1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 * 16 */ 17 18 #ifndef DNS_RESPONDER_H 19 #define DNS_RESPONDER_H 20 21 #include <arpa/nameser.h> 22 23 #include <atomic> 24 #include <condition_variable> 25 #include <mutex> 26 #include <string> 27 #include <thread> 28 #include <unordered_map> 29 #include <vector> 30 31 #include <android-base/thread_annotations.h> 32 #include "android-base/unique_fd.h" 33 34 // Default TTL of the DNS answer record. 35 constexpr unsigned kAnswerRecordTtlSec = 5; 36 37 // The maximum UDP response size in bytes the DNS responder allows to send. It is used in non-EDNS 38 // case. See RFC 1035 section 4.2.1. 39 constexpr unsigned kMaximumUdpSize = 512; 40 41 namespace test { 42 43 struct DNSName { 44 std::string name; 45 const char* read(const char* buffer, const char* buffer_end); 46 char* write(char* buffer, const char* buffer_end) const; 47 48 private: 49 const char* parseField(const char* buffer, const char* buffer_end, bool* last); 50 }; 51 52 struct DNSQuestion { 53 DNSName qname; 54 unsigned qtype; 55 unsigned qclass; 56 const char* read(const char* buffer, const char* buffer_end); 57 char* write(char* buffer, const char* buffer_end) const; 58 std::string toString() const; 59 }; 60 61 struct DNSRecord { 62 DNSName name; 63 unsigned rtype; 64 unsigned rclass; 65 unsigned ttl; 66 std::vector<char> rdata; 67 const char* read(const char* buffer, const char* buffer_end); 68 char* write(char* buffer, const char* buffer_end) const; 69 std::string toString() const; 70 71 private: 72 struct IntFields { 73 uint16_t rtype; 74 uint16_t rclass; 75 uint32_t ttl; 76 uint16_t rdlen; 77 } __attribute__((__packed__)); 78 79 const char* readIntFields(const char* buffer, const char* buffer_end, unsigned* rdlen); 80 char* writeIntFields(unsigned rdlen, char* buffer, const char* buffer_end) const; 81 }; 82 83 // TODO: Perhaps rename to DNSMessage. Per RFC 1035 section 4.1, struct DNSHeader more likes a 84 // message because it has not only header section but also question section and other RRs. 85 struct DNSHeader { 86 unsigned id; 87 bool ra; 88 uint8_t rcode; 89 bool qr; 90 uint8_t opcode; 91 bool aa; 92 bool tr; 93 bool rd; 94 bool ad; 95 std::vector<DNSQuestion> questions; 96 std::vector<DNSRecord> answers; 97 std::vector<DNSRecord> authorities; 98 std::vector<DNSRecord> additionals; 99 const char* read(const char* buffer, const char* buffer_end); 100 char* write(char* buffer, const char* buffer_end) const; 101 bool write(std::vector<uint8_t>* out) const; 102 std::string toString() const; 103 104 private: 105 struct Header { 106 uint16_t id; 107 uint8_t flags0; 108 uint8_t flags1; 109 uint16_t qdcount; 110 uint16_t ancount; 111 uint16_t nscount; 112 uint16_t arcount; 113 } __attribute__((__packed__)); 114 115 const char* readHeader(const char* buffer, const char* buffer_end, unsigned* qdcount, 116 unsigned* ancount, unsigned* nscount, unsigned* arcount); 117 }; 118 119 inline const std::string kDefaultListenAddr = "127.0.0.3"; 120 inline const std::string kDefaultListenService = "53"; 121 inline const std::string kDefaultMdnsListenService = "5353"; 122 inline const ns_rcode kDefaultErrorCode = ns_rcode::ns_r_servfail; 123 124 /* 125 * Simple DNS responder, which replies to queries with the registered response 126 * for that type. Class is assumed to be IN. If no response is registered, the 127 * default error response code is returned. 128 */ 129 class DNSResponder { 130 public: 131 enum class Edns { 132 ON, 133 FORMERR_ON_EDNS, // DNS server not supporting EDNS will reply FORMERR. 134 FORMERR_UNCOND, // DNS server reply FORMERR unconditionally 135 DROP // DNS server not supporting EDNS will not do any response. 