|
|
Chromium Code Reviews
DescriptionAdd UMA histogram for Expect-CT header processing
This CL adds a histogram to record the result of processing an Expect-CT
header. (An Expect-CT header tells Chrome that the site wants to receive
reports whenever a connection does not comply with Chrome CT policy.)
For example, a header might be received but thrown out because the site
was not on the preload list, or it might be ignored because the site
complied with the CT policy. This histogram will help us sanity-check
server-side metrics. (In particular, we aren't receiving any reports --
we'd like to sanity check that that is because Chrome users are always
getting CT-compliant connections, and not because there is a bug in
report-sending or Expect-CT header-serving.) This will also give us an
easy way to estimate worst-case traffic on the report collection server
(if we know how many users are seeing Expect-CT headers, we can estimate
the number of reports that would be sent if a large-scale
misconfiguration made an Expect-CT site non-compliant.)
BUG=638871
Committed: https://crrev.com/d7ef7ecd31c1a7a6cbbe054445e96ca5130a0f1d
Cr-Commit-Position: refs/heads/master@{#414940}
Patch Set 1 #
Total comments: 4
Patch Set 2 : eroman comments #
Messages
Total messages: 21 (11 generated)
The CQ bit was checked by estark@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
estark@chromium.org changed reviewers: + eroman@chromium.org, jwd@chromium.org
eroman, can you please review //net? jwd, can you please review histograms.xml?
estark@chromium.org changed reviewers: + eranm@chromium.org
+eranm as well
nit in CL description " or it might be ignore because" --> " or it might be ignored because"
Description was changed from ========== Add UMA histogram for Expect-CT header processing This CL adds a histogram to record the result of processing an Expect-CT header. (An Expect-CT header tells Chrome that the site wants to receive reports whenever a connection does not comply with Chrome CT policy.) For example, a header might be received but thrown out because the site was not on the preload list, or it might be ignore because the site complied with the CT policy. This histogram will help us sanity-check server-side metrics. (In particular, we aren't receiving any reports -- we'd like to sanity check that that is because Chrome users are always getting CT-compliant connections, and not because there is a bug in report-sending or Expect-CT header-serving.) This will also give us an easy way to estimate worst-case traffic on the report collection server (if we know how many users are seeing Expect-CT headers, we can estimate the number of reports that would be sent if a large-scale misconfiguration made an Expect-CT site non-compliant.) BUG=638871 ========== to ========== Add UMA histogram for Expect-CT header processing This CL adds a histogram to record the result of processing an Expect-CT header. (An Expect-CT header tells Chrome that the site wants to receive reports whenever a connection does not comply with Chrome CT policy.) For example, a header might be received but thrown out because the site was not on the preload list, or it might be ignored because the site complied with the CT policy. This histogram will help us sanity-check server-side metrics. (In particular, we aren't receiving any reports -- we'd like to sanity check that that is because Chrome users are always getting CT-compliant connections, and not because there is a bug in report-sending or Expect-CT header-serving.) This will also give us an easy way to estimate worst-case traffic on the report collection server (if we know how many users are seeing Expect-CT headers, we can estimate the number of reports that would be sent if a large-scale misconfiguration made an Expect-CT site non-compliant.) BUG=638871 ==========
On 2016/08/25 23:34:03, eroman wrote: > nit in CL description " or it might be ignore because" --> " or it might be > ignored because" Thanks, fixed.
lgtm https://codereview.chromium.org/2272323004/diff/1/net/http/transport_security... File net/http/transport_security_state.cc (right): https://codereview.chromium.org/2272323004/diff/1/net/http/transport_security... net/http/transport_security_state.cc:1298: // histogrammed, so do not reorder or remove values. Given this, can you assign values to *each* of the enums not just the first? https://codereview.chromium.org/2272323004/diff/1/net/http/transport_security... net/http/transport_security_state.cc:1319: EXPECT_CT_HEADER_MAX I think it is more idiomatic to use a _LAST value and set it to the exact value of last element (to prevent needing to handle this sentinel value inside of switch statements). Given this is only used locally in the function though, I guess it doesn't really matter.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
LGTM with eroman@'s comments
Thanks, both! https://codereview.chromium.org/2272323004/diff/1/net/http/transport_security... File net/http/transport_security_state.cc (right): https://codereview.chromium.org/2272323004/diff/1/net/http/transport_security... net/http/transport_security_state.cc:1298: // histogrammed, so do not reorder or remove values. On 2016/08/25 23:39:31, eroman wrote: > Given this, can you assign values to *each* of the enums not just the first? Done. https://codereview.chromium.org/2272323004/diff/1/net/http/transport_security... net/http/transport_security_state.cc:1319: EXPECT_CT_HEADER_MAX On 2016/08/25 23:39:31, eroman wrote: > I think it is more idiomatic to use a _LAST value and set it to the exact value > of last element (to prevent needing to handle this sentinel value inside of > switch statements). > > Given this is only used locally in the function though, I guess it doesn't > really matter. Done.
