1 /*
2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #include "p2p/base/port_allocator.h"
12 
13 #include <iterator>
14 #include <set>
15 #include <utility>
16 
17 #include "p2p/base/ice_credentials_iterator.h"
18 #include "rtc_base/checks.h"
19 #include "rtc_base/logging.h"
20 
21 namespace cricket {
22 
RelayServerConfig()23 RelayServerConfig::RelayServerConfig() {}
24 
RelayServerConfig(const rtc::SocketAddress & address,const std::string & username,const std::string & password,ProtocolType proto)25 RelayServerConfig::RelayServerConfig(const rtc::SocketAddress& address,
26                                      const std::string& username,
27                                      const std::string& password,
28                                      ProtocolType proto)
29     : credentials(username, password) {
30   ports.push_back(ProtocolAddress(address, proto));
31 }
32 
RelayServerConfig(const std::string & address,int port,const std::string & username,const std::string & password,ProtocolType proto)33 RelayServerConfig::RelayServerConfig(const std::string& address,
34                                      int port,
35                                      const std::string& username,
36                                      const std::string& password,
37                                      ProtocolType proto)
38     : RelayServerConfig(rtc::SocketAddress(address, port),
39                         username,
40                         password,
41                         proto) {}
42 
43 // Legacy constructor where "secure" and PROTO_TCP implies PROTO_TLS.
RelayServerConfig(const std::string & address,int port,const std::string & username,const std::string & password,ProtocolType proto,bool secure)44 RelayServerConfig::RelayServerConfig(const std::string& address,
45                                      int port,
46                                      const std::string& username,
47                                      const std::string& password,
48                                      ProtocolType proto,
49                                      bool secure)
50     : RelayServerConfig(address,
51                         port,
52                         username,
53                         password,
54                         (proto == PROTO_TCP && secure ? PROTO_TLS : proto)) {}
55 
56 RelayServerConfig::RelayServerConfig(const RelayServerConfig&) = default;
57 
58 RelayServerConfig::~RelayServerConfig() = default;
59 
PortAllocatorSession(const std::string & content_name,int component,const std::string & ice_ufrag,const std::string & ice_pwd,uint32_t flags)60 PortAllocatorSession::PortAllocatorSession(const std::string& content_name,
61                                            int component,
62                                            const std::string& ice_ufrag,
63                                            const std::string& ice_pwd,
64                                            uint32_t flags)
65     : flags_(flags),
66       generation_(0),
67       content_name_(content_name),
68       component_(component),
69       ice_ufrag_(ice_ufrag),
70       ice_pwd_(ice_pwd) {
71   // Pooled sessions are allowed to be created with empty content name,
72   // component, ufrag and password.
73   RTC_DCHECK(ice_ufrag.empty() == ice_pwd.empty());
74 }
75 
76 PortAllocatorSession::~PortAllocatorSession() = default;
77 
IsCleared() const78 bool PortAllocatorSession::IsCleared() const {
79   return false;
80 }
81 
IsStopped() const82 bool PortAllocatorSession::IsStopped() const {
83   return false;
84 }
85 
generation()86 uint32_t PortAllocatorSession::generation() {
87   return generation_;
88 }
89 
set_generation(uint32_t generation)90 void PortAllocatorSession::set_generation(uint32_t generation) {
91   generation_ = generation;
92 }
93 
PortAllocator()94 PortAllocator::PortAllocator()
95     : flags_(kDefaultPortAllocatorFlags),
96       min_port_(0),
97       max_port_(0),
98       max_ipv6_networks_(kDefaultMaxIPv6Networks),
99       step_delay_(kDefaultStepDelay),
100       allow_tcp_listen_(true),
101       candidate_filter_(CF_ALL) {
102   // The allocator will be attached to a thread in Initialize.
103   thread_checker_.Detach();
104 }
105 
Initialize()106 void PortAllocator::Initialize() {
107   RTC_DCHECK(thread_checker_.IsCurrent());
108   initialized_ = true;
109 }
110 
~PortAllocator()111 PortAllocator::~PortAllocator() {
112   CheckRunOnValidThreadIfInitialized();
113 }
114 
set_restrict_ice_credentials_change(bool value)115 void PortAllocator::set_restrict_ice_credentials_change(bool value) {
116   restrict_ice_credentials_change_ = value;
117 }
118 
119 // Deprecated
SetConfiguration(const ServerAddresses & stun_servers,const std::vector<RelayServerConfig> & turn_servers,int candidate_pool_size,bool prune_turn_ports,webrtc::TurnCustomizer * turn_customizer,const absl::optional<int> & stun_candidate_keepalive_interval)120 bool PortAllocator::SetConfiguration(
121     const ServerAddresses& stun_servers,
122     const std::vector<RelayServerConfig>& turn_servers,
123     int candidate_pool_size,
124     bool prune_turn_ports,
125     webrtc::TurnCustomizer* turn_customizer,
126     const absl::optional<int>& stun_candidate_keepalive_interval) {
127   webrtc::PortPrunePolicy turn_port_prune_policy =
128       prune_turn_ports ? webrtc::PRUNE_BASED_ON_PRIORITY : webrtc::NO_PRUNE;
129   return SetConfiguration(stun_servers, turn_servers, candidate_pool_size,
130                           turn_port_prune_policy, turn_customizer,
131                           stun_candidate_keepalive_interval);
132 }
133 
SetConfiguration(const ServerAddresses & stun_servers,const std::vector<RelayServerConfig> & turn_servers,int candidate_pool_size,webrtc::PortPrunePolicy turn_port_prune_policy,webrtc::TurnCustomizer * turn_customizer,const absl::optional<int> & stun_candidate_keepalive_interval)134 bool PortAllocator::SetConfiguration(
135     const ServerAddresses& stun_servers,
136     const std::vector<RelayServerConfig>& turn_servers,
137     int candidate_pool_size,
138     webrtc::PortPrunePolicy turn_port_prune_policy,
139     webrtc::TurnCustomizer* turn_customizer,
140     const absl::optional<int>& stun_candidate_keepalive_interval) {
141   CheckRunOnValidThreadIfInitialized();
142   // A positive candidate pool size would lead to the creation of a pooled
143   // allocator session and starting getting ports, which we should only do on
144   // the network thread.
