Move DTLS related code from p2p/base to p2p/dtls

BUG=webrtc:367395350

Change-Id: I3fd1551f974705ce6b10e2c757f4d406a520a2c1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/370460
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Cr-Commit-Position: refs/heads/main@{#43528}

p2p/BUILD.gn

@@ -18,7 +18,7 @@ group("p2p") {
 rtc_library("rtc_p2p") {
   visibility = [ "*" ]
   sources = [
-    # TODO(bugs.webrtc.org/15769): Finish cleanup and remove.
+    # TODO(bugs.webrtc.org/15796): Finish cleanup and remove.
     "base/active_ice_controller_factory_interface.h",  # To be removed (Chrome)
     "base/active_ice_controller_interface.h",  # To be removed (Internal)
     "base/basic_ice_controller.h",  # To be removed (Chrome)
@@ -389,8 +389,8 @@ rtc_library("default_ice_transport_factory") {
 
 rtc_library("dtls_transport") {
   sources = [
-    "base/dtls_transport.cc",
+    "dtls/dtls_transport.cc",
-    "base/dtls_transport.h",
+    "dtls/dtls_transport.h",
   ]
   deps = [
     ":dtls_transport_internal",
@@ -406,11 +406,13 @@ rtc_library("dtls_transport") {
     "../api/rtc_event_log",
     "../api/units:timestamp",
     "../logging:ice_log",
+    "../rtc_base:async_packet_socket",
     "../rtc_base:buffer",
     "../rtc_base:buffer_queue",
     "../rtc_base:checks",
     "../rtc_base:dscp",
     "../rtc_base:logging",
+    "../rtc_base:macromagic",
     "../rtc_base:network_route",
     "../rtc_base:socket",
     "../rtc_base:socket_address",
@@ -422,6 +424,7 @@ rtc_library("dtls_transport") {
     "../rtc_base:timeutils",
     "../rtc_base/network:ecn_marking",
     "../rtc_base/network:received_packet",
+    "../rtc_base/network:sent_packet",
     "../rtc_base/system:no_unique_address",
     "//third_party/abseil-cpp/absl/memory",
     "//third_party/abseil-cpp/absl/strings:string_view",
@@ -429,24 +432,27 @@ rtc_library("dtls_transport") {
 }
 
 rtc_source_set("dtls_transport_factory") {
-  sources = [ "base/dtls_transport_factory.h" ]
+  sources = [ "dtls/dtls_transport_factory.h" ]
   deps = [
     ":dtls_transport_internal",
     ":ice_transport_internal",
+    "../api/crypto:options",
+    "../rtc_base:ssl_adapter",
   ]
 }
 
 rtc_library("dtls_transport_internal") {
   sources = [
-    "base/dtls_transport_internal.cc",
+    "dtls/dtls_transport_internal.cc",
-    "base/dtls_transport_internal.h",
+    "dtls/dtls_transport_internal.h",
   ]
   deps = [
     ":ice_transport_internal",
     ":packet_transport_internal",
     "../api:dtls_transport_interface",
+    "../api:rtc_error",
     "../api:scoped_refptr",
-    "../api/crypto:options",
+    "../rtc_base:buffer",
     "../rtc_base:callback_list",
     "../rtc_base:ssl",
     "../rtc_base:ssl_adapter",
@@ -1049,7 +1055,6 @@ if (rtc_include_tests) {
   rtc_library("p2p_test_utils") {
     testonly = true
     sources = [
-      "base/fake_dtls_transport.h",
       "base/fake_packet_transport.h",
       "base/mock_active_ice_controller.h",
       "base/mock_dns_resolving_packet_socket_factory.h",
@@ -1060,6 +1065,7 @@ if (rtc_include_tests) {
       "base/test_stun_server.h",
       "base/test_turn_customizer.h",
       "base/test_turn_server.h",
+      "dtls/fake_dtls_transport.h",
     ]
     deps = [
       ":active_ice_controller_factory_interface",
@@ -1077,17 +1083,25 @@ if (rtc_include_tests) {
       ":p2p_server_utils",
       ":packet_transport_internal",
       ":transport_description",
+      "../api:array_view",
       "../api:dtls_transport_interface",
       "../api:libjingle_peerconnection_api",
       "../api:mock_async_dns_resolver",
       "../api:packet_socket_factory",
+      "../api:rtc_error",
+      "../api:scoped_refptr",
       "../api:sequence_checker",
       "../api:turn_customizer",
       "../api/crypto:options",
       "../api/transport:stun_types",
+      "../rtc_base:async_packet_socket",
       "../rtc_base:async_udp_socket",
+      "../rtc_base:buffer",
+      "../rtc_base:checks",
       "../rtc_base:copy_on_write_buffer",
       "../rtc_base:gunit_helpers",
+      "../rtc_base:logging",
+      "../rtc_base:network_route",
       "../rtc_base:rtc_base_tests_utils",
       "../rtc_base:socket",
       "../rtc_base:socket_address",
@@ -1108,7 +1122,6 @@ if (rtc_include_tests) {
 
     sources = [
       "base/async_stun_tcp_socket_unittest.cc",
-      "base/dtls_transport_unittest.cc",
       "base/ice_credentials_iterator_unittest.cc",
       "base/p2p_transport_channel_unittest.cc",
       "base/packet_transport_internal_unittest.cc",
@@ -1127,6 +1140,7 @@ if (rtc_include_tests) {
       "base/turn_server_unittest.cc",
       "base/wrapping_active_ice_controller_unittest.cc",
       "client/basic_port_allocator_unittest.cc",
+      "dtls/dtls_transport_unittest.cc",
       "dtls/dtls_utils_unittest.cc",
     ]
     deps = [
@@ -1138,6 +1152,7 @@ if (rtc_include_tests) {
       ":basic_port_allocator",
       ":connection",
       ":dtls_transport",
+      ":dtls_transport_internal",
       ":dtls_utils",
       ":fake_ice_transport",
       ":fake_port_allocator",
@@ -1171,6 +1186,7 @@ if (rtc_include_tests) {
       "../api:mock_async_dns_resolver",
       "../api:packet_socket_factory",
       "../api:scoped_refptr",
+      "../api/crypto:options",
       "../api/task_queue",
       "../api/task_queue:pending_task_safety_flag",
       "../api/transport:stun_types",
@@ -1178,6 +1194,7 @@ if (rtc_include_tests) {
       "../rtc_base:async_packet_socket",
       "../rtc_base:buffer",
       "../rtc_base:byte_buffer",
+      "../rtc_base:byte_order",
       "../rtc_base:checks",
       "../rtc_base:copy_on_write_buffer",
       "../rtc_base:crypto_random",

p2p/base/dtls_transport.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2011 The WebRTC Project Authors. All rights reserved.
+ *  Copyright (c) 2024 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
@@ -11,253 +11,8 @@
 #ifndef P2P_BASE_DTLS_TRANSPORT_H_
 #define P2P_BASE_DTLS_TRANSPORT_H_
 
