Bug 1505733: add recording of DTLS protocol version used by PeerConnections. r=mt

Differential Revision: https://phabricator.services.mozilla.com/D11300 --HG-- extra : moz-landing-system : lando
2024-11-25 13:51:41 +00:00 · 2018-11-10 20:29:57 +00:00 · 2018-11-10 20:29:57 +00:00 · 13c6f01479
commit 13c6f01479
parent d0376ddab9
3 changed files with 85 additions and 60 deletions
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@ -908,7 +908,7 @@ void TransportLayerDtls::Handshake() {

    TL_SET_STATE(TS_OPEN);

-    RecordCipherTelemetry();
+    RecordTlsTelemetry();
  } else {
    int32_t err = PR_GetError();
    switch(err) {
@ -1539,92 +1539,108 @@ TransportLayerDtls::RecordHandshakeCompletionTelemetry(
 }

 void
-TransportLayerDtls::RecordCipherTelemetry() {
-  uint16_t cipher;
+TransportLayerDtls::RecordTlsTelemetry() {

-  nsresult rv = GetCipherSuite(&cipher);
-
-  if (NS_FAILED(rv)) {
-    MOZ_MTLOG(ML_ERROR, "Failed to get DTLS cipher suite");
+  MOZ_ASSERT(state_ == TS_OPEN);
+  SSLChannelInfo info;
+  SECStatus ss = SSL_GetChannelInfo(ssl_fd_.get(), &info, sizeof(info));
+  if (ss != SECSuccess) {
+    MOZ_MTLOG(ML_NOTICE, LAYER_INFO << "RecordTlsTelemetry failed to get channel info");
    return;
  }

-  uint16_t t_cipher = 0;
+  auto protocol_label =
+    mozilla::Telemetry::LABELS_WEBRTC_DTLS_PROTOCOL_VERSION::Unknown;

-  switch (cipher) {
-    /* Old DHE ciphers: candidates for removal, see bug 1227519 */
-    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
-      t_cipher = 1;
+  switch (info.protocolVersion) {
+    case SSL_LIBRARY_VERSION_TLS_1_1:
+      protocol_label = Telemetry::LABELS_WEBRTC_DTLS_PROTOCOL_VERSION::Dtls_version_1_0;
      break;
-    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
-      t_cipher = 2;
+    case SSL_LIBRARY_VERSION_TLS_1_2:
+      protocol_label = Telemetry::LABELS_WEBRTC_DTLS_PROTOCOL_VERSION::Dtls_version_1_2;
      break;
-    /* Current ciphers */
-    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
-      t_cipher = 3;
-      break;
-    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
-      t_cipher = 4;
-      break;
-    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
-      t_cipher = 5;
-      break;
-    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
-      t_cipher = 6;
-      break;
-    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
-      t_cipher = 7;
-      break;
-    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
-      t_cipher = 8;
-      break;
-    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
-      t_cipher = 9;
-      break;
-    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
-      t_cipher = 10;
-      break;
-    /* TLS 1.3 ciphers */
-    case TLS_AES_128_GCM_SHA256:
-      t_cipher = 11;
-      break;
-    case TLS_CHACHA20_POLY1305_SHA256:
-      t_cipher = 12;
-      break;
-    case TLS_AES_256_GCM_SHA384:
-      t_cipher = 13;
+    case SSL_LIBRARY_VERSION_TLS_1_3:
+      protocol_label = Telemetry::LABELS_WEBRTC_DTLS_PROTOCOL_VERSION::Dtls_version_1_3;
      break;
  }

-  Telemetry::Accumulate(Telemetry::WEBRTC_DTLS_CIPHER, t_cipher);
+  Telemetry::AccumulateCategorical(protocol_label);

