Bug 1336507 - Part 2: Move some TLS related stuff from |connect| to |create|, so it is better reflected in candidate labels/codeword. r=drno, a=lizzard
authorByron Campen [:bwc] <docfaraday@gmail.com>
Fri, 03 Feb 2017 16:47:05 -0600
changeset 379072 41811c42416acec9c556ba0d0bc9f5832b6b292b
parent 379071 9b8185c8700abe48dea9e31e642217cfa5d2532e
child 379073 4f5b66d12110442e7cda5d9ed83111515f56e471
push id1419
push userjlund@mozilla.com
push dateMon, 10 Apr 2017 20:44:07 +0000
treeherdermozilla-release@5e6801b73ef6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdrno, lizzard
bugs1336507
milestone53.0
Bug 1336507 - Part 2: Move some TLS related stuff from |connect| to |create|, so it is better reflected in candidate labels/codeword. r=drno, a=lizzard MozReview-Commit-ID: GnaJa1EPw0j
media/mtransport/nr_socket_prsock.cpp
media/mtransport/nricectx.cpp
media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
media/mtransport/third_party/nICEr/src/ice/ice_component.c
media/mtransport/third_party/nICEr/src/net/transport_addr.c
--- a/media/mtransport/nr_socket_prsock.cpp
+++ b/media/mtransport/nr_socket_prsock.cpp
@@ -642,16 +642,20 @@ int NrSocket::create(nr_transport_addr *
         } else {
           r_log(LOG_GENERIC, LOG_CRIT,
             "Couldn't get socket send buffer size: %d", status);
         }
       }
 #endif
       break;
     case IPPROTO_TCP:
+      // TODO: Add TLS layer with nsISocketProviderService?
+      if (my_addr_.tls_host[0] != '\0')
+        ABORT(R_INTERNAL);
+
       if (!(fd_ = PR_OpenTCPSocket(naddr.raw.family))) {
         r_log(LOG_GENERIC,LOG_CRIT,"Couldn't create TCP socket, "
               "family=%d, err=%d", naddr.raw.family, PR_GetError());
         ABORT(R_INTERNAL);
       }
       // Set ReuseAddr for TCP sockets to enable having several
       // sockets bound to same local IP and port
       PRSocketOptionData opt_reuseaddr;
@@ -868,20 +872,16 @@ void NrSocket::close() {
 
 
 int NrSocket::connect(nr_transport_addr *addr) {
   ASSERT_ON_THREAD(ststhread_);
   int r,_status;
   PRNetAddr naddr;
   int32_t connect_status, getsockname_status;
 
-  // TODO: Add TLS layer with nsISocketProviderService?
-  if (addr->tls_host[0] != '\0')
-    ABORT(R_INTERNAL);
-
   if ((r=nr_transport_addr_to_praddr(addr, &naddr)))
     ABORT(r);
 
   if(!fd_)
     ABORT(R_EOD);
 
   // Note: this just means we tried to connect, not that we
   // are actually live.
@@ -1854,43 +1854,41 @@ void NrTcpSocketIpc::close() {
                 NS_DISPATCH_NORMAL);
 
   //remove all enqueued messages
   std::queue<RefPtr<nr_tcp_message>> empty;
   std::swap(msg_queue_, empty);
 }
 
 int NrTcpSocketIpc::connect(nr_transport_addr *addr) {
-  nsCString remote_addr, local_addr, tls_host;
+  nsCString remote_addr, local_addr;
   int32_t remote_port, local_port;
   int r, _status;
   if ((r=nr_transport_addr_get_addrstring_and_port(addr,
                                                    &remote_addr,
                                                    &remote_port))) {
     ABORT(r);
   }
 
   if ((r=nr_transport_addr_get_addrstring_and_port(&my_addr_,
                                                    &local_addr,
                                                    &local_port))) {
     MOZ_ASSERT(false); // shouldn't fail as it was sanity-checked in ::create()
     ABORT(r);
   }
 
-  tls_host = addr->tls_host;
-
   state_ = mirror_state_ = NR_CONNECTING;
   RUN_ON_THREAD(io_thread_,
                 mozilla::WrapRunnable(RefPtr<NrTcpSocketIpc>(this),
                              &NrTcpSocketIpc::connect_i,
                              remote_addr,
                              static_cast<uint16_t>(remote_port),
                              local_addr,
                              static_cast<uint16_t>(local_port),
-                             tls_host),
+                             nsCString(my_addr_.tls_host)),
                 NS_DISPATCH_NORMAL);
 
