexpr char addr_hyphen[] = "192.0.3.1";
3809
3810 // Used to verify DNS reverse query for classless reverse lookup zone. See detail in RFC 2317
3811 // section 4.
3812 const static std::vector<DnsRecord> records = {
3813 // The records for reverse querying "192.0.2.1" in the subnet with notation '/'.
3814 {"1.2.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0/25.2.0.192.in-addr.arpa."},
3815 {"1.0/25.2.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3816
3817 // The records for reverse querying "192.0.3.1" in the subnet with notation '-'.
3818 {"1.3.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0-127.3.0.192.in-addr.arpa."},
3819 {"1.0-127.3.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
3820 };
3821
3822 test::DNSResponder dns;
3823 StartDns(dns, records);
3824 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
3825
3826 for (const auto& address : {addr_slash, addr_hyphen}) {
3827 SCOPED_TRACE(address);
3828
3829 in_addr v4addr;
3830 ASSERT_TRUE(inet_pton(AF_INET, address, &v4addr));
3831 hostent* result = gethostbyaddr(&v4addr, sizeof(v4addr), AF_INET);
3832 ASSERT_TRUE(result != nullptr);
3833 EXPECT_STREQ("hello.example.com", result->h_name);
3834 }
3835 }
3836
TEST_F(ResolverTest,GetNameInfo_ReverseDnsQueryWithHavingNat64Prefix)3837 TEST_F(ResolverTest, GetNameInfo_ReverseDnsQueryWithHavingNat64Prefix) {
3838 constexpr char listen_addr[] = "::1";
3839 constexpr char ptr_name[] = "v4v6.example.com.";
3840 // PTR record for IPv4 address 1.2.3.4
3841 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3842 // PTR record for IPv6 address 2001:db8::102:304
3843 constexpr char ptr_addr_v6[] =
3844 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.";
3845 const std::vector<DnsRecord> records = {
3846 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3847 {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name},
3848 };
3849
3850 test::DNSResponder dns(listen_addr);
3851 StartDns(dns, records);
3852 const std::vector<std::string> servers = {listen_addr};
3853 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3854 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3855
3856 // clang-format off
3857 static const struct TestConfig {
3858 int flag;
3859 int family;
3860 std::string addr;
3861 std::string host;
3862
3863 std::string asParameters() const {
3864 return fmt::format("flag={}, family={}, addr={}, host={}", flag, family, addr,
3865 host);
3866 }
3867 } testConfigs[]{
3868 {NI_NAMEREQD, AF_INET, "1.2.3.4", "v4v6.example.com"},
3869 {NI_NUMERICHOST, AF_INET, "1.2.3.4", "1.2.3.4"},
3870 {0, AF_INET, "1.2.3.4", "v4v6.example.com"},
3871 {0, AF_INET, "5.6.7.8", "5.6.7.8"}, // unmapped
3872 {NI_NAMEREQD, AF_INET6, "2001:db8::102:304", "v4v6.example.com"},
3873 {NI_NUMERICHOST, AF_INET6, "2001:db8::102:304", "2001:db8::102:304"},
3874 {0, AF_INET6, "2001:db8::102:304", "v4v6.example.com"},
3875 {0, AF_INET6, "2001:db8::506:708", "2001:db8::506:708"}, // unmapped
3876 };
3877 // clang-format on
3878
3879 // Reverse IPv4/IPv6 DNS query. Prefix should have no effect on it.
3880 for (const auto& config : testConfigs) {
3881 SCOPED_TRACE(config.asParameters());
3882
3883 int rv;
3884 char host[NI_MAXHOST];
3885 struct sockaddr_in sin;
3886 struct sockaddr_in6 sin6;
3887 if (config.family == AF_INET) {
3888 memset(&sin, 0, sizeof(sin));
3889 sin.sin_family = AF_INET;
3890 inet_pton(AF_INET, config.addr.c_str(), &sin.sin_addr);
3891 rv = getnameinfo((const struct sockaddr*)&sin, sizeof(sin), host, sizeof(host), nullptr,
3892 0, config.flag);
3893 if (config.flag == NI_NAMEREQD) EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4));
3894 } else if (config.family == AF_INET6) {
3895 memset(&sin6, 0, sizeof(sin6));
3896 sin6.sin6_family = AF_INET6;
3897 inet_pton(AF_INET6, config.addr.c_str(), &sin6.sin6_addr);
3898 rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host),
3899 nullptr, 0, config.flag);
3900 if (config.flag == NI_NAMEREQD) EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6));
3901 }
3902 ASSERT_EQ(0, rv);
3903 std::string result_str = host;
3904 EXPECT_EQ(result_str, config.host);
3905 dns.clearQueries();
3906 }
3907 }
3908
TEST_F(ResolverTest,GetNameInfo_ReverseDns64Query)3909 TEST_F(ResolverTest, GetNameInfo_ReverseDns64Query) {
3910 constexpr char listen_addr[] = "::1";
3911 constexpr char ptr_name[] = "v4only.example.com.";
3912 // PTR record for IPv4 address 1.2.3.4
3913 constexpr char ptr_addr_v4[] = "4.3.2.1.in-addr.arpa.";
3914 // PTR record for IPv6 address 64:ff9b::1.2.3.4
3915 constexpr char ptr_addr_v6_nomapping[] =
3916 "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3917 constexpr char ptr_name_v6_synthesis[] = "v6synthesis.example.com.";
3918 // PTR record for IPv6 address 64:ff9b::5.6.7.8
3919 constexpr char ptr_addr_v6_synthesis[] =
3920 "8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa.";
3921 const std::vector<DnsRecord> records = {
3922 {ptr_addr_v4, ns_type::ns_t_ptr, ptr_name},
3923 {ptr_addr_v6_synthesis, ns_type::ns_t_ptr, ptr_name_v6_synthesis},
3924 };
3925
3926 test::DNSResponder dns(listen_addr);
3927 StartDns(dns, records);
3928 const std::vector<std::string> servers = {listen_addr};
3929 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3930 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
3931
3932 // clang-format off
3933 static const struct TestConfig {
3934 bool hasSynthesizedPtrRecord;
3935 int flag;
3936 std::string addr;
3937 std::string host;
3938
3939 std::string asParameters() const {
3940 return fmt::format("hasSynthesizedPtrRecord={}, flag={}, addr={}, host={}",
3941 hasSynthesizedPtrRecord, flag, addr, host);
3942 }
3943 } testConfigs[]{
3944 {false, NI_NAMEREQD, "64:ff9b::102:304", "v4only.example.com"},
3945 {false, NI_NUMERICHOST, "64:ff9b::102:304", "64:ff9b::102:304"},
3946 {false, 0, "64:ff9b::102:304", "v4only.example.com"},
3947 {true, NI_NAMEREQD, "64:ff9b::506:708", "v6synthesis.example.com"},
3948 {true, NI_NUMERICHOST, "64:ff9b::506:708", "64:ff9b::506:708"},
3949 {true, 0, "64:ff9b::506:708", "v6synthesis.example.com"}
3950 };
3951 // clang-format on
3952
3953 // hasSynthesizedPtrRecord = false
3954 // Synthesized PTR record doesn't exist on DNS server
3955 // Reverse IPv6 DNS64 query while DNS server doesn't have an answer for synthesized address.
3956 // After querying synthesized address failed, expect that prefix is removed from IPv6
3957 // synthesized address and do reverse IPv4 query instead.
3958 //
3959 // hasSynthesizedPtrRecord = true
3960 // Synthesized PTR record exists on DNS server
3961 // Reverse IPv6 DNS64 query while DNS server has an answer for synthesized address.
3962 // Expect to just pass through synthesized address for DNS queries.
3963 for (const auto& config : testConfigs) {
3964 SCOPED_TRACE(config.asParameters());
3965
3966 char host[NI_MAXHOST];
3967 struct sockaddr_in6 sin6;
3968 memset(&sin6, 0, sizeof(sin6));
3969 sin6.sin6_family = AF_INET6;
3970 inet_pton(AF_INET6, config.addr.c_str(), &sin6.sin6_addr);
3971 int rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host),
3972 nullptr, 0, config.flag);
3973 ASSERT_EQ(0, rv);
3974 if (config.flag == NI_NAMEREQD) {
3975 if (config.hasSynthesizedPtrRecord) {
3976 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_synthesis));
3977 } else {
3978 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v6_nomapping)); // PTR record not exist.
3979 EXPECT_LE(1U, GetNumQueries(dns, ptr_addr_v4)); // PTR record exist.
3980 }
3981 }
3982 std::string result_str = host;
3983 EXPECT_EQ(result_str, config.host);
3984 dns.clearQueries();
3985 }
3986 }
3987
TEST_F(ResolverTest,GetNameInfo_ReverseDns64QueryFromHostFile)3988 TEST_F(ResolverTest, GetNameInfo_ReverseDns64QueryFromHostFile) {
3989 constexpr char host_name[] = "localhost";
3990 // The address is synthesized by prefix64:localhost.
3991 constexpr char host_addr[] = "64:ff9b::7f00:1";
3992 constexpr char listen_addr[] = "::1";
3993
3994 test::DNSResponder dns(listen_addr);
3995
3996 StartDns(dns, {});
3997 const std::vector<std::string> servers = {listen_addr};
3998 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
3999 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4000
4001 // Using synthesized "localhost" address to be a trick for resolving host name
4002 // from host file /etc/hosts and "localhost" is the only name in /etc/hosts. Note that this is
4003 // not realistic: the code never synthesizes AAAA records for addresses in 127.0.0.0/8.
4004 char host[NI_MAXHOST];
4005 struct sockaddr_in6 sin6 = {.sin6_family = AF_INET6};
4006 inet_pton(AF_INET6, host_addr, &sin6.sin6_addr);
4007 int rv = getnameinfo((const struct sockaddr*)&sin6, sizeof(sin6), host, sizeof(host), nullptr,
4008 0, NI_NAMEREQD);
4009 ASSERT_EQ(0, rv);
4010 // Expect no DNS queries; localhost is resolved via /etc/hosts.
4011 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
4012
4013 std::string result_str = host;
4014 EXPECT_EQ(result_str, host_name);
4015 }
4016
TEST_F(ResolverTest,GetNameInfo_cnamesClasslessReverseDelegation)4017 TEST_F(ResolverTest, GetNameInfo_cnamesClasslessReverseDelegation) {
4018 // IPv4 addresses in the subnet with notation '/' or '-'.
4019 constexpr char addr_slash[] = "192.0.2.1";
4020 constexpr char addr_hyphen[] = "192.0.3.1";
4021
4022 // Used to verify DNS reverse query for classless reverse lookup zone. See detail in RFC 2317
4023 // section 4.
4024 const static std::vector<DnsRecord> records = {
4025 // The records for reverse querying "192.0.2.1" in the subnet with notation '/'.
4026 {"1.2.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0/25.2.0.192.in-addr.arpa."},
4027 {"1.0/25.2.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
4028
4029 // The records for reverse querying "192.0.3.1" in the subnet with notation '-'.
4030 {"1.3.0.192.in-addr.arpa.", ns_type::ns_t_cname, "1.0-127.3.0.192.in-addr.arpa."},
4031 {"1.0-127.3.0.192.in-addr.arpa.", ns_type::ns_t_ptr, kHelloExampleCom},
4032 };
4033
4034 test::DNSResponder dns;
4035 StartDns(dns, records);
4036 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
4037
4038 for (const auto& address : {addr_slash, addr_hyphen}) {
4039 SCOPED_TRACE(address);
4040
4041 char host[NI_MAXHOST];
4042 sockaddr_in sin = {.sin_family = AF_INET};
4043 ASSERT_TRUE(inet_pton(AF_INET, address, &sin.sin_addr));
4044 int rv = getnameinfo((const sockaddr*)&sin, sizeof(sin), host, sizeof(host), nullptr, 0,
4045 NI_NAMEREQD);
4046 ASSERT_EQ(0, rv);
4047 EXPECT_STREQ("hello.example.com", host);
4048 }
4049 }
4050
TEST_F(ResolverTest,GetHostByName2_Dns64Synthesize)4051 TEST_F(ResolverTest, GetHostByName2_Dns64Synthesize) {
4052 constexpr char listen_addr[] = "::1";
4053 constexpr char host_name[] = "ipv4only.example.com.";
4054 const std::vector<DnsRecord> records = {
4055 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4056 };
4057
4058 test::DNSResponder dns(listen_addr);
4059 StartDns(dns, records);
4060 const std::vector<std::string> servers = {listen_addr};
4061 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4062 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4063
4064 // Query an IPv4-only hostname. Expect that gets a synthesized address.
4065 struct hostent* result = gethostbyname2("ipv4only", AF_INET6);
4066 ASSERT_TRUE(result != nullptr);
4067 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4068 std::string result_str = ToString(result);
4069 EXPECT_EQ(result_str, "64:ff9b::102:304");
4070 }
4071
TEST_F(ResolverTest,GetHostByName2_DnsQueryWithHavingNat64Prefix)4072 TEST_F(ResolverTest, GetHostByName2_DnsQueryWithHavingNat64Prefix) {
4073 constexpr char host_name[] = "v4v6.example.com.";
4074 constexpr char listen_addr[] = "::1";
4075 const std::vector<DnsRecord> records = {
4076 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4077 {host_name, ns_type::ns_t_aaaa, "2001:db8::1.2.3.4"},
4078 };
4079
4080 test::DNSResponder dns(listen_addr);
4081 StartDns(dns, records);
4082 const std::vector<std::string> servers = {listen_addr};
4083 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4084 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4085
4086 // IPv4 DNS query. Prefix should have no effect on it.
4087 struct hostent* result = gethostbyname2("v4v6", AF_INET);
4088 ASSERT_TRUE(result != nullptr);
4089 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4090 std::string result_str = ToString(result);
4091 EXPECT_EQ(result_str, "1.2.3.4");
4092 dns.clearQueries();
4093
4094 // IPv6 DNS query. Prefix should have no effect on it.
4095 result = gethostbyname2("v4v6", AF_INET6);
4096 ASSERT_TRUE(result != nullptr);
4097 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4098 result_str = ToString(result);
4099 EXPECT_EQ(result_str, "2001:db8::102:304");
4100 }
4101
TEST_F(ResolverTest,GetHostByName2_Dns64QuerySpecialUseIPv4Addresses)4102 TEST_F(ResolverTest, GetHostByName2_Dns64QuerySpecialUseIPv4Addresses) {
4103 constexpr char THIS_NETWORK[] = "this_network";
4104 constexpr char LOOPBACK[] = "loopback";
4105 constexpr char LINK_LOCAL[] = "link_local";
4106 constexpr char MULTICAST[] = "multicast";
4107 constexpr char LIMITED_BROADCAST[] = "limited_broadcast";
4108
4109 constexpr char ADDR_THIS_NETWORK[] = "0.0.0.1";
4110 constexpr char ADDR_LOOPBACK[] = "127.0.0.1";
4111 constexpr char ADDR_LINK_LOCAL[] = "169.254.0.1";
4112 constexpr char ADDR_MULTICAST[] = "224.0.0.1";
4113 constexpr char ADDR_LIMITED_BROADCAST[] = "255.255.255.255";
4114
4115 constexpr char listen_addr[] = "::1";
4116
4117 test::DNSResponder dns(listen_addr);
4118 StartDns(dns, {});
4119 const std::vector<std::string> servers = {listen_addr};
4120 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4121 ASSERT_TRUE(mDnsClient.resolvService()->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4122
4123 // clang-format off
4124 static const struct TestConfig {
4125 std::string name;
4126 std::string addr;
4127
4128 std::string asHostName() const {
4129 return fmt::format("{}.example.com.", name);
4130 }
4131 } testConfigs[]{
4132 {THIS_NETWORK, ADDR_THIS_NETWORK},
4133 {LOOPBACK, ADDR_LOOPBACK},
4134 {LINK_LOCAL, ADDR_LINK_LOCAL},
4135 {MULTICAST, ADDR_MULTICAST},
4136 {LIMITED_BROADCAST, ADDR_LIMITED_BROADCAST}
4137 };
4138 // clang-format on
4139
4140 for (const auto& config : testConfigs) {
4141 const std::string testHostName = config.asHostName();
4142 SCOPED_TRACE(testHostName);
4143
4144 const char* host_name = testHostName.c_str();
4145 dns.addMapping(host_name, ns_type::ns_t_a, config.addr.c_str());
4146
4147 struct hostent* result = gethostbyname2(config.name.c_str(), AF_INET6);
4148 EXPECT_LE(1U, GetNumQueries(dns, host_name));
4149
4150 // In AF_INET6 case, don't synthesize special use IPv4 address.
4151 // Expect to have no answer
4152 EXPECT_EQ(nullptr, result);
4153
4154 dns.clearQueries();
4155 }
4156 }
4157
TEST_F(ResolverTest,PrefixDiscoveryBypassTls)4158 TEST_F(ResolverTest, PrefixDiscoveryBypassTls) {
4159 constexpr char listen_addr[] = "::1";
4160 constexpr char dns64_name[] = "ipv4only.arpa.";
4161 const std::vector<std::string> servers = {listen_addr};
4162
4163 test::DNSResponder dns(listen_addr);
4164 StartDns(dns, {{dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"}});
4165 test::DnsTlsFrontend tls(listen_addr, "853", listen_addr, "53");
4166 ASSERT_TRUE(tls.startServer());
4167
4168 for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) {
4169 SCOPED_TRACE(fmt::format("testConfig: [{}]", dnsMode));
4170 auto builder = ResolverParams::Builder().setDnsServers(servers).setDotServers(servers);
4171 if (dnsMode == "STRICT") {
4172 builder.setPrivateDnsProvider(kDefaultPrivateDnsHostName);
4173 }
4174 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.build()));
4175 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4176 EXPECT_TRUE(tls.waitForQueries(1));
4177 tls.clearQueries();
4178
4179 // Start NAT64 prefix discovery.
4180 EXPECT_TRUE(mDnsClient.resolvService()->startPrefix64Discovery(TEST_NETID).isOk());
4181 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4182
4183 // Verify that the DNS query for the NAT64 prefix bypassed private DNS.
4184 EXPECT_EQ(0, tls.queries()) << dns.dumpQueries();
4185 EXPECT_EQ(1U, GetNumQueries(dns, dns64_name)) << dns.dumpQueries();
4186
4187 // Stop the prefix discovery to make DnsResolver send the prefix-removed event
4188 // earlier. Without this, DnsResolver still sends the event once the network
4189 // is destroyed; however, it will fail the next test if the test unexpectedly
4190 // receives the event that it doesn't want.
4191 EXPECT_TRUE(mDnsClient.resolvService()->stopPrefix64Discovery(TEST_NETID).isOk());
4192 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
4193
4194 dns.clearQueries();
4195 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
4196 }
4197
4198 EXPECT_EQ(0, sDnsMetricsListener->getUnexpectedNat64PrefixUpdates());
4199 EXPECT_EQ(0, sUnsolicitedEventListener->getUnexpectedNat64PrefixUpdates());
4200 }
4201
TEST_F(ResolverTest,SetAndClearNat64Prefix)4202 TEST_F(ResolverTest, SetAndClearNat64Prefix) {
4203 constexpr char host_name[] = "v4.example.com.";
4204 constexpr char listen_addr[] = "::1";
4205 const std::vector<DnsRecord> records = {
4206 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4207 };
4208
4209 test::DNSResponder dns(listen_addr);
4210 StartDns(dns, records);
4211 const std::vector<std::string> servers = {listen_addr};
4212 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4213
4214 auto resolvService = mDnsClient.resolvService();
4215 addrinfo hints = {.ai_family = AF_INET6};
4216
4217 // No NAT64 prefix, no AAAA record.
4218 ScopedAddrinfo result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4219 ASSERT_TRUE(result == nullptr);
4220
4221 // Set the prefix, and expect to get a synthesized AAAA record.
4222 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix2).isOk());
4223 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4224 ASSERT_FALSE(result == nullptr);
4225 EXPECT_EQ("2001:db8:6464::102:304", ToString(result));
4226
4227 // Update the prefix, expect to see AAAA records from the new prefix.
4228 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4229 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4230 ASSERT_FALSE(result == nullptr);
4231 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4232
4233 // Non-/96 prefixes are ignored.
4234 auto status = resolvService->setPrefix64(TEST_NETID, "64:ff9b::/64");
4235 EXPECT_FALSE(status.isOk());
4236 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4237 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4238
4239 // Invalid prefixes are ignored.
4240 status = resolvService->setPrefix64(TEST_NETID, "192.0.2.0/24");
4241 EXPECT_FALSE(status.isOk());
4242 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4243 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4244
4245 status = resolvService->setPrefix64(TEST_NETID, "192.0.2.1");
4246 EXPECT_FALSE(status.isOk());
4247 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4248 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4249
4250 status = resolvService->setPrefix64(TEST_NETID, "hello");
4251 EXPECT_FALSE(status.isOk());
4252 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4253 EXPECT_EQ(EINVAL, status.getServiceSpecificError());
4254
4255 // DNS64 synthesis is still working.
4256 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4257 ASSERT_FALSE(result == nullptr);
4258 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4259
4260 // Clear the prefix. No AAAA records any more.
4261 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, "").isOk());
4262 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4263 EXPECT_TRUE(result == nullptr);
4264
4265 // Calling startPrefix64Discovery clears the prefix.
4266 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4267 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4268 ASSERT_FALSE(result == nullptr);
4269 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4270
4271 EXPECT_TRUE(resolvService->startPrefix64Discovery(TEST_NETID).isOk());
4272 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4273 ASSERT_TRUE(result == nullptr);
4274
4275 // setPrefix64 fails if prefix discovery is started, even if no prefix is yet discovered...
4276 status = resolvService->setPrefix64(TEST_NETID, kNat64Prefix);
4277 EXPECT_FALSE(status.isOk());
4278 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4279 EXPECT_EQ(EEXIST, status.getServiceSpecificError());
4280
4281 // .. and clearing the prefix also has no effect.
4282 status = resolvService->setPrefix64(TEST_NETID, "");
4283 EXPECT_FALSE(status.isOk());
4284 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4285 EXPECT_EQ(ENOENT, status.getServiceSpecificError());
4286
4287 // setPrefix64 succeeds again when prefix discovery is stopped.
4288 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4289 EXPECT_TRUE(resolvService->setPrefix64(TEST_NETID, kNat64Prefix).isOk());
4290 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4291 ASSERT_FALSE(result == nullptr);
4292 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4293
4294 // Calling stopPrefix64Discovery clears the prefix.
4295 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4296 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4297 ASSERT_TRUE(result == nullptr);
4298
4299 // Set up NAT64 prefix discovery.
4300 constexpr char dns64_name[] = "ipv4only.arpa.";
4301 const std::vector<DnsRecord> newRecords = {
4302 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4303 {dns64_name, ns_type::ns_t_aaaa, "64:ff9b::192.0.0.170"},
4304 };
4305 dns.stopServer();
4306 StartDns(dns, newRecords);
4307
4308 EXPECT_TRUE(resolvService->startPrefix64Discovery(TEST_NETID).isOk());
4309 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_FOUND));
4310 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4311 ASSERT_FALSE(result == nullptr);
4312 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4313
4314 // setPrefix64 fails if NAT64 prefix discovery has succeeded, and the discovered prefix
4315 // continues to be used.
4316 status = resolvService->setPrefix64(TEST_NETID, kNat64Prefix2);
4317 EXPECT_FALSE(status.isOk());
4318 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4319 EXPECT_EQ(EEXIST, status.getServiceSpecificError());
4320
4321 // Clearing the prefix also has no effect if discovery is started.
4322 status = resolvService->setPrefix64(TEST_NETID, "");
4323 EXPECT_FALSE(status.isOk());
4324 EXPECT_EQ(EX_SERVICE_SPECIFIC, status.getExceptionCode());
4325 EXPECT_EQ(ENOENT, status.getServiceSpecificError());
4326
4327 result = safe_getaddrinfo("v4.example.com", nullptr, &hints);
4328 ASSERT_FALSE(result == nullptr);
4329 EXPECT_EQ("64:ff9b::102:304", ToString(result));
4330
4331 EXPECT_TRUE(resolvService->stopPrefix64Discovery(TEST_NETID).isOk());
4332 EXPECT_TRUE(WaitForNat64Prefix(EXPECT_NOT_FOUND));
4333
4334 EXPECT_EQ(0, sDnsMetricsListener->getUnexpectedNat64PrefixUpdates());
4335 EXPECT_EQ(0, sUnsolicitedEventListener->getUnexpectedNat64PrefixUpdates());
4336 }
4337
4338 namespace {
4339
4340 class ScopedSetNetworkForProcess {
4341 public:
ScopedSetNetworkForProcess(unsigned netId)4342 explicit ScopedSetNetworkForProcess(unsigned netId) {
4343 mStoredNetId = getNetworkForProcess();
4344 if (netId == mStoredNetId) return;
4345 EXPECT_EQ(0, setNetworkForProcess(netId));
4346 }
~ScopedSetNetworkForProcess()4347 ~ScopedSetNetworkForProcess() { EXPECT_EQ(0, setNetworkForProcess(mStoredNetId)); }
4348
4349 private:
4350 unsigned mStoredNetId;
4351 };
4352
4353 class ScopedSetNetworkForResolv {
4354 public:
ScopedSetNetworkForResolv(unsigned netId)4355 explicit ScopedSetNetworkForResolv(unsigned netId) { EXPECT_EQ(0, setNetworkForResolv(netId)); }
~ScopedSetNetworkForResolv()4356 ~ScopedSetNetworkForResolv() { EXPECT_EQ(0, setNetworkForResolv(NETID_UNSET)); }
4357 };
4358
sendCommand(int fd,const std::string & cmd)4359 void sendCommand(int fd, const std::string& cmd) {
4360 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size() + 1));
4361 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size() + 1));
4362 }
4363
readBE32(int fd)4364 int32_t readBE32(int fd) {
4365 int32_t tmp;
4366 int n = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
4367 EXPECT_TRUE(n > 0);
4368 return ntohl(tmp);
4369 }
4370
readResponseCode(int fd)4371 int readResponseCode(int fd) {
4372 char buf[4];
4373 int n = TEMP_FAILURE_RETRY(read(fd, &buf, sizeof(buf)));
4374 EXPECT_TRUE(n > 0);
4375 // The format of response code is that 4 bytes for the code & null.
4376 buf[3] = '\0';
4377 int result;
4378 EXPECT_TRUE(ParseInt(buf, &result));
4379 return result;
4380 }
4381
checkAndClearUseLocalNameserversFlag(unsigned * netid)4382 bool checkAndClearUseLocalNameserversFlag(unsigned* netid) {
4383 if (netid == nullptr || ((*netid) & NETID_USE_LOCAL_NAMESERVERS) == 0) {
4384 return false;
4385 }
4386 *netid = (*netid) & ~NETID_USE_LOCAL_NAMESERVERS;
4387 return true;
4388 }
4389
makeUidRangeParcel(int start,int stop)4390 aidl::android::net::UidRangeParcel makeUidRangeParcel(int start, int stop) {
4391 aidl::android::net::UidRangeParcel res;
4392 res.start = start;
4393 res.stop = stop;
4394
4395 return res;
4396 }
4397
expectNetIdWithLocalNameserversFlag(unsigned netId)4398 void expectNetIdWithLocalNameserversFlag(unsigned netId) {
4399 unsigned dnsNetId = 0;
4400 EXPECT_EQ(0, getNetworkForDns(&dnsNetId));
4401 EXPECT_TRUE(checkAndClearUseLocalNameserversFlag(&dnsNetId));
4402 EXPECT_EQ(netId, static_cast<unsigned>(dnsNetId));
4403 }
4404
expectDnsNetIdEquals(unsigned netId)4405 void expectDnsNetIdEquals(unsigned netId) {
4406 unsigned dnsNetId = 0;
4407 EXPECT_EQ(0, getNetworkForDns(&dnsNetId));
4408 EXPECT_EQ(netId, static_cast<unsigned>(dnsNetId));
4409 }
4410
expectDnsNetIdIsDefaultNetwork(INetd * netdService)4411 void expectDnsNetIdIsDefaultNetwork(INetd* netdService) {
4412 int currentNetid;
4413 EXPECT_TRUE(netdService->networkGetDefault(¤tNetid).isOk());
4414 expectDnsNetIdEquals(currentNetid);
4415 }
4416
expectDnsNetIdWithVpn(INetd * netdService,unsigned vpnNetId,unsigned expectedNetId)4417 void expectDnsNetIdWithVpn(INetd* netdService, unsigned vpnNetId, unsigned expectedNetId) {
4418 if (DnsResponderClient::isRemoteVersionSupported(netdService, 6)) {
4419 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
4420 vpnNetId, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE, /*secure=*/false);
4421 EXPECT_TRUE(netdService->networkCreate(config).isOk());
4422 } else {
4423 #pragma clang diagnostic push
4424 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
4425 EXPECT_TRUE(netdService->networkCreateVpn(vpnNetId, false /* secure */).isOk());
4426 #pragma clang diagnostic pop
4427 }
4428
4429 uid_t uid = getuid();
4430 // Add uid to VPN
4431 EXPECT_TRUE(netdService->networkAddUidRanges(vpnNetId, {makeUidRangeParcel(uid, uid)}).isOk());
4432 expectDnsNetIdEquals(expectedNetId);
4433 EXPECT_TRUE(netdService->networkDestroy(vpnNetId).isOk());
4434 }
4435
4436 } // namespace
4437
TEST_F(ResolverTest,getDnsNetId)4438 TEST_F(ResolverTest, getDnsNetId) {
4439 // We've called setNetworkForProcess in SetupOemNetwork, so reset to default first.
