Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(200)

Side by Side Diff: components/data_reduction_proxy/common/data_reduction_proxy_headers.cc

Issue 387353003: Modify data_reduction_proxy_header to support tamper detection logic. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@work
Patch Set: after sync Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/data_reduction_proxy/common/data_reduction_proxy_headers.h" 5 #include "components/data_reduction_proxy/common/data_reduction_proxy_headers.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector>
8 9
9 #include "base/rand_util.h" 10 #include "base/rand_util.h"
10 #include "base/strings/string_number_conversions.h" 11 #include "base/strings/string_number_conversions.h"
11 #include "base/strings/string_piece.h" 12 #include "base/strings/string_piece.h"
12 #include "base/strings/string_util.h" 13 #include "base/strings/string_util.h"
13 #include "base/time/time.h" 14 #include "base/time/time.h"
14 #include "net/http/http_response_headers.h" 15 #include "net/http/http_response_headers.h"
15 #include "net/http/http_status_code.h" 16 #include "net/http/http_status_code.h"
16 #include "net/proxy/proxy_service.h" 17 #include "net/proxy/proxy_service.h"
17 18
18 using base::StringPiece; 19 using base::StringPiece;
19 using base::TimeDelta; 20 using base::TimeDelta;
20 using net::ProxyService; 21 using net::ProxyService;
21 22
22 namespace { 23 namespace {
23 24
25 const char kChromeProxyHeader[] = "chrome-proxy";
26 const char kActionValueDelimiter = '=';
27
28 const char kChromeProxyActionBlock[] = "block";
29 const char kChromeProxyActionBypass[] = "bypass";
30
31 // Actions for tamper detection fingerprints.
32 const char kChromeProxyActionFingerprintChromeProxy[] = "fcp";
33 const char kChromeProxyActionFingerprintVia[] = "fvia";
34 const char kChromeProxyActionFingerprintOtherHeaders[] = "foh";
35 const char kChromeProxyActionFingerprintContentLength[] = "fcl";
36
24 const int kShortBypassMaxSeconds = 59; 37 const int kShortBypassMaxSeconds = 59;
25 const int kMediumBypassMaxSeconds = 300; 38 const int kMediumBypassMaxSeconds = 300;
26 39
27 // Returns a random bypass duration between 1 and 5 minutes. 40 // Returns a random bypass duration between 1 and 5 minutes.
28 base::TimeDelta GetDefaultBypassDuration() { 41 base::TimeDelta GetDefaultBypassDuration() {
29 const int64 delta_ms = 42 const int64 delta_ms =
30 base::RandInt(base::TimeDelta::FromMinutes(1).InMilliseconds(), 43 base::RandInt(base::TimeDelta::FromMinutes(1).InMilliseconds(),
31 base::TimeDelta::FromMinutes(5).InMilliseconds()); 44 base::TimeDelta::FromMinutes(5).InMilliseconds());
32 return TimeDelta::FromMilliseconds(delta_ms); 45 return TimeDelta::FromMilliseconds(delta_ms);
33 } 46 }
34 } // namespace 47 } // namespace
35 48
36 namespace data_reduction_proxy { 49 namespace data_reduction_proxy {
37 50
51 bool GetDataReductionProxyActionValue(
52 const net::HttpResponseHeaders* headers,
53 const std::string& action_prefix,
54 std::string* action_value) {
55 DCHECK(headers);
56 DCHECK(!action_prefix.empty());
57 // A valid action does not include a trailing '='.
58 DCHECK(action_prefix[action_prefix.size() - 1] != kActionValueDelimiter);
59 void* iter = NULL;
60 std::string value;
61 std::string prefix = action_prefix + kActionValueDelimiter;
62
63 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
64 if (value.size() > prefix.size()) {
65 if (LowerCaseEqualsASCII(value.begin(),
66 value.begin() + prefix.size(),
67 prefix.c_str())) {
68 if (action_value)
69 *action_value = value.substr(prefix.size());
70 return true;
71 }
72 }
73 }
74 return false;
75 }
76
38 bool ParseHeadersAndSetBypassDuration(const net::HttpResponseHeaders* headers, 77 bool ParseHeadersAndSetBypassDuration(const net::HttpResponseHeaders* headers,
39 const std::string& action_prefix, 78 const std::string& action_prefix,
40 base::TimeDelta* bypass_duration) { 79 base::TimeDelta* bypass_duration) {
80 DCHECK(headers);
81 DCHECK(!action_prefix.empty());
82 // A valid action does not include a trailing '='.