-#include <memory>
+// This is a transitional header forwarding to the new version in the p2p/dtls/
-#include <string>
+// folder.
-#include <vector>
+#include "p2p/dtls/dtls_transport.h"
-
-#include "absl/strings/string_view.h"
-#include "api/crypto/crypto_options.h"
-#include "api/dtls_transport_interface.h"
-#include "api/sequence_checker.h"
-#include "p2p/base/dtls_transport_internal.h"
-#include "p2p/base/ice_transport_internal.h"
-#include "rtc_base/buffer.h"
-#include "rtc_base/buffer_queue.h"
-#include "rtc_base/network/received_packet.h"
-#include "rtc_base/ssl_stream_adapter.h"
-#include "rtc_base/stream.h"
-#include "rtc_base/strings/string_builder.h"
-#include "rtc_base/system/no_unique_address.h"
-
-namespace rtc {
-class PacketTransportInternal;
-}
-
-namespace cricket {
-
-// A bridge between a packet-oriented/transport-type interface on
-// the bottom and a StreamInterface on the top.
-class StreamInterfaceChannel : public rtc::StreamInterface {
- public:
-  explicit StreamInterfaceChannel(IceTransportInternal* ice_transport);
-
-  StreamInterfaceChannel(const StreamInterfaceChannel&) = delete;
-  StreamInterfaceChannel& operator=(const StreamInterfaceChannel&) = delete;
-
-  // Push in a packet; this gets pulled out from Read().
-  bool OnPacketReceived(const char* data, size_t size);
-
-  // Implementations of StreamInterface
-  rtc::StreamState GetState() const override;
-  void Close() override;
-  rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
-                         size_t& read,
-                         int& error) override;
-  rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
-                          size_t& written,
-                          int& error) override;
-
- private:
-  IceTransportInternal* const ice_transport_;  // owned by DtlsTransport
-  rtc::StreamState state_ RTC_GUARDED_BY(callback_sequence_);
-  rtc::BufferQueue packets_ RTC_GUARDED_BY(callback_sequence_);
-};
-
-// This class provides a DTLS SSLStreamAdapter inside a TransportChannel-style
-// packet-based interface, wrapping an existing TransportChannel instance
-// (e.g a P2PTransportChannel)
-// Here's the way this works:
-//
-//   DtlsTransport {
-//       SSLStreamAdapter* dtls_ {
-//           StreamInterfaceChannel downward_ {
-//               IceTransportInternal* ice_transport_;
-//           }
-//       }
-//   }
-//
-//   - Data which comes into DtlsTransport from the underlying
-//     ice_transport_ via OnReadPacket() is checked for whether it is DTLS
-//     or not, and if it is, is passed to DtlsTransport::HandleDtlsPacket,
-//     which pushes it into to downward_. dtls_ is listening for events on
-//     downward_, so it immediately calls downward_->Read().
-//
-//   - Data written to DtlsTransport is passed either to downward_ or directly
-//     to ice_transport_, depending on whether DTLS is negotiated and whether
-//     the flags include PF_SRTP_BYPASS
-//
-//   - The SSLStreamAdapter writes to downward_->Write() which translates it
-//     into packet writes on ice_transport_.
-//
-// This class is not thread safe; all methods must be called on the same thread
-// as the constructor.
-class DtlsTransport : public DtlsTransportInternal {
- public:
-  // `ice_transport` is the ICE transport this DTLS transport is wrapping.  It
-  // must outlive this DTLS transport.
-  //
-  // `crypto_options` are the options used for the DTLS handshake. This affects
-  // whether GCM crypto suites are negotiated.
-  //
-  // `event_log` is an optional RtcEventLog for logging state changes. It should
-  // outlive the DtlsTransport.
-  DtlsTransport(
-      IceTransportInternal* ice_transport,
-      const webrtc::CryptoOptions& crypto_options,
-      webrtc::RtcEventLog* event_log,
-      rtc::SSLProtocolVersion max_version = rtc::SSL_PROTOCOL_DTLS_12);
-
-  ~DtlsTransport() override;
-
-  DtlsTransport(const DtlsTransport&) = delete;
-  DtlsTransport& operator=(const DtlsTransport&) = delete;
-
-  webrtc::DtlsTransportState dtls_state() const override;
-  const std::string& transport_name() const override;
-  int component() const override;
-
-  // DTLS is active if a local certificate was set. Otherwise this acts in a
-  // "passthrough" mode, sending packets directly through the underlying ICE
-  // transport.
-  // TODO(deadbeef): Remove this weirdness, and handle it in the upper layers.
-  bool IsDtlsActive() const override;
-
-  // SetLocalCertificate is what makes DTLS active. It must be called before
-  // SetRemoteFinterprint.
-  // TODO(deadbeef): Once DtlsTransport no longer has the concept of being
-  // "active" or not (acting as a passthrough if not active), just require this
-  // certificate on construction or "Start".
-  bool SetLocalCertificate(
-      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override;
-  rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override;
-
-  // SetRemoteFingerprint must be called after SetLocalCertificate, and any
-  // other methods like SetDtlsRole. It's what triggers the actual DTLS setup.
-  // TODO(deadbeef): Rename to "Start" like in ORTC?
-  bool SetRemoteFingerprint(absl::string_view digest_alg,
-                            const uint8_t* digest,
-                            size_t digest_len) override;
-
-  // SetRemoteParameters must be called after SetLocalCertificate.
-  webrtc::RTCError SetRemoteParameters(
-      absl::string_view digest_alg,
-      const uint8_t* digest,
-      size_t digest_len,
-      std::optional<rtc::SSLRole> role) override;
-
-  // Called to send a packet (via DTLS, if turned on).
-  int SendPacket(const char* data,
-                 size_t size,
-                 const rtc::PacketOptions& options,
-                 int flags) override;
-
-  bool GetOption(rtc::Socket::Option opt, int* value) override;
-
-  // Find out which TLS version was negotiated
-  bool GetSslVersionBytes(int* version) const override;
-  // Find out which DTLS-SRTP cipher was negotiated
-  bool GetSrtpCryptoSuite(int* cipher) const override;
-
-  // Find out which signature algorithm was used by the peer. Returns values
-  // from
-  // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
-  // If not applicable, it returns zero.
-  uint16_t GetSslPeerSignatureAlgorithm() const override;
-
-  bool GetDtlsRole(rtc::SSLRole* role) const override;
-  bool SetDtlsRole(rtc::SSLRole role) override;
-
-  // Find out which DTLS cipher was negotiated
-  bool GetSslCipherSuite(int* cipher) const override;
-  std::optional<absl::string_view> GetTlsCipherSuiteName() const override;
-
-  // Once DTLS has been established, this method retrieves the certificate
-  // chain in use by the remote peer, for use in external identity
-  // verification.
-  std::unique_ptr<rtc::SSLCertChain> GetRemoteSSLCertChain() const override;
-
-  // Once DTLS has established (i.e., this ice_transport is writable), this
-  // method extracts the keys negotiated during the DTLS handshake, for use in
-  // external encryption. DTLS-SRTP uses this to extract the needed SRTP keys.
-  bool ExportSrtpKeyingMaterial(
-      rtc::ZeroOnFreeBuffer<uint8_t>& keying_material) override;
-
-  IceTransportInternal* ice_transport() override;
-
-  // For informational purposes. Tells if the DTLS handshake has finished.
-  // This may be true even if writable() is false, if the remote fingerprint
-  // has not yet been verified.
-  bool IsDtlsConnected();
-
-  bool receiving() const override;
-  bool writable() const override;
-
-  int GetError() override;
-
-  std::optional<rtc::NetworkRoute> network_route() const override;
-
-  int SetOption(rtc::Socket::Option opt, int value) override;
-
-  std::string ToString() const {
-    const absl::string_view RECEIVING_ABBREV[2] = {"_", "R"};
-    const absl::string_view WRITABLE_ABBREV[2] = {"_", "W"};
-    rtc::StringBuilder sb;
-    sb << "DtlsTransport[" << transport_name() << "|" << component_ << "|"
-       << RECEIVING_ABBREV[receiving()] << WRITABLE_ABBREV[writable()] << "]";
-    return sb.Release();
-  }
-
- private:
-  void ConnectToIceTransport();
-
-  void OnWritableState(rtc::PacketTransportInternal* transport);
-  void OnReadPacket(rtc::PacketTransportInternal* transport,
-                    const rtc::ReceivedPacket& packet);
-  void OnSentPacket(rtc::PacketTransportInternal* transport,
-                    const rtc::SentPacket& sent_packet);
-  void OnReadyToSend(rtc::PacketTransportInternal* transport);
-  void OnReceivingState(rtc::PacketTransportInternal* transport);
-  void OnDtlsEvent(int sig, int err);
-  void OnNetworkRouteChanged(std::optional<rtc::NetworkRoute> network_route);
-  bool SetupDtls();
-  void MaybeStartDtls();
-  bool HandleDtlsPacket(rtc::ArrayView<const uint8_t> payload);
-  void OnDtlsHandshakeError(rtc::SSLHandshakeError error);
-  void ConfigureHandshakeTimeout();
-
-  void set_receiving(bool receiving);
-  void set_writable(bool writable);
-  // Sets the DTLS state, signaling if necessary.
-  void set_dtls_state(webrtc::DtlsTransportState state);
-
-  RTC_NO_UNIQUE_ADDRESS webrtc::SequenceChecker thread_checker_;
-
-  const int component_;
-  webrtc::DtlsTransportState dtls_state_ = webrtc::DtlsTransportState::kNew;
-  // Underlying ice_transport, not owned by this class.
-  IceTransportInternal* const ice_transport_;
-  std::unique_ptr<rtc::SSLStreamAdapter> dtls_;  // The DTLS stream
-  StreamInterfaceChannel*
-      downward_;  // Wrapper for ice_transport_, owned by dtls_.
-  const std::vector<int> srtp_ciphers_;  // SRTP ciphers to use with DTLS.
-  bool dtls_active_ = false;
-  rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_;
-  std::optional<rtc::SSLRole> dtls_role_;
-  const rtc::SSLProtocolVersion ssl_max_version_;
-  rtc::Buffer remote_fingerprint_value_;
-  std::string remote_fingerprint_algorithm_;
-
-  // Cached DTLS ClientHello packet that was received before we started the
-  // DTLS handshake. This could happen if the hello was received before the
-  // ice transport became writable, or before a remote fingerprint was received.
-  rtc::Buffer cached_client_hello_;
-
-  bool receiving_ = false;
-  bool writable_ = false;
-
-  webrtc::RtcEventLog* const event_log_;
-};
-
-}  // namespace cricket
 
