Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 835f0dfce9c039e01e85ba8bde5f65df47a53aa8 / . / tests / resolver_test.cpp
blob: 5196bba0d7b45288e9873fa07d84d88a111bbf3f [file] [log] [blame]
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless requied by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
Bernie Innocentic165ce82018-10-16 23:35:28 +0900[diff] [blame]18#define LOG_TAG "netd_test"
19
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]20#include <arpa/inet.h>
21#include <netdb.h>
22#include <stdarg.h>
23#include <stdio.h>
24#include <stdlib.h>
25#include <unistd.h>
26
27#include <algorithm>
28#include <chrono>
29#include <iterator>
30#include <numeric>
31#include <thread>
32
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]33#include <android-base/stringprintf.h>
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]34#include <cutils/sockets.h>
Bernie Innocentic165ce82018-10-16 23:35:28 +0900[diff] [blame]35#include <gtest/gtest.h>
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]36#include <openssl/base64.h>
Bernie Innocentic165ce82018-10-16 23:35:28 +0900[diff] [blame]37#include <private/android_filesystem_config.h>
38#include <utils/Log.h>
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]39
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]40#include "NetdClient.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]41#include "netid_client.h" // NETID_UNSET
Bernie Innocentic165ce82018-10-16 23:35:28 +0900[diff] [blame]42#include "netd_resolv/params.h" // MAX_NS
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]43
44#include "dns_responder.h"
45#include "dns_responder_client.h"
46#include "dns_tls_frontend.h"
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]47
48#include "NetdConstants.h"
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]49#include "ResolverStats.h"
50
51#include "android/net/INetd.h"
52#include "android/net/metrics/INetdEventListener.h"
53#include "binder/IServiceManager.h"
54#include "netdutils/SocketOption.h"
55
Bernie Innocentic165ce82018-10-16 23:35:28 +0900[diff] [blame]56// TODO: make this dynamic and stop depending on implementation details.
57#define TEST_NETID 30
58
59// Semi-public Bionic hook used by the NDK (frameworks/base/native/android/net.c)
60// Tested here for convenience.
61extern "C" int android_getaddrinfofornet(const char* hostname, const char* servname,
62 const addrinfo* hints, unsigned netid, unsigned mark,
63 struct addrinfo** result);
64
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]65using android::base::StringPrintf;
66using android::net::ResolverStats;
67using android::net::metrics::INetdEventListener;
68using android::netdutils::enableSockopt;
69
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]70// TODO: move into libnetdutils?
71namespace {
72ScopedAddrinfo safe_getaddrinfo(const char* node, const char* service,
73 const struct addrinfo* hints) {
74 addrinfo* result = nullptr;
75 if (getaddrinfo(node, service, hints, &result) != 0) {
76 result = nullptr; // Should already be the case, but...
77 }
78 return ScopedAddrinfo(result);
79}
80} // namespace
81
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]82// Emulates the behavior of UnorderedElementsAreArray, which currently cannot be used.
83// TODO: Use UnorderedElementsAreArray, which depends on being able to compile libgmock_host,
84// if that is not possible, improve this hacky algorithm, which is O(n**2)
85template <class A, class B>
86bool UnorderedCompareArray(const A& a, const B& b) {
87 if (a.size() != b.size()) return false;
88 for (const auto& a_elem : a) {
89 size_t a_count = 0;
90 for (const auto& a_elem2 : a) {
91 if (a_elem == a_elem2) {
92 ++a_count;
93 }
94 }
95 size_t b_count = 0;
96 for (const auto& b_elem : b) {
97 if (a_elem == b_elem) ++b_count;
98 }
99 if (a_count != b_count) return false;
100 }
101 return true;
102}
103
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]104class ResolverTest : public ::testing::Test, public DnsResponderClient {
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]105 protected:
106 void SetUp() {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]107 // Ensure resolutions go via proxy.
108 DnsResponderClient::SetUp();
109
110 // If DNS reporting is off: turn it on so we run through everything.
111 auto rv = mNetdSrv->getMetricsReportingLevel(&mOriginalMetricsLevel);
112 ASSERT_TRUE(rv.isOk());
113 if (mOriginalMetricsLevel != INetdEventListener::REPORTING_LEVEL_FULL) {
114 rv = mNetdSrv->setMetricsReportingLevel(INetdEventListener::REPORTING_LEVEL_FULL);
115 ASSERT_TRUE(rv.isOk());
116 }
117 }
118
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]119 void TearDown() {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]120 if (mOriginalMetricsLevel != INetdEventListener::REPORTING_LEVEL_FULL) {
121 auto rv = mNetdSrv->setMetricsReportingLevel(mOriginalMetricsLevel);
122 ASSERT_TRUE(rv.isOk());
123 }
124
125 DnsResponderClient::TearDown();
126 }
127
128 bool GetResolverInfo(std::vector<std::string>* servers, std::vector<std::string>* domains,
129 __res_params* params, std::vector<ResolverStats>* stats) {
130 using android::net::INetd;
131 std::vector<int32_t> params32;
132 std::vector<int32_t> stats32;
133 auto rv = mNetdSrv->getResolverInfo(TEST_NETID, servers, domains, &params32, &stats32);
134 if (!rv.isOk() || params32.size() != INetd::RESOLVER_PARAMS_COUNT) {
135 return false;
136 }
137 *params = __res_params {
138 .sample_validity = static_cast<uint16_t>(
139 params32[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY]),
140 .success_threshold = static_cast<uint8_t>(
141 params32[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD]),
142 .min_samples = static_cast<uint8_t>(
143 params32[INetd::RESOLVER_PARAMS_MIN_SAMPLES]),
144 .max_samples = static_cast<uint8_t>(
145 params32[INetd::RESOLVER_PARAMS_MAX_SAMPLES]),
146 .base_timeout_msec = params32[INetd::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
147 };
148 return ResolverStats::decodeAll(stats32, stats);
149 }
150
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]151 static std::string ToString(const hostent* he) {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]152 if (he == nullptr) return "<null>";
153 char buffer[INET6_ADDRSTRLEN];
154 if (!inet_ntop(he->h_addrtype, he->h_addr_list[0], buffer, sizeof(buffer))) {
155 return "<invalid>";
156 }
157 return buffer;
158 }
159
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]160 static std::string ToString(const addrinfo* ai) {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]161 if (!ai)
162 return "<null>";
163 for (const auto* aip = ai ; aip != nullptr ; aip = aip->ai_next) {
164 char host[NI_MAXHOST];
165 int rv = getnameinfo(aip->ai_addr, aip->ai_addrlen, host, sizeof(host), nullptr, 0,
166 NI_NUMERICHOST);
167 if (rv != 0)
168 return gai_strerror(rv);
169 return host;
170 }
171 return "<invalid>";
172 }
173
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]174 static std::string ToString(const ScopedAddrinfo& ai) { return ToString(ai.get()); }
175
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]176 size_t GetNumQueries(const test::DNSResponder& dns, const char* name) const {
177 auto queries = dns.queries();
178 size_t found = 0;
179 for (const auto& p : queries) {
180 if (p.first == name) {
181 ++found;
182 }
183 }
184 return found;
185 }
186
187 size_t GetNumQueriesForType(const test::DNSResponder& dns, ns_type type,
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]188 const char* name) const {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]189 auto queries = dns.queries();
190 size_t found = 0;
191 for (const auto& p : queries) {
192 if (p.second == type && p.first == name) {
193 ++found;
194 }
195 }
196 return found;
197 }
198
199 void RunGetAddrInfoStressTest_Binder(unsigned num_hosts, unsigned num_threads,
200 unsigned num_queries) {
201 std::vector<std::string> domains = { "example.com" };
202 std::vector<std::unique_ptr<test::DNSResponder>> dns;
203 std::vector<std::string> servers;
204 std::vector<DnsResponderClient::Mapping> mappings;
205 ASSERT_NO_FATAL_FAILURE(SetupMappings(num_hosts, domains, &mappings));
206 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(MAXNS, mappings, &dns, &servers));
207
208 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
209
210 auto t0 = std::chrono::steady_clock::now();
211 std::vector<std::thread> threads(num_threads);
212 for (std::thread& thread : threads) {
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]213 thread = std::thread([&mappings, num_queries]() {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]214 for (unsigned i = 0 ; i < num_queries ; ++i) {
