Add net::SdchSourceStream and net::SdchPolicyDelegate

net/filter/sdch_policy_delegate.cc

Index: net/filter/sdch_policy_delegate.cc
diff --git a/net/filter/sdch_policy_delegate.cc b/net/filter/sdch_policy_delegate.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d48ff1104f3c8ef46ce7306742155035d02f37e0
--- /dev/null
+++ b/net/filter/sdch_policy_delegate.cc
@@ -0,0 +1,189 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/filter/sdch_policy_delegate.h"
+
+#include "base/metrics/histogram_macros.h"
+#include "base/values.h"
+#include "net/base/sdch_net_log_params.h"
+#include "net/log/net_log.h"
+#include "net/log/net_log_event_type.h"
+
+namespace net {
+
+namespace {
+
+const char kRefreshHtml[] =
+    "<head><META HTTP-EQUIV=\"Refresh\" CONTENT=\"0\"></head>";
+
+}  // namespace
+
+SdchPolicyDelegate::SdchPolicyDelegate(std::unique_ptr<Context> context)

[Randy Smith (Not in Mondays), 2016/10/04 20:06:29]

In the original code, there is a data member possible_pass_through_ that is set
based on the filter type (TENTATIVE_SDCH).  I don't see anything like that in
this code.  Can you give me the reasoning for leaving that out?  Does it really
not change behavior to do so?

[xunjieli, 2016/10/05 13:44:56]

Thanks for catching that. I have no idea why that is left out. Probably because
the fixup logic is very clever that it's hard to fit it in this new design :\ I
am not sure how we can incorporate that fixup logic. What do you recommend?

[Randy Smith (Not in Mondays), 2016/10/07 18:46:25]

Ok.  After a slog through the original code, I've convinced myself (95%; as I
say, I'm never *completely* sure I know what that code is doing) that
possible_pass_through_ has no effect on filter behavior (!).   However, I'm
still uncomfortable about not plumbing that information through, because
long-term I think it should have an effect on filter behavior--specifically, I
think it should result in a pass through in cases where we now initiate
meta-refresh.

I can't suggest how to do that without looking at the CL that initializes these
classes--willing to give me a pointer to that CL?  But I think the right thing
to do is something like adding possible_pass_through as an argument to the
SdchPolicyDelegate constructor based on the type of the filter; I presume that
wouldn't be very hard to plumb?

[xunjieli, 2016/10/10 19:31:28]

Done. The CL is at https://codereview.chromium.org/2373003003/.
However, it doesn't have the logic to add a "possible passthrough" sdch filter
and a gzip filter (Filter::FixupEncodingTypes in original code) . I will port
that part in that CL and add you as a reviewer (currently cc-ed).

+    : context_(std::move(context)) {}
+
+SdchPolicyDelegate::~SdchPolicyDelegate() {}
+
+// Dictionary errors are often the first indication that the SDCH stream has

[Randy Smith (Not in Mondays), 2016/10/04 20:06:29]

Is it reasonable to separate this comment out into separate comments for the two
functions?

[xunjieli, 2016/10/05 13:44:56]

Done.

+// become corrupt. There are many possible causes: non-200 response codes, a

[Randy Smith (Not in Mondays), 2016/10/04 20:06:29]

How does a non-200 response code lead here?  I would think that would be
orthogonal to an SDCH dictionary error (i.e. the server might send
Content-Encoding: sdch with a non-200 body, but it seems like there's no reason
the non-200 body would lead to a corrupt dictionary id).

(Fine to say that this logic is copied from old code and we'll postpone
investigation until another CL.)

[xunjieli, 2016/10/05 13:44:56]

Acknowledged. Not sure what the reason is. I believe this is the same as the old
code (excerpt below).
    
    } else if (filter_context_.GetResponseCode() != 200) {
        // We need to meta-refresh, with SDCH disabled.
        cause = RESPONSE_NOT_200;
     }

[Randy Smith (Not in Mondays), 2016/10/07 18:46:25]

TODO/bug?

[xunjieli, 2016/10/10 19:31:28]

Done.

+// cached non-SDCH-ified reply, the server opting not to use SDCH, a cached
+// SDCH-ified reply for which the SdchManager did not have the dictionary, a
+// corrupted response, or a response that claims to be SDCH but isn't actually.
+// These are handled here by issuing a meta-refresh or swapping to passthrough
+// mode if appropriate, or failing the request if the error is unrecoverable.

[Randy Smith (Not in Mondays), 2016/10/04 20:06:29]

Nice job turning the cascade in SdchFilter::ReadFilteredData() into these two
functions; I find this much more readable and amenable to modification.