 #endif  // P2P_BASE_DTLS_TRANSPORT_H_

p2p/base/dtls_transport_internal.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2016 The WebRTC Project Authors. All rights reserved.
+ *  Copyright (c) 2024 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
@@ -11,150 +11,8 @@
 #ifndef P2P_BASE_DTLS_TRANSPORT_INTERNAL_H_
 #define P2P_BASE_DTLS_TRANSPORT_INTERNAL_H_
 
-#include <stddef.h>
+// This is a transitional header forwarding to the new version in the p2p/dtls/
-#include <stdint.h>
+// folder.
-
+#include "p2p/dtls/dtls_transport_internal.h"
-#include <memory>
-#include <string>
-#include <utility>
-
-#include "absl/base/attributes.h"
-#include "absl/strings/string_view.h"
-#include "api/crypto/crypto_options.h"
-#include "api/dtls_transport_interface.h"
-#include "api/scoped_refptr.h"
-#include "p2p/base/ice_transport_internal.h"
-#include "p2p/base/packet_transport_internal.h"
-#include "rtc_base/callback_list.h"
-#include "rtc_base/ssl_certificate.h"
-#include "rtc_base/ssl_fingerprint.h"
-#include "rtc_base/ssl_stream_adapter.h"
-
-namespace cricket {
-
-enum PacketFlags {
-  PF_NORMAL = 0x00,       // A normal packet.
-  PF_SRTP_BYPASS = 0x01,  // An encrypted SRTP packet; bypass any additional
-                          // crypto provided by the transport (e.g. DTLS)
-};
-
-// DtlsTransportInternal is an internal interface that does DTLS, also
-// negotiating SRTP crypto suites so that it may be used for DTLS-SRTP.
-//
-// Once the public interface is supported,
-// (https://www.w3.org/TR/webrtc/#rtcdtlstransport-interface)
-// the DtlsTransportInterface will be split from this class.
-class DtlsTransportInternal : public rtc::PacketTransportInternal {
- public:
-  ~DtlsTransportInternal() override;
-
-  DtlsTransportInternal(const DtlsTransportInternal&) = delete;
-  DtlsTransportInternal& operator=(const DtlsTransportInternal&) = delete;
-
-  virtual webrtc::DtlsTransportState dtls_state() const = 0;
-
-  virtual int component() const = 0;
-
-  virtual bool IsDtlsActive() const = 0;
-
-  virtual bool GetDtlsRole(rtc::SSLRole* role) const = 0;
-
-  virtual bool SetDtlsRole(rtc::SSLRole role) = 0;
-
-  // Finds out which TLS/DTLS version is running.
-  virtual bool GetSslVersionBytes(int* version) const = 0;
-  // Finds out which DTLS-SRTP cipher was negotiated.
-  // TODO(zhihuang): Remove this once all dependencies implement this.
-  virtual bool GetSrtpCryptoSuite(int* cipher) const = 0;
-
-  // Finds out which DTLS cipher was negotiated.
-  // TODO(zhihuang): Remove this once all dependencies implement this.
-  virtual bool GetSslCipherSuite(int* cipher) const = 0;
-  virtual std::optional<absl::string_view> GetTlsCipherSuiteName() const = 0;
-
-  // Find out which signature algorithm was used by the peer. Returns values
-  // from
-  // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
-  // If not applicable, it returns zero.
-  virtual uint16_t GetSslPeerSignatureAlgorithm() const = 0;
-
-  // Gets the local RTCCertificate used for DTLS.
-  virtual rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate()
-      const = 0;
-
-  virtual bool SetLocalCertificate(
-      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) = 0;
-
-  // Gets a copy of the remote side's SSL certificate chain.
-  virtual std::unique_ptr<rtc::SSLCertChain> GetRemoteSSLCertChain() const = 0;
-
-  // Allows key material to be extracted for external encryption.
-  virtual bool ExportSrtpKeyingMaterial(
-      rtc::ZeroOnFreeBuffer<uint8_t>& keying_material) = 0;
-
-  // Set DTLS remote fingerprint. Must be after local identity set.
-  ABSL_DEPRECATED("Use SetRemoteParameters instead.")
-  virtual bool SetRemoteFingerprint(absl::string_view digest_alg,
-                                    const uint8_t* digest,
-                                    size_t digest_len) = 0;
-
-  // Set DTLS remote fingerprint and role. Must be after local identity set.
-  virtual webrtc::RTCError SetRemoteParameters(
-      absl::string_view digest_alg,
-      const uint8_t* digest,
-      size_t digest_len,
-      std::optional<rtc::SSLRole> role) = 0;
-
-  ABSL_DEPRECATED("Set the max version via construction.")
-  bool SetSslMaxProtocolVersion(rtc::SSLProtocolVersion /* version */) {
-    return true;
-  }
-
-  // Expose the underneath IceTransport.
-  virtual IceTransportInternal* ice_transport() = 0;
-
-  // F: void(DtlsTransportInternal*, const webrtc::DtlsTransportState)
-  template <typename F>
-  void SubscribeDtlsTransportState(F&& callback) {
-    dtls_transport_state_callback_list_.AddReceiver(std::forward<F>(callback));
-  }
-
-  template <typename F>
-  void SubscribeDtlsTransportState(const void* id, F&& callback) {
-    dtls_transport_state_callback_list_.AddReceiver(id,
-                                                    std::forward<F>(callback));
-  }
-  // Unsubscribe the subscription with given id.
-  void UnsubscribeDtlsTransportState(const void* id) {
-    dtls_transport_state_callback_list_.RemoveReceivers(id);
-  }
-
-  void SendDtlsState(DtlsTransportInternal* transport,
-                     webrtc::DtlsTransportState state) {
-    dtls_transport_state_callback_list_.Send(transport, state);
-  }
-
-  // Emitted whenever the Dtls handshake failed on some transport channel.
-  // F: void(rtc::SSLHandshakeError)
-  template <typename F>
-  void SubscribeDtlsHandshakeError(F&& callback) {
-    dtls_handshake_error_callback_list_.AddReceiver(std::forward<F>(callback));
-  }
-
-  void SendDtlsHandshakeError(rtc::SSLHandshakeError error) {
-    dtls_handshake_error_callback_list_.Send(error);
-  }
-
- protected:
-  DtlsTransportInternal();
-
- private:
-  webrtc::CallbackList<const rtc::SSLHandshakeError>
-      dtls_handshake_error_callback_list_;
-  webrtc::CallbackList<DtlsTransportInternal*, const webrtc::DtlsTransportState>
-      dtls_transport_state_callback_list_;
-};
-
-}  // namespace cricket
 
 #endif  // P2P_BASE_DTLS_TRANSPORT_INTERNAL_H_

p2p/dtls/dtls_transport.cc

@@ -8,7 +8,7 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
-#include "p2p/base/dtls_transport.h"
+#include "p2p/dtls/dtls_transport.h"
 
