OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/renderer_host/p2p/socket_host.h" | 5 #include "content/browser/renderer_host/p2p/socket_host.h" |
6 | 6 |
7 #include "base/sys_byteorder.h" | 7 #include "base/sys_byteorder.h" |
8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" | 8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" |
9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h" | 9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h" |
10 #include "content/browser/renderer_host/p2p/socket_host_udp.h" | 10 #include "content/browser/renderer_host/p2p/socket_host_udp.h" |
11 #include "content/browser/renderer_host/render_process_host_impl.h" | 11 #include "content/browser/renderer_host/render_process_host_impl.h" |
12 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
13 #include "crypto/hmac.h" | 13 #include "crypto/hmac.h" |
14 #include "third_party/libjingle/source/talk/p2p/base/stun.h" | 14 #include "third_party/libjingle/source/talk/p2p/base/stun.h" |
15 #include "third_party/webrtc/base/asyncpacketsocket.h" | 15 #include "third_party/webrtc/base/asyncpacketsocket.h" |
16 #include "third_party/webrtc/base/byteorder.h" | 16 #include "third_party/webrtc/base/byteorder.h" |
17 #include "third_party/webrtc/base/messagedigest.h" | 17 #include "third_party/webrtc/base/messagedigest.h" |
18 | 18 |
19 namespace { | 19 namespace { |
20 | 20 |
21 const uint32 kStunMagicCookie = 0x2112A442; | 21 const uint32 kStunMagicCookie = 0x2112A442; |
22 const int kMinRtpHdrLen = 12; | 22 const size_t kMinRtpHeaderLength = 12; |
23 const int kRtpExtnHdrLen = 4; | 23 const size_t kMinRtcpHeaderLength = 8; |
24 const int kDtlsRecordHeaderLen = 13; | 24 const size_t kRtpExtensionHeaderLength = 4; |
25 const int kTurnChannelHdrLen = 4; | 25 const size_t kDtlsRecordHeaderLength = 13; |
26 const int kAbsSendTimeExtnLen = 3; | 26 const size_t kTurnChannelHeaderLength = 4; |
27 const int kOneByteHdrLen = 1; | 27 const size_t kAbsSendTimeExtensionLength = 3; |
28 const size_t kOneByteHeaderLength = 1; | |
29 const size_t kMaxRtpPacketLength = 2048; | |
28 | 30 |
29 // Fake auth tag written by the render process if external authentication is | 31 // Fake auth tag written by the render process if external authentication is |
30 // enabled. HMAC in packet will be compared against this value before updating | 32 // enabled. HMAC in packet will be compared against this value before updating |
31 // packet with actual HMAC value. | 33 // packet with actual HMAC value. |
32 static const unsigned char kFakeAuthTag[10] = { | 34 static const unsigned char kFakeAuthTag[10] = { |
33 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd | 35 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd |
34 }; | 36 }; |
35 | 37 |
36 bool IsTurnChannelData(const char* data) { | 38 bool IsTurnChannelData(const char* data, size_t length) { |
37 return ((*data & 0xC0) == 0x40); | 39 return length >= kTurnChannelHeaderLength && ((*data & 0xC0) == 0x40); |
38 } | 40 } |
39 | 41 |
40 bool IsDtlsPacket(const char* data, int len) { | 42 bool IsDtlsPacket(const char* data, size_t length) { |
41 const uint8* u = reinterpret_cast<const uint8*>(data); | 43 const uint8* u = reinterpret_cast<const uint8*>(data); |
42 return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64)); | 44 return (length >= kDtlsRecordHeaderLength && (u[0] > 19 && u[0] < 64)); |
43 } | 45 } |
44 | 46 |
45 bool IsRtcpPacket(const char* data) { | 47 bool IsRtcpPacket(const char* data, size_t length) { |
48 if (length < kMinRtcpHeaderLength) { | |
49 return false; | |
50 } | |
51 | |
46 int type = (static_cast<uint8>(data[1]) & 0x7F); | 52 int type = (static_cast<uint8>(data[1]) & 0x7F); |
47 return (type >= 64 && type < 96); | 53 return (type >= 64 && type < 96); |
48 } | 54 } |
49 | 55 |
50 bool IsTurnSendIndicationPacket(const char* data) { | 56 bool IsTurnSendIndicationPacket(const char* data, size_t length) { |
57 if (length < content::P2PSocketHost::kStunHeaderSize) { | |
58 return false; | |
59 } | |
60 | |
51 uint16 type = rtc::GetBE16(data); | 61 uint16 type = rtc::GetBE16(data); |
52 return (type == cricket::TURN_SEND_INDICATION); | 62 return (type == cricket::TURN_SEND_INDICATION); |
53 } | 63 } |
54 | 64 |
55 bool IsRtpPacket(const char* data, int len) { | 65 bool IsRtpPacket(const char* data, size_t length) { |
66 if (length < kMinRtpHeaderLength) { | |
palmer
2014/09/23 20:58:08
Nit: You could use the same 1-line style here as y
| |
67 return false; | |
68 } | |
56 return ((*data & 0xC0) == 0x80); | 69 return ((*data & 0xC0) == 0x80); |
57 } | 70 } |
58 | 71 |
59 // Verifies rtp header and message length. | 72 // Verifies rtp header and message length. |
