Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 99158866d46368d5c5c606387b47288dfcb65ff9 / . / tests / netd_test.cpp
blob: 8d77b99595c5e090f43f48217a92920917eb57fd [file] [log] [blame]
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless requied by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18#include <arpa/inet.h>
19#include <errno.h>
20#include <netdb.h>
21#include <stdarg.h>
22#include <stdio.h>
23#include <stdlib.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]24#include <unistd.h>
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]25
26#include <cutils/sockets.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]27#include <android-base/stringprintf.h>
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]28#include <private/android_filesystem_config.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]29
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]30#include <openssl/base64.h>
31
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]32#include <algorithm>
33#include <chrono>
34#include <iterator>
35#include <numeric>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]36#include <thread>
37
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]38#define LOG_TAG "netd_test"
39// TODO: make this dynamic and stop depending on implementation details.
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]40#define TEST_NETID 30
41
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]42#include "NetdClient.h"
43
44#include <gtest/gtest.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]45
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]46#include <utils/Log.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]47
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]48#include "dns_responder.h"
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]49#include "dns_responder_client.h"
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]50#include "dns_tls_frontend.h"
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]51#include "resolv_params.h"
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]52#include "ResolverStats.h"
53
54#include "android/net/INetd.h"
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]55#include "android/net/metrics/INetdEventListener.h"
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]56#include "binder/IServiceManager.h"
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]57
58using android::base::StringPrintf;
59using android::base::StringAppendF;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]60using android::net::ResolverStats;
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]61using android::net::metrics::INetdEventListener;
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]62
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]63// Emulates the behavior of UnorderedElementsAreArray, which currently cannot be used.
64// TODO: Use UnorderedElementsAreArray, which depends on being able to compile libgmock_host,
65// if that is not possible, improve this hacky algorithm, which is O(n**2)
66template <class A, class B>
67bool UnorderedCompareArray(const A& a, const B& b) {
68 if (a.size() != b.size()) return false;
69 for (const auto& a_elem : a) {
70 size_t a_count = 0;
71 for (const auto& a_elem2 : a) {
72 if (a_elem == a_elem2) {
73 ++a_count;
74 }
75 }
76 size_t b_count = 0;
77 for (const auto& b_elem : b) {
78 if (a_elem == b_elem) ++b_count;
79 }
80 if (a_count != b_count) return false;
81 }
82 return true;
83}
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]84
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]85class AddrInfo {
86 public:
87 AddrInfo() : ai_(nullptr), error_(0) {}
88
89 AddrInfo(const char* node, const char* service, const addrinfo& hints) : ai_(nullptr) {
90 init(node, service, hints);
91 }
92
93 AddrInfo(const char* node, const char* service) : ai_(nullptr) {
94 init(node, service);
95 }
96
97 ~AddrInfo() { clear(); }
98
99 int init(const char* node, const char* service, const addrinfo& hints) {
100 clear();
101 error_ = getaddrinfo(node, service, &hints, &ai_);
102 return error_;
103 }
104
105 int init(const char* node, const char* service) {
106 clear();
107 error_ = getaddrinfo(node, service, nullptr, &ai_);
108 return error_;
109 }
110
111 void clear() {
112 if (ai_ != nullptr) {
113 freeaddrinfo(ai_);
114 ai_ = nullptr;
115 error_ = 0;
116 }
117 }
118
119 const addrinfo& operator*() const { return *ai_; }
120 const addrinfo* get() const { return ai_; }
121 const addrinfo* operator&() const { return ai_; }
122 int error() const { return error_; }
123
124 private:
125 addrinfo* ai_;
126 int error_;
127};
128
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]129class ResolverTest : public ::testing::Test, public DnsResponderClient {
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]130private:
131 int mOriginalMetricsLevel;
132
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]133protected:
134 virtual void SetUp() {
135 // Ensure resolutions go via proxy.
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]136 DnsResponderClient::SetUp();
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]137
138 // If DNS reporting is off: turn it on so we run through everything.