 #include <algorithm>
 #include <cstddef>
@@ -29,9 +29,9 @@
 #include "api/units/timestamp.h"
 #include "logging/rtc_event_log/events/rtc_event_dtls_transport_state.h"
 #include "logging/rtc_event_log/events/rtc_event_dtls_writable_state.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/ice_transport_internal.h"
 #include "p2p/base/packet_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "p2p/dtls/dtls_utils.h"
 #include "rtc_base/buffer.h"
 #include "rtc_base/checks.h"

p2p/dtls/dtls_transport.h

@@ -0,0 +1,277 @@
+/*
+ *  Copyright 2011 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef P2P_DTLS_DTLS_TRANSPORT_H_
+#define P2P_DTLS_DTLS_TRANSPORT_H_
+
+#include <cstddef>
+#include <cstdint>
+#include <memory>
+#include <optional>
+#include <string>
+#include <vector>
+
+#include "absl/strings/string_view.h"
+#include "api/array_view.h"
+#include "api/crypto/crypto_options.h"
+#include "api/dtls_transport_interface.h"
+#include "api/rtc_error.h"
+#include "api/rtc_event_log/rtc_event_log.h"
+#include "api/scoped_refptr.h"
+#include "api/sequence_checker.h"
+#include "p2p/base/ice_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "rtc_base/async_packet_socket.h"
+#include "rtc_base/buffer.h"
+#include "rtc_base/buffer_queue.h"
+#include "rtc_base/network/received_packet.h"
+#include "rtc_base/network/sent_packet.h"
+#include "rtc_base/network_route.h"
+#include "rtc_base/socket.h"
+#include "rtc_base/ssl_certificate.h"
+#include "rtc_base/ssl_fingerprint.h"
+#include "rtc_base/ssl_stream_adapter.h"
+#include "rtc_base/stream.h"
+#include "rtc_base/strings/string_builder.h"
+#include "rtc_base/system/no_unique_address.h"
+#include "rtc_base/thread_annotations.h"
+
+namespace rtc {
+class PacketTransportInternal;
+}
+
+namespace cricket {
+
+// A bridge between a packet-oriented/transport-type interface on
+// the bottom and a StreamInterface on the top.
+class StreamInterfaceChannel : public rtc::StreamInterface {
+ public:
+  explicit StreamInterfaceChannel(IceTransportInternal* ice_transport);
+
+  StreamInterfaceChannel(const StreamInterfaceChannel&) = delete;
+  StreamInterfaceChannel& operator=(const StreamInterfaceChannel&) = delete;
+
+  // Push in a packet; this gets pulled out from Read().
+  bool OnPacketReceived(const char* data, size_t size);
+
+  // Implementations of StreamInterface
+  rtc::StreamState GetState() const override;
+  void Close() override;
+  rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
+                         size_t& read,
+                         int& error) override;
+  rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
+                          size_t& written,
+                          int& error) override;
+
+ private:
+  IceTransportInternal* const ice_transport_;  // owned by DtlsTransport
+  rtc::StreamState state_ RTC_GUARDED_BY(callback_sequence_);
+  rtc::BufferQueue packets_ RTC_GUARDED_BY(callback_sequence_);
+};
+
+// This class provides a DTLS SSLStreamAdapter inside a TransportChannel-style
+// packet-based interface, wrapping an existing TransportChannel instance
+// (e.g a P2PTransportChannel)
+// Here's the way this works:
+//
+//   DtlsTransport {
+//       SSLStreamAdapter* dtls_ {
+//           StreamInterfaceChannel downward_ {
+//               IceTransportInternal* ice_transport_;
+//           }
+//       }
+//   }
+//
+//   - Data which comes into DtlsTransport from the underlying
+//     ice_transport_ via OnReadPacket() is checked for whether it is DTLS
+//     or not, and if it is, is passed to DtlsTransport::HandleDtlsPacket,
+//     which pushes it into to downward_. dtls_ is listening for events on
+//     downward_, so it immediately calls downward_->Read().
+//
+//   - Data written to DtlsTransport is passed either to downward_ or directly
+//     to ice_transport_, depending on whether DTLS is negotiated and whether
+//     the flags include PF_SRTP_BYPASS
+//
+//   - The SSLStreamAdapter writes to downward_->Write() which translates it
+//     into packet writes on ice_transport_.
+//
+// This class is not thread safe; all methods must be called on the same thread
+// as the constructor.
+class DtlsTransport : public DtlsTransportInternal {
+ public:
+  // `ice_transport` is the ICE transport this DTLS transport is wrapping.  It
+  // must outlive this DTLS transport.
+  //
+  // `crypto_options` are the options used for the DTLS handshake. This affects
+  // whether GCM crypto suites are negotiated.
+  //
+  // `event_log` is an optional RtcEventLog for logging state changes. It should
+  // outlive the DtlsTransport.
+  DtlsTransport(
+      IceTransportInternal* ice_transport,
+      const webrtc::CryptoOptions& crypto_options,
+      webrtc::RtcEventLog* event_log,
+      rtc::SSLProtocolVersion max_version = rtc::SSL_PROTOCOL_DTLS_12);
+
+  ~DtlsTransport() override;
+
+  DtlsTransport(const DtlsTransport&) = delete;
+  DtlsTransport& operator=(const DtlsTransport&) = delete;
+
+  webrtc::DtlsTransportState dtls_state() const override;
+  const std::string& transport_name() const override;
+  int component() const override;
+
+  // DTLS is active if a local certificate was set. Otherwise this acts in a
+  // "passthrough" mode, sending packets directly through the underlying ICE
+  // transport.
+  // TODO(deadbeef): Remove this weirdness, and handle it in the upper layers.
+  bool IsDtlsActive() const override;
+
+  // SetLocalCertificate is what makes DTLS active. It must be called before
+  // SetRemoteFinterprint.
+  // TODO(deadbeef): Once DtlsTransport no longer has the concept of being
+  // "active" or not (acting as a passthrough if not active), just require this
+  // certificate on construction or "Start".
+  bool SetLocalCertificate(
+      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override;
+  rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override;
+
+  // SetRemoteFingerprint must be called after SetLocalCertificate, and any
+  // other methods like SetDtlsRole. It's what triggers the actual DTLS setup.
+  // TODO(deadbeef): Rename to "Start" like in ORTC?
+  bool SetRemoteFingerprint(absl::string_view digest_alg,
+                            const uint8_t* digest,
+                            size_t digest_len) override;
+
+  // SetRemoteParameters must be called after SetLocalCertificate.
+  webrtc::RTCError SetRemoteParameters(
+      absl::string_view digest_alg,
+      const uint8_t* digest,
+      size_t digest_len,
+      std::optional<rtc::SSLRole> role) override;
+
+  // Called to send a packet (via DTLS, if turned on).
+  int SendPacket(const char* data,
+                 size_t size,
+                 const rtc::PacketOptions& options,
+                 int flags) override;
+
+  bool GetOption(rtc::Socket::Option opt, int* value) override;
+
+  // Find out which TLS version was negotiated
+  bool GetSslVersionBytes(int* version) const override;
+  // Find out which DTLS-SRTP cipher was negotiated
+  bool GetSrtpCryptoSuite(int* cipher) const override;
+
+  // Find out which signature algorithm was used by the peer. Returns values
+  // from
+  // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
+  // If not applicable, it returns zero.
+  uint16_t GetSslPeerSignatureAlgorithm() const override;
+
+  bool GetDtlsRole(rtc::SSLRole* role) const override;
+  bool SetDtlsRole(rtc::SSLRole role) override;
+
+  // Find out which DTLS cipher was negotiated
+  bool GetSslCipherSuite(int* cipher) const override;
+  std::optional<absl::string_view> GetTlsCipherSuiteName() const override;
+
+  // Once DTLS has been established, this method retrieves the certificate
+  // chain in use by the remote peer, for use in external identity
+  // verification.
+  std::unique_ptr<rtc::SSLCertChain> GetRemoteSSLCertChain() const override;
+
+  // Once DTLS has established (i.e., this ice_transport is writable), this
+  // method extracts the keys negotiated during the DTLS handshake, for use in
+  // external encryption. DTLS-SRTP uses this to extract the needed SRTP keys.
+  bool ExportSrtpKeyingMaterial(
+      rtc::ZeroOnFreeBuffer<uint8_t>& keying_material) override;
+
+  IceTransportInternal* ice_transport() override;
+
+  // For informational purposes. Tells if the DTLS handshake has finished.
+  // This may be true even if writable() is false, if the remote fingerprint
+  // has not yet been verified.
+  bool IsDtlsConnected();
+
+  bool receiving() const override;
+  bool writable() const override;
+
+  int GetError() override;
+
+  std::optional<rtc::NetworkRoute> network_route() const override;
+
+  int SetOption(rtc::Socket::Option opt, int value) override;
+
+  std::string ToString() const {
+    const absl::string_view RECEIVING_ABBREV[2] = {"_", "R"};
+    const absl::string_view WRITABLE_ABBREV[2] = {"_", "W"};
+    rtc::StringBuilder sb;
+    sb << "DtlsTransport[" << transport_name() << "|" << component_ << "|"
+       << RECEIVING_ABBREV[receiving()] << WRITABLE_ABBREV[writable()] << "]";
+    return sb.Release();
+  }
+
+ private:
+  void ConnectToIceTransport();
+
+  void OnWritableState(rtc::PacketTransportInternal* transport);
+  void OnReadPacket(rtc::PacketTransportInternal* transport,
+                    const rtc::ReceivedPacket& packet);
+  void OnSentPacket(rtc::PacketTransportInternal* transport,
+                    const rtc::SentPacket& sent_packet);
+  void OnReadyToSend(rtc::PacketTransportInternal* transport);
+  void OnReceivingState(rtc::PacketTransportInternal* transport);
+  void OnDtlsEvent(int sig, int err);
+  void OnNetworkRouteChanged(std::optional<rtc::NetworkRoute> network_route);
+  bool SetupDtls();
+  void MaybeStartDtls();
+  bool HandleDtlsPacket(rtc::ArrayView<const uint8_t> payload);
+  void OnDtlsHandshakeError(rtc::SSLHandshakeError error);
+  void ConfigureHandshakeTimeout();
+
+  void set_receiving(bool receiving);
+  void set_writable(bool writable);
+  // Sets the DTLS state, signaling if necessary.
+  void set_dtls_state(webrtc::DtlsTransportState state);
+
+  RTC_NO_UNIQUE_ADDRESS webrtc::SequenceChecker thread_checker_;
+
+  const int component_;
+  webrtc::DtlsTransportState dtls_state_ = webrtc::DtlsTransportState::kNew;
+  // Underlying ice_transport, not owned by this class.
+  IceTransportInternal* const ice_transport_;
+  std::unique_ptr<rtc::SSLStreamAdapter> dtls_;  // The DTLS stream
+  StreamInterfaceChannel*
+      downward_;  // Wrapper for ice_transport_, owned by dtls_.
+  const std::vector<int> srtp_ciphers_;  // SRTP ciphers to use with DTLS.
+  bool dtls_active_ = false;
+  rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_;
+  std::optional<rtc::SSLRole> dtls_role_;
+  const rtc::SSLProtocolVersion ssl_max_version_;
+  rtc::Buffer remote_fingerprint_value_;
+  std::string remote_fingerprint_algorithm_;
+
+  // Cached DTLS ClientHello packet that was received before we started the
+  // DTLS handshake. This could happen if the hello was received before the
+  // ice transport became writable, or before a remote fingerprint was received.
+  rtc::Buffer cached_client_hello_;
+
+  bool receiving_ = false;
+  bool writable_ = false;
+
+  webrtc::RtcEventLog* const event_log_;
+};
+
+}  // namespace cricket
+
+#endif  // P2P_DTLS_DTLS_TRANSPORT_H_

