Extend scoreboard to also track TLS handshake RST (#82)

The scoreboard package will probably benefit from some more precise unit testing with respect to returned keys. Work related to ooni/probe-engine#87
ooni · Oct 29, 2019 · 5972a62 · 5972a62
1 parent 48cfb0e
commit 5972a62
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 12 deletions.
diff --git a/internal/httptransport/tracetripper/tracetripper.go b/internal/httptransport/tracetripper/tracetripper.go
@@ -61,13 +61,17 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 				Error:         err,
 				TransactionID: tid,
 			}.MaybeBuild()
+			durationSinceBeginning := time.Now().Sub(root.Beginning)
+			root.X.Scoreboard.MaybeTLSHandshakeReset(
+				durationSinceBeginning, req.URL, err,
+			)
 			// Event emitted by net/http when DialTLS is not
 			// configured in the http.Transport
 			root.Handler.OnMeasurement(model.Measurement{
 				TLSHandshakeDone: &model.TLSHandshakeDoneEvent{
 					ConnectionState:        model.NewTLSConnectionState(state),
 					Error:                  err,
-					DurationSinceBeginning: time.Now().Sub(root.Beginning),
+					DurationSinceBeginning: durationSinceBeginning,
 					TransactionID:          tid,
 				},
 			})

diff --git a/x/nervousresolver/nervousresolver.go b/x/nervousresolver/nervousresolver.go
@@ -82,8 +82,8 @@ func (c *Resolver) LookupHost(ctx context.Context, hostname string) ([]string, e
 	root.X.Scoreboard.AddDNSBogonInfo(scoreboard.DNSBogonInfo{
 		Addresses:              addrs,
 		DurationSinceBeginning: durationSinceBeginning,
-		FollowupAction:         "retry using DoH resolver",
-		Hostname:               hostname,
+		Domain:                 hostname,
+		FallbackPlan:           "ignore_and_retry_with_doh",
 	})
 	value := bogonLookup{
 		Addresses: addrs,

diff --git a/x/scoreboard/scoreboard.go b/x/scoreboard/scoreboard.go
@@ -5,14 +5,18 @@ package scoreboard
 
 import (
 	"encoding/json"
+	"errors"
+	"net"
+	"net/url"
 	"sync"
 	"time"
 )
 
 // Board contains what we learned during measurements.
 type Board struct {
-	DNSBogonInfo []DNSBogonInfo
-	mu           sync.Mutex
+	DNSBogonInfo      []DNSBogonInfo
+	TLSHandshakeReset []TLSHandshakeReset
+	mu                sync.Mutex
 }
 
 // DNSBogonInfo contains info on bogon replies received when
@@ -22,8 +26,17 @@ type Board struct {
 type DNSBogonInfo struct {
 	Addresses              []string
 	DurationSinceBeginning time.Duration
-	FollowupAction         string
-	Hostname               string
+	Domain                 string
+	FallbackPlan           string
+}
+
+// TLSHandshakeReset contains info on a RST received when
+// performing a TLS handshake with a server.
+type TLSHandshakeReset struct {
+	Address                string
+	Domain                 string
+	DurationSinceBeginning time.Duration
+	RecommendedFollowups   []string
 }
 
 // AddDNSBogonInfo adds info on a DNS bogon reply
@@ -33,6 +46,36 @@ func (b *Board) AddDNSBogonInfo(info DNSBogonInfo) {
 	b.DNSBogonInfo = append(b.DNSBogonInfo, info)
 }
 
+// MaybeTLSHandshakeReset inspects the provided error and
+// updates the scoreboard with TLS handshake RST info, when
+// this kind of interference has been detected.
+func (b *Board) MaybeTLSHandshakeReset(
+	durationSinceBeginning time.Duration, URL *url.URL, err error,
+) {
+	// TODO(bassosimone): add also EOF here?
+	if err == nil || err.Error() != "connection_reset" {
+		return
+	}
+	var (
+		opError    *net.OpError
+		remoteAddr string
+	)
+	if errors.As(err, &opError) && opError.Addr != nil {
+		remoteAddr = opError.Addr.String()
+	}
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	b.TLSHandshakeReset = append(b.TLSHandshakeReset, TLSHandshakeReset{
+		Address:                remoteAddr,
+		Domain:                 URL.Hostname(),
+		DurationSinceBeginning: durationSinceBeginning,
+		RecommendedFollowups: []string{
+			"sni_blocking",
+			"ip_valid_for_domain",
+		},
+	})
+}
+
 // Marshal marshals the board in JSON format.
 func (b *Board) Marshal() string {
 	data, _ := json.Marshal(b)

diff --git a/x/scoreboard/scoreboard_test.go b/x/scoreboard/scoreboard_test.go
@@ -1,9 +1,52 @@
-package scoreboard
+// must be another package to avoid import cycle
+package scoreboard_test
 
-import "testing"
+import (
+	"errors"
+	"net"
+	"net/url"
+	"testing"
 
-func TestIntegration(t *testing.T) {
-	board := &Board{}
-	board.AddDNSBogonInfo(DNSBogonInfo{})
+	"github.com/ooni/netx/model"
+	"github.com/ooni/netx/x/scoreboard"
+)
+
+func TestIntegrationDNSBogon(t *testing.T) {
+	board := &scoreboard.Board{}
+	board.AddDNSBogonInfo(scoreboard.DNSBogonInfo{})
+	t.Log(board.Marshal())
+}
+
+func TestIntegrationTLSHandshakeResetNil(t *testing.T) {
+	board := &scoreboard.Board{}
+	board.MaybeTLSHandshakeReset(0, nil, nil)
+	t.Log(board.Marshal())
+}
+
+func TestIntegrationTLSHandshakeResetNotReset(t *testing.T) {
+	board := &scoreboard.Board{}
+	board.MaybeTLSHandshakeReset(0, nil, errors.New("antani"))
+	t.Log(board.Marshal())
+}
+
+func TestIntegrationTLSHandshakeResetIsReset(t *testing.T) {
+	board := &scoreboard.Board{}
+	board.MaybeTLSHandshakeReset(0, &url.URL{}, errors.New("connection_reset"))
+	t.Log(board.Marshal())
+}
+
+func TestIntegrationTLSHandshakeResetIsResetWithAddr(t *testing.T) {
+	board := &scoreboard.Board{}
+	board.MaybeTLSHandshakeReset(
+		0, &url.URL{}, &model.ErrWrapper{
+			Failure: "connection_reset",
+			WrappedErr: &net.OpError{
+				Addr: &net.TCPAddr{
+					IP:   net.IPv4(8, 8, 8, 8),
+					Port: 53,
+				},
+			},
+		},
+	)
 	t.Log(board.Marshal())
 }