Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / cc93c371bd33eae40d52928ea3776529ad39ff3c / . / tests / netd_test.cpp
blob: b586c455b58b173850e819f09e6e14edf9dfc6c2 [file] [log] [blame]
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless requied by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18#include <arpa/inet.h>
19#include <errno.h>
20#include <netdb.h>
21#include <stdarg.h>
22#include <stdio.h>
23#include <stdlib.h>
Chenbo Feng66165472018-07-23 19:05:56 -0700[diff] [blame]24#include <sys/capability.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]25#include <unistd.h>
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]26
27#include <cutils/sockets.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]28#include <android-base/stringprintf.h>
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]29#include <private/android_filesystem_config.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]30
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]31#include <openssl/base64.h>
32
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]33#include <algorithm>
34#include <chrono>
35#include <iterator>
36#include <numeric>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]37#include <thread>
38
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]39#define LOG_TAG "netd_test"
40// TODO: make this dynamic and stop depending on implementation details.
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]41#define TEST_NETID 30
42
Erik Kline1564d482018-03-07 17:09:35 +0900[diff] [blame]43#include "resolv_netid.h"
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]44#include "NetdClient.h"
45
46#include <gtest/gtest.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]47
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]48#include <utils/Log.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]49
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]50#include "dns_responder.h"
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]51#include "dns_responder_client.h"
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]52#include "dns_tls_frontend.h"
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]53#include "resolv_params.h"
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]54#include "ResolverStats.h"
55
56#include "android/net/INetd.h"
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]57#include "android/net/metrics/INetdEventListener.h"
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]58#include "binder/IServiceManager.h"
Erik Klined1503072018-02-22 23:55:40 -0800[diff] [blame]59#include "netdutils/SocketOption.h"
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]60
61using android::base::StringPrintf;
62using android::base::StringAppendF;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]63using android::net::ResolverStats;
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]64using android::net::metrics::INetdEventListener;
Erik Klined1503072018-02-22 23:55:40 -0800[diff] [blame]65using android::netdutils::enableSockopt;
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]66
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]67// Emulates the behavior of UnorderedElementsAreArray, which currently cannot be used.
68// TODO: Use UnorderedElementsAreArray, which depends on being able to compile libgmock_host,
69// if that is not possible, improve this hacky algorithm, which is O(n**2)
70template <class A, class B>
71bool UnorderedCompareArray(const A& a, const B& b) {
72 if (a.size() != b.size()) return false;
73 for (const auto& a_elem : a) {
74 size_t a_count = 0;
75 for (const auto& a_elem2 : a) {
76 if (a_elem == a_elem2) {
77 ++a_count;
78 }
79 }
80 size_t b_count = 0;
81 for (const auto& b_elem : b) {
82 if (a_elem == b_elem) ++b_count;
83 }
84 if (a_count != b_count) return false;
85 }
86 return true;
87}
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]88
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]89class AddrInfo {
90 public:
91 AddrInfo() : ai_(nullptr), error_(0) {}
92
93 AddrInfo(const char* node, const char* service, const addrinfo& hints) : ai_(nullptr) {
94 init(node, service, hints);
95 }
96
97 AddrInfo(const char* node, const char* service) : ai_(nullptr) {
98 init(node, service);
99 }
100
101 ~AddrInfo() { clear(); }
102
103 int init(const char* node, const char* service, const addrinfo& hints) {
104 clear();
105 error_ = getaddrinfo(node, service, &hints, &ai_);
106 return error_;
107 }
108
109 int init(const char* node, const char* service) {
110 clear();
111 error_ = getaddrinfo(node, service, nullptr, &ai_);
112 return error_;
113 }
114
115 void clear() {
116 if (ai_ != nullptr) {
117 freeaddrinfo(ai_);
118 ai_ = nullptr;
119 error_ = 0;
120 }
121 }
122
123 const addrinfo& operator*() const { return *ai_; }
124 const addrinfo* get() const { return ai_; }
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]125 int error() const { return error_; }
126
127 private:
128 addrinfo* ai_;
129 int error_;
130};
131
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]132class ResolverTest : public ::testing::Test, public DnsResponderClient {
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]133private:
134 int mOriginalMetricsLevel;
135
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]136protected:
137 virtual void SetUp() {
138 // Ensure resolutions go via proxy.
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]139 DnsResponderClient::SetUp();
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]140
141 // If DNS reporting is off: turn it on so we run through everything.
142 auto rv = mNetdSrv->getMetricsReportingLevel(&mOriginalMetricsLevel);
143 ASSERT_TRUE(rv.isOk());
144 if (mOriginalMetricsLevel != INetdEventListener::REPORTING_LEVEL_FULL) {
145 rv = mNetdSrv->setMetricsReportingLevel(INetdEventListener::REPORTING_LEVEL_FULL);
146 ASSERT_TRUE(rv.isOk());
147 }
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]148 }
149
150 virtual void TearDown() {
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]151 if (mOriginalMetricsLevel != INetdEventListener::REPORTING_LEVEL_FULL) {
152 auto rv = mNetdSrv->setMetricsReportingLevel(mOriginalMetricsLevel);
153 ASSERT_TRUE(rv.isOk());
154 }
155
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]156 DnsResponderClient::TearDown();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]157 }
158
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]159 bool GetResolverInfo(std::vector<std::string>* servers, std::vector<std::string>* domains,
160 __res_params* params, std::vector<ResolverStats>* stats) {
161 using android::net::INetd;
162 std::vector<int32_t> params32;
163 std::vector<int32_t> stats32;
164 auto rv = mNetdSrv->getResolverInfo(TEST_NETID, servers, domains, &params32, &stats32);
165 if (!rv.isOk() || params32.size() != INetd::RESOLVER_PARAMS_COUNT) {
166 return false;
167 }
168 *params = __res_params {
169 .sample_validity = static_cast<uint16_t>(
170 params32[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY]),
171 .success_threshold = static_cast<uint8_t>(
172 params32[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD]),
173 .min_samples = static_cast<uint8_t>(
174 params32[INetd::RESOLVER_PARAMS_MIN_SAMPLES]),
175 .max_samples = static_cast<uint8_t>(
Bernie Innocenticc93c372018-08-06 15:18:59 +0900[diff] [blame^]176 params32[INetd::RESOLVER_PARAMS_MAX_SAMPLES]),
177 .base_timeout_msec = params32[INetd::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]178 };
179 return ResolverStats::decodeAll(stats32, stats);
180 }
181
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]182 std::string ToString(const hostent* he) const {
183 if (he == nullptr) return "<null>";
184 char buffer[INET6_ADDRSTRLEN];
185 if (!inet_ntop(he->h_addrtype, he->h_addr_list[0], buffer, sizeof(buffer))) {
186 return "<invalid>";
187 }
188 return buffer;
Pierre Imaiccf7b992016-02-25 16:34:29 +0900[diff] [blame]189 }
190
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]191 std::string ToString(const addrinfo* ai) const {
192 if (!ai)
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]193 return "<null>";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]194 for (const auto* aip = ai ; aip != nullptr ; aip = aip->ai_next) {
195 char host[NI_MAXHOST];
196 int rv = getnameinfo(aip->ai_addr, aip->ai_addrlen, host, sizeof(host), nullptr, 0,
197 NI_NUMERICHOST);
198 if (rv != 0)
199 return gai_strerror(rv);
200 return host;
201 }
202 return "<invalid>";
203 }
204
205 size_t GetNumQueries(const test::DNSResponder& dns, const char* name) const {
206 auto queries = dns.queries();
207 size_t found = 0;
208 for (const auto& p : queries) {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]209 if (p.first == name) {
210 ++found;
211 }
212 }
213 return found;
214 }
215
216 size_t GetNumQueriesForType(const test::DNSResponder& dns, ns_type type,
217 const char* name) const {
218 auto queries = dns.queries();
219 size_t found = 0;
220 for (const auto& p : queries) {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]221 if (p.second == type && p.first == name) {
222 ++found;
223 }
224 }
225 return found;
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]226 }
227
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]228 void RunGetAddrInfoStressTest_Binder(unsigned num_hosts, unsigned num_threads,
229 unsigned num_queries) {
230 std::vector<std::string> domains = { "example.com" };
