Measure how often DNS hostnames aren't in preferred name form.

Measure how often DNS hostnames aren't in preferred name form.

As https://tools.ietf.org/html/rfc7719#section-2 explains, "host name" has a storied
history with many interpretations. Measure how often the hostnames passed to the
resolver aren't in the preferred name form [A-Za-z0-9-]+ (with support for _ as well),
to see where the DNS resolver code can deprecate and remove support for names
not in that form.

BUG=695474
Review-Url: https://codereview.chromium.org/2739203003
Cr-Commit-Position: refs/heads/master@{#459212}
Committed: https://chromium.googlesource.com/chromium/src/+/6170ab968eae5c5f683cdb88fa09e96b95f2b588

[palmer, 2017-03-10 03:19:32]

palmer@chromium.org changed reviewers:
+ rdsmith@chromium.org

[palmer, 2017-03-10 03:19:38]

The CQ bit was checked by palmer@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-10 03:20:07]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[palmer, 2017-03-10 03:26:28]

PTAL. This CL causes the bug to stop happening, allows IDN to still work (it's
represented as Punycode at this layer, which passes the lexical tests), and
comes with some tests we should have had all along. :)

[commit-bot: I haz the power, 2017-03-10 03:58:52]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-10 03:58:53]

Dry run: Try jobs failed on following builders:
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)

[Randy Smith (Not in Mondays), 2017-03-10 16:50:24]

+juliatuttle, mgersh FTI.

Glancing at the RFCs, it looks to me as if _ isn't permitted; just - & . (and .
doesn't make sense in this context).  Would you put in an RFC reference and some
words of justification as to why this is more lenient than the RFC?  (Or why
it's in accord with the RFC and (implicitly) why I'm confused?  :-})

Beyond that LGTM.

[Ryan Sleevi, 2017-03-10 17:46:23]

rsleevi@chromium.org changed reviewers:
+ rsleevi@chromium.org

[Ryan Sleevi, 2017-03-10 17:46:23]

I'm sorry to do this, but Not LGTM until we've file an Intent to Deprecate, per
//net's policy to follow the Blink process.

This is an ongoing topic of discussion across browsers, and we should not
circumvent that without following our process for assessing the compatibility
and ecosystem risk.

[Ryan Sleevi, 2017-03-10 17:48:09]

https://codereview.chromium.org/2739203003/diff/1/net/dns/dns_util.cc
File net/dns/dns_util.cc (right):

https://codereview.chromium.org/2739203003/diff/1/net/dns/dns_util.cc#newcode43
net/dns/dns_util.cc:43: }
Newline between 42 & 43,  plus a "  //namespace" following.

[palmer, 2017-03-10 21:10:37]

> net/dns/dns_util.cc:43: }
> Newline between 42 & 43,  plus a "  //namespace" following.

Done.

I'm going to fire up an Intent To Deprecate. We'll see how that goes. Also I
found that we do need to support leading _, so I made that change.

rdsmith: Well, views on the RFCs differ. :) I had always understood it to be
that _ was technically forbidden, but in common practice it does happen, so from
a pragmatic perspective we should allow it. But rsleevi says that basically any
octet is potentially valid. The difference might be that the rules for A/AAAA
records are different for SRV or other record types. I would like for us to
support all and only what is really necessary on the open web.

[palmer, 2017-03-10 21:10:50]

The CQ bit was checked by palmer@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-10 21:11:25]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-10 21:35:50]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-10 21:35:51]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Randy Smith (Not in Mondays), 2017-03-10 21:47:59]

On 2017/03/10 21:10:37, palmer wrote:
> > net/dns/dns_util.cc:43: }
> > Newline between 42 & 43,  plus a "  //namespace" following.
> 
> Done.
> 
> I'm going to fire up an Intent To Deprecate. We'll see how that goes. Also I
> found that we do need to support leading _, so I made that change.
> 
> rdsmith: Well, views on the RFCs differ. :) I had always understood it to be
> that _ was technically forbidden, but in common practice it does happen, so
from
> a pragmatic perspective we should allow it. But rsleevi says that basically
any
> octet is potentially valid. The difference might be that the rules for A/AAAA
> records are different for SRV or other record types. I would like for us to
> support all and only what is really necessary on the open web.

Heh.  My first project in Chrome was the cookie store--I'm very familiar with
RFCs being not so much rules as ... guidelines :-}.  I just wanted a reference
and a comment as to what the thinking was for our deviations.

[palmer, 2017-03-10 22:04:19]

Oh yeah, I'll add some comments to that effect.

