| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | |
| 3 * | |
| 4 * Use of this source code is governed by a BSD-style license | |
| 5 * that can be found in the LICENSE file in the root of the source | |
| 6 * tree. An additional intellectual property rights grant can be found | |
| 7 * in the file PATENTS. All contributing project authors may | |
| 8 * be found in the AUTHORS file in the root of the source tree. | |
| 9 */ | |
| 10 | |
| 11 #include <memory> | |
| 12 #include <utility> // for std::pair | |
| 13 | |
| 14 #include "webrtc/p2p/base/transport.h" | |
| 15 | |
| 16 #include "webrtc/p2p/base/candidate.h" | |
| 17 #include "webrtc/p2p/base/p2pconstants.h" | |
| 18 #include "webrtc/p2p/base/port.h" | |
| 19 #include "webrtc/p2p/base/transportchannelimpl.h" | |
| 20 #include "webrtc/base/bind.h" | |
| 21 #include "webrtc/base/checks.h" | |
| 22 #include "webrtc/base/logging.h" | |
| 23 | |
| 24 namespace cricket { | |
| 25 | |
| 26 static bool VerifyIceParams(const TransportDescription& desc) { | |
| 27 // For legacy protocols. | |
| 28 if (desc.ice_ufrag.empty() && desc.ice_pwd.empty()) | |
| 29 return true; | |
| 30 | |
| 31 if (desc.ice_ufrag.length() < ICE_UFRAG_MIN_LENGTH || | |
| 32 desc.ice_ufrag.length() > ICE_UFRAG_MAX_LENGTH) { | |
| 33 return false; | |
| 34 } | |
| 35 if (desc.ice_pwd.length() < ICE_PWD_MIN_LENGTH || | |
| 36 desc.ice_pwd.length() > ICE_PWD_MAX_LENGTH) { | |
| 37 return false; | |
| 38 } | |
| 39 return true; | |
| 40 } | |
| 41 | |
| 42 bool BadTransportDescription(const std::string& desc, std::string* err_desc) { | |
| 43 if (err_desc) { | |
| 44 *err_desc = desc; | |
| 45 } | |
| 46 LOG(LS_ERROR) << desc; | |
| 47 return false; | |
| 48 } | |
| 49 | |
| 50 bool IceCredentialsChanged(const std::string& old_ufrag, | |
| 51 const std::string& old_pwd, | |
| 52 const std::string& new_ufrag, | |
| 53 const std::string& new_pwd) { | |
| 54 // The standard (RFC 5245 Section 9.1.1.1) says that ICE restarts MUST change | |
| 55 // both the ufrag and password. However, section 9.2.1.1 says changing the | |
| 56 // ufrag OR password indicates an ICE restart. So, to keep compatibility with | |
| 57 // endpoints that only change one, we'll treat this as an ICE restart. | |
| 58 return (old_ufrag != new_ufrag) || (old_pwd != new_pwd); | |
| 59 } | |
| 60 | |
| 61 Transport::Transport(const std::string& name, PortAllocator* allocator) | |
| 62 : name_(name), allocator_(allocator) {} | |
| 63 | |
| 64 Transport::~Transport() { | |
| 65 RTC_DCHECK(channels_destroyed_); | |
| 66 } | |
| 67 | |
| 68 void Transport::SetIceRole(IceRole role) { | |
| 69 ice_role_ = role; | |
| 70 for (const auto& kv : channels_) { | |
| 71 kv.second->SetIceRole(ice_role_); | |
| 72 } | |
| 73 } | |
| 74 | |
| 75 std::unique_ptr<rtc::SSLCertificate> Transport::GetRemoteSSLCertificate() { | |
| 76 if (channels_.empty()) { | |
| 77 return nullptr; | |
| 78 } | |
| 79 | |
| 80 auto iter = channels_.begin(); | |
| 81 return iter->second->GetRemoteSSLCertificate(); | |
| 82 } | |
| 83 | |
| 84 void Transport::SetIceConfig(const IceConfig& config) { | |
| 85 ice_config_ = config; | |
| 86 for (const auto& kv : channels_) { | |
| 87 kv.second->SetIceConfig(ice_config_); | |
| 88 } | |
| 89 } | |
| 90 | |
| 91 bool Transport::SetLocalTransportDescription( | |
| 92 const TransportDescription& description, | |
| 93 ContentAction action, | |
| 94 std::string* error_desc) { | |
| 95 bool ret = true; | |
| 96 | |
| 97 if (!VerifyIceParams(description)) { | |
| 98 return BadTransportDescription("Invalid ice-ufrag or ice-pwd length", | |
| 99 error_desc); | |
| 100 } | |
| 101 | |
| 102 local_description_.reset(new TransportDescription(description)); | |