136 }; 137 // Indicate which mapping the DNS server used to build the response. 138 // See also addMapping{, DnsHeader, BinaryPacket}, removeMapping{, DnsHeader, BinaryPacket}, 139 // makeResponse{, FromDnsHeader, FromBinaryPacket}. 140 // TODO: Perhaps break class DNSResponder for each mapping. 141 enum class MappingType { 142 ADDRESS_OR_HOSTNAME, // Use the mapping from (name, type) to (address or hostname) 143 DNS_HEADER, // Use the mapping from (name, type) to (DNSHeader) 144 BINARY_PACKET, // Use the mapping from (query packet) to (response packet) 145 }; 146 147 struct QueryInfo { 148 std::string name; 149 ns_type type; 150 int protocol; // Either IPPROTO_TCP or IPPROTO_UDP 151 }; 152 153 DNSResponder(std::string listen_address = kDefaultListenAddr, 154 std::string listen_service = kDefaultListenService, 155 ns_rcode error_rcode = kDefaultErrorCode, 156 DNSResponder::MappingType mapping_type = MappingType::ADDRESS_OR_HOSTNAME); 157 DNSResponder(ns_rcode error_rcode)158 DNSResponder(ns_rcode error_rcode) 159 : DNSResponder(kDefaultListenAddr, kDefaultListenService, error_rcode){}; 160 DNSResponder(MappingType mapping_type)161 DNSResponder(MappingType mapping_type) 162 : DNSResponder(kDefaultListenAddr, kDefaultListenService, kDefaultErrorCode, 163 mapping_type){}; 164 DNSResponder(unsigned netId,std::string listen_address)165 DNSResponder(unsigned netId, std::string listen_address) : DNSResponder(listen_address) { 166 mNetId = netId; 167 }; 168 169 ~DNSResponder(); 170 171 // Functions used for accessing mapping {ADDRESS_OR_HOSTNAME, DNS_HEADER, BINARY_PACKET}. 172 void addMapping(const std::string& name, ns_type type, const std::string& addr); 173 void addMappingDnsHeader(const std::string& name, ns_type type, const DNSHeader& header); 174 void addMappingBinaryPacket(const std::vector<uint8_t>& query, 175 const std::vector<uint8_t>& response); 176 void removeMapping(const std::string& name, ns_type type); 177 void removeMappingDnsHeader(const std::string& name, ns_type type); 178 void removeMappingBinaryPacket(const std::vector<uint8_t>& query); 179 180 void setResponseProbability(double response_probability); 181 void setResponseProbability(double response_probability, int protocol); 182 void setResponseDelayMs(unsigned); setErrorRcode(ns_rcode error_rcode)183 void setErrorRcode(ns_rcode error_rcode) { error_rcode_ = error_rcode; } 184 void setEdns(Edns edns); 185 void setTtl(unsigned ttl); 186 bool running() const; 187 bool startServer(); 188 bool stopServer(); listen_address()189 const std::string& listen_address() const { return listen_address_; } listen_service()190 const std::string& listen_service() const { return listen_service_; } 191 std::vector<QueryInfo> queries() const; 192 std::string dumpQueries() const; 193 void clearQueries(); getCv()194 std::condition_variable& getCv() { return cv; } getCvMutex()195 std::mutex& getCvMutex() { return cv_mutex_; } 196 void setDeferredResp(bool deferred_resp); 197 static bool fillRdata(const std::string& rdatastr, DNSRecord& record); 198 199 // These functions are helpers for binding the listening sockets to a specific network, which 200 // is necessary only for multinetwork tests. Since binding sockets to a network requires 201 // the dependency of libnetd_client, and DNSResponder is also widely used in other tests like 202 // resolv_unit_test which doesn't need that dependency, so expose the socket fds to let the 203 // callers perform binding operations by themselves. Callers MUST not close the fds. setNetwork(unsigned netId)204 void setNetwork(unsigned netId) { mNetId = netId; } getNetwork()205 std::optional<unsigned> getNetwork() const { return mNetId; } getUdpSocket()206 int getUdpSocket() const { return udp_socket_.get(); } getTcpSocket()207 int getTcpSocket() const { return tcp_socket_.get(); } 208 209 // TODO: Make DNSResponder record unknown queries in a vector for improving the debugging. 