Bug 1336507 - Part 2: Move some TLS related stuff from |connect| to |create|, so it is better reflected in candidate labels/codeword. r=drno
authorByron Campen [:bwc] <docfaraday@gmail.com>
Fri, 03 Feb 2017 16:47:05 -0600
changeset 387664 73fb6dab1ea936806d18cbea8012fa20435879a5
parent 387663 bd81e72532b3171f4fbde1f0feec4d6bd70c1987
child 387665 31bf2f8302b05449734c5fe6696521db9333c08a
push id7198
push userjlorenzo@mozilla.com
push dateTue, 18 Apr 2017 12:07:49 +0000
treeherdermozilla-beta@d57aa49c3948 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdrno
bugs1336507
milestone54.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1336507 - Part 2: Move some TLS related stuff from |connect| to |create|, so it is better reflected in candidate labels/codeword. r=drno MozReview-Commit-ID: GnaJa1EPw0j
media/mtransport/nr_socket_prsock.cpp
media/mtransport/nricectx.cpp
media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
media/mtransport/third_party/nICEr/src/ice/ice_component.c
media/mtransport/third_party/nICEr/src/net/transport_addr.c
--- a/media/mtransport/nr_socket_prsock.cpp
+++ b/media/mtransport/nr_socket_prsock.cpp
@@ -642,16 +642,20 @@ int NrSocket::create(nr_transport_addr *
         } else {
           r_log(LOG_GENERIC, LOG_CRIT,
             "Couldn't get socket send buffer size: %d", status);
         }
       }
 #endif
       break;
     case IPPROTO_TCP:
+      // TODO: Add TLS layer with nsISocketProviderService?
+      if (my_addr_.tls_host[0] != '\0')
+        ABORT(R_INTERNAL);
+
       if (!(fd_ = PR_OpenTCPSocket(naddr.raw.family))) {
         r_log(LOG_GENERIC,LOG_CRIT,"Couldn't create TCP socket, "
               "family=%d, err=%d", naddr.raw.family, PR_GetError());
         ABORT(R_INTERNAL);
       }
       // Set ReuseAddr for TCP sockets to enable having several
       // sockets bound to same local IP and port
       PRSocketOptionData opt_reuseaddr;
@@ -868,20 +872,16 @@ void NrSocket::close() {
 
 
 int NrSocket::connect(nr_transport_addr *addr) {
   ASSERT_ON_THREAD(ststhread_);
   int r,_status;
   PRNetAddr naddr;
   int32_t connect_status, getsockname_status;
 
-  // TODO: Add TLS layer with nsISocketProviderService?
-  if (addr->tls_host[0] != '\0')
-    ABORT(R_INTERNAL);
-
   if ((r=nr_transport_addr_to_praddr(addr, &naddr)))
     ABORT(r);
 
   if(!fd_)
     ABORT(R_EOD);
 
   // Note: this just means we tried to connect, not that we
   // are actually live.
@@ -1854,43 +1854,41 @@ void NrTcpSocketIpc::close() {
                 NS_DISPATCH_NORMAL);
 
   //remove all enqueued messages
   std::queue<RefPtr<nr_tcp_message>> empty;
   std::swap(msg_queue_, empty);
 }
 
 int NrTcpSocketIpc::connect(nr_transport_addr *addr) {
-  nsCString remote_addr, local_addr, tls_host;
+  nsCString remote_addr, local_addr;
   int32_t remote_port, local_port;
   int r, _status;
   if ((r=nr_transport_addr_get_addrstring_and_port(addr,
                                                    &remote_addr,
                                                    &remote_port))) {
     ABORT(r);
   }
 
   if ((r=nr_transport_addr_get_addrstring_and_port(&my_addr_,
                                                    &local_addr,
                                                    &local_port))) {
     MOZ_ASSERT(false); // shouldn't fail as it was sanity-checked in ::create()
     ABORT(r);
   }
 
-  tls_host = addr->tls_host;
-
   state_ = mirror_state_ = NR_CONNECTING;
   RUN_ON_THREAD(io_thread_,
                 mozilla::WrapRunnable(RefPtr<NrTcpSocketIpc>(this),
                              &NrTcpSocketIpc::connect_i,
                              remote_addr,
                              static_cast<uint16_t>(remote_port),
                              local_addr,
                              static_cast<uint16_t>(local_port),
-                             tls_host),
+                             nsCString(my_addr_.tls_host)),
                 NS_DISPATCH_NORMAL);
 
