Revert "Reland "Remove GICE (gone forever!) and PORTALLOCATOR_ENABLE_SHARED_UFRAG (enabled forever)…

webrtc/p2p/base/port.cc

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 40 matching lines @@
     uint32 maximum_time,
     uint32 now) {
 
   if (pings_since_last_response.size() == 0)
     return false;
 
   auto first = pings_since_last_response[0];
   return now > (first.sent_time + maximum_time);
 }
 
+// GICE(ICEPROTO_GOOGLE) requires different username for RTP and RTCP.
+// This function generates a different username by +1 on the last character of
+// the given username (|rtp_ufrag|).
+std::string GetRtcpUfragFromRtpUfrag(const std::string& rtp_ufrag) {
+  ASSERT(!rtp_ufrag.empty());
+  if (rtp_ufrag.empty()) {
+    return rtp_ufrag;
+  }
+  // Change the last character to the one next to it in the base64 table.
+  char new_last_char;
+  if (!rtc::Base64::GetNextBase64Char(rtp_ufrag[rtp_ufrag.size() - 1],
+                                            &new_last_char)) {
+    // Should not be here.
+    ASSERT(false);
+  }
+  std::string rtcp_ufrag = rtp_ufrag;
+  rtcp_ufrag[rtcp_ufrag.size() - 1] = new_last_char;
+  ASSERT(rtcp_ufrag != rtp_ufrag);
+  return rtcp_ufrag;
+}
+
 // We will restrict RTT estimates (when used for determining state) to be
 // within a reasonable range.
 const uint32 MINIMUM_RTT = 100;   // 0.1 seconds
 const uint32 MAXIMUM_RTT = 3000;  // 3 seconds
 
 // When we don't have any RTT data, we have to pick something reasonable.  We
 // use a large value just in case the connection is really slow.
 const uint32 DEFAULT_RTT = MAXIMUM_RTT;
 
 // Computes our estimate of the RTT given the current estimate.
@@ skipping 72 matching lines @@
       network_(network),
       ip_(ip),
       min_port_(0),
       max_port_(0),
       component_(ICE_CANDIDATE_COMPONENT_DEFAULT),
       generation_(0),
       ice_username_fragment_(username_fragment),
       password_(password),
       timeout_delay_(kPortTimeoutDelay),
       enable_port_packets_(false),
+      ice_protocol_(ICEPROTO_HYBRID),
       ice_role_(ICEROLE_UNKNOWN),
       tiebreaker_(0),
       shared_socket_(true),
       candidate_filter_(CF_ALL) {
   Construct();
 }
 
 Port::Port(rtc::Thread* thread,
            const std::string& type,
            rtc::PacketSocketFactory* factory,
@@ skipping 10 matching lines @@
       network_(network),
       ip_(ip),
       min_port_(min_port),
       max_port_(max_port),
       component_(ICE_CANDIDATE_COMPONENT_DEFAULT),
       generation_(0),
       ice_username_fragment_(username_fragment),
       password_(password),
       timeout_delay_(kPortTimeoutDelay),
       enable_port_packets_(false),
+      ice_protocol_(ICEPROTO_HYBRID),
       ice_role_(ICEROLE_UNKNOWN),
       tiebreaker_(0),
       shared_socket_(false),
       candidate_filter_(CF_ALL) {
   ASSERT(factory_ != NULL);
   Construct();
 }
 
 void Port::Construct() {
-  // TODO(pthatcher): Remove this old behavior once we're sure no one
-  // relies on it.  If the username_fragment and password are empty,
-  // we should just create one.
+  // If the username_fragment and password are empty, we should just create one.
   if (ice_username_fragment_.empty()) {
     ASSERT(password_.empty());
     ice_username_fragment_ = rtc::CreateRandomString(ICE_UFRAG_LENGTH);
     password_ = rtc::CreateRandomString(ICE_PWD_LENGTH);
   }
   LOG_J(LS_INFO, this) << "Port created";
 }
 
