diff options
author | Mike Yu <yumike@google.com> | 2018-11-27 13:19:31 +0900 |
---|---|---|
committer | Mike Yu <yumike@google.com> | 2018-11-27 18:05:08 +0900 |
commit | 924726d89d84a9e98c5a52634fe7c1fc2fc92a6e (patch) | |
tree | 3b9241dbee61465b03eb159eafdeedd4121e405b | |
parent | dc4c37e2f83033a2a6e704b61ae1e2356b44c3c2 (diff) | |
download | netd-924726d89d84a9e98c5a52634fe7c1fc2fc92a6e.tar.gz |
Fix Dns64Configuration not using local name server
Dns64Configuration and clatd query NAT64 prefix at the same time when
network is up, but Dns64Configuration doesn't bypass TLS while clatd
does. This could cause 464xlat failure if we get the response from
Dns64Configuration prior to clatd, and the response is no answer, clatd
interface will not up even though we could have had the answer from
local name server.
Bug: 119992869
Test: checked Dns64Configuration queries bypass TLS
Change-Id: I372f850c6b985b6ae354322415ff4d4593e9c829
-rw-r--r-- | server/Dns64Configuration.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/server/Dns64Configuration.cpp b/server/Dns64Configuration.cpp index a02e2b00..850410db 100644 --- a/server/Dns64Configuration.cpp +++ b/server/Dns64Configuration.cpp @@ -69,6 +69,9 @@ void Dns64Configuration::startPrefixDiscovery(unsigned netId) { android_net_context netcontext{}; mNetCtrl.getNetworkContext(evalCfg.netId, 0, &netcontext); + // Prefix discovery must bypass private DNS because in strict mode + // the server generally won't know the NAT64 prefix. + netcontext.flags |= NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; if (doRfc7050PrefixDiscovery(netcontext, &evalCfg)) { this->recordDns64Config(evalCfg); break; @@ -137,9 +140,7 @@ bool Dns64Configuration::doRfc7050PrefixDiscovery(const android_net_context& net // TODO: Refactor so that netd can get all the regular getaddrinfo handling // that regular apps get. We bypass the UNIX socket connection back to // ourselves, which means we also bypass all the special netcontext flag - // handling and the resolver event logging. Note that we because we bypass - // this special handling we also implicitly bypass DNS-over-TLS, which we - // need to do here anyway. + // handling and the resolver event logging. struct addrinfo* res = nullptr; const int status = android_getaddrinfofornetcontext(kIPv4OnlyHost, nullptr, &hints, &netcontext, &res); |