aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorandroid-build-team Robot <android-build-team-robot@google.com>2020-05-26 01:03:46 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>2020-05-26 01:03:46 +0000
commit042b066bcb5c8590cd9c6a439ef73f2e1d41a69c (patch)
tree8a16b824bfcecefceb48e78169460f74574e97f5
parentfdb52cbdfd302bd5e42e77f06565cfb140947209 (diff)
parentd5389f155cb30ec5f8fd217cdaa607b14d4682f3 (diff)
downloadDnsResolver-042b066bcb5c8590cd9c6a439ef73f2e1d41a69c.tar.gz
Snap for 6525849 from d5389f155cb30ec5f8fd217cdaa607b14d4682f3 to rvc-release
Change-Id: Ic93b46b3a6ff619e1d383e061f33c48cb9975823
Diffstat
-rw-r--r--Dns64Configuration.cpp4
-rw-r--r--DnsTlsDispatcher.cpp4
-rw-r--r--DnsTlsSocket.cpp30
-rw-r--r--DnsTlsTransport.cpp8
-rw-r--r--PrivateDnsConfiguration.cpp4
-rw-r--r--ResolverController.cpp18
6 files changed, 34 insertions, 34 deletions
diff --git a/Dns64Configuration.cpp b/Dns64Configuration.cpp
index 64c491c1..1208d10c 100644
--- a/Dns64Configuration.cpp
+++ b/Dns64Configuration.cpp
@@ -37,11 +37,13 @@
namespace android {
+using android::base::StringPrintf;
using android::net::NetworkDnsEventReported;
using netdutils::DumpWriter;
using netdutils::IPAddress;
using netdutils::IPPrefix;
using netdutils::ScopedAddrinfo;
+using netdutils::setThreadName;
namespace net {
@@ -64,7 +66,7 @@ void Dns64Configuration::startPrefixDiscovery(unsigned netId) {
// Note that capturing |cfg| in this lambda creates a copy.
std::thread discovery_thread([this, cfg, netId] {
- netdutils::setThreadName(android::base::StringPrintf("Nat64Pfx_%u", netId).c_str());
+ setThreadName(StringPrintf("Nat64Pfx_%u", netId).c_str());
// Make a mutable copy rather than mark the whole lambda mutable.
// No particular reason.
diff --git a/DnsTlsDispatcher.cpp b/DnsTlsDispatcher.cpp
index 8747e462..1fa40013 100644
--- a/DnsTlsDispatcher.cpp
+++ b/DnsTlsDispatcher.cpp
@@ -147,6 +147,10 @@ DnsTlsTransport::Response DnsTlsDispatcher::query(const DnsTlsServer& server, un
const Slice query, const Slice ans, int* resplen,
bool* connectTriggered) {
int connectCounter;
+
+ // TODO: This can cause the resolver to create multiple connections to the same DoT server
+ // merely due to different mark, such as the bit explicitlySelected unset.
+ // See if we can save them and just create one connection for one DoT server.
const Key key = std::make_pair(mark, server);
Transport* xport;
{
diff --git a/DnsTlsSocket.cpp b/DnsTlsSocket.cpp
index 9ce8ec2d..cab678dc 100644
--- a/DnsTlsSocket.cpp
+++ b/DnsTlsSocket.cpp
@@ -32,7 +32,6 @@
#include "DnsTlsSessionCache.h"
#include "IDnsTlsSocketObserver.h"
-#include <Fwmark.h>
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <netdutils/SocketOption.h>
@@ -49,9 +48,11 @@
namespace android {
+using base::StringPrintf;
using netdutils::enableSockopt;
using netdutils::enableTcpKeepAlives;
using netdutils::isOk;
+using netdutils::setThreadName;
using netdutils::Slice;
using netdutils::Status;
@@ -70,13 +71,6 @@ int waitForWriting(int fd, int timeoutMs = -1) {
return TEMP_FAILURE_RETRY(poll(&fds, 1, timeoutMs));
}
-std::string markToFwmarkString(unsigned mMark) {
- Fwmark mark;
- mark.intValue = mMark;
- return android::base::StringPrintf("%d, %d, %d, %d, %d", mark.netId, mark.explicitlySelected,
- mark.protectedFromVpn, mark.permission, mark.uidBillingDone);
-}
-
} // namespace
Status DnsTlsSocket::tcpConnect() {
@@ -243,9 +237,9 @@ bssl::UniquePtr<SSL> DnsTlsSocket::sslConnect(int fd) {
}
for (;;) {
- LOG(DEBUG) << " Calling SSL_connect with " << markToFwmarkString(mMark);
+ LOG(DEBUG) << " Calling SSL_connect with mark 0x" << std::hex << mMark;
int ret = SSL_connect(ssl.get());
- LOG(DEBUG) << " SSL_connect returned " << ret << " with " << markToFwmarkString(mMark);
+ LOG(DEBUG) << " SSL_connect returned " << ret << " with mark 0x" << std::hex << mMark;
if (ret == 1) break; // SSL handshake complete;
const int ssl_err = SSL_get_error(ssl.get(), ret);
@@ -255,8 +249,8 @@ bssl::UniquePtr<SSL> DnsTlsSocket::sslConnect(int fd) {
// the TCP connection handshake, the device is waiting for the SSL handshake reply
// from the server.
if (int err = waitForReading(fd, mServer.connectTimeout.count()); err <= 0) {
- PLOG(WARNING) << "SSL_connect read error " << err << ", "
- << markToFwmarkString(mMark);
+ PLOG(WARNING) << "SSL_connect read error " << err << ", mark 0x" << std::hex
+ << mMark;
return nullptr;
}
break;
@@ -264,14 +258,14 @@ bssl::UniquePtr<SSL> DnsTlsSocket::sslConnect(int fd) {
// If no application data is sent during the TCP connection handshake, the
// device is waiting for the connection established to perform SSL handshake.
