1 /*
2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #include "webrtc/p2p/base/port.h"
12 
13 #include <algorithm>
14 #include <vector>
15 
16 #include "webrtc/p2p/base/common.h"
17 #include "webrtc/p2p/base/portallocator.h"
18 #include "webrtc/base/base64.h"
19 #include "webrtc/base/crc32.h"
20 #include "webrtc/base/helpers.h"
21 #include "webrtc/base/logging.h"
22 #include "webrtc/base/messagedigest.h"
23 #include "webrtc/base/scoped_ptr.h"
24 #include "webrtc/base/stringencode.h"
25 #include "webrtc/base/stringutils.h"
26 
27 namespace {
28 
29 // Determines whether we have seen at least the given maximum number of
30 // pings fail to have a response.
TooManyFailures(const std::vector<cricket::Connection::SentPing> & pings_since_last_response,uint32_t maximum_failures,uint32_t rtt_estimate,uint32_t now)31 inline bool TooManyFailures(
32     const std::vector<cricket::Connection::SentPing>& pings_since_last_response,
33     uint32_t maximum_failures,
34     uint32_t rtt_estimate,
35     uint32_t now) {
36   // If we haven't sent that many pings, then we can't have failed that many.
37   if (pings_since_last_response.size() < maximum_failures)
38     return false;
39 
40   // Check if the window in which we would expect a response to the ping has
41   // already elapsed.
42   uint32_t expected_response_time =
43       pings_since_last_response[maximum_failures - 1].sent_time + rtt_estimate;
44   return now > expected_response_time;
45 }
46 
47 // Determines whether we have gone too long without seeing any response.
TooLongWithoutResponse(const std::vector<cricket::Connection::SentPing> & pings_since_last_response,uint32_t maximum_time,uint32_t now)48 inline bool TooLongWithoutResponse(
49     const std::vector<cricket::Connection::SentPing>& pings_since_last_response,
50     uint32_t maximum_time,
51     uint32_t now) {
52   if (pings_since_last_response.size() == 0)
53     return false;
54 
55   auto first = pings_since_last_response[0];
56   return now > (first.sent_time + maximum_time);
57 }
58 
59 // We will restrict RTT estimates (when used for determining state) to be
60 // within a reasonable range.
61 const uint32_t MINIMUM_RTT = 100;   // 0.1 seconds
62 const uint32_t MAXIMUM_RTT = 3000;  // 3 seconds
63 
64 // When we don't have any RTT data, we have to pick something reasonable.  We
65 // use a large value just in case the connection is really slow.
66 const uint32_t DEFAULT_RTT = MAXIMUM_RTT;
67 
68 // Computes our estimate of the RTT given the current estimate.
ConservativeRTTEstimate(uint32_t rtt)69 inline uint32_t ConservativeRTTEstimate(uint32_t rtt) {
70   return std::max(MINIMUM_RTT, std::min(MAXIMUM_RTT, 2 * rtt));
71 }
72 
73 // Weighting of the old rtt value to new data.
74 const int RTT_RATIO = 3;  // 3 : 1
75 
76 // The delay before we begin checking if this port is useless.
77 const int kPortTimeoutDelay = 30 * 1000;  // 30 seconds
78 }
79 
80 namespace cricket {
81 
82 // TODO(ronghuawu): Use "host", "srflx", "prflx" and "relay". But this requires
83 // the signaling part be updated correspondingly as well.
84 const char LOCAL_PORT_TYPE[] = "local";
85 const char STUN_PORT_TYPE[] = "stun";
86 const char PRFLX_PORT_TYPE[] = "prflx";
87 const char RELAY_PORT_TYPE[] = "relay";
88 
89 const char UDP_PROTOCOL_NAME[] = "udp";
90 const char TCP_PROTOCOL_NAME[] = "tcp";
91 const char SSLTCP_PROTOCOL_NAME[] = "ssltcp";
92 
93 static const char* const PROTO_NAMES[] = { UDP_PROTOCOL_NAME,
94                                            TCP_PROTOCOL_NAME,
95                                            SSLTCP_PROTOCOL_NAME };
96 
ProtoToString(ProtocolType proto)97 const char* ProtoToString(ProtocolType proto) {
98   return PROTO_NAMES[proto];
99 }
100 
StringToProto(const char * value,ProtocolType * proto)101 bool StringToProto(const char* value, ProtocolType* proto) {
102   for (size_t i = 0; i <= PROTO_LAST; ++i) {
103     if (_stricmp(PROTO_NAMES[i], value) == 0) {
104       *proto = static_cast<ProtocolType>(i);
105       return true;
106     }
107   }
108   return false;
109 }
110 
111 // RFC 6544, TCP candidate encoding rules.
112 const int DISCARD_PORT = 9;
113 const char TCPTYPE_ACTIVE_STR[] = "active";
114 const char TCPTYPE_PASSIVE_STR[] = "passive";
115 const char TCPTYPE_SIMOPEN_STR[] = "so";
116 
117 // Foundation:  An arbitrary string that is the same for two candidates
118 //   that have the same type, base IP address, protocol (UDP, TCP,
119 //   etc.), and STUN or TURN server.  If any of these are different,
120 //   then the foundation will be different.  Two candidate pairs with
121 //   the same foundation pairs are likely to have similar network
122 //   characteristics.  Foundations are used in the frozen algorithm.
ComputeFoundation(const std::string & type,const std::string & protocol,const rtc::SocketAddress & base_address)123 static std::string ComputeFoundation(
124     const std::string& type,
125     const std::string& protocol,
126     const rtc::SocketAddress& base_address) {
127   std::ostringstream ost;
128   ost << type << base_address.ipaddr().ToString() << protocol;
129   return rtc::ToString<uint32_t>(rtc::ComputeCrc32(ost.str()));
130 }
131 
Port(rtc::Thread * thread,rtc::PacketSocketFactory * factory,rtc::Network * network,const rtc::IPAddress & ip,const std::string & username_fragment,const std::string & password)132 Port::Port(rtc::Thread* thread,
133            rtc::PacketSocketFactory* factory,
134            rtc::Network* network,
135            const rtc::IPAddress& ip,
136            const std::string& username_fragment,
137            const std::string& password)
138     : thread_(thread),
139       factory_(factory),
140       send_retransmit_count_attribute_(false),
141       network_(network),
142       ip_(ip),
143       min_port_(0),
144       max_port_(0),
145       component_(ICE_CANDIDATE_COMPONENT_DEFAULT),
146       generation_(0),
147       ice_username_fragment_(username_fragment),
148       password_(password),
149       timeout_delay_(kPortTimeoutDelay),
150       enable_port_packets_(false),
151       ice_role_(ICEROLE_UNKNOWN),
152       tiebreaker_(0),
153       shared_socket_(true),
154       candidate_filter_(CF_ALL) {
155   Construct();
156 }
157 
Port(rtc::Thread * thread,const std::string & type,rtc::PacketSocketFactory * factory,rtc::Network * network,const rtc::IPAddress & ip,uint16_t min_port,uint16_t max_port,const std::string & username_fragment,const std::string & password)158 Port::Port(rtc::Thread* thread,
159            const std::string& type,
160            rtc::PacketSocketFactory* factory,
161            rtc::Network* network,
162            const rtc::IPAddress& ip,
163            uint16_t min_port,
164            uint16_t max_port,
165            const std::string& username_fragment,
166            const std::string& password)
167     : thread_(thread),
168       factory_(factory),
169       type_(type),
170       send_retransmit_count_attribute_(false),
171       network_(network),
172       ip_(ip),
173       min_port_(min_port),
174       max_port_(max_port),
175       component_(ICE_CANDIDATE_COMPONENT_DEFAULT),
176       generation_(0),
177       ice_username_fragment_(username_fragment),
178       password_(password),
179       timeout_delay_(kPortTimeoutDelay),
180       enable_port_packets_(false),
181       ice_role_(ICEROLE_UNKNOWN),
182       tiebreaker_(0),
183       shared_socket_(false),
184       candidate_filter_(CF_ALL) {
185   ASSERT(factory_ != NULL);
186   Construct();
187 }
188 
Construct()189 void Port::Construct() {
190   // TODO(pthatcher): Remove this old behavior once we're sure no one
191   // relies on it.  If the username_fragment and password are empty,
192   // we should just create one.
