Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / d1503073a2f2fca03fd970d5698c5a4548115399 / . / tests / netd_test.cpp
blob: 3b77833981182fadf6b2edafd990d9479f200bae [file] [log] [blame]
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless requied by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18#include <arpa/inet.h>
19#include <errno.h>
20#include <netdb.h>
21#include <stdarg.h>
22#include <stdio.h>
23#include <stdlib.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]24#include <unistd.h>
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]25
26#include <cutils/sockets.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]27#include <android-base/stringprintf.h>
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]28#include <private/android_filesystem_config.h>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]29
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]30#include <openssl/base64.h>
31
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]32#include <algorithm>
33#include <chrono>
34#include <iterator>
35#include <numeric>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]36#include <thread>
37
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]38#define LOG_TAG "netd_test"
39// TODO: make this dynamic and stop depending on implementation details.
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]40#define TEST_NETID 30
41
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]42#include "NetdClient.h"
43
44#include <gtest/gtest.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]45
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]46#include <utils/Log.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]47
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]48#include "dns_responder.h"
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]49#include "dns_responder_client.h"
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]50#include "dns_tls_frontend.h"
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]51#include "resolv_params.h"
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]52#include "ResolverStats.h"
53
54#include "android/net/INetd.h"
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]55#include "android/net/metrics/INetdEventListener.h"
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]56#include "binder/IServiceManager.h"
Erik Klined1503072018-02-22 23:55:40 -0800[diff] [blame^]57#include "netdutils/SocketOption.h"
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]58
59using android::base::StringPrintf;
60using android::base::StringAppendF;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]61using android::net::ResolverStats;
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]62using android::net::metrics::INetdEventListener;
Erik Klined1503072018-02-22 23:55:40 -0800[diff] [blame^]63using android::netdutils::enableSockopt;
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]64
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]65// Emulates the behavior of UnorderedElementsAreArray, which currently cannot be used.
66// TODO: Use UnorderedElementsAreArray, which depends on being able to compile libgmock_host,
67// if that is not possible, improve this hacky algorithm, which is O(n**2)
68template <class A, class B>
69bool UnorderedCompareArray(const A& a, const B& b) {
70 if (a.size() != b.size()) return false;
71 for (const auto& a_elem : a) {
72 size_t a_count = 0;
73 for (const auto& a_elem2 : a) {
74 if (a_elem == a_elem2) {
75 ++a_count;
76 }
77 }
78 size_t b_count = 0;
79 for (const auto& b_elem : b) {
80 if (a_elem == b_elem) ++b_count;
81 }
82 if (a_count != b_count) return false;
83 }
84 return true;
85}
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]86
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]87class AddrInfo {
88 public:
89 AddrInfo() : ai_(nullptr), error_(0) {}
90
91 AddrInfo(const char* node, const char* service, const addrinfo& hints) : ai_(nullptr) {
92 init(node, service, hints);
93 }
94
95 AddrInfo(const char* node, const char* service) : ai_(nullptr) {
96 init(node, service);
97 }
98
99 ~AddrInfo() { clear(); }
100
101 int init(const char* node, const char* service, const addrinfo& hints) {
102 clear();
103 error_ = getaddrinfo(node, service, &hints, &ai_);
104 return error_;
105 }
106
107 int init(const char* node, const char* service) {
108 clear();
109 error_ = getaddrinfo(node, service, nullptr, &ai_);
110 return error_;
111 }
112
113 void clear() {
114 if (ai_ != nullptr) {
115 freeaddrinfo(ai_);
116 ai_ = nullptr;
117 error_ = 0;
118 }
119 }
120
121 const addrinfo& operator*() const { return *ai_; }
122 const addrinfo* get() const { return ai_; }
123 const addrinfo* operator&() const { return ai_; }
124 int error() const { return error_; }
125
126 private:
127 addrinfo* ai_;
128 int error_;
129};
130
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]131class ResolverTest : public ::testing::Test, public DnsResponderClient {
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]132private:
133 int mOriginalMetricsLevel;
134
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]135protected:
136 virtual void SetUp() {
137 // Ensure resolutions go via proxy.
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]138 DnsResponderClient::SetUp();
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]139
140 // If DNS reporting is off: turn it on so we run through everything.