231 std::vector<std::unique_ptr<test::DNSResponder>> dns;
232 std::vector<std::string> servers;
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]233 std::vector<DnsResponderClient::Mapping> mappings;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]234 ASSERT_NO_FATAL_FAILURE(SetupMappings(num_hosts, domains, &mappings));
235 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(MAXNS, mappings, &dns, &servers));
236
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]237 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]238
239 auto t0 = std::chrono::steady_clock::now();
240 std::vector<std::thread> threads(num_threads);
241 for (std::thread& thread : threads) {
Yi Kong1ad22582017-05-04 16:45:47 -0700[diff] [blame]242 thread = std::thread([this, &mappings, num_queries]() {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]243 for (unsigned i = 0 ; i < num_queries ; ++i) {
244 uint32_t ofs = arc4random_uniform(mappings.size());
Robin Leed67c77f2016-09-15 10:55:25 +0900[diff] [blame]245 auto& mapping = mappings[ofs];
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]246 addrinfo* result = nullptr;
247 int rv = getaddrinfo(mapping.host.c_str(), nullptr, nullptr, &result);
248 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
249 if (rv == 0) {
250 std::string result_str = ToString(result);
251 EXPECT_TRUE(result_str == mapping.ip4 || result_str == mapping.ip6)
252 << "result='" << result_str << "', ip4='" << mapping.ip4
253 << "', ip6='" << mapping.ip6;
254 }
255 if (result) {
256 freeaddrinfo(result);
257 result = nullptr;
258 }
259 }
260 });
261 }
262
263 for (std::thread& thread : threads) {
264 thread.join();
265 }
266 auto t1 = std::chrono::steady_clock::now();
267 ALOGI("%u hosts, %u threads, %u queries, %Es", num_hosts, num_threads, num_queries,
268 std::chrono::duration<double>(t1 - t0).count());
269 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
270 }
271
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]272 const std::vector<std::string> mDefaultSearchDomains = { "example.com" };
273 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
274 const std::string mDefaultParams = "300 25 8 8";
Bernie Innocenticc93c372018-08-06 15:18:59 +0900[diff] [blame^]275 const std::vector<int> mDefaultParams_Binder = {
276 300, // SAMPLE_VALIDITY
277 25, // SUCCESS_THRESHOLD
278 8, 8, // {MIN,MAX}_SAMPLES
279 100, // BASE_TIMEOUT_MSEC
280 };
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]281};
282
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]283TEST_F(ResolverTest, GetHostByName) {
284 const char* listen_addr = "127.0.0.3";
285 const char* listen_srv = "53";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]286 const char* host_name = "hello.example.com.";
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]287 const char *nonexistent_host_name = "nonexistent.example.com.";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]288 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
289 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
290 ASSERT_TRUE(dns.startServer());
291 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]292 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]293
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]294 const hostent* result;
295
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]296 dns.clearQueries();
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]297 result = gethostbyname("nonexistent");
298 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
299 ASSERT_TRUE(result == nullptr);
300 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
301
302 dns.clearQueries();
303 result = gethostbyname("hello");
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]304 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]305 ASSERT_FALSE(result == nullptr);
306 ASSERT_EQ(4, result->h_length);
307 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]308 EXPECT_EQ("1.2.3.3", ToString(result));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]309 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]310
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]311 dns.stopServer();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]312}
313
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]314TEST_F(ResolverTest, TestBinderSerialization) {
315 using android::net::INetd;
316 std::vector<int> params_offsets = {
317 INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY,
318 INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD,
319 INetd::RESOLVER_PARAMS_MIN_SAMPLES,
Bernie Innocenticc93c372018-08-06 15:18:59 +0900[diff] [blame^]320 INetd::RESOLVER_PARAMS_MAX_SAMPLES,
321 INetd::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC,
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]322 };
323 int size = static_cast<int>(params_offsets.size());
324 EXPECT_EQ(size, INetd::RESOLVER_PARAMS_COUNT);
325 std::sort(params_offsets.begin(), params_offsets.end());
326 for (int i = 0 ; i < size ; ++i) {
327 EXPECT_EQ(params_offsets[i], i);
328 }
329}
330
331TEST_F(ResolverTest, GetHostByName_Binder) {
332 using android::net::INetd;
333
334 std::vector<std::string> domains = { "example.com" };
335 std::vector<std::unique_ptr<test::DNSResponder>> dns;
336 std::vector<std::string> servers;
337 std::vector<Mapping> mappings;
338 ASSERT_NO_FATAL_FAILURE(SetupMappings(1, domains, &mappings));
339 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(4, mappings, &dns, &servers));
340 ASSERT_EQ(1U, mappings.size());
341 const Mapping& mapping = mappings[0];
342
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]343 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]344
345 const hostent* result = gethostbyname(mapping.host.c_str());
346 size_t total_queries = std::accumulate(dns.begin(), dns.end(), 0,
347 [this, &mapping](size_t total, auto& d) {
348 return total + GetNumQueriesForType(*d, ns_type::ns_t_a, mapping.entry.c_str());
349 });
350
351 EXPECT_LE(1U, total_queries);
352 ASSERT_FALSE(result == nullptr);
353 ASSERT_EQ(4, result->h_length);
354 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
355 EXPECT_EQ(mapping.ip4, ToString(result));
356 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
357
358 std::vector<std::string> res_servers;
359 std::vector<std::string> res_domains;
360 __res_params res_params;
361 std::vector<ResolverStats> res_stats;
362 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
363 EXPECT_EQ(servers.size(), res_servers.size());
364 EXPECT_EQ(domains.size(), res_domains.size());
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]365 ASSERT_EQ(INetd::RESOLVER_PARAMS_COUNT, mDefaultParams_Binder.size());
366 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY],
367 res_params.sample_validity);
368 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
369 res_params.success_threshold);
370 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
371 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
Bernie Innocenticc93c372018-08-06 15:18:59 +0900[diff] [blame^]372 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
373 res_params.base_timeout_msec);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]374 EXPECT_EQ(servers.size(), res_stats.size());
375
376 EXPECT_TRUE(UnorderedCompareArray(res_servers, servers));
377 EXPECT_TRUE(UnorderedCompareArray(res_domains, domains));
378
379 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
380}
381
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]382TEST_F(ResolverTest, GetAddrInfo) {
383 addrinfo* result = nullptr;
384
385 const char* listen_addr = "127.0.0.4";
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]386 const char* listen_addr2 = "127.0.0.5";
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]387 const char* listen_srv = "53";
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]388 const char* host_name = "howdy.example.com.";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]389 test::DNSResponder dns(listen_addr, listen_srv, 250,
390 ns_rcode::ns_r_servfail, 1.0);
391 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
392 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
393 ASSERT_TRUE(dns.startServer());
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]394
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]395 test::DNSResponder dns2(listen_addr2, listen_srv, 250,
396 ns_rcode::ns_r_servfail, 1.0);
397 dns2.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
398 dns2.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
399 ASSERT_TRUE(dns2.startServer());
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]400
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]401
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]402 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]403 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]404 dns.clearQueries();
405 dns2.clearQueries();
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]406
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]407 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
408 size_t found = GetNumQueries(dns, host_name);
409 EXPECT_LE(1U, found);
410 // Could be A or AAAA
411 std::string result_str = ToString(result);
412 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
413 << ", result_str='" << result_str << "'";
414 // TODO: Use ScopedAddrinfo or similar once it is available in a common header file.