 Port::~Port() {
   // Delete all of the remaining connections.  We copy the list up front
@@ skipping 81 matching lines @@
     LOG_J(LS_ERROR, this) << "Received non-STUN packet from unknown address ("
                           << addr.ToSensitiveString() << ")";
   } else if (!msg) {
     // STUN message handled already
   } else if (msg->type() == STUN_BINDING_REQUEST) {
     LOG(LS_INFO) << "Received STUN ping "
                  << " id=" << rtc::hex_encode(msg->transaction_id())
                  << " from unknown address " << addr.ToSensitiveString();
 
     // Check for role conflicts.
-    if (!MaybeIceRoleConflict(addr, msg.get(), remote_username)) {
+    if (IsStandardIce() &&
+        !MaybeIceRoleConflict(addr, msg.get(), remote_username)) {
       LOG(LS_INFO) << "Received conflicting role from the peer.";
       return;
     }
 
     SignalUnknownAddress(this, addr, proto, msg.get(), remote_username, false);
   } else {
     // NOTE(tschmelcher): STUN_BINDING_RESPONSE is benign. It occurs if we
     // pruned a connection for this port while it had STUN requests in flight,
     // because we then get back responses for them, which this code correctly
     // does not handle.
@@ skipping 10 matching lines @@
   for (; iter != connections_.end(); ++iter) {
     iter->second->OnReadyToSend();
   }
 }
 
 size_t Port::AddPrflxCandidate(const Candidate& local) {
   candidates_.push_back(local);
   return (candidates_.size() - 1);
 }
 
+bool Port::IsStandardIce() const {
+  return (ice_protocol_ == ICEPROTO_RFC5245);
+}
+
+bool Port::IsGoogleIce() const {
+  return (ice_protocol_ == ICEPROTO_GOOGLE);
+}
+
+bool Port::IsHybridIce() const {
+  return (ice_protocol_ == ICEPROTO_HYBRID);
+}
+
 bool Port::GetStunMessage(const char* data, size_t size,
                           const rtc::SocketAddress& addr,
                           IceMessage** out_msg, std::string* out_username) {
   // NOTE: This could clearly be optimized to avoid allocating any memory.
   //       However, at the data rates we'll be looking at on the client side,
   //       this probably isn't worth worrying about.
   ASSERT(out_msg != NULL);
   ASSERT(out_username != NULL);
   *out_msg = NULL;
   out_username->clear();
 
   // Don't bother parsing the packet if we can tell it's not STUN.
   // In ICE mode, all STUN packets will have a valid fingerprint.
-  if (!StunMessage::ValidateFingerprint(data, size)) {
+  if (IsStandardIce() && !StunMessage::ValidateFingerprint(data, size)) {
     return false;
   }
 
   // Parse the request message.  If the packet is not a complete and correct
   // STUN message, then ignore it.
   rtc::scoped_ptr<IceMessage> stun_msg(new IceMessage());
   rtc::ByteBuffer buf(data, size);
   if (!stun_msg->Read(&buf) || (buf.Length() > 0)) {
     return false;
   }
 
   if (stun_msg->type() == STUN_BINDING_REQUEST) {
     // Check for the presence of USERNAME and MESSAGE-INTEGRITY (if ICE) first.
     // If not present, fail with a 400 Bad Request.
     if (!stun_msg->GetByteString(STUN_ATTR_USERNAME) ||
-        !stun_msg->GetByteString(STUN_ATTR_MESSAGE_INTEGRITY)) {
+        (IsStandardIce() &&
+         !stun_msg->GetByteString(STUN_ATTR_MESSAGE_INTEGRITY))) {
       LOG_J(LS_ERROR, this) << "Received STUN request without username/M-I "
                             << "from " << addr.ToSensitiveString();
       SendBindingErrorResponse(stun_msg.get(), addr, STUN_ERROR_BAD_REQUEST,
                                STUN_ERROR_REASON_BAD_REQUEST);
       return true;
     }
 
