Merge libnetddns into libnetd_resolv
libnetddns is the library for DNS-over-TLS and is statically
linked to netd. Deprecate it and move them to libnetd_resolv
as a more general DNS library for netd.
This change comprises:
[1] Clean up netd/server/dns/*. Move all DnsTls* files to
netd/resolv/ to parts of libnetd_resolv library.
[2] Export DnsTls* classes being visible for netd. It will only
be temporary for a while.
[3] Remove the libssl dependency in netd. The relevant stuff is
moved to libnetd_resolv.
Note that DnsTls* classes are still required for DnsProxyListener
and ResolverController to manipulate private DNS servers even after
this change.
Bug: 113628807
Test: as follows
- built, flashed, booted
- system/netd/tests/runtests.sh
- DNS-over-TLS in live network passed
Change-Id: Ieac5889b4ebe737f876b3dcbe1a8da2b2b1b629d
diff --git a/resolv/DnsTlsDispatcher.cpp b/resolv/DnsTlsDispatcher.cpp
new file mode 100644
index 0000000..9d5d3d5
--- /dev/null
+++ b/resolv/DnsTlsDispatcher.cpp
@@ -0,0 +1,180 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "DnsTlsDispatcher"
+//#define LOG_NDEBUG 0
+
+#include "netd_resolv/DnsTlsDispatcher.h"
+#include "netd_resolv/DnsTlsSocketFactory.h"
+
+#include "log/log.h"
+
+namespace android {
+namespace net {
+
+using netdutils::Slice;
+
+// static
+std::mutex DnsTlsDispatcher::sLock;
+
+DnsTlsDispatcher::DnsTlsDispatcher() {
+ mFactory.reset(new DnsTlsSocketFactory());
+}
+
+std::list<DnsTlsServer> DnsTlsDispatcher::getOrderedServerList(
+ const std::list<DnsTlsServer> &tlsServers, unsigned mark) const {
+ // Our preferred DnsTlsServer order is:
+ // 1) reuse existing IPv6 connections
+ // 2) reuse existing IPv4 connections
+ // 3) establish new IPv6 connections
+ // 4) establish new IPv4 connections
+ std::list<DnsTlsServer> existing6;
+ std::list<DnsTlsServer> existing4;
+ std::list<DnsTlsServer> new6;
+ std::list<DnsTlsServer> new4;
+
+ // Pull out any servers for which we might have existing connections and
+ // place them at the from the list of servers to try.
+ {
+ std::lock_guard guard(sLock);
+
+ for (const auto& tlsServer : tlsServers) {
+ const Key key = std::make_pair(mark, tlsServer);
+ if (mStore.find(key) != mStore.end()) {
+ switch (tlsServer.ss.ss_family) {
+ case AF_INET:
+ existing4.push_back(tlsServer);
+ break;
+ case AF_INET6:
+ existing6.push_back(tlsServer);
+ break;
+ }
+ } else {
+ switch (tlsServer.ss.ss_family) {
+ case AF_INET:
+ new4.push_back(tlsServer);
+ break;
+ case AF_INET6:
+ new6.push_back(tlsServer);
+ break;
+ }
+ }
+ }
+ }
+
+ auto& out = existing6;
+ out.splice(out.cend(), existing4);
+ out.splice(out.cend(), new6);
+ out.splice(out.cend(), new4);
+ return out;
+}
+
+DnsTlsTransport::Response DnsTlsDispatcher::query(
+ const std::list<DnsTlsServer> &tlsServers, unsigned mark,
+ const Slice query, const Slice ans, int *resplen) {
+ const std::list<DnsTlsServer> orderedServers(getOrderedServerList(tlsServers, mark));
+
+ if (orderedServers.empty()) ALOGW("Empty DnsTlsServer list");
+
+ DnsTlsTransport::Response code = DnsTlsTransport::Response::internal_error;
+ for (const auto& server : orderedServers) {
+ code = this->query(server, mark, query, ans, resplen);
+ switch (code) {
+ // These response codes are valid responses and not expected to
+ // change if another server is queried.
+ case DnsTlsTransport::Response::success:
+ case DnsTlsTransport::Response::limit_error:
+ return code;
+ break;
+ // These response codes might differ when trying other servers, so
+ // keep iterating to see if we can get a different (better) result.
+ case DnsTlsTransport::Response::network_error:
+ case DnsTlsTransport::Response::internal_error:
+ continue;
+ break;
+ // No "default" statement.
+ }
+ }
+
+ return code;
+}
+
+DnsTlsTransport::Response DnsTlsDispatcher::query(const DnsTlsServer& server, unsigned mark,
+ const Slice query,
+ const Slice ans, int *resplen) {
+ const Key key = std::make_pair(mark, server);
+ Transport* xport;
+ {
+ std::lock_guard guard(sLock);
+ auto it = mStore.find(key);
+ if (it == mStore.end()) {
+ xport = new Transport(server, mark, mFactory.get());
+ mStore[key].reset(xport);
+ } else {
+ xport = it->second.get();
+ }
+ ++xport->useCount;
+ }
+
+ ALOGV("Sending query of length %zu", query.size());
+ auto res = xport->transport.query(query);
+ ALOGV("Awaiting response");
+ const auto& result = res.get();
+ DnsTlsTransport::Response code = result.code;
+ if (code == DnsTlsTransport::Response::success) {
+ if (result.response.size() > ans.size()) {
+ ALOGV("Response too large: %zu > %zu", result.response.size(), ans.size());
+ code = DnsTlsTransport::Response::limit_error;
+ } else {
+ ALOGV("Got response successfully");
+ *resplen = result.response.size();
+ netdutils::copy(ans, netdutils::makeSlice(result.response));
+ }
+ } else {
+ ALOGV("Query failed: %u", (unsigned int) code);
+ }
+
+ auto now = std::chrono::steady_clock::now();
+ {
+ std::lock_guard guard(sLock);
+ --xport->useCount;
+ xport->lastUsed = now;
+ cleanup(now);
+ }
+ return code;
+}
+
+// This timeout effectively controls how long to keep SSL session tickets.
+static constexpr std::chrono::minutes IDLE_TIMEOUT(5);
+void DnsTlsDispatcher::cleanup(std::chrono::time_point<std::chrono::steady_clock> now) {
+ // To avoid scanning mStore after every query, return early if a cleanup has been
+ // performed recently.
+ if (now - mLastCleanup < IDLE_TIMEOUT) {
+ return;
+ }
+ for (auto it = mStore.begin(); it != mStore.end();) {
+ auto& s = it->second;
+ if (s->useCount == 0 && now - s->lastUsed > IDLE_TIMEOUT) {
+ it = mStore.erase(it);
+ } else {
+ ++it;
+ }
+ }
+ mLastCleanup = now;
+}
+
+} // end of namespace net
+} // end of namespace android