webrtc/talk/p2p/base/turnserver.cc
2014-09-04 22:21:33 +00:00

1027 lines
34 KiB
C++

/*
* libjingle
* Copyright 2012, Google Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "talk/p2p/base/turnserver.h"
#include "talk/p2p/base/asyncstuntcpsocket.h"
#include "talk/p2p/base/common.h"
#include "talk/p2p/base/packetsocketfactory.h"
#include "talk/p2p/base/stun.h"
#include "webrtc/base/bytebuffer.h"
#include "webrtc/base/helpers.h"
#include "webrtc/base/logging.h"
#include "webrtc/base/messagedigest.h"
#include "webrtc/base/socketadapters.h"
#include "webrtc/base/stringencode.h"
#include "webrtc/base/thread.h"
namespace cricket {
// TODO(juberti): Move this all to a future turnmessage.h
//static const int IPPROTO_UDP = 17;
static const int kNonceTimeout = 60 * 60 * 1000; // 60 minutes
static const int kDefaultAllocationTimeout = 10 * 60 * 1000; // 10 minutes
static const int kPermissionTimeout = 5 * 60 * 1000; // 5 minutes
static const int kChannelTimeout = 10 * 60 * 1000; // 10 minutes
static const int kMinChannelNumber = 0x4000;
static const int kMaxChannelNumber = 0x7FFF;
static const size_t kNonceKeySize = 16;
static const size_t kNonceSize = 40;
static const size_t TURN_CHANNEL_HEADER_SIZE = 4U;
// TODO(mallinath) - Move these to a common place.
inline bool IsTurnChannelData(uint16 msg_type) {
// The first two bits of a channel data message are 0b01.
return ((msg_type & 0xC000) == 0x4000);
}
// IDs used for posted messages.
enum {
MSG_TIMEOUT,
};
// Encapsulates a TURN allocation.
// The object is created when an allocation request is received, and then
// handles TURN messages (via HandleTurnMessage) and channel data messages
// (via HandleChannelData) for this allocation when received by the server.
// The object self-deletes and informs the server if its lifetime timer expires.
class TurnServer::Allocation : public rtc::MessageHandler,
public sigslot::has_slots<> {
public:
Allocation(TurnServer* server_,
rtc::Thread* thread, const Connection& conn,
rtc::AsyncPacketSocket* server_socket,
const std::string& key);
virtual ~Allocation();
Connection* conn() { return &conn_; }
const std::string& key() const { return key_; }
const std::string& transaction_id() const { return transaction_id_; }
const std::string& username() const { return username_; }
const std::string& last_nonce() const { return last_nonce_; }
void set_last_nonce(const std::string& nonce) { last_nonce_ = nonce; }
std::string ToString() const;
void HandleTurnMessage(const TurnMessage* msg);
void HandleChannelData(const char* data, size_t size);
sigslot::signal1<Allocation*> SignalDestroyed;
private:
typedef std::list<Permission*> PermissionList;
typedef std::list<Channel*> ChannelList;
void HandleAllocateRequest(const TurnMessage* msg);
void HandleRefreshRequest(const TurnMessage* msg);
void HandleSendIndication(const TurnMessage* msg);
void HandleCreatePermissionRequest(const TurnMessage* msg);
void HandleChannelBindRequest(const TurnMessage* msg);
void OnExternalPacket(rtc::AsyncPacketSocket* socket,
const char* data, size_t size,
const rtc::SocketAddress& addr,
const rtc::PacketTime& packet_time);
static int ComputeLifetime(const TurnMessage* msg);
bool HasPermission(const rtc::IPAddress& addr);
void AddPermission(const rtc::IPAddress& addr);
Permission* FindPermission(const rtc::IPAddress& addr) const;
Channel* FindChannel(int channel_id) const;
Channel* FindChannel(const rtc::SocketAddress& addr) const;
void SendResponse(TurnMessage* msg);
void SendBadRequestResponse(const TurnMessage* req);
void SendErrorResponse(const TurnMessage* req, int code,
const std::string& reason);
void SendExternal(const void* data, size_t size,
const rtc::SocketAddress& peer);
void OnPermissionDestroyed(Permission* perm);
void OnChannelDestroyed(Channel* channel);
virtual void OnMessage(rtc::Message* msg);
TurnServer* server_;
rtc::Thread* thread_;
Connection conn_;
rtc::scoped_ptr<rtc::AsyncPacketSocket> external_socket_;
std::string key_;
std::string transaction_id_;
std::string username_;
std::string last_nonce_;
PermissionList perms_;
ChannelList channels_;
};
// Encapsulates a TURN permission.
