OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/renderer_host/p2p/socket_host.h" | 5 #include "content/browser/renderer_host/p2p/socket_host.h" |
6 | 6 |
7 #include "base/sys_byteorder.h" | 7 #include "base/sys_byteorder.h" |
8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" | 8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" |
9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h" | 9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h" |
10 #include "content/browser/renderer_host/p2p/socket_host_udp.h" | 10 #include "content/browser/renderer_host/p2p/socket_host_udp.h" |
11 #include "content/browser/renderer_host/render_process_host_impl.h" | 11 #include "content/browser/renderer_host/render_process_host_impl.h" |
12 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
13 #include "crypto/hmac.h" | 13 #include "crypto/hmac.h" |
14 #include "third_party/libjingle/source/talk/p2p/base/stun.h" | 14 #include "third_party/libjingle/source/talk/p2p/base/stun.h" |
15 #include "third_party/webrtc/base/asyncpacketsocket.h" | 15 #include "third_party/webrtc/base/asyncpacketsocket.h" |
16 #include "third_party/webrtc/base/byteorder.h" | 16 #include "third_party/webrtc/base/byteorder.h" |
17 #include "third_party/webrtc/base/messagedigest.h" | 17 #include "third_party/webrtc/base/messagedigest.h" |
18 | 18 |
19 namespace { | 19 namespace { |
20 | 20 |
21 const uint32 kStunMagicCookie = 0x2112A442; | 21 const uint32 kStunMagicCookie = 0x2112A442; |
22 const int kMinRtpHdrLen = 12; | 22 const size_t kMinRtpHdrLen = 12; |
Sergey Ulanov
2014/09/23 18:38:08
Not related to this CL (feel free to ignore): Ths
jiayl
2014/09/23 19:59:30
Done.
| |
23 const int kRtpExtnHdrLen = 4; | 23 const size_t kMinRtcpHdrLen = 8; |
24 const int kDtlsRecordHeaderLen = 13; | 24 const size_t kRtpExtnHdrLen = 4; |
25 const int kTurnChannelHdrLen = 4; | 25 const size_t kDtlsRecordHeaderLen = 13; |
26 const int kAbsSendTimeExtnLen = 3; | 26 const size_t kTurnChannelHdrLen = 4; |
27 const int kOneByteHdrLen = 1; | 27 const size_t kAbsSendTimeExtnLen = 3; |
28 const size_t kOneByteHdrLen = 1; | |
29 const size_t kMaxRtpPacketLen = 2048; | |
28 | 30 |
29 // Fake auth tag written by the render process if external authentication is | 31 // Fake auth tag written by the render process if external authentication is |
30 // enabled. HMAC in packet will be compared against this value before updating | 32 // enabled. HMAC in packet will be compared against this value before updating |
31 // packet with actual HMAC value. | 33 // packet with actual HMAC value. |
32 static const unsigned char kFakeAuthTag[10] = { | 34 static const unsigned char kFakeAuthTag[10] = { |
33 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd | 35 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd |
34 }; | 36 }; |
35 | 37 |
36 bool IsTurnChannelData(const char* data) { | 38 bool IsTurnChannelData(const char* data, size_t len) { |
Sergey Ulanov
2014/09/23 18:38:08
nit: there is some |len| and some |length| in this
jiayl
2014/09/23 19:59:30
Done.
| |
37 return ((*data & 0xC0) == 0x40); | 39 return len >= kTurnChannelHdrLen && ((*data & 0xC0) == 0x40); |
38 } | 40 } |
39 | 41 |
40 bool IsDtlsPacket(const char* data, int len) { | 42 bool IsDtlsPacket(const char* data, size_t len) { |
41 const uint8* u = reinterpret_cast<const uint8*>(data); | 43 const uint8* u = reinterpret_cast<const uint8*>(data); |
42 return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64)); | 44 return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64)); |
43 } | 45 } |
44 | 46 |
45 bool IsRtcpPacket(const char* data) { | 47 bool IsRtcpPacket(const char* data, size_t len) { |
48 if (len < kMinRtcpHdrLen) | |
Sergey Ulanov
2014/09/23 18:38:08
nit: Add {} or remove them for all other single-li
jiayl
2014/09/23 19:59:30
Done.