[xunjieli, 2016/10/05 13:44:56]

I'll give credit to Elly :)

+SdchPolicyDelegate::ErrorRecover SdchPolicyDelegate::OnDictionaryIdError(
+    SdchSourceStream* source,
+    std::string* replace_output) {
+  // HTTP 404 might be an unencoded error page, so if decoding failed, pass it
+  // through.
+  // TODO(xunjieli): Figure out whether this special case can be removed.
+  // crbug.com/516773.
+  if (context_->GetResponseCode() == 404) {
+    LogSdchProblem(SDCH_PASS_THROUGH_404_CODE);
+    return PASS_THROUGH;
+  }
+
+  // HTTP !200 gets a meta-refresh for HTML and a hard failure otherwise.
+  if (context_->GetResponseCode() != 200)
+    return IssueMetaRefreshIfPossible(source, replace_output);
+
+  // If this is a cached result and the source hasn't requested a dictionary, it
+  // probably never had a dictionary to begin and is an unencoded response from
+  // earlier.
+  if (context_->IsCachedContent()) {
+    LogSdchProblem(SDCH_PASS_THROUGH_OLD_CACHED);
+    return PASS_THROUGH;
+  }
+
+  // The original request didn't advertise any dictionaries, but the
+  // response claimed to be SDCH. There is no way to repair this situation: the
+  // original request already didn't advertise any dictionaries, and retrying it
+  // would likely have the/ same result. Blacklist the domain and try passing
+  // through.
+  if (!context_->SdchDictionariesAdvertised()) {
+    GURL url;
+    if (context_->GetURL(&url)) {
+      context_->GetSdchManager()->BlacklistDomain(
+          url, SDCH_PASSING_THROUGH_NON_SDCH);
+      return PASS_THROUGH;
+    }
+  }
+  return NONE;

[Randy Smith (Not in Mondays), 2016/10/04 20:06:29]

Why isn't this meta-refresh?  I don't have confidence I'm completely tracking
the logic (I'll return to it, but I've never had confidence that I was
completely tracking the logic in the *original* code :-J.) but it seems like
this is where we get on a non-cached response, where the dictionary id wasn't
properly formatted, which seems like a classic possible case of a bad
intermediate messing with us, which is what meta-refresh is for.

ETA: It looks to me like the original cascade in sdch_filter.cc does
meta-refresh here.

[xunjieli, 2016/10/05 13:44:56]

Done.

+}
+
+SdchPolicyDelegate::ErrorRecover SdchPolicyDelegate::OnGetDictionaryError(
+    SdchSourceStream* source,
+    std::string* replace_output) {
+  // HTTP 404 might be an unencoded error page, so if decoding failed, pass it
+  // through.
+  // TODO(xunjieli): Figure out whether this special case can be removed.
+  // crbug.com/516773.
+  if (context_->GetResponseCode() == 404) {
+    LogSdchProblem(SDCH_PASS_THROUGH_404_CODE);
+    return PASS_THROUGH;
+  }
+  return IssueMetaRefreshIfPossible(source, replace_output);
+}
+
+SdchPolicyDelegate::ErrorRecover SdchPolicyDelegate::OnDecodingError(
+    SdchSourceStream* source,
+    std::string* replace_output) {
+  // A decoding error, as opposed to a dictionary error, indicates a
+  // decompression failure partway through the payload of the SDCH stream,
+  // which means that the filter already witnessed a valid dictionary ID and
+  // successfully retrieved a dictionary for it. Decoding errors are not
+  // recoverable and it is not appropriate to stop decoding, so there are
+  // relatively few error cases here.
+  //
+  // In particular, a decoding error for an HTML payload is recoverable by
+  // issuing a meta-refresh, but to avoid having that happen too often, this
+  // class also temporarily blacklists the domain. A decoding error for a
+  // non-HTML payload is unrecoverable, so such an error gets a permanent
+  // blacklist entry. If the content was cached, no blacklisting is needed.

[Randy Smith (Not in Mondays), 2016/10/04 20:06:29]

Hmmm.  You can bounce this for this CL if you want, but now that this case is
called out so clearly, wouldn't it be more appropriate to fail the request
rather than issue a meta-refresh?  Meta-refreshes are for interfering
intermediates, and if we've gotten a valid dictionary id and retrieved the
dictionary, that's an argument that there isn't anything too bogus going on in
the intermediate case, and the server is just broken.  For that, failing the
request seems more appropriate.  I'd be curious what you think of this logic
even if your response is (as it probably should be) "This is a refactor CL; I
don't want to change behavior in it."

