// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/spdy/spdy_session_pool.h" #include "base/logging.h" #include "base/metrics/histogram.h" #include "base/values.h" #include "net/base/address_list.h" #include "net/http/http_network_session.h" #include "net/http/http_server_properties.h" #include "net/spdy/spdy_session.h" namespace net { namespace { enum SpdySessionGetTypes { CREATED_NEW = 0, FOUND_EXISTING = 1, FOUND_EXISTING_FROM_IP_POOL = 2, IMPORTED_FROM_SOCKET = 3, SPDY_SESSION_GET_MAX = 4 }; } // namespace SpdySessionPool::SpdySessionPool( HostResolver* resolver, SSLConfigService* ssl_config_service, const base::WeakPtr<HttpServerProperties>& http_server_properties, bool force_single_domain, bool enable_ip_pooling, bool enable_compression, bool enable_ping_based_connection_checking, NextProto default_protocol, size_t stream_initial_recv_window_size, size_t initial_max_concurrent_streams, size_t max_concurrent_streams_limit, SpdySessionPool::TimeFunc time_func, const std::string& trusted_spdy_proxy) : http_server_properties_(http_server_properties), ssl_config_service_(ssl_config_service), resolver_(resolver), verify_domain_authentication_(true), enable_sending_initial_data_(true), force_single_domain_(force_single_domain), enable_ip_pooling_(enable_ip_pooling), enable_compression_(enable_compression), enable_ping_based_connection_checking_( enable_ping_based_connection_checking), // TODO(akalin): Force callers to have a valid value of // |default_protocol_|. default_protocol_( (default_protocol == kProtoUnknown) ? kProtoSPDY3 : default_protocol), stream_initial_recv_window_size_(stream_initial_recv_window_size), initial_max_concurrent_streams_(initial_max_concurrent_streams), max_concurrent_streams_limit_(max_concurrent_streams_limit), time_func_(time_func), trusted_spdy_proxy_( HostPortPair::FromString(trusted_spdy_proxy)) { DCHECK(default_protocol_ >= kProtoSPDYMinimumVersion && default_protocol_ <= kProtoSPDYMaximumVersion); NetworkChangeNotifier::AddIPAddressObserver(this); if (ssl_config_service_.get()) ssl_config_service_->AddObserver(this); CertDatabase::GetInstance()->AddObserver(this); } SpdySessionPool::~SpdySessionPool() { CloseAllSessions(); if (ssl_config_service_.get()) ssl_config_service_->RemoveObserver(this); NetworkChangeNotifier::RemoveIPAddressObserver(this); CertDatabase::GetInstance()->RemoveObserver(this); } net::Error SpdySessionPool::CreateAvailableSessionFromSocket( const SpdySessionKey& key, scoped_ptr<ClientSocketHandle> connection, const BoundNetLog& net_log, int certificate_error_code, base::WeakPtr<SpdySession>* available_session, bool is_secure) { DCHECK_GE(default_protocol_, kProtoSPDYMinimumVersion); DCHECK_LE(default_protocol_, kProtoSPDYMaximumVersion); UMA_HISTOGRAM_ENUMERATION( "Net.SpdySessionGet", IMPORTED_FROM_SOCKET, SPDY_SESSION_GET_MAX); scoped_ptr<SpdySession> new_session( new SpdySession(key, http_server_properties_, verify_domain_authentication_, enable_sending_initial_data_, enable_compression_, enable_ping_based_connection_checking_, default_protocol_, stream_initial_recv_window_size_, initial_max_concurrent_streams_, max_concurrent_streams_limit_, time_func_, trusted_spdy_proxy_, net_log.net_log())); Error error = new_session->InitializeWithSocket( connection.Pass(), this, is_secure, certificate_error_code); DCHECK_NE(error, ERR_IO_PENDING); if (error != OK) { available_session->reset(); return error; } *available_session = new_session->GetWeakPtr(); sessions_.insert(new_session.release()); MapKeyToAvailableSession(key, *available_session); net_log.AddEvent( NetLog::TYPE_SPDY_SESSION_POOL_IMPORTED_SESSION_FROM_SOCKET, (*available_session)->net_log().source().ToEventParametersCallback()); // Look up the IP address for this session so that we can match // future sessions (potentially to different domains) which can // potentially be pooled with this one. Because GetPeerAddress() // reports the proxy's address instead of the origin server, check // to see if this is a direct connection. if (enable_ip_pooling_ && key.proxy_server().is_direct()) { IPEndPoint