193   if (ice_username_fragment_.empty()) {
194     ASSERT(password_.empty());
195     ice_username_fragment_ = rtc::CreateRandomString(ICE_UFRAG_LENGTH);
196     password_ = rtc::CreateRandomString(ICE_PWD_LENGTH);
197   }
198   LOG_J(LS_INFO, this) << "Port created";
199 }
200 
~Port()201 Port::~Port() {
202   // Delete all of the remaining connections.  We copy the list up front
203   // because each deletion will cause it to be modified.
204 
205   std::vector<Connection*> list;
206 
207   AddressMap::iterator iter = connections_.begin();
208   while (iter != connections_.end()) {
209     list.push_back(iter->second);
210     ++iter;
211   }
212 
213   for (uint32_t i = 0; i < list.size(); i++)
214     delete list[i];
215 }
216 
GetConnection(const rtc::SocketAddress & remote_addr)217 Connection* Port::GetConnection(const rtc::SocketAddress& remote_addr) {
218   AddressMap::const_iterator iter = connections_.find(remote_addr);
219   if (iter != connections_.end())
220     return iter->second;
221   else
222     return NULL;
223 }
224 
AddAddress(const rtc::SocketAddress & address,const rtc::SocketAddress & base_address,const rtc::SocketAddress & related_address,const std::string & protocol,const std::string & relay_protocol,const std::string & tcptype,const std::string & type,uint32_t type_preference,uint32_t relay_preference,bool final)225 void Port::AddAddress(const rtc::SocketAddress& address,
226                       const rtc::SocketAddress& base_address,
227                       const rtc::SocketAddress& related_address,
228                       const std::string& protocol,
229                       const std::string& relay_protocol,
230                       const std::string& tcptype,
231                       const std::string& type,
232                       uint32_t type_preference,
233                       uint32_t relay_preference,
234                       bool final) {
235   if (protocol == TCP_PROTOCOL_NAME && type == LOCAL_PORT_TYPE) {
236     ASSERT(!tcptype.empty());
237   }
238 
239   Candidate c;
240   c.set_id(rtc::CreateRandomString(8));
241   c.set_component(component_);
242   c.set_type(type);
243   c.set_protocol(protocol);
244   c.set_relay_protocol(relay_protocol);
245   c.set_tcptype(tcptype);
246   c.set_address(address);
247   c.set_priority(c.GetPriority(type_preference, network_->preference(),
248                                relay_preference));
249   c.set_username(username_fragment());
250   c.set_password(password_);
251   c.set_network_name(network_->name());
252   c.set_network_type(network_->type());
253   c.set_generation(generation_);
254   c.set_related_address(related_address);
255   c.set_foundation(ComputeFoundation(type, protocol, base_address));
256   candidates_.push_back(c);
257   SignalCandidateReady(this, c);
258 
259   if (final) {
260     SignalPortComplete(this);
261   }
262 }
263 
AddConnection(Connection * conn)264 void Port::AddConnection(Connection* conn) {
265   connections_[conn->remote_candidate().address()] = conn;
266   conn->SignalDestroyed.connect(this, &Port::OnConnectionDestroyed);
267   SignalConnectionCreated(this, conn);
268 }
269 
OnReadPacket(const char * data,size_t size,const rtc::SocketAddress & addr,ProtocolType proto)270 void Port::OnReadPacket(
271     const char* data, size_t size, const rtc::SocketAddress& addr,
272     ProtocolType proto) {
273   // If the user has enabled port packets, just hand this over.
274   if (enable_port_packets_) {
275     SignalReadPacket(this, data, size, addr);
276     return;
277   }
278 
279   // If this is an authenticated STUN request, then signal unknown address and
280   // send back a proper binding response.
281   rtc::scoped_ptr<IceMessage> msg;
282   std::string remote_username;
283   if (!GetStunMessage(data, size, addr, msg.accept(), &remote_username)) {
284     LOG_J(LS_ERROR, this) << "Received non-STUN packet from unknown address ("
285                           << addr.ToSensitiveString() << ")";
286   } else if (!msg) {
287     // STUN message handled already
288   } else if (msg->type() == STUN_BINDING_REQUEST) {
289     LOG(LS_INFO) << "Received STUN ping "
290                  << " id=" << rtc::hex_encode(msg->transaction_id())
291                  << " from unknown address " << addr.ToSensitiveString();
292 
293     // Check for role conflicts.
294     if (!MaybeIceRoleConflict(addr, msg.get(), remote_username)) {
295       LOG(LS_INFO) << "Received conflicting role from the peer.";
296       return;
297     }
298 
299     SignalUnknownAddress(this, addr, proto, msg.get(), remote_username, false);
300   } else {
301     // NOTE(tschmelcher): STUN_BINDING_RESPONSE is benign. It occurs if we
302     // pruned a connection for this port while it had STUN requests in flight,
303     // because we then get back responses for them, which this code correctly
304     // does not handle.
305     if (msg->type() != STUN_BINDING_RESPONSE) {
306       LOG_J(LS_ERROR, this) << "Received unexpected STUN message type ("
307                             << msg->type() << ") from unknown address ("
308                             << addr.ToSensitiveString() << ")";
309     }
310   }
311 }
312 
OnReadyToSend()313 void Port::OnReadyToSend() {
314   AddressMap::iterator iter = connections_.begin();
315   for (; iter != connections_.end(); ++iter) {
316     iter->second->OnReadyToSend();
317   }
318 }
319 
AddPrflxCandidate(const Candidate & local)320 size_t Port::AddPrflxCandidate(const Candidate& local) {
321   candidates_.push_back(local);
322   return (candidates_.size() - 1);
323 }
324 
GetStunMessage(const char * data,size_t size,const rtc::SocketAddress & addr,IceMessage ** out_msg,std::string * out_username)325 bool Port::GetStunMessage(const char* data, size_t size,
326                           const rtc::SocketAddress& addr,
327                           IceMessage** out_msg, std::string* out_username) {
328   // NOTE: This could clearly be optimized to avoid allocating any memory.
329   //       However, at the data rates we'll be looking at on the client side,
330   //       this probably isn't worth worrying about.
331   ASSERT(out_msg != NULL);
332   ASSERT(out_username != NULL);
333   *out_msg = NULL;
334   out_username->clear();
335 
336   // Don't bother parsing the packet if we can tell it's not STUN.
337   // In ICE mode, all STUN packets will have a valid fingerprint.
338   if (!StunMessage::ValidateFingerprint(data, size)) {
339     return false;
340   }
341 
342   // Parse the request message.  If the packet is not a complete and correct
343   // STUN message, then ignore it.
344   rtc::scoped_ptr<IceMessage> stun_msg(new IceMessage());
345   rtc::ByteBuffer buf(data, size);
346   if (!stun_msg->Read(&buf) || (buf.Length() > 0)) {
347     return false;
348   }
349 
350   if (stun_msg->type() == STUN_BINDING_REQUEST) {
351     // Check for the presence of USERNAME and MESSAGE-INTEGRITY (if ICE) first.
352     // If not present, fail with a 400 Bad Request.
353     if (!stun_msg->GetByteString(STUN_ATTR_USERNAME) ||
354         !stun_msg->GetByteString(STUN_ATTR_MESSAGE_INTEGRITY)) {
355       LOG_J(LS_ERROR, this) << "Received STUN request without username/M-I "
356                             << "from " << addr.ToSensitiveString();
357       SendBindingErrorResponse(stun_msg.get(), addr, STUN_ERROR_BAD_REQUEST,
358                                STUN_ERROR_REASON_BAD_REQUEST);
359       return true;
360     }
361 
362     // If the username is bad or unknown, fail with a 401 Unauthorized.