     // If the username is bad or unknown, fail with a 401 Unauthorized.
     std::string local_ufrag;
     std::string remote_ufrag;
-    if (!ParseStunUsername(stun_msg.get(), &local_ufrag, &remote_ufrag) ||
+    IceProtocolType remote_protocol_type;
+    if (!ParseStunUsername(stun_msg.get(), &local_ufrag, &remote_ufrag,
+                           &remote_protocol_type) ||
         local_ufrag != username_fragment()) {
       LOG_J(LS_ERROR, this) << "Received STUN request with bad local username "
                             << local_ufrag << " from "
                             << addr.ToSensitiveString();
       SendBindingErrorResponse(stun_msg.get(), addr, STUN_ERROR_UNAUTHORIZED,
                                STUN_ERROR_REASON_UNAUTHORIZED);
       return true;
     }
 
+    // Port is initialized to GOOGLE-ICE protocol type. If pings from remote
+    // are received before the signal message, protocol type may be different.
+    // Based on the STUN username, we can determine what's the remote protocol.
+    // This also enables us to send the response back using the same protocol
+    // as the request.
+    if (IsHybridIce()) {
+      SetIceProtocolType(remote_protocol_type);
+    }
+
     // If ICE, and the MESSAGE-INTEGRITY is bad, fail with a 401 Unauthorized
-    if (!stun_msg->ValidateMessageIntegrity(data, size, password_)) {
+    if (IsStandardIce() &&
+        !stun_msg->ValidateMessageIntegrity(data, size, password_)) {
       LOG_J(LS_ERROR, this) << "Received STUN request with bad M-I "
                             << "from " << addr.ToSensitiveString()
                             << ", password_=" << password_;
       SendBindingErrorResponse(stun_msg.get(), addr, STUN_ERROR_UNAUTHORIZED,
                                STUN_ERROR_REASON_UNAUTHORIZED);
       return true;
     }
     out_username->assign(remote_ufrag);
   } else if ((stun_msg->type() == STUN_BINDING_RESPONSE) ||
              (stun_msg->type() == STUN_BINDING_ERROR_RESPONSE)) {
@@ skipping 40 matching lines @@
   // Link-local IPv6 ports can only connect to other link-local IPv6 ports.
   if (family == AF_INET6 &&
       (IPIsLinkLocal(ip()) != IPIsLinkLocal(addr.ipaddr()))) {
     return false;
   }
   return true;
 }
 
 bool Port::ParseStunUsername(const StunMessage* stun_msg,
                              std::string* local_ufrag,
-                             std::string* remote_ufrag) const {
+                             std::string* remote_ufrag,
+                             IceProtocolType* remote_protocol_type) const {
   // The packet must include a username that either begins or ends with our
   // fragment.  It should begin with our fragment if it is a request and it
   // should end with our fragment if it is a response.
   local_ufrag->clear();
   remote_ufrag->clear();
   const StunByteStringAttribute* username_attr =
         stun_msg->GetByteString(STUN_ATTR_USERNAME);
   if (username_attr == NULL)
     return false;
 
-  // RFRAG:LFRAG
-  const std::string username = username_attr->GetString();
-  size_t colon_pos = username.find(":");
-  if (colon_pos == std::string::npos) {
-    return false;
+  const std::string username_attr_str = username_attr->GetString();
+  size_t colon_pos = username_attr_str.find(":");
+  // If we are in hybrid mode set the appropriate ice protocol type based on
+  // the username argument style.
+  if (IsHybridIce()) {
+    *remote_protocol_type = (colon_pos != std::string::npos) ?
+        ICEPROTO_RFC5245 : ICEPROTO_GOOGLE;
+  } else {
+    *remote_protocol_type = ice_protocol_;
   }
+  if (*remote_protocol_type == ICEPROTO_RFC5245) {
+    if (colon_pos != std::string::npos) {  // RFRAG:LFRAG
+      *local_ufrag = username_attr_str.substr(0, colon_pos);
+      *remote_ufrag = username_attr_str.substr(
+          colon_pos + 1, username_attr_str.size());
+    } else {
+      return false;
+    }
+  } else if (*remote_protocol_type == ICEPROTO_GOOGLE) {
+    int remote_frag_len = static_cast<int>(username_attr_str.size());
+    remote_frag_len -= static_cast<int>(username_fragment().size());
+    if (remote_frag_len < 0)
+      return false;
 