// The object is created when a create permission request is received by an
// allocation, and self-deletes when its lifetime timer expires.
class TurnServer::Permission : public rtc::MessageHandler {
public:
Permission(rtc::Thread* thread, const rtc::IPAddress& peer);
~Permission();
const rtc::IPAddress& peer() const { return peer_; }
void Refresh();
sigslot::signal1<Permission*> SignalDestroyed;
private:
virtual void OnMessage(rtc::Message* msg);
rtc::Thread* thread_;
rtc::IPAddress peer_;
};
// Encapsulates a TURN channel binding.
// The object is created when a channel bind request is received by an
// allocation, and self-deletes when its lifetime timer expires.
class TurnServer::Channel : public rtc::MessageHandler {
public:
Channel(rtc::Thread* thread, int id,
const rtc::SocketAddress& peer);
~Channel();
int id() const { return id_; }
const rtc::SocketAddress& peer() const { return peer_; }
void Refresh();
sigslot::signal1<Channel*> SignalDestroyed;
private:
virtual void OnMessage(rtc::Message* msg);
rtc::Thread* thread_;
int id_;
rtc::SocketAddress peer_;
};
static bool InitResponse(const StunMessage* req, StunMessage* resp) {
int resp_type = (req) ? GetStunSuccessResponseType(req->type()) : -1;
if (resp_type == -1)
return false;
resp->SetType(resp_type);
resp->SetTransactionID(req->transaction_id());
return true;
}
static bool InitErrorResponse(const StunMessage* req, int code,
const std::string& reason, StunMessage* resp) {
int resp_type = (req) ? GetStunErrorResponseType(req->type()) : -1;
if (resp_type == -1)
return false;
resp->SetType(resp_type);
resp->SetTransactionID(req->transaction_id());
VERIFY(resp->AddAttribute(new cricket::StunErrorCodeAttribute(
STUN_ATTR_ERROR_CODE, code, reason)));
return true;
}
TurnServer::TurnServer(rtc::Thread* thread)
: thread_(thread),
nonce_key_(rtc::CreateRandomString(kNonceKeySize)),
auth_hook_(NULL),
redirect_hook_(NULL),
enable_otu_nonce_(false) {
}
TurnServer::~TurnServer() {
for (AllocationMap::iterator it = allocations_.begin();
it != allocations_.end(); ++it) {
delete it->second;
}
for (InternalSocketMap::iterator it = server_sockets_.begin();
it != server_sockets_.end(); ++it) {
rtc::AsyncPacketSocket* socket = it->first;
delete socket;
}
for (ServerSocketMap::iterator it = server_listen_sockets_.begin();
it != server_listen_sockets_.end(); ++it) {
rtc::AsyncSocket* socket = it->first;
delete socket;
}
}
void TurnServer::AddInternalSocket(rtc::AsyncPacketSocket* socket,
ProtocolType proto) {
ASSERT(server_sockets_.end() == server_sockets_.find(socket));
server_sockets_[socket] = proto;
socket->SignalReadPacket.connect(this, &TurnServer::OnInternalPacket);
}
void TurnServer::AddInternalServerSocket(rtc::AsyncSocket* socket,
ProtocolType proto) {
ASSERT(server_listen_sockets_.end() ==
server_listen_sockets_.find(socket));
server_listen_sockets_[socket] = proto;
socket->SignalReadEvent.connect(this, &TurnServer::OnNewInternalConnection);
}
void TurnServer::SetExternalSocketFactory(
rtc::PacketSocketFactory* factory,
const rtc::SocketAddress& external_addr) {
external_socket_factory_.reset(factory);
external_addr_ = external_addr;
}
void TurnServer::OnNewInternalConnection(rtc::AsyncSocket* socket) {
ASSERT(server_listen_sockets_.find(socket) != server_listen_sockets_.end());
AcceptConnection(socket);
}
void TurnServer::AcceptConnection(rtc::AsyncSocket* server_socket) {
// Check if someone is trying to connect to us.
rtc::SocketAddress accept_addr;
rtc::AsyncSocket* accepted_socket = server_socket->Accept(&accept_addr);
if (accepted_socket != NULL) {
ProtocolType proto = server_listen_sockets_[server_socket];
cricket::AsyncStunTCPSocket* tcp_socket =
new cricket::AsyncStunTCPSocket(accepted_socket, false);
tcp_socket->SignalClose.connect(this, &TurnServer::OnInternalSocketClose);
// Finally add the socket so it can start communicating with the client.
