1*6777b538SAndroid Build Coastguard Worker // Copyright 2020 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_DNS_DNS_UDP_TRACKER_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_DNS_DNS_UDP_TRACKER_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <stdint.h> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include "base/containers/circular_deque.h" 11*6777b538SAndroid Build Coastguard Worker #include "base/memory/raw_ptr.h" 12*6777b538SAndroid Build Coastguard Worker #include "base/time/default_tick_clock.h" 13*6777b538SAndroid Build Coastguard Worker #include "base/time/time.h" 14*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 15*6777b538SAndroid Build Coastguard Worker 16*6777b538SAndroid Build Coastguard Worker namespace base { 17*6777b538SAndroid Build Coastguard Worker class TickClock; 18*6777b538SAndroid Build Coastguard Worker } // namespace base 19*6777b538SAndroid Build Coastguard Worker 20*6777b538SAndroid Build Coastguard Worker namespace net { 21*6777b538SAndroid Build Coastguard Worker 22*6777b538SAndroid Build Coastguard Worker // Data tracker for DNS UDP and its usage of local ports. Intended to be owned 23*6777b538SAndroid Build Coastguard Worker // by a DnsSession and thus keep track of the data session-wide. Responsible for 24*6777b538SAndroid Build Coastguard Worker // related metrics and used to inform behavior based on the stored data. 25*6777b538SAndroid Build Coastguard Worker // 26*6777b538SAndroid Build Coastguard Worker // TODO([email protected]): Add methods to access the stored data or 27*6777b538SAndroid Build Coastguard Worker // conclusions about it. 28*6777b538SAndroid Build Coastguard Worker class NET_EXPORT_PRIVATE DnsUdpTracker { 29*6777b538SAndroid Build Coastguard Worker public: 30*6777b538SAndroid Build Coastguard Worker static constexpr base::TimeDelta kMaxAge = base::Minutes(10); 31*6777b538SAndroid Build Coastguard Worker static constexpr size_t kMaxRecordedQueries = 256; 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker // How recently an ID needs to be recorded in a recent query to be considered 34*6777b538SAndroid Build Coastguard Worker // "recognized". 35*6777b538SAndroid Build Coastguard Worker static constexpr base::TimeDelta kMaxRecognizedIdAge = base::Seconds(15); 36*6777b538SAndroid Build Coastguard Worker 37*6777b538SAndroid Build Coastguard Worker // Numbers of ID mismatches required to set the |low_entropy_| flag. Also 38*6777b538SAndroid Build Coastguard Worker // serves as the max number of mismatches to be recorded, as no more entries 39*6777b538SAndroid Build Coastguard Worker // are recorded after setting the flag. 40*6777b538SAndroid Build Coastguard Worker static constexpr size_t kUnrecognizedIdMismatchThreshold = 8; 41*6777b538SAndroid Build Coastguard Worker static constexpr size_t kRecognizedIdMismatchThreshold = 128; 42*6777b538SAndroid Build Coastguard Worker 43*6777b538SAndroid Build Coastguard Worker // Number of reuses of the same port required to set the |low_entropy_| flag. 44*6777b538SAndroid Build Coastguard Worker // Note: The original value of this parameter was 2, but it caused a problem 45*6777b538SAndroid Build Coastguard Worker // on Windows (crbug.com/1413620). The low entropy checker in DnsUdpTracker 46*6777b538SAndroid Build Coastguard Worker // was too sensitive and caused many TCP fallbacks. This happened because the 47*6777b538SAndroid Build Coastguard Worker // dynamic port range for UDP on Windows is too small (only 16384 ports). This 48*6777b538SAndroid Build Coastguard Worker // meant that there was a high probability (about 1%) of reusing the same port 49*6777b538SAndroid Build Coastguard Worker // number three or more times out of 256 records. To avoid these unnecessary 50*6777b538SAndroid Build Coastguard Worker // TCP fallbacks, the value was changed to 3. The probability of reusing the 51*6777b538SAndroid Build Coastguard Worker // same port number to 4 or more times out of 256 records is 3.92566e-05. And 52*6777b538SAndroid Build Coastguard Worker // if the available port count is 2048, the probability: 0.0182851. So it is 53*6777b538SAndroid Build Coastguard Worker // likely to activate when getting into the low entropy. 