[eroman, 2017-03-14 16:07:48]

eroman@chromium.org changed reviewers:
+ eroman@chromium.org

[eroman, 2017-03-14 16:07:49]

https://codereview.chromium.org/2739203003/diff/20001/net/dns/dns_util.cc
File net/dns/dns_util.cc (right):

https://codereview.chromium.org/2739203003/diff/20001/net/dns/dns_util.cc#new...
net/dns/dns_util.cc:35: if (!isalnum(c) && c != '_') {
Drive-by comment: isalnum() depends on the user's locale, which is not actually
what we want here.

In general the C string functions as full of traps and not usually appropriate
for use in the //net protocol code.

[palmer, 2017-03-22 00:03:52]

OK, PTAL: I've changed the code to report validation failure via UMA instead of
to fail hard, to not use isalnum, and have added documentation about where the
policy comes from. Additionally, I had to move some code around, but ultimately
I think |IsValidLabelCharacter| should go back to being a private implementation
detail of |DNSDomainFromDot| (but still documented in that function's
documentation, of course).

[Ryan Sleevi, 2017-03-22 00:16:08]

LGTM % updated commit description explaining what and why :)

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.cc
File net/dns/dns_util.cc (right):

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.cc#new...
net/dns/dns_util.cc:73: UMA_HISTOGRAM_BOOLEAN("Net.ValidDNSName", valid_name);
Do you want to record this after line 85/87?

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.h
File net/dns/dns_util.h (right):

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.h#newc...
net/dns/dns_util.h:33: // This function asserts a looser form of the
restrictions in RFC 1123 (section
https://tools.ietf.org/html/rfc7719#section-2 is meant to be the clarifying
document about whose rules matter :) And include the link back to 1123 (under
"Host name")

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.h#newc...
net/dns/dns_util.h:43: NET_EXPORT_PRIVATE bool IsValidLabelCharacter(char c,
bool is_first_char);
pedantry: IsValidHostLabelCharacter? Since other labels can and do exceed the
host record (implied A/AAAA, such as SRVNames)

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util_unitte...
File net/dns/dns_util_unittest.cc (right):

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util_unitte...
net/dns/dns_util_unittest.cc:17: } else {
https://chromium.googlesource.com/chromium/src/+/master/styleguide/c++/c++.md

Discourages else after return

[palmer, 2017-03-22 01:03:16]

Description was changed from

==========
Lexically validate DNS hostnames.

BUG=695474
==========

to

==========
Lexically validate DNS hostnames.

Count valid/invalid hostnames with an UMA boolean, so that we can determine if
we can deprecate and remove support for lexically-invalid hostnames.

BUG=695474
==========

[palmer, 2017-03-22 01:03:16]

palmer@chromium.org changed reviewers:
+ mpearson@chromium.org

[palmer, 2017-03-22 01:03:34]

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.cc
File net/dns/dns_util.cc (right):

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.cc#new...
net/dns/dns_util.cc:73: UMA_HISTOGRAM_BOOLEAN("Net.ValidDNSName", valid_name);
> Do you want to record this after line 85/87?

Oops, yes. Done.

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.h
File net/dns/dns_util.h (right):

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.h#newc...
net/dns/dns_util.h:33: // This function asserts a looser form of the
restrictions in RFC 1123 (section
> https://tools.ietf.org/html/rfc7719#section-2 is meant to be the clarifying
document about whose rules matter :) And include the link back to 1123 (under
"Host name")

Done.

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util.h#newc...
net/dns/dns_util.h:43: NET_EXPORT_PRIVATE bool IsValidLabelCharacter(char c,
bool is_first_char);
> pedantry: IsValidHostLabelCharacter? Since other labels can and do exceed the
host record (implied A/AAAA, such as SRVNames)

Done.

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util_unitte...
File net/dns/dns_util_unittest.cc (right):

https://codereview.chromium.org/2739203003/diff/40001/net/dns/dns_util_unitte...
net/dns/dns_util_unittest.cc:17: } else {
> Discourages else after return

Done.

[palmer, 2017-03-22 01:03:49]

+mpearson for histograms.xml.

[palmer, 2017-03-22 01:03:56]

The CQ bit was checked by palmer@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-22 01:04:43]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Ryan Sleevi, 2017-03-22 01:10:46]

https://codereview.chromium.org/2739203003/diff/60001/net/dns/dns_util.cc
File net/dns/dns_util.cc (right):

https://codereview.chromium.org/2739203003/diff/60001/net/dns/dns_util.cc#new...
net/dns/dns_util.cc:83: UMA_HISTOGRAM_BOOLEAN("Net.ValidDNSName", valid_name);
Did you mean to move this down further? That is, to after line 90 :)

I just wasn't sure because of the short-circuits below

[Ryan Sleevi, 2017-03-22 01:13:48]

Description was changed from

==========
Lexically validate DNS hostnames.

Count valid/invalid hostnames with an UMA boolean, so that we can determine if
we can deprecate and remove support for lexically-invalid hostnames.

