New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 709664 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
dskaram@chromium.org
kirtika@chromium.org
cernekee@chromium.org
steve...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

Chrome forces reconnect to BestConnection on scan completion

Project Member Reported by cernekee@chromium.org, Apr 7 2017 
It was observed that on a corp Chromebook, attempts to connect to GUESTGATE (a captive portal appliance) failed if the Network menu was left open.  To the user this looks something like:

1) Open system menu -> Network
2) Click on GUESTGATE and leave the menu open
3) Successful connection to GUESTGATE
4) Captive portal bubble shows up in a few seconds
5) Scan indicator appears within a few more seconds
6) At the completion of the scan, the Chromebook reconnects to Google-A on its own

With ff_debug +manager and --level -4, shill's net.log shows two different service sorts: the sorted service list for AutoConnect shows GUESTGATE at the top, and the sorted service list for ConnectToBestServicesTask shows Google-A at the top.  Left to its own devices, shill would leave the GUESTGATE connection alone because it is already Connected (Portal state); but it is receiving a ConnectToBestServices dbus call from Chrome, which explicitly tells shill to prioritize the preferred Google-A network regardless of the connection state.  Invoking ConnectToBestServices means that Chrome wants shill to drop the GUESTGATE connection if something better is available.  When shill receives this command, it re-sorts the service list and drops the GUESTGATE connection.

Chrome appears to be issuing the ConnectToBestServices call upon scan completion because RequestBestConnection() is being called whenever Google-A matches up with the client certificate.  chrome://device-log shows "RequestBestConnection: Client certificate patterns resolved" as the reason.

I suspect this is happening because ClientCertResolver::ConfigureCertificates() sets network_properties_changed_ = true regardless of whether the newly computed properties match the old properties.  This causes AutoConnectHandler::ResolveRequestCompleted() to call RequestBestConnection().

I think this behavior is probably unnecessary to enforce the preferred network policies, because there are other calls to RequestBestConnection() in response to "User logged in" and "Policy applied."

Is it safe to change this logic?

Comment 1 by pauljensen@chromium.org, Apr 7 2017

Components: -Internals>Network>Connectivity OS>Systems>Network

Comment 2 by steve...@chromium.org, Apr 7 2017 

I'm not sure I followed all of that, it sounds like there may be an edge case there.

The intended behavior is that Chrome calls RequestBestConnection after (a) policies have been applied, and (b) a scan has been completed. We also call RequestBestConnection after ClientCertResolver::ResolveNetworks() completes so that after a certificate is installed we then auto connect to the now available network.

It is certainly possible that ClientCertResolver::ConfigureCertificates() is too aggressive about calling ResolveRequestCompleted(). Fixing that sounds reasonable to me, as long as we ensure and test that ResolveRequestCompleted gets called after a successful certificate installation.

Note specifically: "User logged in" and "Policy applied" are not sufficient for the case of installing a certificate after login. (i.e. the first time a user logs into a new device, they will need to install a certificate; attempting to connect to Google-A will prompt a notification that will lead to the certificate being installed, at which point the auto connect to Google-A should occur).

Comment 3 by cernekee@chromium.org, Apr 7 2017 

I suspect that the desired behavior might be: when the match is first made (either because a cert appeared, or Google-A showed up in the scan results after scan(s) in which it didn't) we want to call RequestBestConnection().  But if this has happened before, and then the user has chosen to connect to another network while Google-A was in range, we don't want to drop that connection and force a connection to Google-A.

So if the cert resolver checks to see if the shill properties have been populated, and only marks network_properties_changed_ = true if the new values are different from the old values, will that work?

(Not sure how much of this stuff is currently cached in Chrome, though.)

Comment 4 by steve...@chromium.org, Apr 8 2017 

So, there is a use case where:

1. User logs in to a device with no cert or an expired cert.
2. User explicitly connects to e.g. GoogleGuest.
3. User installs a cert.
4. User should be auto connected to e.g. Google-A.

Also, 2 and 3 could be inverted if the user requested a cert before connecting to a network, or switched networks because, e.g. GoogleGuest is slow. So we can't necessarily use "the user manually connected to a network" as an indicator that they do not want to switch.

The assumption at the moment is: If a user installs a cert that may allow them to connect to a more secure network, we should do so.

So, if we are incorrectly calling RequestBestConnection when no cert has been installed, then it makes sense to fix that.

If we are *uncertain* whether a cert installation should trigger a new connection, the preference to date was to error on the side of switching to the new connection.

AutoConnectHandler was written to put as much of that code in one place as possible, so hopefully it won't be too tricky to figure out the right fix. Feel free to add NET_LOG entries if needed.

Comment 5 by yoshi@chromium.org, Jan 3 2018

Cc: -yoshi@chromium.org

Comment 6 by marcuskoehler@chromium.org, Jan 15

Labels: Enterprise-Triaged

Sign in to add a comment