141 auto rv = mNetdSrv->getMetricsReportingLevel(&mOriginalMetricsLevel);
142 ASSERT_TRUE(rv.isOk());
143 if (mOriginalMetricsLevel != INetdEventListener::REPORTING_LEVEL_FULL) {
144 rv = mNetdSrv->setMetricsReportingLevel(INetdEventListener::REPORTING_LEVEL_FULL);
145 ASSERT_TRUE(rv.isOk());
146 }
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]147 }
148
149 virtual void TearDown() {
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]150 if (mOriginalMetricsLevel != INetdEventListener::REPORTING_LEVEL_FULL) {
151 auto rv = mNetdSrv->setMetricsReportingLevel(mOriginalMetricsLevel);
152 ASSERT_TRUE(rv.isOk());
153 }
154
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]155 DnsResponderClient::TearDown();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]156 }
157
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]158 bool GetResolverInfo(std::vector<std::string>* servers, std::vector<std::string>* domains,
159 __res_params* params, std::vector<ResolverStats>* stats) {
160 using android::net::INetd;
161 std::vector<int32_t> params32;
162 std::vector<int32_t> stats32;
163 auto rv = mNetdSrv->getResolverInfo(TEST_NETID, servers, domains, &params32, &stats32);
164 if (!rv.isOk() || params32.size() != INetd::RESOLVER_PARAMS_COUNT) {
165 return false;
166 }
167 *params = __res_params {
168 .sample_validity = static_cast<uint16_t>(
169 params32[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY]),
170 .success_threshold = static_cast<uint8_t>(
171 params32[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD]),
172 .min_samples = static_cast<uint8_t>(
173 params32[INetd::RESOLVER_PARAMS_MIN_SAMPLES]),
174 .max_samples = static_cast<uint8_t>(
175 params32[INetd::RESOLVER_PARAMS_MAX_SAMPLES])
176 };
177 return ResolverStats::decodeAll(stats32, stats);
178 }
179
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]180 std::string ToString(const hostent* he) const {
181 if (he == nullptr) return "<null>";
182 char buffer[INET6_ADDRSTRLEN];
183 if (!inet_ntop(he->h_addrtype, he->h_addr_list[0], buffer, sizeof(buffer))) {
184 return "<invalid>";
185 }
186 return buffer;
Pierre Imaiccf7b992016-02-25 16:34:29 +0900[diff] [blame]187 }
188
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]189 std::string ToString(const addrinfo* ai) const {
190 if (!ai)
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]191 return "<null>";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]192 for (const auto* aip = ai ; aip != nullptr ; aip = aip->ai_next) {
193 char host[NI_MAXHOST];
194 int rv = getnameinfo(aip->ai_addr, aip->ai_addrlen, host, sizeof(host), nullptr, 0,
195 NI_NUMERICHOST);
196 if (rv != 0)
197 return gai_strerror(rv);
198 return host;
199 }
200 return "<invalid>";
201 }
202
203 size_t GetNumQueries(const test::DNSResponder& dns, const char* name) const {
204 auto queries = dns.queries();
205 size_t found = 0;
206 for (const auto& p : queries) {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]207 if (p.first == name) {
208 ++found;
209 }
210 }
211 return found;
212 }
213
214 size_t GetNumQueriesForType(const test::DNSResponder& dns, ns_type type,
215 const char* name) const {
216 auto queries = dns.queries();
217 size_t found = 0;
218 for (const auto& p : queries) {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]219 if (p.second == type && p.first == name) {
220 ++found;
221 }
222 }
223 return found;
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]224 }
225
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]226 void RunGetAddrInfoStressTest_Binder(unsigned num_hosts, unsigned num_threads,
227 unsigned num_queries) {
228 std::vector<std::string> domains = { "example.com" };
229 std::vector<std::unique_ptr<test::DNSResponder>> dns;
230 std::vector<std::string> servers;
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]231 std::vector<DnsResponderClient::Mapping> mappings;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]232 ASSERT_NO_FATAL_FAILURE(SetupMappings(num_hosts, domains, &mappings));
233 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(MAXNS, mappings, &dns, &servers));
234
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]235 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]236
237 auto t0 = std::chrono::steady_clock::now();
238 std::vector<std::thread> threads(num_threads);
239 for (std::thread& thread : threads) {
Yi Kong1ad22582017-05-04 16:45:47 -0700[diff] [blame]240 thread = std::thread([this, &mappings, num_queries]() {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]241 for (unsigned i = 0 ; i < num_queries ; ++i) {
242 uint32_t ofs = arc4random_uniform(mappings.size());
Robin Leed67c77f2016-09-15 10:55:25 +0900[diff] [blame]243 auto& mapping = mappings[ofs];
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]244 addrinfo* result = nullptr;
245 int rv = getaddrinfo(mapping.host.c_str(), nullptr, nullptr, &result);
246 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
247 if (rv == 0) {
248 std::string result_str = ToString(result);
249 EXPECT_TRUE(result_str == mapping.ip4 || result_str == mapping.ip6)
250 << "result='" << result_str << "', ip4='" << mapping.ip4
251 << "', ip6='" << mapping.ip6;
252 }
253 if (result) {
254 freeaddrinfo(result);
255 result = nullptr;
256 }
257 }
258 });
259 }
260
261 for (std::thread& thread : threads) {
262 thread.join();
263 }
264 auto t1 = std::chrono::steady_clock::now();
265 ALOGI("%u hosts, %u threads, %u queries, %Es", num_hosts, num_threads, num_queries,
266 std::chrono::duration<double>(t1 - t0).count());
267 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
268 }
269
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]270 const std::vector<std::string> mDefaultSearchDomains = { "example.com" };
271 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
272 const std::string mDefaultParams = "300 25 8 8";
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]273 const std::vector<int> mDefaultParams_Binder = { 300, 25, 8, 8 };
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]274};
275
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]276TEST_F(ResolverTest, GetHostByName) {
277 const char* listen_addr = "127.0.0.3";
278 const char* listen_srv = "53";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]279 const char* host_name = "hello.example.com.";
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]280 const char *nonexistent_host_name = "nonexistent.example.com.";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]281 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
282 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
283 ASSERT_TRUE(dns.startServer());
284 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]285 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]286
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]287 const hostent* result;
288
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]289 dns.clearQueries();
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]290 result = gethostbyname("nonexistent");
291 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, nonexistent_host_name));
292 ASSERT_TRUE(result == nullptr);
293 ASSERT_EQ(HOST_NOT_FOUND, h_errno);
294
295 dns.clearQueries();
296 result = gethostbyname("hello");
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]297 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]298 ASSERT_FALSE(result == nullptr);
299 ASSERT_EQ(4, result->h_length);
300 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]301 EXPECT_EQ("1.2.3.3", ToString(result));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]302 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
Michal Karpinski89167102016-10-26 10:33:26 +0100[diff] [blame]303
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]304 dns.stopServer();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]305}
306
