| // Copyright 2016 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/filter/sdch_policy_delegate.h" |
| |
| #include "base/metrics/histogram_macros.h" |
| #include "base/strings/string_util.h" |
| #include "base/values.h" |
| #include "net/base/sdch_problem_codes.h" |
| #include "net/log/net_log.h" |
| #include "net/log/net_log_event_type.h" |
| #include "net/url_request/url_request_http_job.h" |
| |
| namespace net { |
| |
| namespace { |
| |
| const char kRefreshHtml[] = |
| "<head><META HTTP-EQUIV=\"Refresh\" CONTENT=\"0\"></head>"; |
| // Mime types: |
| const char kTextHtml[] = "text/html"; |
| |
| // Disambiguate various types of responses that trigger a meta-refresh, |
| // failure, or fallback to pass-through. |
| enum ResponseCorruptionDetectionCause { |
| RESPONSE_NONE, |
| |
| // 404 Http Response Code |
| RESPONSE_404 = 1, |
| |
| // Not a 200 Http Response Code |
| RESPONSE_NOT_200 = 2, |
| |
| // Cached before dictionary retrieved. |
| RESPONSE_OLD_UNENCODED = 3, |
| |
| // Speculative but incorrect SDCH filtering was added added. |
| RESPONSE_TENTATIVE_SDCH = 4, |
| |
| // Missing correct dict for decoding. |
| RESPONSE_NO_DICTIONARY = 5, |
| |
| // Not an SDCH response but should be. |
| RESPONSE_CORRUPT_SDCH = 6, |
| |
| // No dictionary was advertised with the request, the server claims |
| // to have encoded with SDCH anyway, but it isn't an SDCH response. |
| RESPONSE_ENCODING_LIE = 7, |
| |
| RESPONSE_MAX, |
| }; |
| |
| const char* ResponseCorruptionDetectionCauseToString( |
| ResponseCorruptionDetectionCause cause) { |
| const char* cause_string = "<unknown>"; |
| switch (cause) { |
| case RESPONSE_NONE: |
| cause_string = "NONE"; |
| break; |
| case RESPONSE_404: |
| cause_string = "404"; |
| break; |
| case RESPONSE_NOT_200: |
| cause_string = "NOT_200"; |
| break; |
| case RESPONSE_OLD_UNENCODED: |
| cause_string = "OLD_UNENCODED"; |
| break; |
| case RESPONSE_TENTATIVE_SDCH: |
| cause_string = "TENTATIVE_SDCH"; |
| break; |
| case RESPONSE_NO_DICTIONARY: |
| cause_string = "NO_DICTIONARY"; |
| break; |
| case RESPONSE_CORRUPT_SDCH: |
| cause_string = "CORRUPT_SDCH"; |
| break; |
| case RESPONSE_ENCODING_LIE: |
| cause_string = "ENCODING_LIE"; |
| break; |
| case RESPONSE_MAX: |
| cause_string = "<Error: max enum value>"; |
| break; |
| } |
| return cause_string; |
| } |
| |
| std::unique_ptr<base::Value> NetLogResponseCorruptionDetectionCallback( |
| ResponseCorruptionDetectionCause cause, |
| bool cached, |
| NetLogCaptureMode capture_mode) { |
| std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
| dict->SetString("cause", ResponseCorruptionDetectionCauseToString(cause)); |
| dict->SetBoolean("cached", cached); |
| return std::move(dict); |
| } |
| |
| void LogCorruptionDetection(const NetLogWithSource& net_log, |
| bool is_cached_content, |
| ResponseCorruptionDetectionCause cause) { |
| // Use if statement rather than ?: because UMA_HISTOGRAM_ENUMERATION |
| // caches the histogram name based on the call site. |
| if (is_cached_content) { |
| UMA_HISTOGRAM_ENUMERATION("Sdch3.ResponseCorruptionDetection.Cached", cause, |
| RESPONSE_MAX); |
| } else { |
| UMA_HISTOGRAM_ENUMERATION("Sdch3.ResponseCorruptionDetection.Uncached", |
| cause, RESPONSE_MAX); |
| } |
| net_log.AddEvent(NetLogEventType::SDCH_RESPONSE_CORRUPTION_DETECTION, |
| base::Bind(&NetLogResponseCorruptionDetectionCallback, cause, |
| is_cached_content)); |
| } |
| |
| } // namespace |
| |
| SdchPolicyDelegate::SdchPolicyDelegate( |
| bool possible_pass_through, |
| URLRequestHttpJob* job, |
| std::string mime_type, |
| const GURL& url, |
| bool is_cached_content, |
| SdchManager* sdch_manager, |
| std::unique_ptr<SdchManager::DictionarySet> dictionary_set, |
| int response_code, |
| const NetLogWithSource& net_log) |
| : possible_pass_through_(possible_pass_through), |
| job_(job), |
