1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include <utility> // for std::pair
12
13 #include "webrtc/p2p/base/transport.h"
14
15 #include "webrtc/p2p/base/candidate.h"
16 #include "webrtc/p2p/base/constants.h"
17 #include "webrtc/p2p/base/port.h"
18 #include "webrtc/p2p/base/transportchannelimpl.h"
19 #include "webrtc/base/bind.h"
20 #include "webrtc/base/checks.h"
21 #include "webrtc/base/logging.h"
22
23 namespace cricket {
24
VerifyIceParams(const TransportDescription & desc)25 static bool VerifyIceParams(const TransportDescription& desc) {
26 // For legacy protocols.
27 if (desc.ice_ufrag.empty() && desc.ice_pwd.empty())
28 return true;
29
30 if (desc.ice_ufrag.length() < ICE_UFRAG_MIN_LENGTH ||
31 desc.ice_ufrag.length() > ICE_UFRAG_MAX_LENGTH) {
32 return false;
33 }
34 if (desc.ice_pwd.length() < ICE_PWD_MIN_LENGTH ||
35 desc.ice_pwd.length() > ICE_PWD_MAX_LENGTH) {
36 return false;
37 }
38 return true;
39 }
40
BadTransportDescription(const std::string & desc,std::string * err_desc)41 bool BadTransportDescription(const std::string& desc, std::string* err_desc) {
42 if (err_desc) {
43 *err_desc = desc;
44 }
45 LOG(LS_ERROR) << desc;
46 return false;
47 }
48
IceCredentialsChanged(const std::string & old_ufrag,const std::string & old_pwd,const std::string & new_ufrag,const std::string & new_pwd)49 bool IceCredentialsChanged(const std::string& old_ufrag,
50 const std::string& old_pwd,
51 const std::string& new_ufrag,
52 const std::string& new_pwd) {
53 // TODO(jiayl): The standard (RFC 5245 Section 9.1.1.1) says that ICE should
54 // restart when both the ufrag and password are changed, but we do restart
55 // when either ufrag or passwrod is changed to keep compatible with GICE. We
56 // should clean this up when GICE is no longer used.
57 return (old_ufrag != new_ufrag) || (old_pwd != new_pwd);
58 }
59
IceCredentialsChanged(const TransportDescription & old_desc,const TransportDescription & new_desc)60 static bool IceCredentialsChanged(const TransportDescription& old_desc,
61 const TransportDescription& new_desc) {
62 return IceCredentialsChanged(old_desc.ice_ufrag, old_desc.ice_pwd,
63 new_desc.ice_ufrag, new_desc.ice_pwd);
64 }
65
Transport(const std::string & name,PortAllocator * allocator)66 Transport::Transport(const std::string& name, PortAllocator* allocator)
67 : name_(name), allocator_(allocator) {}
68
~Transport()69 Transport::~Transport() {
70 RTC_DCHECK(channels_destroyed_);
71 }
72
SetIceRole(IceRole role)73 void Transport::SetIceRole(IceRole role) {
74 ice_role_ = role;
75 for (const auto& kv : channels_) {
76 kv.second->SetIceRole(ice_role_);
77 }
78 }
79
GetRemoteSSLCertificate(rtc::SSLCertificate ** cert)80 bool Transport::GetRemoteSSLCertificate(rtc::SSLCertificate** cert) {
81 if (channels_.empty()) {
82 return false;
83 }
84
85 auto iter = channels_.begin();
86 return iter->second->GetRemoteSSLCertificate(cert);
87 }
88
SetIceConfig(const IceConfig & config)89 void Transport::SetIceConfig(const IceConfig& config) {
90 ice_config_ = config;
91 for (const auto& kv : channels_) {
92 kv.second->SetIceConfig(ice_config_);
93 }
94 }
95
SetLocalTransportDescription(const TransportDescription & description,ContentAction action,std::string * error_desc)96 bool Transport::SetLocalTransportDescription(
97 const TransportDescription& description,
98 ContentAction action,
99 std::string* error_desc) {
100 bool ret = true;
101
102 if (!VerifyIceParams(description)) {
103 return BadTransportDescription("Invalid ice-ufrag or ice-pwd length",
104 error_desc);
105 }
106
107 if (local_description_ &&
108 IceCredentialsChanged(*local_description_, description)) {
109 IceRole new_ice_role =
110 (action == CA_OFFER) ? ICEROLE_CONTROLLING : ICEROLE_CONTROLLED;
111
112 // It must be called before ApplyLocalTransportDescription, which may
113 // trigger an ICE restart and depends on the new ICE role.
114 SetIceRole(new_ice_role);
115 }
116
117 local_description_.reset(new TransportDescription(description));
118
119 for (const auto& kv : channels_) {
120 ret &= ApplyLocalTransportDescription(kv.second, error_desc);
121 }
122 if (!ret) {
123 return false;
124 }
125
126 // If PRANSWER/ANSWER is set, we should decide transport protocol type.