AddInternalSocket(tcp_socket, proto);
}
}
void TurnServer::OnInternalSocketClose(rtc::AsyncPacketSocket* socket,
int err) {
DestroyInternalSocket(socket);
}
void TurnServer::OnInternalPacket(rtc::AsyncPacketSocket* socket,
const char* data, size_t size,
const rtc::SocketAddress& addr,
const rtc::PacketTime& packet_time) {
// Fail if the packet is too small to even contain a channel header.
if (size < TURN_CHANNEL_HEADER_SIZE) {
return;
}
InternalSocketMap::iterator iter = server_sockets_.find(socket);
ASSERT(iter != server_sockets_.end());
Connection conn(addr, iter->second, socket);
uint16 msg_type = rtc::GetBE16(data);
if (!IsTurnChannelData(msg_type)) {
// This is a STUN message.
HandleStunMessage(&conn, data, size);
} else {
// This is a channel message; let the allocation handle it.
Allocation* allocation = FindAllocation(&conn);
if (allocation) {
allocation->HandleChannelData(data, size);
}
}
}
void TurnServer::HandleStunMessage(Connection* conn, const char* data,
size_t size) {
TurnMessage msg;
rtc::ByteBuffer buf(data, size);
if (!msg.Read(&buf) || (buf.Length() > 0)) {
LOG(LS_WARNING) << "Received invalid STUN message";
return;
}
// If it's a STUN binding request, handle that specially.
if (msg.type() == STUN_BINDING_REQUEST) {
HandleBindingRequest(conn, &msg);
return;
}
if (redirect_hook_ != NULL && msg.type() == STUN_ALLOCATE_REQUEST) {
rtc::SocketAddress address;
if (redirect_hook_->ShouldRedirect(conn->src(), &address)) {
SendErrorResponseWithAlternateServer(
conn, &msg, address);
return;
}
}
// Look up the key that we'll use to validate the M-I. If we have an
// existing allocation, the key will already be cached.
Allocation* allocation = FindAllocation(conn);
std::string key;
if (!allocation) {
GetKey(&msg, &key);
} else {
key = allocation->key();
}
// Ensure the message is authorized; only needed for requests.
if (IsStunRequestType(msg.type())) {
if (!CheckAuthorization(conn, &msg, data, size, key)) {
return;
}
}
if (!allocation && msg.type() == STUN_ALLOCATE_REQUEST) {
HandleAllocateRequest(conn, &msg, key);
} else if (allocation &&
(msg.type() != STUN_ALLOCATE_REQUEST ||
msg.transaction_id() == allocation->transaction_id())) {
// This is a non-allocate request, or a retransmit of an allocate.
// Check that the username matches the previous username used.
if (IsStunRequestType(msg.type()) &&
msg.GetByteString(STUN_ATTR_USERNAME)->GetString() !=
allocation->username()) {
SendErrorResponse(conn, &msg, STUN_ERROR_WRONG_CREDENTIALS,
STUN_ERROR_REASON_WRONG_CREDENTIALS);
return;
}
allocation->HandleTurnMessage(&msg);
} else {
// Allocation mismatch.
SendErrorResponse(conn, &msg, STUN_ERROR_ALLOCATION_MISMATCH,
STUN_ERROR_REASON_ALLOCATION_MISMATCH);
}
}
bool TurnServer::GetKey(const StunMessage* msg, std::string* key) {
const StunByteStringAttribute* username_attr =
msg->GetByteString(STUN_ATTR_USERNAME);
if (!username_attr) {
return false;
}
std::string username = username_attr->GetString();
return (auth_hook_ != NULL && auth_hook_->GetKey(username, realm_, key));
}
bool TurnServer::CheckAuthorization(Connection* conn,
const StunMessage* msg,
const char* data, size_t size,
const std::string& key) {
// RFC 5389, 10.2.2.
ASSERT(IsStunRequestType(msg->type()));
const StunByteStringAttribute* mi_attr =
msg->GetByteString(STUN_ATTR_MESSAGE_INTEGRITY);
const StunByteStringAttribute* username_attr =
msg->GetByteString(STUN_ATTR_USERNAME);
const StunByteStringAttribute* realm_attr =
msg->GetByteString(STUN_ATTR_REALM);
const StunByteStringAttribute* nonce_attr =
msg->GetByteString(STUN_ATTR_NONCE);
// Fail if no M-I.
if (!mi_attr) {
SendErrorResponseWithRealmAndNonce(conn, msg, STUN_ERROR_UNAUTHORIZED,
STUN_ERROR_REASON_UNAUTHORIZED);
return false;
}
// Fail if there is M-I but no username, nonce, or realm.
if (!username_attr || !realm_attr || !nonce_attr) {
SendErrorResponse(conn, msg, STUN_ERROR_BAD_REQUEST,
STUN_ERROR_REASON_BAD_REQUEST);
return false;
}
// Fail if bad nonce.
if (!ValidateNonce(nonce_attr->GetString())) {
SendErrorResponseWithRealmAndNonce(conn, msg, STUN_ERROR_STALE_NONCE,
STUN_ERROR_REASON_STALE_NONCE);
return false;
}
// Fail if bad username or M-I.
