NEL: Make dns.address_changed NEL report downgrade step work
Currently the HttpNetworkTransaction::
GenerateNetworkErrorLoggingReport() method doesn’t report the server IP
address of the server when Chrome has failed to connect to the server.
So NetworkErrorLoggingServiceImpl::DoOnRequest() can’t correctly
downgrade the report, because `details.server_ip` is empty [1].
This downgrade behavior is written in the spec [2].
To solve this issue, this CL changes HttpNetworkTransaction::
GenerateNetworkErrorLoggingReport() method to check
`connection_attempts_` when `remote_endpoint_.address()` is empty. And
if `connection_attempts_` is not empty, use the last attempts’ endpoint
address for `details.server_ip`.
This CL also updates the tests in
HttpNetworkTransactionNetworkErrorLoggingTest as followings:
- CreateReportErrorAfterStart and CreateReportErrorAfterStartAsync will
use IPAddress::IPv4Localhost() for the expected server_ip in the
error log.
- CreateReportErrorAfterStart and CreateReportErrorAfterStartAsync will
use ERR_CONNECTION_REFUSED error type instead of
ERR_NAME_NOT_RESOLVED. It is because StreamSocket::Connect() should
not return ERR_NAME_NOT_RESOLVED which is a DNS related error.
- Introduces new CreateReportDNSErrorAfterStartSync and
CreateReportDNSErrorAfterStartAsync which check the behavior of the
DNS error case using MockHostResolverBase::RuleResolver::AddRule().
[1]: https://source.chromium.org/chromium/chromium/src/+/main:net/network_error_logging/network_error_logging_service.cc;l=463;drc=e167a95050019ebf14b4ed4b070cbeaffb295eb7
[2]: https://www.w3.org/TR/network-error-logging/#generate-a-network-error-report
Bug: 1019724
Change-Id: Ie4685c1b31832cf072c8dcf9aba1a61048bc17bd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3599450
Reviewed-by: Kenichi Ishibashi <[email protected]>
Commit-Queue: Tsuyoshi Horo <[email protected]>
Cr-Commit-Position: refs/heads/main@{#995831}
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 7ae9b23..977b28c 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -1486,6 +1486,13 @@
details.user_agent = request_user_agent_;
if (!remote_endpoint_.address().empty()) {
details.server_ip = remote_endpoint_.address();
+ } else if (!connection_attempts_.empty()) {
+ // When we failed to connect to the server, `remote_endpoint_` is not set.
+ // In such case, we use the last endpoint address of `connection_attempts_`
+ // for the NEL report. This address information is important for the
+ // downgrade step to protect against port scan attack.
+ // https://www.w3.org/TR/network-error-logging/#generate-a-network-error-report
+ details.server_ip = connection_attempts_.back().endpoint.address();
} else {
details.server_ip = IPAddress();
}
