1 /* 2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #include "webrtc/p2p/base/turnport.h" 12 13 #include <functional> 14 15 #include "webrtc/p2p/base/common.h" 16 #include "webrtc/p2p/base/stun.h" 17 #include "webrtc/base/asyncpacketsocket.h" 18 #include "webrtc/base/byteorder.h" 19 #include "webrtc/base/common.h" 20 #include "webrtc/base/logging.h" 21 #include "webrtc/base/nethelpers.h" 22 #include "webrtc/base/socketaddress.h" 23 #include "webrtc/base/stringencode.h" 24 25 namespace cricket { 26 27 // TODO(juberti): Move to stun.h when relay messages have been renamed. 28 static const int TURN_ALLOCATE_REQUEST = STUN_ALLOCATE_REQUEST; 29 30 // TODO(juberti): Extract to turnmessage.h 31 static const int TURN_DEFAULT_PORT = 3478; 32 static const int TURN_CHANNEL_NUMBER_START = 0x4000; 33 static const int TURN_PERMISSION_TIMEOUT = 5 * 60 * 1000; // 5 minutes 34 35 static const size_t TURN_CHANNEL_HEADER_SIZE = 4U; 36 37 // Retry at most twice (i.e. three different ALLOCATE requests) on 38 // STUN_ERROR_ALLOCATION_MISMATCH error per rfc5766. 39 static const size_t MAX_ALLOCATE_MISMATCH_RETRIES = 2; 40 41 static const int TURN_SUCCESS_RESULT_CODE = 0; 42 IsTurnChannelData(uint16_t msg_type)43 inline bool IsTurnChannelData(uint16_t msg_type) { 44 return ((msg_type & 0xC000) == 0x4000); // MSB are 0b01 45 } 46 GetRelayPreference(cricket::ProtocolType proto,bool secure)47 static int GetRelayPreference(cricket::ProtocolType proto, bool secure) { 48 int relay_preference = ICE_TYPE_PREFERENCE_RELAY; 49 if (proto == cricket::PROTO_TCP) { 50 relay_preference -= 1; 51 if (secure) 52 relay_preference -= 1; 53 } 54 55 ASSERT(relay_preference >= 0); 56 return relay_preference; 57 } 58 59 class TurnAllocateRequest : public StunRequest { 60 public: 61 explicit TurnAllocateRequest(TurnPort* port); 62 void Prepare(StunMessage* request) override; 63 void OnSent() override; 64 void OnResponse(StunMessage* response) override; 65 void OnErrorResponse(StunMessage* response) override; 66 void OnTimeout() override; 67 68 private: 69 // Handles authentication challenge from the server. 70 void OnAuthChallenge(StunMessage* response, int code); 71 void OnTryAlternate(StunMessage* response, int code); 72 void OnUnknownAttribute(StunMessage* response); 73 74 TurnPort* port_; 75 }; 76 77 class TurnRefreshRequest : public StunRequest { 78 public: 79 explicit TurnRefreshRequest(TurnPort* port); 80 void Prepare(StunMessage* request) override; 81 void OnSent() override; 82 void OnResponse(StunMessage* response) override; 83 void OnErrorResponse(StunMessage* response) override; 84 void OnTimeout() override; set_lifetime(int lifetime)85 void set_lifetime(int lifetime) { lifetime_ = lifetime; } 86 87 private: 88 TurnPort* port_; 89 int lifetime_; 90 }; 91 92 class TurnCreatePermissionRequest : public StunRequest, 93 public sigslot::has_slots<> { 94 public: 95 TurnCreatePermissionRequest(TurnPort* port, TurnEntry* entry, 96 const rtc::SocketAddress& ext_addr); 97 void Prepare(StunMessage* request) override; 98 void OnSent() override; 99 void OnResponse(StunMessage* response) override; 100 void OnErrorResponse(StunMessage* response) override; 101 void OnTimeout() override; 102 103 private: 104 void OnEntryDestroyed(TurnEntry* entry); 105 106 TurnPort* port_; 107 TurnEntry* entry_; 108 rtc::SocketAddress ext_addr_; 109 }; 110 111 class TurnChannelBindRequest : public StunRequest, 112 public sigslot::has_slots<> { 113 public: 114 TurnChannelBindRequest(TurnPort* port, TurnEntry* entry, int channel_id, 115 const rtc::SocketAddress& ext_addr); 116 void Prepare(StunMessage* request) override; 117 void OnSent() override; 118 void OnResponse(StunMessage* response) override; 119 void OnErrorResponse(StunMessage* response) override; 120 void OnTimeout() override; 121 122 private: 123 void OnEntryDestroyed(TurnEntry* entry); 124 125 TurnPort* port_; 126 TurnEntry* entry_; 127 int channel_id_; 128 rtc::SocketAddress ext_addr_; 129 }; 130 131 // Manages a "connection" to a remote destination. We will attempt to bring up 132 // a channel for this remote destination to reduce the overhead of sending data. 133 class TurnEntry : public sigslot::has_slots<> { 134 public: 135 enum BindState { STATE_UNBOUND, STATE_BINDING, STATE_BOUND }; 136 TurnEntry(TurnPort* port, int channel_id, 137 const rtc::SocketAddress& ext_addr); 138 port()139 TurnPort* port() { return port_; } 140 channel_id() const141 int channel_id() const { return channel_id_; } 142 // For testing only. set_channel_id(int channel_id)143 void set_channel_id(int channel_id) { channel_id_ = channel_id; } 144 address() const145 const rtc::SocketAddress& address() const { return ext_addr_; } state() const146 BindState state() const { return state_; } 147 destruction_timestamp()148 uint32_t destruction_timestamp() { return destruction_timestamp_; } set_destruction_timestamp(uint32_t destruction_timestamp)149 void set_destruction_timestamp(uint32_t destruction_timestamp) { 150 destruction_timestamp_ = destruction_timestamp; 151 } 152 153 // Helper methods to send permission and channel bind requests. 154 void SendCreatePermissionRequest(int delay); 155 void SendChannelBindRequest(int delay); 156 // Sends a packet to the given destination address. 157 // This will wrap the packet in STUN if necessary. 158 int Send(const void* data, size_t size, bool payload, 159 const rtc::PacketOptions& options); 160 161 void OnCreatePermissionSuccess(); 162 void OnCreatePermissionError(StunMessage* response, int code); 163 void OnCreatePermissionTimeout(); 164 void OnChannelBindSuccess(); 165 void OnChannelBindError(StunMessage* response, int code); 166 void OnChannelBindTimeout(); 167 // Signal sent when TurnEntry is destroyed. 168 sigslot::signal1<TurnEntry*> SignalDestroyed; 169 170 private: 171 TurnPort* port_; 172 int channel_id_; 173 rtc::SocketAddress ext_addr_; 174 BindState state_; 175 // A non-zero value indicates that this entry is scheduled to be destroyed. 176 // It is also used as an ID of the event scheduling. When the destruction 177 // event actually fires, the TurnEntry will be destroyed only if the 178 // timestamp here matches the one in the firing event. 