diff --git a/dom/security/nsHTTPSOnlyUtils.cpp b/dom/security/nsHTTPSOnlyUtils.cpp index 3e113a121a0f..b934d24b4b4b 100644 --- a/dom/security/nsHTTPSOnlyUtils.cpp +++ b/dom/security/nsHTTPSOnlyUtils.cpp @@ -380,14 +380,14 @@ bool nsHTTPSOnlyUtils::LoopbackOrLocalException(nsIURI* aURI) { mozilla::net::NetAddr addr(&tempAddr); // Loopback IPs are always exempt - if (addr.IsLoopbackAddr()) { + if (IsLoopBackAddress(&addr)) { return true; } // Local IP exception can get disabled with a pref bool upgradeLocal = mozilla::StaticPrefs::dom_security_https_only_mode_upgrade_local(); - return (!upgradeLocal && addr.IsIPAddrLocal()); + return (!upgradeLocal && IsIPAddrLocal(&addr)); } ///////////////////////////////////////////////////////////////////// diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index 6158372435a1..92d5121b5074 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -251,7 +251,7 @@ bool nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost( // address, whereas for IPv4 127.0.0.1/8 are considered as potentially // trustworthy. We already handled "[::1]" above, so all that's remained to // handle here are IPv4 loopback addresses. - return addr.IsIPAddrV4() && addr.IsLoopbackAddr(); + return IsIPAddrV4(&addr) && IsLoopBackAddress(&addr); } bool nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL) { diff --git a/netwerk/base/ProxyAutoConfig.cpp b/netwerk/base/ProxyAutoConfig.cpp index a89840ad3d65..831f18d47314 100644 --- a/netwerk/base/ProxyAutoConfig.cpp +++ b/netwerk/base/ProxyAutoConfig.cpp @@ -498,7 +498,7 @@ static bool PACResolveToString(const nsCString& aHostName, if (!PACResolve(aHostName, &netAddr, aTimeout)) return false; char dottedDecimal[128]; - if (!netAddr.ToStringBuffer(dottedDecimal, sizeof(dottedDecimal))) + if (!NetAddrToString(&netAddr, dottedDecimal, sizeof(dottedDecimal))) return false; aDottedDecimal.Assign(dottedDecimal); diff --git a/netwerk/base/nsINetAddr.idl b/netwerk/base/nsINetAddr.idl index bbbcd28c0e52..ab6d2f6d6d4a 100644 --- a/netwerk/base/nsINetAddr.idl +++ b/netwerk/base/nsINetAddr.idl @@ -33,7 +33,7 @@ interface nsINetAddr : nsISupports /** * @return Either the IP address (FAMILY_INET, FAMILY_INET6) or the path * (FAMILY_LOCAL) in string form. IP addresses are in the format produced by - * mozilla::net::NetAddr::ToStringBuffer. + * mozilla::net::NetAddrToString. * * Note: Paths for FAMILY_LOCAL may have length limitations which are * implementation dependent and not documented as part of this interface. diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index f03a7795ed94..a7f94dd23252 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -739,7 +739,7 @@ nsresult nsIOService::RecheckCaptivePortalIfLocalRedirect(nsIChannel* newChan) { } NetAddr netAddr(&prAddr); - if (netAddr.IsIPAddrLocal()) { + if (IsIPAddrLocal(&netAddr)) { // Redirects to local IP addresses are probably captive portals RecheckCaptivePortal(); } @@ -947,7 +947,7 @@ nsIOService::HostnameIsLocalIPAddress(nsIURI* aURI, bool* aResult) { PRStatus result = PR_StringToNetAddr(host.get(), &addr); if (result == PR_SUCCESS) { NetAddr netAddr(&addr); - if (netAddr.IsIPAddrLocal()) { + if (IsIPAddrLocal(&netAddr)) { *aResult = true; } } @@ -974,7 +974,7 @@ nsIOService::HostnameIsSharedIPAddress(nsIURI* aURI, bool* aResult) { PRStatus result = PR_StringToNetAddr(host.get(), &addr); if (result == PR_SUCCESS) { NetAddr netAddr(&addr); - if (netAddr.IsIPAddrShared()) { + if (IsIPAddrShared(&netAddr)) { *aResult = true; } } diff --git a/netwerk/base/nsNetAddr.cpp b/netwerk/base/nsNetAddr.cpp index d0cbe69baeb6..544e91874d07 100644 --- a/netwerk/base/nsNetAddr.cpp +++ b/netwerk/base/nsNetAddr.cpp @@ -37,12 +37,12 @@ NS_IMETHODIMP nsNetAddr::GetAddress(nsACString& aAddress) { /* PR_NetAddrToString can handle INET and INET6, but not LOCAL. */ case AF_INET: aAddress.SetLength(kIPv4CStrBufSize); - mAddr.ToStringBuffer(aAddress.BeginWriting(), kIPv4CStrBufSize); + NetAddrToString(&mAddr, aAddress.BeginWriting(), kIPv4CStrBufSize); aAddress.SetLength(strlen(aAddress.BeginReading())); break; case AF_INET6: aAddress.SetLength(kIPv6CStrBufSize); - mAddr.ToStringBuffer(aAddress.BeginWriting(), kIPv6CStrBufSize); + NetAddrToString(&mAddr, aAddress.BeginWriting(), kIPv6CStrBufSize); aAddress.SetLength(strlen(aAddress.BeginReading())); break; #if defined(XP_UNIX) diff --git a/netwerk/base/nsSocketTransport2.cpp b/netwerk/base/nsSocketTransport2.cpp index 558dd29ae145..55dc44ed6931 100644 --- a/netwerk/base/nsSocketTransport2.cpp +++ b/netwerk/base/nsSocketTransport2.cpp @@ -892,7 +892,7 @@ nsresult nsSocketTransport::InitWithConnectedSocket(PRFileDesc* fd, NS_ASSERTION(!mFD.IsInitialized(), "already initialized"); char buf[kNetAddrMaxCStrBufSize]; - addr->ToStringBuffer(buf, sizeof(buf)); + NetAddrToString(addr, buf, sizeof(buf)); mHost.Assign(buf); uint16_t port; @@ -1310,8 +1310,8 @@ nsresult nsSocketTransport::InitiateSocket() { #endif if (NS_SUCCEEDED(mCondition) && xpc::AreNonLocalConnectionsDisabled() && - !(mNetAddr.IsIPAddrAny() || mNetAddr.IsIPAddrLocal() || - mNetAddr.IsIPAddrShared())) { + !(IsIPAddrAny(&mNetAddr) || IsIPAddrLocal(&mNetAddr) || + IsIPAddrShared(&mNetAddr))) { nsAutoCString ipaddr; RefPtr netaddr = new nsNetAddr(&mNetAddr); netaddr->GetAddress(ipaddr); @@ -1333,12 +1333,12 @@ nsresult nsSocketTransport::InitiateSocket() { // Hosts/Proxy Hosts that are Local IP Literals should not be speculatively // connected - Bug 853423. if (mConnectionFlags & nsISocketTransport::DISABLE_RFC1918 && - mNetAddr.IsIPAddrLocal()) { + IsIPAddrLocal(&mNetAddr)) { if (SOCKET_LOG_ENABLED()) { nsAutoCString netAddrCString; netAddrCString.SetLength(kIPv6CStrBufSize); - if (!mNetAddr.ToStringBuffer(netAddrCString.BeginWriting(), - kIPv6CStrBufSize)) + if (!NetAddrToString(&mNetAddr, netAddrCString.BeginWriting(), + kIPv6CStrBufSize)) netAddrCString = ""_ns; SOCKET_LOG( ("nsSocketTransport::InitiateSocket skipping " @@ -1522,7 +1522,7 @@ nsresult nsSocketTransport::InitiateSocket() { if (SOCKET_LOG_ENABLED()) { char