4440 setNetworkForProcess(NETID_UNSET);
4441
4442 expectDnsNetIdIsDefaultNetwork(mDnsClient.netdService());
4443 expectDnsNetIdWithVpn(mDnsClient.netdService(), TEST_VPN_NETID, TEST_VPN_NETID);
4444
4445 // Test with setNetworkForProcess
4446 {
4447 ScopedSetNetworkForProcess scopedSetNetworkForProcess(TEST_NETID);
4448 expectDnsNetIdEquals(TEST_NETID);
4449 }
4450
4451 // Test with setNetworkForProcess with NETID_USE_LOCAL_NAMESERVERS
4452 {
4453 ScopedSetNetworkForProcess scopedSetNetworkForProcess(TEST_NETID |
4454 NETID_USE_LOCAL_NAMESERVERS);
4455 expectNetIdWithLocalNameserversFlag(TEST_NETID);
4456 }
4457
4458 // Test with setNetworkForResolv
4459 {
4460 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID);
4461 expectDnsNetIdEquals(TEST_NETID);
4462 }
4463
4464 // Test with setNetworkForResolv with NETID_USE_LOCAL_NAMESERVERS
4465 {
4466 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID |
4467 NETID_USE_LOCAL_NAMESERVERS);
4468 expectNetIdWithLocalNameserversFlag(TEST_NETID);
4469 }
4470
4471 // Test with setNetworkForResolv under bypassable vpn
4472 {
4473 ScopedSetNetworkForResolv scopedSetNetworkForResolv(TEST_NETID);
4474 expectDnsNetIdWithVpn(mDnsClient.netdService(), TEST_VPN_NETID, TEST_NETID);
4475 }
4476
4477 // Create socket connected to DnsProxyListener
4478 int fd = dns_open_proxy();
4479 EXPECT_TRUE(fd > 0);
4480 unique_fd ufd(fd);
4481
4482 // Test command with wrong netId
4483 sendCommand(fd, "getdnsnetid abc");
4484 EXPECT_EQ(ResponseCode::DnsProxyQueryResult, readResponseCode(fd));
4485 EXPECT_EQ(-EINVAL, readBE32(fd));
4486
4487 // Test unsupported command
4488 sendCommand(fd, "getdnsnetidNotSupported");
4489 // Keep in sync with FrameworkListener.cpp (500, "Command not recognized")
4490 EXPECT_EQ(500, readResponseCode(fd));
4491 }
4492
TEST_F(ResolverTest,BlockDnsQueryWithUidRule)4493 TEST_F(ResolverTest, BlockDnsQueryWithUidRule) {
4494 SKIP_IF_BPF_NOT_SUPPORTED;
4495 constexpr char listen_addr1[] = "127.0.0.4";
4496 constexpr char listen_addr2[] = "::1";
4497 constexpr char host_name[] = "howdy.example.com.";
4498 const std::vector<DnsRecord> records = {
4499 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4500 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4501 };
4502 INetd* netdService = mDnsClient.netdService();
4503
4504 test::DNSResponder dns1(listen_addr1);
4505 test::DNSResponder dns2(listen_addr2);
4506 StartDns(dns1, records);
4507 StartDns(dns2, records);
4508
4509 std::vector<std::string> servers = {listen_addr1, listen_addr2};
4510 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4511 dns1.clearQueries();
4512 dns2.clearQueries();
4513
4514 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4515 // Dns Query
4516 int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4517 int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4518 EXPECT_TRUE(fd1 != -1);
4519 EXPECT_TRUE(fd2 != -1);
4520
4521 uint8_t buf1[MAXPACKET] = {};
4522 uint8_t buf2[MAXPACKET] = {};
4523 int rcode;
4524 int res2 = getAsyncResponse(fd2, &rcode, buf2, MAXPACKET);
4525 int res1 = getAsyncResponse(fd1, &rcode, buf1, MAXPACKET);
4526 // If API level >= 30 (R+), these queries should be blocked.
4527 EXPECT_EQ(res2, -ECONNREFUSED);
4528 EXPECT_EQ(res1, -ECONNREFUSED);
4529 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, EAI_SYSTEM, "howdy.example.com", {});
4530 ExpectDnsEvent(INetdEventListener::EVENT_RES_NSEND, EAI_SYSTEM, "howdy.example.com", {});
4531 }
4532
TEST_F(ResolverTest,GetAddrinfo_BlockDnsQueryWithUidRule)4533 TEST_F(ResolverTest, GetAddrinfo_BlockDnsQueryWithUidRule) {
4534 SKIP_IF_BPF_NOT_SUPPORTED;
4535 constexpr char listen_addr1[] = "127.0.0.4";
4536 constexpr char listen_addr2[] = "::1";
4537 constexpr char host_name[] = "howdy.example.com.";
4538 const std::vector<DnsRecord> records = {
4539 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4540 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4541 };
4542 test::DNSResponder dns1(listen_addr1);
4543 test::DNSResponder dns2(listen_addr2);
4544 StartDns(dns1, records);
4545 StartDns(dns2, records);
4546
4547 std::vector<std::string> servers = {listen_addr1, listen_addr2};
4548 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
4549
4550 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
4551
4552 static struct {
4553 const char* hname;
4554 const int expectedErrorCode;
4555 } kTestData[] = {
4556 {host_name, (isAtLeastT() && fs::exists(DNS_HELPER)) ? EAI_FAIL : EAI_NODATA},
4557 // To test the query with search domain.
4558 {"howdy", (isAtLeastT() && fs::exists(DNS_HELPER)) ? EAI_FAIL : EAI_AGAIN},
4559 };
4560
4561 INetd* netdService = mDnsClient.netdService();
4562 for (auto& td : kTestData) {
4563 SCOPED_TRACE(td.hname);
4564 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4565 // If API level >= 30 (R+), these queries should be blocked.
4566 addrinfo* result = nullptr;
4567 // getaddrinfo() in bionic would convert all errors to EAI_NODATA
4568 // except EAI_SYSTEM.
4569 EXPECT_EQ(EAI_NODATA, getaddrinfo(td.hname, nullptr, &hints, &result));
4570 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, td.expectedErrorCode, td.hname, {});
4571 }
4572 }
4573
TEST_F(ResolverTest,EnforceDnsUid)4574 TEST_F(ResolverTest, EnforceDnsUid) {
4575 SKIP_IF_BPF_NOT_SUPPORTED;
4576 constexpr char listen_addr1[] = "127.0.0.4";
4577 constexpr char listen_addr2[] = "::1";
4578 constexpr char host_name[] = "howdy.example.com.";
4579 const std::vector<DnsRecord> records = {
4580 {host_name, ns_type::ns_t_a, "1.2.3.4"},
4581 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
4582 };
4583 INetd* netdService = mDnsClient.netdService();
4584
4585 test::DNSResponder dns1(listen_addr1);
4586 test::DNSResponder dns2(listen_addr2);
4587 StartDns(dns1, records);
4588 StartDns(dns2, records);
4589
4590 // switch uid of DNS queries from applications to AID_DNS
4591 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4592 parcel.servers = {listen_addr1, listen_addr2};
4593 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
4594
4595 uint8_t buf[MAXPACKET] = {};
4596 uint8_t buf2[MAXPACKET] = {};
4597 int rcode;
4598 {
4599 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4600 // Dns Queries should be blocked
4601 const int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4602 const int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4603 EXPECT_TRUE(fd1 != -1);
4604 EXPECT_TRUE(fd2 != -1);
4605
4606 const int res2 = getAsyncResponse(fd2, &rcode, buf2, MAXPACKET);
4607 const int res1 = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
4608 // If API level >= 30 (R+), the query should be blocked.
4609 EXPECT_EQ(res2, -ECONNREFUSED);
4610 EXPECT_EQ(res1, -ECONNREFUSED);
4611 }
4612
4613 memset(buf, 0, MAXPACKET);
4614 ResolverOptionsParcel resolverOptions;
4615 resolverOptions.enforceDnsUid = true;
4616 if (!mIsResolverOptionIPCSupported) {
4617 parcel.resolverOptions = resolverOptions;
4618 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
4619 } else {
4620 ASSERT_TRUE(mDnsClient.resolvService()
4621 ->setResolverOptions(parcel.netId, resolverOptions)
4622 .isOk());
4623 }
4624
4625 {
4626 ScopeBlockedUIDRule scopeBlockUidRule(netdService, TEST_UID);
4627 // Dns Queries should NOT be blocked
4628 int fd1 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_a, 0);
4629 int fd2 = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
4630 EXPECT_TRUE(fd1 != -1);
4631 EXPECT_TRUE(fd2 != -1);
4632
4633 int res = getAsyncResponse(fd2, &rcode, buf, MAXPACKET);
4634 EXPECT_EQ("::1.2.3.4", toString(buf, res, AF_INET6));
4635
4636 memset(buf, 0, MAXPACKET);
4637 res = getAsyncResponse(fd1, &rcode, buf, MAXPACKET);
4638 EXPECT_EQ("1.2.3.4", toString(buf, res, AF_INET));
4639
4640 // @TODO: So far we know that uid of DNS queries are no more set to DNS requester. But we
4641 // don't check if they are actually being set to AID_DNS, because system uids are always
4642 // allowed in bpf_owner_match(). Audit by firewallSetUidRule(AID_DNS) + sending queries is
4643 // infeasible. Fix it if the behavior of bpf_owner_match() is changed in the future, or if
4644 // we have better idea to deal with this.
4645 }
4646 }
4647
TEST_F(ResolverTest,ConnectTlsServerTimeout)4648 TEST_F(ResolverTest, ConnectTlsServerTimeout) {
4649 constexpr char hostname1[] = "query1.example.com.";
4650 constexpr char hostname2[] = "query2.example.com.";
4651 const std::vector<DnsRecord> records = {
4652 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
4653 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
4654 };
4655
4656 // TODO: Remove it after b/254186357 is clarified.
4657 ASSERT_TRUE(mDnsClient.resolvService()
4658 ->setLogSeverity(aidl::android::net::IDnsResolver::DNS_RESOLVER_LOG_VERBOSE)
4659 .isOk());
4660
4661 static const struct TestConfig {
4662 bool asyncHandshake;
4663 int maxRetries;
4664
4665 // if asyncHandshake:
4666 // expectedTimeout = Min(DotQueryTimeoutMs, dotConnectTimeoutMs * maxRetries)
4667 // otherwise:
4668 // expectedTimeout = dotConnectTimeoutMs
4669 int expectedTimeout;
4670 } testConfigs[] = {
4671 // Test mis-configured dot_maxtries flag.
4672 {false, 0, 1000}, {true, 0, 1000},
4673
4674 {false, 1, 1000}, {false, 3, 1000}, {true, 1, 1000}, {true, 3, 3000},
4675 };
4676
4677 for (const auto& config : testConfigs) {
4678 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", config.asyncHandshake, config.maxRetries));
4679
4680 // Because a DnsTlsTransport lasts at least 5 minutes in spite of network
4681 // destroyed, let the resolver creates an unique DnsTlsTransport every time
4682 // so that the DnsTlsTransport won't interfere the other tests.
4683 const std::string addr = getUniqueIPv4Address();
4684 test::DNSResponder dns(addr);
4685 StartDns(dns, records);
4686 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4687 ASSERT_TRUE(tls.startServer());
4688
4689 // The resolver will adjust the timeout value to 1000ms since the value is too small.
4690 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag, "100");
4691
4692 // Infinite timeout.
4693 ScopedSystemProperties sp2(kDotQueryTimeoutMsFlag, "-1");
4694
4695 ScopedSystemProperties sp3(kDotAsyncHandshakeFlag, config.asyncHandshake ? "1" : "0");
4696 ScopedSystemProperties sp4(kDotMaxretriesFlag, std::to_string(config.maxRetries));
4697
4698 // Don't skip unusable DoT servers and disable revalidation for this test.
4699 ScopedSystemProperties sp5(kDotXportUnusableThresholdFlag, "-1");
4700 ScopedSystemProperties sp6(kDotRevalidationThresholdFlag, "-1");
4701 resetNetwork();
4702
4703 // Set up resolver to opportunistic mode.
4704 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4705 parcel.servers = {addr};
4706 parcel.tlsServers = {addr};
4707 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4708 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4709 EXPECT_TRUE(tls.waitForQueries(1));
4710 tls.clearQueries();
4711 dns.clearQueries();
4712
4713 // The server becomes unresponsive to the handshake request.
4714 tls.setHangOnHandshakeForTesting(true);
4715
4716 // Expect the things happening in getaddrinfo():
4717 // 1. Connect to the private DNS server.
4718 // 2. SSL handshake times out.
4719 // 3. Fallback to UDP transport, and then get the answer.
4720 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
4721 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(hostname1, nullptr, hints);
4722
4723 EXPECT_NE(nullptr, result);
4724 EXPECT_EQ(0, tls.queries());
4725 EXPECT_EQ(1U, GetNumQueries(dns, hostname1));
4726 EXPECT_EQ(records.at(0).addr, ToString(result));
4727
4728 // A loose upper bound is set by adding 1000ms buffer time. Theoretically, getaddrinfo()
4729 // should just take a bit more than expetTimeout milliseconds.
4730 EXPECT_GE(timeTakenMs, config.expectedTimeout);
4731 EXPECT_LE(timeTakenMs, config.expectedTimeout + 1000);
4732
4733 // Set the server to be responsive. Verify that the resolver will attempt to reconnect
4734 // to the server and then get the result within the timeout.
4735 tls.setHangOnHandshakeForTesting(false);
4736 std::tie(result, timeTakenMs) = safe_getaddrinfo_time_taken(hostname2, nullptr, hints);
4737
4738 EXPECT_NE(nullptr, result);
4739 EXPECT_TRUE(tls.waitForQueries(1));
4740 EXPECT_EQ(1U, GetNumQueries(dns, hostname2));
4741 EXPECT_EQ(records.at(1).addr, ToString(result));
4742
4743 EXPECT_LE(timeTakenMs, 1000);
4744 }
4745
4746 // TODO: Remove it after b/254186357 is clarified.
4747 ASSERT_TRUE(mDnsClient.resolvService()
4748 ->setLogSeverity(aidl::android::net::IDnsResolver::DNS_RESOLVER_LOG_INFO)
4749 .isOk());
4750 }
4751
TEST_F(ResolverTest,ConnectTlsServerTimeout_ConcurrentQueries)4752 TEST_F(ResolverTest, ConnectTlsServerTimeout_ConcurrentQueries) {
4753 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
4754 constexpr char hostname[] = "hello.example.com.";
4755 const std::vector<DnsRecord> records = {
4756 {hostname, ns_type::ns_t_a, "1.2.3.4"},
4757 };
4758 int testConfigCount = 0;
4759
4760 static const struct TestConfig {
4761 bool asyncHandshake;
4762 int dotConnectTimeoutMs;
4763 int dotQueryTimeoutMs;
4764 int maxRetries;
4765 int concurrency;
4766
4767 // if asyncHandshake:
4768 // expectedTimeout = Min(DotQueryTimeoutMs, dotConnectTimeoutMs * maxRetries)
4769 // otherwise:
4770 // expectedTimeout = dotConnectTimeoutMs * concurrency
4771 int expectedTimeout;
4772 } testConfigs[] = {
4773 // clang-format off
4774 {false, 1000, 3000, 1, 5, 5000},
4775 {false, 1000, 3000, 3, 5, 5000},
4776 {false, 2000, 1500, 3, 2, 4000},
4777 {true, 1000, 3000, 1, 5, 1000},
4778 {true, 2500, 1500, 1, 10, 1500},
4779 {true, 1000, 5000, 3, 5, 3000},
4780 // clang-format on
4781 };
4782
4783 // Launch query threads. Expected behaviors are:
4784 // - when dot_async_handshake is disabled, one of the query threads triggers a
4785 // handshake and then times out. Then same as another query thread, and so forth.
4786 // - when dot_async_handshake is enabled, only one handshake is triggered, and then
4787 // all of the query threads time out at the same time.
4788 for (const auto& config : testConfigs) {
4789 testConfigCount++;
4790 ScopedSystemProperties sp1(kDotQueryTimeoutMsFlag,
4791 std::to_string(config.dotQueryTimeoutMs));
4792 ScopedSystemProperties sp2(kDotConnectTimeoutMsFlag,
4793 std::to_string(config.dotConnectTimeoutMs));
4794 ScopedSystemProperties sp3(kDotAsyncHandshakeFlag, config.asyncHandshake ? "1" : "0");
4795 ScopedSystemProperties sp4(kDotMaxretriesFlag, std::to_string(config.maxRetries));
4796
4797 // Don't skip unusable DoT servers and disable revalidation for this test.
4798 ScopedSystemProperties sp5(kDotXportUnusableThresholdFlag, "-1");
4799 ScopedSystemProperties sp6(kDotRevalidationThresholdFlag, "-1");
4800 resetNetwork();
4801
4802 for (const std::string_view dnsMode : {"OPPORTUNISTIC", "STRICT"}) {
4803 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", testConfigCount, dnsMode));
4804
4805 // Because a DnsTlsTransport lasts at least 5 minutes in spite of network
4806 // destroyed, let the resolver creates an unique DnsTlsTransport every time
4807 // so that the DnsTlsTransport won't interfere the other tests.
4808 const std::string addr = getUniqueIPv4Address();
4809 test::DNSResponder dns(addr);
4810 StartDns(dns, records);
4811 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4812 ASSERT_TRUE(tls.startServer());
4813
4814 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4815 parcel.servers = {addr};
4816 parcel.tlsServers = {addr};
4817 if (dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4818 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4819 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4820 EXPECT_TRUE(tls.waitForQueries(1));
4821
4822 // The server becomes unresponsive to the handshake request.
4823 tls.setHangOnHandshakeForTesting(true);
4824
4825 Stopwatch s;
4826 std::vector<std::thread> threads(config.concurrency);
4827 for (std::thread& thread : threads) {
4828 thread = std::thread([&]() {
4829 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4830 dnsMode == "STRICT" ? expectAnswersNotValid(fd, -ETIMEDOUT)
4831 : expectAnswersValid(fd, AF_INET, "1.2.3.4");
4832 });
4833 }
4834 for (std::thread& thread : threads) {
4835 thread.join();
4836 }
4837
4838 const int timeTakenMs = s.timeTakenUs() / 1000;
4839 // A loose upper bound is set by adding 1000ms buffer time. Theoretically, it should
4840 // just take a bit more than expetTimeout milliseconds for the result.
4841 EXPECT_GE(timeTakenMs, config.expectedTimeout);
4842 EXPECT_LE(timeTakenMs, config.expectedTimeout + 1000);
4843
4844 // Recover the server from being unresponsive and try again.
4845 tls.setHangOnHandshakeForTesting(false);
4846 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
4847 if (dnsMode == "STRICT" && config.asyncHandshake &&
4848 config.dotQueryTimeoutMs < (config.dotConnectTimeoutMs * config.maxRetries)) {
4849 // In this case, the connection handshake is supposed to be in progress. Queries
4850 // sent before the handshake finishes will time out (either due to connect timeout
4851 // or query timeout).
4852 expectAnswersNotValid(fd, -ETIMEDOUT);
4853 } else {
4854 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4855 }
4856 }
4857 }
4858 }
4859
4860 // Tests that the DoT query timeout is configurable via the feature flag "dot_query_timeout_ms".
4861 // The test DoT server is configured to postpone DNS queries for DOT_SERVER_UNRESPONSIVE_TIME_MS
4862 // (2s). If the feature flag is set to a positive value smaller than
4863 // DOT_SERVER_UNRESPONSIVE_TIME_MS, DoT queries should timeout.
TEST_F(ResolverTest,QueryTlsServerTimeout)4864 TEST_F(ResolverTest, QueryTlsServerTimeout) {
4865 constexpr int DOT_SERVER_UNRESPONSIVE_TIME_MS = 2000;
4866 constexpr int TIMING_TOLERANCE_MS = 500;
4867 constexpr char hostname1[] = "query1.example.com.";
4868 const std::vector<DnsRecord> records = {
4869 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
4870 };
4871
4872 static const struct TestConfig {
4873 std::string dnsMode;
4874 int queryTimeoutMs;
4875 int expectResultTimedOut;
4876 int expectedTimeTakenMs;
4877 } testConfigs[] = {
4878 // clang-format off
4879 {"OPPORTUNISTIC", -1, false, DOT_SERVER_UNRESPONSIVE_TIME_MS},
4880 {"OPPORTUNISTIC", 1000, false, 1000},
4881 {"STRICT", -1, false, DOT_SERVER_UNRESPONSIVE_TIME_MS},
4882 // `expectResultTimedOut` is true in the following testcase because in strict mode
4883 // DnsResolver doesn't try Do53 servers after the DoT query is timed out.
4884 {"STRICT", 1000, true, 1000},
4885 // clang-format on
4886 };
4887 for (const auto& config : testConfigs) {
4888 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", config.dnsMode, config.queryTimeoutMs));
4889
4890 const std::string addr = getUniqueIPv4Address();
4891 test::DNSResponder dns(addr);
4892 StartDns(dns, records);
4893 test::DnsTlsFrontend tls(addr, "853", addr, "53");
4894 ASSERT_TRUE(tls.startServer());
4895
4896 ScopedSystemProperties sp(kDotQueryTimeoutMsFlag, std::to_string(config.queryTimeoutMs));
4897
4898 // Don't skip unusable DoT servers and disable revalidation for this test.
4899 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag, "-1");
4900 ScopedSystemProperties sp3(kDotRevalidationThresholdFlag, "-1");
4901 resetNetwork();
4902
4903 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4904 parcel.servers = {addr};
4905 parcel.tlsServers = {addr};
4906 if (config.dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
4907
4908 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4909 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
4910 EXPECT_TRUE(tls.waitForQueries(1));
4911 tls.clearQueries();
4912
4913 // Set the DoT server to be unresponsive to DNS queries for
4914 // `DOT_SERVER_UNRESPONSIVE_TIME_MS` ms.
4915 tls.setDelayQueries(999);
4916 tls.setDelayQueriesTimeout(DOT_SERVER_UNRESPONSIVE_TIME_MS);
4917
4918 // Send a DNS query, and then check the result and the response time.
4919 Stopwatch s;
4920 int fd = resNetworkQuery(TEST_NETID, hostname1, ns_c_in, ns_t_a,
4921 ANDROID_RESOLV_NO_CACHE_LOOKUP);
4922 if (config.expectResultTimedOut) {
4923 expectAnswersNotValid(fd, -ETIMEDOUT);
4924 } else {
4925 expectAnswersValid(fd, AF_INET, "1.2.3.4");
4926 }
4927 const int timeTakenMs = s.getTimeAndResetUs() / 1000;
4928 EXPECT_NEAR(config.expectedTimeTakenMs, timeTakenMs, TIMING_TOLERANCE_MS);
4929 EXPECT_TRUE(tls.waitForQueries(1));
4930 }
4931 }
4932
4933 // Tests that the DnsResolver can skip using unusable DoT servers if dot_xport_unusable_threshold
4934 // flag is set. In this test, we make test DoT servers unresponsive during connection handshake,
4935 // so the DnsResolver will skip using a DoT server if the number of timed out queries reaches
4936 // the threshold.
TEST_F(ResolverTest,SkipUnusableTlsServer)4937 TEST_F(ResolverTest, SkipUnusableTlsServer) {
4938 constexpr int DOT_CONNECT_TIMEOUT_MS = 1000;
4939
4940 static const struct TestConfig {
4941 int dotXportUnusableThreshold;
4942 int queries;
4943 int expectedQueriesSentToDot1;
4944 int expectedQueriesSentToDot2;
4945 } testConfigs[] = {
4946 // clang-format off
4947 // expectedQueriesSentToDot2 is 0 because dot_quick_fallback flag is set.
4948 {-1, 3, 3, 0},
4949 { 1, 3, 1, 1},
4950 { 3, 10, 3, 3},
4951 // clang-format on
4952 };
4953
4954 for (const auto& config : testConfigs) {
4955 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}, {}]", config.dotXportUnusableThreshold,
4956 config.queries, config.expectedQueriesSentToDot1,
4957 config.expectedQueriesSentToDot2));
4958
4959 const std::string addr1 = getUniqueIPv4Address();
4960 const std::string addr2 = getUniqueIPv4Address();
4961 test::DNSResponder dns1(addr1);
4962 test::DNSResponder dns2(addr2);
4963 test::DnsTlsFrontend dot1(addr1, "853", addr1, "53");
4964 test::DnsTlsFrontend dot2(addr2, "853", addr2, "53");
4965 dns1.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
4966 dns2.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
4967 ASSERT_TRUE(dns1.startServer());
4968 ASSERT_TRUE(dns2.startServer());
4969 ASSERT_TRUE(dot1.startServer());
4970 ASSERT_TRUE(dot2.startServer());
4971
4972 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag,
4973 std::to_string(DOT_CONNECT_TIMEOUT_MS));
4974 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag,
4975 std::to_string(config.dotXportUnusableThreshold));
4976 ScopedSystemProperties sp3(kDotQuickFallbackFlag, "1");
4977 ScopedSystemProperties sp4(kDotRevalidationThresholdFlag, "-1");
4978 resetNetwork();
4979
4980 // Private DNS opportunistic mode.
4981 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
4982 parcel.servers = {addr1, addr2};
4983 parcel.tlsServers = {addr1, addr2};
4984 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
4985
4986 EXPECT_TRUE(WaitForPrivateDnsValidation(dot1.listen_address(), true));
4987 EXPECT_TRUE(WaitForPrivateDnsValidation(dot2.listen_address(), true));
4988 EXPECT_TRUE(dot1.waitForQueries(1));
4989 EXPECT_TRUE(dot2.waitForQueries(1));
4990 dot1.clearQueries();
4991 dot2.clearQueries();
4992 dot1.clearConnectionsCount();
4993 dot2.clearConnectionsCount();
4994
4995 // Set the DoT servers as unresponsive to connection handshake.
4996 dot1.setHangOnHandshakeForTesting(true);
4997 dot2.setHangOnHandshakeForTesting(true);
4998
4999 // Send sequential queries
5000 for (int i = 0; i < config.queries; i++) {
5001 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_aaaa,
5002 ANDROID_RESOLV_NO_CACHE_LOOKUP);
5003 expectAnswersValid(fd, AF_INET6, kHelloExampleComAddrV6);
5004 }
5005
5006 if (GetProperty(kDotAsyncHandshakeFlag, "0") == "0") {
5007 EXPECT_EQ(dot1.acceptConnectionsCount(), config.expectedQueriesSentToDot1);
5008 EXPECT_EQ(dot2.acceptConnectionsCount(), config.expectedQueriesSentToDot2);
5009 } else {
5010 // If the flag dot_async_handshake is set to 1, the DnsResolver will try
5011 // DoT connection establishment at most |retries| times.