address; if ((*available_session)->GetPeerAddress(&address) == OK) aliases_[address] = key; } return error; } base::WeakPtr<SpdySession> SpdySessionPool::FindAvailableSession( const SpdySessionKey& key, const BoundNetLog& net_log) { AvailableSessionMap::iterator it = LookupAvailableSessionByKey(key); if (it != available_sessions_.end()) { UMA_HISTOGRAM_ENUMERATION( "Net.SpdySessionGet", FOUND_EXISTING, SPDY_SESSION_GET_MAX); net_log.AddEvent( NetLog::TYPE_SPDY_SESSION_POOL_FOUND_EXISTING_SESSION, it->second->net_log().source().ToEventParametersCallback()); return it->second; } if (!enable_ip_pooling_) return base::WeakPtr<SpdySession>(); // Look up the key's from the resolver's cache. net::HostResolver::RequestInfo resolve_info(key.host_port_pair()); AddressList addresses; int rv = resolver_->ResolveFromCache(resolve_info, &addresses, net_log); DCHECK_NE(rv, ERR_IO_PENDING); if (rv != OK) return base::WeakPtr<SpdySession>(); // Check if we have a session through a domain alias. for (AddressList::const_iterator address_it = addresses.begin(); address_it != addresses.end(); ++address_it) { AliasMap::const_iterator alias_it = aliases_.find(*address_it); if (alias_it == aliases_.end()) continue; // We found an alias. const SpdySessionKey& alias_key = alias_it->second; // We can reuse this session only if the proxy and privacy // settings match. if (!(alias_key.proxy_server() == key.proxy_server()) || !(alias_key.privacy_mode() == key.privacy_mode())) continue; AvailableSessionMap::iterator available_session_it = LookupAvailableSessionByKey(alias_key); if (available_session_it == available_sessions_.end()) { NOTREACHED(); // It shouldn't be in the aliases table if we can't get it! continue; } const base::WeakPtr<SpdySession>& available_session = available_session_it->second; DCHECK(ContainsKey(sessions_, available_session.get())); // If the session is a secure one, we need to verify that the // server is authenticated to serve traffic for |host_port_proxy_pair| too. if (!available_session->VerifyDomainAuthentication( key.host_port_pair().host())) { UMA_HISTOGRAM_ENUMERATION("Net.SpdyIPPoolDomainMatch", 0, 2); continue; } UMA_HISTOGRAM_ENUMERATION("Net.SpdyIPPoolDomainMatch", 1, 2); UMA_HISTOGRAM_ENUMERATION("Net.SpdySessionGet", FOUND_EXISTING_FROM_IP_POOL, SPDY_SESSION_GET_MAX); net_log.AddEvent( NetLog::TYPE_SPDY_SESSION_POOL_FOUND_EXISTING_SESSION_FROM_IP_POOL, available_session->net_log().source().ToEventParametersCallback()); // Add this session to the map so that we can find it next time. MapKeyToAvailableSession(key, available_session); available_session->AddPooledAlias(key); return available_session; } return base::WeakPtr<SpdySession>(); } void SpdySessionPool::MakeSessionUnavailable( const base::WeakPtr<SpdySession>& available_session) { UnmapKey(available_session->spdy_session_key()); RemoveAliases(available_session->spdy_session_key()); const std::set<SpdySessionKey>& aliases = available_session->pooled_aliases(); for (std::set<SpdySessionKey>::const_iterator it = aliases.begin(); it != aliases.end(); ++it) { UnmapKey(*it); RemoveAliases(*it); } DCHECK(!IsSessionAvailable(available_session)); } void SpdySessionPool::RemoveUnavailableSession( const base::WeakPtr<SpdySession>& unavailable_session) { DCHECK(!IsSessionAvailable(unavailable_session)); unavailable_session->net_log().AddEvent( NetLog::TYPE_SPDY_SESSION_POOL_REMOVE_SESSION, unavailable_session->net_log().source().ToEventParametersCallback()); SessionSet::iterator it = sessions_.find(unavailable_session.get()); CHECK(it != sessions_.end()); scoped_ptr<SpdySession> owned_session(*it); sessions_.erase(it); } // Make a copy of |sessions_| in the Close* functions below to avoid // reentrancy problems. Since arbitrary functions get called by close // handlers, it doesn't suffice to simply increment the iterator // before closing. void SpdySessionPool::CloseCurrentSessions(net::Error error) { CloseCurrentSessionsHelper(error, "Closing current sessions.", false /* idle_only */); } void