BUG=695474
==========

to

==========
Measure how often DNS hostnames aren't in preferred name form

As https://tools.ietf.org/html/rfc7719#section-2 explains, "host name" has a
storied
history with many interpretations. Measure how often the hostnames passed to the
resolver aren't in the preferred name form [A-Za-z0-9-] (with support for _ as
well),
to see where the DNS resolver code can deprecate and remove support for names
not in that form.

BUG=695474
==========

[Ryan Sleevi, 2017-03-22 01:15:17]

I made a stab at updating the description, but if you're unhappy with it, feel
free to revert. My main goal was trying to capture the debate on whether "host
name" always means "preferred name syntax" or something else, and that our goal
is to enforce preferred name syntax (with a relaxation) rather than arbitrary
octets.

[palmer, 2017-03-22 01:19:52]

Description was changed from

==========
Measure how often DNS hostnames aren't in preferred name form

As https://tools.ietf.org/html/rfc7719#section-2 explains, "host name" has a
storied
history with many interpretations. Measure how often the hostnames passed to the
resolver aren't in the preferred name form [A-Za-z0-9-] (with support for _ as
well),
to see where the DNS resolver code can deprecate and remove support for names
not in that form.

BUG=695474
==========

to

==========
Measure how often DNS hostnames aren't in preferred name form.

As https://tools.ietf.org/html/rfc7719#section-2 explains, "host name" has a
storied
history with many interpretations. Measure how often the hostnames passed to the
resolver aren't in the preferred name form [A-Za-z0-9-]+ (with support for _ as
well),
to see where the DNS resolver code can deprecate and remove support for names
not in that form.

BUG=695474
==========

[palmer, 2017-03-22 01:25:11]

> Did you mean to move this down further? That is, to after line 90 :)
> 
> I just wasn't sure because of the short-circuits below

Actually, no; and I realize I didn't want to move it down before, either. I
moved it back up to line 73. I want to record the measurement right after
lexical validation and before any of the short-circuit "return false;"s after
the for (;;) loop.

[palmer, 2017-03-22 01:26:13]

On 2017/03/22 at 01:15:17, rsleevi wrote:
> I made a stab at updating the description, but if you're unhappy with it, feel
free to revert. My main goal was trying to capture the debate on whether "host
name" always means "preferred name syntax" or something else, and that our goal
is to enforce preferred name syntax (with a relaxation) rather than arbitrary
octets.

Thanks; tweaked it slightly.

[Ryan Sleevi, 2017-03-22 01:44:25]

Still LGTM

[Mark P, 2017-03-22 22:08:04]

histograms.xml lgtm modulo comment

--mark

https://codereview.chromium.org/2739203003/diff/80001/tools/metrics/histogram...
File tools/metrics/histograms/histograms.xml (right):

https://codereview.chromium.org/2739203003/diff/80001/tools/metrics/histogram...
tools/metrics/histograms/histograms.xml:38023: +    and remove support for
arbitrary bytes in DNS names.
Please state when this recorded.  I.e., what things cause this function to be
invoked.

https://chromium.googlesource.com/chromium/src.git/+/HEAD/tools/metrics/histo...

[palmer, 2017-03-22 22:37:57]

https://codereview.chromium.org/2739203003/diff/80001/tools/metrics/histogram...
File tools/metrics/histograms/histograms.xml (right):

https://codereview.chromium.org/2739203003/diff/80001/tools/metrics/histogram...
tools/metrics/histograms/histograms.xml:38023: +    and remove support for
arbitrary bytes in DNS names.
> Please state when this recorded.  I.e., what things cause this function to be
invoked.

Done.

[palmer, 2017-03-22 22:40:19]

The CQ bit was checked by palmer@chromium.org

[palmer, 2017-03-22 22:40:20]

The patchset sent to the CQ was uploaded after l-g-t-m from
rdsmith@chromium.org, mpearson@chromium.org, rsleevi@chromium.org
Link to the patchset: https://codereview.chromium.org/2739203003/#ps100001
(title: "Comment on when the histogram will be recorded.")

[commit-bot: I haz the power, 2017-03-22 22:41:05]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-23 01:19:40]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-23 01:19:42]

Try jobs failed on following builders:
  linux_chromium_asan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[palmer, 2017-03-23 01:22:18]

The CQ bit was checked by palmer@chromium.org

[commit-bot: I haz the power, 2017-03-23 01:22:58]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-23 02:27:38]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-23 02:27:40]

Failed to apply patch for net/dns/dns_util.cc:
While running git apply --index -p1;
  error: patch failed: net/dns/dns_util.cc:10
  error: net/dns/dns_util.cc: patch does not apply