5012 const int retries = std::stoi(GetProperty(kDotMaxretriesFlag, "3"));
5013 EXPECT_EQ(dot1.acceptConnectionsCount(), config.expectedQueriesSentToDot1 * retries);
5014 EXPECT_EQ(dot2.acceptConnectionsCount(), config.expectedQueriesSentToDot2 * retries);
5015 }
5016 }
5017 }
5018
5019 // Verifies that the DnsResolver re-validates the DoT server when several DNS queries to
5020 // the server fails in a row.
TEST_F(ResolverTest,TlsServerRevalidation)5021 TEST_F(ResolverTest, TlsServerRevalidation) {
5022 constexpr uint32_t cacheFlag = ANDROID_RESOLV_NO_CACHE_LOOKUP;
5023 constexpr int dotXportUnusableThreshold = 10;
5024 constexpr int dotQueryTimeoutMs = 1000;
5025 constexpr char hostname[] = "hello.example.com.";
5026 const std::vector<DnsRecord> records = {
5027 {hostname, ns_type::ns_t_a, "1.2.3.4"},
5028 };
5029
5030 static const struct TestConfig {
5031 std::string dnsMode;
5032 int validationThreshold;
5033 int queries;
5034
5035 // Expected behavior in the DnsResolver.
5036 bool expectRevalidationHappen;
5037 bool expectDotUnusable;
5038 } testConfigs[] = {
5039 // clang-format off
5040 {"OPPORTUNISTIC", -1, 5, false, false},
5041 {"OPPORTUNISTIC", -1, 10, false, true},
5042 {"OPPORTUNISTIC", 5, 5, true, false},
5043 {"OPPORTUNISTIC", 5, 10, true, true},
5044 {"STRICT", -1, 5, false, false},
5045 {"STRICT", -1, 10, false, false},
5046 {"STRICT", 5, 5, false, false},
5047 {"STRICT", 5, 10, false, false},
5048 // clang-format on
5049 };
5050
5051 for (const auto& config : testConfigs) {
5052 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}]", config.dnsMode,
5053 config.validationThreshold, config.queries));
5054 const int queries = config.queries;
5055 const int delayQueriesTimeout = dotQueryTimeoutMs + 1000;
5056
5057 ScopedSystemProperties sp1(kDotRevalidationThresholdFlag,
5058 std::to_string(config.validationThreshold));
5059 ScopedSystemProperties sp2(kDotXportUnusableThresholdFlag,
5060 std::to_string(dotXportUnusableThreshold));
5061 ScopedSystemProperties sp3(kDotQueryTimeoutMsFlag, std::to_string(dotQueryTimeoutMs));
5062 resetNetwork();
5063
5064 // This test is sensitive to the number of queries sent in DoT validation.
5065 int latencyFactor;
5066 int latencyOffsetMs;
5067 // The feature is enabled by default in R.
5068 latencyFactor = std::stoi(GetProperty(kDotValidationLatencyFactorFlag, "3"));
5069 latencyOffsetMs = std::stoi(GetProperty(kDotValidationLatencyOffsetMsFlag, "100"));
5070 const bool dotValidationExtraProbes = (config.dnsMode == "OPPORTUNISTIC") &&
5071 (latencyFactor >= 0 && latencyOffsetMs >= 0 &&
5072 latencyFactor + latencyOffsetMs != 0);
5073
5074 const std::string addr = getUniqueIPv4Address();
5075 test::DNSResponder dns(addr);
5076 StartDns(dns, records);
5077 test::DnsTlsFrontend tls(addr, "853", addr, "53");
5078 ASSERT_TRUE(tls.startServer());
5079
5080 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5081 parcel.servers = {addr};
5082 parcel.tlsServers = {addr};
5083 if (config.dnsMode == "STRICT") parcel.tlsName = kDefaultPrivateDnsHostName;
5084 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5085 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5086 if (dotValidationExtraProbes) {
5087 EXPECT_TRUE(tls.waitForQueries(2));
5088 } else {
5089 EXPECT_TRUE(tls.waitForQueries(1));
5090 }
5091 tls.clearQueries();
5092 dns.clearQueries();
5093
5094 // Expect the things happening in order:
5095 // 1. Configure the DoT server to postpone |queries + 1| DNS queries.
5096 // 2. Send |queries| DNS queries, they will time out in 1 second.
5097 // 3. 1 second later, the DoT server still waits for one more DNS query until
5098 // |delayQueriesTimeout| times out.
5099 // 4. (opportunistic mode only) Meanwhile, DoT revalidation happens. The DnsResolver
5100 // creates a new connection and sends a query to the DoT server.
5101 // 5. 1 second later, |delayQueriesTimeout| times out. The DoT server flushes all of the
5102 // postponed DNS queries, and handles the query which comes from the revalidation.
5103 // 6. (opportunistic mode only) The revalidation succeeds.
5104 // 7. Send another DNS query, and expect it will succeed.
5105 // 8. (opportunistic mode only) If the DoT server has been deemed as unusable, the
5106 // DnsResolver skips trying the DoT server.
5107
5108 // Step 1.
5109 tls.setDelayQueries(queries + 1);
5110 tls.setDelayQueriesTimeout(delayQueriesTimeout);
5111
5112 // Step 2.
5113 std::vector<std::thread> threads1(queries);
5114 for (std::thread& thread : threads1) {
5115 thread = std::thread([&]() {
5116 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
5117 config.dnsMode == "STRICT" ? expectAnswersNotValid(fd, -ETIMEDOUT)
5118 : expectAnswersValid(fd, AF_INET, "1.2.3.4");
5119 });
5120 }
5121
5122 // Step 3 and 4.
5123 for (std::thread& thread : threads1) {
5124 thread.join();
5125 }
5126
5127 // Recover the config to make the revalidation can succeed.
5128 tls.setDelayQueries(1);
5129
5130 // Step 5 and 6.
5131 int expectedDotQueries = queries;
5132 int extraDnsProbe = 0;
5133 if (config.expectRevalidationHappen) {
5134 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5135 expectedDotQueries++;
5136
5137 if (dotValidationExtraProbes) {
5138 expectedDotQueries++;
5139 extraDnsProbe = 1;
5140 }
5141 }
5142
5143 // Step 7 and 8.
5144 int fd = resNetworkQuery(TEST_NETID, hostname, ns_c_in, ns_t_a, cacheFlag);
5145 expectAnswersValid(fd, AF_INET, "1.2.3.4");
5146 expectedDotQueries++;
5147
5148 const int expectedDo53Queries =
5149 expectedDotQueries +
5150 (config.dnsMode == "OPPORTUNISTIC" ? (queries + extraDnsProbe) : 0);
5151
5152 if (config.expectDotUnusable) {
5153 // A DoT server can be deemed as unusable only in opportunistic mode. When it happens,
5154 // the DnsResolver doesn't use the DoT server for a certain period of time.
5155 expectedDotQueries--;
5156 }
5157
5158 // This code makes the test more robust to race condition.
5159 EXPECT_TRUE(tls.waitForQueries(expectedDotQueries));
5160
5161 EXPECT_EQ(dns.queries().size(), static_cast<unsigned>(expectedDo53Queries));
5162 EXPECT_EQ(tls.queries(), expectedDotQueries);
5163 }
5164 }
5165
5166 // Verifies that private DNS validation fails if DoT server is much slower than cleartext server.
TEST_F(ResolverTest,TlsServerValidation_UdpProbe)5167 TEST_F(ResolverTest, TlsServerValidation_UdpProbe) {
5168 constexpr char backend_addr[] = "127.0.0.3";
5169 test::DNSResponder backend(backend_addr);
5170 backend.setResponseDelayMs(200);
5171 ASSERT_TRUE(backend.startServer());
5172
5173 static const struct TestConfig {
5174 int latencyFactor;
5175 int latencyOffsetMs;
5176 bool udpProbeLost;
5177 size_t expectedUdpProbes;
5178 bool expectedValidationPass;
5179 } testConfigs[] = {
5180 // clang-format off
5181 {-1, -1, false, 0, true},
5182 {0, 0, false, 0, true},
5183 {1, 10, false, 1, false},
5184 {1, 10, true, 2, false},
5185 {5, 300, false, 1, true},
5186 {5, 300, true, 2, true},
5187 // clang-format on
5188 };
5189
5190 for (const auto& config : testConfigs) {
5191 SCOPED_TRACE(fmt::format("testConfig: [{}, {}, {}]", config.latencyFactor,
5192 config.latencyOffsetMs, config.udpProbeLost));
5193
5194 const std::string addr = getUniqueIPv4Address();
5195 test::DNSResponder dns(addr, "53", static_cast<ns_rcode>(-1));
5196 test::DnsTlsFrontend tls(addr, "853", backend_addr, "53");
5197 dns.setResponseDelayMs(10);
5198 ASSERT_TRUE(dns.startServer());
5199 ASSERT_TRUE(tls.startServer());
5200
5201 ScopedSystemProperties sp1(kDotValidationLatencyFactorFlag,
5202 std::to_string(config.latencyFactor));
5203 ScopedSystemProperties sp2(kDotValidationLatencyOffsetMsFlag,
5204 std::to_string(config.latencyOffsetMs));
5205 resetNetwork();
5206
5207 std::unique_ptr<std::thread> thread;
5208 if (config.udpProbeLost) {
5209 thread.reset(new std::thread([&dns]() {
5210 // Simulate that the first UDP probe is lost and the second UDP probe succeeds.
5211 dns.setResponseProbability(0.0);
5212 std::this_thread::sleep_for(std::chrono::seconds(2));
5213 dns.setResponseProbability(1.0);
5214 }));
5215 }
5216
5217 // Set up opportunistic mode, and wait for the validation complete.
5218 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5219 parcel.servers = {addr};
5220 parcel.tlsServers = {addr};
5221 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5222
5223 // The timeout of WaitForPrivateDnsValidation is 5 seconds which is still enough for
5224 // the testcase of UDP probe lost because the retry of UDP probe happens after 3 seconds.
5225 EXPECT_TRUE(
5226 WaitForPrivateDnsValidation(tls.listen_address(), config.expectedValidationPass));
5227 EXPECT_EQ(dns.queries().size(), config.expectedUdpProbes);
5228 dns.clearQueries();
5229
5230 // Test that Private DNS validation always pass in strict mode.
5231 parcel.tlsName = kDefaultPrivateDnsHostName;
5232 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5233 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
5234 EXPECT_EQ(dns.queries().size(), 0U);
5235
5236 if (thread) {
5237 thread->join();
5238 thread.reset();
5239 }
5240 }
5241 }
5242
5243 // Verifies that DNS queries can quick fall back to UDP if the first DoT server is unresponsive.
TEST_F(ResolverTest,DotQuickFallback)5244 TEST_F(ResolverTest, DotQuickFallback) {
5245 constexpr int DOT_CONNECT_TIMEOUT_MS = 1000;
5246 const std::string addr1 = getUniqueIPv4Address();
5247 const std::string addr2 = getUniqueIPv4Address();
5248 test::DNSResponder dns1(addr1);
5249 test::DNSResponder dns2(addr2);
5250 test::DnsTlsFrontend dot1(addr1, "853", addr1, "53");
5251 test::DnsTlsFrontend dot2(addr2, "853", addr2, "53");
5252
5253 dns1.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
5254 dns2.addMapping(kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6);
5255 ASSERT_TRUE(dns1.startServer());
5256 ASSERT_TRUE(dns2.startServer());
5257 ASSERT_TRUE(dot1.startServer());
5258 ASSERT_TRUE(dot2.startServer());
5259
5260 static const struct TestConfig {
5261 std::string privateDnsMode;
5262 int dotQuickFallbackFlag;
5263 } testConfigs[] = {
5264 // clang-format off
5265 {"OPPORTUNISTIC", 0},
5266 {"OPPORTUNISTIC", 1},
5267 {"STRICT", 0},
5268 {"STRICT", 1},
5269 // clang-format on
5270 };
5271
5272 for (const auto& config : testConfigs) {
5273 SCOPED_TRACE(fmt::format("testConfig: [{}, {}]", config.privateDnsMode,
5274 config.dotQuickFallbackFlag));
5275
5276 const bool canQuickFallback =
5277 (config.dotQuickFallbackFlag == 1) && (config.privateDnsMode == "OPPORTUNISTIC");
5278 ScopedSystemProperties sp1(kDotConnectTimeoutMsFlag,
5279 std::to_string(DOT_CONNECT_TIMEOUT_MS));
5280 ScopedSystemProperties sp2(kDotQuickFallbackFlag,
5281 std::to_string(config.dotQuickFallbackFlag));
5282
5283 // Disable revalidation because we are reusing the same IP address of DoT servers.
5284 ScopedSystemProperties sp3(kDotRevalidationThresholdFlag, "-1");
5285
5286 // TODO: Remove the flags and fix the test.
5287 ScopedSystemProperties sp4(kDotAsyncHandshakeFlag, "0");
5288 ScopedSystemProperties sp5(kDotMaxretriesFlag, "3");
5289 resetNetwork();
5290
5291 resetNetwork();
5292
5293 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5294 parcel.servers = {addr1, addr2};
5295 parcel.tlsServers = {addr1, addr2};
5296 parcel.tlsName = (config.privateDnsMode == "STRICT") ? kDefaultPrivateDnsHostName : "";
5297 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5298
5299 EXPECT_TRUE(WaitForPrivateDnsValidation(dot1.listen_address(), true));
5300 EXPECT_TRUE(WaitForPrivateDnsValidation(dot2.listen_address(), true));
5301 EXPECT_TRUE(dot1.waitForQueries(1));
5302 EXPECT_TRUE(dot2.waitForQueries(1));
5303 dot1.clearQueries();
5304 dot2.clearQueries();
5305 dot1.clearConnectionsCount();
5306 dot2.clearConnectionsCount();
5307
5308 // Set the DoT server unresponsive to connection handshake.
5309 dot1.setHangOnHandshakeForTesting(true);
5310
5311 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_aaaa,
5312 ANDROID_RESOLV_NO_CACHE_LOOKUP);
5313 expectAnswersValid(fd, AF_INET6, kHelloExampleComAddrV6);
5314
5315 EXPECT_EQ(dot1.acceptConnectionsCount(), 1);
5316 EXPECT_EQ(dot2.acceptConnectionsCount(), canQuickFallback ? 0 : 1);
5317 EXPECT_TRUE(dot2.waitForQueries(canQuickFallback ? 0 : 1));
5318
5319 dot1.setHangOnHandshakeForTesting(false);
5320 }
5321 }
5322
TEST_F(ResolverTest,FlushNetworkCache)5323 TEST_F(ResolverTest, FlushNetworkCache) {
5324 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5325 test::DNSResponder dns;
5326 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5327 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5328
5329 const hostent* result = gethostbyname("hello");
5330 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5331 std::function<bool()> HasTheExpectedResult = [result]() -> bool {
5332 if (result == nullptr) return false;
5333 EXPECT_EQ(4, result->h_length);
5334 if (result->h_addr_list[0] == nullptr) return false;
5335 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5336 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
5337 return true;
5338 };
5339 ASSERT_TRUE(HasTheExpectedResult());
5340
5341 // get result from cache
5342 result = gethostbyname("hello");
5343 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5344 ASSERT_TRUE(HasTheExpectedResult());
5345
5346 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5347
5348 result = gethostbyname("hello");
5349 EXPECT_EQ(2U, GetNumQueriesForType(dns, ns_type::ns_t_a, kHelloExampleCom));
5350 ASSERT_TRUE(HasTheExpectedResult());
5351 }
5352
TEST_F(ResolverTest,FlushNetworkCache_random)5353 TEST_F(ResolverTest, FlushNetworkCache_random) {
5354 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5355 constexpr int num_flush = 10;
5356 constexpr int num_queries = 20;
5357 test::DNSResponder dns;
5358 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5359 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5360 const addrinfo hints = {.ai_family = AF_INET};
5361
5362 std::thread t([this]() {
5363 for (int i = 0; i < num_flush; ++i) {
5364 unsigned delay = arc4random_uniform(10 * 1000); // 10ms
5365 usleep(delay);
5366 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5367 }
5368 });
5369
5370 for (int i = 0; i < num_queries; ++i) {
5371 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5372 EXPECT_TRUE(result != nullptr);
5373 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5374 }
5375 t.join();
5376 }
5377
5378 // flush cache while one query is wait-for-response, another is pending.
TEST_F(ResolverTest,FlushNetworkCache_concurrent)5379 TEST_F(ResolverTest, FlushNetworkCache_concurrent) {
5380 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
5381 const char* listen_addr1 = "127.0.0.9";
5382 const char* listen_addr2 = "127.0.0.10";
5383 test::DNSResponder dns1(listen_addr1);
5384 test::DNSResponder dns2(listen_addr2);
5385 StartDns(dns1, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5386 StartDns(dns2, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5387 addrinfo hints = {.ai_family = AF_INET};
5388
5389 // step 1: set server#1 into deferred responding mode
5390 dns1.setDeferredResp(true);
5391 std::thread t1([&listen_addr1, &hints, this]() {
5392 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr1}));
5393 // step 3: query
5394 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5395 // step 9: check result
5396 EXPECT_TRUE(result != nullptr);
5397 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5398 });
5399
5400 // step 2: wait for the query to reach the server
5401 while (GetNumQueries(dns1, kHelloExampleCom) == 0) {
5402 usleep(1000); // 1ms
5403 }
5404
5405 std::thread t2([&listen_addr2, &hints, &dns2, this]() {
5406 ASSERT_TRUE(mDnsClient.SetResolversForNetwork({listen_addr2}));
5407 // step 5: query (should be blocked in resolver)
5408 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5409 // step 7: check result
5410 EXPECT_TRUE(result != nullptr);
5411 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5412 EXPECT_EQ(1U, GetNumQueriesForType(dns2, ns_type::ns_t_a, kHelloExampleCom));
5413 });
5414
5415 // step 4: wait a bit for the 2nd query to enter pending state
5416 usleep(100 * 1000); // 100ms
5417 // step 6: flush cache (will unblock pending queries)
5418 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5419 t2.join();
5420
5421 // step 8: resume server#1
5422 dns1.setDeferredResp(false);
5423 t1.join();
5424
5425 // step 10: verify if result is correctly cached
5426 dns2.clearQueries();
5427 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5428 EXPECT_EQ(0U, GetNumQueries(dns2, kHelloExampleCom));
5429 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5430 }
5431
5432 // TODO: Perhaps to have a boundary conditions test for TCP and UDP.
TEST_F(ResolverTest,TcpQueryWithOversizePayload)5433 TEST_F(ResolverTest, TcpQueryWithOversizePayload) {
5434 test::DNSResponder dns;
5435 StartDns(dns, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
5436 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5437
5438 int fd = dns_open_proxy();
5439 ASSERT_TRUE(fd > 0);
5440
5441 // Sending DNS query over TCP once the packet sizes exceed 512 bytes.
5442 // The raw data is combined with Question section and Additional section
5443 // Question section : query "hello.example.com", type A, class IN
5444 // Additional section : type OPT (41), Option PADDING, Option Length 546
5445 // Padding option which allows DNS clients and servers to artificially
5446 // increase the size of a DNS message by a variable number of bytes.
5447 // See also RFC7830, section 3
5448 const std::string query =
5449 "+c0BAAABAAAAAAABBWhlbGxvB2V4YW1wbGUDY29tAAABAAEAACkgAAAAgAACJgAMAiIAAAAAAAAAAAAAAAAAA"
5450 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5451 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5452 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5453 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5454 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5455 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5456 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5457 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
5458 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
5459 const std::string cmd =
5460 "resnsend " + std::to_string(TEST_NETID) + " 0 " /* ResNsendFlags */ + query + '\0';
5461 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, cmd.c_str(), cmd.size()));
5462 EXPECT_EQ(rc, static_cast<ssize_t>(cmd.size()));
5463 expectAnswersValid(fd, AF_INET, kHelloExampleComAddrV4);
5464 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom));
5465 EXPECT_EQ(0U, GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom));
5466 }
5467
TEST_F(ResolverTest,TruncatedRspMode)5468 TEST_F(ResolverTest, TruncatedRspMode) {
5469 constexpr char listen_addr[] = "127.0.0.4";
5470 constexpr char listen_addr2[] = "127.0.0.5";
5471 constexpr char listen_srv[] = "53";
5472
5473 test::DNSResponder dns(listen_addr, listen_srv, static_cast<ns_rcode>(-1));
5474 test::DNSResponder dns2(listen_addr2, listen_srv, static_cast<ns_rcode>(-1));
5475 // dns supports UDP only, dns2 support UDP and TCP
5476 dns.setResponseProbability(0.0, IPPROTO_TCP);
5477 StartDns(dns, kLargeCnameChainRecords);
5478 StartDns(dns2, kLargeCnameChainRecords);
5479
5480 const struct TestConfig {
5481 const std::optional<int32_t> tcMode;
5482 const bool ret;
5483 const unsigned numQueries;
5484 std::string asParameters() const {
5485 return fmt::format("tcMode: {}, ret: {}, numQueries: {}", tcMode.value_or(-1),
5486 ret ? "true" : "false", numQueries);
5487 }
5488 } testConfigs[]{
5489 // clang-format off
5490 {std::nullopt, true, 0}, /* mode unset */
5491 {aidl::android::net::IDnsResolver::TC_MODE_DEFAULT, true, 0}, /* default mode */
5492 {-666, false, 0}, /* invalid input */
5493 {aidl::android::net::IDnsResolver::TC_MODE_UDP_TCP, true, 1}, /* alternative mode */
5494 // clang-format on
5495 };
5496
5497 for (const auto& config : testConfigs) {
5498 SCOPED_TRACE(config.asParameters());
5499
5500 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5501 parcel.servers = {listen_addr, listen_addr2};
5502 ResolverOptionsParcel resolverOptions;
5503 if (config.tcMode.has_value()) resolverOptions.tcMode = config.tcMode.value();
5504 if (!mIsResolverOptionIPCSupported) {
5505 parcel.resolverOptions = resolverOptions;
5506 ASSERT_EQ(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk(),
5507 config.ret);
5508 } else {
5509 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5510 }
5511 if (mIsResolverOptionIPCSupported) {
5512 ASSERT_EQ(mDnsClient.resolvService()
5513 ->setResolverOptions(parcel.netId, resolverOptions)
5514 .isOk(),
5515 config.ret);
5516 }
5517
5518 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5519 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5520 ASSERT_TRUE(result != nullptr);
5521 EXPECT_EQ(ToString(result), kHelloExampleComAddrV4);
5522 // TC_MODE_DEFAULT: resolver retries on TCP-only on each name server.
5523 // TC_MODE_UDP_TCP: resolver retries on TCP on the same server, falls back to UDP from next.
5524 ASSERT_EQ(GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom), 1U);
5525 ASSERT_EQ(GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom), 1U);
5526 ASSERT_EQ(GetNumQueriesForProtocol(dns2, IPPROTO_UDP, kHelloExampleCom), config.numQueries);
5527 ASSERT_EQ(GetNumQueriesForProtocol(dns2, IPPROTO_TCP, kHelloExampleCom), 1U);
5528
5529 dns.clearQueries();
5530 dns2.clearQueries();
5531 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
5532
5533 // Clear the stats to make the resolver always choose the same server for the first query.
5534 parcel.servers.clear();
5535 parcel.tlsServers.clear();
5536 if (!mIsResolverOptionIPCSupported) {
5537 ASSERT_EQ(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk(),
5538 config.ret);
5539 } else {
5540 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5541 }
5542 }
5543 }
5544
TEST_F(ResolverTest,RepeatedSetup_ResolverStatusRemains)5545 TEST_F(ResolverTest, RepeatedSetup_ResolverStatusRemains) {
5546 constexpr char unusable_listen_addr[] = "127.0.0.3";
5547 constexpr char listen_addr[] = "127.0.0.4";
5548 constexpr char hostname[] = "a.hello.query.";
5549 const auto repeatedSetResolversFromParcel = [&](const ResolverParamsParcel& parcel) {
5550 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5551 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5552 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5553 };
5554
5555 test::DNSResponder dns(listen_addr);
5556 StartDns(dns, {{hostname, ns_type::ns_t_a, "1.2.3.3"}});
5557 test::DnsTlsFrontend tls1(listen_addr, "853", listen_addr, "53");
5558 ASSERT_TRUE(tls1.startServer());
5559
5560 // Private DNS off mode.
5561 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5562 parcel.servers = {unusable_listen_addr, listen_addr};
5563 parcel.tlsServers.clear();
5564 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5565
5566 // Send a query.
5567 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5568 EXPECT_NE(safe_getaddrinfo(hostname, nullptr, &hints), nullptr);
5569
5570 // Check the stats as expected.
5571 const std::vector<NameserverStats> expectedCleartextDnsStats = {
5572 NameserverStats(unusable_listen_addr).setInternalErrors(1),
5573 NameserverStats(listen_addr).setSuccesses(1).setRttAvg(1),
5574 };
5575 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5576 EXPECT_EQ(GetNumQueries(dns, hostname), 1U);
5577
5578 // The stats is supposed to remain as long as the list of cleartext DNS servers is unchanged.
5579 static const struct TestConfig {
5580 std::vector<std::string> servers;
5581 std::vector<std::string> tlsServers;
5582 std::string tlsName;
5583 } testConfigs[] = {
5584 // Private DNS opportunistic mode.
5585 {{listen_addr, unusable_listen_addr}, {listen_addr, unusable_listen_addr}, ""},
5586 {{unusable_listen_addr, listen_addr}, {unusable_listen_addr, listen_addr}, ""},
5587
5588 // Private DNS strict mode.
5589 {{listen_addr, unusable_listen_addr}, {"127.0.0.100"}, kDefaultPrivateDnsHostName},
5590 {{unusable_listen_addr, listen_addr}, {"127.0.0.100"}, kDefaultPrivateDnsHostName},
5591
5592 // Private DNS off mode.
5593 {{unusable_listen_addr, listen_addr}, {}, ""},
5594 {{listen_addr, unusable_listen_addr}, {}, ""},
5595 };
5596
5597 for (const auto& config : testConfigs) {
5598 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}] [{}]", fmt::join(config.servers, ","),
5599 fmt::join(config.tlsServers, ","), config.tlsName));
5600 parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5601 parcel.servers = config.servers;
5602 parcel.tlsServers = config.tlsServers;
5603 parcel.tlsName = config.tlsName;
5604 repeatedSetResolversFromParcel(parcel);
5605 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5606
5607 // The stats remains when the list of search domains changes.
5608 parcel.domains.push_back("tmp.domains");
5609 repeatedSetResolversFromParcel(parcel);
5610 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5611
5612 // The stats remains when the parameters change (except maxSamples).
5613 parcel.sampleValiditySeconds++;
5614 parcel.successThreshold++;
5615 parcel.minSamples++;
5616 parcel.baseTimeoutMsec++;
5617 parcel.retryCount++;
5618 repeatedSetResolversFromParcel(parcel);
5619 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
5620 }
5621
5622 // The cache remains.
5623 EXPECT_NE(safe_getaddrinfo(hostname, nullptr, &hints), nullptr);
5624 EXPECT_EQ(GetNumQueries(dns, hostname), 1U);
5625 }
5626
TEST_F(ResolverTest,RepeatedSetup_NoRedundantPrivateDnsValidation)5627 TEST_F(ResolverTest, RepeatedSetup_NoRedundantPrivateDnsValidation) {
5628 const std::string addr1 = getUniqueIPv4Address(); // For a workable DNS server.
5629 const std::string addr2 = getUniqueIPv4Address(); // For an unresponsive DNS server.
5630 const std::string unusable_addr = getUniqueIPv4Address();
5631 const auto waitForPrivateDnsStateUpdated = []() {
5632 // A buffer time for the PrivateDnsConfiguration instance to update its map,
5633 // mPrivateDnsValidateThreads, which is used for tracking validation threads.
5634 // Since there is a time gap between when PrivateDnsConfiguration reports
5635 // onPrivateDnsValidationEvent and when PrivateDnsConfiguration updates the map, this is a
5636 // workaround to avoid the test starts a subsequent resolver setup during the time gap.
5637 // TODO: Report onPrivateDnsValidationEvent after all the relevant updates are complete.
