blob: ef9b1d4cd7b0756f2861c03e8fddb40ccf752a07 [file] [log] [blame]
/*
* Copyright 2012 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#if defined(WEBRTC_POSIX)
#include <dirent.h>
#include "absl/strings/string_view.h"
#endif
#include <list>
#include <memory>
#include <utility>
#include <vector>
#include "absl/types/optional.h"
#include "api/units/time_delta.h"
#include "p2p/base/basic_packet_socket_factory.h"
#include "p2p/base/connection.h"
#include "p2p/base/p2p_constants.h"
#include "p2p/base/port_allocator.h"
#include "p2p/base/stun_port.h"
#include "p2p/base/test_turn_customizer.h"
#include "p2p/base/test_turn_server.h"
#include "p2p/base/transport_description.h"
#include "p2p/base/turn_port.h"
#include "p2p/base/turn_server.h"
#include "rtc_base/buffer.h"
#include "rtc_base/byte_buffer.h"
#include "rtc_base/checks.h"
#include "rtc_base/fake_clock.h"
#include "rtc_base/gunit.h"
#include "rtc_base/location.h"
#include "rtc_base/message_handler.h"
#include "rtc_base/net_helper.h"
#include "rtc_base/socket.h"
#include "rtc_base/socket_address.h"
#include "rtc_base/thread.h"
#include "rtc_base/time_utils.h"
#include "rtc_base/virtual_socket_server.h"
#include "test/gtest.h"
#include "test/scoped_key_value_config.h"
using rtc::SocketAddress;
static const SocketAddress kLocalAddr1("11.11.11.11", 0);
static const SocketAddress kLocalAddr2("22.22.22.22", 0);
static const SocketAddress kLocalIPv6Addr("2401:fa00:4:1000:be30:5bff:fee5:c3",
0);
static const SocketAddress kLocalIPv6Addr2("2401:fa00:4:2000:be30:5bff:fee5:d4",
0);
static const SocketAddress kTurnUdpIntAddr("99.99.99.3",
cricket::TURN_SERVER_PORT);
static const SocketAddress kTurnTcpIntAddr("99.99.99.4",
cricket::TURN_SERVER_PORT);
static const SocketAddress kTurnUdpExtAddr("99.99.99.5", 0);
static const SocketAddress kTurnAlternateIntAddr("99.99.99.6",
cricket::TURN_SERVER_PORT);
// Port for redirecting to a TCP Web server. Should not work.
static const SocketAddress kTurnDangerousAddr("99.99.99.7", 81);
// Port 53 (the DNS port); should work.
static const SocketAddress kTurnPort53Addr("99.99.99.7", 53);
// Port 80 (the HTTP port); should work.
static const SocketAddress kTurnPort80Addr("99.99.99.7", 80);
// Port 443 (the HTTPS port); should work.
static const SocketAddress kTurnPort443Addr("99.99.99.7", 443);
// The default TURN server port.
static const SocketAddress kTurnIntAddr("99.99.99.7",
cricket::TURN_SERVER_PORT);
static const SocketAddress kTurnIPv6IntAddr(
"2400:4030:2:2c00:be30:abcd:efab:cdef",
cricket::TURN_SERVER_PORT);
static const SocketAddress kTurnUdpIPv6IntAddr(
"2400:4030:1:2c00:be30:abcd:efab:cdef",
cricket::TURN_SERVER_PORT);
static const SocketAddress kTurnInvalidAddr("www.google.invalid.", 3478);
static const char kCandidateFoundation[] = "foundation";
static const char kIceUfrag1[] = "TESTICEUFRAG0001";
static const char kIceUfrag2[] = "TESTICEUFRAG0002";
static const char kIcePwd1[] = "TESTICEPWD00000000000001";
static const char kIcePwd2[] = "TESTICEPWD00000000000002";
static const char kTurnUsername[] = "test";
static const char kTurnPassword[] = "test";
// This test configures the virtual socket server to simulate delay so that we
// can verify operations take no more than the expected number of round trips.
static constexpr unsigned int kSimulatedRtt = 50;
// Connection destruction may happen asynchronously, but it should only
// take one simulated clock tick.
static constexpr unsigned int kConnectionDestructionDelay = 1;
// This used to be 1 second, but that's not always enough for getaddrinfo().
// See: https://bugs.chromium.org/p/webrtc/issues/detail?id=5191
static constexpr unsigned int kResolverTimeout = 10000;
static const cricket::ProtocolAddress kTurnUdpProtoAddr(kTurnUdpIntAddr,
cricket::PROTO_UDP);
static const cricket::ProtocolAddress kTurnTcpProtoAddr(kTurnTcpIntAddr,
cricket::PROTO_TCP);
static const cricket::ProtocolAddress kTurnTlsProtoAddr(kTurnTcpIntAddr,
cricket::PROTO_TLS);
static const cricket::ProtocolAddress kTurnUdpIPv6ProtoAddr(kTurnUdpIPv6IntAddr,
cricket::PROTO_UDP);
static const cricket::ProtocolAddress kTurnDangerousProtoAddr(
kTurnDangerousAddr,
cricket::PROTO_TCP);
static const cricket::ProtocolAddress kTurnPort53ProtoAddr(kTurnPort53Addr,
cricket::PROTO_TCP);
static const cricket::ProtocolAddress kTurnPort80ProtoAddr(kTurnPort80Addr,
cricket::PROTO_TCP);
static const cricket::ProtocolAddress kTurnPort443ProtoAddr(kTurnPort443Addr,
cricket::PROTO_TCP);
static const cricket::ProtocolAddress kTurnPortHostnameProtoAddr(
kTurnInvalidAddr,
cricket::PROTO_UDP);
static const unsigned int MSG_TESTFINISH = 0;
#if defined(WEBRTC_LINUX) && !defined(WEBRTC_ANDROID)
static int GetFDCount() {
struct dirent* dp;
int fd_count = 0;
DIR* dir = opendir("/proc/self/fd/");
while ((dp = readdir(dir)) != NULL) {
if (dp->d_name[0] == '.')
continue;
++fd_count;
}
closedir(dir);
return fd_count;
}
#endif
namespace cricket {
class TurnPortTestVirtualSocketServer : public rtc::VirtualSocketServer {
public:
TurnPortTestVirtualSocketServer() {
// This configures the virtual socket server to always add a simulated
// delay of exactly half of kSimulatedRtt.
set_delay_mean(kSimulatedRtt / 2);
UpdateDelayDistribution();
}
using rtc::VirtualSocketServer::LookupBinding;
};
class TestConnectionWrapper : public sigslot::has_slots<> {
public:
explicit TestConnectionWrapper(Connection* conn) : connection_(conn) {
conn->SignalDestroyed.connect(
this, &TestConnectionWrapper::OnConnectionDestroyed);
}
~TestConnectionWrapper() {
if (connection_) {
connection_->SignalDestroyed.disconnect(this);
}
}
Connection* connection() { return connection_; }
private:
void OnConnectionDestroyed(Connection* conn) {
ASSERT_TRUE(conn == connection_);
connection_ = nullptr;
}
Connection* connection_;
};
// Note: This test uses a fake clock with a simulated network round trip
// (between local port and TURN server) of kSimulatedRtt.
class TurnPortTest : public ::testing::Test,
public sigslot::has_slots<>,
public rtc::MessageHandlerAutoCleanup {
public:
TurnPortTest()
: ss_(new TurnPortTestVirtualSocketServer()),
main_(ss_.get()),
socket_factory_(ss_.get()),
turn_server_(&main_, ss_.get(), kTurnUdpIntAddr, kTurnUdpExtAddr),
turn_ready_(false),
turn_error_(false),
turn_unknown_address_(false),
turn_create_permission_success_(false),
turn_port_closed_(false),
turn_port_destroyed_(false),
udp_ready_(false),
test_finish_(false) {
// Some code uses "last received time == 0" to represent "nothing received
// so far", so we need to start the fake clock at a nonzero time...
// TODO(deadbeef): Fix this.
fake_clock_.AdvanceTime(webrtc::TimeDelta::Seconds(1));
}
virtual void OnMessage(rtc::Message* msg) {
RTC_CHECK(msg->message_id == MSG_TESTFINISH);
if (msg->message_id == MSG_TESTFINISH)
test_finish_ = true;
}
void OnTurnPortComplete(Port* port) { turn_ready_ = true; }
void OnTurnPortError(Port* port) { turn_error_ = true; }
void OnCandidateError(Port* port,
const cricket::IceCandidateErrorEvent& event) {
error_event_ = event;
}
void OnTurnUnknownAddress(PortInterface* port,
const SocketAddress& addr,
ProtocolType proto,
IceMessage* msg,
const std::string& rf,
bool /*port_muxed*/) {
turn_unknown_address_ = true;
}
void OnTurnCreatePermissionResult(TurnPort* port,
const SocketAddress& addr,
int code) {
// Ignoring the address.
