gecko-dev/netwerk/dns/TRRService.h

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef TRRService_h_
#define TRRService_h_

#include "mozilla/Atomics.h"
#include "mozilla/DataStorage.h"
#include "nsHostResolver.h"
#include "nsIObserver.h"
#include "nsWeakReference.h"

class nsIPrefBranch;

namespace mozilla {
namespace net {

class TRRService
  : public nsIObserver
  , public nsITimerCallback
  , public nsSupportsWeakReference
  , public AHostResolver
{
public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSIOBSERVER
  NS_DECL_NSITIMERCALLBACK

  TRRService();
  nsresult Init();
  nsresult Start();
  bool Enabled();

  uint32_t Mode() { return mMode; }
  bool AllowRFC1918() { return mRfc1918; }
  bool UseGET() { return mUseGET; }
  bool EarlyAAAA() { return mEarlyAAAA; }
  bool DisableIPv6() { return mDisableIPv6; }
  nsresult GetURI(nsCString &result);
  nsresult GetCredentials(nsCString &result);
  uint32_t GetRequestTimeout() { return mTRRTimeout; }

  LookupStatus CompleteLookup(nsHostRecord *, nsresult, mozilla::net::AddrInfo *, bool pb) override;
  void TRRBlacklist(const nsACString &host, bool privateBrowsing, bool aParentsToo);
  bool IsTRRBlacklisted(const nsACString &host, bool privateBrowsing, bool fullhost);

  bool MaybeBootstrap(const nsACString &possible, nsACString &result);

private:
  virtual  ~TRRService();
  nsresult ReadPrefs(const char *name);
  void GetPrefBranch(nsIPrefBranch **result);
  void MaybeConfirm();

  bool                      mInitialized;
  Atomic<uint32_t, Relaxed> mMode;
  Atomic<uint32_t, Relaxed> mTRRBlacklistExpireTime;
  Atomic<uint32_t, Relaxed> mTRRTimeout;

  Mutex mLock; // protects mPrivate* string
  nsCString mPrivateURI; // main thread only
  nsCString mPrivateCred; // main thread only
  nsCString mConfirmationNS;
  nsCString mBootstrapAddr;

  Atomic<bool, Relaxed> mWaitForCaptive; // wait for the captive portal to say OK before using TRR
  Atomic<bool, Relaxed> mRfc1918; // okay with local IP addresses in DOH responses?
  Atomic<bool, Relaxed> mCaptiveIsPassed; // set when captive portal check is passed
  Atomic<bool, Relaxed> mUseGET; // do DOH using GET requests (instead of POST)
  Atomic<bool, Relaxed> mEarlyAAAA; // allow use of AAAA results before A is in
  Atomic<bool, Relaxed> mDisableIPv6; // don't even try

  // TRR Blacklist storage
  RefPtr<DataStorage> mTRRBLStorage;
  Atomic<bool, Relaxed> mClearTRRBLStorage;

  enum ConfirmationState {
    CONFIRM_INIT = 0,
    CONFIRM_TRYING = 1,
    CONFIRM_OK = 2,
    CONFIRM_FAILED = 3
  };
  Atomic<ConfirmationState, Relaxed>  mConfirmationState;
  RefPtr<TRR> mConfirmer;
  nsCOMPtr<nsITimer> mRetryConfirmTimer;
  uint32_t mRetryConfirmInterval; // milliseconds until retry
};

extern TRRService *gTRRService;

} // namespace net
} // namespace mozilla

#endif // TRRService_h_
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3 2018-02-01 09:20:49 +00:00			`/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */`
			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`#ifndef TRRService_h_`
			`#define TRRService_h_`

			`#include "mozilla/Atomics.h"`
			`#include "mozilla/DataStorage.h"`
			`#include "nsHostResolver.h"`
			`#include "nsIObserver.h"`
			`#include "nsWeakReference.h"`

			`class nsIPrefBranch;`

			`namespace mozilla {`
			`namespace net {`

			`class TRRService`
			`: public nsIObserver`
bug 1441391 - TRR: restart failed NS confirms in TRR-only mode r=valentin MozReview-Commit-ID: FHw3Zx07iFG --HG-- extra : rebase_source : 55a09920127aa54e542ed736b92ca6fda63f889c 2018-03-09 08:05:48 +00:00			`, public nsITimerCallback`
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3 2018-02-01 09:20:49 +00:00			`, public nsSupportsWeakReference`
			`, public AHostResolver`
			`{`
			`public:`
			`NS_DECL_THREADSAFE_ISUPPORTS`
			`NS_DECL_NSIOBSERVER`
bug 1441391 - TRR: restart failed NS confirms in TRR-only mode r=valentin MozReview-Commit-ID: FHw3Zx07iFG --HG-- extra : rebase_source : 55a09920127aa54e542ed736b92ca6fda63f889c 2018-03-09 08:05:48 +00:00			`NS_DECL_NSITIMERCALLBACK`
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3 2018-02-01 09:20:49 +00:00
			`TRRService();`
			`nsresult Init();`
			`nsresult Start();`
			`bool Enabled();`