139 auto rv = mNetdSrv->getMetricsReportingLevel(&mOriginalMetricsLevel);
140 ASSERT_TRUE(rv.isOk());
141 if (mOriginalMetricsLevel != INetdEventListener::REPORTING_LEVEL_FULL) {
142 rv = mNetdSrv->setMetricsReportingLevel(INetdEventListener::REPORTING_LEVEL_FULL);
143 ASSERT_TRUE(rv.isOk());
144 }
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]145 }
146
147 virtual void TearDown() {
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]148 if (mOriginalMetricsLevel != INetdEventListener::REPORTING_LEVEL_FULL) {
149 auto rv = mNetdSrv->setMetricsReportingLevel(mOriginalMetricsLevel);
150 ASSERT_TRUE(rv.isOk());
151 }
152
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]153 DnsResponderClient::TearDown();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]154 }
155
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]156 bool GetResolverInfo(std::vector<std::string>* servers, std::vector<std::string>* domains,
157 __res_params* params, std::vector<ResolverStats>* stats) {
158 using android::net::INetd;
159 std::vector<int32_t> params32;
160 std::vector<int32_t> stats32;
161 auto rv = mNetdSrv->getResolverInfo(TEST_NETID, servers, domains, &params32, &stats32);
162 if (!rv.isOk() || params32.size() != INetd::RESOLVER_PARAMS_COUNT) {
163 return false;
164 }
165 *params = __res_params {
166 .sample_validity = static_cast<uint16_t>(
167 params32[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY]),
168 .success_threshold = static_cast<uint8_t>(
169 params32[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD]),
170 .min_samples = static_cast<uint8_t>(
171 params32[INetd::RESOLVER_PARAMS_MIN_SAMPLES]),
172 .max_samples = static_cast<uint8_t>(
173 params32[INetd::RESOLVER_PARAMS_MAX_SAMPLES])
174 };
175 return ResolverStats::decodeAll(stats32, stats);
176 }
177
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]178 std::string ToString(const hostent* he) const {
179 if (he == nullptr) return "<null>";
180 char buffer[INET6_ADDRSTRLEN];
181 if (!inet_ntop(he->h_addrtype, he->h_addr_list[0], buffer, sizeof(buffer))) {
182 return "<invalid>";
183 }
184 return buffer;
Pierre Imaiccf7b992016-02-25 16:34:29 +0900[diff] [blame]185 }
186
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]187 std::string ToString(const addrinfo* ai) const {
188 if (!ai)
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]189 return "<null>";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]190 for (const auto* aip = ai ; aip != nullptr ; aip = aip->ai_next) {
191 char host[NI_MAXHOST];
192 int rv = getnameinfo(aip->ai_addr, aip->ai_addrlen, host, sizeof(host), nullptr, 0,
193 NI_NUMERICHOST);
194 if (rv != 0)
195 return gai_strerror(rv);
196 return host;
197 }
198 return "<invalid>";
199 }
200
201 size_t GetNumQueries(const test::DNSResponder& dns, const char* name) const {
202 auto queries = dns.queries();
203 size_t found = 0;
204 for (const auto& p : queries) {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]205 if (p.first == name) {
206 ++found;
207 }
208 }
209 return found;
210 }
211
212 size_t GetNumQueriesForType(const test::DNSResponder& dns, ns_type type,
213 const char* name) const {
214 auto queries = dns.queries();
215 size_t found = 0;
216 for (const auto& p : queries) {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]217 if (p.second == type && p.first == name) {
218 ++found;
219 }
220 }
221 return found;
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]222 }
223
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]224 void RunGetAddrInfoStressTest_Binder(unsigned num_hosts, unsigned num_threads,
225 unsigned num_queries) {
226 std::vector<std::string> domains = { "example.com" };
227 std::vector<std::unique_ptr<test::DNSResponder>> dns;
228 std::vector<std::string> servers;
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]229 std::vector<DnsResponderClient::Mapping> mappings;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]230 ASSERT_NO_FATAL_FAILURE(SetupMappings(num_hosts, domains, &mappings));
231 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(MAXNS, mappings, &dns, &servers));
232
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]233 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]234
235 auto t0 = std::chrono::steady_clock::now();
236 std::vector<std::thread> threads(num_threads);
237 for (std::thread& thread : threads) {
Yi Kong1ad22582017-05-04 16:45:47 -0700[diff] [blame]238 thread = std::thread([this, &mappings, num_queries]() {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]239 for (unsigned i = 0 ; i < num_queries ; ++i) {
240 uint32_t ofs = arc4random_uniform(mappings.size());
Robin Leed67c77f2016-09-15 10:55:25 +0900[diff] [blame]241 auto& mapping = mappings[ofs];
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]242 addrinfo* result = nullptr;
243 int rv = getaddrinfo(mapping.host.c_str(), nullptr, nullptr, &result);
244 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
245 if (rv == 0) {
246 std::string result_str = ToString(result);
247 EXPECT_TRUE(result_str == mapping.ip4 || result_str == mapping.ip6)
248 << "result='" << result_str << "', ip4='" << mapping.ip4
249 << "', ip6='" << mapping.ip6;
250 }
251 if (result) {
252 freeaddrinfo(result);
253 result = nullptr;
254 }
255 }
256 });
257 }
258
259 for (std::thread& thread : threads) {
260 thread.join();
261 }
262 auto t1 = std::chrono::steady_clock::now();
263 ALOGI("%u hosts, %u threads, %u queries, %Es", num_hosts, num_threads, num_queries,
264 std::chrono::duration<double>(t1 - t0).count());
265 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
266 }
267
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]268 const std::vector<std::string> mDefaultSearchDomains = { "example.com" };
269 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
270 const std::string mDefaultParams = "300 25 8 8";
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]271 const std::vector<int> mDefaultParams_Binder = { 300, 25, 8, 8 };
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]272};
273
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]274TEST_F(ResolverTest, GetHostByName) {
275 const char* listen_addr = "127.0.0.3";
276 const char* listen_srv = "53";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]277 const char* host_name = "hello.example.com.";
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]278 const char *nonexistent_host_name = "nonexistent.example.com.";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]279 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
280 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
281 ASSERT_TRUE(dns.startServer());
282 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]283 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]284
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]285 const hostent* result;
286
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]287 dns.clearQueries();
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]288 result = gethostbyname("nonexistent");
289 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
290 ASSERT_TRUE(result == nullptr);
291 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
292
293 dns.clearQueries();
294 result = gethostbyname("hello");
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]295 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]296 ASSERT_FALSE(result == nullptr);
297 ASSERT_EQ(4, result->h_length);
298 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]299 EXPECT_EQ("1.2.3.3", ToString(result));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]300 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]301
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]302 dns.stopServer();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]303}
304
