| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
1. Uses dnsresolver_aidl_interface_lateststable_version 12.
2. Get the 'metered' parameter from setResolverConfiguration and keep it
in NetConfig of each network.
3. Add resolv_is_metered_network() for DnsProxyListener.
Bug: 288340533
Test: atest resolv_integration_test resolv_unit_test
Change-Id: I390199b93a9f5b3c0abc8f072d91153ef9fac32e
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The WIP version of std::span in external/libcxx uses a ptrdiff_t size,
but the final standardized version of std::span uses size_t instead.
Use std::span() constructor calls rather than {}-syntax, which will
convert the signed length to unsigned and works with either the old or
the new libc++.
Test: treehugger
Change-Id: I5b5a16d0949e77a74269b9f6cf24382dd69a5973
|
| |/
|
|
|
|
|
|
|
|
| |
The "DNS query fail-fast when network access is restricted" feature
needs to know whether the enforceDnsUid is set or not in
DnsProxyListener.
Bug: 288340533
Test: atest resolv_unit_test:ResolvCacheTest#IsEnforceDnsUidEnabled
Change-Id: I8e7a5d5d030602eced05c6f7f3809a57bfabebc3
|
| |
|
|
|
|
|
|
| |
0 is a common default value of experiment configuration. Uses 1 to prevent misconfiguration from the server.
Test: presubmit
Change-Id: I198bbea3543b0318dd25aaca0843100ad7c5b1b8
|
| |
|
|
|
|
|
|
|
|
| |
Adjust the lower bound of max_cache_entries from
MAX_ENTRIES_DEFAULT(640) to 0. So we can do experiments with values
like 320.
Bug: 241953569
Test: atest resolv_unit_test
Change-Id: I4da710dccf4efe0edc625221b2519050069e0ba6
|
| |
|
|
|
|
|
| |
Fix lint on Ica3f7d3c5a262a797a6bdc99147c63d5a9108dff
Change-Id: I90dbc91d5c0437ac8556277ff79e39f8f936a10f
Test: TH
|
| |
|
|
|
| |
Change-Id: Ica3f7d3c5a262a797a6bdc99147c63d5a9108dff
Test: TH
|
| |
|
|
|
|
|
|
| |
This reverts commit 46079f7260a0bd7ad59ab8074e5e4ef4195e0d33.
Reason for revert: b/247693272 is clarified
Change-Id: Ib3f2d7b756e795dd44c2924a8e4b45c0e2c7e44b
|
| |
|
|
|
|
|
|
|
|
|
| |
The test is flaky and not local reproducible. Add logs with DEBUG level
and set logging level to DEBUG in the test. This commit is for debugging
purpose, which should be reverted when root cause is found.
Bug: 247693272
Bug: 246688231
Test: atest
Change-Id: I7bee788381ff245ae321f4816b81f71087bbeec2
|
| |
|
|
|
|
|
|
| |
Make max cache entries of DNS resolver cache adjustable by server push.
Test: atest
Bug: 241953569
Change-Id: Iaa733782f8407b9ba1bb3725395745921b526ba0
|
| |
|
|
|
|
| |
Bug: 239659682
Test: atest
Change-Id: I9896ceb902883ac45d3627dbc358cc30e2c18ed3
|
| |
|
|
|
| |
Test: atest ResolverTest
Change-Id: Id2328ae1ebb90fe93f8852df61e9dcf09cd5b646
|
| |
|
|
|
| |
Test: atest resolv_integration_test
Change-Id: Ibd31b4ed231c66a0cb7559cf16958621951e9287
|
| |
|
|
|
|
|
|
|
| |
Current logs are unable to tell why mdns fallback doesn't work. Add a
few logs on error paths.
Bug: 226325994
Test: adb locat
Change-Id: Ifd61bbbd61b8866296d7b4583a2d9e78ba43c78d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Set DNS default logging level to INFO.