| mime_type_(mime_type), |
| url_(url), |
| is_cached_content_(is_cached_content), |
| sdch_manager_(sdch_manager), |
| dictionary_set_(std::move(dictionary_set)), |
| response_code_(response_code), |
| net_log_(net_log) { |
| DCHECK(sdch_manager_); |
| } |
| |
| SdchPolicyDelegate::~SdchPolicyDelegate() {} |
| |
| // static |
| void SdchPolicyDelegate::FixUpSdchContentEncodings( |
| const NetLogWithSource& net_log, |
| const std::string& mime_type, |
| SdchManager::DictionarySet* dictionary_set, |
| std::vector<SourceStream::SourceType>* types) { |
| if (!dictionary_set) { |
| // If sdch dictionary is advertised, we might need to add some decoding, as |
| // some proxies strip encoding completely. |
| // It was not an SDCH request, so we'll just record stats. |
| if (1 < types->size()) { |
| // Multiple filters were intended to only be used for SDCH (thus far!) |
| SdchManager::LogSdchProblem(net_log, |
| SDCH_MULTIENCODING_FOR_NON_SDCH_REQUEST); |
| } |
| if ((1 == types->size()) && (SourceStream::TYPE_SDCH == types->front())) { |
| SdchManager::LogSdchProblem( |
| net_log, SDCH_SDCH_CONTENT_ENCODE_FOR_NON_SDCH_REQUEST); |
| } |
| return; |
| } |
| // If content encoding included SDCH, then everything is "relatively" fine. |
| if (!types->empty() && types->front() == SourceStream::TYPE_SDCH) { |
| // Some proxies (found currently in Argentina) strip the Content-Encoding |
| // text from "sdch,gzip" to a mere "sdch" without modifying the compressed |
| // payload. To handle this gracefully, we simulate the "probably" deleted |
| // ",gzip" by appending a tentative gzip decode, which will default to a |
| // no-op pass through filter if it doesn't get gzip headers where |
| // expected. |
| if (1 == types->size()) { |
| types->push_back(SourceStream::TYPE_GZIP_FALLBACK); |
| SdchManager::LogSdchProblem(net_log, SDCH_OPTIONAL_GUNZIP_ENCODING_ADDED); |
| } |
| return; |
| } |
| |
| // There are now several cases to handle for an SDCH request. Foremost, if |
| // the outbound request was stripped so as not to advertise support for |
| // encodings, we might get back content with no encoding, or (for example) |
| // just gzip. We have to be sure that any changes we make allow for such |
| // minimal coding to work. That issue is why we use POSSIBLE_SDCH filters, |
| // as those filters sniff the content, and act as pass-through filters if |
| // headers are not found. TODO(xunjieli): Currently POSSIBLE_SDCH filters |
| // issue meta-refresh instead of pass-throughs to match old code. Change it |
| // to do pass-throughs. |
| |
| // If the outbound GET is not modified, then the server will generally try to |
| // send us SDCH encoded content. As that content returns, there are several |
| // corruptions of the header "content-encoding" that proxies may perform (and |
| // have been detected in the wild). We already dealt with the a honest |
| // content encoding of "sdch,gzip" being corrupted into "sdch" with no change |
| // of the actual content. Another common corruption is to either discard |
| // the accurate content encoding, or to replace it with gzip only (again, with |
| // no change in actual content). The last observed corruption it to actually |
| // change the content, such as by re-gzipping it, and that may happen along |
| // with corruption of the stated content encoding (wow!). |
| |
| // The one unresolved failure mode comes when we advertise a dictionary, and |
| // the server tries to *send* a gzipped file (not gzip encode content), and |
| // then we could do a gzip decode :-(. |
| // We will gather a lot of stats as we perform the fixups. |
| if (base::StartsWith(mime_type, kTextHtml, |
| base::CompareCase::INSENSITIVE_ASCII)) { |
| // Suspicious case: Advertised dictionary, but server didn't use sdch, and |
| // we're HTML tagged. |
| if (types->empty()) { |