turn_create_permission_success_ = (code == 0);
}
void OnTurnRefreshResult(TurnPort* port, int code) {
turn_refresh_success_ = (code == 0);
}
void OnTurnReadPacket(Connection* conn,
const char* data,
size_t size,
int64_t packet_time_us) {
turn_packets_.push_back(rtc::Buffer(data, size));
}
void OnUdpPortComplete(Port* port) { udp_ready_ = true; }
void OnUdpReadPacket(Connection* conn,
const char* data,
size_t size,
int64_t packet_time_us) {
udp_packets_.push_back(rtc::Buffer(data, size));
}
void OnSocketReadPacket(rtc::AsyncPacketSocket* socket,
const char* data,
size_t size,
const rtc::SocketAddress& remote_addr,
const int64_t& packet_time_us) {
turn_port_->HandleIncomingPacket(socket, data, size, remote_addr,
packet_time_us);
}
void OnTurnPortClosed(TurnPort* port) { turn_port_closed_ = true; }
void OnTurnPortDestroyed(PortInterface* port) { turn_port_destroyed_ = true; }
rtc::Socket* CreateServerSocket(const SocketAddress addr) {
rtc::Socket* socket = ss_->CreateSocket(AF_INET, SOCK_STREAM);
EXPECT_GE(socket->Bind(addr), 0);
EXPECT_GE(socket->Listen(5), 0);
return socket;
}
rtc::Network* MakeNetwork(const SocketAddress& addr) {
networks_.emplace_back("unittest", "unittest", addr.ipaddr(), 32);
networks_.back().AddIP(addr.ipaddr());
return &networks_.back();
}
bool CreateTurnPort(absl::string_view username,
absl::string_view password,
const ProtocolAddress& server_address) {
return CreateTurnPortWithAllParams(MakeNetwork(kLocalAddr1), username,
password, server_address);
}
bool CreateTurnPort(const rtc::SocketAddress& local_address,
absl::string_view username,
absl::string_view password,
const ProtocolAddress& server_address) {
return CreateTurnPortWithAllParams(MakeNetwork(local_address), username,
password, server_address);
}
bool CreateTurnPortWithNetwork(const rtc::Network* network,
absl::string_view username,
absl::string_view password,
const ProtocolAddress& server_address) {
return CreateTurnPortWithAllParams(network, username, password,
server_address);
}
// Version of CreateTurnPort that takes all possible parameters; all other
// helper methods call this, such that "SetIceRole" and "ConnectSignals" (and
// possibly other things in the future) only happen in one place.
bool CreateTurnPortWithAllParams(const rtc::Network* network,
absl::string_view username,
absl::string_view password,
const ProtocolAddress& server_address) {
RelayServerConfig config;
config.credentials = RelayCredentials(username, password);
CreateRelayPortArgs args;
args.network_thread = &main_;
args.socket_factory = &socket_factory_;
args.network = network;
args.username = kIceUfrag1;
args.password = kIcePwd1;
args.server_address = &server_address;
args.config = &config;
args.turn_customizer = turn_customizer_.get();
args.field_trials = &field_trials_;
turn_port_ = TurnPort::Create(args, 0, 0);
if (!turn_port_) {
return false;
}
// This TURN port will be the controlling.
turn_port_->SetIceRole(ICEROLE_CONTROLLING);
ConnectSignals();
if (server_address.proto == cricket::PROTO_TLS) {
// The test TURN server has a self-signed certificate so will not pass
// the normal client validation. Instruct the client to ignore certificate
// errors for testing only.
turn_port_->SetTlsCertPolicy(
TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK);
}
return true;
}
void CreateSharedTurnPort(absl::string_view username,
absl::string_view password,
const ProtocolAddress& server_address) {
RTC_CHECK(server_address.proto == PROTO_UDP);
if (!socket_) {
socket_.reset(socket_factory_.CreateUdpSocket(
rtc::SocketAddress(kLocalAddr1.ipaddr(), 0), 0, 0));
ASSERT_TRUE(socket_ != NULL);
socket_->SignalReadPacket.connect(this,
&TurnPortTest::OnSocketReadPacket);
}
RelayServerConfig config;
config.credentials = RelayCredentials(username, password);
CreateRelayPortArgs args;
args.network_thread = &main_;
args.socket_factory = &socket_factory_;
args.network = MakeNetwork(kLocalAddr1);
args.username = kIceUfrag1;
args.password = kIcePwd1;
args.server_address = &server_address;
args.config = &config;
args.turn_customizer = turn_customizer_.get();
args.field_trials = &field_trials_;
turn_port_ = TurnPort::Create(args, socket_.get());
// This TURN port will be the controlling.
turn_port_->SetIceRole(ICEROLE_CONTROLLING);
ConnectSignals();
}
void ConnectSignals() {
turn_port_->SignalPortComplete.connect(this,
&TurnPortTest::OnTurnPortComplete);
turn_port_->SignalPortError.connect(this, &TurnPortTest::OnTurnPortError);
turn_port_->SignalCandidateError.connect(this,
&TurnPortTest::OnCandidateError);
turn_port_->SignalUnknownAddress.connect(
this, &TurnPortTest::OnTurnUnknownAddress);
turn_port_->SignalCreatePermissionResult.connect(
this, &TurnPortTest::OnTurnCreatePermissionResult);
turn_port_->SignalTurnRefreshResult.connect(
this, &TurnPortTest::OnTurnRefreshResult);
turn_port_->SignalTurnPortClosed.connect(this,
&TurnPortTest::OnTurnPortClosed);
turn_port_->SubscribePortDestroyed(
[this](PortInterface* port) { OnTurnPortDestroyed(port); });
}
void CreateUdpPort() { CreateUdpPort(kLocalAddr2); }
void CreateUdpPort(const SocketAddress& address) {
udp_port_ = UDPPort::Create(&main_, &socket_factory_, MakeNetwork(address),
0, 0, kIceUfrag2, kIcePwd2, false,
absl::nullopt, &field_trials_);
// UDP port will be controlled.
udp_port_->SetIceRole(ICEROLE_CONTROLLED);
udp_port_->SignalPortComplete.connect(this,
&TurnPortTest::OnUdpPortComplete);
}
void PrepareTurnAndUdpPorts(ProtocolType protocol_type) {
// turn_port_ should have been created.
ASSERT_TRUE(turn_port_ != nullptr);
turn_port_->PrepareAddress();
ASSERT_TRUE_SIMULATED_WAIT(
turn_ready_, TimeToGetTurnCandidate(protocol_type), fake_clock_);
CreateUdpPort();
udp_port_->PrepareAddress();
ASSERT_TRUE_SIMULATED_WAIT(udp_ready_, kSimulatedRtt, fake_clock_);
}
// Returns the fake clock time to establish a connection over the given
// protocol.
int TimeToConnect(ProtocolType protocol_type) {
switch (protocol_type) {
case PROTO_TCP:
// The virtual socket server will delay by a fixed half a round trip
// for a TCP connection.
return kSimulatedRtt / 2;
case PROTO_TLS:
// TLS operates over TCP and additionally has a round of HELLO for
// negotiating ciphers and a round for exchanging certificates.
return 2 * kSimulatedRtt + TimeToConnect(PROTO_TCP);
case PROTO_UDP:
default:
// UDP requires no round trips to set up the connection.
return 0;
}
}
// Returns the total fake clock time to establish a connection with a TURN
// server over the given protocol and to allocate a TURN candidate.
int TimeToGetTurnCandidate(ProtocolType protocol_type) {
// For a simple allocation, the first Allocate message will return with an
// error asking for credentials and will succeed after the second Allocate
// message.
return 2 * kSimulatedRtt + TimeToConnect(protocol_type);
}
// Total fake clock time to do the following:
// 1. Connect to primary TURN server
// 2. Send Allocate and receive a redirect from the primary TURN server
// 3. Connect to alternate TURN server
// 4. Send Allocate and receive a request for credentials
// 5. Send Allocate with credentials and receive allocation
int TimeToGetAlternateTurnCandidate(ProtocolType protocol_type) {
return 3 * kSimulatedRtt + 2 * TimeToConnect(protocol_type);
}
bool CheckConnectionFailedAndPruned(Connection* conn) {
return conn && !conn->active() &&
conn->state() == IceCandidatePairState::FAILED;
}
// Checks that `turn_port_` has a nonempty set of connections and they are all
// failed and pruned.
bool CheckAllConnectionsFailedAndPruned() {
auto& connections = turn_port_->connections();
if (connections.empty()) {
return false;
}
for (const auto& kv : connections) {
if (!CheckConnectionFailedAndPruned(kv.second)) {
return false;
}
}
return true;
}
void TestReconstructedServerUrl(ProtocolType protocol_type,
absl::string_view expected_url) {
turn_port_->PrepareAddress();
ASSERT_TRUE_SIMULATED_WAIT(
turn_ready_, TimeToGetTurnCandidate(protocol_type), fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
EXPECT_EQ(turn_port_->Candidates()[0].url(), expected_url);
}
void TestTurnAlternateServer(ProtocolType protocol_type) {
std::vector<rtc::SocketAddress> redirect_addresses;
redirect_addresses.push_back(kTurnAlternateIntAddr);
TestTurnRedirector redirector(redirect_addresses);
turn_server_.AddInternalSocket(kTurnIntAddr, protocol_type);
turn_server_.AddInternalSocket(kTurnAlternateIntAddr, protocol_type);
turn_server_.set_redirect_hook(&redirector);
CreateTurnPort(kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnIntAddr, protocol_type));
// Retrieve the address before we run the state machine.
const SocketAddress old_addr = turn_port_->server_address().address;
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_,
TimeToGetAlternateTurnCandidate(protocol_type),
fake_clock_);
// Retrieve the address again, the turn port's address should be
// changed.
const SocketAddress new_addr = turn_port_->server_address().address;
EXPECT_NE(old_addr, new_addr);
ASSERT_EQ(1U, turn_port_->Candidates().size());
EXPECT_EQ(kTurnUdpExtAddr.ipaddr(),
turn_port_->Candidates()[0].address().ipaddr());
EXPECT_NE(0, turn_port_->Candidates()[0].address().port());
}
void TestTurnAlternateServerV4toV6(ProtocolType protocol_type) {
std::vector<rtc::SocketAddress> redirect_addresses;
redirect_addresses.push_back(kTurnIPv6IntAddr);
TestTurnRedirector redirector(redirect_addresses);
turn_server_.AddInternalSocket(kTurnIntAddr, protocol_type);
turn_server_.set_redirect_hook(&redirector);
CreateTurnPort(kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnIntAddr, protocol_type));
turn_port_->PrepareAddress();
// Need time to connect to TURN server, send Allocate request and receive
// redirect notice.
