diff options
Diffstat (limited to 'netwerk/base/NetworkConnectivityService.cpp')
-rw-r--r-- | netwerk/base/NetworkConnectivityService.cpp | 526 |
1 files changed, 526 insertions, 0 deletions
diff --git a/netwerk/base/NetworkConnectivityService.cpp b/netwerk/base/NetworkConnectivityService.cpp new file mode 100644 index 0000000000..4e92cb4d69 --- /dev/null +++ b/netwerk/base/NetworkConnectivityService.cpp @@ -0,0 +1,526 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "NetworkConnectivityService.h" +#include "mozilla/Preferences.h" +#include "mozilla/Services.h" +#include "xpcpublic.h" +#include "nsSocketTransport2.h" +#include "nsIHttpChannelInternal.h" +#include "nsINetworkLinkService.h" +#include "mozilla/StaticPrefs_network.h" + +static LazyLogModule gNCSLog("NetworkConnectivityService"); +#undef LOG +#define LOG(args) MOZ_LOG(gNCSLog, mozilla::LogLevel::Debug, args) + +namespace mozilla { +namespace net { + +NS_IMPL_ISUPPORTS(NetworkConnectivityService, nsIDNSListener, nsIObserver, + nsINetworkConnectivityService, nsIStreamListener) + +static StaticRefPtr<NetworkConnectivityService> gConnService; + +NetworkConnectivityService::NetworkConnectivityService() + : mNAT64(UNKNOWN), mLock("nat64prefixes") {} + +// static +already_AddRefed<NetworkConnectivityService> +NetworkConnectivityService::GetSingleton() { + if (!XRE_IsParentProcess()) { + return nullptr; + } + + if (gConnService) { + return do_AddRef(gConnService); + } + + RefPtr<NetworkConnectivityService> service = new NetworkConnectivityService(); + service->Init(); + + gConnService = std::move(service); + ClearOnShutdown(&gConnService); + return do_AddRef(gConnService); +} + +nsresult NetworkConnectivityService::Init() { + nsCOMPtr<nsIObserverService> observerService = + mozilla::services::GetObserverService(); + observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false); + observerService->AddObserver(this, NS_NETWORK_LINK_TOPIC, false); + observerService->AddObserver(this, "network:captive-portal-connectivity", + false); + + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::GetDNSv4(ConnectivityState* aState) { + NS_ENSURE_ARG(aState); + *aState = mDNSv4; + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::GetDNSv6(ConnectivityState* aState) { + NS_ENSURE_ARG(aState); + *aState = mDNSv6; + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::GetIPv4(ConnectivityState* aState) { + NS_ENSURE_ARG(aState); + *aState = mIPv4; + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::GetIPv6(ConnectivityState* aState) { + NS_ENSURE_ARG(aState); + *aState = mIPv6; + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::GetNAT64(ConnectivityState* aState) { + NS_ENSURE_ARG(aState); + *aState = mNAT64; + return NS_OK; +} + +already_AddRefed<AddrInfo> NetworkConnectivityService::MapNAT64IPs( + AddrInfo* aNewRRSet) { + // Add prefixes only if there are no IPv6 addresses. + // Expect that if aNewRRSet has IPv6 addresses, they must come + // before IPv4 addresses. + if (aNewRRSet->Addresses().IsEmpty() || + aNewRRSet->Addresses()[0].raw.family == PR_AF_INET6) { + return do_AddRef(aNewRRSet); + } + + // Currently we only add prefixes to the first IP's clones. + uint32_t ip = aNewRRSet->Addresses()[0].inet.ip; + nsTArray<NetAddr> addresses = aNewRRSet->Addresses().Clone(); + + { + MutexAutoLock lock(mLock); + for (const auto& prefix : mNAT64Prefixes) { + NetAddr addr = NetAddr(prefix); + + // Copy the IPv4 address to the end + addr.inet6.ip.u32[3] = ip; + + // If we have both IPv4 and NAT64, we be could insourcing NAT64 + // to avoid double NAT and improve performance. However, this + // breaks WebRTC, so we push it to the back. + addresses.AppendElement(addr); + } + } + + auto builder = aNewRRSet->Build(); + builder.SetAddresses(std::move(addresses)); + return