| 103 | |
| 104 for (const auto& kv : channels_) { | |
| 105 ret &= ApplyLocalTransportDescription(kv.second, error_desc); | |
| 106 } | |
| 107 if (!ret) { | |
| 108 return false; | |
| 109 } | |
| 110 | |
| 111 // If PRANSWER/ANSWER is set, we should decide transport protocol type. | |
| 112 if (action == CA_PRANSWER || action == CA_ANSWER) { | |
| 113 ret &= NegotiateTransportDescription(action, error_desc); | |
| 114 } | |
| 115 if (ret) { | |
| 116 local_description_set_ = true; | |
| 117 } | |
| 118 | |
| 119 return ret; | |
| 120 } | |
| 121 | |
| 122 bool Transport::SetRemoteTransportDescription( | |
| 123 const TransportDescription& description, | |
| 124 ContentAction action, | |
| 125 std::string* error_desc) { | |
| 126 bool ret = true; | |
| 127 | |
| 128 if (!VerifyIceParams(description)) { | |
| 129 return BadTransportDescription("Invalid ice-ufrag or ice-pwd length", | |
| 130 error_desc); | |
| 131 } | |
| 132 | |
| 133 remote_description_.reset(new TransportDescription(description)); | |
| 134 for (const auto& kv : channels_) { | |
| 135 ret &= ApplyRemoteTransportDescription(kv.second, error_desc); | |
| 136 } | |
| 137 | |
| 138 // If PRANSWER/ANSWER is set, we should decide transport protocol type. | |
| 139 if (action == CA_PRANSWER || action == CA_ANSWER) { | |
| 140 ret = NegotiateTransportDescription(CA_OFFER, error_desc); | |
| 141 } | |
| 142 if (ret) { | |
| 143 remote_description_set_ = true; | |
| 144 } | |
| 145 | |
| 146 return ret; | |
| 147 } | |
| 148 | |
| 149 TransportChannelImpl* Transport::CreateChannel(int component) { | |
| 150 TransportChannelImpl* channel; | |
| 151 | |
| 152 // Create the entry if it does not exist. | |
| 153 bool channel_exists = false; | |
| 154 auto iter = channels_.find(component); | |
| 155 if (iter == channels_.end()) { | |
| 156 channel = CreateTransportChannel(component); | |
| 157 channels_.insert(std::pair<int, TransportChannelImpl*>(component, channel)); | |
| 158 } else { | |
| 159 channel = iter->second; | |
| 160 channel_exists = true; | |
| 161 } | |
| 162 | |
| 163 channels_destroyed_ = false; | |
| 164 | |
| 165 if (channel_exists) { | |
| 166 // If this is an existing channel, we should just return it. | |
| 167 return channel; | |
| 168 } | |
| 169 | |
| 170 // Push down our transport state to the new channel. | |
| 171 channel->SetIceRole(ice_role_); | |
| 172 channel->SetIceTiebreaker(tiebreaker_); | |
| 173 channel->SetIceConfig(ice_config_); | |
| 174 // TODO(ronghuawu): Change CreateChannel to be able to return error since | |
| 175 // below Apply**Description calls can fail. | |
| 176 if (local_description_) | |
| 177 ApplyLocalTransportDescription(channel, nullptr); | |
| 178 if (remote_description_) | |
| 179 ApplyRemoteTransportDescription(channel, nullptr); | |
| 180 if (local_description_ && remote_description_) | |
| 181 ApplyNegotiatedTransportDescription(channel, nullptr); | |
| 182 | |
| 183 return channel; | |
| 184 } | |
| 185 | |
| 186 TransportChannelImpl* Transport::GetChannel(int component) { | |
| 187 auto iter = channels_.find(component); | |
| 188 return (iter != channels_.end()) ? iter->second : nullptr; | |
| 189 } | |
| 190 | |
| 191 bool Transport::HasChannels() { | |
| 192 return !channels_.empty(); | |
| 193 } | |
| 194 | |
| 195 void Transport::DestroyChannel(int component) { | |
| 196 auto iter = channels_.find(component); | |
| 197 if (iter == channels_.end()) | |
| 198 return; | |
| 199 | |
| 200 TransportChannelImpl* channel = iter->second; | |
| 201 channels_.erase(iter); | |
| 202 DestroyTransportChannel(channel); | |
| 203 } | |
| 204 | |
| 205 void Transport::MaybeStartGathering() { | |
| 206 CallChannels(&TransportChannelImpl::MaybeStartGathering); | |
| 207 } | |
| 208 | |
| 209 void Transport::DestroyAllChannels() { | |
| 210 for (const auto& kv : channels_) { | |
| 211 DestroyTransportChannel(kv.second); | |
| 212 } | |
| 213 channels_.clear(); | |
| 214 channels_destroyed_ = true; | |
| 215 } | |
| 216 | |
| 217 void Transport::CallChannels(TransportChannelFunc func) { | |
| 218 for (const auto& kv : channels_) { | |
| 219 (kv.second->*func)(); | |
| 220 } | |
| 221 } | |
| 222 | |
| 223 bool Transport::VerifyCandidate(const Candidate& cand, std::string* error) { | |
| 224 // No address zero. | |
| 225 if (cand.address().IsNil() || cand.address().IsAnyIP()) { | |
| 226 *error = "candidate has address of zero"; | |
| 227 return false; | |
| 228 } | |
| 229 | |
| 230 // Disallow all ports below 1024, except for 80 and 443 on public addresses. | |
| 231 int port = cand.address().port(); | |
| 232 if (cand.protocol() == TCP_PROTOCOL_NAME && | |
| 233 (cand.tcptype() == TCPTYPE_ACTIVE_STR || port == 0)) { | |
| 234 // Expected for active-only candidates per | |
| 235 // http://tools.ietf.org/html/rfc6544#section-4.5 so no error. | |
| 236 // Libjingle clients emit port 0, in "active" mode. | |
| 237 return true; | |
| 238 } | |
| 239 if (port < 1024) { | |
| 240 if ((port != 80) && (port != 443)) { | |
| 241 *error = "candidate has port below 1024, but not 80 or 443"; | |
| 242 return false; | |
| 243 } | |
| 244 | |
| 245 if (cand.address().IsPrivateIP()) { | |
| 246 *error = "candidate has port of 80 or 443 with private IP address"; | |
| 247 return false; | |
| 248 } | |
| 249 } | |
| 250 | |
| 251 if (!HasChannel(cand.component())) { | |
| 252 *error = "Candidate has an unknown component: " + cand.ToString() + | |
| 253 " for content: " + name(); | |
| 254 return false; | |
| 255 } | |
| 256 | |
| 257 return true; | |
| 258 } | |
| 259 | |
| 260 bool Transport::VerifyCandidates(const Candidates& candidates, | |
| 261 std::string* error) { | |
| 262 for (const Candidate& candidate : candidates) { | |
| 263 if (!VerifyCandidate(candidate, error)) { | |
| 264 return false; | |
| 265 } | |
| 266 } | |
| 267 return true; | |
| 268 } | |
| 269 | |
| 270 | |
| 271 bool Transport::GetStats(TransportStats* stats) { | |
| 272 stats->transport_name = name(); | |
| 273 stats->channel_stats.clear(); | |
| 274 for (auto kv : channels_) { | |
| 275 TransportChannelImpl* channel = kv.second; | |
| 276 TransportChannelStats substats; | |
| 277 substats.component = channel->component(); | |
| 278 channel->GetSrtpCryptoSuite(&substats.srtp_crypto_suite); | |
| 279 channel->GetSslCipherSuite(&substats.ssl_cipher_suite); | |
| 280 if (!channel->GetStats(&substats.connection_infos)) { | |
| 281 return false; | |
| 282 } | |
| 283 stats->channel_stats.push_back(substats); | |
| 284 } | |
| 285 return true; | |
| 286 } | |
| 287 | |
| 288 bool Transport::AddRemoteCandidates(const std::vector<Candidate>& candidates, | |
| 289 std::string* error) { | |
| 290 ASSERT(!channels_destroyed_); | |
| 291 // Verify each candidate before passing down to the transport layer. | |
| 292 if (!VerifyCandidates(candidates, error)) { | |
| 293 return false; | |
| 294 } | |
| 295 | |
| 296 for (const Candidate& candidate : candidates) { | |
| 297 TransportChannelImpl* channel = GetChannel(candidate.component()); | |
| 298 if (channel != nullptr) { | |
| 299 channel->AddRemoteCandidate(candidate); | |
| 300 } | |
| 301 } | |
| 302 return true; | |
| 303 } | |
| 304 | |
| 305 bool Transport::RemoveRemoteCandidates(const std::vector<Candidate>& candidates, | |
| 306 std::string* error) { | |
| 307 ASSERT(!channels_destroyed_); | |
| 308 // Verify each candidate before passing down to the transport layer. | |
| 309 if (!VerifyCandidates(candidates, error)) { | |
| 310 return false; | |
| 311 } | |
| 312 | |
| 313 for (const Candidate& candidate : candidates) { | |
| 314 TransportChannelImpl* channel = GetChannel(candidate.component()); | |
| 315 if (channel != nullptr) { | |
| 316 channel->RemoveRemoteCandidate(candidate); | |
| 317 } | |
| 318 } | |
| 319 return true; | |
| 320 } | |
| 321 | |
| 322 bool Transport::ApplyLocalTransportDescription(TransportChannelImpl* ch, | |
| 323 std::string* error_desc) { | |
| 324 ch->SetIceParameters(local_description_->GetIceParameters()); | |
| 325 return true; | |
| 326 } | |
| 327 | |
| 328 bool Transport::ApplyRemoteTransportDescription(TransportChannelImpl* ch, | |
| 329 std::string* error_desc) { | |
| 330 ch->SetRemoteIceParameters(remote_description_->GetIceParameters()); | |
| 331 return true; | |
| 332 } | |
| 333 | |
| 334 bool Transport::ApplyNegotiatedTransportDescription( | |
| 335 TransportChannelImpl* channel, | |
| 336 std::string* error_desc) { | |
| 337 channel->SetRemoteIceMode(remote_ice_mode_); | |
| 338 return true; | |
| 339 } | |
| 340 | |
| 341 bool Transport::NegotiateTransportDescription(ContentAction local_role, | |
| 342 std::string* error_desc) { | |
| 343 // TODO(ekr@rtfm.com): This is ICE-specific stuff. Refactor into | |
| 344 // P2PTransport. | |
| 345 | |
| 346 // If transport is in ICEROLE_CONTROLLED and remote end point supports only | |
| 347 // ice_lite, this local end point should take CONTROLLING role. | |
| 348 if (ice_role_ == ICEROLE_CONTROLLED && | |
| 349 remote_description_->ice_mode == ICEMODE_LITE) { | |
| 350 SetIceRole(ICEROLE_CONTROLLING); | |
| 351 } | |
| 352 | |
| 353 // Update remote ice_mode to all existing channels. | |
| 354 remote_ice_mode_ = remote_description_->ice_mode; | |
| 355 | |
| 356 // Now that we have negotiated everything, push it downward. | |
| 357 // Note that we cache the result so that if we have race conditions | |
| 358 // between future SetRemote/SetLocal invocations and new channel | |
| 359 // creation, we have the negotiation state saved until a new | |
| 360 // negotiation happens. | |
| 361 for (const auto& kv : channels_) { | |
| 362 if (!ApplyNegotiatedTransportDescription(kv.second, error_desc)) { | |
| 363 return false; | |
| 364 } | |
| 365 } | |
| 366 return true; | |
| 367 } | |
| 368 | |
| 369 bool Transport::VerifyCertificateFingerprint( | |
| 370 const rtc::RTCCertificate* certificate, | |
| 371 const rtc::SSLFingerprint* fingerprint, | |
| 372 std::string* error_desc) const { | |
| 373 if (!fingerprint) { | |
| 374 return BadTransportDescription("No fingerprint.", error_desc); | |
| 375 } | |
| 376 if (!certificate) { | |
| 377 return BadTransportDescription( | |
| 378 "Fingerprint provided but no identity available.", error_desc); | |
| 379 } | |
| 380 std::unique_ptr<rtc::SSLFingerprint> fp_tmp(rtc::SSLFingerprint::Create( | |
| 381 fingerprint->algorithm, certificate->identity())); | |
| 382 ASSERT(fp_tmp.get() != NULL); | |
| 383 if (*fp_tmp == *fingerprint) { | |
| 384 return true; | |
| 385 } | |
| 386 std::ostringstream desc; | |
| 387 desc << "Local fingerprint does not match identity. Expected: "; | |
| 388 desc << fp_tmp->ToString(); | |
| 389 desc << " Got: " << fingerprint->ToString(); | |
| 390 return BadTransportDescription(desc.str(), error_desc); | |
| 391 } | |
| 392 | |
| 393 bool Transport::NegotiateRole(ContentAction local_role, | |
| 394 rtc::SSLRole* ssl_role, | |
| 395 std::string* error_desc) const { | |
| 396 RTC_DCHECK(ssl_role); | |
| 397 if (!local_description() || !remote_description()) { | |
| 398 const std::string msg = | |
| 399 "Local and Remote description must be set before " | |
| 400 "transport descriptions are negotiated"; | |
| 401 return BadTransportDescription(msg, error_desc); | |
| 402 } | |
| 403 | |
| 404 // From RFC 4145, section-4.1, The following are the values that the | |
| 405 // 'setup' attribute can take in an offer/answer exchange: | |
| 406 // Offer Answer | |
| 407 // ________________ | |
| 408 // active passive / holdconn | |
| 409 // passive active / holdconn | |
| 410 // actpass active / passive / holdconn | |
| 411 // holdconn holdconn | |
| 412 // | |
| 413 // Set the role that is most conformant with RFC 5763, Section 5, bullet 1 | |
| 414 // The endpoint MUST use the setup attribute defined in [RFC4145]. | |
| 415 // The endpoint that is the offerer MUST use the setup attribute | |
| 416 // value of setup:actpass and be prepared to receive a client_hello | |
| 417 // before it receives the answer. The answerer MUST use either a | |
| 418 // setup attribute value of setup:active or setup:passive. Note that | |
| 419 // if the answerer uses setup:passive, then the DTLS handshake will | |
| 420 // not begin until the answerer is received, which adds additional | |
| 421 // latency. setup:active allows the answer and the DTLS handshake to | |
| 422 // occur in parallel. Thus, setup:active is RECOMMENDED. Whichever | |
| 423 // party is active MUST initiate a DTLS handshake by sending a | |
| 424 // ClientHello over each flow (host/port quartet). | |
| 425 // IOW - actpass and passive modes should be treated as server and | |
| 426 // active as client. | |
| 427 ConnectionRole local_connection_role = local_description()->connection_role; | |
| 428 ConnectionRole remote_connection_role = remote_description()->connection_role; | |
| 429 | |
| 430 bool is_remote_server = false; | |
| 431 if (local_role == CA_OFFER) { | |
| 432 if (local_connection_role != CONNECTIONROLE_ACTPASS) { | |
| 433 return BadTransportDescription( | |
| 434 "Offerer must use actpass value for setup attribute.", error_desc); | |
| 435 } | |
| 436 | |
| 437 if (remote_connection_role == CONNECTIONROLE_ACTIVE || | |
| 438 remote_connection_role == CONNECTIONROLE_PASSIVE || | |
| 439 remote_connection_role == CONNECTIONROLE_NONE) { | |
| 440 is_remote_server = (remote_connection_role == CONNECTIONROLE_PASSIVE); | |
| 441 } else { | |
| 442 const std::string msg = | |
| 443 "Answerer must use either active or passive value " | |
| 444 "for setup attribute."; | |
| 445 return BadTransportDescription(msg, error_desc); | |
| 446 } | |
| 447 // If remote is NONE or ACTIVE it will act as client. | |
| 448 } else { | |
| 449 if (remote_connection_role != CONNECTIONROLE_ACTPASS && | |
| 450 remote_connection_role != CONNECTIONROLE_NONE) { | |
| 451 return BadTransportDescription( | |
| 452 "Offerer must use actpass value for setup attribute.", error_desc); | |
| 453 } | |
| 454 | |
| 455 if (local_connection_role == CONNECTIONROLE_ACTIVE || | |
| 456 local_connection_role == CONNECTIONROLE_PASSIVE) { | |
| 457 is_remote_server = (local_connection_role == CONNECTIONROLE_ACTIVE); | |
| 458 } else { | |
| 459 const std::string msg = | |
| 460 "Answerer must use either active or passive value " | |
| 461 "for setup attribute."; | |
| 462 return BadTransportDescription(msg, error_desc); | |
| 463 } | |
| 464 | |
| 465 // If local is passive, local will act as server. | |
| 466 } | |
| 467 | |
| 468 *ssl_role = is_remote_server ? rtc::SSL_CLIENT : rtc::SSL_SERVER; | |
| 469 return true; | |
| 470 } | |
| 471 | |
| 472 } // namespace cricket | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2517883002:
Refactoring that removes P2PTransport and DtlsTransport classes. (Closed)
