OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/renderer_host/p2p/socket_host.h" | 5 #include "content/browser/renderer_host/p2p/socket_host.h" |
6 | 6 |
7 #include "base/sys_byteorder.h" | 7 #include "base/sys_byteorder.h" |
8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" | 8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" |
9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h" | 9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h" |
10 #include "content/browser/renderer_host/p2p/socket_host_udp.h" | 10 #include "content/browser/renderer_host/p2p/socket_host_udp.h" |
11 #include "content/browser/renderer_host/render_process_host_impl.h" | 11 #include "content/browser/renderer_host/render_process_host_impl.h" |
12 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
13 #include "crypto/hmac.h" | 13 #include "crypto/hmac.h" |
14 #include "third_party/libjingle/source/talk/p2p/base/stun.h" | 14 #include "third_party/libjingle/source/talk/p2p/base/stun.h" |
15 #include "third_party/webrtc/base/asyncpacketsocket.h" | 15 #include "third_party/webrtc/base/asyncpacketsocket.h" |
16 #include "third_party/webrtc/base/byteorder.h" | 16 #include "third_party/webrtc/base/byteorder.h" |
17 #include "third_party/webrtc/base/messagedigest.h" | 17 #include "third_party/webrtc/base/messagedigest.h" |
18 | 18 |
19 namespace { | 19 namespace { |
20 | 20 |
21 const uint32 kStunMagicCookie = 0x2112A442; | 21 const uint32 kStunMagicCookie = 0x2112A442; |
22 const int kMinRtpHdrLen = 12; | 22 const size_t kMinRtpHeaderLength = 12; |
23 const int kRtpExtnHdrLen = 4; | 23 const size_t kMinRtcpHeaderLength = 8; |
24 const int kDtlsRecordHeaderLen = 13; | 24 const size_t kRtpExtensionHeaderLength = 4; |
25 const int kTurnChannelHdrLen = 4; | 25 const size_t kDtlsRecordHeaderLength = 13; |
26 const int kAbsSendTimeExtnLen = 3; | 26 const size_t kTurnChannelHeaderLength = 4; |
27 const int kOneByteHdrLen = 1; | 27 const size_t kAbsSendTimeExtensionLength = 3; |
| 28 const size_t kOneByteHeaderLength = 1; |
| 29 const size_t kMaxRtpPacketLength = 2048; |
28 | 30 |
29 // Fake auth tag written by the render process if external authentication is | 31 // Fake auth tag written by the render process if external authentication is |
30 // enabled. HMAC in packet will be compared against this value before updating | 32 // enabled. HMAC in packet will be compared against this value before updating |
31 // packet with actual HMAC value. | 33 // packet with actual HMAC value. |
32 static const unsigned char kFakeAuthTag[10] = { | 34 static const unsigned char kFakeAuthTag[10] = { |
33 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd | 35 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd |
34 }; | 36 }; |
35 | 37 |
36 bool IsTurnChannelData(const char* data) { | 38 bool IsTurnChannelData(const char* data, size_t length) { |
37 return ((*data & 0xC0) == 0x40); | 39 return length >= kTurnChannelHeaderLength && ((*data & 0xC0) == 0x40); |
38 } | 40 } |
39 | 41 |
40 bool IsDtlsPacket(const char* data, int len) { | 42 bool IsDtlsPacket(const char* data, size_t length) { |
41 const uint8* u = reinterpret_cast<const uint8*>(data); | 43 const uint8* u = reinterpret_cast<const uint8*>(data); |
42 return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64)); | 44 return (length >= kDtlsRecordHeaderLength && (u[0] > 19 && u[0] < 64)); |
43 } | 45 } |
44 | 46 |
45 bool IsRtcpPacket(const char* data) { | 47 bool IsRtcpPacket(const char* data, size_t length) { |
| 48 if (length < kMinRtcpHeaderLength) { |
| 49 return false; |
| 50 } |
| 51 |
46 int type = (static_cast<uint8>(data[1]) & 0x7F); | 52 int type = (static_cast<uint8>(data[1]) & 0x7F); |
47 return (type >= 64 && type < 96); | 53 return (type >= 64 && type < 96); |
48 } | 54 } |
49 | 55 |
50 bool IsTurnSendIndicationPacket(const char* data) { | 56 bool IsTurnSendIndicationPacket(const char* data, size_t length) { |
| 57 if (length < content::P2PSocketHost::kStunHeaderSize) { |
| 58 return false; |
| 59 } |
| 60 |
51 uint16 type = rtc::GetBE16(data); | 61 uint16 type = rtc::GetBE16(data); |
52 return (type == cricket::TURN_SEND_INDICATION); | 62 return (type == cricket::TURN_SEND_INDICATION); |
53 } | 63 } |
54 | 64 |
55 bool IsRtpPacket(const char* data, int len) { | 65 bool IsRtpPacket(const char* data, size_t length) { |
56 return ((*data & 0xC0) == 0x80); | 66 return (length >= kMinRtpHeaderLength) && ((*data & 0xC0) == 0x80); |
57 } | 67 } |
58 | 68 |
59 // Verifies rtp header and message length. | 69 // Verifies rtp header and message length. |
