From 05eb70dd140501b8d8833611e04d8e0571daff1b Mon Sep 17 00:00:00 2001 From: Trevor Johnston Date: Wed, 10 Jun 2015 16:47:01 -0400 Subject: [PATCH 1/3] no need to send churn candidate lines across the signalling channel --- src/churn/churn.ts | 63 +++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/src/churn/churn.ts b/src/churn/churn.ts index 6ad1d9d..4ceaa5f 100644 --- a/src/churn/churn.ts +++ b/src/churn/churn.ts @@ -366,20 +366,23 @@ var log :logging.Log = new logging.Log('churn'); freedomPc, obfPeerName); this.obfuscatedConnection_.signalForPeerQueue.setSyncHandler( (message:signals.Message) => { - // Super-paranoid check: remove candidates from SDP messages. - // This can happen if a connection is re-negotiated. - // TODO: We can safely remove this once we can reliably interrogate - // peerconnection endpoints. if (message.type === signals.Type.OFFER || message.type === signals.Type.ANSWER) { + // Super-paranoid check: remove candidates from SDP messages. + // This can happen if a connection is re-negotiated. + // TODO: We can safely remove this once we can reliably interrogate + // peerconnection endpoints. message.description.sdp = filterCandidatesFromSdp(message.description.sdp); - } - if (message.type === signals.Type.CANDIDATE) { + var churnSignal :ChurnSignallingMessage = { + webrtcMessage: message + }; + this.signalForPeerQueue.handle(churnSignal); + } else if (message.type === signals.Type.CANDIDATE) { // This will tell us on which port webrtc is operating. - // Record it and inject a fake endpoint, to be sure the remote - // side never knows the real address (can be an issue when both - // hosts are on the same network). + // There's no need to send this to the peer because it can + // trivially formulate a candidate line with the address of + // its pipe. try { if (!message.candidate || !message.candidate.candidate) { throw new Error('no candidate line'); @@ -392,12 +395,6 @@ var log :logging.Log = new logging.Log('churn'); throw new Error('ipv6 unsupported'); } this.haveWebRtcEndpoint_(address); - message.candidate.candidate = - setCandidateLineEndpoint( - message.candidate.candidate, { - address: '0.0.0.0', - port: 0 - }); } catch (e) { log.debug('%1: ignoring candidate line %2: %3', this.peerName, @@ -405,10 +402,6 @@ var log :logging.Log = new logging.Log('churn'); e.message); } } - var churnSignal :ChurnSignallingMessage = { - webrtcMessage: message - }; - this.signalForPeerQueue.handle(churnSignal); }); this.peerOpenedChannelQueue = this.obfuscatedConnection_.peerOpenedChannelQueue; @@ -439,22 +432,30 @@ var log :logging.Log = new logging.Log('churn'); } if (churnMessage.webrtcMessage) { var message = churnMessage.webrtcMessage; - if (message.type === signals.Type.CANDIDATE) { - this.onceHaveForwardingSocketEndpoint_.then( - (forwardingSocketEndpoint:net.Endpoint) => { - message.candidate.candidate = - setCandidateLineEndpoint( - message.candidate.candidate, forwardingSocketEndpoint); - this.obfuscatedConnection_.handleSignalMessage(message); - }); - } else if (message.type == signals.Type.OFFER || - message.type == signals.Type.ANSWER) { + if (message.type == signals.Type.OFFER || + message.type == signals.Type.ANSWER) { // Remove candidates from the SDP. This is redundant, but ensures // that a bug in the remote client won't cause us to send // unobfuscated traffic. - message.description.sdp = - filterCandidatesFromSdp(message.description.sdp); + message.description.sdp = filterCandidatesFromSdp( + message.description.sdp); this.obfuscatedConnection_.handleSignalMessage(message); + + // Send a candidate to the peerconnection. + // Its address is the socket on which the pipe is listening. + this.onceHaveForwardingSocketEndpoint_.then( + (forwardingSocketEndpoint:net.Endpoint) => { + this.obfuscatedConnection_.handleSignalMessage({ + type: 2, + candidate: { + candidate: setCandidateLineEndpoint( + 'candidate:0 1 UDP 2130379007 0.0.0.0 0 typ host', + forwardingSocketEndpoint), + sdpMid: '', + sdpMLineIndex: 0 + } + }); + }); } } } From 7ef913216ae279de2a49f31cc378e8f71c0bde0b Mon Sep 17 00:00:00 2001 From: Trevor Johnston Date: Wed, 10 Jun 2015 16:48:33 -0400 Subject: [PATCH 2/3] log the initial mirror socket port --- src/churn/churn.ts | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/churn/churn.ts b/src/churn/churn.ts index 4ceaa5f..c2f7908 100644 --- a/src/churn/churn.ts +++ b/src/churn/churn.ts @@ -294,20 +294,21 @@ var log :logging.Log = new logging.Log('churn'); // Debugging. this.onceProbingComplete_.then((endpoint:NatPair) => { log.debug('%1: NAT endpoints of probe connection are %2', - this.peerName, - JSON.stringify(endpoint)); + this.peerName, endpoint); }); this.onceHaveWebRtcEndpoint_.then((endpoint:net.Endpoint) => { log.debug('%1: obfuscated connection is bound to %2', - this.peerName, - JSON.stringify(endpoint)); + this.peerName, endpoint); }); this.onceHaveRemoteEndpoint_.then((endpoint:net.Endpoint) => { log.debug('%1: remote peer is contactable at %2', - this.peerName, - JSON.stringify(endpoint)); + this.peerName, endpoint); }); - this.onceHaveCaesarKey_.then((key:number) => { + this.onceHaveForwardingSocketEndpoint_.then((endpoint: net.Endpoint) => { + log.debug('%1: forwarding socket is at %2', + this.peerName, endpoint); + }); + this.onceHaveCaesarKey_.then((key: number) => { log.debug('%1: caesar key is %2', this.peerName, key); }); } From 4d08e1a7bf772c22a2730e7e2e2aee58a65bd9f0 Mon Sep 17 00:00:00 2001 From: Trevor Johnston Date: Wed, 10 Jun 2015 17:43:00 -0400 Subject: [PATCH 3/3] bump patch version for no-candidates-on-signalling-channel churn improvement --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a319561..83427f3 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "uproxy-lib", "description": "Shared libraries for uProxy projects.", - "version": "27.2.3", + "version": "27.2.4", "repository": { "type": "git", "url": "https://github.com/uProxy/uproxy-lib"