83 DCHECK(action_prefix[action_prefix.size() - 1] != kActionValueDelimiter);
41 void* iter = NULL; 84 void* iter = NULL;
42 std::string value; 85 std::string value;
43 std::string name = "chrome-proxy"; 86 std::string prefix = action_prefix + kActionValueDelimiter;
44 87
45 while (headers->EnumerateHeader(&iter, name, &value)) { 88 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
46 if (value.size() > action_prefix.size()) { 89 if (value.size() > prefix.size()) {
47 if (LowerCaseEqualsASCII(value.begin(), 90 if (LowerCaseEqualsASCII(value.begin(),
48 value.begin() + action_prefix.size(), 91 value.begin() + prefix.size(),
49 action_prefix.c_str())) { 92 prefix.c_str())) {
50 int64 seconds; 93 int64 seconds;
51 if (!base::StringToInt64( 94 if (!base::StringToInt64(
52 StringPiece(value.begin() + action_prefix.size(), value.end()), 95 StringPiece(value.begin() + prefix.size(), value.end()),
53 &seconds) || seconds < 0) { 96 &seconds) || seconds < 0) {
54 continue; // In case there is a well formed instruction. 97 continue; // In case there is a well formed instruction.
55 } 98 }
56 if (seconds != 0) { 99 if (seconds != 0) {
57 *bypass_duration = TimeDelta::FromSeconds(seconds); 100 *bypass_duration = TimeDelta::FromSeconds(seconds);
58 } else { 101 } else {
59 // Server deferred to us to choose a duration. Default to a random 102 // Server deferred to us to choose a duration. Default to a random
60 // duration between one and five minutes. 103 // duration between one and five minutes.
61 *bypass_duration = GetDefaultBypassDuration(); 104 *bypass_duration = GetDefaultBypassDuration();
62 } 105 }
(...skipping 12 matching lines...) Expand all
75 // <duration> is the number of seconds to wait before retrying 118 // <duration> is the number of seconds to wait before retrying
76 // the proxy. If the duration is 0, then the default proxy retry delay 119 // the proxy. If the duration is 0, then the default proxy retry delay
77 // (specified in |ProxyList::UpdateRetryInfoOnFallback|) will be used. 120 // (specified in |ProxyList::UpdateRetryInfoOnFallback|) will be used.
78 // 'bypass' instructs Chrome to bypass the currently connected data reduction 121 // 'bypass' instructs Chrome to bypass the currently connected data reduction
79 // proxy, whereas 'block' instructs Chrome to bypass all available data 122 // proxy, whereas 'block' instructs Chrome to bypass all available data
80 // reduction proxies. 123 // reduction proxies.
81 124
82 // 'block' takes precedence over 'bypass', so look for it first. 125 // 'block' takes precedence over 'bypass', so look for it first.
83 // TODO(bengr): Reduce checks for 'block' and 'bypass' to a single loop. 126 // TODO(bengr): Reduce checks for 'block' and 'bypass' to a single loop.
84 if (ParseHeadersAndSetBypassDuration( 127 if (ParseHeadersAndSetBypassDuration(
85 headers, "block=", &proxy_info->bypass_duration)) { 128 headers, kChromeProxyActionBlock, &proxy_info->bypass_duration)) {
86 proxy_info->bypass_all = true; 129 proxy_info->bypass_all = true;
87 return true; 130 return true;
88 } 131 }
89 132
90 // Next, look for 'bypass'. 133 // Next, look for 'bypass'.