p2p/dtls/dtls_transport_factory.h

@@ -8,14 +8,15 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
-#ifndef P2P_BASE_DTLS_TRANSPORT_FACTORY_H_
+#ifndef P2P_DTLS_DTLS_TRANSPORT_FACTORY_H_
-#define P2P_BASE_DTLS_TRANSPORT_FACTORY_H_
+#define P2P_DTLS_DTLS_TRANSPORT_FACTORY_H_
 
 #include <memory>
-#include <string>
 
-#include "p2p/base/dtls_transport_internal.h"
+#include "api/crypto/crypto_options.h"
 #include "p2p/base/ice_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "rtc_base/ssl_stream_adapter.h"
 
 namespace cricket {
 
@@ -37,4 +38,4 @@ class DtlsTransportFactory {
 
 }  // namespace cricket
 
-#endif  // P2P_BASE_DTLS_TRANSPORT_FACTORY_H_
+#endif  // P2P_DTLS_DTLS_TRANSPORT_FACTORY_H_

p2p/dtls/dtls_transport_internal.cc

@@ -8,7 +8,7 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
-#include "p2p/base/dtls_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 
 namespace cricket {
 

p2p/dtls/dtls_transport_internal.h

@@ -0,0 +1,161 @@
+/*
+ *  Copyright 2016 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef P2P_DTLS_DTLS_TRANSPORT_INTERNAL_H_
+#define P2P_DTLS_DTLS_TRANSPORT_INTERNAL_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+#include <optional>
+#include <utility>
+
+#include "absl/base/attributes.h"
+#include "absl/strings/string_view.h"
+#include "api/dtls_transport_interface.h"
+#include "api/rtc_error.h"
+#include "api/scoped_refptr.h"
+#include "p2p/base/ice_transport_internal.h"
+#include "p2p/base/packet_transport_internal.h"
+#include "rtc_base/buffer.h"
+#include "rtc_base/callback_list.h"
+#include "rtc_base/ssl_certificate.h"
+#include "rtc_base/ssl_fingerprint.h"
+#include "rtc_base/ssl_stream_adapter.h"
+
+namespace cricket {
+
+enum PacketFlags {
+  PF_NORMAL = 0x00,       // A normal packet.
+  PF_SRTP_BYPASS = 0x01,  // An encrypted SRTP packet; bypass any additional
+                          // crypto provided by the transport (e.g. DTLS)
+};
+
+// DtlsTransportInternal is an internal interface that does DTLS, also
+// negotiating SRTP crypto suites so that it may be used for DTLS-SRTP.
+//
+// Once the public interface is supported,
+// (https://www.w3.org/TR/webrtc/#rtcdtlstransport-interface)
+// the DtlsTransportInterface will be split from this class.
+class DtlsTransportInternal : public rtc::PacketTransportInternal {
+ public:
+  ~DtlsTransportInternal() override;
+
+  DtlsTransportInternal(const DtlsTransportInternal&) = delete;
+  DtlsTransportInternal& operator=(const DtlsTransportInternal&) = delete;
+
+  virtual webrtc::DtlsTransportState dtls_state() const = 0;
+
+  virtual int component() const = 0;
+
+  virtual bool IsDtlsActive() const = 0;
+
+  virtual bool GetDtlsRole(rtc::SSLRole* role) const = 0;
+
+  virtual bool SetDtlsRole(rtc::SSLRole role) = 0;
+
+  // Finds out which TLS/DTLS version is running.
+  virtual bool GetSslVersionBytes(int* version) const = 0;
+  // Finds out which DTLS-SRTP cipher was negotiated.
+  // TODO(zhihuang): Remove this once all dependencies implement this.
+  virtual bool GetSrtpCryptoSuite(int* cipher) const = 0;
+
+  // Finds out which DTLS cipher was negotiated.
+  // TODO(zhihuang): Remove this once all dependencies implement this.
+  virtual bool GetSslCipherSuite(int* cipher) const = 0;
+  virtual std::optional<absl::string_view> GetTlsCipherSuiteName() const = 0;
+
+  // Find out which signature algorithm was used by the peer. Returns values
+  // from
+  // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
+  // If not applicable, it returns zero.
+  virtual uint16_t GetSslPeerSignatureAlgorithm() const = 0;
+
+  // Gets the local RTCCertificate used for DTLS.
+  virtual rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate()
+      const = 0;
+
+  virtual bool SetLocalCertificate(
+      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) = 0;
+
+  // Gets a copy of the remote side's SSL certificate chain.
+  virtual std::unique_ptr<rtc::SSLCertChain> GetRemoteSSLCertChain() const = 0;
+
+  // Allows key material to be extracted for external encryption.
+  virtual bool ExportSrtpKeyingMaterial(
+      rtc::ZeroOnFreeBuffer<uint8_t>& keying_material) = 0;
+
+  // Set DTLS remote fingerprint. Must be after local identity set.
+  ABSL_DEPRECATED("Use SetRemoteParameters instead.")
+  virtual bool SetRemoteFingerprint(absl::string_view digest_alg,
+                                    const uint8_t* digest,
+                                    size_t digest_len) = 0;
+
+  // Set DTLS remote fingerprint and role. Must be after local identity set.
+  virtual webrtc::RTCError SetRemoteParameters(
+      absl::string_view digest_alg,
+      const uint8_t* digest,
+      size_t digest_len,
+      std::optional<rtc::SSLRole> role) = 0;
+
+  ABSL_DEPRECATED("Set the max version via construction.")
+  bool SetSslMaxProtocolVersion(rtc::SSLProtocolVersion /* version */) {
+    return true;
+  }
+
+  // Expose the underneath IceTransport.
+  virtual IceTransportInternal* ice_transport() = 0;
+
+  // F: void(DtlsTransportInternal*, const webrtc::DtlsTransportState)
+  template <typename F>
+  void SubscribeDtlsTransportState(F&& callback) {
+    dtls_transport_state_callback_list_.AddReceiver(std::forward<F>(callback));
+  }
+
+  template <typename F>
+  void SubscribeDtlsTransportState(const void* id, F&& callback) {
+    dtls_transport_state_callback_list_.AddReceiver(id,
+                                                    std::forward<F>(callback));
+  }
+  // Unsubscribe the subscription with given id.
+  void UnsubscribeDtlsTransportState(const void* id) {
+    dtls_transport_state_callback_list_.RemoveReceivers(id);
+  }
+
+  void SendDtlsState(DtlsTransportInternal* transport,
+                     webrtc::DtlsTransportState state) {
+    dtls_transport_state_callback_list_.Send(transport, state);
+  }
+
+  // Emitted whenever the Dtls handshake failed on some transport channel.
+  // F: void(rtc::SSLHandshakeError)
+  template <typename F>
+  void SubscribeDtlsHandshakeError(F&& callback) {
+    dtls_handshake_error_callback_list_.AddReceiver(std::forward<F>(callback));
+  }
+
+  void SendDtlsHandshakeError(rtc::SSLHandshakeError error) {
+    dtls_handshake_error_callback_list_.Send(error);
+  }
+
+ protected:
+  DtlsTransportInternal();
+
+ private:
+  webrtc::CallbackList<const rtc::SSLHandshakeError>
+      dtls_handshake_error_callback_list_;
+  webrtc::CallbackList<DtlsTransportInternal*, const webrtc::DtlsTransportState>
+      dtls_transport_state_callback_list_;
+};
+
+}  // namespace cricket
+
+#endif  // P2P_DTLS_DTLS_TRANSPORT_INTERNAL_H_

