From 77d83b83d22b0d5fdc98a8104ea35931d44bb234 Mon Sep 17 00:00:00 2001 From: Ken Date: Thu, 1 Oct 2020 21:15:41 -0400 Subject: [PATCH] Implement DTLS bypass --- tincan/trunk/include/tincan_control.h | 1 + tincan/trunk/include/virtual_link.h | 7 ++-- tincan/trunk/src/basic_tunnel.cc | 3 +- tincan/trunk/src/tincan.cc | 4 ++- tincan/trunk/src/tincan_control.cc | 1 + tincan/trunk/src/virtual_link.cc | 49 ++++++++++++++++----------- 6 files changed, 41 insertions(+), 24 deletions(-) diff --git a/tincan/trunk/include/tincan_control.h b/tincan/trunk/include/tincan_control.h index 05606ff..5a7308f 100644 --- a/tincan/trunk/include/tincan_control.h +++ b/tincan/trunk/include/tincan_control.h @@ -83,6 +83,7 @@ const array ControlTypeStrings = { {"TincanRequest", "TincanResp static const Json::StaticString CreateCtrlRespLink; static const Json::StaticString CreateTunnel; static const Json::StaticString Data; + static const Json::StaticString DisableDtls; static const Json::StaticString Echo; static const Json::StaticString EncryptionEnabled; static const Json::StaticString FPR; diff --git a/tincan/trunk/include/virtual_link.h b/tincan/trunk/include/virtual_link.h index 2f53560..64875db 100644 --- a/tincan/trunk/include/virtual_link.h +++ b/tincan/trunk/include/virtual_link.h @@ -53,7 +53,7 @@ using webrtc::SdpType; struct VlinkDescriptor { - bool dtls_enabled; + bool dtls_enabled = true; string uid; vector stun_servers; vector turn_descs; @@ -76,7 +76,7 @@ public: void Initialize( BasicNetworkManager & network_manager, unique_ptrsslid, - SSLFingerprint const & local_fingerprint, + unique_ptr local_fingerprint, cricket::IceRole ice_role); PeerDescriptor& PeerInfo() @@ -150,7 +150,8 @@ private: const string & candidates); void SetupICE( - SSLFingerprint const & local_fingerprint); + unique_ptr sslid, + unique_ptr local_fingerprint); void OnReadPacket( PacketTransportInternal* transport, diff --git a/tincan/trunk/src/basic_tunnel.cc b/tincan/trunk/src/basic_tunnel.cc index f9df2a7..64a74a3 100644 --- a/tincan/trunk/src/basic_tunnel.cc +++ b/tincan/trunk/src/basic_tunnel.cc @@ -92,7 +92,8 @@ BasicTunnel::CreateVlink( unique_ptr vl = make_unique( move(vlink_desc), move(peer_desc), sig_worker_, net_worker_); unique_ptr sslid_copy(sslid_->Clone()); - vl->Initialize(net_manager_, move(sslid_copy), *local_fingerprint_.get(), + vl->Initialize(net_manager_, move(sslid_copy), + make_unique(*local_fingerprint_.get()), ice_role); vl->SignalMessageReceived.connect(this, &BasicTunnel::VlinkReadComplete); vl->SignalLinkUp.connect(this, &BasicTunnel::VLinkUp); diff --git a/tincan/trunk/src/tincan.cc b/tincan/trunk/src/tincan.cc index 5126241..275c61b 100644 --- a/tincan/trunk/src/tincan.cc +++ b/tincan/trunk/src/tincan.cc @@ -121,7 +121,8 @@ Tincan::CreateVlink( peer_desc->mac_address = link_desc[TincanControl::PeerInfo][TincanControl::MAC].asString(); - vl_desc->dtls_enabled = true; + vl_desc->dtls_enabled = !link_desc[TincanControl::DisableDtls].asBool(); + BasicTunnel & tnl = TunnelFromId(tnl_id); shared_ptr vlink = @@ -307,6 +308,7 @@ Tincan::Run() ctrl_dispatch->SetDispatchToTincanInf(this); ctrl_listener_ = make_shared(move(ctrl_dispatch)); ctrl_listener_->Run(); + cout << "Control Listener now running\n"; exit_event_.Wait(Event::kForever); } diff --git a/tincan/trunk/src/tincan_control.cc b/tincan/trunk/src/tincan_control.cc index 5a34b6b..18fe632 100644 --- a/tincan/trunk/src/tincan_control.cc +++ b/tincan/trunk/src/tincan_control.cc @@ -34,6 +34,7 @@ const Json::StaticString TincanControl::Controlling("Controlling"); const Json::StaticString TincanControl::CreateCtrlRespLink("CreateCtrlRespLink"); const