| |
49 return false; | |
50 | |
46 int type = (static_cast<uint8>(data[1]) & 0x7F); | 51 int type = (static_cast<uint8>(data[1]) & 0x7F); |
47 return (type >= 64 && type < 96); | 52 return (type >= 64 && type < 96); |
48 } | 53 } |
49 | 54 |
50 bool IsTurnSendIndicationPacket(const char* data) { | 55 bool IsTurnSendIndicationPacket(const char* data, size_t len) { |
56 if (len < content::P2PSocketHost::kStunHeaderSize) | |
57 return false; | |
58 | |
51 uint16 type = rtc::GetBE16(data); | 59 uint16 type = rtc::GetBE16(data); |
52 return (type == cricket::TURN_SEND_INDICATION); | 60 return (type == cricket::TURN_SEND_INDICATION); |
53 } | 61 } |
54 | 62 |
55 bool IsRtpPacket(const char* data, int len) { | 63 bool IsRtpPacket(const char* data, size_t len) { |
56 return ((*data & 0xC0) == 0x80); | 64 return ((*data & 0xC0) == 0x80); |
57 } | 65 } |
58 | 66 |
59 // Verifies rtp header and message length. | 67 // Verifies rtp header and message length. |
60 bool ValidateRtpHeader(const char* rtp, int length, size_t* header_length) { | 68 bool ValidateRtpHeader(const char* rtp, size_t length, size_t* header_length) { |
61 if (header_length) | 69 if (header_length) |
62 *header_length = 0; | 70 *header_length = 0; |
63 | 71 |
64 int cc_count = rtp[0] & 0x0F; | 72 size_t cc_count = rtp[0] & 0x0F; |
Sergey Ulanov
2014/09/23 18:38:08
Do you need to verify that length > 0 before readi
palmer
2014/09/23 18:57:32
Yes, and probably in |IsRtpPacket|, too.
I almost
jiayl
2014/09/23 19:59:30
Done length check.
I don't think we should check
| |
65 int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count; | 73 size_t rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count; |
66 if (rtp_hdr_len_without_extn > length) { | 74 if (rtp_hdr_len_without_extn > length) { |
67 return false; | 75 return false; |
68 } | 76 } |
69 | 77 |
70 // If extension bit is not set, we are done with header processing, as input | 78 // If extension bit is not set, we are done with header processing, as input |
71 // length is verified above. | 79 // length is verified above. |
72 if (!(rtp[0] & 0x10)) { | 80 if (!(rtp[0] & 0x10)) { |
73 if (header_length) | 81 if (header_length) |
74 *header_length = rtp_hdr_len_without_extn; | 82 *header_length = rtp_hdr_len_without_extn; |
palmer
2014/09/23 18:57:32
Nit: Also a hard-to-read name. I'd go with somethi
jiayl
2014/09/23 19:59:30
Done.
| |
75 | 83 |
76 return true; | 84 return true; |
77 } | 85 } |
78 | 86 |
79 rtp += rtp_hdr_len_without_extn; | 87 rtp += rtp_hdr_len_without_extn; |
80 | 88 |
89 if (rtp_hdr_len_without_extn + kRtpExtnHdrLen > length) { | |
90 return false; | |
91 } | |
92 | |
81 // Getting extension profile length. | 93 // Getting extension profile length. |
82 // Length is in 32 bit words. | 94 // Length is in 32 bit words. |
83 uint16 extn_length = rtc::GetBE16(rtp + 2) * 4; | 95 uint16 extn_len_32bit_words = rtc::GetBE16(rtp + 2); |
palmer
2014/09/23 18:57:31
Nit: Again, standardize on |...length| rather than
jiayl
2014/09/23 19:59:31
Done.
| |
96 size_t extn_length = extn_len_32bit_words * 4; | |
97 | |
98 size_t rtp_header_length = | |
99 extn_length + rtp_hdr_len_without_extn + kRtpExtnHdrLen; | |
84 | 100 |
85 // Verify input length against total header size. | 101 // Verify input length against total header size. |
86 if (rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length > length) { | 102 if (rtp_header_length > length) { |
87 return false; | 103 return false; |
88 } | 104 } |
89 | 105 |
90 if (header_length) | 106 if (header_length) |
Sergey Ulanov
2014/09/23 18:38:08
nit: add {}
jiayl
2014/09/23 19:59:31
Done.
