OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 #if defined(WEBRTC_POSIX) | 10 #if defined(WEBRTC_POSIX) |
(...skipping 11 matching lines...) Expand all Loading... |
22 #include "webrtc/p2p/base/udpport.h" | 22 #include "webrtc/p2p/base/udpport.h" |
23 #include "webrtc/base/asynctcpsocket.h" | 23 #include "webrtc/base/asynctcpsocket.h" |
24 #include "webrtc/base/buffer.h" | 24 #include "webrtc/base/buffer.h" |
25 #include "webrtc/base/dscp.h" | 25 #include "webrtc/base/dscp.h" |
26 #include "webrtc/base/fakeclock.h" | 26 #include "webrtc/base/fakeclock.h" |
27 #include "webrtc/base/firewallsocketserver.h" | 27 #include "webrtc/base/firewallsocketserver.h" |
28 #include "webrtc/base/gunit.h" | 28 #include "webrtc/base/gunit.h" |
29 #include "webrtc/base/helpers.h" | 29 #include "webrtc/base/helpers.h" |
30 #include "webrtc/base/logging.h" | 30 #include "webrtc/base/logging.h" |
31 #include "webrtc/base/physicalsocketserver.h" | 31 #include "webrtc/base/physicalsocketserver.h" |
| 32 #include "webrtc/base/socketadapters.h" |
32 #include "webrtc/base/socketaddress.h" | 33 #include "webrtc/base/socketaddress.h" |
33 #include "webrtc/base/ssladapter.h" | 34 #include "webrtc/base/ssladapter.h" |
34 #include "webrtc/base/thread.h" | 35 #include "webrtc/base/thread.h" |
35 #include "webrtc/base/virtualsocketserver.h" | 36 #include "webrtc/base/virtualsocketserver.h" |
36 | 37 |
37 using rtc::SocketAddress; | 38 using rtc::SocketAddress; |
38 | 39 |
39 static const SocketAddress kLocalAddr1("11.11.11.11", 0); | 40 static const SocketAddress kLocalAddr1("11.11.11.11", 0); |
40 static const SocketAddress kLocalAddr2("22.22.22.22", 0); | 41 static const SocketAddress kLocalAddr2("22.22.22.22", 0); |
41 static const SocketAddress kLocalIPv6Addr( | 42 static const SocketAddress kLocalIPv6Addr( |
(...skipping 392 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
434 | 435 |
435 turn_port_->PrepareAddress(); | 436 turn_port_->PrepareAddress(); |
436 // Extra round trip due to "use alternate server" error response. | 437 // Extra round trip due to "use alternate server" error response. |
437 EXPECT_TRUE_SIMULATED_WAIT( | 438 EXPECT_TRUE_SIMULATED_WAIT( |
438 turn_error_, | 439 turn_error_, |
439 (protocol_type == PROTO_TCP ? kSimulatedRtt * 4 : kSimulatedRtt * 3), | 440 (protocol_type == PROTO_TCP ? kSimulatedRtt * 4 : kSimulatedRtt * 3), |
440 fake_clock_); | 441 fake_clock_); |
441 ASSERT_EQ(0U, turn_port_->Candidates().size()); | 442 ASSERT_EQ(0U, turn_port_->Candidates().size()); |
442 } | 443 } |
443 | 444 |
| 445 // A certain security exploit works by redirecting to a loopback address, |
| 446 // which doesn't ever actually make sense. So redirects to loopback should |
| 447 // be treated as errors. |
| 448 // See: https://bugs.chromium.org/p/chromium/issues/detail?id=649118 |
| 449 void TestTurnAlternateServerLoopback(ProtocolType protocol_type, bool ipv6) { |
| 450 const SocketAddress& local_address = ipv6 ? kLocalIPv6Addr : kLocalAddr1; |
| 451 const SocketAddress& server_address = |
| 452 ipv6 ? kTurnIPv6IntAddr : kTurnIntAddr; |
| 453 |
| 454 std::vector<rtc::SocketAddress> redirect_addresses; |
| 455 SocketAddress loopback_address(ipv6 ? "::1" : "127.0.0.1", |
| 456 TURN_SERVER_PORT); |
| 457 redirect_addresses.push_back(loopback_address); |
| 458 |
| 459 // Make a socket and bind it to the local port, to make extra sure no |
| 460 // packet is sent to this address. |
| 461 std::unique_ptr<rtc::Socket> loopback_socket(ss_->CreateSocket( |
| 462 protocol_type == PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM)); |
| 463 ASSERT_NE(nullptr, loopback_socket.get()); |
| 464 ASSERT_EQ(0, loopback_socket->Bind(loopback_address)); |
| 465 if (protocol_type == PROTO_TCP) { |
| 466 ASSERT_EQ(0, loopback_socket->Listen(1)); |
| 467 } |
| 468 |
| 469 TestTurnRedirector redirector(redirect_addresses); |
| 470 |
| 471 turn_server_.AddInternalSocket(server_address, protocol_type); |
| 472 turn_server_.set_redirect_hook(&redirector); |
| 473 CreateTurnPort(local_address, kTurnUsername, kTurnPassword, |
| 474 ProtocolAddress(server_address, protocol_type)); |
| 475 |
| 476 turn_port_->PrepareAddress(); |
| 477 EXPECT_TRUE_SIMULATED_WAIT( |
| 478 turn_error_, |
| 479 (protocol_type == PROTO_TCP ? kSimulatedRtt * 3 : kSimulatedRtt * 2), |
| 480 fake_clock_); |
| 481 |
| 482 // Wait for some extra time, and make sure no packets were received on the |
| 483 // loopback port we created (or in the case of TCP, no connection attempt |
| 484 // occurred). |
| 485 SIMULATED_WAIT(false, kSimulatedRtt, fake_clock_); |
| 486 if (protocol_type == PROTO_UDP) { |
| 487 char buf[1]; |
| 488 EXPECT_EQ(-1, loopback_socket->Recv(&buf, 1, nullptr)); |
| 489 } else { |
| 490 std::unique_ptr<rtc::Socket> accepted_socket( |
| 491 loopback_socket->Accept(nullptr)); |
| 492 EXPECT_EQ(nullptr, accepted_socket.get()); |
| 493 } |
| 494 } |
| 495 |
444 void TestTurnConnection(ProtocolType protocol_type) { | 496 void TestTurnConnection(ProtocolType protocol_type) { |
445 // Create ports and prepare addresses. | 497 // Create ports and prepare addresses. |
446 PrepareTurnAndUdpPorts(protocol_type); | 498 PrepareTurnAndUdpPorts(protocol_type); |
447 | 499 |
448 // Send ping from UDP to TURN. | 500 // Send ping from UDP to TURN. |
449 Connection* conn1 = udp_port_->CreateConnection( | 501 Connection* conn1 = udp_port_->CreateConnection( |
450 turn_port_->Candidates()[0], Port::ORIGIN_MESSAGE); | 502 turn_port_->Candidates()[0], Port::ORIGIN_MESSAGE); |
451 ASSERT_TRUE(conn1 != NULL); | 503 ASSERT_TRUE(conn1 != NULL); |
452 conn1->Ping(0); | 504 conn1->Ping(0); |
453 SIMULATED_WAIT(!turn_unknown_address_, kSimulatedRtt * 2, fake_clock_); | 505 SIMULATED_WAIT(!turn_unknown_address_, kSimulatedRtt * 2, fake_clock_); |
(...skipping 456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
910 | 962 |
911 // Test try-alternate-server catch the case of repeated server. | 963 // Test try-alternate-server catch the case of repeated server. |
912 TEST_F(TurnPortTest, TestTurnAlternateServerDetectRepetitionUDP) { | 964 TEST_F(TurnPortTest, TestTurnAlternateServerDetectRepetitionUDP) { |
913 TestTurnAlternateServerDetectRepetition(PROTO_UDP); | 965 TestTurnAlternateServerDetectRepetition(PROTO_UDP); |
914 } | 966 } |
915 | 967 |
916 TEST_F(TurnPortTest, TestTurnAlternateServerDetectRepetitionTCP) { | 968 TEST_F(TurnPortTest, TestTurnAlternateServerDetectRepetitionTCP) { |
917 TestTurnAlternateServerDetectRepetition(PROTO_TCP); | 969 TestTurnAlternateServerDetectRepetition(PROTO_TCP); |
918 } | 970 } |
919 | 971 |
| 972 // Test catching the case of a redirect to loopback. |
| 973 TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackUdpIpv4) { |
| 974 TestTurnAlternateServerLoopback(PROTO_UDP, false); |
| 975 } |
| 976 |
| 977 TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackUdpIpv6) { |
| 978 TestTurnAlternateServerLoopback(PROTO_UDP, true); |
| 979 } |
| 980 |
| 981 TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackTcpIpv4) { |
| 982 TestTurnAlternateServerLoopback(PROTO_TCP, false); |
| 983 } |
| 984 |
| 985 TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackTcpIpv6) { |
| 986 TestTurnAlternateServerLoopback(PROTO_TCP, true); |
| 987 } |
| 988 |
920 // Do a TURN allocation and try to send a packet to it from the outside. | 989 // Do a TURN allocation and try to send a packet to it from the outside. |
921 // The packet should be dropped. Then, try to send a packet from TURN to the | 990 // The packet should be dropped. Then, try to send a packet from TURN to the |
922 // outside. It should reach its destination. Finally, try again from the | 991 // outside. It should reach its destination. Finally, try again from the |
923 // outside. It should now work as well. | 992 // outside. It should now work as well. |
924 TEST_F(TurnPortTest, TestTurnConnection) { | 993 TEST_F(TurnPortTest, TestTurnConnection) { |
925 CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr); | 994 CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr); |
926 TestTurnConnection(PROTO_UDP); | 995 TestTurnConnection(PROTO_UDP); |
927 } | 996 } |
928 | 997 |
929 // Similar to above, except that this test will use the shared socket. | 998 // Similar to above, except that this test will use the shared socket. |
(...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1184 EXPECT_TRUE(turn_port_->Candidates().empty()); | 1253 EXPECT_TRUE(turn_port_->Candidates().empty()); |
1185 turn_port_.reset(); | 1254 turn_port_.reset(); |
1186 rtc::Thread::Current()->Post(RTC_FROM_HERE, this, MSG_TESTFINISH); | 1255 rtc::Thread::Current()->Post(RTC_FROM_HERE, this, MSG_TESTFINISH); |
1187 // Waiting for above message to be processed. | 1256 // Waiting for above message to be processed. |
1188 ASSERT_TRUE_SIMULATED_WAIT(test_finish_, 1, fake_clock_); | 1257 ASSERT_TRUE_SIMULATED_WAIT(test_finish_, 1, fake_clock_); |
1189 EXPECT_EQ(last_fd_count, GetFDCount()); | 1258 EXPECT_EQ(last_fd_count, GetFDCount()); |
1190 } | 1259 } |
1191 #endif | 1260 #endif |
1192 | 1261 |
1193 } // namespace cricket | 1262 } // namespace cricket |
OLD | NEW |