91 if (ParseHeadersAndSetBypassDuration( 134 if (ParseHeadersAndSetBypassDuration(
92 headers, "bypass=", &proxy_info->bypass_duration)) { 135 headers, kChromeProxyActionBypass, &proxy_info->bypass_duration)) {
93 return true; 136 return true;
94 } 137 }
95 return false; 138 return false;
96 } 139 }
97 140
98 bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers) { 141 bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers,
142 bool* has_intermediary) {
99 const size_t kVersionSize = 4; 143 const size_t kVersionSize = 4;
100 const char kDataReductionProxyViaValue[] = "Chrome-Compression-Proxy"; 144 const char kDataReductionProxyViaValue[] = "Chrome-Compression-Proxy";
101 size_t value_len = strlen(kDataReductionProxyViaValue); 145 size_t value_len = strlen(kDataReductionProxyViaValue);
102 void* iter = NULL; 146 void* iter = NULL;
103 std::string value; 147 std::string value;
104 148
105 // Case-sensitive comparison of |value|. Assumes the received protocol and the 149 // Case-sensitive comparison of |value|. Assumes the received protocol and the
106 // space following it are always |kVersionSize| characters. E.g., 150 // space following it are always |kVersionSize| characters. E.g.,
107 // 'Via: 1.1 Chrome-Compression-Proxy' 151 // 'Via: 1.1 Chrome-Compression-Proxy'
108 while (headers->EnumerateHeader(&iter, "via", &value)) { 152 while (headers->EnumerateHeader(&iter, "via", &value)) {
109 if (value.size() >= kVersionSize + value_len && 153 if (value.size() >= kVersionSize + value_len &&
110 !value.compare(kVersionSize, value_len, kDataReductionProxyViaValue)) 154 !value.compare(kVersionSize, value_len, kDataReductionProxyViaValue)) {
155 if (has_intermediary)
156 // We assume intermediary exists if there is another Via header after
157 // the data reduction proxy's Via header.
158 *has_intermediary = !(headers->EnumerateHeader(&iter, "via", &value));
111 return true; 159 return true;
160 }
112 } 161 }
113 162
114 // TODO(bengr): Remove deprecated header value. 163 // TODO(bengr): Remove deprecated header value.
115 const char kDeprecatedDataReductionProxyViaValue[] = 164 const char kDeprecatedDataReductionProxyViaValue[] =
116 "1.1 Chrome Compression Proxy"; 165 "1.1 Chrome Compression Proxy";
117 iter = NULL; 166 iter = NULL;
118 while (headers->EnumerateHeader(&iter, "via", &value)) 167 while (headers->EnumerateHeader(&iter, "via", &value))
119 if (value == kDeprecatedDataReductionProxyViaValue) 168 if (value == kDeprecatedDataReductionProxyViaValue) {
169 if (has_intermediary)
170 *has_intermediary = !(headers->EnumerateHeader(&iter, "via", &value));
120 return true; 171 return true;
172 }
121 173
122 return false; 174 return false;
123 } 175 }
124 176
125 net::ProxyService::DataReductionProxyBypassType 177 net::ProxyService::DataReductionProxyBypassType
126 GetDataReductionProxyBypassType( 178 GetDataReductionProxyBypassType(
127 const net::HttpResponseHeaders* headers, 179 const net::HttpResponseHeaders* headers,
128 DataReductionProxyInfo* data_reduction_proxy_info) { 180 DataReductionProxyInfo* data_reduction_proxy_info) {
129 DCHECK(data_reduction_proxy_info); 181 DCHECK(data_reduction_proxy_info);
130 if (ParseHeadersAndSetProxyInfo(headers, data_reduction_proxy_info)) { 182 if (ParseHeadersAndSetProxyInfo(headers, data_reduction_proxy_info)) {
(...skipping 13 matching lines...) Expand all
144 if (headers->response_code() == net::HTTP_BAD_GATEWAY) 196 if (headers->response_code() == net::HTTP_BAD_GATEWAY)
145 return ProxyService::STATUS_502_HTTP_BAD_GATEWAY; 197 return ProxyService::STATUS_502_HTTP_BAD_GATEWAY;
146 if (headers->response_code() == net::HTTP_SERVICE_UNAVAILABLE) 198 if (headers->response_code() == net::HTTP_SERVICE_UNAVAILABLE)
147 return ProxyService::STATUS_503_HTTP_SERVICE_UNAVAILABLE; 199 return ProxyService::STATUS_503_HTTP_SERVICE_UNAVAILABLE;
148 // TODO(kundaji): Bypass if Proxy-Authenticate header value cannot be 200 // TODO(kundaji): Bypass if Proxy-Authenticate header value cannot be
149 // interpreted by data reduction proxy. 201 // interpreted by data reduction proxy.