| |
91 *header_length = rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length; | 107 *header_length = rtp_header_length; |
92 return true; | 108 return true; |
93 } | 109 } |
94 | 110 |
95 void UpdateAbsSendTimeExtnValue(char* extn_data, int len, | 111 void UpdateAbsSendTimeExtnValue(char* extn_data, size_t len, |
96 uint32 abs_send_time) { | 112 uint32 abs_send_time) { |
97 // Absolute send time in RTP streams. | 113 // Absolute send time in RTP streams. |
98 // | 114 // |
99 // The absolute send time is signaled to the receiver in-band using the | 115 // The absolute send time is signaled to the receiver in-band using the |
100 // general mechanism for RTP header extensions [RFC5285]. The payload | 116 // general mechanism for RTP header extensions [RFC5285]. The payload |
101 // of this extension (the transmitted value) is a 24-bit unsigned integer | 117 // of this extension (the transmitted value) is a 24-bit unsigned integer |
102 // containing the sender's current time in seconds as a fixed point number | 118 // containing the sender's current time in seconds as a fixed point number |
103 // with 18 bits fractional part. | 119 // with 18 bits fractional part. |
104 // | 120 // |
105 // The form of the absolute send time extension block: | 121 // The form of the absolute send time extension block: |
106 // | 122 // |
107 // 0 1 2 3 | 123 // 0 1 2 3 |
108 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 124 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
109 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 125 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
110 // | ID | len=2 | absolute send time | | 126 // | ID | len=2 | absolute send time | |
111 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 127 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
112 DCHECK_EQ(len, kAbsSendTimeExtnLen); | 128 if (len != kAbsSendTimeExtnLen) { |
129 NOTREACHED(); | |
130 return; | |
131 } | |
132 | |
113 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to | 133 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to |
114 // use it unless necessary, as it is expensive than Now(). | 134 // use it unless necessary, as it is expensive than Now(). |
115 uint32 now_second = abs_send_time; | 135 uint32 now_second = abs_send_time; |
116 if (!now_second) { | 136 if (!now_second) { |
117 uint64 now_us = | 137 uint64 now_us = |
118 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds(); | 138 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds(); |
119 // Convert second to 24-bit unsigned with 18 bit fractional part | 139 // Convert second to 24-bit unsigned with 18 bit fractional part |
120 now_second = | 140 now_second = |
121 ((now_us << 18) / base::Time::kMicrosecondsPerSecond) & 0x00FFFFFF; | 141 ((now_us << 18) / base::Time::kMicrosecondsPerSecond) & 0x00FFFFFF; |
122 } | 142 } |
123 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle. | 143 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle. |
124 extn_data[0] = static_cast<uint8>(now_second >> 16); | 144 extn_data[0] = static_cast<uint8>(now_second >> 16); |
125 extn_data[1] = static_cast<uint8>(now_second >> 8); | 145 extn_data[1] = static_cast<uint8>(now_second >> 8); |
126 extn_data[2] = static_cast<uint8>(now_second); | 146 extn_data[2] = static_cast<uint8>(now_second); |
127 } | 147 } |
128 | 148 |
129 // Assumes |len| is actual packet length + tag length. Updates HMAC at end of | 149 // Assumes |len| is actual packet length + tag length. Updates HMAC at end of |
130 // the RTP packet. | 150 // the RTP packet. |
131 void UpdateRtpAuthTag(char* rtp, int len, | 151 void UpdateRtpAuthTag(char* rtp, size_t len, |
132 const rtc::PacketOptions& options) { | 152 const rtc::PacketOptions& options) { |
133 // If there is no key, return. | 153 // If there is no key, return. |
134 if (options.packet_time_params.srtp_auth_key.empty()) | 154 if (options.packet_time_params.srtp_auth_key.empty()) |
135 return; | 155 return; |
136 | 156 |
137 size_t tag_length = options.packet_time_params.srtp_auth_tag_len; | 157 size_t tag_length = options.packet_time_params.srtp_auth_tag_len; |
138 char* auth_tag = rtp + (len - tag_length); | |
139 | 158 |
140 // We should have a fake HMAC value @ auth_tag. | 159 const size_t kRocLength = 4; |
Sergey Ulanov
2014/09/23 18:38:08
What is Roc?
jiayl
2014/09/23 19:59:31
Added a comment.
