Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-23 02:05:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c30e6dfbac
gecko-dev/netwerk/dns/TRRService.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

130 lines
4.6 KiB
C
Raw Normal View History

bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef TRRService_h_
#define TRRService_h_
#include "mozilla/Atomics.h"
#include "mozilla/DataStorage.h"
#include "nsHostResolver.h"
#include "nsIObserver.h"
#include "nsWeakReference.h"
Bug 1570732 - Skip trr when parental control is enabled r=dragana Differential Revision: https://phabricator.services.mozilla.com/D42489 --HG-- extra : moz-landing-system : lando
2019-08-23 21:17:15 +00:00
class nsDNSService;
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
class nsIPrefBranch;
namespace mozilla {
namespace net {
class TRRService : public nsIObserver,
bug 1441391 - TRR: restart failed NS confirms in TRR-only mode r=valentin MozReview-Commit-ID: FHw3Zx07iFG --HG-- extra : rebase_source : 55a09920127aa54e542ed736b92ca6fda63f889c
2018-03-09 08:05:48 +00:00
public nsITimerCallback,
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
public nsSupportsWeakReference,
public AHostResolver {
public:
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSIOBSERVER
bug 1441391 - TRR: restart failed NS confirms in TRR-only mode r=valentin MozReview-Commit-ID: FHw3Zx07iFG --HG-- extra : rebase_source : 55a09920127aa54e542ed736b92ca6fda63f889c
2018-03-09 08:05:48 +00:00
NS_DECL_NSITIMERCALLBACK
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
TRRService();
nsresult Init();
nsresult Start();
bool Enabled();
uint32_t Mode() { return mMode; }
bool AllowRFC1918() { return mRfc1918; }
bool UseGET() { return mUseGET; }
bug 1443489 - TRR: require a pref set to allow early AAAA responses r=valentin Early AAAA responses might cause issues on hosts without working native IPv6 connectivity, of course especially notable in TRR-only mode. MozReview-Commit-ID: 6ZqE6AKnucH --HG-- extra : rebase_source : ff42cb8daf941a3fa1f7e783c76d823e879024c3
2018-03-06 15:07:29 +00:00
bool EarlyAAAA() { return mEarlyAAAA; }
Bug 1518730 - Only send AAAA TRR requests when the system has IPv6 connectivity r=dragana This is an optimization. If we detect that the system can't use the IPv6 address, there's no point in making a request for it. Depends on D33475 Differential Revision: https://phabricator.services.mozilla.com/D33476 --HG-- extra : moz-landing-system : lando
2019-06-03 21:17:08 +00:00
bool CheckIPv6Connectivity() { return mCheckIPv6Connectivity; }
Bug 1518730 - Wait for both A and AAAA responses to come back before notifying the listeners r=dragana This way we preserve the behaviour of getaddrinfo, where both A and AAAA responses come back at the same time. Without this Firefox will always be biased, as the first request will usually be resolved first. So if we requested IPv4 first, we'd mostly be using IPv4. If we requested IPv6 first, normally we'll wait for the IPv4 response to come back too, which is functionally equivalent to the new behaviour. However, if the pref is set network.trr.early-AAAA;true then we'd use the IPv6 response immediately, possibly leading to a failed request if the IPv6 connection fails before we have an IPv4 address to fall back to. A test for this patch was added in bug 1542561. Depends on D33476 Differential Revision: https://phabricator.services.mozilla.com/D33477 --HG-- extra : moz-landing-system : lando
2019-06-03 21:13:22 +00:00
bool WaitForAllResponses() { return mWaitForAllResponses; }
bug 1444858 - TRR: respect network.dns.disableIPv6 r=valentin MozReview-Commit-ID: 18STac9ASIB --HG-- extra : rebase_source : e3e8956feee2ec9e4dfe438e1b6c20dc0c478ab9
2018-03-12 12:19:22 +00:00
bool DisableIPv6() { return mDisableIPv6; }