179 uint32_t destruction_timestamp_ = 0; 180 }; 181 TurnPort(rtc::Thread * thread,rtc::PacketSocketFactory * factory,rtc::Network * network,rtc::AsyncPacketSocket * socket,const std::string & username,const std::string & password,const ProtocolAddress & server_address,const RelayCredentials & credentials,int server_priority,const std::string & origin)182 TurnPort::TurnPort(rtc::Thread* thread, 183 rtc::PacketSocketFactory* factory, 184 rtc::Network* network, 185 rtc::AsyncPacketSocket* socket, 186 const std::string& username, 187 const std::string& password, 188 const ProtocolAddress& server_address, 189 const RelayCredentials& credentials, 190 int server_priority, 191 const std::string& origin) 192 : Port(thread, 193 factory, 194 network, 195 socket->GetLocalAddress().ipaddr(), 196 username, 197 password), 198 server_address_(server_address), 199 credentials_(credentials), 200 socket_(socket), 201 resolver_(NULL), 202 error_(0), 203 request_manager_(thread), 204 next_channel_number_(TURN_CHANNEL_NUMBER_START), 205 state_(STATE_CONNECTING), 206 server_priority_(server_priority), 207 allocate_mismatch_retries_(0) { 208 request_manager_.SignalSendPacket.connect(this, &TurnPort::OnSendStunPacket); 209 request_manager_.set_origin(origin); 210 } 211 TurnPort(rtc::Thread * thread,rtc::PacketSocketFactory * factory,rtc::Network * network,const rtc::IPAddress & ip,uint16_t min_port,uint16_t max_port,const std::string & username,const std::string & password,const ProtocolAddress & server_address,const RelayCredentials & credentials,int server_priority,const std::string & origin)212 TurnPort::TurnPort(rtc::Thread* thread, 213 rtc::PacketSocketFactory* factory, 214 rtc::Network* network, 215 const rtc::IPAddress& ip, 216 uint16_t min_port, 217 uint16_t max_port, 218 const std::string& username, 219 const std::string& password, 220 const ProtocolAddress& server_address, 221 const RelayCredentials& credentials, 222 int server_priority, 223 const std::string& origin) 224 : Port(thread, 225 RELAY_PORT_TYPE, 226 factory, 227 network, 228 ip, 229 min_port, 230 max_port, 231 username, 232 password), 233 server_address_(server_address), 234 credentials_(credentials), 235 socket_(NULL), 236 resolver_(NULL), 237 error_(0), 238 request_manager_(thread), 239 next_channel_number_(TURN_CHANNEL_NUMBER_START), 240 state_(STATE_CONNECTING), 241 server_priority_(server_priority), 242 allocate_mismatch_retries_(0) { 243 request_manager_.SignalSendPacket.connect(this, &TurnPort::OnSendStunPacket); 244 request_manager_.set_origin(origin); 245 } 246 ~TurnPort()247 TurnPort::~TurnPort() { 248 // TODO(juberti): Should this even be necessary? 249 250 // release the allocation by sending a refresh with 251 // lifetime 0. 252 if (ready()) { 253 TurnRefreshRequest bye(this); 254 bye.set_lifetime(0); 255 SendRequest(&bye, 0); 256 } 257 258 while (!entries_.empty()) { 259 DestroyEntry(entries_.front()); 260 } 261 if (resolver_) { 262 resolver_->Destroy(false); 263 } 264 if (!SharedSocket()) { 265 delete socket_; 266 } 267 } 268 GetLocalAddress() const269 rtc::SocketAddress TurnPort::GetLocalAddress() const { 270 return socket_ ? socket_->GetLocalAddress() : rtc::SocketAddress(); 271 } 272 PrepareAddress()273 void TurnPort::PrepareAddress() { 274 if (credentials_.username.empty() || 275 credentials_.password.empty()) { 276 LOG(LS_ERROR) << "Allocation can't be started without setting the" 277 << " TURN server credentials for the user."; 278 OnAllocateError(); 279 return; 280 } 281 282 if (!server_address_.address.port()) { 283 // We will set default TURN port, if no port is set in the address. 284 server_address_.address.SetPort(TURN_DEFAULT_PORT); 285 } 286 287 if (server_address_.address.IsUnresolvedIP()) { 288 ResolveTurnAddress(server_address_.address); 289 } else { 290 // If protocol family of server address doesn't match with local, return. 291 if (!IsCompatibleAddress(server_address_.address)) { 292 LOG(LS_ERROR) << "IP address family does not match: " 293 << "server: " << server_address_.address.family() 294 << "local: " << ip().family(); 295 OnAllocateError(); 296 return; 297 } 298 299 // Insert the current address to prevent redirection pingpong. 300 attempted_server_addresses_.insert(server_address_.address); 301 302 LOG_J(LS_INFO, this) << "Trying to connect to TURN server via " 303 << ProtoToString(server_address_.proto) << " @ " 304 << server_address_.address.ToSensitiveString(); 305 if (!CreateTurnClientSocket()) { 306 LOG(LS_ERROR) << "Failed to create TURN client socket"; 307 OnAllocateError(); 308 return; 309 } 310 if (server_address_.proto == PROTO_UDP) { 311 // If its UDP, send AllocateRequest now. 312 // For TCP and TLS AllcateRequest will be sent by OnSocketConnect. 313 SendRequest(new TurnAllocateRequest(this), 0); 314 } 315 } 316 } 317 CreateTurnClientSocket()318 bool TurnPort::CreateTurnClientSocket() { 319 ASSERT(!socket_ || SharedSocket()); 320 321 if (server_address_.proto == PROTO_UDP && !SharedSocket()) { 322 socket_ = socket_factory()->CreateUdpSocket( 323 rtc::SocketAddress(ip(), 0), min_port(), max_port()); 324 } else if (server_address_.proto == PROTO_TCP) { 325 ASSERT(!SharedSocket()); 326 int opts = rtc::PacketSocketFactory::OPT_STUN; 327 // If secure bit is enabled in server address, use TLS over TCP. 328 if (server_address_.secure) { 329 opts |= rtc::PacketSocketFactory::OPT_TLS; 330 } 331 socket_ = socket_factory()->CreateClientTcpSocket( 332 rtc::SocketAddress(ip(), 0), server_address_.address, 333 proxy(), user_agent(), opts); 334 } 335 336 if (!socket_) { 337 error_ = SOCKET_ERROR; 338 return false; 339 } 340 341 // Apply options if any. 342 for (SocketOptionsMap::iterator iter = socket_options_.begin(); 343 iter != socket_options_.end(); ++iter) { 344 socket_->SetOption(iter->first, iter->second); 345 } 346 347 if (!SharedSocket()) { 348 // If socket is shared, AllocationSequence will receive the packet. 349 socket_->SignalReadPacket.connect(this, &TurnPort::OnReadPacket); 350 } 351 352 socket_->SignalReadyToSend.connect(this, &TurnPort::OnReadyToSend); 353 354 socket_->SignalSentPacket.connect(this, &TurnPort::OnSentPacket); 355 356 // TCP port is ready to send stun requests after the socket is connected, 357 // while UDP port is ready to do so once the socket is created. 358 if (server_address_.proto == PROTO_TCP) { 359 socket_->SignalConnect.connect(this, &TurnPort::OnSocketConnect); 360 socket_->SignalClose.connect(this, &TurnPort::OnSocketClose); 361 } else { 362 state_ = STATE_CONNECTED; 363 } 364 return true; 365 } 366 OnSocketConnect(rtc::AsyncPacketSocket * socket)367 void TurnPort::OnSocketConnect(rtc::AsyncPacketSocket* socket) { 368 ASSERT(server_address_.proto == PROTO_TCP); 369 // Do not use this port if the socket bound to a different address than 370 // the one we asked for. This is seen in Chrome, where TCP sockets cannot be 371 // given a binding address, and the platform is expected to pick the 372 // correct local address. 373 374 // However, there are two situations in which we allow the bound address to 375 // differ from the requested address: 1. The bound address is the loopback 376 // address. This happens when a proxy forces TCP to bind to only the 377 // localhost address (see issue 3927). 2. The bound address is the "any 378 // address". This happens when multiple_routes is disabled (see issue 4780). 379 if (socket->GetLocalAddress().ipaddr() != ip()) { 380 if (socket->GetLocalAddress().IsLoopbackIP()) { 381 LOG(LS_WARNING) << "Socket is bound to a different address:" 382 << socket->GetLocalAddress().ipaddr().ToString() 383 << ", rather then the local port:" << ip().ToString() 384 << ". Still allowing it since it's localhost."; 385 } else if (IPIsAny(ip())) { 386 LOG(LS_WARNING) << "Socket is bound to a different address:" 387 << socket->GetLocalAddress().ipaddr().ToString() 388 << ", rather then the local port:" << ip().ToString() 389 << ". Still allowing it since it's any address" 390 << ", possibly caused by multiple_routes being disabled."; 391 } else { 392 LOG(LS_WARNING) << "Socket is bound to a different address:" 393 << socket->GetLocalAddress().ipaddr().ToString() 394 << ", rather then the local port:" << ip().ToString() 395 << ". Discarding TURN port."; 396 OnAllocateError(); 397 return; 398 } 399 } 400 401 state_ = STATE_CONNECTED; // It is ready to send stun requests. 