210 // Unit test could dump the unexpected query for further debug if any unexpected failure. 211 212 private: 213 // Key used for accessing mappings. 214 struct QueryKey { 215 std::string name; 216 unsigned type; 217 QueryKeyQueryKey218 QueryKey(std::string n, unsigned t) : name(std::move(n)), type(t) {} 219 bool operator==(const QueryKey& o) const { return name == o.name && type == o.type; } 220 bool operator<(const QueryKey& o) const { 221 if (name < o.name) return true; 222 if (name > o.name) return false; 223 return type < o.type; 224 } 225 }; 226 227 struct QueryKeyHash { operatorQueryKeyHash228 size_t operator()(const QueryKey& key) const { 229 return std::hash<std::string>()(key.name) + static_cast<size_t>(key.type); 230 } 231 }; 232 233 // Used for generating combined hash value of a vector. 234 // std::hash<T> doesn't provide a specialization for std::vector<T>. 235 struct QueryKeyVectorHash { operatorQueryKeyVectorHash236 std::size_t operator()(const std::vector<uint8_t>& v) const { 237 std::size_t combined = 0; 238 for (const uint8_t i : v) { 239 // Hash combination comes from boost::hash_combine 240 // See also system/extras/simpleperf/utils.h 241 combined ^= 242 std::hash<uint8_t>{}(i) + 0x9e3779b9 + (combined << 6) + (combined >> 2); 243 } 244 return combined; 245 } 246 }; 247 248 void requestHandler(); 249 250 // Check if any OPT Pseudo RR in the additional section. 251 bool hasOptPseudoRR(DNSHeader* header) const; 252 253 // Parses and generates a response message for incoming DNS requests. 254 // Returns false to ignore the request, which might be due to either parsing error 255 // or unresponsiveness. 256 bool handleDNSRequest(const char* buffer, ssize_t buffer_len, int protocol, char* response, 257 size_t* response_len) const; 258 259 bool addAnswerRecords(const DNSQuestion& question, std::vector<DNSRecord>* answers) const; 260 261 bool generateErrorResponse(DNSHeader* header, ns_rcode rcode, char* response, 262 size_t* response_len) const; 263 264 // TODO: Change writePacket, makeErrorResponse, makeTruncatedResponse and 265 // makeResponse{, FromAddressOrHostname, FromDnsHeader, FromBinaryPacket} to use C++ containers 266 // instead of the unsafe pointer + length buffer. 267 bool writePacket(const DNSHeader* header, char* response, size_t* response_len) const; 268 // Build an error response with a given rcode. 269 bool makeErrorResponse(DNSHeader* header, ns_rcode rcode, char* response, 270 size_t* response_len) const; 271 // Build a truncated response. 272 bool makeTruncatedResponse(DNSHeader* header, char* response, size_t* response_len) const; 273 // Build a response. 274 bool makeResponse(DNSHeader* header, int protocol, char* response, size_t* response_len) const; 275 // Helper for building a response from mapping {ADDRESS_OR_HOSTNAME, DNS_HEADER, BINARY_PACKET}. 276 bool makeResponseFromAddressOrHostname(DNSHeader* header, char* response, 277 size_t* response_len) const; 278 bool makeResponseFromDnsHeader(DNSHeader* header, char* response, size_t* response_len) const; 279 bool makeResponseFromBinaryPacket(DNSHeader* header, char* response, 280 size_t* response_len) const; 281 282 // Add a new file descriptor to be polled by the handler thread. 283 bool addFd(int fd, uint32_t events); 284 285 // Read the query sent from the client and send the answer back to the client. It 286 // makes sure the I/O communicated with the client is correct. 