buf[kNetAddrMaxCStrBufSize]; - mNetAddr.ToStringBuffer(buf, sizeof(buf)); + NetAddrToString(&mNetAddr, buf, sizeof(buf)); SOCKET_LOG((" trying address: %s\n", buf)); } @@ -2526,7 +2526,7 @@ void nsSocketTransport::IsLocal(bool* aIsLocal) { } #endif - *aIsLocal = mNetAddr.IsLoopbackAddr(); + *aIsLocal = IsLoopBackAddress(&mNetAddr); } } diff --git a/netwerk/base/nsUDPSocket.cpp b/netwerk/base/nsUDPSocket.cpp index 12d1cf4874e0..6ddab827b93b 100644 --- a/netwerk/base/nsUDPSocket.cpp +++ b/netwerk/base/nsUDPSocket.cpp @@ -70,7 +70,7 @@ static nsresult CheckIOStatus(const NetAddr* aAddr) { return NS_ERROR_FAILURE; } - if (gIOService->IsOffline() && !aAddr->IsLoopbackAddr()) { + if (gIOService->IsOffline() && !IsLoopBackAddress(aAddr)) { return NS_ERROR_OFFLINE; } @@ -472,7 +472,7 @@ void nsUDPSocket::OnSocketDetached(PRFileDesc* fd) { void nsUDPSocket::IsLocal(bool* aIsLocal) { // If bound to loopback, this UDP socket only accepts local connections. - *aIsLocal = mAddr.IsLoopbackAddr(); + *aIsLocal = IsLoopBackAddress(&mAddr); } //----------------------------------------------------------------------------- @@ -567,7 +567,7 @@ nsUDPSocket::InitWithAddress(const NetAddr* aAddr, nsIPrincipal* aPrincipal, } uint16_t port; - if (NS_FAILED(aAddr->GetPort(&port))) { + if (NS_FAILED(net::GetPort(aAddr, &port))) { NS_WARNING("invalid bind address"); goto fail; } @@ -684,7 +684,7 @@ NS_IMETHODIMP nsUDPSocket::GetPort(int32_t* aResult) { // no need to enter the lock here uint16_t result; - nsresult rv = mAddr.GetPort(&result); + nsresult rv = net::GetPort(&mAddr, &result); *aResult = static_cast(result); return rv; } diff --git a/netwerk/dns/DNS.cpp b/netwerk/dns/DNS.cpp index ad4db1710832..71263654c296 100644 --- a/netwerk/dns/DNS.cpp +++ b/netwerk/dns/DNS.cpp @@ -98,8 +98,7 @@ void NetAddrToPRNetAddr(const NetAddr* addr, PRNetAddr* prAddr) { #endif } -bool NetAddr::ToStringBuffer(char* buf, uint32_t bufSize) const { - const NetAddr* addr = this; +bool NetAddrToString(const NetAddr* addr, char* buf, uint32_t bufSize) { if (addr->raw.family == AF_INET) { if (bufSize < INET_ADDRSTRLEN) { return false; @@ -139,8 +138,7 @@ bool NetAddr::ToStringBuffer(char* buf, uint32_t bufSize) const { return false; } -bool NetAddr::IsLoopbackAddr() const { - const NetAddr* addr = this; +bool IsLoopBackAddress(const NetAddr* addr) { if (addr->raw.family == AF_INET) { // Consider 127.0.0.1/8 as loopback uint32_t ipv4Addr = ntohl(addr->inet.ip); @@ -159,17 +157,17 @@ bool NetAddr::IsLoopbackAddr() const { return false; } -bool NetAddr::IsIPAddrAny() const { - if (this->raw.family == AF_INET) { - if (this->inet.ip == htonl(INADDR_ANY)) { +bool IsIPAddrAny(const NetAddr* addr) { + if (addr->raw.family == AF_INET) { + if (addr->inet.ip == htonl(INADDR_ANY)) { return true; } - } else if (this->raw.family == AF_INET6) { - if (IPv6ADDR_IS_UNSPECIFIED(&this->inet6.ip)) { + } else if (addr->raw.family == AF_INET6) { + if (IPv6ADDR_IS_UNSPECIFIED(&addr->inet6.ip)) { return true; } - if (IPv6ADDR_IS_V4MAPPED(&this->inet6.ip) && - IPv6ADDR_V4MAPPED_TO_IPADDR(&this->inet6.ip) == htonl(INADDR_ANY)) { + if (IPv6ADDR_IS_V4MAPPED(&addr->inet6.ip) && + IPv6ADDR_V4MAPPED_TO_IPADDR(&addr->inet6.ip) == htonl(INADDR_ANY)) { return true; } } @@ -178,17 +176,17 @@ bool NetAddr::IsIPAddrAny() const { NetAddr::NetAddr(const PRNetAddr* prAddr) { PRNetAddrToNetAddr(prAddr, this); } -bool NetAddr::IsIPAddrV4() const { return this->raw.family == AF_INET; } +bool IsIPAddrV4(const NetAddr* addr) { return addr->raw.family == AF_INET; } -bool NetAddr::IsIPAddrV4Mapped() const { - if (this->raw.family == AF_INET6) { - return IPv6ADDR_IS_V4MAPPED(&this->inet6.ip); +bool IsIPAddrV4Mapped(const NetAddr* addr) { + if (addr->raw.family == AF_INET6) { + return IPv6ADDR_IS_V4MAPPED(&addr->inet6.ip); } return false; } -bool NetAddr::IsIPAddrLocal() const { - const NetAddr* addr = this; +bool IsIPAddrLocal(const NetAddr* addr) { + MOZ_ASSERT(addr); // IPv4 RFC1918 and Link Local Addresses. if (addr->raw.family == AF_INET) { @@ -212,8 +210,8 @@ bool NetAddr::IsIPAddrLocal() const { return false; } -bool NetAddr::IsIPAddrShared() const { - const NetAddr* addr = this; +bool IsIPAddrShared(const NetAddr* addr) { + MOZ_ASSERT(addr); // IPv4 RFC6598. if (addr->raw.family == AF_INET) { @@ -227,12 +225,12 @@ bool NetAddr::IsIPAddrShared() const { return false; } -nsresult NetAddr::GetPort(uint16_t* aResult) const { +nsresult GetPort(const NetAddr* aAddr, uint16_t* aResult) { uint16_t port; - if (this->raw.family == PR_AF_INET) { - port = this->inet.port; - } else if (this->raw.family == PR_AF_INET6) { - port = this->inet6.port; + if (aAddr->raw.family == PR_AF_INET) { + port = aAddr->inet.port; + } else if (aAddr->raw.family == PR_AF_INET6) { + port = aAddr->inet6.port; } else { return NS_ERROR_NOT_INITIALIZED; } diff --git a/netwerk/dns/DNS.h b/netwerk/dns/DNS.h index e41dd8e6bbc9..a54bcf9b5a95 100644 --- a/netwerk/dns/DNS.h +++ b/netwerk/dns/DNS.h @@ -134,15 +134,6 @@ union NetAddr { NetAddr() { memset(this, 0, sizeof(NetAddr)); } explicit NetAddr(const PRNetAddr* prAddr); - - bool IsIPAddrAny() const; - bool IsLoopbackAddr() const; - bool IsIPAddrV4() const; - bool IsIPAddrV4Mapped() const; - bool IsIPAddrLocal() const; - bool IsIPAddrShared() const; - nsresult GetPort(uint16_t* aResult) const; - bool ToStringBuffer(char* buf, uint32_t bufSize) const; }; class AddrInfo { @@ -229,6 +220,22 @@ void PRNetAddrToNetAddr(const PRNetAddr* prAddr, NetAddr* addr); // Does not do a ptr safety check! void NetAddrToPRNetAddr(const NetAddr* addr, PRNetAddr* prAddr); +bool NetAddrToString(const NetAddr* addr, char* buf, uint32_t bufSize); + +bool IsLoopBackAddress(const NetAddr* addr); + +bool IsIPAddrAny(const NetAddr* addr); + +bool IsIPAddrV4(const NetAddr* addr); + +bool IsIPAddrV4Mapped(const NetAddr* addr); + +bool IsIPAddrLocal(const NetAddr* addr); + +bool IsIPAddrShared(const NetAddr* addr); + +nsresult GetPort(const NetAddr* aAddr, uint16_t* aResult); + } // namespace net } // namespace mozilla diff --git a/netwerk/dns/DNSRequestChild.cpp b/netwerk/dns/DNSRequestChild.cpp index 