| SdchManager::LogSdchProblem(net_log, SDCH_ADDED_CONTENT_ENCODING); |
| } else if (1 == types->size()) { |
| SdchManager::LogSdchProblem(net_log, SDCH_FIXED_CONTENT_ENCODING); |
| } else { |
| SdchManager::LogSdchProblem(net_log, SDCH_FIXED_CONTENT_ENCODINGS); |
| } |
| } else { |
| // Remarkable case!?! We advertised an SDCH dictionary, content-encoding |
| // was not marked for SDCH processing: Why did the server suggest an SDCH |
| // dictionary in the first place??. Also, the content isn't |
| // tagged as HTML, despite the fact that SDCH encoding is mostly likely |
| // for HTML: Did some anti-virus system strip this tag (sometimes they |
| // strip accept-encoding headers on the request)?? Does the content |
| // encoding not start with "text/html" for some other reason?? We'll |
| // report this as a fixup to a binary file, but it probably really is |
| // text/html (some how). |
| if (types->empty()) { |
| SdchManager::LogSdchProblem(net_log, SDCH_BINARY_ADDED_CONTENT_ENCODING); |
| } else if (1 == types->size()) { |
| SdchManager::LogSdchProblem(net_log, SDCH_BINARY_FIXED_CONTENT_ENCODING); |
| } else { |
| SdchManager::LogSdchProblem(net_log, SDCH_BINARY_FIXED_CONTENT_ENCODINGS); |
| } |
| } |
| |
| // Leave the existing encoding type to be processed first, and add our |
| // tentative decodings to be done afterwards. Vodaphone UK reportedly will |
| // perform a second layer of gzip encoding atop the server's sdch,gzip |
| // encoding, and then claim that the content encoding is a mere gzip. As a |
| // result we'll need (in that case) to do the gunzip, plus our tentative |
| // gunzip and tentative SDCH decoding. This approach nicely handles the |
| // empty() list as well, and should work with other (as yet undiscovered) |
| // proxies the choose to re-compressed with some other encoding (such as |
| // bzip2, etc.). |
| types->insert(types->begin(), SourceStream::TYPE_GZIP_FALLBACK); |
| types->insert(types->begin(), SourceStream::TYPE_SDCH_POSSIBLE); |
| } |
| |
| // Dictionary id errors are often the first indication that the SDCH stream has |
| // become corrupt. There are many possible causes: non-200 response codes, a |
| // cached non-SDCH-ified reply, or a response that claims to be SDCH but isn't |
| // actually. These are handled here by issuing a meta-refresh or swapping to the |
| // "passthrough" mode if appropriate, or failing the request if the error is |
| // unrecoverable. |
| SdchPolicyDelegate::ErrorRecovery SdchPolicyDelegate::OnDictionaryIdError( |
| std::string* replace_output) { |
| if (possible_pass_through_) { |
| LogCorruptionDetection(net_log_, is_cached_content_, |
| RESPONSE_TENTATIVE_SDCH); |
| // Ideally we should return PASS_THROUGH here, but this is done to match |
| // the old behavior in sdch_filter.cc. |
| } |
| // HTTP 404 might be an unencoded error page, so if decoding failed, pass it |
| // through. TODO(xunjieli): Remove this. crbug.com/516773. |
| if (response_code_ == 404) { |
| SdchManager::LogSdchProblem(net_log_, SDCH_PASS_THROUGH_404_CODE); |
| LogCorruptionDetection(net_log_, is_cached_content_, RESPONSE_404); |
| return PASS_THROUGH; |
| } |
| |
| // HTTP !200 gets a meta-refresh for HTML. |
| // TODO(xunjieli): remove this. crbug.com/654393. |
| if (response_code_ != 200) { |
| LogCorruptionDetection(net_log_, is_cached_content_, RESPONSE_NOT_200); |
| return IssueMetaRefreshIfPossible(replace_output); |
| } |
| |
| // If this is a cached result and the source hasn't requested a dictionary, it |
| // probably never had a dictionary to begin and is an unencoded response from |
| // earlier. |
| if (is_cached_content_) { |
| SdchManager::LogSdchProblem(net_log_, SDCH_PASS_THROUGH_OLD_CACHED); |
| LogCorruptionDetection(net_log_, is_cached_content_, |
| RESPONSE_OLD_UNENCODED); |
| return PASS_THROUGH; |
| } |
| |