   // Make caller wait for ready to write.
   _status = R_WOULDBLOCK;
  abort:
   return _status;
 }
 
--- a/media/mtransport/nricectx.cpp
+++ b/media/mtransport/nricectx.cpp
@@ -209,16 +209,20 @@ nsresult NrIceStunServer::ToNicerStunStr
 
   memset(server, 0, sizeof(nr_ice_stun_server));
   if (transport_ == kNrIceTransportUdp) {
     server->transport = IPPROTO_UDP;
   } else if (transport_ == kNrIceTransportTcp) {
     server->transport = IPPROTO_TCP;
   } else if (transport_ == kNrIceTransportTls) {
     server->transport = IPPROTO_TCP;
+    if (has_addr_) {
+      // Refuse to try TLS without an FQDN
+      return NS_ERROR_INVALID_ARG;
+    }
     server->tls = 1;
   } else {
     MOZ_MTLOG(ML_ERROR, "Unsupported STUN server transport: " << transport_);
     return NS_ERROR_FAILURE;
   }
 
   if (has_addr_) {
     r = nr_praddr_to_transport_addr(&addr_, &server->u.addr,
--- a/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
@@ -661,24 +661,16 @@ static int nr_ice_candidate_resolved_cb(
             cand->ctx->label,cand->label);
       ABORT(R_NOT_FOUND);
     }
 
     /* Copy the address */
     if(r=nr_transport_addr_copy(&cand->stun_server_addr,addr))
       ABORT(r);
 
-    if (cand->stun_server->tls) {
-      /* Copy over the DNS name; needed for TLS. There is already a null at the
-       * end of the buffer, leave it there. */
-      strncpy(cand->stun_server_addr.tls_host,
-              cand->stun_server->u.dnsname.host,
-              sizeof(cand->stun_server_addr.tls_host) - 1);
-    }
-
     if (cand->tcp_type == TCP_TYPE_PASSIVE || cand->tcp_type == TCP_TYPE_SO){
       if (r=nr_socket_multi_tcp_stun_server_connect(cand->osock, addr))
         ABORT(r);
     }
 
     /* Now start initializing */
     if(r=nr_ice_candidate_initialize2(cand))
       ABORT(r);
--- a/media/mtransport/third_party/nICEr/src/ice/ice_component.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_component.c
@@ -544,16 +544,24 @@ static int nr_ice_component_initialize_t
             cand=0;
           }
         }
 
         /* Create relay candidate */
         if ((r=nr_transport_addr_copy(&addr, &addrs[i].addr)))
           ABORT(r);
         addr.protocol = IPPROTO_TCP;
+
+        /* If we're going to use TLS, make sure that's recorded */
+        if (ctx->turn_servers[j].turn_server.tls) {
+          strncpy(addr.tls_host,
+                  ctx->turn_servers[j].turn_server.u.dnsname.host,
+                  sizeof(addr.tls_host) - 1);
+        }
+
         if ((r=nr_transport_addr_fmt_addr_string(&addr)))
           ABORT(r);
         /* Create a local socket */
         if((r=nr_socket_factory_create_socket(ctx->socket_factory,&addr,&local_sock))){
           r_log(LOG_ICE,LOG_DEBUG,"ICE(%s): couldn't create socket for address %s",ctx->label,addr.as_string);
           continue;
         }
 
--- a/media/mtransport/third_party/nICEr/src/net/transport_addr.c
+++ b/media/mtransport/third_party/nICEr/src/net/transport_addr.c
@@ -57,17 +57,21 @@ int nr_transport_addr_fmt_addr_string(nr
   {
     int _status;
     /* Max length for normalized IPv6 address string representation is 39 */
     char buffer[40];
     const char *protocol;
 
     switch(addr->protocol){
       case IPPROTO_TCP:
-        protocol = "TCP";
+        if (addr->tls_host[0]) {
+          protocol = "TLS";
+        } else {
+          protocol = "TCP";
+        }
         break;
       case IPPROTO_UDP:
         protocol = "UDP";
         break;
       default:
         ABORT(R_INTERNAL);
     }