1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef TRRService_h_
#define TRRService_h_
#include "mozilla/DataMutex.h"
#include "nsHostResolver.h"
#include "nsIObserver.h"
#include "nsITimer.h"
#include "nsWeakReference.h"
#include "ODoHService.h"
#include "TRRServiceBase.h"
#include "nsICaptivePortalService.h"
#include "nsTHashSet.h"
#include "TRR.h"
class nsDNSService;
class nsIPrefBranch;
class nsINetworkLinkService;
class nsIObserverService;
namespace mozilla {
namespace net {
class TRRServiceChild;
class TRRServiceParent;
class TRRService : public TRRServiceBase,
public nsIObserver,
public nsSupportsWeakReference,
public AHostResolver,
public SingleWriterLockOwner {
public:
NS_DECL_ISUPPORTS_INHERITED
NS_DECL_NSIOBSERVER
NS_DECL_NSIPROXYCONFIGCHANGEDCALLBACK
TRRService();
static TRRService* Get();
bool OnWritingThread() const override { return NS_IsMainThread(); }
nsresult Init();
nsresult Start();
bool Enabled(nsIRequest::TRRMode aRequestMode = nsIRequest::TRR_DEFAULT_MODE);
bool IsConfirmed() { return mConfirmation.State() == CONFIRM_OK; }
uint32_t ConfirmationState() { return mConfirmation.State(); }
bool DisableIPv6() { return mDisableIPv6; }
void GetURI(nsACString& result) override;
nsresult GetCredentials(nsCString& result);
uint32_t GetRequestTimeout();
void RetryTRRConfirm();
LookupStatus CompleteLookup(nsHostRecord*, nsresult, mozilla::net::AddrInfo*,
bool pb, const nsACString& aOriginSuffix,
TRRSkippedReason aReason,
TRR* aTrrRequest) override;
LookupStatus CompleteLookupByType(nsHostRecord*, nsresult,
mozilla::net::TypeRecordResultType&,
uint32_t, bool pb) override;
void AddToBlocklist(const nsACString& host, const nsACString& originSuffix,
bool privateBrowsing, bool aParentsToo);
bool IsTemporarilyBlocked(const nsACString& aHost,
const nsACString& aOriginSuffix,
bool aPrivateBrowsing, bool aParentsToo);
bool IsExcludedFromTRR(const nsACString& aHost);
bool MaybeBootstrap(const nsACString& possible, nsACString& result);
void RecordTRRStatus(nsresult aChannelStatus);
bool ParentalControlEnabled() const { return mParentalControlEnabled; }
nsresult DispatchTRRRequest(TRR* aTrrRequest);
already_AddRefed<nsIThread> TRRThread();
bool IsOnTRRThread();
bool IsUsingAutoDetectedURL() { return mURISetByDetection; }
// Returns a reference to a static string identifying the current DoH server
// If the DoH server is not one of the built-in ones it will return "(other)"
static const nsCString& ProviderKey();
static void SetProviderDomain(const nsACString& aTRRDomain);
void InitTRRConnectionInfo() override;
private:
virtual ~TRRService();
friend class TRRServiceChild;
friend class TRRServiceParent;
friend class ODoHService;
static void AddObserver(nsIObserver* aObserver,
nsIObserverService* aObserverService = nullptr);
static bool CheckCaptivePortalIsPassed();
static bool GetParentalControlEnabledInternal();
static bool CheckPlatformDNSStatus(nsINetworkLinkService* aLinkService);
nsresult ReadPrefs(const char* name);
void GetPrefBranch(nsIPrefBranch** result);
friend class ::nsDNSService;
void SetDetectedTrrURI(const nsACString& aURI);
bool IsDomainBlocked(const nsACString& aHost, const nsACString& aOriginSuffix,
bool aPrivateBrowsing);
bool IsExcludedFromTRR_unlocked(const nsACString& aHost);
void RebuildSuffixList(nsTArray<nsCString>&& aSuffixList);
nsresult DispatchTRRRequestInternal(TRR* aTrrRequest, bool aWithLock);
already_AddRefed<nsIThread> TRRThread_locked();
already_AddRefed<nsIThread> MainThreadOrTRRThread(bool aWithLock = true);
// This method will process the URI and try to set mPrivateURI to that value.