54*6777b538SAndroid Build Coastguard Worker // (See crrev.com/c/4374511 for the calculation). 55*6777b538SAndroid Build Coastguard Worker static constexpr int kPortReuseThreshold = 3; 56*6777b538SAndroid Build Coastguard Worker 57*6777b538SAndroid Build Coastguard Worker DnsUdpTracker(); 58*6777b538SAndroid Build Coastguard Worker ~DnsUdpTracker(); 59*6777b538SAndroid Build Coastguard Worker 60*6777b538SAndroid Build Coastguard Worker DnsUdpTracker(DnsUdpTracker&&); 61*6777b538SAndroid Build Coastguard Worker DnsUdpTracker& operator=(DnsUdpTracker&&); 62*6777b538SAndroid Build Coastguard Worker 63*6777b538SAndroid Build Coastguard Worker void RecordQuery(uint16_t port, uint16_t query_id); 64*6777b538SAndroid Build Coastguard Worker void RecordResponseId(uint16_t query_id, uint16_t response_id); 65*6777b538SAndroid Build Coastguard Worker void RecordConnectionError(int connection_error); 66*6777b538SAndroid Build Coastguard Worker 67*6777b538SAndroid Build Coastguard Worker // If true, the entropy from random UDP port and DNS ID has been detected to 68*6777b538SAndroid Build Coastguard Worker // potentially be low, e.g. due to exhaustion of the port pool or mismatches 69*6777b538SAndroid Build Coastguard Worker // on IDs. low_entropy()70*6777b538SAndroid Build Coastguard Worker bool low_entropy() const { return low_entropy_; } 71*6777b538SAndroid Build Coastguard Worker set_tick_clock_for_testing(base::TickClock * tick_clock)72*6777b538SAndroid Build Coastguard Worker void set_tick_clock_for_testing(base::TickClock* tick_clock) { 73*6777b538SAndroid Build Coastguard Worker tick_clock_ = tick_clock; 74*6777b538SAndroid Build Coastguard Worker } 75*6777b538SAndroid Build Coastguard Worker 76*6777b538SAndroid Build Coastguard Worker private: 77*6777b538SAndroid Build Coastguard Worker struct QueryData; 78*6777b538SAndroid Build Coastguard Worker 79*6777b538SAndroid Build Coastguard Worker void PurgeOldRecords(); 80*6777b538SAndroid Build Coastguard Worker void SaveQuery(QueryData query); 81*6777b538SAndroid Build Coastguard Worker void SaveIdMismatch(uint16_t it); 82*6777b538SAndroid Build Coastguard Worker 83*6777b538SAndroid Build Coastguard Worker bool low_entropy_ = false; 84*6777b538SAndroid Build Coastguard Worker base::circular_deque<QueryData> recent_queries_; 85*6777b538SAndroid Build Coastguard Worker 86*6777b538SAndroid Build Coastguard Worker // Times of recent ID mismatches, separated by whether or not the ID was 87*6777b538SAndroid Build Coastguard Worker // recognized from recent queries. 88*6777b538SAndroid Build Coastguard Worker base::circular_deque<base::TimeTicks> recent_unrecognized_id_hits_; 89*6777b538SAndroid Build Coastguard Worker base::circular_deque<base::TimeTicks> recent_recognized_id_hits_; 90*6777b538SAndroid Build Coastguard Worker 91*6777b538SAndroid Build Coastguard Worker raw_ptr<const base::TickClock> tick_clock_ = 92*6777b538SAndroid Build Coastguard Worker base::DefaultTickClock::GetInstance(); 93*6777b538SAndroid Build Coastguard Worker }; 94*6777b538SAndroid Build Coastguard Worker 95*6777b538SAndroid Build Coastguard Worker } // namespace net 96*6777b538SAndroid Build Coastguard Worker 97*6777b538SAndroid Build Coastguard Worker #endif // NET_DNS_DNS_UDP_TRACKER_H_ 98