415 if (result) {
416 freeaddrinfo(result);
417 result = nullptr;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]418 }
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]419
420 // Verify that the name is cached.
421 size_t old_found = found;
422 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
423 found = GetNumQueries(dns, host_name);
424 EXPECT_LE(1U, found);
425 EXPECT_EQ(old_found, found);
426 result_str = ToString(result);
427 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
428 << result_str;
429 if (result) {
430 freeaddrinfo(result);
431 result = nullptr;
432 }
433
434 // Change the DNS resolver, ensure that queries are still cached.
435 servers = { listen_addr2 };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]436 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]437 dns.clearQueries();
438 dns2.clearQueries();
439
440 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
441 found = GetNumQueries(dns, host_name);
442 size_t found2 = GetNumQueries(dns2, host_name);
443 EXPECT_EQ(0U, found);
444 EXPECT_LE(0U, found2);
445
446 // Could be A or AAAA
447 result_str = ToString(result);
448 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
449 << ", result_str='" << result_str << "'";
450 if (result) {
451 freeaddrinfo(result);
452 result = nullptr;
453 }
454
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]455 dns.stopServer();
456 dns2.stopServer();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]457}
458
459TEST_F(ResolverTest, GetAddrInfoV4) {
460 addrinfo* result = nullptr;
461
462 const char* listen_addr = "127.0.0.5";
463 const char* listen_srv = "53";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]464 const char* host_name = "hola.example.com.";
465 test::DNSResponder dns(listen_addr, listen_srv, 250,
466 ns_rcode::ns_r_servfail, 1.0);
467 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.5");
468 ASSERT_TRUE(dns.startServer());
469 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]470 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]471
472 addrinfo hints;
473 memset(&hints, 0, sizeof(hints));
474 hints.ai_family = AF_INET;
475 EXPECT_EQ(0, getaddrinfo("hola", nullptr, &hints, &result));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]476 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
Pierre Imaiccf7b992016-02-25 16:34:29 +0900[diff] [blame]477 EXPECT_EQ("1.2.3.5", ToString(result));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]478 if (result) {
479 freeaddrinfo(result);
480 result = nullptr;
481 }
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]482}
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]483
Ben Schwartzd4689712017-10-02 12:14:38 -0400[diff] [blame]484TEST_F(ResolverTest, GetHostByNameBrokenEdns) {
485 const char* listen_addr = "127.0.0.3";
486 const char* listen_srv = "53";
487 const char* host_name = "edns.example.com.";
488 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
489 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
490 dns.setFailOnEdns(true); // This is the only change from the basic test.
491 ASSERT_TRUE(dns.startServer());
492 std::vector<std::string> servers = { listen_addr };
493 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
494
495 const hostent* result;
496
497 dns.clearQueries();
498 result = gethostbyname("edns");
499 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
500 ASSERT_FALSE(result == nullptr);
501 ASSERT_EQ(4, result->h_length);
502 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
503 EXPECT_EQ("1.2.3.3", ToString(result));
504 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
505}
506
507TEST_F(ResolverTest, GetAddrInfoBrokenEdns) {
508 addrinfo* result = nullptr;
509
510 const char* listen_addr = "127.0.0.5";
511 const char* listen_srv = "53";
512 const char* host_name = "edns2.example.com.";
513 test::DNSResponder dns(listen_addr, listen_srv, 250,
514 ns_rcode::ns_r_servfail, 1.0);
515 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.5");
516 dns.setFailOnEdns(true); // This is the only change from the basic test.
517 ASSERT_TRUE(dns.startServer());
518 std::vector<std::string> servers = { listen_addr };
519 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
520
521 addrinfo hints;
522 memset(&hints, 0, sizeof(hints));
523 hints.ai_family = AF_INET;
524 EXPECT_EQ(0, getaddrinfo("edns2", nullptr, &hints, &result));
525 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
526 EXPECT_EQ("1.2.3.5", ToString(result));
527 if (result) {
528 freeaddrinfo(result);
529 result = nullptr;
530 }
531}
532
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]533TEST_F(ResolverTest, MultidomainResolution) {
534 std::vector<std::string> searchDomains = { "example1.com", "example2.com", "example3.com" };
535 const char* listen_addr = "127.0.0.6";
536 const char* listen_srv = "53";
537 const char* host_name = "nihao.example2.com.";
538 test::DNSResponder dns(listen_addr, listen_srv, 250,
539 ns_rcode::ns_r_servfail, 1.0);
540 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
541 ASSERT_TRUE(dns.startServer());
542 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]543 ASSERT_TRUE(SetResolversForNetwork(servers, searchDomains, mDefaultParams_Binder));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]544
545 dns.clearQueries();
546 const hostent* result = gethostbyname("nihao");
547 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
548 ASSERT_FALSE(result == nullptr);
549 ASSERT_EQ(4, result->h_length);
550 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
551 EXPECT_EQ("1.2.3.3", ToString(result));
552 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
553 dns.stopServer();
554}
555
556TEST_F(ResolverTest, GetAddrInfoV6_failing) {
557 addrinfo* result = nullptr;
558
559 const char* listen_addr0 = "127.0.0.7";
560 const char* listen_addr1 = "127.0.0.8";
561 const char* listen_srv = "53";
562 const char* host_name = "ohayou.example.com.";
563 test::DNSResponder dns0(listen_addr0, listen_srv, 250,
564 ns_rcode::ns_r_servfail, 0.0);
565 test::DNSResponder dns1(listen_addr1, listen_srv, 250,
566 ns_rcode::ns_r_servfail, 1.0);
567 dns0.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
568 dns1.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::6");
569 ASSERT_TRUE(dns0.startServer());
570 ASSERT_TRUE(dns1.startServer());
571 std::vector<std::string> servers = { listen_addr0, listen_addr1 };
572 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]573 int sample_count = 8;
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]574 const std::vector<int> params = { 300, 25, sample_count, sample_count };
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]575 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, params));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]576
577 // Repeatedly perform resolutions for non-existing domains until MAXNSSAMPLES resolutions have
578 // reached the dns0, which is set to fail. No more requests should then arrive at that server
579 // for the next sample_lifetime seconds.
