Chromium Code Reviews Chromium Code Reviews
Issue 342863005:
QUIC - Record reject reasons for CHLO message. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include "base/metrics/sparse_histogram.h" | |
| 7 #include "base/stl_util.h" | 8 #include "base/stl_util.h" |
| 8 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 9 #include "net/quic/crypto/cert_compressor.h" | 10 #include "net/quic/crypto/cert_compressor.h" |
| 10 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" | 11 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" |
| 11 #include "net/quic/crypto/channel_id.h" | 12 #include "net/quic/crypto/channel_id.h" |
| 12 #include "net/quic/crypto/common_cert_set.h" | 13 #include "net/quic/crypto/common_cert_set.h" |
| 13 #include "net/quic/crypto/crypto_framer.h" | 14 #include "net/quic/crypto/crypto_framer.h" |
| 14 #include "net/quic/crypto/crypto_utils.h" | 15 #include "net/quic/crypto/crypto_utils.h" |
| 15 #include "net/quic/crypto/curve25519_key_exchange.h" | 16 #include "net/quic/crypto/curve25519_key_exchange.h" |
| 16 #include "net/quic/crypto/key_exchange.h" | 17 #include "net/quic/crypto/key_exchange.h" |
| (...skipping 568 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 585 *error_details = "Proof missing"; | 586 *error_details = "Proof missing"; |
| 586 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 587 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 587 } | 588 } |
| 588 } | 589 } |
| 589 | 590 |
| 590 const uint32* reject_reasons; | 591 const uint32* reject_reasons; |
| 591 size_t num_reject_reasons; | 592 size_t num_reject_reasons; |
| 592 COMPILE_ASSERT(sizeof(QuicTag) == sizeof(uint32), header_out_of_sync); | 593 COMPILE_ASSERT(sizeof(QuicTag) == sizeof(uint32), header_out_of_sync); |
| 593 if (rej.GetTaglist(kRREJ, &reject_reasons, | 594 if (rej.GetTaglist(kRREJ, &reject_reasons, |
| 594 &num_reject_reasons) == QUIC_NO_ERROR) { | 595 &num_reject_reasons) == QUIC_NO_ERROR) { |
| 595 #if defined(DEBUG) | 596 uint32 packed_error = 0; |
| 596 for (size_t i = 0; i < num_reject_reasons; ++i) { | 597 for (size_t i = 0; i < num_reject_reasons; ++i) { |
| 597 DVLOG(1) << "Reasons for rejection: " << reject_reasons[i]; | 598 HandshakeFailureReason reason = |
| 599 static_cast<HandshakeFailureReason>(reject_reasons[i]); | |
| 600 packed_error |= RejectReasonToPackedError(reason); | |
| 598 } | 601 } |
| 599 #endif | 602 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.QuicClientHelloRejectReasons", |
| 603 packed_error); | |
| 600 } | 604 } |
| 601 | 605 |
| 602 return QUIC_NO_ERROR; | 606 return QUIC_NO_ERROR; |
| 603 } | 607 } |
| 604 | 608 |
| 609 uint32 QuicCryptoClientConfig::RejectReasonToPackedError( | |
| 610 HandshakeFailureReason reason) { | |
| 611 enum RejectReasonShifted { | |
| 612 HANDSHAKE_OK_SHIFTED = 0, | |
| 613 | |
| 614 CLIENT_NONCE_UNKNOWN_FAILURE_SHIFTED = 1u << 5, | |
| 615 CLIENT_NONCE_INVALID_FAILURE_SHIFTED = 2u << 5, | |
| 616 | |
| 617 SERVER_NONCE_INVALID_FAILURE_SHIFTED = 1u << 10, | |
| 618 SERVER_NONCE_DECRYPTION_FAILURE_SHIFTED = 2u << 10, | |
| 619 SERVER_NONCE_NOT_UNIQUE_FAILURE_SHIFTED = 3u << 10, | |
| 620 | |
| 621 SERVER_CONFIG_INCHOATE_HELLO_FAILURE_SHIFTED = 1u << 15, | |
| 622 SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE_SHIFTED = 2u << 15, | |
| 623 | |
| 624 SOURCE_ADDRESS_TOKEN_INVALID_FAILURE_SHIFTED = 1u << 20, | |
| 625 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE_SHIFTED = 2u << 20, | |
| 626 SOURCE_ADDRESS_TOKEN_PARSE_FAILURE_SHIFTED = 3u << 20, | |
| 627 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE_SHIFTED = 4u << 20, | |
| 628 SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE_SHIFTED = 5u << 20, | |
| 629 SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE_SHIFTED = 6u << 20, | |
| 630 | |
| 631 UNKNOWN_REJECT_REASON_SHIFTED = 1u << 31, | |
| 632 }; | |
| 633 | |
| 634 switch (reason) { | |
| 635 case HANDSHAKE_OK: | |
| 636 return HANDSHAKE_OK_SHIFTED; | |
|
Ryan Hamilton
2014/06/23 23:09:43
As discussed offline, might as well just make the
ramant (doing other things)
2014/06/23 23:14:17
Done.