127 if (action == CA_PRANSWER || action == CA_ANSWER) {
128 ret &= NegotiateTransportDescription(action, error_desc);
129 }
130 if (ret) {
131 local_description_set_ = true;
132 ConnectChannels();
133 }
134
135 return ret;
136 }
137
SetRemoteTransportDescription(const TransportDescription & description,ContentAction action,std::string * error_desc)138 bool Transport::SetRemoteTransportDescription(
139 const TransportDescription& description,
140 ContentAction action,
141 std::string* error_desc) {
142 bool ret = true;
143
144 if (!VerifyIceParams(description)) {
145 return BadTransportDescription("Invalid ice-ufrag or ice-pwd length",
146 error_desc);
147 }
148
149 remote_description_.reset(new TransportDescription(description));
150 for (const auto& kv : channels_) {
151 ret &= ApplyRemoteTransportDescription(kv.second, error_desc);
152 }
153
154 // If PRANSWER/ANSWER is set, we should decide transport protocol type.
155 if (action == CA_PRANSWER || action == CA_ANSWER) {
156 ret = NegotiateTransportDescription(CA_OFFER, error_desc);
157 }
158 if (ret) {
159 remote_description_set_ = true;
160 }
161
162 return ret;
163 }
164
CreateChannel(int component)165 TransportChannelImpl* Transport::CreateChannel(int component) {
166 TransportChannelImpl* channel;
167
168 // Create the entry if it does not exist.
169 bool channel_exists = false;
170 auto iter = channels_.find(component);
171 if (iter == channels_.end()) {
172 channel = CreateTransportChannel(component);
173 channels_.insert(std::pair<int, TransportChannelImpl*>(component, channel));
174 } else {
175 channel = iter->second;
176 channel_exists = true;
177 }
178
179 channels_destroyed_ = false;
180
181 if (channel_exists) {
182 // If this is an existing channel, we should just return it.
183 return channel;
184 }
185
186 // Push down our transport state to the new channel.
187 channel->SetIceRole(ice_role_);
188 channel->SetIceTiebreaker(tiebreaker_);
189 channel->SetIceConfig(ice_config_);
190 // TODO(ronghuawu): Change CreateChannel to be able to return error since
191 // below Apply**Description calls can fail.
192 if (local_description_)
193 ApplyLocalTransportDescription(channel, nullptr);
194 if (remote_description_)
195 ApplyRemoteTransportDescription(channel, nullptr);
196 if (local_description_ && remote_description_)
197 ApplyNegotiatedTransportDescription(channel, nullptr);
198
199 if (connect_requested_) {
200 channel->Connect();
201 }
202 return channel;
203 }
204
GetChannel(int component)205 TransportChannelImpl* Transport::GetChannel(int component) {
206 auto iter = channels_.find(component);
207 return (iter != channels_.end()) ? iter->second : nullptr;
208 }
209
HasChannels()210 bool Transport::HasChannels() {
211 return !channels_.empty();
212 }
213
DestroyChannel(int component)214 void Transport::DestroyChannel(int component) {
215 auto iter = channels_.find(component);
216 if (iter == channels_.end())
217 return;
218
219 TransportChannelImpl* channel = iter->second;
220 channels_.erase(iter);
221 DestroyTransportChannel(channel);
222 }
223
ConnectChannels()224 void Transport::ConnectChannels() {
225 if (connect_requested_ || channels_.empty())
226 return;
227
228 connect_requested_ = true;
229
230 if (!local_description_) {
231 // TOOD(mallinath) : TransportDescription(TD) shouldn't be generated here.
232 // As Transport must know TD is offer or answer and cricket::Transport
233 // doesn't have the capability to decide it. This should be set by the
234 // Session.
235 // Session must generate local TD before remote candidates pushed when
236 // initiate request initiated by the remote.
237 LOG(LS_INFO) << "Transport::ConnectChannels: No local description has "
238 << "been set. Will generate one.";
239 TransportDescription desc(
240 std::vector<std::string>(), rtc::CreateRandomString(ICE_UFRAG_LENGTH),
241 rtc::CreateRandomString(ICE_PWD_LENGTH), ICEMODE_FULL,
242 CONNECTIONROLE_NONE, nullptr, Candidates());
243 SetLocalTransportDescription(desc, CA_OFFER, nullptr);
244 }
245
246 CallChannels(&TransportChannelImpl::Connect);
247 }
248
MaybeStartGathering()249 void Transport::MaybeStartGathering() {
250 if (connect_requested_) {
251 CallChannels(&TransportChannelImpl::MaybeStartGathering);
252 }
253 }
254
DestroyAllChannels()255 void Transport::DestroyAllChannels() {
256 for (const auto& kv : channels_) {
257 DestroyTransportChannel(kv.second);
258 }
259 channels_.clear();
260 channels_destroyed_ = true;
261 }
262
CallChannels(TransportChannelFunc func)263 void Transport::CallChannels(TransportChannelFunc func) {
264 for (const auto& kv : channels_) {
265 (kv.second->*func)();
266 }
267 }
268
VerifyCandidate(const Candidate & cand,std::string * error)269 bool Transport::VerifyCandidate(const Candidate& cand, std::string* error) {
270 // No address zero.