363     std::string local_ufrag;
364     std::string remote_ufrag;
365     if (!ParseStunUsername(stun_msg.get(), &local_ufrag, &remote_ufrag) ||
366         local_ufrag != username_fragment()) {
367       LOG_J(LS_ERROR, this) << "Received STUN request with bad local username "
368                             << local_ufrag << " from "
369                             << addr.ToSensitiveString();
370       SendBindingErrorResponse(stun_msg.get(), addr, STUN_ERROR_UNAUTHORIZED,
371                                STUN_ERROR_REASON_UNAUTHORIZED);
372       return true;
373     }
374 
375     // If ICE, and the MESSAGE-INTEGRITY is bad, fail with a 401 Unauthorized
376     if (!stun_msg->ValidateMessageIntegrity(data, size, password_)) {
377       LOG_J(LS_ERROR, this) << "Received STUN request with bad M-I "
378                             << "from " << addr.ToSensitiveString()
379                             << ", password_=" << password_;
380       SendBindingErrorResponse(stun_msg.get(), addr, STUN_ERROR_UNAUTHORIZED,
381                                STUN_ERROR_REASON_UNAUTHORIZED);
382       return true;
383     }
384     out_username->assign(remote_ufrag);
385   } else if ((stun_msg->type() == STUN_BINDING_RESPONSE) ||
386              (stun_msg->type() == STUN_BINDING_ERROR_RESPONSE)) {
387     if (stun_msg->type() == STUN_BINDING_ERROR_RESPONSE) {
388       if (const StunErrorCodeAttribute* error_code = stun_msg->GetErrorCode()) {
389         LOG_J(LS_ERROR, this) << "Received STUN binding error:"
390                               << " class=" << error_code->eclass()
391                               << " number=" << error_code->number()
392                               << " reason='" << error_code->reason() << "'"
393                               << " from " << addr.ToSensitiveString();
394         // Return message to allow error-specific processing
395       } else {
396         LOG_J(LS_ERROR, this) << "Received STUN binding error without a error "
397                               << "code from " << addr.ToSensitiveString();
398         return true;
399       }
400     }
401     // NOTE: Username should not be used in verifying response messages.
402     out_username->clear();
403   } else if (stun_msg->type() == STUN_BINDING_INDICATION) {
404     LOG_J(LS_VERBOSE, this) << "Received STUN binding indication:"
405                             << " from " << addr.ToSensitiveString();
406     out_username->clear();
407     // No stun attributes will be verified, if it's stun indication message.
408     // Returning from end of the this method.
409   } else {
410     LOG_J(LS_ERROR, this) << "Received STUN packet with invalid type ("
411                           << stun_msg->type() << ") from "
412                           << addr.ToSensitiveString();
413     return true;
414   }
415 
416   // Return the STUN message found.
417   *out_msg = stun_msg.release();
418   return true;
419 }
420 
IsCompatibleAddress(const rtc::SocketAddress & addr)421 bool Port::IsCompatibleAddress(const rtc::SocketAddress& addr) {
422   int family = ip().family();
423   // We use single-stack sockets, so families must match.
424   if (addr.family() != family) {
425     return false;
426   }
427   // Link-local IPv6 ports can only connect to other link-local IPv6 ports.
428   if (family == AF_INET6 &&
429       (IPIsLinkLocal(ip()) != IPIsLinkLocal(addr.ipaddr()))) {
430     return false;
431   }
432   return true;
433 }
434 
ParseStunUsername(const StunMessage * stun_msg,std::string * local_ufrag,std::string * remote_ufrag) const435 bool Port::ParseStunUsername(const StunMessage* stun_msg,
436                              std::string* local_ufrag,
437                              std::string* remote_ufrag) const {
438   // The packet must include a username that either begins or ends with our
439   // fragment.  It should begin with our fragment if it is a request and it
440   // should end with our fragment if it is a response.
441   local_ufrag->clear();
442   remote_ufrag->clear();
443   const StunByteStringAttribute* username_attr =
444         stun_msg->GetByteString(STUN_ATTR_USERNAME);
445   if (username_attr == NULL)
446     return false;
447 
448   // RFRAG:LFRAG
449   const std::string username = username_attr->GetString();
450   size_t colon_pos = username.find(":");
451   if (colon_pos == std::string::npos) {
452     return false;
453   }
454 
455   *local_ufrag = username.substr(0, colon_pos);
456   *remote_ufrag = username.substr(colon_pos + 1, username.size());
457   return true;
458 }
459 
MaybeIceRoleConflict(const rtc::SocketAddress & addr,IceMessage * stun_msg,const std::string & remote_ufrag)460 bool Port::MaybeIceRoleConflict(
461     const rtc::SocketAddress& addr, IceMessage* stun_msg,
462     const std::string& remote_ufrag) {
463   // Validate ICE_CONTROLLING or ICE_CONTROLLED attributes.
464   bool ret = true;
465   IceRole remote_ice_role = ICEROLE_UNKNOWN;
466   uint64_t remote_tiebreaker = 0;
467   const StunUInt64Attribute* stun_attr =
468       stun_msg->GetUInt64(STUN_ATTR_ICE_CONTROLLING);
469   if (stun_attr) {
470     remote_ice_role = ICEROLE_CONTROLLING;
471     remote_tiebreaker = stun_attr->value();
472   }
473 
474   // If |remote_ufrag| is same as port local username fragment and
475   // tie breaker value received in the ping message matches port
476   // tiebreaker value this must be a loopback call.
477   // We will treat this as valid scenario.
478   if (remote_ice_role == ICEROLE_CONTROLLING &&
479       username_fragment() == remote_ufrag &&
480       remote_tiebreaker == IceTiebreaker()) {
481     return true;
482   }
483 
484   stun_attr = stun_msg->GetUInt64(STUN_ATTR_ICE_CONTROLLED);
485   if (stun_attr) {
486     remote_ice_role = ICEROLE_CONTROLLED;
487     remote_tiebreaker = stun_attr->value();
488   }
489 
490   switch (ice_role_) {
491     case ICEROLE_CONTROLLING:
492       if (ICEROLE_CONTROLLING == remote_ice_role) {
493         if (remote_tiebreaker >= tiebreaker_) {
494           SignalRoleConflict(this);
495         } else {
496           // Send Role Conflict (487) error response.
497           SendBindingErrorResponse(stun_msg, addr,
498               STUN_ERROR_ROLE_CONFLICT, STUN_ERROR_REASON_ROLE_CONFLICT);
499           ret = false;
500         }
501       }
502       break;
503     case ICEROLE_CONTROLLED:
504       if (ICEROLE_CONTROLLED == remote_ice_role) {
505         if (remote_tiebreaker < tiebreaker_) {
506           SignalRoleConflict(this);
507         } else {
508           // Send Role Conflict (487) error response.
509           SendBindingErrorResponse(stun_msg, addr,
510               STUN_ERROR_ROLE_CONFLICT, STUN_ERROR_REASON_ROLE_CONFLICT);
511           ret = false;
512         }
513       }
514       break;
515     default:
516       ASSERT(false);
517   }
518   return ret;
519 }
520 
CreateStunUsername(const std::string & remote_username,std::string * stun_username_attr_str) const521 void Port::CreateStunUsername(const std::string& remote_username,
522                               std::string* stun_username_attr_str) const {
523   stun_username_attr_str->clear();
524   *stun_username_attr_str = remote_username;
525   stun_username_attr_str->append(":");
526   stun_username_attr_str->append(username_fragment());
527 }
528 
SendBindingResponse(StunMessage * request,const rtc::SocketAddress & addr)529 void Port::SendBindingResponse(StunMessage* request,
530                                const rtc::SocketAddress& addr) {
531   ASSERT(request->type() == STUN_BINDING_REQUEST);
532 
533   // Retrieve the username from the request.
