bug 1443489 - TRR: require a pref set to allow early AAAA responses r=valentin

Early AAAA responses might cause issues on hosts without working native IPv6 connectivity, of course especially notable in TRR-only mode. MozReview-Commit-ID: 6ZqE6AKnucH --HG-- extra : rebase_source : ff42cb8daf941a3fa1f7e783c76d823e879024c3
2018-03-06 16:07:29 +01:00 · 2018-03-06 16:07:29 +01:00 · 80c6547919
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -5491,6 +5491,8 @@ pref("network.trr.bootstrapAddress", "");
 pref("network.trr.blacklist-duration", 259200);
 // Single TRR request timeout, in milliseconds
 pref("network.trr.request-timeout", 3000);
+// Allow AAAA entries to be used "early", before the A results are in
+pref("network.trr.early-AAAA", false);

 pref("captivedetect.canonicalURL", "http://detectportal.firefox.com/success.txt");
 pref("captivedetect.canonicalContent", "success\n");
--- a/netwerk/dns/TRRService.cpp
+++ b/netwerk/dns/TRRService.cpp
@ -188,6 +188,12 @@ TRRService::ReadPrefs(const char *name)
      mTRRTimeout = ms;
    }
  }
+  if (!name || !strcmp(name, TRR_PREF("early-AAAA"))) {
+    bool tmp;
+    if (NS_SUCCEEDED(Preferences::GetBool(TRR_PREF("early-AAAA"), &tmp))) {
+      mEarlyAAAA = tmp;
+    }
+  }

  return NS_OK;
 }
--- a/netwerk/dns/TRRService.h
+++ b/netwerk/dns/TRRService.h
@ -34,6 +34,7 @@ public:
  uint32_t Mode() { return mMode; }
  bool AllowRFC1918() { return mRfc1918; }
  bool UseGET() { return mUseGET; }
+  bool EarlyAAAA() { return mEarlyAAAA; }
  nsresult GetURI(nsCString &result);
  nsresult GetCredentials(nsCString &result);
  uint32_t GetRequestTimeout() { return mTRRTimeout; }
@ -65,6 +66,7 @@ private:
  Atomic<bool, Relaxed> mRfc1918; // okay with local IP addresses in DOH responses?
  Atomic<bool, Relaxed> mCaptiveIsPassed; // set when captive portal check is passed
  Atomic<bool, Relaxed> mUseGET; // do DOH using GET requests (instead of POST)
+  Atomic<bool, Relaxed> mEarlyAAAA; // allow use of AAAA results before A is in

  // TRR Blacklist storage
  RefPtr<DataStorage> mTRRBLStorage;
--- a/netwerk/dns/nsHostResolver.cpp
+++ b/netwerk/dns/nsHostResolver.cpp
@ -1527,6 +1527,13 @@ nsHostResolver::CompleteLookup(nsHostRecord* rec, nsresult status, AddrInfo* aNe
                return LOOKUP_OK;
            }

+            if (rec->mTrrA && (!gTRRService || !gTRRService->EarlyAAAA())) {
+                // This is an early AAAA with a pending A response. Allowed
+                // only by pref.
+                LOG(("CompleteLookup: avoiding early use of TRR AAAA!\n"));
+                return LOOKUP_OK;
+            }
+
            // we can do some callbacks with this partial result which requires
            // a deep copy
            newRRSet = new AddrInfo(rec->mFirstTRR);