60 bool ValidateRtpHeader(const char* rtp, int length, size_t* header_length) { | 73 bool ValidateRtpHeader(const char* rtp, size_t length, size_t* header_length) { |
61 if (header_length) | 74 if (header_length) { |
62 *header_length = 0; | 75 *header_length = 0; |
76 } | |
63 | 77 |
64 int cc_count = rtp[0] & 0x0F; | 78 if (length < kMinRtpHeaderLength) { |
65 int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count; | |
66 if (rtp_hdr_len_without_extn > length) { | |
67 return false; | 79 return false; |
68 } | 80 } |
69 | 81 |
82 size_t cc_count = rtp[0] & 0x0F; | |
83 size_t header_length_without_extension = kMinRtpHeaderLength + 4 * cc_count; | |
84 if (header_length_without_extension > length) { | |
85 return false; | |
86 } | |
87 | |
70 // If extension bit is not set, we are done with header processing, as input | 88 // If extension bit is not set, we are done with header processing, as input |
71 // length is verified above. | 89 // length is verified above. |
72 if (!(rtp[0] & 0x10)) { | 90 if (!(rtp[0] & 0x10)) { |
73 if (header_length) | 91 if (header_length) |
74 *header_length = rtp_hdr_len_without_extn; | 92 *header_length = header_length_without_extension; |
75 | 93 |
76 return true; | 94 return true; |
77 } | 95 } |
78 | 96 |
79 rtp += rtp_hdr_len_without_extn; | 97 rtp += header_length_without_extension; |
98 | |
99 if (header_length_without_extension + kRtpExtensionHeaderLength > length) { | |
100 return false; | |
101 } | |
80 | 102 |
81 // Getting extension profile length. | 103 // Getting extension profile length. |
82 // Length is in 32 bit words. | 104 // Length is in 32 bit words. |
83 uint16 extn_length = rtc::GetBE16(rtp + 2) * 4; | 105 uint16 extension_length_in_32bits = rtc::GetBE16(rtp + 2); |
106 size_t extension_length = extension_length_in_32bits * 4; | |
107 | |
108 size_t rtp_header_length = extension_length + | |
109 header_length_without_extension + | |
110 kRtpExtensionHeaderLength; | |
84 | 111 |
85 // Verify input length against total header size. | 112 // Verify input length against total header size. |
86 if (rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length > length) { | 113 if (rtp_header_length > length) { |
87 return false; | 114 return false; |
88 } | 115 } |
89 | 116 |
90 if (header_length) | 117 if (header_length) { |
91 *header_length = rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length; | 118 *header_length = rtp_header_length; |
119 } | |
92 return true; | 120 return true; |
93 } | 121 } |
94 | 122 |
95 void UpdateAbsSendTimeExtnValue(char* extn_data, int len, | 123 void UpdateAbsSendTimeExtensionValue(char* extension_data, |
96 uint32 abs_send_time) { | 124 size_t length, |
125 uint32 abs_send_time) { | |
97 // Absolute send time in RTP streams. | 126 // Absolute send time in RTP streams. |
98 // | 127 // |
99 // The absolute send time is signaled to the receiver in-band using the | 128 // The absolute send time is signaled to the receiver in-band using the |
100 // general mechanism for RTP header extensions [RFC5285]. The payload | 129 // general mechanism for RTP header extensions [RFC5285]. The payload |
101 // of this extension (the transmitted value) is a 24-bit unsigned integer | 130 // of this extension (the transmitted value) is a 24-bit unsigned integer |
102 // containing the sender's current time in seconds as a fixed point number | 131 // containing the sender's current time in seconds as a fixed point number |
103 // with 18 bits fractional part. | 132 // with 18 bits fractional part. |
104 // | 133 // |
105 // The form of the absolute send time extension block: | 134 // The form of the absolute send time extension block: |
106 // | 135 // |
107 // 0 1 2 3 | 136 // 0 1 2 3 |
108 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 137 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
109 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 138 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
110 // | ID | len=2 | absolute send time | | 139 // | ID | len=2 | absolute send time | |
111 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 140 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
112 DCHECK_EQ(len, kAbsSendTimeExtnLen); | 141 if (length != kAbsSendTimeExtensionLength) { |
142 NOTREACHED(); | |
143 return; | |
144 } | |
145 | |
113 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to | 146 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to |
114 // use it unless necessary, as it is expensive than Now(). | 147 // use it unless necessary, as it is expensive than Now(). |
115 uint32 now_second = abs_send_time; | 148 uint32 now_second = abs_send_time; |
116 if (!now_second) { | 149 if (!now_second) { |
