Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / e22e37cefff8de4356e6c41ace7555af26582cea / . / dns-proxy / proxy_test.cc
blob: 1d71bd97bd1f4891765eb338d37496a5eaf99820 [file] [log] [blame]
// Copyright 2021 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "dns-proxy/proxy.h"
#include <fcntl.h>
#include <linux/rtnetlink.h>
#include <sys/stat.h>
#include <memory>
#include <utility>
#include <vector>
#include <chromeos/patchpanel/net_util.h>
#include <chromeos/patchpanel/dbus/fake_client.h>
#include <dbus/mock_bus.h>
#include <dbus/mock_object_proxy.h>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include <shill/dbus/client/fake_client.h>
#include <shill/dbus-constants.h>
#include <shill/dbus-proxy-mocks.h>
#include <shill/net/rtnl_handler.h>
using testing::ElementsAreArray;
namespace dns_proxy {
namespace {
constexpr base::TimeDelta kRequestTimeout = base::TimeDelta::FromSeconds(10000);
constexpr base::TimeDelta kRequestRetryDelay =
base::TimeDelta::FromMilliseconds(200);
constexpr int32_t kRequestMaxRetry = 1;
int make_fd() {
std::string fn(
::testing::UnitTest::GetInstance()->current_test_info()->name());
fn = "/tmp/" + fn;
return open(fn.c_str(), O_CREAT, 0600);
}
} // namespace
using org::chromium::flimflam::ManagerProxyInterface;
using org::chromium::flimflam::ManagerProxyMock;
using testing::_;
using testing::ByMove;
using testing::DoAll;
using testing::IsEmpty;
using testing::Return;
using testing::SetArgPointee;
using testing::StrEq;
class FakeShillClient : public shill::FakeClient {
public:
FakeShillClient(scoped_refptr<dbus::Bus> bus,
ManagerProxyInterface* manager_proxy)
: shill::FakeClient(bus), manager_proxy_(manager_proxy) {}
std::unique_ptr<shill::Client::ManagerPropertyAccessor> ManagerProperties(
const base::TimeDelta& timeout) const override {
return std::make_unique<shill::Client::ManagerPropertyAccessor>(
manager_proxy_);
}
std::unique_ptr<shill::Client::Device> DefaultDevice(
bool exclude_vpn) override {
return std::move(default_device_);
}
ManagerProxyInterface* GetManagerProxy() const override {
return manager_proxy_;
}
std::unique_ptr<shill::Client::Device> default_device_;
private:
ManagerProxyInterface* manager_proxy_;
};
class FakePatchpanelClient : public patchpanel::FakeClient {
public:
FakePatchpanelClient() = default;
~FakePatchpanelClient() = default;
void SetConnectNamespaceResult(
int fd, const patchpanel::ConnectNamespaceResponse& resp) {
ns_fd_ = fd;
ns_resp_ = resp;
}
std::pair<base::ScopedFD, patchpanel::ConnectNamespaceResponse>
ConnectNamespace(pid_t pid,
const std::string& outbound_ifname,
bool forward_user_traffic,
bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) override {
ns_ifname_ = outbound_ifname;
ns_rvpn_ = route_on_vpn;
ns_ts_ = traffic_source;
return {base::ScopedFD(ns_fd_), ns_resp_};
}
base::ScopedFD RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::RuleType,
const std::string&,
const std::string&,
const std::vector<std::string>&) override {
return base::ScopedFD(make_fd());
}
std::string ns_ifname_;
bool ns_rvpn_;
patchpanel::TrafficCounter::Source ns_ts_;
int ns_fd_;
patchpanel::ConnectNamespaceResponse ns_resp_;
};
class FakeFeaturesClient : public ChromeFeaturesServiceClient {
public:
explicit FakeFeaturesClient(bool enabled)
: ChromeFeaturesServiceClient(nullptr), enabled_(enabled) {}
void IsDNSProxyEnabled(
ChromeFeaturesServiceClient::IsFeatureEnabledCallback callback) override {
is_dnsproxy_enabled_called = true;
std::move(callback).Run(enabled_);
}
bool is_dnsproxy_enabled_called{false};
private:
bool enabled_;
};
class FakeSessionMonitor : public SessionMonitor {
public:
explicit FakeSessionMonitor(scoped_refptr<dbus::Bus> bus)
: SessionMonitor(bus) {}
void Login() { OnSessionStateChanged("started"); }
void Logout() { OnSessionStateChanged("stopping"); }
};
class MockPatchpanelClient : public patchpanel::Client {
public:
MockPatchpanelClient() = default;
~MockPatchpanelClient() = default;
MOCK_METHOD(void,
RegisterOnAvailableCallback,
(base::RepeatingCallback<void(bool)>),
(override));
MOCK_METHOD(void,
RegisterProcessChangedCallback,
(base::RepeatingCallback<void(bool)>),
(override));
MOCK_METHOD(bool, NotifyArcStartup, (pid_t), (override));
MOCK_METHOD(bool, NotifyArcShutdown, (), (override));
MOCK_METHOD(std::vector<patchpanel::NetworkDevice>,
NotifyArcVmStartup,
(uint32_t),
(override));
MOCK_METHOD(bool, NotifyArcVmShutdown, (uint32_t), (override));
MOCK_METHOD(bool,
NotifyTerminaVmStartup,
(uint32_t, patchpanel::NetworkDevice*, patchpanel::IPv4Subnet*),
(override));
MOCK_METHOD(bool, NotifyTerminaVmShutdown, (uint32_t), (override));
MOCK_METHOD(bool,
NotifyPluginVmStartup,
(uint64_t, int, patchpanel::NetworkDevice*),
(override));
MOCK_METHOD(bool, NotifyPluginVmShutdown, (uint64_t), (override));
MOCK_METHOD(bool, DefaultVpnRouting, (int), (override));
MOCK_METHOD(bool, RouteOnVpn, (int), (override));
MOCK_METHOD(bool, BypassVpn, (int), (override));
MOCK_METHOD((std::pair<base::ScopedFD, patchpanel::ConnectNamespaceResponse>),
ConnectNamespace,
(pid_t pid,
const std::string& outbound_ifname,
bool forward_user_traffic,
bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source),
(override));
MOCK_METHOD(void,
GetTrafficCounters,
(const std::set<std::string>&, GetTrafficCountersCallback),
(override));
MOCK_METHOD(bool,
ModifyPortRule,
(patchpanel::ModifyPortRuleRequest::Operation,
patchpanel::ModifyPortRuleRequest::RuleType,
patchpanel::ModifyPortRuleRequest::Protocol,
const std::string&,
const std::string&,
uint32_t,
const std::string&,
uint32_t),
(override));
MOCK_METHOD(base::ScopedFD,
RedirectDns,
(patchpanel::SetDnsRedirectionRuleRequest::RuleType,
const std::string&,
const std::string&,
const std::vector<std::string>&),
(override));
MOCK_METHOD(std::vector<patchpanel::NetworkDevice>,
GetDevices,
(),
(override));
MOCK_METHOD(void,
RegisterNetworkDeviceChangedSignalHandler,
(NetworkDeviceChangedSignalHandler),
(override));
MOCK_METHOD(void,
RegisterNeighborReachabilityEventHandler,
(NeighborReachabilityEventHandler),
(override));
MOCK_METHOD(bool, SetVpnLockdown, (bool), (override));
};
class MockResolver : public Resolver {
public:
MockResolver()
: Resolver(kRequestTimeout, kRequestRetryDelay, kRequestMaxRetry) {}
~MockResolver() = default;