271 if (cand.address().IsNil() || cand.address().IsAnyIP()) {
272 *error = "candidate has address of zero";
273 return false;
274 }
275
276 // Disallow all ports below 1024, except for 80 and 443 on public addresses.
277 int port = cand.address().port();
278 if (cand.protocol() == TCP_PROTOCOL_NAME &&
279 (cand.tcptype() == TCPTYPE_ACTIVE_STR || port == 0)) {
280 // Expected for active-only candidates per
281 // http://tools.ietf.org/html/rfc6544#section-4.5 so no error.
282 // Libjingle clients emit port 0, in "active" mode.
283 return true;
284 }
285 if (port < 1024) {
286 if ((port != 80) && (port != 443)) {
287 *error = "candidate has port below 1024, but not 80 or 443";
288 return false;
289 }
290
291 if (cand.address().IsPrivateIP()) {
292 *error = "candidate has port of 80 or 443 with private IP address";
293 return false;
294 }
295 }
296
297 return true;
298 }
299
300
GetStats(TransportStats * stats)301 bool Transport::GetStats(TransportStats* stats) {
302 stats->transport_name = name();
303 stats->channel_stats.clear();
304 for (auto kv : channels_) {
305 TransportChannelImpl* channel = kv.second;
306 TransportChannelStats substats;
307 substats.component = channel->component();
308 channel->GetSrtpCryptoSuite(&substats.srtp_crypto_suite);
309 channel->GetSslCipherSuite(&substats.ssl_cipher_suite);
310 if (!channel->GetStats(&substats.connection_infos)) {
311 return false;
312 }
313 stats->channel_stats.push_back(substats);
314 }
315 return true;
316 }
317
AddRemoteCandidates(const std::vector<Candidate> & candidates,std::string * error)318 bool Transport::AddRemoteCandidates(const std::vector<Candidate>& candidates,
319 std::string* error) {
320 ASSERT(!channels_destroyed_);
321 // Verify each candidate before passing down to transport layer.
322 for (const Candidate& cand : candidates) {
323 if (!VerifyCandidate(cand, error)) {
324 return false;
325 }
326 if (!HasChannel(cand.component())) {
327 *error = "Candidate has unknown component: " + cand.ToString() +
328 " for content: " + name();
329 return false;
330 }
331 }
332
333 for (const Candidate& candidate : candidates) {
334 TransportChannelImpl* channel = GetChannel(candidate.component());
335 if (channel != nullptr) {
336 channel->AddRemoteCandidate(candidate);
337 }
338 }
339 return true;
340 }
341
ApplyLocalTransportDescription(TransportChannelImpl * ch,std::string * error_desc)342 bool Transport::ApplyLocalTransportDescription(TransportChannelImpl* ch,
343 std::string* error_desc) {
344 ch->SetIceCredentials(local_description_->ice_ufrag,
345 local_description_->ice_pwd);
346 return true;
347 }
348
ApplyRemoteTransportDescription(TransportChannelImpl * ch,std::string * error_desc)349 bool Transport::ApplyRemoteTransportDescription(TransportChannelImpl* ch,
350 std::string* error_desc) {
351 ch->SetRemoteIceCredentials(remote_description_->ice_ufrag,
352 remote_description_->ice_pwd);
353 return true;
354 }
355
ApplyNegotiatedTransportDescription(TransportChannelImpl * channel,std::string * error_desc)356 bool Transport::ApplyNegotiatedTransportDescription(
357 TransportChannelImpl* channel,
358 std::string* error_desc) {
359 channel->SetRemoteIceMode(remote_ice_mode_);
360 return true;
361 }
362
NegotiateTransportDescription(ContentAction local_role,std::string * error_desc)363 bool Transport::NegotiateTransportDescription(ContentAction local_role,
364 std::string* error_desc) {
365 // TODO(ekr@rtfm.com): This is ICE-specific stuff. Refactor into
366 // P2PTransport.
367
368 // If transport is in ICEROLE_CONTROLLED and remote end point supports only
369 // ice_lite, this local end point should take CONTROLLING role.
370 if (ice_role_ == ICEROLE_CONTROLLED &&
371 remote_description_->ice_mode == ICEMODE_LITE) {
372 SetIceRole(ICEROLE_CONTROLLING);
373 }
374
375 // Update remote ice_mode to all existing channels.
376 remote_ice_mode_ = remote_description_->ice_mode;
377
378 // Now that we have negotiated everything, push it downward.
379 // Note that we cache the result so that if we have race conditions
380 // between future SetRemote/SetLocal invocations and new channel
381 // creation, we have the negotiation state saved until a new
382 // negotiation happens.
383 for (const auto& kv : channels_) {
384 if (!ApplyNegotiatedTransportDescription(kv.second, error_desc)) {
385 return false;
386 }
387 }
388 return true;
389 }
390
391 } // namespace cricket
392