657cbef1d150..b4731e6d0e7e 100644 --- a/netwerk/dns/DNSRequestChild.cpp +++ b/netwerk/dns/DNSRequestChild.cpp @@ -147,7 +147,7 @@ ChildDNSRecord::GetNextAddrAsString(nsACString& result) { } char buf[kIPv6CStrBufSize]; - if (addr.ToStringBuffer(buf, sizeof(buf))) { + if (NetAddrToString(&addr, buf, sizeof(buf))) { result.Assign(buf); return NS_OK; } diff --git a/netwerk/dns/TRR.cpp b/netwerk/dns/TRR.cpp index 0f5152fc3062..311040718356 100644 --- a/netwerk/dns/TRR.cpp +++ b/netwerk/dns/TRR.cpp @@ -1176,139 +1176,33 @@ nsresult TRR::DohDecode(nsCString& aHost) { uint16_t arRecords = get16bit(mResponse, 10); LOG(("TRR Decode: %d additional resource records (%u bytes body)\n", arRecords, mBodySize)); - - nsClassHashtable additionalRecords; while (arRecords) { - nsAutoCString qname; - rv = GetQname(qname, index); + rv = PassQName(index); if (NS_FAILED(rv)) { - LOG(("Bad qname for additional record")); return rv; } if (mBodySize < (index + 8)) { return NS_ERROR_ILLEGAL_VALUE; } - uint16_t type = get16bit(mResponse, index); - index += 2; - // The next two bytes encode class - // (or udpPayloadSize when type is TRRTYPE_OPT) - uint16_t cls = get16bit(mResponse, index); - index += 2; - // The next 4 bytes encode TTL - // (or extRCode + ednsVersion + flags when type is TRRTYPE_OPT) - uint32_t ttl = get32bit(mResponse, index); - index += 4; - // cls and ttl are unused when type is TRRTYPE_OPT + index += 2; // type + index += 2; // class + index += 4; // ttl // 16 bit RDLENGTH if (mBodySize < (index + 2)) { - LOG(("Record too small")); return NS_ERROR_ILLEGAL_VALUE; } - - uint16_t rdlength = get16bit(mResponse, index); + uint16_t RDLENGTH = get16bit(mResponse, index); index += 2; - if (mBodySize < (index + rdlength)) { - LOG(("rdlength too big")); + if (mBodySize < (index + RDLENGTH)) { return NS_ERROR_ILLEGAL_VALUE; } - - auto parseRecord = [&]() { - LOG(("Parsing additional record type: %u", type)); - auto& entry = additionalRecords.GetOrInsert(qname); - if (!entry) { - entry.reset(new DOHresp()); - } - - switch (type) { - case TRRTYPE_A: - if (kDNS_CLASS_IN != cls) { - LOG(("NOT IN - returning")); - return; - } - if (rdlength != 4) { - LOG(("TRR bad length for A (%u)\n", rdlength)); - return; - } - rv = entry->Add(ttl, mResponse, index, rdlength, mAllowRFC1918); - if (NS_FAILED(rv)) { - LOG( - ("TRR:DohDecode failed: local IP addresses or unknown IP " - "family\n")); - return; - } - break; - case TRRTYPE_AAAA: - if (kDNS_CLASS_IN != cls) { - LOG(("NOT IN - returning")); - return; - } - if (rdlength != 16) { - LOG(("TRR bad length for AAAA (%u)\n", rdlength)); - return; - } - rv = entry->Add(ttl, mResponse, index, rdlength, mAllowRFC1918); - if (NS_FAILED(rv)) { - LOG(("TRR got unique/local IPv6 address!\n")); - return; - } - break; - case TRRTYPE_OPT: { // OPT - LOG(("Parsing opt rdlen: %u", rdlength)); - unsigned int offset = 0; - while (offset + 2 <= rdlength) { - uint16_t optCode = get16bit(mResponse, index + offset); - LOG(("optCode: %u", optCode)); - offset += 2; - if (offset + 2 > rdlength) { - break; - } - uint16_t optLen = get16bit(mResponse, index + offset); - LOG(("optLen: %u", optLen)); - offset += 2; - if (offset + optLen > rdlength) { - LOG(("offset: %u, optLen: %u, rdlen: %u", offset, optLen, - rdlength)); - break; - } - - LOG(("OPT: code: %u len:%u", optCode, optLen)); - - if (optCode != 15) { - offset += optLen; - continue; - } - - // optCode == 15; Extended DNS error - - if (offset + 2 > rdlength || optLen < 2) { - break; - } - mExtendedError = get16bit(mResponse, index + offset); - - LOG(( - "Extended error code: %u message: %s", mExtendedError, - nsAutoCString((char*)mResponse + index + offset + 2, optLen - 2) - .get())); - offset += optLen; - } - break; - } - default: - break; - } - }; - - parseRecord(); - - index += rdlength; + index += RDLENGTH; LOG(("done with additional rr now %u of %u\n", index, mBodySize)); arRecords--; } - SaveAdditionalRecords(additionalRecords); - if (index != mBodySize) { LOG(("DohDecode failed to parse entire response body, %u out of %u bytes\n", index, mBodySize)); @@ -1316,8 +1210,8 @@ nsresult TRR::DohDecode(nsCString& aHost) { return NS_ERROR_ILLEGAL_VALUE; } - if ((mType != TRRTYPE_NS) && mCname.IsEmpty() && mDNS.mAddresses.IsEmpty() && - mResult.is()) { + if ((mType != TRRTYPE_NS) && mCname.IsEmpty() && + !mDNS.mAddresses.getFirst() && mResult.is()) { // no entries were stored! LOG(("TRR: No entries were stored!\n")); return NS_ERROR_FAILURE; @@ -1335,45 +1229,6 @@ nsresult TRR::DohDecode(nsCString& aHost) { return NS_OK; } -void TRR::SaveAdditionalRecords( - const nsClassHashtable& aRecords) { - if (!mRec) { - return; - } - nsresult rv; - for (auto iter = aRecords.ConstIter(); !iter.Done(); iter.Next()) { - if (iter.Data() && iter.Data()->mAddresses.IsEmpty()) { - // no point in adding empty records. - continue; - } - RefPtr hostRecord; - rv = mHostResolver->GetHostRecord( - iter.Key(), EmptyCString(), nsIDNSService::RESOLVE_TYPE_DEFAULT, - mRec->flags, AF_UNSPEC, mRec->pb, mRec->originSuffix, - getter_AddRefs(hostRecord)); - if (NS_FAILED(rv)) { - LOG(("Failed to get host record for additional record %s", - nsCString(iter.Key()).get())); - continue; - } - RefPtr ai(new AddrInfo(iter.Key(), TRRTYPE_A, - std::move(iter.Data()->mAddresses), - iter.Data()->mTtl)); - - // Since we're not actually calling NameLookup for this record, we need - // to set these fields to avoid assertions in CompleteLookup. - // This is quite hacky, and should be fixed. - hostRecord->mResolving++; - hostRecord->mEffectiveTRRMode = mRec->mEffectiveTRRMode; - RefPtr addrRec = do_QueryObject(hostRecord); - addrRec->mTrrStart = TimeStamp::Now(); - addrRec->mTrrA = this; // Hack! - LOG(("Completing lookup for additional: %s", nsCString(iter.Key()).get())); - (void)mHostResolver->CompleteLookup(hostRecord, NS_OK, ai, mPB, - mOriginSuffix, AddrHostRecord::TRR_OK); - } -} - nsresult TRR::ParseSvcParam(unsigned int svcbIndex, uint16_t key, SvcFieldValue& field, uint16_t length) { switch (key) { @@ -1515,10 +1370,21 @@ void TRR::StoreIPHintAsDNSRecord(const