Gitiles
Code Review Sign In
review.blissroms.org / platform_system_netd / refs/heads/q / . / resolv / DnsTlsTransport.h
blob: 6c98fa6c55491b3aaa214839d9d70032e93dbaca [file] [log] [blame]
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef _DNS_DNSTLSTRANSPORT_H
18#define _DNS_DNSTLSTRANSPORT_H
19
Ben Schwartz33860762017-10-25 14:41:02 -0400[diff] [blame]20#include <future>
21#include <map>
22#include <mutex>
23#include <vector>
24
25#include <android-base/thread_annotations.h>
26#include <android-base/unique_fd.h>
Bernie Innocentiad4e26e2019-01-30 11:16:36 +0900[diff] [blame]27#include <netdutils/Slice.h>
Ben Schwartz33860762017-10-25 14:41:02 -0400[diff] [blame]28
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]29#include "DnsTlsQueryMap.h"
30#include "DnsTlsServer.h"
31#include "DnsTlsSessionCache.h"
32#include "IDnsTlsSocket.h"
33#include "IDnsTlsSocketObserver.h"
Ben Schwartzded1b702017-10-25 14:41:02 -0400[diff] [blame]34
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]35namespace android {
36namespace net {
37
Ben Schwartzded1b702017-10-25 14:41:02 -0400[diff] [blame]38class IDnsTlsSocketFactory;
39
Ben Schwartz33860762017-10-25 14:41:02 -0400[diff] [blame]40// Manages at most one DnsTlsSocket at a time. This class handles socket lifetime issues,
41// such as reopening the socket and reissuing pending queries.
Mike Yua46fae72018-11-01 20:07:00 +0800[diff] [blame]42class DnsTlsTransport : public IDnsTlsSocketObserver {
43 public:
Ben Schwartzded1b702017-10-25 14:41:02 -0400[diff] [blame]44 DnsTlsTransport(const DnsTlsServer& server, unsigned mark,
Bernie Innocentiad4e26e2019-01-30 11:16:36 +0900[diff] [blame]45 IDnsTlsSocketFactory* _Nonnull factory)
46 : mMark(mark), mServer(server), mFactory(factory) {}
Ben Schwartzded1b702017-10-25 14:41:02 -0400[diff] [blame]47 ~DnsTlsTransport();
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]48
Ben Schwartzded1b702017-10-25 14:41:02 -0400[diff] [blame]49 typedef DnsTlsServer::Response Response;
50 typedef DnsTlsServer::Result Result;
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]51
Ben Schwartz33860762017-10-25 14:41:02 -0400[diff] [blame]52 // Given a |query|, this method sends it to the server and returns the result asynchronously.
53 std::future<Result> query(const netdutils::Slice query) EXCLUDES(mLock);
Ben Schwartz52504622017-07-11 12:21:13 -0400[diff] [blame]54
55 // Check that a given TLS server is fully working on the specified netid, and has the
56 // provided SHA-256 fingerprint (if nonempty). This function is used in ResolverController
57 // to ensure that we don't enable DNS over TLS on networks where it doesn't actually work.
Mike Yu2cc198a2018-11-02 13:30:04 +0800[diff] [blame]58 static bool validate(const DnsTlsServer& server, unsigned netid, uint32_t mark);
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]59
Ben Schwartz33860762017-10-25 14:41:02 -0400[diff] [blame]60 // Implement IDnsTlsSocketObserver
61 void onResponse(std::vector<uint8_t> response) override;
62 void onClosed() override EXCLUDES(mLock);
63
Bernie Innocentiad4e26e2019-01-30 11:16:36 +0900[diff] [blame]64 private:
Ben Schwartz33860762017-10-25 14:41:02 -0400[diff] [blame]65 std::mutex mLock;
66
Ben Schwartzded1b702017-10-25 14:41:02 -0400[diff] [blame]67 DnsTlsSessionCache mCache;
Ben Schwartz33860762017-10-25 14:41:02 -0400[diff] [blame]68 DnsTlsQueryMap mQueries;
Ben Schwartza13c23a2017-10-02 12:06:21 -0400[diff] [blame]69
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]70 const unsigned mMark; // Socket mark
Ben Schwartz66810f62017-10-16 19:27:46 -0400[diff] [blame]71 const DnsTlsServer mServer;
Ben Schwartzded1b702017-10-25 14:41:02 -0400[diff] [blame]72 IDnsTlsSocketFactory* _Nonnull const mFactory;
Ben Schwartz33860762017-10-25 14:41:02 -0400[diff] [blame]73
74 void doConnect() REQUIRES(mLock);
75
76 // doReconnect is used by onClosed. It runs on the reconnect thread.
77 void doReconnect() EXCLUDES(mLock);
78 std::unique_ptr<std::thread> mReconnectThread GUARDED_BY(mLock);
79
80 // Used to prevent onClosed from starting a reconnect during the destructor.
81 bool mClosing GUARDED_BY(mLock) = false;
82
83 // Sending queries on the socket is thread-safe, but construction/destruction is not.
84 std::unique_ptr<IDnsTlsSocket> mSocket GUARDED_BY(mLock);
85
86 // Send a query to the socket.
87 bool sendQuery(const DnsTlsQueryMap::Query q) REQUIRES(mLock);
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]88};
89
Ben Schwartzded1b702017-10-25 14:41:02 -0400[diff] [blame]90} // end of namespace net
91} // end of namespace android
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]92
93#endif // _DNS_DNSTLSTRANSPORT_H