145   RTC_DCHECK(candidate_pool_size == 0 || thread_checker_.IsCurrent());
146   bool ice_servers_changed =
147       (stun_servers != stun_servers_ || turn_servers != turn_servers_);
148   stun_servers_ = stun_servers;
149   turn_servers_ = turn_servers;
150   turn_port_prune_policy_ = turn_port_prune_policy;
151 
152   if (candidate_pool_frozen_) {
153     if (candidate_pool_size != candidate_pool_size_) {
154       RTC_LOG(LS_ERROR)
155           << "Trying to change candidate pool size after pool was frozen.";
156       return false;
157     }
158     return true;
159   }
160 
161   if (candidate_pool_size < 0) {
162     RTC_LOG(LS_ERROR) << "Can't set negative pool size.";
163     return false;
164   }
165 
166   candidate_pool_size_ = candidate_pool_size;
167 
168   // If ICE servers changed, throw away any existing pooled sessions and create
169   // new ones.
170   if (ice_servers_changed) {
171     pooled_sessions_.clear();
172   }
173 
174   turn_customizer_ = turn_customizer;
175 
176   // If |candidate_pool_size_| is less than the number of pooled sessions, get
177   // rid of the extras.
178   while (candidate_pool_size_ < static_cast<int>(pooled_sessions_.size())) {
179     pooled_sessions_.back().reset(nullptr);
180     pooled_sessions_.pop_back();
181   }
182 
183   // |stun_candidate_keepalive_interval_| will be used in STUN port allocation
184   // in future sessions. We also update the ready ports in the pooled sessions.
185   // Ports in sessions that are taken and owned by P2PTransportChannel will be
186   // updated there via IceConfig.
187   stun_candidate_keepalive_interval_ = stun_candidate_keepalive_interval;
188   for (const auto& session : pooled_sessions_) {
189     session->SetStunKeepaliveIntervalForReadyPorts(
190         stun_candidate_keepalive_interval_);
191   }
192 
193   // If |candidate_pool_size_| is greater than the number of pooled sessions,
194   // create new sessions.
195   while (static_cast<int>(pooled_sessions_.size()) < candidate_pool_size_) {
196     IceParameters iceCredentials =
197         IceCredentialsIterator::CreateRandomIceCredentials();
198     PortAllocatorSession* pooled_session =
199         CreateSessionInternal("", 0, iceCredentials.ufrag, iceCredentials.pwd);
200     pooled_session->set_pooled(true);
201     pooled_session->StartGettingPorts();
202     pooled_sessions_.push_back(
203         std::unique_ptr<PortAllocatorSession>(pooled_session));
204   }
205   return true;
206 }
207 
CreateSession(const std::string & content_name,int component,const std::string & ice_ufrag,const std::string & ice_pwd)208 std::unique_ptr<PortAllocatorSession> PortAllocator::CreateSession(
209     const std::string& content_name,
210     int component,
211     const std::string& ice_ufrag,
212     const std::string& ice_pwd) {
213   CheckRunOnValidThreadAndInitialized();
214   auto session = std::unique_ptr<PortAllocatorSession>(
215       CreateSessionInternal(content_name, component, ice_ufrag, ice_pwd));
216   session->SetCandidateFilter(candidate_filter());
217   return session;
218 }
219 
TakePooledSession(const std::string & content_name,int component,const std::string & ice_ufrag,const std::string & ice_pwd)220 std::unique_ptr<PortAllocatorSession> PortAllocator::TakePooledSession(
221     const std::string& content_name,
222     int component,
223     const std::string& ice_ufrag,
224     const std::string& ice_pwd) {
225   CheckRunOnValidThreadAndInitialized();
226   RTC_DCHECK(!ice_ufrag.empty());
227   RTC_DCHECK(!ice_pwd.empty());
228   if (pooled_sessions_.empty()) {
229     return nullptr;
230   }
231 
232   IceParameters credentials(ice_ufrag, ice_pwd, false);
233   // If restrict_ice_credentials_change_ is TRUE, then call FindPooledSession
234   // with ice credentials. Otherwise call it with nullptr which means
235   // "find any" pooled session.
