Bug 1660975 - Move some TRR prefs to StaticPrefList.yaml r=nhnt11

Differential Revision: https://phabricator.services.mozilla.com/D88123
2020-08-31 12:49:59 +00:00 · 2020-08-31 12:49:59 +00:00 · 8e8a6ed3eb
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -8141,6 +8141,12 @@
  value: false
  mirror: always

+# Whether DNS resolution is limited to literals and cached entries.
+- name: network.dns.skipTRR-when-parental-control-enabled
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
 - name: network.dns.disablePrefetchFromHTTPS
  type: bool
  value: true
@ -8256,6 +8262,63 @@
  value: false
  mirror: always

+# If we should wait for captive portal confirmation before enabling TRR
+- name: network.trr.wait-for-portal
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
+# Use GET (rather than POST)
+- name: network.trr.useGET
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
+# Allow RFC1918 address in responses?
+- name: network.trr.allow-rfc1918
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
+# Allow AAAA entries to be used "early", before the A results are in
+- name: network.trr.early-AAAA
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
+# When true, it only sends AAAA when the system has IPv6 connectivity
+- name: network.trr.skip-AAAA-when-not-supported
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
+# When true, the DNS request will wait for both A and AAAA responses
+# (if both have been requested) before notifying the listeners.
+# When true, it effectively cancels `network.trr.early-AAAA`
+- name: network.trr.wait-for-A-and-AAAA
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
+# Explicitly disable ECS (EDNS Client Subnet, RFC 7871)
+- name: network.trr.disable-ECS
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
+# When true, the DNS+TRR cache will be cleared when a relevant TRR pref
+# changes. (uri, bootstrapAddress, excluded-domains)
+- name: network.trr.clear-cache-on-pref-change
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
+# After this many failed TRR requests in a row, consider TRR borked
+- name: network.trr.max-fails
+  type: RelaxedAtomicUint32
+  value: 5
+  mirror: always
+
 # Allow the network changed event to get sent when a network topology or setup
 # change is noticed while running.
 - name: network.notify.changed
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -1788,9 +1788,6 @@ pref("network.dns.offline-localhost", true);
 // A negative value will keep the thread alive forever.
 pref("network.dns.resolver-thread-extra-idle-time-seconds", 60);

-// Whether to disable TRR when parental control is enabled.
-pref("network.dns.skipTRR-when-parental-control-enabled", true);
-
 // Idle timeout for ftp control connections - 5 minute default
 pref("network.ftp.idleConnectionTimeout", 300);

@ -4086,17 +4083,6 @@ pref("network.trr.resolvers", "[{ \"name\": \"Cloudflare\", \"url\": \"https://m
 // credentials to pass to DOH end-point
 pref("network.trr.credentials", "");
 pref("network.trr.custom_uri", "");
-// Wait for captive portal confirmation before enabling TRR
-#if defined(ANDROID)
-  // On Android, the captive portal is handled by the OS itself
-  pref("network.trr.wait-for-portal", false);
-#else
-  pref("network.trr.wait-for-portal", false);
-#endif
-// Allow RFC1918 address in responses?
-pref("network.trr.allow-rfc1918", false);
-// Use GET (rather than POST)
-pref("network.trr.useGET", false);
 // Before TRR is widely used the NS record for this host is fetched
 // from the DOH end point to ensure proper configuration
 pref("network.trr.confirmationNS", "example.com");
@ -4106,24 +4092,9 @@ pref("network.trr.bootstrapAddress", "");
 // TRR blacklist entry expire time (in seconds). Default is one minute.
 // Meant to survive basically a page load.
 pref("network.trr.blacklist-duration", 60);
-// Allow AAAA entries to be used "early", before the A results are in
-pref("network.trr.early-AAAA", false);
-// When true, it only sends AAAA when the system has IPv6 connectivity
-pref("network.trr.skip-AAAA-when-not-supported", true);
-// When true, the DNS request will wait for both A and AAAA responses
-// (if both have been requested) before notifying the listeners.
-// When true, it effectively cancels `network.trr.early-AAAA`
-pref("network.trr.wait-for-A-and-AAAA", true);
-// Explicitly disable ECS (EDNS Client Subnet, RFC 7871)
-pref("network.trr.disable-ECS", true);
-// After this many failed TRR requests in a row, consider TRR borked
-pref("network.trr.max-fails", 5);
 // Comma separated list of domains that we should not use TRR for
 pref("network.trr.excluded-domains", "");
 pref("network.trr.builtin-excluded-domains", "localhost,local");
-// When true, the DNS+TRR cache will be cleared when a relevant TRR pref
-// changes. (uri, bootstrapAddress, excluded-domains)
-pref("network.trr.clear-cache-on-pref-change", true);

 pref("captivedetect.canonicalURL", "http://detectportal.firefox.com/success.txt");
 pref("captivedetect.canonicalContent", "success\n");
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@ -1780,6 +1780,7 @@ nsresult nsStandardURL::SetUsername(const nsACString& input) {
    }
    shift = ReplaceSegment(pos, len, escUsername);
    mUsername.mLen = escUsername.Length() > 0 ? escUsername.Length() : -1;
+    mUsername.mPos = pos;
  }

  if (shift) {
--- a/netwerk/dns/TRR.cpp
+++ b/netwerk/dns/TRR.cpp
@ -273,10 +273,10 @@ nsresult TRR::SendHTTPRequest() {
    }
  }

-  bool useGet = gTRRService->UseGET();
+  bool useGet = StaticPrefs::network_trr_useGET();
  nsAutoCString body;
  nsCOMPtr<nsIURI> dnsURI;
-  bool disableECS = gTRRService->DisableECS();
+  bool disableECS = StaticPrefs::network_trr_disable_ECS();
  nsresult rv;

  LOG(("TRR::SendHTTPRequest resolve %s type %u\n", mHost.get(), mType));
@ -387,7 +387,7 @@ nsresult TRR::SendHTTPRequest() {
  rv = internalChannel->SetIsTRRServiceChannel(true);
  NS_ENSURE_SUCCESS(rv, rv);

-  mAllowRFC1918 = gTRRService->AllowRFC1918();
+  mAllowRFC1918 = StaticPrefs::network_trr_allow_rfc1918();

  if (useGet) {
    rv = httpChannel->SetRequestMethod("GET"_ns);
--- a/netwerk/dns/TRRService.cpp
+++ b/netwerk/dns/TRRService.cpp
@ -25,8 +25,6 @@ static const char kOpenCaptivePortalLoginEvent[] = "captive-portal-login";
 static const char kClearPrivateData[] = "clear-private-data";
 static const char kPurge[] = "browser:purge-session-history";
 static const char kDisableIpv6Pref[] = "network.dns.disableIPv6";
-static const char kPrefSkipTRRParentalControl[] =
-    "network.dns.skipTRR-when-parental-control-enabled";
 static const char kRolloutURIPref[] = "doh-rollout.uri";
 static const char kRolloutModePref[] = "doh-rollout.mode";

@ -50,13 +48,7 @@ TRRService::TRRService()
      mBlocklistDurationSeconds(60),
      mLock("trrservice"),
      mConfirmationNS("example.com"_ns),
-      mWaitForCaptive(true),
-      mRfc1918(false),
      mCaptiveIsPassed(false),
-      mUseGET(false),
-      mDisableECS(true),
-      mSkipTRRWhenParentalControlEnabled(true),
-      mDisableAfterFails(5),
      mTRRBLStorage("DataMutex::TRRBlocklist"),
      mConfirmationState(CONFIRM_INIT),
      mRetryConfirmInterval(1000),
@ -159,7 +151,6 @@ nsresult TRRService::Init() {
  if (prefBranch) {
    prefBranch->AddObserver(TRR_PREF_PREFIX, this, true);
    prefBranch->AddObserver(kDisableIpv6Pref, this, true);
-    prefBranch->AddObserver(kPrefSkipTRRParentalControl, this, true);
    prefBranch->AddObserver(kRolloutURIPref, this, true);
    prefBranch->AddObserver(kRolloutModePref, this, true);
  }
@ -232,7 +223,7 @@ bool TRRService::Enabled(nsIRequest::TRRMode aMode) {
    return false;
  }
  if (mConfirmationState == CONFIRM_INIT &&
-      (!mWaitForCaptive || mCaptiveIsPassed ||
+      (!StaticPrefs::network_trr_wait_for_portal() || mCaptiveIsPassed ||
       (mMode == MODE_TRRONLY || aMode == nsIRequest::TRR_ONLY_MODE))) {
    LOG(("TRRService::Enabled => CONFIRM_TRYING\n"));
    mConfirmationState = CONFIRM_TRYING;
@ -325,25 +316,6 @@ nsresult TRRService::ReadPrefs(const char* name) {
    Preferences::GetCString(TRR_PREF("bootstrapAddress"), mBootstrapAddr);
    clearEntireCache = true;
  }
-  if (!name || !strcmp(name, TRR_PREF("wait-for-portal"))) {
-    // Wait for captive portal?
-    bool tmp;
-    if (NS_SUCCEEDED(Preferences::GetBool(TRR_PREF("wait-for-portal"), &tmp))) {
-      mWaitForCaptive = tmp;
-    }
-  }
-  if (!name || !strcmp(name, TRR_PREF("allow-rfc1918"))) {
-    bool tmp;
-    if (NS_SUCCEEDED(Preferences::GetBool(TRR_PREF("allow-rfc1918"), &tmp))) {
-      mRfc1918 = tmp;
-    }
-  }
-  if (!name || !strcmp(name, TRR_PREF("useGET"))) {
-    bool tmp;
-    if (NS_SUCCEEDED(Preferences::GetBool(TRR_PREF("useGET"), &tmp))) {
-      mUseGET = tmp;
-    }
-  }
  if (!name || !strcmp(name, TRR_PREF("blacklist-duration"))) {
    // prefs is given in number of seconds
    uint32_t secs;
@ -352,45 +324,12 @@ nsresult TRRService::ReadPrefs(const char* name) {
      mBlocklistDurationSeconds = secs;
    }
  }
-  if (!name || !strcmp(name, TRR_PREF("early-AAAA"))) {
-    bool tmp;
-    if (NS_SUCCEEDED(Preferences::GetBool(TRR_PREF("early-AAAA"), &tmp))) {
-      mEarlyAAAA = tmp;
-    }
-  }
-
-  if (!name || !strcmp(name, TRR_PREF("skip-AAAA-when-not-supported"))) {
-    bool tmp;
-    if (NS_SUCCEEDED(Preferences::GetBool(
-            TRR_PREF("skip-AAAA-when-not-supported"), &tmp))) {
-      mCheckIPv6Connectivity = tmp;
-    }
-  }
-  if (!name || !strcmp(name, TRR_PREF("wait-for-A-and-AAAA"))) {
-    bool tmp;
-    if (NS_SUCCEEDED(
-            Preferences::GetBool(TRR_PREF("wait-for-A-and-AAAA"), &tmp))) {
-      mWaitForAllResponses = tmp;
-    }
-  }
  if (!name || !strcmp(name, kDisableIpv6Pref)) {
    bool tmp;
    if (NS_SUCCEEDED(Preferences::GetBool(kDisableIpv6Pref, &tmp))) {
      mDisableIPv6 = tmp;
    }
  }
-  if (!name || !strcmp(name, TRR_PREF("disable-ECS"))) {
-    bool tmp;
-    if (NS_SUCCEEDED(Preferences::GetBool(TRR_PREF("disable-ECS"), &tmp))) {
-      mDisableECS = tmp;
-    }
-  }
-  if (!name || !strcmp(name, TRR_PREF("max-fails"))) {
-    uint32_t fails;
-    if (NS_SUCCEEDED(Preferences::GetUint(TRR_PREF("max-fails"), &fails))) {
-      mDisableAfterFails = fails;
-    }
-  }
  if (!name || !strcmp(name, TRR_PREF("excluded-domains")) ||
      !strcmp(name, TRR_PREF("builtin-excluded-domains"))) {
    MutexAutoLock lock(mLock);
@ -417,13 +356,6 @@ nsresult TRRService::ReadPrefs(const char* name) {
    clearEntireCache = true;
  }

-  if (!name || !strcmp(name, kPrefSkipTRRParentalControl)) {
-    bool tmp;
-    if (NS_SUCCEEDED(Preferences::GetBool(kPrefSkipTRRParentalControl, &tmp))) {
-      mSkipTRRWhenParentalControlEnabled = tmp;
-    }
-  }
-
  // if name is null, then we're just now initializing. In that case we don't
  // need to clear the cache.
  if (name && clearEntireCache) {
@ -434,13 +366,7 @@ nsresult TRRService::ReadPrefs(const char* name) {
 }

 void TRRService::ClearEntireCache() {
-  bool tmp;
-  nsresult rv =
-      Preferences::GetBool(TRR_PREF("clear-cache-on-pref-change"), &tmp);
-  if (NS_FAILED(rv)) {
-    return;
-  }
-  if (!tmp) {
+  if (!StaticPrefs::network_trr_clear_cache_on_pref_change()) {
    return;
  }
  nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID);
@ -847,7 +773,7 @@ void TRRService::TRRIsOkay(enum TrrOkay aReason) {
  } else if ((mMode == MODE_TRRFIRST) && (mConfirmationState == CONFIRM_OK)) {
    // only count failures while in OK state
    uint32_t fails = ++mTRRFailures;
-    if (fails >= mDisableAfterFails) {
+    if (fails >= StaticPrefs::network_trr_max_fails()) {
      LOG(("TRRService goes FAILED after %u failures in a row\n", fails));
      mConfirmationState = CONFIRM_FAILED;
      // Fire off a timer and start re-trying the NS domain again
--- a/netwerk/dns/TRRService.h
+++ b/netwerk/dns/TRRService.h
@ -39,16 +39,7 @@ class TRRService : public TRRServiceBase,
  bool Enabled(nsIRequest::TRRMode aMode = nsIRequest::TRR_FIRST_MODE);
  bool IsConfirmed() { return mConfirmationState == CONFIRM_OK; }

-  bool AllowRFC1918() { return mRfc1918; }
-  bool UseGET() { return mUseGET; }
-  bool EarlyAAAA() { return mEarlyAAAA; }
-  bool CheckIPv6Connectivity() { return mCheckIPv6Connectivity; }
-  bool WaitForAllResponses() { return mWaitForAllResponses; }
  bool DisableIPv6() { return mDisableIPv6; }
-  bool DisableECS() { return mDisableECS; }
-  bool SkipTRRWhenParentalControlEnabled() {
-    return mSkipTRRWhenParentalControlEnabled;
-  }
  nsresult GetURI(nsACString& result);
  nsresult GetCredentials(nsCString& result);
  uint32_t GetRequestTimeout();
@ -120,21 +111,9 @@ class TRRService : public TRRServiceBase,
  nsCString mConfirmationNS;
  nsCString mBootstrapAddr;

-  Atomic<bool, Relaxed> mWaitForCaptive;  // wait for the captive portal to say
-                                          // OK before using TRR
  Atomic<bool, Relaxed>
-      mRfc1918;  // okay with local IP addresses in DOH responses?
-  Atomic<bool, Relaxed>
-      mCaptiveIsPassed;           // set when captive portal check is passed
-  Atomic<bool, Relaxed> mUseGET;  // do DOH using GET requests (instead of POST)
-  Atomic<bool, Relaxed> mEarlyAAAA;  // allow use of AAAA results before A is in
-  Atomic<bool, Relaxed> mCheckIPv6Connectivity;  // check IPv6 connectivity
-  Atomic<bool, Relaxed> mWaitForAllResponses;  // Don't notify until all are in
-  Atomic<bool, Relaxed> mDisableIPv6;          // don't even try
-  Atomic<bool, Relaxed> mDisableECS;  // disable EDNS Client Subnet in requests
-  Atomic<bool, Relaxed> mSkipTRRWhenParentalControlEnabled;
-  Atomic<uint32_t, Relaxed>
-      mDisableAfterFails;  // this many fails in a row means failed TRR service
+      mCaptiveIsPassed;  // set when captive portal check is passed
+  Atomic<bool, Relaxed> mDisableIPv6;  // don't even try

  // TRR Blocklist storage
  // mTRRBLStorage is only modified on the main thread, but we query whether it
--- a/netwerk/dns/nsHostResolver.cpp
+++ b/netwerk/dns/nsHostResolver.cpp
@ -1384,7 +1384,7 @@ nsresult nsHostResolver::TrrLookup(nsHostRecord* aRec, TRR* pushedTRR) {
      sendAgain = false;
      if ((TRRTYPE_AAAA == rectype) && gTRRService &&
          (gTRRService->DisableIPv6() ||
-           (gTRRService->CheckIPv6Connectivity() && mNCS &&
+           (StaticPrefs::network_trr_skip_AAAA_when_not_supported() && mNCS &&
            mNCS->GetIPv6() == nsINetworkConnectivityService::NOT_AVAILABLE))) {
        break;
      }
@ -1558,7 +1558,7 @@ void nsHostResolver::ComputeEffectiveTRRMode(nsHostRecord* aRec) {
    return;
  }

-  if (gTRRService->SkipTRRWhenParentalControlEnabled() &&
+  if (StaticPrefs::network_dns_skipTRR_when_parental_control_enabled() &&
      gTRRService->ParentalControlEnabled()) {
    aRec->RecordReason(nsHostRecord::TRR_PARENTAL_CONTROL);
    aRec->mEffectiveTRRMode = nsIRequest::TRR_DISABLED_MODE;
@ -1984,12 +1984,12 @@ nsHostResolver::LookupStatus nsHostResolver::CompleteLookup(
        return LOOKUP_OK;
      }

-      if (gTRRService && gTRRService->WaitForAllResponses()) {
+      if (gTRRService && StaticPrefs::network_trr_wait_for_A_and_AAAA()) {
        LOG(("CompleteLookup: waiting for all responses!\n"));
        return LOOKUP_OK;
      }

-      if (addrRec->mTrrA && (!gTRRService || !gTRRService->EarlyAAAA())) {
+      if (addrRec->mTrrA && !StaticPrefs::network_trr_early_AAAA()) {
        // This is an early AAAA with a pending A response. Allowed
        // only by pref.
        LOG(("CompleteLookup: avoiding early use of TRR AAAA!\n"));