| |
141 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length)); | 160 if (tag_length < kRocLength || tag_length > len) { |
161 NOTREACHED(); | |
162 return; | |
163 } | |
142 | 164 |
143 crypto::HMAC hmac(crypto::HMAC::SHA1); | 165 crypto::HMAC hmac(crypto::HMAC::SHA1); |
144 if (!hmac.Init(reinterpret_cast<const unsigned char*>( | 166 if (!hmac.Init(reinterpret_cast<const unsigned char*>( |
145 &options.packet_time_params.srtp_auth_key[0]), | 167 &options.packet_time_params.srtp_auth_key[0]), |
146 options.packet_time_params.srtp_auth_key.size())) { | 168 options.packet_time_params.srtp_auth_key.size())) { |
147 NOTREACHED(); | 169 NOTREACHED(); |
148 return; | 170 return; |
149 } | 171 } |
150 | 172 |
151 if (hmac.DigestLength() < tag_length) { | 173 if (tag_length > hmac.DigestLength()) { |
152 NOTREACHED(); | 174 NOTREACHED(); |
153 return; | 175 return; |
154 } | 176 } |
155 | 177 |
178 char* auth_tag = rtp + (len - tag_length); | |
179 | |
180 // We should have a fake HMAC value @ auth_tag. | |
181 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length)); | |
182 | |
156 // Copy ROC after end of rtp packet. | 183 // Copy ROC after end of rtp packet. |
157 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, 4); | 184 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, kRocLength); |
158 // Authentication of a RTP packet will have RTP packet + ROC size. | 185 // Authentication of a RTP packet will have RTP packet + ROC size. |
159 int auth_required_length = len - tag_length + 4; | 186 int auth_required_length = len - tag_length + kRocLength; |
160 | 187 |
161 unsigned char output[64]; | 188 unsigned char output[64]; |
162 if (!hmac.Sign(base::StringPiece(rtp, auth_required_length), | 189 if (!hmac.Sign(base::StringPiece(rtp, auth_required_length), |
163 output, sizeof(output))) { | 190 output, sizeof(output))) { |
164 NOTREACHED(); | 191 NOTREACHED(); |
165 return; | 192 return; |
166 } | 193 } |
167 // Copy HMAC from output to packet. This is required as auth tag length | 194 // Copy HMAC from output to packet. This is required as auth tag length |
168 // may not be equal to the actual HMAC length. | 195 // may not be equal to the actual HMAC length. |
169 memcpy(auth_tag, output, tag_length); | 196 memcpy(auth_tag, output, tag_length); |
170 } | 197 } |
171 | 198 |
172 } // namespace | 199 } // namespace |
173 | 200 |
174 namespace content { | 201 namespace content { |
175 | 202 |
176 namespace packet_processing_helpers { | 203 namespace packet_processing_helpers { |
177 | 204 |
178 bool ApplyPacketOptions(char* data, int length, | 205 bool ApplyPacketOptions(char* data, size_t length, |
179 const rtc::PacketOptions& options, | 206 const rtc::PacketOptions& options, |
180 uint32 abs_send_time) { | 207 uint32 abs_send_time) { |
181 DCHECK(data != NULL); | 208 DCHECK(data != NULL); |
182 DCHECK(length > 0); | 209 DCHECK(length > 0); |
183 // if there is no valid |rtp_sendtime_extension_id| and |srtp_auth_key| in | 210 // if there is no valid |rtp_sendtime_extension_id| and |srtp_auth_key| in |
184 // PacketOptions, nothing to be updated in this packet. | 211 // PacketOptions, nothing to be updated in this packet. |
185 if (options.packet_time_params.rtp_sendtime_extension_id == -1 && | 212 if (options.packet_time_params.rtp_sendtime_extension_id == -1 && |
186 options.packet_time_params.srtp_auth_key.empty()) { | 213 options.packet_time_params.srtp_auth_key.empty()) { |
187 return true; | 214 return true; |
188 } | 215 } |
189 | 216 |
190 DCHECK(!IsDtlsPacket(data, length)); | 217 DCHECK(!IsDtlsPacket(data, length)); |
191 DCHECK(!IsRtcpPacket(data)); | 218 DCHECK(!IsRtcpPacket(data, length)); |
192 | 219 |
193 // If there is a srtp auth key present then packet must be a RTP packet. | 220 // If there is a srtp auth key present then packet must be a RTP packet. |
194 // RTP packet may have been wrapped in a TURN Channel Data or | 221 // RTP packet may have been wrapped in a TURN Channel Data or |
195 // TURN send indication. | 222 // TURN send indication. |
196 int rtp_start_pos; | 223 size_t rtp_start_pos; |
197 int rtp_length; | 224 size_t rtp_length; |
198 if (!GetRtpPacketStartPositionAndLength( | 225 if (!GetRtpPacketStartPositionAndLength( |
199 data, length, &rtp_start_pos, &rtp_length)) { | 226 data, length, &rtp_start_pos, &rtp_length)) { |
200 // This method should never return false. | 227 // This method should never return false. |
201 NOTREACHED(); | 228 NOTREACHED(); |
202 return false; | 229 return false; |
203 } | 230 } |
204 | 231 |
205 // Skip to rtp packet. | 232 // Skip to rtp packet. |
206 char* start = data + rtp_start_pos; | 233 char* start = data + rtp_start_pos; |
207 // If packet option has non default value (-1) for sendtime extension id, | 234 // If packet option has non default value (-1) for sendtime extension id, |
208 // then we should parse the rtp packet to update the timestamp. Otherwise | 235 // then we should parse the rtp packet to update the timestamp. Otherwise |
209 // just calculate HMAC and update packet with it. | 236 // just calculate HMAC and update packet with it. |
210 if (options.packet_time_params.rtp_sendtime_extension_id != -1) { | 237 if (options.packet_time_params.rtp_sendtime_extension_id != -1) { |
211 UpdateRtpAbsSendTimeExtn( | 238 UpdateRtpAbsSendTimeExtn( |