402 if (server_address_.address.IsUnresolvedIP()) { 403 server_address_.address = socket_->GetRemoteAddress(); 404 } 405 406 LOG(LS_INFO) << "TurnPort connected to " << socket->GetRemoteAddress() 407 << " using tcp."; 408 SendRequest(new TurnAllocateRequest(this), 0); 409 } 410 OnSocketClose(rtc::AsyncPacketSocket * socket,int error)411 void TurnPort::OnSocketClose(rtc::AsyncPacketSocket* socket, int error) { 412 LOG_J(LS_WARNING, this) << "Connection with server failed, error=" << error; 413 ASSERT(socket == socket_); 414 Close(); 415 } 416 OnAllocateMismatch()417 void TurnPort::OnAllocateMismatch() { 418 if (allocate_mismatch_retries_ >= MAX_ALLOCATE_MISMATCH_RETRIES) { 419 LOG_J(LS_WARNING, this) << "Giving up on the port after " 420 << allocate_mismatch_retries_ 421 << " retries for STUN_ERROR_ALLOCATION_MISMATCH"; 422 OnAllocateError(); 423 return; 424 } 425 426 LOG_J(LS_INFO, this) << "Allocating a new socket after " 427 << "STUN_ERROR_ALLOCATION_MISMATCH, retry = " 428 << allocate_mismatch_retries_ + 1; 429 if (SharedSocket()) { 430 ResetSharedSocket(); 431 } else { 432 delete socket_; 433 } 434 socket_ = NULL; 435 436 PrepareAddress(); 437 ++allocate_mismatch_retries_; 438 } 439 CreateConnection(const Candidate & address,CandidateOrigin origin)440 Connection* TurnPort::CreateConnection(const Candidate& address, 441 CandidateOrigin origin) { 442 // TURN-UDP can only connect to UDP candidates. 443 if (!SupportsProtocol(address.protocol())) { 444 return NULL; 445 } 446 447 if (!IsCompatibleAddress(address.address())) { 448 return NULL; 449 } 450 451 if (state_ == STATE_DISCONNECTED) { 452 return NULL; 453 } 454 455 // Create an entry, if needed, so we can get our permissions set up correctly. 456 CreateOrRefreshEntry(address.address()); 457 458 // A TURN port will have two candiates, STUN and TURN. STUN may not 459 // present in all cases. If present stun candidate will be added first 460 // and TURN candidate later. 461 for (size_t index = 0; index < Candidates().size(); ++index) { 462 if (Candidates()[index].type() == RELAY_PORT_TYPE) { 463 ProxyConnection* conn = new ProxyConnection(this, index, address); 464 conn->SignalDestroyed.connect(this, &TurnPort::OnConnectionDestroyed); 465 AddConnection(conn); 466 return conn; 467 } 468 } 469 return NULL; 470 } 471 DestroyConnection(const rtc::SocketAddress & address)472 bool TurnPort::DestroyConnection(const rtc::SocketAddress& address) { 473 Connection* conn = GetConnection(address); 474 if (conn != nullptr) { 475 conn->Destroy(); 476 return true; 477 } 478 return false; 479 } 480 SetOption(rtc::Socket::Option opt,int value)481 int TurnPort::SetOption(rtc::Socket::Option opt, int value) { 482 if (!socket_) { 483 // If socket is not created yet, these options will be applied during socket 484 // creation. 485 socket_options_[opt] = value; 486 return 0; 487 } 488 return socket_->SetOption(opt, value); 489 } 490 GetOption(rtc::Socket::Option opt,int * value)491 int TurnPort::GetOption(rtc::Socket::Option opt, int* value) { 492 if (!socket_) { 493 SocketOptionsMap::const_iterator it = socket_options_.find(opt); 494 if (it == socket_options_.end()) { 495 return -1; 496 } 497 *value = it->second; 498 return 0; 499 } 500 501 return socket_->GetOption(opt, value); 502 } 503 GetError()504 int TurnPort::GetError() { 505 return error_; 506 } 507 SendTo(const void * data,size_t size,const rtc::SocketAddress & addr,const rtc::PacketOptions & options,bool payload)508 int TurnPort::SendTo(const void* data, size_t size, 509 const rtc::SocketAddress& addr, 510 const rtc::PacketOptions& options, 511 bool payload) { 512 // Try to find an entry for this specific address; we should have one. 513 TurnEntry* entry = FindEntry(addr); 514 if (!entry) { 515 LOG(LS_ERROR) << "Did not find the TurnEntry for address " << addr; 516 return 0; 517 } 518 519 if (!ready()) { 520 error_ = EWOULDBLOCK; 521 return SOCKET_ERROR; 522 } 523 524 // Send the actual contents to the server using the usual mechanism. 525 int sent = entry->Send(data, size, payload, options); 526 if (sent <= 0) { 527 return SOCKET_ERROR; 528 } 529 530 // The caller of the function is expecting the number of user data bytes, 531 // rather than the size of the packet. 532 return static_cast<int>(size); 533 } 534 OnReadPacket(rtc::AsyncPacketSocket * socket,const char * data,size_t size,const rtc::SocketAddress & remote_addr,const rtc::PacketTime & packet_time)535 void TurnPort::OnReadPacket( 536 rtc::AsyncPacketSocket* socket, const char* data, size_t size, 537 const rtc::SocketAddress& remote_addr, 538 const rtc::PacketTime& packet_time) { 539 ASSERT(socket == socket_); 540 541 // This is to guard against a STUN response from previous server after 542 // alternative server redirection. TODO(guoweis): add a unit test for this 543 // race condition. 544 if (remote_addr != server_address_.address) { 545 LOG_J(LS_WARNING, this) << "Discarding TURN message from unknown address:" 546 << remote_addr.ToString() 547 << ", server_address_:" 548 << server_address_.address.ToString(); 549 return; 550 } 551 552 // The message must be at least the size of a channel header. 553 if (size < TURN_CHANNEL_HEADER_SIZE) { 554 LOG_J(LS_WARNING, this) << "Received TURN message that was too short"; 555 return; 556 } 557 558 // Check the message type, to see if is a Channel Data message. 559 // The message will either be channel data, a TURN data indication, or 560 // a response to a previous request. 561 uint16_t msg_type = rtc::GetBE16(data); 562 if (IsTurnChannelData(msg_type)) { 563 HandleChannelData(msg_type, data, size, packet_time); 564 } else if (msg_type == TURN_DATA_INDICATION) { 565 HandleDataIndication(data, size, packet_time); 566 } else { 567 if (SharedSocket() && 568 (msg_type == STUN_BINDING_RESPONSE || 569 msg_type == STUN_BINDING_ERROR_RESPONSE)) { 570 LOG_J(LS_VERBOSE, this) << 571 "Ignoring STUN binding response message on shared socket."; 572 return; 573 } 574 575 // This must be a response for one of our requests. 576 // Check success responses, but not errors, for MESSAGE-INTEGRITY. 577 if (IsStunSuccessResponseType(msg_type) && 578 !StunMessage::ValidateMessageIntegrity(data, size, hash())) { 579 LOG_J(LS_WARNING, this) << "Received TURN message with invalid " 580 << "message integrity, msg_type=" << msg_type; 581 return; 582 } 583 request_manager_.CheckResponse(data, size); 584 } 585 } 586 OnSentPacket(rtc::AsyncPacketSocket * socket,const rtc::SentPacket & sent_packet)587 void TurnPort::OnSentPacket(rtc::AsyncPacketSocket* socket, 588 const rtc::SentPacket& sent_packet) { 589 PortInterface::SignalSentPacket(sent_packet); 590 } 591 OnReadyToSend(rtc::AsyncPacketSocket * socket)592 void TurnPort::OnReadyToSend(rtc::AsyncPacketSocket* socket) { 593 if (ready()) { 594 Port::OnReadyToSend(); 595 } 596 } 597 598 599 // Update current server address port with the alternate server address port. SetAlternateServer(const rtc::SocketAddress & address)600 bool TurnPort::SetAlternateServer(const rtc::SocketAddress& address) { 601 // Check if we have seen this address before and reject if we did. 602 AttemptedServerSet::iterator iter = attempted_server_addresses_.find(address); 603 if (iter != attempted_server_addresses_.end()) { 604 LOG_J(LS_WARNING, this) << "Redirection to [" 605 << address.ToSensitiveString() 606 << "] ignored, allocation failed."; 607 return false; 608 } 609 610 // If protocol family of server address doesn't match with local, return. 