// We need |data| and |size| for the call to ValidateMessageIntegrity.
if (key.empty() || !StunMessage::ValidateMessageIntegrity(data, size, key)) {
SendErrorResponseWithRealmAndNonce(conn, msg, STUN_ERROR_UNAUTHORIZED,
STUN_ERROR_REASON_UNAUTHORIZED);
return false;
}
// Fail if one-time-use nonce feature is enabled.
Allocation* allocation = FindAllocation(conn);
if (enable_otu_nonce_ && allocation &&
allocation->last_nonce() == nonce_attr->GetString()) {
SendErrorResponseWithRealmAndNonce(conn, msg, STUN_ERROR_STALE_NONCE,
STUN_ERROR_REASON_STALE_NONCE);
return false;
}
if (allocation) {
allocation->set_last_nonce(nonce_attr->GetString());
}
// Success.
return true;
}
void TurnServer::HandleBindingRequest(Connection* conn,
const StunMessage* req) {
StunMessage response;
InitResponse(req, &response);
// Tell the user the address that we received their request from.
StunAddressAttribute* mapped_addr_attr;
mapped_addr_attr = new StunXorAddressAttribute(
STUN_ATTR_XOR_MAPPED_ADDRESS, conn->src());
VERIFY(response.AddAttribute(mapped_addr_attr));
SendStun(conn, &response);
}
void TurnServer::HandleAllocateRequest(Connection* conn,
const TurnMessage* msg,
const std::string& key) {
// Check the parameters in the request.
const StunUInt32Attribute* transport_attr =
msg->GetUInt32(STUN_ATTR_REQUESTED_TRANSPORT);
if (!transport_attr) {
SendErrorResponse(conn, msg, STUN_ERROR_BAD_REQUEST,
STUN_ERROR_REASON_BAD_REQUEST);
return;
}
// Only UDP is supported right now.
int proto = transport_attr->value() >> 24;
if (proto != IPPROTO_UDP) {
SendErrorResponse(conn, msg, STUN_ERROR_UNSUPPORTED_PROTOCOL,
STUN_ERROR_REASON_UNSUPPORTED_PROTOCOL);
return;
}
// Create the allocation and let it send the success response.
// If the actual socket allocation fails, send an internal error.
Allocation* alloc = CreateAllocation(conn, proto, key);
if (alloc) {
alloc->HandleTurnMessage(msg);
} else {
SendErrorResponse(conn, msg, STUN_ERROR_SERVER_ERROR,
"Failed to allocate socket");
}
}
std::string TurnServer::GenerateNonce() const {
// Generate a nonce of the form hex(now + HMAC-MD5(nonce_key_, now))
uint32 now = rtc::Time();
std::string input(reinterpret_cast<const char*>(&now), sizeof(now));
std::string nonce = rtc::hex_encode(input.c_str(), input.size());
nonce += rtc::ComputeHmac(rtc::DIGEST_MD5, nonce_key_, input);
ASSERT(nonce.size() == kNonceSize);
return nonce;
}
bool TurnServer::ValidateNonce(const std::string& nonce) const {
// Check the size.
if (nonce.size() != kNonceSize) {
return false;
}
// Decode the timestamp.
uint32 then;
char* p = reinterpret_cast<char*>(&then);
size_t len = rtc::hex_decode(p, sizeof(then),
nonce.substr(0, sizeof(then) * 2));
if (len != sizeof(then)) {
return false;
}
// Verify the HMAC.
if (nonce.substr(sizeof(then) * 2) != rtc::ComputeHmac(
rtc::DIGEST_MD5, nonce_key_, std::string(p, sizeof(then)))) {
return false;
}
// Validate the timestamp.
return rtc::TimeSince(then) < kNonceTimeout;
}
TurnServer::Allocation* TurnServer::FindAllocation(Connection* conn) {
AllocationMap::const_iterator it = allocations_.find(*conn);
return (it != allocations_.end()) ? it->second : NULL;
}
TurnServer::Allocation* TurnServer::CreateAllocation(Connection* conn,
int proto,
const std::string& key) {
rtc::AsyncPacketSocket* external_socket = (external_socket_factory_) ?
external_socket_factory_->CreateUdpSocket(external_addr_, 0, 0) : NULL;
if (!external_socket) {
return NULL;
}
// The Allocation takes ownership of the socket.