EXPECT_TRUE_SIMULATED_WAIT(
turn_error_, kSimulatedRtt + TimeToConnect(protocol_type), fake_clock_);
}
void TestTurnAlternateServerPingPong(ProtocolType protocol_type) {
std::vector<rtc::SocketAddress> redirect_addresses;
redirect_addresses.push_back(kTurnAlternateIntAddr);
redirect_addresses.push_back(kTurnIntAddr);
TestTurnRedirector redirector(redirect_addresses);
turn_server_.AddInternalSocket(kTurnIntAddr, protocol_type);
turn_server_.AddInternalSocket(kTurnAlternateIntAddr, protocol_type);
turn_server_.set_redirect_hook(&redirector);
CreateTurnPort(kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnIntAddr, protocol_type));
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_error_,
TimeToGetAlternateTurnCandidate(protocol_type),
fake_clock_);
ASSERT_EQ(0U, turn_port_->Candidates().size());
rtc::SocketAddress address;
// Verify that we have exhausted all alternate servers instead of
// failure caused by other errors.
EXPECT_FALSE(redirector.ShouldRedirect(address, &address));
}
void TestTurnAlternateServerDetectRepetition(ProtocolType protocol_type) {
std::vector<rtc::SocketAddress> redirect_addresses;
redirect_addresses.push_back(kTurnAlternateIntAddr);
redirect_addresses.push_back(kTurnAlternateIntAddr);
TestTurnRedirector redirector(redirect_addresses);
turn_server_.AddInternalSocket(kTurnIntAddr, protocol_type);
turn_server_.AddInternalSocket(kTurnAlternateIntAddr, protocol_type);
turn_server_.set_redirect_hook(&redirector);
CreateTurnPort(kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnIntAddr, protocol_type));
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_error_,
TimeToGetAlternateTurnCandidate(protocol_type),
fake_clock_);
ASSERT_EQ(0U, turn_port_->Candidates().size());
}
// A certain security exploit works by redirecting to a loopback address,
// which doesn't ever actually make sense. So redirects to loopback should
// be treated as errors.
// See: https://bugs.chromium.org/p/chromium/issues/detail?id=649118
void TestTurnAlternateServerLoopback(ProtocolType protocol_type, bool ipv6) {
const SocketAddress& local_address = ipv6 ? kLocalIPv6Addr : kLocalAddr1;
const SocketAddress& server_address =
ipv6 ? kTurnIPv6IntAddr : kTurnIntAddr;
std::vector<rtc::SocketAddress> redirect_addresses;
// Pick an unusual address in the 127.0.0.0/8 range to make sure more than
// 127.0.0.1 is covered.
SocketAddress loopback_address(ipv6 ? "::1" : "127.1.2.3",
TURN_SERVER_PORT);
redirect_addresses.push_back(loopback_address);
// Make a socket and bind it to the local port, to make extra sure no
// packet is sent to this address.
std::unique_ptr<rtc::Socket> loopback_socket(ss_->CreateSocket(
AF_INET, protocol_type == PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM));
ASSERT_NE(nullptr, loopback_socket.get());
ASSERT_EQ(0, loopback_socket->Bind(loopback_address));
if (protocol_type == PROTO_TCP) {
ASSERT_EQ(0, loopback_socket->Listen(1));
}
TestTurnRedirector redirector(redirect_addresses);
turn_server_.AddInternalSocket(server_address, protocol_type);
turn_server_.set_redirect_hook(&redirector);
CreateTurnPort(local_address, kTurnUsername, kTurnPassword,
ProtocolAddress(server_address, protocol_type));
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(
turn_error_, TimeToGetTurnCandidate(protocol_type), fake_clock_);
// Wait for some extra time, and make sure no packets were received on the
// loopback port we created (or in the case of TCP, no connection attempt
// occurred).
SIMULATED_WAIT(false, kSimulatedRtt, fake_clock_);
if (protocol_type == PROTO_UDP) {
char buf[1];
EXPECT_EQ(-1, loopback_socket->Recv(&buf, 1, nullptr));
} else {
std::unique_ptr<rtc::Socket> accepted_socket(
loopback_socket->Accept(nullptr));
EXPECT_EQ(nullptr, accepted_socket.get());
}
}
void TestTurnConnection(ProtocolType protocol_type) {
// Create ports and prepare addresses.
PrepareTurnAndUdpPorts(protocol_type);
// Send ping from UDP to TURN.
ASSERT_GE(turn_port_->Candidates().size(), 1U);
Connection* conn1 = udp_port_->CreateConnection(turn_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn1 != NULL);
conn1->Ping(0);
SIMULATED_WAIT(!turn_unknown_address_, kSimulatedRtt * 2, fake_clock_);
EXPECT_FALSE(turn_unknown_address_);
EXPECT_FALSE(conn1->receiving());
EXPECT_EQ(Connection::STATE_WRITE_INIT, conn1->write_state());
// Send ping from TURN to UDP.
Connection* conn2 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn2 != NULL);
ASSERT_TRUE_SIMULATED_WAIT(turn_create_permission_success_, kSimulatedRtt,
fake_clock_);
conn2->Ping(0);
// Two hops from TURN port to UDP port through TURN server, thus two RTTs.
EXPECT_EQ_SIMULATED_WAIT(Connection::STATE_WRITABLE, conn2->write_state(),
kSimulatedRtt * 2, fake_clock_);
EXPECT_TRUE(conn1->receiving());
EXPECT_TRUE(conn2->receiving());
EXPECT_EQ(Connection::STATE_WRITE_INIT, conn1->write_state());
// Send another ping from UDP to TURN.
conn1->Ping(0);
EXPECT_EQ_SIMULATED_WAIT(Connection::STATE_WRITABLE, conn1->write_state(),
kSimulatedRtt * 2, fake_clock_);
EXPECT_TRUE(conn2->receiving());
}
void TestDestroyTurnConnection() {
PrepareTurnAndUdpPorts(PROTO_UDP);
// Create connections on both ends.
Connection* conn1 = udp_port_->CreateConnection(turn_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
Connection* conn2 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
// Increased to 10 minutes, to ensure that the TurnEntry times out before
// the TurnPort.
turn_port_->set_timeout_delay(10 * 60 * 1000);
ASSERT_TRUE(conn2 != NULL);
ASSERT_TRUE_SIMULATED_WAIT(turn_create_permission_success_, kSimulatedRtt,
fake_clock_);
// Make sure turn connection can receive.
conn1->Ping(0);
EXPECT_EQ_SIMULATED_WAIT(Connection::STATE_WRITABLE, conn1->write_state(),
kSimulatedRtt * 2, fake_clock_);
EXPECT_FALSE(turn_unknown_address_);
// Destroy the connection on the TURN port. The TurnEntry still exists, so
// the TURN port should still process a ping from an unknown address.
turn_port_->DestroyConnection(conn2);
conn1->Ping(0);
EXPECT_TRUE_SIMULATED_WAIT(turn_unknown_address_, kSimulatedRtt,
fake_clock_);
// Wait for TurnEntry to expire. Timeout is 5 minutes.
// Expect that it still processes an incoming ping and signals the
// unknown address.
turn_unknown_address_ = false;
fake_clock_.AdvanceTime(webrtc::TimeDelta::Seconds(5 * 60));
conn1->Ping(0);
EXPECT_TRUE_SIMULATED_WAIT(turn_unknown_address_, kSimulatedRtt,
fake_clock_);
// If the connection is created again, it will start to receive pings.
conn2 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
conn1->Ping(0);
EXPECT_TRUE_SIMULATED_WAIT(conn2->receiving(), kSimulatedRtt, fake_clock_);
}
void TestTurnSendData(ProtocolType protocol_type) {
PrepareTurnAndUdpPorts(protocol_type);
// Create connections and send pings.
Connection* conn1 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
Connection* conn2 = udp_port_->CreateConnection(turn_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn1 != NULL);
ASSERT_TRUE(conn2 != NULL);
conn1->SignalReadPacket.connect(static_cast<TurnPortTest*>(this),
&TurnPortTest::OnTurnReadPacket);
conn2->SignalReadPacket.connect(static_cast<TurnPortTest*>(this),
&TurnPortTest::OnUdpReadPacket);
conn1->Ping(0);
EXPECT_EQ_SIMULATED_WAIT(Connection::STATE_WRITABLE, conn1->write_state(),
kSimulatedRtt * 2, fake_clock_);
conn2->Ping(0);
EXPECT_EQ_SIMULATED_WAIT(Connection::STATE_WRITABLE, conn2->write_state(),
kSimulatedRtt * 2, fake_clock_);
// Send some data.
size_t num_packets = 256;
for (size_t i = 0; i < num_packets; ++i) {
unsigned char buf[256] = {0};
for (size_t j = 0; j < i + 1; ++j) {
buf[j] = 0xFF - static_cast<unsigned char>(j);
}
conn1->Send(buf, i + 1, options);
conn2->Send(buf, i + 1, options);
SIMULATED_WAIT(false, kSimulatedRtt, fake_clock_);
}
// Check the data.