60 bool ValidateRtpHeader(const char* rtp, int length, size_t* header_length) { | 70 bool ValidateRtpHeader(const char* rtp, size_t length, size_t* header_length) { |
61 if (header_length) | 71 if (header_length) { |
62 *header_length = 0; | 72 *header_length = 0; |
| 73 } |
63 | 74 |
64 int cc_count = rtp[0] & 0x0F; | 75 if (length < kMinRtpHeaderLength) { |
65 int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count; | |
66 if (rtp_hdr_len_without_extn > length) { | |
67 return false; | 76 return false; |
68 } | 77 } |
69 | 78 |
| 79 size_t cc_count = rtp[0] & 0x0F; |
| 80 size_t header_length_without_extension = kMinRtpHeaderLength + 4 * cc_count; |
| 81 if (header_length_without_extension > length) { |
| 82 return false; |
| 83 } |
| 84 |
70 // If extension bit is not set, we are done with header processing, as input | 85 // If extension bit is not set, we are done with header processing, as input |
71 // length is verified above. | 86 // length is verified above. |
72 if (!(rtp[0] & 0x10)) { | 87 if (!(rtp[0] & 0x10)) { |
73 if (header_length) | 88 if (header_length) |
74 *header_length = rtp_hdr_len_without_extn; | 89 *header_length = header_length_without_extension; |
75 | 90 |
76 return true; | 91 return true; |
77 } | 92 } |
78 | 93 |
79 rtp += rtp_hdr_len_without_extn; | 94 rtp += header_length_without_extension; |
| 95 |
| 96 if (header_length_without_extension + kRtpExtensionHeaderLength > length) { |
| 97 return false; |
| 98 } |
80 | 99 |
81 // Getting extension profile length. | 100 // Getting extension profile length. |
82 // Length is in 32 bit words. | 101 // Length is in 32 bit words. |
83 uint16 extn_length = rtc::GetBE16(rtp + 2) * 4; | 102 uint16 extension_length_in_32bits = rtc::GetBE16(rtp + 2); |
| 103 size_t extension_length = extension_length_in_32bits * 4; |
| 104 |
| 105 size_t rtp_header_length = extension_length + |
| 106 header_length_without_extension + |
| 107 kRtpExtensionHeaderLength; |
84 | 108 |
85 // Verify input length against total header size. | 109 // Verify input length against total header size. |
86 if (rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length > length) { | 110 if (rtp_header_length > length) { |
87 return false; | 111 return false; |
88 } | 112 } |
89 | 113 |
90 if (header_length) | 114 if (header_length) { |
91 *header_length = rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length; | 115 *header_length = rtp_header_length; |
| 116 } |
92 return true; | 117 return true; |
93 } | 118 } |
94 | 119 |
95 void UpdateAbsSendTimeExtnValue(char* extn_data, int len, | 120 void UpdateAbsSendTimeExtensionValue(char* extension_data, |
96 uint32 abs_send_time) { | 121 size_t length, |
| 122 uint32 abs_send_time) { |
97 // Absolute send time in RTP streams. | 123 // Absolute send time in RTP streams. |
98 // | 124 // |
99 // The absolute send time is signaled to the receiver in-band using the | 125 // The absolute send time is signaled to the receiver in-band using the |
100 // general mechanism for RTP header extensions [RFC5285]. The payload | 126 // general mechanism for RTP header extensions [RFC5285]. The payload |
101 // of this extension (the transmitted value) is a 24-bit unsigned integer | 127 // of this extension (the transmitted value) is a 24-bit unsigned integer |
102 // containing the sender's current time in seconds as a fixed point number | 128 // containing the sender's current time in seconds as a fixed point number |
103 // with 18 bits fractional part. | 129 // with 18 bits fractional part. |
104 // | 130 // |
105 // The form of the absolute send time extension block: | 131 // The form of the absolute send time extension block: |
106 // | 132 // |
107 // 0 1 2 3 | 133 // 0 1 2 3 |
108 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 134 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
109 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 135 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
110 // | ID | len=2 | absolute send time | | 136 // | ID | len=2 | absolute send time | |
111 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 137 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
112 DCHECK_EQ(len, kAbsSendTimeExtnLen); | 138 if (length != kAbsSendTimeExtensionLength) { |
| 139 NOTREACHED(); |
| 140 return; |
| 141 } |
| 142 |
113 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to | 143 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to |
114 // use it unless necessary, as it is expensive than Now(). | 144 // use it unless necessary, as it is expensive than Now(). |
115 uint32 now_second = abs_send_time; | 145 uint32 now_second = abs_send_time; |
116 if (!now_second) { | 146 if (!now_second) { |
117 uint64 now_us = | 147 uint64 now_us = |
