EdgeVPNio
/
evio
mirror of https://github.com/EdgeVPNio/evio.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Implement DTLS bypass

pull/6/head
Ken 2020-10-01 21:15:41 -04:00
parent 0969d2303b
commit 77d83b83d2
6 changed files with 41 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tincan/trunk/include/tincan_control.h
View File

@ -83,6 +83,7 @@ const array<const char*, 3> ControlTypeStrings = { {"TincanRequest", "TincanResp
static const Json::StaticString CreateCtrlRespLink; static const Json::StaticString CreateCtrlRespLink;
static const Json::StaticString CreateTunnel; static const Json::StaticString CreateTunnel;
static const Json::StaticString Data; static const Json::StaticString Data;
static const Json::StaticString DisableDtls;
static const Json::StaticString Echo; static const Json::StaticString Echo;
static const Json::StaticString EncryptionEnabled; static const Json::StaticString EncryptionEnabled;
static const Json::StaticString FPR; static const Json::StaticString FPR;

7
tincan/trunk/include/virtual_link.h
View File

@ -53,7 +53,7 @@ using webrtc::SdpType;
struct VlinkDescriptor struct VlinkDescriptor
{ {
bool dtls_enabled; bool dtls_enabled = true;
string uid; string uid;
vector<string> stun_servers; vector<string> stun_servers;
vector<TurnDescriptor> turn_descs; vector<TurnDescriptor> turn_descs;
@ -76,7 +76,7 @@ public:
void Initialize( void Initialize(
BasicNetworkManager & network_manager, BasicNetworkManager & network_manager,
unique_ptr<SSLIdentity>sslid, unique_ptr<SSLIdentity>sslid,
SSLFingerprint const & local_fingerprint, unique_ptr<SSLFingerprint> local_fingerprint,
cricket::IceRole ice_role); cricket::IceRole ice_role);
PeerDescriptor& PeerInfo() PeerDescriptor& PeerInfo()
@ -150,7 +150,8 @@ private:
const string & candidates); const string & candidates);
void SetupICE( void SetupICE(
SSLFingerprint const & local_fingerprint); unique_ptr<SSLIdentity> sslid,
unique_ptr<SSLFingerprint> local_fingerprint);
void OnReadPacket( void OnReadPacket(
PacketTransportInternal* transport, PacketTransportInternal* transport,

3
tincan/trunk/src/basic_tunnel.cc
View File

@ -92,7 +92,8 @@ BasicTunnel::CreateVlink(
unique_ptr<VirtualLink> vl = make_unique<VirtualLink>( unique_ptr<VirtualLink> vl = make_unique<VirtualLink>(
move(vlink_desc), move(peer_desc), sig_worker_, net_worker_); move(vlink_desc), move(peer_desc), sig_worker_, net_worker_);
unique_ptr<SSLIdentity> sslid_copy(sslid_->Clone()); unique_ptr<SSLIdentity> sslid_copy(sslid_->Clone());
vl->Initialize(net_manager_, move(sslid_copy), *local_fingerprint_.get(), vl->Initialize(net_manager_, move(sslid_copy),
make_unique<rtc::SSLFingerprint>(*local_fingerprint_.get()),
ice_role); ice_role);
vl->SignalMessageReceived.connect(this, &BasicTunnel::VlinkReadComplete); vl->SignalMessageReceived.connect(this, &BasicTunnel::VlinkReadComplete);
vl->SignalLinkUp.connect(this, &BasicTunnel::VLinkUp); vl->SignalLinkUp.connect(this, &BasicTunnel::VLinkUp);

4
tincan/trunk/src/tincan.cc
View File

@ -121,7 +121,8 @@ Tincan::CreateVlink(
peer_desc->mac_address = peer_desc->mac_address =
link_desc[TincanControl::PeerInfo][TincanControl::MAC].asString(); link_desc[TincanControl::PeerInfo][TincanControl::MAC].asString();
vl_desc->dtls_enabled = true; vl_desc->dtls_enabled = !link_desc[TincanControl::DisableDtls].asBool();
BasicTunnel & tnl = TunnelFromId(tnl_id); BasicTunnel & tnl = TunnelFromId(tnl_id);
shared_ptr<VirtualLink> vlink = shared_ptr<VirtualLink> vlink =
@ -307,6 +308,7 @@ Tincan::Run()
ctrl_dispatch->SetDispatchToTincanInf(this); ctrl_dispatch->SetDispatchToTincanInf(this);
ctrl_listener_ = make_shared<ControlListener>(move(ctrl_dispatch)); ctrl_listener_ = make_shared<ControlListener>(move(ctrl_dispatch));
ctrl_listener_->Run(); ctrl_listener_->Run();
cout << "Control Listener now running\n";
exit_event_.Wait(Event::kForever); exit_event_.Wait(Event::kForever);
} }

1
tincan/trunk/src/tincan_control.cc
View File

@ -34,6 +34,7 @@ const Json::StaticString TincanControl::Controlling("Controlling");
const Json::StaticString TincanControl::CreateCtrlRespLink("CreateCtrlRespLink"); const Json::StaticString TincanControl::CreateCtrlRespLink("CreateCtrlRespLink");
const Json::StaticString TincanControl::CreateTunnel("CreateTunnel"); const Json::StaticString TincanControl::CreateTunnel("CreateTunnel");
const Json::StaticString TincanControl::Data("Data"); const Json::StaticString TincanControl::Data("Data");
const Json::StaticString TincanControl::DisableDtls("DisableDtls");
const Json::StaticString TincanControl::Echo("Echo"); const Json::StaticString TincanControl::Echo("Echo");
const Json::StaticString TincanControl::EncryptionEnabled("EncryptionEnabled"); const Json::StaticString TincanControl::EncryptionEnabled("EncryptionEnabled");
const Json::StaticString TincanControl::FPR("FPR"); const Json::StaticString TincanControl::FPR("FPR");