2. Adjust logging level on some traces.
Output:
[Success]
resolv : GetAddrInfoHandler::run: {100 983140 100 983140 1021 0}
resolv : res_nmkquery: (QUERY, IN, A)
resolv : res_nsend: used send_dg 97 terrno: 0
resolv : doQuery: rcode=0, ancount=4
[Cache hit]
resolv : GetAddrInfoHandler::run: {100 786532 100 983140 0 0}
resolv : res_nmkquery: (QUERY, IN, AAAA)
resolv : resolv_cache_lookup: FOUND IN CACHE entry=0xb4000075f51973d0
resolv : doQuery: rcode=0, ancount=1
[Error - NXDOMAIN]
resolv : GetAddrInfoHandler::run: {100 786532 100 983140 0 0}
resolv : res_nmkquery: (QUERY, IN, AAAA)
resolv : res_nsend: used send_dg 104 terrno: 0
resolv : doQuery: rcode=3, ancount=0
[Timeout]
resolv : GetAddrInfoHandler::run: {30 983070 30 983070 0 0}
resolv : res_nmkquery: (QUERY, IN, A)
resolv : res_nsend: used send_dg 0 terrno: 110
resolv : res_nsend: used send_dg 0 terrno: 110
resolv : doQuery: rcode=255, ancount=0
...
Bug: N/A
Test: m; adb logcat
Change-Id: I2a0ea2b416264d59382ef121d6d7755f8c7ffdf7
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFC 6762 section 6.7 says that the Multicast DNS responder MUST send a
UDP response directly back to the querier, via unicast, to the query
packet's source IP address and port if the source UDP port in a received
Multicast DNS query is not 5353. Section 5.4 also mentions "...New
questions created by local clients afterwards should be treated as
normal 'QM' questions and SHOULD NOT have the unicast-response bit set
on the first question of the series."
DNS resolver works as a one-shot Multicast DNS querier, which send
queries from random ports. The unicast-response bit is not necessary to
be set.
Setting the unicast-response bit may also cause malfunction on .local
fallback queries. Currently, the bit is not cleared while .local
resolution is fallbacked from Multicast to Unicast DNS queries. DNS
server may send a no error response without Answer RR, or a failure.
One way to fix this is clearing the unicast-response bit before
fallback. However, it needs to parse packet bytes in res_nsend() because
the query packet is made before the res_nsend() but the fallback
decision is made in res_nsend(). Besides, it can cause problems in
cache. The query class is counted in cache key hashing. The answer
obtained by fallback queries is hashed (without unicast-response bit)
and stored in cache. But subsequent .local queries cannot match the
record because their unicast-response bit is initially set.
To avoid adding more complexity, the unnecessary unicast-response bit
should be removed.
Bug: 227147672
Test: atest
Test: Ping test.local on openWRT with fallback and without fallback.
Change-Id: Ib703a7537f638669fdc1d9c6927800e5c901786a
|
| |
|
|
|
|
|
|
|
| |
There is no point in sending multicast DNS over VPN or mobile data.
Bug: 209492138
Test: atest
Test: adb root; adb shell dumpsys dnsresolver
Change-Id: I8987d3c9f219c42247e9fd8f85880a1d49fcedad
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Bug: 196298216
Test: cd packages/modules/DnsResolver && atest
Change-Id: I8b0b8b0cc0c1185eb9a9e99ed10a2fc109bfa1d7
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| | |
Bug: 196298216
Test: cd packages/modules/DnsResolver && atest
Change-Id: Iddcd0e69f46911ced852cf3994e6e243e9637820
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, a device generates some mDNS queries when the user uses
mDNS .local resolution.
Using the query info by subsampling events based on how interesting
they are. Because the number of mDNS query is much less than DNS
query, the mDNS subsampling rate is higer than DNS query.
- if return_code == 0,2,7 -> log 1 in 1 event
- if return_code == default -> log 1 in 1 event
Also allow to use experiment flag to update sub-sampling denom.
Example for dumpsys dnsresolver:
NetId: 100
DnsEvent subsampling map for MDNS: default:1
Bug: 197092658
Test: cd packages/modules/DnsResolver && atest
m statsd_testdrive and run "statsd_testdrive 116"
Change-Id: I76073aa9a1cea43bda2675334592ed22e96a238e
|
| |
|
|
|
|
| |
Bug: 196298216
Test: cd packages/modules/DnsResolver && atest
Change-Id: I581c282bba1527afd2be9daf925e9ec5bd2e5cd6
|
| |
|
|
|
|
|
|
|
| |
Manual buffer handling may make mistakes easily.
