Receive all the resolver info from ConnectivityService
Note that as of this change we still only program bionic with one
set of servers (TLS if available, locally assigned otherwise). This
will be remedied in a future change.
Test: ./system/netd/tests/runtests.sh
Test: manual testing of opportunistic and strictm mode works
Bug: 34953048
Bug: 64133961
Bug: 72345192
Change-Id: I6a0ec6672ce88e61118b34ed03818bbf53158103
diff --git a/server/ResolverController.cpp b/server/ResolverController.cpp
index 24c996d..081eb2a 100644
--- a/server/ResolverController.cpp
+++ b/server/ResolverController.cpp
@@ -91,10 +91,10 @@
EventReporter eventReporter;
android::sp<android::net::metrics::INetdEventListener> netdEventListener;
-void checkPrivateDnsProvider(const DnsTlsServer& server,
+void validatePrivateDnsProvider(const DnsTlsServer& server,
PrivateDnsTracker& tracker, unsigned netId) REQUIRES(privateDnsLock) {
if (DBG) {
- ALOGD("checkPrivateDnsProvider(%s, %u)", addrToString(&(server.ss)).c_str(), netId);
+ ALOGD("validatePrivateDnsProvider(%s, %u)", addrToString(&(server.ss)).c_str(), netId);
}
tracker[server] = ResolverController::Validation::in_process;
@@ -213,7 +213,7 @@
// Don't probe a server more than once. This means that the only way to
// re-check a failed server is to remove it and re-add it from the netId.
if (tracker.count(server) == 0) {
- checkPrivateDnsProvider(server, tracker, netId);
+ validatePrivateDnsProvider(server, tracker, netId);
}
}
return 0;
@@ -374,7 +374,8 @@
int ResolverController::setResolverConfiguration(int32_t netId,
const std::vector<std::string>& servers, const std::vector<std::string>& domains,
- const std::vector<int32_t>& params, bool useTls, const std::string& tlsName,
+ const std::vector<int32_t>& params, const std::string& tlsName,
+ const std::vector<std::string>& tlsServers,
const std::set<std::vector<uint8_t>>& tlsFingerprints) {
using android::net::INetd;
if (params.size() != INetd::RESOLVER_PARAMS_COUNT) {
@@ -382,8 +383,8 @@
return -EINVAL;
}
- if (useTls) {
- int err = setPrivateDnsProviders(netId, servers, tlsName, tlsFingerprints);
+ if (!tlsServers.empty()) {
+ const int err = setPrivateDnsProviders(netId, tlsServers, tlsName, tlsFingerprints);
if (err != 0) {
return err;
}
@@ -391,11 +392,21 @@
clearPrivateDnsProviders(netId);
}
+ // TODO: separate out configuring TLS servers and locally-assigned servers.
+ // We should always program bionic with locally-assigned servers, so we can
+ // make TLS-bypass simple by not setting .qhook in the right circumstances.
+ // Relatedly, shunting queries to DNS-over-TLS should not be based on
+ // matching resolver IPs in the qhook but rather purely a function of the
+ // current state of DNS-over-TLS as known only within the dispatcher.
+ const std::vector<std::string>& nameservers = (!tlsServers.empty())
+ ? tlsServers // Strict mode or Opportunistic
+ : servers; // off
+
// Convert server list to bionic's format.
- auto server_count = std::min<size_t>(MAXNS, servers.size());
+ auto server_count = std::min<size_t>(MAXNS, nameservers.size());
std::vector<const char*> server_ptrs;
for (size_t i = 0 ; i < server_count ; ++i) {
- server_ptrs.push_back(servers[i].c_str());
+ server_ptrs.push_back(nameservers[i].c_str());
}
std::string domains_str;