ASSERT_EQ(num_packets, turn_packets_.size());
ASSERT_EQ(num_packets, udp_packets_.size());
for (size_t i = 0; i < num_packets; ++i) {
EXPECT_EQ(i + 1, turn_packets_[i].size());
EXPECT_EQ(i + 1, udp_packets_[i].size());
EXPECT_EQ(turn_packets_[i], udp_packets_[i]);
}
}
// Test that a TURN allocation is released when the port is closed.
void TestTurnReleaseAllocation(ProtocolType protocol_type) {
PrepareTurnAndUdpPorts(protocol_type);
turn_port_.reset();
EXPECT_EQ_SIMULATED_WAIT(0U, turn_server_.server()->allocations().size(),
kSimulatedRtt, fake_clock_);
}
// Test that the TURN allocation is released by sending a refresh request
// with lifetime 0 when Release is called.
void TestTurnGracefulReleaseAllocation(ProtocolType protocol_type) {
PrepareTurnAndUdpPorts(protocol_type);
// Create connections and send pings.
Connection* conn1 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
Connection* conn2 = udp_port_->CreateConnection(turn_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn1 != NULL);
ASSERT_TRUE(conn2 != NULL);
conn1->SignalReadPacket.connect(static_cast<TurnPortTest*>(this),
&TurnPortTest::OnTurnReadPacket);
conn2->SignalReadPacket.connect(static_cast<TurnPortTest*>(this),
&TurnPortTest::OnUdpReadPacket);
conn1->Ping(0);
EXPECT_EQ_SIMULATED_WAIT(Connection::STATE_WRITABLE, conn1->write_state(),
kSimulatedRtt * 2, fake_clock_);
conn2->Ping(0);
EXPECT_EQ_SIMULATED_WAIT(Connection::STATE_WRITABLE, conn2->write_state(),
kSimulatedRtt * 2, fake_clock_);
// Send some data from Udp to TurnPort.
unsigned char buf[256] = {0};
conn2->Send(buf, sizeof(buf), options);
// Now release the TurnPort allocation.
// This will send a REFRESH with lifetime 0 to server.
turn_port_->Release();
// Wait for the TurnPort to signal closed.
ASSERT_TRUE_SIMULATED_WAIT(turn_port_closed_, kSimulatedRtt, fake_clock_);
// But the data should have arrived first.
ASSERT_EQ(1ul, turn_packets_.size());
EXPECT_EQ(sizeof(buf), turn_packets_[0].size());
// The allocation is released at server.
EXPECT_EQ(0U, turn_server_.server()->allocations().size());
}
protected:
webrtc::test::ScopedKeyValueConfig field_trials_;
rtc::ScopedFakeClock fake_clock_;
// When a "create port" helper method is called with an IP, we create a
// Network with that IP and add it to this list. Using a list instead of a
// vector so that when it grows, pointers aren't invalidated.
std::list<rtc::Network> networks_;
std::unique_ptr<TurnPortTestVirtualSocketServer> ss_;
rtc::AutoSocketServerThread main_;
rtc::BasicPacketSocketFactory socket_factory_;
std::unique_ptr<rtc::AsyncPacketSocket> socket_;
TestTurnServer turn_server_;
std::unique_ptr<TurnPort> turn_port_;
std::unique_ptr<UDPPort> udp_port_;
bool turn_ready_;
bool turn_error_;
bool turn_unknown_address_;
bool turn_create_permission_success_;
bool turn_port_closed_;
bool turn_port_destroyed_;
bool udp_ready_;
bool test_finish_;
bool turn_refresh_success_ = false;
std::vector<rtc::Buffer> turn_packets_;
std::vector<rtc::Buffer> udp_packets_;
rtc::PacketOptions options;
std::unique_ptr<webrtc::TurnCustomizer> turn_customizer_;
cricket::IceCandidateErrorEvent error_event_;
};
TEST_F(TurnPortTest, TestTurnPortType) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
EXPECT_EQ(cricket::RELAY_PORT_TYPE, turn_port_->Type());
}
// Tests that the URL of the servers can be correctly reconstructed when
// gathering the candidates.
TEST_F(TurnPortTest, TestReconstructedServerUrlForUdpIPv4) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestReconstructedServerUrl(PROTO_UDP, "turn:99.99.99.3:3478?transport=udp");
}
TEST_F(TurnPortTest, TestReconstructedServerUrlForUdpIPv6) {
turn_server_.AddInternalSocket(kTurnUdpIPv6IntAddr, PROTO_UDP);
CreateTurnPort(kLocalIPv6Addr, kTurnUsername, kTurnPassword,
kTurnUdpIPv6ProtoAddr);
TestReconstructedServerUrl(
PROTO_UDP,
"turn:2400:4030:1:2c00:be30:abcd:efab:cdef:3478?transport=udp");
}
TEST_F(TurnPortTest, TestReconstructedServerUrlForTcp) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
TestReconstructedServerUrl(PROTO_TCP, "turn:99.99.99.4:3478?transport=tcp");
}
TEST_F(TurnPortTest, TestReconstructedServerUrlForTls) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTlsProtoAddr);
TestReconstructedServerUrl(PROTO_TLS, "turns:99.99.99.4:3478?transport=tcp");
}
TEST_F(TurnPortTest, TestReconstructedServerUrlForHostname) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnPortHostnameProtoAddr);
// This test follows the pattern from TestTurnTcpOnAddressResolveFailure.
// As VSS doesn't provide DNS resolution, name resolve will fail,
// the error will be set and contain the url.
turn_port_->PrepareAddress();
EXPECT_TRUE_WAIT(turn_error_, kResolverTimeout);
std::string server_url =
"turn:" + kTurnInvalidAddr.ToString() + "?transport=udp";
ASSERT_EQ(error_event_.url, server_url);
}
// Do a normal TURN allocation.
TEST_F(TurnPortTest, TestTurnAllocate) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
EXPECT_EQ(0, turn_port_->SetOption(rtc::Socket::OPT_SNDBUF, 10 * 1024));
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 2, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
EXPECT_EQ(kTurnUdpExtAddr.ipaddr(),
turn_port_->Candidates()[0].address().ipaddr());
EXPECT_NE(0, turn_port_->Candidates()[0].address().port());
}
class TurnLoggingIdValidator : public StunMessageObserver {
public:
explicit TurnLoggingIdValidator(const char* expect_val)
: expect_val_(expect_val) {}
~TurnLoggingIdValidator() {}
void ReceivedMessage(const TurnMessage* msg) override {
if (msg->type() == cricket::STUN_ALLOCATE_REQUEST) {
const StunByteStringAttribute* attr =
msg->GetByteString(cricket::STUN_ATTR_TURN_LOGGING_ID);
if (expect_val_) {
ASSERT_NE(nullptr, attr);
ASSERT_EQ(expect_val_, attr->string_view());
} else {
EXPECT_EQ(nullptr, attr);
}
}
}
void ReceivedChannelData(const char* data, size_t size) override {}
private:
const char* expect_val_;
};
TEST_F(TurnPortTest, TestTurnAllocateWithLoggingId) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
turn_port_->SetTurnLoggingId("KESO");
turn_server_.server()->SetStunMessageObserver(
std::make_unique<TurnLoggingIdValidator>("KESO"));
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 2, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
EXPECT_EQ(kTurnUdpExtAddr.ipaddr(),
turn_port_->Candidates()[0].address().ipaddr());
EXPECT_NE(0, turn_port_->Candidates()[0].address().port());
}
TEST_F(TurnPortTest, TestTurnAllocateWithoutLoggingId) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
turn_server_.server()->SetStunMessageObserver(
std::make_unique<TurnLoggingIdValidator>(nullptr));
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 2, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
EXPECT_EQ(kTurnUdpExtAddr.ipaddr(),
turn_port_->Candidates()[0].address().ipaddr());
EXPECT_NE(0, turn_port_->Candidates()[0].address().port());
}
// Test bad credentials.
TEST_F(TurnPortTest, TestTurnBadCredentials) {
CreateTurnPort(kTurnUsername, "bad", kTurnUdpProtoAddr);
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_error_, kSimulatedRtt * 3, fake_clock_);
ASSERT_EQ(0U, turn_port_->Candidates().size());
EXPECT_EQ_SIMULATED_WAIT(error_event_.error_code, STUN_ERROR_UNAUTHORIZED,
kSimulatedRtt * 3, fake_clock_);
EXPECT_EQ(error_event_.error_text, "Unauthorized");
}
// Testing a normal UDP allocation using TCP connection.
TEST_F(TurnPortTest, TestTurnTcpAllocate) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
EXPECT_EQ(0, turn_port_->SetOption(rtc::Socket::OPT_SNDBUF, 10 * 1024));
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 3, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
EXPECT_EQ(kTurnUdpExtAddr.ipaddr(),
turn_port_->Candidates()[0].address().ipaddr());
EXPECT_NE(0, turn_port_->Candidates()[0].address().port());
}
// Test case for WebRTC issue 3927 where a proxy binds to the local host address
// instead the address that TurnPort originally bound to. The candidate pair
// impacted by this behavior should still be used.