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]305TEST_F(ResolverTest, TestBinderSerialization) {
306 using android::net::INetd;
307 std::vector<int> params_offsets = {
308 INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY,
309 INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD,
310 INetd::RESOLVER_PARAMS_MIN_SAMPLES,
311 INetd::RESOLVER_PARAMS_MAX_SAMPLES
312 };
313 int size = static_cast<int>(params_offsets.size());
314 EXPECT_EQ(size, INetd::RESOLVER_PARAMS_COUNT);
315 std::sort(params_offsets.begin(), params_offsets.end());
316 for (int i = 0 ; i < size ; ++i) {
317 EXPECT_EQ(params_offsets[i], i);
318 }
319}
320
321TEST_F(ResolverTest, GetHostByName_Binder) {
322 using android::net::INetd;
323
324 std::vector<std::string> domains = { "example.com" };
325 std::vector<std::unique_ptr<test::DNSResponder>> dns;
326 std::vector<std::string> servers;
327 std::vector<Mapping> mappings;
328 ASSERT_NO_FATAL_FAILURE(SetupMappings(1, domains, &mappings));
329 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(4, mappings, &dns, &servers));
330 ASSERT_EQ(1U, mappings.size());
331 const Mapping& mapping = mappings[0];
332
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]333 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]334
335 const hostent* result = gethostbyname(mapping.host.c_str());
336 size_t total_queries = std::accumulate(dns.begin(), dns.end(), 0,
337 [this, &mapping](size_t total, auto& d) {
338 return total + GetNumQueriesForType(*d, ns_type::ns_t_a, mapping.entry.c_str());
339 });
340
341 EXPECT_LE(1U, total_queries);
342 ASSERT_FALSE(result == nullptr);
343 ASSERT_EQ(4, result->h_length);
344 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
345 EXPECT_EQ(mapping.ip4, ToString(result));
346 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
347
348 std::vector<std::string> res_servers;
349 std::vector<std::string> res_domains;
350 __res_params res_params;
351 std::vector<ResolverStats> res_stats;
352 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
353 EXPECT_EQ(servers.size(), res_servers.size());
354 EXPECT_EQ(domains.size(), res_domains.size());
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]355 ASSERT_EQ(INetd::RESOLVER_PARAMS_COUNT, mDefaultParams_Binder.size());
356 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY],
357 res_params.sample_validity);
358 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
359 res_params.success_threshold);
360 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
361 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]362 EXPECT_EQ(servers.size(), res_stats.size());
363
364 EXPECT_TRUE(UnorderedCompareArray(res_servers, servers));
365 EXPECT_TRUE(UnorderedCompareArray(res_domains, domains));
366
367 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
368}
369
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]370TEST_F(ResolverTest, GetAddrInfo) {
371 addrinfo* result = nullptr;
372
373 const char* listen_addr = "127.0.0.4";
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]374 const char* listen_addr2 = "127.0.0.5";
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]375 const char* listen_srv = "53";
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]376 const char* host_name = "howdy.example.com.";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]377 test::DNSResponder dns(listen_addr, listen_srv, 250,
378 ns_rcode::ns_r_servfail, 1.0);
379 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
380 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
381 ASSERT_TRUE(dns.startServer());
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]382
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]383 test::DNSResponder dns2(listen_addr2, listen_srv, 250,
384 ns_rcode::ns_r_servfail, 1.0);
385 dns2.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
386 dns2.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
387 ASSERT_TRUE(dns2.startServer());
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]388
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]389
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]390 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]391 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]392 dns.clearQueries();
393 dns2.clearQueries();
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]394
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]395 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
396 size_t found = GetNumQueries(dns, host_name);
397 EXPECT_LE(1U, found);
398 // Could be A or AAAA
399 std::string result_str = ToString(result);
400 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
401 << ", result_str='" << result_str << "'";
402 // TODO: Use ScopedAddrinfo or similar once it is available in a common header file.
403 if (result) {
404 freeaddrinfo(result);
405 result = nullptr;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]406 }
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]407
408 // Verify that the name is cached.
409 size_t old_found = found;
410 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
411 found = GetNumQueries(dns, host_name);
412 EXPECT_LE(1U, found);
413 EXPECT_EQ(old_found, found);
414 result_str = ToString(result);
415 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
416 << result_str;
417 if (result) {
418 freeaddrinfo(result);
419 result = nullptr;
420 }
421
422 // Change the DNS resolver, ensure that queries are still cached.
423 servers = { listen_addr2 };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]424 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]425 dns.clearQueries();
426 dns2.clearQueries();
427
428 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
429 found = GetNumQueries(dns, host_name);
430 size_t found2 = GetNumQueries(dns2, host_name);
431 EXPECT_EQ(0U, found);
432 EXPECT_LE(0U, found2);
433
434 // Could be A or AAAA
435 result_str = ToString(result);
436 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
437 << ", result_str='" << result_str << "'";
438 if (result) {
439 freeaddrinfo(result);
440 result = nullptr;
441 }
442
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]443 dns.stopServer();
444 dns2.stopServer();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]445}
446
447TEST_F(ResolverTest, GetAddrInfoV4) {
448 addrinfo* result = nullptr;
449
450 const char* listen_addr = "127.0.0.5";
451 const char* listen_srv = "53";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]452 const char* host_name = "hola.example.com.";
453 test::DNSResponder dns(listen_addr, listen_srv, 250,
454 ns_rcode::ns_r_servfail, 1.0);
455 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.5");
456 ASSERT_TRUE(dns.startServer());
457 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]458 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]459
460 addrinfo hints;
461 memset(&hints, 0, sizeof(hints));
462 hints.ai_family = AF_INET;
463 EXPECT_EQ(0, getaddrinfo("hola", nullptr, &hints, &result));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]464 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
Pierre Imaiccf7b992016-02-25 16:34:29 +0900[diff] [blame]465 EXPECT_EQ("1.2.3.5", ToString(result));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]466 if (result) {
467 freeaddrinfo(result);
468 result = nullptr;
469 }
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]470}
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]471
Ben Schwartzd4689712017-10-02 12:14:38 -0400[diff] [blame]472TEST_F(ResolverTest, GetHostByNameBrokenEdns) {
473 const char* listen_addr = "127.0.0.3";
474 const char* listen_srv = "53";
475 const char* host_name = "edns.example.com.";
476 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
477 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
478 dns.setFailOnEdns(true); // This is the only change from the basic test.