118 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds(); | 148 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds(); |
119 // Convert second to 24-bit unsigned with 18 bit fractional part | 149 // Convert second to 24-bit unsigned with 18 bit fractional part |
120 now_second = | 150 now_second = |
121 ((now_us << 18) / base::Time::kMicrosecondsPerSecond) & 0x00FFFFFF; | 151 ((now_us << 18) / base::Time::kMicrosecondsPerSecond) & 0x00FFFFFF; |
122 } | 152 } |
123 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle. | 153 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle. |
124 extn_data[0] = static_cast<uint8>(now_second >> 16); | 154 extension_data[0] = static_cast<uint8>(now_second >> 16); |
125 extn_data[1] = static_cast<uint8>(now_second >> 8); | 155 extension_data[1] = static_cast<uint8>(now_second >> 8); |
126 extn_data[2] = static_cast<uint8>(now_second); | 156 extension_data[2] = static_cast<uint8>(now_second); |
127 } | 157 } |
128 | 158 |
129 // Assumes |len| is actual packet length + tag length. Updates HMAC at end of | 159 // Assumes |length| is actual packet length + tag length. Updates HMAC at end of |
130 // the RTP packet. | 160 // the RTP packet. |
131 void UpdateRtpAuthTag(char* rtp, int len, | 161 void UpdateRtpAuthTag(char* rtp, |
| 162 size_t length, |
132 const rtc::PacketOptions& options) { | 163 const rtc::PacketOptions& options) { |
133 // If there is no key, return. | 164 // If there is no key, return. |
134 if (options.packet_time_params.srtp_auth_key.empty()) | 165 if (options.packet_time_params.srtp_auth_key.empty()) { |
135 return; | 166 return; |
| 167 } |
136 | 168 |
137 size_t tag_length = options.packet_time_params.srtp_auth_tag_len; | 169 size_t tag_length = options.packet_time_params.srtp_auth_tag_len; |
138 char* auth_tag = rtp + (len - tag_length); | |
139 | 170 |
140 // We should have a fake HMAC value @ auth_tag. | 171 // ROC (rollover counter) is at the beginning of the auth tag. |
141 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length)); | 172 const size_t kRocLength = 4; |
| 173 if (tag_length < kRocLength || tag_length > length) { |
| 174 NOTREACHED(); |
| 175 return; |
| 176 } |
142 | 177 |
143 crypto::HMAC hmac(crypto::HMAC::SHA1); | 178 crypto::HMAC hmac(crypto::HMAC::SHA1); |
144 if (!hmac.Init(reinterpret_cast<const unsigned char*>( | 179 if (!hmac.Init(reinterpret_cast<const unsigned char*>( |
145 &options.packet_time_params.srtp_auth_key[0]), | 180 &options.packet_time_params.srtp_auth_key[0]), |
146 options.packet_time_params.srtp_auth_key.size())) { | 181 options.packet_time_params.srtp_auth_key.size())) { |
147 NOTREACHED(); | 182 NOTREACHED(); |
148 return; | 183 return; |
149 } | 184 } |
150 | 185 |
151 if (hmac.DigestLength() < tag_length) { | 186 if (tag_length > hmac.DigestLength()) { |
152 NOTREACHED(); | 187 NOTREACHED(); |
153 return; | 188 return; |
154 } | 189 } |
155 | 190 |
| 191 char* auth_tag = rtp + (length - tag_length); |
| 192 |
| 193 // We should have a fake HMAC value @ auth_tag. |
| 194 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length)); |
| 195 |
156 // Copy ROC after end of rtp packet. | 196 // Copy ROC after end of rtp packet. |
157 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, 4); | 197 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, kRocLength); |
158 // Authentication of a RTP packet will have RTP packet + ROC size. | 198 // Authentication of a RTP packet will have RTP packet + ROC size. |
159 int auth_required_length = len - tag_length + 4; | 199 int auth_required_length = length - tag_length + kRocLength; |
160 | 200 |
161 unsigned char output[64]; | 201 unsigned char output[64]; |
162 if (!hmac.Sign(base::StringPiece(rtp, auth_required_length), | 202 if (!hmac.Sign(base::StringPiece(rtp, auth_required_length), |
163 output, sizeof(output))) { | 203 output, sizeof(output))) { |
164 NOTREACHED(); | 204 NOTREACHED(); |
165 return; | 205 return; |
166 } | 206 } |
167 // Copy HMAC from output to packet. This is required as auth tag length | 207 // Copy HMAC from output to packet. This is required as auth tag length |
168 // may not be equal to the actual HMAC length. | 208 // may not be equal to the actual HMAC length. |
169 memcpy(auth_tag, output, tag_length); | 209 memcpy(auth_tag, output, tag_length); |
170 } | 210 } |
171 | 211 |
172 } // namespace | 212 } // namespace |
173 | 213 |
174 namespace content { | 214 namespace content { |
175 | 215 |
176 namespace packet_processing_helpers { | 216 namespace packet_processing_helpers { |
177 | 217 |
178 bool ApplyPacketOptions(char* data, int length, | 218 bool ApplyPacketOptions(char* data, |