580 // TODO: This approach is implementation-dependent, change once metrics reporting is available.
581 addrinfo hints;
582 memset(&hints, 0, sizeof(hints));
583 hints.ai_family = AF_INET6;
584 for (int i = 0 ; i < sample_count ; ++i) {
585 std::string domain = StringPrintf("nonexistent%d", i);
586 getaddrinfo(domain.c_str(), nullptr, &hints, &result);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]587 if (result) {
588 freeaddrinfo(result);
589 result = nullptr;
590 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]591 }
592 // Due to 100% errors for all possible samples, the server should be ignored from now on and
593 // only the second one used for all following queries, until NSSAMPLE_VALIDITY is reached.
594 dns0.clearQueries();
595 dns1.clearQueries();
596 EXPECT_EQ(0, getaddrinfo("ohayou", nullptr, &hints, &result));
597 EXPECT_EQ(0U, GetNumQueries(dns0, host_name));
598 EXPECT_EQ(1U, GetNumQueries(dns1, host_name));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]599 if (result) {
600 freeaddrinfo(result);
601 result = nullptr;
602 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]603}
604
605TEST_F(ResolverTest, GetAddrInfoV6_concurrent) {
606 const char* listen_addr0 = "127.0.0.9";
607 const char* listen_addr1 = "127.0.0.10";
608 const char* listen_addr2 = "127.0.0.11";
609 const char* listen_srv = "53";
610 const char* host_name = "konbanha.example.com.";
611 test::DNSResponder dns0(listen_addr0, listen_srv, 250,
612 ns_rcode::ns_r_servfail, 1.0);
613 test::DNSResponder dns1(listen_addr1, listen_srv, 250,
614 ns_rcode::ns_r_servfail, 1.0);
615 test::DNSResponder dns2(listen_addr2, listen_srv, 250,
616 ns_rcode::ns_r_servfail, 1.0);
617 dns0.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
618 dns1.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::6");
619 dns2.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::7");
620 ASSERT_TRUE(dns0.startServer());
621 ASSERT_TRUE(dns1.startServer());
622 ASSERT_TRUE(dns2.startServer());
623 const std::vector<std::string> servers = { listen_addr0, listen_addr1, listen_addr2 };
624 std::vector<std::thread> threads(10);
625 for (std::thread& thread : threads) {
Yi Kong1ad22582017-05-04 16:45:47 -0700[diff] [blame]626 thread = std::thread([this, &servers]() {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]627 unsigned delay = arc4random_uniform(1*1000*1000); // <= 1s
628 usleep(delay);
629 std::vector<std::string> serverSubset;
630 for (const auto& server : servers) {
631 if (arc4random_uniform(2)) {
632 serverSubset.push_back(server);
633 }
634 }
635 if (serverSubset.empty()) serverSubset = servers;
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]636 ASSERT_TRUE(SetResolversForNetwork(serverSubset, mDefaultSearchDomains,
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]637 mDefaultParams_Binder));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]638 addrinfo hints;
639 memset(&hints, 0, sizeof(hints));
640 hints.ai_family = AF_INET6;
641 addrinfo* result = nullptr;
642 int rv = getaddrinfo("konbanha", nullptr, &hints, &result);
643 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]644 if (result) {
645 freeaddrinfo(result);
646 result = nullptr;
647 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]648 });
649 }
650 for (std::thread& thread : threads) {
651 thread.join();
652 }
653}
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]654
655TEST_F(ResolverTest, GetAddrInfoStressTest_Binder_100) {
656 const unsigned num_hosts = 100;
657 const unsigned num_threads = 100;
658 const unsigned num_queries = 100;
659 ASSERT_NO_FATAL_FAILURE(RunGetAddrInfoStressTest_Binder(num_hosts, num_threads, num_queries));
660}
661
662TEST_F(ResolverTest, GetAddrInfoStressTest_Binder_100000) {
663 const unsigned num_hosts = 100000;
664 const unsigned num_threads = 100;
665 const unsigned num_queries = 100;
666 ASSERT_NO_FATAL_FAILURE(RunGetAddrInfoStressTest_Binder(num_hosts, num_threads, num_queries));
667}
668
669TEST_F(ResolverTest, EmptySetup) {
670 using android::net::INetd;
671 std::vector<std::string> servers;
672 std::vector<std::string> domains;
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]673 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]674 std::vector<std::string> res_servers;
675 std::vector<std::string> res_domains;
676 __res_params res_params;
677 std::vector<ResolverStats> res_stats;
678 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
679 EXPECT_EQ(0U, res_servers.size());
680 EXPECT_EQ(0U, res_domains.size());
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]681 ASSERT_EQ(INetd::RESOLVER_PARAMS_COUNT, mDefaultParams_Binder.size());
682 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY],
683 res_params.sample_validity);
684 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
685 res_params.success_threshold);
686 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
687 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
Bernie Innocenticc93c372018-08-06 15:18:59 +0900[diff] [blame^]688 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
689 res_params.base_timeout_msec);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]690}
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]691
692TEST_F(ResolverTest, SearchPathChange) {
693 addrinfo* result = nullptr;
694
695 const char* listen_addr = "127.0.0.13";
696 const char* listen_srv = "53";
697 const char* host_name1 = "test13.domain1.org.";
698 const char* host_name2 = "test13.domain2.org.";
699 test::DNSResponder dns(listen_addr, listen_srv, 250,
700 ns_rcode::ns_r_servfail, 1.0);
701 dns.addMapping(host_name1, ns_type::ns_t_aaaa, "2001:db8::13");
702 dns.addMapping(host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13");
703 ASSERT_TRUE(dns.startServer());
704 std::vector<std::string> servers = { listen_addr };
705 std::vector<std::string> domains = { "domain1.org" };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]706 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]707
708 addrinfo hints;
709 memset(&hints, 0, sizeof(hints));
710 hints.ai_family = AF_INET6;
711 EXPECT_EQ(0, getaddrinfo("test13", nullptr, &hints, &result));
712 EXPECT_EQ(1U, dns.queries().size());
713 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
714 EXPECT_EQ("2001:db8::13", ToString(result));
715 if (result) freeaddrinfo(result);
716
717 // Test that changing the domain search path on its own works.
