9354191b85
By just storing the raw certificate we simplify the internal data structure we use. In turn, this enables us to write better unit tests using github.com/google/go-cmp where we can construct the expected result and compare with that. (Yeah, in principle we could also construct the full certificate but I'm not sure it's worth the effort since we basically only care about the raw certificate.) The general idea here is to make tracex more tested. Once it's more tested, I will create separate structs for each event, which is something that measurex also does. Once that is done, we can start ensuring that the code in measurex and the code in tracex do the same thing in terms of storing observations. When also this is done, we can then rewrite measurex to use tracex directly. The overall goal is https://github.com/ooni/probe/issues/2035.
189 lines
5.1 KiB
Go
189 lines
5.1 KiB
Go
package tracex
|
|
|
|
//
|
|
// QUIC
|
|
//
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"net"
|
|
"time"
|
|
|
|
"github.com/lucas-clemente/quic-go"
|
|
"github.com/ooni/probe-cli/v3/internal/model"
|
|
"github.com/ooni/probe-cli/v3/internal/netxlite"
|
|
)
|
|
|
|
// QUICDialerSaver saves events occurring during the QUIC handshake.
|
|
type QUICDialerSaver struct {
|
|
// QUICDialer is the wrapped dialer
|
|
QUICDialer model.QUICDialer
|
|
|
|
// Saver saves events
|
|
Saver *Saver
|
|
}
|
|
|
|
// WrapQUICDialer wraps a model.QUICDialer with a QUICHandshakeSaver that will
|
|
// save the QUIC handshake results into this Saver.
|
|
//
|
|
// When this function is invoked on a nil Saver, it will directly return
|
|
// the original QUICDialer without any wrapping.
|
|
func (s *Saver) WrapQUICDialer(qd model.QUICDialer) model.QUICDialer {
|
|
if s == nil {
|
|
return qd
|
|
}
|
|
return &QUICDialerSaver{
|
|
QUICDialer: qd,
|
|
Saver: s,
|
|
}
|
|
}
|
|
|
|
// DialContext implements QUICDialer.DialContext
|
|
func (h *QUICDialerSaver) DialContext(ctx context.Context, network string,
|
|
host string, tlsCfg *tls.Config, cfg *quic.Config) (quic.EarlyConnection, error) {
|
|
start := time.Now()
|
|
// TODO(bassosimone): in the future we probably want to also save
|
|
// information about what versions we're willing to accept.
|
|
h.Saver.Write(&EventQUICHandshakeStart{&EventValue{
|
|
Address: host,
|
|
NoTLSVerify: tlsCfg.InsecureSkipVerify,
|
|
Proto: network,
|
|
TLSNextProtos: tlsCfg.NextProtos,
|
|
TLSServerName: tlsCfg.ServerName,
|
|
Time: start,
|
|
}})
|
|
sess, err := h.QUICDialer.DialContext(ctx, network, host, tlsCfg, cfg)
|
|
stop := time.Now()
|
|
if err != nil {
|
|
// TODO(bassosimone): here we should save the peer certs
|
|
h.Saver.Write(&EventQUICHandshakeDone{&EventValue{
|
|
Address: host,
|
|
Duration: stop.Sub(start),
|
|
Err: NewFailureStr(err),
|
|
NoTLSVerify: tlsCfg.InsecureSkipVerify,
|
|
Proto: network,
|
|
TLSNextProtos: tlsCfg.NextProtos,
|
|
TLSPeerCerts: [][]byte{},
|
|
TLSServerName: tlsCfg.ServerName,
|
|
Time: stop,
|
|
}})
|
|
return nil, err
|
|
}
|
|
state := quicConnectionState(sess)
|
|
h.Saver.Write(&EventQUICHandshakeDone{&EventValue{
|
|
Address: host,
|
|
Duration: stop.Sub(start),
|
|
NoTLSVerify: tlsCfg.InsecureSkipVerify,
|
|
Proto: network,
|
|
TLSCipherSuite: netxlite.TLSCipherSuiteString(state.CipherSuite),
|
|
TLSNegotiatedProto: state.NegotiatedProtocol,
|
|
TLSNextProtos: tlsCfg.NextProtos,
|
|
TLSPeerCerts: tlsPeerCerts(state, err),
|
|
TLSServerName: tlsCfg.ServerName,
|
|
TLSVersion: netxlite.TLSVersionString(state.Version),
|
|
Time: stop,
|
|
}})
|
|
return sess, nil
|
|
}
|
|
|
|
func (h *QUICDialerSaver) CloseIdleConnections() {
|
|
h.QUICDialer.CloseIdleConnections()
|
|
}
|
|
|
|
// quicConnectionState returns the ConnectionState of a QUIC Session.