| 219 size_t length, |
179 const rtc::PacketOptions& options, | 220 const rtc::PacketOptions& options, |
180 uint32 abs_send_time) { | 221 uint32 abs_send_time) { |
181 DCHECK(data != NULL); | 222 DCHECK(data != NULL); |
182 DCHECK(length > 0); | 223 DCHECK(length > 0); |
183 // if there is no valid |rtp_sendtime_extension_id| and |srtp_auth_key| in | 224 // if there is no valid |rtp_sendtime_extension_id| and |srtp_auth_key| in |
184 // PacketOptions, nothing to be updated in this packet. | 225 // PacketOptions, nothing to be updated in this packet. |
185 if (options.packet_time_params.rtp_sendtime_extension_id == -1 && | 226 if (options.packet_time_params.rtp_sendtime_extension_id == -1 && |
186 options.packet_time_params.srtp_auth_key.empty()) { | 227 options.packet_time_params.srtp_auth_key.empty()) { |
187 return true; | 228 return true; |
188 } | 229 } |
189 | 230 |
190 DCHECK(!IsDtlsPacket(data, length)); | 231 DCHECK(!IsDtlsPacket(data, length)); |
191 DCHECK(!IsRtcpPacket(data)); | 232 DCHECK(!IsRtcpPacket(data, length)); |
192 | 233 |
193 // If there is a srtp auth key present then packet must be a RTP packet. | 234 // If there is a srtp auth key present then packet must be a RTP packet. |
194 // RTP packet may have been wrapped in a TURN Channel Data or | 235 // RTP packet may have been wrapped in a TURN Channel Data or |
195 // TURN send indication. | 236 // TURN send indication. |
196 int rtp_start_pos; | 237 size_t rtp_start_pos; |
197 int rtp_length; | 238 size_t rtp_length; |
198 if (!GetRtpPacketStartPositionAndLength( | 239 if (!GetRtpPacketStartPositionAndLength( |
199 data, length, &rtp_start_pos, &rtp_length)) { | 240 data, length, &rtp_start_pos, &rtp_length)) { |
200 // This method should never return false. | 241 // This method should never return false. |
201 NOTREACHED(); | 242 NOTREACHED(); |
202 return false; | 243 return false; |
203 } | 244 } |
204 | 245 |
205 // Skip to rtp packet. | 246 // Skip to rtp packet. |
206 char* start = data + rtp_start_pos; | 247 char* start = data + rtp_start_pos; |
207 // If packet option has non default value (-1) for sendtime extension id, | 248 // If packet option has non default value (-1) for sendtime extension id, |
208 // then we should parse the rtp packet to update the timestamp. Otherwise | 249 // then we should parse the rtp packet to update the timestamp. Otherwise |
209 // just calculate HMAC and update packet with it. | 250 // just calculate HMAC and update packet with it. |
210 if (options.packet_time_params.rtp_sendtime_extension_id != -1) { | 251 if (options.packet_time_params.rtp_sendtime_extension_id != -1) { |
211 UpdateRtpAbsSendTimeExtn( | 252 UpdateRtpAbsSendTimeExtension( |
212 start, rtp_length, | 253 start, |
213 options.packet_time_params.rtp_sendtime_extension_id, abs_send_time); | 254 rtp_length, |
| 255 options.packet_time_params.rtp_sendtime_extension_id, |
| 256 abs_send_time); |
214 } | 257 } |
215 | 258 |
216 UpdateRtpAuthTag(start, rtp_length, options); | 259 UpdateRtpAuthTag(start, rtp_length, options); |
217 return true; | 260 return true; |
218 } | 261 } |
219 | 262 |
220 bool GetRtpPacketStartPositionAndLength(const char* packet, | 263 bool GetRtpPacketStartPositionAndLength(const char* packet, |
221 int length, | 264 size_t length, |
222 int* rtp_start_pos, | 265 size_t* rtp_start_pos, |
223 int* rtp_packet_length) { | 266 size_t* rtp_packet_length) { |
224 int rtp_begin; | 267 if (length < kMinRtpHeaderLength || length > kMaxRtpPacketLength) { |
225 int rtp_length = 0; | 268 return false; |
226 if (IsTurnChannelData(packet)) { | 269 } |
| 270 |
| 271 size_t rtp_begin; |
| 272 size_t rtp_length = 0; |
| 273 if (IsTurnChannelData(packet, length)) { |
227 // Turn Channel Message header format. | 274 // Turn Channel Message header format. |
228 // 0 1 2 3 | 275 // 0 1 2 3 |
229 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 276 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
230 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 277 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
231 // | Channel Number | Length | | 278 // | Channel Number | Length | |
232 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 279 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
233 // | | | 280 // | | |
234 // / Application Data / | 281 // / Application Data / |
235 // / / | 282 // / / |
236 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 283 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
237 if (length < kTurnChannelHdrLen) { | 284 rtp_begin = kTurnChannelHeaderLength; |
| 285 rtp_length = rtc::GetBE16(&packet[2]); |
| 286 if (length < rtp_length + kTurnChannelHeaderLength) { |