-  *local_ufrag = username.substr(0, colon_pos);
-  *remote_ufrag = username.substr(colon_pos + 1, username.size());
+    *local_ufrag = username_attr_str.substr(0, username_fragment().size());
+    *remote_ufrag = username_attr_str.substr(
+        username_fragment().size(), username_attr_str.size());
+  }
   return true;
 }
 
 bool Port::MaybeIceRoleConflict(
     const rtc::SocketAddress& addr, IceMessage* stun_msg,
     const std::string& remote_ufrag) {
   // Validate ICE_CONTROLLING or ICE_CONTROLLED attributes.
   bool ret = true;
   IceRole remote_ice_role = ICEROLE_UNKNOWN;
   uint64 remote_tiebreaker = 0;
@@ skipping 48 matching lines @@
     default:
       ASSERT(false);
   }
   return ret;
 }
 
 void Port::CreateStunUsername(const std::string& remote_username,
                               std::string* stun_username_attr_str) const {
   stun_username_attr_str->clear();
   *stun_username_attr_str = remote_username;
-  stun_username_attr_str->append(":");
+  if (IsStandardIce()) {
+    // Connectivity checks from L->R will have username RFRAG:LFRAG.
+    stun_username_attr_str->append(":");
+  }
   stun_username_attr_str->append(username_fragment());
 }
 
 void Port::SendBindingResponse(StunMessage* request,
                                const rtc::SocketAddress& addr) {
   ASSERT(request->type() == STUN_BINDING_REQUEST);
 
   // Retrieve the username from the request.
   const StunByteStringAttribute* username_attr =
       request->GetByteString(STUN_ATTR_USERNAME);
@@ skipping 15 matching lines @@
     response.AddAttribute(new StunUInt32Attribute(
         STUN_ATTR_RETRANSMIT_COUNT, retransmit_attr->value()));
 
     if (retransmit_attr->value() > CONNECTION_WRITE_CONNECT_FAILURES) {
       LOG_J(LS_INFO, this)
           << "Received a remote ping with high retransmit count: "
           << retransmit_attr->value();
     }
   }
 
-  response.AddAttribute(
-      new StunXorAddressAttribute(STUN_ATTR_XOR_MAPPED_ADDRESS, addr));
-  response.AddMessageIntegrity(password_);
-  response.AddFingerprint();
+  // Only GICE messages have USERNAME and MAPPED-ADDRESS in the response.
+  // ICE messages use XOR-MAPPED-ADDRESS, and add MESSAGE-INTEGRITY.
+  if (IsStandardIce()) {
+    response.AddAttribute(
+        new StunXorAddressAttribute(STUN_ATTR_XOR_MAPPED_ADDRESS, addr));
+    response.AddMessageIntegrity(password_);
+    response.AddFingerprint();
+  } else if (IsGoogleIce()) {
+    response.AddAttribute(
+        new StunAddressAttribute(STUN_ATTR_MAPPED_ADDRESS, addr));
+    response.AddAttribute(new StunByteStringAttribute(
+        STUN_ATTR_USERNAME, username_attr->GetString()));
+  }
 
   // The fact that we received a successful request means that this connection
   // (if one exists) should now be readable.
   Connection* conn = GetConnection(addr);
 
   // Send the response message.
   rtc::ByteBuffer buf;
   response.Write(&buf);
   rtc::PacketOptions options(DefaultDscpValue());
   auto err = SendTo(buf.Data(), buf.Length(), addr, options, false);
@@ skipping 25 matching lines @@
   ASSERT(request->type() == STUN_BINDING_REQUEST);
 