struct SVCB& aSVCBRecord) { nsresult TRR::ReturnData(nsIChannel* aChannel) { if (mType != TRRTYPE_TXT && mType != TRRTYPE_HTTPSSVC) { // create and populate an AddrInfo instance to pass on - RefPtr ai( - new AddrInfo(mHost, mType, nsTArray(), mDNS.mTtl)); + DOHaddr* item; + uint32_t ttl = AddrInfo::NO_TTL_DATA; + nsTArray addresses; + while ((item = static_cast(mDNS.mAddresses.popFirst()))) { + addresses.AppendElement(item->mNet); + if (item->mTtl < ttl) { + // While the DNS packet might return individual TTLs for each address, + // we can only return one value in the AddrInfo class so pick the + // lowest number. + ttl = item->mTtl; + } + } + RefPtr ai(new AddrInfo(mHost, mType, nsTArray(), ttl)); auto builder = ai->Build(); - builder.SetAddresses(std::move(mDNS.mAddresses)); + builder.SetAddresses(std::move(addresses)); // Set timings. nsCOMPtr timedChan = do_QueryInterface(aChannel); @@ -1550,31 +1416,6 @@ nsresult TRR::ReturnData(nsIChannel* aChannel) { return NS_OK; } -// https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-extended-error-16#section-4 -// This is a list of errors for which we should not fallback to Do53. -// These are normally DNSSEC failures or explicit filtering performed by the -// recursive resolver. -bool hardFail(uint16_t code) { - const uint16_t noFallbackErrors[] = { - 4, // Forged answer (malware filtering) - 6, // DNSSEC Boggus - 7, // Signature expired - 8, // Signature not yet valid - 9, // DNSKEY Missing - 10, // RRSIG missing - 11, // No ZONE Key Bit set - 12, // NSEC Missing - 17, // Filtered - }; - - for (const auto& err : noFallbackErrors) { - if (code == err) { - return true; - } - } - return false; -} - nsresult TRR::FailData(nsresult error) { if (!mHostResolver) { return NS_ERROR_FAILURE; @@ -1583,10 +1424,6 @@ nsresult TRR::FailData(nsresult error) { // If we didn't record a reason until now, record a default one. RecordReason(nsHostRecord::TRR_FAILED); - if (mExtendedError != UINT16_MAX && hardFail(mExtendedError)) { - error = NS_ERROR_DEFINITIVE_UNKNOWN_HOST; - } - if (mType == TRRTYPE_TXT || mType == TRRTYPE_HTTPSSVC) { TypeRecordResultType empty(Nothing{}); (void)mHostResolver->CompleteLookupByType(mRec, error, empty, 0, mPB); @@ -1608,7 +1445,7 @@ nsresult TRR::FailData(nsresult error) { nsresult TRR::FollowCname(nsIChannel* aChannel) { nsresult rv = NS_OK; nsAutoCString cname; - while (NS_SUCCEEDED(rv) && mDNS.mAddresses.IsEmpty() && !mCname.IsEmpty() && + while (NS_SUCCEEDED(rv) && !mDNS.mAddresses.getFirst() && !mCname.IsEmpty() && mCnameLoop > 0) { mCnameLoop--; LOG(("TRR::On200Response CNAME %s => %s (%u)\n", mHost.get(), mCname.get(), @@ -1626,7 +1463,7 @@ nsresult TRR::FollowCname(nsIChannel* aChannel) { // restore mCname as DohDecode() change it mCname = cname; - if (NS_SUCCEEDED(rv) && !mDNS.mAddresses.IsEmpty()) { + if (NS_SUCCEEDED(rv) && mDNS.mAddresses.getFirst()) { ReturnData(aChannel); return NS_OK; } @@ -1656,7 +1493,7 @@ nsresult TRR::On200Response(nsIChannel* aChannel) { return NS_ERROR_FAILURE; } - if (!mDNS.mAddresses.IsEmpty() || mType == TRRTYPE_TXT || mCname.IsEmpty()) { + if (mDNS.mAddresses.getFirst() || mType == TRRTYPE_TXT || mCname.IsEmpty()) { // pass back the response data ReturnData(aChannel); return NS_OK; @@ -1781,42 +1618,37 @@ TRR::OnDataAvailable(nsIRequest* aRequest, nsIInputStream* aInputStream, nsresult DOHresp::Add(uint32_t TTL, unsigned char* dns, unsigned int index, uint16_t len, bool aLocalAllowed) { - NetAddr addr; + auto doh = MakeUnique(); + NetAddr* addr = &doh->mNet; if (4 == len) { // IPv4 - addr.inet.family = AF_INET; - addr.inet.port = 0; // unknown - addr.inet.ip = ntohl(get32bit(dns, index)); + addr->inet.family = AF_INET; + addr->inet.port = 0; // unknown + addr->inet.ip = ntohl(get32bit(dns, index)); } else if (16 == len) { // IPv6 - addr.inet6.family = AF_INET6; - addr.inet6.port = 0; // unknown - addr.inet6.flowinfo = 0; // unknown - addr.inet6.scope_id = 0; // unknown + addr->inet6.family = AF_INET6; + addr->inet6.port = 0; // unknown + addr->inet6.flowinfo = 0; // unknown + addr->inet6.scope_id = 0; // unknown for (int i = 0; i < 16; i++, index++) { - addr.inet6.ip.u8[i] = dns[index]; + addr->inet6.ip.u8[i] = dns[index]; } } else { return NS_ERROR_UNEXPECTED; } - if (addr.IsIPAddrLocal() && !aLocalAllowed) { + if (IsIPAddrLocal(addr) && !aLocalAllowed) { return NS_ERROR_FAILURE; } - - // While the DNS packet might return individual TTLs for each address, - // we can only return one value in the AddrInfo class so pick the - // lowest number. - if (mTtl < TTL) { - mTtl = TTL; - } + doh->mTtl = TTL; if (LOG_ENABLED()) { char buf[128]; - addr.ToStringBuffer(buf, sizeof(buf)); + NetAddrToString(addr, buf, sizeof(buf)); LOG(("DOHresp:Add %s\n", buf)); } - mAddresses.AppendElement(addr); + mAddresses.insertBack(doh.release()); return NS_OK; } diff --git a/netwerk/dns/TRR.h b/netwerk/dns/TRR.h index 3f02b3bbfd9e..61f607b4fa2a 100644 --- a/netwerk/dns/TRR.h +++ b/netwerk/dns/TRR.h @@ -9,7 +9,6 @@ #include "mozilla/net/DNSByTypeRecord.h" #include "mozilla/Assertions.h" -#include "nsClassHashtable.h" #include "nsIChannel.h" #include "nsIHttpPushListener.h" #include "nsIInterfaceRequestor.h" @@ -27,21 +26,31 @@ enum TrrType { TRRTYPE_NS = 2, TRRTYPE_CNAME = 5, TRRTYPE_AAAA = 28, - TRRTYPE_OPT = 41, TRRTYPE_TXT = 16, TRRTYPE_HTTPSSVC = nsIDNSService::RESOLVE_TYPE_HTTPSSVC, // 65 }; +class DOHaddr : public LinkedListElement { + public: + NetAddr mNet; + uint32_t mTtl; +}; + class TRRService; class TRRServiceChannel; extern TRRService* gTRRService; class DOHresp { public: + ~DOHresp() { + DOHaddr* el; + while ((el = mAddresses.popLast())) { + delete el; + } + } nsresult Add(uint32_t TTL, unsigned char* dns, unsigned int index, uint16_t len, bool aLocalAllowed); - nsTArray mAddresses; - uint32_t mTtl = UINT32_MAX; + LinkedList mAddresses; }; class TRR : public Runnable, @@ -146,8 +155,6 @@ class TRR : public Runnable, nsresult FollowCname(nsIChannel* aChannel); bool UseDefaultServer(); - void SaveAdditionalRecords( - const nsClassHashtable& aRecords); nsresult