diff options
| author | cken <cken@google.com> | 2018-12-01 17:45:18 +0900 |
|---|---|---|
| committer | Ken Chen <cken@google.com> | 2018-12-18 11:11:23 +0000 |
| commit | b1a69a477d28923bd3ba43cadcd9cc82945abd60 (patch) | |
| tree | 16c972aa6854c7d9ad0666a5c8e105f54fde71ee /server/NetworkController.cpp | |
| parent | f52f7a52a8b06d240e57f35dfccbf97e14223c1b (diff) | |
Add resolv_has_nameserver() to replace getHasDns()
getHasDns() returns the value assigned from networkCreateVpn(). It causes
issues when DNS configuration is changed without triggering VPN reconnection.
For example, first established vpn has no DNS server, then switch to the one
with DNS server, the system continues to use the DNS servers from the default
network in addition to the ones assigned from the VPN server, resulting in a
DNS leak. In the reverse case it causes DNS resolution fails. New API
resolv_has_nameserver() get DNS information from the DNS resolver directly.
Bug: 116539103
Test: verify patch via unmerged CTS test case aosp/658122 (with
little modification)
Change-Id: Ie01814435f4361c258c4ba96a47eb917f5441274
Diffstat (limited to 'server/NetworkController.cpp')
| -rw-r--r-- | server/NetworkController.cpp | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp index 5f5b71f6..5d64a282 100644 --- a/server/NetworkController.cpp +++ b/server/NetworkController.cpp @@ -220,8 +220,7 @@ uint32_t NetworkController::getNetworkForDnsLocked(unsigned* netId, uid_t uid) c // servers (through the default network). Otherwise, the query is guaranteed to fail. // http://b/29498052 Network *network = getNetworkLocked(*netId); - if (network && network->getType() == Network::VIRTUAL && - !static_cast<VirtualNetwork *>(network)->getHasDns()) { + if (network && network->getType() == Network::VIRTUAL && !resolv_has_nameservers(*netId)) { *netId = mDefaultNetId; } } else { @@ -230,7 +229,7 @@ uint32_t NetworkController::getNetworkForDnsLocked(unsigned* netId, uid_t uid) c // them). Otherwise, use the default network's DNS servers. We cannot set the explicit bit // because we need to be able to fall through a split tunnel to the default network. VirtualNetwork* virtualNetwork = getVirtualNetworkForUserLocked(uid); - if (virtualNetwork && virtualNetwork->getHasDns()) { + if (virtualNetwork && resolv_has_nameservers(virtualNetwork->getNetId())) { *netId = virtualNetwork->getNetId(); } else { // TODO: return an error instead of silently doing the DNS lookup on the wrong network. |