Json::StaticString TincanControl::CreateTunnel("CreateTunnel"); const Json::StaticString TincanControl::Data("Data"); +const Json::StaticString TincanControl::DisableDtls("DisableDtls"); const Json::StaticString TincanControl::Echo("Echo"); const Json::StaticString TincanControl::EncryptionEnabled("EncryptionEnabled"); const Json::StaticString TincanControl::FPR("FPR"); diff --git a/tincan/trunk/src/virtual_link.cc b/tincan/trunk/src/virtual_link.cc index ea36c91..aae84da 100644 --- a/tincan/trunk/src/virtual_link.cc +++ b/tincan/trunk/src/virtual_link.cc @@ -48,6 +48,10 @@ VirtualLink::VirtualLink( local_description_ = make_unique(); remote_description_ = make_unique(); ice_transport_factory_ = make_unique(); + config_.transport_observer = this; + config_.rtcp_handler = [](const rtc::CopyOnWriteBuffer& packet, + int64_t packet_time_us) { RTC_NOTREACHED(); }; + config_.ice_transport_factory = ice_transport_factory_.get(); } VirtualLink::~VirtualLink() @@ -61,18 +65,12 @@ string VirtualLink::Name() void VirtualLink::Initialize( BasicNetworkManager & network_manager, - unique_ptrsslid, - SSLFingerprint const & local_fingerprint, + unique_ptr sslid, + unique_ptr local_fingerprint, cricket::IceRole ice_role) { ice_role_ = ice_role; port_allocator_.reset(new cricket::BasicPortAllocator(&network_manager)); - - config_.transport_observer = this; - config_.rtcp_handler = [](const rtc::CopyOnWriteBuffer& packet, - int64_t packet_time_us) { RTC_NOTREACHED(); }; - config_.ice_transport_factory = ice_transport_factory_.get(); - port_allocator_->SetConfiguration( SetupSTUN(vlink_desc_->stun_servers), SetupTURN(vlink_desc_->turn_descs), @@ -83,8 +81,7 @@ VirtualLink::Initialize( port_allocator_.get(), /*async_resolver_factory*/ nullptr, config_); - transport_ctlr_->SetLocalCertificate(RTCCertificate::Create(move(sslid))); - SetupICE(local_fingerprint); + SetupICE(move(sslid), move(local_fingerprint)); dtls_transport_ = transport_ctlr_->GetDtlsTransport(content_name_); RegisterLinkEventHandlers(); @@ -274,19 +271,33 @@ VirtualLink::GetStats(Json::Value & stats) void VirtualLink::SetupICE( - SSLFingerprint const & local_fingerprint) + unique_ptr sslid, + unique_ptr local_fingerprint) { - size_t pos = peer_desc_->fingerprint.find(' '); - string alg, fp; - if(pos != string::npos) + SSLFingerprint const* local_fprnt = nullptr; + if (vlink_desc_->dtls_enabled) { - alg = peer_desc_->fingerprint.substr(0, pos); - fp = peer_desc_->fingerprint.substr(++pos); - remote_fingerprint_.reset( - rtc::SSLFingerprint::CreateFromRfc4572(alg, fp)); + transport_ctlr_->SetLocalCertificate(RTCCertificate::Create(move(sslid))); + + size_t pos = peer_desc_->fingerprint.find(' '); + string alg, fp; + if(pos != string::npos) + { + alg = peer_desc_->fingerprint.substr(0, pos); + fp = peer_desc_->fingerprint.substr(++pos); + remote_fingerprint_.reset( + rtc::SSLFingerprint::CreateFromRfc4572(alg, fp)); + } } + else + { + local_fingerprint.release(); + RTC_LOG(LS_INFO) << "Not using DTLS on vlink " << content_name_ << "\n"; + } + cricket::IceConfig ic; ic.continual_gathering_policy = cricket::GATHER_ONCE; + //ic.ice_check_interval_strong_connectivity = ?; transport_ctlr_->SetIceConfig(ic); cricket::ConnectionRole remote_conn_role = cricket::CONNECTIONROLE_ACTIVE; conn_role_ = cricket::CONNECTIONROLE_ACTPASS; @@ -297,7 +308,7 @@ VirtualLink::SetupICE( cricket::TransportDescription local_transport_desc( vector(), tp.kIceUfrag, tp.kIcePwd, - cricket::ICEMODE_FULL, conn_role_, &local_fingerprint); + cricket::ICEMODE_FULL, conn_role_, local_fingerprint.get()); cricket::TransportDescription remote_transport_desc( vector(), tp.kIceUfrag, tp.kIcePwd,