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]307TEST_F(ResolverTest, TestBinderSerialization) {
308 using android::net::INetd;
309 std::vector<int> params_offsets = {
310 INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY,
311 INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD,
312 INetd::RESOLVER_PARAMS_MIN_SAMPLES,
313 INetd::RESOLVER_PARAMS_MAX_SAMPLES
314 };
315 int size = static_cast<int>(params_offsets.size());
316 EXPECT_EQ(size, INetd::RESOLVER_PARAMS_COUNT);
317 std::sort(params_offsets.begin(), params_offsets.end());
318 for (int i = 0 ; i < size ; ++i) {
319 EXPECT_EQ(params_offsets[i], i);
320 }
321}
322
323TEST_F(ResolverTest, GetHostByName_Binder) {
324 using android::net::INetd;
325
326 std::vector<std::string> domains = { "example.com" };
327 std::vector<std::unique_ptr<test::DNSResponder>> dns;
328 std::vector<std::string> servers;
329 std::vector<Mapping> mappings;
330 ASSERT_NO_FATAL_FAILURE(SetupMappings(1, domains, &mappings));
331 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(4, mappings, &dns, &servers));
332 ASSERT_EQ(1U, mappings.size());
333 const Mapping& mapping = mappings[0];
334
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]335 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]336
337 const hostent* result = gethostbyname(mapping.host.c_str());
338 size_t total_queries = std::accumulate(dns.begin(), dns.end(), 0,
339 [this, &mapping](size_t total, auto& d) {
340 return total + GetNumQueriesForType(*d, ns_type::ns_t_a, mapping.entry.c_str());
341 });
342
343 EXPECT_LE(1U, total_queries);
344 ASSERT_FALSE(result == nullptr);
345 ASSERT_EQ(4, result->h_length);
346 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
347 EXPECT_EQ(mapping.ip4, ToString(result));
348 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
349
350 std::vector<std::string> res_servers;
351 std::vector<std::string> res_domains;
352 __res_params res_params;
353 std::vector<ResolverStats> res_stats;
354 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
355 EXPECT_EQ(servers.size(), res_servers.size());
356 EXPECT_EQ(domains.size(), res_domains.size());
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]357 ASSERT_EQ(INetd::RESOLVER_PARAMS_COUNT, mDefaultParams_Binder.size());
358 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY],
359 res_params.sample_validity);
360 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
361 res_params.success_threshold);
362 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
363 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]364 EXPECT_EQ(servers.size(), res_stats.size());
365
366 EXPECT_TRUE(UnorderedCompareArray(res_servers, servers));
367 EXPECT_TRUE(UnorderedCompareArray(res_domains, domains));
368
369 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
370}
371
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]372TEST_F(ResolverTest, GetAddrInfo) {
373 addrinfo* result = nullptr;
374
375 const char* listen_addr = "127.0.0.4";
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]376 const char* listen_addr2 = "127.0.0.5";
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]377 const char* listen_srv = "53";
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]378 const char* host_name = "howdy.example.com.";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]379 test::DNSResponder dns(listen_addr, listen_srv, 250,
380 ns_rcode::ns_r_servfail, 1.0);
381 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
382 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
383 ASSERT_TRUE(dns.startServer());
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]384
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]385 test::DNSResponder dns2(listen_addr2, listen_srv, 250,
386 ns_rcode::ns_r_servfail, 1.0);
387 dns2.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
388 dns2.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
389 ASSERT_TRUE(dns2.startServer());
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]390
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]391
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]392 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]393 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]394 dns.clearQueries();
395 dns2.clearQueries();
Pierre Imai3a272072016-04-19 16:17:07 +0900[diff] [blame]396
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]397 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
398 size_t found = GetNumQueries(dns, host_name);
399 EXPECT_LE(1U, found);
400 // Could be A or AAAA
401 std::string result_str = ToString(result);
402 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
403 << ", result_str='" << result_str << "'";
404 // TODO: Use ScopedAddrinfo or similar once it is available in a common header file.
405 if (result) {
406 freeaddrinfo(result);
407 result = nullptr;
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]408 }
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]409
410 // Verify that the name is cached.
411 size_t old_found = found;
412 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
413 found = GetNumQueries(dns, host_name);
414 EXPECT_LE(1U, found);
415 EXPECT_EQ(old_found, found);
416 result_str = ToString(result);
417 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
418 << result_str;
419 if (result) {
420 freeaddrinfo(result);
421 result = nullptr;
422 }
423
424 // Change the DNS resolver, ensure that queries are still cached.
425 servers = { listen_addr2 };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]426 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Erik Klinef6106462016-11-24 08:30:34 +0900[diff] [blame]427 dns.clearQueries();
428 dns2.clearQueries();
429
430 EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result));
431 found = GetNumQueries(dns, host_name);
432 size_t found2 = GetNumQueries(dns2, host_name);
433 EXPECT_EQ(0U, found);
434 EXPECT_LE(0U, found2);
435
436 // Could be A or AAAA
437 result_str = ToString(result);
438 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
439 << ", result_str='" << result_str << "'";
440 if (result) {
441 freeaddrinfo(result);
442 result = nullptr;
443 }
444
Pierre Imai6f4f86d2016-04-08 13:15:27 +0900[diff] [blame]445 dns.stopServer();
446 dns2.stopServer();
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]447}
448
449TEST_F(ResolverTest, GetAddrInfoV4) {
450 addrinfo* result = nullptr;
451
452 const char* listen_addr = "127.0.0.5";
453 const char* listen_srv = "53";
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]454 const char* host_name = "hola.example.com.";
455 test::DNSResponder dns(listen_addr, listen_srv, 250,
456 ns_rcode::ns_r_servfail, 1.0);
457 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.5");
458 ASSERT_TRUE(dns.startServer());
459 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]460 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]461
462 addrinfo hints;
463 memset(&hints, 0, sizeof(hints));
464 hints.ai_family = AF_INET;
465 EXPECT_EQ(0, getaddrinfo("hola", nullptr, &hints, &result));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]466 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
Pierre Imaiccf7b992016-02-25 16:34:29 +0900[diff] [blame]467 EXPECT_EQ("1.2.3.5", ToString(result));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]468 if (result) {
469 freeaddrinfo(result);
470 result = nullptr;
471 }
Pierre Imai904ce3a2016-02-18 13:13:12 +0900[diff] [blame]472}
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]473
Ben Schwartzd4689712017-10-02 12:14:38 -0400[diff] [blame]474TEST_F(ResolverTest, GetHostByNameBrokenEdns) {
475 const char* listen_addr = "127.0.0.3";
476 const char* listen_srv = "53";
477 const char* host_name = "edns.example.com.";
478 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
479 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
480 dns.setFailOnEdns(true); // This is the only change from the basic test.
481 ASSERT_TRUE(dns.startServer());
482 std::vector<std::string> servers = { listen_addr };
483 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
484
485 const hostent* result;
486
487 dns.clearQueries();
488 result = gethostbyname("edns");
489 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
490 ASSERT_FALSE(result == nullptr);
491 ASSERT_EQ(4, result->h_length);
492 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
493 EXPECT_EQ("1.2.3.3", ToString(result));
494 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
495}
496
497TEST_F(ResolverTest, GetAddrInfoBrokenEdns) {
498 addrinfo* result = nullptr;
499
500 const char* listen_addr = "127.0.0.5";
501 const char* listen_srv = "53";
502 const char* host_name = "edns2.example.com.";
503 test::DNSResponder dns(listen_addr, listen_srv, 250,
504 ns_rcode::ns_r_servfail, 1.0);
505 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.5");
506 dns.setFailOnEdns(true); // This is the only change from the basic test.
507 ASSERT_TRUE(dns.startServer());
508 std::vector<std::string> servers = { listen_addr };
509 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
510
511 addrinfo hints;
512 memset(&hints, 0, sizeof(hints));
513 hints.ai_family = AF_INET;
514 EXPECT_EQ(0, getaddrinfo("edns2", nullptr, &hints, &result));
515 EXPECT_EQ(1U, GetNumQueries(dns, host_name));
516 EXPECT_EQ("1.2.3.5", ToString(result));
517 if (result) {
518 freeaddrinfo(result);
519 result = nullptr;
520 }
521}
522
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]523TEST_F(ResolverTest, MultidomainResolution) {
524 std::vector<std::string> searchDomains = { "example1.com", "example2.com", "example3.com" };
525 const char* listen_addr = "127.0.0.6";
526 const char* listen_srv = "53";
527 const char* host_name = "nihao.example2.com.";
528 test::DNSResponder dns(listen_addr, listen_srv, 250,
529 ns_rcode::ns_r_servfail, 1.0);
530 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
531 ASSERT_TRUE(dns.startServer());
532 std::vector<std::string> servers = { listen_addr };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]533 ASSERT_TRUE(SetResolversForNetwork(servers, searchDomains, mDefaultParams_Binder));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]534
535 dns.clearQueries();
536 const hostent* result = gethostbyname("nihao");
537 EXPECT_EQ(1U, GetNumQueriesForType(dns, ns_type::ns_t_a, host_name));
538 ASSERT_FALSE(result == nullptr);
539 ASSERT_EQ(4, result->h_length);
540 ASSERT_FALSE(result->h_addr_list[0] == nullptr);
541 EXPECT_EQ("1.2.3.3", ToString(result));
542 EXPECT_TRUE(result->h_addr_list[1] == nullptr);
543 dns.stopServer();
544}
545
546TEST_F(ResolverTest, GetAddrInfoV6_failing) {
547 addrinfo* result = nullptr;
548
549 const char* listen_addr0 = "127.0.0.7";
550 const char* listen_addr1 = "127.0.0.8";
551 const char* listen_srv = "53";
552 const char* host_name = "ohayou.example.com.";
553 test::DNSResponder dns0(listen_addr0, listen_srv, 250,
554 ns_rcode::ns_r_servfail, 0.0);
555 test::DNSResponder dns1(listen_addr1, listen_srv, 250,
556 ns_rcode::ns_r_servfail, 1.0);
557 dns0.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
558 dns1.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::6");
559 ASSERT_TRUE(dns0.startServer());
560 ASSERT_TRUE(dns1.startServer());
561 std::vector<std::string> servers = { listen_addr0, listen_addr1 };
562 // <sample validity in s> <success threshold in percent> <min samples> <max samples>
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]563 int sample_count = 8;
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]564 const std::vector<int> params = { 300, 25, sample_count, sample_count };
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]565 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, params));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]566
567 // Repeatedly perform resolutions for non-existing domains until MAXNSSAMPLES resolutions have
568 // reached the dns0, which is set to fail. No more requests should then arrive at that server
569 // for the next sample_lifetime seconds.
570 // TODO: This approach is implementation-dependent, change once metrics reporting is available.
571 addrinfo hints;
572 memset(&hints, 0, sizeof(hints));
573 hints.ai_family = AF_INET6;
574 for (int i = 0 ; i < sample_count ; ++i) {
575 std::string domain = StringPrintf("nonexistent%d", i);
576 getaddrinfo(domain.c_str(), nullptr, &hints, &result);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]577 if (result) {
578 freeaddrinfo(result);
579 result = nullptr;
580 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]581 }
582 // Due to 100% errors for all possible samples, the server should be ignored from now on and
583 // only the second one used for all following queries, until NSSAMPLE_VALIDITY is reached.
584 dns0.clearQueries();
585 dns1.clearQueries();
586 EXPECT_EQ(0, getaddrinfo("ohayou", nullptr, &hints, &result));
587 EXPECT_EQ(0U, GetNumQueries(dns0, host_name));
588 EXPECT_EQ(1U, GetNumQueries(dns1, host_name));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]589 if (result) {
590 freeaddrinfo(result);
591 result = nullptr;
592 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]593}
594
595TEST_F(ResolverTest, GetAddrInfoV6_concurrent) {
596 const char* listen_addr0 = "127.0.0.9";
597 const char* listen_addr1 = "127.0.0.10";
598 const char* listen_addr2 = "127.0.0.11";
599 const char* listen_srv = "53";
600 const char* host_name = "konbanha.example.com.";
601 test::DNSResponder dns0(listen_addr0, listen_srv, 250,
602 ns_rcode::ns_r_servfail, 1.0);
603 test::DNSResponder dns1(listen_addr1, listen_srv, 250,
604 ns_rcode::ns_r_servfail, 1.0);
605 test::DNSResponder dns2(listen_addr2, listen_srv, 250,
606 ns_rcode::ns_r_servfail, 1.0);
607 dns0.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::5");
608 dns1.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::6");
609 dns2.addMapping(host_name, ns_type::ns_t_aaaa, "2001:db8::7");
610 ASSERT_TRUE(dns0.startServer());
611 ASSERT_TRUE(dns1.startServer());
612 ASSERT_TRUE(dns2.startServer());
613 const std::vector<std::string> servers = { listen_addr0, listen_addr1, listen_addr2 };
614 std::vector<std::thread> threads(10);
615 for (std::thread& thread : threads) {
Yi Kong1ad22582017-05-04 16:45:47 -0700[diff] [blame]616 thread = std::thread([this, &servers]() {
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]617 unsigned delay = arc4random_uniform(1*1000*1000); // <= 1s
618 usleep(delay);
619 std::vector<std::string> serverSubset;
620 for (const auto& server : servers) {
621 if (arc4random_uniform(2)) {
622 serverSubset.push_back(server);
623 }
624 }
625 if (serverSubset.empty()) serverSubset = servers;
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]626 ASSERT_TRUE(SetResolversForNetwork(serverSubset, mDefaultSearchDomains,
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]627 mDefaultParams_Binder));
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]628 addrinfo hints;
629 memset(&hints, 0, sizeof(hints));
630 hints.ai_family = AF_INET6;
631 addrinfo* result = nullptr;
632 int rv = getaddrinfo("konbanha", nullptr, &hints, &result);
633 EXPECT_EQ(0, rv) << "error [" << rv << "] " << gai_strerror(rv);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]634 if (result) {
635 freeaddrinfo(result);
636 result = nullptr;
637 }
Pierre Imai95f5f942016-03-09 18:09:25 +0900[diff] [blame]638 });
639 }
640 for (std::thread& thread : threads) {
641 thread.join();
642 }
643}
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]644
645TEST_F(ResolverTest, GetAddrInfoStressTest_Binder_100) {
646 const unsigned num_hosts = 100;
647 const unsigned num_threads = 100;
648 const unsigned num_queries = 100;
649 ASSERT_NO_FATAL_FAILURE(RunGetAddrInfoStressTest_Binder(num_hosts, num_threads, num_queries));
650}
651
652TEST_F(ResolverTest, GetAddrInfoStressTest_Binder_100000) {
653 const unsigned num_hosts = 100000;
654 const unsigned num_threads = 100;
655 const unsigned num_queries = 100;
656 ASSERT_NO_FATAL_FAILURE(RunGetAddrInfoStressTest_Binder(num_hosts, num_threads, num_queries));
657}
658
659TEST_F(ResolverTest, EmptySetup) {
660 using android::net::INetd;
661 std::vector<std::string> servers;
662 std::vector<std::string> domains;
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]663 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]664 std::vector<std::string> res_servers;
665 std::vector<std::string> res_domains;
666 __res_params res_params;
667 std::vector<ResolverStats> res_stats;
668 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
669 EXPECT_EQ(0U, res_servers.size());
670 EXPECT_EQ(0U, res_domains.size());
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]671 ASSERT_EQ(INetd::RESOLVER_PARAMS_COUNT, mDefaultParams_Binder.size());
672 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SAMPLE_VALIDITY],
673 res_params.sample_validity);
674 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_SUCCESS_THRESHOLD],
675 res_params.success_threshold);
676 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MIN_SAMPLES], res_params.min_samples);
677 EXPECT_EQ(mDefaultParams_Binder[INetd::RESOLVER_PARAMS_MAX_SAMPLES], res_params.max_samples);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]678}
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]679
680TEST_F(ResolverTest, SearchPathChange) {
681 addrinfo* result = nullptr;
682
683 const char* listen_addr = "127.0.0.13";
684 const char* listen_srv = "53";
685 const char* host_name1 = "test13.domain1.org.";
686 const char* host_name2 = "test13.domain2.org.";
687 test::DNSResponder dns(listen_addr, listen_srv, 250,
688 ns_rcode::ns_r_servfail, 1.0);
689 dns.addMapping(host_name1, ns_type::ns_t_aaaa, "2001:db8::13");
690 dns.addMapping(host_name2, ns_type::ns_t_aaaa, "2001:db8::1:13");
691 ASSERT_TRUE(dns.startServer());
692 std::vector<std::string> servers = { listen_addr };
693 std::vector<std::string> domains = { "domain1.org" };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]694 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]695
696 addrinfo hints;
697 memset(&hints, 0, sizeof(hints));
698 hints.ai_family = AF_INET6;
699 EXPECT_EQ(0, getaddrinfo("test13", nullptr, &hints, &result));
700 EXPECT_EQ(1U, dns.queries().size());
701 EXPECT_EQ(1U, GetNumQueries(dns, host_name1));
702 EXPECT_EQ("2001:db8::13", ToString(result));
703 if (result) freeaddrinfo(result);
704
705 // Test that changing the domain search path on its own works.
706 domains = { "domain2.org" };
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]707 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
Pierre Imaiee335ef2016-05-06 11:56:45 +0900[diff] [blame]708 dns.clearQueries();
709
710 EXPECT_EQ(0, getaddrinfo("test13", nullptr, &hints, &result));
711 EXPECT_EQ(1U, dns.queries().size());
712 EXPECT_EQ(1U, GetNumQueries(dns, host_name2));
713 EXPECT_EQ("2001:db8::1:13", ToString(result));
714 if (result) freeaddrinfo(result);
715}
Pierre Imai0452cb52016-05-30 16:42:34 +0900[diff] [blame]716
717TEST_F(ResolverTest, MaxServerPrune_Binder) {
718 using android::net::INetd;
719
720 std::vector<std::string> domains = { "example.com" };
721 std::vector<std::unique_ptr<test::DNSResponder>> dns;
722 std::vector<std::string> servers;
723 std::vector<Mapping> mappings;
724 ASSERT_NO_FATAL_FAILURE(SetupMappings(1, domains, &mappings));
725 ASSERT_NO_FATAL_FAILURE(SetupDNSServers(MAXNS + 1, mappings, &dns, &servers));
726
727 ASSERT_TRUE(SetResolversForNetwork(servers, domains, mDefaultParams_Binder));
728
729 std::vector<std::string> res_servers;
730 std::vector<std::string> res_domains;
731 __res_params res_params;
732 std::vector<ResolverStats> res_stats;
733 ASSERT_TRUE(GetResolverInfo(&res_servers, &res_domains, &res_params, &res_stats));
734 EXPECT_EQ(static_cast<size_t>(MAXNS), res_servers.size());
735
736 ASSERT_NO_FATAL_FAILURE(ShutdownDNSServers(&dns));
737}
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]738
739static std::string base64Encode(const std::vector<uint8_t>& input) {
740 size_t out_len;
741 EXPECT_EQ(1, EVP_EncodedLength(&out_len, input.size()));
742 // out_len includes the trailing NULL.
743 uint8_t output_bytes[out_len];
744 EXPECT_EQ(out_len - 1, EVP_EncodeBlock(output_bytes, input.data(), input.size()));
745 return std::string(reinterpret_cast<char*>(output_bytes));
746}
747
748// Test what happens if the specified TLS server is nonexistent.
749TEST_F(ResolverTest, GetHostByName_TlsMissing) {
750 const char* listen_addr = "127.0.0.3";
751 const char* listen_srv = "53";
752 const char* host_name = "tlsmissing.example.com.";
753 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
754 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.3");
755 ASSERT_TRUE(dns.startServer());
756 std::vector<std::string> servers = { listen_addr };
757
758 // There's nothing listening on this address, so validation will either fail or
759 /// hang. Either way, queries will continue to flow to the DNSResponder.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]760 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]761
762 const hostent* result;
763
764 result = gethostbyname("tlsmissing");
765 ASSERT_FALSE(result == nullptr);
766 EXPECT_EQ("1.2.3.3", ToString(result));
767
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]768 // Clear TLS bit.
769 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]770 dns.stopServer();
771}
772
773// Test what happens if the specified TLS server replies with garbage.
774TEST_F(ResolverTest, GetHostByName_TlsBroken) {
775 const char* listen_addr = "127.0.0.3";
776 const char* listen_srv = "53";
777 const char* host_name1 = "tlsbroken1.example.com.";
778 const char* host_name2 = "tlsbroken2.example.com.";
779 test::DNSResponder dns(listen_addr, listen_srv, 250, ns_rcode::ns_r_servfail, 1.0);
780 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
781 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
782 ASSERT_TRUE(dns.startServer());
783 std::vector<std::string> servers = { listen_addr };
784
785 // Bind the specified private DNS socket but don't respond to any client sockets yet.
786 int s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
787 ASSERT_TRUE(s >= 0);
788 struct sockaddr_in tlsServer = {
789 .sin_family = AF_INET,
790 .sin_port = htons(853),
791 };
792 ASSERT_TRUE(inet_pton(AF_INET, listen_addr, &tlsServer.sin_addr));
Erik Klined1503072018-02-22 23:55:40 -0800[diff] [blame^]793 enableSockopt(s, SOL_SOCKET, SO_REUSEPORT);
794 enableSockopt(s, SOL_SOCKET, SO_REUSEADDR);
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]795 ASSERT_FALSE(bind(s, reinterpret_cast<struct sockaddr*>(&tlsServer), sizeof(tlsServer)));
796 ASSERT_FALSE(listen(s, 1));
797
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]798 // Trigger TLS validation.
799 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]800
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]801 struct sockaddr_storage cliaddr;
802 socklen_t sin_size = sizeof(cliaddr);
803 int new_fd = accept(s, reinterpret_cast<struct sockaddr *>(&cliaddr), &sin_size);
804 ASSERT_TRUE(new_fd > 0);
805
806 // We've received the new file descriptor but not written to it or closed, so the
807 // validation is still pending. Queries should still flow correctly because the
808 // server is not used until validation succeeds.
809 const hostent* result;
810 result = gethostbyname("tlsbroken1");
811 ASSERT_FALSE(result == nullptr);
812 EXPECT_EQ("1.2.3.1", ToString(result));
813
814 // Now we cause the validation to fail.
815 std::string garbage = "definitely not a valid TLS ServerHello";
816 write(new_fd, garbage.data(), garbage.size());
817 close(new_fd);
818
819 // Validation failure shouldn't interfere with lookups, because lookups won't be sent
820 // to the TLS server unless validation succeeds.
821 result = gethostbyname("tlsbroken2");
822 ASSERT_FALSE(result == nullptr);
823 EXPECT_EQ("1.2.3.2", ToString(result));
824
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]825 // Clear TLS bit.
826 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]827 dns.stopServer();
828 close(s);
829}
830
831TEST_F(ResolverTest, GetHostByName_Tls) {
832 const char* listen_addr = "127.0.0.3";
833 const char* listen_udp = "53";
834 const char* listen_tls = "853";
835 const char* host_name1 = "tls1.example.com.";
836 const char* host_name2 = "tls2.example.com.";
837 const char* host_name3 = "tls3.example.com.";
838 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
839 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
840 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
841 dns.addMapping(host_name3, ns_type::ns_t_a, "1.2.3.3");
842 ASSERT_TRUE(dns.startServer());
843 std::vector<std::string> servers = { listen_addr };
844
845 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
846 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]847 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "", {}));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]848
849 const hostent* result;
850
851 // Wait for validation to complete.
852 EXPECT_TRUE(tls.waitForQueries(1, 5000));
853
854 result = gethostbyname("tls1");
855 ASSERT_FALSE(result == nullptr);
856 EXPECT_EQ("1.2.3.1", ToString(result));
857
858 // Wait for query to get counted.
859 EXPECT_TRUE(tls.waitForQueries(2, 5000));
860
861 // Stop the TLS server. Since it's already been validated, queries will
862 // continue to be routed to it.