bug 1466462 - TRR: disable EDNS Client Subnet by default r=mcmanus Set the "network.trr.disable-ECS" pref to false to disable. MozReview-Commit-ID: GE6L8Vpvuu0 Differential Revision: https://phabricator.services.mozilla.com/D2933 --HG-- extra : moz-landing-system : lando
2018-08-13 15:45:15 +00:00
bool DisableECS() { return mDisableECS; }
Bug 1547143 - Format the tree: Be prescriptive with the pointer style (left) r=Ehsan # ignore-this-changeset Depends on D28954 Differential Revision: https://phabricator.services.mozilla.com/D28956 --HG-- extra : moz-landing-system : lando
2019-05-01 08:47:10 +00:00
nsresult GetURI(nsCString& result);
nsresult GetCredentials(nsCString& result);
Bug 1575780 - We need a long request's timeout for trronly mode. r=mayhemer Differential Revision: https://phabricator.services.mozilla.com/D43410 --HG-- extra : moz-landing-system : lando
2019-08-26 19:52:20 +00:00
uint32_t GetRequestTimeout();
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
Bug 1547143 - Format the tree: Be prescriptive with the pointer style (left) r=Ehsan # ignore-this-changeset Depends on D28954 Differential Revision: https://phabricator.services.mozilla.com/D28956 --HG-- extra : moz-landing-system : lando
2019-05-01 08:47:10 +00:00
LookupStatus CompleteLookup(nsHostRecord*, nsresult, mozilla::net::AddrInfo*,
bool pb,
const nsACString& aOriginSuffix) override;
LookupStatus CompleteLookupByType(nsHostRecord*, nsresult,
const nsTArray<nsCString>*, uint32_t,
Bug 1473736 - Implement necko part of ESNI r=mak,kmag,mcmanus --HG-- extra : rebase_source : be79870960953ef9535ccb6a440515ec4a8232d5 extra : histedit_source : 8096ab2eaf246cbbeb97bace0531b86b8c69ff66
2018-09-22 20:54:11 +00:00
bool pb) override;
Bug 1547143 - Format the tree: Be prescriptive with the pointer style (left) r=Ehsan # ignore-this-changeset Depends on D28954 Differential Revision: https://phabricator.services.mozilla.com/D28956 --HG-- extra : moz-landing-system : lando
2019-05-01 08:47:10 +00:00
void TRRBlacklist(const nsACString& host, const nsACString& originSuffix,
bug 1500549 - make TRR Blacklist use originSuffix r=valentin MozReview-Commit-ID: 5nOZefVlqRE Differential Revision: https://phabricator.services.mozilla.com/D9391 --HG-- extra : moz-landing-system : lando
2018-10-22 15:38:18 +00:00
bool privateBrowsing, bool aParentsToo);
Bug 1547143 - Format the tree: Be prescriptive with the pointer style (left) r=Ehsan # ignore-this-changeset Depends on D28954 Differential Revision: https://phabricator.services.mozilla.com/D28956 --HG-- extra : moz-landing-system : lando
2019-05-01 08:47:10 +00:00
bool IsTRRBlacklisted(const nsACString& aHost,
const nsACString& aOriginSuffix, bool aPrivateBrowsing,
bug 1500549 - make TRR Blacklist use originSuffix r=valentin MozReview-Commit-ID: 5nOZefVlqRE Differential Revision: https://phabricator.services.mozilla.com/D9391 --HG-- extra : moz-landing-system : lando
2018-10-22 15:38:18 +00:00
bool aParentsToo);
Bug 1547143 - Format the tree: Be prescriptive with the pointer style (left) r=Ehsan # ignore-this-changeset Depends on D28954 Differential Revision: https://phabricator.services.mozilla.com/D28956 --HG-- extra : moz-landing-system : lando
2019-05-01 08:47:10 +00:00
bool IsExcludedFromTRR(const nsACString& aHost);
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
Bug 1547143 - Format the tree: Be prescriptive with the pointer style (left) r=Ehsan # ignore-this-changeset Depends on D28954 Differential Revision: https://phabricator.services.mozilla.com/D28956 --HG-- extra : moz-landing-system : lando
2019-05-01 08:47:10 +00:00
bool MaybeBootstrap(const nsACString& possible, nsACString& result);
bug 1497438 - collect telemetry for TRR request success/time-out rate r=dragana Introducing DNS_TRR_SUCCESS MozReview-Commit-ID: Buz5nHEr8TK Differential Revision: https://phabricator.services.mozilla.com/D8509 --HG-- extra : moz-landing-system : lando