CreateChannelHelper(nsIURI* aUri, nsIChannel** aResult); @@ -172,7 +179,6 @@ class TRR : public Runnable, uint32_t mCnameLoop = kCnameChaseMax; // loop detection counter bool mAllowRFC1918 = false; - uint16_t mExtendedError = UINT16_MAX; uint32_t mTTL = UINT32_MAX; TypeRecordResultType mResult = mozilla::AsVariant(Nothing()); diff --git a/netwerk/dns/nsDNSService2.cpp b/netwerk/dns/nsDNSService2.cpp index b8821012c5d8..c00a17c9e5ef 100644 --- a/netwerk/dns/nsDNSService2.cpp +++ b/netwerk/dns/nsDNSService2.cpp @@ -291,7 +291,7 @@ nsDNSRecord::GetNextAddrAsString(nsACString& result) { } char buf[kIPv6CStrBufSize]; - if (addr.ToStringBuffer(buf, sizeof(buf))) { + if (NetAddrToString(&addr, buf, sizeof(buf))) { result.Assign(buf); return NS_OK; } diff --git a/netwerk/dns/nsHostResolver.cpp b/netwerk/dns/nsHostResolver.cpp index 6945769f2fe2..b8e5707ff275 100644 --- a/netwerk/dns/nsHostResolver.cpp +++ b/netwerk/dns/nsHostResolver.cpp @@ -311,7 +311,7 @@ bool AddrHostRecord::Blacklisted(const NetAddr* aQuery) { } char buf[kIPv6CStrBufSize]; - if (!aQuery->ToStringBuffer(buf, sizeof(buf))) { + if (!NetAddrToString(aQuery, buf, sizeof(buf))) { return false; } nsDependentCString strQuery(buf); @@ -336,7 +336,7 @@ void AddrHostRecord::ReportUnusable(const NetAddr* aAddress) { ++mBlacklistedCount; char buf[kIPv6CStrBufSize]; - if (aAddress->ToStringBuffer(buf, sizeof(buf))) { + if (NetAddrToString(aAddress, buf, sizeof(buf))) { LOG( ("Successfully adding address [%s] to blacklist for host " "[%s].\n", @@ -2011,9 +2011,7 @@ nsHostResolver::LookupStatus nsHostResolver::CompleteLookup( if (NS_FAILED(addrRec->mFirstTRRresult) && NS_FAILED(status) && (addrRec->mFirstTRRresult != NS_ERROR_UNKNOWN_HOST) && - (status != NS_ERROR_UNKNOWN_HOST) && - (addrRec->mFirstTRRresult != NS_ERROR_DEFINITIVE_UNKNOWN_HOST) && - (status != NS_ERROR_DEFINITIVE_UNKNOWN_HOST)) { + (status != NS_ERROR_UNKNOWN_HOST)) { // the errors are not failed resolves, that means // something else failed, consider this as *TRR not used* // for actually trying to resolve the host @@ -2040,8 +2038,7 @@ nsHostResolver::LookupStatus nsHostResolver::CompleteLookup( } if (!addrRec->mTRRSuccess && - addrRec->mEffectiveTRRMode == nsIRequest::TRR_FIRST_MODE && - addrRec->mFirstTRRresult != NS_ERROR_DEFINITIVE_UNKNOWN_HOST) { + addrRec->mEffectiveTRRMode == nsIRequest::TRR_FIRST_MODE) { MOZ_ASSERT(!addrRec->mResolving); NativeLookup(addrRec); MOZ_ASSERT(addrRec->mResolving); @@ -2106,7 +2103,7 @@ nsHostResolver::LookupStatus nsHostResolver::CompleteLookup( if (addrRec->addr_info) { for (const auto& elem : addrRec->addr_info->Addresses()) { char buf[128]; - elem.ToStringBuffer(buf, sizeof(buf)); + NetAddrToString(&elem, buf, sizeof(buf)); LOG(("CompleteLookup: %s has %s\n", addrRec->host.get(), buf)); } } else { @@ -2421,7 +2418,7 @@ void nsHostResolver::GetDNSCacheEntries(nsTArray* args) { MutexAutoLock lock(addrRec->addr_info_lock); for (const auto& addr : addrRec->addr_info->Addresses()) { char buf[kIPv6CStrBufSize]; - if (addr.ToStringBuffer(buf, sizeof(buf))) { + if (NetAddrToString(&addr, buf, sizeof(buf))) { info.hostaddr.AppendElement(buf); } } diff --git a/netwerk/protocol/ftp/nsFtpConnectionThread.cpp b/netwerk/protocol/ftp/nsFtpConnectionThread.cpp index 749c9a5180d0..8975545e5c27 100644 --- a/netwerk/protocol/ftp/nsFtpConnectionThread.cpp +++ b/netwerk/protocol/ftp/nsFtpConnectionThread.cpp @@ -1219,9 +1219,9 @@ nsresult nsFtpState::S_pasv() { if (sTrans) { nsresult rv = sTrans->GetPeerAddr(&mServerAddress); if (NS_SUCCEEDED(rv)) { - if (!mServerAddress.IsIPAddrAny()) + if (!IsIPAddrAny(&mServerAddress)) mServerIsIPv6 = (mServerAddress.raw.family == AF_INET6) && - !mServerAddress.IsIPAddrV4Mapped(); + !IsIPAddrV4Mapped(&mServerAddress); else { /* * In case of SOCKS5 remote DNS resolution, we do @@ -1234,7 +1234,7 @@ nsresult nsFtpState::S_pasv() { rv = sTrans->GetSelfAddr(&selfAddress); if (NS_SUCCEEDED(rv)) mServerIsIPv6 = (selfAddress.raw.family == AF_INET6) && - !selfAddress.IsIPAddrV4Mapped(); + !IsIPAddrV4Mapped(&selfAddress); } } } @@ -1351,9 +1351,9 @@ nsFtpState::R_pasv() { nsCOMPtr strans; nsAutoCString host; - if (!mServerAddress.IsIPAddrAny()) { + if (!IsIPAddrAny(&mServerAddress)) { char buf[kIPv6CStrBufSize]; - mServerAddress.ToStringBuffer(buf, sizeof(buf)); + NetAddrToString(&mServerAddress, buf, sizeof(buf)); host.Assign(buf); } else { /* diff --git a/netwerk/protocol/http/Http3Session.cpp b/netwerk/protocol/http/Http3Session.cpp index 3c3c7036d5b3..fc8e949d1fe3 100644 --- a/netwerk/protocol/http/Http3Session.cpp +++ b/netwerk/protocol/http/Http3Session.cpp @@ -98,7 +98,7 @@ nsresult Http3Session::Init(const nsACString& aOrigin, return NS_ERROR_FAILURE; } char buf[kIPv6CStrBufSize]; - selfAddr.ToStringBuffer(buf, kIPv6CStrBufSize); + NetAddrToString(&selfAddr, buf, kIPv6CStrBufSize); nsAutoCString selfAddrStr; if (selfAddr.raw.family == AF_INET6) { @@ -119,7 +119,7 @@ nsresult Http3Session::Init(const nsACString& aOrigin, LOG3(("Http3Session::Init GetPeerAddr failed [this=%p]", this)); return NS_ERROR_FAILURE; } - peerAddr.ToStringBuffer(buf, kIPv6CStrBufSize); + NetAddrToString(&peerAddr, buf, kIPv6CStrBufSize); nsAutoCString peerAddrStr; if (peerAddr.raw.family == AF_INET6) { diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp index cc5dd2e3ded8..0ff75a10675c 100644 --- a/netwerk/protocol/http/HttpBaseChannel.cpp +++ b/netwerk/protocol/http/HttpBaseChannel.cpp @@ -2491,7 +2491,7 @@ HttpBaseChannel::GetLocalAddress(nsACString& addr) { if (mSelfAddr.raw.family == PR_AF_UNSPEC) return NS_ERROR_NOT_AVAILABLE; addr.SetLength(kIPv6CStrBufSize); - mSelfAddr.ToStringBuffer(addr.BeginWriting(), kIPv6CStrBufSize); + NetAddrToString(&mSelfAddr, addr.BeginWriting(), kIPv6CStrBufSize); addr.SetLength(strlen(addr.BeginReading())); return NS_OK; @@ -2586,7 +2586,7 @@ HttpBaseChannel::GetRemoteAddress(nsACString& addr) { if (mPeerAddr.raw.family == PR_AF_UNSPEC) return NS_ERROR_NOT_AVAILABLE; addr.SetLength(kIPv6CStrBufSize); - mPeerAddr.ToStringBuffer(addr.BeginWriting(), kIPv6CStrBufSize); + NetAddrToString(&mPeerAddr, addr.BeginWriting(), kIPv6CStrBufSize); addr.SetLength(strlen(addr.BeginReading())); return