TEST_F(TurnPortTest, TestTurnTcpAllocationWhenProxyChangesAddressToLocalHost) {
SocketAddress local_address("127.0.0.1", 0);
// After calling this, when TurnPort attempts to get a socket bound to
// kLocalAddr, it will end up using localhost instead.
ss_->SetAlternativeLocalAddress(kLocalAddr1.ipaddr(), local_address.ipaddr());
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kLocalAddr1, kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
EXPECT_EQ(0, turn_port_->SetOption(rtc::Socket::OPT_SNDBUF, 10 * 1024));
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 3, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
EXPECT_EQ(kTurnUdpExtAddr.ipaddr(),
turn_port_->Candidates()[0].address().ipaddr());
EXPECT_NE(0, turn_port_->Candidates()[0].address().port());
// Verify that the socket actually used localhost, otherwise this test isn't
// doing what it meant to.
ASSERT_EQ(local_address.ipaddr(),
turn_port_->Candidates()[0].related_address().ipaddr());
}
// If the address the socket ends up bound to does not match any address of the
// TurnPort's Network, then the socket should be discarded and no candidates
// should be signaled. In the context of ICE, where one TurnPort is created for
// each Network, when this happens it's likely that the unexpected address is
// associated with some other Network, which another TurnPort is already
// covering.
TEST_F(TurnPortTest,
TurnTcpAllocationDiscardedIfBoundAddressDoesNotMatchNetwork) {
// Sockets bound to kLocalAddr1 will actually end up with kLocalAddr2.
ss_->SetAlternativeLocalAddress(kLocalAddr1.ipaddr(), kLocalAddr2.ipaddr());
// Set up TURN server to use TCP (this logic only exists for TCP).
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
// Create TURN port and tell it to start allocation.
CreateTurnPort(kLocalAddr1, kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
turn_port_->PrepareAddress();
// Shouldn't take more than 1 RTT to realize the bound address isn't the one
// expected.
EXPECT_TRUE_SIMULATED_WAIT(turn_error_, kSimulatedRtt, fake_clock_);
EXPECT_EQ_SIMULATED_WAIT(error_event_.error_code, STUN_ERROR_GLOBAL_FAILURE,
kSimulatedRtt, fake_clock_);
ASSERT_NE(error_event_.error_text.find('.'), std::string::npos);
ASSERT_NE(error_event_.address.find(kLocalAddr2.HostAsSensitiveURIString()),
std::string::npos);
ASSERT_NE(error_event_.port, 0);
std::string server_url =
"turn:" + kTurnTcpIntAddr.ToString() + "?transport=tcp";
ASSERT_EQ(error_event_.url, server_url);
}
// A caveat for the above logic: if the socket ends up bound to one of the IPs
// associated with the Network, just not the "best" one, this is ok.
TEST_F(TurnPortTest, TurnTcpAllocationNotDiscardedIfNotBoundToBestIP) {
// Sockets bound to kLocalAddr1 will actually end up with kLocalAddr2.
ss_->SetAlternativeLocalAddress(kLocalAddr1.ipaddr(), kLocalAddr2.ipaddr());
// Set up a network with kLocalAddr1 as the "best" IP, and kLocalAddr2 as an
// alternate.
rtc::Network* network = MakeNetwork(kLocalAddr1);
network->AddIP(kLocalAddr2.ipaddr());
ASSERT_EQ(kLocalAddr1.ipaddr(), network->GetBestIP());
// Set up TURN server to use TCP (this logic only exists for TCP).
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
// Create TURN port using our special Network, and tell it to start
// allocation.
CreateTurnPortWithNetwork(network, kTurnUsername, kTurnPassword,
kTurnTcpProtoAddr);
turn_port_->PrepareAddress();
// Candidate should be gathered as normally.
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 3, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
// Verify that the socket actually used the alternate address, otherwise this
// test isn't doing what it meant to.
ASSERT_EQ(kLocalAddr2.ipaddr(),
turn_port_->Candidates()[0].related_address().ipaddr());
}
// Regression test for crbug.com/webrtc/8972, caused by buggy comparison
// between rtc::IPAddress and rtc::InterfaceAddress.
TEST_F(TurnPortTest, TCPPortNotDiscardedIfBoundToTemporaryIP) {
networks_.emplace_back("unittest", "unittest", kLocalIPv6Addr.ipaddr(), 32);
networks_.back().AddIP(rtc::InterfaceAddress(
kLocalIPv6Addr.ipaddr(), rtc::IPV6_ADDRESS_FLAG_TEMPORARY));
// Set up TURN server to use TCP (this logic only exists for TCP).
turn_server_.AddInternalSocket(kTurnIPv6IntAddr, PROTO_TCP);
// Create TURN port using our special Network, and tell it to start
// allocation.
CreateTurnPortWithNetwork(
&networks_.back(), kTurnUsername, kTurnPassword,
cricket::ProtocolAddress(kTurnIPv6IntAddr, PROTO_TCP));
turn_port_->PrepareAddress();
// Candidate should be gathered as normally.
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 3, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
}
// Testing turn port will attempt to create TCP socket on address resolution
// failure.
TEST_F(TurnPortTest, TestTurnTcpOnAddressResolveFailure) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnInvalidAddr, PROTO_TCP));
turn_port_->PrepareAddress();
EXPECT_TRUE_WAIT(turn_error_, kResolverTimeout);
// As VSS doesn't provide DNS resolution, name resolve will fail. TurnPort
// will proceed in creating a TCP socket which will fail as there is no
// server on the above domain and error will be set to SOCKET_ERROR.
EXPECT_EQ(SOCKET_ERROR, turn_port_->error());
EXPECT_EQ_SIMULATED_WAIT(error_event_.error_code, SERVER_NOT_REACHABLE_ERROR,
kSimulatedRtt, fake_clock_);
std::string server_url =
"turn:" + kTurnInvalidAddr.ToString() + "?transport=tcp";
ASSERT_EQ(error_event_.url, server_url);
}
// Testing turn port will attempt to create TLS socket on address resolution
// failure.
TEST_F(TurnPortTest, TestTurnTlsOnAddressResolveFailure) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
CreateTurnPort(kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnInvalidAddr, PROTO_TLS));
turn_port_->PrepareAddress();
EXPECT_TRUE_WAIT(turn_error_, kResolverTimeout);
EXPECT_EQ(SOCKET_ERROR, turn_port_->error());
}
// In case of UDP on address resolve failure, TurnPort will not create socket
// and return allocate failure.
TEST_F(TurnPortTest, TestTurnUdpOnAddressResolveFailure) {
CreateTurnPort(kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnInvalidAddr, PROTO_UDP));
turn_port_->PrepareAddress();
EXPECT_TRUE_WAIT(turn_error_, kResolverTimeout);
// Error from turn port will not be socket error.
EXPECT_NE(SOCKET_ERROR, turn_port_->error());
}
// Try to do a TURN allocation with an invalid password.
TEST_F(TurnPortTest, TestTurnAllocateBadPassword) {
CreateTurnPort(kTurnUsername, "bad", kTurnUdpProtoAddr);
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_error_, kSimulatedRtt * 2, fake_clock_);
ASSERT_EQ(0U, turn_port_->Candidates().size());
}
// Tests that TURN port nonce will be reset when receiving an ALLOCATE MISMATCH
// error.
TEST_F(TurnPortTest, TestTurnAllocateNonceResetAfterAllocateMismatch) {
// Do a normal allocation first.
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 2, fake_clock_);
rtc::SocketAddress first_addr(turn_port_->socket()->GetLocalAddress());
// Destroy the turnport while keeping the drop probability to 1 to
// suppress the release of the allocation at the server.
ss_->set_drop_probability(1.0);
turn_port_.reset();
SIMULATED_WAIT(false, kSimulatedRtt, fake_clock_);
ss_->set_drop_probability(0.0);
// Force the socket server to assign the same port.
ss_->SetNextPortForTesting(first_addr.port());
turn_ready_ = false;
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
// It is expected that the turn port will first get a nonce from the server
// using timestamp `ts_before` but then get an allocate mismatch error and
// receive an even newer nonce based on the system clock. `ts_before` is
// chosen so that the two NONCEs generated by the server will be different.
int64_t ts_before = rtc::TimeMillis() - 1;
std::string first_nonce =
turn_server_.server()->SetTimestampForNextNonce(ts_before);
turn_port_->PrepareAddress();
// Four round trips; first we'll get "stale nonce", then
// "allocate mismatch", then "stale nonce" again, then finally it will
// succeed.
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 4, fake_clock_);
EXPECT_NE(first_nonce, turn_port_->nonce());
}
// Tests that a new local address is created after
// STUN_ERROR_ALLOCATION_MISMATCH.
TEST_F(TurnPortTest, TestTurnAllocateMismatch) {
// Do a normal allocation first.
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 2, fake_clock_);
rtc::SocketAddress first_addr(turn_port_->socket()->GetLocalAddress());
// Clear connected_ flag on turnport to suppress the release of
// the allocation.
turn_port_->OnSocketClose(turn_port_->socket(), 0);
// Forces the socket server to assign the same port.
ss_->SetNextPortForTesting(first_addr.port());
turn_ready_ = false;
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
turn_port_->PrepareAddress();
// Verifies that the new port has the same address.
EXPECT_EQ(first_addr, turn_port_->socket()->GetLocalAddress());
// Four round trips; first we'll get "stale nonce", then
// "allocate mismatch", then "stale nonce" again, then finally it will
// succeed.
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 4, fake_clock_);
// Verifies that the new port has a different address now.
EXPECT_NE(first_addr, turn_port_->socket()->GetLocalAddress());
// Verify that all packets received from the shared socket are ignored.
std::string test_packet = "Test packet";
EXPECT_FALSE(turn_port_->HandleIncomingPacket(
socket_.get(), test_packet.data(), test_packet.size(),
rtc::SocketAddress(kTurnUdpExtAddr.ipaddr(), 0), rtc::TimeMicros()));
}
// Tests that a shared-socket-TurnPort creates its own socket after
// STUN_ERROR_ALLOCATION_MISMATCH.
TEST_F(TurnPortTest, TestSharedSocketAllocateMismatch) {
// Do a normal allocation first.
CreateSharedTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 2, fake_clock_);
rtc::SocketAddress first_addr(turn_port_->socket()->GetLocalAddress());
// Clear connected_ flag on turnport to suppress the release of
// the allocation.
turn_port_->OnSocketClose(turn_port_->socket(), 0);
turn_ready_ = false;
CreateSharedTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
// Verifies that the new port has the same address.
EXPECT_EQ(first_addr, turn_port_->socket()->GetLocalAddress());
EXPECT_TRUE(turn_port_->SharedSocket());
turn_port_->PrepareAddress();
// Extra 2 round trips due to allocate mismatch.
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 4, fake_clock_);
// Verifies that the new port has a different address now.
EXPECT_NE(first_addr, turn_port_->socket()->GetLocalAddress());
EXPECT_FALSE(turn_port_->SharedSocket());
}
TEST_F(TurnPortTest, TestTurnTcpAllocateMismatch) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
// Do a normal allocation first.
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 3, fake_clock_);
rtc::SocketAddress first_addr(turn_port_->socket()->GetLocalAddress());
// Clear connected_ flag on turnport to suppress the release of
// the allocation.
turn_port_->OnSocketClose(turn_port_->socket(), 0);
// Forces the socket server to assign the same port.
ss_->SetNextPortForTesting(first_addr.port());
turn_ready_ = false;
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
turn_port_->PrepareAddress();
// Verifies that the new port has the same address.
EXPECT_EQ(first_addr, turn_port_->socket()->GetLocalAddress());
// Extra 2 round trips due to allocate mismatch.
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 5, fake_clock_);
// Verifies that the new port has a different address now.
EXPECT_NE(first_addr, turn_port_->socket()->GetLocalAddress());
}
TEST_F(TurnPortTest, TestRefreshRequestGetsErrorResponse) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
PrepareTurnAndUdpPorts(PROTO_UDP);
turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
// Set bad credentials.
RelayCredentials bad_credentials("bad_user", "bad_pwd");
turn_port_->set_credentials(bad_credentials);
turn_refresh_success_ = false;
// This sends out the first RefreshRequest with correct credentials.
// When this succeeds, it will schedule a new RefreshRequest with the bad
// credential.
turn_port_->request_manager().FlushForTest(TURN_REFRESH_REQUEST);
EXPECT_TRUE_SIMULATED_WAIT(turn_refresh_success_, kSimulatedRtt, fake_clock_);
// Flush it again, it will receive a bad response.
turn_port_->request_manager().FlushForTest(TURN_REFRESH_REQUEST);
EXPECT_TRUE_SIMULATED_WAIT(!turn_refresh_success_, kSimulatedRtt,
fake_clock_);
EXPECT_FALSE(turn_port_->connected());
EXPECT_TRUE(CheckAllConnectionsFailedAndPruned());
EXPECT_FALSE(turn_port_->HasRequests());
}
// Test that TurnPort will not handle any incoming packets once it has been
// closed.
TEST_F(TurnPortTest, TestStopProcessingPacketsAfterClosed) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
PrepareTurnAndUdpPorts(PROTO_UDP);
Connection* conn1 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
Connection* conn2 = udp_port_->CreateConnection(turn_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn1 != NULL);
ASSERT_TRUE(conn2 != NULL);
// Make sure conn2 is writable.
conn2->Ping(0);
EXPECT_EQ_SIMULATED_WAIT(Connection::STATE_WRITABLE, conn2->write_state(),
kSimulatedRtt * 2, fake_clock_);
turn_port_->CloseForTest();
SIMULATED_WAIT(false, kSimulatedRtt, fake_clock_);
turn_unknown_address_ = false;
conn2->Ping(0);
SIMULATED_WAIT(false, kSimulatedRtt, fake_clock_);
// Since the turn port does not handle packets any more, it should not
// SignalUnknownAddress.
EXPECT_FALSE(turn_unknown_address_);
}
// Test that CreateConnection will return null if port becomes disconnected.
TEST_F(TurnPortTest, TestCreateConnectionWhenSocketClosed) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
PrepareTurnAndUdpPorts(PROTO_TCP);
// Create a connection.
Connection* conn1 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn1 != NULL);
// Close the socket and create a connection again.
turn_port_->OnSocketClose(turn_port_->socket(), 1);
conn1 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn1 == NULL);
}
// Tests that when a TCP socket is closed, the respective TURN connection will
// be destroyed.
TEST_F(TurnPortTest, TestSocketCloseWillDestroyConnection) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
PrepareTurnAndUdpPorts(PROTO_TCP);
Connection* conn = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
EXPECT_NE(nullptr, conn);
EXPECT_TRUE(!turn_port_->connections().empty());
turn_port_->socket()->NotifyClosedForTest(1);
EXPECT_TRUE_SIMULATED_WAIT(turn_port_->connections().empty(),
kConnectionDestructionDelay, fake_clock_);
}
// Test try-alternate-server feature.
TEST_F(TurnPortTest, TestTurnAlternateServerUDP) {
TestTurnAlternateServer(PROTO_UDP);
}
TEST_F(TurnPortTest, TestTurnAlternateServerTCP) {
TestTurnAlternateServer(PROTO_TCP);
}
TEST_F(TurnPortTest, TestTurnAlternateServerTLS) {
TestTurnAlternateServer(PROTO_TLS);
}
// Test that we fail when we redirect to an address different from
// current IP family.
TEST_F(TurnPortTest, TestTurnAlternateServerV4toV6UDP) {
TestTurnAlternateServerV4toV6(PROTO_UDP);
}
TEST_F(TurnPortTest, TestTurnAlternateServerV4toV6TCP) {
TestTurnAlternateServerV4toV6(PROTO_TCP);
}
TEST_F(TurnPortTest, TestTurnAlternateServerV4toV6TLS) {
TestTurnAlternateServerV4toV6(PROTO_TLS);
}
// Test try-alternate-server catches the case of pingpong.
TEST_F(TurnPortTest, TestTurnAlternateServerPingPongUDP) {
TestTurnAlternateServerPingPong(PROTO_UDP);
}
TEST_F(TurnPortTest, TestTurnAlternateServerPingPongTCP) {
TestTurnAlternateServerPingPong(PROTO_TCP);
}
TEST_F(TurnPortTest, TestTurnAlternateServerPingPongTLS) {
TestTurnAlternateServerPingPong(PROTO_TLS);
}
// Test try-alternate-server catch the case of repeated server.
TEST_F(TurnPortTest, TestTurnAlternateServerDetectRepetitionUDP) {
TestTurnAlternateServerDetectRepetition(PROTO_UDP);
}
TEST_F(TurnPortTest, TestTurnAlternateServerDetectRepetitionTCP) {
TestTurnAlternateServerDetectRepetition(PROTO_TCP);
}
TEST_F(TurnPortTest, TestTurnAlternateServerDetectRepetitionTLS) {
TestTurnAlternateServerDetectRepetition(PROTO_TCP);
}
// Test catching the case of a redirect to loopback.
TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackUdpIpv4) {
TestTurnAlternateServerLoopback(PROTO_UDP, false);
}
TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackUdpIpv6) {
TestTurnAlternateServerLoopback(PROTO_UDP, true);
}
TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackTcpIpv4) {
TestTurnAlternateServerLoopback(PROTO_TCP, false);
}
TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackTcpIpv6) {
TestTurnAlternateServerLoopback(PROTO_TCP, true);
}
TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackTlsIpv4) {
TestTurnAlternateServerLoopback(PROTO_TLS, false);
}
TEST_F(TurnPortTest, TestTurnAlternateServerLoopbackTlsIpv6) {
TestTurnAlternateServerLoopback(PROTO_TLS, true);
}
// Do a TURN allocation and try to send a packet to it from the outside.
// The packet should be dropped. Then, try to send a packet from TURN to the
// outside. It should reach its destination. Finally, try again from the
// outside. It should now work as well.
TEST_F(TurnPortTest, TestTurnConnection) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestTurnConnection(PROTO_UDP);
}
// Similar to above, except that this test will use the shared socket.
TEST_F(TurnPortTest, TestTurnConnectionUsingSharedSocket) {
CreateSharedTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestTurnConnection(PROTO_UDP);
}
// Test that we can establish a TCP connection with TURN server.
TEST_F(TurnPortTest, TestTurnTcpConnection) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
TestTurnConnection(PROTO_TCP);
}
// Test that we can establish a TLS connection with TURN server.
TEST_F(TurnPortTest, TestTurnTlsConnection) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTlsProtoAddr);
TestTurnConnection(PROTO_TLS);
}
// Test that if a connection on a TURN port is destroyed, the TURN port can
// still receive ping on that connection as if it is from an unknown address.
// If the connection is created again, it will be used to receive ping.
TEST_F(TurnPortTest, TestDestroyTurnConnection) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestDestroyTurnConnection();
}
// Similar to above, except that this test will use the shared socket.
TEST_F(TurnPortTest, TestDestroyTurnConnectionUsingSharedSocket) {
CreateSharedTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestDestroyTurnConnection();
}
// Run TurnConnectionTest with one-time-use nonce feature.
// Here server will send a 438 STALE_NONCE error message for
// every TURN transaction.
TEST_F(TurnPortTest, TestTurnConnectionUsingOTUNonce) {
turn_server_.set_enable_otu_nonce(true);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestTurnConnection(PROTO_UDP);
}
// Test that CreatePermissionRequest will be scheduled after the success
// of the first create permission request and the request will get an
// ErrorResponse if the ufrag and pwd are incorrect.
TEST_F(TurnPortTest, TestRefreshCreatePermissionRequest) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
PrepareTurnAndUdpPorts(PROTO_UDP);
Connection* conn = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn != NULL);
EXPECT_TRUE_SIMULATED_WAIT(turn_create_permission_success_, kSimulatedRtt,
fake_clock_);
turn_create_permission_success_ = false;
// A create-permission-request should be pending.
// After the next create-permission-response is received, it will schedule
// another request with bad_ufrag and bad_pwd.
RelayCredentials bad_credentials("bad_user", "bad_pwd");
turn_port_->set_credentials(bad_credentials);
turn_port_->request_manager().FlushForTest(kAllRequestsForTest);
EXPECT_TRUE_SIMULATED_WAIT(turn_create_permission_success_, kSimulatedRtt,
fake_clock_);
// Flush the requests again; the create-permission-request will fail.
turn_port_->request_manager().FlushForTest(kAllRequestsForTest);
EXPECT_TRUE_SIMULATED_WAIT(!turn_create_permission_success_, kSimulatedRtt,
fake_clock_);
EXPECT_TRUE(CheckConnectionFailedAndPruned(conn));
}
TEST_F(TurnPortTest, TestChannelBindGetErrorResponse) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
PrepareTurnAndUdpPorts(PROTO_UDP);
Connection* conn1 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn1 != nullptr);
Connection* conn2 = udp_port_->CreateConnection(turn_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
ASSERT_TRUE(conn2 != nullptr);
conn1->Ping(0);
EXPECT_TRUE_SIMULATED_WAIT(conn1->writable(), kSimulatedRtt * 2, fake_clock_);
// TODO(deadbeef): SetEntryChannelId should not be a public method.
// Instead we should set an option on the fake TURN server to force it to
// send a channel bind errors.
ASSERT_TRUE(
turn_port_->SetEntryChannelId(udp_port_->Candidates()[0].address(), -1));
std::string data = "ABC";
conn1->Send(data.data(), data.length(), options);
EXPECT_TRUE_SIMULATED_WAIT(CheckConnectionFailedAndPruned(conn1),
kSimulatedRtt, fake_clock_);
// Verify that packets are allowed to be sent after a bind request error.
// They'll just use a send indication instead.
conn2->SignalReadPacket.connect(static_cast<TurnPortTest*>(this),
&TurnPortTest::OnUdpReadPacket);
conn1->Send(data.data(), data.length(), options);
EXPECT_TRUE_SIMULATED_WAIT(!udp_packets_.empty(), kSimulatedRtt, fake_clock_);
}
// Do a TURN allocation, establish a UDP connection, and send some data.
TEST_F(TurnPortTest, TestTurnSendDataTurnUdpToUdp) {
// Create ports and prepare addresses.
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestTurnSendData(PROTO_UDP);
EXPECT_EQ(UDP_PROTOCOL_NAME, turn_port_->Candidates()[0].relay_protocol());
}
// Do a TURN allocation, establish a TCP connection, and send some data.
TEST_F(TurnPortTest, TestTurnSendDataTurnTcpToUdp) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
// Create ports and prepare addresses.
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
TestTurnSendData(PROTO_TCP);
EXPECT_EQ(TCP_PROTOCOL_NAME, turn_port_->Candidates()[0].relay_protocol());
}
// Do a TURN allocation, establish a TLS connection, and send some data.
TEST_F(TurnPortTest, TestTurnSendDataTurnTlsToUdp) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTlsProtoAddr);
TestTurnSendData(PROTO_TLS);
EXPECT_EQ(TLS_PROTOCOL_NAME, turn_port_->Candidates()[0].relay_protocol());
}
// Test TURN fails to make a connection from IPv6 address to a server which has
// IPv4 address.
TEST_F(TurnPortTest, TestTurnLocalIPv6AddressServerIPv4) {
turn_server_.AddInternalSocket(kTurnUdpIPv6IntAddr, PROTO_UDP);
CreateTurnPort(kLocalIPv6Addr, kTurnUsername, kTurnPassword,
kTurnUdpProtoAddr);
turn_port_->PrepareAddress();
ASSERT_TRUE_SIMULATED_WAIT(turn_error_, kSimulatedRtt, fake_clock_);
EXPECT_TRUE(turn_port_->Candidates().empty());
}
// Test TURN make a connection from IPv6 address to a server which has
// IPv6 intenal address. But in this test external address is a IPv4 address,
// hence allocated address will be a IPv4 address.
TEST_F(TurnPortTest, TestTurnLocalIPv6AddressServerIPv6ExtenalIPv4) {
turn_server_.AddInternalSocket(kTurnUdpIPv6IntAddr, PROTO_UDP);
CreateTurnPort(kLocalIPv6Addr, kTurnUsername, kTurnPassword,
kTurnUdpIPv6ProtoAddr);
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 2, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
EXPECT_EQ(kTurnUdpExtAddr.ipaddr(),
turn_port_->Candidates()[0].address().ipaddr());
EXPECT_NE(0, turn_port_->Candidates()[0].address().port());
}
// Tests that the local and remote candidate address families should match when
// a connection is created. Specifically, if a TURN port has an IPv6 address,
// its local candidate will still be an IPv4 address and it can only create
// connections with IPv4 remote candidates.
TEST_F(TurnPortTest, TestCandidateAddressFamilyMatch) {
turn_server_.AddInternalSocket(kTurnUdpIPv6IntAddr, PROTO_UDP);
CreateTurnPort(kLocalIPv6Addr, kTurnUsername, kTurnPassword,
kTurnUdpIPv6ProtoAddr);
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 2, fake_clock_);
ASSERT_EQ(1U, turn_port_->Candidates().size());
// Create an IPv4 candidate. It will match the TURN candidate.
Candidate remote_candidate(ICE_CANDIDATE_COMPONENT_RTP, "udp", kLocalAddr2, 0,
"", "", "local", 0, kCandidateFoundation);
remote_candidate.set_address(kLocalAddr2);
Connection* conn =
turn_port_->CreateConnection(remote_candidate, Port::ORIGIN_MESSAGE);
EXPECT_NE(nullptr, conn);
// Set the candidate address family to IPv6. It won't match the TURN
// candidate.
remote_candidate.set_address(kLocalIPv6Addr2);
conn = turn_port_->CreateConnection(remote_candidate, Port::ORIGIN_MESSAGE);
EXPECT_EQ(nullptr, conn);
}
// Test that a CreatePermission failure will result in the connection being
// pruned and failed.
TEST_F(TurnPortTest, TestConnectionFailedAndPrunedOnCreatePermissionFailure) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
turn_server_.server()->set_reject_private_addresses(true);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
turn_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(turn_ready_, kSimulatedRtt * 3, fake_clock_);
CreateUdpPort(SocketAddress("10.0.0.10", 0));
udp_port_->PrepareAddress();
EXPECT_TRUE_SIMULATED_WAIT(udp_ready_, kSimulatedRtt, fake_clock_);
// Create a connection.
TestConnectionWrapper conn(turn_port_->CreateConnection(
udp_port_->Candidates()[0], Port::ORIGIN_MESSAGE));
EXPECT_TRUE(conn.connection() != nullptr);
// Asynchronously, CreatePermission request should be sent and fail, which
// will make the connection pruned and failed.
EXPECT_TRUE_SIMULATED_WAIT(CheckConnectionFailedAndPruned(conn.connection()),
kSimulatedRtt, fake_clock_);
EXPECT_TRUE_SIMULATED_WAIT(!turn_create_permission_success_, kSimulatedRtt,
fake_clock_);
// Check that the connection is not deleted asynchronously.
SIMULATED_WAIT(conn.connection() == nullptr, kConnectionDestructionDelay,
fake_clock_);
EXPECT_NE(nullptr, conn.connection());
}
// Test that a TURN allocation is released when the port is closed.
TEST_F(TurnPortTest, TestTurnReleaseAllocation) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestTurnReleaseAllocation(PROTO_UDP);
}
// Test that a TURN TCP allocation is released when the port is closed.
TEST_F(TurnPortTest, TestTurnTCPReleaseAllocation) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
TestTurnReleaseAllocation(PROTO_TCP);
}
TEST_F(TurnPortTest, TestTurnTLSReleaseAllocation) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTlsProtoAddr);
TestTurnReleaseAllocation(PROTO_TLS);
}
TEST_F(TurnPortTest, TestTurnUDPGracefulReleaseAllocation) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_UDP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
TestTurnGracefulReleaseAllocation(PROTO_UDP);
}
TEST_F(TurnPortTest, TestTurnTCPGracefulReleaseAllocation) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTcpProtoAddr);
TestTurnGracefulReleaseAllocation(PROTO_TCP);
}
TEST_F(TurnPortTest, TestTurnTLSGracefulReleaseAllocation) {
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTlsProtoAddr);
TestTurnGracefulReleaseAllocation(PROTO_TLS);
}
// Test that nothing bad happens if we try to create a connection to the same
// remote address twice. Previously there was a bug that caused this to hit a
// DCHECK.
TEST_F(TurnPortTest, CanCreateTwoConnectionsToSameAddress) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnUdpProtoAddr);
PrepareTurnAndUdpPorts(PROTO_UDP);
Connection* conn1 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
Connection* conn2 = turn_port_->CreateConnection(udp_port_->Candidates()[0],
Port::ORIGIN_MESSAGE);
EXPECT_NE(conn1, conn2);
}
// This test verifies any FD's are not leaked after TurnPort is destroyed.
// https://code.google.com/p/webrtc/issues/detail?id=2651
#if defined(WEBRTC_LINUX) && !defined(WEBRTC_ANDROID)
TEST_F(TurnPortTest, TestResolverShutdown) {
turn_server_.AddInternalSocket(kTurnUdpIPv6IntAddr, PROTO_UDP);
int last_fd_count = GetFDCount();
// Need to supply unresolved address to kick off resolver.
CreateTurnPort(kLocalIPv6Addr, kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnInvalidAddr, PROTO_UDP));
turn_port_->PrepareAddress();
ASSERT_TRUE_WAIT(turn_error_, kResolverTimeout);
EXPECT_TRUE(turn_port_->Candidates().empty());
turn_port_.reset();
rtc::Thread::Current()->Post(RTC_FROM_HERE, this, MSG_TESTFINISH);
// Waiting for above message to be processed.
ASSERT_TRUE_SIMULATED_WAIT(test_finish_, 1, fake_clock_);
EXPECT_EQ(last_fd_count, GetFDCount());
}
#endif
class MessageObserver : public StunMessageObserver {
public:
MessageObserver(unsigned int* message_counter,
unsigned int* channel_data_counter,
unsigned int* attr_counter)
: message_counter_(message_counter),
channel_data_counter_(channel_data_counter),
attr_counter_(attr_counter) {}
virtual ~MessageObserver() {}
void ReceivedMessage(const TurnMessage* msg) override {
if (message_counter_ != nullptr) {
(*message_counter_)++;
}
// Implementation defined attributes are returned as ByteString
const StunByteStringAttribute* attr =
msg->GetByteString(TestTurnCustomizer::STUN_ATTR_COUNTER);
if (attr != nullptr && attr_counter_ != nullptr) {
rtc::ByteBufferReader buf(attr->bytes(), attr->length());
unsigned int val = ~0u;
buf.ReadUInt32(&val);
(*attr_counter_)++;
}
}
void ReceivedChannelData(const char* data, size_t size) override {
if (channel_data_counter_ != nullptr) {
(*channel_data_counter_)++;
}
}
// Number of TurnMessages observed.
unsigned int* message_counter_ = nullptr;
// Number of channel data observed.
unsigned int* channel_data_counter_ = nullptr;
// Number of TurnMessages that had STUN_ATTR_COUNTER.
unsigned int* attr_counter_ = nullptr;
};
// Do a TURN allocation, establish a TLS connection, and send some data.
// Add customizer and check that it get called.
TEST_F(TurnPortTest, TestTurnCustomizerCount) {
unsigned int observer_message_counter = 0;
unsigned int observer_channel_data_counter = 0;
unsigned int observer_attr_counter = 0;
TestTurnCustomizer* customizer = new TestTurnCustomizer();
std::unique_ptr<MessageObserver> validator(new MessageObserver(
&observer_message_counter, &observer_channel_data_counter,
&observer_attr_counter));
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
turn_customizer_.reset(customizer);
turn_server_.server()->SetStunMessageObserver(std::move(validator));
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTlsProtoAddr);
TestTurnSendData(PROTO_TLS);
EXPECT_EQ(TLS_PROTOCOL_NAME, turn_port_->Candidates()[0].relay_protocol());
// There should have been at least turn_packets_.size() calls to `customizer`.
EXPECT_GE(customizer->modify_cnt_ + customizer->allow_channel_data_cnt_,
turn_packets_.size());
// Some channel data should be received.
EXPECT_GE(observer_channel_data_counter, 0u);
// Need to release TURN port before the customizer.
turn_port_.reset(nullptr);
}
// Do a TURN allocation, establish a TLS connection, and send some data.
// Add customizer and check that it can can prevent usage of channel data.
TEST_F(TurnPortTest, TestTurnCustomizerDisallowChannelData) {
unsigned int observer_message_counter = 0;
unsigned int observer_channel_data_counter = 0;
unsigned int observer_attr_counter = 0;
TestTurnCustomizer* customizer = new TestTurnCustomizer();
std::unique_ptr<MessageObserver> validator(new MessageObserver(
&observer_message_counter, &observer_channel_data_counter,
&observer_attr_counter));
customizer->allow_channel_data_ = false;
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
turn_customizer_.reset(customizer);
turn_server_.server()->SetStunMessageObserver(std::move(validator));
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTlsProtoAddr);
TestTurnSendData(PROTO_TLS);
EXPECT_EQ(TLS_PROTOCOL_NAME, turn_port_->Candidates()[0].relay_protocol());
// There should have been at least turn_packets_.size() calls to `customizer`.
EXPECT_GE(customizer->modify_cnt_, turn_packets_.size());
// No channel data should be received.
EXPECT_EQ(observer_channel_data_counter, 0u);
// Need to release TURN port before the customizer.
turn_port_.reset(nullptr);
}
// Do a TURN allocation, establish a TLS connection, and send some data.
// Add customizer and check that it can add attribute to messages.
TEST_F(TurnPortTest, TestTurnCustomizerAddAttribute) {
unsigned int observer_message_counter = 0;
unsigned int observer_channel_data_counter = 0;
unsigned int observer_attr_counter = 0;
TestTurnCustomizer* customizer = new TestTurnCustomizer();
std::unique_ptr<MessageObserver> validator(new MessageObserver(
&observer_message_counter, &observer_channel_data_counter,
&observer_attr_counter));
customizer->allow_channel_data_ = false;
customizer->add_counter_ = true;
turn_server_.AddInternalSocket(kTurnTcpIntAddr, PROTO_TLS);
turn_customizer_.reset(customizer);
turn_server_.server()->SetStunMessageObserver(std::move(validator));
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnTlsProtoAddr);
TestTurnSendData(PROTO_TLS);
EXPECT_EQ(TLS_PROTOCOL_NAME, turn_port_->Candidates()[0].relay_protocol());
// There should have been at least turn_packets_.size() calls to `customizer`.
EXPECT_GE(customizer->modify_cnt_, turn_packets_.size());
// Everything will be sent as messages since channel data is disallowed.
EXPECT_GE(customizer->modify_cnt_, observer_message_counter);
// All messages should have attribute.
EXPECT_EQ(observer_message_counter, observer_attr_counter);
// At least allow_channel_data_cnt_ messages should have been sent.
EXPECT_GE(customizer->modify_cnt_, customizer->allow_channel_data_cnt_);
EXPECT_GE(customizer->allow_channel_data_cnt_, 0u);
// No channel data should be received.
EXPECT_EQ(observer_channel_data_counter, 0u);
// Need to release TURN port before the customizer.
turn_port_.reset(nullptr);
}
TEST_F(TurnPortTest, TestOverlongUsername) {
std::string overlong_username(513, 'x');
RelayCredentials credentials(overlong_username, kTurnPassword);
EXPECT_FALSE(
CreateTurnPort(overlong_username, kTurnPassword, kTurnTlsProtoAddr));
}
TEST_F(TurnPortTest, TestTurnDangerousServer) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnDangerousProtoAddr);
ASSERT_FALSE(turn_port_);
}
TEST_F(TurnPortTest, TestTurnDangerousServerPermits53) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnPort53ProtoAddr);
ASSERT_TRUE(turn_port_);
}
TEST_F(TurnPortTest, TestTurnDangerousServerPermits80) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnPort80ProtoAddr);
ASSERT_TRUE(turn_port_);
}
TEST_F(TurnPortTest, TestTurnDangerousServerPermits443) {
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnPort443ProtoAddr);
ASSERT_TRUE(turn_port_);
}
TEST_F(TurnPortTest, TestTurnDangerousAlternateServer) {
const ProtocolType protocol_type = PROTO_TCP;
std::vector<rtc::SocketAddress> redirect_addresses;
redirect_addresses.push_back(kTurnDangerousAddr);
TestTurnRedirector redirector(redirect_addresses);
turn_server_.AddInternalSocket(kTurnIntAddr, protocol_type);
turn_server_.AddInternalSocket(kTurnDangerousAddr, protocol_type);
turn_server_.set_redirect_hook(&redirector);
CreateTurnPort(kTurnUsername, kTurnPassword,
ProtocolAddress(kTurnIntAddr, protocol_type));
// Retrieve the address before we run the state machine.
const SocketAddress old_addr = turn_port_->server_address().address;
turn_port_->PrepareAddress();
// This should result in an error event.
EXPECT_TRUE_SIMULATED_WAIT(error_event_.error_code != 0,
TimeToGetAlternateTurnCandidate(protocol_type),
fake_clock_);
// but should NOT result in the port turning ready, and no candidates
// should be gathered.
EXPECT_FALSE(turn_ready_);
ASSERT_EQ(0U, turn_port_->Candidates().size());
}
TEST_F(TurnPortTest, TestTurnDangerousServerAllowedWithFieldTrial) {
webrtc::test::ScopedKeyValueConfig override_field_trials(
field_trials_, "WebRTC-Turn-AllowSystemPorts/Enabled/");
CreateTurnPort(kTurnUsername, kTurnPassword, kTurnDangerousProtoAddr);
ASSERT_TRUE(turn_port_);
}
} // namespace cricket