117 uint64 now_us = | 150 uint64 now_us = |
118 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds(); | 151 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds(); |
119 // Convert second to 24-bit unsigned with 18 bit fractional part | 152 // Convert second to 24-bit unsigned with 18 bit fractional part |
120 now_second = | 153 now_second = |
121 ((now_us << 18) / base::Time::kMicrosecondsPerSecond) & 0x00FFFFFF; | 154 ((now_us << 18) / base::Time::kMicrosecondsPerSecond) & 0x00FFFFFF; |
122 } | 155 } |
123 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle. | 156 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle. |
124 extn_data[0] = static_cast<uint8>(now_second >> 16); | 157 extension_data[0] = static_cast<uint8>(now_second >> 16); |
125 extn_data[1] = static_cast<uint8>(now_second >> 8); | 158 extension_data[1] = static_cast<uint8>(now_second >> 8); |
126 extn_data[2] = static_cast<uint8>(now_second); | 159 extension_data[2] = static_cast<uint8>(now_second); |
127 } | 160 } |
128 | 161 |
129 // Assumes |len| is actual packet length + tag length. Updates HMAC at end of | 162 // Assumes |length| is actual packet length + tag length. Updates HMAC at end of |
130 // the RTP packet. | 163 // the RTP packet. |
131 void UpdateRtpAuthTag(char* rtp, int len, | 164 void UpdateRtpAuthTag(char* rtp, |
165 size_t length, | |
132 const rtc::PacketOptions& options) { | 166 const rtc::PacketOptions& options) { |
133 // If there is no key, return. | 167 // If there is no key, return. |
134 if (options.packet_time_params.srtp_auth_key.empty()) | 168 if (options.packet_time_params.srtp_auth_key.empty()) { |
135 return; | 169 return; |
170 } | |
136 | 171 |
137 size_t tag_length = options.packet_time_params.srtp_auth_tag_len; | 172 size_t tag_length = options.packet_time_params.srtp_auth_tag_len; |
138 char* auth_tag = rtp + (len - tag_length); | |
139 | 173 |
140 // We should have a fake HMAC value @ auth_tag. | 174 // ROC (rollover counter) is at the beginning of the auth tag. |
141 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length)); | 175 const size_t kRocLength = 4; |
176 if (tag_length < kRocLength || tag_length > length) { | |
177 NOTREACHED(); | |
178 return; | |
179 } | |
142 | 180 |
143 crypto::HMAC hmac(crypto::HMAC::SHA1); | 181 crypto::HMAC hmac(crypto::HMAC::SHA1); |
144 if (!hmac.Init(reinterpret_cast<const unsigned char*>( | 182 if (!hmac.Init(reinterpret_cast<const unsigned char*>( |
145 &options.packet_time_params.srtp_auth_key[0]), | 183 &options.packet_time_params.srtp_auth_key[0]), |
146 options.packet_time_params.srtp_auth_key.size())) { | 184 options.packet_time_params.srtp_auth_key.size())) { |
147 NOTREACHED(); | 185 NOTREACHED(); |
148 return; | 186 return; |
149 } | 187 } |
150 | 188 |
151 if (hmac.DigestLength() < tag_length) { | 189 if (tag_length > hmac.DigestLength()) { |
152 NOTREACHED(); | 190 NOTREACHED(); |
153 return; | 191 return; |
154 } | 192 } |
155 | 193 |
194 char* auth_tag = rtp + (length - tag_length); | |
195 | |
196 // We should have a fake HMAC value @ auth_tag. | |
197 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length)); | |
198 | |
156 // Copy ROC after end of rtp packet. | 199 // Copy ROC after end of rtp packet. |
157 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, 4); | 200 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, kRocLength); |
158 // Authentication of a RTP packet will have RTP packet + ROC size. | 201 // Authentication of a RTP packet will have RTP packet + ROC size. |
159 int auth_required_length = len - tag_length + 4; | 202 int auth_required_length = length - tag_length + kRocLength; |
160 | 203 |
161 unsigned char output[64]; | 204 unsigned char output[64]; |
162 if (!hmac.Sign(base::StringPiece(rtp, auth_required_length), | 205 if (!hmac.Sign(base::StringPiece(rtp, auth_required_length), |
163 output, sizeof(output))) { | 206 output, sizeof(output))) { |
164 NOTREACHED(); | 207 NOTREACHED(); |
165 return; | 208 return; |
166 } | 209 } |
167 // Copy HMAC from output to packet. This is required as auth tag length | 210 // Copy HMAC from output to packet. This is required as auth tag length |
168 // may not be equal to the actual HMAC length. | 211 // may not be equal to the actual HMAC length. |
169 memcpy(auth_tag, output, tag_length); | 212 memcpy(auth_tag, output, tag_length); |
170 } | 213 } |
171 | 214 |
172 } // namespace | 215 } // namespace |
173 | 216 |
174 namespace content { | 217 namespace content { |
175 | 218 |
176 namespace packet_processing_helpers { | 219 namespace packet_processing_helpers { |
177 | 220 |
178 bool ApplyPacketOptions(char* data, int length, | 221 bool ApplyPacketOptions(char* data, |
222 size_t length, | |
