diff options
Diffstat (limited to 'chromium/net/dns/host_resolver_manager.cc')
| -rw-r--r-- | chromium/net/dns/host_resolver_manager.cc | 721 |
1 files changed, 186 insertions, 535 deletions
diff --git a/chromium/net/dns/host_resolver_manager.cc b/chromium/net/dns/host_resolver_manager.cc index 095269ce601..9db789cd87a 100644 --- a/chromium/net/dns/host_resolver_manager.cc +++ b/chromium/net/dns/host_resolver_manager.cc @@ -1,10 +1,9 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/dns/host_resolver_manager.h" -#include <algorithm> #include <cmath> #include <iterator> #include <limits> @@ -44,7 +43,6 @@ #include "base/observer_list.h" #include "base/ranges/algorithm.h" #include "base/sequence_checker.h" -#include "base/stl_util.h" #include "base/strings/strcat.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_piece.h" @@ -59,6 +57,7 @@ #include "base/time/default_tick_clock.h" #include "base/time/time.h" #include "base/trace_event/trace_event.h" +#include "base/types/optional_util.h" #include "base/values.h" #include "build/build_config.h" #include "net/base/address_family.h" @@ -69,8 +68,8 @@ #include "net/base/ip_address.h" #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" +#include "net/base/network_anonymization_key.h" #include "net/base/network_interfaces.h" -#include "net/base/network_isolation_key.h" #include "net/base/prioritized_dispatcher.h" #include "net/base/request_priority.h" #include "net/base/trace_constants.h" @@ -78,7 +77,6 @@ #include "net/dns/address_sorter.h" #include "net/dns/dns_alias_utility.h" #include "net/dns/dns_client.h" -#include "net/dns/dns_reloader.h" #include "net/dns/dns_response.h" #include "net/dns/dns_response_result_extractor.h" #include "net/dns/dns_transaction.h" @@ -86,12 +84,14 @@ #include "net/dns/host_cache.h" #include "net/dns/host_resolver_mdns_listener_impl.h" #include "net/dns/host_resolver_mdns_task.h" +#include "net/dns/host_resolver_nat64_task.h" #include "net/dns/host_resolver_proc.h" -#include "net/dns/host_resolver_results.h" +#include "net/dns/host_resolver_system_task.h" #include "net/dns/httpssvc_metrics.h" #include "net/dns/mdns_client.h" #include "net/dns/public/dns_protocol.h" #include "net/dns/public/dns_query_type.h" +#include "net/dns/public/host_resolver_results.h" #include "net/dns/public/resolve_error_info.h" #include "net/dns/public/secure_dns_mode.h" #include "net/dns/public/secure_dns_policy.h" @@ -140,10 +140,10 @@ namespace { // some platform's resolvers. const size_t kMaxHostLength = 4096; -// Default TTL for successful resolutions with ProcTask. +// Default TTL for successful resolutions with HostResolverSystemTask. const unsigned kCacheEntryTTLSeconds = 60; -// Default TTL for unsuccessful resolutions with ProcTask. +// Default TTL for unsuccessful resolutions with HostResolverSystemTask. const unsigned kNegativeCacheEntryTTLSeconds = 0; // Minimum TTL for successful resolutions with DnsTask. @@ -158,14 +158,6 @@ const uint8_t kIPv6ProbeAddress[] = {0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x88}; -enum DnsResolveStatus { - RESOLVE_STATUS_DNS_SUCCESS = 0, - RESOLVE_STATUS_PROC_SUCCESS, - RESOLVE_STATUS_FAIL, - RESOLVE_STATUS_SUSPECT_NETBIOS, - RESOLVE_STATUS_MAX -}; - // ICANN uses this localhost address to indicate a name collision. // // The policy in Chromium is to fail host resolving if it resolves to @@ -217,15 +209,6 @@ bool ConfigureAsyncDnsNoFallbackFieldTrial() { return kDefault; } -const base::FeatureParam<base::TaskPriority>::Option prio_modes[] = { - {base::TaskPriority::USER_VISIBLE, "default"}, - {base::TaskPriority::USER_BLOCKING, "user_blocking"}}; -const base::Feature kSystemResolverPriorityExperiment = { - "SystemResolverPriorityExperiment", base::FEATURE_DISABLED_BY_DEFAULT}; -const base::FeatureParam<base::TaskPriority> priority_mode{ - &kSystemResolverPriorityExperiment, "mode", - base::TaskPriority::USER_VISIBLE, &prio_modes}; - //----------------------------------------------------------------------------- // Returns true if it can determine that only loopback addresses are configured. @@ -277,38 +260,6 @@ bool HaveOnlyLoopbackAddresses() { #endif // defined(various platforms) } -// Creates NetLog parameters when the resolve failed. -base::Value NetLogProcTaskFailedParams(uint32_t attempt_number, - int net_error, - int os_error) { - base::Value::Dict dict; - if (attempt_number) - dict.Set("attempt_number", base::saturated_cast<int>(attempt_number)); - - dict.Set("net_error", net_error); - - if (os_error) { - dict.Set("os_error", os_error); -#if BUILDFLAG(IS_WIN) - // Map the error code to a human-readable string. - LPWSTR error_string = nullptr; - FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, - nullptr, // Use the internal message table. - os_error, - 0, // Use default language. - (LPWSTR)&error_string, - 0, // Buffer size. - nullptr); // Arguments (unused). - dict.Set("os_error_string", base::WideToUTF8(error_string)); - LocalFree(error_string); -#elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA) - dict.Set("os_error_string", gai_strerror(os_error)); -#endif - } - - return base::Value(std::move(dict)); -} - // Creates NetLog parameters when the DnsTask failed. base::Value NetLogDnsTaskFailedParams( int net_error, @@ -361,13 +312,13 @@ base::Value NetLogIPv6AvailableParams(bool ipv6_available, bool cached) { //----------------------------------------------------------------------------- -// Maximum of 64 concurrent resolver threads (excluding retries). +// Maximum of 64 concurrent resolver calls (excluding retries). // Between 2010 and 2020, the limit was set to 6 because of a report of a broken // home router that would fail in the presence of more simultaneous queries. // In 2020, we conducted an experiment to see if this kind of router was still // present on the Internet, and found no evidence of any remaining issues, so // we increased the limit to 64 at that time. -const size_t kDefaultMaxProcTasks = 64u; +const size_t kDefaultMaxSystemTasks = 64u; PrioritizedDispatcher::Limits GetDispatcherLimits( const HostResolver::ManagerOptions& options) { @@ -379,7 +330,7 @@ PrioritizedDispatcher::Limits GetDispatcherLimits( return limits; // Default, without trial is no reserved slots. - limits.total_jobs = kDefaultMaxProcTasks; + limits.total_jobs = kDefaultMaxSystemTasks; // Parallelism is determined by the field trial. std::string group = @@ -468,13 +419,6 @@ base::Value NetLogResults(const HostCache::Entry& results) { return base::Value(std::move(dict)); } -base::Value ToLogStringValue(const HostResolver::Host& host) { - if (absl::holds_alternative<url::SchemeHostPort>(host)) - return base::Value(absl::get<url::SchemeHostPort>(host).Serialize()); - - return base::Value(absl::get<HostPortPair>(host).ToString()); -} - base::Value ToLogStringValue( const absl::variant<url::SchemeHostPort, std::string>& host) { if (absl::holds_alternative<url::SchemeHostPort>(host)) { @@ -493,19 +437,6 @@ base::StringPiece GetScheme( return base::StringPiece(); } -base::StringPiece GetHostname(const HostResolver::Host& host) { - if (absl::holds_alternative<url::SchemeHostPort>(host)) { - base::StringPiece hostname = absl::get<url::SchemeHostPort>(host).host(); - if (hostname.size() >= 2 && hostname.front() == '[' && - hostname.back() == ']') { - hostname = hostname.substr(1, hostname.size() - 2); - } - return hostname; - } - - return absl::get<HostPortPair>(host).host(); -} - base::StringPiece GetHostname( const absl::variant<url::SchemeHostPort, std::string>& host) { if (absl::holds_alternative<url::SchemeHostPort>(host)) { @@ -520,14 +451,6 @@ base::StringPiece GetHostname( return absl::get<std::string>(host); } -uint16_t GetPort(const HostResolver::Host& host) { - if (absl::holds_alternative<url::SchemeHostPort>(host)) { - return absl::get<url::SchemeHostPort>(host).port(); - } - - return absl::get<HostPortPair>(host).port(); -} - // Only use scheme/port in JobKey if `https_svcb_options_enabled` is true // (or the query is explicitly for HTTPS). Otherwise DNS will not give different // results for the same hostname. @@ -536,11 +459,11 @@ absl::variant<url::SchemeHostPort, std::string> CreateHostForJobKey( DnsQueryType query_type, bool https_svcb_options_enabled) { if ((https_svcb_options_enabled || query_type == DnsQueryType::HTTPS) && - absl::holds_alternative<url::SchemeHostPort>(input)) { - return absl::get<url::SchemeHostPort>(input); + input.HasScheme()) { + return input.AsSchemeHostPort(); } - return std::string(GetHostname(input)); + return std::string(input.GetHostnameWithoutBrackets()); } DnsResponse CreateFakeEmptyResponse(base::StringPiece hostname, @@ -605,7 +528,7 @@ class HostResolverManager::RequestImpl public: RequestImpl(NetLogWithSource source_net_log, HostResolver::Host request_host, - NetworkIsolationKey network_isolation_key, + NetworkAnonymizationKey network_anonymization_key, absl::optional<ResolveHostParameters> optional_parameters, base::WeakPtr<ResolveContext> resolve_context, HostCache* host_cache, @@ -613,11 +536,11 @@ class HostResolverManager::RequestImpl const base::TickClock* tick_clock) : source_net_log_(std::move(source_net_log)), request_host_(std::move(request_host)), - network_isolation_key_( + network_anonymization_key_( base::FeatureList::IsEnabled( features::kSplitHostCacheByNetworkIsolationKey) - ? std::move(network_isolation_key) - : NetworkIsolationKey()), + ? std::move(network_anonymization_key) + : NetworkAnonymizationKey()), parameters_(optional_parameters ? std::move(optional_parameters).value() : ResolveHostParameters()), resolve_context_(std::move(resolve_context)), @@ -668,13 +591,13 @@ class HostResolverManager::RequestImpl const AddressList* GetAddressResults() const override { DCHECK(complete_); - return base::OptionalOrNullptr(legacy_address_results_); + return base::OptionalToPtr(legacy_address_results_); } const std::vector<HostResolverEndpointResult>* GetEndpointResults() const override { DCHECK(complete_); - return base::OptionalOrNullptr(endpoint_results_); + return base::OptionalToPtr(endpoint_results_); } const absl::optional<std::vector<std::string>>& GetTextResults() @@ -710,7 +633,7 @@ class HostResolverManager::RequestImpl } #endif // DCHECK_IS_ON() - return base::OptionalOrNullptr(fixed_up_dns_alias_results_); + return base::OptionalToPtr(fixed_up_dns_alias_results_); } const std::vector<bool>* GetExperimentalResultsForTesting() const override { @@ -781,8 +704,8 @@ class HostResolverManager::RequestImpl const HostResolver::Host& request_host() const { return request_host_; } - const NetworkIsolationKey& network_isolation_key() const { - return network_isolation_key_; + const NetworkAnonymizationKey& network_anonymization_key() const { + return network_anonymization_key_; } const ResolveHostParameters& parameters() const { return parameters_; } @@ -831,15 +754,15 @@ class HostResolverManager::RequestImpl source_net_log_.BeginEvent( NetLogEventType::HOST_RESOLVER_MANAGER_REQUEST, [this] { base::Value::Dict dict; - dict.Set("host", ToLogStringValue(request_host_)); + dict.Set("host", request_host_.ToString()); dict.Set("dns_query_type", base::strict_cast<int>(parameters_.dns_query_type)); dict.Set("allow_cached_response", parameters_.cache_usage != ResolveHostParameters::CacheUsage::DISALLOWED); dict.Set("is_speculative", parameters_.is_speculative); - dict.Set("network_isolation_key", - network_isolation_key_.ToDebugString()); + dict.Set("network_anonymization_key", + network_anonymization_key_.ToDebugString()); dict.Set("secure_dns_policy", base::strict_cast<int>(parameters_.secure_dns_policy)); return base::Value(std::move(dict)); @@ -871,7 +794,7 @@ class HostResolverManager::RequestImpl const NetLogWithSource source_net_log_; const HostResolver::Host request_host_; - const NetworkIsolationKey network_isolation_key_; + const NetworkAnonymizationKey network_anonymization_key_; ResolveHostParameters parameters_; base::WeakPtr<ResolveContext> resolve_context_; const raw_ptr<HostCache> host_cache_; @@ -971,236 +894,6 @@ class HostResolverManager::ProbeRequestImpl base::WeakPtrFactory<ProbeRequestImpl> weak_ptr_factory_{this}; }; -//------------------------------------------------------------------------------ - -// Calls HostResolverProc in ThreadPool. Performs retries if necessary. -// -// In non-test code, the HostResolverProc is always SystemHostResolverProc, -// which calls a platform API that implements host resolution. -// -// Whenever we try to resolve the host, we post a delayed task to check if host -// resolution (OnLookupComplete) is completed or not. If the original attempt -// hasn't completed, then we start another attempt for host resolution. We take -// the results from the first attempt that finishes and ignore the results from -// all other attempts. -// -// TODO(szym): Move to separate source file for testing and mocking. -// -class HostResolverManager::ProcTask { - public: - typedef base::OnceCallback<void(int net_error, const AddressList& addr_list)> - Callback; - - ProcTask(std::string hostname, - AddressFamily address_family, - HostResolverFlags flags, - const ProcTaskParams& params, - Callback callback, - scoped_refptr<base::TaskRunner> proc_task_runner, - const NetLogWithSource& job_net_log, - const base::TickClock* tick_clock, - handles::NetworkHandle network) - : hostname_(std::move(hostname)), - address_family_(address_family), - flags_(flags), - params_(params), - callback_(std::move(callback)), - network_task_runner_(base::ThreadTaskRunnerHandle::Get()), - proc_task_runner_(std::move(proc_task_runner)), - net_log_(job_net_log), - tick_clock_(tick_clock), - network_(network) { - DCHECK(callback_); - if (!params_.resolver_proc.get()) - params_.resolver_proc = HostResolverProc::GetDefault(); - // If default is unset, use the system proc. - if (!params_.resolver_proc.get()) - params_.resolver_proc = base::MakeRefCounted<SystemHostResolverProc>(); - } - - ProcTask(const ProcTask&) = delete; - ProcTask& operator=(const ProcTask&) = delete; - - // Cancels this ProcTask. Any outstanding resolve attempts running on worker - // thread will continue running, but they will post back to the network thread - // before checking their WeakPtrs to find that this task is cancelled. - ~ProcTask() { - DCHECK(network_task_runner_->BelongsToCurrentThread()); - - // If this is cancellation, log the EndEvent (otherwise this was logged in - // OnLookupComplete()). - if (!was_completed()) - net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_MANAGER_PROC_TASK); - } - - void Start() { - DCHECK(network_task_runner_->BelongsToCurrentThread()); - DCHECK(!was_completed()); - net_log_.BeginEvent(NetLogEventType::HOST_RESOLVER_MANAGER_PROC_TASK); - StartLookupAttempt(); - } - - bool was_completed() const { - DCHECK(network_task_runner_->BelongsToCurrentThread()); - return callback_.is_null(); - } - - private: - using AttemptCompletionCallback = base::OnceCallback< - void(const AddressList& results, int error, const int os_error)>; - - void StartLookupAttempt() { - DCHECK(network_task_runner_->BelongsToCurrentThread()); - DCHECK(!was_completed()); - base::TimeTicks start_time = tick_clock_->NowTicks(); - ++attempt_number_; - // Dispatch the lookup attempt to a worker thread. - AttemptCompletionCallback completion_callback = base::BindOnce( - &ProcTask::OnLookupAttemptComplete, weak_ptr_factory_.GetWeakPtr(), - start_time, attempt_number_, tick_clock_); - proc_task_runner_->PostTask( - FROM_HERE, - base::BindOnce(&ProcTask::DoLookup, hostname_, address_family_, flags_, - params_.resolver_proc, network_task_runner_, - std::move(completion_callback), network_)); - - net_log_.AddEventWithIntParams( - NetLogEventType::HOST_RESOLVER_MANAGER_ATTEMPT_STARTED, - "attempt_number", attempt_number_); - - // If the results aren't received within a given time, RetryIfNotComplete - // will start a new attempt if none of the outstanding attempts have - // completed yet. - // Use a WeakPtr to avoid keeping the ProcTask alive after completion or - // cancellation. - if (attempt_number_ <= params_.max_retry_attempts) { - network_task_runner_->PostDelayedTask( - FROM_HERE, - base::BindOnce(&ProcTask::StartLookupAttempt, - weak_ptr_factory_.GetWeakPtr()), - params_.unresponsive_delay * - std::pow(params_.retry_factor, attempt_number_ - 1)); - } - } - - // WARNING: This code runs in ThreadPool with CONTINUE_ON_SHUTDOWN. The - // shutdown code cannot wait for it to finish, so this code must be very - // careful about using other objects (like MessageLoops, Singletons, etc). - // During shutdown these objects may no longer exist. - static void DoLookup( - std::string hostname, - AddressFamily address_family, - HostResolverFlags flags, - scoped_refptr<HostResolverProc> resolver_proc, - scoped_refptr<base::SingleThreadTaskRunner> network_task_runner, - AttemptCompletionCallback completion_callback, - handles::NetworkHandle network) { - AddressList results; - int os_error = 0; - int error = resolver_proc->Resolve(hostname, address_family, flags, - &results, &os_error, network); - - network_task_runner->PostTask( - FROM_HERE, base::BindOnce(std::move(completion_callback), results, - error, os_error)); - } - - // Callback for when DoLookup() completes (runs on task runner thread). Now - // that we're back in the network thread, checks that |proc_task| is still - // valid, and if so, passes back to the object. - static void OnLookupAttemptComplete(base::WeakPtr<ProcTask> proc_task, - const base::TimeTicks& start_time, - const uint32_t attempt_number, - const base::TickClock* tick_clock, - const AddressList& results, - int error, - const int os_error) { - TRACE_EVENT0(NetTracingCategory(), "ProcTask::OnLookupComplete"); - - // If results are empty, we should return an error. - bool empty_list_on_ok = (error == OK && results.empty()); - if (empty_list_on_ok) - error = ERR_NAME_NOT_RESOLVED; - - // Ideally the following code would be part of host_resolver_proc.cc, - // however it isn't safe to call NetworkChangeNotifier from worker threads. - // So do it here on the IO thread instead. - if (error != OK && NetworkChangeNotifier::IsOffline()) - error = ERR_INTERNET_DISCONNECTED; - - if (!proc_task) - return; - - proc_task->OnLookupComplete(results, start_time, attempt_number, error, - os_error); - } - - void OnLookupComplete(const AddressList& results, - const base::TimeTicks& start_time, - const uint32_t attempt_number, - int error, - const int os_error) { - DCHECK(network_task_runner_->BelongsToCurrentThread()); - DCHECK(!was_completed()); - - // Invalidate WeakPtrs to cancel handling of all outstanding lookup attempts - // and retries. - weak_ptr_factory_.InvalidateWeakPtrs(); - - if (error != OK) { - net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_MANAGER_PROC_TASK, [&] { - return NetLogProcTaskFailedParams(0, error, os_error); - }); - net_log_.AddEvent( - NetLogEventType::HOST_RESOLVER_MANAGER_ATTEMPT_FINISHED, [&] { - return NetLogProcTaskFailedParams(attempt_number, error, os_error); - }); - } else { - net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_MANAGER_PROC_TASK, - [&] { return results.NetLogParams(); }); - net_log_.AddEventWithIntParams( - NetLogEventType::HOST_RESOLVER_MANAGER_ATTEMPT_FINISHED, - "attempt_number", attempt_number); - } - - std::move(callback_).Run(error, results); - } - - const std::string hostname_; - const AddressFamily address_family_; - const HostResolverFlags flags_; - - // Holds an owning reference to the HostResolverProc that we are going to use. - // This may not be the current resolver procedure by the time we call - // ResolveAddrInfo, but that's OK... we'll use it anyways, and the owning - // reference ensures that it remains valid until we are done. - ProcTaskParams params_; - - // The listener to the results of this ProcTask. - Callback callback_; - - // Used to post events onto the network thread. - scoped_refptr<base::SingleThreadTaskRunner> network_task_runner_; - // Used to post blocking HostResolverProc tasks. - scoped_refptr<base::TaskRunner> proc_task_runner_; - - // Keeps track of the number of attempts we have made so far to resolve the - // host. Whenever we start an attempt to resolve the host, we increase this - // number. - uint32_t attempt_number_ = 0; - - NetLogWithSource net_log_; - - raw_ptr<const base::TickClock> tick_clock_; - // Network to perform DNS lookups for. - handles::NetworkHandle network_; - - // Used to loop back from the blocking lookup attempt tasks as well as from - // delayed retry tasks. Invalidate WeakPtrs on completion and cancellation to - // cancel handling of such posted tasks. - base::WeakPtrFactory<ProcTask> weak_ptr_factory_{this}; -}; - //----------------------------------------------------------------------------- // Resolves the hostname using DnsTransaction, which is a full implementation of @@ -1389,31 +1082,13 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { return types; if (types.Has(DnsQueryType::HTTPS)) { - if (!secure_ && (!https_svcb_options_.enable_insecure || - !client_->CanQueryAdditionalTypesViaInsecureDns())) { + if (!secure_ && !client_->CanQueryAdditionalTypesViaInsecureDns()) { types.Remove(DnsQueryType::HTTPS); } else { DCHECK(!httpssvc_metrics_); - httpssvc_metrics_.emplace(secure_, /*expect_intact=*/false); - } - } - - if (types.Has(DnsQueryType::INTEGRITY) || - types.Has(DnsQueryType::HTTPS_EXPERIMENTAL)) { - if (!secure_ && (!features::kDnsHttpssvcEnableQueryOverInsecure.Get() || - !client_->CanQueryAdditionalTypesViaInsecureDns())) { - types.RemoveAll( - {DnsQueryType::INTEGRITY, DnsQueryType::HTTPS_EXPERIMENTAL}); - } else { - DCHECK(!httpssvc_metrics_) - << "Caller requested multiple experimental types"; - httpssvc_metrics_.emplace( - secure_, - /*expect_intact=*/httpssvc_domain_cache_.IsExperimental( - GetHostname(host_))); + httpssvc_metrics_.emplace(secure_); } } - DCHECK(!types.Empty()); return types; } @@ -1438,9 +1113,7 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { } } for (DnsQueryType remaining_query : query_types) { - if (remaining_query == DnsQueryType::HTTPS || - remaining_query == DnsQueryType::HTTPS_EXPERIMENTAL || - remaining_query == DnsQueryType::INTEGRITY) { + if (remaining_query == DnsQueryType::HTTPS) { // Ignore errors for these types. In most cases treating them normally // would only result in fallback to resolution without querying the // type. Instead, synthesize empty results. @@ -1495,17 +1168,9 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { base::TimeDelta elapsed_time = tick_clock_->NowTicks() - task_start_time_; switch (transaction.type) { - case DnsQueryType::INTEGRITY: - DCHECK(httpssvc_metrics_); - httpssvc_metrics_->SaveForIntegrity(HttpssvcDnsRcode::kTimedOut, - /*condensed_records=*/{}, - elapsed_time); - break; case DnsQueryType::HTTPS: DCHECK(!secure_ || !features::kUseDnsHttpsSvcbEnforceSecureResponse.Get()); - [[fallthrough]]; - case DnsQueryType::HTTPS_EXPERIMENTAL: if (httpssvc_metrics_) { // Don't record provider ID for timeouts. It is not precisely known // at this level which provider is actually to blame for the @@ -1628,16 +1293,7 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { } if (httpssvc_metrics_) { - if (transaction_info.type == DnsQueryType::INTEGRITY) { - const std::vector<bool>* experimental_results = - results.https_record_compatibility(); - CHECK(experimental_results); - // INTEGRITY queries can time out the normal way (here), or when the - // experimental query timer runs out (OnExperimentalQueryTimeout). - httpssvc_metrics_->SaveForIntegrity( - rcode_for_httpssvc, *experimental_results, elapsed_time); - } else if (transaction_info.type == DnsQueryType::HTTPS || - transaction_info.type == DnsQueryType::HTTPS_EXPERIMENTAL) { + if (transaction_info.type == DnsQueryType::HTTPS) { const std::vector<bool>* record_compatibility = results.https_record_compatibility(); CHECK(record_compatibility); @@ -1685,9 +1341,7 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { results = HostCache::Entry::MergeEntries( std::move(results), std::move(saved_results_).value()); break; - case DnsQueryType::INTEGRITY: case DnsQueryType::HTTPS: - case DnsQueryType::HTTPS_EXPERIMENTAL: // No particular importance to order. results = HostCache::Entry::MergeEntries( std::move(results), std::move(saved_results_).value()); @@ -1865,7 +1519,7 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_MANAGER_DNS_TASK, [&] { return NetLogDnsTaskFailedParams(net_error, failed_transaction_type, ttl, - base::OptionalOrNullptr(saved_results_)); + base::OptionalToPtr(saved_results_)); }); // Expect this to result in destroying `this` and thus cancelling any @@ -1935,12 +1589,6 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { timeout_min = https_svcb_options_.insecure_extra_time_min; } - if (timeout_max.is_zero() && extra_time_percent == 0 && - timeout_min.is_zero()) { - timeout_max = https_svcb_options_.extra_time_absolute; - extra_time_percent = https_svcb_options_.extra_time_percent; - } - // Skip timeout for secure requests if the timeout would be a fatal // failure. if (secure_ && features::kUseDnsHttpsSvcbEnforceSecureResponse.Get()) { @@ -1948,12 +1596,6 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { extra_time_percent = 0; timeout_min = base::TimeDelta(); } - } else if (AnyOfTypeTransactionsRemain( - {DnsQueryType::INTEGRITY, - DnsQueryType::HTTPS_EXPERIMENTAL})) { - DCHECK(base::FeatureList::IsEnabled(features::kDnsHttpssvc)); - timeout_max = features::dns_httpssvc_experiment::GetExtraTimeAbsolute(); - extra_time_percent = features::kDnsHttpssvcExtraTimePercent.Get(); } else { // Unhandled supplemental type. NOTREACHED(); @@ -1985,38 +1627,13 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { } bool ShouldTriggerHttpToHttpsUpgrade(const HostCache::Entry& results) { - // These values are logged to UMA. Entries should not be renumbered and - // numeric values should never be reused. Please keep in sync with - // "DNS.HttpUpgradeResult" in src/tools/metrics/histograms/enums.xml. - enum class UpgradeResult { - kUpgradeTriggered = 0, - kNoHttpsRecord = 1, - kHttpsScheme = 2, - kOtherScheme = 3, - kUpgradeDisabled = 4, - kMaxValue = kUpgradeDisabled - } upgrade_result; - - if (!results.https_record_compatibility() || - base::ranges::none_of(*results.https_record_compatibility(), - base::identity())) { - upgrade_result = UpgradeResult::kNoHttpsRecord; - } else if (GetScheme(host_) == url::kHttpsScheme || - GetScheme(host_) == url::kWssScheme) { - upgrade_result = UpgradeResult::kHttpsScheme; - } else if (GetScheme(host_) != url::kHttpScheme && - GetScheme(host_) != url::kWsScheme) { - // This is an unusual case because HTTPS would normally not be requested - // if the scheme is not http(s):// or ws(s)://. - upgrade_result = UpgradeResult::kOtherScheme; - } else if (!features::kUseDnsHttpsSvcbHttpUpgrade.Get()) { - upgrade_result = UpgradeResult::kUpgradeDisabled; - } else { - upgrade_result = UpgradeResult::kUpgradeTriggered; - } - - UMA_HISTOGRAM_ENUMERATION("Net.DNS.DnsTask.HttpUpgrade", upgrade_result); - return upgrade_result == UpgradeResult::kUpgradeTriggered; + // Upgrade if at least one HTTPS record was compatible, and the host uses an + // upgradable scheme. + return results.https_record_compatibility() && + base::ranges::any_of(*results.https_record_compatibility(), + base::identity()) && + (GetScheme(host_) == url::kHttpScheme || + GetScheme(host_) == url::kWsScheme); } // Only keep metadata results (from HTTPS records) for appropriate schemes. @@ -2062,7 +1679,6 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { raw_ptr<const base::TickClock> tick_clock_; base::TimeTicks task_start_time_; - HttpssvcExperimentDomainCache httpssvc_domain_cache_; absl::optional<HttpssvcMetrics> httpssvc_metrics_; // Timer for task timeout. Generally started after completion of address @@ -2086,11 +1702,11 @@ struct HostResolverManager::JobKey { bool operator<(const JobKey& other) const { return std::forward_as_tuple(query_types.ToEnumBitmask(), flags, source, secure_dns_mode, &*resolve_context, host, - network_isolation_key) < + network_anonymization_key) < std::forward_as_tuple(other.query_types.ToEnumBitmask(), other.flags, other.source, other.secure_dns_mode, &*other.resolve_context, other.host, - other.network_isolation_key); + other.network_anonymization_key); } bool operator==(const JobKey& other) const { @@ -2098,7 +1714,7 @@ struct HostResolverManager::JobKey { } absl::variant<url::SchemeHostPort, std::string> host; - NetworkIsolationKey network_isolation_key; + NetworkAnonymizationKey network_anonymization_key; DnsQueryTypeSet query_types; HostResolverFlags flags; HostResolverSource source; @@ -2113,16 +1729,14 @@ struct HostResolverManager::JobKey { // is why the following DCHECK restricts the allowable query types. DCHECK(Difference(query_types, DnsQueryTypeSet(DnsQueryType::A, DnsQueryType::AAAA, - DnsQueryType::HTTPS, - DnsQueryType::HTTPS_EXPERIMENTAL, - DnsQueryType::INTEGRITY)) + DnsQueryType::HTTPS)) .Empty()); } const DnsQueryType query_type_for_key = query_types.Size() == 1 ? *query_types.begin() : DnsQueryType::UNSPECIFIED; HostCache::Key key(host, query_type_for_key, flags, source, - network_isolation_key); + network_anonymization_key); key.secure = secure; return key; } @@ -2145,7 +1759,6 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, HostCache* host_cache, std::deque<TaskType> tasks, RequestPriority priority, - scoped_refptr<base::TaskRunner> proc_task_runner, const NetLogWithSource& source_net_log, const base::TickClock* tick_clock, const HostResolver::HttpsSvcbOptions& https_svcb_options) @@ -2155,7 +1768,6 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, host_cache_(host_cache), tasks_(tasks), priority_tracker_(priority), - proc_task_runner_(std::move(proc_task_runner)), tick_clock_(tick_clock), https_svcb_options_(https_svcb_options), net_log_( @@ -2220,7 +1832,8 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, DCHECK_EQ(host_cache_, request->host_cache()); // TODO(crbug.com/1206799): Check equality of whole host once Jobs are // separated by scheme/port. - DCHECK_EQ(GetHostname(key_.host), GetHostname(request->request_host())); + DCHECK_EQ(GetHostname(key_.host), + request->request_host().GetHostnameWithoutBrackets()); request->AssignJob(weak_ptr_factory_.GetSafeRef()); @@ -2246,7 +1859,8 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, void ChangeRequestPriority(RequestImpl* req, RequestPriority priority) { // TODO(crbug.com/1206799): Check equality of whole host once Jobs are // separated by scheme/port. - DCHECK_EQ(GetHostname(key_.host), GetHostname(req->request_host())); + DCHECK_EQ(GetHostname(key_.host), + req->request_host().GetHostnameWithoutBrackets()); priority_tracker_.Remove(req->priority()); req->set_priority(priority); @@ -2259,7 +1873,8 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, void CancelRequest(RequestImpl* request) { // TODO(crbug.com/1206799): Check equality of whole host once Jobs are // separated by scheme/port. - DCHECK_EQ(GetHostname(key_.host), GetHostname(request->request_host())); + DCHECK_EQ(GetHostname(key_.host), + request->request_host().GetHostnameWithoutBrackets()); DCHECK(!requests_.empty()); priority_tracker_.Remove(request->priority()); @@ -2297,14 +1912,13 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, weak_ptr_factory_.GetWeakPtr(), error, fallback_only); } - // Aborts or removes any current/future insecure DnsTasks if a ProcTask is - // available for fallback. If no fallback is available and |fallback_only| is - // false, a job that is currently running an insecure DnsTask will be - // completed with |error|. + // Aborts or removes any current/future insecure DnsTasks if a + // HostResolverSystemTask is available for fallback. If no fallback is + // available and |fallback_only| is false, a job that is currently running an + // insecure DnsTask will be completed with |error|. void AbortInsecureDnsTask(int error, bool fallback_only) { - bool has_proc_fallback = - std::find(tasks_.begin(), tasks_.end(), TaskType::PROC) != tasks_.end(); - if (has_proc_fallback) { + bool has_system_fallback = base::Contains(tasks_, TaskType::SYSTEM); + if (has_system_fallback) { for (auto it = tasks_.begin(); it != tasks_.end();) { if (*it == TaskType::DNS) it = tasks_.erase(it); @@ -2314,7 +1928,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } if (dns_task_ && !dns_task_->secure()) { - if (has_proc_fallback) { + if (has_system_fallback) { KillDnsTask(); dns_task_error_ = OK; RunNextTask(); @@ -2400,9 +2014,10 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, TaskType next_task = tasks_.front(); - // Schedule insecure DnsTasks and ProcTasks with the dispatcher. + // Schedule insecure DnsTasks and HostResolverSystemTasks with the + // dispatcher. if (!dispatched_ && - (next_task == TaskType::DNS || next_task == TaskType::PROC || + (next_task == TaskType::DNS || next_task == TaskType::SYSTEM || next_task == TaskType::MDNS)) { dispatched_ = true; job_running_ = false; @@ -2427,8 +2042,8 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, job_running_ = true; switch (next_task) { - case TaskType::PROC: - StartProcTask(); + case TaskType::SYSTEM: + StartSystemTask(); break; case TaskType::DNS: StartDnsTask(false /* secure */); @@ -2442,6 +2057,9 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, case TaskType::INSECURE_CACHE_LOOKUP: InsecureCacheLookup(); break; + case TaskType::NAT64: + StartNat64Task(); + break; case TaskType::SECURE_CACHE_LOOKUP: case TaskType::CACHE_LOOKUP: case TaskType::CONFIG_PRESET: @@ -2472,15 +2090,15 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, query_types_list.Append(kDnsQueryTypes.at(query_type)); dict.Set("dns_query_types", std::move(query_types_list)); dict.Set("secure_dns_mode", base::strict_cast<int>(key_.secure_dns_mode)); - dict.Set("network_isolation_key", - key_.network_isolation_key.ToDebugString()); + dict.Set("network_anonymization_key", + key_.network_anonymization_key.ToDebugString()); return base::Value(std::move(dict)); } void Finish() { if (is_running()) { // Clean up but don't run any callbacks. - proc_task_ = nullptr; + system_task_ = nullptr; KillDnsTask(); mdns_task_ = nullptr; job_running_ = false; @@ -2568,33 +2186,40 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, // the limits on |dispatcher_|. But in order to keep the number of // ThreadPool threads low, we will need to use an "inner" // PrioritizedDispatcher with tighter limits. - void StartProcTask() { + void StartSystemTask() { DCHECK(dispatched_); DCHECK_EQ(1, num_occupied_job_slots_); DCHECK(HasAddressType(key_.query_types)); - proc_task_ = std::make_unique<ProcTask>( + system_task_ = HostResolverSystemTask::Create( std::string(GetHostname(key_.host)), HostResolver::DnsQueryTypeSetToAddressFamily(key_.query_types), - key_.flags, resolver_->proc_params_, - base::BindOnce(&Job::OnProcTaskComplete, base::Unretained(this), - tick_clock_->NowTicks()), - proc_task_runner_, net_log_, tick_clock_, key_.GetTargetNetwork()); + key_.flags, resolver_->host_resolver_system_params_, net_log_, + key_.GetTargetNetwork()); // Start() could be called from within Resolve(), hence it must NOT directly - // call OnProcTaskComplete, for example, on synchronous failure. - proc_task_->Start(); + // call OnSystemTaskComplete, for example, on synchronous failure. + system_task_->Start(base::BindOnce(&Job::OnSystemTaskComplete, + base::Unretained(this), + tick_clock_->NowTicks())); } - // Called by ProcTask when it completes. - void OnProcTaskComplete(base::TimeTicks start_time, - int net_error, - const AddressList& addr_list) { - DCHECK(proc_task_); + // Called by HostResolverSystemTask when it completes. + void OnSystemTaskComplete(base::TimeTicks start_time, + const AddressList& addr_list, + int /*os_error*/, + int net_error) { + DCHECK(system_task_); + + base::TimeDelta duration = tick_clock_->NowTicks() - start_time; + if (net_error == OK) + UMA_HISTOGRAM_LONG_TIMES_100("Net.DNS.SystemTask.SuccessTime", duration); + else + UMA_HISTOGRAM_LONG_TIMES_100("Net.DNS.SystemTask.FailureTime", duration); if (dns_task_error_ != OK && net_error == OK) { - // This ProcTask was a fallback resolution after a failed insecure - // DnsTask. + // This HostResolverSystemTask was a fallback resolution after a failed + // insecure DnsTask. resolver_->OnFallbackResolve(dns_task_error_); } @@ -2843,6 +2468,23 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, CompleteRequestsWithError(rv); } + void StartNat64Task() { + DCHECK(!nat64_task_); + RequestImpl* req = requests_.head()->value(); + nat64_task_ = std::make_unique<HostResolverNat64Task>( + std::string{GetHostname(key_.host)}, req->network_anonymization_key(), + req->source_net_log(), req->resolve_context(), req->host_cache(), + resolver_); + nat64_task_->Start(base::BindOnce(&Job::OnNat64TaskComplete, + weak_ptr_factory_.GetWeakPtr())); + } + + void OnNat64TaskComplete() { + DCHECK(nat64_task_); + HostCache::Entry results = nat64_task_->GetResults(); + CompleteRequestsWithoutCache(results, absl::nullopt /* stale_info */); + } + void RecordJobHistograms(int error) { // Used in UMA_HISTOGRAM_ENUMERATION. Do not renumber entries or reuse // deprecated values. @@ -2954,7 +2596,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, if (results.error() == OK && !req->parameters().is_speculative) { req->set_results( - results.CopyWithDefaultPort(GetPort(req->request_host()))); + results.CopyWithDefaultPort(req->request_host().GetPort())); } req->OnJobCompleted( key_, results.error(), @@ -3029,9 +2671,6 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, // Tracks the highest priority across |requests_|. PriorityTracker priority_tracker_; - // Task runner used for HostResolverProc. - scoped_refptr<base::TaskRunner> proc_task_runner_; - bool had_non_speculative_request_ = false; // Number of slots occupied by this Job in |dispatcher_|. Should be 0 when @@ -3051,8 +2690,9 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, NetLogWithSource net_log_; - // Resolves the host using a HostResolverProc. - std::unique_ptr<ProcTask> proc_task_; + // Resolves the host using the system DNS resolver, which can be overridden + // for tests. + std::unique_ptr<HostResolverSystemTask> system_task_; // Resolves the host using a DnsTransaction. std::unique_ptr<DnsTask> dns_task_; @@ -3060,6 +2700,9 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, // Resolves the host using MDnsClient. std::unique_ptr<HostResolverMdnsTask> mdns_task_; + // Perform NAT64 address synthesis to a given IPv4 literal. + std::unique_ptr<HostResolverNat64Task> nat64_task_; + // All Requests waiting for the result of this Job. Some can be canceled. base::LinkedList<RequestImpl> requests_; @@ -3092,7 +2735,7 @@ HostResolverManager::HostResolverManager( SystemDnsConfigChangeNotifier* system_dns_config_notifier, handles::NetworkHandle target_network, NetLog* net_log) - : proc_params_(nullptr, options.max_system_retry_attempts), + : host_resolver_system_params_(nullptr, options.max_system_retry_attempts), net_log_(net_log), system_dns_config_notifier_(system_dns_config_notifier), target_network_(target_network), @@ -3108,10 +2751,6 @@ HostResolverManager::HostResolverManager( DCHECK_GE(dispatcher_->num_priorities(), static_cast<size_t>(NUM_PRIORITIES)); - proc_task_runner_ = base::ThreadPool::CreateTaskRunner( - {base::MayBlock(), priority_mode.Get(), - base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN}); - #if BUILDFLAG(IS_WIN) EnsureWinsockInit(); #endif @@ -3126,10 +2765,7 @@ HostResolverManager::HostResolverManager( } if (system_dns_config_notifier_) system_dns_config_notifier_->AddObserver(this); -#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_APPLE) && !BUILDFLAG(IS_OPENBSD) && \ - !BUILDFLAG(IS_ANDROID) - EnsureDnsReloaderInit(); -#endif + EnsureSystemHostResolverCallReady(); auto connection_type = IsBoundToNetwork() @@ -3147,7 +2783,7 @@ HostResolverManager::HostResolverManager( DCHECK(options.dns_config_overrides == DnsConfigOverrides()); #endif - allow_fallback_to_proctask_ = !ConfigureAsyncDnsNoFallbackFieldTrial(); + allow_fallback_to_systemtask_ = !ConfigureAsyncDnsNoFallbackFieldTrial(); } HostResolverManager::~HostResolverManager() { @@ -3185,8 +2821,22 @@ HostResolverManager::CreateNetworkBoundHostResolverManager( std::unique_ptr<HostResolver::ResolveHostRequest> HostResolverManager::CreateRequest( + absl::variant<url::SchemeHostPort, HostPortPair> host, + NetworkAnonymizationKey network_anonymization_key, + NetLogWithSource net_log, + absl::optional<ResolveHostParameters> optional_parameters, + ResolveContext* resolve_context, + HostCache* host_cache) { + return CreateRequest(HostResolver::Host(std::move(host)), + std::move(network_anonymization_key), std::move(net_log), + std::move(optional_parameters), resolve_context, + host_cache); +} + +std::unique_ptr<HostResolver::ResolveHostRequest> +HostResolverManager::CreateRequest( HostResolver::Host host, - NetworkIsolationKey network_isolation_key, + NetworkAnonymizationKey network_anonymization_key, NetLogWithSource net_log, absl::optional<ResolveHostParameters> optional_parameters, ResolveContext* resolve_context, @@ -3200,7 +2850,7 @@ HostResolverManager::CreateRequest( DCHECK(registered_contexts_.HasObserver(resolve_context)); return std::make_unique<RequestImpl>( - std::move(net_log), std::move(host), std::move(network_isolation_key), + std::move(net_log), std::move(host), std::move(network_anonymization_key), std::move(optional_parameters), resolve_context->GetWeakPtr(), host_cache, weak_ptr_factory_.GetWeakPtr(), tick_clock_); } @@ -3358,11 +3008,6 @@ void HostResolverManager::SetLastIPv6ProbeResultForTesting( SetLastIPv6ProbeResult(last_ipv6_probe_result); } -void HostResolverManager::SetTaskRunnerForTesting( - scoped_refptr<base::TaskRunner> task_runner) { - proc_task_runner_ = std::move(task_runner); -} - // static bool HostResolverManager::IsLocalTask(TaskType task) { switch (task) { @@ -3395,7 +3040,7 @@ int HostResolverManager::Resolve(RequestImpl* request) { job_key.host = CreateHostForJobKey(request->request_host(), parameters.dns_query_type, https_svcb_options_.enable); - job_key.network_isolation_key = request->network_isolation_key(); + job_key.network_anonymization_key = request->network_anonymization_key(); job_key.source = parameters.source; IPAddress ip_address; @@ -3410,13 +3055,14 @@ int HostResolverManager::Resolve(RequestImpl* request) { absl::optional<HostCache::EntryStaleness> stale_info; HostCache::Entry results = ResolveLocally( job_key, ip_address, parameters.cache_usage, parameters.secure_dns_policy, - request->source_net_log(), request->host_cache(), &tasks, &stale_info); + parameters.source, request->source_net_log(), request->host_cache(), + &tasks, &stale_info); if (results.error() != ERR_DNS_CACHE_MISS || request->parameters().source == HostResolverSource::LOCAL_ONLY || tasks.empty()) { if (results.error() == OK && !request->parameters().is_speculative) { request->set_results( - results.CopyWithDefaultPort(GetPort(request->request_host()))); + results.CopyWithDefaultPort(request->request_host().GetPort())); } if (stale_info && !request->parameters().is_speculative) request->set_stale_info(std::move(stale_info).value()); @@ -3434,6 +3080,7 @@ HostCache::Entry HostResolverManager::ResolveLocally( const IPAddress& ip_address, ResolveHostParameters::CacheUsage cache_usage, SecureDnsPolicy secure_dns_policy, + HostResolverSource source, const NetLogWithSource& source_net_log, HostCache* cache, std::deque<TaskType>* out_tasks, @@ -3471,8 +3118,19 @@ HostCache::Entry HostResolverManager::ResolveLocally( HostCache::Entry::SOURCE_UNKNOWN); } - if (ip_address.IsValid()) + if (ip_address.IsValid()) { + // Use NAT64Task for IPv4 literal when the network is IPv6 only. + if (!default_family_due_to_no_ipv6 && ip_address.IsIPv4() && + base::FeatureList::IsEnabled(features::kUseNAT64ForIPv4Literal) && + !IsGloballyReachable(IPAddress(ip_address), source_net_log) && + source != HostResolverSource::LOCAL_ONLY) { + out_tasks->push_front(TaskType::NAT64); + return HostCache::Entry(ERR_DNS_CACHE_MISS, + HostCache::Entry::SOURCE_UNKNOWN); + } + return ResolveAsIP(job_key.query_types, resolve_canonname, ip_address); + } // Special-case localhost names, as per the recommendations in // https://tools.ietf.org/html/draft-west-let-localhost-be-localhost. @@ -3562,10 +3220,10 @@ HostResolverManager::Job* HostResolverManager::AddJobWithoutRequest( std::deque<TaskType> tasks, RequestPriority priority, const NetLogWithSource& source_net_log) { - auto new_job = std::make_unique<Job>( - weak_ptr_factory_.GetWeakPtr(), key, cache_usage, host_cache, - std::move(tasks), priority, proc_task_runner_, source_net_log, - tick_clock_, https_svcb_options_); + auto new_job = + std::make_unique<Job>(weak_ptr_factory_.GetWeakPtr(), key, cache_usage, + host_cache, std::move(tasks), priority, + source_net_log, tick_clock_, https_svcb_options_); auto insert_result = jobs_.emplace(std::move(key), std::move(new_job)); auto& iterator = insert_result.first; bool is_new = insert_result.second; @@ -3685,7 +3343,7 @@ absl::optional<HostCache::Entry> HostResolverManager::ServeFromHosts( // Don't attempt a HOSTS lookup if there is no DnsConfig or the HOSTS lookup // is going to be done next as part of a system lookup. if (!dns_client_ || !HasAddressType(query_types) || - (!tasks.empty() && tasks.front() == TaskType::PROC)) + (!tasks.empty() && tasks.front() == TaskType::SYSTEM)) return absl::nullopt; const DnsHosts* hosts = dns_client_->GetHosts(); @@ -3810,11 +3468,12 @@ bool HostResolverManager::ShouldForceSystemResolverDueToTestOverride() const { &IPEndPoint::address)) << "Test could query a publicly-routable address."; } - return !proc_params_.resolver_proc && HostResolverProc::GetDefault() && + return !host_resolver_system_params_.resolver_proc && + HostResolverProc::GetDefault() && !system_resolver_disabled_for_testing_; } -void HostResolverManager::PushDnsTasks(bool proc_task_allowed, +void HostResolverManager::PushDnsTasks(bool system_task_allowed, SecureDnsMode secure_dns_mode, bool insecure_tasks_allowed, bool allow_cache, @@ -3884,9 +3543,9 @@ void HostResolverManager::PushDnsTasks(bool proc_task_allowed, base::ranges::find_first_of(*out_tasks, kWantTasks) == out_tasks->end(); // The system resolver can be used as a fallback for a non-existent or // failing DnsTask if allowed by the request parameters. - if (proc_task_allowed && - (no_dns_or_secure_tasks || allow_fallback_to_proctask_)) - out_tasks->push_back(TaskType::PROC); + if (system_task_allowed && + (no_dns_or_secure_tasks || allow_fallback_to_systemtask_)) + out_tasks->push_back(TaskType::SYSTEM); } void HostResolverManager::CreateTaskSequence( @@ -3924,41 +3583,42 @@ void HostResolverManager::CreateTaskSequence( switch (job_key.source) { case HostResolverSource::ANY: - // Force address queries with canonname to use ProcTask to counter poor - // CNAME support in DnsTask. See https://crbug.com/872665 + // Force address queries with canonname to use HostResolverSystemTask to + // counter poor CNAME support in DnsTask. See https://crbug.com/872665 // - // Otherwise, default to DnsTask (with allowed fallback to ProcTask for - // address queries). But if hostname appears to be an MDNS name (ends in - // *.local), go with ProcTask for address queries and MdnsTask for non- - // address queries. + // Otherwise, default to DnsTask (with allowed fallback to + // HostResolverSystemTask for address queries). But if hostname appears to + // be an MDNS name (ends in *.local), go with HostResolverSystemTask for + // address queries and MdnsTask for non- address queries. if ((job_key.flags & HOST_RESOLVER_CANONNAME) && has_address_type) { - out_tasks->push_back(TaskType::PROC); + out_tasks->push_back(TaskType::SYSTEM); } else if (!ResemblesMulticastDNSName(GetHostname(job_key.host))) { - bool proc_task_allowed = has_address_type && job_key.secure_dns_mode != - SecureDnsMode::kSecure; + bool system_task_allowed = + has_address_type && + job_key.secure_dns_mode != SecureDnsMode::kSecure; if (dns_client_ && dns_client_->GetEffectiveConfig()) { bool insecure_allowed = dns_client_->CanUseInsecureDnsTransactions() && !dns_client_->FallbackFromInsecureTransactionPreferred() && (has_address_type || dns_client_->CanQueryAdditionalTypesViaInsecureDns()); - PushDnsTasks(proc_task_allowed, job_key.secure_dns_mode, + PushDnsTasks(system_task_allowed, job_key.secure_dns_mode, insecure_allowed, allow_cache, prioritize_local_lookups, &*job_key.resolve_context, out_tasks); - } else if (proc_task_allowed) { - out_tasks->push_back(TaskType::PROC); + } else if (system_task_allowed) { + out_tasks->push_back(TaskType::SYSTEM); } } else if (has_address_type) { // For *.local address queries, try the system resolver even if the // secure dns mode is SECURE. Public recursive resolvers aren't expected // to handle these queries. - out_tasks->push_back(TaskType::PROC); + out_tasks->push_back(TaskType::SYSTEM); } else { out_tasks->push_back(TaskType::MDNS); } break; case HostResolverSource::SYSTEM: - out_tasks->push_back(TaskType::PROC); + out_tasks->push_back(TaskType::SYSTEM); break; case HostResolverSource::DNS: if (dns_client_ && dns_client_->GetEffectiveConfig()) { @@ -3966,7 +3626,7 @@ void HostResolverManager::CreateTaskSequence( dns_client_->CanUseInsecureDnsTransactions() && (has_address_type || dns_client_->CanQueryAdditionalTypesViaInsecureDns()); - PushDnsTasks(false /* proc_task_allowed */, job_key.secure_dns_mode, + PushDnsTasks(false /* system_task_allowed */, job_key.secure_dns_mode, insecure_allowed, allow_cache, prioritize_local_lookups, &*job_key.resolve_context, out_tasks); } @@ -4036,13 +3696,6 @@ void HostResolverManager::GetEffectiveParametersForRequest( url::kHttpScheme, url::kHttpsScheme, url::kWsScheme, url::kWssScheme}; if (base::Contains(kSchemesForHttpsQuery, GetScheme(host))) effective_types.Put(DnsQueryType::HTTPS); - } else if (base::FeatureList::IsEnabled(features::kDnsHttpssvc) && - (httpssvc_domain_cache_.IsExperimental(GetHostname(host)) || - httpssvc_domain_cache_.IsControl(GetHostname(host)))) { - if (features::kDnsHttpssvcUseIntegrity.Get()) - effective_types.Put(DnsQueryType::INTEGRITY); - if (features::kDnsHttpssvcUseHttpssvc.Get()) - effective_types.Put(DnsQueryType::HTTPS_EXPERIMENTAL); } *out_effective_types = effective_types; @@ -4102,18 +3755,16 @@ bool HostResolverManager::IsGloballyReachable(const IPAddress& dest, rv = socket->GetLocalAddress(&endpoint); if (rv != OK) return false; - DCHECK_EQ(ADDRESS_FAMILY_IPV6, endpoint.GetFamily()); const IPAddress& address = endpoint.address(); - bool is_link_local = - (address.bytes()[0] == 0xFE) && ((address.bytes()[1] & 0xC0) == 0x80); - if (is_link_local) - return false; - - const uint8_t kTeredoPrefix[] = {0x20, 0x01, 0, 0}; - if (IPAddressStartsWith(address, kTeredoPrefix)) + if (address.IsLinkLocal()) return false; + if (address.IsIPv6()) { + const uint8_t kTeredoPrefix[] = {0x20, 0x01, 0, 0}; + if (IPAddressStartsWith(address, kTeredoPrefix)) + return false; + } return true; } @@ -4290,7 +3941,7 @@ void HostResolverManager::OnFallbackResolve(int dns_task_error) { dns_client_->IncrementInsecureFallbackFailures(); // If DnsClient became not preferred, fallback all fallback-allowed insecure - // DnsTasks to ProcTasks. + // DnsTasks to HostResolverSystemTasks. if (dns_client_->FallbackFromInsecureTransactionPreferred()) AbortInsecureDnsTasks(ERR_FAILED, true /* fallback_only */); } @@ -4345,10 +3996,10 @@ void HostResolverManager::InvalidateCaches(bool network_change) { void HostResolverManager::UpdateConnectionType( NetworkChangeNotifier::ConnectionType type) { - proc_params_.unresponsive_delay = + host_resolver_system_params_.unresponsive_delay = GetTimeDeltaForConnectionTypeFromFieldTrialOrDefault( "DnsUnresponsiveDelayMsByConnectionType", - ProcTaskParams::kDnsDefaultUnresponsiveDelay, type); + HostResolverSystemTask::Params::kDnsDefaultUnresponsiveDelay, type); // Note that NetworkChangeNotifier always sends a CONNECTION_NONE notification // before non-NONE notifications. This check therefore just ensures each |