p2p/dtls/dtls_transport_unittest.cc

@@ -8,28 +8,40 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
-#include "p2p/base/dtls_transport.h"
+#include "p2p/dtls/dtls_transport.h"
 
-#include <algorithm>
 #include <cstddef>
 #include <cstdint>
+#include <cstring>
 #include <memory>
+#include <optional>
 #include <set>
-#include <utility>
+#include <string>
+#include <vector>
 
 #include "absl/strings/string_view.h"
+#include "api/array_view.h"
+#include "api/crypto/crypto_options.h"
 #include "api/dtls_transport_interface.h"
+#include "api/scoped_refptr.h"
+#include "api/units/time_delta.h"
 #include "p2p/base/fake_ice_transport.h"
 #include "p2p/base/packet_transport_internal.h"
-#include "rtc_base/checks.h"
+#include "p2p/base/transport_description.h"
-#include "rtc_base/crypto_random.h"
+#include "p2p/dtls/dtls_transport_internal.h"
-#include "rtc_base/dscp.h"
+#include "rtc_base/buffer.h"
+#include "rtc_base/byte_order.h"
+#include "rtc_base/fake_clock.h"
 #include "rtc_base/gunit.h"
+#include "rtc_base/logging.h"
 #include "rtc_base/network/received_packet.h"
 #include "rtc_base/rtc_certificate.h"
-#include "rtc_base/ssl_adapter.h"
+#include "rtc_base/ssl_fingerprint.h"
 #include "rtc_base/ssl_identity.h"
 #include "rtc_base/ssl_stream_adapter.h"
+#include "rtc_base/third_party/sigslot/sigslot.h"
+#include "rtc_base/thread.h"
+#include "test/gtest.h"
 
 #define MAYBE_SKIP_TEST(feature)                                  \
   if (!(rtc::SSLStreamAdapter::feature())) {                      \

p2p/dtls/fake_dtls_transport.h

@@ -8,23 +8,37 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
-#ifndef P2P_BASE_FAKE_DTLS_TRANSPORT_H_
+#ifndef P2P_DTLS_FAKE_DTLS_TRANSPORT_H_
-#define P2P_BASE_FAKE_DTLS_TRANSPORT_H_
+#define P2P_DTLS_FAKE_DTLS_TRANSPORT_H_
 
+#include <cstdint>
 #include <cstring>
 #include <memory>
+#include <optional>
 #include <string>
 #include <utility>
-#include <vector>
 
 #include "absl/strings/string_view.h"
-#include "api/crypto/crypto_options.h"
+#include "api/array_view.h"
 #include "api/dtls_transport_interface.h"
-#include "p2p/base/dtls_transport_internal.h"
+#include "api/rtc_error.h"
+#include "api/scoped_refptr.h"
 #include "p2p/base/fake_ice_transport.h"
+#include "p2p/base/ice_transport_internal.h"
+#include "p2p/base/packet_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "rtc_base/async_packet_socket.h"
+#include "rtc_base/buffer.h"
+#include "rtc_base/checks.h"
 #include "rtc_base/fake_ssl_identity.h"
+#include "rtc_base/logging.h"
 #include "rtc_base/network/received_packet.h"
+#include "rtc_base/network_route.h"
 #include "rtc_base/rtc_certificate.h"
+#include "rtc_base/socket.h"
+#include "rtc_base/ssl_fingerprint.h"
+#include "rtc_base/ssl_stream_adapter.h"
+#include "rtc_base/thread.h"
 
 namespace cricket {
 
@@ -321,4 +335,4 @@ class FakeDtlsTransport : public DtlsTransportInternal {
 
 }  // namespace cricket
 
-#endif  // P2P_BASE_FAKE_DTLS_TRANSPORT_H_
+#endif  // P2P_DTLS_FAKE_DTLS_TRANSPORT_H_

pc/BUILD.gn

@@ -135,6 +135,7 @@ rtc_source_set("dtls_srtp_transport") {
   deps = [
     ":srtp_transport",
     "../api:dtls_transport_interface",
+    "../api:field_trials_view",
     "../api:libjingle_peerconnection_api",
     "../api:rtc_error",
     "../p2p:dtls_transport_internal",
@@ -547,6 +548,7 @@ rtc_source_set("sctp_transport") {
     "../api:dtls_transport_interface",
     "../api:libjingle_peerconnection_api",
     "../api:priority",
+    "../api:rtc_error",
     "../api:scoped_refptr",
     "../api:sequence_checker",
     "../api/transport:datagram_transport_interface",
@@ -554,6 +556,7 @@ rtc_source_set("sctp_transport") {
     "../p2p:dtls_transport_internal",
     "../p2p:rtc_p2p",
     "../rtc_base:checks",
+    "../rtc_base:copy_on_write_buffer",
     "../rtc_base:logging",
     "../rtc_base:macromagic",
     "../rtc_base:threading",
@@ -658,6 +661,7 @@ rtc_source_set("transport_stats") {
     "../p2p:port",
     "../p2p:rtc_p2p",
     "../rtc_base:ssl_adapter",
+    "//third_party/abseil-cpp/absl/strings:string_view",
   ]
 }
 
@@ -2003,6 +2007,7 @@ if (rtc_include_tests && !build_with_chromium) {
       ":simulcast_description",
       ":srtp_session",
       ":srtp_transport",
+      ":transport_stats",
       ":used_ids",
       ":video_rtp_receiver",
       "../api:array_view",
@@ -2010,6 +2015,7 @@ if (rtc_include_tests && !build_with_chromium) {
       "../api:candidate",
       "../api:dtls_transport_interface",
       "../api:ice_transport_factory",
+      "../api:ice_transport_interface",
       "../api:libjingle_peerconnection_api",
       "../api:make_ref_counted",
       "../api:make_ref_counted",
@@ -2021,6 +2027,8 @@ if (rtc_include_tests && !build_with_chromium) {
       "../api:scoped_refptr",
       "../api:sequence_checker",
       "../api/audio_codecs:audio_codecs_api",
+      "../api/crypto:options",
+      "../api/environment:environment",
       "../api/environment:environment_factory",
       "../api/task_queue:pending_task_safety_flag",
       "../api/task_queue:task_queue",
@@ -2041,6 +2049,7 @@ if (rtc_include_tests && !build_with_chromium) {
       "../media:stream_params",
       "../modules/rtp_rtcp:rtp_rtcp_format",
       "../p2p:candidate_pair_interface",
+      "../p2p:dtls_transport",
       "../p2p:dtls_transport_factory",
       "../p2p:dtls_transport_internal",
       "../p2p:fake_ice_transport",
@@ -2063,7 +2072,9 @@ if (rtc_include_tests && !build_with_chromium) {
       "../rtc_base:logging",
       "../rtc_base:macromagic",
       "../rtc_base:net_helper",
+      "../rtc_base:network_route",
       "../rtc_base:rtc_base_tests_utils",
+      "../rtc_base:socket",
       "../rtc_base:socket_address",
       "../rtc_base:ssl",
       "../rtc_base:ssl_adapter",

pc/channel.cc

@@ -35,7 +35,7 @@
 #include "media/base/rtp_utils.h"
 #include "media/base/stream_params.h"
 #include "modules/rtp_rtcp/source/rtp_packet_received.h"
-#include "p2p/base/dtls_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/rtp_media_utils.h"
 #include "pc/rtp_transport_internal.h"
 #include "pc/session_description.h"

pc/channel_unittest.cc

@@ -13,14 +13,22 @@
 #include <stddef.h>
 
 #include <cstdint>
+#include <memory>
+#include <optional>
 #include <string>
-#include <type_traits>
+#include <utility>
+#include <vector>
 