179 const rtc::PacketOptions& options, | 223 const rtc::PacketOptions& options, |
180 uint32 abs_send_time) { | 224 uint32 abs_send_time) { |
181 DCHECK(data != NULL); | 225 DCHECK(data != NULL); |
182 DCHECK(length > 0); | 226 DCHECK(length > 0); |
183 // if there is no valid |rtp_sendtime_extension_id| and |srtp_auth_key| in | 227 // if there is no valid |rtp_sendtime_extension_id| and |srtp_auth_key| in |
184 // PacketOptions, nothing to be updated in this packet. | 228 // PacketOptions, nothing to be updated in this packet. |
185 if (options.packet_time_params.rtp_sendtime_extension_id == -1 && | 229 if (options.packet_time_params.rtp_sendtime_extension_id == -1 && |
186 options.packet_time_params.srtp_auth_key.empty()) { | 230 options.packet_time_params.srtp_auth_key.empty()) { |
187 return true; | 231 return true; |
188 } | 232 } |
189 | 233 |
190 DCHECK(!IsDtlsPacket(data, length)); | 234 DCHECK(!IsDtlsPacket(data, length)); |
191 DCHECK(!IsRtcpPacket(data)); | 235 DCHECK(!IsRtcpPacket(data, length)); |
192 | 236 |
193 // If there is a srtp auth key present then packet must be a RTP packet. | 237 // If there is a srtp auth key present then packet must be a RTP packet. |
194 // RTP packet may have been wrapped in a TURN Channel Data or | 238 // RTP packet may have been wrapped in a TURN Channel Data or |
195 // TURN send indication. | 239 // TURN send indication. |
196 int rtp_start_pos; | 240 size_t rtp_start_pos; |
197 int rtp_length; | 241 size_t rtp_length; |
198 if (!GetRtpPacketStartPositionAndLength( | 242 if (!GetRtpPacketStartPositionAndLength( |
199 data, length, &rtp_start_pos, &rtp_length)) { | 243 data, length, &rtp_start_pos, &rtp_length)) { |
200 // This method should never return false. | 244 // This method should never return false. |
201 NOTREACHED(); | 245 NOTREACHED(); |
202 return false; | 246 return false; |
203 } | 247 } |
204 | 248 |
205 // Skip to rtp packet. | 249 // Skip to rtp packet. |
206 char* start = data + rtp_start_pos; | 250 char* start = data + rtp_start_pos; |
207 // If packet option has non default value (-1) for sendtime extension id, | 251 // If packet option has non default value (-1) for sendtime extension id, |
208 // then we should parse the rtp packet to update the timestamp. Otherwise | 252 // then we should parse the rtp packet to update the timestamp. Otherwise |
209 // just calculate HMAC and update packet with it. | 253 // just calculate HMAC and update packet with it. |
210 if (options.packet_time_params.rtp_sendtime_extension_id != -1) { | 254 if (options.packet_time_params.rtp_sendtime_extension_id != -1) { |
211 UpdateRtpAbsSendTimeExtn( | 255 UpdateRtpAbsSendTimeExtension( |
212 start, rtp_length, | 256 start, |
213 options.packet_time_params.rtp_sendtime_extension_id, abs_send_time); | 257 rtp_length, |
258 options.packet_time_params.rtp_sendtime_extension_id, | |
259 abs_send_time); | |
214 } | 260 } |
215 | 261 |
216 UpdateRtpAuthTag(start, rtp_length, options); | 262 UpdateRtpAuthTag(start, rtp_length, options); |
217 return true; | 263 return true; |
218 } | 264 } |
219 | 265 |
220 bool GetRtpPacketStartPositionAndLength(const char* packet, | 266 bool GetRtpPacketStartPositionAndLength(const char* packet, |
221 int length, | 267 size_t length, |
222 int* rtp_start_pos, | 268 size_t* rtp_start_pos, |
223 int* rtp_packet_length) { | 269 size_t* rtp_packet_length) { |
224 int rtp_begin; | 270 if (length < kMinRtpHeaderLength || length > kMaxRtpPacketLength) { |
225 int rtp_length = 0; | 271 return false; |
226 if (IsTurnChannelData(packet)) { | 272 } |
273 | |
274 size_t rtp_begin; | |
275 size_t rtp_length = 0; | |
276 if (IsTurnChannelData(packet, length)) { | |
227 // Turn Channel Message header format. | 277 // Turn Channel Message header format. |
228 // 0 1 2 3 | 278 // 0 1 2 3 |
229 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 279 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
230 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 280 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
231 // | Channel Number | Length | | 281 // | Channel Number | Length | |
232 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 282 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
233 // | | | 283 // | | |
234 // / Application Data / | 284 // / Application Data / |
235 // / / | 285 // / / |
236 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 286 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
237 if (length < kTurnChannelHdrLen) { | 287 rtp_begin = kTurnChannelHeaderLength; |
288 rtp_length = rtc::GetBE16(&packet[2]); | |
289 if (length < rtp_length + kTurnChannelHeaderLength) { | |
290 return false; | |
291 } | |