2018-10-17 07:59:43 +00:00
enum TrrOkay { OKAY_NORMAL = 0, OKAY_TIMEOUT = 1, OKAY_BAD = 2 };
void TRRIsOkay(enum TrrOkay aReason);
Bug 1570732 - Skip trr when parental control is enabled r=dragana Differential Revision: https://phabricator.services.mozilla.com/D42489 --HG-- extra : moz-landing-system : lando
2019-08-23 21:17:15 +00:00
bool ParentalControlEnabled() const { return mParentalControlEnabled; }
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
private:
virtual ~TRRService();
Bug 1547143 - Format the tree: Be prescriptive with the pointer style (left) r=Ehsan # ignore-this-changeset Depends on D28954 Differential Revision: https://phabricator.services.mozilla.com/D28956 --HG-- extra : moz-landing-system : lando
2019-05-01 08:47:10 +00:00
nsresult ReadPrefs(const char* name);
void GetPrefBranch(nsIPrefBranch** result);
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
void MaybeConfirm();
Bug 1521639 - Fix locking in TRRService. r=valentin Differential Revision: https://phabricator.services.mozilla.com/D17822 --HG-- extra : moz-landing-system : lando
2019-02-01 20:46:00 +00:00
void MaybeConfirm_locked();
Bug 1570732 - Skip trr when parental control is enabled r=dragana Differential Revision: https://phabricator.services.mozilla.com/D42489 --HG-- extra : moz-landing-system : lando
2019-08-23 21:17:15 +00:00
friend class ::nsDNSService;
void GetParentalControlEnabledInternal();
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
bool mInitialized;
Atomic<uint32_t, Relaxed> mMode;
Atomic<uint32_t, Relaxed> mTRRBlacklistExpireTime;
Bug 1521639 - Fix locking in TRRService. r=valentin Differential Revision: https://phabricator.services.mozilla.com/D17822 --HG-- extra : moz-landing-system : lando
2019-02-01 20:46:00 +00:00
Mutex mLock;
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
nsCString mPrivateURI; // main thread only
nsCString mPrivateCred; // main thread only
nsCString mConfirmationNS;
nsCString mBootstrapAddr;
Atomic<bool, Relaxed> mWaitForCaptive; // wait for the captive portal to say
// OK before using TRR
Atomic<bool, Relaxed>
mRfc1918; // okay with local IP addresses in DOH responses?
Atomic<bool, Relaxed>
mCaptiveIsPassed; // set when captive portal check is passed
Atomic<bool, Relaxed> mUseGET; // do DOH using GET requests (instead of POST)
bug 1443489 - TRR: require a pref set to allow early AAAA responses r=valentin Early AAAA responses might cause issues on hosts without working native IPv6 connectivity, of course especially notable in TRR-only mode. MozReview-Commit-ID: 6ZqE6AKnucH --HG-- extra : rebase_source : ff42cb8daf941a3fa1f7e783c76d823e879024c3
2018-03-06 15:07:29 +00:00
Atomic<bool, Relaxed> mEarlyAAAA; // allow use of AAAA results before A is in
Bug 1518730 - Only send AAAA TRR requests when the system has IPv6 connectivity r=dragana This is an optimization. If we detect that the system can't use the IPv6 address, there's no point in making a request for it. Depends on D33475 Differential Revision: https://phabricator.services.mozilla.com/D33476 --HG-- extra : moz-landing-system : lando
2019-06-03 21:17:08 +00:00
Atomic<bool, Relaxed> mCheckIPv6Connectivity; // check IPv6 connectivity
Bug 1518730 - Wait for both A and AAAA responses to come back before notifying the listeners r=dragana This way we preserve the behaviour of getaddrinfo, where both A and AAAA responses come back at the same time. Without this Firefox will always be biased, as the first request will usually be resolved first. So if we requested IPv4 first, we'd mostly be using IPv4. If we requested IPv6 first, normally we'll wait for the IPv4 response to come back too, which is functionally equivalent to the new behaviour. However, if the pref is set network.trr.early-AAAA;true then we'd use the IPv6 response immediately, possibly leading to a failed request if the IPv6 connection fails before we have an IPv4 address to fall back to. A test for this patch was added in bug 1542561. Depends on D33476 Differential Revision: https://phabricator.services.mozilla.com/D33477 --HG-- extra : moz-landing-system : lando