-  rv = GetSrtpCipher(&cipher);
+  uint16_t telemetry_cipher = 0;
+
+  switch (info.cipherSuite) {
+    /* Old DHE ciphers: candidates for removal, see bug 1227519 */
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
+      telemetry_cipher = 1;
+      break;
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
+      telemetry_cipher = 2;
+      break;
+    /* Current ciphers */
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+      telemetry_cipher = 3;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+      telemetry_cipher = 4;
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+      telemetry_cipher = 5;
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+      telemetry_cipher = 6;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+      telemetry_cipher = 7;
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+      telemetry_cipher = 8;
+      break;
+    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+      telemetry_cipher = 9;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+      telemetry_cipher = 10;
+      break;
+    /* TLS 1.3 ciphers */
+    case TLS_AES_128_GCM_SHA256:
+      telemetry_cipher = 11;
+      break;
+    case TLS_CHACHA20_POLY1305_SHA256:
+      telemetry_cipher = 12;
+      break;
+    case TLS_AES_256_GCM_SHA384:
+      telemetry_cipher = 13;
+      break;
+  }
+
+  Telemetry::Accumulate(Telemetry::WEBRTC_DTLS_CIPHER, telemetry_cipher);
+
+  uint16_t cipher;
+  nsresult rv = GetSrtpCipher(&cipher);

  if (NS_FAILED(rv)) {
    MOZ_MTLOG(ML_ERROR, "Failed to get SRTP cipher suite");
    return;
  }

-  mozilla::Telemetry::LABELS_WEBRTC_SRTP_CIPHER label =
-    mozilla::Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Unknown;
+  auto cipher_label = mozilla::Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Unknown;

  switch (cipher) {
    case kDtlsSrtpAes128CmHmacSha1_80:
-      label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Aes128CmHmacSha1_80;
+      cipher_label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Aes128CmHmacSha1_80;
      break;
    case kDtlsSrtpAes128CmHmacSha1_32:
-      label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Aes128CmHmacSha1_32;
+      cipher_label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Aes128CmHmacSha1_32;
      break;
    case kDtlsSrtpAeadAes128Gcm:
-      label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::AeadAes128Gcm;
+      cipher_label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::AeadAes128Gcm;
      break;
    case kDtlsSrtpAeadAes256Gcm:
-      label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::AeadAes256Gcm;
+      cipher_label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::AeadAes256Gcm;
      break;
  }

-  Telemetry::AccumulateCategorical(label);
-
+  Telemetry::AccumulateCategorical(cipher_label);
 }

 }  // close namespace
--- a/media/mtransport/transportlayerdtls.h
+++ b/media/mtransport/transportlayerdtls.h
@ -165,7 +165,7 @@ class TransportLayerDtls final : public TransportLayer {
                        UniqueCERTCertificate& cert) const;

  void RecordHandshakeCompletionTelemetry(TransportLayer::State endState);
-  void RecordCipherTelemetry();
+  void RecordTlsTelemetry();

  static PRBool WriteSrtpXtn(PRFileDesc* fd, SSLHandshakeType message,
                             uint8_t* data, unsigned int* len,
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@ -8780,7 +8780,16 @@
    "expires_in_version": "67",
    "kind": "categorical",
    "labels": ["Unknown", "Aes128CmHmacSha1_80", "Aes128CmHmacSha1_32", "AeadAes128Gcm", "AeadAes256Gcm"],
-    "description": "The SRTP cipher (as integer) negotiated for a RTCPeerConnection. See TransportLayerDtls::RecordCipherTelemetry for the meaning of the values"
+    "description": "The SRTP cipher (as label) negotiated for a RTCPeerConnection."
+  },
+  "WEBRTC_DTLS_PROTOCOL_VERSION": {
+    "record_in_processes": ["content"],
+    "alert_emails": ["webrtc-dtls-telemetry-alerts@mozilla.com", "nohlmeier@mozilla.com"],
+    "bug_numbers": [1491511],
+    "expires_in_version": "68",
+    "kind": "categorical",
+    "labels": ["Unknown", "Dtls_version_1_0", "Dtls_version_1_2", "Dtls_version_1_3"],
+    "description": "The DTLS protocol version (as label) negotiated for a RTCPeerConnection."
  },
  "WEBRTC_ICE_FINAL_CONNECTION_STATE": {
    "record_in_processes": ["main", "content"],