5638 // Reference to b/152009023.
5639 std::this_thread::sleep_for(20ms);
5640 };
5641
5642 test::DNSResponder dns1(addr1);
5643 test::DNSResponder dns2(addr2);
5644 StartDns(dns1, {});
5645 StartDns(dns2, {});
5646 test::DnsTlsFrontend workableTls(addr1, "853", addr1, "53");
5647 test::DnsTlsFrontend unresponsiveTls(addr2, "853", addr2, "53");
5648 unresponsiveTls.setHangOnHandshakeForTesting(true);
5649 ASSERT_TRUE(workableTls.startServer());
5650 ASSERT_TRUE(unresponsiveTls.startServer());
5651
5652 // First setup.
5653 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5654 parcel.servers = {addr1, addr2, unusable_addr};
5655 parcel.tlsServers = {addr1, addr2, unusable_addr};
5656 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5657
5658 // Check the validation status before proceed. The validation for `unresponsiveTls`
5659 // should be running, and the other two should be finished.
5660 EXPECT_TRUE(WaitForPrivateDnsValidation(workableTls.listen_address(), true));
5661 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5662 EXPECT_TRUE(PollForCondition([&]() { return unresponsiveTls.acceptConnectionsCount() == 1; }));
5663 unresponsiveTls.clearConnectionsCount();
5664
5665 static const struct TestConfig {
5666 std::vector<std::string> tlsServers;
5667 std::string tlsName;
5668 } testConfigs[] = {
5669 {{addr1, addr2, unusable_addr}, ""},
5670 {{unusable_addr, addr1, addr2}, ""},
5671 {{unusable_addr, addr1, addr2}, kDefaultPrivateDnsHostName},
5672 {{addr1, addr2, unusable_addr}, kDefaultPrivateDnsHostName},
5673 };
5674
5675 std::string TlsNameLastTime;
5676 for (const auto& config : testConfigs) {
5677 SCOPED_TRACE(fmt::format("testConfig: [{}] [{}]", fmt::join(config.tlsServers, ","),
5678 config.tlsName));
5679 parcel.servers = config.tlsServers;
5680 parcel.tlsServers = config.tlsServers;
5681 parcel.tlsName = config.tlsName;
5682 parcel.caCertificate = config.tlsName.empty() ? "" : kCaCert;
5683
5684 const bool dnsModeChanged = (TlsNameLastTime != config.tlsName);
5685 bool validationAttemptToUnresponsiveTls = false;
5686
5687 waitForPrivateDnsStateUpdated();
5688 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5689
5690 for (const auto& serverAddr : parcel.tlsServers) {
5691 SCOPED_TRACE(serverAddr);
5692 if (serverAddr == workableTls.listen_address()) {
5693 if (dnsModeChanged) {
5694 // Despite the identical IP address, the server is regarded as a different
5695 // server when DnsTlsServer.name is different. The resolver treats it as a
5696 // different object and begins the validation process.
5697 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, true));
5698 }
5699 } else if (serverAddr == unresponsiveTls.listen_address()) {
5700 if (dnsModeChanged) {
5701 // Despite the identical IP address, the server is regarded as a different
5702 // server when DnsTlsServer.name is different. The resolver treats it as a
5703 // different object and begins the validation process.
5704 validationAttemptToUnresponsiveTls = true;
5705
5706 // This is the limitation from DnsTlsFrontend. DnsTlsFrontend can't operate
5707 // concurrently. As soon as there's another connection request,
5708 // DnsTlsFrontend resets the unique_fd to the new connection.
5709 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, false));
5710 }
5711 } else {
5712 // Must be unusable_addr.
5713 // In opportunistic mode, when a validation for a private DNS server fails, the
5714 // resolver just marks the server as failed and doesn't re-evaluate it, but the
5715 // server can be re-evaluated when setResolverConfiguration() is called.
5716 // However, in strict mode, the resolver automatically re-evaluates the server and
5717 // marks the server as in_progress until the validation succeeds, so repeated setup
5718 // makes no effect.
5719 if (dnsModeChanged || config.tlsName.empty() /* not in strict mode */) {
5720 EXPECT_TRUE(WaitForPrivateDnsValidation(serverAddr, false));
5721 }
5722 }
5723 }
5724
5725 // Repeated setups make no effect in strict mode.
5726 waitForPrivateDnsStateUpdated();
5727 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5728 if (config.tlsName.empty()) {
5729 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5730 }
5731 waitForPrivateDnsStateUpdated();
5732 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5733 if (config.tlsName.empty()) {
5734 EXPECT_TRUE(WaitForPrivateDnsValidation(unusable_addr, false));
5735 }
5736
5737 if (validationAttemptToUnresponsiveTls) {
5738 EXPECT_TRUE(PollForCondition(
5739 [&]() { return unresponsiveTls.acceptConnectionsCount() > 0; }));
5740 } else {
5741 EXPECT_EQ(unresponsiveTls.acceptConnectionsCount(), 0);
5742 }
5743
5744 TlsNameLastTime = config.tlsName;
5745 unresponsiveTls.clearConnectionsCount();
5746 }
5747
5748 // Check that all the validation results are caught.
5749 // Note: it doesn't mean no validation being in progress.
5750 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr1));
5751 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr2));
5752 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(unusable_addr));
5753 }
5754
TEST_F(ResolverTest,RepeatedSetup_KeepChangingPrivateDnsServers)5755 TEST_F(ResolverTest, RepeatedSetup_KeepChangingPrivateDnsServers) {
5756 enum TlsServerState { WORKING, UNSUPPORTED, UNRESPONSIVE };
5757 const std::string addr1 = getUniqueIPv4Address();
5758 const std::string addr2 = getUniqueIPv4Address();
5759 const auto waitForPrivateDnsStateUpdated = []() {
5760 // A buffer time for PrivateDnsConfiguration to update its state. It prevents this test
5761 // being flaky. See b/152009023 for the reason.
5762 std::this_thread::sleep_for(20ms);
5763 };
5764
5765 test::DNSResponder dns1(addr1);
5766 test::DNSResponder dns2(addr2);
5767 StartDns(dns1, {});
5768 StartDns(dns2, {});
5769 test::DnsTlsFrontend tls1(addr1, "853", addr1, "53");
5770 test::DnsTlsFrontend tls2(addr2, "853", addr2, "53");
5771 ASSERT_TRUE(tls1.startServer());
5772 ASSERT_TRUE(tls2.startServer());
5773
5774 static const struct TestConfig {
5775 std::string tlsServer;
5776 std::string tlsName;
5777 bool expectNothingHappenWhenServerUnsupported;
5778 bool expectNothingHappenWhenServerUnresponsive;
5779 std::string asTestName() const {
5780 return fmt::format("{}, {}, {}, {}", tlsServer, tlsName,
5781 expectNothingHappenWhenServerUnsupported,
5782 expectNothingHappenWhenServerUnresponsive);
5783 }
5784 } testConfigs[] = {
5785 {{addr1}, "", false, false},
5786 {{addr2}, "", false, false},
5787 {{addr1}, "", false, true},
5788 {{addr2}, "", false, true},
5789
5790 // expectNothingHappenWhenServerUnresponsive is false in the two cases because of the
5791 // limitation from DnsTlsFrontend which can't operate concurrently.
5792 {{addr1}, kDefaultPrivateDnsHostName, false, false},
5793 {{addr2}, kDefaultPrivateDnsHostName, false, false},
5794 {{addr1}, kDefaultPrivateDnsHostName, true, true},
5795 {{addr2}, kDefaultPrivateDnsHostName, true, true},
5796
5797 // expectNothingHappenWhenServerUnresponsive is true in the two cases because of the
5798 // limitation from DnsTlsFrontend which can't operate concurrently.
5799 {{addr1}, "", true, false},
5800 {{addr2}, "", true, false},
5801 {{addr1}, "", true, true},
5802 {{addr2}, "", true, true},
5803 };
5804
5805 for (const auto& serverState : {WORKING, UNSUPPORTED, UNRESPONSIVE}) {
5806 int testIndex = 0;
5807 for (const auto& config : testConfigs) {
5808 SCOPED_TRACE(fmt::format("serverState:{} testIndex:{} testConfig:[{}]",
5809 static_cast<int>(serverState), testIndex++,
5810 config.asTestName()));
5811 auto& tls = (config.tlsServer == addr1) ? tls1 : tls2;
5812
5813 if (serverState == UNSUPPORTED && tls.running()) ASSERT_TRUE(tls.stopServer());
5814 if (serverState != UNSUPPORTED && !tls.running()) ASSERT_TRUE(tls.startServer());
5815
5816 tls.setHangOnHandshakeForTesting(serverState == UNRESPONSIVE);
5817 const int connectCountsBefore = tls.acceptConnectionsCount();
5818
5819 waitForPrivateDnsStateUpdated();
5820 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5821 parcel.servers = {config.tlsServer};
5822 parcel.tlsServers = {config.tlsServer};
5823 parcel.tlsName = config.tlsName;
5824 parcel.caCertificate = config.tlsName.empty() ? "" : kCaCert;
5825 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
5826
5827 if (serverState == WORKING) {
5828 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, true));
5829 } else if (serverState == UNSUPPORTED) {
5830 if (config.expectNothingHappenWhenServerUnsupported) {
5831 // It's possible that the resolver hasn't yet started to
5832 // connect. Wait a while.
5833 // TODO: See if we can get rid of the hard waiting time, such as comparing
5834 // the CountDiff across two tests.
5835 std::this_thread::sleep_for(100ms);
5836 EXPECT_EQ(tls.acceptConnectionsCount(), connectCountsBefore);
5837 } else {
5838 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, false));
5839 }
5840 } else {
5841 // Must be UNRESPONSIVE.
5842 // DnsTlsFrontend is the only signal for checking whether or not the resolver starts
5843 // another validation when the server is unresponsive.
5844
5845 // Wait for a while to avoid running the checker code too early.
5846 std::this_thread::sleep_for(200ms);
5847 if (!config.expectNothingHappenWhenServerUnresponsive) {
5848 EXPECT_TRUE(WaitForPrivateDnsValidation(config.tlsServer, false));
5849 }
5850 const auto condition = [&]() {
5851 const int connectCountsAfter = tls.acceptConnectionsCount();
5852 return config.expectNothingHappenWhenServerUnresponsive
5853 ? (connectCountsAfter == connectCountsBefore)
5854 : (connectCountsAfter > connectCountsBefore);
5855 };
5856 EXPECT_TRUE(PollForCondition(condition));
5857 }
5858 }
5859
5860 // Set to off mode to reset the PrivateDnsConfiguration state.
5861 ResolverParamsParcel setupOffmode = DnsResponderClient::GetDefaultResolverParamsParcel();
5862 setupOffmode.tlsServers.clear();
5863 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupOffmode));
5864 }
5865
5866 // Check that all the validation results are caught.
5867 // Note: it doesn't mean no validation being in progress.
5868 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr1));
5869 EXPECT_FALSE(hasUncaughtPrivateDnsValidation(addr2));
5870 }
5871
TEST_F(ResolverTest,PermissionCheckOnCertificateInjection)5872 TEST_F(ResolverTest, PermissionCheckOnCertificateInjection) {
5873 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
5874 parcel.caCertificate = kCaCert;
5875 ASSERT_TRUE(mDnsClient.resolvService()->setResolverConfiguration(parcel).isOk());
5876
5877 for (const uid_t uid : {AID_SYSTEM, TEST_UID}) {
5878 ScopedChangeUID scopedChangeUID(uid);
5879 auto status = mDnsClient.resolvService()->setResolverConfiguration(parcel);
5880 EXPECT_EQ(status.getExceptionCode(), EX_SECURITY);
5881 }
5882 }
5883
5884 // Parameterized tests.
5885 // TODO: Merge the existing tests as parameterized test if possible.
5886 // TODO: Perhaps move parameterized tests to an independent file.
5887 enum class CallType { GETADDRINFO, GETHOSTBYNAME };
5888 class ResolverParameterizedTest : public ResolverTest,
5889 public testing::WithParamInterface<CallType> {
5890 protected:
VerifyQueryHelloExampleComV4(const test::DNSResponder & dns,const CallType calltype,const bool verifyNumQueries=true)5891 void VerifyQueryHelloExampleComV4(const test::DNSResponder& dns, const CallType calltype,
5892 const bool verifyNumQueries = true) {
5893 if (calltype == CallType::GETADDRINFO) {
5894 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
5895 ScopedAddrinfo result = safe_getaddrinfo("hello", nullptr, &hints);
5896 ASSERT_TRUE(result != nullptr);
5897 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5898 } else if (calltype == CallType::GETHOSTBYNAME) {
5899 const hostent* result = gethostbyname("hello");
5900 ASSERT_TRUE(result != nullptr);
5901 ASSERT_EQ(4, result->h_length);
5902 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
5903 EXPECT_EQ(kHelloExampleComAddrV4, ToString(result));
5904 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
5905 } else {
5906 FAIL() << "Unsupported call type: " << static_cast<uint32_t>(calltype);
5907 }
5908 if (verifyNumQueries) EXPECT_EQ(1U, GetNumQueries(dns, kHelloExampleCom));
5909 }
5910 };
5911
5912 INSTANTIATE_TEST_SUITE_P(QueryCallTest, ResolverParameterizedTest,
5913 testing::Values(CallType::GETADDRINFO, CallType::GETHOSTBYNAME),
__anond9ff00011e02(const testing::TestParamInfo<CallType>& info) 5914 [](const testing::TestParamInfo<CallType>& info) {
5915 switch (info.param) {
5916 case CallType::GETADDRINFO:
5917 return "GetAddrInfo";
5918 case CallType::GETHOSTBYNAME:
5919 return "GetHostByName";
5920 default:
5921 return "InvalidParameter"; // Should not happen.
5922 }
5923 });
5924
TEST_P(ResolverParameterizedTest,AuthoritySectionAndAdditionalSection)5925 TEST_P(ResolverParameterizedTest, AuthoritySectionAndAdditionalSection) {
5926 // DNS response may have more information in authority section and additional section.
5927 // Currently, getanswer() of packages/modules/DnsResolver/getaddrinfo.cpp doesn't parse the
5928 // content of authority section and additional section. Test these sections if they crash
5929 // the resolver, just in case. See also RFC 1035 section 4.1.
5930 const auto& calltype = GetParam();
5931 test::DNSHeader header(kDefaultDnsHeader);
5932
5933 // Create a DNS response which has a authoritative nameserver record in authority
5934 // section and its relevant address record in additional section.
5935 //
5936 // Question
5937 // hello.example.com. IN A
5938 // Answer
5939 // hello.example.com. IN A 1.2.3.4
5940 // Authority:
5941 // hello.example.com. IN NS ns1.example.com.
5942 // Additional:
5943 // ns1.example.com. IN A 5.6.7.8
5944 //
5945 // A response may have only question, answer, and authority section. Current testing response
5946 // should be able to cover this condition.
5947
5948 // Question section.
5949 test::DNSQuestion question{
5950 .qname = {.name = kHelloExampleCom},
5951 .qtype = ns_type::ns_t_a,
5952 .qclass = ns_c_in,
5953 };
5954 header.questions.push_back(std::move(question));
5955
5956 // Answer section.
5957 test::DNSRecord recordAnswer{
5958 .name = {.name = kHelloExampleCom},
5959 .rtype = ns_type::ns_t_a,
5960 .rclass = ns_c_in,
5961 .ttl = 0, // no cache
5962 };
5963 EXPECT_TRUE(test::DNSResponder::fillRdata(kHelloExampleComAddrV4, recordAnswer));
5964 header.answers.push_back(std::move(recordAnswer));
5965
5966 // Authority section.
5967 test::DNSRecord recordAuthority{
5968 .name = {.name = kHelloExampleCom},
5969 .rtype = ns_type::ns_t_ns,
5970 .rclass = ns_c_in,
5971 .ttl = 0, // no cache
5972 };
5973 EXPECT_TRUE(test::DNSResponder::fillRdata("ns1.example.com.", recordAuthority));
5974 header.authorities.push_back(std::move(recordAuthority));
5975
5976 // Additional section.
5977 test::DNSRecord recordAdditional{
5978 .name = {.name = "ns1.example.com."},
5979 .rtype = ns_type::ns_t_a,
5980 .rclass = ns_c_in,
5981 .ttl = 0, // no cache
5982 };
5983 EXPECT_TRUE(test::DNSResponder::fillRdata("5.6.7.8", recordAdditional));
5984 header.additionals.push_back(std::move(recordAdditional));
5985
5986 // Start DNS server.
5987 test::DNSResponder dns(test::DNSResponder::MappingType::DNS_HEADER);
5988 dns.addMappingDnsHeader(kHelloExampleCom, ns_type::ns_t_a, header);
5989 ASSERT_TRUE(dns.startServer());
5990 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
5991 dns.clearQueries();
5992
5993 // Expect that get the address and the resolver doesn't crash.
5994 VerifyQueryHelloExampleComV4(dns, calltype);
5995 }
5996
TEST_P(ResolverParameterizedTest,MessageCompression)5997 TEST_P(ResolverParameterizedTest, MessageCompression) {
5998 const auto& calltype = GetParam();
5999
6000 // The response with compressed domain name by a pointer. See RFC 1035 section 4.1.4.
6001 //
6002 // Ignoring the other fields of the message, the domain name of question section and answer
6003 // section are presented as:
6004 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6005 // 12 | 5 | h |
6006 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6007 // 14 | e | l |
6008 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6009 // 16 | l | o |
6010 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6011 // 18 | 7 | e |
6012 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6013 // 20 | x | a |
6014 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6015 // 22 | m | p |
6016 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6017 // 24 | l | e |
6018 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6019 // 26 | 3 | c |
6020 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6021 // 28 | o | m |
6022 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6023 // 30 | 0 | ... |
6024 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6025 //
6026 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6027 // 35 | 1 1| 12 |
6028 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6029 const std::vector<uint8_t> kResponseAPointer = {
6030 /* Header */
6031 0x00, 0x00, /* Transaction ID: 0x0000 */
6032 0x81, 0x80, /* Flags: qr rd ra */
6033 0x00, 0x01, /* Questions: 1 */
6034 0x00, 0x01, /* Answer RRs: 1 */
6035 0x00, 0x00, /* Authority RRs: 0 */
6036 0x00, 0x00, /* Additional RRs: 0 */
6037 /* Queries */
6038 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
6039 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
6040 0x00, 0x01, /* Type: A */
6041 0x00, 0x01, /* Class: IN */
6042 /* Answers */
6043 0xc0, 0x0c, /* Name: hello.example.com (a pointer) */
6044 0x00, 0x01, /* Type: A */
6045 0x00, 0x01, /* Class: IN */
6046 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
6047 0x00, 0x04, /* Data length: 4 */
6048 0x01, 0x02, 0x03, 0x04 /* Address: 1.2.3.4 */
6049 };
6050
6051 // The response with compressed domain name by a sequence of labels ending with a pointer. See
6052 // RFC 1035 section 4.1.4.
6053 //
6054 // Ignoring the other fields of the message, the domain name of question section and answer
6055 // section are presented as:
6056 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6057 // 12 | 5 | h |
6058 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6059 // 14 | e | l |
6060 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6061 // 16 | l | o |
6062 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6063 // 18 | 7 | e |
6064 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6065 // 20 | x | a |
6066 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6067 // 22 | m | p |
6068 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6069 // 24 | l | e |
6070 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6071 // 26 | 3 | c |
6072 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6073 // 28 | o | m |
6074 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6075 // 30 | 0 | ... |
6076 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6077 //
6078 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6079 // 35 | 5 | h |
6080 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6081 // 37 | e | l |
6082 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6083 // 39 | l | o |
6084 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6085 // 41 | 1 1| 18 |
6086 // +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
6087 const std::vector<uint8_t> kResponseLabelEndingWithAPointer = {
6088 /* Header */
6089 0x00, 0x00, /* Transaction ID: 0x0000 */
6090 0x81, 0x80, /* Flags: qr rd ra */
6091 0x00, 0x01, /* Questions: 1 */
6092 0x00, 0x01, /* Answer RRs: 1 */
6093 0x00, 0x00, /* Authority RRs: 0 */
6094 0x00, 0x00, /* Additional RRs: 0 */
6095 /* Queries */
6096 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
6097 0x03, 0x63, 0x6f, 0x6d, 0x00, /* Name: hello.example.com */
6098 0x00, 0x01, /* Type: A */
6099 0x00, 0x01, /* Class: IN */
6100 /* Answers */
6101 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0xc0,
6102 0x12, /* Name: hello.example.com (a label ending with a pointer) */
6103 0x00, 0x01, /* Type: A */
6104 0x00, 0x01, /* Class: IN */
6105 0x00, 0x00, 0x00, 0x00, /* Time to live: 0 */
6106 0x00, 0x04, /* Data length: 4 */
6107 0x01, 0x02, 0x03, 0x04 /* Address: 1.2.3.4 */
6108 };
6109
6110 for (const auto& response : {kResponseAPointer, kResponseLabelEndingWithAPointer}) {
6111 SCOPED_TRACE(fmt::format("Hex dump: {}", toHex(makeSlice(response))));
6112
6113 test::DNSResponder dns(test::DNSResponder::MappingType::BINARY_PACKET);
6114 dns.addMappingBinaryPacket(kHelloExampleComQueryV4, response);
6115 StartDns(dns, {});
6116 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6117
6118 // Expect no cache because the TTL of testing responses are 0.
6119 VerifyQueryHelloExampleComV4(dns, calltype);
6120 }
6121 }
6122
TEST_P(ResolverParameterizedTest,TruncatedResponse)6123 TEST_P(ResolverParameterizedTest, TruncatedResponse) {
6124 const auto& calltype = GetParam();
6125
6126 test::DNSResponder dns;
6127 StartDns(dns, kLargeCnameChainRecords);
6128 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6129
6130 // Expect UDP response is truncated. The resolver retries over TCP. See RFC 1035 section 4.2.1.
6131 VerifyQueryHelloExampleComV4(dns, calltype, false);
6132 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_UDP, kHelloExampleCom));
6133 EXPECT_EQ(1U, GetNumQueriesForProtocol(dns, IPPROTO_TCP, kHelloExampleCom));
6134 }
6135
6136 // Tests that the DnsResolver can keep listening to the DNS response from previous DNS servers.
6137 // Test scenarios (The timeout for each server is 1 second):
6138 // 1. (During the first iteration of DNS servers) While waiting for the DNS response from the
6139 // second server, the DnsResolver receives the DNS response from the first server.
6140 // 2. (During the second iteration of DNS servers) While waiting for the DNS response from the
6141 // second server, the DnsResolver receives the DNS response from the first server.
TEST_F(ResolverTest,KeepListeningUDP)6142 TEST_F(ResolverTest, KeepListeningUDP) {
6143 constexpr char listen_addr1[] = "127.0.0.4";
6144 constexpr char listen_addr2[] = "127.0.0.5";
6145 constexpr char host_name[] = "howdy.example.com.";
6146 const std::vector<DnsRecord> records = {
6147 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
6148 };
6149 auto builder =
6150 ResolverParams::Builder().setDnsServers({listen_addr1, listen_addr2}).setDotServers({});
6151
6152 test::DNSResponder neverRespondDns(listen_addr2, "53", static_cast<ns_rcode>(-1));
6153 neverRespondDns.setResponseProbability(0.0);
6154 StartDns(neverRespondDns, records);
6155 test::DNSResponder delayedDns(listen_addr1);
6156 StartDns(delayedDns, records);
6157
6158 const struct TestConfig {
6159 int retryCount;
6160 int delayTimeMs;
6161 int expectedDns1Successes;
6162 int expectedDns1Timeouts;
6163 int expectedDns2Timeouts;
6164 } testConfigs[]{
6165 {1, 1500, 1, 1, 0},
6166 // Actually, there will be two timeouts and one success for DNS1. However, the
6167 // DnsResolver doesn't record the stats during the second iteration of DNS servers, so
6168 // the success and timeout of DNS1 is 0 and 1, respectively.
6169 {2, 3500, 0, 1, 1},
6170 };
6171 for (const std::string_view callType : {"getaddrinfo", "resnsend"}) {
6172 for (const auto& cfg : testConfigs) {
6173 SCOPED_TRACE(fmt::format("callType={}, retryCount={}, delayTimeMs={}", callType,
6174 cfg.retryCount, cfg.delayTimeMs));
6175 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6176 300, 25, 8, 8, 1000 /* BASE_TIMEOUT_MSEC */, cfg.retryCount /* retry count */};
6177
6178 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6179 resetNetwork();
6180 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(builder.setParams(params).build()));
6181
6182 delayedDns.setDeferredResp(true);
6183 std::thread thread([&]() {
6184 std::this_thread::sleep_for(std::chrono::milliseconds(cfg.delayTimeMs));
6185 delayedDns.setDeferredResp(false);
6186 });
6187
6188 if (callType == "getaddrinfo") {
6189 const addrinfo hints = {.ai_family = AF_INET6, .ai_socktype = SOCK_DGRAM};
6190 ScopedAddrinfo result = safe_getaddrinfo(host_name, nullptr, &hints);
6191 EXPECT_EQ("::1.2.3.4", ToString(result));
6192 } else {
6193 int fd = resNetworkQuery(TEST_NETID, host_name, ns_c_in, ns_t_aaaa, 0);
6194 expectAnswersValid(fd, AF_INET6, "::1.2.3.4");
6195 }
6196 const std::vector<NameserverStats> expectedCleartextDnsStats = {
6197 NameserverStats(listen_addr1)
6198 .setSuccesses(cfg.expectedDns1Successes)
6199 .setTimeouts(cfg.expectedDns1Timeouts)
6200 .setRttAvg(cfg.retryCount == 1 ? 1500 : -1),
6201 NameserverStats(listen_addr2)
6202 .setTimeouts(cfg.expectedDns2Timeouts)
6203 .setRttAvg(-1),
6204 };
6205 EXPECT_TRUE(expectStatsEqualTo(expectedCleartextDnsStats));
6206 thread.join();
6207 }
6208 }
6209 }
6210
TEST_F(ResolverTest,GetAddrInfoParallelLookupTimeout)6211 TEST_F(ResolverTest, GetAddrInfoParallelLookupTimeout) {
6212 constexpr char host_name[] = "howdy.example.com.";
6213 constexpr int TIMING_TOLERANCE_MS = 200;
6214 constexpr int DNS_TIMEOUT_MS = 1000;
6215 const std::vector<DnsRecord> records = {
6216 {host_name, ns_type::ns_t_a, "1.2.3.4"},
6217 {host_name, ns_type::ns_t_aaaa, "::1.2.3.4"},
6218 };
6219 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6220 300, 25, 8, 8, DNS_TIMEOUT_MS /* BASE_TIMEOUT_MSEC */, 1 /* retry count */};
6221 test::DNSResponder neverRespondDns(kDefaultServer, "53", static_cast<ns_rcode>(-1));
6222 neverRespondDns.setResponseProbability(0.0);
6223 StartDns(neverRespondDns, records);
6224
6225 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
6226 ResolverParams::Builder().setDotServers({}).setParams(params).build()));
6227 neverRespondDns.clearQueries();
6228
6229 // Use a never respond DNS server to verify if the A/AAAA queries are sent in parallel.
6230 // The resolver parameters are set to timeout 1s and retry 1 times.
6231 // So we expect the safe_getaddrinfo_time_taken() might take ~1s to
6232 // return when parallel lookup is enabled. And the DNS server should receive 2 queries.
