chromium/chrome/browser/ash/net/network_diagnostics/README.md

# Network Diagnostics Routines

Routines for diagnosing network connectivity issues. This code is maintained by
the [Network Health and Configuration] team. [Design Doc].

[TOC]

## Using the Network Diagnostics API

Network diagnostics routines are triggered via the `NetworkDiagnosticsRoutines`
interface located in [network_diagnostics.mojom]. The interface is currently
being used by cros_healthd, chrome://network UI, and feedback reports. In order
to run a routine and view the results, a service must first acquire a
`NetworkDiagnosticsRoutines` Mojo remote from the [NetworkHealthService]. Use
`GetDiagnosticsRemoteAndBindReceiver()`.

## Adding a network diagnostics routine

To add a network diagnostics routine:
1. Expose the method to run the routine in network_diagnostics.mojom.
2. Add the implementation and unit tests [here].

Note: Any changes made to network_diagnostics.mojom must be kept in sync with
the copy in the Chromium OS repo:
[src/platform2/diagnostics/mojo/network_diagnostics.mojom].

## Understanding a routine's results

After a routine has completed running, it provides:
1. A [RoutineVerdict].
1. A list of routine specific problems detected.
    * If a routine does not run, the associated list of problems is empty.
1. A timestamp of when the routine completed.

## Breaking down the routines by connectivity level

Each routine assess the network connectivity at one of the following levels:
Local Network, DNS, Captive Portal, Firewall, and Google Services.

### Local Network Routines

Local Network routines ensure that devices are successfully and securely
connected to a router.

#### LanConnectivity

Tests whether the device is connected to a Local Area Network (LAN).

Problems: N/A

#### SignalStrength

Tests whether there is an acceptable signal strength on wireless networks.

Problems:
* `kWeakSignal`: Weak signal detected.

#### GatewayCanBePinged

Tests whether the gateway of connected networks is pingable.

Problems:
* `kUnreachableGateway`: All gateways are unreachable, hence cannot be pinged.
* `kFailedToPingDefaultNetwork`: The default network cannot be pinged.
* `kDefaultNetworkAboveLatencyThreshold`: The default network has a latency
   above the threshold.
* `kUnsuccessfulNonDefaultNetworksPings`: One or more of the non-default
   networks has failed pings.
* `kNonDefaultNetworksAboveLatencyThreshold`: One or more of the non-default
   networks has a latency above the threshold.

#### HasSecureWiFiConnection

Tests whether the WiFi connection is secure. Note that if WiFi is not connected,
the routine will not run and result in a kNotRun[code] RoutineVerdict.

Problems:
* `kSecurityTypeNone`: No security type found.
* `kSecurityTypeWep8021x`: Insecure security type Wep8021x found.
* `kSecurityTypeWepPsk`: Insecure security type WepPsk found.
* `kUnknownSecurityType`: Unknown security type found.

### DNS Routines

DNS routines ensure that the network has configured nameservers that can
successfully resolve hosts.

#### DnsResolverPresent

Tests whether a DNS resolver is available to the browser.

Problems:
* `kNoNameServersFound`: IP config has an empty or default list of name servers available.
* `kMalformedNameServers`: IP config has a list of at least one malformed name
   server.
#### DnsLatency

Tests whether the DNS latency is below an acceptable threshold.

Problems:
* `kHostResolutionFailure`: Failed to resolve one or more hosts.
* `kSlightlyAboveThreshold`: Average DNS latency across hosts is slightly above
   expected threshold.
* `kSignificantlyAboveThreshold`: Average DNS latency across hosts is
   significantly above expected threshold.

#### DnsResolution

Tests whether a DNS resolution can be completed successfully.

Problems:
* `kFailedToResolveHost`: Failed to resolve host.

### Captive Portal Routines

Captive Portal routines ensure that the active network is neither trapped behind
a captive portal nor has restricted connectivity.

#### CaptivePortal

Tests whether the internet connection is behind a captive portal.

Problems:
* `kNoActiveNetworks`: No active networks found.
* `kRestrictedConnectivity`: The active network is behind a captive portal and
    has restricted connectivity.
* `kUnknownPortalState`: The active network is not connected or the portal
    state is not available.
* `kPortalSuspected`: A portal is suspected but no redirect was provided.
* `kPortal`: The network is in a portal state with a redirect URL.
* `kProxyAuthRequired`: A proxy requiring authentication is detected.
* `kNoInternet`: The active network is connected but no internet is available
    and no proxy was detected.


### Firewall Routines

Firewall routines ensure that internet connectivity isn’t being blocked by a firewall.

#### HttpFirewall

Tests whether a firewall is blocking HTTP port 80.

Problems:
* `kDnsResolutionFailuresAboveThreshold`: DNS resolution failures above
   threshold.
* `kFirewallDetected`: Firewall detected.
* `kPotentialFirewall`: A firewall may potentially exist.

#### HttpsFirewall

Tests whether a firewall is blocking HTTPS port 443.

Problems:
* `kHighDnsResolutionFailureRate`: DNS resolution failure rate is high.
* `kFirewallDetected`: Firewall detected.
* `kPotentialFirewall`: A firewall may potentially exist.

### Google Services Routines

Tests successful communication with various Google domains.

#### HttpsLatency

Tests whether the HTTPS latency is below an acceptable threshold.

Problems:
* `kFailedDnsResolutions`: One or more DNS resolutions resulted in a failure.
* `kFailedHttpsRequests`: One or more HTTPS requests resulted in a failure.
* `kHighLatency`: HTTPS request latency is high.
* `kVeryHighLatency`: HTTPS request latency is very high.

#### VideoConferencing

Tests the device's video conferencing capabilities by testing whether the device
can:
1. Contact either a default or specified STUN server via UDP.
2. Contact either a default or specified STUN server via TCP.
3. Reach common media endpoints.

Problems:
* `kPotentialProblemUdpFailure`: Failed requests to a STUN server via UDP.
* `kPotentialProblemTcpFailure`: Failed requests to a STUN server via TCP.
* `kPotentialProblemMediaFailure`: Failed to establish a TLS connection to media hostnames.
* `kPotentialProblemUdpAndMediaFailure`: Failed requests to a STUN server via
UDP and failed to establish a TLS connection to media hostnames.
* `kUdpAndTcpFailure`: Failed requests to a STUN server via UDP and TCP.
* `kTcpAndMediaFailure`: Failed requests to a STUN server via TCP and failed to
established a TLS connection to media hostnames.
* `kUdpAndTcpAndMediaFailure`: Failed requests to a STUN server via UDP and TCP,
and failed to establish a TLS connection to media hostnames.

[Network Health and Configuration]: https://docs.google.com/document/d/10DSy-jZXaRo9I9aq1UqERy76t7HkgGvInWk57pHEkzg
[network_diagnostics.mojom]: https://source.chromium.org/chromium/chromium/src/+/main:chromeos/services/network_health/public/mojom/network_diagnostics.mojom
[NetworkHealthService]: https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/net/network_health/network_health_service.h
[here]: https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/net/network_diagnostics/
[RoutineVerdict]: https://source.chromium.org/chromium/chromium/src/+/main:chromeos/services/network_health/public/mojom/network_diagnostics.mojom;l=12;drc=93304dcbcf58b0af39403af08928ea4e4ec28e6d
[Design Doc]: https://docs.google.com/document/d/1d5EoPBlsomWQ4HzqejFPG4v1d2cvPSndj7nmCjNZSSc
[src/platform2/diagnostics/mojo/network_diagnostics.mojom]: http://cs/chromeos_public/src/platform2/diagnostics/cros_healthd/network_diagnostics/