| |
| 637 case CLIENT_NONCE_UNKNOWN_FAILURE: | |
| 638 return CLIENT_NONCE_UNKNOWN_FAILURE_SHIFTED; | |
| 639 case CLIENT_NONCE_INVALID_FAILURE: | |
| 640 return CLIENT_NONCE_INVALID_FAILURE_SHIFTED; | |
| 641 case SERVER_NONCE_INVALID_FAILURE: | |
| 642 return SERVER_NONCE_INVALID_FAILURE_SHIFTED; | |
| 643 case SERVER_NONCE_DECRYPTION_FAILURE: | |
| 644 return SERVER_NONCE_DECRYPTION_FAILURE_SHIFTED; | |
| 645 case SERVER_NONCE_NOT_UNIQUE_FAILURE: | |
| 646 return SERVER_NONCE_NOT_UNIQUE_FAILURE_SHIFTED; | |
| 647 case SERVER_CONFIG_INCHOATE_HELLO_FAILURE: | |
| 648 return SERVER_CONFIG_INCHOATE_HELLO_FAILURE_SHIFTED; | |
| 649 case SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE: | |
| 650 return SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE_SHIFTED; | |
| 651 case SOURCE_ADDRESS_TOKEN_INVALID_FAILURE: | |
| 652 return SOURCE_ADDRESS_TOKEN_INVALID_FAILURE_SHIFTED; | |
| 653 case SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE: | |
| 654 return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE_SHIFTED; | |
| 655 case SOURCE_ADDRESS_TOKEN_PARSE_FAILURE: | |
| 656 return SOURCE_ADDRESS_TOKEN_PARSE_FAILURE_SHIFTED; | |
| 657 case SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE: | |
| 658 return SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE_SHIFTED; | |
| 659 case SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE: | |
| 660 return SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE_SHIFTED; | |
| 661 case SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE: | |
| 662 return SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE_SHIFTED; | |
| 663 default: | |
| 664 NOTREACHED(); | |
| 665 return UNKNOWN_REJECT_REASON_SHIFTED; | |
| 666 } | |
| 667 } | |
| 668 | |
| 605 QuicErrorCode QuicCryptoClientConfig::ProcessServerHello( | 669 QuicErrorCode QuicCryptoClientConfig::ProcessServerHello( |
| 606 const CryptoHandshakeMessage& server_hello, | 670 const CryptoHandshakeMessage& server_hello, |
| 607 QuicConnectionId connection_id, | 671 QuicConnectionId connection_id, |
| 608 const QuicVersionVector& negotiated_versions, | 672 const QuicVersionVector& negotiated_versions, |
| 609 CachedState* cached, | 673 CachedState* cached, |
| 610 QuicCryptoNegotiatedParameters* out_params, | 674 QuicCryptoNegotiatedParameters* out_params, |
| 611 string* error_details) { | 675 string* error_details) { |
| 612 DCHECK(error_details != NULL); | 676 DCHECK(error_details != NULL); |
| 613 | 677 |
| 614 if (server_hello.tag() != kSHLO) { | 678 if (server_hello.tag() != kSHLO) { |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 756 return; | 820 return; |
| 757 } | 821 } |
| 758 | 822 |
| 759 // Update canonical version to point at the "most recent" entry. | 823 // Update canonical version to point at the "most recent" entry. |
| 760 canonical_server_map_[suffix_server_id] = server_id; | 824 canonical_server_map_[suffix_server_id] = server_id; |
| 761 | 825 |
| 762 server_state->InitializeFrom(*canonical_state); | 826 server_state->InitializeFrom(*canonical_state); |
| 763 } | 827 } |
| 764 | 828 |
| 765 } // namespace net | 829 } // namespace net |
| OLD | NEW |
