remove android_open_proxy and use dns_open_proxy instead of it.
dns_open_proxy is in libnetd_client and
it does the same thing as android_open_proxy except return value.
It returns fd directly now.
Test: build, dns works fine
Change-Id: I984743fb50b23eeb9a7d24e9fc347832acfe2afe
Memory leak happen when Android data framework updates identical DNS
information to netd.
(cherrypick of c466fe95dc641d879683700aea4233ffd42bc762.)
Bug: 115595601
Test: netd_unit_test, netd_integration_test
Change-Id: Idcc0956729286563603f482258f488a1ccd75e6a
Currently, getnameinfo() will never issue a reverse DNS lookup if the first
byte of the IPv6 address is 0x00. This means it is not possible to do a
reverse DNS lookup for a NAT64 address if the NAT64 prefix is the well-known
prefix. Make this possible by treating the well-known prefix specially. This
is not needed for unicast NAT64 prefixes because they do not start with 0x00.
Bug: 78545619
Test: netd_{unit,integration}_test pass
Test: bionic-unit-tests --gtest_filter='net*' pass
Change-Id: I176d30dcf411a5ffe1eec110db99cd73b48e956f
This is currently a non-functional change, because base_timeout_msec is
never set to a non-default value (other than in unit tests).
Test: netd_unit_test --gtest_filter='ResolverTest.*'
Change-Id: I21989bab5cc9f55ee1392e30965eb405d720a28e
The primary motivation is speeding up tests for non-responsive
nameservers. It's also base infrastructure for future work to compute
retry timeouts dynamically.
Using default timeouts (RES_TIMEOUT = 5 seconds):
ResolverTest.GetAddrInfoV6_nonresponsive (45141 ms)
With base_timeout_msec=100:
ResolverTest.GetAddrInfoV6_nonresponsive (1264 ms)
Test: executed unsubmitted test from aosp/713993
Change-Id: Id902089ca69ca8d28032180ba51e8937262ef490
Currently DNS lookups are all sent as UID 0. In N we added an
AID_DNS user, but we never used it. A separate UID allows us to
account for and route DNS traffic differently from other UID 0
traffic such as kernel-originated traffic.
Bug: 70673901
Test: DNS lookups continue to work
Test: netd_{unit,integration}_test pass
Change-Id: Ife3ca7df45de51b92437d2cfe627fb4703b672fb
Behavior is compliant with
https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-04
EDNS0 is only enabled when the netcontext requests it, i.e. in DNS-over-TLS
mode.
Bug: 69623036
Bug: 64133961
Test: Wireshark verified. Integration tests echo padding and pass.
Change-Id: I5ef600e02a572d281441e890cc981614f150629b
This effectively enables these features only in TLS mode
Test: Integration tests pass
Bug:69623036
Change-Id: I153a259b0c07717f664ee268b43da867a9b42152
System libc talks to out-of-process daemon thus it's better to not
duplicate that functionality in native bridge.
Bug: 67993967
Test: make
Change-Id: Iabc887a94082806d048bc98bf8d3b21c7531d60d
This is for passing additional instructions through stages of the
DNS resolution pipeling.
Test: as follows
- builds, flashes, boots
- system/netd/tests/runtests.sh passes
Bug: 34953048
Bug: 70694619
Bug: 72345192
Change-Id: I5a86cc5192e6cfa09c375ac9f5810102da3aba20
No reasonable response is larger than about 4K, and this should reduce the ability of misbehaving DNS servers to waste system resources.
Test: Integration tests pass
Change-Id: I43da94f57f9b376d08a1b176e0aedb6720148833
This change does not enable EDNS0, so it should not
result in any behavior change. However, enabling EDNS0
should now be possible with only a small additional change
to "flip the switch".
This change has also landed in NetBSD upstream
(http://gnats.netbsd.org/52578) so this change reduces
divergence from upstream.
Most of the code in this change is for caching of queries that contain
an additional section.
Bug: 15132200
Test: Added integration tests for fallback to the netd suite.
Change-Id: Ic64bed0754e1d529dc0c0ab6a5e2f1ea201ff0d5
And add more tests.
Bug: N/A (but I'm here because a recent test broke existing tests)
Test: ran tests
Change-Id: Ib78430f179b43484a49bb50ff447ea6870c1ee3a
Add all the missing <netdb.h> functions.
Also fix getservbyport to handle a null protocol correctly.
Also fix getservbyname/getservbyport to not interfere with getservent.
Also fix endservent to reset getservent iteration.
Also reduce unnecessary differences from upstream NetBSD sethostent.c.
The servent implementation is still horrific, and we should
probably support protoent too so that debugging tools can use
getprotobyname/getprotobynumber.
Bug: N/A
Test: ran tests
Change-Id: I639108c46df0a768af297cf3bbce857cb1bef9d9
This change
- adds a query hook to android_net_context
- exposes relevant definitions to netd
- corrects a bug in query hooks' interaction with the cache
This change does not introduce any code to read the query hook
from the net context or make use of it.
Bug: 34953048
Test: Netd test suite passes
Change-Id: Ie091980e22ce9da07a3c4d387b371e544379d762
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.
Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.
Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.
Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
Bug: http://b/31532493
These internal API structures are never actually used anywhere that
would change behavior because it is "packed", so it is safe to remove.
Test: Builds correctly with the latest toolchain.
Change-Id: I5431992d840777605be75ab91dc21158d6d22c26
Disables debuggerd integration unless building for android.
Bug: 31559095
Test: Diff out/soong/build.ninja before/after, only change is moving
linker's libdebuggerd_client static lib to the beginning of the
list.
Test: lunch aosp_arm64-eng; mmma -j bionic
Change-Id: I62e725f7a9b98b7fe31637d0a835fd5846b0aff0
The near duplicate in gethnamaddr.c was already doing so (this fix
is basically copy and pasted from there, but with both copies modified
to avoid skirting undefined behavior).
Bug: http://b/32322088
Test: browser still works
Change-Id: Ied6662be567fb1bddc7ceb138cae1da77fb57976
(cherry picked from commit 27a4459d94)
Regenerating the NOTICE file the other day left me scratching my head at
various "how do they differ?" cases, resolved by this patch.
Test: N/A
Change-Id: I4230bfa1d7ec842a4b9fb8c73dd3b39443d74054
We need to make a clearer distinction for bionic on the host. This patch
doesn't fully address things like "should host bionic try to talk to netd?"
for now, but is a step in the right direction.
Bug: http://b/31559095
Test: bionic tests.
Change-Id: I49812f8b75d9d78c4fd8a8ddf5df1201d63771d6
We have much better control over visibility now, so we don't need to
pollute the headers with cruft.
Bug: http://b/24767418
Change-Id: I349f4c3bc30102477375ad9f80926e560c7c1d8b
_resolv_set_nameservers_for_net() so far did not update the search
paths, unless the servers changed as well.
BUG: 28437641
Change-Id: Id31f2d97c173e00357fb2ba95908afb4572c0fc1
(cherry picked from commit 06e2202a4c)
_resolv_set_nameservers_for_net() so far did not update the search
paths, unless the servers changed as well.
BUG: 28437641
Change-Id: Id31f2d97c173e00357fb2ba95908afb4572c0fc1
Not a public header file except in NetBSD, where it came from. Even
OpenBSD doesn't have it.
Bug: http://b/28519060
Change-Id: Id5feec4a4e8010a9f4433e73b1bfa6f935d884b9
* changes:
Remove nonexported _ns_flagdata from public header.
Add platform specific version tags.
Add __INTRODUCED_IN_FUTURE for unreleased APIs.
Add versioning information to symbols.