Allocation* allocation = new Allocation(this,
thread_, *conn, external_socket, key);
allocation->SignalDestroyed.connect(this, &TurnServer::OnAllocationDestroyed);
allocations_[*conn] = allocation;
return allocation;
}
void TurnServer::SendErrorResponse(Connection* conn,
const StunMessage* req,
int code, const std::string& reason) {
TurnMessage resp;
InitErrorResponse(req, code, reason, &resp);
LOG(LS_INFO) << "Sending error response, type=" << resp.type()
<< ", code=" << code << ", reason=" << reason;
SendStun(conn, &resp);
}
void TurnServer::SendErrorResponseWithRealmAndNonce(
Connection* conn, const StunMessage* msg,
int code, const std::string& reason) {
TurnMessage resp;
InitErrorResponse(msg, code, reason, &resp);
VERIFY(resp.AddAttribute(new StunByteStringAttribute(
STUN_ATTR_NONCE, GenerateNonce())));
VERIFY(resp.AddAttribute(new StunByteStringAttribute(
STUN_ATTR_REALM, realm_)));
SendStun(conn, &resp);
}
void TurnServer::SendErrorResponseWithAlternateServer(
Connection* conn, const StunMessage* msg,
const rtc::SocketAddress& addr) {
TurnMessage resp;
InitErrorResponse(msg, STUN_ERROR_TRY_ALTERNATE,
STUN_ERROR_REASON_TRY_ALTERNATE_SERVER, &resp);
VERIFY(resp.AddAttribute(new StunAddressAttribute(
STUN_ATTR_ALTERNATE_SERVER, addr)));
SendStun(conn, &resp);
}
void TurnServer::SendStun(Connection* conn, StunMessage* msg) {
rtc::ByteBuffer buf;
// Add a SOFTWARE attribute if one is set.
if (!software_.empty()) {
VERIFY(msg->AddAttribute(
new StunByteStringAttribute(STUN_ATTR_SOFTWARE, software_)));
}
msg->Write(&buf);
Send(conn, buf);
}
void TurnServer::Send(Connection* conn,
const rtc::ByteBuffer& buf) {
rtc::PacketOptions options;
conn->socket()->SendTo(buf.Data(), buf.Length(), conn->src(), options);
}
void TurnServer::OnAllocationDestroyed(Allocation* allocation) {
// Removing the internal socket if the connection is not udp.
rtc::AsyncPacketSocket* socket = allocation->conn()->socket();
InternalSocketMap::iterator iter = server_sockets_.find(socket);
ASSERT(iter != server_sockets_.end());
// Skip if the socket serving this allocation is UDP, as this will be shared
// by all allocations.
if (iter->second != cricket::PROTO_UDP) {
DestroyInternalSocket(socket);
}
AllocationMap::iterator it = allocations_.find(*(allocation->conn()));
if (it != allocations_.end())
allocations_.erase(it);
}
void TurnServer::DestroyInternalSocket(rtc::AsyncPacketSocket* socket) {
InternalSocketMap::iterator iter = server_sockets_.find(socket);
if (iter != server_sockets_.end()) {
rtc::AsyncPacketSocket* socket = iter->first;
delete socket;
server_sockets_.erase(iter);
}
}
TurnServer::Connection::Connection(const rtc::SocketAddress& src,
ProtocolType proto,
rtc::AsyncPacketSocket* socket)
: src_(src),
dst_(socket->GetRemoteAddress()),
proto_(proto),
socket_(socket) {
}
bool TurnServer::Connection::operator==(const Connection& c) const {
return src_ == c.src_ && dst_ == c.dst_ && proto_ == c.proto_;
}
bool TurnServer::Connection::operator<(const Connection& c) const {
return src_ < c.src_ || dst_ < c.dst_ || proto_ < c.proto_;
}
std::string TurnServer::Connection::ToString() const {
const char* const kProtos[] = {
"unknown", "udp", "tcp", "ssltcp"
};
std::ostringstream ost;
ost << src_.ToString() << "-" << dst_.ToString() << ":"<< kProtos[proto_];
return ost.str();
}
TurnServer::Allocation::Allocation(TurnServer* server,
rtc::Thread* thread,
const Connection& conn,
rtc::AsyncPacketSocket* socket,
const std::string& key)
: server_(server),
thread_(thread),
conn_(conn),
external_socket_(socket),
key_(key) {
external_socket_->SignalReadPacket.connect(
this, &TurnServer::Allocation::OnExternalPacket);
}
TurnServer::Allocation::~Allocation() {
for (ChannelList::iterator it = channels_.begin();
it != channels_.end(); ++it) {