 #include "absl/functional/any_invocable.h"
 #include "api/array_view.h"
 #include "api/audio_options.h"
+#include "api/crypto/crypto_options.h"
+#include "api/jsep.h"
 #include "api/rtp_headers.h"
 #include "api/rtp_parameters.h"
+#include "api/rtp_transceiver_direction.h"
+#include "api/scoped_refptr.h"
+#include "api/sequence_checker.h"
 #include "api/task_queue/pending_task_safety_flag.h"
 #include "media/base/codec.h"
 #include "media/base/fake_media_engine.h"
@@ -28,23 +36,31 @@
 #include "media/base/media_channel.h"
 #include "media/base/media_constants.h"
 #include "media/base/rid_description.h"
+#include "media/base/stream_params.h"
 #include "p2p/base/candidate_pair_interface.h"
-#include "p2p/base/dtls_transport_internal.h"
-#include "p2p/base/fake_dtls_transport.h"
 #include "p2p/base/fake_packet_transport.h"
 #include "p2p/base/ice_transport_internal.h"
 #include "p2p/base/p2p_constants.h"
 #include "p2p/base/packet_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "p2p/dtls/fake_dtls_transport.h"
 #include "pc/dtls_srtp_transport.h"
 #include "pc/jsep_transport.h"
 #include "pc/rtp_transport.h"
+#include "pc/rtp_transport_internal.h"
+#include "pc/session_description.h"
 #include "rtc_base/arraysize.h"
 #include "rtc_base/buffer.h"
 #include "rtc_base/byte_order.h"
 #include "rtc_base/checks.h"
+#include "rtc_base/network_route.h"
 #include "rtc_base/rtc_certificate.h"
+#include "rtc_base/socket.h"
 #include "rtc_base/ssl_identity.h"
 #include "rtc_base/task_queue_for_test.h"
+#include "rtc_base/third_party/sigslot/sigslot.h"
+#include "rtc_base/thread.h"
+#include "rtc_base/unique_id_generator.h"
 #include "test/gmock.h"
 #include "test/gtest.h"
 #include "test/scoped_key_value_config.h"

pc/dtls_srtp_transport.h

@@ -11,15 +11,15 @@
 #ifndef PC_DTLS_SRTP_TRANSPORT_H_
 #define PC_DTLS_SRTP_TRANSPORT_H_
 
+#include <cstdint>
 #include <functional>
 #include <optional>
-#include <string>
 #include <vector>
 
 #include "api/dtls_transport_interface.h"
-#include "api/rtc_error.h"
+#include "api/field_trials_view.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/packet_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/srtp_transport.h"
 #include "rtc_base/buffer.h"
 

pc/dtls_srtp_transport_integrationtest.cc

@@ -8,20 +8,35 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
+#include <cstddef>
 #include <cstdint>
+#include <cstring>
+#include <memory>
+#include <optional>
 
+#include "api/crypto/crypto_options.h"
+#include "api/dtls_transport_interface.h"
+#include "api/scoped_refptr.h"
 #include "call/rtp_demuxer.h"
 #include "media/base/fake_rtp.h"
-#include "p2p/base/dtls_transport.h"
 #include "p2p/base/fake_ice_transport.h"
+#include "p2p/base/transport_description.h"
+#include "p2p/dtls/dtls_transport.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/dtls_srtp_transport.h"
 #include "pc/srtp_transport.h"
 #include "pc/test/rtp_transport_test_util.h"
+#include "rtc_base/async_packet_socket.h"
+#include "rtc_base/buffer.h"
 #include "rtc_base/copy_on_write_buffer.h"
 #include "rtc_base/fake_clock.h"
 #include "rtc_base/gunit.h"
 #include "rtc_base/rtc_certificate.h"
+#include "rtc_base/ssl_fingerprint.h"
 #include "rtc_base/ssl_identity.h"
+#include "rtc_base/ssl_stream_adapter.h"
+#include "rtc_base/string_encode.h"
+#include "rtc_base/thread.h"
 #include "test/gtest.h"
 #include "test/scoped_key_value_config.h"
 

pc/dtls_srtp_transport_unittest.cc

@@ -14,22 +14,26 @@
 
 #include <cstdint>
 #include <memory>
+#include <vector>
 
 #include "call/rtp_demuxer.h"
 #include "media/base/fake_rtp.h"
-#include "p2p/base/dtls_transport_internal.h"
-#include "p2p/base/fake_dtls_transport.h"
 #include "p2p/base/fake_ice_transport.h"
 #include "p2p/base/p2p_constants.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "p2p/dtls/fake_dtls_transport.h"
 #include "pc/rtp_transport.h"
+#include "pc/srtp_transport.h"
 #include "pc/test/rtp_transport_test_util.h"
 #include "rtc_base/async_packet_socket.h"
+#include "rtc_base/buffer.h"
 #include "rtc_base/byte_order.h"
 #include "rtc_base/containers/flat_set.h"
 #include "rtc_base/copy_on_write_buffer.h"
 #include "rtc_base/rtc_certificate.h"
 #include "rtc_base/ssl_identity.h"
 #include "rtc_base/third_party/sigslot/sigslot.h"
+#include "rtc_base/thread.h"
 #include "test/gtest.h"
 #include "test/scoped_key_value_config.h"
 

pc/dtls_transport.h

@@ -17,8 +17,8 @@
 #include "api/dtls_transport_interface.h"
 #include "api/ice_transport_interface.h"
 #include "api/scoped_refptr.h"
-#include "p2p/base/dtls_transport.h"
+#include "api/sequence_checker.h"
-#include "p2p/base/dtls_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/ice_transport.h"
 #include "rtc_base/synchronization/mutex.h"
 #include "rtc_base/thread.h"

pc/dtls_transport_unittest.cc

@@ -10,18 +10,22 @@
 
 #include "pc/dtls_transport.h"
 
+#include <memory>
 #include <optional>
 #include <utility>
 #include <vector>
 
+#include "api/dtls_transport_interface.h"
 #include "api/make_ref_counted.h"
 #include "api/rtc_error.h"
-#include "p2p/base/fake_dtls_transport.h"
+#include "api/scoped_refptr.h"
 #include "p2p/base/p2p_constants.h"
+#include "p2p/dtls/fake_dtls_transport.h"
 #include "rtc_base/fake_ssl_identity.h"
 #include "rtc_base/gunit.h"
 #include "rtc_base/rtc_certificate.h"
 #include "rtc_base/ssl_identity.h"
+#include "rtc_base/thread.h"
 #include "test/gmock.h"
 #include "test/gtest.h"
 

pc/jsep_transport.h

@@ -25,9 +25,9 @@
 #include "api/transport/data_channel_transport_interface.h"
 #include "call/payload_type_picker.h"
 #include "media/sctp/sctp_transport_internal.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/ice_transport_internal.h"
 #include "p2p/base/transport_description.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/dtls_srtp_transport.h"
 #include "pc/dtls_transport.h"
 #include "pc/rtcp_mux_filter.h"

pc/jsep_transport_controller.cc

@@ -41,14 +41,14 @@
 #include "media/base/codec.h"
 #include "media/sctp/sctp_transport_internal.h"
 #include "modules/rtp_rtcp/source/rtp_packet_received.h"
-#include "p2p/base/dtls_transport.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/ice_transport_internal.h"
 #include "p2p/base/p2p_constants.h"
 #include "p2p/base/port.h"
 #include "p2p/base/port_allocator.h"
 #include "p2p/base/transport_description.h"
 #include "p2p/base/transport_info.h"
+#include "p2p/dtls/dtls_transport.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/dtls_srtp_transport.h"
 #include "pc/dtls_transport.h"
 #include "pc/jsep_transport.h"

pc/jsep_transport_controller.h

@@ -41,9 +41,6 @@
 #include "call/payload_type_picker.h"
 #include "media/base/codec.h"
 #include "modules/rtp_rtcp/source/rtp_packet_received.h"
-#include "p2p/base/dtls_transport.h"
-#include "p2p/base/dtls_transport_factory.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/ice_transport_internal.h"
 #include "p2p/base/p2p_transport_channel.h"
 #include "p2p/base/packet_transport_internal.h"
@@ -51,6 +48,9 @@
 #include "p2p/base/port_allocator.h"
 #include "p2p/base/transport_description.h"
 #include "p2p/base/transport_info.h"
+#include "p2p/dtls/dtls_transport.h"
+#include "p2p/dtls/dtls_transport_factory.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/dtls_srtp_transport.h"
 #include "pc/dtls_transport.h"
 #include "pc/jsep_transport.h"

pc/jsep_transport_controller_unittest.cc

@@ -10,19 +10,42 @@
 
 #include "pc/jsep_transport_controller.h"
 
