Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / modules / DnsResolver / refs/tags/rel/11/fp3/8901.4.A.0019.1 / . / DnsTlsServer.h
blob: 8484b98aea0b9b84ecfd294d21e4fa6f79a1230e [file] [log] [blame]
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Ken Chen99c0b322019-11-20 14:24:09 +0800[diff] [blame]17#pragma once
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]18
Mike Yua772c202019-09-23 17:47:21 +0800[diff] [blame]19#include <chrono>
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]20#include <set>
21#include <string>
22#include <vector>
23
24#include <netinet/in.h>
25
Ken Chen99c0b322019-11-20 14:24:09 +0800[diff] [blame]26#include <params.h>
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]27
28namespace android {
29namespace net {
30
31// DnsTlsServer represents a recursive resolver that supports, or may support, a
32// secure protocol.
Mike Yub601ff72018-11-01 20:07:00 +0800[diff] [blame]33struct DnsTlsServer {
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]34 // Default constructor.
35 DnsTlsServer() {}
36
37 // Allow sockaddr_storage to be promoted to DnsTlsServer automatically.
38 DnsTlsServer(const sockaddr_storage& ss) : ss(ss) {}
39
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]40 // The server location, including IP and port.
41 sockaddr_storage ss = {};
42
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]43 // The server's hostname. If this string is nonempty, the server must present a
44 // certificate that indicates this name and has a valid chain to a trusted root CA.
45 std::string name;
46
waynema0e73c2e2019-07-31 15:04:08 +0800[diff] [blame]47 // The certificate of the CA that signed the server's certificate.
48 // It is used to store temporary test CA certificate for internal tests.
49 std::string certificate;
50
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]51 // Placeholder. More protocols might be defined in the future.
52 int protocol = IPPROTO_TCP;
53
Mike Yua772c202019-09-23 17:47:21 +0800[diff] [blame]54 // The time to wait for the attempt on connecting to the server.
55 // Set the default value 127 seconds to be consistent with TCP connect timeout.
56 // (presume net.ipv4.tcp_syn_retries = 6)
Mike Yu9c720102019-11-14 11:34:33 +0800[diff] [blame]57 static constexpr std::chrono::milliseconds kDotConnectTimeoutMs =
58 std::chrono::milliseconds(127 * 1000);
59 std::chrono::milliseconds connectTimeout = kDotConnectTimeoutMs;
Mike Yua772c202019-09-23 17:47:21 +0800[diff] [blame]60
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]61 // Exact comparison of DnsTlsServer objects
Bernie Innocentiec4219b2019-01-30 11:16:36 +0900[diff] [blame]62 bool operator<(const DnsTlsServer& other) const;
63 bool operator==(const DnsTlsServer& other) const;
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]64
65 bool wasExplicitlyConfigured() const;
66};
67
68// This comparison only checks the IP address. It ignores ports, names, and fingerprints.
Mike Yub601ff72018-11-01 20:07:00 +0800[diff] [blame]69struct AddressComparator {
Bernie Innocentiec4219b2019-01-30 11:16:36 +0900[diff] [blame]70 bool operator()(const DnsTlsServer& x, const DnsTlsServer& y) const;
Mike Yubab3daa2018-10-19 22:11:43 +0800[diff] [blame]71};
72
73} // namespace net
74} // namespace android