292 } else if (IsTurnSendIndicationPacket(packet, length)) { | |
293 // Validate STUN message length. | |
294 size_t stun_message_length = rtc::GetBE16(&packet[2]); | |
295 if (stun_message_length + P2PSocketHost::kStunHeaderSize != length) { | |
238 return false; | 296 return false; |
239 } | 297 } |
240 | 298 |
241 rtp_begin = kTurnChannelHdrLen; | |
242 rtp_length = rtc::GetBE16(&packet[2]); | |
243 if (length < rtp_length + kTurnChannelHdrLen) { | |
244 return false; | |
245 } | |
246 } else if (IsTurnSendIndicationPacket(packet)) { | |
247 if (length <= P2PSocketHost::kStunHeaderSize) { | |
248 // Message must be greater than 20 bytes, if it's carrying any payload. | |
249 return false; | |
250 } | |
251 // Validate STUN message length. | |
252 int stun_msg_len = rtc::GetBE16(&packet[2]); | |
253 if (stun_msg_len + P2PSocketHost::kStunHeaderSize != length) { | |
254 return false; | |
255 } | |
256 | |
257 // First skip mandatory stun header which is of 20 bytes. | 299 // First skip mandatory stun header which is of 20 bytes. |
258 rtp_begin = P2PSocketHost::kStunHeaderSize; | 300 rtp_begin = P2PSocketHost::kStunHeaderSize; |
259 // Loop through STUN attributes until we find STUN DATA attribute. | 301 // Loop through STUN attributes until we find STUN DATA attribute. |
260 const char* start = packet + rtp_begin; | 302 const char* start = packet + rtp_begin; |
261 bool data_attr_present = false; | 303 bool data_attr_present = false; |
262 while ((packet + rtp_begin) - start < stun_msg_len) { | 304 while (packet + rtp_begin < start + stun_message_length) { |
juri.aedla
2014/09/23 21:11:04
Perhaps change to simpler but equivalent (rtp_begi
| |
263 // Keep reading STUN attributes until we hit DATA attribute. | 305 // Keep reading STUN attributes until we hit DATA attribute. |
264 // Attribute will be a TLV structure. | 306 // Attribute will be a TLV structure. |
265 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 307 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
266 // | Type | Length | | 308 // | Type | Length | |
267 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 309 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
268 // | Value (variable) .... | 310 // | Value (variable) .... |
269 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 311 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
270 // The value in the length field MUST contain the length of the Value | 312 // The value in the length field MUST contain the length of the Value |
271 // part of the attribute, prior to padding, measured in bytes. Since | 313 // part of the attribute, prior to padding, measured in bytes. Since |
272 // STUN aligns attributes on 32-bit boundaries, attributes whose content | 314 // STUN aligns attributes on 32-bit boundaries, attributes whose content |
273 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of | 315 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of |
274 // padding so that its value contains a multiple of 4 bytes. The | 316 // padding so that its value contains a multiple of 4 bytes. The |
275 // padding bits are ignored, and may be any value. | 317 // padding bits are ignored, and may be any value. |
276 uint16 attr_type, attr_length; | 318 uint16 attr_type, attr_length; |
319 const int kAttrHeaderLength = sizeof(attr_type) + sizeof(attr_length); | |
320 | |
321 if (length < rtp_begin + kAttrHeaderLength) { | |
322 return false; | |
323 } | |
324 | |
277 // Getting attribute type and length. | 325 // Getting attribute type and length. |
278 attr_type = rtc::GetBE16(&packet[rtp_begin]); | 326 attr_type = rtc::GetBE16(&packet[rtp_begin]); |
279 attr_length = rtc::GetBE16( | 327 attr_length = rtc::GetBE16( |
280 &packet[rtp_begin + sizeof(attr_type)]); | 328 &packet[rtp_begin + sizeof(attr_type)]); |
329 | |
juri.aedla
2014/09/23 21:11:04
Perhaps do
rtp_begin += kAttrHeaderLength;
once an
| |
281 // Checking for bogus attribute length. | 330 // Checking for bogus attribute length. |
282 if (length < attr_length + rtp_begin) { | 331 if (length < rtp_begin + kAttrHeaderLength + attr_length) { |
283 return false; | 332 return false; |
284 } | 333 } |
285 | 334 |
286 if (attr_type != cricket::STUN_ATTR_DATA) { | 335 if (attr_type != cricket::STUN_ATTR_DATA) { |
287 rtp_begin += sizeof(attr_type) + sizeof(attr_length) + attr_length; | 336 rtp_begin += kAttrHeaderLength + attr_length; |
288 if ((attr_length % 4) != 0) { | 337 if ((attr_length % 4) != 0) { |
289 rtp_begin += (4 - (attr_length % 4)); | 338 rtp_begin += (4 - (attr_length % 4)); |
290 } | 339 } |
291 continue; | 340 continue; |
292 } | 341 } |
293 | 342 |
294 data_attr_present = true; | 343 data_attr_present = true; |
295 rtp_begin += 4; // Skip STUN_DATA_ATTR header. | 344 rtp_begin += kAttrHeaderLength; // Skip STUN_DATA_ATTR header. |
296 rtp_length = attr_length; | 345 rtp_length = attr_length; |
297 // One final check of length before exiting. | 346 |
298 if (length < rtp_length + rtp_begin) { | |
299 return false; | |
300 } | |
301 // We found STUN_DATA_ATTR. We can skip parsing rest of the packet. | 347 // We found STUN_DATA_ATTR. We can skip parsing rest of the packet. |
302 break; | 348 break; |
303 } | 349 } |
304 | 350 |
305 if (!data_attr_present) { | 351 if (!data_attr_present) { |
306 // There is no data attribute present in the message. We can't do anything | 352 // There is no data attribute present in the message. We can't do anything |
307 // with the message. | 353 // with the message. |
308 return false; | 354 return false; |
309 } | 355 } |
310 | 356 |
311 } else { | 357 } else { |
312 // This is a raw RTP packet. | 358 // This is a raw RTP packet. |
313 rtp_begin = 0; | 359 rtp_begin = 0; |
314 rtp_length = length; | 360 rtp_length = length; |
315 } | 361 } |
316 | 362 |
317 // Making sure we have a valid RTP packet at the end. | 363 // Making sure we have a valid RTP packet at the end. |
318 if ((rtp_length >= kMinRtpHdrLen) && | 364 if (IsRtpPacket(packet + rtp_begin, rtp_length) && |
319 IsRtpPacket(packet + rtp_begin, rtp_length) && | |
320 ValidateRtpHeader(packet + rtp_begin, rtp_length, NULL)) { | 365 ValidateRtpHeader(packet + rtp_begin, rtp_length, NULL)) { |
321 *rtp_start_pos = rtp_begin; | 366 *rtp_start_pos = rtp_begin; |
322 *rtp_packet_length = rtp_length; | 367 *rtp_packet_length = rtp_length; |
323 return true; | 368 return true; |
324 } | 369 } |
325 return false; | 370 return false; |
326 } | 371 } |
327 | 372 |
328 // ValidateRtpHeader must be called before this method to make sure, we have | 373 // ValidateRtpHeader must be called before this method to make sure, we have |
329 // a sane rtp packet. | 374 // a sane rtp packet. |
330 bool UpdateRtpAbsSendTimeExtn(char* rtp, int length, | 375 bool UpdateRtpAbsSendTimeExtension(char* rtp, |
331 int extension_id, uint32 abs_send_time) { | 376 size_t length, |
377 int extension_id, | |
378 uint32 abs_send_time) { | |
332 // 0 1 2 3 | 379 // 0 1 2 3 |
333 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 380 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
334 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 381 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
335 // |V=2|P|X| CC |M| PT | sequence number | | 382 // |V=2|P|X| CC |M| PT | sequence number | |
336 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 383 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
337 // | timestamp | | 384 // | timestamp | |
338 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 385 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
339 // | synchronization source (SSRC) identifier | | 386 // | synchronization source (SSRC) identifier | |
340 // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | 387 // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
341 // | contributing source (CSRC) identifiers | | 388 // | contributing source (CSRC) identifiers | |
342 // | .... | | 389 // | .... | |
343 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 390 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
344 | 391 |
345 // Return if extension bit is not set. | 392 // Return if extension bit is not set. |
346 if (!(rtp[0] & 0x10)) { | 393 if (!(rtp[0] & 0x10)) { |
347 return true; | 394 return true; |
348 } | 395 } |
349 | 396 |
350 int cc_count = rtp[0] & 0x0F; | 397 size_t cc_count = rtp[0] & 0x0F; |
351 int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count; | 398 size_t header_length_without_extension = kMinRtpHeaderLength + 4 * cc_count; |
352 | 399 |
353 rtp += rtp_hdr_len_without_extn; | 400 rtp += header_length_without_extension; |
354 | 401 |
355 // Getting extension profile ID and length. | 402 // Getting extension profile ID and length. |
356 uint16 profile_id = rtc::GetBE16(rtp); | 403 uint16 profile_id = rtc::GetBE16(rtp); |
357 // Length is in 32 bit words. | 404 // Length is in 32 bit words. |
358 uint16 extn_length = rtc::GetBE16(rtp + 2) * 4; | 405 uint16 extension_length_in_32bits = rtc::GetBE16(rtp + 2); |
406 size_t extension_length = extension_length_in_32bits * 4; | |
359 | 407 |
360 rtp += kRtpExtnHdrLen; // Moving past extn header. | 408 rtp += kRtpExtensionHeaderLength; // Moving past extension header. |
361 | 409 |
362 bool found = false; | 410 bool found = false; |
363 // WebRTC is using one byte header extension. | 411 // WebRTC is using one byte header extension. |
364 // TODO(mallinath) - Handle two byte header extension. | 412 // TODO(mallinath) - Handle two byte header extension. |