863 tls.stopServer();
864
865 result = gethostbyname("tls2");
866 EXPECT_TRUE(result == nullptr);
867 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
868
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]869 // Reset the resolvers without enabling TLS. Queries should now be routed to the
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]870 // UDP endpoint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]871 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]872
873 result = gethostbyname("tls3");
874 ASSERT_FALSE(result == nullptr);
875 EXPECT_EQ("1.2.3.3", ToString(result));
876
877 dns.stopServer();
878}
879
880TEST_F(ResolverTest, GetHostByName_TlsFingerprint) {
881 const char* listen_addr = "127.0.0.3";
882 const char* listen_udp = "53";
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]883 const char* listen_tls = "853";
Ben Schwartzcbdd64a2017-08-23 18:21:46 -0400[diff] [blame]884 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
885 ASSERT_TRUE(dns.startServer());
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]886 for (int chain_length = 1; chain_length <= 3; ++chain_length) {
887 const char* host_name = StringPrintf("tlsfingerprint%d.example.com.", chain_length).c_str();
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]888 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]889 std::vector<std::string> servers = { listen_addr };
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]890
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]891 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
892 tls.set_chain_length(chain_length);
893 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]894 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
895 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]896
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]897 const hostent* result;
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]898
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]899 // Wait for validation to complete.
900 EXPECT_TRUE(tls.waitForQueries(1, 5000));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]901
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]902 result = gethostbyname(StringPrintf("tlsfingerprint%d", chain_length).c_str());
903 EXPECT_FALSE(result == nullptr);
904 if (result) {
905 EXPECT_EQ("1.2.3.1", ToString(result));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]906
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]907 // Wait for query to get counted.
908 EXPECT_TRUE(tls.waitForQueries(2, 5000));
909 }
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]910
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]911 // Clear TLS bit to ensure revalidation.
912 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]913 tls.stopServer();
Ben Schwartzf028d392017-07-10 15:07:12 -0400[diff] [blame]914 }
Ben Schwartzcbdd64a2017-08-23 18:21:46 -0400[diff] [blame]915 dns.stopServer();
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]916}
917
918TEST_F(ResolverTest, GetHostByName_BadTlsFingerprint) {
919 const char* listen_addr = "127.0.0.3";
920 const char* listen_udp = "53";
921 const char* listen_tls = "853";
922 const char* host_name = "badtlsfingerprint.example.com.";
923 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
924 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
925 ASSERT_TRUE(dns.startServer());
926 std::vector<std::string> servers = { listen_addr };
927
928 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
929 ASSERT_TRUE(tls.startServer());
930 std::vector<uint8_t> bad_fingerprint = tls.fingerprint();
931 bad_fingerprint[5] += 1; // Corrupt the fingerprint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]932 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
933 { base64Encode(bad_fingerprint) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]934
935 // The initial validation should fail at the fingerprint check before
936 // issuing a query.
937 EXPECT_FALSE(tls.waitForQueries(1, 500));
938
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]939 // A fingerprint was provided and failed to match, so the query should fail.
940 EXPECT_EQ(nullptr, gethostbyname("badtlsfingerprint"));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]941
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]942 // Clear TLS bit.
943 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]944 tls.stopServer();
945 dns.stopServer();
946}
947
948// Test that we can pass two different fingerprints, and connection succeeds as long as
949// at least one of them matches the server.
950TEST_F(ResolverTest, GetHostByName_TwoTlsFingerprints) {
951 const char* listen_addr = "127.0.0.3";
952 const char* listen_udp = "53";
953 const char* listen_tls = "853";
954 const char* host_name = "twotlsfingerprints.example.com.";
955 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
956 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
957 ASSERT_TRUE(dns.startServer());
958 std::vector<std::string> servers = { listen_addr };
959
960 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
961 ASSERT_TRUE(tls.startServer());
962 std::vector<uint8_t> bad_fingerprint = tls.fingerprint();
963 bad_fingerprint[5] += 1; // Corrupt the fingerprint.
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]964 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
965 { base64Encode(bad_fingerprint), base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]966
967 const hostent* result;
968
969 // Wait for validation to complete.
970 EXPECT_TRUE(tls.waitForQueries(1, 5000));
971
972 result = gethostbyname("twotlsfingerprints");
973 ASSERT_FALSE(result == nullptr);
974 EXPECT_EQ("1.2.3.1", ToString(result));
975
976 // Wait for query to get counted.
977 EXPECT_TRUE(tls.waitForQueries(2, 5000));
978
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]979 // Clear TLS bit.
980 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]981 tls.stopServer();
982 dns.stopServer();
983}
984
985TEST_F(ResolverTest, GetHostByName_TlsFingerprintGoesBad) {
986 const char* listen_addr = "127.0.0.3";
987 const char* listen_udp = "53";
988 const char* listen_tls = "853";
989 const char* host_name1 = "tlsfingerprintgoesbad1.example.com.";
990 const char* host_name2 = "tlsfingerprintgoesbad2.example.com.";
991 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
992 dns.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
993 dns.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
994 ASSERT_TRUE(dns.startServer());
995 std::vector<std::string> servers = { listen_addr };
996
997 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
998 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]999 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1000 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1001
1002 const hostent* result;
1003
1004 // Wait for validation to complete.
1005 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1006
1007 result = gethostbyname("tlsfingerprintgoesbad1");
1008 ASSERT_FALSE(result == nullptr);
1009 EXPECT_EQ("1.2.3.1", ToString(result));
1010
1011 // Wait for query to get counted.
1012 EXPECT_TRUE(tls.waitForQueries(2, 5000));
1013
1014 // Restart the TLS server. This will generate a new certificate whose fingerprint
1015 // no longer matches the stored fingerprint.
1016 tls.stopServer();
1017 tls.startServer();
1018
1019 result = gethostbyname("tlsfingerprintgoesbad2");
1020 ASSERT_TRUE(result == nullptr);
1021 EXPECT_EQ(HOST_NOT_FOUND, h_errno);
1022
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1023 // Clear TLS bit.