[xunjieli, 2016/10/05 13:44:56]

That's a good point. I think we can include this in the "getting rid of
meta-refresh" investigation. crbug.com/651821

[Randy Smith (Not in Mondays), 2016/10/07 18:46:25]

Could you record the logic/specific sub-issue above in the bug?

[xunjieli, 2016/10/10 19:31:28]

Done. Added in the bug.

+  return IssueMetaRefreshIfPossible(source, replace_output);
+}
+
+bool SdchPolicyDelegate::OnGetDictionary(const std::string& server_id,
+                                         const std::string** text) {
+  SdchManager::DictionarySet* set = context_->SdchDictionariesAdvertised();
+  if (set) {
+    *text = set->GetDictionaryText(server_id);
+    if (*text)
+      return true;
+  }
+  GURL url;
+  if (!context_->GetURL(&url))
+    return false;
+  // This is a hack. Naively, the dictionaries available for
+  // decoding should be only the ones advertised. However, there are
+  // cases, specifically resources encoded with old dictionaries living
+  // in the cache, that mean the full set of dictionaries should be made
+  // available for decoding. It's not known how often this happens;
+  // if it happens rarely enough, this code can be removed.
+  //
+  // TODO(rdsmith): Long-term, a better solution is necessary, since
+  // an entry in the cache being encoded with the dictionary doesn't
+  // guarantee that the dictionary is present. That solution probably
+  // involves storing unencoded resources in the cache, but might
+  // involve evicting encoded resources on dictionary removal.
+  // See http://crbug.com/383405.
+  SdchProblemCode rv = SDCH_OK;
+  unexpected_dictionary_set_ =
+      context_->GetSdchManager()->GetDictionarySetByHash(url, server_id, &rv);
+  if (unexpected_dictionary_set_) {
+    *text = unexpected_dictionary_set_->GetDictionaryText(server_id);
+    LogSdchProblem(context_->IsCachedContent()
+                       ? SDCH_UNADVERTISED_DICTIONARY_USED_CACHED
+                       : SDCH_UNADVERTISED_DICTIONARY_USED);
+    if (*text)
+      return true;
+  } else {
+    LogSdchProblem(SDCH_DICTIONARY_HASH_NOT_FOUND);
+  }
+  return false;
+}
+
+// TODO(xunjieli): Remove meta refresh. crbug.com/651821.
+SdchPolicyDelegate::ErrorRecover SdchPolicyDelegate::IssueMetaRefreshIfPossible(
+    SdchSourceStream* source,

[Randy Smith (Not in Mondays), 2016/10/04 20:06:29]

Why does this function (and its callers) have |source| as an argument?  I don't
think it's used.

[xunjieli, 2016/10/05 13:44:56]

Done.

+    std::string* replace_output) {
+  std::string mime_type;
+  GURL url;
+  if (!context_->GetMimeType(&mime_type) || !context_->GetURL(&url))
+    return NONE;
+
+  SdchManager* manager = context_->GetSdchManager();
+  // Errors for non-HTML payloads are unrecoverable and get the domain
+  // blacklisted indefinitely.
+  if (mime_type.npos == mime_type.find("text/html")) {
+    SdchProblemCode problem =
+        (context_->IsCachedContent() ? SDCH_CACHED_META_REFRESH_UNSUPPORTED
+                                     : SDCH_META_REFRESH_UNSUPPORTED);
+    manager->BlacklistDomainForever(url, problem);
+    LogSdchProblem(problem);
+    return NONE;
+  }
+
+  if (context_->IsCachedContent()) {
+    // Cached content is a probably startup tab, so just get the fresh content
+    // and try again, without disabling SDCH.
+    LogSdchProblem(SDCH_META_REFRESH_CACHED_RECOVERY);
+  } else {
+    // Since it wasn't in the cache, blacklist for some period to get the
+    // correct content.
+    manager->BlacklistDomain(url, SDCH_META_REFRESH_RECOVERY);
+    LogSdchProblem(SDCH_META_REFRESH_RECOVERY);
+  }
+
+  *replace_output = std::string(kRefreshHtml, strlen(kRefreshHtml));
+  return REPLACE_OUTPUT;
+}
+
+void SdchPolicyDelegate::LogSdchProblem(SdchProblemCode problem) {
+  SdchManager::SdchErrorRecovery(problem);
+  context_->GetNetLog().AddEvent(
+      NetLogEventType::SDCH_DECODING_ERROR,
+      base::Bind(&NetLogSdchResourceProblemCallback, problem));
+}
+
+}  // namespace net