479 ASSERT_TRUE(dns.startServer());
480 std::vector<std::string> servers = { listen_addr };
481 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
482
483 const hostent* result;
484
485 dns.clearQueries();
486 result = gethostbyname("edns");
487 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
488 ASSERT_FALSE(result == nullptr);
489 ASSERT_EQ(4, result->h_length);
490 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
491 EXPECT_EQ("1.2.3.3", ToString(result));
492 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
493}
494
495TEST_F(ResolverTest, GetAddrInfoBrokenEdns) {
496 addrinfo* result = nullptr;
497
498 const char* listen_addr = "127.0.0.5";
499 const char* listen_srv = "53";
500 const char* host_name = "edns2.example.com.";
501 test::DNSResponder dns(listen_addr, listen_srv, 250,
502 ns_rcode::ns_r_servfail, 1.0);
503 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.5");
504 dns.setFailOnEdns(true); // This is the only change from the basic test.
505 ASSERT_TRUE(dns.startServer());
506 std::vector<std::string> servers = { listen_addr };
507 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
508
509 addrinfo hints;
510 memset(&hints, 0, sizeof(hints));
511 hints.ai_family = AF_INET;
512 EXPECT_EQ(0, getaddrinfo("edns2", nullptr, &hints, &result));
513 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
514 EXPECT_EQ("1.2.3.5", ToString(result));
515 if (result) {
516 freeaddrinfo(result);
517 result = nullptr;
518 }
519}
520
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]521TEST_F(ResolverTest, MultidomainResolution) {
522 std::vector<std::string> searchDomains = { "example1.com", "example2.com", "example3.com" };
523 const char* listen_addr = "127.0.0.6";
524 const char* listen_srv = "53";
525 const char* host_name = "nihao.example2.com.";
526 test::DNSResponder dns(listen_addr, listen_srv, 250,
527 ns_rcode::ns_r_servfail, 1.0);
528 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
529 ASSERT_TRUE(dns.startServer());
530 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]531 ASSERT_TRUE(SetResolversForNetwork(servers, searchDomains, mDefaultParams_Binder));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]532
533 dns.clearQueries();
534 const hostent* result = gethostbyname("nihao");
535 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
536 ASSERT_FALSE(result == nullptr);
537 ASSERT_EQ(4, result->h_length);
538 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
539 EXPECT_EQ("1.2.3.3", ToString(result));
540 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
541 dns.stopServer();
542}
543
544TEST_F(ResolverTest, GetAddrInfoV6_failing) {
545 addrinfo* result = nullptr;
546
547 const char* listen_addr0 = "127.0.0.7";
548 const char* listen_addr1 = "127.0.0.8";
549 const char* listen_srv = "53";
550 const char* host_name = "ohayou.example.com.";
551 test::DNSResponder dns0(listen_addr0, listen_srv, 250,
552 ns_rcode::ns_r_servfail, 0.0);
553 test::DNSResponder dns1(listen_addr1, listen_srv, 250,
554 ns_rcode::ns_r_servfail, 1.0);
555 dns0.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
556 dns1.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::6");
557 ASSERT_TRUE(dns0.startServer());
558 ASSERT_TRUE(dns1.startServer());
559 std::vector<std::string> servers = { listen_addr0, listen_addr1 };
560 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]561 int sample_count = 8;
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]562 const std::vector<int> params = { 300, 25, sample_count, sample_count };
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]563 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, params));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]564
565 // Repeatedly perform resolutions for non-existing domains until MAXNSSAMPLES resolutions have
566 // reached the dns0, which is set to fail. No more requests should then arrive at that server
567 // for the next sample_lifetime seconds.
568 // TODO: This approach is implementation-dependent, change once metrics reporting is available.
569 addrinfo hints;
570 memset(&hints, 0, sizeof(hints));
571 hints.ai_family = AF_INET6;
572 for (int i = 0 ; i < sample_count ; ++i) {
573 std::string domain = StringPrintf("nonexistent%d", i);
574 getaddrinfo(domain.c_str(), nullptr, &hints, &result);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]575 if (result) {
576 freeaddrinfo(result);
577 result = nullptr;
578 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]579 }
580 // Due to 100% errors for all possible samples, the server should be ignored from now on and
581 // only the second one used for all following queries, until NSSAMPLE_VALIDITY is reached.