MOCK_METHOD(bool, ListenUDP, (struct sockaddr*), (override));
MOCK_METHOD(bool, ListenTCP, (struct sockaddr*), (override));
MOCK_METHOD(void,
SetNameServers,
(const std::vector<std::string>&),
(override));
MOCK_METHOD(void,
SetDoHProviders,
(const std::vector<std::string>&, bool),
(override));
};
class TestProxy : public Proxy {
public:
TestProxy(const Options& opts,
std::unique_ptr<patchpanel::Client> patchpanel,
std::unique_ptr<shill::Client> shill)
: Proxy(opts, std::move(patchpanel), std::move(shill)) {}
std::unique_ptr<Resolver> resolver;
std::unique_ptr<Resolver> NewResolver(base::TimeDelta timeout,
base::TimeDelta retry_delay,
int max_num_retries) override {
return std::move(resolver);
}
};
class ProxyTest : public ::testing::Test {
protected:
ProxyTest()
: mock_bus_(new dbus::MockBus{dbus::Bus::Options{}}),
mock_proxy_(new dbus::MockObjectProxy(mock_bus_.get(),
shill::kFlimflamServiceName,
dbus::ObjectPath("/"))) {}
~ProxyTest() { mock_bus_->ShutdownAndBlock(); }
void SetUp() override {
EXPECT_CALL(*mock_bus_, GetObjectProxy(_, _))
.WillRepeatedly(Return(mock_proxy_.get()));
}
std::unique_ptr<FakePatchpanelClient> PatchpanelClient() const {
return std::make_unique<FakePatchpanelClient>();
}
std::unique_ptr<FakeShillClient> ShillClient() const {
return std::make_unique<FakeShillClient>(
mock_bus_, reinterpret_cast<ManagerProxyInterface*>(
const_cast<ManagerProxyMock*>(&mock_manager_)));
}
protected:
scoped_refptr<dbus::MockBus> mock_bus_;
scoped_refptr<dbus::MockObjectProxy> mock_proxy_;
ManagerProxyMock mock_manager_;
};
TEST_F(ProxyTest, SystemProxy_OnShutdownClearsAddressPropertyOnShill) {
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(StrEq(""), _, _))
.WillOnce(Return(true));
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
int unused;
proxy.shill_ready_ = true;
proxy.OnShutdown(&unused);
}
TEST_F(ProxyTest, NonSystemProxy_OnShutdownDoesNotCallShill) {
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _)).Times(0);
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, PatchpanelClient(),
ShillClient());
int unused;
proxy.shill_ready_ = true;
proxy.OnShutdown(&unused);
}
TEST_F(ProxyTest, SystemProxy_SetShillPropertyDoesntCrashIfDieFalse) {
::testing::FLAGS_gtest_death_test_style = "threadsafe";
EXPECT_CALL(mock_manager_, SetProperty(_, _, _, _)).Times(0);
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.shill_ready_ = true;
proxy.SetShillProperty("10.10.10.10", false, 0);
}
TEST_F(ProxyTest, ShillInitializedWhenReady) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.OnShillReady(true);
EXPECT_TRUE(proxy.shill_ready_);
}
TEST_F(ProxyTest, SystemProxy_ConnectedNamedspace) {
auto pp = PatchpanelClient();
auto* pp_ptr = pp.get();
pp->SetConnectNamespaceResult(make_fd(),
patchpanel::ConnectNamespaceResponse());
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, std::move(pp),
ShillClient());
proxy.OnPatchpanelReady(true);
EXPECT_TRUE(pp_ptr->ns_ifname_.empty());
EXPECT_FALSE(pp_ptr->ns_rvpn_);
EXPECT_EQ(pp_ptr->ns_ts_, patchpanel::TrafficCounter::SYSTEM);
}
TEST_F(ProxyTest, DefaultProxy_ConnectedNamedspace) {
auto pp = PatchpanelClient();
auto* pp_ptr = pp.get();
pp->SetConnectNamespaceResult(make_fd(),
patchpanel::ConnectNamespaceResponse());
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(pp),
ShillClient());
proxy.OnPatchpanelReady(true);
EXPECT_TRUE(pp_ptr->ns_ifname_.empty());
EXPECT_TRUE(pp_ptr->ns_rvpn_);
EXPECT_EQ(pp_ptr->ns_ts_, patchpanel::TrafficCounter::USER);
}
TEST_F(ProxyTest, ArcProxy_ConnectedNamedspace) {
auto pp = PatchpanelClient();
auto* pp_ptr = pp.get();
pp->SetConnectNamespaceResult(make_fd(),
patchpanel::ConnectNamespaceResponse());
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "eth0"},
std::move(pp), ShillClient());
proxy.OnPatchpanelReady(true);
EXPECT_EQ(pp_ptr->ns_ifname_, "eth0");
EXPECT_FALSE(pp_ptr->ns_rvpn_);
EXPECT_EQ(pp_ptr->ns_ts_, patchpanel::TrafficCounter::ARC);
}
TEST_F(ProxyTest, ShillResetRestoresAddressProperty) {
auto pp = PatchpanelClient();
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
pp->SetConnectNamespaceResult(make_fd(), resp);
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, std::move(pp),
ShillClient());
proxy.OnPatchpanelReady(true);
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(StrEq("10.10.10.10"), _, _))
.WillOnce(Return(true));
proxy.shill_ready_ = true;
proxy.OnShillReset(true);
}
TEST_F(ProxyTest, StateClearedIfDefaultServiceDrops) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.OnDefaultDeviceChanged(nullptr /* no service */);
EXPECT_FALSE(proxy.device_);
EXPECT_FALSE(proxy.resolver_);
}
TEST_F(ProxyTest, ArcProxy_IgnoredIfDefaultServiceDrops) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.OnDefaultDeviceChanged(nullptr /* no service */);
EXPECT_TRUE(proxy.device_);
EXPECT_TRUE(proxy.resolver_);
}
TEST_F(ProxyTest, StateClearedIfDefaultServiceIsNotOnline) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
proxy.resolver_ = std::make_unique<MockResolver>();
shill::Client::Device dev;
dev.state = shill::Client::Device::ConnectionState::kReady;
proxy.OnDefaultDeviceChanged(&dev);
EXPECT_FALSE(proxy.device_);
EXPECT_FALSE(proxy.resolver_);
}
TEST_F(ProxyTest, NewResolverStartsListeningOnDefaultServiceComesOnline) {
TestProxy proxy(Proxy::Options{.type = Proxy::Type::kDefault},
PatchpanelClient(), ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver = std::move(resolver);
shill::Client::Device dev;
dev.state = shill::Client::Device::ConnectionState::kOnline;
EXPECT_CALL(*mock_resolver, ListenUDP(_)).WillOnce(Return(true));
EXPECT_CALL(*mock_resolver, ListenTCP(_)).WillOnce(Return(true));
brillo::VariantDictionary props;
EXPECT_CALL(mock_manager_, GetProperties(_, _, _))
.WillOnce(DoAll(SetArgPointee<0>(props), Return(true)));
proxy.OnDefaultDeviceChanged(&dev);
EXPECT_TRUE(proxy.resolver_);
}
TEST_F(ProxyTest, NameServersUpdatedOnDefaultServiceComesOnline) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device dev;
dev.state = shill::Client::Device::ConnectionState::kOnline;
dev.ipconfig.ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4"};
dev.ipconfig.ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
// Doesn't call listen since the resolver already exists.
EXPECT_CALL(*mock_resolver, ListenUDP(_)).Times(0);
EXPECT_CALL(*mock_resolver, ListenTCP(_)).Times(0);
EXPECT_CALL(*mock_resolver,
SetNameServers(ElementsAre(StrEq("8.8.8.8"), StrEq("8.8.4.4"),
StrEq("2001:4860:4860::8888"),
StrEq("2001:4860:4860::8844"))));
proxy.OnDefaultDeviceChanged(&dev);
}
TEST_F(ProxyTest, SystemProxy_ShillPropertyUpdatedOnDefaultServiceComesOnline) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.shill_ready_ = true;
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device dev;
dev.state = shill::Client::Device::ConnectionState::kOnline;
EXPECT_CALL(*mock_resolver, SetNameServers(_));
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _))
.WillOnce(Return(true));
proxy.OnDefaultDeviceChanged(&dev);
}
TEST_F(ProxyTest, SystemProxy_IgnoresVPN) {
TestProxy proxy(Proxy::Options{.type = Proxy::Type::kSystem},
PatchpanelClient(), ShillClient());
proxy.shill_ready_ = true;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
ON_CALL(*mock_resolver, ListenUDP(_)).WillByDefault(Return(true));
ON_CALL(*mock_resolver, ListenTCP(_)).WillByDefault(Return(true));
brillo::VariantDictionary props;
EXPECT_CALL(mock_manager_, GetProperties(_, _, _))
.WillOnce(DoAll(SetArgPointee<0>(props), Return(true)));
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _))
.WillOnce(Return(true));
proxy.resolver = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device dev;
dev.type = shill::Client::Device::Type::kWifi;
dev.state = shill::Client::Device::ConnectionState::kOnline;
proxy.OnDefaultDeviceChanged(&dev);
EXPECT_TRUE(proxy.device_);
EXPECT_EQ(proxy.device_->type, shill::Client::Device::Type::kWifi);
dev.type = shill::Client::Device::Type::kVPN;
proxy.OnDefaultDeviceChanged(&dev);
EXPECT_TRUE(proxy.device_);
EXPECT_EQ(proxy.device_->type, shill::Client::Device::Type::kWifi);
}
TEST_F(ProxyTest, SystemProxy_GetsPhysicalDeviceOnInitialVPN) {
auto shill = ShillClient();
auto* shill_ptr = shill.get();
TestProxy proxy(Proxy::Options{.type = Proxy::Type::kSystem},
PatchpanelClient(), std::move(shill));
proxy.shill_ready_ = true;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
ON_CALL(*mock_resolver, ListenUDP(_)).WillByDefault(Return(true));
ON_CALL(*mock_resolver, ListenTCP(_)).WillByDefault(Return(true));
brillo::VariantDictionary props;
EXPECT_CALL(mock_manager_, GetProperties(_, _, _))
.WillOnce(DoAll(SetArgPointee<0>(props), Return(true)));
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _))
.WillOnce(Return(true));
proxy.resolver = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device vpn;
vpn.type = shill::Client::Device::Type::kVPN;
vpn.state = shill::Client::Device::ConnectionState::kOnline;
shill_ptr->default_device_ = std::make_unique<shill::Client::Device>();
shill_ptr->default_device_->type = shill::Client::Device::Type::kWifi;
shill_ptr->default_device_->state =
shill::Client::Device::ConnectionState::kOnline;
proxy.OnDefaultDeviceChanged(&vpn);
EXPECT_TRUE(proxy.device_);
EXPECT_EQ(proxy.device_->type, shill::Client::Device::Type::kWifi);
}
TEST_F(ProxyTest, DefaultProxy_UsesVPN) {
TestProxy proxy(Proxy::Options{.type = Proxy::Type::kDefault},
PatchpanelClient(), ShillClient());
proxy.shill_ready_ = true;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
ON_CALL(*mock_resolver, ListenUDP(_)).WillByDefault(Return(true));
ON_CALL(*mock_resolver, ListenTCP(_)).WillByDefault(Return(true));
brillo::VariantDictionary props;
EXPECT_CALL(mock_manager_, GetProperties(_, _, _))
.WillOnce(DoAll(SetArgPointee<0>(props), Return(true)));
proxy.resolver = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device dev;
dev.type = shill::Client::Device::Type::kWifi;
dev.state = shill::Client::Device::ConnectionState::kOnline;
proxy.OnDefaultDeviceChanged(&dev);
EXPECT_TRUE(proxy.device_);
EXPECT_EQ(proxy.device_->type, shill::Client::Device::Type::kWifi);
dev.type = shill::Client::Device::Type::kVPN;
proxy.OnDefaultDeviceChanged(&dev);
EXPECT_TRUE(proxy.device_);
EXPECT_EQ(proxy.device_->type, shill::Client::Device::Type::kVPN);
}
TEST_F(ProxyTest, ArcProxy_NameServersUpdatedOnDeviceChangeEvent) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "wlan0"},
PatchpanelClient(), ShillClient());
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device dev;
dev.ifname = "wlan0";
dev.state = shill::Client::Device::ConnectionState::kOnline;
dev.ipconfig.ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4"};
dev.ipconfig.ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
// Doesn't call listen since the resolver already exists.
EXPECT_CALL(*mock_resolver, ListenUDP(_)).Times(0);
EXPECT_CALL(*mock_resolver, ListenTCP(_)).Times(0);
EXPECT_CALL(*mock_resolver,
SetNameServers(ElementsAre(StrEq("8.8.8.8"), StrEq("8.8.4.4"),
StrEq("2001:4860:4860::8888"),
StrEq("2001:4860:4860::8844"))));
proxy.OnDeviceChanged(&dev);
// Verify it only applies changes for the correct interface.
dev.ifname = "eth0";
dev.ipconfig.ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4", "1.1.1.1"};
EXPECT_CALL(*mock_resolver, SetNameServers(_)).Times(0);
proxy.OnDeviceChanged(&dev);
dev.ifname = "wlan0";
dev.ipconfig.ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4", "1.1.1.1"};
dev.ipconfig.ipv6_dns_addresses.clear();
EXPECT_CALL(*mock_resolver,
SetNameServers(ElementsAre(StrEq("8.8.8.8"), StrEq("8.8.4.4"),
StrEq("1.1.1.1"))));
proxy.OnDeviceChanged(&dev);
}
TEST_F(ProxyTest, SystemProxy_NameServersUpdatedOnDeviceChangeEvent) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.shill_ready_ = true;
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device dev;
dev.state = shill::Client::Device::ConnectionState::kOnline;
dev.ipconfig.ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4"};
dev.ipconfig.ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
// Doesn't call listen since the resolver already exists.
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _))
.WillOnce(Return(true));
EXPECT_CALL(*mock_resolver, ListenUDP(_)).Times(0);
EXPECT_CALL(*mock_resolver, ListenTCP(_)).Times(0);
EXPECT_CALL(*mock_resolver,
SetNameServers(ElementsAre(StrEq("8.8.8.8"), StrEq("8.8.4.4"),
StrEq("2001:4860:4860::8888"),
StrEq("2001:4860:4860::8844"))));
proxy.OnDefaultDeviceChanged(&dev);
// Now trigger an ipconfig change.
dev.ipconfig.ipv4_dns_addresses = {"8.8.8.8"};
EXPECT_CALL(*mock_resolver,
SetNameServers(ElementsAre(StrEq("8.8.8.8"),
StrEq("2001:4860:4860::8888"),
StrEq("2001:4860:4860::8844"))));
proxy.OnDeviceChanged(&dev);
}
TEST_F(ProxyTest, DeviceChangeEventIgnored) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.shill_ready_ = true;
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device dev;
dev.ifname = "eth0";
dev.state = shill::Client::Device::ConnectionState::kOnline;
dev.ipconfig.ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4"};
dev.ipconfig.ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
// Doesn't call listen since the resolver already exists.
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _))
.WillOnce(Return(true));
EXPECT_CALL(*mock_resolver, ListenUDP(_)).Times(0);
EXPECT_CALL(*mock_resolver, ListenTCP(_)).Times(0);
EXPECT_CALL(*mock_resolver,
SetNameServers(ElementsAre(StrEq("8.8.8.8"), StrEq("8.8.4.4"),
StrEq("2001:4860:4860::8888"),
StrEq("2001:4860:4860::8844"))));
proxy.OnDefaultDeviceChanged(&dev);
// No change to ipconfig, no call to SetNameServers
proxy.OnDeviceChanged(&dev);
// Different ifname, no call to SetNameServers
dev.ifname = "wlan0";
proxy.OnDeviceChanged(&dev);
}
TEST_F(ProxyTest, BasicDoHDisable) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
EXPECT_CALL(*mock_resolver, SetDoHProviders(IsEmpty(), false));
brillo::VariantDictionary props;
proxy.OnDoHProvidersChanged(props);
}
TEST_F(ProxyTest, BasicDoHAlwaysOn) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(ElementsAre(StrEq("https://dns.google.com")), true));
brillo::VariantDictionary props;
props["https://dns.google.com"] = std::string("");
proxy.OnDoHProvidersChanged(props);
}
TEST_F(ProxyTest, BasicDoHAutomatic) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::IPConfig ipconfig;
ipconfig.ipv4_dns_addresses = {"8.8.4.4"};
proxy.UpdateNameServers(ipconfig);
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(ElementsAre(StrEq("https://dns.google.com")), false));
brillo::VariantDictionary props;
props["https://dns.google.com"] = std::string("8.8.8.8, 8.8.4.4");
proxy.OnDoHProvidersChanged(props);
}
TEST_F(ProxyTest, RemovesDNSQueryParameterTemplate_AlwaysOn) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(ElementsAre(StrEq("https://dns.google.com")), true));
brillo::VariantDictionary props;
props["https://dns.google.com{?dns}"] = std::string("");
proxy.OnDoHProvidersChanged(props);
}
TEST_F(ProxyTest, RemovesDNSQueryParameterTemplate_Automatic) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::IPConfig ipconfig;
ipconfig.ipv4_dns_addresses = {"8.8.4.4"};
proxy.UpdateNameServers(ipconfig);
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(ElementsAre(StrEq("https://dns.google.com")), false));
brillo::VariantDictionary props;
props["https://dns.google.com{?dns}"] = std::string("8.8.8.8, 8.8.4.4");
proxy.OnDoHProvidersChanged(props);
}
TEST_F(ProxyTest, NewResolverConfiguredWhenSet) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
brillo::VariantDictionary props;
props["https://dns.google.com"] = std::string("8.8.8.8, 8.8.4.4");
props["https://chrome.cloudflare-dns.com/dns-query"] =
std::string("1.1.1.1,2606:4700:4700::1111");
proxy.OnDoHProvidersChanged(props);
shill::Client::IPConfig ipconfig;
ipconfig.ipv4_dns_addresses = {"1.0.0.1", "1.1.1.1"};
proxy.UpdateNameServers(ipconfig);
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
EXPECT_CALL(*mock_resolver, SetNameServers(UnorderedElementsAre(
StrEq("1.1.1.1"), StrEq("1.0.0.1"))));
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(
ElementsAre(StrEq("https://chrome.cloudflare-dns.com/dns-query")),
false));
proxy.doh_config_.set_resolver(mock_resolver);
}
TEST_F(ProxyTest, DoHModeChangingFixedNameServers) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
// Initially off.
EXPECT_CALL(*mock_resolver, SetDoHProviders(IsEmpty(), false));
shill::Client::IPConfig ipconfig;
ipconfig.ipv4_dns_addresses = {"1.1.1.1", "9.9.9.9"};
proxy.UpdateNameServers(ipconfig);
// Automatic mode - matched cloudflare.
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(
ElementsAre(StrEq("https://chrome.cloudflare-dns.com/dns-query")),
false));
brillo::VariantDictionary props;
props["https://dns.google.com"] = std::string("8.8.8.8, 8.8.4.4");
props["https://chrome.cloudflare-dns.com/dns-query"] =
std::string("1.1.1.1,2606:4700:4700::1111");
proxy.OnDoHProvidersChanged(props);
// Automatic mode - no match.
EXPECT_CALL(*mock_resolver, SetDoHProviders(IsEmpty(), false));
ipconfig.ipv4_dns_addresses = {"10.10.10.1"};
proxy.UpdateNameServers(ipconfig);
// Automatic mode - matched google.
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(ElementsAre(StrEq("https://dns.google.com")), false));
ipconfig.ipv4_dns_addresses = {"8.8.4.4", "10.10.10.1", "8.8.8.8"};
proxy.UpdateNameServers(ipconfig);
// Explicitly turned off.
EXPECT_CALL(*mock_resolver, SetDoHProviders(IsEmpty(), false));
props.clear();
proxy.OnDoHProvidersChanged(props);
// Still off - even switching ns back.
EXPECT_CALL(*mock_resolver, SetDoHProviders(IsEmpty(), false));
ipconfig.ipv4_dns_addresses = {"8.8.4.4", "10.10.10.1", "8.8.8.8"};
proxy.UpdateNameServers(ipconfig);
// Always-on mode.
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(ElementsAre(StrEq("https://doh.opendns.com/dns-query")),
true));
props.clear();
props["https://doh.opendns.com/dns-query"] = std::string("");
proxy.OnDoHProvidersChanged(props);
// Back to automatic mode, though no matching ns.
EXPECT_CALL(*mock_resolver, SetDoHProviders(IsEmpty(), false));
props.clear();
props["https://doh.opendns.com/dns-query"] = std::string(
"208.67.222.222,208.67.220.220,2620:119:35::35, 2620:119:53::53");
proxy.OnDoHProvidersChanged(props);
// Automatic mode working on ns update.
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(ElementsAre(StrEq("https://doh.opendns.com/dns-query")),
false));
ipconfig.ipv4_dns_addresses = {"8.8.8.8"};
ipconfig.ipv6_dns_addresses = {"2620:119:35::35"};
proxy.UpdateNameServers(ipconfig);
}
TEST_F(ProxyTest, MultipleDoHProvidersForAlwaysOnMode) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(UnorderedElementsAre(StrEq("https://dns.google.com"),
StrEq("https://doh.opendns.com")),
true));
brillo::VariantDictionary props;
props["https://dns.google.com"] = std::string("");
props["https://doh.opendns.com"] = std::string("");
proxy.OnDoHProvidersChanged(props);
}
TEST_F(ProxyTest, MultipleDoHProvidersForAutomaticMode) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::IPConfig ipconfig;
ipconfig.ipv4_dns_addresses = {"1.1.1.1", "10.10.10.10"};
proxy.UpdateNameServers(ipconfig);
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(
ElementsAre(StrEq("https://chrome.cloudflare-dns.com/dns-query")),
false));
brillo::VariantDictionary props;
props["https://dns.google.com"] = std::string("8.8.8.8, 8.8.4.4");
props["https://dns.quad9.net/dns-query"] = std::string("9.9.9.9,2620:fe::9");
props["https://chrome.cloudflare-dns.com/dns-query"] =
std::string("1.1.1.1,2606:4700:4700::1111");
props["https://doh.opendns.com/dns-query"] = std::string(
"208.67.222.222,208.67.220.220,2620:119:35::35, 2620:119:53::53");
proxy.OnDoHProvidersChanged(props);
EXPECT_CALL(*mock_resolver,
SetDoHProviders(UnorderedElementsAre(
StrEq("https://dns.google.com"),
StrEq("https://doh.opendns.com/dns-query"),
StrEq("https://dns.quad9.net/dns-query")),
false));
ipconfig.ipv4_dns_addresses = {"8.8.8.8", "10.10.10.10"};
ipconfig.ipv6_dns_addresses = {"2620:fe::9", "2620:119:53::53"};
proxy.UpdateNameServers(ipconfig);
}
TEST_F(ProxyTest, DoHBadAlwaysOnConfigSetsAutomaticMode) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::IPConfig ipconfig;
ipconfig.ipv4_dns_addresses = {"1.1.1.1", "10.10.10.10"};
proxy.UpdateNameServers(ipconfig);
EXPECT_CALL(
*mock_resolver,
SetDoHProviders(
ElementsAre(StrEq("https://chrome.cloudflare-dns.com/dns-query")),
false));
brillo::VariantDictionary props;
props["https://dns.opendns.com"] = std::string("");
props["https://dns.google.com"] = std::string("8.8.8.8, 8.8.4.4");
props["https://dns.quad9.net/dns-query"] = std::string("9.9.9.9,2620:fe::9");
props["https://chrome.cloudflare-dns.com/dns-query"] =
std::string("1.1.1.1,2606:4700:4700::1111");
props["https://doh.opendns.com/dns-query"] = std::string(
"208.67.222.222,208.67.220.220,2620:119:35::35, 2620:119:53::53");
proxy.OnDoHProvidersChanged(props);
EXPECT_CALL(*mock_resolver,
SetDoHProviders(UnorderedElementsAre(
StrEq("https://dns.google.com"),
StrEq("https://doh.opendns.com/dns-query"),
StrEq("https://dns.quad9.net/dns-query")),
false));
ipconfig.ipv4_dns_addresses = {"8.8.8.8", "10.10.10.10"};
ipconfig.ipv6_dns_addresses = {"2620:fe::9", "2620:119:53::53"};
proxy.UpdateNameServers(ipconfig);
}
TEST_F(ProxyTest, FeatureEnablementCheckedOnSetup) {
scoped_refptr<dbus::MockObjectProxy> mock = new dbus::MockObjectProxy(
mock_bus_.get(), shill::kFlimflamServiceName, dbus::ObjectPath("/"));
EXPECT_CALL(*mock_bus_, GetObjectProxy(_, _))
.WillRepeatedly(Return(mock.get()));
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.session_.reset(new FakeSessionMonitor(mock_bus_));
auto features = std::make_unique<FakeFeaturesClient>(true);
auto* features_ptr = features.get();
proxy.features_ = std::move(features);
ASSERT_FALSE(features_ptr->is_dnsproxy_enabled_called);
proxy.Setup();
EXPECT_TRUE(features_ptr->is_dnsproxy_enabled_called);
}
TEST_F(ProxyTest, LoginEventTriggersFeatureCheck) {
scoped_refptr<dbus::MockObjectProxy> mock = new dbus::MockObjectProxy(
mock_bus_.get(), shill::kFlimflamServiceName, dbus::ObjectPath("/"));
EXPECT_CALL(*mock_bus_, GetObjectProxy(_, _))
.WillRepeatedly(Return(mock.get()));
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
auto session = std::make_unique<FakeSessionMonitor>(mock_bus_);
auto* session_ptr = session.get();
proxy.session_ = std::move(session);
auto features = std::make_unique<FakeFeaturesClient>(true);
auto* features_ptr = features.get();
proxy.features_ = std::move(features);
proxy.Setup();
features_ptr->is_dnsproxy_enabled_called = false;
session_ptr->Login();
EXPECT_TRUE(features_ptr->is_dnsproxy_enabled_called);
}
TEST_F(ProxyTest, LogoutEventTriggersDisable) {
scoped_refptr<dbus::MockObjectProxy> mock = new dbus::MockObjectProxy(
mock_bus_.get(), shill::kFlimflamServiceName, dbus::ObjectPath("/"));
EXPECT_CALL(*mock_bus_, GetObjectProxy(_, _))
.WillRepeatedly(Return(mock.get()));
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
auto session = std::make_unique<FakeSessionMonitor>(mock_bus_);
auto* session_ptr = session.get();
proxy.session_ = std::move(session);
proxy.features_.reset(new FakeFeaturesClient(true));
proxy.Setup();
ASSERT_TRUE(proxy.feature_enabled_);
session_ptr->Logout();
EXPECT_FALSE(proxy.feature_enabled_);
}
TEST_F(ProxyTest, FeatureEnabled_LoginAfterLogout) {
scoped_refptr<dbus::MockObjectProxy> mock = new dbus::MockObjectProxy(
mock_bus_.get(), shill::kFlimflamServiceName, dbus::ObjectPath("/"));
EXPECT_CALL(*mock_bus_, GetObjectProxy(_, _))
.WillRepeatedly(Return(mock.get()));
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
auto session = std::make_unique<FakeSessionMonitor>(mock_bus_);
auto* session_ptr = session.get();
proxy.session_ = std::move(session);
proxy.features_.reset(new FakeFeaturesClient(true));
proxy.Setup();
session_ptr->Login();
EXPECT_TRUE(proxy.feature_enabled_);
session_ptr->Logout();
EXPECT_FALSE(proxy.feature_enabled_);
session_ptr->Login();
EXPECT_TRUE(proxy.feature_enabled_);
}
TEST_F(ProxyTest, FeatureDisabled_LoginAfterLogout) {
scoped_refptr<dbus::MockObjectProxy> mock = new dbus::MockObjectProxy(
mock_bus_.get(), shill::kFlimflamServiceName, dbus::ObjectPath("/"));
EXPECT_CALL(*mock_bus_, GetObjectProxy(_, _))
.WillRepeatedly(Return(mock.get()));
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
auto session = std::make_unique<FakeSessionMonitor>(mock_bus_);
auto* session_ptr = session.get();
proxy.session_ = std::move(session);
proxy.features_.reset(new FakeFeaturesClient(false));
proxy.Setup();
session_ptr->Login();
EXPECT_FALSE(proxy.feature_enabled_);
session_ptr->Logout();
EXPECT_FALSE(proxy.feature_enabled_);
session_ptr->Login();
EXPECT_FALSE(proxy.feature_enabled_);
}
TEST_F(ProxyTest, SystemProxy_ShillPropertyNotUpdatedIfFeatureDisabled) {
scoped_refptr<dbus::MockObjectProxy> mock = new dbus::MockObjectProxy(
mock_bus_.get(), shill::kFlimflamServiceName, dbus::ObjectPath("/"));
EXPECT_CALL(*mock_bus_, GetObjectProxy(_, _))
.WillRepeatedly(Return(mock.get()));
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
proxy.session_.reset(new FakeSessionMonitor(mock_bus_));
proxy.features_.reset(new FakeFeaturesClient(false));
proxy.Setup();
proxy.shill_ready_ = true;
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
shill::Client::Device dev;
dev.state = shill::Client::Device::ConnectionState::kOnline;
EXPECT_CALL(*mock_resolver, SetNameServers(_));
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _)).Times(0);
proxy.OnDefaultDeviceChanged(&dev);
}
TEST_F(ProxyTest, DefaultProxy_DisableDoHProvidersOnVPN) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, PatchpanelClient(),
ShillClient());
proxy.device_ = std::make_unique<shill::Client::Device>();
proxy.device_->state = shill::Client::Device::ConnectionState::kOnline;
proxy.device_->type = shill::Client::Device::Type::kVPN;
auto resolver = std::make_unique<MockResolver>();
MockResolver* mock_resolver = resolver.get();
proxy.resolver_ = std::move(resolver);
proxy.doh_config_.set_resolver(mock_resolver);
EXPECT_CALL(*mock_resolver, SetDoHProviders(IsEmpty(), false));
brillo::VariantDictionary props;
props["https://dns.google.com"] = std::string("");
props["https://doh.opendns.com"] = std::string("");
proxy.OnDoHProvidersChanged(props);
}
TEST_F(ProxyTest, SystemProxy_NeverSetsDnsRedirectionRule) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, std::move(client),
ShillClient());
proxy.shill_ready_ = true;
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.ns_peer_ipv6_address_ = "::1";
// System proxy must not request a redirect DNS rule.
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
// Set devices created before the proxy started.
patchpanel::NetworkDevice starting_device;
starting_device.set_ifname("vmtap0");
starting_device.set_phys_ifname("eth0");
starting_device.set_guest_type(patchpanel::NetworkDevice::TERMINA_VM);
proxy.OnPatchpanelReady(true);
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _))
.WillOnce(Return(true));
proxy.Enable();
// Default device changed.
shill::Client::Device default_device;
default_device.ifname = "eth0";
default_device.state = shill::Client::Device::ConnectionState::kOnline;
default_device.ipconfig.ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4"};
default_device.ipconfig.ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
EXPECT_CALL(mock_manager_, SetDNSProxyIPv4Address(_, _, _))
.WillOnce(Return(true));
proxy.OnDefaultDeviceChanged(&default_device);
// Plugin VM started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* plugin_vm_dev = signal.mutable_device();
plugin_vm_dev->set_ifname("vmtap1");
plugin_vm_dev->set_phys_ifname("eth0");
plugin_vm_dev->set_guest_type(patchpanel::NetworkDevice::PLUGIN_VM);
proxy.OnVirtualDeviceChanged(signal);
// ARC started.
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* arc_dev = signal.mutable_device();
arc_dev->set_ifname("arc_eth0");
arc_dev->set_phys_ifname("eth0");
arc_dev->set_guest_type(patchpanel::NetworkDevice::ARC);
proxy.OnVirtualDeviceChanged(signal);
}
TEST_F(ProxyTest, DefaultProxy_SetDnsRedirectionRuleDeviceAlreadyStarted) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(client),
ShillClient());
proxy.shill_ready_ = true;
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.ns_peer_ipv6_address_ = "::1";
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
// Set devices created before the proxy started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("vmtap0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::TERMINA_VM);
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::DEFAULT,
"vmtap0", "10.10.10.10", IsEmpty()))
.WillOnce(Return(ByMove(base::ScopedFD(make_fd()))));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::DEFAULT,
"vmtap0", "::1", IsEmpty()))
.Times(0);
proxy.OnPatchpanelReady(true);
proxy.Enable();
EXPECT_EQ(proxy.lifeline_fds_.size(), 1);
// Default device changed.
shill::Client::Device default_device;
default_device.state = shill::Client::Device::ConnectionState::kOnline;
std::vector<std::string> ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4"};
default_device.ipconfig.ipv4_dns_addresses = ipv4_dns_addresses;
std::vector<std::string> ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
default_device.ipconfig.ipv6_dns_addresses = ipv6_dns_addresses;
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::USER, _, _,
ipv4_dns_addresses))
.WillOnce(Return(ByMove(base::ScopedFD(make_fd()))));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::USER, _, _,
ipv6_dns_addresses))
.Times(0);
proxy.OnDefaultDeviceChanged(&default_device);
EXPECT_EQ(proxy.lifeline_fds_.size(), 2);
// Guest stopped.
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_REMOVED);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 1);
}
TEST_F(ProxyTest, DefaultProxy_SetDnsRedirectionRuleNewDeviceStarted) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(client),
ShillClient());
proxy.shill_ready_ = true;
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.ns_peer_ipv6_address_ = "::1";
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
proxy.OnPatchpanelReady(true);
proxy.Enable();
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
// Default device changed.
shill::Client::Device default_device;
default_device.state = shill::Client::Device::ConnectionState::kOnline;
std::vector<std::string> ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4"};
default_device.ipconfig.ipv4_dns_addresses = ipv4_dns_addresses;
std::vector<std::string> ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
default_device.ipconfig.ipv6_dns_addresses = ipv6_dns_addresses;
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::USER, _, _,
ipv4_dns_addresses))
.WillOnce(Return(ByMove(base::ScopedFD(make_fd()))));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::USER, _, _,
ipv6_dns_addresses))
.Times(0);
proxy.OnDefaultDeviceChanged(&default_device);
EXPECT_EQ(proxy.lifeline_fds_.size(), 1);
// Guest started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("vmtap0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::PLUGIN_VM);
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::DEFAULT,
"vmtap0", "10.10.10.10", IsEmpty()))
.WillOnce(Return(ByMove(base::ScopedFD(make_fd()))));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::DEFAULT,
"vmtap0", "::1", IsEmpty()))
.Times(0);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 2);
// Guest stopped.
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_REMOVED);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 1);
}
TEST_F(ProxyTest, DefaultProxy_NeverSetsDnsRedirectionRuleOtherGuest) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(client),
ShillClient());
proxy.shill_ready_ = true;
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.ns_peer_ipv6_address_ = "::1";
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
// Set devices created before the proxy started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("arc_eth0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::ARCVM);
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
proxy.OnPatchpanelReady(true);
proxy.Enable();
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
}
TEST_F(ProxyTest, DefaultProxy_NeverSetsDnsRedirectionRuleFeatureDisabled) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(client),
ShillClient());
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.shill_ready_ = true;
proxy.ns_peer_ipv6_address_ = "::1";
proxy.feature_enabled_ = false;
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
// Set devices created before the proxy started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("vmtap0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::TERMINA_VM);
proxy.OnPatchpanelReady(true);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
}
TEST_F(ProxyTest, DefaultProxy_SetDnsRedirectionRuleWithoutIPv6) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(client),
ShillClient());
proxy.resolver_ = std::make_unique<MockResolver>();
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
proxy.OnPatchpanelReady(true);
proxy.Enable();
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
// Default device changed.
shill::Client::Device default_device;
default_device.state = shill::Client::Device::ConnectionState::kOnline;
std::vector<std::string> ipv4_dns_addresses = {"8.8.8.8", "8.8.4.4"};
default_device.ipconfig.ipv4_dns_addresses = ipv4_dns_addresses;
default_device.ipconfig.ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::USER, _, _,
ipv4_dns_addresses))
.WillOnce(Return(ByMove(base::ScopedFD(make_fd()))));
proxy.OnDefaultDeviceChanged(&default_device);
EXPECT_EQ(proxy.lifeline_fds_.size(), 1);
// Guest started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("vmtap0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::PLUGIN_VM);
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::DEFAULT,
"vmtap0", "10.10.10.10", IsEmpty()))
.WillOnce(Return(ByMove(base::ScopedFD(make_fd()))));
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 2);
// Guest stopped.
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_REMOVED);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 1);
}
TEST_F(ProxyTest, DefaultProxy_SetDnsRedirectionRuleIPv6Added) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(client),
ShillClient());
proxy.ns_.set_peer_ifname("");
proxy.Enable();
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("vmtap0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::TERMINA_VM);
std::string peer_ipv6_addr = "::1";
struct in6_addr ipv6_addr;
inet_pton(AF_INET6, peer_ipv6_addr.c_str(), &ipv6_addr.s6_addr);
std::vector<std::string> ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
proxy.doh_config_.set_nameservers({"8.8.8.8", "8.8.4.4"}, ipv6_dns_addresses);
proxy.device_.reset(new shill::Client::Device{});
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::USER, _, _,
ipv6_dns_addresses))
.Times(0);
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::DEFAULT,
"vmtap0", peer_ipv6_addr, IsEmpty()))
.Times(0);
// Proxy's ConnectedNamespace peer interface name is set to empty and
// RTNL message's interface index is set to 0 in order to match.
// if_nametoindex which is used to get the interface index will return 0 on
// error.
shill::RTNLMessage msg(shill::RTNLMessage::kTypeAddress,
shill::RTNLMessage::kModeAdd, 0 /* flags */,
0 /* seq */, 0 /* pid */, 0 /* interface_index */,
shill::IPAddress::Family(AF_INET6));
msg.set_address_status(
shill::RTNLMessage::AddressStatus(0, 0, RT_SCOPE_UNIVERSE));
msg.SetAttribute(IFA_ADDRESS,
shill::ByteString(ipv6_addr.s6_addr, sizeof(ipv6_addr)));
proxy.RTNLMessageHandler(msg);
}
TEST_F(ProxyTest, DefaultProxy_SetDnsRedirectionRuleIPv6Deleted) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(client),
ShillClient());
proxy.ns_.set_peer_ifname("");
proxy.device_.reset(new shill::Client::Device{});
proxy.lifeline_fds_.emplace(std::make_pair("", AF_INET6),
base::ScopedFD(make_fd()));
proxy.lifeline_fds_.emplace(std::make_pair("vmtap0", AF_INET6),
base::ScopedFD(make_fd()));
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("vmtap0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::TERMINA_VM);
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
shill::RTNLMessage msg(shill::RTNLMessage::kTypeAddress,
shill::RTNLMessage::kModeDelete, 0 /* flags */,
0 /* seq */, 0 /* pid */, 0 /* interface_index */,
shill::IPAddress::Family(AF_INET6));
msg.set_address_status(
shill::RTNLMessage::AddressStatus(0, 0, RT_SCOPE_UNIVERSE));
proxy.RTNLMessageHandler(msg);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
}
TEST_F(ProxyTest, DefaultProxy_SetDnsRedirectionRuleUnrelatedIPv6Added) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kDefault}, std::move(client),
ShillClient());
proxy.ns_.set_peer_ifname("");
proxy.Enable();
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("vmtap0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::TERMINA_VM);
std::string peer_ipv6_addr = "::1";
struct in6_addr ipv6_addr;
inet_pton(AF_INET6, peer_ipv6_addr.c_str(), &ipv6_addr.s6_addr);
std::vector<std::string> ipv6_dns_addresses = {"2001:4860:4860::8888",
"2001:4860:4860::8844"};
proxy.doh_config_.set_nameservers({"8.8.8.8", "8.8.4.4"}, ipv6_dns_addresses);
proxy.device_.reset(new shill::Client::Device{});
EXPECT_CALL(*mock_client, GetDevices())
.WillRepeatedly(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
// Proxy's ConnectedNamespace peer interface name is set to empty and
// RTNL message's interface index is set to -1 in order to not match.
// if_nametoindex which is used to get the interface index will return 0 on
// error.
shill::RTNLMessage msg_unrelated_ifindex(
shill::RTNLMessage::kTypeAddress, shill::RTNLMessage::kModeAdd,
0 /* flags */, 0 /* seq */, 0 /* pid */, -1 /* interface_index */,
shill::IPAddress::Family(AF_INET6));
msg_unrelated_ifindex.set_address_status(
shill::RTNLMessage::AddressStatus(0, 0, RT_SCOPE_UNIVERSE));
msg_unrelated_ifindex.SetAttribute(
IFA_ADDRESS, shill::ByteString(ipv6_addr.s6_addr, sizeof(ipv6_addr)));
proxy.RTNLMessageHandler(msg_unrelated_ifindex);
shill::RTNLMessage msg_unrelated_scope(
shill::RTNLMessage::kTypeAddress, shill::RTNLMessage::kModeAdd,
0 /* flags */, 0 /* seq */, 0 /* pid */, -1 /* interface_index */,
shill::IPAddress::Family(AF_INET6));
msg_unrelated_scope.set_address_status(
shill::RTNLMessage::AddressStatus(0, 0, RT_SCOPE_LINK));
msg_unrelated_scope.SetAttribute(
IFA_ADDRESS, shill::ByteString(ipv6_addr.s6_addr, sizeof(ipv6_addr)));
proxy.RTNLMessageHandler(msg_unrelated_scope);
}
TEST_F(ProxyTest, ArcProxy_SetDnsRedirectionRuleDeviceAlreadyStarted) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "eth0"},
std::move(client), ShillClient());
proxy.shill_ready_ = true;
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.ns_peer_ipv6_address_ = "::1";
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
// Set devices created before the proxy started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("arc_eth0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::ARCVM);
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::ARC,
"arc_eth0", "10.10.10.10", IsEmpty()))
.WillOnce(Return(ByMove(base::ScopedFD(make_fd()))));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::ARC,
"arc_eth0", "::1", IsEmpty()))
.Times(0);
proxy.OnPatchpanelReady(true);
proxy.Enable();
EXPECT_EQ(proxy.lifeline_fds_.size(), 1);
}
TEST_F(ProxyTest, ArcProxy_SetDnsRedirectionRuleNewDeviceStarted) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "eth0"},
std::move(client), ShillClient());
proxy.shill_ready_ = true;
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.ns_peer_ipv6_address_ = "::1";
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
proxy.OnPatchpanelReady(true);
proxy.Enable();
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
// Guest started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("arc_eth0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::ARC);
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::ARC,
"arc_eth0", "10.10.10.10", IsEmpty()))
.WillOnce(Return(ByMove(base::ScopedFD(make_fd()))));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::ARC,
"arc_eth0", "::1", IsEmpty()))
.Times(0);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 1);
}
TEST_F(ProxyTest, ArcProxy_NeverSetsDnsRedirectionRuleOtherGuest) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "eth0"},
std::move(client), ShillClient());
proxy.shill_ready_ = true;
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.ns_peer_ipv6_address_ = "::1";
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
// Set devices created before the proxy started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("vmtap0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::TERMINA_VM);
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
proxy.OnPatchpanelReady(true);
proxy.Enable();
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
}
TEST_F(ProxyTest, ArcProxy_NeverSetsDnsRedirectionRuleOtherIfname) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "wlan0"},
std::move(client), ShillClient());
proxy.shill_ready_ = true;
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.ns_peer_ipv6_address_ = "::1";
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
// Set devices created before the proxy started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("arc_eth0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::ARCVM);
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
proxy.OnPatchpanelReady(true);
proxy.Enable();
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
}
TEST_F(ProxyTest, ArcProxy_NeverSetsDnsRedirectionRuleFeatureDisabled) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "eth0"},
std::move(client), ShillClient());
proxy.resolver_ = std::make_unique<MockResolver>();
proxy.shill_ready_ = true;
proxy.ns_peer_ipv6_address_ = "::1";
proxy.feature_enabled_ = false;
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
// Expect ConnectNamespace call and set the namespace address.
EXPECT_CALL(*mock_client, ConnectNamespace(_, _, _, _, _))
.WillRepeatedly([](pid_t pid, const std::string& outbound_ifname,
bool forward_user_traffic, bool route_on_vpn,
patchpanel::TrafficCounter::Source traffic_source) {
patchpanel::ConnectNamespaceResponse resp;
resp.set_peer_ipv4_address(patchpanel::Ipv4Addr(10, 10, 10, 10));
return std::make_pair(base::ScopedFD(make_fd()), resp);
});
// Set devices created before the proxy started.
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("arc_eth0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::ARCVM);
proxy.OnPatchpanelReady(true);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
proxy.OnVirtualDeviceChanged(signal);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
}
TEST_F(ProxyTest, ArcProxy_SetDnsRedirectionRuleIPv6Added) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "eth0"},
std::move(client), ShillClient());
proxy.ns_.set_peer_ifname("");
proxy.Enable();
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("arc_eth0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::ARCVM);
std::string peer_ipv6_addr = "::1";
struct in6_addr ipv6_addr;
inet_pton(AF_INET6, peer_ipv6_addr.c_str(), &ipv6_addr.s6_addr);
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
EXPECT_CALL(*mock_client,
RedirectDns(patchpanel::SetDnsRedirectionRuleRequest::ARC,
"arc_eth0", peer_ipv6_addr, IsEmpty()))
.Times(0);
// Proxy's ConnectedNamespace peer interface name is set to empty and
// RTNL message's interface index is set to 0 in order to match.
// if_nametoindex which is used to get the interface index will return 0 on
// error.
shill::RTNLMessage msg(shill::RTNLMessage::kTypeAddress,
shill::RTNLMessage::kModeAdd, 0 /* flags */,
0 /* seq */, 0 /* pid */, 0 /* interface_index */,
shill::IPAddress::Family(AF_INET6));
msg.set_address_status(
shill::RTNLMessage::AddressStatus(0, 0, RT_SCOPE_UNIVERSE));
msg.SetAttribute(IFA_ADDRESS,
shill::ByteString(ipv6_addr.s6_addr, sizeof(ipv6_addr)));
proxy.RTNLMessageHandler(msg);
}
TEST_F(ProxyTest, ArcProxy_SetDnsRedirectionRuleIPv6Deleted) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "eth0"},
std::move(client), ShillClient());
proxy.ns_.set_peer_ifname("");
proxy.device_.reset(new shill::Client::Device{});
proxy.lifeline_fds_.emplace(std::make_pair("arc_eth0", AF_INET6),
base::ScopedFD(make_fd()));
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("arc_eth0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::ARCVM);
EXPECT_CALL(*mock_client, GetDevices())
.WillOnce(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
shill::RTNLMessage msg(shill::RTNLMessage::kTypeAddress,
shill::RTNLMessage::kModeDelete, 0 /* flags */,
0 /* seq */, 0 /* pid */, 0 /* interface_index */,
shill::IPAddress::Family(AF_INET6));
msg.set_address_status(
shill::RTNLMessage::AddressStatus(0, 0, RT_SCOPE_UNIVERSE));
proxy.RTNLMessageHandler(msg);
EXPECT_EQ(proxy.lifeline_fds_.size(), 0);
}
TEST_F(ProxyTest, ArcProxy_SetDnsRedirectionRuleUnrelatedIPv6Added) {
auto client = std::make_unique<MockPatchpanelClient>();
MockPatchpanelClient* mock_client = client.get();
Proxy proxy(Proxy::Options{.type = Proxy::Type::kARC, .ifname = "eth0"},
std::move(client), ShillClient());
proxy.ns_.set_peer_ifname("");
proxy.Enable();
patchpanel::NetworkDeviceChangedSignal signal;
signal.set_event(patchpanel::NetworkDeviceChangedSignal::DEVICE_ADDED);
auto* dev = signal.mutable_device();
dev->set_ifname("arc_eth0");
dev->set_phys_ifname("eth0");
dev->set_guest_type(patchpanel::NetworkDevice::ARCVM);
std::string peer_ipv6_addr = "::1";
struct in6_addr ipv6_addr;
inet_pton(AF_INET6, peer_ipv6_addr.c_str(), &ipv6_addr.s6_addr);
EXPECT_CALL(*mock_client, GetDevices())
.WillRepeatedly(Return(std::vector<patchpanel::NetworkDevice>{*dev}));
EXPECT_CALL(*mock_client, RedirectDns(_, _, _, _)).Times(0);
// Proxy's ConnectedNamespace peer interface name is set to empty and
// RTNL message's interface index is set to -1 in order to not match.
// if_nametoindex which is used to get the interface index will return 0 on
// error.
shill::RTNLMessage msg_unrelated_ifindex(
shill::RTNLMessage::kTypeAddress, shill::RTNLMessage::kModeAdd,
0 /* flags */, 0 /* seq */, 0 /* pid */, -1 /* interface_index */,
shill::IPAddress::Family(AF_INET6));
msg_unrelated_ifindex.set_address_status(
shill::RTNLMessage::AddressStatus(0, 0, RT_SCOPE_UNIVERSE));
msg_unrelated_ifindex.SetAttribute(
IFA_ADDRESS, shill::ByteString(ipv6_addr.s6_addr, sizeof(ipv6_addr)));
proxy.RTNLMessageHandler(msg_unrelated_ifindex);
shill::RTNLMessage msg_unrelated_scope(
shill::RTNLMessage::kTypeAddress, shill::RTNLMessage::kModeAdd,
0 /* flags */, 0 /* seq */, 0 /* pid */, -1 /* interface_index */,
shill::IPAddress::Family(AF_INET6));
msg_unrelated_scope.set_address_status(
shill::RTNLMessage::AddressStatus(0, 0, RT_SCOPE_LINK));
msg_unrelated_scope.SetAttribute(
IFA_ADDRESS, shill::ByteString(ipv6_addr.s6_addr, sizeof(ipv6_addr)));
proxy.RTNLMessageHandler(msg_unrelated_scope);
}
TEST_F(ProxyTest, UpdateNameServers) {
Proxy proxy(Proxy::Options{.type = Proxy::Type::kSystem}, PatchpanelClient(),
ShillClient());
shill::Client::IPConfig ipconfig;
ipconfig.ipv4_dns_addresses = {"8.8.4.4",
"192.168.1.1",
"256.256.256.256",
"0.0.0.0",
"eeb0:117e:92ee:ad3d:ce0d:a646:95ea:a16e",
"::1",
"::",
"a",
""};
ipconfig.ipv6_dns_addresses = {"8.8.4.4",
"192.168.1.1",
"256.256.256.256",
"0.0.0.0",
"eeb0:117e:92ee:ad3d:ce0d:a646:95ea:a16e",
"::1",
"::",
"a",
""};
proxy.UpdateNameServers(ipconfig);
const std::string expected_ipv4_dns_addresses[] = {"8.8.4.4", "192.168.1.1"};
const std::string expected_ipv6_dns_addresses[] = {
"eeb0:117e:92ee:ad3d:ce0d:a646:95ea:a16e", "::1"};
EXPECT_THAT(proxy.doh_config_.ipv4_nameservers(),
ElementsAreArray(expected_ipv4_dns_addresses));
EXPECT_THAT(proxy.doh_config_.ipv6_nameservers(),
ElementsAreArray(expected_ipv6_dns_addresses));
}
} // namespace dns_proxy