365 if (profile_id == 0xBEDE) { // OneByte extension header | 413 if (profile_id == 0xBEDE) { // OneByte extension header |
366 // 0 | 414 // 0 |
367 // 0 1 2 3 4 5 6 7 | 415 // 0 1 2 3 4 5 6 7 |
368 // +-+-+-+-+-+-+-+-+ | 416 // +-+-+-+-+-+-+-+-+ |
369 // | ID | len | | 417 // | ID |length | |
370 // +-+-+-+-+-+-+-+-+ | 418 // +-+-+-+-+-+-+-+-+ |
371 | 419 |
372 // 0 1 2 3 | 420 // 0 1 2 3 |
373 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 421 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
374 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 422 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
375 // | 0xBE | 0xDE | length=3 | | 423 // | 0xBE | 0xDE | length=3 | |
376 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 424 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
377 // | ID | L=0 | data | ID | L=1 | data... | 425 // | ID | L=0 | data | ID | L=1 | data... |
378 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 426 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
379 // ...data | 0 (pad) | 0 (pad) | ID | L=3 | | 427 // ...data | 0 (pad) | 0 (pad) | ID | L=3 | |
380 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 428 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
381 // | data | | 429 // | data | |
382 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 430 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
383 char* extn_start = rtp; | 431 const char* extension_start = rtp; |
384 while (rtp - extn_start < extn_length) { | 432 const char* extension_end = extension_start + extension_length; |
433 | |
434 while (rtp < extension_end) { | |
385 const int id = (*rtp & 0xF0) >> 4; | 435 const int id = (*rtp & 0xF0) >> 4; |
386 const int len = (*rtp & 0x0F) + 1; | 436 const size_t length = (*rtp & 0x0F) + 1; |
437 if (rtp + kOneByteHeaderLength + length > extension_end) { | |
438 return false; | |
439 } | |
387 // The 4-bit length is the number minus one of data bytes of this header | 440 // The 4-bit length is the number minus one of data bytes of this header |
388 // extension element following the one-byte header. | 441 // extension element following the one-byte header. |
389 if (id == extension_id) { | 442 if (id == extension_id) { |
390 UpdateAbsSendTimeExtnValue(rtp + kOneByteHdrLen, len, abs_send_time); | 443 UpdateAbsSendTimeExtensionValue( |
444 rtp + kOneByteHeaderLength, length, abs_send_time); | |
391 found = true; | 445 found = true; |
392 break; | 446 break; |
393 } | 447 } |
394 rtp += kOneByteHdrLen + len; | 448 rtp += kOneByteHeaderLength + length; |
395 // Counting padding bytes. | 449 // Counting padding bytes. |
396 while ((*rtp == 0) && (rtp - extn_start < extn_length)) { | 450 while ((rtp < extension_end) && (*rtp == 0)) { |
397 ++rtp; | 451 ++rtp; |
398 } | 452 } |
399 } | 453 } |
400 } | 454 } |
401 return found; | 455 return found; |
402 } | 456 } |
403 | 457 |
404 } // packet_processing_helpers | 458 } // packet_processing_helpers |
405 | 459 |
406 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender, int socket_id) | 460 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender, int socket_id) |
407 : message_sender_(message_sender), | 461 : message_sender_(message_sender), |
408 id_(socket_id), | 462 id_(socket_id), |
409 state_(STATE_UNINITIALIZED), | 463 state_(STATE_UNINITIALIZED), |
410 dump_incoming_rtp_packet_(false), | 464 dump_incoming_rtp_packet_(false), |
411 dump_outgoing_rtp_packet_(false), | 465 dump_outgoing_rtp_packet_(false), |
412 weak_ptr_factory_(this) { | 466 weak_ptr_factory_(this) { |
413 } | 467 } |
414 | 468 |
415 P2PSocketHost::~P2PSocketHost() { } | 469 P2PSocketHost::~P2PSocketHost() { } |
416 | 470 |
417 // Verifies that the packet |data| has a valid STUN header. | 471 // Verifies that the packet |data| has a valid STUN header. |
418 // static | 472 // static |
419 bool P2PSocketHost::GetStunPacketType( | 473 bool P2PSocketHost::GetStunPacketType( |
420 const char* data, int data_size, StunMessageType* type) { | 474 const char* data, int data_size, StunMessageType* type) { |
421 | 475 |
422 if (data_size < kStunHeaderSize) | 476 if (data_size < kStunHeaderSize) { |
423 return false; | 477 return false; |
478 } | |
424 | 479 |
425 uint32 cookie = base::NetToHost32(*reinterpret_cast<const uint32*>(data + 4)); | 480 uint32 cookie = base::NetToHost32(*reinterpret_cast<const uint32*>(data + 4)); |
426 if (cookie != kStunMagicCookie) | 481 if (cookie != kStunMagicCookie) { |
427 return false; | 482 return false; |
483 } | |
428 | 484 |
429 uint16 length = base::NetToHost16(*reinterpret_cast<const uint16*>(data + 2)); | 485 uint16 length = base::NetToHost16(*reinterpret_cast<const uint16*>(data + 2)); |