6233 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
6234 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(host_name, nullptr, hints);
6235
6236 EXPECT_TRUE(result == nullptr);
6237 EXPECT_NEAR(DNS_TIMEOUT_MS, timeTakenMs, TIMING_TOLERANCE_MS)
6238 << "took time should approximate equal timeout";
6239 EXPECT_EQ(2U, GetNumQueries(neverRespondDns, host_name));
6240 ExpectDnsEvent(INetdEventListener::EVENT_GETADDRINFO, RCODE_TIMEOUT, host_name, {});
6241 }
6242
TEST_F(ResolverTest,GetAddrInfoParallelLookupSleepTime)6243 TEST_F(ResolverTest, GetAddrInfoParallelLookupSleepTime) {
6244 constexpr int TIMING_TOLERANCE_MS = 200;
6245 const std::vector<DnsRecord> records = {
6246 {kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4},
6247 {kHelloExampleCom, ns_type::ns_t_aaaa, kHelloExampleComAddrV6},
6248 };
6249 const std::array<int, IDnsResolver::RESOLVER_PARAMS_COUNT> params = {
6250 300, 25, 8, 8, 1000 /* BASE_TIMEOUT_MSEC */, 1 /* retry count */};
6251 test::DNSResponder dns(kDefaultServer);
6252 StartDns(dns, records);
6253 constexpr int PARALLEL_LOOKUP_SLEEP_TIME_MS = 500;
6254 ScopedSystemProperties sp2(kParallelLookupSleepTimeFlag,
6255 std::to_string(PARALLEL_LOOKUP_SLEEP_TIME_MS));
6256 // Re-setup test network to make experiment flag take effect.
6257 resetNetwork();
6258
6259 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(
6260 ResolverParams::Builder().setDotServers({}).setParams(params).build()));
6261 dns.clearQueries();
6262
6263 // Expect the safe_getaddrinfo_time_taken() might take ~500ms to return because we set
6264 // parallel_lookup_sleep_time to 500ms.
6265 const addrinfo hints = {.ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM};
6266 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(kHelloExampleCom, nullptr, hints);
6267
6268 EXPECT_NE(nullptr, result);
6269 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(
6270 {kHelloExampleComAddrV4, kHelloExampleComAddrV6}));
6271 EXPECT_NEAR(PARALLEL_LOOKUP_SLEEP_TIME_MS, timeTakenMs, TIMING_TOLERANCE_MS)
6272 << "took time should approximate equal timeout";
6273 EXPECT_EQ(2U, GetNumQueries(dns, kHelloExampleCom));
6274
6275 // Expect the PARALLEL_LOOKUP_SLEEP_TIME_MS won't affect the query under cache hit case.
6276 dns.clearQueries();
6277 std::tie(result, timeTakenMs) = safe_getaddrinfo_time_taken(kHelloExampleCom, nullptr, hints);
6278 EXPECT_NE(nullptr, result);
6279 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(
6280 {kHelloExampleComAddrV4, kHelloExampleComAddrV6}));
6281 EXPECT_GT(PARALLEL_LOOKUP_SLEEP_TIME_MS, timeTakenMs);
6282 EXPECT_EQ(0U, GetNumQueries(dns, kHelloExampleCom));
6283 }
6284
TEST_F(ResolverTest,BlockDnsQueryUidDoesNotLeadToBadServer)6285 TEST_F(ResolverTest, BlockDnsQueryUidDoesNotLeadToBadServer) {
6286 SKIP_IF_BPF_NOT_SUPPORTED;
6287 constexpr char listen_addr1[] = "127.0.0.4";
6288 constexpr char listen_addr2[] = "::1";
6289 test::DNSResponder dns1(listen_addr1);
6290 test::DNSResponder dns2(listen_addr2);
6291 StartDns(dns1, {});
6292 StartDns(dns2, {});
6293
6294 std::vector<std::string> servers = {listen_addr1, listen_addr2};
6295 ASSERT_TRUE(mDnsClient.SetResolversForNetwork(servers));
6296 dns1.clearQueries();
6297 dns2.clearQueries();
6298 {
6299 ScopeBlockedUIDRule scopeBlockUidRule(mDnsClient.netdService(), TEST_UID);
6300 // Start querying ten times.
6301 for (int i = 0; i < 10; i++) {
6302 std::string hostName = fmt::format("blocked{}.com", i);
6303 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
6304 // The query result between R+ and Q would be different, but we don't really care
6305 // about the result here because this test is only used to ensure blocked uid rule
6306 // won't cause bad servers.
6307 safe_getaddrinfo(hostName.c_str(), nullptr, &hints);
6308 }
6309 }
6310 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6311 // If api level >= 30 (R+), expect all query packets to be blocked, hence we should not see any
6312 // of their stats show up. Otherwise, all queries should succeed.
6313 const std::vector<NameserverStats> expectedDnsStats = {
6314 NameserverStats(listen_addr1).setSuccesses(0).setRttAvg(-1),
6315 NameserverStats(listen_addr2),
6316 };
6317 expectStatsEqualTo(expectedDnsStats);
6318 // If api level >= 30 (R+), expect server won't receive any queries,
6319 // otherwise expect 20 == 10 * (setupParams.domains.size() + 1) queries.
6320 EXPECT_EQ(dns1.queries().size(), 0U);
6321 EXPECT_EQ(dns2.queries().size(), 0U);
6322 }
6323
TEST_F(ResolverTest,DnsServerSelection)6324 TEST_F(ResolverTest, DnsServerSelection) {
6325 test::DNSResponder dns1("127.0.0.3");
6326 test::DNSResponder dns2("127.0.0.4");
6327 test::DNSResponder dns3("127.0.0.5");
6328
6329 dns1.setResponseDelayMs(10);
6330 dns2.setResponseDelayMs(50);
6331 dns3.setResponseDelayMs(100);
6332 StartDns(dns1, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6333 StartDns(dns2, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6334 StartDns(dns3, {{kHelloExampleCom, ns_type::ns_t_a, kHelloExampleComAddrV4}});
6335
6336 // NOTE: the servers must be sorted alphabetically.
6337 std::vector<std::string> serverList = {
6338 dns1.listen_address(),
6339 dns2.listen_address(),
6340 dns3.listen_address(),
6341 };
6342
6343 do {
6344 SCOPED_TRACE(fmt::format("testConfig: [{}]", fmt::join(serverList, ", ")));
6345 const int queryNum = 50;
6346 int64_t accumulatedTime = 0;
6347
6348 // The flag can be reset any time. It's better to re-setup the flag in each iteration.
6349 ScopedSystemProperties scopedSystemProperties(kSortNameserversFlag, "1");
6350
6351 // Restart the testing network to 1) make the flag take effect and 2) reset the statistics.
6352 resetNetwork();
6353
6354 // DnsServerSelection doesn't apply to private DNS.
6355 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6356 setupParams.servers = serverList;
6357 setupParams.tlsServers.clear();
6358 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6359
6360 // DNSResponder doesn't handle queries concurrently, so don't allow more than
6361 // one in-flight query.
6362 for (int i = 0; i < queryNum; i++) {
6363 Stopwatch s;
6364 int fd = resNetworkQuery(TEST_NETID, kHelloExampleCom, ns_c_in, ns_t_a,
6365 ANDROID_RESOLV_NO_CACHE_LOOKUP);
6366 expectAnswersValid(fd, AF_INET, kHelloExampleComAddrV4);
6367 accumulatedTime += s.timeTakenUs();
6368 }
6369
6370 const int dns1Count = dns1.queries().size();
6371 const int dns2Count = dns2.queries().size();
6372 const int dns3Count = dns3.queries().size();
6373
6374 // All of the servers have ever been selected. In addition, the less latency server
6375 // is selected more frequently.
6376 EXPECT_GT(dns1Count, 0);
6377 EXPECT_GT(dns2Count, 0);
6378 EXPECT_GT(dns3Count, 0);
6379 EXPECT_GE(dns1Count, dns2Count);
6380 EXPECT_GE(dns2Count, dns3Count);
6381
6382 const int averageTime = accumulatedTime / queryNum;
6383 LOG(INFO) << "ResolverTest#DnsServerSelection: averageTime " << averageTime << "us";
6384
6385 dns1.clearQueries();
6386 dns2.clearQueries();
6387 dns3.clearQueries();
6388 } while (std::next_permutation(serverList.begin(), serverList.end()));
6389 }
6390
TEST_F(ResolverTest,MultipleDotQueriesInOnePacket)6391 TEST_F(ResolverTest, MultipleDotQueriesInOnePacket) {
6392 constexpr char hostname1[] = "query1.example.com.";
6393 constexpr char hostname2[] = "query2.example.com.";
6394 const std::vector<DnsRecord> records = {
6395 {hostname1, ns_type::ns_t_a, "1.2.3.4"},
6396 {hostname2, ns_type::ns_t_a, "1.2.3.5"},
6397 };
6398
6399 const std::string addr = getUniqueIPv4Address();
6400 test::DNSResponder dns(addr);
6401 StartDns(dns, records);
6402 test::DnsTlsFrontend tls(addr, "853", addr, "53");
6403 ASSERT_TRUE(tls.startServer());
6404
6405 // Set up resolver to strict mode.
6406 auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
6407 parcel.servers = {addr};
6408 parcel.tlsServers = {addr};
6409 parcel.tlsName = kDefaultPrivateDnsHostName;
6410 parcel.caCertificate = kCaCert;
6411 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel));
6412 EXPECT_TRUE(WaitForPrivateDnsValidation(tls.listen_address(), true));
6413 EXPECT_TRUE(tls.waitForQueries(1));
6414 tls.clearQueries();
6415 dns.clearQueries();
6416
6417 const auto queryAndCheck = [&](const std::string& hostname,
6418 const std::vector<DnsRecord>& records) {
6419 SCOPED_TRACE(hostname);
6420
6421 const addrinfo hints = {.ai_family = AF_INET, .ai_socktype = SOCK_DGRAM};
6422 auto [result, timeTakenMs] = safe_getaddrinfo_time_taken(hostname.c_str(), nullptr, hints);
6423
6424 std::vector<std::string> expectedAnswers;
6425 for (const auto& r : records) {
6426 if (r.host_name == hostname) expectedAnswers.push_back(r.addr);
6427 }
6428
6429 EXPECT_LE(timeTakenMs, 200);
6430 ASSERT_NE(result, nullptr);
6431 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(expectedAnswers));
6432 };
6433
6434 // Set tls to reply DNS responses in one TCP packet and not to close the connection from its
6435 // side.
6436 tls.setDelayQueries(2);
6437 tls.setDelayQueriesTimeout(500);
6438 tls.setPassiveClose(true);
6439
6440 // Start sending DNS requests at the same time.
6441 std::array<std::thread, 2> threads;
6442 threads[0] = std::thread(queryAndCheck, hostname1, records);
6443 threads[1] = std::thread(queryAndCheck, hostname2, records);
6444
6445 threads[0].join();
6446 threads[1].join();
6447
6448 // Also check no additional queries due to DoT reconnection.
6449 EXPECT_TRUE(tls.waitForQueries(2));
6450 }
6451
TEST_F(ResolverTest,MdnsGetHostByName)6452 TEST_F(ResolverTest, MdnsGetHostByName) {
6453 constexpr char v6addr[] = "::127.0.0.3";
6454 constexpr char v4addr[] = "127.0.0.3";
6455 constexpr char host_name[] = "hello.local.";
6456 constexpr char nonexistent_host_name[] = "nonexistent.local.";
6457
6458 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6459 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6460 mdnsv4.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6461 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6462 mdnsv6.addMapping(host_name, ns_type::ns_t_a, v4addr);
6463 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6464
6465 ASSERT_TRUE(mdnsv4.startServer());
6466 ASSERT_TRUE(mdnsv6.startServer());
6467 mdnsv4.clearQueries();
6468 mdnsv6.clearQueries();
6469
6470 std::vector<bool> keep_listening_udp_enable = {false, true};
6471 for (int value : keep_listening_udp_enable) {
6472 if (value == true) {
6473 // Set keep_listening_udp enable
6474 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6475 // Re-setup test network to make experiment flag take effect.
6476 resetNetwork();
6477 }
6478 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6479
6480 static const struct TestConfig {
6481 int ai_family;
6482 const std::string expected_addr;
6483 } testConfigs[]{
6484 {AF_INET, v4addr},
6485 {AF_INET6, v6addr},
6486 };
6487
6488 for (const auto& config : testConfigs) {
6489 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6490 const hostent* result = nullptr;
6491
6492 // No response for "nonexistent.local".
6493 result = gethostbyname2("nonexistent.local", config.ai_family);
6494 ASSERT_THAT(result, IsNull());
6495 EXPECT_EQ(1U, GetNumQueries(mdnsv6, nonexistent_host_name));
6496 EXPECT_EQ(0U, GetNumQueries(mdnsv4, nonexistent_host_name));
6497 mdnsv6.clearQueries();
6498 mdnsv4.clearQueries();
6499 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
6500
6501 // Normal mDns query
6502 result = gethostbyname2("hello.local", config.ai_family);
6503 ASSERT_THAT(result, NotNull());
6504 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6505 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6506 int length = config.ai_family == AF_INET ? 4 : 16;
6507 ASSERT_EQ(length, result->h_length);
6508 ASSERT_THAT(result->h_addr_list[0], NotNull());
6509 EXPECT_EQ(config.expected_addr, ToString(result));
6510 EXPECT_THAT(result->h_addr_list[1], IsNull());
6511 mdnsv6.clearQueries();
6512 mdnsv4.clearQueries();
6513
6514 // Ensure the query result is still cached.
6515 // TODO(b/394031336): caching is currently disabled while we work on a cache that
6516 // supports keying by interface. Update values once re-enabled.
6517 result = gethostbyname2("hello.local", config.ai_family);
6518 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6519 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6520 ASSERT_THAT(result, NotNull());
6521 EXPECT_EQ(config.expected_addr, ToString(result));
6522 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6523 }
6524 }
6525 }
6526
6527 namespace {
6528
6529 static const struct TransportTypeConfig {
6530 const std::vector<int32_t>& transportTypes;
6531 bool useMdns;
6532 } transportTypeConfig[]{
6533 // clang-format off
6534 {{}, true},
6535 {{IDnsResolver::TRANSPORT_CELLULAR}, false},
6536 {{IDnsResolver::TRANSPORT_WIFI}, true},
6537 {{IDnsResolver::TRANSPORT_BLUETOOTH}, true},
6538 {{IDnsResolver::TRANSPORT_ETHERNET}, true},
6539 {{IDnsResolver::TRANSPORT_VPN}, false},
6540 {{IDnsResolver::TRANSPORT_WIFI_AWARE}, true},
6541 {{IDnsResolver::TRANSPORT_LOWPAN}, true},
6542 {{IDnsResolver::TRANSPORT_TEST}, true},
6543 {{IDnsResolver::TRANSPORT_USB}, true},
6544 {{IDnsResolver::TRANSPORT_CELLULAR, IDnsResolver::TRANSPORT_VPN}, false},
6545 {{IDnsResolver::TRANSPORT_WIFI, IDnsResolver::TRANSPORT_VPN}, false},
6546 {{IDnsResolver::TRANSPORT_BLUETOOTH, IDnsResolver::TRANSPORT_VPN}, false},
6547 {{IDnsResolver::TRANSPORT_ETHERNET, IDnsResolver::TRANSPORT_VPN}, false},
6548 {{IDnsResolver::TRANSPORT_CELLULAR, IDnsResolver::TRANSPORT_WIFI,
6549 IDnsResolver::TRANSPORT_VPN}, false},
6550 {{IDnsResolver::TRANSPORT_WIFI_AWARE, IDnsResolver::TRANSPORT_VPN}, false},
6551 {{IDnsResolver::TRANSPORT_LOWPAN, IDnsResolver::TRANSPORT_VPN}, false},
6552 {{IDnsResolver::TRANSPORT_TEST, IDnsResolver::TRANSPORT_VPN}, false},
6553 {{IDnsResolver::TRANSPORT_USB, IDnsResolver::TRANSPORT_VPN}, false},
6554 // clang-format on
6555 };
6556
6557 } // namespace
6558
TEST_F(ResolverTest,MdnsGetHostByName_transportTypes)6559 TEST_F(ResolverTest, MdnsGetHostByName_transportTypes) {
6560 constexpr char v6addr[] = "::127.0.0.3";
6561 constexpr char v4addr[] = "127.0.0.3";
6562 constexpr char host_name[] = "hello.local.";
6563
6564 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6565 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6566 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6567 mdnsv4.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6568 mdnsv6.addMapping(host_name, ns_type::ns_t_a, v4addr);
6569 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6570 ASSERT_TRUE(mdnsv4.startServer());
6571 ASSERT_TRUE(mdnsv6.startServer());
6572
6573 const std::vector<DnsRecord> records = {
6574 {host_name, ns_type::ns_t_a, v4addr},
6575 {host_name, ns_type::ns_t_aaaa, v6addr},
6576 };
6577 test::DNSResponder dns(v4addr);
6578 StartDns(dns, records);
6579
6580 for (const auto& tpConfig : transportTypeConfig) {
6581 SCOPED_TRACE(fmt::format("transportTypes: [{}], useMdns: {}",
6582 fmt::join(tpConfig.transportTypes, ","), tpConfig.useMdns));
6583 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6584 setupParams.transportTypes = tpConfig.transportTypes;
6585 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6586
6587 static const struct TestConfig {
6588 int ai_family;
6589 const std::string expected_addr;
6590 } testConfigs[]{
6591 {AF_INET, v4addr},
6592 {AF_INET6, v6addr},
6593 };
6594
6595 for (const auto& config : testConfigs) {
6596 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
6597 const hostent* result = nullptr;
6598 test::DNSResponder& mdns = config.ai_family == AF_INET ? mdnsv4 : mdnsv6;
6599
6600 result = gethostbyname2("hello.local", config.ai_family);
6601 ASSERT_FALSE(result == nullptr);
6602 if (tpConfig.useMdns) {
6603 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6604 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6605 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
6606 } else {
6607 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6608 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6609 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6610 }
6611 int length = config.ai_family == AF_INET ? 4 : 16;
6612 ASSERT_EQ(length, result->h_length);
6613 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6614 EXPECT_EQ(config.expected_addr, ToString(result));
6615 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6616
6617 mdnsv4.clearQueries();
6618 mdnsv6.clearQueries();
6619 dns.clearQueries();
6620 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6621 }
6622 }
6623 }
6624
TEST_F(ResolverTest,MdnsGetHostByName_cnames_IPv6ResponderIsPrioritized)6625 TEST_F(ResolverTest, MdnsGetHostByName_cnames_IPv6ResponderIsPrioritized) {
6626 constexpr char v6addr[] = "::127.0.0.3";
6627 constexpr char v4addr[] = "127.0.0.3";
6628 constexpr char host_name[] = "hello.local.";
6629 const std::vector<DnsRecord> records = {
6630 {"hi.local.", ns_type::ns_t_cname, "a.local."},
6631 {"a.local.", ns_type::ns_t_cname, "b.local."},
6632 {"b.local.", ns_type::ns_t_cname, "c.local."},
6633 {"c.local.", ns_type::ns_t_cname, "d.local."},
6634 {"d.local.", ns_type::ns_t_cname, "e.local."},
6635 {"e.local.", ns_type::ns_t_cname, host_name},
6636 {host_name, ns_type::ns_t_a, v4addr},
6637 {host_name, ns_type::ns_t_aaaa, v6addr},
6638 };
6639 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6640 for (const auto& r : records) {
6641 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6642 }
6643 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6644 for (const auto& r : records) {
6645 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6646 }
6647 ASSERT_TRUE(mdnsv4.startServer());
6648 ASSERT_TRUE(mdnsv6.startServer());
6649 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6650 mdnsv4.clearQueries();
6651 mdnsv6.clearQueries();
6652
6653 static const struct TestConfig {
6654 int ai_family;
6655 const std::string expected_addr;
6656 } testConfigs[]{
6657 {AF_INET, v4addr},
6658 {AF_INET6, v6addr},
6659 };
6660
6661 for (const auto& config : testConfigs) {
6662 size_t cnamecount = 0;
6663 // using gethostbyname2() to resolve ipv4 hello.local. to 127.0.0.3
6664 // or ipv6 hello.local. to ::127.0.0.3.
6665 // Ensure the v4 address and cnames are correct
6666 const hostent* result;
6667 result = gethostbyname2("hi.local", config.ai_family);
6668 ASSERT_FALSE(result == nullptr);
6669
6670 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
6671 std::string domain_name =
6672 records[i].host_name.substr(0, records[i].host_name.size() - 1);
6673 EXPECT_EQ(result->h_aliases[i], domain_name);
6674 cnamecount++;
6675 }
6676 // The size of "Non-cname type" record in DNS records is 2
6677 ASSERT_EQ(cnamecount, records.size() - 2);
6678 EXPECT_EQ(1U, mdnsv6.queries().size()) << mdnsv6.dumpQueries();
6679 EXPECT_EQ(0U, mdnsv4.queries().size()) << mdnsv4.dumpQueries();
6680 int length = config.ai_family == AF_INET ? 4 : 16;
6681 ASSERT_EQ(length, result->h_length);
6682
6683 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6684 EXPECT_EQ(config.expected_addr, ToString(result));
6685 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6686 mdnsv4.clearQueries();
6687 mdnsv6.clearQueries();
6688 }
6689 }
6690
TEST_F(ResolverTest,MdnsGetHostByName_cnames_FallbacksToIPv4Responder)6691 TEST_F(ResolverTest, MdnsGetHostByName_cnames_FallbacksToIPv4Responder) {
6692 constexpr char v6addr[] = "::127.0.0.3";
6693 constexpr char v4addr[] = "127.0.0.3";
6694 constexpr char host_name[] = "hello.local.";
6695 const std::vector<DnsRecord> records = {
6696 {"hi.local.", ns_type::ns_t_cname, "a.local."},
6697 {"a.local.", ns_type::ns_t_cname, "b.local."},
6698 {"b.local.", ns_type::ns_t_cname, "c.local."},
6699 {"c.local.", ns_type::ns_t_cname, "d.local."},
6700 {"d.local.", ns_type::ns_t_cname, "e.local."},
6701 {"e.local.", ns_type::ns_t_cname, host_name},
6702 {host_name, ns_type::ns_t_a, v4addr},
6703 {host_name, ns_type::ns_t_aaaa, v6addr},
6704 };
6705 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6706 for (const auto& r : records) {
6707 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6708 }
6709 ASSERT_TRUE(mdnsv4.startServer());
6710 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6711 mdnsv4.clearQueries();
6712
6713 static const struct TestConfig {
6714 int ai_family;
6715 const std::string expected_addr;
6716 } testConfigs[]{
6717 {AF_INET, v4addr},
6718 {AF_INET6, v6addr},
6719 };
6720
6721 for (const auto& config : testConfigs) {
6722 size_t cnamecount = 0;
6723 // using gethostbyname2() to resolve ipv4 hello.local. to 127.0.0.3
6724 // or ipv6 hello.local. to ::127.0.0.3.
6725 // Ensure the v4 address and cnames are correct
6726 const hostent* result;
6727 result = gethostbyname2("hi.local", config.ai_family);
6728 ASSERT_FALSE(result == nullptr);
6729
6730 for (int i = 0; result != nullptr && result->h_aliases[i] != nullptr; i++) {
6731 std::string domain_name =
6732 records[i].host_name.substr(0, records[i].host_name.size() - 1);
6733 EXPECT_EQ(result->h_aliases[i], domain_name);
6734 cnamecount++;
6735 }
6736 // The size of "Non-cname type" record in DNS records is 2
6737 ASSERT_EQ(cnamecount, records.size() - 2);
6738 EXPECT_EQ(1U, mdnsv4.queries().size()) << mdnsv4.dumpQueries();
6739 int length = config.ai_family == AF_INET ? 4 : 16;
6740 ASSERT_EQ(length, result->h_length);
6741
6742 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
6743 EXPECT_EQ(config.expected_addr, ToString(result));
6744 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
6745 mdnsv4.clearQueries();
6746 }
6747 }
6748
TEST_F(ResolverTest,MdnsGetHostByName_cnamesInfiniteLoop)6749 TEST_F(ResolverTest, MdnsGetHostByName_cnamesInfiniteLoop) {
6750 constexpr char host_name1[] = "hello.local.";
6751 constexpr char host_name2[] = "hi.local.";
6752 const std::vector<DnsRecord> records = {
6753 {host_name1, ns_type::ns_t_cname, host_name2},
6754 {host_name2, ns_type::ns_t_cname, host_name1},
6755 };
6756
6757 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6758 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6759 for (const auto& r : records) {
6760 mdnsv4.addMapping(r.host_name, r.type, r.addr);
6761 }
6762 for (const auto& r : records) {
6763 mdnsv6.addMapping(r.host_name, r.type, r.addr);
6764 }
6765 ASSERT_TRUE(mdnsv4.startServer());
6766 ASSERT_TRUE(mdnsv6.startServer());
6767 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6768 mdnsv4.clearQueries();
6769 mdnsv6.clearQueries();
6770
6771 const hostent* result;
6772 result = gethostbyname2("hello.local", AF_INET);
6773 ASSERT_TRUE(result == nullptr);
6774
6775 result = gethostbyname2("hello.local", AF_INET6);
6776 ASSERT_TRUE(result == nullptr);
6777 }
6778
TEST_F(ResolverTest,MdnsGetAddrInfo_IPv6ResponderIsPrioritized)6779 TEST_F(ResolverTest, MdnsGetAddrInfo_IPv6ResponderIsPrioritized) {
6780 constexpr char v6addr[] = "::127.0.0.3";
6781 constexpr char v4addr[] = "127.0.0.3";
6782 constexpr char host_name[] = "hello.local.";
6783 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6784 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6785 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6786 mdnsv4.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6787 mdnsv6.addMapping(host_name, ns_type::ns_t_a, v4addr);
6788 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6789 ASSERT_TRUE(mdnsv4.startServer());
6790 ASSERT_TRUE(mdnsv6.startServer());
6791
6792 std::vector<bool> keep_listening_udp_enable = {false, true};
6793 for (int value : keep_listening_udp_enable) {
6794 if (value == true) {
6795 // Set keep_listening_udp enable
6796 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6797 // Re-setup test network to make experiment flag take effect.
6798 resetNetwork();
6799 }
6800
6801 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6802 static const struct TestConfig {
6803 int ai_family;
6804 const std::vector<std::string> expected_addr;
6805 } testConfigs[]{
6806 {AF_INET, {v4addr}},
6807 {AF_INET6, {v6addr}},
6808 {AF_UNSPEC, {v4addr, v6addr}},
6809 };
6810
6811 for (const auto& config : testConfigs) {
6812 mdnsv4.clearQueries();
6813 mdnsv6.clearQueries();
6814 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6815 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6816
6817 EXPECT_TRUE(result != nullptr);
6818 if (config.ai_family == AF_INET) {
6819 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6820 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6821 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 1U);
6822 } else if (config.ai_family == AF_INET6) {
6823 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6824 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6825 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
6826 } else if (config.ai_family == AF_UNSPEC) {
6827 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6828 EXPECT_EQ(2U, GetNumQueries(mdnsv6, host_name));
6829 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
6830 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 1U);
6831 }
6832 mdnsv4.clearQueries();
6833 mdnsv6.clearQueries();
6834 std::string result_str = ToString(result);
6835 EXPECT_THAT(ToStrings(result),
6836 testing::UnorderedElementsAreArray(config.expected_addr));
6837
6838 // Ensure the query results are still cached.
6839 // TODO(b/394031336): caching is currently disabled while we work on a cache that
6840 // supports keying by interface. Update values once re-enabled.
6841 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6842 EXPECT_TRUE(result != nullptr);
6843 if (config.ai_family == AF_INET) {
6844 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6845 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6846 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 1U);
6847 } else if (config.ai_family == AF_INET6) {
6848 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6849 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6850 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
6851 } else if (config.ai_family == AF_UNSPEC) {
6852 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6853 EXPECT_EQ(2U, GetNumQueries(mdnsv6, host_name));
6854 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 1U);
6855 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
6856 }
6857 result_str = ToString(result);
6858 EXPECT_THAT(ToStrings(result),
6859 testing::UnorderedElementsAreArray(config.expected_addr));
6860 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6861 }
6862 }
6863 }
6864
TEST_F(ResolverTest,MdnsGetAddrInfo_FallbacksToIPv4Responder)6865 TEST_F(ResolverTest, MdnsGetAddrInfo_FallbacksToIPv4Responder) {
6866 constexpr char v6addr[] = "::127.0.0.3";
6867 constexpr char v4addr[] = "127.0.0.3";
6868 constexpr char host_name[] = "hello.local.";
6869 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6870 mdnsv4.addMapping(host_name, ns_type::ns_t_a, v4addr);
6871 mdnsv4.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6872 ASSERT_TRUE(mdnsv4.startServer());
6873
6874 std::vector<bool> keep_listening_udp_enable = {false, true};
6875 for (int value : keep_listening_udp_enable) {
6876 if (value == true) {
6877 // Set keep_listening_udp enable
6878 ScopedSystemProperties sp(kKeepListeningUdpFlag, "1");
6879 // Re-setup test network to make experiment flag take effect.