150 if (headers->response_code() == net::HTTP_PROXY_AUTHENTICATION_REQUIRED && 202 if (headers->response_code() == net::HTTP_PROXY_AUTHENTICATION_REQUIRED &&
151 !headers->HasHeader("Proxy-Authenticate")) { 203 !headers->HasHeader("Proxy-Authenticate")) {
152 return ProxyService::MALFORMED_407; 204 return ProxyService::MALFORMED_407;
153 } 205 }
154 if (!HasDataReductionProxyViaHeader(headers) && 206 if (!HasDataReductionProxyViaHeader(headers, NULL) &&
155 (headers->response_code() != net::HTTP_NOT_MODIFIED)) { 207 (headers->response_code() != net::HTTP_NOT_MODIFIED)) {
156 // A Via header might not be present in a 304. Since the goal of a 304 208 // A Via header might not be present in a 304. Since the goal of a 304
157 // response is to minimize information transfer, a sender in general 209 // response is to minimize information transfer, a sender in general
158 // should not generate representation metadata other than Cache-Control, 210 // should not generate representation metadata other than Cache-Control,
159 // Content-Location, Date, ETag, Expires, and Vary. 211 // Content-Location, Date, ETag, Expires, and Vary.
160 212
161 // The proxy Via header might also not be present in a 4xx response. 213 // The proxy Via header might also not be present in a 4xx response.
162 // Separate this case from other responses that are missing the header. 214 // Separate this case from other responses that are missing the header.
163 if (headers->response_code() >= net::HTTP_BAD_REQUEST && 215 if (headers->response_code() >= net::HTTP_BAD_REQUEST &&
164 headers->response_code() < net::HTTP_INTERNAL_SERVER_ERROR) { 216 headers->response_code() < net::HTTP_INTERNAL_SERVER_ERROR) {
165 return ProxyService::MISSING_VIA_HEADER_4XX; 217 return ProxyService::MISSING_VIA_HEADER_4XX;
166 } 218 }
167 return ProxyService::MISSING_VIA_HEADER_OTHER; 219 return ProxyService::MISSING_VIA_HEADER_OTHER;
168 } 220 }
169 // There is no bypass event. 221 // There is no bypass event.
170 return ProxyService::BYPASS_EVENT_TYPE_MAX; 222 return ProxyService::BYPASS_EVENT_TYPE_MAX;
171 } 223 }
172 224
225 bool GetDataReductionProxyActionFingerprintChromeProxy(
226 const net::HttpResponseHeaders* headers,
227 std::string* chrome_proxy_fingerprint) {
228 return GetDataReductionProxyActionValue(
229 headers,
230 kChromeProxyActionFingerprintChromeProxy,
231 chrome_proxy_fingerprint);
232 }
233
234 bool GetDataReductionProxyActionFingerprintVia(
235 const net::HttpResponseHeaders* headers,
236 std::string* via_fingerprint) {
237 return GetDataReductionProxyActionValue(
238 headers,
239 kChromeProxyActionFingerprintVia,
240 via_fingerprint);
241 }
242
243 bool GetDataReductionProxyActionFingerprintOtherHeaders(
244 const net::HttpResponseHeaders* headers,
245 std::string* other_headers_fingerprint) {
246 return GetDataReductionProxyActionValue(
247 headers,
248 kChromeProxyActionFingerprintOtherHeaders,
249 other_headers_fingerprint);
250 }
251
252 bool GetDataReductionProxyActionFingerprintContentLength(
253 const net::HttpResponseHeaders* headers,
254 std::string* content_length_fingerprint) {
255 return GetDataReductionProxyActionValue(
256 headers,
257 kChromeProxyActionFingerprintContentLength,
258 content_length_fingerprint);
259 }
260
261 void GetDataReductionProxyHeaderWithFingerprintRemoved(
262 const net::HttpResponseHeaders* headers,
263 std::vector<std::string>* values) {
264 DCHECK(values);
265 std::string chrome_proxy_fingerprint_prefix = std::string(
266 kChromeProxyActionFingerprintChromeProxy) + kActionValueDelimiter;
267
268 std::string value;
269 void* iter = NULL;
270 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
271 if (value.size() > chrome_proxy_fingerprint_prefix.size()) {
272 if (LowerCaseEqualsASCII(
273 value.begin(),
274 value.begin() + chrome_proxy_fingerprint_prefix.size(),
275 chrome_proxy_fingerprint_prefix.c_str())) {
276 continue;
277 }
278 }
279 values->push_back(value);
280 }
281 }
282
173 } // namespace data_reduction_proxy 283 } // namespace data_reduction_proxy
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698