diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2020-05-26 01:03:46 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-05-26 01:03:46 +0000 |
commit | 042b066bcb5c8590cd9c6a439ef73f2e1d41a69c (patch) | |
tree | 8a16b824bfcecefceb48e78169460f74574e97f5 | |
parent | fdb52cbdfd302bd5e42e77f06565cfb140947209 (diff) | |
parent | d5389f155cb30ec5f8fd217cdaa607b14d4682f3 (diff) | |
download | DnsResolver-042b066bcb5c8590cd9c6a439ef73f2e1d41a69c.tar.gz |
Snap for 6525849 from d5389f155cb30ec5f8fd217cdaa607b14d4682f3 to rvc-release
Change-Id: Ic93b46b3a6ff619e1d383e061f33c48cb9975823
-rw-r--r-- | Dns64Configuration.cpp | 4 | ||||
-rw-r--r-- | DnsTlsDispatcher.cpp | 4 | ||||
-rw-r--r-- | DnsTlsSocket.cpp | 30 | ||||
-rw-r--r-- | DnsTlsTransport.cpp | 8 | ||||
-rw-r--r-- | PrivateDnsConfiguration.cpp | 4 | ||||
-rw-r--r-- | ResolverController.cpp | 18 |
6 files changed, 34 insertions, 34 deletions
diff --git a/Dns64Configuration.cpp b/Dns64Configuration.cpp index 64c491c1..1208d10c 100644 --- a/Dns64Configuration.cpp +++ b/Dns64Configuration.cpp @@ -37,11 +37,13 @@ namespace android { +using android::base::StringPrintf; using android::net::NetworkDnsEventReported; using netdutils::DumpWriter; using netdutils::IPAddress; using netdutils::IPPrefix; using netdutils::ScopedAddrinfo; +using netdutils::setThreadName; namespace net { @@ -64,7 +66,7 @@ void Dns64Configuration::startPrefixDiscovery(unsigned netId) { // Note that capturing |cfg| in this lambda creates a copy. std::thread discovery_thread([this, cfg, netId] { - netdutils::setThreadName(android::base::StringPrintf("Nat64Pfx_%u", netId).c_str()); + setThreadName(StringPrintf("Nat64Pfx_%u", netId).c_str()); // Make a mutable copy rather than mark the whole lambda mutable. // No particular reason. diff --git a/DnsTlsDispatcher.cpp b/DnsTlsDispatcher.cpp index 8747e462..1fa40013 100644 --- a/DnsTlsDispatcher.cpp +++ b/DnsTlsDispatcher.cpp @@ -147,6 +147,10 @@ DnsTlsTransport::Response DnsTlsDispatcher::query(const DnsTlsServer& server, un const Slice query, const Slice ans, int* resplen, bool* connectTriggered) { int connectCounter; + + // TODO: This can cause the resolver to create multiple connections to the same DoT server + // merely due to different mark, such as the bit explicitlySelected unset. + // See if we can save them and just create one connection for one DoT server. const Key key = std::make_pair(mark, server); Transport* xport; { diff --git a/DnsTlsSocket.cpp b/DnsTlsSocket.cpp index 9ce8ec2d..cab678dc 100644 --- a/DnsTlsSocket.cpp +++ b/DnsTlsSocket.cpp @@ -32,7 +32,6 @@ #include "DnsTlsSessionCache.h" #include "IDnsTlsSocketObserver.h" -#include <Fwmark.h> #include <android-base/logging.h> #include <android-base/stringprintf.h> #include <netdutils/SocketOption.h> @@ -49,9 +48,11 @@ namespace android { +using base::StringPrintf; using netdutils::enableSockopt; using netdutils::enableTcpKeepAlives; using netdutils::isOk; +using netdutils::setThreadName; using netdutils::Slice; using netdutils::Status; @@ -70,13 +71,6 @@ int waitForWriting(int fd, int timeoutMs = -1) { return TEMP_FAILURE_RETRY(poll(&fds, 1, timeoutMs)); } -std::string markToFwmarkString(unsigned mMark) { - Fwmark mark; - mark.intValue = mMark; - return android::base::StringPrintf("%d, %d, %d, %d, %d", mark.netId, mark.explicitlySelected, - mark.protectedFromVpn, mark.permission, mark.uidBillingDone); -} - } // namespace Status DnsTlsSocket::tcpConnect() { @@ -243,9 +237,9 @@ bssl::UniquePtr<SSL> DnsTlsSocket::sslConnect(int fd) { } for (;;) { - LOG(DEBUG) << " Calling SSL_connect with " << markToFwmarkString(mMark); + LOG(DEBUG) << " Calling SSL_connect with mark 0x" << std::hex << mMark; int ret = SSL_connect(ssl.get()); - LOG(DEBUG) << " SSL_connect returned " << ret << " with " << markToFwmarkString(mMark); + LOG(DEBUG) << " SSL_connect returned " << ret << " with mark 0x" << std::hex << mMark; if (ret == 1) break; // SSL handshake complete; const int ssl_err = SSL_get_error(ssl.get(), ret); @@ -255,8 +249,8 @@ bssl::UniquePtr<SSL> DnsTlsSocket::sslConnect(int fd) { // the TCP connection handshake, the device is waiting for the SSL handshake reply // from the server. if (int err = waitForReading(fd, mServer.connectTimeout.count()); err <= 0) { - PLOG(WARNING) << "SSL_connect read error " << err << ", " - << markToFwmarkString(mMark); + PLOG(WARNING) << "SSL_connect read error " << err << ", mark 0x" << std::hex + << mMark; return nullptr; } break; @@ -264,14 +258,14 @@ bssl::UniquePtr<SSL> DnsTlsSocket::sslConnect(int fd) { // If no application data is sent during the