diff options
Diffstat (limited to 'netwerk/test/unit/test_trr.js')
-rw-r--r-- | netwerk/test/unit/test_trr.js | 903 |
1 files changed, 903 insertions, 0 deletions
diff --git a/netwerk/test/unit/test_trr.js b/netwerk/test/unit/test_trr.js new file mode 100644 index 0000000000..bed4a78e6d --- /dev/null +++ b/netwerk/test/unit/test_trr.js @@ -0,0 +1,903 @@ +"use strict"; + +/* import-globals-from trr_common.js */ + +const gDefaultPref = Services.prefs.getDefaultBranch(""); + +SetParentalControlEnabled(false); + +function setup() { + h2Port = trr_test_setup(); + runningODoHTests = false; +} + +setup(); +registerCleanupFunction(async () => { + trr_clear_prefs(); +}); + +async function waitForConfirmation(expectedResponseIP, confirmationShouldFail) { + // Check that the confirmation eventually completes. + let count = 100; + while (count > 0) { + if (count == 50 || count == 10) { + // At these two points we do a longer timeout to account for a slow + // response on the server side. This is usually a problem on the Android + // because of the increased delay between the emulator and host. + await new Promise(resolve => do_timeout(100 * (100 / count), resolve)); + } + let { inRecord } = await new TRRDNSListener( + `ip${count}.example.org`, + undefined, + false + ); + inRecord.QueryInterface(Ci.nsIDNSAddrRecord); + let responseIP = inRecord.getNextAddrAsString(); + Assert.ok(true, responseIP); + if (responseIP == expectedResponseIP) { + break; + } + count--; + } + + if (confirmationShouldFail) { + Assert.equal(count, 0, "Confirmation did not finish after 100 iterations"); + return; + } + + Assert.greater(count, 0, "Finished confirmation before 100 iterations"); +} + +function setModeAndURI(mode, path) { + Services.prefs.setIntPref("network.trr.mode", mode); + Services.prefs.setCharPref( + "network.trr.uri", + `https://${TRR_Domain}:${h2Port}/${path}` + ); +} + +function makeChan(url, mode, bypassCache) { + let chan = NetUtil.newChannel({ + uri: url, + loadUsingSystemPrincipal: true, + }).QueryInterface(Ci.nsIHttpChannel); + chan.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE; + chan.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING; + chan.setTRRMode(mode); + return chan; +} + +add_task(async function test_server_up() { + // This test checks that moz-http2.js running in node is working. + // This should always be the first test in this file (except for setup) + // otherwise we may encounter random failures when the http2 server is down. + + await NodeServer.execute("bad_id", `"hello"`) + .then(() => ok(false, "expecting to throw")) + .catch(e => equal(e.message, "Error: could not find id")); +}); + +add_task(async function test_trr_flags() { + Services.prefs.setBoolPref("network.trr.fallback-on-zero-response", true); + + let httpserv = new HttpServer(); + httpserv.registerPathHandler("/", function handler(metadata, response) { + let content = "ok"; + response.setHeader("Content-Length", `${content.length}`); + response.bodyOutputStream.write(content, content.length); + }); + httpserv.start(-1); + + const URL = `http://example.com:${httpserv.identity.primaryPort}/`; + + for (let mode of [0, 1, 2, 3, 4, 5]) { + setModeAndURI(mode, "doh?responseIP=127.0.0.1"); + for (let flag of [ + Ci.nsIRequest.TRR_DEFAULT_MODE, + Ci.nsIRequest.TRR_DISABLED_MODE, + Ci.nsIRequest.TRR_FIRST_MODE, + Ci.nsIRequest.TRR_ONLY_MODE, + ]) { + Services.dns.clearCache(true); + let chan = makeChan(URL, flag); + let expectTRR = + ([2, 3].includes(mode) && flag != Ci.nsIRequest.TRR_DISABLED_MODE) || + (mode == 0 && + [Ci.nsIRequest.TRR_FIRST_MODE, Ci.nsIRequest.TRR_ONLY_MODE].includes( + flag + )); + + await new Promise(resolve => + chan.asyncOpen(new ChannelListener(resolve)) + ); + + equal(chan.getTRRMode(), flag); + equal( + expectTRR, + chan.QueryInterface(Ci.nsIHttpChannelInternal).isResolvedByTRR + ); + } + } + + await new Promise(resolve => httpserv.stop(resolve)); + Services.prefs.clearUserPref("network.trr.fallback-on-zero-response"); +}); + +add_task(test_A_record); + +add_task(async function test_push() { + info("Verify DOH push"); + Services.dns.clearCache(true); + info("Asking server to push us a record"); + setModeAndURI(3, "doh?responseIP=5.5.5.5&push=true"); + + await new TRRDNSListener("first.example.com", "5.5.5.5"); + + // At this point the second host name should've been pushed and we can resolve it using + // cache only. Set back the URI to a path that fails. + // Don't clear the cache, otherwise we lose the pushed record. + setModeAndURI(3, "404"); + + await new TRRDNSListener("push.example.org", "2018::2018"); +}); + +add_task(test_AAAA_records); + +add_task(test_RFC1918); + +add_task(test_GET_ECS); + +add_task(test_timeout_mode3); + +add_task(test_trr_retry); + +add_task(test_strict_native_fallback); + +add_task(test_no_answers_fallback); + +add_task(test_404_fallback); + +add_task(test_mode_1_and_4); + +add_task(test_CNAME); + +add_task(test_name_mismatch); + +add_task(test_mode_2); + +add_task(test_excluded_domains); + +add_task(test_captiveportal_canonicalURL); + +add_task(test_parentalcontrols); + +// TRR-first check that DNS result is used if domain is part of the builtin-excluded-domains pref +add_task(test_builtin_excluded_domains); + +add_task(test_excluded_domains_mode3); + +add_task(test25e); + +add_task(test_parentalcontrols_mode3); + +add_task(test_builtin_excluded_domains_mode3); + +add_task(count_cookies); + +add_task(test_connection_closed); + +add_task(async function test_clearCacheOnURIChange() { + info("Check that the TRR cache should be cleared by a pref change."); + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.clear-cache-on-pref-change", true); + setModeAndURI(2, "doh?responseIP=7.7.7.7"); + + await new TRRDNSListener("bar.example.com", "7.7.7.7"); + + // The TRR cache should be cleared by this pref change. + Services.prefs.setCharPref( + "network.trr.uri", + `https://localhost:${h2Port}/doh?responseIP=8.8.8.8` + ); + + await new TRRDNSListener("bar.example.com", "8.8.8.8"); + Services.prefs.setBoolPref("network.trr.clear-cache-on-pref-change", false); +}); + +add_task(async function test_dnsSuffix() { + info("Checking that domains matching dns suffix list use Do53"); + async function checkDnsSuffixInMode(mode) { + Services.dns.clearCache(true); + setModeAndURI(mode, "doh?responseIP=1.2.3.4&push=true"); + await new TRRDNSListener("example.org", "1.2.3.4"); + await new TRRDNSListener("push.example.org", "2018::2018"); + await new TRRDNSListener("test.com", "1.2.3.4"); + + let networkLinkService = { + dnsSuffixList: ["example.org"], + QueryInterface: ChromeUtils.generateQI(["nsINetworkLinkService"]), + }; + Services.obs.notifyObservers( + networkLinkService, + "network:dns-suffix-list-updated" + ); + await new TRRDNSListener("test.com", "1.2.3.4"); + if (Services.prefs.getBoolPref("network.trr.split_horizon_mitigations")) { + await new TRRDNSListener("example.org", "127.0.0.1"); + // Also test that we don't use the pushed entry. + await new TRRDNSListener("push.example.org", "127.0.0.1"); + } else { + await new TRRDNSListener("example.org", "1.2.3.4"); + await new TRRDNSListener("push.example.org", "2018::2018"); + } + + // Attempt to clean up, just in case + networkLinkService.dnsSuffixList = []; + Services.obs.notifyObservers( + networkLinkService, + "network:dns-suffix-list-updated" + ); + } + + Services.prefs.setBoolPref("network.trr.split_horizon_mitigations", true); + await checkDnsSuffixInMode(2); + Services.prefs.setCharPref("network.trr.bootstrapAddr", "127.0.0.1"); + await checkDnsSuffixInMode(3); + Services.prefs.setBoolPref("network.trr.split_horizon_mitigations", false); + // Test again with mitigations off + await checkDnsSuffixInMode(2); + await