Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1305)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/http_network_transaction.cc

Issue 1147453003: Measure inappropriate_fallback alerts from Google. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@fallback-type
Patch Set: revise various wordings Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/http_network_transaction.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/http_network_transaction.cc
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 0dbb20cfd2904524f73012aec0899fa5c691e062..598a51d2d28890d62d1364b6a998429ee21ebcc1 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -776,9 +776,10 @@ int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
if (result != ERR_HTTPS_PROXY_TUNNEL_RESPONSE)
CopyConnectionAttemptsFromStreamRequest();
+ if (request_->url.SchemeIsCryptographic())
+ RecordSSLFallbackMetrics(result);
+
if (result == OK) {
- if (request_->url.SchemeIsCryptographic())
- RecordSSLFallbackMetrics();
next_state_ = STATE_INIT_STREAM;
DCHECK(stream_.get());
} else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
@@ -1438,7 +1439,27 @@ void HttpNetworkTransaction::ResetStateForAuthRestart() {
establishing_tunnel_ = false;
}
-void HttpNetworkTransaction::RecordSSLFallbackMetrics() {
+void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) {
+ if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK)
+ return;
+
+ const std::string& host = request_->url.host();
+ bool is_google = EndsWith(host, "google.com", true) &&
+ (host.size() == 10 || host[host.size() - 11] == '.');
+ if (is_google) {
+ // Some fraction of successful connections use the fallback, but only due to
+ // a spurious network failure. To estimate this fraction, compare handshakes
+ // to Google servers which succeed against those that fail with an
+ // inappropriate_fallback alert. Google servers are known to implement
+ // FALLBACK_SCSV, so a spurious network failure while connecting would
+ // trigger the fallback, successfully connect, but fail with this alert.
+ UMA_HISTOGRAM_BOOLEAN("Net.GoogleConnectionInappropriateFallback",
+ result == ERR_SSL_INAPPROPRIATE_FALLBACK);
+ }
+
+ if (result != OK)
+ return;
+
// Note: these values are used in histograms, so new values must be appended.
enum FallbackVersion {
FALLBACK_NONE = 0, // SSL version fallback did not occur.
@@ -1467,9 +1488,7 @@ void HttpNetworkTransaction::RecordSSLFallbackMetrics() {
// Google servers are known to implement TLS 1.2 and FALLBACK_SCSV, so it
// should be impossible to successfully connect to them with the fallback.
// This helps estimate intolerant locally-configured SSL MITMs.
- const std::string& host = request_->url.host();
- if (EndsWith(host, "google.com", true) &&
- (host.size() == 10 || host[host.size() - 11] == '.')) {
+ if (is_google) {
UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2",
fallback, FALLBACK_MAX);
}
« no previous file with comments | « net/http/http_network_transaction.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')

Powered by Google App Engine
This is Rietveld 408576698