From 83ac15c689a72695970f67ec228508b25e326cf8 Mon Sep 17 00:00:00 2001 From: harvey186 Date: Sat, 14 Sep 2024 13:13:58 +0200 Subject: [PATCH] dnscheck.grapheneos Change-Id: I84a47b1ec1e359edd5cbe5d42ab32a9cc66be18a --- .../connectivity/NetworkDiagnostics.java | 78 ++++++++++++++++--- .../com/android/cts/net/hostside/VpnTest.java | 4 +- tests/cts/net/jni/NativeMultinetworkJni.cpp | 2 +- .../cts/net/native/dns/NativeDnsAsyncTest.cpp | 8 +- .../src/android/net/cts/DnsResolverTest.java | 2 +- .../server/connectivity/DnsManagerTest.java | 44 +++++------ 6 files changed, 99 insertions(+), 39 deletions(-) diff --git a/service/src/com/android/server/connectivity/NetworkDiagnostics.java b/service/src/com/android/server/connectivity/NetworkDiagnostics.java index 3db37e5..80585c4 100644 --- a/service/src/com/android/server/connectivity/NetworkDiagnostics.java +++ b/service/src/com/android/server/connectivity/NetworkDiagnostics.java @@ -30,6 +30,7 @@ import static com.android.net.module.util.NetworkStackConstants.IP_MTU; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.TargetApi; + import android.net.InetAddresses; import android.net.LinkAddress; import android.net.LinkProperties; @@ -109,9 +110,9 @@ import javax.net.ssl.SSLSocketFactory; public class NetworkDiagnostics { private static final String TAG = "NetworkDiagnostics"; - private static final InetAddress TEST_DNS4 = InetAddresses.parseNumericAddress("8.8.8.8"); + private static final InetAddress TEST_DNS4 = InetAddresses.parseNumericAddress("1.1.1.1"); private static final InetAddress TEST_DNS6 = InetAddresses.parseNumericAddress( - "2001:4860:4860::8888"); + "2606:4700:4700::1001"); // For brevity elsewhere. private static final long now() { @@ -700,10 +701,9 @@ public class NetworkDiagnostics { // This needs to be fixed length so it can be dropped into the pre-canned packet. final String sixRandomDigits = String.valueOf(mRandom.nextInt(900000) + 100000); - appendDnsToMeasurementDescription(sixRandomDigits, mSocketAddress); - // Build a trivial DNS packet. final byte[] dnsPacket = getDnsQueryPacket(sixRandomDigits); + appendDnsToMeasurementDescription(sixRandomDigits, mSocketAddress); int count = 0; mMeasurement.startTime = now(); @@ -737,9 +737,12 @@ public class NetworkDiagnostics { close(); } + private String qnameEnding; + protected byte[] getDnsQueryPacket(String sixRandomDigits) { byte[] rnd = sixRandomDigits.getBytes(StandardCharsets.US_ASCII); - return new byte[] { + + byte[] start = { (byte) mRandom.nextInt(), (byte) mRandom.nextInt(), // [0-1] query ID 1, 0, // [2-3] flags; byte[2] = 1 for recursion desired (RD). 0, 1, // [4-5] QDCOUNT (number of queries) @@ -748,20 +751,77 @@ public class NetworkDiagnostics { 0, 0, // [10-11] ARCOUNT (number of additional records) 17, rnd[0], rnd[1], rnd[2], rnd[3], rnd[4], rnd[5], '-', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '-', 'd', 's', - 6, 'm', 'e', 't', 'r', 'i', 'c', - 7, 'g', 's', 't', 'a', 't', 'i', 'c', - 3, 'c', 'o', 'm', + }; + + final String qnameEnding; + qnameEnding = "dnscheck.grapheneos.org"; + + this.qnameEnding = qnameEnding; + byte[] middle = getQnameFragment(qnameEnding); + + byte[] end = { 0, // null terminator of FQDN (root TLD) 0, (byte) mQueryType, // QTYPE 0, 1 // QCLASS, set to 1 = IN (Internet) }; + + return concatByteArrays(start, middle, end); + } + + private byte[] concatByteArrays(byte[]... arrs) { + int len = 0; + for (byte[] arr : arrs) { + if (Integer.MAX_VALUE - len < arr.length) { + // overflow + throw new IllegalArgumentException(); + } + len += arr.length; + } + byte[] res = new byte[len]; + int off = 0; + for (byte[] arr : arrs) { + int l = arr.length; + System.arraycopy(arr, 0, res, off, l); + off += l; + } + return res; + } + + protected byte[] getQnameFragment(String hostnameFragment) { + String[] strArr = hostnameFragment.split("\\."); + int len = strArr.length; + byte[][] arr = new byte[len][]; + for (int i = 0; i < len; ++i) { + arr[i] = getQnameLabel(strArr[i]); + } + return concatByteArrays(arr); + } + + private byte[] getQnameLabel(String s) { + final int l = s.length(); + if (l > 0b11_1111 /* 63 */) { + // should be a 6 bit number + throw new IllegalArgumentException(s); + } + + byte[] res = new byte[1 + l]; + res[0] = (byte) l; + + for (int i = 0; i < l; ++i) { + int ch = s.charAt(i); + if (ch > 0x7f) { + throw new IllegalArgumentException(s); + } + res[1 + i] = (byte) ch; + } + return res; } protected void appendDnsToMeasurementDescription( String sixRandomDigits, SocketAddress sockAddr) { mMeasurement.description += " src{" + socketAddressToString(sockAddr) + "}" + " qtype{" + mQueryType + "}" - + " qname{" + sixRandomDigits + "-android-ds.metric.gstatic.com}"; + + " qname{" + sixRandomDigits + "-android-ds." + qnameEnding + "}"; } } diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java index 6134194..8a0eff8 100755 --- a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java +++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java @@ -834,7 +834,7 @@ public class VpnTest { String privateDnsHostname; if (strictMode) { - privateDnsHostname = "vpncts-nx.metric.gstatic.com"; + privateDnsHostname = "vpncts-nx.dnscheck.grapheneos.org"; Settings.Global.putString(cr, PRIVATE_DNS_SPECIFIER_SETTING, privateDnsHostname); Settings.Global.putString(cr, PRIVATE_DNS_MODE_SETTING, PRIVATE_DNS_MODE_PROVIDER_HOSTNAME); @@ -845,7 +845,7 @@ public class VpnTest { expectPrivateDnsHostname(privateDnsHostname); - String randomName = "vpncts-" + new Random().nextInt(1000000000) + "-ds.metric.gstatic.com"; + String randomName = "vpncts-" + new Random().nextInt(1000000000) + "-ds.dnscheck.grapheneos.org"; if (strictMode) { // Strict mode private DNS is enabled. DNS lookups should fail, because the private DNS // server name is invalid. diff --git a/tests/cts/net/jni/NativeMultinetworkJni.cpp b/tests/cts/net/jni/NativeMultinetworkJni.cpp index f2214a3..d971cbf 100644 --- a/tests/cts/net/jni/NativeMultinetworkJni.cpp +++ b/tests/cts/net/jni/NativeMultinetworkJni.cpp @@ -81,7 +81,7 @@ static const int MAXPACKET = 8 * 1024; static const int TIMEOUT_MS = 15000; static const char kHostname[] = "connectivitycheck.android.com"; -static const char kNxDomainName[] = "test1-nx.metric.gstatic.com"; +static const char kNxDomainName[] = "test1-nx.dnscheck.grapheneos.org"; static const char kGoogleName[] = "www.google.com"; int makeQuery(const char* name, int qtype, uint8_t* buf, size_t buflen) { diff --git a/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp b/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp index 68bd227..9d676ba 100644 --- a/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp +++ b/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp @@ -167,13 +167,13 @@ TEST_F(NativeDnsAsyncTest, Async_Send) { TEST_F(NativeDnsAsyncTest, Async_NXDOMAIN) { uint8_t buf[MAXPACKET] = {}; - int len = res_mkquery(ns_o_query, "test1-nx.metric.gstatic.com", + int len = res_mkquery(ns_o_query, "test1-nx.dnscheck.grapheneos.org", ns_c_in, ns_t_a, nullptr, 0, nullptr, buf, sizeof(buf)); EXPECT_GT(len, 0); int fd1 = android_res_nsend(NETWORK_UNSPECIFIED, buf, len, ANDROID_RESOLV_NO_CACHE_LOOKUP); EXPECT_GE(fd1, 0); - len = res_mkquery(ns_o_query, "test2-nx.metric.gstatic.com", + len = res_mkquery(ns_o_query, "test2-nx.dnscheck.grapheneos.org", ns_c_in, ns_t_a, nullptr, 0, nullptr, buf, sizeof(buf)); EXPECT_GT(len, 0); int fd2 = android_res_nsend(NETWORK_UNSPECIFIED, buf, len, ANDROID_RESOLV_NO_CACHE_LOOKUP); @@ -183,11 +183,11 @@ TEST_F(NativeDnsAsyncTest, Async_NXDOMAIN) { expectAnswersValid(fd1, AF_INET, ns_r_nxdomain); fd1 = android_res_nquery( - NETWORK_UNSPECIFIED, "test3-nx.metric.gstatic.com", + NETWORK_UNSPECIFIED, "test3-nx.dnscheck.grapheneos.org", ns_c_in, ns_t_aaaa, ANDROID_RESOLV_NO_CACHE_LOOKUP); EXPECT_GE(fd1, 0); fd2 = android_res_nquery( - NETWORK_UNSPECIFIED, "test4-nx.metric.gstatic.com", + NETWORK_UNSPECIFIED, "test4-nx.dnscheck.grapheneos.org", ns_c_in, ns_t_aaaa, ANDROID_RESOLV_NO_CACHE_LOOKUP); EXPECT_GE(fd2, 0); expectAnswersValid(fd2, AF_INET6, ns_r_nxdomain); diff --git a/tests/cts/net/src/android/net/cts/DnsResolverTest.java b/tests/cts/net/src/android/net/cts/DnsResolverTest.java index 752891f..63e9c04 100644 --- a/tests/cts/net/src/android/net/cts/DnsResolverTest.java +++ b/tests/cts/net/src/android/net/cts/DnsResolverTest.java @@ -95,7 +95,7 @@ public class DnsResolverTest { }; static final String TEST_DOMAIN = "www.google.com"; - static final String TEST_NX_DOMAIN = "test1-nx.metric.gstatic.com"; + static final String TEST_NX_DOMAIN = "test1-nx.dnscheck.grapheneos.org"; static final String INVALID_PRIVATE_DNS_SERVER = "invalid.google"; static final String GOOGLE_PRIVATE_DNS_SERVER = "dns.google"; static final byte[] TEST_BLOB = new byte[]{ diff --git a/tests/unit/java/com/android/server/connectivity/DnsManagerTest.java b/tests/unit/java/com/android/server/connectivity/DnsManagerTest.java index ea3d2dd..1757b2e 100644 --- a/tests/unit/java/com/android/server/connectivity/DnsManagerTest.java +++ b/tests/unit/java/com/android/server/connectivity/DnsManagerTest.java @@ -142,8 +142,8 @@ public class DnsManagerTest { mDnsManager.getPrivateDnsConfig()); LinkProperties lp = new LinkProperties(); lp.setInterfaceName(TEST_IFACENAME); - lp.addDnsServer(InetAddress.getByName("3.3.3.3")); - lp.addDnsServer(InetAddress.getByName("4.4.4.4")); + lp.addDnsServer(InetAddress.getByName("9.9.9.9")); + lp.addDnsServer(InetAddress.getByName("9.9.9.9")); // Send a validation event that is tracked on the alternate netId final NetworkCapabilities nc = new NetworkCapabilities(); @@ -156,7 +156,7 @@ public class DnsManagerTest { mDnsManager.flushVmDnsCache(); mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID_ALTERNATE, - InetAddress.parseNumericAddress("4.4.4.4"), "", + InetAddress.parseNumericAddress("9.9.9.9"), "", VALIDATION_RESULT_SUCCESS)); LinkProperties fixedLp = new LinkProperties(lp); mDnsManager.updatePrivateDnsStatus(TEST_NETID, fixedLp); @@ -166,7 +166,7 @@ public class DnsManagerTest { mDnsManager.updatePrivateDnsStatus(TEST_NETID_ALTERNATE, fixedLp); assertTrue(fixedLp.isPrivateDnsActive()); assertNull(fixedLp.getPrivateDnsServerName()); - assertEquals(Arrays.asList(InetAddress.getByName("4.4.4.4")), + assertEquals(Arrays.asList(InetAddress.getByName("9.9.9.9")), fixedLp.getValidatedPrivateDnsServers()); // Set up addresses for strict mode and switch to it. @@ -181,7 +181,7 @@ public class DnsManagerTest { ConnectivitySettingsManager.setPrivateDnsHostname(mCtx, "strictmode.com"); mDnsManager.updatePrivateDns(new Network(TEST_NETID), new PrivateDnsConfig("strictmode.com", new InetAddress[] { - InetAddress.parseNumericAddress("6.6.6.6"), + InetAddress.parseNumericAddress("9.9.9.9"), InetAddress.parseNumericAddress("2001:db8:66:66::1") })); mDnsManager.updateCapabilitiesForNetwork(TEST_NETID, nc); @@ -196,11 +196,11 @@ public class DnsManagerTest { // Validate one. mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID, - InetAddress.parseNumericAddress("6.6.6.6"), "strictmode.com", + InetAddress.parseNumericAddress("9.9.9.9"), "strictmode.com", VALIDATION_RESULT_SUCCESS)); fixedLp = new LinkProperties(lp); mDnsManager.updatePrivateDnsStatus(TEST_NETID, fixedLp); - assertEquals(Arrays.asList(InetAddress.parseNumericAddress("6.6.6.6")), + assertEquals(Arrays.asList(InetAddress.parseNumericAddress("9.9.9.9")), fixedLp.getValidatedPrivateDnsServers()); // Validate the 2nd one. mDnsManager.updatePrivateDnsValidation( @@ -211,7 +211,7 @@ public class DnsManagerTest { mDnsManager.updatePrivateDnsStatus(TEST_NETID, fixedLp); assertEquals(Arrays.asList( InetAddress.parseNumericAddress("2001:db8:66:66::1"), - InetAddress.parseNumericAddress("6.6.6.6")), + InetAddress.parseNumericAddress("9.9.9.9")), fixedLp.getValidatedPrivateDnsServers()); } @@ -220,7 +220,7 @@ public class DnsManagerTest { // The PrivateDnsConfig map is empty, so no validation events will // be tracked. LinkProperties lp = new LinkProperties(); - lp.addDnsServer(InetAddress.getByName("3.3.3.3")); + lp.addDnsServer(InetAddress.getByName("9.9.9.9")); final NetworkCapabilities nc = new NetworkCapabilities(); nc.setTransportTypes(TEST_TRANSPORT_TYPES); mDnsManager.updateCapabilitiesForNetwork(TEST_NETID, nc); @@ -228,7 +228,7 @@ public class DnsManagerTest { mDnsManager.flushVmDnsCache(); mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID, - InetAddress.parseNumericAddress("3.3.3.3"), "", + InetAddress.parseNumericAddress("9.9.9.9"), "", VALIDATION_RESULT_SUCCESS)); mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp); assertFalse(lp.isPrivateDnsActive()); @@ -242,7 +242,7 @@ public class DnsManagerTest { mDnsManager.flushVmDnsCache(); mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID_UNTRACKED, - InetAddress.parseNumericAddress("3.3.3.3"), "", + InetAddress.parseNumericAddress("9.9.9.9"), "", VALIDATION_RESULT_SUCCESS)); mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp); assertFalse(lp.isPrivateDnsActive()); @@ -251,7 +251,7 @@ public class DnsManagerTest { // Validation event has untracked ipAddress mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID, - InetAddress.parseNumericAddress("4.4.4.4"), "", + InetAddress.parseNumericAddress("9.9.9.9"), "", VALIDATION_RESULT_SUCCESS)); mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp); assertFalse(lp.isPrivateDnsActive()); @@ -260,7 +260,7 @@ public class DnsManagerTest { // Validation event has untracked hostname mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID, - InetAddress.parseNumericAddress("3.3.3.3"), "hostname", + InetAddress.parseNumericAddress("9.9.9.9"), "hostname", VALIDATION_RESULT_SUCCESS)); mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp); assertFalse(lp.isPrivateDnsActive()); @@ -269,7 +269,7 @@ public class DnsManagerTest { // Validation event failed mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID, - InetAddress.parseNumericAddress("3.3.3.3"), "", + InetAddress.parseNumericAddress("9.9.9.9"), "", VALIDATION_RESULT_FAILURE)); mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp); assertFalse(lp.isPrivateDnsActive()); @@ -279,7 +279,7 @@ public class DnsManagerTest { mDnsManager.removeNetwork(new Network(TEST_NETID)); mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID, - InetAddress.parseNumericAddress("3.3.3.3"), "", VALIDATION_RESULT_SUCCESS)); + InetAddress.parseNumericAddress("9.9.9.9"), "", VALIDATION_RESULT_SUCCESS)); mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp); assertFalse(lp.isPrivateDnsActive()); assertNull(lp.getPrivateDnsServerName()); @@ -293,7 +293,7 @@ public class DnsManagerTest { mDnsManager.flushVmDnsCache(); mDnsManager.updatePrivateDnsValidation( new DnsManager.PrivateDnsValidationUpdate(TEST_NETID, - InetAddress.parseNumericAddress("3.3.3.3"), "", + InetAddress.parseNumericAddress("9.9.9.9"), "", VALIDATION_RESULT_SUCCESS)); mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp); assertFalse(lp.isPrivateDnsActive()); @@ -331,8 +331,8 @@ public class DnsManagerTest { mDnsManager.getPrivateDnsConfig()); final LinkProperties lp = new LinkProperties(); lp.setInterfaceName(TEST_IFACENAME); - lp.addDnsServer(InetAddress.getByName("3.3.3.3")); - lp.addDnsServer(InetAddress.getByName("4.4.4.4")); + lp.addDnsServer(InetAddress.getByName("9.9.9.9")); + lp.addDnsServer(InetAddress.getByName("9.9.9.9")); final NetworkCapabilities nc = new NetworkCapabilities(); nc.setTransportTypes(TEST_TRANSPORT_TYPES); mDnsManager.updateCapabilitiesForNetwork(TEST_NETID, nc); @@ -345,10 +345,10 @@ public class DnsManagerTest { expectedParams.successThreshold = TEST_DEFAULT_SUCCESS_THRESHOLD_PERCENT; expectedParams.minSamples = TEST_DEFAULT_MIN_SAMPLES; expectedParams.maxSamples = TEST_DEFAULT_MAX_SAMPLES; - expectedParams.servers = new String[]{"3.3.3.3", "4.4.4.4"}; + expectedParams.servers = new String[]{"9.9.9.9", "9.9.9.9"}; expectedParams.domains = new String[]{}; expectedParams.tlsName = ""; - expectedParams.tlsServers = new String[]{"3.3.3.3", "4.4.4.4"}; + expectedParams.tlsServers = new String[]{"9.9.9.9", "9.9.9.9"}; expectedParams.transportTypes = TEST_TRANSPORT_TYPES; expectedParams.resolverOptions = null; expectedParams.meteredNetwork = true; @@ -379,9 +379,9 @@ public class DnsManagerTest { @Test public void testGetPrivateDnsConfigForNetwork() throws Exception { final Network network = new Network(TEST_NETID); - final InetAddress dnsAddr = InetAddressUtils.parseNumericAddress("3.3.3.3"); + final InetAddress dnsAddr = InetAddressUtils.parseNumericAddress("9.9.9.9"); final InetAddress[] tlsAddrs = new InetAddress[]{ - InetAddressUtils.parseNumericAddress("6.6.6.6"), + InetAddressUtils.parseNumericAddress("9.9.9.9"), InetAddressUtils.parseNumericAddress("2001:db8:66:66::1") }; final String tlsName = "strictmode.com"; -- 2.34.1