Replacing it by std::span.
Bug: 196298216
Test: cd packages/modules/DnsResolver && atest
Change-Id: I2a9ebb5c9f7eb9d09fa7bdcafe4748eb2042ca6b
|
| |
|
|
|
|
|
|
|
|
| |
1. Implement the new method added in V9, setResolverOptions
2. Add its relevant binder test and update integration test to use this
new method if the remote version is new enough.
Test: atest
Bug: 194048056
Change-Id: I9a18f11769fd154e7cc6f35090e6c8fe61853d2a
|
| |
|
|
|
|
|
|
| |
The only change is currently to make resolverOptions optional.
Test: m
Bug: 194048056
Change-Id: I42a07d2bad1b3ee0e66e3f4e2a0f068686e1d1a3
|
| |
|
|
|
|
|
|
| |
The field is used to minimize unnecessary broadcasts on the network.
Bug: 140857615
Test: cd packages/modules/DnsResolver && atest
Change-Id: I54bc6f7cd41ff9687d4de8c9e87780ce805df050
|
| |
|
|
|
|
|
|
|
|
| |
When developers run "dumpsys dnsresolver", Mdns statistics
will show the information in the log if the Mdns queries
happened.
Bug: 140857615
Test: cd packages/modules/DnsResolver && atest
Change-Id: Iec0657d417ddf329590f1fc0a599497aaf45639b
|
| |
|
|
|
|
|
|
|
|
| |
StatsRecords only include informations of dns servers. When adding the
information of Mdns statistics, we have to modifiy the names of server's
definitions and funtions to include mdns in stats files.
Bug: 140857615
Test: cd packages/modules/DnsResolver && atest
Change-Id: I38befe452d5d37b4172ee5dd16822083a08e4c88
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1aede8135e8a227e127f826f38073eba7447c382.
This is no longer needed since we will implement a simpler mechanics
for DoT validation.
Bug: 188153519
Test: cd packages/modules/DnsResolver && atest
Change-Id: I4a2f8b926f27fd38c58aea3a993a311a74fc4950
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The evaluation is limited to opportunistic mode and is implemented
as a flag-off feature. It is introduced to avoid from using high
latency private DNS servers.
The latency of a server is considered high if it's higher than a
latency threshold which is calculated based on the average latency of
cleartext DNS server:
latency threshold = std::clamp(3 * mean_do53_latency_ms,
min_private_dns_latency_threshold_ms,
max_private_dns_latency_threshold_ms)
, where min_private_dns_latency_threshold_ms is 500 ms by default and
max_private_dns_latency_threshold_ms is 2000 ms by default.
If there's no Do53 average latency for reference, the latency threshold
is min_private_dns_latency_threshold_ms.
The evaluation of a private DNS server works in two phases.
Phase 1: In this phase, Private DNS Validation is being performed,
and the server is not considered validated. The server latency is
evaluated by sending a probe. If the latency is lower than a the
latency threshold, the server state is transitioned to Validation::success.
The evaluation goes to phase 2.
Phase 2: In this phase, the server is considered validated and
DnsResolver can send DNS queries to the server. The server latency
is evaluated by the query response time, and the same latency threshold
is used. If there are several, 10 by default, query response time
failed to meet the time threshold in a row, the server state is
transitioned to Validation::in_process. The evaluation goes to phase 1.
Bug: 188153519
Test: run atest with all the flags off/on
avoid_bad_private_dns: 0 / 1
sort_nameservers: 0 / 1
dot_xport_unusable_threshold: -1 / 20
dot_query_timeout_ms: -1 / 10000
min_private_dns_latency_threshold_ms: -1 / 500
keep_listening_udp: 0 / 1
parallel_lookup_sleep_time: 2 / 2
dot_revalidation_threshold: -1 / 10
max_private_dns_latency_threshold_ms: -1 / 2000
dot_async_handshake: 0 / 1
dot_maxtries: 3 / 1
dot_connect_timeout_ms: 127000 / 10000
parallel_lookup_release: UNSET / UNSET
Change-Id: Ib681b1ea1417eadac9c013f19549a9fa7c408696
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sample rate of DNS resolver metrics events depends on Experiment
flag and default sampling flag. Currently, the sampling experiment
has been completed. Therefore update the new default sampling flag to
reduce the metrics event size.
