ooni-probe-cli/internal/experiment/webconnectivity/analysistls.go

package webconnectivity

//
// TLS analysis
//

import "github.com/ooni/probe-cli/v3/internal/model"

// analysisTLSToplevel is the toplevel analysis function for TLS.
//
// This algorithm aims to flag the TLS endpoints that failed unreasonably
// compared to what the TH has observed for the same endpoints.
func (tk *TestKeys) analysisTLSToplevel(logger model.Logger) {
	// if we don't have a control result, do nothing.
	if tk.Control == nil || len(tk.Control.TLSHandshake) <= 0 {
		return
	}

	// walk the list of probe results and compare with TH results
	for _, entry := range tk.TLSHandshakes {
		// skip successful entries
		failure := entry.Failure
		if failure == nil {
			continue // did not fail
		}
		epnt := entry.Address

		// TODO(bassosimone,kelmenhorst): if, in the future, we choose to
		// adapt this code to QUIC, we need to remember to treat EHOSTUNREACH
		// and ENETUNREACH specially when the IP address is IPv6.

		// obtain the corresponding endpoint
		ctrl, found := tk.Control.TLSHandshake[epnt]
		if !found {
			continue // only the probe tested this, so hard to say anything...
		}
		if ctrl.Failure != nil {
			// If the TH failed as well, don't set XBlockingFlags. Performing
			// precise error mapping should be a job for the pipeline.
			continue
		}
		logger.Warnf(
			"TLS: endpoint %s is blocked (see #%d): %s",
			epnt,
			entry.TransactionID,
			*failure,
		)
		tk.BlockingFlags |= analysisFlagTLSBlocking
	}
}
feat(webconnectivity@v0.5): use TLS info from TH (#933) This diff modifies webconnectivity@v0.5 to take decisions regarding TLS blocking by using the response from the TH rather than using questionable heuristics based on inspecting the TLSHandshake list alone. This change should improve correctness _when_ we're using the improved TH, which is currently used for 50% of the probes. See https://github.com/ooni/probe/issues/2257 While there, modify `control.go` to specify which control is being used. 2022-09-05 11:35:48 +02:00			`package webconnectivity`

			`//`
			`// TLS analysis`
			`//`

			`import "github.com/ooni/probe-cli/v3/internal/model"`

			`// analysisTLSToplevel is the toplevel analysis function for TLS.`
			`//`
			`// This algorithm aims to flag the TLS endpoints that failed unreasonably`
			`// compared to what the TH has observed for the same endpoints.`
			`func (tk *TestKeys) analysisTLSToplevel(logger model.Logger) {`
			`// if we don't have a control result, do nothing.`
			`if tk.Control == nil \|\| len(tk.Control.TLSHandshake) <= 0 {`
			`return`
			`}`

			`// walk the list of probe results and compare with TH results`
			`for _, entry := range tk.TLSHandshakes {`
			`// skip successful entries`
			`failure := entry.Failure`
			`if failure == nil {`
			`continue // did not fail`
			`}`
			`epnt := entry.Address`

			`// TODO(bassosimone,kelmenhorst): if, in the future, we choose to`
			`// adapt this code to QUIC, we need to remember to treat EHOSTUNREACH`
			`// and ENETUNREACH specially when the IP address is IPv6.`

			`// obtain the corresponding endpoint`
			`ctrl, found := tk.Control.TLSHandshake[epnt]`
			`if !found {`
			`continue // only the probe tested this, so hard to say anything...`
			`}`
			`if ctrl.Failure != nil {`
			`// If the TH failed as well, don't set XBlockingFlags. Performing`
			`// precise error mapping should be a job for the pipeline.`
			`continue`
			`}`
			`logger.Warnf(`
			`"TLS: endpoint %s is blocked (see #%d): %s",`
			`epnt,`
			`entry.TransactionID,`
			`*failure,`
			`)`
			`tk.BlockingFlags \|= analysisFlagTLSBlocking`
			`}`
			`}`