611 if (!IsCompatibleAddress(address)) { 612 LOG(LS_WARNING) << "Server IP address family does not match with " 613 << "local host address family type"; 614 return false; 615 } 616 617 LOG_J(LS_INFO, this) << "Redirecting from TURN server [" 618 << server_address_.address.ToSensitiveString() 619 << "] to TURN server [" 620 << address.ToSensitiveString() 621 << "]"; 622 server_address_ = ProtocolAddress(address, server_address_.proto, 623 server_address_.secure); 624 625 // Insert the current address to prevent redirection pingpong. 626 attempted_server_addresses_.insert(server_address_.address); 627 return true; 628 } 629 ResolveTurnAddress(const rtc::SocketAddress & address)630 void TurnPort::ResolveTurnAddress(const rtc::SocketAddress& address) { 631 if (resolver_) 632 return; 633 634 LOG_J(LS_INFO, this) << "Starting TURN host lookup for " 635 << address.ToSensitiveString(); 636 resolver_ = socket_factory()->CreateAsyncResolver(); 637 resolver_->SignalDone.connect(this, &TurnPort::OnResolveResult); 638 resolver_->Start(address); 639 } 640 OnResolveResult(rtc::AsyncResolverInterface * resolver)641 void TurnPort::OnResolveResult(rtc::AsyncResolverInterface* resolver) { 642 ASSERT(resolver == resolver_); 643 // If DNS resolve is failed when trying to connect to the server using TCP, 644 // one of the reason could be due to DNS queries blocked by firewall. 645 // In such cases we will try to connect to the server with hostname, assuming 646 // socket layer will resolve the hostname through a HTTP proxy (if any). 647 if (resolver_->GetError() != 0 && server_address_.proto == PROTO_TCP) { 648 if (!CreateTurnClientSocket()) { 649 OnAllocateError(); 650 } 651 return; 652 } 653 654 // Copy the original server address in |resolved_address|. For TLS based 655 // sockets we need hostname along with resolved address. 656 rtc::SocketAddress resolved_address = server_address_.address; 657 if (resolver_->GetError() != 0 || 658 !resolver_->GetResolvedAddress(ip().family(), &resolved_address)) { 659 LOG_J(LS_WARNING, this) << "TURN host lookup received error " 660 << resolver_->GetError(); 661 error_ = resolver_->GetError(); 662 OnAllocateError(); 663 return; 664 } 665 // Signal needs both resolved and unresolved address. After signal is sent 666 // we can copy resolved address back into |server_address_|. 667 SignalResolvedServerAddress(this, server_address_.address, 668 resolved_address); 669 server_address_.address = resolved_address; 670 PrepareAddress(); 671 } 672 OnSendStunPacket(const void * data,size_t size,StunRequest * request)673 void TurnPort::OnSendStunPacket(const void* data, size_t size, 674 StunRequest* request) { 675 ASSERT(connected()); 676 rtc::PacketOptions options(DefaultDscpValue()); 677 if (Send(data, size, options) < 0) { 678 LOG_J(LS_ERROR, this) << "Failed to send TURN message, err=" 679 << socket_->GetError(); 680 } 681 } 682 OnStunAddress(const rtc::SocketAddress & address)683 void TurnPort::OnStunAddress(const rtc::SocketAddress& address) { 684 // STUN Port will discover STUN candidate, as it's supplied with first TURN 685 // server address. 686 // Why not using this address? - P2PTransportChannel will start creating 687 // connections after first candidate, which means it could start creating the 688 // connections before TURN candidate added. For that to handle, we need to 689 // supply STUN candidate from this port to UDPPort, and TurnPort should have 690 // handle to UDPPort to pass back the address. 691 } 692 OnAllocateSuccess(const rtc::SocketAddress & address,const rtc::SocketAddress & stun_address)693 void TurnPort::OnAllocateSuccess(const rtc::SocketAddress& address, 694 const rtc::SocketAddress& stun_address) { 695 state_ = STATE_READY; 696 697 rtc::SocketAddress related_address = stun_address; 698 if (!(candidate_filter() & CF_REFLEXIVE)) { 699 // If candidate filter only allows relay type of address, empty raddr to 700 // avoid local address leakage. 701 related_address = rtc::EmptySocketAddressWithFamily(stun_address.family()); 702 } 703 704 // For relayed candidate, Base is the candidate itself. 705 AddAddress(address, // Candidate address. 706 address, // Base address. 707 related_address, // Related address. 708 UDP_PROTOCOL_NAME, 709 ProtoToString(server_address_.proto), // The first hop protocol. 710 "", // TCP canddiate type, empty for turn candidates. 711 RELAY_PORT_TYPE, 712 GetRelayPreference(server_address_.proto, server_address_.secure), 713 server_priority_, true); 714 } 715 OnAllocateError()716 void TurnPort::OnAllocateError() { 717 // We will send SignalPortError asynchronously as this can be sent during 718 // port initialization. This way it will not be blocking other port 719 // creation. 720 thread()->Post(this, MSG_ALLOCATE_ERROR); 721 } 722 OnTurnRefreshError()723 void TurnPort::OnTurnRefreshError() { 724 // Need to Close the port asynchronously because otherwise, the refresh 725 // request may be deleted twice: once at the end of the message processing 726 // and the other in Close(). 727 thread()->Post(this, MSG_REFRESH_ERROR); 728 } 729 Close()730 void TurnPort::Close() { 731 if (!ready()) { 732 OnAllocateError(); 733 } 734 request_manager_.Clear(); 735 // Stop the port from creating new connections. 736 state_ = STATE_DISCONNECTED; 737 // Delete all existing connections; stop sending data. 738 for (auto kv : connections()) { 739 kv.second->Destroy(); 740 } 741 } 742 OnMessage(rtc::Message * message)743 void TurnPort::OnMessage(rtc::Message* message) { 744 switch (message->message_id) { 745 case MSG_ALLOCATE_ERROR: 746 SignalPortError(this); 747 break; 748 case MSG_ALLOCATE_MISMATCH: 749 OnAllocateMismatch(); 750 break; 751 case MSG_REFRESH_ERROR: 752 Close(); 753 break; 754 case MSG_TRY_ALTERNATE_SERVER: 755 if (server_address().proto == PROTO_UDP) { 756 // Send another allocate request to alternate server, with the received 757 // realm and nonce values. 758 SendRequest(new TurnAllocateRequest(this), 0); 759 } else { 760 // Since it's TCP, we have to delete the connected socket and reconnect 761 // with the alternate server. PrepareAddress will send stun binding once 762 // the new socket is connected. 763 ASSERT(server_address().proto == PROTO_TCP); 764 ASSERT(!SharedSocket()); 765 delete socket_; 766 socket_ = NULL; 767 PrepareAddress(); 768 } 769 break; 770 default: 771 Port::OnMessage(message); 772 } 773 } 774 OnAllocateRequestTimeout()775 void TurnPort::OnAllocateRequestTimeout() { 776 OnAllocateError(); 777 } 778 HandleDataIndication(const char * data,size_t size,const rtc::PacketTime & packet_time)779 void TurnPort::HandleDataIndication(const char* data, size_t size, 780 const rtc::PacketTime& packet_time) { 781 // Read in the message, and process according to RFC5766, Section 10.4. 