1. Current default sampling rate:
DEFAULT_SUBSAMPLING_MAP[] = "default:1 0:100 7:10
metrics data size: 170k byte per device
2. Old Experiment:
DEFAULT_SUBSAMPLING_MAP[] = "default:5 0:300 2:80 7:80"
metrics data size: 11k byte per device
3. New default sampling rate:
DEFAULT_SUBSAMPLING_MAP[] = "default:8 0:400 2:110 7:110"
metrics data size: 7.9k byte per device
4. New Experiment:(including the temporary fix of b/185097438)
DEFAULT_SUBSAMPLING_MAP[] = "default:8 0:400 2:110 4:110 7:110"
metrics data size: 7.9k byte per device
Because there is already a solution for b/185097438 in the code.
Therefore, what this commit will do is item3 to reduce the size
of the event.
Bug: 184830442
Test: atest resolv_unit_test
Change-Id: I3c0ab4a4504dfd5f8c789348587de33e01951920
|
| |
|
|
|
|
|
| |
This also brings back a function comment next to the definition it was
related to.
Change-Id: I41778a3df0911f6673b1f4bcee2b10eece7bc0c8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Support case-insensitive hashing i.e., convert domain names
into lowercase before hashing/comparison so that there is
no additional query when domain names are same.
Test: as follows
- build, and boot
- Perform DNS queries, and ensure they are not case
sensitive
- resolv_integration_test
- resolv_unit_test
Bug: 111586865
Change-Id: I75f2ef8d09314e2f89a4764ccfd0247675340271
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change introduces a way to prioritize DNS servers on the basis of
DNS query response time, which aims to replace the current design that
is biased towards using the first DNS server assigned from networks.
The quality is evaluated based on the heuristics:
- The more latency it is, the less likely it is used.
- The longer time it is not used, the more likely it is used.
Compared to the current design, the proposed method detects bad DNS
servers more quickly. For instance, a server which is unreachable or
times out can be detected and deprioritized with few trials by backoff
penalty and abnormal latency.
Similar to the current design, a server which has been regarded as bad
quality can be used again, but it depends on how much worse it is. A
counter is used to count how many times a DNS server not being used,
which avoids from constantly using the same DNS server.
This change comprises:
[1] Allow the resolver to sort DNS servers on the basis of DNS query
response time.
[2] Add an experiment flag to enable/disable the sorting.
[3] Show the result of the quantified quality of DNS servers in
dumpsys dnsresolver.
[4] Add unit tests for DnsStats::getSortedServers().
[5] Revise the integration tests which are sensitive to the nameserver
sorting, including two big changes in SkipBadServersDueToInternalError
and SkipBadServersDueToTimeout and some minor changes.
Bug: 137169582
Test: ran resolv_unit_test
ran resolv_integration_test with the sorting enabled
ran resolv_integration_test with the sorting disabled
Change-Id: I24b6a317f135a942ce0ea310c81dfe658bada6a7
|
| |
|
|
|
|
|
|
|
|
| |
The default behavior is that plaintext DNS queries are sent by the
application's UID using fchown(). DoT are sent with an UID of AID_DNS
This option control the plaintext uid of DNS query.
Bug: 154910763
Test: atest
Change-Id: Iada5d850d8bb9d7b0ad46f5c28a1fff22c7d11a6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
FLAG_NO_CACHE_STORE
Before this CL, FLAG_NO_CACHE_STORE could be used to perform side
channel attack. Because this flag ensures the result is never
added to the cache, but will return a cached response if one exists.
So make FLAG_NO_CACHE_STORE imply FLAG_NO_CACHE_LOOKUP to block the
possibility of side channel attacking.
Bug: 150371903
Test: atest
Change-Id: I37391ffe315b90c0cdfd86888c6bf68b2b89f601
|
| |
|
|
|
|
|
|
|
|
|
| |
update experiment flags everytime when a resolver network is created or
destroyed.