SpdySessionPool::CloseCurrentIdleSessions() { CloseCurrentSessionsHelper(ERR_ABORTED, "Closing idle sessions.", true /* idle_only */); } void SpdySessionPool::CloseAllSessions() { while (!sessions_.empty()) { CloseCurrentSessionsHelper(ERR_ABORTED, "Closing all sessions.", false /* idle_only */); } } base::Value* SpdySessionPool::SpdySessionPoolInfoToValue() const { base::ListValue* list = new base::ListValue(); for (AvailableSessionMap::const_iterator it = available_sessions_.begin(); it != available_sessions_.end(); ++it) { // Only add the session if the key in the map matches the main // host_port_proxy_pair (not an alias). const SpdySessionKey& key = it->first; const SpdySessionKey& session_key = it->second->spdy_session_key(); if (key.Equals(session_key)) list->Append(it->second->GetInfoAsValue()); } return list; } void SpdySessionPool::OnIPAddressChanged() { CloseCurrentSessions(ERR_NETWORK_CHANGED); http_server_properties_->ClearAllSpdySettings(); } void SpdySessionPool::OnSSLConfigChanged() { CloseCurrentSessions(ERR_NETWORK_CHANGED); } void SpdySessionPool::OnCertAdded(const X509Certificate* cert) { CloseCurrentSessions(ERR_CERT_DATABASE_CHANGED); } void SpdySessionPool::OnCACertChanged(const X509Certificate* cert) { // Per wtc, we actually only need to CloseCurrentSessions when trust is // reduced. CloseCurrentSessions now because OnCACertChanged does not // tell us this. // See comments in ClientSocketPoolManager::OnCACertChanged. CloseCurrentSessions(ERR_CERT_DATABASE_CHANGED); } bool SpdySessionPool::IsSessionAvailable( const base::WeakPtr<SpdySession>& session) const { for (AvailableSessionMap::const_iterator it = available_sessions_.begin(); it != available_sessions_.end(); ++it) { if (it->second.get() == session.get()) return true; } return false; } const SpdySessionKey& SpdySessionPool::NormalizeListKey( const SpdySessionKey& key) const { if (!force_single_domain_) return key; static SpdySessionKey* single_domain_key = NULL; if (!single_domain_key) { HostPortPair single_domain = HostPortPair("singledomain.com", 80); single_domain_key = new SpdySessionKey(single_domain, ProxyServer::Direct(), kPrivacyModeDisabled); } return *single_domain_key; } void SpdySessionPool::MapKeyToAvailableSession( const SpdySessionKey& key, const base::WeakPtr<SpdySession>& session) { DCHECK(ContainsKey(sessions_, session.get())); const SpdySessionKey& normalized_key = NormalizeListKey(key); std::pair<AvailableSessionMap::iterator, bool> result = available_sessions_.insert(std::make_pair(normalized_key, session)); CHECK(result.second); } SpdySessionPool::AvailableSessionMap::iterator SpdySessionPool::LookupAvailableSessionByKey( const SpdySessionKey& key) { const SpdySessionKey& normalized_key = NormalizeListKey(key); return available_sessions_.find(normalized_key); } void SpdySessionPool::UnmapKey(const SpdySessionKey& key) { AvailableSessionMap::iterator it = LookupAvailableSessionByKey(key); CHECK(it != available_sessions_.end()); available_sessions_.erase(it); } void SpdySessionPool::RemoveAliases(const SpdySessionKey& key) { // Walk the aliases map, find references to this pair. // TODO(mbelshe): Figure out if this is too expensive. for (AliasMap::iterator it = aliases_.begin(); it != aliases_.end(); ) { if (it->second.Equals(key)) { AliasMap::iterator old_it = it; ++it; aliases_.erase(old_it); } else { ++it; } } } SpdySessionPool::WeakSessionList SpdySessionPool::GetCurrentSessions() const { WeakSessionList current_sessions; for (SessionSet::const_iterator it = sessions_.begin(); it != sessions_.end(); ++it) { current_sessions.push_back((*it)->GetWeakPtr()); } return current_sessions; } void SpdySessionPool::CloseCurrentSessionsHelper( Error error, const std::string& description, bool idle_only) { WeakSessionList current_sessions = GetCurrentSessions(); for (WeakSessionList::const_iterator it = current_sessions.begin(); it != current_sessions.end(); ++it) { if (!*it) continue; if (idle_only && (*it)->is_active()) continue; (*it)->CloseSessionOnError(error, description); DCHECK(!IsSessionAvailable(*it)); DCHECK(!*it); } } } // namespace net