782 rtc::ByteBuffer buf(data, size); 783 TurnMessage msg; 784 if (!msg.Read(&buf)) { 785 LOG_J(LS_WARNING, this) << "Received invalid TURN data indication"; 786 return; 787 } 788 789 // Check mandatory attributes. 790 const StunAddressAttribute* addr_attr = 791 msg.GetAddress(STUN_ATTR_XOR_PEER_ADDRESS); 792 if (!addr_attr) { 793 LOG_J(LS_WARNING, this) << "Missing STUN_ATTR_XOR_PEER_ADDRESS attribute " 794 << "in data indication."; 795 return; 796 } 797 798 const StunByteStringAttribute* data_attr = 799 msg.GetByteString(STUN_ATTR_DATA); 800 if (!data_attr) { 801 LOG_J(LS_WARNING, this) << "Missing STUN_ATTR_DATA attribute in " 802 << "data indication."; 803 return; 804 } 805 806 // Verify that the data came from somewhere we think we have a permission for. 807 rtc::SocketAddress ext_addr(addr_attr->GetAddress()); 808 if (!HasPermission(ext_addr.ipaddr())) { 809 LOG_J(LS_WARNING, this) << "Received TURN data indication with invalid " 810 << "peer address, addr=" 811 << ext_addr.ToSensitiveString(); 812 return; 813 } 814 815 DispatchPacket(data_attr->bytes(), data_attr->length(), ext_addr, 816 PROTO_UDP, packet_time); 817 } 818 HandleChannelData(int channel_id,const char * data,size_t size,const rtc::PacketTime & packet_time)819 void TurnPort::HandleChannelData(int channel_id, const char* data, 820 size_t size, 821 const rtc::PacketTime& packet_time) { 822 // Read the message, and process according to RFC5766, Section 11.6. 823 // 0 1 2 3 824 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 825 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 826 // | Channel Number | Length | 827 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 828 // | | 829 // / Application Data / 830 // / / 831 // | | 832 // | +-------------------------------+ 833 // | | 834 // +-------------------------------+ 835 836 // Extract header fields from the message. 837 uint16_t len = rtc::GetBE16(data + 2); 838 if (len > size - TURN_CHANNEL_HEADER_SIZE) { 839 LOG_J(LS_WARNING, this) << "Received TURN channel data message with " 840 << "incorrect length, len=" << len; 841 return; 842 } 843 // Allowing messages larger than |len|, as ChannelData can be padded. 844 845 TurnEntry* entry = FindEntry(channel_id); 846 if (!entry) { 847 LOG_J(LS_WARNING, this) << "Received TURN channel data message for invalid " 848 << "channel, channel_id=" << channel_id; 849 return; 850 } 851 852 DispatchPacket(data + TURN_CHANNEL_HEADER_SIZE, len, entry->address(), 853 PROTO_UDP, packet_time); 854 } 855 DispatchPacket(const char * data,size_t size,const rtc::SocketAddress & remote_addr,ProtocolType proto,const rtc::PacketTime & packet_time)856 void TurnPort::DispatchPacket(const char* data, size_t size, 857 const rtc::SocketAddress& remote_addr, 858 ProtocolType proto, const rtc::PacketTime& packet_time) { 859 if (Connection* conn = GetConnection(remote_addr)) { 860 conn->OnReadPacket(data, size, packet_time); 861 } else { 862 Port::OnReadPacket(data, size, remote_addr, proto); 863 } 864 } 865 ScheduleRefresh(int lifetime)866 bool TurnPort::ScheduleRefresh(int lifetime) { 867 // Lifetime is in seconds; we schedule a refresh for one minute less. 868 if (lifetime < 2 * 60) { 869 LOG_J(LS_WARNING, this) << "Received response with lifetime that was " 870 << "too short, lifetime=" << lifetime; 871 return false; 872 } 873 874 int delay = (lifetime - 60) * 1000; 875 SendRequest(new TurnRefreshRequest(this), delay); 876 LOG_J(LS_INFO, this) << "Scheduled refresh in " << delay << "ms."; 877 return true; 878 } 879 SendRequest(StunRequest * req,int delay)880 void TurnPort::SendRequest(StunRequest* req, int delay) { 881 request_manager_.SendDelayed(req, delay); 882 } 883 AddRequestAuthInfo(StunMessage * msg)884 void TurnPort::AddRequestAuthInfo(StunMessage* msg) { 885 // If we've gotten the necessary data from the server, add it to our request. 886 VERIFY(!hash_.empty()); 887 VERIFY(msg->AddAttribute(new StunByteStringAttribute( 888 STUN_ATTR_USERNAME, credentials_.username))); 889 VERIFY(msg->AddAttribute(new StunByteStringAttribute( 890 STUN_ATTR_REALM, realm_))); 891 VERIFY(msg->AddAttribute(new StunByteStringAttribute( 892 STUN_ATTR_NONCE, nonce_))); 893 VERIFY(msg->AddMessageIntegrity(hash())); 894 } 895 Send(const void * data,size_t len,const rtc::PacketOptions & options)896 int TurnPort::Send(const void* data, size_t len, 897 const rtc::PacketOptions& options) { 898 return socket_->SendTo(data, len, server_address_.address, options); 899 } 900 UpdateHash()901 void TurnPort::UpdateHash() { 902 VERIFY(ComputeStunCredentialHash(credentials_.username, realm_, 903 credentials_.password, &hash_)); 904 } 905 UpdateNonce(StunMessage * response)906 bool TurnPort::UpdateNonce(StunMessage* response) { 907 // When stale nonce error received, we should update 908 // hash and store realm and nonce. 909 // Check the mandatory attributes. 910 const StunByteStringAttribute* realm_attr = 911 response->GetByteString(STUN_ATTR_REALM); 912 if (!realm_attr) { 913 LOG(LS_ERROR) << "Missing STUN_ATTR_REALM attribute in " 914 << "stale nonce error response."; 915 return false; 916 } 917 set_realm(realm_attr->GetString()); 918 919 const StunByteStringAttribute* nonce_attr = 920 response->GetByteString(STUN_ATTR_NONCE); 921 if (!nonce_attr) { 922 LOG(LS_ERROR) << "Missing STUN_ATTR_NONCE attribute in " 923 << "stale nonce error response."; 924 return false; 925 } 926 set_nonce(nonce_attr->GetString()); 927 return true; 928 } 929 MatchesIP(TurnEntry * e,rtc::IPAddress ipaddr)930 static bool MatchesIP(TurnEntry* e, rtc::IPAddress ipaddr) { 931 return e->address().ipaddr() == ipaddr; 932 } HasPermission(const rtc::IPAddress & ipaddr) const933 bool TurnPort::HasPermission(const rtc::IPAddress& ipaddr) const { 934 return (std::find_if(entries_.begin(), entries_.end(), 935 std::bind2nd(std::ptr_fun(MatchesIP), ipaddr)) != entries_.end()); 936 } 937 MatchesAddress(TurnEntry * e,rtc::SocketAddress addr)938 static bool MatchesAddress(TurnEntry* e, rtc::SocketAddress addr) { 939 return e->address() == addr; 940 } FindEntry(const rtc::SocketAddress & addr) const941 TurnEntry* TurnPort::FindEntry(const rtc::SocketAddress& addr) const { 942 EntryList::const_iterator it = std::find_if(entries_.begin(), entries_.end(), 943 std::bind2nd(std::ptr_fun(MatchesAddress), addr)); 944 return (it != entries_.end()) ? *it : NULL; 945 } 946 MatchesChannelId(TurnEntry * e,int id)947 static bool MatchesChannelId(TurnEntry* e, int id) { 948 return e->channel_id() == id; 949 } FindEntry(int channel_id) const950 TurnEntry* TurnPort::FindEntry(int channel_id) const { 951 EntryList::const_iterator it = std::find_if(entries_.begin(), entries_.end(), 952 std::bind2nd(std::ptr_fun(MatchesChannelId), channel_id)); 953 return (it != entries_.end()) ? *it : NULL; 954 } 955 EntryExists(TurnEntry * e)956 bool TurnPort::EntryExists(TurnEntry* e) { 957 auto it = std::find(entries_.begin(), entries_.end(), e); 958 return it != entries_.end(); 959 } 960 CreateOrRefreshEntry(const rtc::SocketAddress & addr)961 void TurnPort::CreateOrRefreshEntry(const rtc::SocketAddress& addr) { 962 TurnEntry* entry = FindEntry(addr); 963 if (entry == nullptr) { 964 entry = new TurnEntry(this, next_channel_number_++, addr); 965 entries_.push_back(entry); 966 } else { 967 // The channel binding request for the entry will be refreshed automatically 968 // until the entry is destroyed. 969 CancelEntryDestruction(entry); 970 } 971 } 972 DestroyEntry(TurnEntry * entry)973 void TurnPort::DestroyEntry(TurnEntry* entry) { 974 ASSERT(entry != NULL); 975 entry->SignalDestroyed(entry); 976 entries_.remove(entry); 977 delete entry; 978 } 979 DestroyEntryIfNotCancelled(TurnEntry * entry,uint32_t timestamp)980 void TurnPort::DestroyEntryIfNotCancelled(TurnEntry* entry, 981 uint32_t timestamp) { 982 if (!EntryExists(entry)) { 983 return; 984 } 985 bool cancelled = timestamp != entry->destruction_timestamp(); 986 if (!cancelled) { 987 DestroyEntry(entry); 988 } 989 } 990 OnConnectionDestroyed(Connection * conn)991 void TurnPort::OnConnectionDestroyed(Connection* conn) { 992 // Schedule an event to destroy TurnEntry for the connection, which is 993 // already destroyed. 994 const rtc::SocketAddress& remote_address = conn->remote_candidate().address(); 995 TurnEntry* entry = FindEntry(remote_address); 996 ASSERT(entry != NULL); 997 ScheduleEntryDestruction(entry); 998 } 999 ScheduleEntryDestruction(TurnEntry * entry)1000 void TurnPort::ScheduleEntryDestruction(TurnEntry* entry) { 1001 ASSERT(entry->destruction_timestamp() == 0); 1002 uint32_t timestamp = rtc::Time(); 1003 entry->set_destruction_timestamp(timestamp); 1004 invoker_.AsyncInvokeDelayed<void>( 1005 thread(), 1006 rtc::Bind(&TurnPort::DestroyEntryIfNotCancelled, this, entry, timestamp), 1007 TURN_PERMISSION_TIMEOUT); 1008 } 1009 CancelEntryDestruction(TurnEntry * entry)1010 void TurnPort::CancelEntryDestruction(TurnEntry* entry) { 1011 ASSERT(entry->destruction_timestamp() != 0); 1012 entry->set_destruction_timestamp(0); 1013 } 1014 SetEntryChannelId(const rtc::SocketAddress & address,int channel_id)1015 bool TurnPort::SetEntryChannelId(const rtc::SocketAddress& address, 1016 int channel_id) { 1017 TurnEntry* entry = FindEntry(address); 1018 if (!entry) { 1019 return false; 1020 } 1021 entry->set_channel_id(channel_id); 1022 return true; 1023 } 1024 TurnAllocateRequest(TurnPort * port)1025 TurnAllocateRequest::TurnAllocateRequest(TurnPort* port) 1026 : StunRequest(new TurnMessage()), 1027 port_(port) { 1028 } 1029 Prepare(StunMessage * request)1030 void TurnAllocateRequest::Prepare(StunMessage* request) { 1031 // Create the request as indicated in RFC 5766, Section 6.1. 1032 request->SetType(TURN_ALLOCATE_REQUEST); 1033 StunUInt32Attribute* transport_attr = StunAttribute::CreateUInt32( 1034 STUN_ATTR_REQUESTED_TRANSPORT); 1035 transport_attr->SetValue(IPPROTO_UDP << 24); 1036 VERIFY(request->AddAttribute(transport_attr)); 1037 if (!port_->hash().empty()) { 1038 port_->AddRequestAuthInfo(request); 1039 } 1040 } 1041 OnSent()1042 void TurnAllocateRequest::OnSent() { 1043 LOG_J(LS_INFO, port_) << "TURN allocate request sent" 1044 << ", id=" << rtc::hex_encode(id()); 1045 StunRequest::OnSent(); 1046 } 1047 OnResponse(StunMessage * response)1048 void TurnAllocateRequest::OnResponse(StunMessage* response) { 1049 LOG_J(LS_INFO, port_) << "TURN allocate requested successfully" 1050 << ", id=" << rtc::hex_encode(id()) 1051 << ", code=0" // Makes logging easier to parse. 1052 << ", rtt=" << Elapsed(); 1053 1054 // Check mandatory attributes as indicated in RFC5766, Section 6.3. 1055 const StunAddressAttribute* mapped_attr = 1056 response->GetAddress(STUN_ATTR_XOR_MAPPED_ADDRESS); 1057 if (!mapped_attr) { 1058 LOG_J(LS_WARNING, port_) << "Missing STUN_ATTR_XOR_MAPPED_ADDRESS " 1059 << "attribute in allocate success response"; 1060 return; 1061 } 1062 // Using XOR-Mapped-Address for stun. 1063 port_->OnStunAddress(mapped_attr->GetAddress()); 1064 1065 const StunAddressAttribute* relayed_attr = 1066 response->GetAddress(STUN_ATTR_XOR_RELAYED_ADDRESS); 1067 if (!relayed_attr) { 1068 LOG_J(LS_WARNING, port_) << "Missing STUN_ATTR_XOR_RELAYED_ADDRESS " 1069 << "attribute in allocate success response"; 1070 return; 1071 } 1072 1073 const StunUInt32Attribute* lifetime_attr = 1074 response->GetUInt32(STUN_ATTR_TURN_LIFETIME); 1075 if (!lifetime_attr) { 1076 LOG_J(LS_WARNING, port_) << "Missing STUN_ATTR_TURN_LIFETIME attribute in " 1077 << "allocate success response"; 1078 return; 1079 } 1080 // Notify the port the allocate succeeded, and schedule a refresh request. 1081 port_->OnAllocateSuccess(relayed_attr->GetAddress(), 1082 mapped_attr->GetAddress()); 1083 port_->ScheduleRefresh(lifetime_attr->value()); 1084 } 1085 OnErrorResponse(StunMessage * response)1086 void TurnAllocateRequest::OnErrorResponse(StunMessage* response) { 1087 // Process error response according to RFC5766, Section 6.4. 1088 const StunErrorCodeAttribute* error_code = response->GetErrorCode(); 1089 1090 LOG_J(LS_INFO, port_) << "Received TURN allocate error response" 1091 << ", id=" << rtc::hex_encode(id()) 1092 << ", code=" << error_code->code() 1093 << ", rtt=" << Elapsed(); 1094 1095 switch (error_code->code()) { 1096 case STUN_ERROR_UNAUTHORIZED: // Unauthrorized. 1097 OnAuthChallenge(response, error_code->code()); 1098 break; 1099 case STUN_ERROR_TRY_ALTERNATE: 1100 OnTryAlternate(response, error_code->code()); 1101 break; 1102 case STUN_ERROR_ALLOCATION_MISMATCH: 1103 // We must handle this error async because trying to delete the socket in 1104 // OnErrorResponse will cause a deadlock on the socket. 1105 port_->thread()->Post(port_, TurnPort::MSG_ALLOCATE_MISMATCH); 1106 break; 1107 default: 1108 LOG_J(LS_WARNING, port_) << "Received TURN allocate error response" 1109 << ", id=" << rtc::hex_encode(id()) 1110 << ", code=" << error_code->code() 1111 << ", rtt=" << Elapsed(); 1112 port_->OnAllocateError(); 1113 } 1114 } 1115 OnTimeout()1116 void TurnAllocateRequest::OnTimeout() { 1117 LOG_J(LS_WARNING, port_) << "TURN allocate request " 1118 << rtc::hex_encode(id()) << " timout"; 1119 port_->OnAllocateRequestTimeout(); 1120 } 1121 OnAuthChallenge(StunMessage * response,int code)1122 void TurnAllocateRequest::OnAuthChallenge(StunMessage* response, int code) { 1123 // If we failed to authenticate even after we sent our credentials, fail hard. 1124 if (code == STUN_ERROR_UNAUTHORIZED && !port_->hash().empty()) { 1125 LOG_J(LS_WARNING, port_) << "Failed to authenticate with the server " 1126 << "after challenge."; 1127 port_->OnAllocateError(); 1128 return; 1129 } 1130 1131 // Check the mandatory attributes. 1132 const StunByteStringAttribute* realm_attr = 1133 response->GetByteString(STUN_ATTR_REALM); 1134 if (!realm_attr) { 1135 LOG_J(LS_WARNING, port_) << "Missing STUN_ATTR_REALM attribute in " 1136 << "allocate unauthorized response."; 1137 return; 1138 } 1139 port_->set_realm(realm_attr->GetString()); 1140 1141 const StunByteStringAttribute* nonce_attr = 1142 response->GetByteString(STUN_ATTR_NONCE); 1143 if (!nonce_attr) { 1144 LOG_J(LS_WARNING, port_) << "Missing STUN_ATTR_NONCE attribute in " 1145 << "allocate unauthorized response."; 1146 return; 1147 } 1148 port_->set_nonce(nonce_attr->GetString()); 1149 1150 // Send another allocate request, with the received realm and nonce values. 1151 port_->SendRequest(new TurnAllocateRequest(port_), 0); 1152 } 1153 OnTryAlternate(StunMessage * response,int code)1154 void TurnAllocateRequest::OnTryAlternate(StunMessage* response, int code) { 1155 1156 // According to RFC 5389 section 11, there are use cases where 1157 // authentication of response is not possible, we're not validating 1158 // message integrity. 1159 1160 // Get the alternate server address attribute value. 1161 const StunAddressAttribute* alternate_server_attr = 1162 response->GetAddress(STUN_ATTR_ALTERNATE_SERVER); 1163 if (!alternate_server_attr) { 1164 LOG_J(LS_WARNING, port_) << "Missing STUN_ATTR_ALTERNATE_SERVER " 1165 << "attribute in try alternate error response"; 1166 port_->OnAllocateError(); 1167 return; 1168 } 1169 if (!port_->SetAlternateServer(alternate_server_attr->GetAddress())) { 1170 port_->OnAllocateError(); 1171 return; 1172 } 1173 1174 // Check the attributes. 1175 const StunByteStringAttribute* realm_attr = 1176 response->GetByteString(STUN_ATTR_REALM); 1177 if (realm_attr) { 1178 LOG_J(LS_INFO, port_) << "Applying STUN_ATTR_REALM attribute in " 1179 << "try alternate error response."; 1180 port_->set_realm(realm_attr->GetString()); 1181 } 1182 1183 const StunByteStringAttribute* nonce_attr = 1184 response->GetByteString(STUN_ATTR_NONCE); 1185 if (nonce_attr) { 1186 LOG_J(LS_INFO, port_) << "Applying STUN_ATTR_NONCE attribute in " 1187 << "try alternate error response."; 1188 port_->set_nonce(nonce_attr->GetString()); 1189 } 1190 1191 // For TCP, we can't close the original Tcp socket during handling a 300 as 1192 // we're still inside that socket's event handler. Doing so will cause 1193 // deadlock. 1194 port_->thread()->Post(port_, TurnPort::MSG_TRY_ALTERNATE_SERVER); 1195 } 1196 TurnRefreshRequest(TurnPort * port)1197 TurnRefreshRequest::TurnRefreshRequest(TurnPort* port) 1198 : StunRequest(new TurnMessage()), 1199 port_(port), 1200 lifetime_(-1) { 1201 } 1202 Prepare(StunMessage * request)1203 void TurnRefreshRequest::Prepare(StunMessage* request) { 1204 // Create the request as indicated in RFC 5766, Section 7.1. 1205 // No attributes need to be included. 1206 request->SetType(TURN_REFRESH_REQUEST); 1207 if (lifetime_ > -1) { 1208 VERIFY(request->AddAttribute(new StunUInt32Attribute( 1209 STUN_ATTR_LIFETIME, lifetime_))); 1210 } 1211 1212 port_->AddRequestAuthInfo(request); 1213 } 1214 OnSent()1215 void TurnRefreshRequest::OnSent() { 1216 LOG_J(LS_INFO, port_) << "TURN refresh request sent" 1217 << ", id=" << rtc::hex_encode(id()); 1218 StunRequest::OnSent(); 1219 } 1220 OnResponse(StunMessage * response)1221 void TurnRefreshRequest::OnResponse(StunMessage* response) { 1222 LOG_J(LS_INFO, port_) << "TURN refresh requested successfully" 1223 << ", id=" << rtc::hex_encode(id()) 1224 << ", code=0" // Makes logging easier to parse. 1225 << ", rtt=" << Elapsed(); 1226 1227 // Check mandatory attributes as indicated in RFC5766, Section 7.3. 1228 const StunUInt32Attribute* lifetime_attr = 1229 response->GetUInt32(STUN_ATTR_TURN_LIFETIME); 1230 if (!lifetime_attr) { 1231 LOG_J(LS_WARNING, port_) << "Missing STUN_ATTR_TURN_LIFETIME attribute in " 1232 << "refresh success response."; 1233 return; 1234 } 1235 1236 // Schedule a refresh based on the returned lifetime value. 1237 port_->ScheduleRefresh(lifetime_attr->value()); 1238 port_->SignalTurnRefreshResult(port_, TURN_SUCCESS_RESULT_CODE); 1239 } 1240 OnErrorResponse(StunMessage * response)1241 void TurnRefreshRequest::OnErrorResponse(StunMessage* response) { 1242 const StunErrorCodeAttribute* error_code = response->GetErrorCode(); 1243 1244 if (error_code->code() == STUN_ERROR_STALE_NONCE) { 1245 if (port_->UpdateNonce(response)) { 1246 // Send RefreshRequest immediately. 1247 port_->SendRequest(new TurnRefreshRequest(port_), 0); 1248 } 1249 } else { 1250 LOG_J(LS_WARNING, port_) << "Received TURN refresh error response" 1251 << ", id=" << rtc::hex_encode(id()) 1252 << ", code=" << error_code->code() 1253 << ", rtt=" << Elapsed(); 1254 port_->OnTurnRefreshError(); 1255 port_->SignalTurnRefreshResult(port_, error_code->code()); 1256 } 1257 } 1258 OnTimeout()1259 void TurnRefreshRequest::OnTimeout() { 1260 LOG_J(LS_WARNING, port_) << "TURN refresh timeout " << rtc::hex_encode(id()); 1261 port_->OnTurnRefreshError(); 1262 } 1263 TurnCreatePermissionRequest(TurnPort * port,TurnEntry * entry,const rtc::SocketAddress & ext_addr)1264 TurnCreatePermissionRequest::TurnCreatePermissionRequest( 1265 TurnPort* port, TurnEntry* entry, 1266 const rtc::SocketAddress& ext_addr) 1267 : StunRequest(new TurnMessage()), 1268 port_(port), 1269 entry_(entry), 1270 ext_addr_(ext_addr) { 1271 entry_->SignalDestroyed.connect( 1272 this, &TurnCreatePermissionRequest::OnEntryDestroyed); 1273 } 1274 Prepare(StunMessage * request)1275 void TurnCreatePermissionRequest::Prepare(StunMessage* request) { 1276 // Create the request as indicated in RFC5766, Section 9.1. 1277 request->SetType(TURN_CREATE_PERMISSION_REQUEST); 1278 VERIFY(request->AddAttribute(new StunXorAddressAttribute( 1279 STUN_ATTR_XOR_PEER_ADDRESS, ext_addr_))); 1280 port_->AddRequestAuthInfo(request); 1281 } 1282 OnSent()1283 void TurnCreatePermissionRequest::OnSent() { 1284 LOG_J(LS_INFO, port_) << "TURN create permission request sent" 1285 << ", id=" << rtc::hex_encode(id()); 1286 StunRequest::OnSent(); 1287 } 1288 OnResponse(StunMessage * response)1289 void TurnCreatePermissionRequest::OnResponse(StunMessage* response) { 1290 LOG_J(LS_INFO, port_) << "TURN permission requested successfully" 1291 << ", id=" << rtc::hex_encode(id()) 1292 << ", code=0" // Makes logging easier to parse. 1293 << ", rtt=" << Elapsed(); 1294 1295 if (entry_) { 1296 entry_->OnCreatePermissionSuccess(); 1297 } 1298 } 1299 OnErrorResponse(StunMessage * response)1300 void TurnCreatePermissionRequest::OnErrorResponse(StunMessage* response) { 1301 const StunErrorCodeAttribute* error_code = response->GetErrorCode(); 1302 LOG_J(LS_WARNING, port_) << "Received TURN create permission error response" 1303 << ", id=" << rtc::hex_encode(id()) 1304 << ", code=" << error_code->code() 1305 << ", rtt=" << Elapsed(); 1306 if (entry_) { 1307 entry_->OnCreatePermissionError(response, error_code->code()); 1308 } 1309 } 1310 OnTimeout()1311 void TurnCreatePermissionRequest::OnTimeout() { 1312 LOG_J(LS_WARNING, port_) << "TURN create permission timeout " 1313 << rtc::hex_encode(id()); 1314 if (entry_) { 1315 entry_->OnCreatePermissionTimeout(); 1316 } 1317 } 1318 OnEntryDestroyed(TurnEntry * entry)1319 void TurnCreatePermissionRequest::OnEntryDestroyed(TurnEntry* entry) { 1320 ASSERT(entry_ == entry); 1321 entry_ = NULL; 1322 } 1323 TurnChannelBindRequest(TurnPort * port,TurnEntry * entry,int channel_id,const rtc::SocketAddress & ext_addr)1324 TurnChannelBindRequest::TurnChannelBindRequest( 1325 TurnPort* port, TurnEntry* entry, 1326 int channel_id, const rtc::SocketAddress& ext_addr) 1327 : StunRequest(new TurnMessage()), 1328 port_(port), 1329 entry_(entry), 1330 channel_id_(channel_id), 1331 ext_addr_(ext_addr) { 1332 entry_->SignalDestroyed.connect( 1333 this, &TurnChannelBindRequest::OnEntryDestroyed); 1334 } 1335 Prepare(StunMessage * request)1336 void TurnChannelBindRequest::Prepare(StunMessage* request) { 1337 // Create the request as indicated in RFC5766, Section 11.1. 1338 request->SetType(TURN_CHANNEL_BIND_REQUEST); 1339 VERIFY(request->AddAttribute(new StunUInt32Attribute( 1340 STUN_ATTR_CHANNEL_NUMBER, channel_id_ << 16))); 1341 VERIFY(request->AddAttribute(new StunXorAddressAttribute( 1342 STUN_ATTR_XOR_PEER_ADDRESS, ext_addr_))); 1343 port_->AddRequestAuthInfo(request); 1344 } 1345 OnSent()1346 void TurnChannelBindRequest::OnSent() { 1347 LOG_J(LS_INFO, port_) << "TURN channel bind request sent" 1348 << ", id=" << rtc::hex_encode(id()); 1349 StunRequest::OnSent(); 1350 } 1351 OnResponse(StunMessage * response)1352 void TurnChannelBindRequest::OnResponse(StunMessage* response) { 1353 LOG_J(LS_INFO, port_) << "TURN channel bind requested successfully" 1354 << ", id=" << rtc::hex_encode(id()) 1355 << ", code=0" // Makes logging easier to parse. 1356 << ", rtt=" << Elapsed(); 1357 1358 if (entry_) { 1359 entry_->OnChannelBindSuccess(); 1360 // Refresh the channel binding just under the permission timeout 1361 // threshold. The channel binding has a longer lifetime, but 1362 // this is the easiest way to keep both the channel and the 1363 // permission from expiring. 1364 int delay = TURN_PERMISSION_TIMEOUT - 60000; 1365 entry_->SendChannelBindRequest(delay); 1366 LOG_J(LS_INFO, port_) << "Scheduled channel bind in " << delay << "ms."; 1367 } 1368 } 1369 OnErrorResponse(StunMessage * response)1370 void TurnChannelBindRequest::OnErrorResponse(StunMessage* response) { 1371 const StunErrorCodeAttribute* error_code = response->GetErrorCode(); 1372 LOG_J(LS_WARNING, port_) << "Received TURN channel bind error response" 1373 << ", id=" << rtc::hex_encode(id()) 1374 << ", code=" << error_code->code() 1375 << ", rtt=" << Elapsed(); 1376 if (entry_) { 1377 entry_->OnChannelBindError(response, error_code->code()); 1378 } 1379 } 1380 OnTimeout()1381 void TurnChannelBindRequest::OnTimeout() { 1382 LOG_J(LS_WARNING, port_) << "TURN channel bind timeout " 1383 << rtc::hex_encode(id()); 1384 if (entry_) { 1385 entry_->OnChannelBindTimeout(); 1386 } 1387 } 1388 OnEntryDestroyed(TurnEntry * entry)1389 void TurnChannelBindRequest::OnEntryDestroyed(TurnEntry* entry) { 1390 ASSERT(entry_ == entry); 1391 entry_ = NULL; 1392 } 1393 TurnEntry(TurnPort * port,int channel_id,const rtc::SocketAddress & ext_addr)1394 TurnEntry::TurnEntry(TurnPort* port, int channel_id, 1395 const rtc::SocketAddress& ext_addr) 1396 : port_(port), 1397 channel_id_(channel_id), 1398 ext_addr_(ext_addr), 1399 state_(STATE_UNBOUND) { 1400 // Creating permission for |ext_addr_|. 1401 SendCreatePermissionRequest(0); 1402 } 1403 SendCreatePermissionRequest(int delay)1404 void TurnEntry::SendCreatePermissionRequest(int delay) { 1405 port_->SendRequest(new TurnCreatePermissionRequest(port_, this, ext_addr_), 1406 delay); 1407 } 1408 SendChannelBindRequest(int delay)1409 void TurnEntry::SendChannelBindRequest(int delay) { 1410 port_->SendRequest(new TurnChannelBindRequest( 1411 port_, this, channel_id_, ext_addr_), delay); 1412 } 1413 Send(const void * data,size_t size,bool payload,const rtc::PacketOptions & options)1414 int TurnEntry::Send(const void* data, size_t size, bool payload, 1415 const rtc::PacketOptions& options) { 1416 rtc::ByteBuffer buf; 1417 if (state_ != STATE_BOUND) { 1418 // If we haven't bound the channel yet, we have to use a Send Indication. 1419 TurnMessage msg; 1420 msg.SetType(TURN_SEND_INDICATION); 1421 msg.SetTransactionID( 1422 rtc::CreateRandomString(kStunTransactionIdLength)); 1423 VERIFY(msg.AddAttribute(new StunXorAddressAttribute( 1424 STUN_ATTR_XOR_PEER_ADDRESS, ext_addr_))); 1425 VERIFY(msg.AddAttribute(new StunByteStringAttribute( 1426 STUN_ATTR_DATA, data, size))); 1427 VERIFY(msg.Write(&buf)); 1428 1429 // If we're sending real data, request a channel bind that we can use later. 1430 if (state_ == STATE_UNBOUND && payload) { 1431 SendChannelBindRequest(0); 1432 state_ = STATE_BINDING; 1433 } 1434 } else { 1435 // If the channel is bound, we can send the data as a Channel Message. 1436 buf.WriteUInt16(channel_id_); 1437 buf.WriteUInt16(static_cast<uint16_t>(size)); 1438 buf.WriteBytes(reinterpret_cast<const char*>(data), size); 1439 } 1440 return port_->Send(buf.Data(), buf.Length(), options); 1441 } 1442 OnCreatePermissionSuccess()1443 void TurnEntry::OnCreatePermissionSuccess() { 1444 LOG_J(LS_INFO, port_) << "Create permission for " 1445 << ext_addr_.ToSensitiveString() 1446 << " succeeded"; 1447 port_->SignalCreatePermissionResult(port_, ext_addr_, 1448 TURN_SUCCESS_RESULT_CODE); 1449 1450 // If |state_| is STATE_BOUND, the permission will be refreshed 1451 // by ChannelBindRequest. 1452 if (state_ != STATE_BOUND) { 1453 // Refresh the permission request about 1 minute before the permission 1454 // times out. 1455 int delay = TURN_PERMISSION_TIMEOUT - 60000; 1456 SendCreatePermissionRequest(delay); 1457 LOG_J(LS_INFO, port_) << "Scheduled create-permission-request in " 1458 << delay << "ms."; 1459 } 1460 } 1461 OnCreatePermissionError(StunMessage * response,int code)1462 void TurnEntry::OnCreatePermissionError(StunMessage* response, int code) { 1463 if (code == STUN_ERROR_STALE_NONCE) { 1464 if (port_->UpdateNonce(response)) { 1465 SendCreatePermissionRequest(0); 1466 } 1467 } else { 1468 port_->DestroyConnection(ext_addr_); 1469 // Send signal with error code. 1470 port_->SignalCreatePermissionResult(port_, ext_addr_, code); 1471 Connection* c = port_->GetConnection(ext_addr_); 1472 if (c) { 1473 LOG_J(LS_ERROR, c) << "Received TURN CreatePermission error response, " 1474 << "code=" << code << "; killing connection."; 1475 c->FailAndDestroy(); 1476 } 1477 } 1478 } 1479 OnCreatePermissionTimeout()1480 void TurnEntry::OnCreatePermissionTimeout() { 1481 port_->DestroyConnection(ext_addr_); 1482 } 1483 OnChannelBindSuccess()1484 void TurnEntry::OnChannelBindSuccess() { 1485 LOG_J(LS_INFO, port_) << "Channel bind for " << ext_addr_.ToSensitiveString() 1486 << " succeeded"; 1487 ASSERT(state_ == STATE_BINDING || state_ == STATE_BOUND); 1488 state_ = STATE_BOUND; 1489 } 1490 OnChannelBindError(StunMessage * response,int code)1491 void TurnEntry::OnChannelBindError(StunMessage* response, int code) { 1492 // If the channel bind fails due to errors other than STATE_NONCE, 1493 // we just destroy the connection and rely on ICE restart to re-establish 1494 // the connection. 1495 if (code == STUN_ERROR_STALE_NONCE) { 1496 if (port_->UpdateNonce(response)) { 1497 // Send channel bind request with fresh nonce. 1498 SendChannelBindRequest(0); 1499 } 1500 } else { 1501 state_ = STATE_UNBOUND; 1502 port_->DestroyConnection(ext_addr_); 1503 } 1504 } OnChannelBindTimeout()1505 void TurnEntry::OnChannelBindTimeout() { 1506 state_ = STATE_UNBOUND; 1507 port_->DestroyConnection(ext_addr_); 1508 } 1509 } // namespace cricket 1510