6880 resetNetwork();
6881 }
6882
6883 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
6884 static const struct TestConfig {
6885 int ai_family;
6886 const std::vector<std::string> expected_addr;
6887 } testConfigs[]{
6888 {AF_INET, {v4addr}},
6889 {AF_INET6, {v6addr}},
6890 {AF_UNSPEC, {v4addr, v6addr}},
6891 };
6892
6893 for (const auto& config : testConfigs) {
6894 mdnsv4.clearQueries();
6895 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6896 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6897
6898 EXPECT_TRUE(result != nullptr);
6899 if (config.ai_family == AF_INET) {
6900 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6901 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_a, host_name), 1U);
6902 } else if (config.ai_family == AF_INET6) {
6903 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6904 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_aaaa, host_name), 1U);
6905 } else if (config.ai_family == AF_UNSPEC) {
6906 EXPECT_EQ(2U, GetNumQueries(mdnsv4, host_name));
6907 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_a, host_name), 1U);
6908 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_aaaa, host_name), 1U);
6909 }
6910 mdnsv4.clearQueries();
6911 std::string result_str = ToString(result);
6912 EXPECT_THAT(ToStrings(result),
6913 testing::UnorderedElementsAreArray(config.expected_addr));
6914
6915 // Ensure the query results are still cached.
6916 // TODO(b/394031336): caching is currently disabled while we work on a cache that
6917 // supports keying by interface. Update values once re-enabled.
6918 result = safe_getaddrinfo("hello.local", nullptr, &hints);
6919 EXPECT_TRUE(result != nullptr);
6920 if (config.ai_family == AF_INET) {
6921 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6922 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_a, host_name), 1U);
6923 } else if (config.ai_family == AF_INET6) {
6924 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
6925 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_aaaa, host_name), 1U);
6926 } else if (config.ai_family == AF_UNSPEC) {
6927 EXPECT_EQ(2U, GetNumQueries(mdnsv4, host_name));
6928 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_a, host_name), 1U);
6929 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_aaaa, host_name), 1U);
6930 }
6931 result_str = ToString(result);
6932 EXPECT_THAT(ToStrings(result),
6933 testing::UnorderedElementsAreArray(config.expected_addr));
6934 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
6935 }
6936 }
6937 }
6938
TEST_F(ResolverTest,MdnsGetAddrInfo_transportTypes)6939 TEST_F(ResolverTest, MdnsGetAddrInfo_transportTypes) {
6940 constexpr char v6addr[] = "::127.0.0.3";
6941 constexpr char v4addr[] = "127.0.0.3";
6942 constexpr char host_name[] = "hello.local.";
6943 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
6944 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
6945 mdnsv6.addMapping(host_name, ns_type::ns_t_a, v4addr);
6946 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
6947 ASSERT_TRUE(mdnsv4.startServer());
6948 ASSERT_TRUE(mdnsv6.startServer());
6949
6950 const std::vector<DnsRecord> records = {
6951 {host_name, ns_type::ns_t_a, v4addr},
6952 {host_name, ns_type::ns_t_aaaa, v6addr},
6953 };
6954 test::DNSResponder dns(v4addr);
6955 StartDns(dns, records);
6956
6957 for (const auto& tpConfig : transportTypeConfig) {
6958 SCOPED_TRACE(fmt::format("transportTypes: [{}], useMdns: {}",
6959 fmt::join(tpConfig.transportTypes, ","), tpConfig.useMdns));
6960 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
6961 setupParams.transportTypes = tpConfig.transportTypes;
6962 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
6963
6964 static const struct TestConfig {
6965 int ai_family;
6966 const std::vector<std::string> expected_addr;
6967 } testConfigs[]{
6968 {AF_INET, {v4addr}},
6969 {AF_INET6, {v6addr}},
6970 {AF_UNSPEC, {v4addr, v6addr}},
6971 };
6972
6973 for (const auto& config : testConfigs) {
6974 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
6975 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
6976
6977 EXPECT_TRUE(result != nullptr);
6978 if (tpConfig.useMdns) {
6979 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
6980 if (config.ai_family == AF_INET) {
6981 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6982 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6983 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 1U);
6984 } else if (config.ai_family == AF_INET6) {
6985 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6986 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
6987 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
6988 } else {
6989 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6990 EXPECT_EQ(2U, GetNumQueries(mdnsv6, host_name));
6991 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 1U);
6992 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
6993 }
6994 } else {
6995 EXPECT_EQ(0U, GetNumQueries(mdnsv4, host_name));
6996 EXPECT_EQ(0U, GetNumQueries(mdnsv6, host_name));
6997 if (config.ai_family == AF_INET) {
6998 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
6999 EXPECT_EQ(GetNumQueriesForType(dns, ns_type::ns_t_a, host_name), 1U);
7000 } else if (config.ai_family == AF_INET6) {
7001 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
7002 EXPECT_EQ(GetNumQueriesForType(dns, ns_type::ns_t_aaaa, host_name), 1U);
7003 } else {
7004 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
7005 EXPECT_EQ(GetNumQueriesForType(dns, ns_type::ns_t_a, host_name), 1U);
7006 EXPECT_EQ(GetNumQueriesForType(dns, ns_type::ns_t_aaaa, host_name), 1U);
7007 }
7008 }
7009 std::string result_str = ToString(result);
7010 EXPECT_THAT(ToStrings(result),
7011 testing::UnorderedElementsAreArray(config.expected_addr));
7012
7013 mdnsv4.clearQueries();
7014 mdnsv6.clearQueries();
7015 dns.clearQueries();
7016 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
7017 }
7018 }
7019 }
7020
TEST_F(ResolverTest,MdnsGetAddrInfo_InvalidSocketType)7021 TEST_F(ResolverTest, MdnsGetAddrInfo_InvalidSocketType) {
7022 constexpr char v6addr[] = "::127.0.0.3";
7023 constexpr char host_name[] = "hello.local.";
7024
7025 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
7026 mdnsv6.addMapping(host_name, ns_type::ns_t_aaaa, v6addr);
7027 ASSERT_TRUE(mdnsv6.startServer());
7028 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
7029
7030 // TODO: Test other invalid socket types.
7031 const addrinfo hints = {
7032 .ai_family = AF_UNSPEC,
7033 .ai_socktype = SOCK_PACKET,
7034 };
7035 addrinfo* result = nullptr;
7036 // This is a valid hint, but the query won't be sent because the socket type is
7037 // not supported.
7038 EXPECT_EQ(EAI_NODATA, getaddrinfo("howdy.local", nullptr, &hints, &result));
7039 ScopedAddrinfo result_cleanup(result);
7040 EXPECT_EQ(nullptr, result);
7041 }
7042
TEST_F(ResolverTest,MdnsGetAddrInfo_cnames)7043 TEST_F(ResolverTest, MdnsGetAddrInfo_cnames) {
7044 constexpr char v6addr[] = "::127.0.0.3";
7045 constexpr char v4addr[] = "127.0.0.3";
7046 constexpr char host_name[] = "hello.local.";
7047 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
7048 const std::vector<DnsRecord> records = {
7049 {"hi.local.", ns_type::ns_t_cname, "a.local."},
7050 {"a.local.", ns_type::ns_t_cname, "b.local."},
7051 {"b.local.", ns_type::ns_t_cname, "c.local."},
7052 {"c.local.", ns_type::ns_t_cname, "d.local."},
7053 {"d.local.", ns_type::ns_t_cname, "e.local."},
7054 {"e.local.", ns_type::ns_t_cname, host_name},
7055 {host_name, ns_type::ns_t_a, v4addr},
7056 {host_name, ns_type::ns_t_aaaa, v6addr},
7057 };
7058 for (const auto& r : records) {
7059 mdnsv6.addMapping(r.host_name, r.type, r.addr);
7060 }
7061 ASSERT_TRUE(mdnsv6.startServer());
7062 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
7063
7064 static const struct TestConfig {
7065 int ai_family;
7066 const std::vector<std::string> expected_addr;
7067 } testConfigs[]{
7068 {AF_INET, {v4addr}},
7069 {AF_INET6, {v6addr}},
7070 {AF_UNSPEC, {v4addr, v6addr}},
7071 };
7072 for (const auto& config : testConfigs) {
7073 mdnsv6.clearQueries();
7074 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
7075 ScopedAddrinfo result = safe_getaddrinfo("hi.local", nullptr, &hints);
7076 EXPECT_TRUE(result != nullptr);
7077 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.expected_addr));
7078 }
7079 }
7080
TEST_F(ResolverTest,MdnsGetAddrInfo_cnamesNoIpAddress)7081 TEST_F(ResolverTest, MdnsGetAddrInfo_cnamesNoIpAddress) {
7082 constexpr char host_name[] = "hello.local.";
7083 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
7084 mdnsv6.addMapping(host_name, ns_type::ns_t_cname, "a.local.");
7085 ASSERT_TRUE(mdnsv6.startServer());
7086 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
7087
7088 mdnsv6.clearQueries();
7089 addrinfo hints = {.ai_family = AF_INET};
7090 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
7091 EXPECT_TRUE(result == nullptr);
7092
7093 mdnsv6.clearQueries();
7094 hints = {.ai_family = AF_INET6};
7095 result = safe_getaddrinfo("hello.local", nullptr, &hints);
7096 EXPECT_TRUE(result == nullptr);
7097
7098 mdnsv6.clearQueries();
7099 hints = {.ai_family = AF_UNSPEC};
7100 result = safe_getaddrinfo("hello.local", nullptr, &hints);
7101 EXPECT_TRUE(result == nullptr);
7102 }
7103
TEST_F(ResolverTest,MdnsGetAddrInfo_cnamesIllegalRdata)7104 TEST_F(ResolverTest, MdnsGetAddrInfo_cnamesIllegalRdata) {
7105 constexpr char host_name[] = "hello.local.";
7106 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
7107 mdnsv6.addMapping(host_name, ns_type::ns_t_cname, ".!#?");
7108 ASSERT_TRUE(mdnsv6.startServer());
7109 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
7110
7111 addrinfo hints = {.ai_family = AF_INET};
7112 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
7113 EXPECT_TRUE(result == nullptr);
7114
7115 mdnsv6.clearQueries();
7116 hints = {.ai_family = AF_INET6};
7117 result = safe_getaddrinfo("hello.local", nullptr, &hints);
7118 EXPECT_TRUE(result == nullptr);
7119
7120 mdnsv6.clearQueries();
7121 hints = {.ai_family = AF_UNSPEC};
7122 result = safe_getaddrinfo("hello.local", nullptr, &hints);
7123 EXPECT_TRUE(result == nullptr);
7124 }
7125
TEST_F(ResolverTest,MdnsGetAddrInfo_FallbacksToUnicastDNS)7126 TEST_F(ResolverTest, MdnsGetAddrInfo_FallbacksToUnicastDNS) {
7127 constexpr char v6addr[] = "::1.2.3.4";
7128 constexpr char v4addr[] = "1.2.3.4";
7129 constexpr char host_name[] = "hello.local.";
7130 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService,
7131 static_cast<ns_rcode>(-1));
7132 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService, static_cast<ns_rcode>(-1));
7133 // Set unresponsive on multicast.
7134 mdnsv4.setResponseProbability(0.0);
7135 mdnsv6.setResponseProbability(0.0);
7136 ASSERT_TRUE(mdnsv4.startServer());
7137 ASSERT_TRUE(mdnsv6.startServer());
7138
7139 const std::vector<DnsRecord> records = {
7140 {host_name, ns_type::ns_t_a, v4addr},
7141 {host_name, ns_type::ns_t_aaaa, v6addr},
7142 };
7143 test::DNSResponder dns("127.0.0.3");
7144 StartDns(dns, records);
7145 ASSERT_TRUE(mDnsClient.SetResolversForNetwork());
7146
7147 static const struct TestConfig {
7148 int ai_family;
7149 const std::vector<std::string> expected_addr;
7150 } testConfigs[]{
7151 {AF_INET, {v4addr}},
7152 {AF_INET6, {v6addr}},
7153 {AF_UNSPEC, {v4addr, v6addr}},
7154 };
7155
7156 for (const auto& config : testConfigs) {
7157 SCOPED_TRACE(fmt::format("family: {}", config.ai_family));
7158 addrinfo hints = {.ai_family = config.ai_family, .ai_socktype = SOCK_DGRAM};
7159 ScopedAddrinfo result = safe_getaddrinfo("hello.local", nullptr, &hints);
7160 EXPECT_TRUE(result != nullptr);
7161 if (config.ai_family == AF_INET) {
7162 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
7163 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_a, host_name), 1U);
7164 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
7165 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 1U);
7166 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
7167 EXPECT_EQ(GetNumQueriesForType(dns, ns_type::ns_t_a, host_name), 1U);
7168 } else if (config.ai_family == AF_INET6) {
7169 EXPECT_EQ(1U, GetNumQueries(mdnsv4, host_name));
7170 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_aaaa, host_name), 1U);
7171 EXPECT_EQ(1U, GetNumQueries(mdnsv6, host_name));
7172 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
7173 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
7174 EXPECT_EQ(GetNumQueriesForType(dns, ns_type::ns_t_aaaa, host_name), 1U);
7175 } else {
7176 EXPECT_EQ(2U, GetNumQueries(mdnsv4, host_name));
7177 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_a, host_name), 1U);
7178 EXPECT_EQ(GetNumQueriesForType(mdnsv4, ns_type::ns_t_aaaa, host_name), 1U);
7179 EXPECT_EQ(2U, GetNumQueries(mdnsv6, host_name));
7180 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 1U);
7181 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
7182 EXPECT_EQ(2U, GetNumQueries(dns, host_name));
7183 EXPECT_EQ(GetNumQueriesForType(dns, ns_type::ns_t_a, host_name), 1U);
7184 EXPECT_EQ(GetNumQueriesForType(dns, ns_type::ns_t_aaaa, host_name), 1U);
7185 }
7186 EXPECT_THAT(ToStrings(result), testing::UnorderedElementsAreArray(config.expected_addr));
7187
7188 mdnsv4.clearQueries();
7189 mdnsv6.clearQueries();
7190 dns.clearQueries();
7191 ASSERT_TRUE(mDnsClient.resolvService()->flushNetworkCache(TEST_NETID).isOk());
7192 }
7193 }
7194
7195 // ResolverMultinetworkTest is used to verify multinetwork functionality. Here's how it works:
7196 // The resolver sends queries to address A, and then there will be a TunForwarder helping forward
7197 // the packets to address B, which is the address on which the testing server is listening. The
7198 // answer packets responded from the testing server go through the reverse path back to the
7199 // resolver.
7200 //
7201 // To achieve the that, it needs to set up a interface with routing rules. Tests are not
7202 // supposed to initiate DNS servers on their own; instead, some utilities are added to the class to
7203 // help the setup.
7204 //
7205 // An example of how to use it:
7206 // TEST_F() {
7207 // ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(V4);
7208 // network.init();
7209 //
7210 // auto dns = network.addIpv4Dns();
7211 // StartDns(dns.dnsServer, {});
7212 //
7213 // network.setDnsConfiguration();
7214 // network.startTunForwarder();
7215 //
7216 // // Send queries here
7217 // }
7218
7219 class ResolverMultinetworkTest : public ResolverTest {
7220 protected:
7221 enum class ConnectivityType { V4, V6, V4V6, NONE };
7222 static constexpr int TEST_NETID_BASE = 10000;
7223
7224 struct DnsServerPair {
DnsServerPairResolverMultinetworkTest::DnsServerPair7225 DnsServerPair(std::shared_ptr<test::DNSResponder> server, std::string addr)
7226 : dnsServer(server), dnsAddr(addr) {}
7227 std::shared_ptr<test::DNSResponder> dnsServer;
7228 std::string dnsAddr; // The DNS server address used for setResolverConfiguration().
7229 // TODO: Add test::DnsTlsFrontend* and std::string for DoT.
7230 };
7231
7232 class ScopedNetwork {
7233 public:
ScopedNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * networkName)7234 ScopedNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7235 IDnsResolver* dnsResolvSrv, const char* networkName)
7236 : mNetId(netId),
7237 mConnectivityType(type),
7238 mNetdSrv(netdSrv),
7239 mDnsResolvSrv(dnsResolvSrv),
7240 mNetworkName(networkName) {
7241 mIfname = fmt::format("testtun{}", netId);
7242 }
~ScopedNetwork()7243 virtual ~ScopedNetwork() {
7244 if (mNetdSrv != nullptr) mNetdSrv->networkDestroy(mNetId);
7245 if (mDnsResolvSrv != nullptr) mDnsResolvSrv->destroyNetworkCache(mNetId);
7246 }
7247
7248 Result<void> init();
addIpv4Dns()7249 Result<DnsServerPair> addIpv4Dns() { return addDns(ConnectivityType::V4); }
addIpv6Dns()7250 Result<DnsServerPair> addIpv6Dns() { return addDns(ConnectivityType::V6); }
startTunForwarder()7251 bool startTunForwarder() { return mTunForwarder->startForwarding(); }
7252 bool setDnsConfiguration() const;
7253 bool clearDnsConfiguration() const;
netId() const7254 unsigned netId() const { return mNetId; }
name() const7255 std::string name() const { return mNetworkName; }
addUser(uid_t uid) const7256 Result<void> addUser(uid_t uid) const { return addUidRange(uid, uid); }
addUidRange(uid_t from,uid_t to) const7257 Result<void> addUidRange(uid_t from, uid_t to) const {
7258 if (auto r = mNetdSrv->networkAddUidRanges(mNetId, {makeUidRangeParcel(from, to)});
7259 !r.isOk()) {
7260 return Error() << r.getMessage();
7261 }
7262 return {};
7263 }
7264
addUserFromParcel(uid_t uid,int32_t subPriority) const7265 Result<void> addUserFromParcel(uid_t uid, int32_t subPriority) const {
7266 return addUidRangeFromParcel(uid, uid, subPriority);
7267 }
7268
addUidRangeFromParcel(uid_t from,uid_t to,int32_t subPriority) const7269 Result<void> addUidRangeFromParcel(uid_t from, uid_t to, int32_t subPriority) const {
7270 NativeUidRangeConfig cfg =
7271 makeNativeUidRangeConfig(mNetId, {makeUidRangeParcel(from, to)}, subPriority);
7272 if (auto r = mNetdSrv->networkAddUidRangesParcel(cfg); !r.isOk()) {
7273 return Error() << r.getMessage();
7274 }
7275 return {};
7276 }
7277
ifname()7278 const std::string& ifname() { return mIfname; }
7279 // Assuming mNetId is unique during ResolverMultinetworkTest, make the
7280 // address based on it to avoid conflicts.
makeIpv4AddrString(uint8_t n) const7281 std::string makeIpv4AddrString(uint8_t n) const {
7282 return fmt::format("192.168.{}.{}", (mNetId - TEST_NETID_BASE), n);
7283 }
makeIpv6AddrString(uint8_t n) const7284 std::string makeIpv6AddrString(uint8_t n) const {
7285 return fmt::format("2001:db8:{}::{}", (mNetId - TEST_NETID_BASE), n);
7286 }
7287
7288 protected:
7289 // Subclasses should implement it to decide which network should be create.
7290 virtual Result<void> createNetwork() const = 0;
7291
7292 const unsigned mNetId;
7293 const ConnectivityType mConnectivityType;
7294 INetd* mNetdSrv;
7295 IDnsResolver* mDnsResolvSrv;
7296 const std::string mNetworkName;
7297 std::string mIfname;
7298 std::unique_ptr<TunForwarder> mTunForwarder;
7299 std::vector<DnsServerPair> mDnsServerPairs;
7300
7301 private:
7302 Result<DnsServerPair> addDns(ConnectivityType connectivity);
7303 };
7304
7305 class ScopedPhysicalNetwork : public ScopedNetwork {
7306 public:
ScopedPhysicalNetwork(unsigned netId,const char * networkName)7307 ScopedPhysicalNetwork(unsigned netId, const char* networkName)
7308 : ScopedNetwork(netId, ConnectivityType::V4V6, nullptr, nullptr, networkName) {}
ScopedPhysicalNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * name="Physical")7309 ScopedPhysicalNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7310 IDnsResolver* dnsResolvSrv, const char* name = "Physical")
7311 : ScopedNetwork(netId, type, netdSrv, dnsResolvSrv, name) {}
7312
7313 protected:
createNetwork() const7314 Result<void> createNetwork() const override {
7315 ::ndk::ScopedAStatus r;
7316 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
7317 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
7318 mNetId, NativeNetworkType::PHYSICAL, INetd::PERMISSION_NONE,
7319 /*secure=*/false);
7320 r = mNetdSrv->networkCreate(config);
7321 } else {
7322 #pragma clang diagnostic push
7323 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
7324 r = mNetdSrv->networkCreatePhysical(mNetId, INetd::PERMISSION_NONE);
7325 #pragma clang diagnostic pop
7326 }
7327
7328 if (!r.isOk()) {
7329 return Error() << r.getMessage();
7330 }
7331 return {};
7332 }
7333 };
7334
7335 class ScopedVirtualNetwork : public ScopedNetwork {
7336 public:
ScopedVirtualNetwork(unsigned netId,ConnectivityType type,INetd * netdSrv,IDnsResolver * dnsResolvSrv,const char * name,bool isSecure)7337 ScopedVirtualNetwork(unsigned netId, ConnectivityType type, INetd* netdSrv,
7338 IDnsResolver* dnsResolvSrv, const char* name, bool isSecure)
7339 : ScopedNetwork(netId, type, netdSrv, dnsResolvSrv, name), mIsSecure(isSecure) {
7340 if (android::modules::sdklevel::IsAtLeastT()) {
7341 mFw = Firewall::getInstance();
7342 }
7343 }
~ScopedVirtualNetwork()7344 ~ScopedVirtualNetwork() {
7345 if (!mVpnIsolationUids.empty()) {
7346 const std::vector<int> tmpUids(mVpnIsolationUids.begin(), mVpnIsolationUids.end());
7347 mNetdSrv->firewallRemoveUidInterfaceRules(tmpUids);
7348 }
7349 }
7350 // Enable VPN isolation. Ensures that uid can only receive packets on mIfname.
enableVpnIsolation(int uid)7351 Result<void> enableVpnIsolation(int uid) {
7352 if (android::modules::sdklevel::IsAtLeastT()) {
7353 if (auto r = mFw->addUidInterfaceRules(mIfname, {uid}); !r.ok()) {
7354 return r;
7355 }
7356 } else if (auto r = mNetdSrv->firewallAddUidInterfaceRules(mIfname, {uid}); !r.isOk()) {
7357 return Error() << r.getMessage();
7358 }
7359 mVpnIsolationUids.insert(uid);
7360 return {};
7361 }
disableVpnIsolation(int uid)7362 Result<void> disableVpnIsolation(int uid) {
7363 if (android::modules::sdklevel::IsAtLeastT()) {
7364 if (auto r = mFw->removeUidInterfaceRules({uid}); !r.ok()) {
7365 return r;
7366 }
7367 } else if (auto r = mNetdSrv->firewallRemoveUidInterfaceRules({uid}); !r.isOk()) {
7368 return Error() << r.getMessage();
7369 }
7370 mVpnIsolationUids.erase(uid);
7371 return {};
7372 }
7373
7374 protected:
createNetwork() const7375 Result<void> createNetwork() const override {
7376 ::ndk::ScopedAStatus r;
7377 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
7378 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
7379 mNetId, NativeNetworkType::VIRTUAL, INetd::PERMISSION_NONE, mIsSecure);
7380 r = mNetdSrv->networkCreate(config);
7381 } else {
7382 #pragma clang diagnostic push
7383 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
7384 r = mNetdSrv->networkCreateVpn(mNetId, mIsSecure);
7385 #pragma clang diagnostic pop
7386 }
7387
7388 if (!r.isOk()) {
7389 return Error() << r.getMessage();
7390 }
7391 return {};
7392 }
7393
7394 bool mIsSecure = false;
7395 std::unordered_set<int> mVpnIsolationUids;
7396 Firewall* mFw;
7397 };
7398
SetUp()7399 void SetUp() override {
7400 ResolverTest::SetUp();
7401 ASSERT_NE(mDnsClient.netdService(), nullptr);
7402 ASSERT_NE(mDnsClient.resolvService(), nullptr);
7403 }
7404
TearDown()7405 void TearDown() override {
7406 ResolverTest::TearDown();
7407 // Restore default network
7408 if (mStoredDefaultNetwork >= 0) {
7409 mDnsClient.netdService()->networkSetDefault(mStoredDefaultNetwork);
7410 }
7411 }
7412
CreateScopedPhysicalNetwork(ConnectivityType type,const char * name="Physical")7413 ScopedPhysicalNetwork CreateScopedPhysicalNetwork(ConnectivityType type,
7414 const char* name = "Physical") {
7415 return {getFreeNetId(), type, mDnsClient.netdService(), mDnsClient.resolvService(), name};
7416 }
CreateScopedVirtualNetwork(ConnectivityType type,bool isSecure,const char * name="Virtual")7417 ScopedVirtualNetwork CreateScopedVirtualNetwork(ConnectivityType type, bool isSecure,
7418 const char* name = "Virtual") {
7419 return {getFreeNetId(), type, mDnsClient.netdService(), mDnsClient.resolvService(),
7420 name, isSecure};
7421 }
7422 void StartDns(test::DNSResponder& dns, const std::vector<DnsRecord>& records);
setDefaultNetwork(int netId)7423 void setDefaultNetwork(int netId) {
7424 // Save current default network at the first call.
7425 std::call_once(defaultNetworkFlag, [&]() {
7426 ASSERT_TRUE(mDnsClient.netdService()->networkGetDefault(&mStoredDefaultNetwork).isOk());
7427 });
7428 ASSERT_TRUE(mDnsClient.netdService()->networkSetDefault(netId).isOk());
7429 }
getFreeNetId()7430 unsigned getFreeNetId() {
7431 if (mNextNetId == TEST_NETID_BASE + 256) mNextNetId = TEST_NETID_BASE;
7432 return mNextNetId++;
7433 }
7434 Result<std::shared_ptr<test::DNSResponder>> setupDns(ConnectivityType type, ScopedNetwork* nw,
7435 const char* host_name,
7436 const char* ipv4_addr,
7437 const char* ipv6_addr);
7438
expectDnsQueryCountsFn(std::shared_ptr<test::DNSResponder> dnsServer,const char * host_name,size_t count,unsigned expectedDnsNetId)7439 void expectDnsQueryCountsFn(std::shared_ptr<test::DNSResponder> dnsServer,
7440 const char* host_name, size_t count, unsigned expectedDnsNetId) {
7441 EXPECT_EQ(GetNumQueries(*dnsServer, host_name), count);
7442 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(expectedDnsNetId).isOk());
7443 dnsServer->clearQueries();
7444 }
7445
makeNativeUidRangeConfig(unsigned netId,std::vector<UidRangeParcel> uidRanges,int32_t subPriority)7446 static NativeUidRangeConfig makeNativeUidRangeConfig(unsigned netId,
7447 std::vector<UidRangeParcel> uidRanges,
7448 int32_t subPriority) {
7449 NativeUidRangeConfig res;
7450 res.netId = netId;
7451 res.uidRanges = std::move(uidRanges);
7452 res.subPriority = subPriority;
7453
7454 return res;
7455 }
7456
7457 private:
7458 // Use a different netId because this class inherits from the class ResolverTest which
7459 // always creates TEST_NETID in setup. It's incremented when CreateScoped{Physical,
7460 // Virtual}Network() is called.
7461 // Note: 255 is the maximum number of (mNextNetId - TEST_NETID_BASE) here as mNextNetId
7462 // is used to create address.
7463 unsigned mNextNetId = TEST_NETID_BASE;
7464 // Use -1 to represent that default network was not modified because
7465 // real netId must be an unsigned value.