215 uint32_t ofs = arc4random_uniform(mappings.size());
216 auto& mapping = mappings[ofs];
217 addrinfo* result = nullptr;
218 int rv = getaddrinfo(mapping.host.c_str(), nullptr, nullptr, &result);
219 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
220 if (rv == 0) {
221 std::string result_str = ToString(result);
222 EXPECT_TRUE(result_str == mapping.ip4 || result_str == mapping.ip6)
223 << "result='" << result_str << "', ip4='" << mapping.ip4
224 << "', ip6='" << mapping.ip6;
225 }
226 if (result) {
227 freeaddrinfo(result);
228 result = nullptr;
229 }
230 }
231 });
232 }
233
234 for (std::thread& thread : threads) {
235 thread.join();
236 }
237 auto t1 = std::chrono::steady_clock::now();
238 ALOGI("%u hosts, %u threads, %u queries, %Es", num_hosts, num_threads, num_queries,
239 std::chrono::duration<double>(t1 - t0).count());
240 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
241 }
242
243 const std::vector<std::string> mDefaultSearchDomains = { "example.com" };
244 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
245 const std::vector<int> mDefaultParams_Binder = {
246 300, // SAMPLE_VALIDITY
247 25, // SUCCESS_THRESHOLD
248 8, 8, // {MIN,MAX}_SAMPLES
249 100, // BASE_TIMEOUT_MSEC
250 };
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]251
252 private:
253 int mOriginalMetricsLevel;
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]254};
255
256TEST_F(ResolverTest, GetHostByName) {
257 const char* listen_addr = "127.0.0.3";
258 const char* listen_srv = "53";
259 const char* host_name = "hello.example.com.";
260 const char *nonexistent_host_name = "nonexistent.example.com.";
261 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
262 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
263 ASSERT_TRUE(dns.startServer());
264 std::vector<std::string> servers = { listen_addr };
265 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
266
267 const hostent* result;
268
269 dns.clearQueries();
270 result = gethostbyname("nonexistent");
271 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
272 ASSERT_TRUE(result == nullptr);
273 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
274
275 dns.clearQueries();
276 result = gethostbyname("hello");
277 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
278 ASSERT_FALSE(result == nullptr);
279 ASSERT_EQ(4, result->h_length);
280 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
281 EXPECT_EQ("1.2.3.3", ToString(result));
282 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
283
284 dns.stopServer();
285}
286
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]287TEST_F(ResolverTest, GetHostByName_localhost) {
288 constexpr char name[] = "localhost";
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]289 constexpr char name_camelcase[] = "LocalHost";
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]290 constexpr char addr[] = "127.0.0.1";
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]291 constexpr char name_ip6[] = "ip6-localhost";
292 constexpr char addr_ip6[] = "::1";
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]293 constexpr char name_ip6_dot[] = "ip6-localhost.";
294 constexpr char name_ip6_fqdn[] = "ip6-localhost.example.com.";
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]295
Bernie Innocenti974233e2018-09-04 20:35:34 +0900[diff] [blame]296 // Add a dummy nameserver which shouldn't receive any queries
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]297 constexpr char listen_addr[] = "127.0.0.3";
298 constexpr char listen_srv[] = "53";
299 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
300 ASSERT_TRUE(dns.startServer());
301 std::vector<std::string> servers = {listen_addr};
302 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]303 dns.clearQueries();
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]304
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]305 // Expect no DNS queries; localhost is resolved via /etc/hosts
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]306 const hostent* result = gethostbyname(name);
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]307 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]308 ASSERT_FALSE(result == nullptr);
309 ASSERT_EQ(4, result->h_length);
310 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
311 EXPECT_EQ(addr, ToString(result));
312 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
313
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]314 // Ensure the hosts file resolver ignores case of hostnames
315 result = gethostbyname(name_camelcase);
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]316 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]317 ASSERT_FALSE(result == nullptr);
318 ASSERT_EQ(4, result->h_length);
319 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
320 EXPECT_EQ(addr, ToString(result));
321 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
322
323 // The hosts file also contains ip6-localhost, but gethostbyname() won't
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]324 // return it unless the RES_USE_INET6 option is set. This would be easy to
325 // change, but there's no point in changing the legacy behavior; new code
326 // should be calling getaddrinfo() anyway.
327 // So we check the legacy behavior, which results in amusing A-record
328 // lookups for ip6-localhost, with and without search domains appended.
329 dns.clearQueries();
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]330 result = gethostbyname(name_ip6);
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]331 EXPECT_EQ(2, dns.queries().size()) << dns.dumpQueries();
332 EXPECT_EQ(1, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_dot)) << dns.dumpQueries();
333 EXPECT_EQ(1, GetNumQueriesForType(dns, ns_type::ns_t_a, name_ip6_fqdn)) << dns.dumpQueries();
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]334 ASSERT_TRUE(result == nullptr);
335
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]336 // Finally, use gethostbyname2() to resolve ip6-localhost to ::1 from
337 // the hosts file.
338 dns.clearQueries();
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]339 result = gethostbyname2(name_ip6, AF_INET6);
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]340 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
Bernie Innocenti6118bf82018-09-14 15:21:19 +0900[diff] [blame]341 ASSERT_FALSE(result == nullptr);
342 ASSERT_EQ(16, result->h_length);
343 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
344 EXPECT_EQ(addr_ip6, ToString(result));
345 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
346
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]347 dns.stopServer();
348}
349
Bernie Innocentic1545232018-10-04 17:12:24 +0900[diff] [blame]350TEST_F(ResolverTest, GetHostByName_numeric) {
351 // Add a dummy nameserver which shouldn't receive any queries
352 constexpr char listen_addr[] = "127.0.0.3";
353 constexpr char listen_srv[] = "53";
354 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
355 ASSERT_TRUE(dns.startServer());
356 ASSERT_TRUE(
357 SetResolversForNetwork({listen_addr}, mDefaultSearchDomains, mDefaultParams_Binder));
358
359 // Numeric v4 address: expect no DNS queries
360 constexpr char numeric_v4[] = "192.168.0.1";
361 dns.clearQueries();
362 const hostent* result = gethostbyname(numeric_v4);
363 EXPECT_EQ(0, dns.queries().size());
364 ASSERT_FALSE(result == nullptr);
365 ASSERT_EQ(4, result->h_length); // v4
366 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
367 EXPECT_EQ(numeric_v4, ToString(result));
368 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
369
370 // gethostbyname() recognizes a v6 address, and fails with no DNS queries
371 constexpr char numeric_v6[] = "2001:db8::42";
372 dns.clearQueries();
373 result = gethostbyname(numeric_v6);
374 EXPECT_EQ(0, dns.queries().size());
375 EXPECT_TRUE(result == nullptr);
376
377 // Numeric v6 address with gethostbyname2(): succeeds with no DNS queries
378 dns.clearQueries();
379 result = gethostbyname2(numeric_v6, AF_INET6);
380 EXPECT_EQ(0, dns.queries().size());
381 ASSERT_FALSE(result == nullptr);
382 ASSERT_EQ(16, result->h_length); // v6
383 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
384 EXPECT_EQ(numeric_v6, ToString(result));
385 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
386
387 // Numeric v6 address with scope work with getaddrinfo(),
388 // but gethostbyname2() does not understand them; it issues two dns
389 // queries, then fails. This hardly ever happens, there's no point
390 // in fixing this. This test simply verifies the current (bogus)
391 // behavior to avoid further regressions (like crashes, or leaks).