236   auto cit = FindPooledSession(restrict_ice_credentials_change_ ? &credentials
237                                                                 : nullptr);
238   if (cit == pooled_sessions_.end()) {
239     return nullptr;
240   }
241 
242   auto it =
243       pooled_sessions_.begin() + std::distance(pooled_sessions_.cbegin(), cit);
244   std::unique_ptr<PortAllocatorSession> ret = std::move(*it);
245   ret->SetIceParameters(content_name, component, ice_ufrag, ice_pwd);
246   ret->set_pooled(false);
247   // According to JSEP, a pooled session should filter candidates only
248   // after it's taken out of the pool.
249   ret->SetCandidateFilter(candidate_filter());
250   pooled_sessions_.erase(it);
251   return ret;
252 }
253 
GetPooledSession(const IceParameters * ice_credentials) const254 const PortAllocatorSession* PortAllocator::GetPooledSession(
255     const IceParameters* ice_credentials) const {
256   CheckRunOnValidThreadAndInitialized();
257   auto it = FindPooledSession(ice_credentials);
258   if (it == pooled_sessions_.end()) {
259     return nullptr;
260   } else {
261     return it->get();
262   }
263 }
264 
265 std::vector<std::unique_ptr<PortAllocatorSession>>::const_iterator
FindPooledSession(const IceParameters * ice_credentials) const266 PortAllocator::FindPooledSession(const IceParameters* ice_credentials) const {
267   for (auto it = pooled_sessions_.begin(); it != pooled_sessions_.end(); ++it) {
268     if (ice_credentials == nullptr ||
269         ((*it)->ice_ufrag() == ice_credentials->ufrag &&
270          (*it)->ice_pwd() == ice_credentials->pwd)) {
271       return it;
272     }
273   }
274   return pooled_sessions_.end();
275 }
276 
FreezeCandidatePool()277 void PortAllocator::FreezeCandidatePool() {
278   CheckRunOnValidThreadAndInitialized();
279   candidate_pool_frozen_ = true;
280 }
281 
DiscardCandidatePool()282 void PortAllocator::DiscardCandidatePool() {
283   CheckRunOnValidThreadIfInitialized();
284   pooled_sessions_.clear();
285 }
286 
SetCandidateFilter(uint32_t filter)287 void PortAllocator::SetCandidateFilter(uint32_t filter) {
288   CheckRunOnValidThreadIfInitialized();
289   if (candidate_filter_ == filter) {
290     return;
291   }
292   uint32_t prev_filter = candidate_filter_;
293   candidate_filter_ = filter;
294   SignalCandidateFilterChanged(prev_filter, filter);
295 }
296 
GetCandidateStatsFromPooledSessions(CandidateStatsList * candidate_stats_list)297 void PortAllocator::GetCandidateStatsFromPooledSessions(
298     CandidateStatsList* candidate_stats_list) {
299   CheckRunOnValidThreadAndInitialized();
300   for (const auto& session : pooled_sessions()) {
301     session->GetCandidateStatsFromReadyPorts(candidate_stats_list);
302   }
303 }
304 
GetPooledIceCredentials()305 std::vector<IceParameters> PortAllocator::GetPooledIceCredentials() {
306   CheckRunOnValidThreadAndInitialized();
307   std::vector<IceParameters> list;
308   for (const auto& session : pooled_sessions_) {
309     list.push_back(
310         IceParameters(session->ice_ufrag(), session->ice_pwd(), false));
311   }
312   return list;
313 }
314 
SanitizeCandidate(const Candidate & c) const315 Candidate PortAllocator::SanitizeCandidate(const Candidate& c) const {
316   CheckRunOnValidThreadAndInitialized();
317   // For a local host candidate, we need to conceal its IP address candidate if
318   // the mDNS obfuscation is enabled.
319   bool use_hostname_address =
320       c.type() == LOCAL_PORT_TYPE && MdnsObfuscationEnabled();
321   // If adapter enumeration is disabled or host candidates are disabled,
322   // clear the raddr of STUN candidates to avoid local address leakage.
323   bool filter_stun_related_address =
324       ((flags() & PORTALLOCATOR_DISABLE_ADAPTER_ENUMERATION) &&
325        (flags() & PORTALLOCATOR_DISABLE_DEFAULT_LOCAL_CANDIDATE)) ||
326       !(candidate_filter_ & CF_HOST) || MdnsObfuscationEnabled();
327   // If the candidate filter doesn't allow reflexive addresses, empty TURN raddr
328   // to avoid reflexive address leakage.
329   bool filter_turn_related_address = !(candidate_filter_ & CF_REFLEXIVE);
330   bool filter_related_address =
331       ((c.type() == STUN_PORT_TYPE && filter_stun_related_address) ||
332        (c.type() == RELAY_PORT_TYPE && filter_turn_related_address));
333   return c.ToSanitizedCopy(use_hostname_address, filter_related_address);
334 }
335 
336 }  // namespace cricket
337