1 /*	$NetBSD: resolv.h,v 1.31 2005/12/26 19:01:47 perry Exp $	*/
2 
3 /*
4  * Copyright (c) 1983, 1987, 1989
5  *    The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 /*
33  * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
34  * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
35  *
36  * Permission to use, copy, modify, and distribute this software for any
37  * purpose with or without fee is hereby granted, provided that the above
38  * copyright notice and this permission notice appear in all copies.
39  *
40  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
41  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
42  * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
43  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
44  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
45  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
46  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
47  */
48 
49 #pragma once
50 
51 #include <android-base/logging.h>
52 #include <android-base/unique_fd.h>
53 #include <private/android_filesystem_config.h>  // AID_DNS
54 
55 #include <net/if.h>
56 #include <time.h>
57 #include <string>
58 #include <vector>
59 
60 #include "DnsResolver.h"
61 #include "netd_resolv/resolv.h"
62 #include "params.h"
63 #include "stats.pb.h"
64 
65 // Linux defines MAXHOSTNAMELEN as 64, while the domain name limit in
66 // RFC 1034 and RFC 1035 is 255 octets.
67 #ifdef MAXHOSTNAMELEN
68 #undef MAXHOSTNAMELEN
69 #endif
70 #define MAXHOSTNAMELEN 256
71 
72 /*
73  * Global defines and variables for resolver stub.
74  */
75 #define RES_TIMEOUT 5000 /* min. milliseconds between retries */
76 #define RES_DFLRETRY 2    /* Default #/tries. */
77 
78 // Flags for res_state->_flags
79 #define RES_F_VC 0x00000001        // socket is TCP
80 #define RES_F_EDNS0ERR 0x00000004  // EDNS0 caused errors
81 
82 // Holds either a sockaddr_in or a sockaddr_in6.
83 union sockaddr_union {
84     struct sockaddr sa;
85     struct sockaddr_in sin;
86     struct sockaddr_in6 sin6;
87 };
88 constexpr int MAXPACKET = 8 * 1024;
89 
90 struct ResState {
91     ResState(const android_net_context* netcontext, android::net::NetworkDnsEventReported* dnsEvent)
92         : netid(netcontext->dns_netid),
93           uid(netcontext->uid),
94           pid(netcontext->pid),
95           _mark(netcontext->dns_mark),
96           event(dnsEvent),
97           netcontext_flags(netcontext->flags) {}
98 
99     ResState clone(android::net::NetworkDnsEventReported* dnsEvent = nullptr) {
100         // TODO: Separate non-copyable members to other structures and let default copy
101         //       constructor do its work for below copyable members.
102         ResState copy;
103         copy.netid = netid;
104         copy.uid = uid;
105         copy.pid = pid;
106         copy.search_domains = search_domains;
107         copy.nsaddrs = nsaddrs;
108         copy.ndots = ndots;
109         copy._mark = _mark;
110         copy._flags = _flags;
111         copy.event = (dnsEvent == nullptr) ? event : dnsEvent;
112         copy.netcontext_flags = netcontext_flags;
113         copy.tc_mode = tc_mode;
114         copy.enforce_dns_uid = enforce_dns_uid;
115         copy.sort_nameservers = sort_nameservers;
116         return copy;
117     }
118     void closeSockets() {
119         tcp_nssock.reset();
120         _flags &= ~RES_F_VC;
121 
122         for (auto& sock : nssocks) {
123             sock.reset();
124         }
125     }
126 
127     int nameserverCount() { return nsaddrs.size(); }
128 
129     // clang-format off
130     unsigned netid;                             // NetId: cache key and socket mark
131     uid_t uid;                                  // uid of the app that sent the DNS lookup
132     pid_t pid;                                  // pid of the app that sent the DNS lookup
133     std::vector<std::string> search_domains{};  // domains to search
134     std::vector<android::netdutils::IPSockAddr> nsaddrs;
135     android::base::unique_fd nssocks[MAXNS];    // UDP sockets to nameservers
136     unsigned ndots : 4 = 1;                     // threshold for initial abs. query
137     unsigned _mark;                             // If non-0 SET_MARK to _mark on all request sockets
138     android::base::unique_fd tcp_nssock;        // TCP socket (but why not one per nameserver?)