1024 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1025 tls.stopServer();
1026 dns.stopServer();
1027}
1028
1029TEST_F(ResolverTest, GetHostByName_TlsFailover) {
1030 const char* listen_addr1 = "127.0.0.3";
1031 const char* listen_addr2 = "127.0.0.4";
1032 const char* listen_udp = "53";
1033 const char* listen_tls = "853";
1034 const char* host_name1 = "tlsfailover1.example.com.";
1035 const char* host_name2 = "tlsfailover2.example.com.";
1036 test::DNSResponder dns1(listen_addr1, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1037 test::DNSResponder dns2(listen_addr2, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1038 dns1.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.1");
1039 dns1.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.2");
1040 dns2.addMapping(host_name1, ns_type::ns_t_a, "1.2.3.3");
1041 dns2.addMapping(host_name2, ns_type::ns_t_a, "1.2.3.4");
1042 ASSERT_TRUE(dns1.startServer());
1043 ASSERT_TRUE(dns2.startServer());
1044 std::vector<std::string> servers = { listen_addr1, listen_addr2 };
1045
1046 test::DnsTlsFrontend tls1(listen_addr1, listen_tls, listen_addr1, listen_udp);
1047 test::DnsTlsFrontend tls2(listen_addr2, listen_tls, listen_addr2, listen_udp);
1048 ASSERT_TRUE(tls1.startServer());
1049 ASSERT_TRUE(tls2.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1050 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1051 { base64Encode(tls1.fingerprint()), base64Encode(tls2.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1052
1053 const hostent* result;
1054
1055 // Wait for validation to complete.
1056 EXPECT_TRUE(tls1.waitForQueries(1, 5000));
1057 EXPECT_TRUE(tls2.waitForQueries(1, 5000));
1058
1059 result = gethostbyname("tlsfailover1");
1060 ASSERT_FALSE(result == nullptr);
1061 EXPECT_EQ("1.2.3.1", ToString(result));
1062
1063 // Wait for query to get counted.
1064 EXPECT_TRUE(tls1.waitForQueries(2, 5000));
1065 // No new queries should have reached tls2.
1066 EXPECT_EQ(1, tls2.queries());
1067
1068 // Stop tls1. Subsequent queries should attempt to reach tls1, fail, and retry to tls2.
1069 tls1.stopServer();
1070
1071 result = gethostbyname("tlsfailover2");
1072 EXPECT_EQ("1.2.3.4", ToString(result));
1073
1074 // Wait for query to get counted.
1075 EXPECT_TRUE(tls2.waitForQueries(2, 5000));
1076
1077 // No additional queries should have reached the insecure servers.
1078 EXPECT_EQ(2U, dns1.queries().size());
1079 EXPECT_EQ(2U, dns2.queries().size());
1080
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1081 // Clear TLS bit.
1082 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1083 tls2.stopServer();
1084 dns1.stopServer();
1085 dns2.stopServer();
1086}
1087
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1088TEST_F(ResolverTest, GetHostByName_BadTlsName) {
1089 const char* listen_addr = "127.0.0.3";
1090 const char* listen_udp = "53";
1091 const char* listen_tls = "853";
1092 const char* host_name = "badtlsname.example.com.";
1093 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1094 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.1");
1095 ASSERT_TRUE(dns.startServer());
1096 std::vector<std::string> servers = { listen_addr };
1097
1098 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1099 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1100 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder,
1101 "www.example.com", {}));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1102
1103 // The TLS server's certificate doesn't chain to a known CA, and a nonempty name was specified,
1104 // so the client should fail the TLS handshake before ever issuing a query.
1105 EXPECT_FALSE(tls.waitForQueries(1, 500));
1106
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1107 // The query should fail hard, because a name was specified.
1108 EXPECT_EQ(nullptr, gethostbyname("badtlsname"));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1109
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1110 // Clear TLS bit.
1111 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]1112 tls.stopServer();
1113 dns.stopServer();
1114}
1115
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1116TEST_F(ResolverTest, GetAddrInfo_Tls) {
1117 const char* listen_addr = "127.0.0.3";
1118 const char* listen_udp = "53";
1119 const char* listen_tls = "853";
1120 const char* host_name = "addrinfotls.example.com.";
1121 test::DNSResponder dns(listen_addr, listen_udp, 250, ns_rcode::ns_r_servfail, 1.0);
1122 dns.addMapping(host_name, ns_type::ns_t_a, "1.2.3.4");
1123 dns.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4");
1124 ASSERT_TRUE(dns.startServer());
1125 std::vector<std::string> servers = { listen_addr };
1126
1127 test::DnsTlsFrontend tls(listen_addr, listen_tls, listen_addr, listen_udp);
1128 ASSERT_TRUE(tls.startServer());
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1129 ASSERT_TRUE(SetResolversWithTls(servers, mDefaultSearchDomains, mDefaultParams_Binder, "",
1130 { base64Encode(tls.fingerprint()) }));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1131
1132 // Wait for validation to complete.
1133 EXPECT_TRUE(tls.waitForQueries(1, 5000));
1134
1135 dns.clearQueries();
1136 addrinfo* result = nullptr;
1137 EXPECT_EQ(0, getaddrinfo("addrinfotls", nullptr, nullptr, &result));
1138 size_t found = GetNumQueries(dns, host_name);
1139 EXPECT_LE(1U, found);
1140 // Could be A or AAAA
1141 std::string result_str = ToString(result);
1142 EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4")
1143 << ", result_str='" << result_str << "'";
1144 // TODO: Use ScopedAddrinfo or similar once it is available in a common header file.
1145 if (result) {
1146 freeaddrinfo(result);
1147 result = nullptr;
1148 }
1149 // Wait for both A and AAAA queries to get counted.
1150 EXPECT_TRUE(tls.waitForQueries(3, 5000));
1151
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]1152 // Clear TLS bit.
1153 ASSERT_TRUE(SetResolversForNetwork(servers, mDefaultSearchDomains, mDefaultParams_Binder));
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1154 tls.stopServer();
1155 dns.stopServer();
1156}