Program local and TLS servers, and allow TLS-bypass
This change comprises several parts:
[1] Define a wasExplicitlyConfigured() notion on a DnsTlsServer to
indicate whether the hostname or any fingerprints have been
explicitly set. A DnsTlsServer not wasExplicitlyConfigured()
implies opportunistic mode.
[2] The locally-assigned DNS servers get set in bionic, and the TLS
servers get set in ResolverController.
[3] ResolverController::getPrivateDnsMode returns the Private DNS mode
configured for a given netid.
[4] ResolverController::getValidatedTlsServers() returns a list of
validated DnsTlsServers for a given netid.
[5] The mode and a non-empty list together instruct the qhook in
DnsProxyListener to hand a query off to the DnsTlsDispatcher.
[6] The DnsTlsDispatcher iterates over the list of DnsTlsServers,
preferring servers for which connections already exist.
[7] Enable EDNS0 for DNS-over-TLS queries (set the appropriate flag
in the android_net_context.flags field).
[8] Introduce NETID_USE_LOCAL_NAMESERVERS flag for setting the high
bit of netids in order to pass this informatin across the
app<->netd boundary.
[9] Update setNetworkForResolv and getNetworkForResolv to handle the
NETID_USE_LOCAL_NAMESERVERS flag accordingly.
[10] DnsProxyListener translates the NETID_USE_LOCAL_NAMESERVERS bit
into the NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS flag.
Test: as follows
- built
- flashed
- booted
- ./system/netd/tests/runtests.sh passes
Bug: 34953048
Bug: 64133961
Bug: 72345192
Bug: 76103007
Change-Id: Ib564c6a23c44b36755418fd1557cd86ea54dae44
diff --git a/tests/dns_tls_test.cpp b/tests/dns_tls_test.cpp
index fdd7902..7820338 100644
--- a/tests/dns_tls_test.cpp
+++ b/tests/dns_tls_test.cpp
@@ -700,6 +700,9 @@
addr2->sin6_scope_id = 2;
checkUnequal(s1, s2);
EXPECT_FALSE(isAddressEqual(s1, s2));
+
+ EXPECT_FALSE(s1.wasExplicitlyConfigured());
+ EXPECT_FALSE(s2.wasExplicitlyConfigured());
}
TEST_F(ServerTest, IPv6FlowInfo) {
@@ -711,6 +714,9 @@
// All comparisons ignore flowinfo.
EXPECT_EQ(s1, s2);
EXPECT_TRUE(isAddressEqual(s1, s2));
+
+ EXPECT_FALSE(s1.wasExplicitlyConfigured());
+ EXPECT_FALSE(s2.wasExplicitlyConfigured());
}
TEST_F(ServerTest, Port) {
@@ -725,6 +731,9 @@
parseServer("2001:db8::1", 852, &s4.ss);
checkUnequal(s3, s4);
EXPECT_TRUE(isAddressEqual(s3, s4));
+
+ EXPECT_FALSE(s1.wasExplicitlyConfigured());
+ EXPECT_FALSE(s2.wasExplicitlyConfigured());
}
TEST_F(ServerTest, Name) {
@@ -734,6 +743,9 @@
s2.name = SERVERNAME2;
checkUnequal(s1, s2);
EXPECT_TRUE(isAddressEqual(s1, s2));
+
+ EXPECT_TRUE(s1.wasExplicitlyConfigured());
+ EXPECT_TRUE(s2.wasExplicitlyConfigured());
}
TEST_F(ServerTest, Fingerprint) {
@@ -754,6 +766,9 @@
s1.fingerprints.insert(FINGERPRINT2);
EXPECT_EQ(s1, s2);
EXPECT_TRUE(isAddressEqual(s1, s2));
+
+ EXPECT_TRUE(s1.wasExplicitlyConfigured());
+ EXPECT_TRUE(s2.wasExplicitlyConfigured());
}
TEST(QueryMapTest, Basic) {