   // Fill in the response message.
   StunMessage response;
   response.SetType(STUN_BINDING_ERROR_RESPONSE);
   response.SetTransactionID(request->transaction_id());
 
   // When doing GICE, we need to write out the error code incorrectly to
   // maintain backwards compatiblility.
   StunErrorCodeAttribute* error_attr = StunAttribute::CreateErrorCode();
-  error_attr->SetCode(error_code);
+  if (IsStandardIce()) {
+    error_attr->SetCode(error_code);
+  } else if (IsGoogleIce()) {
+    error_attr->SetClass(error_code / 256);
+    error_attr->SetNumber(error_code % 256);
+  }
   error_attr->SetReason(reason);
   response.AddAttribute(error_attr);
 
-  // Per Section 10.1.2, certain error cases don't get a MESSAGE-INTEGRITY,
-  // because we don't have enough information to determine the shared secret.
-  if (error_code != STUN_ERROR_BAD_REQUEST &&
-      error_code != STUN_ERROR_UNAUTHORIZED)
-    response.AddMessageIntegrity(password_);
-  response.AddFingerprint();
+  if (IsStandardIce()) {
+    // Per Section 10.1.2, certain error cases don't get a MESSAGE-INTEGRITY,
+    // because we don't have enough information to determine the shared secret.
+    if (error_code != STUN_ERROR_BAD_REQUEST &&
+        error_code != STUN_ERROR_UNAUTHORIZED)
+      response.AddMessageIntegrity(password_);
+    response.AddFingerprint();
+  } else if (IsGoogleIce()) {
+    // GICE responses include a username, if one exists.
+    const StunByteStringAttribute* username_attr =
+        request->GetByteString(STUN_ATTR_USERNAME);
+    if (username_attr)
+      response.AddAttribute(new StunByteStringAttribute(
+          STUN_ATTR_USERNAME, username_attr->GetString()));
+  }
 
   // Send the response message.
   rtc::ByteBuffer buf;
   response.Write(&buf);
   rtc::PacketOptions options(DefaultDscpValue());
   SendTo(buf.Data(), buf.Length(), addr, options, false);
   LOG_J(LS_INFO, this) << "Sending STUN binding error: reason=" << reason
                        << " to " << addr.ToSensitiveString();
 }
 
@@ skipping 39 matching lines @@
   ASSERT(ice_role_ == ICEROLE_CONTROLLED);
   // If this port has no connections, then there's no reason to keep it around.
   // When the connections time out (both read and write), they will delete
   // themselves, so if we have any connections, they are either readable or
   // writable (or still connecting).
   if (connections_.empty())
     Destroy();
 }
 
 const std::string Port::username_fragment() const {
-  return ice_username_fragment_;
+  if (!IsStandardIce() &&
+      component_ == ICE_CANDIDATE_COMPONENT_RTCP) {
+    // In GICE mode, we should adjust username fragment for rtcp component.
+    return GetRtcpUfragFromRtpUfrag(ice_username_fragment_);
+  } else {
+    return ice_username_fragment_;
+  }
 }
 
 // A ConnectionRequest is a simple STUN ping used to determine writability.
 class ConnectionRequest : public StunRequest {
  public:
   explicit ConnectionRequest(Connection* connection)
       : StunRequest(new IceMessage()),
         connection_(connection) {
   }
 
   virtual ~ConnectionRequest() {
   }
 
   void Prepare(StunMessage* request) override {
     request->SetType(STUN_BINDING_REQUEST);
     std::string username;
     connection_->port()->CreateStunUsername(
         connection_->remote_candidate().username(), &username);
     request->AddAttribute(
         new StunByteStringAttribute(STUN_ATTR_USERNAME, username));
 