287 void handleQuery(int protocol); 288 289 // Trigger the handler thread to terminate. 290 bool sendToEventFd(); 291 292 // Used in the handler thread for the termination signal. 293 void handleEventFd(); 294 295 // TODO: Move createListeningSocket to resolv_test_utils.h 296 android::base::unique_fd createListeningSocket(int socket_type); 297 298 double getResponseProbability(int protocol) const; 299 300 // Address and service to listen on TCP and UDP. 301 const std::string listen_address_; 302 const std::string listen_service_; 303 304 // TODO: Consider refactoring atomic members of this class to a single big mutex. 305 // Error code to return for requests for an unknown name. 306 ns_rcode error_rcode_; 307 // Mapping type the DNS server used to build the response. 308 const MappingType mapping_type_; 309 // Probability that a valid response on TCP is being sent instead of 310 // returning error_rcode_ or no response. 311 std::atomic<double> response_probability_tcp_ = 1.0; 312 // Probability that a valid response on UDP is being sent instead of 313 // returning error_rcode_ or no response. 314 std::atomic<double> response_probability_udp_ = 1.0; 315 316 std::atomic<unsigned> answer_record_ttl_sec_ = kAnswerRecordTtlSec; 317 318 std::atomic<unsigned> response_delayed_ms_ = 0; 319 320 // Maximum number of fds for epoll. 321 const int EPOLL_MAX_EVENTS = 2; 322 323 // Control how the DNS server behaves when it receives the requests containing OPT RR. 324 // If it's set Edns::ON, the server can recognize and reply the response; if it's set 325 // Edns::FORMERR_ON_EDNS, the server behaves like an old DNS server that doesn't support EDNS0, 326 // and replying FORMERR; if it's Edns::DROP, the server doesn't support EDNS0 either, and 327 // ignoring the requests. 328 std::atomic<Edns> edns_ = Edns::ON; 329 330 // Mappings used for building the DNS response by registered mapping items. |mapping_type_| 331 // decides which mapping is used. See also makeResponse{, FromDnsHeader}. 332 // - mappings_: Mapping from (name, type) to (address or hostname). 333 // - dnsheader_mappings_: Mapping from (name, type) to (DNSHeader). 334 // - packet_mappings_: Mapping from (query packet) to (response packet). 335 std::unordered_map<QueryKey, std::string, QueryKeyHash> mappings_ GUARDED_BY(mappings_mutex_); 336 std::unordered_map<QueryKey, DNSHeader, QueryKeyHash> dnsheader_mappings_ 337 GUARDED_BY(mappings_mutex_); 338 std::unordered_map<std::vector<uint8_t>, std::vector<uint8_t>, QueryKeyVectorHash> 339 packet_mappings_ GUARDED_BY(mappings_mutex_); 340 341 mutable std::mutex mappings_mutex_; 342 // Query names received so far and the corresponding mutex. 343 mutable std::vector<QueryInfo> queries_ GUARDED_BY(queries_mutex_); 344 mutable std::mutex queries_mutex_; 345 // Socket on which the server is listening. 346 android::base::unique_fd udp_socket_; 347 android::base::unique_fd tcp_socket_; 348 // File descriptor for epoll. 349 android::base::unique_fd epoll_fd_; 350 // Eventfd used to signal for the handler thread termination. 351 android::base::unique_fd event_fd_; 352 // Thread for handling incoming threads. 353 std::thread handler_thread_ GUARDED_BY(update_mutex_); 354 std::mutex update_mutex_; 355 std::condition_variable cv; 356 std::mutex cv_mutex_; 357 358 std::condition_variable cv_for_deferred_resp_; 359 std::mutex cv_mutex_for_deferred_resp_; 360 bool deferred_resp_ GUARDED_BY(cv_mutex_for_deferred_resp_) = false; 361 362 // The network to which the listening sockets will be bound. 363 std::optional<unsigned> mNetId; 364 }; 365 366 } // namespace test 367 368 #endif // DNS_RESPONDER_H 369