Bug 1505733: add recording of DTLS protocol version used by PeerConnections. r=mt

Differential Revision: https://phabricator.services.mozilla.com/D11300

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Nils Ohlmeier [:drno] 2018-11-10 20:29:57 +00:00
parent d0376ddab9
commit 13c6f01479
3 changed files with 85 additions and 60 deletions

View File

@ -908,7 +908,7 @@ void TransportLayerDtls::Handshake() {
TL_SET_STATE(TS_OPEN); TL_SET_STATE(TS_OPEN);
RecordCipherTelemetry(); RecordTlsTelemetry();
} else { } else {
int32_t err = PR_GetError(); int32_t err = PR_GetError();
switch(err) { switch(err) {
@ -1539,92 +1539,108 @@ TransportLayerDtls::RecordHandshakeCompletionTelemetry(
} }
void void
TransportLayerDtls::RecordCipherTelemetry() { TransportLayerDtls::RecordTlsTelemetry() {
uint16_t cipher;
nsresult rv = GetCipherSuite(&cipher); MOZ_ASSERT(state_ == TS_OPEN);
SSLChannelInfo info;
if (NS_FAILED(rv)) { SECStatus ss = SSL_GetChannelInfo(ssl_fd_.get(), &info, sizeof(info));
MOZ_MTLOG(ML_ERROR, "Failed to get DTLS cipher suite"); if (ss != SECSuccess) {
MOZ_MTLOG(ML_NOTICE, LAYER_INFO << "RecordTlsTelemetry failed to get channel info");
return; return;
} }
uint16_t t_cipher = 0; auto protocol_label =
mozilla::Telemetry::LABELS_WEBRTC_DTLS_PROTOCOL_VERSION::Unknown;
switch (cipher) { switch (info.protocolVersion) {
/* Old DHE ciphers: candidates for removal, see bug 1227519 */ case SSL_LIBRARY_VERSION_TLS_1_1:
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: protocol_label = Telemetry::LABELS_WEBRTC_DTLS_PROTOCOL_VERSION::Dtls_version_1_0;
t_cipher = 1;
break; break;
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: case SSL_LIBRARY_VERSION_TLS_1_2:
t_cipher = 2; protocol_label = Telemetry::LABELS_WEBRTC_DTLS_PROTOCOL_VERSION::Dtls_version_1_2;
break; break;
/* Current ciphers */ case SSL_LIBRARY_VERSION_TLS_1_3:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: protocol_label = Telemetry::LABELS_WEBRTC_DTLS_PROTOCOL_VERSION::Dtls_version_1_3;
t_cipher = 3;
break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
t_cipher = 4;
break;
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
t_cipher = 5;
break;
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
t_cipher = 6;
break;
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
t_cipher = 7;
break;
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
t_cipher = 8;
break;
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
t_cipher = 9;
break;
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
t_cipher = 10;
break;
/* TLS 1.3 ciphers */
case TLS_AES_128_GCM_SHA256:
t_cipher = 11;
break;
case TLS_CHACHA20_POLY1305_SHA256:
t_cipher = 12;
break;
case TLS_AES_256_GCM_SHA384:
t_cipher = 13;
break; break;
} }
Telemetry::Accumulate(Telemetry::WEBRTC_DTLS_CIPHER, t_cipher); Telemetry::AccumulateCategorical(protocol_label);
rv = GetSrtpCipher(&cipher); uint16_t telemetry_cipher = 0;
switch (info.cipherSuite) {
/* Old DHE ciphers: candidates for removal, see bug 1227519 */
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
telemetry_cipher = 1;
break;
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
telemetry_cipher = 2;
break;
/* Current ciphers */
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
telemetry_cipher = 3;
break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
telemetry_cipher = 4;
break;
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
telemetry_cipher = 5;
break;
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
telemetry_cipher = 6;
break;
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
telemetry_cipher = 7;
break;
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
telemetry_cipher = 8;
break;
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
telemetry_cipher = 9;
break;
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
telemetry_cipher = 10;
break;
/* TLS 1.3 ciphers */
case TLS_AES_128_GCM_SHA256:
telemetry_cipher = 11;
break;
case TLS_CHACHA20_POLY1305_SHA256:
telemetry_cipher = 12;
break;
case TLS_AES_256_GCM_SHA384:
telemetry_cipher = 13;
break;
}
Telemetry::Accumulate(Telemetry::WEBRTC_DTLS_CIPHER, telemetry_cipher);
uint16_t cipher;
nsresult rv = GetSrtpCipher(&cipher);
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
MOZ_MTLOG(ML_ERROR, "Failed to get SRTP cipher suite"); MOZ_MTLOG(ML_ERROR, "Failed to get SRTP cipher suite");
return; return;
} }
mozilla::Telemetry::LABELS_WEBRTC_SRTP_CIPHER label = auto cipher_label = mozilla::Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Unknown;
mozilla::Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Unknown;
switch (cipher) { switch (cipher) {
case kDtlsSrtpAes128CmHmacSha1_80: case kDtlsSrtpAes128CmHmacSha1_80:
label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Aes128CmHmacSha1_80; cipher_label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Aes128CmHmacSha1_80;
break; break;
case kDtlsSrtpAes128CmHmacSha1_32: case kDtlsSrtpAes128CmHmacSha1_32:
label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Aes128CmHmacSha1_32; cipher_label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::Aes128CmHmacSha1_32;
break; break;
case kDtlsSrtpAeadAes128Gcm: case kDtlsSrtpAeadAes128Gcm:
label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::AeadAes128Gcm; cipher_label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::AeadAes128Gcm;
break; break;
case kDtlsSrtpAeadAes256Gcm: case kDtlsSrtpAeadAes256Gcm:
label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::AeadAes256Gcm; cipher_label = Telemetry::LABELS_WEBRTC_SRTP_CIPHER::AeadAes256Gcm;
break; break;
} }
Telemetry::AccumulateCategorical(label); Telemetry::AccumulateCategorical(cipher_label);
} }
} // close namespace } // close namespace