238 return false; | 287 return false; |
239 } | 288 } |
240 | 289 } else if (IsTurnSendIndicationPacket(packet, length)) { |
241 rtp_begin = kTurnChannelHdrLen; | |
242 rtp_length = rtc::GetBE16(&packet[2]); | |
243 if (length < rtp_length + kTurnChannelHdrLen) { | |
244 return false; | |
245 } | |
246 } else if (IsTurnSendIndicationPacket(packet)) { | |
247 if (length <= P2PSocketHost::kStunHeaderSize) { | |
248 // Message must be greater than 20 bytes, if it's carrying any payload. | |
249 return false; | |
250 } | |
251 // Validate STUN message length. | 290 // Validate STUN message length. |
252 int stun_msg_len = rtc::GetBE16(&packet[2]); | 291 const size_t stun_message_length = rtc::GetBE16(&packet[2]); |
253 if (stun_msg_len + P2PSocketHost::kStunHeaderSize != length) { | 292 if (stun_message_length + P2PSocketHost::kStunHeaderSize != length) { |
254 return false; | 293 return false; |
255 } | 294 } |
256 | 295 |
257 // First skip mandatory stun header which is of 20 bytes. | 296 // First skip mandatory stun header which is of 20 bytes. |
258 rtp_begin = P2PSocketHost::kStunHeaderSize; | 297 rtp_begin = P2PSocketHost::kStunHeaderSize; |
259 // Loop through STUN attributes until we find STUN DATA attribute. | 298 // Loop through STUN attributes until we find STUN DATA attribute. |
260 const char* start = packet + rtp_begin; | |
261 bool data_attr_present = false; | 299 bool data_attr_present = false; |
262 while ((packet + rtp_begin) - start < stun_msg_len) { | 300 while (rtp_begin < length) { |
263 // Keep reading STUN attributes until we hit DATA attribute. | 301 // Keep reading STUN attributes until we hit DATA attribute. |
264 // Attribute will be a TLV structure. | 302 // Attribute will be a TLV structure. |
265 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 303 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
266 // | Type | Length | | 304 // | Type | Length | |
267 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 305 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
268 // | Value (variable) .... | 306 // | Value (variable) .... |
269 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 307 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
270 // The value in the length field MUST contain the length of the Value | 308 // The value in the length field MUST contain the length of the Value |
271 // part of the attribute, prior to padding, measured in bytes. Since | 309 // part of the attribute, prior to padding, measured in bytes. Since |
272 // STUN aligns attributes on 32-bit boundaries, attributes whose content | 310 // STUN aligns attributes on 32-bit boundaries, attributes whose content |
273 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of | 311 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of |
274 // padding so that its value contains a multiple of 4 bytes. The | 312 // padding so that its value contains a multiple of 4 bytes. The |
275 // padding bits are ignored, and may be any value. | 313 // padding bits are ignored, and may be any value. |
276 uint16 attr_type, attr_length; | 314 uint16 attr_type, attr_length; |
| 315 const int kAttrHeaderLength = sizeof(attr_type) + sizeof(attr_length); |
| 316 |
| 317 if (length < rtp_begin + kAttrHeaderLength) { |
| 318 return false; |
| 319 } |
| 320 |
277 // Getting attribute type and length. | 321 // Getting attribute type and length. |
278 attr_type = rtc::GetBE16(&packet[rtp_begin]); | 322 attr_type = rtc::GetBE16(&packet[rtp_begin]); |
279 attr_length = rtc::GetBE16( | 323 attr_length = rtc::GetBE16( |
280 &packet[rtp_begin + sizeof(attr_type)]); | 324 &packet[rtp_begin + sizeof(attr_type)]); |
| 325 |
| 326 rtp_begin += kAttrHeaderLength; // Skip STUN_DATA_ATTR header. |
| 327 |
281 // Checking for bogus attribute length. | 328 // Checking for bogus attribute length. |
282 if (length < attr_length + rtp_begin) { | 329 if (length < rtp_begin + attr_length) { |
283 return false; | 330 return false; |
284 } | 331 } |
285 | 332 |
286 if (attr_type != cricket::STUN_ATTR_DATA) { | 333 if (attr_type != cricket::STUN_ATTR_DATA) { |
287 rtp_begin += sizeof(attr_type) + sizeof(attr_length) + attr_length; | 334 rtp_begin += attr_length; |
288 if ((attr_length % 4) != 0) { | 335 if ((attr_length % 4) != 0) { |
289 rtp_begin += (4 - (attr_length % 4)); | 336 rtp_begin += (4 - (attr_length % 4)); |
290 } | 337 } |
291 continue; | 338 continue; |
292 } | 339 } |
293 | 340 |
294 data_attr_present = true; | 341 data_attr_present = true; |
295 rtp_begin += 4; // Skip STUN_DATA_ATTR header. | |
296 rtp_length = attr_length; | 342 rtp_length = attr_length; |