718 domains = { "domain2.org" };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]719 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]720 dns.clearQueries();
721
722 EXPECT_EQ(0, getaddrinfo("test13", nullptr, &hints, &result));
723 EXPECT_EQ(1U, dns.queries().size());
724 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
725 EXPECT_EQ("2001:db8::1:13", ToString(result));
726 if (result) freeaddrinfo(result);
727}
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]728
729TEST_F(ResolverTest, MaxServerPrune_Binder) {
730 using android::net::INetd;
731
732 std::vector<std::string> domains = { "example.com" };
733 std::vector<std::unique_ptr<test::DNSResponder>> dns;
734 std::vector<std::string> servers;
735 std::vector<Mapping> mappings;
736 ASSERT_NO_FATAL_FAILURE(SetupMappings(1, domains, &mappings));
737 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(MAXNS + 1, mappings, &dns, &servers));
738
739 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
740
741 std::vector<std::string> res_servers;
742 std::vector<std::string> res_domains;
743 __res_params res_params;
744 std::vector<ResolverStats> res_stats;
745 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
746 EXPECT_EQ(static_cast<size_t>(MAXNS), res_servers.size());
747
748 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
749}
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]750
751static std::string base64Encode(const std::vector<uint8_t>& input) {
752 size_t out_len;
753 EXPECT_EQ(1, EVP_EncodedLength(&out_len, input.size()));
754 // out_len includes the trailing NULL.
755 uint8_t output_bytes[out_len];
756 EXPECT_EQ(out_len - 1, EVP_EncodeBlock(output_bytes, input.data(), input.size()));
757 return std::string(reinterpret_cast<char*>(output_bytes));
758}
759
760// Test what happens if the specified TLS server is nonexistent.
761TEST_F(ResolverTest, GetHostByName_TlsMissing) {
762 const char* listen_addr = "127.0.0.3";
763 const char* listen_srv = "53";
764 const char* host_name = "tlsmissing.example.com.";
765 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
766 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
767 ASSERT_TRUE(dns.startServer());
768 std::vector<std::string> servers = { listen_addr };
769
770 // There's nothing listening on this address, so validation will either fail or
771 /// hang. Either way, queries will continue to flow to the DNSResponder.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]772 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]773
774 const hostent* result;
775
776 result = gethostbyname("tlsmissing");
777 ASSERT_FALSE(result == nullptr);
778 EXPECT_EQ("1.2.3.3", ToString(result));
779
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]780 // Clear TLS bit.
781 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]782 dns.stopServer();
783}
784
785// Test what happens if the specified TLS server replies with garbage.
786TEST_F(ResolverTest, GetHostByName_TlsBroken) {
787 const char* listen_addr = "127.0.0.3";
788 const char* listen_srv = "53";
789 const char* host_name1 = "tlsbroken1.example.com.";
790 const char* host_name2 = "tlsbroken2.example.com.";
791 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
792 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
793 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
794 ASSERT_TRUE(dns.startServer());
795 std::vector<std::string> servers = { listen_addr };
796
797 // Bind the specified private DNS socket but don't respond to any client sockets yet.
Bernie Innocentif6918262018-06-11 17:37:35 +0900[diff] [blame]798 int s = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]799 ASSERT_TRUE(s >= 0);
800 struct sockaddr_in tlsServer = {
801 .sin_family = AF_INET,
802 .sin_port = htons(853),
803 };
804 ASSERT_TRUE(inet_pton(AF_INET, listen_addr, &tlsServer.sin_addr));
Erik Klined1503072018-02-22 23:55:40 -0800[diff] [blame]805 enableSockopt(s, SOL_SOCKET, SO_REUSEPORT);
806 enableSockopt(s, SOL_SOCKET, SO_REUSEADDR);
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]807 ASSERT_FALSE(bind(s, reinterpret_cast<struct sockaddr*>(&tlsServer), sizeof(tlsServer)));
808 ASSERT_FALSE(listen(s, 1));
809
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]810 // Trigger TLS validation.
811 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]812
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]813 struct sockaddr_storage cliaddr;
814 socklen_t sin_size = sizeof(cliaddr);
Bernie Innocentif6918262018-06-11 17:37:35 +0900[diff] [blame]815 int new_fd = accept4(s, reinterpret_cast<struct sockaddr *>(&cliaddr), &sin_size, SOCK_CLOEXEC);
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]816 ASSERT_TRUE(new_fd > 0);
817
818 // We've received the new file descriptor but not written to it or closed, so the
819 // validation is still pending. Queries should still flow correctly because the
820 // server is not used until validation succeeds.
821 const hostent* result;
822 result = gethostbyname("tlsbroken1");
823 ASSERT_FALSE(result == nullptr);
824 EXPECT_EQ("1.2.3.1", ToString(result));
825
826 // Now we cause the validation to fail.
827 std::string garbage = "definitely not a valid TLS ServerHello";
828 write(new_fd, garbage.data(), garbage.size());
829 close(new_fd);
830
831 // Validation failure shouldn't interfere with lookups, because lookups won't be sent
832 // to the TLS server unless validation succeeds.
833 result = gethostbyname("tlsbroken2");
834 ASSERT_FALSE(result == nullptr);
835 EXPECT_EQ("1.2.3.2", ToString(result));
836
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]837 // Clear TLS bit.
838 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]839 dns.stopServer();
840 close(s);
841}
842
843TEST_F(ResolverTest, GetHostByName_Tls) {
844 const char* listen_addr = "127.0.0.3";
845 const char* listen_udp = "53";
846 const char* listen_tls = "853";
847 const char* host_name1 = "tls1.example.com.";
848 const char* host_name2 = "tls2.example.com.";
849 const char* host_name3 = "tls3.example.com.";
850 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
851 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
852 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
853 dns.addMapping(host_name3, ns_type::ns_t_a, "1.2.3.3");
854 ASSERT_TRUE(dns.startServer());
855 std::vector<std::string> servers = { listen_addr };
856
857 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
858 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]859 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]860
861 const hostent* result;
862
863 // Wait for validation to complete.
864 EXPECT_TRUE(tls.waitForQueries(1, 5000));
865
866 result = gethostbyname("tls1");
867 ASSERT_FALSE(result == nullptr);
868 EXPECT_EQ("1.2.3.1", ToString(result));
869
870 // Wait for query to get counted.
