1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */
17 
18 #ifndef DNS_TLS_FRONTEND_H
19 #define DNS_TLS_FRONTEND_H
20 
21 #include <arpa/nameser.h>
22 
23 #include <atomic>
24 #include <mutex>
25 #include <string>
26 #include <thread>
27 #include <unordered_map>
28 #include <vector>
29 
30 #include <android-base/thread_annotations.h>
31 #include <android-base/unique_fd.h>
32 #include <openssl/ssl.h>
33 
34 namespace test {
35 
36 /*
37  * Simple DNS over TLS reverse proxy that forwards to a UDP backend.
38  * Only handles a single request at a time.
39  */
40 class DnsTlsFrontend {
41   public:
42     DnsTlsFrontend(const std::string& listen_address = kDefaultListenAddr,
43                    const std::string& listen_service = kDefaultListenService,
44                    const std::string& backend_address = kDefaultBackendAddr,
45                    const std::string& backend_service = kDefaultBackendService)
listen_address_(listen_address)46         : listen_address_(listen_address),
47           listen_service_(listen_service),
48           backend_address_(backend_address),
49           backend_service_(backend_service) {}
~DnsTlsFrontend()50     ~DnsTlsFrontend() { stopServer(); }
listen_address()51     const std::string& listen_address() const { return listen_address_; }
listen_service()52     const std::string& listen_service() const { return listen_service_; }
running()53     bool running() const { return socket_ != -1; }
54     bool startServer();
55     bool stopServer();
56 
queries()57     int queries() const { return queries_; }
clearQueries()58     void clearQueries() { queries_ = 0; }
59     bool waitForQueries(int expected_count) const;
acceptConnectionsCount()60     int acceptConnectionsCount() const { return accept_connection_count_; }
clearConnectionsCount()61     void clearConnectionsCount() { accept_connection_count_ = 0; }
62 
set_chain_length(int length)63     void set_chain_length(int length) { chain_length_ = length; }
setHangOnHandshakeForTesting(bool hangOnHandshake)64     void setHangOnHandshakeForTesting(bool hangOnHandshake) { hangOnHandshake_ = hangOnHandshake; }
65 
66     // Set DnsTlsFrontend to not reply any response until there are |delay| responses or timeout.
setDelayQueries(int delay)67     void setDelayQueries(int delay) { delayQueries_ = delay; }
setDelayQueriesTimeout(int timeout)68     void setDelayQueriesTimeout(int timeout) { delayQueriesTimeout_ = timeout; }
69 
setPassiveClose(bool passiveClose)70     void setPassiveClose(bool passiveClose) { passiveClose_ = passiveClose; }
71 
72     static constexpr char kDefaultListenAddr[] = "127.0.0.3";
73     static constexpr char kDefaultListenService[] = "853";
74     static constexpr char kDefaultBackendAddr[] = "127.0.0.3";
75     static constexpr char kDefaultBackendService[] = "53";
76 
77   private:
78     void requestHandler();
79     void handleRequests(SSL* ssl, int clientFd);
80 
81     // Trigger the handler thread to terminate.
82     bool sendToEventFd();
83 
84     // Used in the handler thread for the termination signal.
85     void handleEventFd();
86 
87     std::string listen_address_;
88     std::string listen_service_;
89     std::string backend_address_;
90     std::string backend_service_;
91     bssl::UniquePtr<SSL_CTX> ctx_;
92     // Socket on which the server is listening for a TCP connection with a client.
93     android::base::unique_fd socket_;
94     // Socket used to communicate with the backend DNS server.
95     android::base::unique_fd backend_socket_;
96     // Eventfd used to signal for the handler thread termination.
97     android::base::unique_fd event_fd_;
98     std::atomic<int> queries_ = 0;
99     std::atomic<int> accept_connection_count_ = 0;
100     std::thread handler_thread_ GUARDED_BY(update_mutex_);
101     std::mutex update_mutex_;
102     int chain_length_ = 1;
103     std::atomic<bool> hangOnHandshake_ = false;
104     std::atomic<int> delayQueries_ = 1;
105     std::atomic<int> delayQueriesTimeout_ = 1;
106     std::atomic<bool> passiveClose_ = false;
107 };
108 
109 }  // namespace test
110 
111 #endif  // DNS_TLS_FRONTEND_H
112