297 // One final check of length before exiting. | 343 |
298 if (length < rtp_length + rtp_begin) { | |
299 return false; | |
300 } | |
301 // We found STUN_DATA_ATTR. We can skip parsing rest of the packet. | 344 // We found STUN_DATA_ATTR. We can skip parsing rest of the packet. |
302 break; | 345 break; |
303 } | 346 } |
304 | 347 |
305 if (!data_attr_present) { | 348 if (!data_attr_present) { |
306 // There is no data attribute present in the message. We can't do anything | 349 // There is no data attribute present in the message. We can't do anything |
307 // with the message. | 350 // with the message. |
308 return false; | 351 return false; |
309 } | 352 } |
310 | 353 |
311 } else { | 354 } else { |
312 // This is a raw RTP packet. | 355 // This is a raw RTP packet. |
313 rtp_begin = 0; | 356 rtp_begin = 0; |
314 rtp_length = length; | 357 rtp_length = length; |
315 } | 358 } |
316 | 359 |
317 // Making sure we have a valid RTP packet at the end. | 360 // Making sure we have a valid RTP packet at the end. |
318 if ((rtp_length >= kMinRtpHdrLen) && | 361 if (IsRtpPacket(packet + rtp_begin, rtp_length) && |
319 IsRtpPacket(packet + rtp_begin, rtp_length) && | |
320 ValidateRtpHeader(packet + rtp_begin, rtp_length, NULL)) { | 362 ValidateRtpHeader(packet + rtp_begin, rtp_length, NULL)) { |
321 *rtp_start_pos = rtp_begin; | 363 *rtp_start_pos = rtp_begin; |
322 *rtp_packet_length = rtp_length; | 364 *rtp_packet_length = rtp_length; |
323 return true; | 365 return true; |
324 } | 366 } |
325 return false; | 367 return false; |
326 } | 368 } |
327 | 369 |
328 // ValidateRtpHeader must be called before this method to make sure, we have | 370 // ValidateRtpHeader must be called before this method to make sure, we have |
329 // a sane rtp packet. | 371 // a sane rtp packet. |
330 bool UpdateRtpAbsSendTimeExtn(char* rtp, int length, | 372 bool UpdateRtpAbsSendTimeExtension(char* rtp, |
331 int extension_id, uint32 abs_send_time) { | 373 size_t length, |
| 374 int extension_id, |
| 375 uint32 abs_send_time) { |
332 // 0 1 2 3 | 376 // 0 1 2 3 |
333 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 377 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
334 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 378 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
335 // |V=2|P|X| CC |M| PT | sequence number | | 379 // |V=2|P|X| CC |M| PT | sequence number | |
336 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 380 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
337 // | timestamp | | 381 // | timestamp | |
338 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 382 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
339 // | synchronization source (SSRC) identifier | | 383 // | synchronization source (SSRC) identifier | |
340 // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | 384 // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
341 // | contributing source (CSRC) identifiers | | 385 // | contributing source (CSRC) identifiers | |
342 // | .... | | 386 // | .... | |
343 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 387 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
344 | 388 |
345 // Return if extension bit is not set. | 389 // Return if extension bit is not set. |
346 if (!(rtp[0] & 0x10)) { | 390 if (!(rtp[0] & 0x10)) { |
347 return true; | 391 return true; |
348 } | 392 } |
349 | 393 |
350 int cc_count = rtp[0] & 0x0F; | 394 size_t cc_count = rtp[0] & 0x0F; |
351 int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count; | 395 size_t header_length_without_extension = kMinRtpHeaderLength + 4 * cc_count; |
352 | 396 |
353 rtp += rtp_hdr_len_without_extn; | 397 rtp += header_length_without_extension; |
354 | 398 |
355 // Getting extension profile ID and length. | 399 // Getting extension profile ID and length. |
356 uint16 profile_id = rtc::GetBE16(rtp); | 400 uint16 profile_id = rtc::GetBE16(rtp); |
357 // Length is in 32 bit words. | 401 // Length is in 32 bit words. |
358 uint16 extn_length = rtc::GetBE16(rtp + 2) * 4; | 402 uint16 extension_length_in_32bits = rtc::GetBE16(rtp + 2); |
| 403 size_t extension_length = extension_length_in_32bits * 4; |
359 | 404 |
360 rtp += kRtpExtnHdrLen; // Moving past extn header. | 405 rtp += kRtpExtensionHeaderLength; // Moving past extension header. |
361 | 406 |
362 bool found = false; | 407 bool found = false; |
363 // WebRTC is using one byte header extension. | 408 // WebRTC is using one byte header extension. |
364 // TODO(mallinath) - Handle two byte header extension. | 409 // TODO(mallinath) - Handle two byte header extension. |