builder.Finish(); +} + +// Returns true if a prefix was read and saved to the argument +static inline bool NAT64PrefixFromPref(NetAddr* prefix) { + nsAutoCString nat64PrefixPref; + PRNetAddr prAddr{}; + + nsresult rv = Preferences::GetCString( + "network.connectivity-service.nat64-prefix", nat64PrefixPref); + if (NS_FAILED(rv) || nat64PrefixPref.IsEmpty() || + PR_StringToNetAddr(nat64PrefixPref.get(), &prAddr) != PR_SUCCESS || + prAddr.raw.family != PR_AF_INET6) { + return false; + } + + PRNetAddrToNetAddr(&prAddr, prefix); + return true; +} + +static inline bool NAT64PrefixCompare(const NetAddr& prefix1, + const NetAddr& prefix2) { + // Compare the first 96 bits as 64 + 32 + return prefix1.inet6.ip.u64[0] == prefix2.inet6.ip.u64[0] && + prefix1.inet6.ip.u32[2] == prefix2.inet6.ip.u32[2]; +} + +void NetworkConnectivityService::PerformChecks() { + mDNSv4 = UNKNOWN; + mDNSv6 = UNKNOWN; + + mIPv4 = UNKNOWN; + mIPv6 = UNKNOWN; + + mNAT64 = UNKNOWN; + + { + MutexAutoLock lock(mLock); + mNAT64Prefixes.Clear(); + + // NAT64 checks might be disabled. + // Since We can't guarantee a DNS response, we should set up + // NAT64 manually now if needed. + + NetAddr priorityPrefix{}; + bool havePrefix = NAT64PrefixFromPref(&priorityPrefix); + if (havePrefix) { + mNAT64Prefixes.AppendElement(priorityPrefix); + mNAT64 = OK; + } + } + + RecheckDNS(); + RecheckIPConnectivity(); +} + +static inline void NotifyObservers(const char* aTopic) { + nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); + obs->NotifyObservers(nullptr, aTopic, nullptr); +} + +void NetworkConnectivityService::SaveNAT64Prefixes(nsIDNSRecord* aRecord) { + nsCOMPtr<nsIDNSAddrRecord> rec = do_QueryInterface(aRecord); + MutexAutoLock lock(mLock); + mNAT64Prefixes.Clear(); + + NetAddr priorityPrefix{}; + bool havePrefix = NAT64PrefixFromPref(&priorityPrefix); + if (havePrefix) { + mNAT64 = OK; + mNAT64Prefixes.AppendElement(priorityPrefix); + } + + if (!rec) { + if (!havePrefix) { + mNAT64 = NOT_AVAILABLE; + } + return; + } + + mNAT64 = UNKNOWN; + NetAddr addr{}; + + // use port 80 as dummy value for NetAddr + while (NS_SUCCEEDED(rec->GetNextAddr(80, &addr))) { + if (addr.raw.family != AF_INET6 || addr.IsIPAddrV4Mapped()) { + // These are not the kind of addresses we are looking for. + continue; + } + + // RFC 7050 does not require the embedded IPv4 to be + // at the end of IPv6. In practice, and as we assume, + // it is always at the end. + // The embedded IP must be 192.0.0.170 or 192.0.0.171 + + // Clear the last bit to compare with the next one. + addr.inet6.ip.u8[15] &= ~(uint32_t)1; + if ((addr.inet6.ip.u8[12] != 192) || (addr.inet6.ip.u8[13] != 0) || + (addr.inet6.ip.u8[14] != 0) || (addr.inet6.ip.u8[15] != 170)) { + continue; + } + + mNAT64Prefixes.AppendElement(addr); + } + + size_t length = mNAT64Prefixes.Length(); + if (length == 0) { + mNAT64 = NOT_AVAILABLE; + return; + } + + // Remove duplicates. Typically a DNS64 resolver sends every + // prefix twice with address with different last bits. We want + // a list of unique prefixes while reordering is not allowed. + // We must not handle the case with an element in-between + // two identical ones, which is never the case for a properly + // configured DNS64 resolver. + + NetAddr prev = mNAT64Prefixes[0]; + + for (size_t i = 1; i < length; i++) { + if (NAT64PrefixCompare(prev, mNAT64Prefixes[i])) { + mNAT64Prefixes.RemoveElementAt(i); + i--; + length--; + } else { + prev = mNAT64Prefixes[i]; + } + } + + // The prioritized address might also appear in the record we received. + + if (havePrefix) { + for (size_t i = 1; i < length; i++) { + if (NAT64PrefixCompare(priorityPrefix, mNAT64Prefixes[i])) { + mNAT64Prefixes.RemoveElementAt(i); + // It wouldn't appear more than once. + break; + } + } + } + + mNAT64 = OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::OnLookupComplete(nsICancelable* aRequest, + nsIDNSRecord* aRecord, + nsresult aStatus) { + ConnectivityState state = aRecord ? OK : NOT_AVAILABLE; + + if (aRequest == mDNSv4Request) { + mDNSv4 = state; + mDNSv4Request = nullptr; + } else if (aRequest == mDNSv6Request) { + mDNSv6 = state; + mDNSv6Request = nullptr; + } else if (aRequest == mNAT64Request) { + mNAT64Request = nullptr; + SaveNAT64Prefixes(aRecord); + } + + if (!mDNSv4Request && !mDNSv6Request && !mNAT64Request) { + NotifyObservers("network:connectivity-service:dns-checks-complete"); + } + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::RecheckDNS() { + bool enabled = + Preferences::GetBool("network.connectivity-service.enabled", false); + if (!enabled) { + return NS_OK; + } + + nsresult rv; + nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID); + OriginAttributes attrs; + nsAutoCString host; + Preferences::GetCString("network.connectivity-service.DNSv4.domain", host); + + rv = dns->AsyncResolveNative(host, nsIDNSService::RESOLVE_TYPE_DEFAULT, + nsIDNSService::RESOLVE_DISABLE_IPV6 | + nsIDNSService::RESOLVE_TRR_DISABLED_MODE, + nullptr, this, NS_GetCurrentThread(), attrs, + getter_AddRefs(mDNSv4Request)); + NS_ENSURE_SUCCESS(rv, rv); + + Preferences::GetCString("network.connectivity-service.DNSv6.domain", host); + rv = dns->AsyncResolveNative(host, nsIDNSService::RESOLVE_TYPE_DEFAULT, + nsIDNSService::RESOLVE_DISABLE_IPV4 | + nsIDNSService::RESOLVE_TRR_DISABLED_MODE, + nullptr, this, NS_GetCurrentThread(), attrs, + getter_AddRefs(mDNSv6Request)); + NS_ENSURE_SUCCESS(rv, rv); + + if (StaticPrefs::network_connectivity_service_nat64_check()) { + rv = dns->AsyncResolveNative("ipv4only.arpa"_ns, + nsIDNSService::RESOLVE_TYPE_DEFAULT, + nsIDNSService::RESOLVE_DISABLE_IPV4 | + nsIDNSService::RESOLVE_TRR_DISABLED_MODE, + nullptr, this, NS_GetCurrentThread(), attrs, + getter_AddRefs(mNAT64Request)); + NS_ENSURE_SUCCESS(rv, rv); + } + return rv; +} + +NS_IMETHODIMP +NetworkConnectivityService::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* aData) { + if (!strcmp(aTopic, "network:captive-portal-connectivity")) { + // Captive portal is cleared, so we redo the checks. + PerformChecks(); + } else if (!strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID)) { + if (mDNSv4Request) { + mDNSv4Request->Cancel(NS_ERROR_ABORT); + mDNSv4Request = nullptr; + } + if (mDNSv6Request) { + mDNSv6Request->Cancel(NS_ERROR_ABORT); + mDNSv6Request = nullptr; + } + if (mNAT64Request) { + mNAT64Request->Cancel(NS_ERROR_ABORT); + mNAT64Request = nullptr; + } + + nsCOMPtr<nsIObserverService> observerService = + mozilla::services::GetObserverService(); + observerService->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID); + observerService->RemoveObserver(this, + "network:captive-portal-connectivity"); + observerService->RemoveObserver(this, NS_NETWORK_LINK_TOPIC); + } else if (!strcmp(aTopic, NS_NETWORK_LINK_TOPIC) && + !NS_LITERAL_STRING_FROM_CSTRING(NS_NETWORK_LINK_DATA_UNKNOWN) + .Equals(aData)) { + PerformChecks(); + } + + return NS_OK; +} + +static inline already_AddRefed<nsIChannel> SetupIPCheckChannel(bool ipv4) { + nsresult rv; + nsAutoCString url; + + if (ipv4) { + rv = Preferences::GetCString("network.connectivity-service.IPv4.url", url); + } else { + rv = Preferences::GetCString("network.connectivity-service.IPv6.url", url); + } + NS_ENSURE_SUCCESS(rv, nullptr); + + nsCOMPtr<nsIURI> uri; + rv = NS_NewURI(getter_AddRefs(uri), url); + NS_ENSURE_SUCCESS(rv, nullptr); + + nsCOMPtr<nsIChannel> channel; + rv = NS_NewChannel( + getter_AddRefs(channel), uri, nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + nsIContentPolicy::TYPE_OTHER, + nullptr, // nsICookieJarSettings + nullptr, // aPerformanceStorage + nullptr, // aLoadGroup + nullptr, + nsIRequest::LOAD_BYPASS_CACHE | // don't read from the cache + nsIRequest::INHIBIT_CACHING | // don't write the response to cache + nsIRequest::LOAD_ANONYMOUS); // prevent privacy leaks + NS_ENSURE_SUCCESS(rv, nullptr); + + rv = channel->SetTRRMode(nsIRequest::TRR_DISABLED_MODE); + NS_ENSURE_SUCCESS(rv, nullptr); + + { + // Prevent HTTPS-Only Mode from upgrading the OCSP request. + nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo(); + uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus(); + httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT; + loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus); + + // allow deprecated HTTP request from SystemPrincipal + loadInfo->SetAllowDeprecatedSystemRequests(true); + } + + nsCOMPtr<nsIHttpChannelInternal> internalChan = do_QueryInterface(channel); + NS_ENSURE_TRUE(internalChan, nullptr); + + if (ipv4) { + internalChan->SetIPv6Disabled(); + } else { + internalChan->SetIPv4Disabled(); + } + + return channel.forget(); +} + +NS_IMETHODIMP +NetworkConnectivityService::RecheckIPConnectivity() { + bool enabled = + Preferences::GetBool("network.connectivity-service.enabled", false); + if (!enabled) { + return NS_OK; + } + + if (xpc::AreNonLocalConnectionsDisabled() && + !Preferences::GetBool("network.captive-portal-service.testMode", false)) { + return NS_OK; + } + + if (mIPv4Channel) { + mIPv4Channel->Cancel(NS_ERROR_ABORT); + mIPv4Channel = nullptr; + } + if (mIPv6Channel) { + mIPv6Channel->Cancel(NS_ERROR_ABORT); + mIPv6Channel = nullptr; + } + + nsresult rv; + mHasNetworkId = false; + mCheckedNetworkId = false; + mIPv4Channel = SetupIPCheckChannel(/* ipv4 = */ true); + if (mIPv4Channel) { + rv = mIPv4Channel->AsyncOpen(this); + NS_ENSURE_SUCCESS(rv, rv); + } + + mIPv6Channel = SetupIPCheckChannel(/* ipv4 = */ false); + if (mIPv6Channel) { + rv = mIPv6Channel->AsyncOpen(this); + NS_ENSURE_SUCCESS(rv, rv); + } + + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::OnStartRequest(nsIRequest* aRequest) { + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::OnStopRequest(nsIRequest* aRequest, + nsresult aStatusCode) { + if (aStatusCode == NS_ERROR_ABORT) { + return NS_OK; + } + + ConnectivityState status = NS_FAILED(aStatusCode) ? NOT_AVAILABLE : OK; + + if (aRequest == mIPv4Channel) { + mIPv4 = status; + mIPv4Channel = nullptr; + + if (mIPv4 == nsINetworkConnectivityService::OK) { + Telemetry::AccumulateCategorical( + mHasNetworkId ? Telemetry::LABELS_NETWORK_ID_ONLINE::present + : Telemetry::LABELS_NETWORK_ID_ONLINE::absent); + LOG(("mHasNetworkId : %d\n", mHasNetworkId)); + } + } else if (aRequest == mIPv6Channel) { + mIPv6 = status; + mIPv6Channel = nullptr; + } + + if (!mIPv6Channel && !mIPv4Channel) { + NotifyObservers("network:connectivity-service:ip-checks-complete"); + } + + return NS_OK; +} + +NS_IMETHODIMP +NetworkConnectivityService::OnDataAvailable(nsIRequest* aRequest, + nsIInputStream* aInputStream, + uint64_t aOffset, uint32_t aCount) { + nsAutoCString data; + + // We perform this check here, instead of doing it in OnStopRequest in case + // a network down event occurs after the data has arrived but before we fire + // OnStopRequest. That would cause us to report a missing networkID, even + // though it was not empty while receiving data. + if (aRequest == mIPv4Channel && !mCheckedNetworkId) { + nsCOMPtr<nsINetworkLinkService> nls = + do_GetService(NS_NETWORK_LINK_SERVICE_CONTRACTID); + nsAutoCString networkId; + if (nls) { + nls->GetNetworkID(networkId); + } + mHasNetworkId = !networkId.IsEmpty(); + mCheckedNetworkId = true; + } + + Unused << NS_ReadInputStreamToString(aInputStream, data, aCount); + return NS_OK; +} + +} // namespace net +} // namespace mozilla |