Add an eviction mechanism for SDCH dictionaries.

net/base/sdch_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/sdch_manager.h"
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 21 matching lines @@
   GURL::Replacements replacements;
   replacements.SetHostStr(host);
   *gurl = gurl->ReplaceComponents(replacements);
   return;
 }
 
 }  // namespace
 
 namespace net {
 
-// Adjust SDCH limits downwards for mobile.
-#if defined(OS_ANDROID) || defined(OS_IOS)
-// static
-const size_t SdchManager::kMaxDictionaryCount = 1;
-const size_t SdchManager::kMaxDictionarySize = 500 * 1000;
-#else
-// static
-const size_t SdchManager::kMaxDictionaryCount = 20;
-const size_t SdchManager::kMaxDictionarySize = 1000 * 1000;
-#endif
-
 // Workaround for http://crbug.com/437794; remove when fixed.
 #if defined(OS_IOS)
 // static
 bool SdchManager::g_sdch_enabled_ = false;
 #else
 // static
 bool SdchManager::g_sdch_enabled_ = true;
 #endif
 
 // static
 bool SdchManager::g_secure_scheme_supported_ = true;
 
 SdchManager::Dictionary::Dictionary(const std::string& dictionary_text,
                                     size_t offset,
                                     const std::string& client_hash,
+                                    const std::string& server_hash,
                                     const GURL& gurl,
                                     const std::string& domain,
                                     const std::string& path,
                                     const base::Time& expiration,
                                     const std::set<int>& ports)
     : text_(dictionary_text, offset),
       client_hash_(client_hash),
+      server_hash_(server_hash),
       url_(gurl),
       domain_(domain),
       path_(path),
       expiration_(expiration),
       ports_(ports),
       clock_(new base::DefaultClock) {
 }
 
 SdchManager::Dictionary::Dictionary(const SdchManager::Dictionary& rhs)
     : text_(rhs.text_),
       client_hash_(rhs.client_hash_),
+      server_hash_(rhs.server_hash_),
       url_(rhs.url_),
       domain_(rhs.domain_),
       path_(rhs.path_),
       expiration_(rhs.expiration_),
       ports_(rhs.ports_),
-      clock_(new base::DefaultClock) {}
+      clock_(new base::DefaultClock) {
+}
 
 SdchManager::Dictionary::~Dictionary() {}
 
 // Security functions restricting loads and use of dictionaries.
 
 // static
 SdchProblemCode SdchManager::Dictionary::CanSet(const std::string& domain,
                                                 const std::string& path,
                                                 const std::set<int>& ports,
                                                 const GURL& dictionary_url) {
@@ skipping 163 matching lines @@
   while (!dictionaries_.empty()) {
     auto it = dictionaries_.begin();
     dictionaries_.erase(it->first);
   }
 }
 
 void SdchManager::ClearData() {
   blacklisted_domains_.clear();
   allow_latency_experiment_.clear();
 
-  // Note that this may result in not having dictionaries we've advertised
-  // for incoming responses. The window is relatively small (as ClearData()
-  // is not expected to be called frequently), so we rely on meta-refresh
-  // to handle this case.
-  dictionaries_.clear();
+  while (!dictionaries_.empty()) {

[Bence, 2015/01/08 14:37:17]

What was wrong with dictionaries_.clear()?

[Randy Smith (Not in Mondays), 2015/01/08 15:48:23]

Huh.  Good question.  I think this is from an earlier version that provided a
"DictionaryRemoved" notification to the observer.  Reverted (left the comment
out, though, as it's no longer accurate).

+    auto it(dictionaries_.begin());
+    dictionaries_.erase(it);
+  }
 
   FOR_EACH_OBSERVER(SdchObserver, observers_, OnClearDictionaries(this));
 }
 
 // static
 void SdchManager::SdchErrorRecovery(SdchProblemCode problem) {
   UMA_HISTOGRAM_ENUMERATION("Sdch3.ProblemCodes_5", problem,
                             SDCH_MAX_PROBLEM_CODE);
 }
 
@@ skipping 103 matching lines @@
   if (rv != SDCH_OK)
     return rv;
 