365 if (profile_id == 0xBEDE) { // OneByte extension header | 410 if (profile_id == 0xBEDE) { // OneByte extension header |
366 // 0 | 411 // 0 |
367 // 0 1 2 3 4 5 6 7 | 412 // 0 1 2 3 4 5 6 7 |
368 // +-+-+-+-+-+-+-+-+ | 413 // +-+-+-+-+-+-+-+-+ |
369 // | ID | len | | 414 // | ID |length | |
370 // +-+-+-+-+-+-+-+-+ | 415 // +-+-+-+-+-+-+-+-+ |
371 | 416 |
372 // 0 1 2 3 | 417 // 0 1 2 3 |
373 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 418 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
374 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 419 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
375 // | 0xBE | 0xDE | length=3 | | 420 // | 0xBE | 0xDE | length=3 | |
376 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 421 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
377 // | ID | L=0 | data | ID | L=1 | data... | 422 // | ID | L=0 | data | ID | L=1 | data... |
378 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 423 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
379 // ...data | 0 (pad) | 0 (pad) | ID | L=3 | | 424 // ...data | 0 (pad) | 0 (pad) | ID | L=3 | |
380 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 425 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
381 // | data | | 426 // | data | |
382 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 427 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
383 char* extn_start = rtp; | 428 const char* extension_start = rtp; |
384 while (rtp - extn_start < extn_length) { | 429 const char* extension_end = extension_start + extension_length; |
| 430 |
| 431 while (rtp < extension_end) { |
385 const int id = (*rtp & 0xF0) >> 4; | 432 const int id = (*rtp & 0xF0) >> 4; |
386 const int len = (*rtp & 0x0F) + 1; | 433 const size_t length = (*rtp & 0x0F) + 1; |
| 434 if (rtp + kOneByteHeaderLength + length > extension_end) { |
| 435 return false; |
| 436 } |
387 // The 4-bit length is the number minus one of data bytes of this header | 437 // The 4-bit length is the number minus one of data bytes of this header |
388 // extension element following the one-byte header. | 438 // extension element following the one-byte header. |
389 if (id == extension_id) { | 439 if (id == extension_id) { |
390 UpdateAbsSendTimeExtnValue(rtp + kOneByteHdrLen, len, abs_send_time); | 440 UpdateAbsSendTimeExtensionValue( |
| 441 rtp + kOneByteHeaderLength, length, abs_send_time); |
391 found = true; | 442 found = true; |
392 break; | 443 break; |
393 } | 444 } |
394 rtp += kOneByteHdrLen + len; | 445 rtp += kOneByteHeaderLength + length; |
395 // Counting padding bytes. | 446 // Counting padding bytes. |
396 while ((*rtp == 0) && (rtp - extn_start < extn_length)) { | 447 while ((rtp < extension_end) && (*rtp == 0)) { |
397 ++rtp; | 448 ++rtp; |
398 } | 449 } |
399 } | 450 } |
400 } | 451 } |
401 return found; | 452 return found; |
402 } | 453 } |
403 | 454 |
404 } // packet_processing_helpers | 455 } // packet_processing_helpers |
405 | 456 |
406 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender, int socket_id) | 457 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender, int socket_id) |
407 : message_sender_(message_sender), | 458 : message_sender_(message_sender), |
408 id_(socket_id), | 459 id_(socket_id), |
409 state_(STATE_UNINITIALIZED), | 460 state_(STATE_UNINITIALIZED), |
410 dump_incoming_rtp_packet_(false), | 461 dump_incoming_rtp_packet_(false), |
411 dump_outgoing_rtp_packet_(false), | 462 dump_outgoing_rtp_packet_(false), |
412 weak_ptr_factory_(this) { | 463 weak_ptr_factory_(this) { |
413 } | 464 } |
414 | 465 |
415 P2PSocketHost::~P2PSocketHost() { } | 466 P2PSocketHost::~P2PSocketHost() { } |
416 | 467 |
417 // Verifies that the packet |data| has a valid STUN header. | 468 // Verifies that the packet |data| has a valid STUN header. |
418 // static | 469 // static |
419 bool P2PSocketHost::GetStunPacketType( | 470 bool P2PSocketHost::GetStunPacketType( |
420 const char* data, int data_size, StunMessageType* type) { | 471 const char* data, int data_size, StunMessageType* type) { |
421 | 472 |
422 if (data_size < kStunHeaderSize) | 473 if (data_size < kStunHeaderSize) { |
423 return false; | 474 return false; |
| 475 } |
424 | 476 |
425 uint32 cookie = base::NetToHost32(*reinterpret_cast<const uint32*>(data + 4)); | 477 uint32 cookie = base::NetToHost32(*reinterpret_cast<const uint32*>(data + 4)); |
426 if (cookie != kStunMagicCookie) | 478 if (cookie != kStunMagicCookie) { |
427 return false; | 479 return false; |
| 480 } |
428 | 481 |
429 uint16 length = base::NetToHost16(*reinterpret_cast<const uint16*>(data + 2)); | 482 uint16 length = base::NetToHost16(*reinterpret_cast<const uint16*>(data + 2)); |