212 start, rtp_length, | 239 start, rtp_length, |
213 options.packet_time_params.rtp_sendtime_extension_id, abs_send_time); | 240 options.packet_time_params.rtp_sendtime_extension_id, abs_send_time); |
214 } | 241 } |
215 | 242 |
216 UpdateRtpAuthTag(start, rtp_length, options); | 243 UpdateRtpAuthTag(start, rtp_length, options); |
217 return true; | 244 return true; |
218 } | 245 } |
219 | 246 |
220 bool GetRtpPacketStartPositionAndLength(const char* packet, | 247 bool GetRtpPacketStartPositionAndLength(const char* packet, |
221 int length, | 248 size_t length, |
222 int* rtp_start_pos, | 249 size_t* rtp_start_pos, |
223 int* rtp_packet_length) { | 250 size_t* rtp_packet_length) { |
224 int rtp_begin; | 251 if (length < kMinRtpHdrLen || length > kMaxRtpPacketLen) |
225 int rtp_length = 0; | 252 return false; |
226 if (IsTurnChannelData(packet)) { | 253 |
254 size_t rtp_begin; | |
255 size_t rtp_length = 0; | |
256 if (IsTurnChannelData(packet, length)) { | |
227 // Turn Channel Message header format. | 257 // Turn Channel Message header format. |
228 // 0 1 2 3 | 258 // 0 1 2 3 |
229 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 259 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
230 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 260 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
231 // | Channel Number | Length | | 261 // | Channel Number | Length | |
232 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 262 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
233 // | | | 263 // | | |
234 // / Application Data / | 264 // / Application Data / |
235 // / / | 265 // / / |
236 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 266 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
237 if (length < kTurnChannelHdrLen) { | |
238 return false; | |
239 } | |
240 | |
241 rtp_begin = kTurnChannelHdrLen; | 267 rtp_begin = kTurnChannelHdrLen; |
242 rtp_length = rtc::GetBE16(&packet[2]); | 268 rtp_length = rtc::GetBE16(&packet[2]); |
243 if (length < rtp_length + kTurnChannelHdrLen) { | 269 if (length < rtp_length + kTurnChannelHdrLen) { |
244 return false; | 270 return false; |
245 } | 271 } |
246 } else if (IsTurnSendIndicationPacket(packet)) { | 272 } else if (IsTurnSendIndicationPacket(packet, length)) { |
247 if (length <= P2PSocketHost::kStunHeaderSize) { | |
248 // Message must be greater than 20 bytes, if it's carrying any payload. | |
249 return false; | |
250 } | |
251 // Validate STUN message length. | 273 // Validate STUN message length. |
252 int stun_msg_len = rtc::GetBE16(&packet[2]); | 274 size_t stun_msg_len = rtc::GetBE16(&packet[2]); |
253 if (stun_msg_len + P2PSocketHost::kStunHeaderSize != length) { | 275 if (stun_msg_len + P2PSocketHost::kStunHeaderSize != length) { |
254 return false; | 276 return false; |
255 } | 277 } |
256 | 278 |
257 // First skip mandatory stun header which is of 20 bytes. | 279 // First skip mandatory stun header which is of 20 bytes. |
258 rtp_begin = P2PSocketHost::kStunHeaderSize; | 280 rtp_begin = P2PSocketHost::kStunHeaderSize; |
259 // Loop through STUN attributes until we find STUN DATA attribute. | 281 // Loop through STUN attributes until we find STUN DATA attribute. |
260 const char* start = packet + rtp_begin; | 282 const char* start = packet + rtp_begin; |
261 bool data_attr_present = false; | 283 bool data_attr_present = false; |
262 while ((packet + rtp_begin) - start < stun_msg_len) { | 284 while (packet + rtp_begin < start + stun_msg_len) { |
263 // Keep reading STUN attributes until we hit DATA attribute. | 285 // Keep reading STUN attributes until we hit DATA attribute. |
264 // Attribute will be a TLV structure. | 286 // Attribute will be a TLV structure. |
265 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 287 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
266 // | Type | Length | | 288 // | Type | Length | |
267 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 289 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
268 // | Value (variable) .... | 290 // | Value (variable) .... |
269 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 291 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
270 // The value in the length field MUST contain the length of the Value | 292 // The value in the length field MUST contain the length of the Value |
271 // part of the attribute, prior to padding, measured in bytes. Since | 293 // part of the attribute, prior to padding, measured in bytes. Since |
272 // STUN aligns attributes on 32-bit boundaries, attributes whose content | 294 // STUN aligns attributes on 32-bit boundaries, attributes whose content |
273 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of | 295 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of |
274 // padding so that its value contains a multiple of 4 bytes. The | 296 // padding so that its value contains a multiple of 4 bytes. The |
275 // padding bits are ignored, and may be any value. | 297 // padding bits are ignored, and may be any value. |
276 uint16 attr_type, attr_length; | 298 uint16 attr_type, attr_length; |
299 const int kAttrHeaderLength = sizeof(attr_type) + sizeof(attr_length); | |
Sergey Ulanov
2014/09/23 18:38:08
nit: it's better to write =4 instead of sum the of
palmer
2014/09/23 18:57:32
I disagree; it's nice documentation of the intent.
jiayl
2014/09/23 19:59:30
Acknowledged.
| |
300 | |
301 if (length < rtp_begin + kAttrHeaderLength) { | |
302 return false; | |
303 } | |
304 | |
277 // Getting attribute type and length. | 305 // Getting attribute type and length. |
278 attr_type = rtc::GetBE16(&packet[rtp_begin]); | 306 attr_type = rtc::GetBE16(&packet[rtp_begin]); |
279 attr_length = rtc::GetBE16( | 307 attr_length = rtc::GetBE16( |
280 &packet[rtp_begin + sizeof(attr_type)]); | 308 &packet[rtp_begin + sizeof(attr_type)]); |
309 | |
281 // Checking for bogus attribute length. | 310 // Checking for bogus attribute length. |
282 if (length < attr_length + rtp_begin) { | 311 if (length < rtp_begin + kAttrHeaderLength + attr_length) { |
283 return false; | 312 return false; |
284 } | 313 } |
285 | 314 |
286 if (attr_type != cricket::STUN_ATTR_DATA) { | 315 if (attr_type != cricket::STUN_ATTR_DATA) { |
287 rtp_begin += sizeof(attr_type) + sizeof(attr_length) + attr_length; | 316 rtp_begin += kAttrHeaderLength + attr_length; |
288 if ((attr_length % 4) != 0) { | 317 if ((attr_length % 4) != 0) { |
289 rtp_begin += (4 - (attr_length % 4)); | 318 rtp_begin += (4 - (attr_length % 4)); |
290 } | 319 } |
291 continue; | 320 continue; |
292 } | 321 } |
293 | 322 |
294 data_attr_present = true; | 323 data_attr_present = true; |
295 rtp_begin += 4; // Skip STUN_DATA_ATTR header. | 324 rtp_begin += kAttrHeaderLength; // Skip STUN_DATA_ATTR header. |
296 rtp_length = attr_length; | 325 rtp_length = attr_length; |
297 // One final check of length before exiting. | 326 |
298 if (length < rtp_length + rtp_begin) { | |
299 return false; | |
300 } | |
301 // We found STUN_DATA_ATTR. We can skip parsing rest of the packet. | 327 // We found STUN_DATA_ATTR. We can skip parsing rest of the packet. |
302 break; | 328 break; |
303 } | 329 } |
304 | 330 |
305 if (!data_attr_present) { | 331 if (!data_attr_present) { |
306 // There is no data attribute present in the message. We can't do anything | 332 // There is no data attribute present in the message. We can't do anything |
307 // with the message. | 333 // with the message. |
308 return false; | 334 return false; |
309 } | 335 } |
310 | 336 |
311 } else { | 337 } else { |
312 // This is a raw RTP packet. | 338 // This is a raw RTP packet. |
313 rtp_begin = 0; | 339 rtp_begin = 0; |
314 rtp_length = length; | 340 rtp_length = length; |
315 } | 341 } |
316 | 342 |
317 // Making sure we have a valid RTP packet at the end. | 343 // Making sure we have a valid RTP packet at the end. |
318 if ((rtp_length >= kMinRtpHdrLen) && | 344 if ((rtp_length >= kMinRtpHdrLen) && |
319 IsRtpPacket(packet + rtp_begin, rtp_length) && | 345 IsRtpPacket(packet + rtp_begin, rtp_length) && |
320 ValidateRtpHeader(packet + rtp_begin, rtp_length, NULL)) { | 346 ValidateRtpHeader(packet + rtp_begin, rtp_length, NULL)) { |
321 *rtp_start_pos = rtp_begin; | 347 *rtp_start_pos = rtp_begin; |
322 *rtp_packet_length = rtp_length; | 348 *rtp_packet_length = rtp_length; |
323 return true; | 349 return true; |
324 } | 350 } |
325 return false; | 351 return false; |
326 } | 352 } |
327 | 353 |
328 // ValidateRtpHeader must be called before this method to make sure, we have | 354 // ValidateRtpHeader must be called before this method to make sure, we have |
329 // a sane rtp packet. | 355 // a sane rtp packet. |
330 bool UpdateRtpAbsSendTimeExtn(char* rtp, int length, | 356 bool UpdateRtpAbsSendTimeExtn(char* rtp, size_t length, |
331 int extension_id, uint32 abs_send_time) { | 357 int extension_id, uint32 abs_send_time) { |
332 // 0 1 2 3 | 358 // 0 1 2 3 |
333 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 359 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
334 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 360 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