Bug: 135717624
Bug: 151698212
Test: atest
Change-Id: I5375e78831c5994af74b9ecaca991f18db03eca6
|
| |
|
|
|
|
|
|
| |
The new NetworkType is WIFI + CELLULAR + VPN.
Bug: 143732914
Test: atest
Change-Id: I44c3ff1ec27417a23652815edd94389a14bbd3b2
|
| |
|
|
|
|
|
|
| |
Remove 'Experimental' from parcel name and variable name for better
naming.
Bug: 139646101
Change-Id: Iaa75e8028e98998eca4c9b821aa07effab19dac3
|
| |
|
|
|
|
|
|
|
| |
Address comments in AIDL API review before AIDL freezing.
Bug: 151074535
Bug: 133526962
Test: atest
Change-Id: Iaf5e233666b9a05a86d4951a751145a8e94cb94b
|
| |
|
|
|
|
|
|
|
|
| |
- Resolver doesn't know what the transport types are when having a given
network. Set tranport types by SetResolverConfiguration.
Bug: 143732914
Test: atest
Change-Id: I337d4204afd9fbb790fd42cc191759b22dd66bca
|
| |
|
|
|
|
|
|
| |
The number of nameservers can be derived from std::vector::size().
It doesn't need a variable to store the value.
Test: cd packages/modules/DnsResolver && atest
Change-Id: Ifc2e1401b1d081595a00b60fbaf6dd96c3d44a71
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to aosp/1136436, each independent lookup thread should get
the stats based on its own nameserver address list rather than the
list stored in NetConfig.
With this change, plus aosp/1136436, it's able to populate nameserver
addresses in random order to lookup threads without the worry of
breaking the legacy stats stored in NetConfig.
Bug: 137169582
Test: cd packages/modules/DnsResolver && atest
Change-Id: I8d5c639326d2931bf7e5f5ae668e7aba830e00fb
|
| |
|
|
|
|
|
|
|
|
|
| |
IPSockAddr is more safer and convenient to store socket addresses,
to compare two socket addresses, and to make the code more readable.
The change also removes get_nsaddr(), a static function in res_send.cpp.
Bug: 137169582
Test: cd packages/modules/DnsResolver && atest
Change-Id: I694c293139b01a39c40cc50ba8c4f067a2ac4b07
|
| |
|
|
|
|
|
|
|
|
|
| |
The stale cache case isn't handled correctly while performing
cahce_lookup with flag NO_CACHE_STORE, which caused this problem.
Fix it and add a test to ensure it won't happen again.
Test: atest
Bug: 148842821
Change-Id: I72a2211a636cadc72009a5542f7c755c30329c43
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
No functionality changes, this is mostly meant to improve our code
coverage and cleanup our headers a bit.
- delete dead functions res_ownok() and res_mailok()
- Move prototypes of the remaining functions to the new header res_comp.h
- Replace resolv_private.h with res_comp.h as needed
- Drop the dependency on Bionic's <resolv.h> wherever possible
- Eliminate the horrible maybe_XXX() macros
- Make res_hnok() and res_dnok() return a proper bool instead of 0 and 1
Change-Id: Ic2e27753355d873925044a7561ccb78bd2c2d162
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The resolver's cache is keyed by a hash of the query, excluding certain
sections such as the query ID and a few others. However, a loop bug
caused the entire packet to be hashed to the end after the first
invocation of _dnsPacket_hashBytes() in _dnsPacket_hashQuery().
The bug predates the inclusion of this code in Bionic in 2009, and was
likely harmless: since _dnsPacket_hashBytes() adjusts the cursor to
the end of the packet, the subsequent calls to _dnsPacket_readInt16()
fail, returning return -1, which causes the loops to execute 0 times.
This whole oldschool code could use a good rewrite into safer C++ and,
while we're at it, also switch to a proper hash function. For now,
let's start with a conservative bugfix, so at least it behaves the way
it reads.
Test: cd packages/modules/DnsResolver && atest .
Change-Id: I9368115bc16373fd64989f2a37f1dcd8f3e71b94
|