534   const StunByteStringAttribute* username_attr =
535       request->GetByteString(STUN_ATTR_USERNAME);
536   ASSERT(username_attr != NULL);
537   if (username_attr == NULL) {
538     // No valid username, skip the response.
539     return;
540   }
541 
542   // Fill in the response message.
543   StunMessage response;
544   response.SetType(STUN_BINDING_RESPONSE);
545   response.SetTransactionID(request->transaction_id());
546   const StunUInt32Attribute* retransmit_attr =
547       request->GetUInt32(STUN_ATTR_RETRANSMIT_COUNT);
548   if (retransmit_attr) {
549     // Inherit the incoming retransmit value in the response so the other side
550     // can see our view of lost pings.
551     response.AddAttribute(new StunUInt32Attribute(
552         STUN_ATTR_RETRANSMIT_COUNT, retransmit_attr->value()));
553 
554     if (retransmit_attr->value() > CONNECTION_WRITE_CONNECT_FAILURES) {
555       LOG_J(LS_INFO, this)
556           << "Received a remote ping with high retransmit count: "
557           << retransmit_attr->value();
558     }
559   }
560 
561   response.AddAttribute(
562       new StunXorAddressAttribute(STUN_ATTR_XOR_MAPPED_ADDRESS, addr));
563   response.AddMessageIntegrity(password_);
564   response.AddFingerprint();
565 
566   // Send the response message.
567   rtc::ByteBuffer buf;
568   response.Write(&buf);
569   rtc::PacketOptions options(DefaultDscpValue());
570   auto err = SendTo(buf.Data(), buf.Length(), addr, options, false);
571   if (err < 0) {
572     LOG_J(LS_ERROR, this)
573         << "Failed to send STUN ping response"
574         << ", to=" << addr.ToSensitiveString()
575         << ", err=" << err
576         << ", id=" << rtc::hex_encode(response.transaction_id());
577   } else {
578     // Log at LS_INFO if we send a stun ping response on an unwritable
579     // connection.
580     Connection* conn = GetConnection(addr);
581     rtc::LoggingSeverity sev = (conn && !conn->writable()) ?
582         rtc::LS_INFO : rtc::LS_VERBOSE;
583     LOG_JV(sev, this)
584         << "Sent STUN ping response"
585         << ", to=" << addr.ToSensitiveString()
586         << ", id=" << rtc::hex_encode(response.transaction_id());
587   }
588 }
589 
SendBindingErrorResponse(StunMessage * request,const rtc::SocketAddress & addr,int error_code,const std::string & reason)590 void Port::SendBindingErrorResponse(StunMessage* request,
591                                     const rtc::SocketAddress& addr,
592                                     int error_code, const std::string& reason) {
593   ASSERT(request->type() == STUN_BINDING_REQUEST);
594 
595   // Fill in the response message.
596   StunMessage response;
597   response.SetType(STUN_BINDING_ERROR_RESPONSE);
598   response.SetTransactionID(request->transaction_id());
599 
600   // When doing GICE, we need to write out the error code incorrectly to
601   // maintain backwards compatiblility.
602   StunErrorCodeAttribute* error_attr = StunAttribute::CreateErrorCode();
603   error_attr->SetCode(error_code);
604   error_attr->SetReason(reason);
605   response.AddAttribute(error_attr);
606 
607   // Per Section 10.1.2, certain error cases don't get a MESSAGE-INTEGRITY,
608   // because we don't have enough information to determine the shared secret.
609   if (error_code != STUN_ERROR_BAD_REQUEST &&
610       error_code != STUN_ERROR_UNAUTHORIZED)
611     response.AddMessageIntegrity(password_);
612   response.AddFingerprint();
613 
614   // Send the response message.
615   rtc::ByteBuffer buf;
616   response.Write(&buf);
617   rtc::PacketOptions options(DefaultDscpValue());
618   SendTo(buf.Data(), buf.Length(), addr, options, false);
619   LOG_J(LS_INFO, this) << "Sending STUN binding error: reason=" << reason
620                        << " to " << addr.ToSensitiveString();
621 }
622 
OnMessage(rtc::Message * pmsg)623 void Port::OnMessage(rtc::Message *pmsg) {
624   ASSERT(pmsg->message_id == MSG_DEAD);
625   if (dead()) {
626     Destroy();
627   }
628 }
629 
ToString() const630 std::string Port::ToString() const {
631   std::stringstream ss;
632   ss << "Port[" << content_name_ << ":" << component_
633      << ":" << generation_ << ":" << type_
634      << ":" << network_->ToString() << "]";
635   return ss.str();
636 }
637 
EnablePortPackets()638 void Port::EnablePortPackets() {
639   enable_port_packets_ = true;
640 }
641 
OnConnectionDestroyed(Connection * conn)642 void Port::OnConnectionDestroyed(Connection* conn) {
643   AddressMap::iterator iter =
644       connections_.find(conn->remote_candidate().address());
645   ASSERT(iter != connections_.end());
646   connections_.erase(iter);
647 
648   // On the controlled side, ports time out after all connections fail.
649   // Note: If a new connection is added after this message is posted, but it
650   // fails and is removed before kPortTimeoutDelay, then this message will
651   // still cause the Port to be destroyed.
652   if (dead()) {
653     thread_->PostDelayed(timeout_delay_, this, MSG_DEAD);
654   }
655 }
656 
Destroy()657 void Port::Destroy() {
658   ASSERT(connections_.empty());
659   LOG_J(LS_INFO, this) << "Port deleted";
660   SignalDestroyed(this);
661   delete this;
662 }
663 
username_fragment() const664 const std::string Port::username_fragment() const {
665   return ice_username_fragment_;
666 }
667 
668 // A ConnectionRequest is a simple STUN ping used to determine writability.
669 class ConnectionRequest : public StunRequest {
670  public:
ConnectionRequest(Connection * connection)671   explicit ConnectionRequest(Connection* connection)
672       : StunRequest(new IceMessage()),
673         connection_(connection) {
674   }
675 
~ConnectionRequest()676   virtual ~ConnectionRequest() {
677   }
678 
Prepare(StunMessage * request)679   void Prepare(StunMessage* request) override {
680     request->SetType(STUN_BINDING_REQUEST);
681     std::string username;
682     connection_->port()->CreateStunUsername(
683         connection_->remote_candidate().username(), &username);
684     request->AddAttribute(
685         new StunByteStringAttribute(STUN_ATTR_USERNAME, username));
686 
687     // connection_ already holds this ping, so subtract one from count.
688     if (connection_->port()->send_retransmit_count_attribute()) {
689       request->AddAttribute(new StunUInt32Attribute(
690           STUN_ATTR_RETRANSMIT_COUNT,
691           static_cast<uint32_t>(connection_->pings_since_last_response_.size() -
692                                 1)));
693     }
694 
695     // Adding ICE_CONTROLLED or ICE_CONTROLLING attribute based on the role.
696     if (connection_->port()->GetIceRole() == ICEROLE_CONTROLLING) {
697       request->AddAttribute(new StunUInt64Attribute(
698           STUN_ATTR_ICE_CONTROLLING, connection_->port()->IceTiebreaker()));
699       // Since we are trying aggressive nomination, sending USE-CANDIDATE
700       // attribute in every ping.
701       // If we are dealing with a ice-lite end point, nomination flag
702       // in Connection will be set to false by default. Once the connection
703       // becomes "best connection", nomination flag will be turned on.