335 // |V=2|P|X| CC |M| PT | sequence number | | 361 // |V=2|P|X| CC |M| PT | sequence number | |
336 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 362 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
337 // | timestamp | | 363 // | timestamp | |
338 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 364 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
339 // | synchronization source (SSRC) identifier | | 365 // | synchronization source (SSRC) identifier | |
340 // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | 366 // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
341 // | contributing source (CSRC) identifiers | | 367 // | contributing source (CSRC) identifiers | |
342 // | .... | | 368 // | .... | |
343 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 369 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
344 | 370 |
345 // Return if extension bit is not set. | 371 // Return if extension bit is not set. |
346 if (!(rtp[0] & 0x10)) { | 372 if (!(rtp[0] & 0x10)) { |
347 return true; | 373 return true; |
348 } | 374 } |
349 | 375 |
350 int cc_count = rtp[0] & 0x0F; | 376 size_t cc_count = rtp[0] & 0x0F; |
351 int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count; | 377 size_t rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count; |
352 | 378 |
353 rtp += rtp_hdr_len_without_extn; | 379 rtp += rtp_hdr_len_without_extn; |
354 | 380 |
355 // Getting extension profile ID and length. | 381 // Getting extension profile ID and length. |
356 uint16 profile_id = rtc::GetBE16(rtp); | 382 uint16 profile_id = rtc::GetBE16(rtp); |
357 // Length is in 32 bit words. | 383 // Length is in 32 bit words. |
358 uint16 extn_length = rtc::GetBE16(rtp + 2) * 4; | 384 uint16 extn_len_32bit_words = rtc::GetBE16(rtp + 2); |
385 size_t extn_length = extn_len_32bit_words * 4; | |
359 | 386 |
360 rtp += kRtpExtnHdrLen; // Moving past extn header. | 387 rtp += kRtpExtnHdrLen; // Moving past extn header. |
361 | 388 |
362 bool found = false; | 389 bool found = false; |
363 // WebRTC is using one byte header extension. | 390 // WebRTC is using one byte header extension. |
364 // TODO(mallinath) - Handle two byte header extension. | 391 // TODO(mallinath) - Handle two byte header extension. |
365 if (profile_id == 0xBEDE) { // OneByte extension header | 392 if (profile_id == 0xBEDE) { // OneByte extension header |
366 // 0 | 393 // 0 |
367 // 0 1 2 3 4 5 6 7 | 394 // 0 1 2 3 4 5 6 7 |
368 // +-+-+-+-+-+-+-+-+ | 395 // +-+-+-+-+-+-+-+-+ |
369 // | ID | len | | 396 // | ID | len | |
370 // +-+-+-+-+-+-+-+-+ | 397 // +-+-+-+-+-+-+-+-+ |
371 | 398 |
372 // 0 1 2 3 | 399 // 0 1 2 3 |
373 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 400 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
374 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 401 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
375 // | 0xBE | 0xDE | length=3 | | 402 // | 0xBE | 0xDE | length=3 | |
376 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 403 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
377 // | ID | L=0 | data | ID | L=1 | data... | 404 // | ID | L=0 | data | ID | L=1 | data... |
378 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 405 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
379 // ...data | 0 (pad) | 0 (pad) | ID | L=3 | | 406 // ...data | 0 (pad) | 0 (pad) | ID | L=3 | |
380 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 407 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
381 // | data | | 408 // | data | |
382 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 409 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
383 char* extn_start = rtp; | 410 const char* extn_start = rtp; |