NS_OK; diff --git a/netwerk/protocol/http/HttpChannelParent.cpp b/netwerk/protocol/http/HttpChannelParent.cpp index 76a543fdafde..28ef2d25bc13 100644 --- a/netwerk/protocol/http/HttpChannelParent.cpp +++ b/netwerk/protocol/http/HttpChannelParent.cpp @@ -1632,7 +1632,7 @@ HttpChannelParent::OnStopRequest(nsIRequest* aRequest, nsresult aStatusCode) { isLocal = (peerAddr.raw.family == PR_AF_LOCAL); #endif - isLocal = isLocal || peerAddr.IsLoopbackAddr(); + isLocal = isLocal || IsLoopBackAddress(&peerAddr); if (!isLocal) { if (!mHasSuspendedByBackPressure) { diff --git a/netwerk/protocol/http/nsHttpConnectionInfo.cpp b/netwerk/protocol/http/nsHttpConnectionInfo.cpp index c52761a03267..ff535460c047 100644 --- a/netwerk/protocol/http/nsHttpConnectionInfo.cpp +++ b/netwerk/protocol/http/nsHttpConnectionInfo.cpp @@ -559,7 +559,7 @@ bool nsHttpConnectionInfo::HostIsLocalIPLiteral() const { return false; } NetAddr netAddr(&prAddr); - return netAddr.IsIPAddrLocal(); + return IsIPAddrLocal(&netAddr); } } // namespace net diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp index 83f2e2b68ba7..866caa641eed 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -5296,7 +5296,8 @@ nsHttpConnectionMgr::nsHalfOpenSocket::OnTransportStatus(nsITransport* trans, for (uint32_t i = 0; i < addressSet.Length(); ++i) { nsCString* newKey = mEnt->mCoalescingKeys.AppendElement(nsCString()); newKey->SetLength(kIPv6CStrBufSize + 26); - addressSet[i].ToStringBuffer(newKey->BeginWriting(), kIPv6CStrBufSize); + NetAddrToString(&addressSet[i], newKey->BeginWriting(), + kIPv6CStrBufSize); newKey->SetLength(strlen(newKey->BeginReading())); if (mEnt->mConnInfo->GetAnonymous()) { newKey->AppendLiteral("~A:"); diff --git a/netwerk/socket/nsSOCKSIOLayer.cpp b/netwerk/socket/nsSOCKSIOLayer.cpp index 0a16d6c7236f..c8b42d142a53 100644 --- a/netwerk/socket/nsSOCKSIOLayer.cpp +++ b/netwerk/socket/nsSOCKSIOLayer.cpp @@ -545,7 +545,7 @@ PRStatus nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc* fd) { if (MOZ_LOG_TEST(gSOCKSLog, LogLevel::Debug)) { char buf[kIPv6CStrBufSize]; - mInternalProxyAddr.ToStringBuffer(buf, sizeof(buf)); + NetAddrToString(&mInternalProxyAddr, buf, sizeof(buf)); LOGDEBUG(("socks: trying proxy server, %s:%hu", buf, ntohs(mInternalProxyAddr.inet.port))); } diff --git a/netwerk/test/unit/head_trr.js b/netwerk/test/unit/head_trr.js index f88cf8f1c6ca..9c931f979854 100644 --- a/netwerk/test/unit/head_trr.js +++ b/netwerk/test/unit/head_trr.js @@ -147,7 +147,6 @@ class TRRDNSListener { this.expectedAnswer, `Checking result for ${this.name}` ); - inRecord.rewind(); // In case the caller also checks the addresses if (this.delay !== undefined) { Assert.greaterOrEqual( @@ -269,39 +268,23 @@ function trrQueryHandler(req, resp, url) { function processRequest(req, resp, payload) { let dnsQuery = global.dnsPacket.decode(payload); - let response = + let answers = global.dns_query_answers[ `${dnsQuery.questions[0].name}/${dnsQuery.questions[0].type}` - ] || {}; + ] || []; let buf = global.dnsPacket.encode({ type: "response", id: dnsQuery.id, flags: global.dnsPacket.RECURSION_DESIRED, questions: dnsQuery.questions, - answers: response.answers || [], - additionals: response.additionals || [], + answers, }); - let writeResponse = (resp, buf) => { - resp.setHeader("Content-Length", buf.length); - resp.writeHead(200, { "Content-Type": "application/dns-message" }); - resp.write(buf); - resp.end(""); - }; - - if (response.delay) { - setTimeout( - arg => { - writeResponse(arg[0], arg[1]); - }, - response.delay, - [resp, buf] - ); - return; - } - - writeResponse(resp, buf); + resp.setHeader("Content-Length", buf.length); + resp.writeHead(200, { "Content-Type": "application/dns-message" }); + resp.write(buf); + resp.end(""); } } @@ -350,12 +333,10 @@ class TRRServer { /// flush: false, /// data: "1.2.3.4", /// }] - async registerDoHAnswers(name, type, answers, additionals, delay = 0) { - let text = `global.dns_query_answers["${name}/${type}"] = ${JSON.stringify({ - answers, - additionals, - delay, - })}`; + async registerDoHAnswers(name, type, answers) { + let text = `global.dns_query_answers["${name}/${type}"] = ${JSON.stringify( + answers + )}`; return this.execute(text); } } diff --git a/netwerk/test/unit/test_trr_additional_section.js b/netwerk/test/unit/test_trr_additional_section.js deleted file mode 100644 index 16e3668b8888..000000000000 --- a/netwerk/test/unit/test_trr_additional_section.js +++ /dev/null @@ -1,276 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -"use strict"; - -const dns = Cc["@mozilla.org/network/dns-service;1"].getService( - Ci.nsIDNSService -); - -trr_test_setup(); -registerCleanupFunction(async () => { - trr_clear_prefs(); -}); - -function makeChan(url) { - let chan = NetUtil.newChannel({ - uri: url, - loadUsingSystemPrincipal: true, - }).QueryInterface(Ci.nsIHttpChannel); - return chan; -} - -let processId; - -function channelOpenPromise(chan) { - return new Promise(resolve => { - function finish(req, buffer) { - resolve([req, buffer]); - } - chan.asyncOpen(new ChannelListener(finish)); - }); -} - -add_task(async function test_parse_additional_section() { - let trrServer = new TRRServer(); - registerCleanupFunction(async () => trrServer.stop()); - await trrServer.start(); - dump(`port = ${trrServer.port}\n`); - let chan = makeChan(`https://localhost:${trrServer.port}/test?bla=some`); - let [req, resp] = await channelOpenPromise(chan); - equal(resp, "

404 Path not found: /test?bla=some