392 constexpr char numeric_v6_scope[] = "fe80::1%lo";
393 dns.clearQueries();
394 result = gethostbyname2(numeric_v6_scope, AF_INET6);
395 EXPECT_EQ(2, dns.queries().size()); // OUCH!
396 ASSERT_TRUE(result == nullptr);
397
398 dns.stopServer();
399}
400
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]401TEST_F(ResolverTest, BinderSerialization) {
402 using android::net::INetd;
403 std::vector<int> params_offsets = {
404 INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY,
405 INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD,
406 INetd::RESOLVER_PARAMS_MIN_SAMPLES,
407 INetd::RESOLVER_PARAMS_MAX_SAMPLES,
408 INetd::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC,
409 };
410 int size = static_cast<int>(params_offsets.size());
411 EXPECT_EQ(size, INetd::RESOLVER_PARAMS_COUNT);
412 std::sort(params_offsets.begin(), params_offsets.end());
413 for (int i = 0 ; i < size ; ++i) {
414 EXPECT_EQ(params_offsets[i], i);
415 }
416}
417
418TEST_F(ResolverTest, GetHostByName_Binder) {
419 using android::net::INetd;
420
421 std::vector<std::string> domains = { "example.com" };
422 std::vector<std::unique_ptr<test::DNSResponder>> dns;
423 std::vector<std::string> servers;
424 std::vector<Mapping> mappings;
425 ASSERT_NO_FATAL_FAILURE(SetupMappings(1, domains, &mappings));
426 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(4, mappings, &dns, &servers));
427 ASSERT_EQ(1U, mappings.size());
428 const Mapping& mapping = mappings[0];
429
430 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
431
432 const hostent* result = gethostbyname(mapping.host.c_str());
433 size_t total_queries = std::accumulate(dns.begin(), dns.end(), 0,
434 [this, &mapping](size_t total, auto& d) {
435 return total + GetNumQueriesForType(*d, ns_type::ns_t_a, mapping.entry.c_str());
436 });
437
438 EXPECT_LE(1U, total_queries);
439 ASSERT_FALSE(result == nullptr);
440 ASSERT_EQ(4, result->h_length);
441 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
442 EXPECT_EQ(mapping.ip4, ToString(result));
443 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
444
445 std::vector<std::string> res_servers;
446 std::vector<std::string> res_domains;
447 __res_params res_params;
448 std::vector<ResolverStats> res_stats;
449 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
450 EXPECT_EQ(servers.size(), res_servers.size());
451 EXPECT_EQ(domains.size(), res_domains.size());
452 ASSERT_EQ(INetd::RESOLVER_PARAMS_COUNT, mDefaultParams_Binder.size());
453 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY],
454 res_params.sample_validity);
455 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
456 res_params.success_threshold);
457 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
458 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
459 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
460 res_params.base_timeout_msec);
461 EXPECT_EQ(servers.size(), res_stats.size());
462
463 EXPECT_TRUE(UnorderedCompareArray(res_servers, servers));
464 EXPECT_TRUE(UnorderedCompareArray(res_domains, domains));
465
466 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
467}
468
469TEST_F(ResolverTest, GetAddrInfo) {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]470 const char* listen_addr = "127.0.0.4";
471 const char* listen_addr2 = "127.0.0.5";
472 const char* listen_srv = "53";
473 const char* host_name = "howdy.example.com.";
474 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
475 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
476 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
477 ASSERT_TRUE(dns.startServer());
478
479 test::DNSResponder dns2(listen_addr2, listen_srv, 250, ns_rcode::ns_r_servfail);
480 dns2.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
481 dns2.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
482 ASSERT_TRUE(dns2.startServer());
483
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]484 std::vector<std::string> servers = { listen_addr };
485 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
486 dns.clearQueries();
487 dns2.clearQueries();
488
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]489 ScopedAddrinfo result = safe_getaddrinfo("howdy", nullptr, nullptr);
490 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]491 size_t found = GetNumQueries(dns, host_name);
492 EXPECT_LE(1U, found);
493 // Could be A or AAAA
494 std::string result_str = ToString(result);
495 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
496 << ", result_str='" << result_str << "'";
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]497
498 // Verify that the name is cached.
499 size_t old_found = found;
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]500 result = safe_getaddrinfo("howdy", nullptr, nullptr);
501 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]502 found = GetNumQueries(dns, host_name);
503 EXPECT_LE(1U, found);
504 EXPECT_EQ(old_found, found);
505 result_str = ToString(result);
506 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
507 << result_str;
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]508
509 // Change the DNS resolver, ensure that queries are still cached.
510 servers = { listen_addr2 };
511 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
512 dns.clearQueries();
513 dns2.clearQueries();
514
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]515 result = safe_getaddrinfo("howdy", nullptr, nullptr);
516 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]517 found = GetNumQueries(dns, host_name);
518 size_t found2 = GetNumQueries(dns2, host_name);
519 EXPECT_EQ(0U, found);
520 EXPECT_LE(0U, found2);
521
522 // Could be A or AAAA
523 result_str = ToString(result);
524 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
525 << ", result_str='" << result_str << "'";
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]526
527 dns.stopServer();
528 dns2.stopServer();
529}
530
531TEST_F(ResolverTest, GetAddrInfoV4) {
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]532 constexpr char listen_addr[] = "127.0.0.5";
533 constexpr char listen_srv[] = "53";
534 constexpr char host_name[] = "hola.example.com.";
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]535 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
536 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.5");
537 ASSERT_TRUE(dns.startServer());
538 std::vector<std::string> servers = { listen_addr };
539 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
540
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]541 addrinfo hints = {.ai_family = AF_INET};
542 ScopedAddrinfo result = safe_getaddrinfo("hola", nullptr, &hints);
543 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]544 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
545 EXPECT_EQ("1.2.3.5", ToString(result));
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]546}
547
548TEST_F(ResolverTest, GetAddrInfo_localhost) {
549 constexpr char name[] = "localhost";
550 constexpr char addr[] = "127.0.0.1";
551 constexpr char name_ip6[] = "ip6-localhost";
552 constexpr char addr_ip6[] = "::1";
553
Bernie Innocenti974233e2018-09-04 20:35:34 +0900[diff] [blame]554 // Add a dummy nameserver which shouldn't receive any queries
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]555 constexpr char listen_addr[] = "127.0.0.5";
556 constexpr char listen_srv[] = "53";
557 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
558 ASSERT_TRUE(dns.startServer());
559 std::vector<std::string> servers = {listen_addr};
560 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
561
562 ScopedAddrinfo result = safe_getaddrinfo(name, nullptr, nullptr);
563 EXPECT_TRUE(result != nullptr);
564 // Expect no DNS queries; localhost is resolved via /etc/hosts
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]565 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]566 EXPECT_EQ(addr, ToString(result));
567
568 result = safe_getaddrinfo(name_ip6, nullptr, nullptr);
569 EXPECT_TRUE(result != nullptr);
Bernie Innocenti0298c682018-10-02 23:18:11 +0900[diff] [blame]570 // Expect no DNS queries; ip6-localhost is resolved via /etc/hosts
571 EXPECT_TRUE(dns.queries().empty()) << dns.dumpQueries();
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]572 EXPECT_EQ(addr_ip6, ToString(result));
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]573}
574
575TEST_F(ResolverTest, GetHostByNameBrokenEdns) {
576 const char* listen_addr = "127.0.0.3";
577 const char* listen_srv = "53";
578 const char* host_name = "edns.example.com.";
579 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
580 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
581 dns.setFailOnEdns(true); // This is the only change from the basic test.