704       if (connection_->use_candidate_attr()) {
705         request->AddAttribute(new StunByteStringAttribute(
706             STUN_ATTR_USE_CANDIDATE));
707       }
708     } else if (connection_->port()->GetIceRole() == ICEROLE_CONTROLLED) {
709       request->AddAttribute(new StunUInt64Attribute(
710           STUN_ATTR_ICE_CONTROLLED, connection_->port()->IceTiebreaker()));
711     } else {
712       ASSERT(false);
713     }
714 
715     // Adding PRIORITY Attribute.
716     // Changing the type preference to Peer Reflexive and local preference
717     // and component id information is unchanged from the original priority.
718     // priority = (2^24)*(type preference) +
719     //           (2^8)*(local preference) +
720     //           (2^0)*(256 - component ID)
721     uint32_t prflx_priority =
722         ICE_TYPE_PREFERENCE_PRFLX << 24 |
723         (connection_->local_candidate().priority() & 0x00FFFFFF);
724     request->AddAttribute(
725         new StunUInt32Attribute(STUN_ATTR_PRIORITY, prflx_priority));
726 
727     // Adding Message Integrity attribute.
728     request->AddMessageIntegrity(connection_->remote_candidate().password());
729     // Adding Fingerprint.
730     request->AddFingerprint();
731   }
732 
OnResponse(StunMessage * response)733   void OnResponse(StunMessage* response) override {
734     connection_->OnConnectionRequestResponse(this, response);
735   }
736 
OnErrorResponse(StunMessage * response)737   void OnErrorResponse(StunMessage* response) override {
738     connection_->OnConnectionRequestErrorResponse(this, response);
739   }
740 
OnTimeout()741   void OnTimeout() override {
742     connection_->OnConnectionRequestTimeout(this);
743   }
744 
OnSent()745   void OnSent() override {
746     connection_->OnConnectionRequestSent(this);
747     // Each request is sent only once.  After a single delay , the request will
748     // time out.
749     timeout_ = true;
750   }
751 
resend_delay()752   int resend_delay() override {
753     return CONNECTION_RESPONSE_TIMEOUT;
754   }
755 
756  private:
757   Connection* connection_;
758 };
759 
760 //
761 // Connection
762 //
763 
Connection(Port * port,size_t index,const Candidate & remote_candidate)764 Connection::Connection(Port* port,
765                        size_t index,
766                        const Candidate& remote_candidate)
767     : port_(port),
768       local_candidate_index_(index),
769       remote_candidate_(remote_candidate),
770       write_state_(STATE_WRITE_INIT),
771       receiving_(false),
772       connected_(true),
773       pruned_(false),
774       use_candidate_attr_(false),
775       nominated_(false),
776       remote_ice_mode_(ICEMODE_FULL),
777       requests_(port->thread()),
778       rtt_(DEFAULT_RTT),
779       last_ping_sent_(0),
780       last_ping_received_(0),
781       last_data_received_(0),
782       last_ping_response_received_(0),
783       recv_rate_tracker_(100u, 10u),
784       send_rate_tracker_(100u, 10u),
785       sent_packets_discarded_(0),
786       sent_packets_total_(0),
787       reported_(false),
788       state_(STATE_WAITING),
789       receiving_timeout_(WEAK_CONNECTION_RECEIVE_TIMEOUT),
790       time_created_ms_(rtc::Time()) {
791   // All of our connections start in WAITING state.
792   // TODO(mallinath) - Start connections from STATE_FROZEN.
793   // Wire up to send stun packets
794   requests_.SignalSendPacket.connect(this, &Connection::OnSendStunPacket);
795   LOG_J(LS_INFO, this) << "Connection created";
796 }
797 
~Connection()798 Connection::~Connection() {
799 }
800 
local_candidate() const801 const Candidate& Connection::local_candidate() const {
802   ASSERT(local_candidate_index_ < port_->Candidates().size());
803   return port_->Candidates()[local_candidate_index_];
804 }
805 
priority() const806 uint64_t Connection::priority() const {
807   uint64_t priority = 0;
808   // RFC 5245 - 5.7.2.  Computing Pair Priority and Ordering Pairs
809   // Let G be the priority for the candidate provided by the controlling
810   // agent.  Let D be the priority for the candidate provided by the
811   // controlled agent.
812   // pair priority = 2^32*MIN(G,D) + 2*MAX(G,D) + (G>D?1:0)
813   IceRole role = port_->GetIceRole();
814   if (role != ICEROLE_UNKNOWN) {
815     uint32_t g = 0;
816     uint32_t d = 0;
817     if (role == ICEROLE_CONTROLLING) {
818       g = local_candidate().priority();
819       d = remote_candidate_.priority();
820     } else {
821       g = remote_candidate_.priority();
822       d = local_candidate().priority();
823     }
824     priority = std::min(g, d);
825     priority = priority << 32;
826     priority += 2 * std::max(g, d) + (g > d ? 1 : 0);
827   }
828   return priority;
829 }
830 
set_write_state(WriteState value)831 void Connection::set_write_state(WriteState value) {
832   WriteState old_value = write_state_;
833   write_state_ = value;
834   if (value != old_value) {
835     LOG_J(LS_VERBOSE, this) << "set_write_state from: " << old_value << " to "
836                             << value;
837     SignalStateChange(this);
838   }
839 }
840 
set_receiving(bool value)841 void Connection::set_receiving(bool value) {
842   if (value != receiving_) {
843     LOG_J(LS_VERBOSE, this) << "set_receiving to " << value;
844     receiving_ = value;
845     SignalStateChange(this);
846   }
847 }
848 
set_state(State state)849 void Connection::set_state(State state) {
850   State old_state = state_;
851   state_ = state;
852   if (state != old_state) {
853     LOG_J(LS_VERBOSE, this) << "set_state";
854   }
855 }
856 
set_connected(bool value)857 void Connection::set_connected(bool value) {
858   bool old_value = connected_;
859   connected_ = value;
860   if (value != old_value) {
861     LOG_J(LS_VERBOSE, this) << "set_connected from: " << old_value << " to "
862                             << value;
863   }
864 }
865 
set_use_candidate_attr(bool enable)866 void Connection::set_use_candidate_attr(bool enable) {
867   use_candidate_attr_ = enable;
868 }
869 
OnSendStunPacket(const void * data,size_t size,StunRequest * req)870 void Connection::OnSendStunPacket(const void* data, size_t size,
871                                   StunRequest* req) {
872   rtc::PacketOptions options(port_->DefaultDscpValue());
873   auto err = port_->SendTo(
874       data, size, remote_candidate_.address(), options, false);
875   if (err < 0) {
876     LOG_J(LS_WARNING, this) << "Failed to send STUN ping "
877                             << " err=" << err
878                             << " id=" << rtc::hex_encode(req->id());
879   }
880 }
881 
OnReadPacket(const char * data,size_t size,const rtc::PacketTime & packet_time)882 void Connection::OnReadPacket(
883   const char* data, size_t size, const rtc::PacketTime& packet_time) {
884   rtc::scoped_ptr<IceMessage> msg;
885   std::string remote_ufrag;
886   const rtc::SocketAddress& addr(remote_candidate_.address());
887   if (!port_->GetStunMessage(data, size, addr, msg.accept(), &remote_ufrag)) {
888     // The packet did not parse as a valid STUN message
889     // This is a data packet, pass it along.
890     set_receiving(true);
891     last_data_received_ = rtc::Time();
892     recv_rate_tracker_.AddSamples(size);
893     SignalReadPacket(this, data, size, packet_time);
894 
895     // If timed out sending writability checks, start up again
896     if (!pruned_ && (write_state_ == STATE_WRITE_TIMEOUT)) {
897       LOG(LS_WARNING) << "Received a data packet on a timed-out Connection. "
898                       << "Resetting state to STATE_WRITE_INIT.";
899       set_write_state(STATE_WRITE_INIT);
900     }
901   } else if (!msg) {
902     // The packet was STUN, but failed a check and was handled internally.
903   } else {
904     // The packet is STUN and passed the Port checks.
905     // Perform our own checks to ensure this packet is valid.