"); - - dns.clearCache(true); - Services.prefs.setIntPref("network.trr.mode", 3); - Services.prefs.setCharPref( - "network.trr.uri", - `https://foo.example.com:${trrServer.port}/dns-query` - ); - - await trrServer.registerDoHAnswers( - "something.foo", - "A", - [ - { - name: "something.foo", - ttl: 55, - type: "A", - flush: false, - data: "1.2.3.4", - }, - ], - [ - { - name: "else.foo", - ttl: 55, - type: "A", - flush: false, - data: "2.3.4.5", - }, - ] - ); - - await new TRRDNSListener("something.foo", "1.2.3.4"); - await new TRRDNSListener("else.foo", "2.3.4.5"); - - await trrServer.registerDoHAnswers( - "a.foo", - "A", - [ - { - name: "a.foo", - ttl: 55, - type: "A", - flush: false, - data: "1.2.3.4", - }, - ], - [ - { - name: "b.foo", - ttl: 55, - type: "A", - flush: false, - data: "2.3.4.5", - }, - ] - ); - await trrServer.registerDoHAnswers("b.foo", "A", [ - { - name: "b.foo", - ttl: 55, - type: "A", - flush: false, - data: "3.4.5.6", - }, - ]); - - let req1 = new TRRDNSListener("a.foo", "1.2.3.4"); - - // A request for b.foo will be in progress by the time we parse the additional - // record. To keep things simple we don't end up saving the record, instead - // we wait for the in-progress request to complete. - // This check is also racy - if the response for a.foo completes before we make - // this request, we'll put the other IP in the cache. But that is very unlikely. - let req2 = new TRRDNSListener("b.foo", "3.4.5.6"); - - await Promise.all([req1, req2]); - - // IPv6 additional - await trrServer.registerDoHAnswers( - "xyz.foo", - "A", - [ - { - name: "xyz.foo", - ttl: 55, - type: "A", - flush: false, - data: "1.2.3.4", - }, - ], - [ - { - name: "abc.foo", - ttl: 55, - type: "AAAA", - flush: false, - data: "::1:2:3:4", - }, - ] - ); - - await new TRRDNSListener("xyz.foo", "1.2.3.4"); - await new TRRDNSListener("abc.foo", "::1:2:3:4"); - - // IPv6 additional - await trrServer.registerDoHAnswers( - "ipv6.foo", - "AAAA", - [ - { - name: "ipv6.foo", - ttl: 55, - type: "AAAA", - flush: false, - data: "::abcd", - }, - ], - [ - { - name: "def.foo", - ttl: 55, - type: "AAAA", - flush: false, - data: "::a:b:c:d", - }, - ] - ); - - await new TRRDNSListener("ipv6.foo", "::abcd"); - await new TRRDNSListener("def.foo", "::a:b:c:d"); - - // IPv6 additional - await trrServer.registerDoHAnswers( - "ipv6b.foo", - "AAAA", - [ - { - name: "ipv6b.foo", - ttl: 55, - type: "AAAA", - flush: false, - data: "::abcd", - }, - ], - [ - { - name: "qqqq.foo", - ttl: 55, - type: "A", - flush: false, - data: "9.8.7.6", - }, - ] - ); - - await new TRRDNSListener("ipv6b.foo", "::abcd"); - await new TRRDNSListener("qqqq.foo", "9.8.7.6"); - - // Multiple IPs and multiple additional records - await trrServer.registerDoHAnswers( - "multiple.foo", - "A", - [ - { - name: "multiple.foo", - ttl: 55, - type: "A", - flush: false, - data: "9.9.9.9", - }, - ], - [ - { - // Should be ignored, because it should be in the answer section - name: "multiple.foo", - ttl: 55, - type: "A", - flush: false, - data: "1.1.1.1", - }, - { - // Is ignored, because it should be in the answer section - name: "multiple.foo", - ttl: 55, - type: "AAAA", - flush: false, - data: "::abcd", - }, - { - name: "yuiop.foo", - ttl: 55, - type: "AAAA", - flush: false, - data: "::abcd", - }, - { - name: "yuiop.foo", - ttl: 55, - type: "A", - flush: false, - data: "1.2.3.4", - }, - ] - ); - - let [inRequest, inRecord, inStatus] = await new TRRDNSListener( - "multiple.foo", - "9.9.9.9" - ); - let IPs = []; - inRecord.QueryInterface(Ci.nsIDNSAddrRecord); - inRecord.rewind(); - while (inRecord.hasMore()) { - IPs.push(inRecord.getNextAddrAsString()); - } - equal(IPs.length, 1); - equal(IPs[0], "9.9.9.9"); - IPs = []; - [inRequest, inRecord, inStatus] = await new TRRDNSListener( - "yuiop.foo", - undefined, - false - ); - inRecord.QueryInterface(Ci.nsIDNSAddrRecord); - inRecord.rewind(); - while (inRecord.hasMore()) { - IPs.push(inRecord.getNextAddrAsString()); - } - equal(IPs.length, 2); - equal(IPs[0], "::abcd"); - equal(IPs[1], "1.2.3.4"); - - await trrServer.stop(); -}); diff --git a/netwerk/test/unit/test_trr_extended_error.js b/netwerk/test/unit/test_trr_extended_error.js deleted file mode 100644 index 9d4c70c02242..000000000000 --- a/netwerk/test/unit/test_trr_extended_error.js +++ /dev/null @@ -1,304 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -"use strict"; - -const dns = Cc["@mozilla.org/network/dns-service;1"].getService( - Ci.nsIDNSService -); - -trr_test_setup(); -registerCleanupFunction(async () => { - trr_clear_prefs(); -}); - -function makeChan(url) { - let chan = NetUtil.newChannel({ - uri: url, - loadUsingSystemPrincipal: true, - }).QueryInterface(Ci.nsIHttpChannel); - return chan; -} - -let processId; - -function channelOpenPromise(chan) { - return new Promise(resolve => { - function finish(req, buffer) { - resolve([req, buffer]); - } - chan.asyncOpen(new ChannelListener(finish)); - }); -} - -let trrServer; -add_task(async function setup() { - trrServer = new TRRServer(); - registerCleanupFunction(async () => trrServer.stop()); - await trrServer.start(); - dump(`port = ${trrServer.port}\n`); - let chan = makeChan(`https://localhost:${trrServer.port}/test?bla=some`); - let [req, resp] = await channelOpenPromise(chan); - equal(resp, "

404 Path not found: /test?bla=some

"); - - dns.clearCache(true); - Services.prefs.setIntPref("network.trr.mode", 2); - Services.prefs.setCharPref( - "network.trr.uri", - `https://foo.example.com:${trrServer.port}/dns-query` - ); -}); - -add_task(async function test_extended_error_bogus() { - await trrServer.registerDoHAnswers("something.foo", "A", [ - { - name: "something.foo", - ttl: 55, - type: "A", - flush: false, - data: "1.2.3.4", - }, - ]); - - await new TRRDNSListener("something.foo", "1.2.3.4"); - - await trrServer.registerDoHAnswers( - "a.foo", - "A", - [], - [ - { - name: ".", - type: "OPT", - class: "IN", - options: [ - { - code: "EDNS_ERROR", - extended_error: 6, // DNSSEC_BOGUS - text: "DNSSec bogus", - }, - ], - }, - ] - ); - - // Check that we don't fall back to DNS - let [, , inStatus] = await new TRRDNSListener("a.foo", undefined, false); - Assert.ok( - !Components.isSuccessCode(inStatus), - `${inStatus} should be an error code` - ); -}); - -add_task(async function test_extended_error_filtered() { - await trrServer.registerDoHAnswers( - "b.foo", - "A", - [], - [ - { - name: ".", - type: "OPT", - class: "IN", - options: [ - { - code: "EDNS_ERROR", - extended_error: 17, // Filtered - text: "Filtered", - }, - ], - }, - ] - ); - - // Check