582 ASSERT_TRUE(dns.startServer());
583 std::vector<std::string> servers = { listen_addr };
584 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
585
586 const hostent* result;
587
588 dns.clearQueries();
589 result = gethostbyname("edns");
590 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
591 ASSERT_FALSE(result == nullptr);
592 ASSERT_EQ(4, result->h_length);
593 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
594 EXPECT_EQ("1.2.3.3", ToString(result));
595 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
596}
597
598TEST_F(ResolverTest, GetAddrInfoBrokenEdns) {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]599 const char* listen_addr = "127.0.0.5";
600 const char* listen_srv = "53";
601 const char* host_name = "edns2.example.com.";
602 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
603 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.5");
604 dns.setFailOnEdns(true); // This is the only change from the basic test.
605 ASSERT_TRUE(dns.startServer());
606 std::vector<std::string> servers = { listen_addr };
607 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
608
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]609 addrinfo hints = {.ai_family = AF_INET};
610 ScopedAddrinfo result = safe_getaddrinfo("edns2", nullptr, &hints);
611 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]612 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
613 EXPECT_EQ("1.2.3.5", ToString(result));
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]614}
615
616TEST_F(ResolverTest, MultidomainResolution) {
617 std::vector<std::string> searchDomains = { "example1.com", "example2.com", "example3.com" };
618 const char* listen_addr = "127.0.0.6";
619 const char* listen_srv = "53";
620 const char* host_name = "nihao.example2.com.";
621 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
622 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
623 ASSERT_TRUE(dns.startServer());
624 std::vector<std::string> servers = { listen_addr };
625 ASSERT_TRUE(SetResolversForNetwork(servers, searchDomains, mDefaultParams_Binder));
626
627 dns.clearQueries();
628 const hostent* result = gethostbyname("nihao");
629 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
630 ASSERT_FALSE(result == nullptr);
631 ASSERT_EQ(4, result->h_length);
632 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
633 EXPECT_EQ("1.2.3.3", ToString(result));
634 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
635 dns.stopServer();
636}
637
Bernie Innocenti974233e2018-09-04 20:35:34 +0900[diff] [blame]638TEST_F(ResolverTest, GetAddrInfoV6_numeric) {
639 constexpr char listen_addr0[] = "127.0.0.7";
640 constexpr char listen_srv[] = "53";
641 constexpr char host_name[] = "ohayou.example.com.";
642 constexpr char numeric_addr[] = "fe80::1%lo";
643
644 test::DNSResponder dns(listen_addr0, listen_srv, 250, ns_rcode::ns_r_servfail);
645 dns.setResponseProbability(0.0);
646 dns.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
647 ASSERT_TRUE(dns.startServer());
648 std::vector<std::string> servers = {listen_addr0};
649 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
650
651 addrinfo hints = {.ai_family = AF_INET6};
652 ScopedAddrinfo result = safe_getaddrinfo(numeric_addr, nullptr, &hints);
653 EXPECT_TRUE(result != nullptr);
654 EXPECT_EQ(numeric_addr, ToString(result));
655 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
656
657 // Now try a non-numeric hostname query with the AI_NUMERICHOST flag set.
658 // We should fail without sending out a DNS query.
659 hints.ai_flags |= AI_NUMERICHOST;
660 result = safe_getaddrinfo(host_name, nullptr, &hints);
661 EXPECT_TRUE(result == nullptr);
662 EXPECT_TRUE(dns.queries().empty()); // Ensure no DNS queries were sent out
663}
664
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]665TEST_F(ResolverTest, GetAddrInfoV6_failing) {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]666 const char* listen_addr0 = "127.0.0.7";
667 const char* listen_addr1 = "127.0.0.8";
668 const char* listen_srv = "53";
669 const char* host_name = "ohayou.example.com.";
670 test::DNSResponder dns0(listen_addr0, listen_srv, 250, ns_rcode::ns_r_servfail);
671 test::DNSResponder dns1(listen_addr1, listen_srv, 250, ns_rcode::ns_r_servfail);
672 dns0.setResponseProbability(0.0);
673 dns0.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
674 dns1.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::6");
675 ASSERT_TRUE(dns0.startServer());
676 ASSERT_TRUE(dns1.startServer());
677 std::vector<std::string> servers = { listen_addr0, listen_addr1 };
678 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
679 int sample_count = 8;
680 const std::vector<int> params = { 300, 25, sample_count, sample_count };
681 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, params));
682
683 // Repeatedly perform resolutions for non-existing domains until MAXNSSAMPLES resolutions have
684 // reached the dns0, which is set to fail. No more requests should then arrive at that server
685 // for the next sample_lifetime seconds.
686 // TODO: This approach is implementation-dependent, change once metrics reporting is available.
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]687 addrinfo hints = {.ai_family = AF_INET6};
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]688 for (int i = 0 ; i < sample_count ; ++i) {
689 std::string domain = StringPrintf("nonexistent%d", i);
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]690 ScopedAddrinfo result = safe_getaddrinfo(domain.c_str(), nullptr, &hints);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]691 }
692 // Due to 100% errors for all possible samples, the server should be ignored from now on and
693 // only the second one used for all following queries, until NSSAMPLE_VALIDITY is reached.
694 dns0.clearQueries();
695 dns1.clearQueries();
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]696 ScopedAddrinfo result = safe_getaddrinfo("ohayou", nullptr, &hints);
697 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]698 EXPECT_EQ(0U, GetNumQueries(dns0, host_name));
699 EXPECT_EQ(1U, GetNumQueries(dns1, host_name));
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]700}
701
702TEST_F(ResolverTest, GetAddrInfoV6_nonresponsive) {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]703 const char* listen_addr0 = "127.0.0.7";
704 const char* listen_addr1 = "127.0.0.8";
705 const char* listen_srv = "53";
706 const char* host_name1 = "ohayou.example.com.";
707 const char* host_name2 = "ciao.example.com.";
708
709 // dns0 does not respond with 100% probability, while
710 // dns1 responds normally, at least initially.
711 test::DNSResponder dns0(listen_addr0, listen_srv, 250, static_cast<ns_rcode>(-1));
712 test::DNSResponder dns1(listen_addr1, listen_srv, 250, static_cast<ns_rcode>(-1));
713 dns0.setResponseProbability(0.0);
714 dns0.addMapping(host_name1, ns_type::ns_t_aaaa, "2001:db8::5");
715 dns1.addMapping(host_name1, ns_type::ns_t_aaaa, "2001:db8::6");
716 dns0.addMapping(host_name2, ns_type::ns_t_aaaa, "2001:db8::5");
717 dns1.addMapping(host_name2, ns_type::ns_t_aaaa, "2001:db8::6");
718 ASSERT_TRUE(dns0.startServer());
719 ASSERT_TRUE(dns1.startServer());
720 std::vector<std::string> servers = {listen_addr0, listen_addr1};
721 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
722
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]723 const addrinfo hints = {.ai_family = AF_INET6};
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]724
725 // dns0 will ignore the request, and we'll fallback to dns1 after the first
726 // retry.
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]727 ScopedAddrinfo result = safe_getaddrinfo(host_name1, nullptr, &hints);
728 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]729 EXPECT_EQ(1U, GetNumQueries(dns0, host_name1));
730 EXPECT_EQ(1U, GetNumQueries(dns1, host_name1));
731
732 // Now make dns1 also ignore 100% requests... The resolve should alternate
733 // retries between the nameservers and fail after 4 attempts.