delete *it;
}
for (PermissionList::iterator it = perms_.begin();
it != perms_.end(); ++it) {
delete *it;
}
thread_->Clear(this, MSG_TIMEOUT);
LOG_J(LS_INFO, this) << "Allocation destroyed";
}
std::string TurnServer::Allocation::ToString() const {
std::ostringstream ost;
ost << "Alloc[" << conn_.ToString() << "]";
return ost.str();
}
void TurnServer::Allocation::HandleTurnMessage(const TurnMessage* msg) {
ASSERT(msg != NULL);
switch (msg->type()) {
case STUN_ALLOCATE_REQUEST:
HandleAllocateRequest(msg);
break;
case TURN_REFRESH_REQUEST:
HandleRefreshRequest(msg);
break;
case TURN_SEND_INDICATION:
HandleSendIndication(msg);
break;
case TURN_CREATE_PERMISSION_REQUEST:
HandleCreatePermissionRequest(msg);
break;
case TURN_CHANNEL_BIND_REQUEST:
HandleChannelBindRequest(msg);
break;
default:
// Not sure what to do with this, just eat it.
LOG_J(LS_WARNING, this) << "Invalid TURN message type received: "
<< msg->type();
}
}
void TurnServer::Allocation::HandleAllocateRequest(const TurnMessage* msg) {
// Copy the important info from the allocate request.
transaction_id_ = msg->transaction_id();
const StunByteStringAttribute* username_attr =
msg->GetByteString(STUN_ATTR_USERNAME);
ASSERT(username_attr != NULL);
username_ = username_attr->GetString();
// Figure out the lifetime and start the allocation timer.
int lifetime_secs = ComputeLifetime(msg);
thread_->PostDelayed(lifetime_secs * 1000, this, MSG_TIMEOUT);
LOG_J(LS_INFO, this) << "Created allocation, lifetime=" << lifetime_secs;
// We've already validated all the important bits; just send a response here.
TurnMessage response;
InitResponse(msg, &response);
StunAddressAttribute* mapped_addr_attr =
new StunXorAddressAttribute(STUN_ATTR_XOR_MAPPED_ADDRESS, conn_.src());
StunAddressAttribute* relayed_addr_attr =
new StunXorAddressAttribute(STUN_ATTR_XOR_RELAYED_ADDRESS,
external_socket_->GetLocalAddress());
StunUInt32Attribute* lifetime_attr =
new StunUInt32Attribute(STUN_ATTR_LIFETIME, lifetime_secs);
VERIFY(response.AddAttribute(mapped_addr_attr));
VERIFY(response.AddAttribute(relayed_addr_attr));
VERIFY(response.AddAttribute(lifetime_attr));
SendResponse(&response);
}
void TurnServer::Allocation::HandleRefreshRequest(const TurnMessage* msg) {
// Figure out the new lifetime.
int lifetime_secs = ComputeLifetime(msg);
// Reset the expiration timer.
thread_->Clear(this, MSG_TIMEOUT);
thread_->PostDelayed(lifetime_secs * 1000, this, MSG_TIMEOUT);
LOG_J(LS_INFO, this) << "Refreshed allocation, lifetime=" << lifetime_secs;
// Send a success response with a LIFETIME attribute.
TurnMessage response;
InitResponse(msg, &response);
StunUInt32Attribute* lifetime_attr =
new StunUInt32Attribute(STUN_ATTR_LIFETIME, lifetime_secs);
VERIFY(response.AddAttribute(lifetime_attr));
SendResponse(&response);
}
void TurnServer::Allocation::HandleSendIndication(const TurnMessage* msg) {
// Check mandatory attributes.
const StunByteStringAttribute* data_attr = msg->GetByteString(STUN_ATTR_DATA);
const StunAddressAttribute* peer_attr =
msg->GetAddress(STUN_ATTR_XOR_PEER_ADDRESS);
if (!data_attr || !peer_attr) {
LOG_J(LS_WARNING, this) << "Received invalid send indication";
return;
}
// If a permission exists, send the data on to the peer.
if (HasPermission(peer_attr->GetAddress().ipaddr())) {
SendExternal(data_attr->bytes(), data_attr->length(),
peer_attr->GetAddress());
} else {
LOG_J(LS_WARNING, this) << "Received send indication without permission"
<< "peer=" << peer_attr->GetAddress();
}
}
void TurnServer::Allocation::HandleCreatePermissionRequest(
const TurnMessage* msg) {
// Check mandatory attributes.
const StunAddressAttribute* peer_attr =
msg->GetAddress(STUN_ATTR_XOR_PEER_ADDRESS);
if (!peer_attr) {
SendBadRequestResponse(msg);
return;
}
// Add this permission.
AddPermission(peer_attr->GetAddress().ipaddr());
LOG_J(LS_INFO, this) << "Created permission, peer="
<< peer_attr->GetAddress();
// Send a success response.
TurnMessage response;
InitResponse(msg, &response);
SendResponse(&response);
}
void TurnServer::Allocation::HandleChannelBindRequest(const TurnMessage* msg) {
// Check mandatory attributes.
const StunUInt32Attribute* channel_attr =
msg->GetUInt32(STUN_ATTR_CHANNEL_NUMBER);
const StunAddressAttribute* peer_attr =
msg->GetAddress(STUN_ATTR_XOR_PEER_ADDRESS);
if (!channel_attr || !peer_attr) {
SendBadRequestResponse(msg);
return;
}
// Check that channel id is valid.
int channel_id = channel_attr->value() >> 16;
if (channel_id < kMinChannelNumber || channel_id > kMaxChannelNumber) {
SendBadRequestResponse(msg);
return;
}
// Check that this channel id isn't bound to another transport address, and
// that this transport address isn't bound to another channel id.
Channel* channel1 = FindChannel(channel_id);
Channel* channel2 = FindChannel(peer_attr->GetAddress());
if (channel1 != channel2) {
SendBadRequestResponse(msg);
return;
}
// Add or refresh this channel.
if (!channel1) {
channel1 = new Channel(thread_, channel_id, peer_attr->GetAddress());
channel1->SignalDestroyed.connect(this,
&TurnServer::Allocation::OnChannelDestroyed);
channels_.push_back(channel1);
} else {
channel1->Refresh();
}
// Channel binds also refresh permissions.
AddPermission(peer_attr->GetAddress().ipaddr());
LOG_J(LS_INFO, this) << "Bound channel, id=" << channel_id
<< ", peer=" << peer_attr->GetAddress();
// Send a success response.
TurnMessage response;
InitResponse(msg, &response);
SendResponse(&response);
}
void TurnServer::Allocation::HandleChannelData(const char* data, size_t size) {
// Extract the channel number from the data.
uint16 channel_id = rtc::GetBE16(data);
Channel* channel = FindChannel(channel_id);
if (channel) {
// Send the data to the peer address.
SendExternal(data + TURN_CHANNEL_HEADER_SIZE,
size - TURN_CHANNEL_HEADER_SIZE, channel->peer());
} else {
LOG_J(LS_WARNING, this) << "Received channel data for invalid channel, id="
<< channel_id;
}
}
void TurnServer::Allocation::OnExternalPacket(
rtc::AsyncPacketSocket* socket,
const char* data, size_t size,
const rtc::SocketAddress& addr,
const rtc::PacketTime& packet_time) {
ASSERT(external_socket_.get() == socket);
Channel* channel = FindChannel(addr);
if (channel) {
// There is a channel bound to this address. Send as a channel message.
rtc::ByteBuffer buf;
buf.WriteUInt16(channel->id());
buf.WriteUInt16(static_cast<uint16>(size));
buf.WriteBytes(data, size);
server_->Send(&conn_, buf);
} else if (HasPermission(addr.ipaddr())) {
// No channel, but a permission exists. Send as a data indication.
TurnMessage msg;
msg.SetType(TURN_DATA_INDICATION);
msg.SetTransactionID(
rtc::CreateRandomString(kStunTransactionIdLength));
VERIFY(msg.AddAttribute(new StunXorAddressAttribute(
STUN_ATTR_XOR_PEER_ADDRESS, addr)));
VERIFY(msg.AddAttribute(new StunByteStringAttribute(
STUN_ATTR_DATA, data, size)));
server_->SendStun(&conn_, &msg);
} else {
LOG_J(LS_WARNING, this) << "Received external packet without permission, "
<< "peer=" << addr;
}
}
int TurnServer::Allocation::ComputeLifetime(const TurnMessage* msg) {
// Return the smaller of our default lifetime and the requested lifetime.
uint32 lifetime = kDefaultAllocationTimeout / 1000; // convert to seconds
const StunUInt32Attribute* lifetime_attr = msg->GetUInt32(STUN_ATTR_LIFETIME);
if (lifetime_attr && lifetime_attr->value() < lifetime) {
lifetime = lifetime_attr->value();
}
return lifetime;
}
bool TurnServer::Allocation::HasPermission(const rtc::IPAddress& addr) {
return (FindPermission(addr) != NULL);
}
void TurnServer::Allocation::AddPermission(const rtc::IPAddress& addr) {
Permission* perm = FindPermission(addr);
if (!perm) {
perm = new Permission(thread_, addr);
perm->SignalDestroyed.connect(
this, &TurnServer::Allocation::OnPermissionDestroyed);
perms_.push_back(perm);
} else {
perm->Refresh();
}
}
TurnServer::Permission* TurnServer::Allocation::FindPermission(
const rtc::IPAddress& addr) const {
for (PermissionList::const_iterator it = perms_.begin();
it != perms_.end(); ++it) {
if ((*it)->peer() == addr)
return *it;
}
return NULL;
}
TurnServer::Channel* TurnServer::Allocation::FindChannel(int channel_id) const {
for (ChannelList::const_iterator it = channels_.begin();
it != channels_.end(); ++it) {
if ((*it)->id() == channel_id)
return *it;
}
return NULL;
}
TurnServer::Channel* TurnServer::Allocation::FindChannel(
const rtc::SocketAddress& addr) const {
for (ChannelList::const_iterator it = channels_.begin();
it != channels_.end(); ++it) {
if ((*it)->peer() == addr)
return *it;
}
return NULL;
}
void TurnServer::Allocation::SendResponse(TurnMessage* msg) {
// Success responses always have M-I.
msg->AddMessageIntegrity(key_);
server_->SendStun(&conn_, msg);
}
void TurnServer::Allocation::SendBadRequestResponse(const TurnMessage* req) {
SendErrorResponse(req, STUN_ERROR_BAD_REQUEST, STUN_ERROR_REASON_BAD_REQUEST);
}
void TurnServer::Allocation::SendErrorResponse(const TurnMessage* req, int code,
const std::string& reason) {
server_->SendErrorResponse(&conn_, req, code, reason);
}
void TurnServer::Allocation::SendExternal(const void* data, size_t size,
const rtc::SocketAddress& peer) {
rtc::PacketOptions options;
external_socket_->SendTo(data, size, peer, options);
}
void TurnServer::Allocation::OnMessage(rtc::Message* msg) {
ASSERT(msg->message_id == MSG_TIMEOUT);
SignalDestroyed(this);
delete this;
}
void TurnServer::Allocation::OnPermissionDestroyed(Permission* perm) {
PermissionList::iterator it = std::find(perms_.begin(), perms_.end(), perm);
ASSERT(it != perms_.end());
perms_.erase(it);
}
void TurnServer::Allocation::OnChannelDestroyed(Channel* channel) {
ChannelList::iterator it =
std::find(channels_.begin(), channels_.end(), channel);
ASSERT(it != channels_.end());
channels_.erase(it);
}
TurnServer::Permission::Permission(rtc::Thread* thread,
const rtc::IPAddress& peer)
: thread_(thread), peer_(peer) {
Refresh();
}
TurnServer::Permission::~Permission() {
thread_->Clear(this, MSG_TIMEOUT);
}
void TurnServer::Permission::Refresh() {
thread_->Clear(this, MSG_TIMEOUT);
thread_->PostDelayed(kPermissionTimeout, this, MSG_TIMEOUT);
}
void TurnServer::Permission::OnMessage(rtc::Message* msg) {
ASSERT(msg->message_id == MSG_TIMEOUT);
SignalDestroyed(this);
delete this;
}
TurnServer::Channel::Channel(rtc::Thread* thread, int id,
const rtc::SocketAddress& peer)
: thread_(thread), id_(id), peer_(peer) {
Refresh();
}
TurnServer::Channel::~Channel() {
thread_->Clear(this, MSG_TIMEOUT);
}
void TurnServer::Channel::Refresh() {
thread_->Clear(this, MSG_TIMEOUT);
thread_->PostDelayed(kChannelTimeout, this, MSG_TIMEOUT);
}
void TurnServer::Channel::OnMessage(rtc::Message* msg) {
ASSERT(msg->message_id == MSG_TIMEOUT);
SignalDestroyed(this);
delete this;
}
} // namespace cricket