7466 int mStoredDefaultNetwork = -1;
7467 std::once_flag defaultNetworkFlag;
7468 };
7469
init()7470 Result<void> ResolverMultinetworkTest::ScopedNetwork::init() {
7471 if (mNetdSrv == nullptr || mDnsResolvSrv == nullptr) return Error() << "srv not available";
7472 unique_fd ufd = TunForwarder::createTun(mIfname);
7473 if (!ufd.ok()) {
7474 return Errorf("createTun for {} failed", mIfname);
7475 }
7476 mTunForwarder = std::make_unique<TunForwarder>(std::move(ufd));
7477
7478 if (auto r = createNetwork(); !r.ok()) {
7479 return r;
7480 }
7481 if (auto r = mDnsResolvSrv->createNetworkCache(mNetId); !r.isOk()) {
7482 return Error() << r.getMessage();
7483 }
7484 if (auto r = mNetdSrv->networkAddInterface(mNetId, mIfname); !r.isOk()) {
7485 return Error() << r.getMessage();
7486 }
7487
7488 if (mConnectivityType == ConnectivityType::V4 || mConnectivityType == ConnectivityType::V4V6) {
7489 const std::string v4Addr = makeIpv4AddrString(1);
7490 if (auto r = mNetdSrv->interfaceAddAddress(mIfname, v4Addr, 32); !r.isOk()) {
7491 return Error() << r.getMessage();
7492 }
7493 if (auto r = mNetdSrv->networkAddRoute(mNetId, mIfname, "0.0.0.0/0", ""); !r.isOk()) {
7494 return Error() << r.getMessage();
7495 }
7496 }
7497 if (mConnectivityType == ConnectivityType::V6 || mConnectivityType == ConnectivityType::V4V6) {
7498 const std::string v6Addr = makeIpv6AddrString(1);
7499 if (auto r = mNetdSrv->interfaceAddAddress(mIfname, v6Addr, 128); !r.isOk()) {
7500 return Error() << r.getMessage();
7501 }
7502 if (auto r = mNetdSrv->networkAddRoute(mNetId, mIfname, "::/0", ""); !r.isOk()) {
7503 return Error() << r.getMessage();
7504 }
7505 }
7506
7507 return {};
7508 }
7509
StartDns(test::DNSResponder & dns,const std::vector<DnsRecord> & records)7510 void ResolverMultinetworkTest::StartDns(test::DNSResponder& dns,
7511 const std::vector<DnsRecord>& records) {
7512 ResolverTest::StartDns(dns, records);
7513
7514 // Bind the DNSResponder's sockets to the network if specified.
7515 if (std::optional<unsigned> netId = dns.getNetwork(); netId.has_value()) {
7516 setNetworkForSocket(netId.value(), dns.getUdpSocket());
7517 setNetworkForSocket(netId.value(), dns.getTcpSocket());
7518 }
7519 }
7520
setupDns(ConnectivityType type,ScopedNetwork * nw,const char * host_name,const char * ipv4_addr,const char * ipv6_addr)7521 Result<std::shared_ptr<test::DNSResponder>> ResolverMultinetworkTest::setupDns(
7522 ConnectivityType type, ScopedNetwork* nw, const char* host_name, const char* ipv4_addr,
7523 const char* ipv6_addr) {
7524 // Add a testing DNS server to networks.
7525 const Result<DnsServerPair> dnsSvPair =
7526 (type == ConnectivityType::V4) ? nw->addIpv4Dns() : nw->addIpv6Dns();
7527 if (!dnsSvPair.ok()) return Error() << dnsSvPair.error();
7528
7529 StartDns(*dnsSvPair->dnsServer,
7530 {{host_name, ns_type::ns_t_a, ipv4_addr}, {host_name, ns_type::ns_t_aaaa, ipv6_addr}});
7531 if (!nw->setDnsConfiguration()) return Error() << "setDnsConfiguration() failed";
7532 if (!nw->startTunForwarder()) return Error() << "startTunForwarder() failed";
7533 return dnsSvPair->dnsServer;
7534 }
7535
7536 /* Setup a DnsResponder that can be queried (and will reply) via the TUN interface associated to the
7537 * network. Returns the IP address that should be used when sending DNS queries, so that they will
7538 * go through the TUN interface.
7539 *
7540 * This is done in the following way for the request:
7541 *
7542 * +--------------+
7543 * | |
7544 * | DnsResponder |----> Listens on |real_responder_address|
7545 * | | ^
7546 * +--------------+ |
7547 * +--+
7548 * |
7549 * +-----+
7550 * | |<----------------------------------------------------+
7551 * | | |
7552 * | |--> Swaps source address for |fake_resolver_address|-+
7553 * | TUN | this is necessary to make sure the response will
7554 * | | also go through TUN (and not directly to
7555 * | | DnsResolver)
7556 * | | Swaps dest address for |real_responder_address|
7557 * | | this is necessary for the query to reach
7558 * | | DnsResponder once injected back into the kernel
7559 * +-----+
7560 * ^
7561 * |
7562 * +-------------+ +--+
7563 * | | |
7564 * | |----> Sends queries
7565 * | DnsResolver | from |real_resolver_address|
7566 * | | to |fake_responder_address|
7567 * | |
7568 * +-------------+
7569 *
7570 * While, for the response:
7571 *
7572 * +--------------+
7573 * | |
7574 * | |----> Sends reply
7575 * | DnsResponder | from |real_responder_address|
7576 * | | to |fake_resolver_address|
7577 * | | |
7578 * +--------------+ |
7579 * +----+
7580 * |
7581 * v
7582 * +-----+
7583 * | |--> Swaps source address for |fake_responder_address|
7584 * | | this is necessary to make sure the response will
7585 * | | go to the socket where DnsResolver is waiting for
7586 * | | the response
7587 * | TUN | Swaps dest address for |real_resolver_address|
7588 * | | this is necessary to make sure the response will
7589 * | | go to the socket where DnsResolver is waiting for
7590 * | | the response
7591 * | | |
7592 * | |<----+
7593 * +-----+
7594 * ^
7595 * |
7596 * +-------------+ +--+
7597 * | | |
7598 * | |----> Sends query
7599 * | DnsResolver | from |real_resolver_address|
7600 * | | to |fake_responder_address|
7601 * | |
7602 * +-------------+
7603 */
addDns(ConnectivityType type)7604 Result<ResolverMultinetworkTest::DnsServerPair> ResolverMultinetworkTest::ScopedNetwork::addDns(
7605 ConnectivityType type) {
7606 const int index = mDnsServerPairs.size();
7607 const int prefixLen = (type == ConnectivityType::V4) ? 32 : 128;
7608
7609 const std::function<std::string(unsigned)> makeIpString =
7610 std::bind((type == ConnectivityType::V4) ? &ScopedNetwork::makeIpv4AddrString
7611 : &ScopedNetwork::makeIpv6AddrString,
7612 this, std::placeholders::_1);
7613
7614 std::string real_resolver_address = makeIpString(1);
7615 // |fake_responder_address| and |fake_resolver_address| are used only to make sure queries go
7616 // through TUN, no entity is listening on them. As such, they can be mapped to the same IP
7617 // address.
7618 std::string fake_responder_address = makeIpString(index + 100 + (mNetId - TEST_NETID_BASE));
7619 std::string fake_resolver_address = fake_responder_address;
7620 std::string real_responder_address = makeIpString(index + 200 + (mNetId - TEST_NETID_BASE));
7621
7622 if (!mTunForwarder->addForwardingRule({real_resolver_address, fake_responder_address},
7623 {fake_resolver_address, real_responder_address})) {
7624 return Errorf("Failed to add the rule - from:({}, {}), to: ({}, {})", real_resolver_address,
7625 fake_responder_address, fake_resolver_address, real_responder_address);
7626 }
7627 if (!mTunForwarder->addForwardingRule({real_responder_address, fake_resolver_address},
7628 {fake_responder_address, real_resolver_address})) {
7629 return Errorf("Failed to add the rule - from:({}, {}), to: ({}, {})",
7630 real_responder_address, fake_resolver_address, fake_responder_address,
7631 real_resolver_address);
7632 }
7633
7634 if (!mNetdSrv->interfaceAddAddress(mIfname, real_responder_address, prefixLen).isOk()) {
7635 return Errorf("interfaceAddAddress({}, {}, {}) failed", mIfname, real_responder_address,
7636 prefixLen);
7637 }
7638
7639 return mDnsServerPairs.emplace_back(
7640 std::make_shared<test::DNSResponder>(mNetId, real_responder_address),
7641 fake_responder_address);
7642 }
7643
setDnsConfiguration() const7644 bool ResolverMultinetworkTest::ScopedNetwork::setDnsConfiguration() const {
7645 if (mDnsResolvSrv == nullptr) return false;
7646 ResolverParamsParcel parcel = DnsResponderClient::GetDefaultResolverParamsParcel();
7647 parcel.tlsServers.clear();
7648 parcel.netId = mNetId;
7649 parcel.servers.clear();
7650 parcel.interfaceNames.push_back(mIfname);
7651 for (const auto& pair : mDnsServerPairs) {
7652 parcel.servers.push_back(pair.dnsAddr);
7653 }
7654 return mDnsResolvSrv->setResolverConfiguration(parcel).isOk();
7655 }
7656
clearDnsConfiguration() const7657 bool ResolverMultinetworkTest::ScopedNetwork::clearDnsConfiguration() const {
7658 if (mDnsResolvSrv == nullptr) return false;
7659 return mDnsResolvSrv->destroyNetworkCache(mNetId).isOk() &&
7660 mDnsResolvSrv->createNetworkCache(mNetId).isOk();
7661 }
7662
7663 namespace {
7664
7665 // Convenient wrapper for making getaddrinfo call like framework.
android_getaddrinfofornet_wrapper(const char * name,int netId)7666 Result<ScopedAddrinfo> android_getaddrinfofornet_wrapper(const char* name, int netId) {
7667 // Use the same parameter as libcore/ojluni/src/main/java/java/net/Inet6AddressImpl.java.
7668 static const addrinfo hints = {
7669 .ai_flags = AI_ADDRCONFIG,
7670 .ai_family = AF_UNSPEC,
7671 .ai_socktype = SOCK_STREAM,
7672 };
7673 addrinfo* result = nullptr;
7674 if (int r = android_getaddrinfofornet(name, nullptr, &hints, netId, MARK_UNSET, &result)) {
7675 return Error() << r;
7676 }
7677 return ScopedAddrinfo(result);
7678 }
7679
expectDnsWorksForUid(const char * name,unsigned netId,uid_t uid,const std::vector<std::string> & expectedResult)7680 void expectDnsWorksForUid(const char* name, unsigned netId, uid_t uid,
7681 const std::vector<std::string>& expectedResult) {
7682 ScopedChangeUID scopedChangeUID(uid);
7683 auto result = android_getaddrinfofornet_wrapper(name, netId);
7684 ASSERT_RESULT_OK(result);
7685 ScopedAddrinfo ai_result(std::move(result.value()));
7686 std::vector<std::string> result_strs = ToStrings(ai_result);
7687 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(expectedResult));
7688 }
7689
expectDnsFailedForUid(const char * name,unsigned netId,uid_t uid)7690 void expectDnsFailedForUid(const char* name, unsigned netId, uid_t uid) {
7691 ScopedChangeUID scopedChangeUID(uid);
7692 ASSERT_FALSE(android_getaddrinfofornet_wrapper(name, netId).ok());
7693 }
7694
7695 } // namespace
7696
TEST_F(ResolverMultinetworkTest,GetAddrInfo_AI_ADDRCONFIG)7697 TEST_F(ResolverMultinetworkTest, GetAddrInfo_AI_ADDRCONFIG) {
7698 constexpr char host_name[] = "ohayou.example.com.";
7699
7700 const std::array<ConnectivityType, 3> allTypes = {
7701 ConnectivityType::V4,
7702 ConnectivityType::V6,
7703 ConnectivityType::V4V6,
7704 };
7705 for (const auto& type : allTypes) {
7706 SCOPED_TRACE(fmt::format("ConnectivityType: {}", static_cast<int>(type)));
7707
7708 // Create a network.
7709 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(type);
7710 ASSERT_RESULT_OK(network.init());
7711
7712 // Add a testing DNS server.
7713 const Result<DnsServerPair> dnsPair =
7714 (type == ConnectivityType::V4) ? network.addIpv4Dns() : network.addIpv6Dns();
7715 ASSERT_RESULT_OK(dnsPair);
7716 StartDns(*dnsPair->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"},
7717 {host_name, ns_type::ns_t_aaaa, "2001:db8:cafe:d00d::31"}});
7718
7719 // Set up resolver and start forwarding.
7720 ASSERT_TRUE(network.setDnsConfiguration());
7721 ASSERT_TRUE(network.startTunForwarder());
7722
7723 auto result = android_getaddrinfofornet_wrapper(host_name, network.netId());
7724 ASSERT_RESULT_OK(result);
7725 ScopedAddrinfo ai_result(std::move(result.value()));
7726 std::vector<std::string> result_strs = ToStrings(ai_result);
7727 std::vector<std::string> expectedResult;
7728 size_t expectedQueries = 0;
7729
7730 if (type == ConnectivityType::V6 || type == ConnectivityType::V4V6) {
7731 expectedResult.emplace_back("2001:db8:cafe:d00d::31");
7732 expectedQueries++;
7733 }
7734 if (type == ConnectivityType::V4 || type == ConnectivityType::V4V6) {
7735 expectedResult.emplace_back("192.0.2.0");
7736 expectedQueries++;
7737 }
7738 EXPECT_THAT(result_strs, testing::UnorderedElementsAreArray(expectedResult));
7739 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), expectedQueries);
7740 }
7741 }
7742
TEST_F(ResolverMultinetworkTest,NetworkDestroyedDuringQueryInFlight)7743 TEST_F(ResolverMultinetworkTest, NetworkDestroyedDuringQueryInFlight) {
7744 constexpr char host_name[] = "ohayou.example.com.";
7745
7746 // Create a network and add an ipv4 DNS server.
7747 auto network = std::make_unique<ScopedPhysicalNetwork>(getFreeNetId(), ConnectivityType::V4V6,
7748 mDnsClient.netdService(),
7749 mDnsClient.resolvService());
7750 ASSERT_RESULT_OK(network->init());
7751 const Result<DnsServerPair> dnsPair = network->addIpv4Dns();
7752 ASSERT_RESULT_OK(dnsPair);
7753
7754 // Set the DNS server unresponsive.
7755 dnsPair->dnsServer->setResponseProbability(0.0);
7756 dnsPair->dnsServer->setErrorRcode(static_cast<ns_rcode>(-1));
7757 StartDns(*dnsPair->dnsServer, {});
7758
7759 // Set up resolver and start forwarding.
7760 ASSERT_TRUE(network->setDnsConfiguration());
7761 ASSERT_TRUE(network->startTunForwarder());
7762
7763 // Expect the things happening in order:
7764 // 1. The thread sends the query to the dns server which is unresponsive.
7765 // 2. The network is destroyed while the thread is waiting for the response from the dns server.
7766 // 3. After the dns server timeout, the thread retries but fails to connect.
7767 std::thread lookup([&]() {
7768 int fd = resNetworkQuery(network->netId(), host_name, ns_c_in, ns_t_a, 0);
7769 EXPECT_TRUE(fd != -1);
7770 expectAnswersNotValid(fd, -ETIMEDOUT);
7771 });
7772
7773 // Tear down the network as soon as the dns server receives the query.
7774 const auto condition = [&]() { return GetNumQueries(*dnsPair->dnsServer, host_name) == 1U; };
7775 EXPECT_TRUE(PollForCondition(condition));
7776 network.reset();
7777
7778 lookup.join();
7779 }
7780
TEST_F(ResolverMultinetworkTest,OneCachePerNetwork)7781 TEST_F(ResolverMultinetworkTest, OneCachePerNetwork) {
7782 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
7783 constexpr char host_name[] = "ohayou.example.com.";
7784
7785 ScopedPhysicalNetwork network1 = CreateScopedPhysicalNetwork(ConnectivityType::V4V6);
7786 ScopedPhysicalNetwork network2 = CreateScopedPhysicalNetwork(ConnectivityType::V4V6);
7787 ASSERT_RESULT_OK(network1.init());
7788 ASSERT_RESULT_OK(network2.init());
7789
7790 const Result<DnsServerPair> dnsPair1 = network1.addIpv4Dns();
7791 const Result<DnsServerPair> dnsPair2 = network2.addIpv4Dns();
7792 ASSERT_RESULT_OK(dnsPair1);
7793 ASSERT_RESULT_OK(dnsPair2);
7794 StartDns(*dnsPair1->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.0"}});
7795 StartDns(*dnsPair2->dnsServer, {{host_name, ns_type::ns_t_a, "192.0.2.1"}});
7796
7797 // Set up resolver for network 1 and start forwarding.
7798 ASSERT_TRUE(network1.setDnsConfiguration());
7799 ASSERT_TRUE(network1.startTunForwarder());
7800
7801 // Set up resolver for network 2 and start forwarding.
7802 ASSERT_TRUE(network2.setDnsConfiguration());
7803 ASSERT_TRUE(network2.startTunForwarder());
7804
7805 // Send the same queries to both networks.
7806 int fd1 = resNetworkQuery(network1.netId(), host_name, ns_c_in, ns_t_a, 0);
7807 int fd2 = resNetworkQuery(network2.netId(), host_name, ns_c_in, ns_t_a, 0);
7808
7809 expectAnswersValid(fd1, AF_INET, "192.0.2.0");
7810 expectAnswersValid(fd2, AF_INET, "192.0.2.1");
7811 EXPECT_EQ(GetNumQueries(*dnsPair1->dnsServer, host_name), 1U);
7812 EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);
7813
7814 // Flush the cache of network 1, and send the queries again.
7815 EXPECT_TRUE(mDnsClient.resolvService()->flushNetworkCache(network1.netId()).isOk());
7816 fd1 = resNetworkQuery(network1.netId(), host_name, ns_c_in, ns_t_a, 0);
7817 fd2 = resNetworkQuery(network2.netId(), host_name, ns_c_in, ns_t_a, 0);
7818
7819 expectAnswersValid(fd1, AF_INET, "192.0.2.0");
7820 expectAnswersValid(fd2, AF_INET, "192.0.2.1");
7821 EXPECT_EQ(GetNumQueries(*dnsPair1->dnsServer, host_name), 2U);
7822 EXPECT_EQ(GetNumQueries(*dnsPair2->dnsServer, host_name), 1U);
7823 }
7824
TEST_F(ResolverMultinetworkTest,DnsWithVpn)7825 TEST_F(ResolverMultinetworkTest, DnsWithVpn) {
7826 SKIP_IF_BPF_NOT_SUPPORTED;
7827 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.resolvService(), 4);
7828 constexpr char host_name[] = "ohayou.example.com.";
7829 constexpr char ipv4_addr[] = "192.0.2.0";
7830 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7831
7832 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7833 {ConnectivityType::V4, {ipv4_addr}},
7834 {ConnectivityType::V6, {ipv6_addr}},
7835 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7836 };
7837 for (const auto& [type, result] : testPairs) {
7838 SCOPED_TRACE(fmt::format("ConnectivityType: {}", static_cast<int>(type)));
7839
7840 // Create a network.
7841 ScopedPhysicalNetwork underlyingNetwork = CreateScopedPhysicalNetwork(type, "Underlying");
7842 ScopedVirtualNetwork bypassableVpnNetwork =
7843 CreateScopedVirtualNetwork(type, false, "BypassableVpn");
7844 ScopedVirtualNetwork secureVpnNetwork = CreateScopedVirtualNetwork(type, true, "SecureVpn");
7845
7846 ASSERT_RESULT_OK(underlyingNetwork.init());
7847 ASSERT_RESULT_OK(bypassableVpnNetwork.init());
7848 ASSERT_RESULT_OK(secureVpnNetwork.init());
7849 ASSERT_RESULT_OK(bypassableVpnNetwork.addUser(TEST_UID));
7850 ASSERT_RESULT_OK(secureVpnNetwork.addUser(TEST_UID2));
7851
7852 // Set up resolver and start forwarding for networks.
7853 auto underlyingNwDnsSv =
7854 setupDns(type, &underlyingNetwork, host_name, ipv4_addr, ipv6_addr);
7855 ASSERT_RESULT_OK(underlyingNwDnsSv);
7856 auto bypassableVpnDnsSv =
7857 setupDns(type, &bypassableVpnNetwork, host_name, ipv4_addr, ipv6_addr);
7858 ASSERT_RESULT_OK(bypassableVpnDnsSv);
7859 auto secureVpnDnsSv = setupDns(type, &secureVpnNetwork, host_name, ipv4_addr, ipv6_addr);
7860 ASSERT_RESULT_OK(secureVpnDnsSv);
7861
7862 setDefaultNetwork(underlyingNetwork.netId());
7863 const unsigned underlyingNetId = underlyingNetwork.netId();
7864 const unsigned bypassableVpnNetId = bypassableVpnNetwork.netId();
7865 const unsigned secureVpnNetId = secureVpnNetwork.netId();
7866 // We've called setNetworkForProcess in SetupOemNetwork, so reset to default first.
7867 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7868
7869 // Create a object to represent default network, do not init it.
7870 ScopedPhysicalNetwork defaultNetwork{NETID_UNSET, "Default"};
7871
7872 // Test VPN with DNS server under 4 different network selection scenarios.
7873 // See the test config for the expectation.
7874 const struct TestConfig {
7875 ScopedNetwork* selectedNetwork;
7876 unsigned expectedDnsNetId;
7877 std::shared_ptr<test::DNSResponder> expectedDnsServer;
7878 } vpnWithDnsServerConfigs[]{
7879 // clang-format off
7880 // Queries use the bypassable VPN by default.
7881 {&defaultNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7882 // Choosing the underlying network works because the VPN is bypassable.
7883 {&underlyingNetwork, underlyingNetId, *underlyingNwDnsSv},
7884 // Selecting the VPN sends the query on the VPN.
7885 {&bypassableVpnNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7886 // TEST_UID does not have access to the secure VPN.
7887 {&secureVpnNetwork, bypassableVpnNetId, *bypassableVpnDnsSv},
7888 // clang-format on
7889 };
7890 for (const auto& config : vpnWithDnsServerConfigs) {
7891 SCOPED_TRACE(fmt::format("Bypassble VPN with DnsServer, selectedNetwork = {}",
7892 config.selectedNetwork->name()));
7893 expectDnsWorksForUid(host_name, config.selectedNetwork->netId(), TEST_UID, result);
7894 expectDnsQueryCountsFn(config.expectedDnsServer, host_name, result.size(),
7895 config.expectedDnsNetId);
7896 }
7897
7898 std::vector<ScopedNetwork*> nwVec{&defaultNetwork, &underlyingNetwork,
7899 &bypassableVpnNetwork, &secureVpnNetwork};
7900 // Test the VPN without DNS server with the same combination as before.
7901 ASSERT_TRUE(bypassableVpnNetwork.clearDnsConfiguration());
7902 // Test bypassable VPN, TEST_UID
7903 for (const auto* selectedNetwork : nwVec) {
7904 SCOPED_TRACE(fmt::format("Bypassble VPN without DnsServer, selectedNetwork = {}",
7905 selectedNetwork->name()));
7906 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID, result);
7907 expectDnsQueryCountsFn(*underlyingNwDnsSv, host_name, result.size(), underlyingNetId);
7908 }
7909
7910 // The same test scenario as before plus enableVpnIsolation for secure VPN, TEST_UID2.
7911 for (bool enableVpnIsolation : {false, true}) {
7912 SCOPED_TRACE(fmt::format("enableVpnIsolation = {}", enableVpnIsolation));
7913 if (enableVpnIsolation) {
7914 EXPECT_RESULT_OK(secureVpnNetwork.enableVpnIsolation(TEST_UID2));
7915 }
7916
7917 // Test secure VPN without DNS server.
7918 ASSERT_TRUE(secureVpnNetwork.clearDnsConfiguration());
7919 for (const auto* selectedNetwork : nwVec) {
7920 SCOPED_TRACE(fmt::format("Secure VPN without DnsServer, selectedNetwork = {}",
7921 selectedNetwork->name()));
7922 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID2, result);
7923 expectDnsQueryCountsFn(*underlyingNwDnsSv, host_name, result.size(),
7924 underlyingNetId);
7925 }
7926
7927 // Test secure VPN with DNS server.
7928 ASSERT_TRUE(secureVpnNetwork.setDnsConfiguration());
7929 for (const auto* selectedNetwork : nwVec) {
7930 SCOPED_TRACE(fmt::format("Secure VPN with DnsServer, selectedNetwork = {}",
7931 selectedNetwork->name()));
7932 expectDnsWorksForUid(host_name, selectedNetwork->netId(), TEST_UID2, result);
7933 expectDnsQueryCountsFn(*secureVpnDnsSv, host_name, result.size(), secureVpnNetId);
7934 }
7935
7936 if (enableVpnIsolation) {
7937 EXPECT_RESULT_OK(secureVpnNetwork.disableVpnIsolation(TEST_UID2));
7938 }
7939 }
7940 }
7941 }
7942
7943 // verify per-application default network selection on DNS.
TEST_F(ResolverMultinetworkTest,PerAppDefaultNetwork)7944 TEST_F(ResolverMultinetworkTest, PerAppDefaultNetwork) {
7945 // Netd supports uid ranges on physical network from v6.
7946 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.netdService(), 6);
7947
7948 constexpr char host_name[] = "ohayou.example.com.";
7949 constexpr char ipv4_addr[] = "192.0.2.0";
7950 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
7951
7952 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
7953 {ConnectivityType::V4, {ipv4_addr}},
7954 {ConnectivityType::V6, {ipv6_addr}},
7955 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
7956 };
7957 for (const auto& [ipVersion, expectedDnsReply] : testPairs) {
7958 SCOPED_TRACE(fmt::format("ConnectivityType: {}", static_cast<int>(ipVersion)));
7959
7960 // Create networks.
7961 ScopedPhysicalNetwork sysDefaultNetwork =
7962 CreateScopedPhysicalNetwork(ipVersion, "SysDefault");
7963 ScopedPhysicalNetwork appDefaultNetwork =
7964 CreateScopedPhysicalNetwork(ipVersion, "AppDefault");
7965 ScopedVirtualNetwork vpn = CreateScopedVirtualNetwork(ipVersion, false, "Vpn");
7966
7967 ASSERT_RESULT_OK(sysDefaultNetwork.init());
7968 ASSERT_RESULT_OK(appDefaultNetwork.init());
7969 ASSERT_RESULT_OK(vpn.init());
7970
7971 // Set up resolver and start forwarding for networks.
7972 auto sysDefaultNwDnsSv =
7973 setupDns(ipVersion, &sysDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7974 ASSERT_RESULT_OK(sysDefaultNwDnsSv);
7975 auto appDefaultNwDnsSv =
7976 setupDns(ipVersion, &appDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
7977 ASSERT_RESULT_OK(appDefaultNwDnsSv);
7978 auto vpnDnsSv = setupDns(ipVersion, &vpn, host_name, ipv4_addr, ipv6_addr);
7979 ASSERT_RESULT_OK(vpnDnsSv);
7980
7981 const unsigned systemDefaultNetId = sysDefaultNetwork.netId();
7982 const unsigned appDefaultNetId = appDefaultNetwork.netId();
7983 const unsigned vpnNetId = vpn.netId();
7984
7985 setDefaultNetwork(systemDefaultNetId);
7986 EXPECT_TRUE(
7987 mDnsClient.netdService()
7988 ->networkSetPermissionForNetwork(appDefaultNetId, INetd::PERMISSION_SYSTEM)
7989 .isOk());
7990
7991 // We've called setNetworkForProcess in SetupOemNetwork, reset to default first.
7992 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
7993
7994 // Test DNS query without selecting a network. --> use system default network.
7995 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
7996 expectDnsQueryCountsFn(*sysDefaultNwDnsSv, host_name, expectedDnsReply.size(),
7997 systemDefaultNetId);
7998 // Add user to app default network. --> use app default network.
7999 ASSERT_RESULT_OK(appDefaultNetwork.addUser(TEST_UID));
8000 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
8001 expectDnsQueryCountsFn(*appDefaultNwDnsSv, host_name, expectedDnsReply.size(),
8002 appDefaultNetId);
8003
8004 // Test DNS query with a selected network.