582 dns0.clearQueries();
583 dns1.clearQueries();
584 EXPECT_EQ(0, getaddrinfo("ohayou", nullptr, &hints, &result));
585 EXPECT_EQ(0U, GetNumQueries(dns0, host_name));
586 EXPECT_EQ(1U, GetNumQueries(dns1, host_name));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]587 if (result) {
588 freeaddrinfo(result);
589 result = nullptr;
590 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]591}
592
593TEST_F(ResolverTest, GetAddrInfoV6_concurrent) {
594 const char* listen_addr0 = "127.0.0.9";
595 const char* listen_addr1 = "127.0.0.10";
596 const char* listen_addr2 = "127.0.0.11";
597 const char* listen_srv = "53";
598 const char* host_name = "konbanha.example.com.";
599 test::DNSResponder dns0(listen_addr0, listen_srv, 250,
600 ns_rcode::ns_r_servfail, 1.0);
601 test::DNSResponder dns1(listen_addr1, listen_srv, 250,
602 ns_rcode::ns_r_servfail, 1.0);
603 test::DNSResponder dns2(listen_addr2, listen_srv, 250,
604 ns_rcode::ns_r_servfail, 1.0);
605 dns0.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
606 dns1.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::6");
607 dns2.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::7");
608 ASSERT_TRUE(dns0.startServer());
609 ASSERT_TRUE(dns1.startServer());
610 ASSERT_TRUE(dns2.startServer());
611 const std::vector<std::string> servers = { listen_addr0, listen_addr1, listen_addr2 };
612 std::vector<std::thread> threads(10);
613 for (std::thread& thread : threads) {
Yi Kong1ad22582017-05-04 16:45:47 -0700[diff] [blame]614 thread = std::thread([this, &servers]() {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]615 unsigned delay = arc4random_uniform(1*1000*1000); // <= 1s
616 usleep(delay);
617 std::vector<std::string> serverSubset;
618 for (const auto& server : servers) {
619 if (arc4random_uniform(2)) {
620 serverSubset.push_back(server);
621 }
622 }
623 if (serverSubset.empty()) serverSubset = servers;
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]624 ASSERT_TRUE(SetResolversForNetwork(serverSubset, mDefaultSearchDomains,
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]625 mDefaultParams_Binder));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]626 addrinfo hints;
627 memset(&hints, 0, sizeof(hints));
628 hints.ai_family = AF_INET6;
629 addrinfo* result = nullptr;
630 int rv = getaddrinfo("konbanha", nullptr, &hints, &result);
631 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]632 if (result) {
633 freeaddrinfo(result);
634 result = nullptr;
635 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]636 });
637 }
638 for (std::thread& thread : threads) {
639 thread.join();
640 }
641}
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]642
643TEST_F(ResolverTest, GetAddrInfoStressTest_Binder_100) {
644 const unsigned num_hosts = 100;
645 const unsigned num_threads = 100;
646 const unsigned num_queries = 100;
647 ASSERT_NO_FATAL_FAILURE(RunGetAddrInfoStressTest_Binder(num_hosts, num_threads, num_queries));
648}
649
650TEST_F(ResolverTest, GetAddrInfoStressTest_Binder_100000) {
651 const unsigned num_hosts = 100000;
652 const unsigned num_threads = 100;
653 const unsigned num_queries = 100;
654 ASSERT_NO_FATAL_FAILURE(RunGetAddrInfoStressTest_Binder(num_hosts, num_threads, num_queries));
655}
656
657TEST_F(ResolverTest, EmptySetup) {
658 using android::net::INetd;
659 std::vector<std::string> servers;
660 std::vector<std::string> domains;
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]661 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]662 std::vector<std::string> res_servers;
663 std::vector<std::string> res_domains;
664 __res_params res_params;
665 std::vector<ResolverStats> res_stats;
666 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
667 EXPECT_EQ(0U, res_servers.size());
668 EXPECT_EQ(0U, res_domains.size());
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]669 ASSERT_EQ(INetd::RESOLVER_PARAMS_COUNT, mDefaultParams_Binder.size());
670 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY],
671 res_params.sample_validity);
672 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
673 res_params.success_threshold);
674 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
675 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]676}
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]677
678TEST_F(ResolverTest, SearchPathChange) {
679 addrinfo* result = nullptr;
680
681 const char* listen_addr = "127.0.0.13";
682 const char* listen_srv = "53";
683 const char* host_name1 = "test13.domain1.org.";
684 const char* host_name2 = "test13.domain2.org.";
685 test::DNSResponder dns(listen_addr, listen_srv, 250,
686 ns_rcode::ns_r_servfail, 1.0);
687 dns.addMapping(host_name1, ns_type::ns_t_aaaa, "2001:db8::13");
688 dns.addMapping(host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13");
689 ASSERT_TRUE(dns.startServer());
690 std::vector<std::string> servers = { listen_addr };
691 std::vector<std::string> domains = { "domain1.org" };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]692 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]693
694 addrinfo hints;
695 memset(&hints, 0, sizeof(hints));
696 hints.ai_family = AF_INET6;
697 EXPECT_EQ(0, getaddrinfo("test13", nullptr, &hints, &result));
698 EXPECT_EQ(1U, dns.queries().size());
699 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
700 EXPECT_EQ("2001:db8::13", ToString(result));
701 if (result) freeaddrinfo(result);
702
703 // Test that changing the domain search path on its own works.