The CQ bit was checked by estark@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from eroman@chromium.org, jwd@chromium.org Link to the patchset: https://codereview.chromium.org/2272323004/#ps20001 (title: "eroman comments")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== Add UMA histogram for Expect-CT header processing This CL adds a histogram to record the result of processing an Expect-CT header. (An Expect-CT header tells Chrome that the site wants to receive reports whenever a connection does not comply with Chrome CT policy.) For example, a header might be received but thrown out because the site was not on the preload list, or it might be ignored because the site complied with the CT policy. This histogram will help us sanity-check server-side metrics. (In particular, we aren't receiving any reports -- we'd like to sanity check that that is because Chrome users are always getting CT-compliant connections, and not because there is a bug in report-sending or Expect-CT header-serving.) This will also give us an easy way to estimate worst-case traffic on the report collection server (if we know how many users are seeing Expect-CT headers, we can estimate the number of reports that would be sent if a large-scale misconfiguration made an Expect-CT site non-compliant.) BUG=638871 ========== to ========== Add UMA histogram for Expect-CT header processing This CL adds a histogram to record the result of processing an Expect-CT header. (An Expect-CT header tells Chrome that the site wants to receive reports whenever a connection does not comply with Chrome CT policy.) For example, a header might be received but thrown out because the site was not on the preload list, or it might be ignored because the site complied with the CT policy. This histogram will help us sanity-check server-side metrics. (In particular, we aren't receiving any reports -- we'd like to sanity check that that is because Chrome users are always getting CT-compliant connections, and not because there is a bug in report-sending or Expect-CT header-serving.) This will also give us an easy way to estimate worst-case traffic on the report collection server (if we know how many users are seeing Expect-CT headers, we can estimate the number of reports that would be sent if a large-scale misconfiguration made an Expect-CT site non-compliant.) BUG=638871 ==========
Message was sent while issue was closed.
Committed patchset #2 (id:20001)
Message was sent while issue was closed.
Description was changed from ========== Add UMA histogram for Expect-CT header processing This CL adds a histogram to record the result of processing an Expect-CT header. (An Expect-CT header tells Chrome that the site wants to receive reports whenever a connection does not comply with Chrome CT policy.) For example, a header might be received but thrown out because the site was not on the preload list, or it might be ignored because the site complied with the CT policy. This histogram will help us sanity-check server-side metrics. (In particular, we aren't receiving any reports -- we'd like to sanity check that that is because Chrome users are always getting CT-compliant connections, and not because there is a bug in report-sending or Expect-CT header-serving.) This will also give us an easy way to estimate worst-case traffic on the report collection server (if we know how many users are seeing Expect-CT headers, we can estimate the number of reports that would be sent if a large-scale misconfiguration made an Expect-CT site non-compliant.) BUG=638871 ========== to ========== Add UMA histogram for Expect-CT header processing This CL adds a histogram to record the result of processing an Expect-CT header. (An Expect-CT header tells Chrome that the site wants to receive reports whenever a connection does not comply with Chrome CT policy.) For example, a header might be received but thrown out because the site was not on the preload list, or it might be ignored because the site complied with the CT policy. This histogram will help us sanity-check server-side metrics. (In particular, we aren't receiving any reports -- we'd like to sanity check that that is because Chrome users are always getting CT-compliant connections, and not because there is a bug in report-sending or Expect-CT header-serving.) This will also give us an easy way to estimate worst-case traffic on the report collection server (if we know how many users are seeing Expect-CT headers, we can estimate the number of reports that would be sent if a large-scale misconfiguration made an Expect-CT site non-compliant.) BUG=638871 Committed: https://crrev.com/d7ef7ecd31c1a7a6cbbe054445e96ca5130a0f1d Cr-Commit-Position: refs/heads/master@{#414940} ==========
Message was sent while issue was closed.
Patchset 2 (id:??) landed as https://crrev.com/d7ef7ecd31c1a7a6cbbe054445e96ca5130a0f1d Cr-Commit-Position: refs/heads/master@{#414940} |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