     // connection_ already holds this ping, so subtract one from count.
     if (connection_->port()->send_retransmit_count_attribute()) {
       request->AddAttribute(new StunUInt32Attribute(
           STUN_ATTR_RETRANSMIT_COUNT,
           static_cast<uint32>(
               connection_->pings_since_last_response_.size() - 1)));
     }
 
-    // Adding ICE_CONTROLLED or ICE_CONTROLLING attribute based on the role.
-    if (connection_->port()->GetIceRole() == ICEROLE_CONTROLLING) {
-      request->AddAttribute(new StunUInt64Attribute(
-          STUN_ATTR_ICE_CONTROLLING, connection_->port()->IceTiebreaker()));
-      // Since we are trying aggressive nomination, sending USE-CANDIDATE
-      // attribute in every ping.
-      // If we are dealing with a ice-lite end point, nomination flag
-      // in Connection will be set to false by default. Once the connection
-      // becomes "best connection", nomination flag will be turned on.
-      if (connection_->use_candidate_attr()) {
-        request->AddAttribute(new StunByteStringAttribute(
-            STUN_ATTR_USE_CANDIDATE));
+    // Adding ICE-specific attributes to the STUN request message.
+    if (connection_->port()->IsStandardIce()) {
+      // Adding ICE_CONTROLLED or ICE_CONTROLLING attribute based on the role.
+      if (connection_->port()->GetIceRole() == ICEROLE_CONTROLLING) {
+        request->AddAttribute(new StunUInt64Attribute(
+            STUN_ATTR_ICE_CONTROLLING, connection_->port()->IceTiebreaker()));
+        // Since we are trying aggressive nomination, sending USE-CANDIDATE
+        // attribute in every ping.
+        // If we are dealing with a ice-lite end point, nomination flag
+        // in Connection will be set to false by default. Once the connection
+        // becomes "best connection", nomination flag will be turned on.
+        if (connection_->use_candidate_attr()) {
+          request->AddAttribute(new StunByteStringAttribute(
+              STUN_ATTR_USE_CANDIDATE));
+        }
+      } else if (connection_->port()->GetIceRole() == ICEROLE_CONTROLLED) {
+        request->AddAttribute(new StunUInt64Attribute(
+            STUN_ATTR_ICE_CONTROLLED, connection_->port()->IceTiebreaker()));
+      } else {
+        ASSERT(false);
       }
-    } else if (connection_->port()->GetIceRole() == ICEROLE_CONTROLLED) {
-      request->AddAttribute(new StunUInt64Attribute(
-          STUN_ATTR_ICE_CONTROLLED, connection_->port()->IceTiebreaker()));
-    } else {
-      ASSERT(false);
+
+      // Adding PRIORITY Attribute.
+      // Changing the type preference to Peer Reflexive and local preference
+      // and component id information is unchanged from the original priority.
+      // priority = (2^24)*(type preference) +
+      //           (2^8)*(local preference) +
+      //           (2^0)*(256 - component ID)
+      uint32 prflx_priority = ICE_TYPE_PREFERENCE_PRFLX << 24 |
+          (connection_->local_candidate().priority() & 0x00FFFFFF);
+      request->AddAttribute(
+          new StunUInt32Attribute(STUN_ATTR_PRIORITY, prflx_priority));
+
+      // Adding Message Integrity attribute.
+      request->AddMessageIntegrity(connection_->remote_candidate().password());
+      // Adding Fingerprint.
+      request->AddFingerprint();
     }
-
-    // Adding PRIORITY Attribute.
-    // Changing the type preference to Peer Reflexive and local preference
-    // and component id information is unchanged from the original priority.
-    // priority = (2^24)*(type preference) +
-    //           (2^8)*(local preference) +
-    //           (2^0)*(256 - component ID)
-    uint32 prflx_priority = ICE_TYPE_PREFERENCE_PRFLX << 24 |
-        (connection_->local_candidate().priority() & 0x00FFFFFF);
-    request->AddAttribute(
-        new StunUInt32Attribute(STUN_ATTR_PRIORITY, prflx_priority));
-
-    // Adding Message Integrity attribute.
-    request->AddMessageIntegrity(connection_->remote_candidate().password());
-    // Adding Fingerprint.
-    request->AddFingerprint();
   }
 
   void OnResponse(StunMessage* response) override {
     connection_->OnConnectionRequestResponse(this, response);
   }
 
   void OnErrorResponse(StunMessage* response) override {
     connection_->OnConnectionRequestErrorResponse(this, response);
   }
 
