mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset 117da9de7f66 (bug 1667743) for handshakeSucceeded related bustage CLOSED TREE

This commit is contained in:
Bogdan Tara 2020-12-03 03:44:59 +02:00
Родитель 5568524e05
Коммит 520f54fb37
28 изменённых файлов: 324 добавлений и 50 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

38
dom/html/nsHTMLDNSPrefetch.cpp
Просмотреть файл

@ -161,7 +161,17 @@ nsresult nsHTMLDNSPrefetch::Prefetch(
return rv;
}
// TODO: Fetch HTTPS RRs in bug 1652723.
// Fetch ESNI keys if needed.
if (isHttps && StaticPrefs::network_security_esni_enabled()) {
nsAutoCString esniHost;
esniHost.Append("_esni.");
esniHost.Append(NS_ConvertUTF16toUTF8(hostname));
Unused << sDNSService->AsyncResolveNative(
esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, sDNSListener,
nullptr, aPartitionedPrincipalOriginAttributes,
getter_AddRefs(tmpOutstanding));
}
return NS_OK;
}
@ -246,8 +256,16 @@ nsresult nsHTMLDNSPrefetch::CancelPrefetch(
flags | nsIDNSService::RESOLVE_SPECULATE,
nullptr, // resolverInfo
sDNSListener, aReason, aPartitionedPrincipalOriginAttributes);
// TODO: Fetch HTTPS RRs in bug 1652723.
// Cancel fetching ESNI keys if needed.
if (StaticPrefs::network_security_esni_enabled() && isHttps) {
nsAutoCString esniHost;
esniHost.Append("_esni.");
esniHost.Append(NS_ConvertUTF16toUTF8(hostname));
sDNSService->CancelAsyncResolveNative(
esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, sDNSListener,
aReason, aPartitionedPrincipalOriginAttributes);
}
return rv;
}
@ -392,8 +410,18 @@ void nsHTMLDNSPrefetch::nsDeferrals::SubmitQueue() {
mEntries[mTail].mFlags | nsIDNSService::RESOLVE_SPECULATE,
nullptr, sDNSListener, nullptr, oa,
getter_AddRefs(tmpOutstanding));
// TODO: Fetch HTTPS RRs in bug 1652723.
// Fetch ESNI keys if needed.
if (NS_SUCCEEDED(rv) &&
StaticPrefs::network_security_esni_enabled() && isHttps) {
nsAutoCString esniHost;
esniHost.Append("_esni.");
esniHost.Append(hostName);
sDNSService->AsyncResolveNative(
esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
mEntries[mTail].mFlags | nsIDNSService::RESOLVE_SPECULATE,
nullptr, sDNSListener, nullptr, oa,
getter_AddRefs(tmpOutstanding));
}
// Tell link that deferred prefetch was requested
if (NS_SUCCEEDED(rv)) link->OnDNSPrefetchRequested();
}

2
dom/media/webrtc/transport/test/webrtcproxychannel_unittest.cpp
Просмотреть файл

@ -178,7 +178,7 @@ class FakeSocketTransportProvider : public nsISocketTransport {
MOZ_ASSERT(false);
return NS_OK;
}
NS_IMETHOD GetEchConfigUsed(bool* aEchConfigUsed) override {
NS_IMETHOD GetEsniUsed(bool* aEsniUsed) override {
MOZ_ASSERT(false);
return NS_OK;
}

6
modules/libpref/init/StaticPrefList.yaml
Просмотреть файл

@ -8578,6 +8578,12 @@
value: true
mirror: always
# Whether to use sni encryption.
- name: network.security.esni.enabled
type: bool
value: false
mirror: always
# Whether to cache SSL resumption tokens in necko.
- name: network.ssl_tokens_cache_enabled
type: RelaxedAtomicBool

15
netwerk/base/Predictor.cpp
Просмотреть файл

@ -1194,7 +1194,20 @@ bool Predictor::RunPredictions(nsIURI* referrer,
nullptr, mDNSListener, nullptr, originAttributes,
getter_AddRefs(tmpCancelable));
// TODO: Fetch HTTPS RRs in bug 1652723.
// Fetch esni keys if needed.
if (StaticPrefs::network_security_esni_enabled() &&
uri->SchemeIs("https")) {
nsAutoCString esniHost;
esniHost.Append("_esni.");
esniHost.Append(hostname);
mDnsService->AsyncResolveNative(esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
(nsIDNSService::RESOLVE_PRIORITY_MEDIUM |
nsIDNSService::RESOLVE_SPECULATE),
nullptr, mDNSListener, nullptr,
originAttributes,
getter_AddRefs(tmpCancelable));
}
predicted = true;
if (verifier) {
PREDICTOR_LOG((" sending preresolve verification"));

33
netwerk/base/nsDNSPrefetch.cpp
Просмотреть файл

@ -17,6 +17,8 @@
#include "mozilla/Preferences.h"
static nsIDNSService* sDNSService = nullptr;
static mozilla::Atomic<bool, mozilla::Relaxed> sESNIEnabled(false);
const char kESNIPref[] = "network.security.esni.enabled";
nsresult nsDNSPrefetch::Initialize(nsIDNSService* aDNSService) {
MOZ_ASSERT(NS_IsMainThread());
@ -24,14 +26,28 @@ nsresult nsDNSPrefetch::Initialize(nsIDNSService* aDNSService) {
NS_IF_RELEASE(sDNSService);
sDNSService = aDNSService;
NS_IF_ADDREF(sDNSService);
mozilla::Preferences::RegisterCallback(nsDNSPrefetch::PrefChanged, kESNIPref);
PrefChanged(nullptr, nullptr);
return NS_OK;
}
nsresult nsDNSPrefetch::Shutdown() {
NS_IF_RELEASE(sDNSService);
mozilla::Preferences::UnregisterCallback(nsDNSPrefetch::PrefChanged,
kESNIPref);
return NS_OK;
}
// static
void nsDNSPrefetch::PrefChanged(const char* aPref, void* aClosure) {
if (!aPref || strcmp(aPref, kESNIPref) == 0) {
bool enabled = false;
if (NS_SUCCEEDED(mozilla::Preferences::GetBool(kESNIPref, &enabled))) {
sESNIEnabled = enabled;
}
}
}
nsDNSPrefetch::nsDNSPrefetch(nsIURI* aURI,
mozilla::OriginAttributes& aOriginAttributes,
nsIRequest::TRRMode aTRRMode,
@ -60,10 +76,25 @@ nsresult nsDNSPrefetch::Prefetch(uint32_t flags) {
flags |= nsIDNSService::GetFlagsFromTRRMode(mTRRMode);
return sDNSService->AsyncResolveNative(
nsresult rv = sDNSService->AsyncResolveNative(
mHostname, nsIDNSService::RESOLVE_TYPE_DEFAULT,
flags | nsIDNSService::RESOLVE_SPECULATE, nullptr, this, target,
mOriginAttributes, getter_AddRefs(tmpOutstanding));
if (NS_FAILED(rv)) {
return rv;
}
// Fetch esni keys if needed.
if (sESNIEnabled && mIsHttps) {
nsAutoCString esniHost;
esniHost.Append("_esni.");
esniHost.Append(mHostname);
sDNSService->AsyncResolveNative(esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
flags | nsIDNSService::RESOLVE_SPECULATE,
nullptr, this, target, mOriginAttributes,
getter_AddRefs(tmpOutstanding));
}
return NS_OK;
}
nsresult nsDNSPrefetch::PrefetchLow(bool refreshDNS) {

2
netwerk/base/nsDNSPrefetch.h
Просмотреть файл

@ -46,6 +46,8 @@ class nsDNSPrefetch final : public nsIDNSListener {
nsresult FetchHTTPSSVC(bool aRefreshDNS);
static void PrefChanged(const char* aPref, void* aClosure);
private:
nsCString mHostname;
bool mIsHttps;

10
netwerk/base/nsISocketTransport.idl
Просмотреть файл

@ -255,9 +255,9 @@ interface nsISocketTransport : nsITransport
/**
* If we know that a server speaks only tls <1.3 there is no need to try
* to use ech.
* to use esni/ech and query dns for esni/echconfig.
*/
const unsigned long DONT_TRY_ECH = (1 << 10);
const unsigned long DONT_TRY_ESNI_OR_ECH = (1 << 10);
/**
* These two bits encode the TRR mode of the request.
@ -326,13 +326,15 @@ interface nsISocketTransport : nsITransport
readonly attribute boolean resetIPFamilyPreference;
/**
* This attribute holds information whether echConfig has been used.
* This attribute holds information whether esni has been used.
* The value is set after PR_Connect is called.
*/
readonly attribute boolean echConfigUsed;
readonly attribute boolean esniUsed;
/**
* Called to set the echConfig to the securityInfo object.
* Note that echConfig taks priority over esni, so when this function is
* called esni will not be used.
*/
void setEchConfig(in ACString echConfig);

123
netwerk/base/nsSocketTransport2.cpp
Просмотреть файл

@ -712,7 +712,10 @@ nsSocketTransport::nsSocketTransport()
mInputClosed(true),
mOutputClosed(true),
mResolving(false),
mEchConfigUsed(false),
mDNSLookupStatus(NS_OK),
mDNSARequestFinished(0),
mEsniQueried(false),
mEsniUsed(false),
mResolvedByTRR(false),
mNetAddrIsSet(false),
mSelfAddrIsSet(false),
@ -1088,6 +1091,38 @@ nsresult nsSocketTransport::ResolveHost() {
dns->AsyncResolveNative(SocketHost(), nsIDNSService::RESOLVE_TYPE_DEFAULT,
dnsFlags, nullptr, this, mSocketTransportService,
mOriginAttributes, getter_AddRefs(mDNSRequest));
mEsniQueried = false;
// NOTE: If we already have echConfig, we don't try ESNI.
if (mSocketTransportService->IsEsniEnabled() && NS_SUCCEEDED(rv) &&
!(mConnectionFlags & (DONT_TRY_ESNI_OR_ECH | BE_CONSERVATIVE)) &&
mEchConfig.IsEmpty()) {
bool isSSL = false;
for (unsigned int i = 0; i < mTypes.Length(); ++i) {
if (mTypes[i].EqualsLiteral("ssl")) {
isSSL = true;
break;
}
}
if (isSSL) {
SOCKET_LOG((" look for esni txt record"));
nsAutoCString esniHost;
esniHost.Append("_esni.");
// This might end up being the SocketHost
// see https://github.com/ekr/draft-rescorla-tls-esni/issues/61
esniHost.Append(SocketHost());
rv = dns->AsyncResolveNative(esniHost, nsIDNSService::RESOLVE_TYPE_TXT,
dnsFlags, nullptr, this,
mSocketTransportService, mOriginAttributes,
getter_AddRefs(mDNSTxtRequest));
if (NS_FAILED(rv)) {
SOCKET_LOG((" dns request by type failed."));
mDNSTxtRequest = nullptr;
rv = NS_OK;
} else {
mEsniQueried = true;
}
}
}
if (NS_SUCCEEDED(rv)) {
SOCKET_LOG((" advancing to STATE_RESOLVING\n"));
@ -1548,13 +1583,19 @@ nsresult nsSocketTransport::InitiateSocket() {
nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
if (secCtrl) {
if (!mEchConfig.IsEmpty() &&
!(mConnectionFlags & (DONT_TRY_ECH | BE_CONSERVATIVE))) {
!(mConnectionFlags & (DONT_TRY_ESNI_OR_ECH | BE_CONSERVATIVE))) {
SOCKET_LOG(("nsSocketTransport::InitiateSocket set echconfig."));
rv = secCtrl->SetEchConfig(mEchConfig);
if (NS_FAILED(rv)) {
return rv;
}
mEchConfigUsed = true;
} else if (!mDNSRecordTxt.IsEmpty() && !mUsingQuic) {
SOCKET_LOG(("nsSocketTransport::InitiateSocket set esni keys."));
rv = secCtrl->SetEsniTxt(mDNSRecordTxt);
if (NS_FAILED(rv)) {
return rv;
}
mEsniUsed = true;
}
}
@ -2179,13 +2220,14 @@ void nsSocketTransport::OnSocketEvent(uint32_t type, nsresult status,
break;
case MSG_DNS_LOOKUP_COMPLETE:
if (mDNSRequest) { // only send this if we actually resolved anything
if (mDNSRequest ||
mDNSTxtRequest) { // only send this if we actually resolved anything
SendStatus(NS_NET_STATUS_RESOLVED_HOST);
}
SOCKET_LOG((" MSG_DNS_LOOKUP_COMPLETE\n"));
mDNSRequest = nullptr;
mDNSTxtRequest = nullptr;
if (mDNSRecord) {
mDNSRecord->GetNextAddr(SocketPort(), &mNetAddr);
mDNSRecord->IsTRR(&mResolvedByTRR);
@ -2458,6 +2500,11 @@ void nsSocketTransport::OnSocketDetached(PRFileDesc* fd) {
mDNSRequest = nullptr;
}
if (mDNSTxtRequest) {
mDNSTxtRequest->Cancel(NS_ERROR_ABORT);
mDNSTxtRequest = nullptr;
}
//
// notify input/output streams
//
@ -2982,21 +3029,65 @@ nsSocketTransport::OnLookupComplete(nsICancelable* request, nsIDNSRecord* rec,
".",
this, static_cast<uint32_t>(status)));
if (NS_SUCCEEDED(status)) {
if (request == mDNSTxtRequest) {
if (NS_SUCCEEDED(status)) {
nsCOMPtr<nsIDNSTXTRecord> txtResponse = do_QueryInterface(rec);
txtResponse->GetRecordsAsOneString(mDNSRecordTxt);
mDNSRecordTxt.Trim(" ");
}
Telemetry::Accumulate(Telemetry::ESNI_KEYS_RECORDS_FOUND,
NS_SUCCEEDED(status));
// flag host lookup complete for the benefit of the ResolveHost method.
if (!mDNSRequest) {
mResolving = false;
MOZ_ASSERT(mDNSARequestFinished);
Telemetry::Accumulate(
Telemetry::ESNI_KEYS_RECORD_FETCH_DELAYS,
PR_IntervalToMilliseconds(PR_IntervalNow() - mDNSARequestFinished));
nsresult rv =
PostEvent(MSG_DNS_LOOKUP_COMPLETE, mDNSLookupStatus, nullptr);
// if posting a message fails, then we should assume that the socket
// transport has been shutdown. this should never happen! if it does
// it means that the socket transport service was shutdown before the
// DNS service.
if (NS_FAILED(rv)) {
NS_WARNING("unable to post DNS lookup complete message");
}
} else {
mDNSTxtRequest = nullptr;
}
return NS_OK;
}
if (NS_FAILED(status) && mDNSTxtRequest) {
mDNSTxtRequest->Cancel(NS_ERROR_ABORT);
} else if (NS_SUCCEEDED(status)) {
mDNSRecord = do_QueryInterface(rec);
MOZ_ASSERT(mDNSRecord);
}
// flag host lookup complete for the benefit of the ResolveHost method.
mResolving = false;
nsresult rv = PostEvent(MSG_DNS_LOOKUP_COMPLETE, status, nullptr);
if (!mDNSTxtRequest) {
if (mEsniQueried) {
Telemetry::Accumulate(Telemetry::ESNI_KEYS_RECORD_FETCH_DELAYS, 0);
}
mResolving = false;
nsresult rv = PostEvent(MSG_DNS_LOOKUP_COMPLETE, status, nullptr);
// if posting a message fails, then we should assume that the socket
// transport has been shutdown. this should never happen! if it does
// it means that the socket transport service was shutdown before the
// DNS service.
if (NS_FAILED(rv)) {
NS_WARNING("unable to post DNS lookup complete message");
// if posting a message fails, then we should assume that the socket
// transport has been shutdown. this should never happen! if it does
// it means that the socket transport service was shutdown before the
// DNS service.
if (NS_FAILED(rv)) {
NS_WARNING("unable to post DNS lookup complete message");
}
} else {
mDNSLookupStatus =
status; // remember the status to send it when esni lookup is ready.
mDNSRequest = nullptr;
mDNSARequestFinished = PR_IntervalNow();
}
return NS_OK;
@ -3571,8 +3662,8 @@ nsSocketTransport::GetResetIPFamilyPreference(bool* aReset) {
}
NS_IMETHODIMP
nsSocketTransport::GetEchConfigUsed(bool* aEchConfigUsed) {
*aEchConfigUsed = mEchConfigUsed;
nsSocketTransport::GetEsniUsed(bool* aEsniUsed) {
*aEsniUsed = mEsniUsed;
return NS_OK;
}

7
netwerk/base/nsSocketTransport2.h
Просмотреть файл

@ -327,8 +327,13 @@ class nsSocketTransport final : public nsASocketHandler,
nsCOMPtr<nsICancelable> mDNSRequest;
nsCOMPtr<nsIDNSAddrRecord> mDNSRecord;
nsresult mDNSLookupStatus;
PRIntervalTime mDNSARequestFinished;
nsCOMPtr<nsICancelable> mDNSTxtRequest;
nsCString mDNSRecordTxt;
nsCString mEchConfig;
bool mEchConfigUsed = false;
bool mEsniQueried;
bool mEsniUsed;
bool mResolvedByTRR;
// mNetAddr/mSelfAddr is valid from GetPeerAddr()/GetSelfAddr() once we have

18
netwerk/base/nsSocketTransportService2.cpp
Просмотреть файл

@ -57,6 +57,8 @@ static Atomic<PRThread*, Relaxed> gSocketThread(nullptr);
#define MAX_TIME_FOR_PR_CLOSE_DURING_SHUTDOWN \
"network.sts.max_time_for_pr_close_during_shutdown"
#define POLLABLE_EVENT_TIMEOUT "network.sts.pollable_event_timeout"
#define ESNI_ENABLED "network.security.esni.enabled"
#define ESNI_DISABLED_MITM "security.pki.mitm_detected"
#define REPAIR_POLLABLE_EVENT_TIME 10
@ -149,6 +151,8 @@ nsSocketTransportService::nsSocketTransportService()
mPolling(false)
#endif
,
mEsniEnabled(false),
mTrustedMitmDetected(false),
mNotTrustedMitmDetected(false) {
NS_ASSERTION(NS_IsMainThread(), "wrong thread");
@ -739,6 +743,8 @@ static const char* gCallbackPrefs[] = {
MAX_TIME_BETWEEN_TWO_POLLS,
MAX_TIME_FOR_PR_CLOSE_DURING_SHUTDOWN,
POLLABLE_EVENT_TIMEOUT,
ESNI_ENABLED,
ESNI_DISABLED_MITM,
"network.socket.forcePort",
nullptr,
};
@ -1511,6 +1517,18 @@ nsresult nsSocketTransportService::UpdatePrefs() {
mPollableEventTimeout = TimeDuration::FromSeconds(pollableEventTimeout);
}
bool esniPref = false;
rv = Preferences::GetBool(ESNI_ENABLED, &esniPref);
if (NS_SUCCEEDED(rv)) {
mEsniEnabled = esniPref;
}
bool esniMitmPref = false;
rv = Preferences::GetBool(ESNI_DISABLED_MITM, &esniMitmPref);
if (NS_SUCCEEDED(rv)) {
mTrustedMitmDetected = esniMitmPref;
}
nsAutoCString portMappingPref;
rv = Preferences::GetCString("network.socket.forcePort", portMappingPref);
if (NS_SUCCEEDED(rv)) {

6
netwerk/base/nsSocketTransportService2.h
Просмотреть файл

@ -122,6 +122,10 @@ class nsSocketTransportService final : public nsPISocketTransportService,
bool IsTelemetryEnabledAndNotSleepPhase();
PRIntervalTime MaxTimeForPrClosePref() { return mMaxTimeForPrClosePref; }
bool IsEsniEnabled() {
return mEsniEnabled && !mTrustedMitmDetected && !mNotTrustedMitmDetected;
}
void SetNotTrustedMitmDetected() { mNotTrustedMitmDetected = true; }
// According the preference value of `network.socket.forcePort` this method
@ -339,6 +343,8 @@ class nsSocketTransportService final : public nsPISocketTransportService,
void TryRepairPollableEvent();
bool mEsniEnabled;
bool mTrustedMitmDetected;
bool mNotTrustedMitmDetected;
CopyableTArray<nsCOMPtr<nsISTSShutdownObserver>> mShutdownObservers;

2
netwerk/protocol/http/HalfOpenSocket.cpp
Просмотреть файл

@ -168,7 +168,7 @@ nsresult HalfOpenSocket::SetupStreams(nsISocketTransport** transport,
}
if (ci->GetLessThanTls13()) {
tmpFlags |= nsISocketTransport::DONT_TRY_ECH;
tmpFlags |= nsISocketTransport::DONT_TRY_ESNI_OR_ECH;
}
if (((mCaps & NS_HTTP_BE_CONSERVATIVE) || ci->GetBeConservative()) &&

5
netwerk/protocol/http/HttpConnectionBase.cpp
Просмотреть файл

@ -17,6 +17,11 @@
#define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
#define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
#define ESNI_SUCCESSFUL 0
#define ESNI_FAILED 1
#define NO_ESNI_SUCCESSFUL 2
#define NO_ESNI_FAILED 3
#include "mozilla/Telemetry.h"
#include "HttpConnectionBase.h"
#include "nsHttpHandler.h"

5
netwerk/protocol/http/HttpConnectionUDP.cpp
Просмотреть файл

@ -17,6 +17,11 @@
#define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
#define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
#define ESNI_SUCCESSFUL 0
#define ESNI_FAILED 1
#define NO_ESNI_SUCCESSFUL 2
#define NO_ESNI_FAILED 3
#include "ASpdySession.h"
#include "mozilla/ChaosMode.h"
#include "mozilla/Telemetry.h"

4
netwerk/protocol/http/TunnelUtils.cpp
Просмотреть файл

@ -2059,9 +2059,9 @@ SocketTransportShim::GetFirstRetryError(nsresult* aFirstRetryError) {
}
NS_IMETHODIMP
SocketTransportShim::GetEchConfigUsed(bool* aEchConfigUsed) {
SocketTransportShim::GetEsniUsed(bool* aEsniUsed) {
if (mIsWebsocket) {
LOG3(("WARNING: SocketTransportShim::GetEchConfigUsed %p", this));
LOG3(("WARNING: SocketTransportShim::GetEsniUsed %p", this));
}
return NS_ERROR_NOT_IMPLEMENTED;
}

17
netwerk/protocol/http/nsHttpConnection.cpp
Просмотреть файл

@ -17,6 +17,11 @@
#define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
#define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
#define ESNI_SUCCESSFUL 0
#define ESNI_FAILED 1
#define NO_ESNI_SUCCESSFUL 2
#define NO_ESNI_FAILED 3
#include "ASpdySession.h"
#include "mozilla/ChaosMode.h"
#include "mozilla/Telemetry.h"
@ -696,6 +701,18 @@ npnComplete:
mDid0RTTSpdy = false;
}
if (ssl) {
// Telemetry for tls failure rate with and without esni;
bool esni = false;
if (NS_SUCCEEDED(mSocketTransport->GetEsniUsed(&esni))) {
Telemetry::Accumulate(
Telemetry::ESNI_NOESNI_TLS_SUCCESS_RATE,
(esni)
? ((handshakeSucceeded) ? ESNI_SUCCESSFUL : ESNI_FAILED)
: ((handshakeSucceeded) ? NO_ESNI_SUCCESSFUL : NO_ESNI_FAILED));
}
}
if (rv == psm::GetXPCOMFromNSSError(
mozilla::pkix::MOZILLA_PKIX_ERROR_MITM_DETECTED)) {
gSocketTransportService->SetNotTrustedMitmDetected();

16
netwerk/test/unit/test_dns_by_type_resolve.js → netwerk/test/unit/test_esni_dns_fetch.js
Просмотреть файл

@ -32,6 +32,7 @@ function setup() {
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
prefs.setBoolPref("network.security.esni.enabled", false);
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
// the TRR server is on 127.0.0.1
@ -60,6 +61,7 @@ function setup() {
setup();
registerCleanupFunction(() => {
prefs.clearUserPref("network.security.esni.enabled");
prefs.clearUserPref("network.http.spdy.enabled");
prefs.clearUserPref("network.http.spdy.enabled.http2");
prefs.clearUserPref("network.dns.localDomains");
@ -99,7 +101,7 @@ DNSListener.prototype.QueryInterface = ChromeUtils.generateQI([
"nsIDNSListener",
]);
add_task(async function testTXTResolve() {
add_task(async function testEsniRequest() {
// use the h2 server as DOH provider
prefs.setCharPref(
"network.trr.uri",
@ -126,11 +128,11 @@ add_task(async function testTXTResolve() {
Assert.equal(answer, test_answer, "got correct answer");
});
// verify TXT record pushed on a A record request
add_task(async function testTXTRecordPushPart1() {
// verify esni record pushed on a A record request
add_task(async function testEsniPushPart1() {
prefs.setCharPref(
"network.trr.uri",
"https://foo.example.com:" + h2Port + "/txt-dns-push"
"https://foo.example.com:" + h2Port + "/esni-dns-push"
);
let listenerAddr = new DNSListener();
let request = dns.asyncResolve(
@ -151,8 +153,8 @@ add_task(async function testTXTRecordPushPart1() {
Assert.equal(answer, test_answer_addr, "got correct answer");
});
// verify the TXT pushed record
add_task(async function testTXTRecordPushPart2() {
// verify the esni pushed record
add_task(async function testEsniPushPart2() {
// At this point the second host name should've been pushed and we can resolve it using
// cache only. Set back the URI to a path that fails.
prefs.setCharPref(
@ -179,7 +181,7 @@ add_task(async function testTXTRecordPushPart2() {
Assert.equal(answer, test_answer, "got correct answer");
});
add_task(async function testHTTPSSVCResolve() {
add_task(async function testEsniHTTPSSVC() {
prefs.setCharPref(
"network.trr.uri",
"https://foo.example.com:" + h2Port + "/doh"

2
netwerk/test/unit/test_httpssvc_iphint.js
Просмотреть файл

@ -35,6 +35,7 @@ function setup() {
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
prefs.setBoolPref("network.security.esni.enabled", false);
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
// the TRR server is on 127.0.0.1
@ -66,6 +67,7 @@ function setup() {
setup();
registerCleanupFunction(() => {
prefs.clearUserPref("network.security.esni.enabled");
prefs.clearUserPref("network.http.spdy.enabled");
prefs.clearUserPref("network.http.spdy.enabled.http2");
prefs.clearUserPref("network.dns.localDomains");

2
netwerk/test/unit/test_httpssvc_priority.js
Просмотреть файл

@ -34,6 +34,7 @@ function setup() {
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
prefs.setBoolPref("network.security.esni.enabled", false);
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
// the TRR server is on 127.0.0.1
@ -62,6 +63,7 @@ function setup() {
setup();
registerCleanupFunction(() => {
prefs.clearUserPref("network.security.esni.enabled");
prefs.clearUserPref("network.http.spdy.enabled");
prefs.clearUserPref("network.http.spdy.enabled.http2");
prefs.clearUserPref("network.dns.localDomains");

2
netwerk/test/unit/test_trr_httpssvc.js
Просмотреть файл

@ -39,6 +39,7 @@ function setup() {
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
prefs.setBoolPref("network.security.esni.enabled", false);
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
// the TRR server is on 127.0.0.1
@ -68,6 +69,7 @@ function setup() {
if (!inChildProcess()) {
setup();
registerCleanupFunction(() => {
prefs.clearUserPref("network.security.esni.enabled");
prefs.clearUserPref("network.http.spdy.enabled");
prefs.clearUserPref("network.http.spdy.enabled.http2");
prefs.clearUserPref("network.dns.localDomains");

2
netwerk/test/unit/test_use_httpssvc.js
Просмотреть файл

@ -35,6 +35,7 @@ function setup() {
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
prefs.setBoolPref("network.security.esni.enabled", false);
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
// the TRR server is on 127.0.0.1
@ -66,6 +67,7 @@ function setup() {
setup();
registerCleanupFunction(() => {
prefs.clearUserPref("network.security.esni.enabled");
prefs.clearUserPref("network.http.spdy.enabled");
prefs.clearUserPref("network.http.spdy.enabled.http2");
prefs.clearUserPref("network.dns.localDomains");

2
netwerk/test/unit/xpcshell.ini
Просмотреть файл

@ -408,7 +408,7 @@ skip-if = tsan || socketprocess_networking # Bug 1614708
[test_captive_portal_service.js]
run-sequentially = node server exceptions dont replay well
skip-if = socketprocess_networking
[test_dns_by_type_resolve.js]
[test_esni_dns_fetch.js]
[test_network_connectivity_service.js]
[test_suspend_channel_on_authRetry.js]
[test_suspend_channel_on_examine_merged_response.js]

4
netwerk/test/unit_ipc/child_dns_by_type_resolve.js → netwerk/test/unit_ipc/child_esni_dns_fetch1.js
Просмотреть файл

@ -32,7 +32,7 @@ DNSListener.prototype.QueryInterface = ChromeUtils.generateQI([
"nsIDNSListener",
]);
add_task(async function testTXTResolve() {
add_task(async function testEsniRequest() {
// use the h2 server as DOH provider
let listenerEsni = new DNSListener();
let request = dns.asyncResolve(
@ -54,7 +54,7 @@ add_task(async function testTXTResolve() {
Assert.equal(answer, test_answer, "got correct answer");
});
add_task(async function testHTTPSSVCResolve() {
add_task(async function testEsniHTTPSSVC() {
// use the h2 server as DOH provider
let listenerEsni = new DNSListener();
let request = dns.asyncResolve(

4
netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js → netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
Просмотреть файл

@ -15,6 +15,7 @@ function setup() {
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
prefs.setBoolPref("network.security.esni.enabled", false);
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
// the TRR server is on 127.0.0.1
@ -43,6 +44,7 @@ function setup() {
setup();
registerCleanupFunction(() => {
prefs.clearUserPref("network.security.esni.enabled");
prefs.clearUserPref("network.http.spdy.enabled");
prefs.clearUserPref("network.http.spdy.enabled.http2");
prefs.clearUserPref("network.dns.localDomains");
@ -65,5 +67,5 @@ function run_test() {
"network.trr.uri",
"https://foo.example.com:" + h2Port + "/doh"
);
run_test_in_child("child_dns_by_type_resolve.js");
run_test_in_child("child_esni_dns_fetch1.js");
}

4
netwerk/test/unit_ipc/xpcshell.ini
Просмотреть файл

@ -61,7 +61,7 @@ support-files =
!/netwerk/test/unit/test_httpcancel.js
!/netwerk/test/unit/test_trr_httpssvc.js
child_cookie_header.js
child_dns_by_type_resolve.js
child_esni_dns_fetch1.js
[test_cookie_header_stripped.js]
[test_cacheflags_wrap.js]
@ -108,6 +108,6 @@ skip-if = true
[test_multipart_streamconv_wrap.js]
[test_alt-data_cross_process_wrap.js]
[test_httpcancel_wrap.js]
[test_dns_by_type_resolve_wrap.js]
[test_esni_dns_fetch_wrap.js]
[test_trr_httpssvc_wrap.js]
skip-if = os == "android"

6
testing/xpcshell/moz-http2/moz-http2.js
Просмотреть файл

@ -722,7 +722,7 @@ function handleRequest(req, res) {
});
}
// for use with test_dns_by_type_resolve.js
// for use with test_esni_dns_fetch.js
if (packet.questions[0].type == "TXT") {
answers.push({
name: packet.questions[0].name,
@ -1036,8 +1036,8 @@ function handleRequest(req, res) {
// it's just meant to be this slow - the test doesn't care about the actual response
return;
}
// for use with test_dns_by_type_resolve.js
else if (u.pathname === "/txt-dns-push") {
// for use with test_esni_dns_fetch.js
else if (u.pathname === "/esni-dns-push") {
// _esni_push.example.com has A entry 127.0.0.1
let rContent = Buffer.from(
"0000010000010001000000000A5F65736E695F70757368076578616D706C6503636F6D0000010001C00C000100010000003700047F000001",

33
toolkit/components/telemetry/Histograms.json
Просмотреть файл

@ -2637,6 +2637,39 @@
"bug_numbers": [1296288, 1654309],
"releaseChannelCollection": "opt-out"
},
"ESNI_KEYS_RECORD_FETCH_DELAYS": {
"record_in_processes": ["main"],
"products": ["firefox", "fennec"],
"expires_in_version": "70",
"kind": "exponential",
"high": 60000,
"n_buckets": 100,
"description": "Added delays caused the esni keys fetching.(ms)",
"alert_emails": ["necko@mozilla.com", "ddamjanovic@mozilla.com"],
"bug_numbers": [1473736],
"releaseChannelCollection": "opt-out"
},
"ESNI_KEYS_RECORDS_FOUND": {
"record_in_processes": ["main"],
"products": ["firefox", "fennec"],
"expires_in_version": "70",
"kind": "boolean",
"description": "ESNI Keys found rate.",
"alert_emails": ["necko@mozilla.com", "ddamjanovic@mozilla.com"],
"bug_numbers": [1473736],
"releaseChannelCollection": "opt-out"
},
"ESNI_NOESNI_TLS_SUCCESS_RATE": {
"record_in_processes": ["main"],
"products": ["firefox", "fennec"],
"expires_in_version": "70",
"kind": "categorical",
"labels": ["EsniTLSSucceeded", "EsniTLSFailed", "NoEsniTLSSucceeded", "NoEsniTLSFailed"],
"description": "TLS handshake with and without esni success rate.",
"alert_emails": ["necko@mozilla.com", "ddamjanovic@mozilla.com"],
"bug_numbers": [1473736],
"releaseChannelCollection": "opt-out"
},
"SSL_HANDSHAKE_VERSION": {
"record_in_processes": ["main", "content"],
"products": ["firefox", "fennec"],

4
tools/lint/rejected-words.yml
Просмотреть файл

@ -242,14 +242,14 @@ avoid-blacklist-and-whitelist:
- netwerk/socket/nsSOCKSSocketProvider.cpp
- netwerk/test/gtest/TestCookie.cpp
- netwerk/test/unit/head_trr.js
- netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js
- netwerk/test/unit_ipc/test_esni_dns_fetch_wrap.js
- netwerk/test/unit_ipc/test_trr_httpssvc_wrap.js
- netwerk/test/unit/test_bug396389.js
- netwerk/test/unit/test_bug427957.js
- netwerk/test/unit/test_bug464591.js
- netwerk/test/unit/test_bug479413.js
- netwerk/test/unit/test_cookie_blacklist.js
- netwerk/test/unit/test_dns_by_type_resolve.js
- netwerk/test/unit/test_esni_dns_fetch.js
- netwerk/test/unit/test_idn_blacklist.js
- netwerk/test/unit/test_idn_urls.js
- netwerk/test/unit/test_trr_httpssvc.js