TCP connection handshake, the // device is waiting for the connection established to perform SSL handshake. if (int err = waitForWriting(fd, mServer.connectTimeout.count()); err <= 0) { - PLOG(WARNING) << "SSL_connect write error " << err << ", " - << markToFwmarkString(mMark); + PLOG(WARNING) << "SSL_connect write error " << err << ", mark 0x" << std::hex + << mMark; return nullptr; } break; default: - PLOG(WARNING) << "SSL_connect ssl error =" << ssl_err << ", " - << markToFwmarkString(mMark); + PLOG(WARNING) << "SSL_connect ssl error =" << ssl_err << ", mark 0x" << std::hex + << mMark; return nullptr; } } @@ -321,9 +315,7 @@ void DnsTlsSocket::loop() { std::deque<std::vector<uint8_t>> q; const int timeout_msecs = DnsTlsSocket::kIdleTimeout.count() * 1000; - Fwmark mark; - mark.intValue = mMark; - netdutils::setThreadName(android::base::StringPrintf("TlsListen_%u", mark.netId).c_str()); + setThreadName(StringPrintf("TlsListen_%u", mMark & 0xffff).c_str()); while (true) { // poll() ignores negative fds struct pollfd fds[2] = { { .fd = -1 }, { .fd = -1 } }; diff --git a/DnsTlsTransport.cpp b/DnsTlsTransport.cpp index 54a7f89e..d0098c2d 100644 --- a/DnsTlsTransport.cpp +++ b/DnsTlsTransport.cpp @@ -18,7 +18,6 @@ #include "DnsTlsTransport.h" -#include <Fwmark.h> #include <android-base/logging.h> #include <android-base/stringprintf.h> #include <arpa/inet.h> @@ -28,6 +27,9 @@ #include "DnsTlsSocketFactory.h" #include "IDnsTlsSocketFactory.h" +using android::base::StringPrintf; +using android::netdutils::setThreadName; + namespace android { namespace net { @@ -112,9 +114,7 @@ void DnsTlsTransport::onClosed() { void DnsTlsTransport::doReconnect() { std::lock_guard guard(mLock); - Fwmark mark; - mark.intValue = mMark; - netdutils::setThreadName(android::base::StringPrintf("TlsReconn_%u", mark.netId).c_str()); + setThreadName(StringPrintf("TlsReconn_%u", mMark & 0xffff).c_str()); if (mClosing) { return; } diff --git a/PrivateDnsConfiguration.cpp b/PrivateDnsConfiguration.cpp index 22631533..182a5ac6 100644 --- a/PrivateDnsConfiguration.cpp +++ b/PrivateDnsConfiguration.cpp @@ -31,6 +31,8 @@ #include "resolv_cache.h" #include "util.h" +using android::base::StringPrintf; +using android::netdutils::setThreadName; using std::chrono::milliseconds; namespace android { @@ -180,7 +182,7 @@ void PrivateDnsConfiguration::validatePrivateDnsProvider(const DnsTlsServer& ser // Note that capturing |server| and |netId| in this lambda create copies. std::thread validate_thread([this, server, netId, mark] { - netdutils::setThreadName(android::base::StringPrintf("TlsVerify_%u", netId).c_str()); + setThreadName(StringPrintf("TlsVerify_%u", netId).c_str()); // cat /proc/sys/net/ipv4/tcp_syn_retries yields "6". // diff --git a/ResolverController.cpp b/ResolverController.cpp index 13600b87..be0b989f 100644 --- a/ResolverController.cpp +++ b/ResolverController.cpp @@ -24,7 +24,6 @@ #include <netdb.h> -#include <Fwmark.h> #include <aidl/android/net/IDnsResolver.h> #include <android-base/logging.h> #include <android-base/strings.h> @@ -202,21 +201,22 @@ int ResolverController::flushNetworkCache(unsigned netId) { int ResolverController::setResolverConfiguration(const ResolverParamsParcel& resolverParams) { using aidl::android::net::IDnsResolver; - // At private DNS validation time, we only know the netId, so we have to guess/compute the - // corresponding socket mark. - Fwmark fwmark; - fwmark.netId = resolverParams.netId; - fwmark.explicitlySelected = true; - fwmark.protectedFromVpn = true; - fwmark.permission = PERMISSION_SYSTEM; + // Expect to get the mark with system permission. + android_net_context netcontext; + gResNetdCallbacks.get_network_context(resolverParams.netId, 0 /* uid */, &netcontext); // Allow at most MAXNS private DNS servers in a network to prevent too many broken servers. std::vector<std::string> tlsServers = resolverParams.tlsServers; if (tlsServers.size() > MAXNS) { tlsServers.resize(MAXNS); } + + // Use app_mark for DoT connection. Using dns_mark might result in reaching the DoT servers + // through a different network. For example, on a VPN with no DNS servers (Do53), if the VPN + // applies to UID 0, dns_mark is assigned for default network rathan the VPN. (note that it's + // possible that a VPN doesn't have any DNS servers but DoT servers in DNS strict mode) const int err = - gPrivateDnsConfiguration.set(resolverParams.netId, fwmark.intValue, tlsServers, + gPrivateDnsConfiguration.set(resolverParams.netId, netcontext.app_mark, tlsServers, resolverParams.tlsName, resolverParams.caCertificate); if (err != 0) { |