View File

@ -165,7 +165,7 @@ class TransportLayerDtls final : public TransportLayer {
UniqueCERTCertificate& cert) const; UniqueCERTCertificate& cert) const;
void RecordHandshakeCompletionTelemetry(TransportLayer::State endState); void RecordHandshakeCompletionTelemetry(TransportLayer::State endState);
void RecordCipherTelemetry(); void RecordTlsTelemetry();
static PRBool WriteSrtpXtn(PRFileDesc* fd, SSLHandshakeType message, static PRBool WriteSrtpXtn(PRFileDesc* fd, SSLHandshakeType message,
uint8_t* data, unsigned int* len, uint8_t* data, unsigned int* len,

View File

@ -8780,7 +8780,16 @@
"expires_in_version": "67", "expires_in_version": "67",
"kind": "categorical", "kind": "categorical",
"labels": ["Unknown", "Aes128CmHmacSha1_80", "Aes128CmHmacSha1_32", "AeadAes128Gcm", "AeadAes256Gcm"], "labels": ["Unknown", "Aes128CmHmacSha1_80", "Aes128CmHmacSha1_32", "AeadAes128Gcm", "AeadAes256Gcm"],
"description": "The SRTP cipher (as integer) negotiated for a RTCPeerConnection. See TransportLayerDtls::RecordCipherTelemetry for the meaning of the values" "description": "The SRTP cipher (as label) negotiated for a RTCPeerConnection."
},
"WEBRTC_DTLS_PROTOCOL_VERSION": {
"record_in_processes": ["content"],
"alert_emails": ["webrtc-dtls-telemetry-alerts@mozilla.com", "nohlmeier@mozilla.com"],
"bug_numbers": [1491511],
"expires_in_version": "68",
"kind": "categorical",
"labels": ["Unknown", "Dtls_version_1_0", "Dtls_version_1_2", "Dtls_version_1_3"],
"description": "The DTLS protocol version (as label) negotiated for a RTCPeerConnection."
}, },
"WEBRTC_ICE_FINAL_CONNECTION_STATE": { "WEBRTC_ICE_FINAL_CONNECTION_STATE": {
"record_in_processes": ["main", "content"], "record_in_processes": ["main", "content"],