| // The original request didn't advertise any dictionaries, but the |
| // response claimed to be SDCH. There is no way to repair this situation: the |
| // original request already didn't advertise any dictionaries, and retrying it |
| // would likely have the/ same result. Blacklist the domain and try passing |
| // through. |
| if (!dictionary_set_) { |
| sdch_manager_->BlacklistDomain(url_, SDCH_PASSING_THROUGH_NON_SDCH); |
| LogCorruptionDetection(net_log_, is_cached_content_, RESPONSE_ENCODING_LIE); |
| return PASS_THROUGH; |
| } |
| // Since SDCH dictionaries are advertised, this is a corrupt SDCH response. |
| LogCorruptionDetection(net_log_, is_cached_content_, RESPONSE_CORRUPT_SDCH); |
| return IssueMetaRefreshIfPossible(replace_output); |
| } |
| |
| // Dictionary fails to load when we have a plausible dictionay id. There are |
| // many possible causes: a cached SDCH-ified reply for which the SdchManager did |
| // not have the dictionary or a corrupted response. These are handled here by |
| // issuing a meta-refresh except the case where response code is 404. |
| SdchPolicyDelegate::ErrorRecovery SdchPolicyDelegate::OnGetDictionaryError( |
| std::string* replace_output) { |
| if (possible_pass_through_) { |
| LogCorruptionDetection(net_log_, is_cached_content_, |
| RESPONSE_TENTATIVE_SDCH); |
| // Ideally we should return PASS_THROUGH here, but this is done to match |
| // the old behavior in sdch_filter.cc. |
| } |
| // HTTP 404 might be an unencoded error page, so if decoding failed, pass it |
| // through. TODO(xunjieli): Remove this case crbug.com/516773. |
| if (response_code_ == 404) { |
| SdchManager::LogSdchProblem(net_log_, SDCH_PASS_THROUGH_404_CODE); |
| LogCorruptionDetection(net_log_, is_cached_content_, RESPONSE_404); |
| return PASS_THROUGH; |
| } |
| SdchManager::LogSdchProblem(net_log_, SDCH_DICTIONARY_HASH_NOT_FOUND); |
| LogCorruptionDetection(net_log_, is_cached_content_, RESPONSE_NO_DICTIONARY); |
| return IssueMetaRefreshIfPossible(replace_output); |
| } |
| |
| SdchPolicyDelegate::ErrorRecovery SdchPolicyDelegate::OnDecodingError( |
| std::string* replace_output) { |
| // A decoding error, as opposed to a dictionary error, indicates a |
| // decompression failure partway through the payload of the SDCH stream, |
| // which means that the filter already witnessed a valid dictionary ID and |
| // successfully retrieved a dictionary for it. Decoding errors are not |
| // recoverable and it is not appropriate to stop decoding, so there are |
| // relatively few error cases here. |
| // |
| // In particular, a decoding error for an HTML payload is recoverable by |
| // issuing a meta-refresh, but to avoid having that happen too often, this |
| // class also temporarily blacklists the domain. A decoding error for a |
| // non-HTML payload is unrecoverable, so such an error gets a permanent |
| // blacklist entry. If the content was cached, no blacklisting is needed. |
| // TODO(xunjieli): This case should be removed. crbug.com/651821. |
| return IssueMetaRefreshIfPossible(replace_output); |
| } |
| |
| bool SdchPolicyDelegate::OnGetDictionary(const std::string& server_id, |
| const std::string** text) { |
| if (dictionary_set_) { |
| *text = dictionary_set_->GetDictionaryText(server_id); |
| if (*text) { |
| server_id_ = server_id; |
| return true; |
| } |
| } |
| // This is a hack. Naively, the dictionaries available for |
| // decoding should be only the ones advertised. However, there are |
| // cases, specifically resources encoded with old dictionaries living |
| // in the cache, that mean the full set of dictionaries should be made |
| // available for decoding. It's not known how often this happens; |
| // if it happens rarely enough, this code can be removed. |
| // |
| // TODO(rdsmith): Long-term, a better solution is necessary, since |
| // an entry in the cache being encoded with the dictionary doesn't |
