Google Git
Sign in
webrtc / src / / 08b882d762edadb9797334859d915c5c1e34896b
commit08b882d762edadb9797334859d915c5c1e34896b[log] [tgz]
authorPhilipp Hancke <phancke@microsoft.com>Thu Oct 27 07:56:08 2022
committerWebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Oct 27 15:50:02 2022
tree7feab3d34db58179aaf348cb410d01634d9f148d
parentfbe5d7c3d460ad8ae44ec8e80f08ee1679311d13 [diff]
ice: include tiebreaker in computation of foundation attribute

the foundation attribute is currently calculated as
  CRC32(baseaddress, protocol, relayprotocol)
which is a way to satisfy the requirements from
  https://www.rfc-editor.org/rfc/rfc5245#section-4.1.1.3

However, this leaks the base address which defeats the
MDNS obfuscation described in
  https://datatracker.ietf.org/doc/draft-ietf-mmusic-mdns-ice-candidates/
since the CRC32 can be reversed using a table lookup as shown in
  https://github.com/niespodd/webrtc-local-ip-leak/

To defeat that lookup, "seed" the CRC32 with the ICE tie-breaker which is a randomly picked unsigned 64 bit integer described in
  https://www.rfc-editor.org/rfc/rfc5245#section-5.2

The tie-breaker is not known to Javascript and adding it scopes the foundation within the peer connection as described in section 4.1.1.3

To manually test (preferably with a DCHECK for IceTiebreaker() in ComputeFoundation)
- gather candidates twice on https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ and observe that the foundations are not the same after this change
- create two RTCPeerConnections with {iceCandidatePoolSize: 1}, create a datachannel, call setLocalDescription, inspect the candidates and observe that the foundations are not the same after this change.

Unit test changes have been split into a separate CL for easier integration.

BUG=webrtc:14605

Change-Id: I6bbad1635b48997b00ae74d251ae357bf8afd12f
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/280621
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38485}
8 files changed
tree: 7feab3d34db58179aaf348cb410d01634d9f148d
  1. api/
  2. audio/
  3. build_overrides/
  4. call/
  5. common_audio/
  6. common_video/
  7. data/
  8. docs/
  9. examples/
  10. experiments/
  11. g3doc/
  12. infra/
  13. logging/
  14. media/
  15. modules/
  16. net/
  17. p2p/
  18. pc/
  19. resources/
  20. rtc_base/
  21. rtc_tools/
  22. sdk/
  23. stats/
  24. system_wrappers/
  25. test/
  26. tools_webrtc/
  27. video/
  28. .clang-format
  29. .git-blame-ignore-revs
  30. .gitignore
  31. .gn
  32. .mailmap
  33. .style.yapf
  34. .vpython
  35. .vpython3
  36. AUTHORS
  37. BUILD.gn
  38. CODE_OF_CONDUCT.md
  39. codereview.settings
  40. DEPS
  41. DIR_METADATA
  42. ENG_REVIEW_OWNERS
  43. g3doc.lua
  44. LICENSE
  45. license_template.txt
  46. native-api.md
  47. OWNERS
  48. PATENTS
  49. PRESUBMIT.py
  50. presubmit_test.py
  51. presubmit_test_mocks.py
  52. pylintrc
  53. README.chromium
  54. README.md
  55. WATCHLISTS
  56. webrtc.gni
  57. webrtc_lib_link_test.cc
  58. whitespace.txt
README.md

WebRTC is a free, open software project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high-quality RTC applications to be developed for the browser, mobile platforms, and IoT devices, and allow them all to communicate via a common set of protocols.

The WebRTC initiative is a project supported by Google, Mozilla and Opera, amongst others.

Development

See here for instructions on how to get started developing with the native code.

Authoritative list of directories that contain the native API header files.

More info