			`uint32_t Mode() { return mMode; }`
			`bool AllowRFC1918() { return mRfc1918; }`
			`bool UseGET() { return mUseGET; }`
bug 1443489 - TRR: require a pref set to allow early AAAA responses r=valentin Early AAAA responses might cause issues on hosts without working native IPv6 connectivity, of course especially notable in TRR-only mode. MozReview-Commit-ID: 6ZqE6AKnucH --HG-- extra : rebase_source : ff42cb8daf941a3fa1f7e783c76d823e879024c3 2018-03-06 15:07:29 +00:00			`bool EarlyAAAA() { return mEarlyAAAA; }`
bug 1444858 - TRR: respect network.dns.disableIPv6 r=valentin MozReview-Commit-ID: 18STac9ASIB --HG-- extra : rebase_source : e3e8956feee2ec9e4dfe438e1b6c20dc0c478ab9 2018-03-12 12:19:22 +00:00			`bool DisableIPv6() { return mDisableIPv6; }`
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3 2018-02-01 09:20:49 +00:00			`nsresult GetURI(nsCString &result);`
			`nsresult GetCredentials(nsCString &result);`
			`uint32_t GetRequestTimeout() { return mTRRTimeout; }`

			`LookupStatus CompleteLookup(nsHostRecord , nsresult, mozilla::net::AddrInfo , bool pb) override;`
			`void TRRBlacklist(const nsACString &host, bool privateBrowsing, bool aParentsToo);`
			`bool IsTRRBlacklisted(const nsACString &host, bool privateBrowsing, bool fullhost);`

			`bool MaybeBootstrap(const nsACString &possible, nsACString &result);`

			`private:`
			`virtual ~TRRService();`
			`nsresult ReadPrefs(const char *name);`
			`void GetPrefBranch(nsIPrefBranch **result);`
			`void MaybeConfirm();`

			`bool mInitialized;`
			`Atomic<uint32_t, Relaxed> mMode;`
			`Atomic<uint32_t, Relaxed> mTRRBlacklistExpireTime;`
			`Atomic<uint32_t, Relaxed> mTRRTimeout;`

			`Mutex mLock; // protects mPrivate* string`
			`nsCString mPrivateURI; // main thread only`
			`nsCString mPrivateCred; // main thread only`
			`nsCString mConfirmationNS;`
			`nsCString mBootstrapAddr;`

			`Atomic<bool, Relaxed> mWaitForCaptive; // wait for the captive portal to say OK before using TRR`
			`Atomic<bool, Relaxed> mRfc1918; // okay with local IP addresses in DOH responses?`
			`Atomic<bool, Relaxed> mCaptiveIsPassed; // set when captive portal check is passed`
			`Atomic<bool, Relaxed> mUseGET; // do DOH using GET requests (instead of POST)`
bug 1443489 - TRR: require a pref set to allow early AAAA responses r=valentin Early AAAA responses might cause issues on hosts without working native IPv6 connectivity, of course especially notable in TRR-only mode. MozReview-Commit-ID: 6ZqE6AKnucH --HG-- extra : rebase_source : ff42cb8daf941a3fa1f7e783c76d823e879024c3 2018-03-06 15:07:29 +00:00			`Atomic<bool, Relaxed> mEarlyAAAA; // allow use of AAAA results before A is in`
bug 1444858 - TRR: respect network.dns.disableIPv6 r=valentin MozReview-Commit-ID: 18STac9ASIB --HG-- extra : rebase_source : e3e8956feee2ec9e4dfe438e1b6c20dc0c478ab9 2018-03-12 12:19:22 +00:00			`Atomic<bool, Relaxed> mDisableIPv6; // don't even try`
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3 2018-02-01 09:20:49 +00:00
			`// TRR Blacklist storage`
			`RefPtr<DataStorage> mTRRBLStorage;`
			`Atomic<bool, Relaxed> mClearTRRBLStorage;`

			`enum ConfirmationState {`
			`CONFIRM_INIT = 0,`
			`CONFIRM_TRYING = 1,`
			`CONFIRM_OK = 2,`
			`CONFIRM_FAILED = 3`
			`};`
			`Atomic<ConfirmationState, Relaxed> mConfirmationState;`
bug 1441391 - TRR: restart failed NS confirms in TRR-only mode r=valentin MozReview-Commit-ID: FHw3Zx07iFG --HG-- extra : rebase_source : 55a09920127aa54e542ed736b92ca6fda63f889c 2018-03-09 08:05:48 +00:00			`RefPtr<TRR> mConfirmer;`
			`nsCOMPtr<nsITimer> mRetryConfirmTimer;`
			`uint32_t mRetryConfirmInterval; // milliseconds until retry`
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3 2018-02-01 09:20:49 +00:00			`};`

			`extern TRRService *gTRRService;`

			`} // namespace net`
			`} // namespace mozilla`

			`#endif // TRRService_h_`