871 EXPECT_TRUE(tls.waitForQueries(2, 5000));
872
Erik Kline1564d482018-03-07 17:09:35 +0900[diff] [blame]873 // Stop the TLS server. Since we're in opportunistic mode, queries will
874 // fall back to the locally-assigned (clear text) nameservers.
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]875 tls.stopServer();
876
Erik Kline1564d482018-03-07 17:09:35 +0900[diff] [blame]877 dns.clearQueries();
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]878 result = gethostbyname("tls2");
Erik Kline1564d482018-03-07 17:09:35 +0900[diff] [blame]879 EXPECT_FALSE(result == nullptr);
880 EXPECT_EQ("1.2.3.2", ToString(result));
881 const auto queries = dns.queries();
882 EXPECT_EQ(1U, queries.size());
883 EXPECT_EQ("tls2.example.com.", queries[0].first);
884 EXPECT_EQ(ns_t_a, queries[0].second);
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]885
Erik Kline1564d482018-03-07 17:09:35 +0900[diff] [blame]886 // Reset the resolvers without enabling TLS. Queries should still be routed
887 // to the UDP endpoint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]888 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]889
890 result = gethostbyname("tls3");
891 ASSERT_FALSE(result == nullptr);
892 EXPECT_EQ("1.2.3.3", ToString(result));
893
894 dns.stopServer();
895}
896
897TEST_F(ResolverTest, GetHostByName_TlsFingerprint) {
898 const char* listen_addr = "127.0.0.3";
899 const char* listen_udp = "53";
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]900 const char* listen_tls = "853";
Ben Schwartzcbdd64a2017-08-23 18:21:46 -0400[diff] [blame]901 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
902 ASSERT_TRUE(dns.startServer());
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]903 for (int chain_length = 1; chain_length <= 3; ++chain_length) {
904 const char* host_name = StringPrintf("tlsfingerprint%d.example.com.", chain_length).c_str();
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]905 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]906 std::vector<std::string> servers = { listen_addr };
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]907
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]908 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
909 tls.set_chain_length(chain_length);
910 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]911 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
912 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]913
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]914 const hostent* result;
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]915
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]916 // Wait for validation to complete.
917 EXPECT_TRUE(tls.waitForQueries(1, 5000));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]918
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]919 result = gethostbyname(StringPrintf("tlsfingerprint%d", chain_length).c_str());
920 EXPECT_FALSE(result == nullptr);
921 if (result) {
922 EXPECT_EQ("1.2.3.1", ToString(result));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]923
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]924 // Wait for query to get counted.
925 EXPECT_TRUE(tls.waitForQueries(2, 5000));
926 }
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]927
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]928 // Clear TLS bit to ensure revalidation.
929 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]930 tls.stopServer();
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]931 }
Ben Schwartzcbdd64a2017-08-23 18:21:46 -0400[diff] [blame]932 dns.stopServer();
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]933}
934
935TEST_F(ResolverTest, GetHostByName_BadTlsFingerprint) {
936 const char* listen_addr = "127.0.0.3";
937 const char* listen_udp = "53";
938 const char* listen_tls = "853";
939 const char* host_name = "badtlsfingerprint.example.com.";
940 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
941 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
942 ASSERT_TRUE(dns.startServer());
943 std::vector<std::string> servers = { listen_addr };
944
945 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
946 ASSERT_TRUE(tls.startServer());
947 std::vector<uint8_t> bad_fingerprint = tls.fingerprint();
948 bad_fingerprint[5] += 1; // Corrupt the fingerprint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]949 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
950 { base64Encode(bad_fingerprint) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]951
952 // The initial validation should fail at the fingerprint check before
953 // issuing a query.
954 EXPECT_FALSE(tls.waitForQueries(1, 500));
955
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]956 // A fingerprint was provided and failed to match, so the query should fail.
957 EXPECT_EQ(nullptr, gethostbyname("badtlsfingerprint"));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]958
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]959 // Clear TLS bit.
960 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]961 tls.stopServer();
962 dns.stopServer();
963}
964
965// Test that we can pass two different fingerprints, and connection succeeds as long as
966// at least one of them matches the server.
967TEST_F(ResolverTest, GetHostByName_TwoTlsFingerprints) {
968 const char* listen_addr = "127.0.0.3";
969 const char* listen_udp = "53";
970 const char* listen_tls = "853";
971 const char* host_name = "twotlsfingerprints.example.com.";
972 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
973 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
974 ASSERT_TRUE(dns.startServer());
975 std::vector<std::string> servers = { listen_addr };
976
977 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
978 ASSERT_TRUE(tls.startServer());
979 std::vector<uint8_t> bad_fingerprint = tls.fingerprint();
980 bad_fingerprint[5] += 1; // Corrupt the fingerprint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]981 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
982 { base64Encode(bad_fingerprint), base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]983
984 const hostent* result;
985
986 // Wait for validation to complete.
987 EXPECT_TRUE(tls.waitForQueries(1, 5000));
988
989 result = gethostbyname("twotlsfingerprints");
990 ASSERT_FALSE(result == nullptr);
991 EXPECT_EQ("1.2.3.1", ToString(result));
992
993 // Wait for query to get counted.
994 EXPECT_TRUE(tls.waitForQueries(2, 5000));
995
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]996 // Clear TLS bit.
997 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]998 tls.stopServer();
999 dns.stopServer();
1000}
1001
1002TEST_F(ResolverTest, GetHostByName_TlsFingerprintGoesBad) {
1003 const char* listen_addr = "127.0.0.3";
1004 const char* listen_udp = "53";
1005 const char* listen_tls = "853";
1006 const char* host_name1 = "tlsfingerprintgoesbad1.example.com.";
1007 const char* host_name2 = "tlsfingerprintgoesbad2.example.com.";
1008 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1009 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
1010 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
1011 ASSERT_TRUE(dns.startServer());
1012 std::vector<std::string> servers = { listen_addr };
1013
1014 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1015 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1016 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1017 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1018
1019 const hostent* result;
1020
1021 // Wait for validation to complete.
1022 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1023
1024 result = gethostbyname("tlsfingerprintgoesbad1");
1025 ASSERT_FALSE(result == nullptr);
1026 EXPECT_EQ("1.2.3.1", ToString(result));
1027
1028 // Wait for query to get counted.
1029 EXPECT_TRUE(tls.waitForQueries(2, 5000));
1030
1031 // Restart the TLS server. This will generate a new certificate whose fingerprint
1032 // no longer matches the stored fingerprint.
1033 tls.stopServer();
1034 tls.startServer();
1035
1036 result = gethostbyname("tlsfingerprintgoesbad2");
1037 ASSERT_TRUE(result == nullptr);
1038 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
1039
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1040 // Clear TLS bit.