that we don't fall back to DNS - let [, , inStatus] = await new TRRDNSListener("b.foo", undefined, false); - Assert.ok( - !Components.isSuccessCode(inStatus), - `${inStatus} should be an error code` - ); -}); - -add_task(async function test_extended_error_not_ready() { - await trrServer.registerDoHAnswers( - "c.foo", - "A", - [], - [ - { - name: ".", - type: "OPT", - class: "IN", - options: [ - { - code: "EDNS_ERROR", - extended_error: 14, // Not ready - text: "Not ready", - }, - ], - }, - ] - ); - - // For this code it's OK to fallback - await new TRRDNSListener("c.foo", "127.0.0.1"); -}); - -add_task(async function ipv6_answer_and_delayed_ipv4_error() { - // AAAA comes back immediately. - // A EDNS_ERROR comes back later, with a delay - await trrServer.registerDoHAnswers("delay1.com", "AAAA", [ - { - name: "delay1.com", - ttl: 55, - type: "AAAA", - flush: false, - data: "::a:b:c:d", - }, - ]); - await trrServer.registerDoHAnswers( - "delay1.com", - "A", - [], - [ - { - name: ".", - type: "OPT", - class: "IN", - options: [ - { - code: "EDNS_ERROR", - extended_error: 17, // Filtered - text: "Filtered", - }, - ], - }, - ], - 200 // delay - ); - - // Check that we don't fall back to DNS - await new TRRDNSListener("delay1.com", "::a:b:c:d"); -}); - -add_task(async function ipv4_error_and_delayed_ipv6_answer() { - // AAAA comes back immediately delay - // A EDNS_ERROR comes back immediately - await trrServer.registerDoHAnswers( - "delay2.com", - "AAAA", - [ - { - name: "delay2.com", - ttl: 55, - type: "AAAA", - flush: false, - data: "::a:b:c:d", - }, - ], - [], - 200 // delay - ); - await trrServer.registerDoHAnswers( - "delay2.com", - "A", - [], - [ - { - name: ".", - type: "OPT", - class: "IN", - options: [ - { - code: "EDNS_ERROR", - extended_error: 17, // Filtered - text: "Filtered", - }, - ], - }, - ] - ); - - // Check that we don't fall back to DNS - await new TRRDNSListener("delay2.com", "::a:b:c:d"); -}); - -add_task(async function ipv4_answer_and_delayed_ipv6_error() { - // A comes back immediately. - // AAAA EDNS_ERROR comes back later, with a delay - await trrServer.registerDoHAnswers("delay3.com", "A", [ - { - name: "delay3.com", - ttl: 55, - type: "A", - flush: false, - data: "1.2.3.4", - }, - ]); - await trrServer.registerDoHAnswers( - "delay3.com", - "AAAA", - [], - [ - { - name: ".", - type: "OPT", - class: "IN", - options: [ - { - code: "EDNS_ERROR", - extended_error: 17, // Filtered - text: "Filtered", - }, - ], - }, - ], - 200 // delay - ); - - // Check that we don't fall back to DNS - await new TRRDNSListener("delay3.com", "1.2.3.4"); -}); - -add_task(async function delayed_ipv4_answer_and_ipv6_error() { - // A comes back with delay. - // AAAA EDNS_ERROR comes immediately - await trrServer.registerDoHAnswers( - "delay4.com", - "A", - [ - { - name: "delay4.com", - ttl: 55, - type: "A", - flush: false, - data: "1.2.3.4", - }, - ], - [], - 200 // delay - ); - await trrServer.registerDoHAnswers( - "delay4.com", - "AAAA", - [], - [ - { - name: ".", - type: "OPT", - class: "IN", - options: [ - { - code: "EDNS_ERROR", - extended_error: 17, // Filtered - text: "Filtered", - }, - ], - }, - ] - ); - - // Check that we don't fall back to DNS - await new TRRDNSListener("delay4.com", "1.2.3.4"); -}); diff --git a/netwerk/test/unit/xpcshell.ini b/netwerk/test/unit/xpcshell.ini index c928c32df882..0cc98728fe3e 100644 --- a/netwerk/test/unit/xpcshell.ini +++ b/netwerk/test/unit/xpcshell.ini @@ -451,9 +451,5 @@ skip-if = asan || tsan || os == 'win' || os =='android' skip-if = asan || tsan || os == 'win' || os =='android' [test_use_httpssvc.js] skip-if = os == "android" -[test_trr_additional_section.js] -skip-if = os == "android" -[test_trr_extended_error.js] -skip-if = os == "android" [test_httpssvc_iphint.js] skip-if = os == "android" diff --git a/testing/xpcshell/dns-packet/index.js b/testing/xpcshell/dns-packet/index.js index 09aa0e4fd16a..a7446910d31b 100644 --- a/testing/xpcshell/dns-packet/index.js +++ b/testing/xpcshell/dns-packet/index.js @@ -729,15 +729,6 @@ roption.encode = function (option, buf, offset) { offset += 2 } break - case 15: // EDNS_ERROR - const text = option.text || ""; - buf.writeUInt16BE(text.length + 2, offset) - offset += 2; - buf.writeUInt16BE(option.extended_error, offset) - offset += 2; - buf.write(text, offset); - offset += option.text.length; - break; default: throw new Error(`Unknown roption code: ${option.code}`) } @@ -806,8 +797,6 @@ roption.encodingLength = function (option) { return option.length + 4 case 14: // KEY-TAG return 4 + (option.tags.length * 2) - case 15: // EDNS_ERROR - return 4 + 2 + option.text.length } throw new Error(`Unknown roption code: ${option.code}`) } diff --git a/testing/xpcshell/dns-packet/optioncodes.js b/testing/xpcshell/dns-packet/optioncodes.js index a683ce81e694..0d66e059ee50 100644 --- a/testing/xpcshell/dns-packet/optioncodes.js +++ b/testing/xpcshell/dns-packet/optioncodes.js @@ -17,7 +17,6 @@ exports.toString = function (type) { case 12: return 'PADDING' case 13: return 'CHAIN' case 14: return 'KEY_TAG' - case 15: return 'EDNS_ERROR' case 26946: return 'DEVICEID' } if (type < 0) { @@ -49,7 +48,6 @@ exports.toCode = function (name) { case 'PADDING': return 12 case 'CHAIN': return 13 case 'KEY_TAG': return 14 - case 'EDNS_ERROR': return 15 case 'DEVICEID': return 26946 case 'OPTION_65535': return 65535 } diff --git a/xpcom/base/ErrorList.py b/xpcom/base/ErrorList.py index 2151e6218c01..794da6208d78 100755 --- a/xpcom/base/ErrorList.py +++ b/xpcom/base/ErrorList.py @@ -382,10 +382,6 @@ with modules["NETWORK"]: # speak to a proxy server, then it will generate this error if the proxy # hostname cannot be resolved. errors["NS_ERROR_UNKNOWN_PROXY_HOST"] = FAILURE(42) - # This DNS error will occur when the resolver uses the Extended DNS Error - # option to indicate an error code for which we should not fall back to the - # default DNS resolver. This means the DNS failure is definitive. - errors["NS_ERROR_DEFINITIVE_UNKNOWN_HOST"] = FAILURE(43) # Socket specific error codes: