Self-instrument for QUIC library via setsockopt for on-host-monitoring.
go/secure-protocols-on-host-detection is our design to implement
on-host monitoring for connection tracking. It requires code creating
sockets to tag the socket through an additional syscall. Most of our
traffic is covered through Stubby, but Quic also generates a lot of
traffic and manages raw sockets itself.
This CL should close the monitoring gap for Quic.
Given that we already do setsockopt tagging inside Stubby2 and GRPC (which the GFE uses), we chose not to flag protect this code path, as this is basically a tested feature at this point. Please see CL Discussion.
gfe-relnote: Self-instrument for QUIC library via setsockopt for on-host-monitoring.
PiperOrigin-RevId: 330932821
Change-Id: Ibf83cbdbe6792119b83e702e0f702b22bcb6253d
diff --git a/quic/core/quic_udp_socket_posix.cc b/quic/core/quic_udp_socket_posix.cc
index c5ab345..ea68727 100644
--- a/quic/core/quic_udp_socket_posix.cc
+++ b/quic/core/quic_udp_socket_posix.cc
@@ -68,11 +68,7 @@
<< strerror(errno);
return kQuicInvalidSocketFd;
}
-
- return fd;
-
#else
-
// Create a socket and use fcntl to set it to nonblocking.
// This implementation is used when building for iOS, OSX and old versions of
// Linux (< 2.6.27) and old versions of Android (< API 21).
@@ -98,10 +94,10 @@
close(fd);
return kQuicInvalidSocketFd;
}
-
- return fd;
-
#endif
+
+ SetGoogleSocketOptions(fd);
+ return fd;
} // End CreateNonblockingSocket
void SetV4SelfIpInControlMessage(const QuicIpAddress& self_address,
diff --git a/quic/platform/api/quic_udp_socket_platform_api.h b/quic/platform/api/quic_udp_socket_platform_api.h
index 2b1f9c3..10307ef 100644
--- a/quic/platform/api/quic_udp_socket_platform_api.h
+++ b/quic/platform/api/quic_udp_socket_platform_api.h
@@ -20,6 +20,10 @@
packet_headers_len);
}
+inline void SetGoogleSocketOptions(int fd) {
+ SetGoogleSocketOptionsImpl(fd);
+}
+
} // namespace quic
#endif // QUICHE_QUIC_PLATFORM_API_QUIC_UDP_SOCKET_PLATFORM_API_H_