@@ skipping 175 matching lines @@
     // If this is a STUN response, then update the writable bit.
     // Log at LS_INFO if we receive a ping on an unwritable connection.
     rtc::LoggingSeverity sev = (!writable() ? rtc::LS_INFO : rtc::LS_VERBOSE);
     switch (msg->type()) {
       case STUN_BINDING_REQUEST:
         LOG_JV(sev, this) << "Received STUN ping"
                           << ", id=" << rtc::hex_encode(msg->transaction_id());
 
         if (remote_ufrag == remote_candidate_.username()) {
           // Check for role conflicts.
-          if (!port_->MaybeIceRoleConflict(addr, msg.get(), remote_ufrag)) {
+          if (port_->IsStandardIce() &&
+              !port_->MaybeIceRoleConflict(addr, msg.get(), remote_ufrag)) {
             // Received conflicting role from the peer.
             LOG(LS_INFO) << "Received conflicting role from the peer.";
             return;
           }
 
           // Incoming, validated stun request from remote peer.
           // This call will also set the connection readable.
           port_->SendBindingResponse(msg.get(), addr);
 
           // If timed out sending writability checks, start up again
           if (!pruned_ && (write_state_ == STATE_WRITE_TIMEOUT))
             set_write_state(STATE_WRITE_INIT);
 
-          if (port_->GetIceRole() == ICEROLE_CONTROLLED) {
+          if ((port_->IsStandardIce()) &&
+              (port_->GetIceRole() == ICEROLE_CONTROLLED)) {
             const StunByteStringAttribute* use_candidate_attr =
                 msg->GetByteString(STUN_ATTR_USE_CANDIDATE);
             if (use_candidate_attr) {
               set_nominated(true);
               SignalNominated(this);
             }
           }
         } else {
           // The packet had the right local username, but the remote username
           // was not the right one for the remote address.
           LOG_J(LS_ERROR, this)
             << "Received STUN request with bad remote username "
             << remote_ufrag;
           port_->SendBindingErrorResponse(msg.get(), addr,
                                           STUN_ERROR_UNAUTHORIZED,
                                           STUN_ERROR_REASON_UNAUTHORIZED);
 
         }
         break;
 
       // Response from remote peer. Does it match request sent?
       // This doesn't just check, it makes callbacks if transaction
       // id's match.
       case STUN_BINDING_RESPONSE:
       case STUN_BINDING_ERROR_RESPONSE:
-        if (msg->ValidateMessageIntegrity(
+        if (port_->IsGoogleIce() ||
+            msg->ValidateMessageIntegrity(
                 data, size, remote_candidate().password())) {
           requests_.CheckResponse(msg.get());
         }
         // Otherwise silently discard the response message.
         break;
 
       // Remote end point sent an STUN indication instead of regular
       // binding request. In this case |last_ping_received_| will be updated.
       // Otherwise we can mark connection to read timeout. No response will be
       // sent in this scenario.
       case STUN_BINDING_INDICATION:
-        if (read_state_ == STATE_READABLE) {
+        if (port_->IsStandardIce() && read_state_ == STATE_READABLE) {
           ReceivedPing();
         } else {
           LOG_J(LS_WARNING, this) << "Received STUN binding indication "
                                   << "from an unreadable connection.";
         }
         break;
 
       default:
         ASSERT(false);
         break;
@@ skipping 47 matching lines @@
     PrintPingsSinceLastResponse(&pings, 5);
     LOG_J(LS_VERBOSE, this) << "UpdateState()"
                             << ", ms since last received response="
                             << now - last_ping_response_received_
                             << ", ms since last received data="
                             << now - last_data_received_
                             << ", rtt=" << rtt
                             << ", pings_since_last_response=" << pings;
   }
 