1041 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1042 tls.stopServer();
1043 dns.stopServer();
1044}
1045
1046TEST_F(ResolverTest, GetHostByName_TlsFailover) {
1047 const char* listen_addr1 = "127.0.0.3";
1048 const char* listen_addr2 = "127.0.0.4";
1049 const char* listen_udp = "53";
1050 const char* listen_tls = "853";
1051 const char* host_name1 = "tlsfailover1.example.com.";
1052 const char* host_name2 = "tlsfailover2.example.com.";
1053 test::DNSResponder dns1(listen_addr1, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1054 test::DNSResponder dns2(listen_addr2, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1055 dns1.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
1056 dns1.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
1057 dns2.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.3");
1058 dns2.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.4");
1059 ASSERT_TRUE(dns1.startServer());
1060 ASSERT_TRUE(dns2.startServer());
1061 std::vector<std::string> servers = { listen_addr1, listen_addr2 };
1062
1063 test::DnsTlsFrontend tls1(listen_addr1, listen_tls, listen_addr1, listen_udp);
1064 test::DnsTlsFrontend tls2(listen_addr2, listen_tls, listen_addr2, listen_udp);
1065 ASSERT_TRUE(tls1.startServer());
1066 ASSERT_TRUE(tls2.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1067 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1068 { base64Encode(tls1.fingerprint()), base64Encode(tls2.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1069
1070 const hostent* result;
1071
1072 // Wait for validation to complete.
1073 EXPECT_TRUE(tls1.waitForQueries(1, 5000));
1074 EXPECT_TRUE(tls2.waitForQueries(1, 5000));
1075
1076 result = gethostbyname("tlsfailover1");
1077 ASSERT_FALSE(result == nullptr);
1078 EXPECT_EQ("1.2.3.1", ToString(result));
1079
1080 // Wait for query to get counted.
1081 EXPECT_TRUE(tls1.waitForQueries(2, 5000));
1082 // No new queries should have reached tls2.
1083 EXPECT_EQ(1, tls2.queries());
1084
1085 // Stop tls1. Subsequent queries should attempt to reach tls1, fail, and retry to tls2.
1086 tls1.stopServer();
1087
1088 result = gethostbyname("tlsfailover2");
1089 EXPECT_EQ("1.2.3.4", ToString(result));
1090
1091 // Wait for query to get counted.
1092 EXPECT_TRUE(tls2.waitForQueries(2, 5000));
1093
1094 // No additional queries should have reached the insecure servers.
1095 EXPECT_EQ(2U, dns1.queries().size());
1096 EXPECT_EQ(2U, dns2.queries().size());
1097
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1098 // Clear TLS bit.
1099 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1100 tls2.stopServer();
1101 dns1.stopServer();
1102 dns2.stopServer();
1103}
1104
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1105TEST_F(ResolverTest, GetHostByName_BadTlsName) {
1106 const char* listen_addr = "127.0.0.3";
1107 const char* listen_udp = "53";
1108 const char* listen_tls = "853";
1109 const char* host_name = "badtlsname.example.com.";
1110 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1111 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
1112 ASSERT_TRUE(dns.startServer());
1113 std::vector<std::string> servers = { listen_addr };
1114
1115 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1116 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1117 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder,
1118 "www.example.com", {}));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1119
1120 // The TLS server's certificate doesn't chain to a known CA, and a nonempty name was specified,
1121 // so the client should fail the TLS handshake before ever issuing a query.
1122 EXPECT_FALSE(tls.waitForQueries(1, 500));
1123
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1124 // The query should fail hard, because a name was specified.
1125 EXPECT_EQ(nullptr, gethostbyname("badtlsname"));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1126
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1127 // Clear TLS bit.
1128 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1129 tls.stopServer();
1130 dns.stopServer();
1131}
1132
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1133TEST_F(ResolverTest, GetAddrInfo_Tls) {
1134 const char* listen_addr = "127.0.0.3";
1135 const char* listen_udp = "53";
1136 const char* listen_tls = "853";
1137 const char* host_name = "addrinfotls.example.com.";
1138 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1139 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
1140 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
1141 ASSERT_TRUE(dns.startServer());
1142 std::vector<std::string> servers = { listen_addr };
1143
1144 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1145 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1146 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1147 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1148
1149 // Wait for validation to complete.
1150 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1151
1152 dns.clearQueries();
1153 addrinfo* result = nullptr;
1154 EXPECT_EQ(0, getaddrinfo("addrinfotls", nullptr, nullptr, &result));
1155 size_t found = GetNumQueries(dns, host_name);
1156 EXPECT_LE(1U, found);
1157 // Could be A or AAAA
1158 std::string result_str = ToString(result);
1159 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
1160 << ", result_str='" << result_str << "'";
1161 // TODO: Use ScopedAddrinfo or similar once it is available in a common header file.
1162 if (result) {
1163 freeaddrinfo(result);
1164 result = nullptr;
1165 }
1166 // Wait for both A and AAAA queries to get counted.
1167 EXPECT_TRUE(tls.waitForQueries(3, 5000));
1168
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1169 // Clear TLS bit.
1170 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1171 tls.stopServer();
1172 dns.stopServer();
1173}
Erik Kline1564d482018-03-07 17:09:35 +0900[diff] [blame]1174
1175TEST_F(ResolverTest, TlsBypass) {
1176 const char OFF[] = "off";
1177 const char OPPORTUNISTIC[] = "opportunistic";
1178 const char STRICT[] = "strict";
1179
1180 const char GETHOSTBYNAME[] = "gethostbyname";
1181 const char GETADDRINFO[] = "getaddrinfo";
1182 const char GETADDRINFOFORNET[] = "getaddrinfofornet";
1183
1184 const unsigned BYPASS_NETID = NETID_USE_LOCAL_NAMESERVERS | TEST_NETID;
1185
1186 const std::vector<uint8_t> NOOP_FINGERPRINT(test::SHA256_SIZE, 0U);
1187
1188 const char ADDR4[] = "192.0.2.1";
1189 const char ADDR6[] = "2001:db8::1";
1190
1191 const char cleartext_addr[] = "127.0.0.53";
1192 const char cleartext_port[] = "53";
1193 const char tls_port[] = "853";
1194 const std::vector<std::string> servers = { cleartext_addr };
1195
1196 test::DNSResponder dns(cleartext_addr, cleartext_port, 250, ns_rcode::ns_r_servfail, 1.0);
1197 ASSERT_TRUE(dns.startServer());
1198
1199 test::DnsTlsFrontend tls(cleartext_addr, tls_port, cleartext_addr, cleartext_port);
1200
1201 struct TestConfig {
1202 const std::string mode;
1203 const bool withWorkingTLS;
1204 const std::string method;
1205
1206 std::string asHostName() const {
1207 return StringPrintf("%s.%s.%s.",
1208 mode.c_str(),
1209 withWorkingTLS ? "tlsOn" : "tlsOff",
1210 method.c_str());
1211 }
1212 } testConfigs[]{
1213 {OFF, false, GETHOSTBYNAME},
1214 {OPPORTUNISTIC, false, GETHOSTBYNAME},
1215 {STRICT, false, GETHOSTBYNAME},
1216 {OFF, true, GETHOSTBYNAME},
1217 {OPPORTUNISTIC, true, GETHOSTBYNAME},
1218 {STRICT, true, GETHOSTBYNAME},
1219 {OFF, false, GETADDRINFO},
1220 {OPPORTUNISTIC, false, GETADDRINFO},
1221 {STRICT, false, GETADDRINFO},
1222 {OFF, true, GETADDRINFO},
1223 {OPPORTUNISTIC, true, GETADDRINFO},
1224 {STRICT, true, GETADDRINFO},
1225 {OFF, false, GETADDRINFOFORNET},
1226 {OPPORTUNISTIC, false, GETADDRINFOFORNET},
1227 {STRICT, false, GETADDRINFOFORNET},
1228 {OFF, true, GETADDRINFOFORNET},
1229 {OPPORTUNISTIC, true, GETADDRINFOFORNET},
1230 {STRICT, true, GETADDRINFOFORNET},
1231 };
1232
1233 for (const auto& config : testConfigs) {
1234 const std::string testHostName = config.asHostName();
1235 SCOPED_TRACE(testHostName);
1236
1237 // Don't tempt test bugs due to caching.