checkDnsSuffixInMode(3); + Services.prefs.clearUserPref("network.trr.split_horizon_mitigations"); + Services.prefs.clearUserPref("network.trr.bootstrapAddr"); +}); + +add_task(async function test_async_resolve_with_trr_server() { + info("Checking asyncResolveWithTrrServer"); + Services.dns.clearCache(true); + Services.prefs.setIntPref("network.trr.mode", 0); // TRR-disabled + + await new TRRDNSListener( + "bar_with_trr1.example.com", + "2.2.2.2", + true, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=2.2.2.2` + ); + + // Test request without trr server, it should return a native dns response. + await new TRRDNSListener("bar_with_trr1.example.com", "127.0.0.1"); + + // Mode 2 + Services.dns.clearCache(true); + setModeAndURI(2, "doh?responseIP=2.2.2.2"); + + await new TRRDNSListener( + "bar_with_trr2.example.com", + "3.3.3.3", + true, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=3.3.3.3` + ); + + // Test request without trr server, it should return a response from trr server defined in the pref. + await new TRRDNSListener("bar_with_trr2.example.com", "2.2.2.2"); + + // Mode 3 + Services.dns.clearCache(true); + setModeAndURI(3, "doh?responseIP=2.2.2.2"); + + await new TRRDNSListener( + "bar_with_trr3.example.com", + "3.3.3.3", + true, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=3.3.3.3` + ); + + // Test request without trr server, it should return a response from trr server defined in the pref. + await new TRRDNSListener("bar_with_trr3.example.com", "2.2.2.2"); + + // Mode 5 + Services.dns.clearCache(true); + setModeAndURI(5, "doh?responseIP=2.2.2.2"); + + // When dns is resolved in socket process, we can't set |expectEarlyFail| to true. + let inSocketProcess = mozinfo.socketprocess_networking; + await new TRRDNSListener( + "bar_with_trr3.example.com", + undefined, + false, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=3.3.3.3`, + !inSocketProcess + ); + + // Call normal AsyncOpen, it will return result from the native resolver. + await new TRRDNSListener("bar_with_trr3.example.com", "127.0.0.1"); + + // Check that cache is ignored when server is different + Services.dns.clearCache(true); + setModeAndURI(3, "doh?responseIP=2.2.2.2"); + + await new TRRDNSListener("bar_with_trr4.example.com", "2.2.2.2", true); + + // The record will be fetch again. + await new TRRDNSListener( + "bar_with_trr4.example.com", + "3.3.3.3", + true, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=3.3.3.3` + ); + + // The record will be fetch again. + await new TRRDNSListener( + "bar_with_trr5.example.com", + "4.4.4.4", + true, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=4.4.4.4` + ); + + // Check no fallback and no blocklisting upon failure + Services.dns.clearCache(true); + setModeAndURI(2, "doh?responseIP=2.2.2.2"); + + let { inStatus } = await new TRRDNSListener( + "bar_with_trr6.example.com", + undefined, + false, + undefined, + `https://foo.example.com:${h2Port}/404` + ); + Assert.ok( + !Components.isSuccessCode(inStatus), + `${inStatus} should be an error code` + ); + + await new TRRDNSListener("bar_with_trr6.example.com", "2.2.2.2", true); + + // Check that DoH push doesn't work + Services.dns.clearCache(true); + setModeAndURI(2, "doh?responseIP=2.2.2.2"); + + await new TRRDNSListener( + "bar_with_trr7.example.com", + "3.3.3.3", + true, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=3.3.3.3&push=true` + ); + + // AsyncResoleWithTrrServer rejects server pushes and the entry for push.example.org + // shouldn't be neither in the default cache not in AsyncResoleWithTrrServer cache. + setModeAndURI(2, "404"); + + await new TRRDNSListener( + "push.example.org", + "3.3.3.3", + true, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=3.3.3.3&push=true` + ); + + await new TRRDNSListener("push.example.org", "127.0.0.1"); + + // Check confirmation is ignored + Services.dns.clearCache(true); + setModeAndURI(2, "doh?responseIP=1::ffff"); + Services.prefs.clearUserPref("network.trr.useGET"); + Services.prefs.clearUserPref("network.trr.disable-ECS"); + Services.prefs.setCharPref( + "network.trr.confirmationNS", + "confirm.example.com" + ); + + // AsyncResoleWithTrrServer will succeed + await new TRRDNSListener( + "bar_with_trr8.example.com", + "3.3.3.3", + true, + undefined, + `https://foo.example.com:${h2Port}/doh?responseIP=3.3.3.3` + ); + + Services.prefs.setCharPref("network.trr.confirmationNS", "skip"); + + // Bad port + Services.dns.clearCache(true); + setModeAndURI(2, "doh?responseIP=2.2.2.2"); + + ({ inStatus } = await new TRRDNSListener( + "only_once.example.com", + undefined, + false, + undefined, + `https://target.example.com:666/404` + )); + Assert.ok( + !Components.isSuccessCode(inStatus), + `${inStatus} should be an error code` + ); + + // // MOZ_LOG=sync,timestamp,nsHostResolver:5 We should not keep resolving only_once.example.com + // // TODO: find a way of automating this + // await new Promise(resolve => {}); +}); + +add_task(test_fetch_time); + +add_task(async function test_content_encoding_gzip() { + info("Checking gzip content encoding"); + Services.dns.clearCache(true); + Services.prefs.setBoolPref( + "network.trr.send_empty_accept-encoding_headers", + false + ); + setModeAndURI(3, "doh?responseIP=2.2.2.2"); + + await new TRRDNSListener("bar.example.com", "2.2.2.2"); + Services.prefs.clearUserPref( + "network.trr.send_empty_accept-encoding_headers" + ); +}); + +add_task(async function test_redirect() { + info("Check handling of redirect"); + + // GET + Services.dns.clearCache(true); + setModeAndURI(3, "doh?redirect=4.4.4.4{&dns}"); + Services.prefs.setBoolPref("network.trr.useGET", true); + Services.prefs.setBoolPref("network.trr.disable-ECS", true); + + await new TRRDNSListener("ecs.example.com", "4.4.4.4"); + + // POST + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.useGET", false); + setModeAndURI(3, "doh?redirect=4.4.4.4"); + + await new TRRDNSListener("bar.example.com", "4.4.4.4"); + + Services.prefs.clearUserPref("network.trr.useGET"); + Services.prefs.clearUserPref("network.trr.disable-ECS"); +}); + +// confirmationNS set without confirmed NS yet +// checks that we properly fall back to DNS is confirmation is not ready yet, +// and wait-for-confirmation pref is true +add_task(async function test_confirmation() { + info("Checking that we fall back correctly when confirmation is pending"); + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.wait-for-confirmation", true); + setModeAndURI(2, "doh?responseIP=7.7.7.7&slowConfirm=true"); + Services.prefs.setCharPref( + "network.trr.confirmationNS", + "confirm.example.com" + ); + + await new TRRDNSListener("example.org", "127.0.0.1"); + await new Promise(resolve => do_timeout(1000, resolve)); + await waitForConfirmation("7.7.7.7"); + + // Reset between each test to force re-confirm + Services.prefs.setCharPref("network.trr.confirmationNS", "skip"); + + info("Check that confirmation is skipped in mode 3"); + // This is just a smoke test to make sure lookups succeed immediately + // in mode 3 without waiting for confirmation. + Services.dns.clearCache(true); + setModeAndURI(3, "doh?responseIP=1::ffff&slowConfirm=true"); + Services.prefs.setCharPref( + "network.trr.confirmationNS", + "confirm.example.com" + ); + + await new TRRDNSListener("skipConfirmationForMode3.example.com", "1::ffff"); + + // Reset between each test to force re-confirm + Services.prefs.setCharPref("network.trr.confirmationNS", "skip"); + + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.wait-for-confirmation", false); + setModeAndURI(2, "doh?responseIP=7.7.7.7&slowConfirm=true"); + Services.prefs.setCharPref( + "network.trr.confirmationNS", + "confirm.example.com" + ); + + // DoH available immediately + await new TRRDNSListener("example.org", "7.7.7.7"); + + // Reset between each test to force re-confirm + Services.prefs.setCharPref("network.trr.confirmationNS", "skip"); + + // Fallback when confirmation fails + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.wait-for-confirmation", true); + setModeAndURI(2, "404"); + Services.prefs.setCharPref( + "network.trr.confirmationNS", + "confirm.example.com" + ); + + await waitForConfirmation("7.7.7.7", true); + + await new TRRDNSListener("example.org", "127.0.0.1"); + + // Reset + Services.prefs.setCharPref("network.trr.confirmationNS", "skip"); + Services.prefs.clearUserPref("network.trr.wait-for-confirmation"); +}); + +add_task(test_fqdn); + +add_task(async function test_detected_uri() { + info("Test setDetectedTrrURI"); + Services.dns.clearCache(true); + Services.prefs.setIntPref("network.trr.mode", 3); + Services.prefs.clearUserPref("network.trr.uri"); + let defaultURI = gDefaultPref.getCharPref("network.trr.default_provider_uri"); + gDefaultPref.setCharPref( + "network.trr.default_provider_uri", + `https://foo.example.com:${h2Port}/doh?responseIP=3.4.5.6` + ); + await new TRRDNSListener("domainA.example.org.", "3.4.5.6"); + Services.dns.setDetectedTrrURI( + `https://foo.example.com:${h2Port}/doh?responseIP=1.2.3.4` + ); + await new TRRDNSListener("domainB.example.org.", "1.2.3.4"); + gDefaultPref.setCharPref("network.trr.default_provider_uri", defaultURI); + + // With a user-set doh uri this time. + Services.dns.clearCache(true); + setModeAndURI(2, "doh?responseIP=4.5.6.7"); + await new TRRDNSListener("domainA.example.org.", "4.5.6.7"); + + // This should be a no-op, since we have a user-set URI + Services.dns.setDetectedTrrURI( + `https://foo.example.com:${h2Port}/doh?responseIP=1.2.3.4` + ); + await new TRRDNSListener("domainB.example.org.", "4.5.6.7"); + + // Test network link status change + Services.dns.clearCache(true); + Services.prefs.setIntPref("network.trr.mode", 3); + Services.prefs.clearUserPref("network.trr.uri"); + gDefaultPref.setCharPref( + "network.trr.default_provider_uri", + `https://foo.example.com:${h2Port}/doh?responseIP=3.4.5.6` + ); + await new TRRDNSListener("domainA.example.org.", "3.4.5.6"); + Services.dns.setDetectedTrrURI( + `https://foo.example.com:${h2Port}/doh?responseIP=1.2.3.4` + ); + await new TRRDNSListener("domainB.example.org.", "1.2.3.4"); + + let networkLinkService = { + platformDNSIndications: 0, + QueryInterface: ChromeUtils.generateQI(["nsINetworkLinkService"]), + }; + + Services.obs.notifyObservers( + networkLinkService, + "network:link-status-changed", + "changed" + ); + + await new TRRDNSListener("domainC.example.org.", "3.4.5.6"); + + gDefaultPref.setCharPref("network.trr.default_provider_uri", defaultURI); +}); + +add_task(async function test_pref_changes() { + info("Testing pref change handling"); + Services.prefs.clearUserPref("network.trr.uri"); + let defaultURI = gDefaultPref.getCharPref("network.trr.default_provider_uri"); + + async function doThenCheckURI(closure, expectedURI, expectChange = true) { + let uriChanged; + if (expectChange) { + uriChanged = topicObserved("network:trr-uri-changed"); + } + closure(); + if (expectChange) { + await uriChanged; + } + equal(Services.dns.currentTrrURI, expectedURI); + } + + // setting the default value of the pref should be reflected in the URI + await doThenCheckURI(() => { + gDefaultPref.setCharPref( + "network.trr.default_provider_uri", + `https://foo.example.com:${h2Port}/doh?default` + ); + }, `https://foo.example.com:${h2Port}/doh?default`); + + // the user set value should be reflected in the URI + await doThenCheckURI(() => { + Services.prefs.setCharPref( + "network.trr.uri", + `https://foo.example.com:${h2Port}/doh?user` + ); + }, `https://foo.example.com:${h2Port}/doh?user`); + + // A user set pref is selected, so it should be chosen instead of the rollout + await