+  // Check the readable state.
+  //
+  // Since we don't know how many pings the other side has attempted, the best
+  // test we can do is a simple window.
+  // If other side has not sent ping after connection has become readable, use
+  // |last_data_received_| as the indication.
+  // If remote endpoint is doing RFC 5245, it's not required to send ping
+  // after connection is established. If this connection is serving a data
+  // channel, it may not be in a position to send media continuously. Do not
+  // mark connection timeout if it's in RFC5245 mode.
+  // Below check will be performed with end point if it's doing google-ice.
+  if (port_->IsGoogleIce() && (read_state_ == STATE_READABLE) &&
+      (last_ping_received_ + CONNECTION_READ_TIMEOUT <= now) &&
+      (last_data_received_ + CONNECTION_READ_TIMEOUT <= now)) {
+    LOG_J(LS_INFO, this) << "Unreadable after " << now - last_ping_received_
+                         << " ms without a ping,"
+                         << " ms since last received response="
+                         << now - last_ping_response_received_
+                         << " ms since last received data="
+                         << now - last_data_received_
+                         << " rtt=" << rtt;
+    set_read_state(STATE_READ_TIMEOUT);
+  }
+
   // Check the writable state.  (The order of these checks is important.)
   //
   // Before becoming unwritable, we allow for a fixed number of pings to fail
   // (i.e., receive no response).  We also have to give the response time to
   // get back, so we include a conservative estimate of this.
   //
   // Before timing out writability, we give a fixed amount of time.  This is to
   // allow for changes in network conditions.
 
   if ((write_state_ == STATE_WRITABLE) &&
@@ skipping 138 matching lines @@
     LOG_JV(sev, this) << "Received STUN ping response"
                       << ", id=" << rtc::hex_encode(request->id())
                       << ", code=0"  // Makes logging easier to parse.
                       << ", rtt=" << rtt
                       << ", use_candidate=" << use_candidate
                       << ", pings_since_last_response=" << pings;
   }
 
   rtt_ = (RTT_RATIO * rtt_ + rtt) / (RTT_RATIO + 1);
 
-  MaybeAddPrflxCandidate(request, response);
+  // Peer reflexive candidate is only for RFC 5245 ICE.
+  if (port_->IsStandardIce()) {
+    MaybeAddPrflxCandidate(request, response);
+  }
 }
 
 void Connection::OnConnectionRequestErrorResponse(ConnectionRequest* request,
                                                   StunMessage* response) {
   const StunErrorCodeAttribute* error_attr = response->GetErrorCode();
   int error_code = STUN_ERROR_GLOBAL_FAILURE;
   if (error_attr) {
-    error_code = error_attr->code();
+    if (port_->IsGoogleIce()) {
+      // When doing GICE, the error code is written out incorrectly, so we need
+      // to unmunge it here.
+      error_code = error_attr->eclass() * 256 + error_attr->number();
+    } else {
+      error_code = error_attr->code();
+    }
   }
 
   LOG_J(LS_INFO, this) << "Received STUN error response"
                        << " id=" << rtc::hex_encode(request->id())
                        << " code=" << error_code
                        << " rtt=" << request->Elapsed();
 
   if (error_code == STUN_ERROR_UNKNOWN_ATTRIBUTE ||
       error_code == STUN_ERROR_SERVER_ERROR ||
       error_code == STUN_ERROR_UNAUTHORIZED) {
@@ skipping 185 matching lines @@
     ASSERT(sent < 0);
     error_ = port_->GetError();
     sent_packets_discarded_++;
   } else {
     send_rate_tracker_.Update(sent);
   }
   return sent;
 }
 
 }  // namespace cricket