1238 const char* host_name = testHostName.c_str();
1239 dns.addMapping(host_name, ns_type::ns_t_a, ADDR4);
1240 dns.addMapping(host_name, ns_type::ns_t_aaaa, ADDR6);
1241
1242 if (config.withWorkingTLS) ASSERT_TRUE(tls.startServer());
1243
1244 if (config.mode == OFF) {
1245 ASSERT_TRUE(SetResolversForNetwork(
1246 servers, mDefaultSearchDomains, mDefaultParams_Binder));
1247 } else if (config.mode == OPPORTUNISTIC) {
1248 ASSERT_TRUE(SetResolversWithTls(
1249 servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
1250 // Wait for validation to complete.
1251 if (config.withWorkingTLS) EXPECT_TRUE(tls.waitForQueries(1, 5000));
1252 } else if (config.mode == STRICT) {
1253 // We use the existence of fingerprints to trigger strict mode,
1254 // rather than hostname validation.
1255 const auto& fingerprint =
1256 (config.withWorkingTLS) ? tls.fingerprint() : NOOP_FINGERPRINT;
1257 ASSERT_TRUE(SetResolversWithTls(
1258 servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1259 { base64Encode(fingerprint) }));
1260 // Wait for validation to complete.
1261 if (config.withWorkingTLS) EXPECT_TRUE(tls.waitForQueries(1, 5000));
1262 } else {
1263 FAIL() << "Unsupported Private DNS mode: " << config.mode;
1264 }
1265
1266 const int tlsQueriesBefore = tls.queries();
1267
1268 const hostent* h_result = nullptr;
1269 addrinfo* ai_result = nullptr;
1270
1271 if (config.method == GETHOSTBYNAME) {
1272 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
1273 h_result = gethostbyname(host_name);
1274
1275 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
1276 ASSERT_FALSE(h_result == nullptr);
1277 ASSERT_EQ(4, h_result->h_length);
1278 ASSERT_FALSE(h_result->h_addr_list[0] == nullptr);
1279 EXPECT_EQ(ADDR4, ToString(h_result));
1280 EXPECT_TRUE(h_result->h_addr_list[1] == nullptr);
1281 } else if (config.method == GETADDRINFO) {
1282 ASSERT_EQ(0, setNetworkForResolv(BYPASS_NETID));
1283 EXPECT_EQ(0, getaddrinfo(host_name, nullptr, nullptr, &ai_result));
1284
1285 EXPECT_LE(1U, GetNumQueries(dns, host_name));
1286 // Could be A or AAAA
1287 const std::string result_str = ToString(ai_result);
1288 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
1289 << ", result_str='" << result_str << "'";
1290 } else if (config.method == GETADDRINFOFORNET) {
1291 EXPECT_EQ(0, android_getaddrinfofornet(
1292 host_name, nullptr, nullptr, BYPASS_NETID, MARK_UNSET, &ai_result));
1293
1294 EXPECT_LE(1U, GetNumQueries(dns, host_name));
1295 // Could be A or AAAA
1296 const std::string result_str = ToString(ai_result);
1297 EXPECT_TRUE(result_str == ADDR4 || result_str == ADDR6)
1298 << ", result_str='" << result_str << "'";
1299 } else {
1300 FAIL() << "Unsupported query method: " << config.method;
1301 }
1302
1303 const int tlsQueriesAfter = tls.queries();
1304 EXPECT_EQ(0, tlsQueriesAfter - tlsQueriesBefore);
1305
1306 // TODO: Use ScopedAddrinfo or similar once it is available in a common header file.
1307 if (ai_result != nullptr) freeaddrinfo(ai_result);
1308
1309 // Clear per-process resolv netid.
1310 ASSERT_EQ(0, setNetworkForResolv(NETID_UNSET));
1311 tls.stopServer();
1312 dns.clearQueries();
1313 }
1314
1315 dns.stopServer();
1316}
1317
1318TEST_F(ResolverTest, StrictMode_NoTlsServers) {
1319 const std::vector<uint8_t> NOOP_FINGERPRINT(test::SHA256_SIZE, 0U);
1320 const char cleartext_addr[] = "127.0.0.53";
1321 const char cleartext_port[] = "53";
1322 const std::vector<std::string> servers = { cleartext_addr };
1323
1324 test::DNSResponder dns(cleartext_addr, cleartext_port, 250, ns_rcode::ns_r_servfail, 1.0);
1325 const char* host_name = "strictmode.notlsips.example.com.";
1326 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
1327 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
1328 ASSERT_TRUE(dns.startServer());
1329
1330 ASSERT_TRUE(SetResolversWithTls(
1331 servers, mDefaultSearchDomains, mDefaultParams_Binder,
1332 {}, "", { base64Encode(NOOP_FINGERPRINT) }));
1333
1334 addrinfo* ai_result = nullptr;
1335 EXPECT_NE(0, getaddrinfo(host_name, nullptr, nullptr, &ai_result));
1336 EXPECT_EQ(0U, GetNumQueries(dns, host_name));
1337}
Chenbo Feng66165472018-07-23 19:05:56 -0700[diff] [blame]1338
1339TEST(NetUtilsWrapperTest, TestFileCapabilities) {
1340 errno = 0;
1341 ASSERT_EQ(NULL, cap_get_file("/system/bin/netutils-wrapper-1.0"));
1342 ASSERT_EQ(ENODATA, errno);
1343}