704 domains = { "domain2.org" };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]705 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]706 dns.clearQueries();
707
708 EXPECT_EQ(0, getaddrinfo("test13", nullptr, &hints, &result));
709 EXPECT_EQ(1U, dns.queries().size());
710 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
711 EXPECT_EQ("2001:db8::1:13", ToString(result));
712 if (result) freeaddrinfo(result);
713}
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]714
715TEST_F(ResolverTest, MaxServerPrune_Binder) {
716 using android::net::INetd;
717
718 std::vector<std::string> domains = { "example.com" };
719 std::vector<std::unique_ptr<test::DNSResponder>> dns;
720 std::vector<std::string> servers;
721 std::vector<Mapping> mappings;
722 ASSERT_NO_FATAL_FAILURE(SetupMappings(1, domains, &mappings));
723 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(MAXNS + 1, mappings, &dns, &servers));
724
725 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
726
727 std::vector<std::string> res_servers;
728 std::vector<std::string> res_domains;
729 __res_params res_params;
730 std::vector<ResolverStats> res_stats;
731 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
732 EXPECT_EQ(static_cast<size_t>(MAXNS), res_servers.size());
733
734 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
735}
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]736
737static std::string base64Encode(const std::vector<uint8_t>& input) {
738 size_t out_len;
739 EXPECT_EQ(1, EVP_EncodedLength(&out_len, input.size()));
740 // out_len includes the trailing NULL.
741 uint8_t output_bytes[out_len];
742 EXPECT_EQ(out_len - 1, EVP_EncodeBlock(output_bytes, input.data(), input.size()));
743 return std::string(reinterpret_cast<char*>(output_bytes));
744}
745
746// Test what happens if the specified TLS server is nonexistent.
747TEST_F(ResolverTest, GetHostByName_TlsMissing) {
748 const char* listen_addr = "127.0.0.3";
749 const char* listen_srv = "53";
750 const char* host_name = "tlsmissing.example.com.";
751 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
752 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
753 ASSERT_TRUE(dns.startServer());
754 std::vector<std::string> servers = { listen_addr };
755
756 // There's nothing listening on this address, so validation will either fail or
757 /// hang. Either way, queries will continue to flow to the DNSResponder.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]758 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]759
760 const hostent* result;
761
762 result = gethostbyname("tlsmissing");
763 ASSERT_FALSE(result == nullptr);
764 EXPECT_EQ("1.2.3.3", ToString(result));
765
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]766 // Clear TLS bit.
767 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]768 dns.stopServer();
769}
770
771// Test what happens if the specified TLS server replies with garbage.
772TEST_F(ResolverTest, GetHostByName_TlsBroken) {
773 const char* listen_addr = "127.0.0.3";
774 const char* listen_srv = "53";
775 const char* host_name1 = "tlsbroken1.example.com.";
776 const char* host_name2 = "tlsbroken2.example.com.";
777 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
778 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
779 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
780 ASSERT_TRUE(dns.startServer());
781 std::vector<std::string> servers = { listen_addr };
782
783 // Bind the specified private DNS socket but don't respond to any client sockets yet.
784 int s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
785 ASSERT_TRUE(s >= 0);
786 struct sockaddr_in tlsServer = {
787 .sin_family = AF_INET,
788 .sin_port = htons(853),
789 };
790 ASSERT_TRUE(inet_pton(AF_INET, listen_addr, &tlsServer.sin_addr));
Ben Schwartzcbdd64a2017-08-23 18:21:46 -0400[diff] [blame]791 const int one = 1;
792 setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one));
793 setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]794 ASSERT_FALSE(bind(s, reinterpret_cast<struct sockaddr*>(&tlsServer), sizeof(tlsServer)));
795 ASSERT_FALSE(listen(s, 1));
796
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]797 // Trigger TLS validation.
798 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]799
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]800 struct sockaddr_storage cliaddr;
801 socklen_t sin_size = sizeof(cliaddr);
802 int new_fd = accept(s, reinterpret_cast<struct sockaddr *>(&cliaddr), &sin_size);
803 ASSERT_TRUE(new_fd > 0);
804
805 // We've received the new file descriptor but not written to it or closed, so the
806 // validation is still pending. Queries should still flow correctly because the
807 // server is not used until validation succeeds.
808 const hostent* result;
809 result = gethostbyname("tlsbroken1");
810 ASSERT_FALSE(result == nullptr);
811 EXPECT_EQ("1.2.3.1", ToString(result));
812
813 // Now we cause the validation to fail.
814 std::string garbage = "definitely not a valid TLS ServerHello";
815 write(new_fd, garbage.data(), garbage.size());
816 close(new_fd);
817
818 // Validation failure shouldn't interfere with lookups, because lookups won't be sent
819 // to the TLS server unless validation succeeds.
820 result = gethostbyname("tlsbroken2");
821 ASSERT_FALSE(result == nullptr);
822 EXPECT_EQ("1.2.3.2", ToString(result));
823
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]824 // Clear TLS bit.
825 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]826 dns.stopServer();
827 close(s);
828}
829
830TEST_F(ResolverTest, GetHostByName_Tls) {
831 const char* listen_addr = "127.0.0.3";
832 const char* listen_udp = "53";
833 const char* listen_tls = "853";
834 const char* host_name1 = "tls1.example.com.";
835 const char* host_name2 = "tls2.example.com.";
836 const char* host_name3 = "tls3.example.com.";
837 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
838 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
839 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
840 dns.addMapping(host_name3, ns_type::ns_t_a, "1.2.3.3");
841 ASSERT_TRUE(dns.startServer());
842 std::vector<std::string> servers = { listen_addr };
843
844 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
845 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]846 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]847
848 const hostent* result;
849
850 // Wait for validation to complete.
851 EXPECT_TRUE(tls.waitForQueries(1, 5000));
852
853 result = gethostbyname("tls1");
854 ASSERT_FALSE(result == nullptr);
855 EXPECT_EQ("1.2.3.1", ToString(result));
856
857 // Wait for query to get counted.
858 EXPECT_TRUE(tls.waitForQueries(2, 5000));
859
860 // Stop the TLS server. Since it's already been validated, queries will
861 // continue to be routed to it.
862 tls.stopServer();
863
864 result = gethostbyname("tls2");
865 EXPECT_TRUE(result == nullptr);
866 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
867
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]868 // Reset the resolvers without enabling TLS. Queries should now be routed to the
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]869 // UDP endpoint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]870 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]871
872 result = gethostbyname("tls3");
873 ASSERT_FALSE(result == nullptr);
874 EXPECT_EQ("1.2.3.3", ToString(result));
875
876 dns.stopServer();
877}
878
879TEST_F(ResolverTest, GetHostByName_TlsFingerprint) {
880 const char* listen_addr = "127.0.0.3";
881 const char* listen_udp = "53";
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]882 const char* listen_tls = "853";
Ben Schwartzcbdd64a2017-08-23 18:21:46 -0400[diff] [blame]883 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
884 ASSERT_TRUE(dns.startServer());
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]885 for (int chain_length = 1; chain_length <= 3; ++chain_length) {
886 const char* host_name = StringPrintf("tlsfingerprint%d.example.com.", chain_length).c_str();
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]887 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]888 std::vector<std::string> servers = { listen_addr };
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]889
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]890 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
891 tls.set_chain_length(chain_length);
892 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]893 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
894 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]895
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]896 const hostent* result;
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]897
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]898 // Wait for validation to complete.
899 EXPECT_TRUE(tls.waitForQueries(1, 5000));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]900
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]901 result = gethostbyname(StringPrintf("tlsfingerprint%d", chain_length).c_str());
902 EXPECT_FALSE(result == nullptr);
903 if (result) {
904 EXPECT_EQ("1.2.3.1", ToString(result));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]905
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]906 // Wait for query to get counted.
907 EXPECT_TRUE(tls.waitForQueries(2, 5000));
908 }
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]909
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]910 // Clear TLS bit to ensure revalidation.
911 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]912 tls.stopServer();
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]913 }
Ben Schwartzcbdd64a2017-08-23 18:21:46 -0400[diff] [blame]914 dns.stopServer();
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]915}
916
917TEST_F(ResolverTest, GetHostByName_BadTlsFingerprint) {
918 const char* listen_addr = "127.0.0.3";
919 const char* listen_udp = "53";
920 const char* listen_tls = "853";
921 const char* host_name = "badtlsfingerprint.example.com.";
922 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
923 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
924 ASSERT_TRUE(dns.startServer());
925 std::vector<std::string> servers = { listen_addr };
926
927 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
928 ASSERT_TRUE(tls.startServer());
929 std::vector<uint8_t> bad_fingerprint = tls.fingerprint();
930 bad_fingerprint[5] += 1; // Corrupt the fingerprint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]931 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
932 { base64Encode(bad_fingerprint) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]933
934 // The initial validation should fail at the fingerprint check before
935 // issuing a query.
936 EXPECT_FALSE(tls.waitForQueries(1, 500));
937
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]938 // A fingerprint was provided and failed to match, so the query should fail.
939 EXPECT_EQ(nullptr, gethostbyname("badtlsfingerprint"));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]940
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]941 // Clear TLS bit.
942 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]943 tls.stopServer();
944 dns.stopServer();
945}
946
947// Test that we can pass two different fingerprints, and connection succeeds as long as
948// at least one of them matches the server.
949TEST_F(ResolverTest, GetHostByName_TwoTlsFingerprints) {
950 const char* listen_addr = "127.0.0.3";
951 const char* listen_udp = "53";
952 const char* listen_tls = "853";
953 const char* host_name = "twotlsfingerprints.example.com.";
954 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
955 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
956 ASSERT_TRUE(dns.startServer());
957 std::vector<std::string> servers = { listen_addr };
958
959 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
960 ASSERT_TRUE(tls.startServer());
961 std::vector<uint8_t> bad_fingerprint = tls.fingerprint();
962 bad_fingerprint[5] += 1; // Corrupt the fingerprint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]963 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
964 { base64Encode(bad_fingerprint), base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]965
966 const hostent* result;
967
968 // Wait for validation to complete.
969 EXPECT_TRUE(tls.waitForQueries(1, 5000));
970
971 result = gethostbyname("twotlsfingerprints");
972 ASSERT_FALSE(result == nullptr);
973 EXPECT_EQ("1.2.3.1", ToString(result));
974
975 // Wait for query to get counted.
976 EXPECT_TRUE(tls.waitForQueries(2, 5000));
977
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]978 // Clear TLS bit.
979 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]980 tls.stopServer();
981 dns.stopServer();
982}
983
984TEST_F(ResolverTest, GetHostByName_TlsFingerprintGoesBad) {
985 const char* listen_addr = "127.0.0.3";
986 const char* listen_udp = "53";
987 const char* listen_tls = "853";
988 const char* host_name1 = "tlsfingerprintgoesbad1.example.com.";
989 const char* host_name2 = "tlsfingerprintgoesbad2.example.com.";
990 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
991 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
992 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
993 ASSERT_TRUE(dns.startServer());
994 std::vector<std::string> servers = { listen_addr };
995
996 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
997 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]998 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
999 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1000
1001 const hostent* result;
1002
1003 // Wait for validation to complete.
1004 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1005
1006 result = gethostbyname("tlsfingerprintgoesbad1");
1007 ASSERT_FALSE(result == nullptr);
1008 EXPECT_EQ("1.2.3.1", ToString(result));
1009
1010 // Wait for query to get counted.
1011 EXPECT_TRUE(tls.waitForQueries(2, 5000));
1012
1013 // Restart the TLS server. This will generate a new certificate whose fingerprint
1014 // no longer matches the stored fingerprint.