139     uint32_t _flags = 0;                        // See RES_F_* defines below
140     android::net::NetworkDnsEventReported* event;
141     uint32_t netcontext_flags;
142     int tc_mode = 0;
143     bool enforce_dns_uid = false;
144     bool sort_nameservers = false;              // A flag to indicate whether nsaddrs has been
145                                                 // sorted or not.
146     // clang-format on
147   private:
148     ResState() {}
149 };
150 
151 // TODO: remove these legacy aliases
152 typedef ResState* res_state;
153 
154 /* End of stats related definitions */
155 
156 /*
157  * Error code extending h_errno codes defined in bionic/libc/include/netdb.h.
158  *
159  * This error code, including legacy h_errno, is returned from res_nquery(), res_nsearch(),
160  * res_nquerydomain(), res_queryN(), res_searchN() and res_querydomainN() for DNS metrics.
161  *
162  * TODO: Consider mapping legacy and extended h_errno into a unified resolver error code mapping.
163  */
164 #define NETD_RESOLV_H_ERRNO_EXT_TIMEOUT RCODE_TIMEOUT
165 
166 extern const char* const _res_opcodes[];
167 
168 int res_nameinquery(const char*, int, int, const uint8_t*, const uint8_t*);
169 int res_queriesmatch(const uint8_t*, const uint8_t*, const uint8_t*, const uint8_t*);
170 
171 int res_nquery(res_state, const char*, int, int, uint8_t*, int, int*);
172 int res_nsearch(res_state, const char*, int, int, uint8_t*, int, int*);
173 int res_nquerydomain(res_state, const char*, const char*, int, int, uint8_t*, int, int*);
174 int res_nmkquery(int op, const char* qname, int cl, int type, const uint8_t* data, int datalen,
175                  uint8_t* buf, int buflen, int netcontext_flags);
176 int res_nsend(res_state statp, const uint8_t* buf, int buflen, uint8_t* ans, int anssiz, int* rcode,
177               uint32_t flags, std::chrono::milliseconds sleepTimeMs = {});
178 int res_nopt(res_state, int, uint8_t*, int, int);
179 
180 int getaddrinfo_numeric(const char* hostname, const char* servname, addrinfo hints,
181                         addrinfo** result);
182 
183 // Helper function for converting h_errno to the error codes visible to netd
184 int herrnoToAiErrno(int herrno);
185 
186 // switch resolver log severity
187 android::base::LogSeverity logSeverityStrToEnum(const std::string& logSeverityStr);
188 
189 template <typename Dest>
190 Dest saturate_cast(int64_t x) {
191     using DestLimits = std::numeric_limits<Dest>;
192     if (x > DestLimits::max()) return DestLimits::max();
193     if (x < DestLimits::min()) return DestLimits::min();
194     return static_cast<Dest>(x);
195 }
196 
197 android::net::NsType getQueryType(const uint8_t* msg, size_t msgLen);
198 
199 android::net::IpVersion ipFamilyToIPVersion(int ipFamily);
200 
201 inline void resolv_tag_socket(int sock, uid_t uid, pid_t pid) {
202     // This is effectively equivalent to testing for R+
203     if (android::net::gResNetdCallbacks.tagSocket != nullptr) {
204         if (int err = android::net::gResNetdCallbacks.tagSocket(sock, TAG_SYSTEM_DNS, uid, pid)) {
205             LOG(WARNING) << "Failed to tag socket: " << strerror(-err);
206         }
207     }
208 
209     // fchown() apps' uid only in R+, since it's incompatible with Q's ebpf vpn isolation feature.
210     if (fchown(sock, (android::net::gApiLevel >= 30) ? uid : AID_DNS, -1) == -1) {
211         PLOG(WARNING) << "Failed to chown socket";
212     }
213 }
214