// Will return true if performed the change (if the value was different)
// or false if mPrivateURI already had that value.
bool MaybeSetPrivateURI(const nsACString& aURI) override;
void ClearEntireCache();
virtual void ReadEtcHostsFile() override;
void AddEtcHosts(const nsTArray<nsCString>&);
bool mInitialized{false};
MutexSingleWriter mLock;
nsCString mPrivateCred; // main thread only
nsCString mConfirmationNS MOZ_GUARDED_BY(mLock){"example.com"_ns};
nsCString mBootstrapAddr MOZ_GUARDED_BY(mLock);
Atomic<bool, Relaxed> mCaptiveIsPassed{
false}; // set when captive portal check is passed
Atomic<bool, Relaxed> mDisableIPv6; // don't even try
Atomic<bool, Relaxed> mShutdown{false};
// TRR Blocklist storage
// mTRRBLStorage is only modified on the main thread, but we query whether it
// is initialized or not off the main thread as well. Therefore we need to
// lock while creating it and while accessing it off the main thread.
DataMutex<nsTHashMap<nsCStringHashKey, int32_t>> mTRRBLStorage{
"DataMutex::TRRBlocklist"};
// A set of domains that we should not use TRR for.
nsTHashSet<nsCString> mExcludedDomains MOZ_GUARDED_BY(mLock);
nsTHashSet<nsCString> mDNSSuffixDomains MOZ_GUARDED_BY(mLock);
nsTHashSet<nsCString> mEtcHostsDomains MOZ_GUARDED_BY(mLock);
enum class ConfirmationEvent {
Init,
PrefChange,
ConfirmationRetry,
FailedLookups,
RetryTRR,
URIChange,
CaptivePortalConnectivity,
NetworkUp,
ConfirmOK,
ConfirmFail,
};
// (FailedLookups/RetryTRR/URIChange/NetworkUp)
// +---------------------------+
// +-----------+ | |
// | (Init) | +------v---------+ +-+--+
// | | TRR turned on | | (ConfirmOK) | |
// | OFF +---------------> TRY-OK +---------------> OK |
// | | (PrefChange) | | | |
// +-----^-----+ +^-^----+--------+ +-^--+
// | (PrefChange/CP) | | | |
// TRR + +------------------+ | | |
// off | | +----+ |(ConfirmFail) |(ConfirmOK)
// (Pref)| | | | |
// +---------+-+ | | |
// | | (CPConn) | +-------v--------+ +-+---------+
// | ANY-STATE | (NetworkUp)| | | timer | |
// | | (URIChange)+-+ FAIL +---------------> TRY-FAIL |
// +-----+-----+ | | (Confirmation | |
// | +------^---------+ Retry) +------+----+
// | (PrefChange) | |
// | TRR_ONLY mode or +--------------------------------+
// | confirmationNS = skip (ConfirmFail)
// +-----v-----+
// | |
// | DISABLED |
// | |
// +-----------+
//
enum ConfirmationState {
CONFIRM_OFF = 0,
CONFIRM_TRYING_OK = 1,
CONFIRM_OK = 2,
CONFIRM_FAILED = 3,
CONFIRM_TRYING_FAILED = 4,
CONFIRM_DISABLED = 5,
};
class ConfirmationContext final : public nsITimerCallback, public nsINamed {
NS_DECL_ISUPPORTS_INHERITED
NS_DECL_NSITIMERCALLBACK
NS_DECL_NSINAMED
private:
static const size_t RESULTS_SIZE = 32;
RefPtr<TRR> mTask;
nsCOMPtr<nsITimer> mTimer;
uint32_t mRetryInterval = 125; // milliseconds until retry
// The number of TRR requests that failed in a row.
Atomic<uint32_t, Relaxed> mTRRFailures{0};
// This buffer holds consecutive TRR failures reported by calling
// RecordTRRStatus(). It is only meant for reporting event telemetry.
char mFailureReasons[RESULTS_SIZE] = {0};
// The number of confirmation retries.
uint32_t mAttemptCount = 0;
// The results of past confirmation attempts.
// This is circular buffer ending at mAttemptCount.
char mResults[RESULTS_SIZE] = {0};
// Time when first confirmation started. Needed so we can
// record the time from start to confirmed.
TimeStamp mFirstRequestTime;
// The network ID at the start of the last confirmation attempt
nsCString mNetworkId;
// Captive portal status at the time of recording.
int32_t mCaptivePortalStatus = nsICaptivePortalService::UNKNOWN;
// The reason the confirmation context changed.
nsCString mContextChangeReason;
// What triggered the confirmation
nsCString mTrigger;
// String representation of consecutive failed lookups that triggered
// confirmation.
nsCString mFailedLookups;
void SetState(enum ConfirmationState aNewState);
public:
// Called when a confirmation completes successfully or when the
// confirmation context changes.
void RecordEvent(const char* aReason, const MutexSingleWriterAutoLock&);
// Called when a confirmation request is completed. The status is recorded
// in the results.
void RequestCompleted(nsresult aLookupStatus, nsresult aChannelStatus);
enum ConfirmationState State() { return mState; }
void CompleteConfirmation(nsresult aStatus, TRR* aTrrRequest);
void RecordTRRStatus(nsresult aChannelStatus);
// Returns true when handling the event caused a new confirmation task to be
// dispatched.
bool HandleEvent(ConfirmationEvent aEvent);
bool HandleEvent(ConfirmationEvent aEvent,
const MutexSingleWriterAutoLock&);
void SetCaptivePortalStatus(int32_t aStatus) {
mCaptivePortalStatus = aStatus;
}
uintptr_t TaskAddr() { return uintptr_t(mTask.get()); }
private:
// Since the ConfirmationContext is embedded in the TRRService object
// we can easily get a pointer to the TRRService. ConfirmationContext
// delegates AddRef/Release calls to the owning object since they are
// guaranteed to have the same lifetime.
TRRService* OwningObject() {
return reinterpret_cast<TRRService*>(
reinterpret_cast<uint8_t*>(this) -
offsetof(TRRService, mConfirmation) -
offsetof(ConfirmationWrapper, mConfirmation));
}
Atomic<enum ConfirmationState, Relaxed> mState{CONFIRM_OFF};
// TRRService needs to be a friend class because it needs to access the
// destructor.
friend class TRRService;
~ConfirmationContext() = default;
};
// Because TRRService needs to be a friend class to ConfirmationContext that
// means it can access member variables. In order to properly separate logic
// and prevent direct access to its member variables we embed it in a wrapper
// class.
class ConfirmationWrapper {
public:
// Called when a confirmation completes successfully or when the
// confirmation context changes.
void RecordEvent(const char* aReason,
const MutexSingleWriterAutoLock& aLock) {
mConfirmation.RecordEvent(aReason, aLock);
}
// Called when a confirmation request is completed. The status is recorded
// in the results.
void RequestCompleted(nsresult aLookupStatus, nsresult aChannelStatus) {
mConfirmation.RequestCompleted(aLookupStatus, aChannelStatus);
}
enum ConfirmationState State() { return mConfirmation.State(); }
void CompleteConfirmation(nsresult aStatus, TRR* aTrrRequest) {
mConfirmation.CompleteConfirmation(aStatus, aTrrRequest);
}
void RecordTRRStatus(nsresult aChannelStatus) {
mConfirmation.RecordTRRStatus(aChannelStatus);
}
bool HandleEvent(ConfirmationEvent aEvent) {
return mConfirmation.HandleEvent(aEvent);
}
bool HandleEvent(ConfirmationEvent aEvent,
const MutexSingleWriterAutoLock& lock) {
return mConfirmation.HandleEvent(aEvent, lock);
}
void SetCaptivePortalStatus(int32_t aStatus) {
mConfirmation.SetCaptivePortalStatus(aStatus);
}
private:
friend TRRService* ConfirmationContext::OwningObject();
ConfirmationContext mConfirmation;
};
ConfirmationWrapper mConfirmation;
bool mParentalControlEnabled{false};
// This is used to track whether a confirmation was triggered by a URI change,
// so we don't trigger another one just because other prefs have changed.
bool mConfirmationTriggered{false};
RefPtr<ODoHService> mODoHService;
nsCOMPtr<nsINetworkLinkService> mLinkService;
};
} // namespace net
} // namespace mozilla
#endif // TRRService_h_
|