doThenCheckURI( + () => { + Services.prefs.setCharPref( + "doh-rollout.uri", + `https://foo.example.com:${h2Port}/doh?rollout` + ); + }, + `https://foo.example.com:${h2Port}/doh?user`, + false + ); + + // There is no user set pref, so we go to the rollout pref + await doThenCheckURI(() => { + Services.prefs.clearUserPref("network.trr.uri"); + }, `https://foo.example.com:${h2Port}/doh?rollout`); + + // When the URI is set by the rollout addon, detection is allowed + await doThenCheckURI(() => { + Services.dns.setDetectedTrrURI( + `https://foo.example.com:${h2Port}/doh?detected` + ); + }, `https://foo.example.com:${h2Port}/doh?detected`); + + // Should switch back to the default provided by the rollout addon + await doThenCheckURI(() => { + let networkLinkService = { + platformDNSIndications: 0, + QueryInterface: ChromeUtils.generateQI(["nsINetworkLinkService"]), + }; + Services.obs.notifyObservers( + networkLinkService, + "network:link-status-changed", + "changed" + ); + }, `https://foo.example.com:${h2Port}/doh?rollout`); + + // Again the user set pref should be chosen + await doThenCheckURI(() => { + Services.prefs.setCharPref( + "network.trr.uri", + `https://foo.example.com:${h2Port}/doh?user` + ); + }, `https://foo.example.com:${h2Port}/doh?user`); + + // Detection should not work with a user set pref + await doThenCheckURI( + () => { + Services.dns.setDetectedTrrURI( + `https://foo.example.com:${h2Port}/doh?detected` + ); + }, + `https://foo.example.com:${h2Port}/doh?user`, + false + ); + + // Should stay the same on network changes + await doThenCheckURI( + () => { + let networkLinkService = { + platformDNSIndications: 0, + QueryInterface: ChromeUtils.generateQI(["nsINetworkLinkService"]), + }; + Services.obs.notifyObservers( + networkLinkService, + "network:link-status-changed", + "changed" + ); + }, + `https://foo.example.com:${h2Port}/doh?user`, + false + ); + + // Restore the pref + gDefaultPref.setCharPref("network.trr.default_provider_uri", defaultURI); +}); + +add_task(async function test_dohrollout_mode() { + info("Testing doh-rollout.mode"); + Services.prefs.clearUserPref("network.trr.mode"); + Services.prefs.clearUserPref("doh-rollout.mode"); + + equal(Services.dns.currentTrrMode, 0); + + async function doThenCheckMode(trrMode, rolloutMode, expectedMode, message) { + let modeChanged; + if (Services.dns.currentTrrMode != expectedMode) { + modeChanged = topicObserved("network:trr-mode-changed"); + } + + if (trrMode != undefined) { + Services.prefs.setIntPref("network.trr.mode", trrMode); + } + + if (rolloutMode != undefined) { + Services.prefs.setIntPref("doh-rollout.mode", rolloutMode); + } + + if (modeChanged) { + await modeChanged; + } + equal(Services.dns.currentTrrMode, expectedMode, message); + } + + await doThenCheckMode(2, undefined, 2); + await doThenCheckMode(3, undefined, 3); + await doThenCheckMode(5, undefined, 5); + await doThenCheckMode(2, undefined, 2); + await doThenCheckMode(0, undefined, 0); + await doThenCheckMode(1, undefined, 5); + await doThenCheckMode(6, undefined, 5); + + await doThenCheckMode(2, 0, 2); + await doThenCheckMode(2, 1, 2); + await doThenCheckMode(2, 2, 2); + await doThenCheckMode(2, 3, 2); + await doThenCheckMode(2, 5, 2); + await doThenCheckMode(3, 2, 3); + await doThenCheckMode(5, 2, 5); + + Services.prefs.clearUserPref("network.trr.mode"); + Services.prefs.clearUserPref("doh-rollout.mode"); + + await doThenCheckMode(undefined, 2, 2); + await doThenCheckMode(undefined, 3, 3); + + // All modes that are not 0,2,3 are treated as 5 + await doThenCheckMode(undefined, 5, 5); + await doThenCheckMode(undefined, 4, 5); + await doThenCheckMode(undefined, 6, 5); + + await doThenCheckMode(undefined, 2, 2); + await doThenCheckMode(3, undefined, 3); + + Services.prefs.clearUserPref("network.trr.mode"); + equal(Services.dns.currentTrrMode, 2); + Services.prefs.clearUserPref("doh-rollout.mode"); + equal(Services.dns.currentTrrMode, 