if (int err = waitForWriting(fd, mServer.connectTimeout.count()); err <= 0) {
- PLOG(WARNING) << "SSL_connect write error " << err << ", "
- << markToFwmarkString(mMark);
+ PLOG(WARNING) << "SSL_connect write error " << err << ", mark 0x" << std::hex
+ << mMark;
return nullptr;
}
break;
default:
- PLOG(WARNING) << "SSL_connect ssl error =" << ssl_err << ", "
- << markToFwmarkString(mMark);
+ PLOG(WARNING) << "SSL_connect ssl error =" << ssl_err << ", mark 0x" << std::hex
+ << mMark;
return nullptr;
}
}
@@ -321,9 +315,7 @@ void DnsTlsSocket::loop() {
std::deque<std::vector<uint8_t>> q;
const int timeout_msecs = DnsTlsSocket::kIdleTimeout.count() * 1000;
- Fwmark mark;
- mark.intValue = mMark;
- netdutils::setThreadName(android::base::StringPrintf("TlsListen_%u", mark.netId).c_str());
+ setThreadName(StringPrintf("TlsListen_%u", mMark & 0xffff).c_str());
while (true) {
// poll() ignores negative fds
struct pollfd fds[2] = { { .fd = -1 }, { .fd = -1 } };
diff --git a/DnsTlsTransport.cpp b/DnsTlsTransport.cpp
index 54a7f89e..d0098c2d 100644
--- a/DnsTlsTransport.cpp
+++ b/DnsTlsTransport.cpp
@@ -18,7 +18,6 @@
#include "DnsTlsTransport.h"
-#include <Fwmark.h>
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <arpa/inet.h>
@@ -28,6 +27,9 @@
#include "DnsTlsSocketFactory.h"
#include "IDnsTlsSocketFactory.h"
+using android::base::StringPrintf;
+using android::netdutils::setThreadName;
+
namespace android {
namespace net {
@@ -112,9 +114,7 @@ void DnsTlsTransport::onClosed() {
void DnsTlsTransport::doReconnect() {
std::lock_guard guard(mLock);
- Fwmark mark;
- mark.intValue = mMark;
- netdutils::setThreadName(android::base::StringPrintf("TlsReconn_%u", mark.netId).c_str());
+ setThreadName(StringPrintf("TlsReconn_%u", mMark & 0xffff).c_str());
if (mClosing) {
return;
}
diff --git a/PrivateDnsConfiguration.cpp b/PrivateDnsConfiguration.cpp
index 22631533..182a5ac6 100644
--- a/PrivateDnsConfiguration.cpp
+++ b/PrivateDnsConfiguration.cpp
@@ -31,6 +31,8 @@
#include "resolv_cache.h"
#include "util.h"
+using android::base::StringPrintf;
+using android::netdutils::setThreadName;
using std::chrono::milliseconds;
namespace android {
@@ -180,7 +182,7 @@ void PrivateDnsConfiguration::validatePrivateDnsProvider(const DnsTlsServer& ser
// Note that capturing |server| and |netId| in this lambda create copies.
std::thread validate_thread([this, server, netId, mark] {
- netdutils::setThreadName(android::base::StringPrintf("TlsVerify_%u", netId).c_str());
+ setThreadName(StringPrintf("TlsVerify_%u", netId).c_str());
// cat /proc/sys/net/ipv4/tcp_syn_retries yields "6".
//
diff --git a/ResolverController.cpp b/ResolverController.cpp
index 13600b87..be0b989f 100644
--- a/ResolverController.cpp
+++ b/ResolverController.cpp
@@ -24,7 +24,6 @@
#include <netdb.h>
-#include <Fwmark.h>
#include <aidl/android/net/IDnsResolver.h>
#include <android-base/logging.h>
#include <android-base/strings.h>
@@ -202,21 +201,22 @@ int ResolverController::flushNetworkCache(unsigned netId) {
int ResolverController::setResolverConfiguration(const ResolverParamsParcel& resolverParams) {
using aidl::android::net::IDnsResolver;
- // At private DNS validation time, we only know the netId, so we have to guess/compute the
- // corresponding socket mark.
- Fwmark fwmark;
- fwmark.netId = resolverParams.netId;
- fwmark.explicitlySelected = true;
- fwmark.protectedFromVpn = true;
- fwmark.permission = PERMISSION_SYSTEM;
+ // Expect to get the mark with system permission.
+ android_net_context netcontext;
+ gResNetdCallbacks.get_network_context(resolverParams.netId, 0 /* uid */, &netcontext);
// Allow at most MAXNS private DNS servers in a network to prevent too many broken servers.
std::vector<std::string> tlsServers = resolverParams.tlsServers;
if (tlsServers.size() > MAXNS) {
tlsServers.resize(MAXNS);
}
+
+ // Use app_mark for DoT connection. Using dns_mark might result in reaching the DoT servers
+ // through a different network. For example, on a VPN with no DNS servers (Do53), if the VPN
+ // applies to UID 0, dns_mark is assigned for default network rathan the VPN. (note that it's
+ // possible that a VPN doesn't have any DNS servers but DoT servers in DNS strict mode)
const int err =
- gPrivateDnsConfiguration.set(resolverParams.netId, fwmark.intValue, tlsServers,
+ gPrivateDnsConfiguration.set(resolverParams.netId, netcontext.app_mark, tlsServers,
resolverParams.tlsName, resolverParams.caCertificate);
if (err != 0) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 05:48:00 +0000