49
tincan/trunk/src/virtual_link.cc
View File

@ -48,6 +48,10 @@ VirtualLink::VirtualLink(
local_description_ = make_unique<cricket::SessionDescription>(); local_description_ = make_unique<cricket::SessionDescription>();
remote_description_ = make_unique<cricket::SessionDescription>(); remote_description_ = make_unique<cricket::SessionDescription>();
ice_transport_factory_ = make_unique<webrtc::DefaultIceTransportFactory>(); ice_transport_factory_ = make_unique<webrtc::DefaultIceTransportFactory>();
config_.transport_observer = this;
config_.rtcp_handler = [](const rtc::CopyOnWriteBuffer& packet,
int64_t packet_time_us) { RTC_NOTREACHED(); };
config_.ice_transport_factory = ice_transport_factory_.get();
} }
VirtualLink::~VirtualLink() VirtualLink::~VirtualLink()
@ -61,18 +65,12 @@ string VirtualLink::Name()
void void
VirtualLink::Initialize( VirtualLink::Initialize(
BasicNetworkManager & network_manager, BasicNetworkManager & network_manager,
unique_ptr<SSLIdentity>sslid, unique_ptr<SSLIdentity> sslid,
SSLFingerprint const & local_fingerprint, unique_ptr<SSLFingerprint> local_fingerprint,
cricket::IceRole ice_role) cricket::IceRole ice_role)
{ {
ice_role_ = ice_role; ice_role_ = ice_role;
port_allocator_.reset(new cricket::BasicPortAllocator(&network_manager)); port_allocator_.reset(new cricket::BasicPortAllocator(&network_manager));
config_.transport_observer = this;
config_.rtcp_handler = [](const rtc::CopyOnWriteBuffer& packet,
int64_t packet_time_us) { RTC_NOTREACHED(); };
config_.ice_transport_factory = ice_transport_factory_.get();
port_allocator_->SetConfiguration( port_allocator_->SetConfiguration(
SetupSTUN(vlink_desc_->stun_servers), SetupSTUN(vlink_desc_->stun_servers),
SetupTURN(vlink_desc_->turn_descs), SetupTURN(vlink_desc_->turn_descs),
@ -83,8 +81,7 @@ VirtualLink::Initialize(
port_allocator_.get(), port_allocator_.get(),
/*async_resolver_factory*/ nullptr, /*async_resolver_factory*/ nullptr,
config_); config_);
transport_ctlr_->SetLocalCertificate(RTCCertificate::Create(move(sslid))); SetupICE(move(sslid), move(local_fingerprint));
SetupICE(local_fingerprint);
dtls_transport_ = transport_ctlr_->GetDtlsTransport(content_name_); dtls_transport_ = transport_ctlr_->GetDtlsTransport(content_name_);
RegisterLinkEventHandlers(); RegisterLinkEventHandlers();
@ -274,19 +271,33 @@ VirtualLink::GetStats(Json::Value & stats)
void void
VirtualLink::SetupICE( VirtualLink::SetupICE(
SSLFingerprint const & local_fingerprint) unique_ptr<SSLIdentity> sslid,
unique_ptr<SSLFingerprint> local_fingerprint)
{ {
size_t pos = peer_desc_->fingerprint.find(' '); SSLFingerprint const* local_fprnt = nullptr;
string alg, fp; if (vlink_desc_->dtls_enabled)
if(pos != string::npos)
{ {
alg = peer_desc_->fingerprint.substr(0, pos); transport_ctlr_->SetLocalCertificate(RTCCertificate::Create(move(sslid)));
fp = peer_desc_->fingerprint.substr(++pos);
remote_fingerprint_.reset( size_t pos = peer_desc_->fingerprint.find(' ');
rtc::SSLFingerprint::CreateFromRfc4572(alg, fp)); string alg, fp;
if(pos != string::npos)
{
alg = peer_desc_->fingerprint.substr(0, pos);
fp = peer_desc_->fingerprint.substr(++pos);
remote_fingerprint_.reset(
rtc::SSLFingerprint::CreateFromRfc4572(alg, fp));
}
} }
else
{
local_fingerprint.release();
RTC_LOG(LS_INFO) << "Not using DTLS on vlink " << content_name_ << "\n";
}
cricket::IceConfig ic; cricket::IceConfig ic;
ic.continual_gathering_policy = cricket::GATHER_ONCE; ic.continual_gathering_policy = cricket::GATHER_ONCE;
//ic.ice_check_interval_strong_connectivity = ?;
transport_ctlr_->SetIceConfig(ic); transport_ctlr_->SetIceConfig(ic);
cricket::ConnectionRole remote_conn_role = cricket::CONNECTIONROLE_ACTIVE; cricket::ConnectionRole remote_conn_role = cricket::CONNECTIONROLE_ACTIVE;
conn_role_ = cricket::CONNECTIONROLE_ACTPASS; conn_role_ = cricket::CONNECTIONROLE_ACTPASS;
@ -297,7 +308,7 @@ VirtualLink::SetupICE(
cricket::TransportDescription local_transport_desc( cricket::TransportDescription local_transport_desc(
vector<string>(), tp.kIceUfrag, tp.kIcePwd, vector<string>(), tp.kIceUfrag, tp.kIcePwd,
cricket::ICEMODE_FULL, conn_role_, &local_fingerprint); cricket::ICEMODE_FULL, conn_role_, local_fingerprint.get());
cricket::TransportDescription remote_transport_desc( cricket::TransportDescription remote_transport_desc(
vector<string>(), tp.kIceUfrag, tp.kIcePwd, vector<string>(), tp.kIceUfrag, tp.kIcePwd,