   // Make caller wait for ready to write.
   _status = R_WOULDBLOCK;
  abort:
   return _status;
 }
 
--- a/media/mtransport/nricectx.cpp
+++ b/media/mtransport/nricectx.cpp
@@ -209,16 +209,20 @@ nsresult NrIceStunServer::ToNicerStunStr
 
   memset(server, 0, sizeof(nr_ice_stun_server));
   if (transport_ == kNrIceTransportUdp) {
     server->transport = IPPROTO_UDP;
   } else if (transport_ == kNrIceTransportTcp) {
     server->transport = IPPROTO_TCP;
   } else if (transport_ == kNrIceTransportTls) {
     server->transport = IPPROTO_TCP;
+    if (has_addr_) {
+      // Refuse to try TLS without an FQDN
+      return NS_ERROR_INVALID_ARG;
+    }
     server->tls = 1;
   } else {
     MOZ_MTLOG(ML_ERROR, "Unsupported STUN server transport: " << transport_);
     return NS_ERROR_FAILURE;
   }
 
   if (has_addr_) {
     r = nr_praddr_to_transport_addr(&addr_, &server->u.addr,
--- a/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
@@ -675,24 +675,16 @@ static int nr_ice_candidate_resolved_cb(
             cand->ctx->label,cand->label);
       ABORT(R_NOT_FOUND);
     }
 
     /* Copy the address */
     if(r=nr_transport_addr_copy(&cand->stun_server_addr,addr))
       ABORT(r);
 
-    if (cand->stun_server->tls) {
-      /* Copy over the DNS name; needed for TLS. There is already a null at the
-       * end of the buffer, leave it there. */
-      strncpy(cand->stun_server_addr.tls_host,
-              cand->stun_server->u.dnsname.host,
-              sizeof(cand->stun_server_addr.tls_host) - 1);
-    }
-
     if (cand->tcp_type == TCP_TYPE_PASSIVE || cand->tcp_type == TCP_TYPE_SO){
       if (r=nr_socket_multi_tcp_stun_server_connect(cand->osock, addr))
         ABORT(r);
     }
 
     /* Now start initializing */
     if(r=nr_ice_candidate_initialize2(cand))
       ABORT(r);
--- a/media/mtransport/third_party/nICEr/src/ice/ice_component.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_component.c
@@ -544,16 +544,24 @@ static int nr_ice_component_initialize_t
             cand=0;
           }
         }
 
         /* Create relay candidate */
         if ((r=nr_transport_addr_copy(&addr, &addrs[i].addr)))
           ABORT(r);
         addr.protocol = IPPROTO_TCP;
+
+        /* If we're going to use TLS, make sure that's recorded */
+        if (ctx->turn_servers[j].turn_server.tls) {
+          strncpy(addr.tls_host,
+                  ctx->turn_servers[j].turn_server.u.dnsname.host,
+                  sizeof(addr.tls_host) - 1);
+        }
+
         if ((r=nr_transport_addr_fmt_addr_string(&addr)))
           ABORT(r);
         /* Create a local socket */
         if((r=nr_socket_factory_create_socket(ctx->socket_factory,&addr,&local_sock))){
           r_log(LOG_ICE,LOG_DEBUG,"ICE(%s): couldn't create socket for address %s",ctx->label,addr.as_string);
           continue;
         }
 
--- a/media/mtransport/third_party/nICEr/src/net/transport_addr.c
+++ b/media/mtransport/third_party/nICEr/src/net/transport_addr.c
@@ -57,17 +57,21 @@ int nr_transport_addr_fmt_addr_string(nr
   {
     int _status;
     /* Max length for normalized IPv6 address string representation is 39 */
     char buffer[40];
     const char *protocol;
 
     switch(addr->protocol){
       case IPPROTO_TCP:
-        protocol = "TCP";
+        if (addr->tls_host[0]) {
+          protocol = "TLS";
+        } else {
+          protocol = "TCP";
+        }
         break;
       case IPPROTO_UDP:
         protocol = "UDP";
         break;
       default:
         ABORT(R_INTERNAL);
     }