Patch:       net/dns/dns_util.cc
Index: net/dns/dns_util.cc
diff --git a/net/dns/dns_util.cc b/net/dns/dns_util.cc
index
f80eaee9c54a80fbd6a96ea13dc4d78167c629ad..9d21737f0758d121a9e896de776da6b4b5a8255f
100644
--- a/net/dns/dns_util.cc
+++ b/net/dns/dns_util.cc
@@ -10,22 +10,38 @@
 #include <cstring>
 
 #include "base/metrics/field_trial.h"
+#include "base/metrics/histogram_macros.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
 #include "build/build_config.h"
 #include "net/base/address_list.h"
 
+#if defined(OS_POSIX)
+#include <netinet/in.h>
+#if !defined(OS_NACL)
+#include <net/if.h>
+#if !defined(OS_ANDROID)
+#include <ifaddrs.h>
+#endif  // !defined(OS_ANDROID)
+#endif  // !defined(OS_NACL)
+#endif  // defined(OS_POSIX)
+
+#if defined(OS_ANDROID)
+#include "net/android/network_library.h"
+#endif
+
 namespace net {
 
 // Based on DJB's public domain code.
 bool DNSDomainFromDot(const base::StringPiece& dotted, std::string* out) {
   const char* buf = dotted.data();
-  unsigned n = dotted.size();
+  size_t n = dotted.size();
   char label[63];
   size_t labellen = 0; /* <= sizeof label */
   char name[255];
   size_t namelen = 0; /* <= sizeof name */
   char ch;
+  bool valid_name = true;
 
   for (;;) {
     if (!n)
@@ -46,9 +62,16 @@ bool DNSDomainFromDot(const base::StringPiece& dotted,
std::string* out) {
     }
     if (labellen >= sizeof label)
       return false;
+    if (!IsValidHostLabelCharacter(ch, labellen == 0)) {
+      // TODO(palmer): In the future, when we can remove support for invalid
+      // names, return false here instead (and remove the UMA counter).
+      valid_name = false;
+    }
     label[labellen++] = ch;
   }
 
+  UMA_HISTOGRAM_BOOLEAN("Net.ValidDNSName", valid_name);
+
   // Allow empty label at end of name to disable suffix search.
   if (labellen) {
     if (namelen + labellen + 1 > sizeof name)
@@ -74,6 +97,11 @@ bool IsValidDNSDomain(const base::StringPiece& dotted) {
   return DNSDomainFromDot(dotted, &dns_formatted);
 }
 
+bool IsValidHostLabelCharacter(char c, bool is_first_char) {
+  return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') ||
+         (c >= '0' && c <= '9') || (!is_first_char && c == '-') || c == '_';
+}
+
 std::string DNSDomainToString(const base::StringPiece& domain) {
   std::string ret;

[palmer, 2017-03-23 19:44:50]

The CQ bit was checked by palmer@chromium.org

[palmer, 2017-03-23 19:44:50]

The patchset sent to the CQ was uploaded after l-g-t-m from
mpearson@chromium.org, rdsmith@chromium.org, rsleevi@chromium.org
Link to the patchset: https://codereview.chromium.org/2739203003/#ps120001
(title: "Rebase.")

[commit-bot: I haz the power, 2017-03-23 19:45:28]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-23 20:57:59]

CQ is committing da patch.

Bot data: {"patchset_id": 120001, "attempt_start_ts": 1490298290046270,
"parent_rev": "b4dde882f6c2b2be84035b53f60ec286d347bc50", "commit_rev":
"6170ab968eae5c5f683cdb88fa09e96b95f2b588"}

[commit-bot: I haz the power, 2017-03-23 20:58:51]

Description was changed from

==========
Measure how often DNS hostnames aren't in preferred name form.

As https://tools.ietf.org/html/rfc7719#section-2 explains, "host name" has a
storied
history with many interpretations. Measure how often the hostnames passed to the
resolver aren't in the preferred name form [A-Za-z0-9-]+ (with support for _ as
well),
to see where the DNS resolver code can deprecate and remove support for names
not in that form.

BUG=695474
==========

to

==========
Measure how often DNS hostnames aren't in preferred name form.

As https://tools.ietf.org/html/rfc7719#section-2 explains, "host name" has a
storied
history with many interpretations. Measure how often the hostnames passed to the
resolver aren't in the preferred name form [A-Za-z0-9-]+ (with support for _ as
well),
to see where the DNS resolver code can deprecate and remove support for names
not in that form.

BUG=695474

Review-Url: https://codereview.chromium.org/2739203003
Cr-Commit-Position: refs/heads/master@{#459212}
Committed:
https://chromium.googlesource.com/chromium/src/+/6170ab968eae5c5f683cdb88fa09...
==========

[commit-bot: I haz the power, 2017-03-23 20:58:53]

Committed patchset #7 (id:120001) as
https://chromium.googlesource.com/chromium/src/+/6170ab968eae5c5f683cdb88fa09...