8005 // App default network applies to uid, vpn does not applies to uid.
8006 const struct TestConfig {
8007 ScopedNetwork* selectedNetwork;
8008 unsigned expectedDnsNetId;
8009 std::shared_ptr<test::DNSResponder> expectedDnsServer;
8010 } vpnWithDnsServerConfigs[]{
8011 // clang-format off
8012 // App can select the system default network without any permission.
8013 {&sysDefaultNetwork, systemDefaultNetId, *sysDefaultNwDnsSv},
8014 // App can select the restricted network, since its uid was assigned to the network.
8015 {&appDefaultNetwork, appDefaultNetId, *appDefaultNwDnsSv},
8016 // App does not have access to the VPN. --> fallback to app default network.
8017 {&vpn, appDefaultNetId, *appDefaultNwDnsSv},
8018 // clang-format on
8019 };
8020 for (const auto& config : vpnWithDnsServerConfigs) {
8021 SCOPED_TRACE(fmt::format("Dns over app default network, selectedNetwork = {}",
8022 config.selectedNetwork->name()));
8023 expectDnsWorksForUid(host_name, config.selectedNetwork->netId(), TEST_UID,
8024 expectedDnsReply);
8025 expectDnsQueryCountsFn(config.expectedDnsServer, host_name, expectedDnsReply.size(),
8026 config.expectedDnsNetId);
8027 }
8028
8029 // App default network applies to uid, vpn applies to uid. --> use vpn.
8030 ASSERT_RESULT_OK(vpn.addUser(TEST_UID));
8031 expectDnsWorksForUid(host_name, vpn.netId(), TEST_UID, expectedDnsReply);
8032 expectDnsQueryCountsFn(*vpnDnsSv, host_name, expectedDnsReply.size(), vpnNetId);
8033
8034 // vpn without server. --> fallback to app default network.
8035 ASSERT_TRUE(vpn.clearDnsConfiguration());
8036 expectDnsWorksForUid(host_name, vpn.netId(), TEST_UID, expectedDnsReply);
8037 expectDnsQueryCountsFn(*appDefaultNwDnsSv, host_name, expectedDnsReply.size(),
8038 appDefaultNetId);
8039 }
8040 }
8041
TEST_F(ResolverMultinetworkTest,AI_ADDRCONFIG_DnsWithLinkLocalIPv6AndDefaultRouteDoesNotSendAAAA)8042 TEST_F(ResolverMultinetworkTest, AI_ADDRCONFIG_DnsWithLinkLocalIPv6AndDefaultRouteDoesNotSendAAAA) {
8043 // Kernel 4.4 does not provide an IPv6 link-local address when an interface is added to a
8044 // network. Skip it because v6 link-local address is a prerequisite for this test.
8045 SKIP_IF_KERNEL_VERSION_LOWER_THAN(4, 9, 0);
8046
8047 constexpr char host_name[] = "ohayou.example.com.";
8048 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::NONE);
8049 ASSERT_RESULT_OK(network.init());
8050
8051 ASSERT_TRUE(mDnsClient.netdService()
8052 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
8053 .isOk());
8054
8055 const Result<DnsServerPair> dnsPair = network.addIpv6Dns();
8056 ASSERT_RESULT_OK(dnsPair);
8057 StartDns(*dnsPair->dnsServer, {{host_name, ns_type::ns_t_aaaa, "192.0.2.0"},
8058 {host_name, ns_type::ns_t_aaaa, "2001:db8:cafe:d00d::31"}});
8059
8060 ASSERT_TRUE(network.setDnsConfiguration());
8061 ASSERT_TRUE(network.startTunForwarder());
8062
8063 addrinfo* result = nullptr;
8064 const addrinfo hints = {
8065 .ai_flags = AI_ADDRCONFIG,
8066 .ai_family = AF_UNSPEC,
8067 .ai_socktype = SOCK_STREAM,
8068 };
8069 int rv = android_getaddrinfofornet("ohayou.example.com", nullptr, &hints, network.netId(),
8070 MARK_UNSET, &result);
8071 EXPECT_EQ(rv, EAI_NODATA);
8072 EXPECT_EQ(result, nullptr);
8073 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), 0U);
8074 }
8075
TEST_F(ResolverMultinetworkTest,AI_ADDRCONFIG_DnsWithGlobalIPv6AndDefaultRouteSendsAAAA)8076 TEST_F(ResolverMultinetworkTest, AI_ADDRCONFIG_DnsWithGlobalIPv6AndDefaultRouteSendsAAAA) {
8077 constexpr char v6addr[] = "2001:db8:cafe:d00d::31";
8078 constexpr char v4addr[] = "192.0.2.0";
8079 constexpr char host_name[] = "ohayou.example.com.";
8080 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::NONE);
8081 ASSERT_RESULT_OK(network.init());
8082
8083 ASSERT_TRUE(mDnsClient.netdService()
8084 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
8085 .isOk());
8086
8087 const Result<DnsServerPair> dnsPair = network.addIpv6Dns();
8088 ASSERT_RESULT_OK(dnsPair);
8089 StartDns(*dnsPair->dnsServer,
8090 {{host_name, ns_type::ns_t_aaaa, v4addr}, {host_name, ns_type::ns_t_aaaa, v6addr}});
8091
8092 ASSERT_TRUE(network.setDnsConfiguration());
8093 ASSERT_TRUE(network.startTunForwarder());
8094
8095 const std::string v6Addr = network.makeIpv6AddrString(1);
8096 EXPECT_TRUE(
8097 mDnsClient.netdService()->interfaceAddAddress(network.ifname(), v6Addr, 128).isOk());
8098 // Ensuring that address is applied. This is required for mainline test (b/249225311).
8099 usleep(1000 * 1000);
8100
8101 addrinfo* result = nullptr;
8102 const addrinfo hints = {
8103 .ai_flags = AI_ADDRCONFIG,
8104 .ai_family = AF_UNSPEC,
8105 .ai_socktype = SOCK_STREAM,
8106 };
8107 int rv = android_getaddrinfofornet("ohayou.example.com", nullptr, &hints, network.netId(),
8108 MARK_UNSET, &result);
8109 EXPECT_EQ(rv, 0);
8110 EXPECT_NE(result, nullptr);
8111 EXPECT_EQ(ToString(result), v6addr);
8112 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), 1U);
8113 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_a, host_name), 0U);
8114 EXPECT_EQ(GetNumQueriesForType(*dnsPair->dnsServer, ns_type::ns_t_aaaa, host_name), 1U);
8115 }
8116
TEST_F(ResolverMultinetworkTest,AI_ADDRCONFIG_DnsWithLinkLocalIPv6AndNoDefaultRouteDoesNotSendAAAA)8117 TEST_F(ResolverMultinetworkTest,
8118 AI_ADDRCONFIG_DnsWithLinkLocalIPv6AndNoDefaultRouteDoesNotSendAAAA) {
8119 // Kernel 4.4 does not provide an IPv6 link-local address when an interface is added to a
8120 // network. Skip it because v6 link-local address is a prerequisite for this test.
8121 SKIP_IF_KERNEL_VERSION_LOWER_THAN(4, 9, 0);
8122
8123 constexpr char v6addr[] = "2001:db8:cafe:d00d::31";
8124 constexpr char v4addr[] = "192.0.2.0";
8125 constexpr char host_name[] = "ohayou.example.com.";
8126 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::NONE);
8127 ASSERT_RESULT_OK(network.init());
8128
8129 const Result<DnsServerPair> dnsPair = network.addIpv6Dns();
8130 ASSERT_RESULT_OK(dnsPair);
8131 StartDns(*dnsPair->dnsServer,
8132 {{host_name, ns_type::ns_t_a, v4addr}, {host_name, ns_type::ns_t_aaaa, v6addr}});
8133
8134 ASSERT_TRUE(network.setDnsConfiguration());
8135 ASSERT_TRUE(network.startTunForwarder());
8136
8137 addrinfo* result = nullptr;
8138 const addrinfo hints = {
8139 .ai_flags = AI_ADDRCONFIG,
8140 .ai_family = AF_UNSPEC,
8141 .ai_socktype = SOCK_STREAM,
8142 };
8143 int rv = android_getaddrinfofornet("ohayou.example.com", nullptr, &hints, network.netId(),
8144 MARK_UNSET, &result);
8145 EXPECT_EQ(rv, EAI_NODATA);
8146 EXPECT_EQ(result, nullptr);
8147 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), 0U);
8148 }
8149
TEST_F(ResolverMultinetworkTest,AI_ADDRCONFIG_MdnsWithLinkLocalIPv6AndDefaultRouteSendsAAAA)8150 TEST_F(ResolverMultinetworkTest, AI_ADDRCONFIG_MdnsWithLinkLocalIPv6AndDefaultRouteSendsAAAA) {
8151 // Kernel 4.4 does not provide an link-local IPv6 address when an interface is added to a
8152 // network. Skip it because v6 link-local address is a prerequisite for this test.
8153 SKIP_IF_KERNEL_VERSION_LOWER_THAN(4, 9, 0);
8154
8155 constexpr char v6addr[] = "::127.0.0.3";
8156 constexpr char v4addr[] = "127.0.0.3";
8157 constexpr char host_name[] = "hello.local.";
8158 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::NONE);
8159 ASSERT_RESULT_OK(network.init());
8160
8161 ASSERT_TRUE(mDnsClient.netdService()
8162 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
8163 .isOk());
8164 // Ensuring that routing is applied. This is required for mainline test (b/247693272).
8165 usleep(1000 * 1000);
8166
8167 // Created only to confirm that no Unicast DNS queries are sent.
8168 const Result<DnsServerPair> dnsPair = network.addIpv6Dns();
8169 ASSERT_RESULT_OK(dnsPair);
8170 StartDns(*dnsPair->dnsServer, {});
8171
8172 ASSERT_TRUE(network.setDnsConfiguration());
8173 ASSERT_TRUE(network.startTunForwarder());
8174
8175 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
8176 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
8177 mdnsv4.setNetwork(network.netId());
8178 mdnsv6.setNetwork(network.netId());
8179 StartDns(mdnsv4, {{host_name, ns_type::ns_t_a, v4addr}});
8180 StartDns(mdnsv6, {{host_name, ns_type::ns_t_aaaa, v6addr}});
8181
8182 addrinfo* result = nullptr;
8183 const addrinfo hints = {
8184 .ai_flags = AI_ADDRCONFIG,
8185 .ai_family = AF_UNSPEC,
8186 .ai_socktype = SOCK_STREAM,
8187 };
8188 int rv = android_getaddrinfofornet("hello.local", nullptr, &hints, network.netId(), MARK_UNSET,
8189 &result);
8190 EXPECT_EQ(rv, 0);
8191 EXPECT_NE(result, nullptr);
8192 EXPECT_EQ(ToString(result), v6addr);
8193 EXPECT_EQ(GetNumQueries(mdnsv4, host_name), 0U);
8194 EXPECT_EQ(GetNumQueries(mdnsv6, host_name), 1U);
8195 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 0U);
8196 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
8197 // Confirm no unicast DNS queries.
8198 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), 0U);
8199 }
8200
TEST_F(ResolverMultinetworkTest,AI_ADDRCONFIG_MdnsWithLinkLocalIPv6AndNoDefaultRouteSendsAAAA)8201 TEST_F(ResolverMultinetworkTest, AI_ADDRCONFIG_MdnsWithLinkLocalIPv6AndNoDefaultRouteSendsAAAA) {
8202 // Kernel 4.4 does not provide an IPv6 link-local address when an interface is added to a
8203 // network. Skip it because v6 link-local address is a prerequisite for this test.
8204 SKIP_IF_KERNEL_VERSION_LOWER_THAN(4, 9, 0);
8205
8206 constexpr char v6addr[] = "::127.0.0.3";
8207 constexpr char v4addr[] = "127.0.0.3";
8208 constexpr char host_name[] = "hello.local.";
8209 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::NONE);
8210 ASSERT_RESULT_OK(network.init());
8211
8212 // Created only to confirm that no Unicast DNS queries are sent.
8213 const Result<DnsServerPair> dnsPair = network.addIpv6Dns();
8214 ASSERT_RESULT_OK(dnsPair);
8215 StartDns(*dnsPair->dnsServer, {});
8216
8217 ASSERT_TRUE(network.setDnsConfiguration());
8218 ASSERT_TRUE(network.startTunForwarder());
8219
8220 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
8221 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
8222 mdnsv4.setNetwork(network.netId());
8223 mdnsv6.setNetwork(network.netId());
8224 StartDns(mdnsv4, {{host_name, ns_type::ns_t_a, v4addr}});
8225 StartDns(mdnsv6, {{host_name, ns_type::ns_t_aaaa, v6addr}});
8226
8227 addrinfo* result = nullptr;
8228 const addrinfo hints = {
8229 .ai_flags = AI_ADDRCONFIG,
8230 .ai_family = AF_UNSPEC,
8231 .ai_socktype = SOCK_STREAM,
8232 };
8233 int rv = android_getaddrinfofornet("hello.local", nullptr, &hints, network.netId(), MARK_UNSET,
8234 &result);
8235 EXPECT_EQ(rv, 0);
8236 EXPECT_NE(result, nullptr);
8237 EXPECT_EQ(ToString(result), v6addr);
8238 EXPECT_EQ(GetNumQueries(mdnsv6, host_name), 1U);
8239 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_a, host_name), 0U);
8240 EXPECT_EQ(GetNumQueriesForType(mdnsv6, ns_type::ns_t_aaaa, host_name), 1U);
8241 // Confirm no unicast DNS queries.
8242 EXPECT_EQ(GetNumQueries(*dnsPair->dnsServer, host_name), 0U);
8243 }
8244
TEST_F(ResolverMultinetworkTest,getaddrinfo_PopulatesScopeIDWhenMdnsReturnsLinkLocalResult)8245 TEST_F(ResolverMultinetworkTest, getaddrinfo_PopulatesScopeIDWhenMdnsReturnsLinkLocalResult) {
8246 // Kernel 4.4 does not provide an IPv6 link-local address when an interface is added to a
8247 // network. Skip it because v6 link-local address is a prerequisite for this test.
8248 SKIP_IF_KERNEL_VERSION_LOWER_THAN(4, 9, 0);
8249
8250 constexpr char v6addr[] = "fe80::";
8251 constexpr char v4addr[] = "127.0.0.3";
8252 constexpr char host_name[] = "hello.local.";
8253 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::NONE);
8254 ASSERT_RESULT_OK(network.init());
8255
8256 ASSERT_TRUE(network.setDnsConfiguration());
8257 ASSERT_TRUE(network.startTunForwarder());
8258
8259 test::DNSResponder mdnsv4("127.0.0.3", test::kDefaultMdnsListenService);
8260 test::DNSResponder mdnsv6("::1", test::kDefaultMdnsListenService);
8261 mdnsv4.setNetwork(network.netId());
8262 mdnsv6.setNetwork(network.netId());
8263 StartDns(mdnsv4, {{host_name, ns_type::ns_t_a, v4addr}});
8264 StartDns(mdnsv6, {{host_name, ns_type::ns_t_aaaa, v6addr}});
8265
8266 addrinfo* result = nullptr;
8267 const addrinfo hints = {
8268 .ai_family = AF_INET6,
8269 .ai_socktype = SOCK_STREAM,
8270 };
8271 int rv = android_getaddrinfofornet("hello.local", nullptr, &hints, network.netId(), MARK_UNSET,
8272 &result);
8273 EXPECT_EQ(rv, 0);
8274 EXPECT_NE(result, nullptr);
8275 EXPECT_EQ(ToString(result), "fe80::%lo");
8276 EXPECT_EQ(result->ai_family, AF_INET6);
8277 const auto* sin6 = reinterpret_cast<sockaddr_in6*>(result->ai_addr);
8278 EXPECT_NE(sin6->sin6_scope_id, 0U);
8279 EXPECT_EQ(sin6->sin6_scope_id, if_nametoindex("lo"));
8280 }
8281
TEST_F(ResolverMultinetworkTest,getaddrinfo_DoesNotPopulateScopeIDWhenDnsReturnsLinkLocalResult)8282 TEST_F(ResolverMultinetworkTest, getaddrinfo_DoesNotPopulateScopeIDWhenDnsReturnsLinkLocalResult) {
8283 constexpr char v6addr[] = "fe80::";
8284 constexpr char v4addr[] = "192.0.2.0";
8285 constexpr char host_name[] = "ohayou.example.com.";
8286 ScopedPhysicalNetwork network = CreateScopedPhysicalNetwork(ConnectivityType::NONE);
8287 ASSERT_RESULT_OK(network.init());
8288
8289 ASSERT_TRUE(mDnsClient.netdService()
8290 ->networkAddRoute(network.netId(), network.ifname(), "::/0", "")
8291 .isOk());
8292
8293 const Result<DnsServerPair> dnsPair = network.addIpv6Dns();
8294 ASSERT_RESULT_OK(dnsPair);
8295 StartDns(*dnsPair->dnsServer,
8296 {{host_name, ns_type::ns_t_aaaa, v4addr}, {host_name, ns_type::ns_t_aaaa, v6addr}});
8297
8298 ASSERT_TRUE(network.setDnsConfiguration());
8299 ASSERT_TRUE(network.startTunForwarder());
8300
8301 const std::string v6Addr = network.makeIpv6AddrString(1);
8302 EXPECT_TRUE(
8303 mDnsClient.netdService()->interfaceAddAddress(network.ifname(), v6Addr, 128).isOk());
8304 // Ensuring that address is applied. This is required for mainline test (b/249225311).
8305 usleep(1000 * 1000);
8306
8307 addrinfo* result = nullptr;
8308 const addrinfo hints = {
8309 .ai_family = AF_INET6,
8310 .ai_socktype = SOCK_STREAM,
8311 };
8312 int rv = android_getaddrinfofornet("ohayou.example.com", nullptr, &hints, network.netId(),
8313 MARK_UNSET, &result);
8314 EXPECT_EQ(rv, 0);
8315 EXPECT_NE(result, nullptr);
8316 EXPECT_EQ(ToString(result), "fe80::");
8317 EXPECT_EQ(result->ai_family, AF_INET6);
8318 const auto* sin6 = reinterpret_cast<sockaddr_in6*>(result->ai_addr);
8319 EXPECT_EQ(sin6->sin6_scope_id, 0U);
8320 }
8321
TEST_F(ResolverTest,NegativeValueInExperimentFlag)8322 TEST_F(ResolverTest, NegativeValueInExperimentFlag) {
8323 // Test setting up different retry count and BASE_TIMEOUT_MSEC in DNS server.
8324 const struct TestConfig {
8325 int retryCount;
8326 int baseTimeoutMsec;
8327 int expectedRetryCount;
8328 int expectedBaseTimeoutMsec;
8329 } TestConfigs[]{{2, 1000, 2, 1000}, {0, 0, RES_DFLRETRY, RES_TIMEOUT}};
8330
8331 for (const auto& config : TestConfigs) {
8332 SCOPED_TRACE(fmt::format("Setting up retryCount = {}, baseTimeoutMsec = {}",
8333 config.retryCount, config.baseTimeoutMsec));
8334 // Initiate negative values in experiment flags.
8335 ScopedSystemProperties sp1(kRetryCountFlag, "-2");
8336 ScopedSystemProperties sp2(kRetransIntervalFlag, "-3000");
8337 resetNetwork();
8338
8339 ResolverParamsParcel setupParams = DnsResponderClient::GetDefaultResolverParamsParcel();
8340 setupParams.retryCount = config.retryCount;
8341 setupParams.baseTimeoutMsec = config.baseTimeoutMsec;
8342 ASSERT_TRUE(mDnsClient.SetResolversFromParcel(setupParams));
8343
8344 const auto resolvInfo = mDnsClient.getResolverInfo();
8345 ASSERT_RESULT_OK(resolvInfo);
8346 EXPECT_EQ(config.expectedRetryCount, resolvInfo.value().params.retry_count);
8347 EXPECT_EQ(config.expectedBaseTimeoutMsec, resolvInfo.value().params.base_timeout_msec);
8348 }
8349 }
8350
8351 // Verify that DNS queries can be made for hostnames that exist in etc/hosts when the default
8352 // network is not set and the application does not specify a network. (See
8353 // NetworkController::isUidAllowed for implementation details.)
TEST_F(ResolverTest,NetworkUnspecified_localhost)8354 TEST_F(ResolverTest, NetworkUnspecified_localhost) {
8355 ScopedDefaultNetwork scopedDefaultNetwork(mDnsClient.netdService(), NETID_UNSET);
8356 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
8357
8358 ScopedAddrinfo result = safe_getaddrinfo(kLocalHost, nullptr, nullptr);
8359 EXPECT_TRUE(result != nullptr);
8360 EXPECT_EQ(kLocalHostAddr, ToString(result));
8361
8362 result = safe_getaddrinfo(kIp6LocalHost, nullptr, nullptr);
8363 EXPECT_TRUE(result != nullptr);
8364 EXPECT_EQ(kIp6LocalHostAddr, ToString(result));
8365 }
8366
8367 // Verify uid-based network permission on DNS, which is controlled by INetd::setNetworkAllowlist().
8368 //
8369 // Scenario:
8370 // 1. There are three neworks at the same time:
8371 // - system default network
8372 // - enterprise network #1
8373 // - enterprise network #2
8374 //
8375 // 2. Simulate ConnectivityService calling INetd::setNetworkAllowlist so that
8376 // - TEST_UID can select only enterprise network #1 and #2. Can not select system default network.
8377 // - TEST_UID2 is unrestricted on all networks.
TEST_F(ResolverMultinetworkTest,UidAllowedNetworks)8378 TEST_F(ResolverMultinetworkTest, UidAllowedNetworks) {
8379 // Netd supports it from v13.
8380 SKIP_IF_REMOTE_VERSION_LESS_THAN(mDnsClient.netdService(), 13);
8381
8382 constexpr char host_name[] = "ohayou.example.com.";
8383 constexpr char ipv4_addr[] = "192.0.2.0";
8384 constexpr char ipv6_addr[] = "2001:db8:cafe:d00d::31";
8385
8386 const std::pair<ConnectivityType, std::vector<std::string>> testPairs[] = {
8387 {ConnectivityType::V4, {ipv4_addr}},
8388 {ConnectivityType::V6, {ipv6_addr}},
8389 {ConnectivityType::V4V6, {ipv6_addr, ipv4_addr}},
8390 };
8391 for (const auto& [ipVersion, expectedDnsReply] : testPairs) {
8392 SCOPED_TRACE(fmt::format("ConnectivityType: {}", static_cast<int>(ipVersion)));
8393
8394 // Create networks.
8395 ScopedPhysicalNetwork sysDefaultNetwork =
8396 CreateScopedPhysicalNetwork(ipVersion, "SysDefault");
8397 ScopedPhysicalNetwork enterpriseNetwork_1 =
8398 CreateScopedPhysicalNetwork(ipVersion, "enterprise_1");
8399 ScopedPhysicalNetwork enterpriseNetwork_2 =
8400 CreateScopedPhysicalNetwork(ipVersion, "enterprise_2");
8401 ASSERT_RESULT_OK(sysDefaultNetwork.init());
8402 ASSERT_RESULT_OK(enterpriseNetwork_1.init());
8403 ASSERT_RESULT_OK(enterpriseNetwork_2.init());
8404
8405 // Set up resolver and start forwarding for networks.
8406 auto sysDefaultNwDnsSv =
8407 setupDns(ipVersion, &sysDefaultNetwork, host_name, ipv4_addr, ipv6_addr);
8408 ASSERT_RESULT_OK(sysDefaultNwDnsSv);
8409 auto enterpriseNw1DnsSv =
8410 setupDns(ipVersion, &enterpriseNetwork_1, host_name, ipv4_addr, ipv6_addr);
8411 ASSERT_RESULT_OK(enterpriseNw1DnsSv);
8412 auto enterpriseNw2DnsSv =
8413 setupDns(ipVersion, &enterpriseNetwork_2, host_name, ipv4_addr, ipv6_addr);
8414 ASSERT_RESULT_OK(enterpriseNw2DnsSv);
8415
8416 const unsigned systemDefaultNetId = sysDefaultNetwork.netId();
8417 const unsigned enterprise1NetId = enterpriseNetwork_1.netId();
8418 const unsigned enterprise2NetId = enterpriseNetwork_2.netId();
8419
8420 setDefaultNetwork(systemDefaultNetId);
8421
8422 // We've called setNetworkForProcess in SetupOemNetwork, reset to default first.
8423 ScopedSetNetworkForProcess scopedSetNetworkForProcess(NETID_UNSET);
8424
8425 // Add profile app default network for UID. DNS should be sent on it.
8426 // Note: subPriority 20 = PREFERENCE_ORDER_PROFILE, which is defined
8427 // in ConnectivityService.java. The value here doesn't really matter.
8428 ASSERT_RESULT_OK(enterpriseNetwork_1.addUserFromParcel(TEST_UID, /*subPriority*/ 20));
8429 expectDnsWorksForUid(host_name, NETID_UNSET, TEST_UID, expectedDnsReply);
8430 expectDnsQueryCountsFn(*enterpriseNw1DnsSv, host_name, expectedDnsReply.size(),
8431 enterprise1NetId);
8432
8433 // Set allowed networks for UIDs. To simplify test, assumes overall UID range is
8434 // {0, 1, 2, ..., TEST_UID2, TEST_UID}.
8435 // TEST_UID can't select the system default network. 0 - TEST_UID2 are allowed.
8436 NativeUidRangeConfig nwDefaultUserConfig = makeNativeUidRangeConfig(
8437 systemDefaultNetId, {makeUidRangeParcel(0, TEST_UID2)}, /*unused*/ 0);
8438 // All UIDs can select the enterprise network #1. 0 - TEST_UID are allowed.
8439 NativeUidRangeConfig nw1UserConfig = makeNativeUidRangeConfig(
8440 enterprise1NetId, {makeUidRangeParcel(0, TEST_UID)}, /*unused*/ 0);
8441 // All UIDs can select the enterprise network #2. 0 - TEST_UID are allowed.
8442 NativeUidRangeConfig nw2UserConfig = makeNativeUidRangeConfig(
8443 enterprise2NetId, {makeUidRangeParcel(0, TEST_UID)}, /*unused*/ 0);
8444 EXPECT_TRUE(
8445 mDnsClient.netdService()
8446 ->setNetworkAllowlist({nwDefaultUserConfig, nw1UserConfig, nw2UserConfig})
8447 .isOk());
8448
8449 // Verify that DNS is behaving as the setting.
8450 struct TestConfig {
8451 int uid;
8452 const ScopedNetwork& selectedNetwork;
8453 bool expectedSuccess;
8454 } configs[]{
8455 // clang-format off
8456 {TEST_UID, sysDefaultNetwork, false},
8457 {TEST_UID, enterpriseNetwork_1, true},
8458 {TEST_UID, enterpriseNetwork_2, true},
8459 {TEST_UID2, sysDefaultNetwork, true},
8460 {TEST_UID2, enterpriseNetwork_1, true},
8461 {TEST_UID2, enterpriseNetwork_2, true},
8462 // clang-format on
8463 };
8464 for (const auto& cfg : configs) {
8465 SCOPED_TRACE(fmt::format("Dns over UID {}, selectedNetwork {}", cfg.uid,
8466 cfg.selectedNetwork.name()));
8467 if (cfg.expectedSuccess) {
8468 expectDnsWorksForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid,
8469 expectedDnsReply);
8470 } else {
8471 expectDnsFailedForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid);
8472 }
8473 }
8474
8475 // Clear network restrictions.
8476 EXPECT_TRUE(mDnsClient.netdService()->setNetworkAllowlist({}).isOk());
8477 // TEST_UID and TEST_UID2 can both select all networks.
8478 for (const auto& cfg : configs) {
8479 SCOPED_TRACE(fmt::format("Dns over UID {}, selectedNetwork {}", cfg.uid,
8480 cfg.selectedNetwork.name()));
8481 expectDnsWorksForUid(host_name, cfg.selectedNetwork.netId(), cfg.uid, expectedDnsReply);
8482 }
8483 }
8484 }
8485