384 while (rtp - extn_start < extn_length) { | 411 const char* extn_end = extn_start + extn_length; |
412 | |
413 while (rtp < extn_end) { | |
385 const int id = (*rtp & 0xF0) >> 4; | 414 const int id = (*rtp & 0xF0) >> 4; |
386 const int len = (*rtp & 0x0F) + 1; | 415 const size_t len = (*rtp & 0x0F) + 1; |
416 if (rtp + kOneByteHdrLen + len > extn_end) { | |
417 return false; | |
418 } | |
387 // The 4-bit length is the number minus one of data bytes of this header | 419 // The 4-bit length is the number minus one of data bytes of this header |
388 // extension element following the one-byte header. | 420 // extension element following the one-byte header. |
389 if (id == extension_id) { | 421 if (id == extension_id) { |
390 UpdateAbsSendTimeExtnValue(rtp + kOneByteHdrLen, len, abs_send_time); | 422 UpdateAbsSendTimeExtnValue(rtp + kOneByteHdrLen, len, abs_send_time); |
391 found = true; | 423 found = true; |
392 break; | 424 break; |
393 } | 425 } |
394 rtp += kOneByteHdrLen + len; | 426 rtp += kOneByteHdrLen + len; |
395 // Counting padding bytes. | 427 // Counting padding bytes. |
396 while ((*rtp == 0) && (rtp - extn_start < extn_length)) { | 428 while ((rtp < extn_end) && (*rtp == 0)) { |
397 ++rtp; | 429 ++rtp; |
398 } | 430 } |
399 } | 431 } |
400 } | 432 } |
401 return found; | 433 return found; |
402 } | 434 } |
403 | 435 |
404 } // packet_processing_helpers | 436 } // packet_processing_helpers |
405 | 437 |
406 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender, int socket_id) | 438 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender, int socket_id) |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
521 if (outgoing) | 553 if (outgoing) |
522 dump_outgoing_rtp_packet_ = false; | 554 dump_outgoing_rtp_packet_ = false; |
523 | 555 |
524 if (!dump_incoming_rtp_packet_ && !dump_outgoing_rtp_packet_) | 556 if (!dump_incoming_rtp_packet_ && !dump_outgoing_rtp_packet_) |
525 packet_dump_callback_.Reset(); | 557 packet_dump_callback_.Reset(); |
526 } | 558 } |
527 | 559 |
528 void P2PSocketHost::DumpRtpPacket(const char* packet, | 560 void P2PSocketHost::DumpRtpPacket(const char* packet, |
529 size_t length, | 561 size_t length, |
530 bool incoming) { | 562 bool incoming) { |
531 if (IsDtlsPacket(packet, length) || IsRtcpPacket(packet)) | 563 if (IsDtlsPacket(packet, length) || IsRtcpPacket(packet, length)) |
532 return; | 564 return; |
533 | 565 |
534 int rtp_packet_pos = 0; | 566 size_t rtp_packet_pos = 0; |
535 int rtp_packet_length = length; | 567 size_t rtp_packet_length = length; |
536 if (!packet_processing_helpers::GetRtpPacketStartPositionAndLength( | 568 if (!packet_processing_helpers::GetRtpPacketStartPositionAndLength( |
537 packet, length, &rtp_packet_pos, &rtp_packet_length)) | 569 packet, length, &rtp_packet_pos, &rtp_packet_length)) |
538 return; | 570 return; |
539 | 571 |
540 packet += rtp_packet_pos; | 572 packet += rtp_packet_pos; |
541 | 573 |
542 size_t header_length = 0; | 574 size_t header_length = 0; |
543 bool valid = ValidateRtpHeader(packet, rtp_packet_length, &header_length); | 575 bool valid = ValidateRtpHeader(packet, rtp_packet_length, &header_length); |
544 if (!valid) { | 576 if (!valid) { |
545 DCHECK(false); | 577 DCHECK(false); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
577 BrowserThread::PostTask(BrowserThread::UI, | 609 BrowserThread::PostTask(BrowserThread::UI, |
578 FROM_HERE, | 610 FROM_HERE, |
579 base::Bind(packet_dump_callback_, | 611 base::Bind(packet_dump_callback_, |
580 Passed(&packet_header), | 612 Passed(&packet_header), |
581 header_length, | 613 header_length, |
582 packet_length, | 614 packet_length, |
583 incoming)); | 615 incoming)); |
584 } | 616 } |
585 | 617 |
586 } // namespace content | 618 } // namespace content |
OLD | NEW |