906     // If this is a STUN request, then update the receiving bit and respond.
907     // If this is a STUN response, then update the writable bit.
908     // Log at LS_INFO if we receive a ping on an unwritable connection.
909     rtc::LoggingSeverity sev = (!writable() ? rtc::LS_INFO : rtc::LS_VERBOSE);
910     switch (msg->type()) {
911       case STUN_BINDING_REQUEST:
912         LOG_JV(sev, this) << "Received STUN ping"
913                           << ", id=" << rtc::hex_encode(msg->transaction_id());
914 
915         if (remote_ufrag == remote_candidate_.username()) {
916           HandleBindingRequest(msg.get());
917         } else {
918           // The packet had the right local username, but the remote username
919           // was not the right one for the remote address.
920           LOG_J(LS_ERROR, this)
921             << "Received STUN request with bad remote username "
922             << remote_ufrag;
923           port_->SendBindingErrorResponse(msg.get(), addr,
924                                           STUN_ERROR_UNAUTHORIZED,
925                                           STUN_ERROR_REASON_UNAUTHORIZED);
926 
927         }
928         break;
929 
930       // Response from remote peer. Does it match request sent?
931       // This doesn't just check, it makes callbacks if transaction
932       // id's match.
933       case STUN_BINDING_RESPONSE:
934       case STUN_BINDING_ERROR_RESPONSE:
935         if (msg->ValidateMessageIntegrity(
936                 data, size, remote_candidate().password())) {
937           requests_.CheckResponse(msg.get());
938         }
939         // Otherwise silently discard the response message.
940         break;
941 
942       // Remote end point sent an STUN indication instead of regular binding
943       // request. In this case |last_ping_received_| will be updated but no
944       // response will be sent.
945       case STUN_BINDING_INDICATION:
946         ReceivedPing();
947         break;
948 
949       default:
950         ASSERT(false);
951         break;
952     }
953   }
954 }
955 
HandleBindingRequest(IceMessage * msg)956 void Connection::HandleBindingRequest(IceMessage* msg) {
957   // This connection should now be receiving.
958   ReceivedPing();
959 
960   const rtc::SocketAddress& remote_addr = remote_candidate_.address();
961   const std::string& remote_ufrag = remote_candidate_.username();
962   // Check for role conflicts.
963   if (!port_->MaybeIceRoleConflict(remote_addr, msg, remote_ufrag)) {
964     // Received conflicting role from the peer.
965     LOG(LS_INFO) << "Received conflicting role from the peer.";
966     return;
967   }
968 
969   // This is a validated stun request from remote peer.
970   port_->SendBindingResponse(msg, remote_addr);
971 
972   // If it timed out on writing check, start up again
973   if (!pruned_ && write_state_ == STATE_WRITE_TIMEOUT) {
974     set_write_state(STATE_WRITE_INIT);
975   }
976 
977   if (port_->GetIceRole() == ICEROLE_CONTROLLED) {
978     const StunByteStringAttribute* use_candidate_attr =
979         msg->GetByteString(STUN_ATTR_USE_CANDIDATE);
980     if (use_candidate_attr) {
981       set_nominated(true);
982       SignalNominated(this);
983     }
984   }
985 }
986 
OnReadyToSend()987 void Connection::OnReadyToSend() {
988   if (write_state_ == STATE_WRITABLE) {
989     SignalReadyToSend(this);
990   }
991 }
992 
Prune()993 void Connection::Prune() {
994   if (!pruned_ || active()) {
995     LOG_J(LS_VERBOSE, this) << "Connection pruned";
996     pruned_ = true;
997     requests_.Clear();
998     set_write_state(STATE_WRITE_TIMEOUT);
999   }
1000 }
1001 
Destroy()1002 void Connection::Destroy() {
1003   LOG_J(LS_VERBOSE, this) << "Connection destroyed";
1004   port_->thread()->Post(this, MSG_DELETE);
1005 }
1006 
FailAndDestroy()1007 void Connection::FailAndDestroy() {
1008   set_state(Connection::STATE_FAILED);
1009   Destroy();
1010 }
1011 
PrintPingsSinceLastResponse(std::string * s,size_t max)1012 void Connection::PrintPingsSinceLastResponse(std::string* s, size_t max) {
1013   std::ostringstream oss;
1014   oss << std::boolalpha;
1015   if (pings_since_last_response_.size() > max) {
1016     for (size_t i = 0; i < max; i++) {
1017       const SentPing& ping = pings_since_last_response_[i];
1018       oss << rtc::hex_encode(ping.id) << " ";
1019     }
1020     oss << "... " << (pings_since_last_response_.size() - max) << " more";
1021   } else {
1022     for (const SentPing& ping : pings_since_last_response_) {
1023       oss << rtc::hex_encode(ping.id) << " ";
1024     }
1025   }
1026   *s = oss.str();
1027 }
1028 
UpdateState(uint32_t now)1029 void Connection::UpdateState(uint32_t now) {
1030   uint32_t rtt = ConservativeRTTEstimate(rtt_);
1031 
1032   if (LOG_CHECK_LEVEL(LS_VERBOSE)) {
1033     std::string pings;
1034     PrintPingsSinceLastResponse(&pings, 5);
1035     LOG_J(LS_VERBOSE, this) << "UpdateState()"
1036                             << ", ms since last received response="
1037                             << now - last_ping_response_received_
1038                             << ", ms since last received data="
1039                             << now - last_data_received_
1040                             << ", rtt=" << rtt
1041                             << ", pings_since_last_response=" << pings;
1042   }
1043 
1044   // Check the writable state.  (The order of these checks is important.)
1045   //
1046   // Before becoming unwritable, we allow for a fixed number of pings to fail
1047   // (i.e., receive no response).  We also have to give the response time to
1048   // get back, so we include a conservative estimate of this.
1049   //
1050   // Before timing out writability, we give a fixed amount of time.  This is to
1051   // allow for changes in network conditions.
1052 
1053   if ((write_state_ == STATE_WRITABLE) &&
1054       TooManyFailures(pings_since_last_response_,
1055                       CONNECTION_WRITE_CONNECT_FAILURES,
1056                       rtt,
1057                       now) &&
1058       TooLongWithoutResponse(pings_since_last_response_,
1059                              CONNECTION_WRITE_CONNECT_TIMEOUT,
1060                              now)) {
1061     uint32_t max_pings = CONNECTION_WRITE_CONNECT_FAILURES;
1062     LOG_J(LS_INFO, this) << "Unwritable after " << max_pings
1063                          << " ping failures and "
1064                          << now - pings_since_last_response_[0].sent_time
1065                          << " ms without a response,"
1066                          << " ms since last received ping="
1067                          << now - last_ping_received_
1068                          << " ms since last received data="
1069                          << now - last_data_received_
1070                          << " rtt=" << rtt;
1071     set_write_state(STATE_WRITE_UNRELIABLE);
1072   }
1073   if ((write_state_ == STATE_WRITE_UNRELIABLE ||
1074        write_state_ == STATE_WRITE_INIT) &&
1075       TooLongWithoutResponse(pings_since_last_response_,
1076                              CONNECTION_WRITE_TIMEOUT,
1077                              now)) {
1078     LOG_J(LS_INFO, this) << "Timed out after "
1079                          << now - pings_since_last_response_[0].sent_time
1080                          << " ms without a response"
1081                          << ", rtt=" << rtt;
1082     set_write_state(STATE_WRITE_TIMEOUT);
1083   }
1084 
1085   // Check the receiving state.