430 if (length != data_size - kStunHeaderSize) | 483 if (length != data_size - kStunHeaderSize) { |
431 return false; | 484 return false; |
| 485 } |
432 | 486 |
433 int message_type = base::NetToHost16(*reinterpret_cast<const uint16*>(data)); | 487 int message_type = base::NetToHost16(*reinterpret_cast<const uint16*>(data)); |
434 | 488 |
435 // Verify that the type is known: | 489 // Verify that the type is known: |
436 switch (message_type) { | 490 switch (message_type) { |
437 case STUN_BINDING_REQUEST: | 491 case STUN_BINDING_REQUEST: |
438 case STUN_BINDING_RESPONSE: | 492 case STUN_BINDING_RESPONSE: |
439 case STUN_BINDING_ERROR_RESPONSE: | 493 case STUN_BINDING_ERROR_RESPONSE: |
440 case STUN_SHARED_SECRET_REQUEST: | 494 case STUN_SHARED_SECRET_REQUEST: |
441 case STUN_SHARED_SECRET_RESPONSE: | 495 case STUN_SHARED_SECRET_RESPONSE: |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
495 } | 549 } |
496 | 550 |
497 void P2PSocketHost::StartRtpDump( | 551 void P2PSocketHost::StartRtpDump( |
498 bool incoming, | 552 bool incoming, |
499 bool outgoing, | 553 bool outgoing, |
500 const RenderProcessHost::WebRtcRtpPacketCallback& packet_callback) { | 554 const RenderProcessHost::WebRtcRtpPacketCallback& packet_callback) { |
501 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 555 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
502 DCHECK(!packet_callback.is_null()); | 556 DCHECK(!packet_callback.is_null()); |
503 DCHECK(incoming || outgoing); | 557 DCHECK(incoming || outgoing); |
504 | 558 |
505 if (incoming) | 559 if (incoming) { |
506 dump_incoming_rtp_packet_ = true; | 560 dump_incoming_rtp_packet_ = true; |
| 561 } |
507 | 562 |
508 if (outgoing) | 563 if (outgoing) { |
509 dump_outgoing_rtp_packet_ = true; | 564 dump_outgoing_rtp_packet_ = true; |
| 565 } |
510 | 566 |
511 packet_dump_callback_ = packet_callback; | 567 packet_dump_callback_ = packet_callback; |
512 } | 568 } |
513 | 569 |
514 void P2PSocketHost::StopRtpDump(bool incoming, bool outgoing) { | 570 void P2PSocketHost::StopRtpDump(bool incoming, bool outgoing) { |
515 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 571 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
516 DCHECK(incoming || outgoing); | 572 DCHECK(incoming || outgoing); |
517 | 573 |
518 if (incoming) | 574 if (incoming) { |
519 dump_incoming_rtp_packet_ = false; | 575 dump_incoming_rtp_packet_ = false; |
| 576 } |
520 | 577 |
521 if (outgoing) | 578 if (outgoing) { |
522 dump_outgoing_rtp_packet_ = false; | 579 dump_outgoing_rtp_packet_ = false; |
| 580 } |
523 | 581 |
524 if (!dump_incoming_rtp_packet_ && !dump_outgoing_rtp_packet_) | 582 if (!dump_incoming_rtp_packet_ && !dump_outgoing_rtp_packet_) { |
525 packet_dump_callback_.Reset(); | 583 packet_dump_callback_.Reset(); |
| 584 } |
526 } | 585 } |
527 | 586 |
528 void P2PSocketHost::DumpRtpPacket(const char* packet, | 587 void P2PSocketHost::DumpRtpPacket(const char* packet, |
529 size_t length, | 588 size_t length, |
530 bool incoming) { | 589 bool incoming) { |
531 if (IsDtlsPacket(packet, length) || IsRtcpPacket(packet)) | 590 if (IsDtlsPacket(packet, length) || IsRtcpPacket(packet, length)) { |
532 return; | 591 return; |
| 592 } |
533 | 593 |
534 int rtp_packet_pos = 0; | 594 size_t rtp_packet_pos = 0; |
535 int rtp_packet_length = length; | 595 size_t rtp_packet_length = length; |
536 if (!packet_processing_helpers::GetRtpPacketStartPositionAndLength( | 596 if (!packet_processing_helpers::GetRtpPacketStartPositionAndLength( |
537 packet, length, &rtp_packet_pos, &rtp_packet_length)) | 597 packet, length, &rtp_packet_pos, &rtp_packet_length)) { |
538 return; | 598 return; |
| 599 } |
539 | 600 |
540 packet += rtp_packet_pos; | 601 packet += rtp_packet_pos; |
541 | 602 |
542 size_t header_length = 0; | 603 size_t header_length = 0; |
543 bool valid = ValidateRtpHeader(packet, rtp_packet_length, &header_length); | 604 bool valid = ValidateRtpHeader(packet, rtp_packet_length, &header_length); |
544 if (!valid) { | 605 if (!valid) { |
545 DCHECK(false); | 606 DCHECK(false); |
546 return; | 607 return; |
547 } | 608 } |
548 | 609 |
(...skipping 28 matching lines...) Expand all Loading... |
577 BrowserThread::PostTask(BrowserThread::UI, | 638 BrowserThread::PostTask(BrowserThread::UI, |
578 FROM_HERE, | 639 FROM_HERE, |
579 base::Bind(packet_dump_callback_, | 640 base::Bind(packet_dump_callback_, |
580 Passed(&packet_header), | 641 Passed(&packet_header), |
581 header_length, | 642 header_length, |
582 packet_length, | 643 packet_length, |
583 incoming)); | 644 incoming)); |
584 } | 645 } |
585 | 646 |
586 } // namespace content | 647 } // namespace content |
OLD | NEW |