0); +}); + +add_task(test_ipv6_trr_fallback); + +add_task(test_ipv4_trr_fallback); + +add_task(test_no_retry_without_doh); + +// This test checks that normally when the TRR mode goes from ON -> OFF +// we purge the DNS cache (including TRR), so the entries aren't used on +// networks where they shouldn't. For example - turning on a VPN. +add_task(async function test_purge_trr_cache_on_mode_change() { + info("Checking that we purge cache when TRR is turned off"); + Services.prefs.setBoolPref("network.trr.clear-cache-on-pref-change", true); + + Services.prefs.setIntPref("network.trr.mode", 0); + Services.prefs.setIntPref("doh-rollout.mode", 2); + Services.prefs.setCharPref( + "network.trr.uri", + `https://foo.example.com:${h2Port}/doh?responseIP=3.3.3.3` + ); + + await new TRRDNSListener("cached.example.com", "3.3.3.3"); + Services.prefs.clearUserPref("doh-rollout.mode"); + + await new TRRDNSListener("cached.example.com", "127.0.0.1"); + + Services.prefs.setBoolPref("network.trr.clear-cache-on-pref-change", false); + Services.prefs.clearUserPref("doh-rollout.mode"); +}); + +add_task(async function test_old_bootstrap_pref() { + Services.dns.clearCache(true); + // Note this is a remote address. Setting this pref should have no effect, + // as this is the old name for the bootstrap pref. + // If this were to be used, the test would crash when accessing a non-local + // IP address. + Services.prefs.setCharPref("network.trr.bootstrapAddress", "1.1.1.1"); + setModeAndURI(Ci.nsIDNSService.MODE_TRRONLY, `doh?responseIP=4.4.4.4`); + await new TRRDNSListener("testytest.com", "4.4.4.4"); +}); + +add_task(async function test_padding() { + setModeAndURI(Ci.nsIDNSService.MODE_TRRONLY, `doh`); + async function CheckPadding( + pad_length, + request, + none, + ecs, + padding, + ecsPadding + ) { + Services.prefs.setIntPref("network.trr.padding.length", pad_length); + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.padding", false); + Services.prefs.setBoolPref("network.trr.disable-ECS", false); + await new TRRDNSListener(request, none); + + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.padding", false); + Services.prefs.setBoolPref("network.trr.disable-ECS", true); + await new TRRDNSListener(request, ecs); + + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.padding", true); + Services.prefs.setBoolPref("network.trr.disable-ECS", false); + await new TRRDNSListener(request, padding); + + Services.dns.clearCache(true); + Services.prefs.setBoolPref("network.trr.padding", true); + Services.prefs.setBoolPref("network.trr.disable-ECS", true); + await new TRRDNSListener(request, ecsPadding); + } + + // short domain name + await CheckPadding( + 16, + "a.pd", + "2.2.0.22", + "2.2.0.41", + "1.1.0.48", + "1.1.0.48" + ); + await CheckPadding(256, "a.pd", "2.2.0.22", "2.2.0.41", "1.1.1.0", "1.1.1.0"); + + // medium domain name + await CheckPadding( + 16, + "has-padding.pd", + "2.2.0.32", + "2.2.0.51", + "1.1.0.48", + "1.1.0.64" + ); + await CheckPadding( + 128, + "has-padding.pd", + "2.2.0.32", + "2.2.0.51", + "1.1.0.128", + "1.1.0.128" + ); + await CheckPadding( + 80, + "has-padding.pd", + "2.2.0.32", + "2.2.0.51", + "1.1.0.80", + "1.1.0.80" + ); + + // long domain name + await CheckPadding( + 16, + "abcdefghijklmnopqrstuvwxyz0123456789.abcdefghijklmnopqrstuvwxyz0123456789.abcdefghijklmnopqrstuvwxyz0123456789.pd", + "2.2.0.131", + "2.2.0.150", + "1.1.0.160", + "1.1.0.160" + ); + await CheckPadding( + 128, + "abcdefghijklmnopqrstuvwxyz0123456789.abcdefghijklmnopqrstuvwxyz0123456789.abcdefghijklmnopqrstuvwxyz0123456789.pd", + "2.2.0.131", + "2.2.0.150", + "1.1.1.0", + "1.1.1.0" + ); + await CheckPadding( + 80, + "abcdefghijklmnopqrstuvwxyz0123456789.abcdefghijklmnopqrstuvwxyz0123456789.abcdefghijklmnopqrstuvwxyz0123456789.pd", + "2.2.0.131", + "2.2.0.150", + "1.1.0.160", + "1.1.0.160" + ); +}); + +add_task(test_connection_reuse_and_cycling); |