|
|
func quicConnectionState(sess quic.EarlyConnection) tls.ConnectionState {
|
|
return sess.ConnectionState().TLS.ConnectionState
|
|
}
|
|
|
|
// QUICListenerSaver is a QUICListener that also implements saving events.
|
|
type QUICListenerSaver struct {
|
|
// QUICListener is the underlying QUICListener.
|
|
QUICListener model.QUICListener
|
|
|
|
// Saver is the underlying Saver.
|
|
Saver *Saver
|
|
}
|
|
|
|
// WrapQUICListener wraps a model.QUICDialer with a QUICListenerSaver that will
|
|
// save the QUIC I/O packet conn events into this Saver.
|
|
//
|
|
// When this function is invoked on a nil Saver, it will directly return
|
|
// the original QUICListener without any wrapping.
|
|
func (s *Saver) WrapQUICListener(ql model.QUICListener) model.QUICListener {
|
|
if s == nil {
|
|
return ql
|
|
}
|
|
return &QUICListenerSaver{
|
|
QUICListener: ql,
|
|
Saver: s,
|
|
}
|
|
}
|
|
|
|
// Listen implements QUICListener.Listen.
|
|
func (qls *QUICListenerSaver) Listen(addr *net.UDPAddr) (model.UDPLikeConn, error) {
|
|
pconn, err := qls.QUICListener.Listen(addr)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pconn = &quicPacketConnWrapper{
|
|
UDPLikeConn: pconn,
|
|
saver: qls.Saver,
|
|
}
|
|
return pconn, nil
|
|
}
|
|
|
|
// quicPacketConnWrapper saves I/O events
|
|
type quicPacketConnWrapper struct {
|
|
// UDPLikeConn is the wrapped underlying conn
|
|
model.UDPLikeConn
|
|
|
|
// Saver saves events
|
|
saver *Saver
|
|
}
|
|
|
|
func (c *quicPacketConnWrapper) WriteTo(p []byte, addr net.Addr) (int, error) {
|
|
start := time.Now()
|
|
count, err := c.UDPLikeConn.WriteTo(p, addr)
|
|
stop := time.Now()
|
|
c.saver.Write(&EventWriteToOperation{&EventValue{
|
|
Address: addr.String(),
|
|
Data: p[:count],
|
|
Duration: stop.Sub(start),
|
|
Err: NewFailureStr(err),
|
|
NumBytes: count,
|
|
Time: stop,
|
|
}})
|
|
return count, err
|
|
}
|
|
|
|
func (c *quicPacketConnWrapper) ReadFrom(b []byte) (int, net.Addr, error) {
|
|
start := time.Now()
|
|
n, addr, err := c.UDPLikeConn.ReadFrom(b)
|
|
stop := time.Now()
|
|
var data []byte
|
|
if n > 0 {
|
|
data = b[:n]
|
|
}
|
|
c.saver.Write(&EventReadFromOperation{&EventValue{
|
|
Address: c.safeAddrString(addr),
|
|
Data: data,
|
|
Duration: stop.Sub(start),
|
|
Err: NewFailureStr(err),
|
|
NumBytes: n,
|
|
Time: stop,
|
|
}})
|
|
return n, addr, err
|
|
}
|
|
|
|
func (c *quicPacketConnWrapper) safeAddrString(addr net.Addr) (out string) {
|
|
if addr != nil {
|
|
out = addr.String()
|
|
}
|
|
return
|
|
}
|
|
|
|
var _ model.QUICDialer = &QUICDialerSaver{}
|
|
var _ model.QUICListener = &QUICListenerSaver{}
|
|
var _ model.UDPLikeConn = &quicPacketConnWrapper{}
|