   FOR_EACH_OBSERVER(SdchObserver,
                     observers_,
                     OnGetDictionary(this, request_url, dictionary_url));
 
   return SDCH_OK;
 }
 
+void SdchManager::OnDictionaryUsed(const std::string& server_hash) {
+  FOR_EACH_OBSERVER(SdchObserver, observers_,
+                    OnDictionaryUsed(this, server_hash));
+}
+
 SdchProblemCode SdchManager::CanFetchDictionary(
     const GURL& referring_url,
     const GURL& dictionary_url) const {
   DCHECK(thread_checker_.CalledOnValidThread());
   /* The user agent may retrieve a dictionary from the dictionary URL if all of
      the following are true:
        1 The dictionary URL host name matches the referrer URL host name and
            scheme.
        2 The dictionary URL host name domain matches the parent domain of the
            referrer URL host name
@@ skipping 101 matching lines @@
 void SdchManager::AddObserver(SdchObserver* observer) {
   observers_.AddObserver(observer);
 }
 
 void SdchManager::RemoveObserver(SdchObserver* observer) {
   observers_.RemoveObserver(observer);
 }
 
 SdchProblemCode SdchManager::AddSdchDictionary(
     const std::string& dictionary_text,
-    const GURL& dictionary_url) {
+    const GURL& dictionary_url,
+    std::string* server_hash_p) {
   DCHECK(thread_checker_.CalledOnValidThread());
   std::string client_hash;
   std::string server_hash;
   GenerateHash(dictionary_text, &client_hash, &server_hash);
   if (dictionaries_.find(server_hash) != dictionaries_.end())
     return SDCH_DICTIONARY_ALREADY_LOADED;  // Already loaded.
 
   std::string domain, path;
   std::set<int> ports;
   base::Time expiration(base::Time::Now() + base::TimeDelta::FromDays(30));
@@ skipping 56 matching lines @@
   StripTrailingDot(&dictionary_url_normalized);
 
   SdchProblemCode rv = IsInSupportedDomain(dictionary_url_normalized);
   if (rv != SDCH_OK)
     return rv;
 
   rv = Dictionary::CanSet(domain, path, ports, dictionary_url_normalized);
   if (rv != SDCH_OK)
     return rv;
 
-  // TODO(jar): Remove these hacks to preclude a DOS attack involving piles of
-  // useless dictionaries. We should probably have a cache eviction plan,
-  // instead of just blocking additions. For now, with the spec in flux, it
-  // is probably not worth doing eviction handling.
-  if (kMaxDictionarySize < dictionary_text.size())
-    return SDCH_DICTIONARY_IS_TOO_LARGE;
-
-  if (kMaxDictionaryCount <= dictionaries_.size())
-    return SDCH_DICTIONARY_COUNT_EXCEEDED;
-
   UMA_HISTOGRAM_COUNTS("Sdch3.Dictionary size loaded", dictionary_text.size());
   DVLOG(1) << "Loaded dictionary with client hash " << client_hash
            << " and server hash " << server_hash;
   Dictionary dictionary(dictionary_text, header_end + 2, client_hash,
-                        dictionary_url_normalized, domain, path, expiration,
-                        ports);
+                        server_hash, dictionary_url_normalized, domain, path,
+                        expiration, ports);
   dictionaries_[server_hash] =
       new base::RefCountedData<Dictionary>(dictionary);
+  if (server_hash_p)
+    *server_hash_p = server_hash;
 
   return SDCH_OK;
 }
 
+SdchProblemCode SdchManager::RemoveSdchDictionary(
+    const std::string& server_hash) {
+  if (dictionaries_.find(server_hash) == dictionaries_.end())
+    return SDCH_DICTIONARY_HASH_NOT_FOUND;
+
+  dictionaries_.erase(server_hash);
+  return SDCH_OK;
+}
+
 // static
 scoped_ptr<SdchManager::DictionarySet>
 SdchManager::CreateEmptyDictionarySetForTesting() {
   return scoped_ptr<DictionarySet>(new DictionarySet).Pass();
 }
 
 // static
 void SdchManager::UrlSafeBase64Encode(const std::string& input,
                                       std::string* output) {
   // Since this is only done during a dictionary load, and hashes are only 8
@@ skipping 39 matching lines @@
       entry_dict->SetInteger("tries", it->second.count);
     entry_dict->SetInteger("reason", it->second.reason);
     entry_list->Append(entry_dict);
   }
   value->Set("blacklisted", entry_list);
 
   return value;
 }
 
 }  // namespace net