430 if (length != data_size - kStunHeaderSize) | 486 if (length != data_size - kStunHeaderSize) { |
431 return false; | 487 return false; |
488 } | |
432 | 489 |
433 int message_type = base::NetToHost16(*reinterpret_cast<const uint16*>(data)); | 490 int message_type = base::NetToHost16(*reinterpret_cast<const uint16*>(data)); |
434 | 491 |
435 // Verify that the type is known: | 492 // Verify that the type is known: |
436 switch (message_type) { | 493 switch (message_type) { |
437 case STUN_BINDING_REQUEST: | 494 case STUN_BINDING_REQUEST: |
438 case STUN_BINDING_RESPONSE: | 495 case STUN_BINDING_RESPONSE: |
439 case STUN_BINDING_ERROR_RESPONSE: | 496 case STUN_BINDING_ERROR_RESPONSE: |
440 case STUN_SHARED_SECRET_REQUEST: | 497 case STUN_SHARED_SECRET_REQUEST: |
441 case STUN_SHARED_SECRET_RESPONSE: | 498 case STUN_SHARED_SECRET_RESPONSE: |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
495 } | 552 } |
496 | 553 |
497 void P2PSocketHost::StartRtpDump( | 554 void P2PSocketHost::StartRtpDump( |
498 bool incoming, | 555 bool incoming, |
499 bool outgoing, | 556 bool outgoing, |
500 const RenderProcessHost::WebRtcRtpPacketCallback& packet_callback) { | 557 const RenderProcessHost::WebRtcRtpPacketCallback& packet_callback) { |
501 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 558 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
502 DCHECK(!packet_callback.is_null()); | 559 DCHECK(!packet_callback.is_null()); |
503 DCHECK(incoming || outgoing); | 560 DCHECK(incoming || outgoing); |
504 | 561 |
505 if (incoming) | 562 if (incoming) { |
506 dump_incoming_rtp_packet_ = true; | 563 dump_incoming_rtp_packet_ = true; |
564 } | |
507 | 565 |
508 if (outgoing) | 566 if (outgoing) { |
509 dump_outgoing_rtp_packet_ = true; | 567 dump_outgoing_rtp_packet_ = true; |
568 } | |
510 | 569 |
511 packet_dump_callback_ = packet_callback; | 570 packet_dump_callback_ = packet_callback; |
512 } | 571 } |
513 | 572 |
514 void P2PSocketHost::StopRtpDump(bool incoming, bool outgoing) { | 573 void P2PSocketHost::StopRtpDump(bool incoming, bool outgoing) { |
515 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 574 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
516 DCHECK(incoming || outgoing); | 575 DCHECK(incoming || outgoing); |
517 | 576 |
518 if (incoming) | 577 if (incoming) { |
519 dump_incoming_rtp_packet_ = false; | 578 dump_incoming_rtp_packet_ = false; |
579 } | |
520 | 580 |
521 if (outgoing) | 581 if (outgoing) { |
522 dump_outgoing_rtp_packet_ = false; | 582 dump_outgoing_rtp_packet_ = false; |
583 } | |
523 | 584 |
524 if (!dump_incoming_rtp_packet_ && !dump_outgoing_rtp_packet_) | 585 if (!dump_incoming_rtp_packet_ && !dump_outgoing_rtp_packet_) { |
525 packet_dump_callback_.Reset(); | 586 packet_dump_callback_.Reset(); |
587 } | |
526 } | 588 } |
527 | 589 |
528 void P2PSocketHost::DumpRtpPacket(const char* packet, | 590 void P2PSocketHost::DumpRtpPacket(const char* packet, |
529 size_t length, | 591 size_t length, |
530 bool incoming) { | 592 bool incoming) { |
531 if (IsDtlsPacket(packet, length) || IsRtcpPacket(packet)) | 593 if (IsDtlsPacket(packet, length) || IsRtcpPacket(packet, length)) { |
532 return; | 594 return; |
595 } | |
533 | 596 |
534 int rtp_packet_pos = 0; | 597 size_t rtp_packet_pos = 0; |
535 int rtp_packet_length = length; | 598 size_t rtp_packet_length = length; |
536 if (!packet_processing_helpers::GetRtpPacketStartPositionAndLength( | 599 if (!packet_processing_helpers::GetRtpPacketStartPositionAndLength( |
537 packet, length, &rtp_packet_pos, &rtp_packet_length)) | 600 packet, length, &rtp_packet_pos, &rtp_packet_length)) { |
538 return; | 601 return; |
602 } | |
539 | 603 |
540 packet += rtp_packet_pos; | 604 packet += rtp_packet_pos; |
541 | 605 |
542 size_t header_length = 0; | 606 size_t header_length = 0; |
543 bool valid = ValidateRtpHeader(packet, rtp_packet_length, &header_length); | 607 bool valid = ValidateRtpHeader(packet, rtp_packet_length, &header_length); |
544 if (!valid) { | 608 if (!valid) { |
545 DCHECK(false); | 609 DCHECK(false); |
546 return; | 610 return; |
547 } | 611 } |
548 | 612 |
(...skipping 28 matching lines...) Expand all Loading... | |
577 BrowserThread::PostTask(BrowserThread::UI, | 641 BrowserThread::PostTask(BrowserThread::UI, |
578 FROM_HERE, | 642 FROM_HERE, |
579 base::Bind(packet_dump_callback_, | 643 base::Bind(packet_dump_callback_, |
580 Passed(&packet_header), | 644 Passed(&packet_header), |
581 header_length, | 645 header_length, |
582 packet_length, | 646 packet_length, |
583 incoming)); | 647 incoming)); |
584 } | 648 } |
585 | 649 |
586 } // namespace content | 650 } // namespace content |
OLD | NEW |