mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-26 19:55:39 +00:00
e5d3226694
Provides an optional resolver mechanism for Firefox that allows running together with or instead of the native resolver. TRR offers resolving of host names using a dedicated DNS-over-HTTPS server (HTTPS is required, HTTP/2 is preferable). DNS-over-HTTPS (DOH) allows DNS resolves with enhanced privacy, secure transfers and improved performance. To keep the failure rate at a minimum, the TRR system manages a dynamic persistent blacklist for host names that can't be resolved with DOH but works with the native resolver. Blacklisted entries will not be retried over DOH for a couple of days. "localhost" and names in the ".local" TLD will not be resolved via DOH. TRR is preffed OFF by default and you need to set a URI for an available DOH server to be able to use it. Since the URI for DOH is set with a name itself, it may have to use the native resolver for bootstrapping. (Optionally, the user can set the IP address of the DOH server in a pref to avoid the required initial native resolve.) When TRR starts up, it will first verify that it works by checking a "confirmation" domain name. This confirmation domain is a pref by default set to "example.com". TRR will also by default await the captive-portal detection to raise its green flag before getting activated. All prefs for TRR are under the "network.trr" hierarchy. The DNS-over-HTTPS spec: https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03 MozReview-Commit-ID: GuuU6vjTjlm --HG-- extra : rebase_source : 53fcca757334090ac05fec540ef29d109d5ceed3
89 lines
2.6 KiB
C++
89 lines
2.6 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef TRRService_h_
|
|
#define TRRService_h_
|
|
|
|
#include "mozilla/Atomics.h"
|
|
#include "mozilla/DataStorage.h"
|
|
#include "nsHostResolver.h"
|
|
#include "nsIObserver.h"
|
|
#include "nsWeakReference.h"
|
|
|
|
class nsIPrefBranch;
|
|
|
|
namespace mozilla {
|
|
namespace net {
|
|
|
|
class TRRService
|
|
: public nsIObserver
|
|
, public nsSupportsWeakReference
|
|
, public AHostResolver
|
|
{
|
|
public:
|
|
NS_DECL_THREADSAFE_ISUPPORTS
|
|
NS_DECL_NSIOBSERVER
|
|
|
|
TRRService();
|
|
nsresult Init();
|
|
nsresult Start();
|
|
bool Enabled();
|
|
|
|
uint32_t Mode() { return mMode; }
|
|
bool AllowRFC1918() { return mRfc1918; }
|
|
bool UseGET() { return mUseGET; }
|
|
nsresult GetURI(nsCString &result);
|
|
nsresult GetCredentials(nsCString &result);
|
|
uint32_t GetRequestTimeout() { return mTRRTimeout; }
|
|
|
|
LookupStatus CompleteLookup(nsHostRecord *, nsresult, mozilla::net::AddrInfo *, bool pb) override;
|
|
void TRRBlacklist(const nsACString &host, bool privateBrowsing, bool aParentsToo);
|
|
bool IsTRRBlacklisted(const nsACString &host, bool privateBrowsing, bool fullhost);
|
|
|
|
bool MaybeBootstrap(const nsACString &possible, nsACString &result);
|
|
|
|
private:
|
|
virtual ~TRRService();
|
|
nsresult ReadPrefs(const char *name);
|
|
void GetPrefBranch(nsIPrefBranch **result);
|
|
void MaybeConfirm();
|
|
|
|
bool mInitialized;
|
|
Atomic<uint32_t, Relaxed> mMode;
|
|
Atomic<uint32_t, Relaxed> mTRRBlacklistExpireTime;
|
|
Atomic<uint32_t, Relaxed> mTRRTimeout;
|
|
|
|
Mutex mLock; // protects mPrivate* string
|
|
nsCString mPrivateURI; // main thread only
|
|
nsCString mPrivateCred; // main thread only
|
|
nsCString mConfirmationNS;
|
|
nsCString mBootstrapAddr;
|
|
|
|
Atomic<bool, Relaxed> mWaitForCaptive; // wait for the captive portal to say OK before using TRR
|
|
Atomic<bool, Relaxed> mRfc1918; // okay with local IP addresses in DOH responses?
|
|
Atomic<bool, Relaxed> mCaptiveIsPassed; // set when captive portal check is passed
|
|
Atomic<bool, Relaxed> mUseGET; // do DOH using GET requests (instead of POST)
|
|
|
|
// TRR Blacklist storage
|
|
RefPtr<DataStorage> mTRRBLStorage;
|
|
Atomic<bool, Relaxed> mClearTRRBLStorage;
|
|
|
|
enum ConfirmationState {
|
|
CONFIRM_INIT = 0,
|
|
CONFIRM_TRYING = 1,
|
|
CONFIRM_OK = 2,
|
|
CONFIRM_FAILED = 3
|
|
};
|
|
Atomic<ConfirmationState, Relaxed> mConfirmationState;
|
|
RefPtr<TRR> mConfirmer;
|
|
};
|
|
|
|
extern TRRService *gTRRService;
|
|
|
|
} // namespace net
|
|
} // namespace mozilla
|
|
|
|
#endif // TRRService_h_
|