Prevent DOS attack on UDP echo servers by distinguishing between an echo request

chrome/browser/net/network_stats.h

Index: chrome/browser/net/network_stats.h
===================================================================
--- chrome/browser/net/network_stats.h	(revision 93322)
+++ chrome/browser/net/network_stats.h	(working copy)
@@ -11,6 +11,7 @@
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/string_util.h"
 #include "base/time.h"
 #include "chrome/browser/io_thread.h"
 #include "net/base/address_list.h"
@@ -34,7 +35,21 @@
 // c) What is the latency for UDP and TCP.
 // d) If connectivity failed, at what stage (Connect or Write or Read) did it
 // fail?
+//
+// The following is the overview of the echo message protocol.
+//
+// We send the "echo request" to the TCP/UDP servers in the following format:
+// <version><checksum><payload_size><payload>. <version> is the version number
+// of the "echo request". <checksum> is the checksum of the <payload>.
+// <payload_size> specifies the number of bytes in the <payload>.
+//
+// TCP/UDP servers respond to the "echo request" by returning "echo response".
+// "echo response" is of the format:
+// "<version><checksum><payload_size><key><encrypted_payload>". <payload_size>
+// specifies the number of bytes in the <encrypted_payload>. <key> is used to
+// decrypt the <encrypted_payload>.
 
+
 class NetworkStats {
  public:
   enum Status {              // Used in HISTOGRAM_ENUMERATION.
@@ -57,7 +72,7 @@
   // Initializes |finished_callback_| and the number of bytes to send to the
   // server. |finished_callback| is called when we are done with the test.
   // |finished_callback| is mainly useful for unittests.
-  void Initialize(int bytes_to_send,
+  void Initialize(uint32 bytes_to_send,
                   net::CompletionCallback* finished_callback);
 
   // This method is called after socket connection is completed. It will send
@@ -75,7 +90,7 @@
   void DoFinishCallback(int result);
 
   // Returns the number of bytes to be sent to the |server|.
-  int load_size() const { return load_size_; }
+  uint32 load_size() const { return load_size_; }
 
   // Helper methods to get and set |socket_|.
   net::Socket* socket() { return socket_.get(); }
@@ -99,6 +114,18 @@
   // Sends data to server until an error occurs.
   int SendData();
 
+  // Fills the |io_buffer| with the "echo request" message. This gets the
+  // <payload> from |stream_| and calculates the <checksum> of the <payload> and
+  // returns the "echo request" that has <version>, <checksum>, <payload_size>
+  // and <payload>.
+  void GetEchoRequest(net::IOBuffer* io_buffer);
+
+  // This method parses the "echo response" message in the |read_buffer_| to
+  // verify that the <payload> is same as what we had sent in "echo request"
+  // message. |buffer_length| is the number of bytes read into |read_buffer_|
+  // from the socket.
+  bool VerifyBytes(uint32 buffer_length);
+
   // The socket handle for this session.
   scoped_ptr<net::Socket> socket_;
 
@@ -109,10 +136,17 @@
   scoped_refptr<net::DrainableIOBuffer> write_buffer_;
 
   // Some counters for the session.
-  int load_size_;
+  uint32 load_size_;
   int bytes_to_read_;
   int bytes_to_send_;
 
+  // The key used for decrypting the message from the server.
+  std::string key_;
+
+  // The |key_index_| is used to access the byte from |key_|. This is used
+  // during the decrypting the message from the server.

[jar (doing other things), 2011/08/05 19:37:31]

nit: Suggest:

key_index_ is in the range [0, key_.size()).  It identifies the next character
of key_ to use in decoding data (we cycle through the bytes of key_).

[ramant (doing other things), 2011/08/12 01:05:08]

Deleted this variable. Not needed because we are accumulating all the data.

Done.

+  uint32 key_index_;
+
   // |stream_| is used to generate data to be sent to the server and it is also
   // used to verify the data received from the server.
   net::TestDataStream stream_;
@@ -148,7 +182,7 @@
   // Returns true if successful in starting the client.
   bool Start(const std::string& ip_str,
              int port,
-             int bytes_to_send,
+             uint32 bytes_to_send,
              net::CompletionCallback* callback);
 
  protected:
@@ -176,7 +210,7 @@
   // Returns true if successful in starting the client.
   bool Start(net::HostResolver* host_resolver,
              const net::HostPortPair& server,
-             int bytes_to_send,
+             uint32 bytes_to_send,
              net::CompletionCallback* callback);
 
  protected: