OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
43 return false; | 43 return false; |
44 } | 44 } |
45 const uint8_t* u = reinterpret_cast<const uint8_t*>(data); | 45 const uint8_t* u = reinterpret_cast<const uint8_t*>(data); |
46 return len > 17 && u[0] == 22 && u[13] == 1; | 46 return len > 17 && u[0] == 22 && u[13] == 1; |
47 } | 47 } |
48 static bool IsRtpPacket(const char* data, size_t len) { | 48 static bool IsRtpPacket(const char* data, size_t len) { |
49 const uint8_t* u = reinterpret_cast<const uint8_t*>(data); | 49 const uint8_t* u = reinterpret_cast<const uint8_t*>(data); |
50 return (len >= kMinRtpPacketLen && (u[0] & 0xC0) == 0x80); | 50 return (len >= kMinRtpPacketLen && (u[0] & 0xC0) == 0x80); |
51 } | 51 } |
52 | 52 |
53 StreamInterfaceChannel::StreamInterfaceChannel(IceTransportInternal* channel) | 53 StreamInterfaceChannel::StreamInterfaceChannel( |
54 : channel_(channel), | 54 IceTransportInternal* ice_transport) |
| 55 : ice_transport_(ice_transport), |
55 state_(rtc::SS_OPEN), | 56 state_(rtc::SS_OPEN), |
56 packets_(kMaxPendingPackets, kMaxDtlsPacketLen) {} | 57 packets_(kMaxPendingPackets, kMaxDtlsPacketLen) {} |
57 | 58 |
58 rtc::StreamResult StreamInterfaceChannel::Read(void* buffer, | 59 rtc::StreamResult StreamInterfaceChannel::Read(void* buffer, |
59 size_t buffer_len, | 60 size_t buffer_len, |
60 size_t* read, | 61 size_t* read, |
61 int* error) { | 62 int* error) { |
62 if (state_ == rtc::SS_CLOSED) | 63 if (state_ == rtc::SS_CLOSED) |
63 return rtc::SR_EOS; | 64 return rtc::SR_EOS; |
64 if (state_ == rtc::SS_OPENING) | 65 if (state_ == rtc::SS_OPENING) |
65 return rtc::SR_BLOCK; | 66 return rtc::SR_BLOCK; |
66 | 67 |
67 if (!packets_.ReadFront(buffer, buffer_len, read)) { | 68 if (!packets_.ReadFront(buffer, buffer_len, read)) { |
68 return rtc::SR_BLOCK; | 69 return rtc::SR_BLOCK; |
69 } | 70 } |
70 | 71 |
71 return rtc::SR_SUCCESS; | 72 return rtc::SR_SUCCESS; |
72 } | 73 } |
73 | 74 |
74 rtc::StreamResult StreamInterfaceChannel::Write(const void* data, | 75 rtc::StreamResult StreamInterfaceChannel::Write(const void* data, |
75 size_t data_len, | 76 size_t data_len, |
76 size_t* written, | 77 size_t* written, |
77 int* error) { | 78 int* error) { |
78 // Always succeeds, since this is an unreliable transport anyway. | 79 // Always succeeds, since this is an unreliable transport anyway. |
79 // TODO: Should this block if channel_'s temporarily unwritable? | 80 // TODO(zhihuang): Should this block if ice_transport_'s temporarily |
| 81 // unwritable? |
80 rtc::PacketOptions packet_options; | 82 rtc::PacketOptions packet_options; |
81 channel_->SendPacket(static_cast<const char*>(data), data_len, | 83 ice_transport_->SendPacket(static_cast<const char*>(data), data_len, |
82 packet_options); | 84 packet_options); |
83 if (written) { | 85 if (written) { |
84 *written = data_len; | 86 *written = data_len; |
85 } | 87 } |
86 return rtc::SR_SUCCESS; | 88 return rtc::SR_SUCCESS; |
87 } | 89 } |
88 | 90 |
89 bool StreamInterfaceChannel::OnPacketReceived(const char* data, size_t size) { | 91 bool StreamInterfaceChannel::OnPacketReceived(const char* data, size_t size) { |
90 // We force a read event here to ensure that we don't overflow our queue. | 92 // We force a read event here to ensure that we don't overflow our queue. |
91 bool ret = packets_.WriteBack(data, size, NULL); | 93 bool ret = packets_.WriteBack(data, size, NULL); |
92 RTC_CHECK(ret) << "Failed to write packet to queue."; | 94 RTC_CHECK(ret) << "Failed to write packet to queue."; |
93 if (ret) { | 95 if (ret) { |
94 SignalEvent(this, rtc::SE_READ, 0); | 96 SignalEvent(this, rtc::SE_READ, 0); |
95 } | 97 } |
96 return ret; | 98 return ret; |
97 } | 99 } |
98 | 100 |
99 void StreamInterfaceChannel::Close() { | 101 void StreamInterfaceChannel::Close() { |
100 packets_.Clear(); | 102 packets_.Clear(); |
101 state_ = rtc::SS_CLOSED; | 103 state_ = rtc::SS_CLOSED; |
102 } | 104 } |
103 | 105 |
104 DtlsTransportChannelWrapper::DtlsTransportChannelWrapper( | 106 DtlsTransport::DtlsTransport(IceTransportInternal* ice_transport) |
105 IceTransportInternal* channel) | 107 : transport_name_(ice_transport->transport_name()), |
106 : TransportChannelImpl(channel->transport_name(), channel->component()), | 108 component_(ice_transport->component()), |
107 network_thread_(rtc::Thread::Current()), | 109 network_thread_(rtc::Thread::Current()), |
108 channel_(channel), | 110 ice_transport_(ice_transport), |
109 downward_(NULL), | 111 downward_(NULL), |
110 ssl_role_(rtc::SSL_CLIENT), | 112 ssl_role_(rtc::SSL_CLIENT), |
111 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_12) { | 113 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_12) { |
112 channel_->SignalWritableState.connect(this, | 114 ice_transport_->SignalWritableState.connect(this, |
113 &DtlsTransportChannelWrapper::OnWritableState); | 115 &DtlsTransport::OnWritableState); |
114 channel_->SignalReadPacket.connect(this, | 116 ice_transport_->SignalReadPacket.connect(this, &DtlsTransport::OnReadPacket); |
115 &DtlsTransportChannelWrapper::OnReadPacket); | 117 ice_transport_->SignalSentPacket.connect(this, &DtlsTransport::OnSentPacket); |
116 channel_->SignalSentPacket.connect( | 118 ice_transport_->SignalReadyToSend.connect(this, |
117 this, &DtlsTransportChannelWrapper::OnSentPacket); | 119 &DtlsTransport::OnReadyToSend); |
118 channel_->SignalReadyToSend.connect(this, | 120 ice_transport_->SignalReceivingState.connect( |
119 &DtlsTransportChannelWrapper::OnReadyToSend); | 121 this, &DtlsTransport::OnReceivingState); |
120 channel_->SignalGatheringState.connect( | |
121 this, &DtlsTransportChannelWrapper::OnGatheringState); | |
122 channel_->SignalCandidateGathered.connect( | |
123 this, &DtlsTransportChannelWrapper::OnCandidateGathered); | |
124 channel_->SignalCandidatesRemoved.connect( | |
125 this, &DtlsTransportChannelWrapper::OnCandidatesRemoved); | |
126 channel_->SignalRoleConflict.connect(this, | |
127 &DtlsTransportChannelWrapper::OnRoleConflict); | |
128 channel_->SignalRouteChange.connect(this, | |
129 &DtlsTransportChannelWrapper::OnRouteChange); | |
130 channel_->SignalSelectedCandidatePairChanged.connect( | |
131 this, &DtlsTransportChannelWrapper::OnSelectedCandidatePairChanged); | |
132 channel_->SignalStateChanged.connect( | |
133 this, &DtlsTransportChannelWrapper::OnChannelStateChanged); | |
134 channel_->SignalReceivingState.connect(this, | |
135 &DtlsTransportChannelWrapper::OnReceivingState); | |
136 } | 122 } |
137 | 123 |
138 DtlsTransportChannelWrapper::~DtlsTransportChannelWrapper() { | 124 DtlsTransport::~DtlsTransport() {} |
139 } | |
140 | 125 |
141 bool DtlsTransportChannelWrapper::SetLocalCertificate( | 126 bool DtlsTransport::SetLocalCertificate( |
142 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) { | 127 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) { |
143 if (dtls_active_) { | 128 if (dtls_active_) { |
144 if (certificate == local_certificate_) { | 129 if (certificate == local_certificate_) { |
145 // This may happen during renegotiation. | 130 // This may happen during renegotiation. |
146 LOG_J(LS_INFO, this) << "Ignoring identical DTLS identity"; | 131 LOG_J(LS_INFO, this) << "Ignoring identical DTLS identity"; |
147 return true; | 132 return true; |
148 } else { | 133 } else { |
149 LOG_J(LS_ERROR, this) << "Can't change DTLS local identity in this state"; | 134 LOG_J(LS_ERROR, this) << "Can't change DTLS local identity in this state"; |
150 return false; | 135 return false; |
151 } | 136 } |
152 } | 137 } |
153 | 138 |
154 if (certificate) { | 139 if (certificate) { |
155 local_certificate_ = certificate; | 140 local_certificate_ = certificate; |
156 dtls_active_ = true; | 141 dtls_active_ = true; |
157 } else { | 142 } else { |
158 LOG_J(LS_INFO, this) << "NULL DTLS identity supplied. Not doing DTLS"; | 143 LOG_J(LS_INFO, this) << "NULL DTLS identity supplied. Not doing DTLS"; |
159 } | 144 } |
160 | 145 |
161 return true; | 146 return true; |
162 } | 147 } |
163 | 148 |
164 rtc::scoped_refptr<rtc::RTCCertificate> | 149 rtc::scoped_refptr<rtc::RTCCertificate> DtlsTransport::GetLocalCertificate() |
165 DtlsTransportChannelWrapper::GetLocalCertificate() const { | 150 const { |
166 return local_certificate_; | 151 return local_certificate_; |
167 } | 152 } |
168 | 153 |
169 bool DtlsTransportChannelWrapper::SetSslMaxProtocolVersion( | 154 bool DtlsTransport::SetSslMaxProtocolVersion(rtc::SSLProtocolVersion version) { |
170 rtc::SSLProtocolVersion version) { | |
171 if (dtls_active_) { | 155 if (dtls_active_) { |
172 LOG(LS_ERROR) << "Not changing max. protocol version " | 156 LOG(LS_ERROR) << "Not changing max. protocol version " |
173 << "while DTLS is negotiating"; | 157 << "while DTLS is negotiating"; |
174 return false; | 158 return false; |
175 } | 159 } |
176 | 160 |
177 ssl_max_version_ = version; | 161 ssl_max_version_ = version; |
178 return true; | 162 return true; |
179 } | 163 } |
180 | 164 |
181 bool DtlsTransportChannelWrapper::SetSslRole(rtc::SSLRole role) { | 165 bool DtlsTransport::SetSslRole(rtc::SSLRole role) { |
182 if (dtls_) { | 166 if (dtls_) { |
183 if (ssl_role_ != role) { | 167 if (ssl_role_ != role) { |
184 LOG(LS_ERROR) << "SSL Role can't be reversed after the session is setup."; | 168 LOG(LS_ERROR) << "SSL Role can't be reversed after the session is setup."; |
185 return false; | 169 return false; |
186 } | 170 } |
187 return true; | 171 return true; |
188 } | 172 } |
189 | 173 |
190 ssl_role_ = role; | 174 ssl_role_ = role; |
191 return true; | 175 return true; |
192 } | 176 } |
193 | 177 |
194 bool DtlsTransportChannelWrapper::GetSslRole(rtc::SSLRole* role) const { | 178 bool DtlsTransport::GetSslRole(rtc::SSLRole* role) const { |
195 *role = ssl_role_; | 179 *role = ssl_role_; |
196 return true; | 180 return true; |
197 } | 181 } |
198 | 182 |
199 bool DtlsTransportChannelWrapper::GetSslCipherSuite(int* cipher) { | 183 bool DtlsTransport::GetSslCipherSuite(int* cipher) { |
200 if (dtls_state() != DTLS_TRANSPORT_CONNECTED) { | 184 if (dtls_state() != DTLS_TRANSPORT_CONNECTED) { |
201 return false; | 185 return false; |
202 } | 186 } |
203 | 187 |
204 return dtls_->GetSslCipherSuite(cipher); | 188 return dtls_->GetSslCipherSuite(cipher); |
205 } | 189 } |
206 | 190 |
207 bool DtlsTransportChannelWrapper::SetRemoteFingerprint( | 191 bool DtlsTransport::SetRemoteFingerprint(const std::string& digest_alg, |
208 const std::string& digest_alg, | 192 const uint8_t* digest, |
209 const uint8_t* digest, | 193 size_t digest_len) { |
210 size_t digest_len) { | |
211 rtc::Buffer remote_fingerprint_value(digest, digest_len); | 194 rtc::Buffer remote_fingerprint_value(digest, digest_len); |
212 | 195 |
213 // Once we have the local certificate, the same remote fingerprint can be set | 196 // Once we have the local certificate, the same remote fingerprint can be set |
214 // multiple times. | 197 // multiple times. |
215 if (dtls_active_ && remote_fingerprint_value_ == remote_fingerprint_value && | 198 if (dtls_active_ && remote_fingerprint_value_ == remote_fingerprint_value && |
216 !digest_alg.empty()) { | 199 !digest_alg.empty()) { |
217 // This may happen during renegotiation. | 200 // This may happen during renegotiation. |
218 LOG_J(LS_INFO, this) << "Ignoring identical remote DTLS fingerprint"; | 201 LOG_J(LS_INFO, this) << "Ignoring identical remote DTLS fingerprint"; |
219 return true; | 202 return true; |
220 } | 203 } |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
268 } | 251 } |
269 | 252 |
270 if (!SetupDtls()) { | 253 if (!SetupDtls()) { |
271 set_dtls_state(DTLS_TRANSPORT_FAILED); | 254 set_dtls_state(DTLS_TRANSPORT_FAILED); |
272 return false; | 255 return false; |
273 } | 256 } |
274 | 257 |
275 return true; | 258 return true; |
276 } | 259 } |
277 | 260 |
278 std::unique_ptr<rtc::SSLCertificate> | 261 std::unique_ptr<rtc::SSLCertificate> DtlsTransport::GetRemoteSSLCertificate() |
279 DtlsTransportChannelWrapper::GetRemoteSSLCertificate() const { | 262 const { |
280 if (!dtls_) { | 263 if (!dtls_) { |
281 return nullptr; | 264 return nullptr; |
282 } | 265 } |
283 | 266 |
284 return dtls_->GetPeerCertificate(); | 267 return dtls_->GetPeerCertificate(); |
285 } | 268 } |
286 | 269 |
287 bool DtlsTransportChannelWrapper::SetupDtls() { | 270 bool DtlsTransport::SetupDtls() { |
288 StreamInterfaceChannel* downward = new StreamInterfaceChannel(channel_); | 271 StreamInterfaceChannel* downward = new StreamInterfaceChannel(ice_transport_); |
289 | 272 |
290 dtls_.reset(rtc::SSLStreamAdapter::Create(downward)); | 273 dtls_.reset(rtc::SSLStreamAdapter::Create(downward)); |
291 if (!dtls_) { | 274 if (!dtls_) { |
292 LOG_J(LS_ERROR, this) << "Failed to create DTLS adapter."; | 275 LOG_J(LS_ERROR, this) << "Failed to create DTLS adapter."; |
293 delete downward; | 276 delete downward; |
294 return false; | 277 return false; |
295 } | 278 } |
296 | 279 |
297 downward_ = downward; | 280 downward_ = downward; |
298 | 281 |
299 dtls_->SetIdentity(local_certificate_->identity()->GetReference()); | 282 dtls_->SetIdentity(local_certificate_->identity()->GetReference()); |
300 dtls_->SetMode(rtc::SSL_MODE_DTLS); | 283 dtls_->SetMode(rtc::SSL_MODE_DTLS); |
301 dtls_->SetMaxProtocolVersion(ssl_max_version_); | 284 dtls_->SetMaxProtocolVersion(ssl_max_version_); |
302 dtls_->SetServerRole(ssl_role_); | 285 dtls_->SetServerRole(ssl_role_); |
303 dtls_->SignalEvent.connect(this, &DtlsTransportChannelWrapper::OnDtlsEvent); | 286 dtls_->SignalEvent.connect(this, &DtlsTransport::OnDtlsEvent); |
304 dtls_->SignalSSLHandshakeError.connect( | 287 dtls_->SignalSSLHandshakeError.connect(this, |
305 this, &DtlsTransportChannelWrapper::OnDtlsHandshakeError); | 288 &DtlsTransport::OnDtlsHandshakeError); |
306 if (remote_fingerprint_value_.size() && | 289 if (remote_fingerprint_value_.size() && |
307 !dtls_->SetPeerCertificateDigest( | 290 !dtls_->SetPeerCertificateDigest( |
308 remote_fingerprint_algorithm_, | 291 remote_fingerprint_algorithm_, |
309 reinterpret_cast<unsigned char*>(remote_fingerprint_value_.data()), | 292 reinterpret_cast<unsigned char*>(remote_fingerprint_value_.data()), |
310 remote_fingerprint_value_.size())) { | 293 remote_fingerprint_value_.size())) { |
311 LOG_J(LS_ERROR, this) << "Couldn't set DTLS certificate digest."; | 294 LOG_J(LS_ERROR, this) << "Couldn't set DTLS certificate digest."; |
312 return false; | 295 return false; |
313 } | 296 } |
314 | 297 |
315 // Set up DTLS-SRTP, if it's been enabled. | 298 // Set up DTLS-SRTP, if it's been enabled. |
316 if (!srtp_ciphers_.empty()) { | 299 if (!srtp_ciphers_.empty()) { |
317 if (!dtls_->SetDtlsSrtpCryptoSuites(srtp_ciphers_)) { | 300 if (!dtls_->SetDtlsSrtpCryptoSuites(srtp_ciphers_)) { |
318 LOG_J(LS_ERROR, this) << "Couldn't set DTLS-SRTP ciphers."; | 301 LOG_J(LS_ERROR, this) << "Couldn't set DTLS-SRTP ciphers."; |
319 return false; | 302 return false; |
320 } | 303 } |
321 } else { | 304 } else { |
322 LOG_J(LS_INFO, this) << "Not using DTLS-SRTP."; | 305 LOG_J(LS_INFO, this) << "Not using DTLS-SRTP."; |
323 } | 306 } |
324 | 307 |
325 LOG_J(LS_INFO, this) << "DTLS setup complete."; | 308 LOG_J(LS_INFO, this) << "DTLS setup complete."; |
326 | 309 |
327 // If the underlying channel is already writable at this point, we may be | 310 // If the underlying ice_transport is already writable at this point, we may |
328 // able to start DTLS right away. | 311 // be able to start DTLS right away. |
329 MaybeStartDtls(); | 312 MaybeStartDtls(); |
330 return true; | 313 return true; |
331 } | 314 } |
332 | 315 |
333 bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites( | 316 bool DtlsTransport::SetSrtpCryptoSuites(const std::vector<int>& ciphers) { |
334 const std::vector<int>& ciphers) { | |
335 if (srtp_ciphers_ == ciphers) | 317 if (srtp_ciphers_ == ciphers) |
336 return true; | 318 return true; |
337 | 319 |
338 if (dtls_state() == DTLS_TRANSPORT_CONNECTING) { | 320 if (dtls_state() == DTLS_TRANSPORT_CONNECTING) { |
339 LOG(LS_WARNING) << "Ignoring new SRTP ciphers while DTLS is negotiating"; | 321 LOG(LS_WARNING) << "Ignoring new SRTP ciphers while DTLS is negotiating"; |
340 return true; | 322 return true; |
341 } | 323 } |
342 | 324 |
343 if (dtls_state() == DTLS_TRANSPORT_CONNECTED) { | 325 if (dtls_state() == DTLS_TRANSPORT_CONNECTED) { |
344 // We don't support DTLS renegotiation currently. If new set of srtp ciphers | 326 // We don't support DTLS renegotiation currently. If new set of srtp ciphers |
345 // are different than what's being used currently, we will not use it. | 327 // are different than what's being used currently, we will not use it. |
346 // So for now, let's be happy (or sad) with a warning message. | 328 // So for now, let's be happy (or sad) with a warning message. |
347 int current_srtp_cipher; | 329 int current_srtp_cipher; |
348 if (!dtls_->GetDtlsSrtpCryptoSuite(¤t_srtp_cipher)) { | 330 if (!dtls_->GetDtlsSrtpCryptoSuite(¤t_srtp_cipher)) { |
349 LOG(LS_ERROR) << "Failed to get the current SRTP cipher for DTLS channel"; | 331 LOG(LS_ERROR) |
| 332 << "Failed to get the current SRTP cipher for DTLS transport"; |
350 return false; | 333 return false; |
351 } | 334 } |
352 const std::vector<int>::const_iterator iter = | 335 const std::vector<int>::const_iterator iter = |
353 std::find(ciphers.begin(), ciphers.end(), current_srtp_cipher); | 336 std::find(ciphers.begin(), ciphers.end(), current_srtp_cipher); |
354 if (iter == ciphers.end()) { | 337 if (iter == ciphers.end()) { |
355 std::string requested_str; | 338 std::string requested_str; |
356 for (size_t i = 0; i < ciphers.size(); ++i) { | 339 for (size_t i = 0; i < ciphers.size(); ++i) { |
357 requested_str.append(" "); | 340 requested_str.append(" "); |
358 requested_str.append(rtc::SrtpCryptoSuiteToName(ciphers[i])); | 341 requested_str.append(rtc::SrtpCryptoSuiteToName(ciphers[i])); |
359 requested_str.append(" "); | 342 requested_str.append(" "); |
360 } | 343 } |
361 LOG(LS_WARNING) << "Ignoring new set of SRTP ciphers, as DTLS " | 344 LOG(LS_WARNING) << "Ignoring new set of SRTP ciphers, as DTLS " |
362 << "renegotiation is not supported currently " | 345 << "renegotiation is not supported currently " |
363 << "current cipher = " << current_srtp_cipher << " and " | 346 << "current cipher = " << current_srtp_cipher << " and " |
364 << "requested = " << "[" << requested_str << "]"; | 347 << "requested = " << "[" << requested_str << "]"; |
365 } | 348 } |
366 return true; | 349 return true; |
367 } | 350 } |
368 | 351 |
369 if (!VERIFY(dtls_state() == DTLS_TRANSPORT_NEW)) { | 352 if (!VERIFY(dtls_state() == DTLS_TRANSPORT_NEW)) { |
370 return false; | 353 return false; |
371 } | 354 } |
372 | 355 |
373 srtp_ciphers_ = ciphers; | 356 srtp_ciphers_ = ciphers; |
374 return true; | 357 return true; |
375 } | 358 } |
376 | 359 |
377 bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(int* cipher) { | 360 bool DtlsTransport::GetSrtpCryptoSuite(int* cipher) { |
378 if (dtls_state() != DTLS_TRANSPORT_CONNECTED) { | 361 if (dtls_state() != DTLS_TRANSPORT_CONNECTED) { |
379 return false; | 362 return false; |
380 } | 363 } |
381 | 364 |
382 return dtls_->GetDtlsSrtpCryptoSuite(cipher); | 365 return dtls_->GetDtlsSrtpCryptoSuite(cipher); |
383 } | 366 } |
384 | 367 |
385 | 368 |
386 // Called from upper layers to send a media packet. | 369 // Called from upper layers to send a media packet. |
387 int DtlsTransportChannelWrapper::SendPacket( | 370 int DtlsTransport::SendPacket(const char* data, |
388 const char* data, size_t size, | 371 size_t size, |
389 const rtc::PacketOptions& options, int flags) { | 372 const rtc::PacketOptions& options, |
| 373 int flags) { |
390 if (!dtls_active_) { | 374 if (!dtls_active_) { |
391 // Not doing DTLS. | 375 // Not doing DTLS. |
392 return channel_->SendPacket(data, size, options); | 376 return ice_transport_->SendPacket(data, size, options); |
393 } | 377 } |
394 | 378 |
395 switch (dtls_state()) { | 379 switch (dtls_state()) { |
396 case DTLS_TRANSPORT_NEW: | 380 case DTLS_TRANSPORT_NEW: |
397 // Can't send data until the connection is active. | 381 // Can't send data until the connection is active. |
398 // TODO(ekr@rtfm.com): assert here if dtls_ is NULL? | 382 // TODO(ekr@rtfm.com): assert here if dtls_ is NULL? |
399 return -1; | 383 return -1; |
400 case DTLS_TRANSPORT_CONNECTING: | 384 case DTLS_TRANSPORT_CONNECTING: |
401 // Can't send data until the connection is active. | 385 // Can't send data until the connection is active. |
402 return -1; | 386 return -1; |
403 case DTLS_TRANSPORT_CONNECTED: | 387 case DTLS_TRANSPORT_CONNECTED: |
404 if (flags & PF_SRTP_BYPASS) { | 388 if (flags & PF_SRTP_BYPASS) { |
405 RTC_DCHECK(!srtp_ciphers_.empty()); | 389 RTC_DCHECK(!srtp_ciphers_.empty()); |
406 if (!IsRtpPacket(data, size)) { | 390 if (!IsRtpPacket(data, size)) { |
407 return -1; | 391 return -1; |
408 } | 392 } |
409 | 393 |
410 return channel_->SendPacket(data, size, options); | 394 return ice_transport_->SendPacket(data, size, options); |
411 } else { | 395 } else { |
412 return (dtls_->WriteAll(data, size, NULL, NULL) == rtc::SR_SUCCESS) | 396 return (dtls_->WriteAll(data, size, NULL, NULL) == rtc::SR_SUCCESS) |
413 ? static_cast<int>(size) | 397 ? static_cast<int>(size) |
414 : -1; | 398 : -1; |
415 } | 399 } |
416 case DTLS_TRANSPORT_FAILED: | 400 case DTLS_TRANSPORT_FAILED: |
417 case DTLS_TRANSPORT_CLOSED: | 401 case DTLS_TRANSPORT_CLOSED: |
418 // Can't send anything when we're closed. | 402 // Can't send anything when we're closed. |
419 return -1; | 403 return -1; |
420 default: | 404 default: |
421 RTC_NOTREACHED(); | 405 RTC_NOTREACHED(); |
422 return -1; | 406 return -1; |
423 } | 407 } |
424 } | 408 } |
425 | 409 |
426 bool DtlsTransportChannelWrapper::IsDtlsConnected() { | 410 bool DtlsTransport::IsDtlsConnected() { |
427 return dtls_ && dtls_->IsTlsConnected(); | 411 return dtls_ && dtls_->IsTlsConnected(); |
428 } | 412 } |
429 | 413 |
430 // The state transition logic here is as follows: | 414 // The state transition logic here is as follows: |
431 // (1) If we're not doing DTLS-SRTP, then the state is just the | 415 // (1) If we're not doing DTLS-SRTP, then the state is just the |
432 // state of the underlying impl() | 416 // state of the underlying impl() |
433 // (2) If we're doing DTLS-SRTP: | 417 // (2) If we're doing DTLS-SRTP: |
434 // - Prior to the DTLS handshake, the state is neither receiving nor | 418 // - Prior to the DTLS handshake, the state is neither receiving nor |
435 // writable | 419 // writable |
436 // - When the impl goes writable for the first time we | 420 // - When the impl goes writable for the first time we |
437 // start the DTLS handshake | 421 // start the DTLS handshake |
438 // - Once the DTLS handshake completes, the state is that of the | 422 // - Once the DTLS handshake completes, the state is that of the |
439 // impl again | 423 // impl again |
440 void DtlsTransportChannelWrapper::OnWritableState( | 424 void DtlsTransport::OnWritableState(rtc::PacketTransportInterface* transport) { |
441 rtc::PacketTransportInterface* transport) { | |
442 RTC_DCHECK(rtc::Thread::Current() == network_thread_); | 425 RTC_DCHECK(rtc::Thread::Current() == network_thread_); |
443 RTC_DCHECK(transport == channel_); | 426 RTC_DCHECK(transport == ice_transport_); |
444 LOG_J(LS_VERBOSE, this) | 427 LOG_J(LS_VERBOSE, this) |
445 << "DTLSTransportChannelWrapper: channel writable state changed to " | 428 << "DTLSTransportChannelWrapper: ice_transport writable state changed to " |
446 << channel_->writable(); | 429 << ice_transport_->writable(); |
447 | 430 |
448 if (!dtls_active_) { | 431 if (!dtls_active_) { |
449 // Not doing DTLS. | 432 // Not doing DTLS. |
450 // Note: SignalWritableState fired by set_writable. | 433 // Note: SignalWritableState fired by set_writable. |
451 set_writable(channel_->writable()); | 434 set_writable(ice_transport_->writable()); |
452 return; | 435 return; |
453 } | 436 } |
454 | 437 |
455 switch (dtls_state()) { | 438 switch (dtls_state()) { |
456 case DTLS_TRANSPORT_NEW: | 439 case DTLS_TRANSPORT_NEW: |
457 MaybeStartDtls(); | 440 MaybeStartDtls(); |
458 break; | 441 break; |
459 case DTLS_TRANSPORT_CONNECTED: | 442 case DTLS_TRANSPORT_CONNECTED: |
460 // Note: SignalWritableState fired by set_writable. | 443 // Note: SignalWritableState fired by set_writable. |
461 set_writable(channel_->writable()); | 444 set_writable(ice_transport_->writable()); |
462 break; | 445 break; |
463 case DTLS_TRANSPORT_CONNECTING: | 446 case DTLS_TRANSPORT_CONNECTING: |
464 // Do nothing. | 447 // Do nothing. |
465 break; | 448 break; |
466 case DTLS_TRANSPORT_FAILED: | 449 case DTLS_TRANSPORT_FAILED: |
467 case DTLS_TRANSPORT_CLOSED: | 450 case DTLS_TRANSPORT_CLOSED: |
468 // Should not happen. Do nothing. | 451 // Should not happen. Do nothing. |
469 break; | 452 break; |
470 } | 453 } |
471 } | 454 } |
472 | 455 |
473 void DtlsTransportChannelWrapper::OnReceivingState( | 456 void DtlsTransport::OnReceivingState(rtc::PacketTransportInterface* transport) { |
474 rtc::PacketTransportInterface* transport) { | |
475 RTC_DCHECK(rtc::Thread::Current() == network_thread_); | 457 RTC_DCHECK(rtc::Thread::Current() == network_thread_); |
476 RTC_DCHECK(transport == channel_); | 458 RTC_DCHECK(transport == ice_transport_); |
477 LOG_J(LS_VERBOSE, this) | 459 LOG_J(LS_VERBOSE, this) << "DTLSTransportChannelWrapper: ice_transport " |
478 << "DTLSTransportChannelWrapper: channel receiving state changed to " | 460 "receiving state changed to " |
479 << channel_->receiving(); | 461 << ice_transport_->receiving(); |
480 if (!dtls_active_ || dtls_state() == DTLS_TRANSPORT_CONNECTED) { | 462 if (!dtls_active_ || dtls_state() == DTLS_TRANSPORT_CONNECTED) { |
481 // Note: SignalReceivingState fired by set_receiving. | 463 // Note: SignalReceivingState fired by set_receiving. |
482 set_receiving(channel_->receiving()); | 464 set_receiving(ice_transport_->receiving()); |
483 } | 465 } |
484 } | 466 } |
485 | 467 |
486 void DtlsTransportChannelWrapper::OnReadPacket( | 468 void DtlsTransport::OnReadPacket(rtc::PacketTransportInterface* transport, |
487 rtc::PacketTransportInterface* transport, | 469 const char* data, |
488 const char* data, | 470 size_t size, |
489 size_t size, | 471 const rtc::PacketTime& packet_time, |
490 const rtc::PacketTime& packet_time, | 472 int flags) { |
491 int flags) { | |
492 RTC_DCHECK(rtc::Thread::Current() == network_thread_); | 473 RTC_DCHECK(rtc::Thread::Current() == network_thread_); |
493 RTC_DCHECK(transport == channel_); | 474 RTC_DCHECK(transport == ice_transport_); |
494 RTC_DCHECK(flags == 0); | 475 RTC_DCHECK(flags == 0); |
495 | 476 |
496 if (!dtls_active_) { | 477 if (!dtls_active_) { |
497 // Not doing DTLS. | 478 // Not doing DTLS. |
498 SignalReadPacket(this, data, size, packet_time, 0); | 479 SignalReadPacket(this, data, size, packet_time, 0); |
499 return; | 480 return; |
500 } | 481 } |
501 | 482 |
502 switch (dtls_state()) { | 483 switch (dtls_state()) { |
503 case DTLS_TRANSPORT_NEW: | 484 case DTLS_TRANSPORT_NEW: |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
555 SignalReadPacket(this, data, size, packet_time, PF_SRTP_BYPASS); | 536 SignalReadPacket(this, data, size, packet_time, PF_SRTP_BYPASS); |
556 } | 537 } |
557 break; | 538 break; |
558 case DTLS_TRANSPORT_FAILED: | 539 case DTLS_TRANSPORT_FAILED: |
559 case DTLS_TRANSPORT_CLOSED: | 540 case DTLS_TRANSPORT_CLOSED: |
560 // This shouldn't be happening. Drop the packet. | 541 // This shouldn't be happening. Drop the packet. |
561 break; | 542 break; |
562 } | 543 } |
563 } | 544 } |
564 | 545 |
565 void DtlsTransportChannelWrapper::OnSentPacket( | 546 void DtlsTransport::OnSentPacket(rtc::PacketTransportInterface* transport, |
566 rtc::PacketTransportInterface* transport, | 547 const rtc::SentPacket& sent_packet) { |
567 const rtc::SentPacket& sent_packet) { | |
568 RTC_DCHECK(rtc::Thread::Current() == network_thread_); | 548 RTC_DCHECK(rtc::Thread::Current() == network_thread_); |
569 | 549 |
570 SignalSentPacket(this, sent_packet); | 550 SignalSentPacket(this, sent_packet); |
571 } | 551 } |
572 | 552 |
573 void DtlsTransportChannelWrapper::OnReadyToSend( | 553 void DtlsTransport::OnReadyToSend(rtc::PacketTransportInterface* transport) { |
574 rtc::PacketTransportInterface* transport) { | |
575 if (writable()) { | 554 if (writable()) { |
576 SignalReadyToSend(this); | 555 SignalReadyToSend(this); |
577 } | 556 } |
578 } | 557 } |
579 | 558 |
580 void DtlsTransportChannelWrapper::OnDtlsEvent(rtc::StreamInterface* dtls, | 559 void DtlsTransport::OnDtlsEvent(rtc::StreamInterface* dtls, int sig, int err) { |
581 int sig, int err) { | |
582 RTC_DCHECK(rtc::Thread::Current() == network_thread_); | 560 RTC_DCHECK(rtc::Thread::Current() == network_thread_); |
583 RTC_DCHECK(dtls == dtls_.get()); | 561 RTC_DCHECK(dtls == dtls_.get()); |
584 if (sig & rtc::SE_OPEN) { | 562 if (sig & rtc::SE_OPEN) { |
585 // This is the first time. | 563 // This is the first time. |
586 LOG_J(LS_INFO, this) << "DTLS handshake complete."; | 564 LOG_J(LS_INFO, this) << "DTLS handshake complete."; |
587 if (dtls_->GetState() == rtc::SS_OPEN) { | 565 if (dtls_->GetState() == rtc::SS_OPEN) { |
588 // The check for OPEN shouldn't be necessary but let's make | 566 // The check for OPEN shouldn't be necessary but let's make |
589 // sure we don't accidentally frob the state if it's closed. | 567 // sure we don't accidentally frob the state if it's closed. |
590 set_dtls_state(DTLS_TRANSPORT_CONNECTED); | 568 set_dtls_state(DTLS_TRANSPORT_CONNECTED); |
591 set_writable(true); | 569 set_writable(true); |
592 } | 570 } |
593 } | 571 } |
594 if (sig & rtc::SE_READ) { | 572 if (sig & rtc::SE_READ) { |
595 char buf[kMaxDtlsPacketLen]; | 573 char buf[kMaxDtlsPacketLen]; |
596 size_t read; | 574 size_t read; |
597 int read_error; | 575 int read_error; |
598 rtc::StreamResult ret = dtls_->Read(buf, sizeof(buf), &read, &read_error); | 576 rtc::StreamResult ret = dtls_->Read(buf, sizeof(buf), &read, &read_error); |
599 if (ret == rtc::SR_SUCCESS) { | 577 if (ret == rtc::SR_SUCCESS) { |
600 SignalReadPacket(this, buf, read, rtc::CreatePacketTime(0), 0); | 578 SignalReadPacket(this, buf, read, rtc::CreatePacketTime(0), 0); |
601 } else if (ret == rtc::SR_EOS) { | 579 } else if (ret == rtc::SR_EOS) { |
602 // Remote peer shut down the association with no error. | 580 // Remote peer shut down the association with no error. |
603 LOG_J(LS_INFO, this) << "DTLS channel closed"; | 581 LOG_J(LS_INFO, this) << "DTLS transport closed"; |
604 set_writable(false); | 582 set_writable(false); |
605 set_dtls_state(DTLS_TRANSPORT_CLOSED); | 583 set_dtls_state(DTLS_TRANSPORT_CLOSED); |
606 } else if (ret == rtc::SR_ERROR) { | 584 } else if (ret == rtc::SR_ERROR) { |
607 // Remote peer shut down the association with an error. | 585 // Remote peer shut down the association with an error. |
608 LOG_J(LS_INFO, this) << "DTLS channel error, code=" << read_error; | 586 LOG_J(LS_INFO, this) << "DTLS transport error, code=" << read_error; |
609 set_writable(false); | 587 set_writable(false); |
610 set_dtls_state(DTLS_TRANSPORT_FAILED); | 588 set_dtls_state(DTLS_TRANSPORT_FAILED); |
611 } | 589 } |
612 } | 590 } |
613 if (sig & rtc::SE_CLOSE) { | 591 if (sig & rtc::SE_CLOSE) { |
614 RTC_DCHECK(sig == rtc::SE_CLOSE); // SE_CLOSE should be by itself. | 592 RTC_DCHECK(sig == rtc::SE_CLOSE); // SE_CLOSE should be by itself. |
615 set_writable(false); | 593 set_writable(false); |
616 if (!err) { | 594 if (!err) { |
617 LOG_J(LS_INFO, this) << "DTLS channel closed"; | 595 LOG_J(LS_INFO, this) << "DTLS transport closed"; |
618 set_dtls_state(DTLS_TRANSPORT_CLOSED); | 596 set_dtls_state(DTLS_TRANSPORT_CLOSED); |
619 } else { | 597 } else { |
620 LOG_J(LS_INFO, this) << "DTLS channel error, code=" << err; | 598 LOG_J(LS_INFO, this) << "DTLS transport error, code=" << err; |
621 set_dtls_state(DTLS_TRANSPORT_FAILED); | 599 set_dtls_state(DTLS_TRANSPORT_FAILED); |
622 } | 600 } |
623 } | 601 } |
624 } | 602 } |
625 | 603 |
626 void DtlsTransportChannelWrapper::MaybeStartDtls() { | 604 void DtlsTransport::MaybeStartDtls() { |
627 if (dtls_ && channel_->writable()) { | 605 if (dtls_ && ice_transport_->writable()) { |
628 if (dtls_->StartSSL()) { | 606 if (dtls_->StartSSL()) { |
629 // This should never fail: | 607 // This should never fail: |
630 // Because we are operating in a nonblocking mode and all | 608 // Because we are operating in a nonblocking mode and all |
631 // incoming packets come in via OnReadPacket(), which rejects | 609 // incoming packets come in via OnReadPacket(), which rejects |
632 // packets in this state, the incoming queue must be empty. We | 610 // packets in this state, the incoming queue must be empty. We |
633 // ignore write errors, thus any errors must be because of | 611 // ignore write errors, thus any errors must be because of |
634 // configuration and therefore are our fault. | 612 // configuration and therefore are our fault. |
635 RTC_NOTREACHED() << "StartSSL failed."; | 613 RTC_NOTREACHED() << "StartSSL failed."; |
636 LOG_J(LS_ERROR, this) << "Couldn't start DTLS handshake"; | 614 LOG_J(LS_ERROR, this) << "Couldn't start DTLS handshake"; |
637 set_dtls_state(DTLS_TRANSPORT_FAILED); | 615 set_dtls_state(DTLS_TRANSPORT_FAILED); |
638 return; | 616 return; |
639 } | 617 } |
640 LOG_J(LS_INFO, this) | 618 LOG_J(LS_INFO, this) << "DtlsTransport: Started DTLS handshake"; |
641 << "DtlsTransportChannelWrapper: Started DTLS handshake"; | |
642 set_dtls_state(DTLS_TRANSPORT_CONNECTING); | 619 set_dtls_state(DTLS_TRANSPORT_CONNECTING); |
643 // Now that the handshake has started, we can process a cached ClientHello | 620 // Now that the handshake has started, we can process a cached ClientHello |
644 // (if one exists). | 621 // (if one exists). |
645 if (cached_client_hello_.size()) { | 622 if (cached_client_hello_.size()) { |
646 if (ssl_role_ == rtc::SSL_SERVER) { | 623 if (ssl_role_ == rtc::SSL_SERVER) { |
647 LOG_J(LS_INFO, this) << "Handling cached DTLS ClientHello packet."; | 624 LOG_J(LS_INFO, this) << "Handling cached DTLS ClientHello packet."; |
648 if (!HandleDtlsPacket(cached_client_hello_.data<char>(), | 625 if (!HandleDtlsPacket(cached_client_hello_.data<char>(), |
649 cached_client_hello_.size())) { | 626 cached_client_hello_.size())) { |
650 LOG_J(LS_ERROR, this) << "Failed to handle DTLS packet."; | 627 LOG_J(LS_ERROR, this) << "Failed to handle DTLS packet."; |
651 } | 628 } |
652 } else { | 629 } else { |
653 LOG_J(LS_WARNING, this) << "Discarding cached DTLS ClientHello packet " | 630 LOG_J(LS_WARNING, this) << "Discarding cached DTLS ClientHello packet " |
654 << "because we don't have the server role."; | 631 << "because we don't have the server role."; |
655 } | 632 } |
656 cached_client_hello_.Clear(); | 633 cached_client_hello_.Clear(); |
657 } | 634 } |
658 } | 635 } |
659 } | 636 } |
660 | 637 |
661 // Called from OnReadPacket when a DTLS packet is received. | 638 // Called from OnReadPacket when a DTLS packet is received. |
662 bool DtlsTransportChannelWrapper::HandleDtlsPacket(const char* data, | 639 bool DtlsTransport::HandleDtlsPacket(const char* data, size_t size) { |
663 size_t size) { | |
664 // Sanity check we're not passing junk that | 640 // Sanity check we're not passing junk that |
665 // just looks like DTLS. | 641 // just looks like DTLS. |
666 const uint8_t* tmp_data = reinterpret_cast<const uint8_t*>(data); | 642 const uint8_t* tmp_data = reinterpret_cast<const uint8_t*>(data); |
667 size_t tmp_size = size; | 643 size_t tmp_size = size; |
668 while (tmp_size > 0) { | 644 while (tmp_size > 0) { |
669 if (tmp_size < kDtlsRecordHeaderLen) | 645 if (tmp_size < kDtlsRecordHeaderLen) |
670 return false; // Too short for the header | 646 return false; // Too short for the header |
671 | 647 |
672 size_t record_len = (tmp_data[11] << 8) | (tmp_data[12]); | 648 size_t record_len = (tmp_data[11] << 8) | (tmp_data[12]); |
673 if ((record_len + kDtlsRecordHeaderLen) > tmp_size) | 649 if ((record_len + kDtlsRecordHeaderLen) > tmp_size) |
674 return false; // Body too short | 650 return false; // Body too short |
675 | 651 |
676 tmp_data += record_len + kDtlsRecordHeaderLen; | 652 tmp_data += record_len + kDtlsRecordHeaderLen; |
677 tmp_size -= record_len + kDtlsRecordHeaderLen; | 653 tmp_size -= record_len + kDtlsRecordHeaderLen; |
678 } | 654 } |
679 | 655 |
680 // Looks good. Pass to the SIC which ends up being passed to | 656 // Looks good. Pass to the SIC which ends up being passed to |
681 // the DTLS stack. | 657 // the DTLS stack. |
682 return downward_->OnPacketReceived(data, size); | 658 return downward_->OnPacketReceived(data, size); |
683 } | 659 } |
684 | 660 |
685 void DtlsTransportChannelWrapper::OnGatheringState( | 661 void DtlsTransport::set_receiving(bool receiving) { |
686 IceTransportInternal* channel) { | 662 if (receiving_ == receiving) { |
687 RTC_DCHECK(channel == channel_); | 663 return; |
688 SignalGatheringState(this); | 664 } |
| 665 receiving_ = receiving; |
| 666 SignalReceivingState(this); |
689 } | 667 } |
690 | 668 |
691 void DtlsTransportChannelWrapper::OnCandidateGathered( | 669 void DtlsTransport::set_writable(bool writable) { |
692 IceTransportInternal* channel, | 670 if (writable_ == writable) { |
693 const Candidate& c) { | 671 return; |
694 RTC_DCHECK(channel == channel_); | 672 } |
695 SignalCandidateGathered(this, c); | 673 LOG_J(LS_VERBOSE, this) << "set_writable from:" << writable_ << " to " |
| 674 << writable; |
| 675 writable_ = writable; |
| 676 if (writable_) { |
| 677 SignalReadyToSend(this); |
| 678 } |
| 679 SignalWritableState(this); |
696 } | 680 } |
697 | 681 |
698 void DtlsTransportChannelWrapper::OnCandidatesRemoved( | 682 void DtlsTransport::set_dtls_state(DtlsTransportState state) { |
699 IceTransportInternal* channel, | 683 if (dtls_state_ == state) { |
700 const Candidates& candidates) { | 684 return; |
701 RTC_DCHECK(channel == channel_); | 685 } |
702 SignalCandidatesRemoved(this, candidates); | 686 LOG_J(LS_VERBOSE, this) << "set_dtls_state from:" << dtls_state_ << " to " |
| 687 << state; |
| 688 dtls_state_ = state; |
| 689 SignalDtlsState(this, state); |
703 } | 690 } |
704 | 691 |
705 void DtlsTransportChannelWrapper::OnRoleConflict( | 692 void DtlsTransport::OnDtlsHandshakeError(rtc::SSLHandshakeError error) { |
706 IceTransportInternal* channel) { | |
707 RTC_DCHECK(channel == channel_); | |
708 SignalRoleConflict(this); | |
709 } | |
710 | |
711 void DtlsTransportChannelWrapper::OnRouteChange(IceTransportInternal* channel, | |
712 const Candidate& candidate) { | |
713 RTC_DCHECK(channel == channel_); | |
714 SignalRouteChange(this, candidate); | |
715 } | |
716 | |
717 void DtlsTransportChannelWrapper::OnSelectedCandidatePairChanged( | |
718 IceTransportInternal* channel, | |
719 CandidatePairInterface* selected_candidate_pair, | |
720 int last_sent_packet_id, | |
721 bool ready_to_send) { | |
722 RTC_DCHECK(channel == channel_); | |
723 SignalSelectedCandidatePairChanged(this, selected_candidate_pair, | |
724 last_sent_packet_id, ready_to_send); | |
725 } | |
726 | |
727 void DtlsTransportChannelWrapper::OnChannelStateChanged( | |
728 IceTransportInternal* channel) { | |
729 RTC_DCHECK(channel == channel_); | |
730 SignalStateChanged(this); | |
731 } | |
732 | |
733 void DtlsTransportChannelWrapper::OnDtlsHandshakeError( | |
734 rtc::SSLHandshakeError error) { | |
735 SignalDtlsHandshakeError(error); | 693 SignalDtlsHandshakeError(error); |
736 } | 694 } |
737 | 695 |
738 } // namespace cricket | 696 } // namespace cricket |
OLD | NEW |