1086   uint32_t last_recv_time = last_received();
1087   bool receiving = now <= last_recv_time + receiving_timeout_;
1088   set_receiving(receiving);
1089   if (dead(now)) {
1090     Destroy();
1091   }
1092 }
1093 
Ping(uint32_t now)1094 void Connection::Ping(uint32_t now) {
1095   last_ping_sent_ = now;
1096   ConnectionRequest *req = new ConnectionRequest(this);
1097   pings_since_last_response_.push_back(SentPing(req->id(), now));
1098   LOG_J(LS_VERBOSE, this) << "Sending STUN ping "
1099                           << ", id=" << rtc::hex_encode(req->id());
1100   requests_.Send(req);
1101   state_ = STATE_INPROGRESS;
1102 }
1103 
ReceivedPing()1104 void Connection::ReceivedPing() {
1105   set_receiving(true);
1106   last_ping_received_ = rtc::Time();
1107 }
1108 
ReceivedPingResponse()1109 void Connection::ReceivedPingResponse() {
1110   // We've already validated that this is a STUN binding response with
1111   // the correct local and remote username for this connection.
1112   // So if we're not already, become writable. We may be bringing a pruned
1113   // connection back to life, but if we don't really want it, we can always
1114   // prune it again.
1115   set_receiving(true);
1116   set_write_state(STATE_WRITABLE);
1117   set_state(STATE_SUCCEEDED);
1118   pings_since_last_response_.clear();
1119   last_ping_response_received_ = rtc::Time();
1120 }
1121 
dead(uint32_t now) const1122 bool Connection::dead(uint32_t now) const {
1123   if (last_received() > 0) {
1124     // If it has ever received anything, we keep it alive until it hasn't
1125     // received anything for DEAD_CONNECTION_RECEIVE_TIMEOUT. This covers the
1126     // normal case of a successfully used connection that stops working. This
1127     // also allows a remote peer to continue pinging over a locally inactive
1128     // (pruned) connection.
1129     return (now > (last_received() + DEAD_CONNECTION_RECEIVE_TIMEOUT));
1130   }
1131 
1132   if (active()) {
1133     // If it has never received anything, keep it alive as long as it is
1134     // actively pinging and not pruned. Otherwise, the connection might be
1135     // deleted before it has a chance to ping. This is the normal case for a
1136     // new connection that is pinging but hasn't received anything yet.
1137     return false;
1138   }
1139 
1140   // If it has never received anything and is not actively pinging (pruned), we
1141   // keep it around for at least MIN_CONNECTION_LIFETIME to prevent connections
1142   // from being pruned too quickly during a network change event when two
1143   // networks would be up simultaneously but only for a brief period.
1144   return now > (time_created_ms_ + MIN_CONNECTION_LIFETIME);
1145 }
1146 
ToDebugId() const1147 std::string Connection::ToDebugId() const {
1148   std::stringstream ss;
1149   ss << std::hex << this;
1150   return ss.str();
1151 }
1152 
ToString() const1153 std::string Connection::ToString() const {
1154   const char CONNECT_STATE_ABBREV[2] = {
1155     '-',  // not connected (false)
1156     'C',  // connected (true)
1157   };
1158   const char RECEIVE_STATE_ABBREV[2] = {
1159     '-',  // not receiving (false)
1160     'R',  // receiving (true)
1161   };
1162   const char WRITE_STATE_ABBREV[4] = {
1163     'W',  // STATE_WRITABLE
1164     'w',  // STATE_WRITE_UNRELIABLE
1165     '-',  // STATE_WRITE_INIT
1166     'x',  // STATE_WRITE_TIMEOUT
1167   };
1168   const std::string ICESTATE[4] = {
1169     "W",  // STATE_WAITING
1170     "I",  // STATE_INPROGRESS
1171     "S",  // STATE_SUCCEEDED
1172     "F"   // STATE_FAILED
1173   };
1174   const Candidate& local = local_candidate();
1175   const Candidate& remote = remote_candidate();
1176   std::stringstream ss;
1177   ss << "Conn[" << ToDebugId()
1178      << ":" << port_->content_name()
1179      << ":" << local.id() << ":" << local.component()
1180      << ":" << local.generation()
1181      << ":" << local.type() << ":" << local.protocol()
1182      << ":" << local.address().ToSensitiveString()
1183      << "->" << remote.id() << ":" << remote.component()
1184      << ":" << remote.priority()
1185      << ":" << remote.type() << ":"
1186      << remote.protocol() << ":" << remote.address().ToSensitiveString() << "|"
1187      << CONNECT_STATE_ABBREV[connected()]
1188      << RECEIVE_STATE_ABBREV[receiving()]
1189      << WRITE_STATE_ABBREV[write_state()]
1190      << ICESTATE[state()] << "|"
1191      << priority() << "|";
1192   if (rtt_ < DEFAULT_RTT) {
1193     ss << rtt_ << "]";
1194   } else {
1195     ss << "-]";
1196   }
1197   return ss.str();
1198 }
1199 
ToSensitiveString() const1200 std::string Connection::ToSensitiveString() const {
1201   return ToString();
1202 }
1203 
OnConnectionRequestResponse(ConnectionRequest * request,StunMessage * response)1204 void Connection::OnConnectionRequestResponse(ConnectionRequest* request,
1205                                              StunMessage* response) {
1206   // Log at LS_INFO if we receive a ping response on an unwritable
1207   // connection.
1208   rtc::LoggingSeverity sev = !writable() ? rtc::LS_INFO : rtc::LS_VERBOSE;
1209 
1210   uint32_t rtt = request->Elapsed();
1211 
1212   ReceivedPingResponse();
1213 
1214   if (LOG_CHECK_LEVEL_V(sev)) {
1215     bool use_candidate = (
1216         response->GetByteString(STUN_ATTR_USE_CANDIDATE) != nullptr);
1217     std::string pings;
1218     PrintPingsSinceLastResponse(&pings, 5);
1219     LOG_JV(sev, this) << "Received STUN ping response"
1220                       << ", id=" << rtc::hex_encode(request->id())
1221                       << ", code=0"  // Makes logging easier to parse.
1222                       << ", rtt=" << rtt
1223                       << ", use_candidate=" << use_candidate
1224                       << ", pings_since_last_response=" << pings;
1225   }
1226 
1227   rtt_ = (RTT_RATIO * rtt_ + rtt) / (RTT_RATIO + 1);
1228 
1229   MaybeAddPrflxCandidate(request, response);
1230 }
1231 
OnConnectionRequestErrorResponse(ConnectionRequest * request,StunMessage * response)1232 void Connection::OnConnectionRequestErrorResponse(ConnectionRequest* request,
1233                                                   StunMessage* response) {
1234   const StunErrorCodeAttribute* error_attr = response->GetErrorCode();
1235   int error_code = STUN_ERROR_GLOBAL_FAILURE;
1236   if (error_attr) {
1237     error_code = error_attr->code();
1238   }
1239 
1240   LOG_J(LS_INFO, this) << "Received STUN error response"
1241                        << " id=" << rtc::hex_encode(request->id())
1242                        << " code=" << error_code
1243                        << " rtt=" << request->Elapsed();
1244 
1245   if (error_code == STUN_ERROR_UNKNOWN_ATTRIBUTE ||
1246       error_code == STUN_ERROR_SERVER_ERROR ||
1247       error_code == STUN_ERROR_UNAUTHORIZED) {
1248     // Recoverable error, retry
1249   } else if (error_code == STUN_ERROR_STALE_CREDENTIALS) {
1250     // Race failure, retry
1251   } else if (error_code == STUN_ERROR_ROLE_CONFLICT) {
1252     HandleRoleConflictFromPeer();
1253   } else {
1254     // This is not a valid connection.
1255     LOG_J(LS_ERROR, this) << "Received STUN error response, code="
1256                           << error_code << "; killing connection";
1257     FailAndDestroy();
1258   }
1259 }
1260 
OnConnectionRequestTimeout(ConnectionRequest * request)1261 void Connection::OnConnectionRequestTimeout(ConnectionRequest* request) {
1262   // Log at LS_INFO if we miss a ping on a writable connection.