2019-06-03 21:13:22 +00:00
Atomic<bool, Relaxed> mWaitForAllResponses; // Don't notify until all are in
Atomic<bool, Relaxed> mDisableIPv6; // don't even try
Bug 1518730 - Only send AAAA TRR requests when the system has IPv6 connectivity r=dragana This is an optimization. If we detect that the system can't use the IPv6 address, there's no point in making a request for it. Depends on D33475 Differential Revision: https://phabricator.services.mozilla.com/D33476 --HG-- extra : moz-landing-system : lando
2019-06-03 21:17:08 +00:00
Atomic<bool, Relaxed> mDisableECS; // disable EDNS Client Subnet in requests
bug 1495523 - disable TRR after max-fails number of failed requests r=valentin MozReview-Commit-ID: 2dSEY6DuP2A Differential Revision: https://phabricator.services.mozilla.com/D7587 --HG-- extra : moz-landing-system : lando
2018-10-03 11:53:46 +00:00
Atomic<uint32_t, Relaxed>
mDisableAfterFails; // this many fails in a row means failed TRR service
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
// TRR Blacklist storage
Bug 1521639 - Fix locking in TRRService. r=valentin Differential Revision: https://phabricator.services.mozilla.com/D17822 --HG-- extra : moz-landing-system : lando
2019-02-01 20:46:00 +00:00
// mTRRBLStorage is only modified on the main thread, but we query whether it
// is initialized or not off the main thread as well. Therefore we need to
// lock while creating it and while accessing it off the main thread.
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
RefPtr<DataStorage> mTRRBLStorage;
Atomic<bool, Relaxed> mClearTRRBLStorage;
Bug 1450893 - Add pref for list of domains excluded from TRR r=dragana Differential Revision: https://phabricator.services.mozilla.com/D24291 --HG-- extra : moz-landing-system : lando
2019-03-21 12:41:41 +00:00
// A set of domains that we should not use TRR for.
nsTHashtable<nsCStringHashKey> mExcludedDomains;
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
enum ConfirmationState {
CONFIRM_INIT = 0,
CONFIRM_TRYING = 1,
CONFIRM_OK = 2,
CONFIRM_FAILED = 3
};
Atomic<ConfirmationState, Relaxed> mConfirmationState;
bug 1441391 - TRR: restart failed NS confirms in TRR-only mode r=valentin MozReview-Commit-ID: FHw3Zx07iFG --HG-- extra : rebase_source : 55a09920127aa54e542ed736b92ca6fda63f889c
2018-03-09 08:05:48 +00:00
RefPtr<TRR> mConfirmer;
nsCOMPtr<nsITimer> mRetryConfirmTimer;
uint32_t mRetryConfirmInterval; // milliseconds until retry
bug 1495523 - disable TRR after max-fails number of failed requests r=valentin MozReview-Commit-ID: 2dSEY6DuP2A Differential Revision: https://phabricator.services.mozilla.com/D7587 --HG-- extra : moz-landing-system : lando
2018-10-03 11:53:46 +00:00
Atomic<uint32_t, Relaxed> mTRRFailures;
Bug 1570732 - Skip trr when parental control is enabled r=dragana Differential Revision: https://phabricator.services.mozilla.com/D42489 --HG-- extra : moz-landing-system : lando
2019-08-23 21:17:15 +00:00
bool mParentalControlEnabled;
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
};
Bug 1547143 - Format the tree: Be prescriptive with the pointer style (left) r=Ehsan # ignore-this-changeset Depends on D28954 Differential Revision: https://phabricator.services.mozilla.com/D28956 --HG-- extra : moz-landing-system : lando
2019-05-01 08:47:10 +00:00
extern TRRService* gTRRService;
bug 1434852 - introducing TRR (DOH); r=mcmanus,valentin Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
2018-02-01 09:20:49 +00:00
} // namespace net
} // namespace mozilla
#endif // TRRService_h_
Reference in New Issue Copy Permalink