1015 tls.stopServer();
1016 tls.startServer();
1017
1018 result = gethostbyname("tlsfingerprintgoesbad2");
1019 ASSERT_TRUE(result == nullptr);
1020 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
1021
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1022 // Clear TLS bit.
1023 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1024 tls.stopServer();
1025 dns.stopServer();
1026}
1027
1028TEST_F(ResolverTest, GetHostByName_TlsFailover) {
1029 const char* listen_addr1 = "127.0.0.3";
1030 const char* listen_addr2 = "127.0.0.4";
1031 const char* listen_udp = "53";
1032 const char* listen_tls = "853";
1033 const char* host_name1 = "tlsfailover1.example.com.";
1034 const char* host_name2 = "tlsfailover2.example.com.";
1035 test::DNSResponder dns1(listen_addr1, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1036 test::DNSResponder dns2(listen_addr2, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1037 dns1.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
1038 dns1.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
1039 dns2.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.3");
1040 dns2.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.4");
1041 ASSERT_TRUE(dns1.startServer());
1042 ASSERT_TRUE(dns2.startServer());
1043 std::vector<std::string> servers = { listen_addr1, listen_addr2 };
1044
1045 test::DnsTlsFrontend tls1(listen_addr1, listen_tls, listen_addr1, listen_udp);
1046 test::DnsTlsFrontend tls2(listen_addr2, listen_tls, listen_addr2, listen_udp);
1047 ASSERT_TRUE(tls1.startServer());
1048 ASSERT_TRUE(tls2.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1049 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1050 { base64Encode(tls1.fingerprint()), base64Encode(tls2.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1051
1052 const hostent* result;
1053
1054 // Wait for validation to complete.
1055 EXPECT_TRUE(tls1.waitForQueries(1, 5000));
1056 EXPECT_TRUE(tls2.waitForQueries(1, 5000));
1057
1058 result = gethostbyname("tlsfailover1");
1059 ASSERT_FALSE(result == nullptr);
1060 EXPECT_EQ("1.2.3.1", ToString(result));
1061
1062 // Wait for query to get counted.
1063 EXPECT_TRUE(tls1.waitForQueries(2, 5000));
1064 // No new queries should have reached tls2.
1065 EXPECT_EQ(1, tls2.queries());
1066
1067 // Stop tls1. Subsequent queries should attempt to reach tls1, fail, and retry to tls2.
1068 tls1.stopServer();
1069
1070 result = gethostbyname("tlsfailover2");
1071 EXPECT_EQ("1.2.3.4", ToString(result));
1072
1073 // Wait for query to get counted.
1074 EXPECT_TRUE(tls2.waitForQueries(2, 5000));
1075
1076 // No additional queries should have reached the insecure servers.
1077 EXPECT_EQ(2U, dns1.queries().size());
1078 EXPECT_EQ(2U, dns2.queries().size());
1079
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1080 // Clear TLS bit.
1081 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1082 tls2.stopServer();
1083 dns1.stopServer();
1084 dns2.stopServer();
1085}
1086
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1087TEST_F(ResolverTest, GetHostByName_BadTlsName) {
1088 const char* listen_addr = "127.0.0.3";
1089 const char* listen_udp = "53";
1090 const char* listen_tls = "853";
1091 const char* host_name = "badtlsname.example.com.";
1092 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1093 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
1094 ASSERT_TRUE(dns.startServer());
1095 std::vector<std::string> servers = { listen_addr };
1096
1097 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1098 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1099 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder,
1100 "www.example.com", {}));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1101
1102 // The TLS server's certificate doesn't chain to a known CA, and a nonempty name was specified,
1103 // so the client should fail the TLS handshake before ever issuing a query.
1104 EXPECT_FALSE(tls.waitForQueries(1, 500));
1105
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1106 // The query should fail hard, because a name was specified.
1107 EXPECT_EQ(nullptr, gethostbyname("badtlsname"));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1108
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1109 // Clear TLS bit.
1110 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1111 tls.stopServer();
1112 dns.stopServer();
1113}
1114
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1115TEST_F(ResolverTest, GetAddrInfo_Tls) {
1116 const char* listen_addr = "127.0.0.3";
1117 const char* listen_udp = "53";
1118 const char* listen_tls = "853";
1119 const char* host_name = "addrinfotls.example.com.";
1120 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1121 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
1122 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
1123 ASSERT_TRUE(dns.startServer());
1124 std::vector<std::string> servers = { listen_addr };
1125
1126 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1127 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1128 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1129 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1130
1131 // Wait for validation to complete.
1132 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1133
1134 dns.clearQueries();
1135 addrinfo* result = nullptr;
1136 EXPECT_EQ(0, getaddrinfo("addrinfotls", nullptr, nullptr, &result));
1137 size_t found = GetNumQueries(dns, host_name);
1138 EXPECT_LE(1U, found);
1139 // Could be A or AAAA
1140 std::string result_str = ToString(result);
1141 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
1142 << ", result_str='" << result_str << "'";
1143 // TODO: Use ScopedAddrinfo or similar once it is available in a common header file.
1144 if (result) {
1145 freeaddrinfo(result);
1146 result = nullptr;
1147 }
1148 // Wait for both A and AAAA queries to get counted.
1149 EXPECT_TRUE(tls.waitForQueries(3, 5000));
1150
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1151 // Clear TLS bit.
1152 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1153 tls.stopServer();
1154 dns.stopServer();
1155}