1263   rtc::LoggingSeverity sev = writable() ? rtc::LS_INFO : rtc::LS_VERBOSE;
1264   LOG_JV(sev, this) << "Timing-out STUN ping "
1265                     << rtc::hex_encode(request->id())
1266                     << " after " << request->Elapsed() << " ms";
1267 }
1268 
OnConnectionRequestSent(ConnectionRequest * request)1269 void Connection::OnConnectionRequestSent(ConnectionRequest* request) {
1270   // Log at LS_INFO if we send a ping on an unwritable connection.
1271   rtc::LoggingSeverity sev = !writable() ? rtc::LS_INFO : rtc::LS_VERBOSE;
1272   bool use_candidate = use_candidate_attr();
1273   LOG_JV(sev, this) << "Sent STUN ping"
1274                     << ", id=" << rtc::hex_encode(request->id())
1275                     << ", use_candidate=" << use_candidate;
1276 }
1277 
HandleRoleConflictFromPeer()1278 void Connection::HandleRoleConflictFromPeer() {
1279   port_->SignalRoleConflict(port_);
1280 }
1281 
MaybeSetRemoteIceCredentials(const std::string & ice_ufrag,const std::string & ice_pwd)1282 void Connection::MaybeSetRemoteIceCredentials(const std::string& ice_ufrag,
1283                                               const std::string& ice_pwd) {
1284   if (remote_candidate_.username() == ice_ufrag &&
1285       remote_candidate_.password().empty()) {
1286     remote_candidate_.set_password(ice_pwd);
1287   }
1288 }
1289 
MaybeUpdatePeerReflexiveCandidate(const Candidate & new_candidate)1290 void Connection::MaybeUpdatePeerReflexiveCandidate(
1291     const Candidate& new_candidate) {
1292   if (remote_candidate_.type() == PRFLX_PORT_TYPE &&
1293       new_candidate.type() != PRFLX_PORT_TYPE &&
1294       remote_candidate_.protocol() == new_candidate.protocol() &&
1295       remote_candidate_.address() == new_candidate.address() &&
1296       remote_candidate_.username() == new_candidate.username() &&
1297       remote_candidate_.password() == new_candidate.password() &&
1298       remote_candidate_.generation() == new_candidate.generation()) {
1299     remote_candidate_ = new_candidate;
1300   }
1301 }
1302 
OnMessage(rtc::Message * pmsg)1303 void Connection::OnMessage(rtc::Message *pmsg) {
1304   ASSERT(pmsg->message_id == MSG_DELETE);
1305   LOG_J(LS_INFO, this) << "Connection deleted";
1306   SignalDestroyed(this);
1307   delete this;
1308 }
1309 
last_received() const1310 uint32_t Connection::last_received() const {
1311   return std::max(last_data_received_,
1312              std::max(last_ping_received_, last_ping_response_received_));
1313 }
1314 
recv_bytes_second()1315 size_t Connection::recv_bytes_second() {
1316   return round(recv_rate_tracker_.ComputeRate());
1317 }
1318 
recv_total_bytes()1319 size_t Connection::recv_total_bytes() {
1320   return recv_rate_tracker_.TotalSampleCount();
1321 }
1322 
sent_bytes_second()1323 size_t Connection::sent_bytes_second() {
1324   return round(send_rate_tracker_.ComputeRate());
1325 }
1326 
sent_total_bytes()1327 size_t Connection::sent_total_bytes() {
1328   return send_rate_tracker_.TotalSampleCount();
1329 }
1330 
sent_discarded_packets()1331 size_t Connection::sent_discarded_packets() {
1332   return sent_packets_discarded_;
1333 }
1334 
sent_total_packets()1335 size_t Connection::sent_total_packets() {
1336   return sent_packets_total_;
1337 }
1338 
MaybeAddPrflxCandidate(ConnectionRequest * request,StunMessage * response)1339 void Connection::MaybeAddPrflxCandidate(ConnectionRequest* request,
1340                                         StunMessage* response) {
1341   // RFC 5245
1342   // The agent checks the mapped address from the STUN response.  If the
1343   // transport address does not match any of the local candidates that the
1344   // agent knows about, the mapped address represents a new candidate -- a
1345   // peer reflexive candidate.
1346   const StunAddressAttribute* addr =
1347       response->GetAddress(STUN_ATTR_XOR_MAPPED_ADDRESS);
1348   if (!addr) {
1349     LOG(LS_WARNING) << "Connection::OnConnectionRequestResponse - "
1350                     << "No MAPPED-ADDRESS or XOR-MAPPED-ADDRESS found in the "
1351                     << "stun response message";
1352     return;
1353   }
1354 
1355   bool known_addr = false;
1356   for (size_t i = 0; i < port_->Candidates().size(); ++i) {
1357     if (port_->Candidates()[i].address() == addr->GetAddress()) {
1358       known_addr = true;
1359       break;
1360     }
1361   }
1362   if (known_addr) {
1363     return;
1364   }
1365 
1366   // RFC 5245
1367   // Its priority is set equal to the value of the PRIORITY attribute
1368   // in the Binding request.
1369   const StunUInt32Attribute* priority_attr =
1370       request->msg()->GetUInt32(STUN_ATTR_PRIORITY);
1371   if (!priority_attr) {
1372     LOG(LS_WARNING) << "Connection::OnConnectionRequestResponse - "
1373                     << "No STUN_ATTR_PRIORITY found in the "
1374                     << "stun response message";
1375     return;
1376   }
1377   const uint32_t priority = priority_attr->value();
1378   std::string id = rtc::CreateRandomString(8);
1379 
1380   Candidate new_local_candidate;
1381   new_local_candidate.set_id(id);
1382   new_local_candidate.set_component(local_candidate().component());
1383   new_local_candidate.set_type(PRFLX_PORT_TYPE);
1384   new_local_candidate.set_protocol(local_candidate().protocol());
1385   new_local_candidate.set_address(addr->GetAddress());
1386   new_local_candidate.set_priority(priority);
1387   new_local_candidate.set_username(local_candidate().username());
1388   new_local_candidate.set_password(local_candidate().password());
1389   new_local_candidate.set_network_name(local_candidate().network_name());
1390   new_local_candidate.set_network_type(local_candidate().network_type());
1391   new_local_candidate.set_related_address(local_candidate().address());
1392   new_local_candidate.set_foundation(
1393       ComputeFoundation(PRFLX_PORT_TYPE, local_candidate().protocol(),
1394                         local_candidate().address()));
1395 
1396   // Change the local candidate of this Connection to the new prflx candidate.
1397   local_candidate_index_ = port_->AddPrflxCandidate(new_local_candidate);
1398 
1399   // SignalStateChange to force a re-sort in P2PTransportChannel as this
1400   // Connection's local candidate has changed.
1401   SignalStateChange(this);
1402 }
1403 
ProxyConnection(Port * port,size_t index,const Candidate & remote_candidate)1404 ProxyConnection::ProxyConnection(Port* port,
1405                                  size_t index,
1406                                  const Candidate& remote_candidate)
1407     : Connection(port, index, remote_candidate) {}
1408 
Send(const void * data,size_t size,const rtc::PacketOptions & options)1409 int ProxyConnection::Send(const void* data, size_t size,
1410                           const rtc::PacketOptions& options) {
1411   if (write_state_ == STATE_WRITE_INIT || write_state_ == STATE_WRITE_TIMEOUT) {
1412     error_ = EWOULDBLOCK;
1413     return SOCKET_ERROR;
1414   }
1415   sent_packets_total_++;
1416   int sent = port_->SendTo(data, size, remote_candidate_.address(),
1417                            options, true);
1418   if (sent <= 0) {
1419     ASSERT(sent < 0);
1420     error_ = port_->GetError();
1421     sent_packets_discarded_++;
1422   } else {
1423     send_rate_tracker_.AddSamples(sent);
1424   }
1425   return sent;
1426 }
1427 
1428 }  // namespace cricket
1429