734 dns1.setResponseProbability(0.0);
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]735 addrinfo* result2 = nullptr;
736 EXPECT_EQ(EAI_NODATA, getaddrinfo(host_name2, nullptr, &hints, &result2));
737 EXPECT_EQ(nullptr, result2);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]738 EXPECT_EQ(4U, GetNumQueries(dns0, host_name2));
739 EXPECT_EQ(4U, GetNumQueries(dns1, host_name2));
740}
741
742TEST_F(ResolverTest, GetAddrInfoV6_concurrent) {
743 const char* listen_addr0 = "127.0.0.9";
744 const char* listen_addr1 = "127.0.0.10";
745 const char* listen_addr2 = "127.0.0.11";
746 const char* listen_srv = "53";
747 const char* host_name = "konbanha.example.com.";
748 test::DNSResponder dns0(listen_addr0, listen_srv, 250, ns_rcode::ns_r_servfail);
749 test::DNSResponder dns1(listen_addr1, listen_srv, 250, ns_rcode::ns_r_servfail);
750 test::DNSResponder dns2(listen_addr2, listen_srv, 250, ns_rcode::ns_r_servfail);
751 dns0.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
752 dns1.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::6");
753 dns2.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::7");
754 ASSERT_TRUE(dns0.startServer());
755 ASSERT_TRUE(dns1.startServer());
756 ASSERT_TRUE(dns2.startServer());
757 const std::vector<std::string> servers = { listen_addr0, listen_addr1, listen_addr2 };
758 std::vector<std::thread> threads(10);
759 for (std::thread& thread : threads) {
760 thread = std::thread([this, &servers]() {
761 unsigned delay = arc4random_uniform(1*1000*1000); // <= 1s
762 usleep(delay);
763 std::vector<std::string> serverSubset;
764 for (const auto& server : servers) {
765 if (arc4random_uniform(2)) {
766 serverSubset.push_back(server);
767 }
768 }
769 if (serverSubset.empty()) serverSubset = servers;
770 ASSERT_TRUE(SetResolversForNetwork(serverSubset, mDefaultSearchDomains,
771 mDefaultParams_Binder));
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]772 addrinfo hints = {.ai_family = AF_INET6};
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]773 addrinfo* result = nullptr;
774 int rv = getaddrinfo("konbanha", nullptr, &hints, &result);
775 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
776 if (result) {
777 freeaddrinfo(result);
778 result = nullptr;
779 }
780 });
781 }
782 for (std::thread& thread : threads) {
783 thread.join();
784 }
785}
786
787TEST_F(ResolverTest, GetAddrInfoStressTest_Binder_100) {
788 const unsigned num_hosts = 100;
789 const unsigned num_threads = 100;
790 const unsigned num_queries = 100;
791 ASSERT_NO_FATAL_FAILURE(RunGetAddrInfoStressTest_Binder(num_hosts, num_threads, num_queries));
792}
793
794TEST_F(ResolverTest, GetAddrInfoStressTest_Binder_100000) {
795 const unsigned num_hosts = 100000;
796 const unsigned num_threads = 100;
797 const unsigned num_queries = 100;
798 ASSERT_NO_FATAL_FAILURE(RunGetAddrInfoStressTest_Binder(num_hosts, num_threads, num_queries));
799}
800
801TEST_F(ResolverTest, EmptySetup) {
802 using android::net::INetd;
803 std::vector<std::string> servers;
804 std::vector<std::string> domains;
805 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
806 std::vector<std::string> res_servers;
807 std::vector<std::string> res_domains;
808 __res_params res_params;
809 std::vector<ResolverStats> res_stats;
810 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
811 EXPECT_EQ(0U, res_servers.size());
812 EXPECT_EQ(0U, res_domains.size());
813 ASSERT_EQ(INetd::RESOLVER_PARAMS_COUNT, mDefaultParams_Binder.size());
814 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY],
815 res_params.sample_validity);
816 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
817 res_params.success_threshold);
818 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
819 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
820 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
821 res_params.base_timeout_msec);
822}
823
824TEST_F(ResolverTest, SearchPathChange) {
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]825 const char* listen_addr = "127.0.0.13";
826 const char* listen_srv = "53";
827 const char* host_name1 = "test13.domain1.org.";
828 const char* host_name2 = "test13.domain2.org.";
829 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
830 dns.addMapping(host_name1, ns_type::ns_t_aaaa, "2001:db8::13");
831 dns.addMapping(host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13");
832 ASSERT_TRUE(dns.startServer());
833 std::vector<std::string> servers = { listen_addr };
834 std::vector<std::string> domains = { "domain1.org" };
835 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
836
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]837 const addrinfo hints = {.ai_family = AF_INET6};
838 ScopedAddrinfo result = safe_getaddrinfo("test13", nullptr, &hints);
839 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]840 EXPECT_EQ(1U, dns.queries().size());
841 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
842 EXPECT_EQ("2001:db8::13", ToString(result));
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]843
844 // Test that changing the domain search path on its own works.
845 domains = { "domain2.org" };
846 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
847 dns.clearQueries();
848
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]849 result = safe_getaddrinfo("test13", nullptr, &hints);
850 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]851 EXPECT_EQ(1U, dns.queries().size());
852 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
853 EXPECT_EQ("2001:db8::1:13", ToString(result));
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]854}
855
856TEST_F(ResolverTest, MaxServerPrune_Binder) {
857 using android::net::INetd;
858
859 std::vector<std::string> domains = { "example.com" };
860 std::vector<std::unique_ptr<test::DNSResponder>> dns;
861 std::vector<std::string> servers;
862 std::vector<Mapping> mappings;
863 ASSERT_NO_FATAL_FAILURE(SetupMappings(1, domains, &mappings));
864 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(MAXNS + 1, mappings, &dns, &servers));
865
866 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
867
868 std::vector<std::string> res_servers;
869 std::vector<std::string> res_domains;
870 __res_params res_params;
871 std::vector<ResolverStats> res_stats;
872 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
873 EXPECT_EQ(static_cast<size_t>(MAXNS), res_servers.size());
874
875 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
876}
877
878static std::string base64Encode(const std::vector<uint8_t>& input) {
879 size_t out_len;
880 EXPECT_EQ(1, EVP_EncodedLength(&out_len, input.size()));
881 // out_len includes the trailing NULL.
882 uint8_t output_bytes[out_len];
883 EXPECT_EQ(out_len - 1, EVP_EncodeBlock(output_bytes, input.data(), input.size()));
884 return std::string(reinterpret_cast<char*>(output_bytes));
885}
886
887// Test what happens if the specified TLS server is nonexistent.
888TEST_F(ResolverTest, GetHostByName_TlsMissing) {
889 const char* listen_addr = "127.0.0.3";
890 const char* listen_srv = "53";
891 const char* host_name = "tlsmissing.example.com.";
892 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
893 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
894 ASSERT_TRUE(dns.startServer());
895 std::vector<std::string> servers = { listen_addr };
896
897 // There's nothing listening on this address, so validation will either fail or
898 /// hang. Either way, queries will continue to flow to the DNSResponder.
899 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
900
901 const hostent* result;
902
903 result = gethostbyname("tlsmissing");
904 ASSERT_FALSE(result == nullptr);
905 EXPECT_EQ("1.2.3.3", ToString(result));
906
907 // Clear TLS bit.
908 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
909 dns.stopServer();
910}
911
912// Test what happens if the specified TLS server replies with garbage.
913TEST_F(ResolverTest, GetHostByName_TlsBroken) {
914 const char* listen_addr = "127.0.0.3";
915 const char* listen_srv = "53";
916 const char* host_name1 = "tlsbroken1.example.com.";
917 const char* host_name2 = "tlsbroken2.example.com.";
918 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail);
919 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
920 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
921 ASSERT_TRUE(dns.startServer());
922 std::vector<std::string> servers = { listen_addr };
923
924 // Bind the specified private DNS socket but don't respond to any client sockets yet.