| // guarantee that the dictionary is present. That solution probably |
| // involves storing unencoded resources in the cache, but might |
| // involve evicting encoded resources on dictionary removal. |
| // See http://crbug.com/383405. |
| SdchProblemCode rv = SDCH_OK; |
| unexpected_dictionary_set_ = |
| sdch_manager_->GetDictionarySetByHash(url_, server_id, &rv); |
| if (unexpected_dictionary_set_) { |
| *text = unexpected_dictionary_set_->GetDictionaryText(server_id); |
| SdchManager::LogSdchProblem( |
| net_log_, is_cached_content_ ? SDCH_UNADVERTISED_DICTIONARY_USED_CACHED |
| : SDCH_UNADVERTISED_DICTIONARY_USED); |
| if (*text) { |
| server_id_ = server_id; |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| void SdchPolicyDelegate::OnStreamDestroyed( |
| SdchSourceStream::InputState input_state, |
| bool buffered_output_present, |
| bool decoding_not_finished) { |
| if (decoding_not_finished) { |
| SdchManager::LogSdchProblem(net_log_, SDCH_INCOMPLETE_SDCH_CONTENT); |
| // Make it possible for the user to hit reload, and get non-sdch content. |
| // Note this will "wear off" quickly enough, and is just meant to assure |
| // in some rare case that the user is not stuck. |
| sdch_manager_->BlacklistDomain(url_, SDCH_INCOMPLETE_SDCH_CONTENT); |
| } |
| // Filter chaining error, or premature teardown. |
| if (buffered_output_present) |
| SdchManager::LogSdchProblem(net_log_, SDCH_UNFLUSHED_CONTENT); |
| |
| // Only record packet stats for non-cached content. |
| if (is_cached_content_) { |
| // Not a real error, but it is useful to have this tally. |
| // TODO(jar): Remove this stat after SDCH stability is validated. |
| SdchManager::LogSdchProblem(net_log_, SDCH_CACHE_DECODED); |
| return; // We don't need timing stats, and we aready got ratios. |
| } |
| switch (input_state) { |
| case SdchSourceStream::STATE_DECODE: { |
| job_->RecordPacketStats(StatisticSelector::SDCH_DECODE); |
| // Allow latency experiments to proceed. |
| sdch_manager_->SetAllowLatencyExperiment(url_, true); |
| |
| // Notify successful dictionary usage. |
| DCHECK(!server_id_.empty()); |
| sdch_manager_->OnDictionaryUsed(server_id_); |
| return; |
| } |
| case SdchSourceStream::STATE_LOAD_DICTIONARY: |
| SdchManager::LogSdchProblem(net_log_, SDCH_PRIOR_TO_DICTIONARY); |
| return; |
| case SdchSourceStream::STATE_PASS_THROUGH: |
| job_->RecordPacketStats(StatisticSelector::SDCH_PASSTHROUGH); |
| return; |
| case SdchSourceStream::STATE_OUTPUT_REPLACE: |
| // This is meta refresh case. Already accounted for when set. |
| return; |
| } // end of switch. |
| } |
| |
| // TODO(xunjieli): Remove meta refresh. crbug.com/651821. |
| SdchPolicyDelegate::ErrorRecovery |
| SdchPolicyDelegate::IssueMetaRefreshIfPossible(std::string* replace_output) { |
| // Errors for non-HTML payloads are unrecoverable and get the domain |
| // blacklisted indefinitely. |
| if (mime_type_.npos == mime_type_.find("text/html")) { |
| SdchProblemCode problem = |
| (is_cached_content_ ? SDCH_CACHED_META_REFRESH_UNSUPPORTED |
| : SDCH_META_REFRESH_UNSUPPORTED); |
| sdch_manager_->BlacklistDomainForever(url_, problem); |
| SdchManager::LogSdchProblem(net_log_, problem); |
| return NONE; |
| } |
| |
| if (is_cached_content_) { |
| // Cached content is a probably startup tab, so just get the fresh content |
| // and try again, without disabling SDCH. |
| SdchManager::LogSdchProblem(net_log_, SDCH_META_REFRESH_CACHED_RECOVERY); |
| } else { |
| // Since it wasn't in the cache, blacklist for some period to get the |
| // correct content. |
| sdch_manager_->BlacklistDomain(url_, SDCH_META_REFRESH_RECOVERY); |
| SdchManager::LogSdchProblem(net_log_, SDCH_META_REFRESH_RECOVERY); |
| } |
| |
| *replace_output = std::string(kRefreshHtml, strlen(kRefreshHtml)); |
| return REPLACE_OUTPUT; |
| } |
| |
| } // namespace net |