925 int s = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
926 ASSERT_TRUE(s >= 0);
927 struct sockaddr_in tlsServer = {
928 .sin_family = AF_INET,
929 .sin_port = htons(853),
930 };
931 ASSERT_TRUE(inet_pton(AF_INET, listen_addr, &tlsServer.sin_addr));
Bernie Innocenti6f9fd902018-10-11 20:50:23 +0900[diff] [blame]932 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEPORT).ok());
933 ASSERT_TRUE(enableSockopt(s, SOL_SOCKET, SO_REUSEADDR).ok());
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]934 ASSERT_FALSE(bind(s, reinterpret_cast<struct sockaddr*>(&tlsServer), sizeof(tlsServer)));
935 ASSERT_FALSE(listen(s, 1));
936
937 // Trigger TLS validation.
938 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
939
940 struct sockaddr_storage cliaddr;
941 socklen_t sin_size = sizeof(cliaddr);
942 int new_fd = accept4(s, reinterpret_cast<struct sockaddr *>(&cliaddr), &sin_size, SOCK_CLOEXEC);
943 ASSERT_TRUE(new_fd > 0);
944
945 // We've received the new file descriptor but not written to it or closed, so the
946 // validation is still pending. Queries should still flow correctly because the
947 // server is not used until validation succeeds.
948 const hostent* result;
949 result = gethostbyname("tlsbroken1");
950 ASSERT_FALSE(result == nullptr);
951 EXPECT_EQ("1.2.3.1", ToString(result));
952
953 // Now we cause the validation to fail.
954 std::string garbage = "definitely not a valid TLS ServerHello";
955 write(new_fd, garbage.data(), garbage.size());
956 close(new_fd);
957
958 // Validation failure shouldn't interfere with lookups, because lookups won't be sent
959 // to the TLS server unless validation succeeds.
960 result = gethostbyname("tlsbroken2");
961 ASSERT_FALSE(result == nullptr);
962 EXPECT_EQ("1.2.3.2", ToString(result));
963
964 // Clear TLS bit.
965 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
966 dns.stopServer();
967 close(s);
968}
969
970TEST_F(ResolverTest, GetHostByName_Tls) {
971 const char* listen_addr = "127.0.0.3";
972 const char* listen_udp = "53";
973 const char* listen_tls = "853";
974 const char* host_name1 = "tls1.example.com.";
975 const char* host_name2 = "tls2.example.com.";
976 const char* host_name3 = "tls3.example.com.";
977 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail);
978 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
979 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
980 dns.addMapping(host_name3, ns_type::ns_t_a, "1.2.3.3");
981 ASSERT_TRUE(dns.startServer());
982 std::vector<std::string> servers = { listen_addr };
983
984 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
985 ASSERT_TRUE(tls.startServer());
986 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
987
988 const hostent* result;
989
990 // Wait for validation to complete.
991 EXPECT_TRUE(tls.waitForQueries(1, 5000));
992
993 result = gethostbyname("tls1");
994 ASSERT_FALSE(result == nullptr);
995 EXPECT_EQ("1.2.3.1", ToString(result));
996
997 // Wait for query to get counted.
998 EXPECT_TRUE(tls.waitForQueries(2, 5000));
999
1000 // Stop the TLS server. Since we're in opportunistic mode, queries will
1001 // fall back to the locally-assigned (clear text) nameservers.
1002 tls.stopServer();
1003
1004 dns.clearQueries();
1005 result = gethostbyname("tls2");
1006 EXPECT_FALSE(result == nullptr);
1007 EXPECT_EQ("1.2.3.2", ToString(result));
1008 const auto queries = dns.queries();
1009 EXPECT_EQ(1U, queries.size());
1010 EXPECT_EQ("tls2.example.com.", queries[0].first);
1011 EXPECT_EQ(ns_t_a, queries[0].second);
1012
1013 // Reset the resolvers without enabling TLS. Queries should still be routed
1014 // to the UDP endpoint.
1015 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
1016
1017 result = gethostbyname("tls3");
1018 ASSERT_FALSE(result == nullptr);
1019 EXPECT_EQ("1.2.3.3", ToString(result));
1020
1021 dns.stopServer();
1022}
1023
1024TEST_F(ResolverTest, GetHostByName_TlsFingerprint) {
1025 const char* listen_addr = "127.0.0.3";
1026 const char* listen_udp = "53";
1027 const char* listen_tls = "853";
1028 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail);
1029 ASSERT_TRUE(dns.startServer());
1030 for (int chain_length = 1; chain_length <= 3; ++chain_length) {
Bernie Innocentif2572392018-10-02 19:04:56 +0900[diff] [blame]1031 std::string host_name = StringPrintf("tlsfingerprint%d.example.com.", chain_length);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1032 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
1033 std::vector<std::string> servers = { listen_addr };
1034
1035 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1036 tls.set_chain_length(chain_length);
1037 ASSERT_TRUE(tls.startServer());
1038 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1039 { base64Encode(tls.fingerprint()) }));
1040
1041 const hostent* result;
1042
1043 // Wait for validation to complete.
1044 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1045
1046 result = gethostbyname(StringPrintf("tlsfingerprint%d", chain_length).c_str());
1047 EXPECT_FALSE(result == nullptr);
1048 if (result) {
1049 EXPECT_EQ("1.2.3.1", ToString(result));
1050
1051 // Wait for query to get counted.
1052 EXPECT_TRUE(tls.waitForQueries(2, 5000));
1053 }
1054
1055 // Clear TLS bit to ensure revalidation.
1056 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
1057 tls.stopServer();
1058 }
1059 dns.stopServer();
1060}
1061
1062TEST_F(ResolverTest, GetHostByName_BadTlsFingerprint) {
1063 const char* listen_addr = "127.0.0.3";
1064 const char* listen_udp = "53";
1065 const char* listen_tls = "853";
1066 const char* host_name = "badtlsfingerprint.example.com.";
1067 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail);
1068 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
1069 ASSERT_TRUE(dns.startServer());
1070 std::vector<std::string> servers = { listen_addr };
1071
1072 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1073 ASSERT_TRUE(tls.startServer());
1074 std::vector<uint8_t> bad_fingerprint = tls.fingerprint();
1075 bad_fingerprint[5] += 1; // Corrupt the fingerprint.
1076 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1077 { base64Encode(bad_fingerprint) }));
1078
1079 // The initial validation should fail at the fingerprint check before
1080 // issuing a query.
1081 EXPECT_FALSE(tls.waitForQueries(1, 500));
1082
1083 // A fingerprint was provided and failed to match, so the query should fail.
1084 EXPECT_EQ(nullptr, gethostbyname("badtlsfingerprint"));
1085
1086 // Clear TLS bit.
1087 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
1088 tls.stopServer();
1089 dns.stopServer();
1090}
1091
1092// Test that we can pass two different fingerprints, and connection succeeds as long as
1093// at least one of them matches the server.
1094TEST_F(ResolverTest, GetHostByName_TwoTlsFingerprints) {
1095 const char* listen_addr = "127.0.0.3";
1096 const char* listen_udp = "53";
1097 const char* listen_tls = "853";
1098 const char* host_name = "twotlsfingerprints.example.com.";
1099 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail);
1100 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
1101 ASSERT_TRUE(dns.startServer());
1102 std::vector<std::string> servers = { listen_addr };
1103
1104 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1105 ASSERT_TRUE(tls.startServer());
1106 std::vector<uint8_t> bad_fingerprint = tls.fingerprint();
1107 bad_fingerprint[5] += 1; // Corrupt the fingerprint.
1108 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1109 { base64Encode(bad_fingerprint), base64Encode(tls.fingerprint()) }));
1110
1111 const hostent* result;
1112
1113 // Wait for validation to complete.
1114 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1115
1116 result = gethostbyname("twotlsfingerprints");
1117 ASSERT_FALSE(result == nullptr);
1118 EXPECT_EQ("1.2.3.1", ToString(result));
1119
1120 // Wait for query to get counted.
1121 EXPECT_TRUE(tls.waitForQueries(2, 5000));
1122
1123 // Clear TLS bit.
1124 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
1125 tls.stopServer();
1126 dns.stopServer();
1127}
1128
1129TEST_F(ResolverTest, GetHostByName_TlsFingerprintGoesBad) {
1130 const char* listen_addr = "127.0.0.3";
1131 const char* listen_udp = "53";
1132 const char* listen_tls = "853";
1133 const char* host_name1 = "tlsfingerprintgoesbad1.example.com.";
1134 const char* host_name2 = "tlsfingerprintgoesbad2.example.com.";
1135 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail);
1136 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
1137 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
1138 ASSERT_TRUE(dns.startServer());
1139 std::vector<std::string> servers = { listen_addr };
1140
1141 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1142 ASSERT_TRUE(tls.startServer());
1143 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1144 { base64Encode(tls.fingerprint()) }));
1145
1146 const hostent* result;
1147
1148 // Wait for validation to complete.
1149 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1150
1151 result = gethostbyname("tlsfingerprintgoesbad1");
1152 ASSERT_FALSE(result == nullptr);
1153 EXPECT_EQ("1.2.3.1", ToString(result));
1154
1155 // Wait for query to get counted.
1156 EXPECT_TRUE(tls.waitForQueries(2, 5000));
1157
1158 // Restart the TLS server. This will generate a new certificate whose fingerprint
1159 // no longer matches the stored fingerprint.
1160 tls.stopServer();
1161 tls.startServer();
1162
1163 result = gethostbyname("tlsfingerprintgoesbad2");
1164 ASSERT_TRUE(result == nullptr);
1165 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
1166
1167 // Clear TLS bit.
1168 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
1169 tls.stopServer();
1170 dns.stopServer();
1171}
1172
1173TEST_F(ResolverTest, GetHostByName_TlsFailover) {
1174 const char* listen_addr1 = "127.0.0.3";
1175 const char* listen_addr2 = "127.0.0.4";
1176 const char* listen_udp = "53";
1177 const char* listen_tls = "853";
1178 const char* host_name1 = "tlsfailover1.example.com.";
1179 const char* host_name2 = "tlsfailover2.example.com.";
1180 test::DNSResponder dns1(listen_addr1, listen_udp, 250, ns_rcode::ns_r_servfail);
1181 test::DNSResponder dns2(listen_addr2, listen_udp, 250, ns_rcode::ns_r_servfail);
1182 dns1.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
1183 dns1.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
1184 dns2.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.3");
1185 dns2.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.4");
1186 ASSERT_TRUE(dns1.startServer());
1187 ASSERT_TRUE(dns2.startServer());
1188 std::vector<std::string> servers = { listen_addr1, listen_addr2 };
1189
1190 test::DnsTlsFrontend tls1(listen_addr1, listen_tls, listen_addr1, listen_udp);
1191 test::DnsTlsFrontend tls2(listen_addr2, listen_tls, listen_addr2, listen_udp);
1192 ASSERT_TRUE(tls1.startServer());
1193 ASSERT_TRUE(tls2.startServer());
1194 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1195 { base64Encode(tls1.fingerprint()), base64Encode(tls2.fingerprint()) }));
1196
1197 const hostent* result;
1198
1199 // Wait for validation to complete.
1200 EXPECT_TRUE(tls1.waitForQueries(1, 5000));
1201 EXPECT_TRUE(tls2.waitForQueries(1, 5000));
1202
1203 result = gethostbyname("tlsfailover1");
1204 ASSERT_FALSE(result == nullptr);
1205 EXPECT_EQ("1.2.3.1", ToString(result));
1206
1207 // Wait for query to get counted.
1208 EXPECT_TRUE(tls1.waitForQueries(2, 5000));
1209 // No new queries should have reached tls2.
1210 EXPECT_EQ(1, tls2.queries());
1211
1212 // Stop tls1. Subsequent queries should attempt to reach tls1, fail, and retry to tls2.
1213 tls1.stopServer();
1214
1215 result = gethostbyname("tlsfailover2");
1216 EXPECT_EQ("1.2.3.4", ToString(result));
1217
1218 // Wait for query to get counted.
1219 EXPECT_TRUE(tls2.waitForQueries(2, 5000));
1220
1221 // No additional queries should have reached the insecure servers.
1222 EXPECT_EQ(2U, dns1.queries().size());
1223 EXPECT_EQ(2U, dns2.queries().size());
1224
1225 // Clear TLS bit.
1226 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
1227 tls2.stopServer();
1228 dns1.stopServer();
1229 dns2.stopServer();
1230}
1231
1232TEST_F(ResolverTest, GetHostByName_BadTlsName) {
1233 const char* listen_addr = "127.0.0.3";
1234 const char* listen_udp = "53";
1235 const char* listen_tls = "853";
1236 const char* host_name = "badtlsname.example.com.";
1237 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail);
1238 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
1239 ASSERT_TRUE(dns.startServer());
1240 std::vector<std::string> servers = { listen_addr };
1241
1242 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1243 ASSERT_TRUE(tls.startServer());
1244 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder,
1245 "www.example.com", {}));
1246
1247 // The TLS server's certificate doesn't chain to a known CA, and a nonempty name was specified,
1248 // so the client should fail the TLS handshake before ever issuing a query.
1249 EXPECT_FALSE(tls.waitForQueries(1, 500));
1250
1251 // The query should fail hard, because a name was specified.
1252 EXPECT_EQ(nullptr, gethostbyname("badtlsname"));
1253
1254 // Clear TLS bit.
1255 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
1256 tls.stopServer();
1257 dns.stopServer();
1258}
1259
1260TEST_F(ResolverTest, GetAddrInfo_Tls) {
1261 const char* listen_addr = "127.0.0.3";
1262 const char* listen_udp = "53";
1263 const char* listen_tls = "853";
1264 const char* host_name = "addrinfotls.example.com.";
1265 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail);
1266 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
1267 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
1268 ASSERT_TRUE(dns.startServer());
1269 std::vector<std::string> servers = { listen_addr };
1270
1271 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1272 ASSERT_TRUE(tls.startServer());
1273 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1274 { base64Encode(tls.fingerprint()) }));
1275
1276 // Wait for validation to complete.
1277 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1278
1279 dns.clearQueries();
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]1280 ScopedAddrinfo result = safe_getaddrinfo("addrinfotls", nullptr, nullptr);
1281 EXPECT_TRUE(result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1282 size_t found = GetNumQueries(dns, host_name);
1283 EXPECT_LE(1U, found);
1284 // Could be A or AAAA
1285 std::string result_str = ToString(result);
1286 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
1287 << ", result_str='" << result_str << "'";
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1288 // Wait for both A and AAAA queries to get counted.
1289 EXPECT_TRUE(tls.waitForQueries(3, 5000));
1290
1291 // Clear TLS bit.
1292 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
1293 tls.stopServer();
1294 dns.stopServer();
1295}
1296
1297TEST_F(ResolverTest, TlsBypass) {
1298 const char OFF[] = "off";
1299 const char OPPORTUNISTIC[] = "opportunistic";
1300 const char STRICT[] = "strict";
1301
1302 const char GETHOSTBYNAME[] = "gethostbyname";
1303 const char GETADDRINFO[] = "getaddrinfo";
1304 const char GETADDRINFOFORNET[] = "getaddrinfofornet";
1305
1306 const unsigned BYPASS_NETID = NETID_USE_LOCAL_NAMESERVERS | TEST_NETID;
1307
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]1308 const std::vector<uint8_t> NOOP_FINGERPRINT(SHA256_SIZE, 0U);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1309
1310 const char ADDR4[] = "192.0.2.1";
1311 const char ADDR6[] = "2001:db8::1";
1312
1313 const char cleartext_addr[] = "127.0.0.53";
1314 const char cleartext_port[] = "53";
1315 const char tls_port[] = "853";
1316 const std::vector<std::string> servers = { cleartext_addr };
1317
1318 test::DNSResponder dns(cleartext_addr, cleartext_port, 250, ns_rcode::ns_r_servfail);
1319 ASSERT_TRUE(dns.startServer());
1320
1321 test::DnsTlsFrontend tls(cleartext_addr, tls_port, cleartext_addr, cleartext_port);
1322
1323 struct TestConfig {
1324 const std::string mode;
1325 const bool withWorkingTLS;
1326 const std::string method;
1327
1328 std::string asHostName() const {
1329 return StringPrintf("%s.%s.%s.",
1330 mode.c_str(),
1331 withWorkingTLS ? "tlsOn" : "tlsOff",
1332 method.c_str());
1333 }
1334 } testConfigs[]{
1335 {OFF, false, GETHOSTBYNAME},
1336 {OPPORTUNISTIC, false, GETHOSTBYNAME},
1337 {STRICT, false, GETHOSTBYNAME},
1338 {OFF, true, GETHOSTBYNAME},
1339 {OPPORTUNISTIC, true, GETHOSTBYNAME},
1340 {STRICT, true, GETHOSTBYNAME},
1341 {OFF, false, GETADDRINFO},
1342 {OPPORTUNISTIC, false, GETADDRINFO},
1343 {STRICT, false, GETADDRINFO},
1344 {OFF, true, GETADDRINFO},
1345 {OPPORTUNISTIC, true, GETADDRINFO},
1346 {STRICT, true, GETADDRINFO},
1347 {OFF, false, GETADDRINFOFORNET},
1348 {OPPORTUNISTIC, false, GETADDRINFOFORNET},
1349 {STRICT, false, GETADDRINFOFORNET},
1350 {OFF, true, GETADDRINFOFORNET},
1351 {OPPORTUNISTIC, true, GETADDRINFOFORNET},
1352 {STRICT, true, GETADDRINFOFORNET},
1353 };
1354
1355 for (const auto& config : testConfigs) {
1356 const std::string testHostName = config.asHostName();
1357 SCOPED_TRACE(testHostName);
1358
1359 // Don't tempt test bugs due to caching.
1360 const char* host_name = testHostName.c_str();
1361 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
1362 dns.addMapping(host_name, ns_type::ns_t_aaaa, ADDR6);
1363
1364 if (config.withWorkingTLS) ASSERT_TRUE(tls.startServer());
1365
1366 if (config.mode == OFF) {
1367 ASSERT_TRUE(SetResolversForNetwork(
1368 servers, mDefaultSearchDomains, mDefaultParams_Binder));
1369 } else if (config.mode == OPPORTUNISTIC) {
1370 ASSERT_TRUE(SetResolversWithTls(
1371 servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
1372 // Wait for validation to complete.
1373 if (config.withWorkingTLS) EXPECT_TRUE(tls.waitForQueries(1, 5000));
1374 } else if (config.mode == STRICT) {
1375 // We use the existence of fingerprints to trigger strict mode,
1376 // rather than hostname validation.
1377 const auto& fingerprint =
1378 (config.withWorkingTLS) ? tls.fingerprint() : NOOP_FINGERPRINT;
1379 ASSERT_TRUE(SetResolversWithTls(
1380 servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1381 { base64Encode(fingerprint) }));
1382 // Wait for validation to complete.
1383 if (config.withWorkingTLS) EXPECT_TRUE(tls.waitForQueries(1, 5000));
1384 } else {
1385 FAIL() << "Unsupported Private DNS mode: " << config.mode;
1386 }
1387
1388 const int tlsQueriesBefore = tls.queries();
1389
1390 const hostent* h_result = nullptr;
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]1391 ScopedAddrinfo ai_result;
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1392
1393 if (config.method == GETHOSTBYNAME) {
1394 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
1395 h_result = gethostbyname(host_name);
1396
1397 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
1398 ASSERT_FALSE(h_result == nullptr);
1399 ASSERT_EQ(4, h_result->h_length);
1400 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
1401 EXPECT_EQ(ADDR4, ToString(h_result));
1402 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
1403 } else if (config.method == GETADDRINFO) {
1404 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]1405 ai_result = safe_getaddrinfo(host_name, nullptr, nullptr);
1406 EXPECT_TRUE(ai_result != nullptr);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1407
1408 EXPECT_LE(1U, GetNumQueries(dns, host_name));
1409 // Could be A or AAAA
1410 const std::string result_str = ToString(ai_result);
1411 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
1412 << ", result_str='" << result_str << "'";
1413 } else if (config.method == GETADDRINFOFORNET) {
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]1414 addrinfo* raw_ai_result = nullptr;
Bernie Innocentic165ce82018-10-16 23:35:28 +0900[diff] [blame]1415 EXPECT_EQ(0, android_getaddrinfofornet(host_name, /*servname=*/nullptr,
1416 /*hints=*/nullptr, BYPASS_NETID, MARK_UNSET,
1417 &raw_ai_result));
Bernie Innocenti9bf749f2018-08-30 08:37:22 +0900[diff] [blame]1418 ai_result.reset(raw_ai_result);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1419
1420 EXPECT_LE(1U, GetNumQueries(dns, host_name));
1421 // Could be A or AAAA
1422 const std::string result_str = ToString(ai_result);
1423 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
1424 << ", result_str='" << result_str << "'";
1425 } else {
1426 FAIL() << "Unsupported query method: " << config.method;
1427 }
1428
1429 const int tlsQueriesAfter = tls.queries();
1430 EXPECT_EQ(0, tlsQueriesAfter - tlsQueriesBefore);
1431
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1432 // Clear per-process resolv netid.
1433 ASSERT_EQ(0, setNetworkForResolv(NETID_UNSET));
1434 tls.stopServer();
1435 dns.clearQueries();
1436 }
1437
1438 dns.stopServer();
1439}
1440
1441TEST_F(ResolverTest, StrictMode_NoTlsServers) {
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]1442 const std::vector<uint8_t> NOOP_FINGERPRINT(SHA256_SIZE, 0U);
Bernie Innocenti443489e2018-08-10 14:27:23 +0900[diff] [blame]1443 const char cleartext_addr[] = "127.0.0.53";
1444 const char cleartext_port[] = "53";
1445 const std::vector<std::string> servers = { cleartext_addr };
1446
1447 test::DNSResponder dns(cleartext_addr, cleartext_port, 250, ns_rcode::ns_r_servfail);
1448 const char* host_name = "strictmode.notlsips.example.com.";
1449 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
1450 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
1451 ASSERT_TRUE(dns.startServer());
1452
1453 ASSERT_TRUE(SetResolversWithTls(
1454 servers, mDefaultSearchDomains, mDefaultParams_Binder,
1455 {}, "", { base64Encode(NOOP_FINGERPRINT) }));
1456
1457 addrinfo* ai_result = nullptr;
1458 EXPECT_NE(0, getaddrinfo(host_name, nullptr, nullptr, &ai_result));
1459 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
1460}