+#include <cstdint>
 #include <map>
+#include <memory>
+#include <optional>
 #include <string>
 #include <utility>
+#include <vector>
 
+#include "api/crypto/crypto_options.h"
 #include "api/dtls_transport_interface.h"
+#include "api/environment/environment.h"
 #include "api/environment/environment_factory.h"
+#include "api/ice_transport_interface.h"
+#include "api/jsep.h"
+#include "api/make_ref_counted.h"
+#include "api/peer_connection_interface.h"
+#include "api/scoped_refptr.h"
+#include "api/transport/data_channel_transport_interface.h"
 #include "api/transport/enums.h"
+#include "call/payload_type_picker.h"
 #include "p2p/base/candidate_pair_interface.h"
-#include "p2p/base/dtls_transport_factory.h"
-#include "p2p/base/fake_dtls_transport.h"
 #include "p2p/base/fake_ice_transport.h"
+#include "p2p/base/ice_transport_internal.h"
 #include "p2p/base/p2p_constants.h"
+#include "p2p/base/port_allocator.h"
+#include "p2p/base/transport_description.h"
 #include "p2p/base/transport_info.h"
+#include "p2p/dtls/dtls_transport_factory.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "p2p/dtls/fake_dtls_transport.h"
+#include "pc/dtls_transport.h"
+#include "pc/rtp_transport_internal.h"
+#include "pc/session_description.h"
+#include "pc/transport_stats.h"
+#include "rtc_base/checks.h"
+#include "rtc_base/copy_on_write_buffer.h"
 #include "rtc_base/fake_ssl_identity.h"
 #include "rtc_base/gunit.h"
 #include "rtc_base/logging.h"
@@ -30,7 +53,9 @@
 #include "rtc_base/socket_address.h"
 #include "rtc_base/ssl_fingerprint.h"
 #include "rtc_base/ssl_identity.h"
+#include "rtc_base/ssl_stream_adapter.h"
 #include "rtc_base/task_queue_for_test.h"
+#include "rtc_base/third_party/sigslot/sigslot.h"
 #include "rtc_base/thread.h"
 #include "test/gtest.h"
 #include "test/scoped_key_value_config.h"

pc/jsep_transport_unittest.cc

@@ -13,29 +13,47 @@
 #include <stdint.h>
 #include <string.h>
 
+#include <memory>
+#include <optional>
 #include <ostream>
 #include <string>
 #include <tuple>
 #include <utility>
+#include <vector>
 
 #include "api/candidate.h"
+#include "api/ice_transport_interface.h"
+#include "api/jsep.h"
+#include "api/make_ref_counted.h"
+#include "api/scoped_refptr.h"
+#include "call/payload_type_picker.h"
 #include "media/base/fake_rtp.h"
-#include "p2p/base/fake_dtls_transport.h"
 #include "p2p/base/fake_ice_transport.h"
+#include "p2p/base/ice_transport_internal.h"
 #include "p2p/base/p2p_constants.h"
 #include "p2p/base/packet_transport_internal.h"
+#include "p2p/base/transport_description.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "p2p/dtls/fake_dtls_transport.h"
+#include "pc/dtls_srtp_transport.h"
+#include "pc/rtp_transport.h"
+#include "pc/srtp_transport.h"
+#include "pc/transport_stats.h"
 #include "rtc_base/async_packet_socket.h"
 #include "rtc_base/buffer.h"
 #include "rtc_base/byte_order.h"
 #include "rtc_base/copy_on_write_buffer.h"
-#include "rtc_base/crypto_random.h"
 #include "rtc_base/logging.h"
 #include "rtc_base/net_helper.h"
 #include "rtc_base/network/received_packet.h"
+#include "rtc_base/rtc_certificate.h"
 #include "rtc_base/socket_address.h"
 #include "rtc_base/ssl_certificate.h"
+#include "rtc_base/ssl_fingerprint.h"
 #include "rtc_base/ssl_identity.h"
+#include "rtc_base/ssl_stream_adapter.h"
 #include "rtc_base/third_party/sigslot/sigslot.h"
+#include "rtc_base/thread.h"
 #include "test/gtest.h"
 #include "test/scoped_key_value_config.h"
 

pc/peer_connection.cc

@@ -72,7 +72,6 @@
 #include "modules/rtp_rtcp/source/rtp_packet_received.h"
 #include "p2p/base/basic_async_resolver_factory.h"
 #include "p2p/base/connection_info.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/ice_transport_internal.h"
 #include "p2p/base/p2p_constants.h"
 #include "p2p/base/p2p_transport_channel.h"
@@ -80,6 +79,7 @@
 #include "p2p/base/port_allocator.h"
 #include "p2p/base/transport_description.h"
 #include "p2p/base/transport_info.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/channel_interface.h"
 #include "pc/connection_context.h"
 #include "pc/data_channel_utils.h"

pc/rtp_sender_receiver_unittest.cc

@@ -47,9 +47,9 @@
 #include "media/base/stream_params.h"
 #include "media/base/test_utils.h"
 #include "media/engine/fake_webrtc_call.h"
-#include "p2p/base/dtls_transport_internal.h"
-#include "p2p/base/fake_dtls_transport.h"
 #include "p2p/base/p2p_constants.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "p2p/dtls/fake_dtls_transport.h"
 #include "pc/audio_rtp_receiver.h"
 #include "pc/audio_track.h"
 #include "pc/dtls_srtp_transport.h"

pc/sctp_transport.h

@@ -11,17 +11,20 @@
 #ifndef PC_SCTP_TRANSPORT_H_
 #define PC_SCTP_TRANSPORT_H_
 
+#include <cstddef>
 #include <memory>
 
 #include "api/dtls_transport_interface.h"
+#include "api/priority.h"
+#include "api/rtc_error.h"
 #include "api/scoped_refptr.h"
 #include "api/sctp_transport_interface.h"
 #include "api/sequence_checker.h"
 #include "api/transport/data_channel_transport_interface.h"
 #include "media/sctp/sctp_transport_internal.h"
-#include "p2p/base/dtls_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/dtls_transport.h"
-#include "rtc_base/checks.h"
+#include "rtc_base/copy_on_write_buffer.h"
 #include "rtc_base/thread.h"
 #include "rtc_base/thread_annotations.h"
 

pc/sctp_transport_unittest.cc

@@ -10,21 +10,30 @@
 
 #include "pc/sctp_transport.h"
 
+#include <cstddef>
+#include <functional>
+#include <memory>
 #include <optional>
 #include <utility>
 #include <vector>
 
 #include "absl/memory/memory.h"
 #include "api/dtls_transport_interface.h"
+#include "api/make_ref_counted.h"
 #include "api/priority.h"
+#include "api/rtc_error.h"
+#include "api/scoped_refptr.h"
+#include "api/sctp_transport_interface.h"
 #include "api/transport/data_channel_transport_interface.h"
-#include "media/base/media_channel.h"
+#include "media/sctp/sctp_transport_internal.h"
-#include "p2p/base/fake_dtls_transport.h"
 #include "p2p/base/p2p_constants.h"
 #include "p2p/base/packet_transport_internal.h"
+#include "p2p/dtls/dtls_transport_internal.h"
+#include "p2p/dtls/fake_dtls_transport.h"
 #include "pc/dtls_transport.h"
 #include "rtc_base/copy_on_write_buffer.h"
 #include "rtc_base/gunit.h"
+#include "rtc_base/thread.h"
 #include "test/gmock.h"
 #include "test/gtest.h"
 

pc/srtp_transport_unittest.cc

@@ -12,18 +12,22 @@
 
 #include <string.h>
 
+#include <cstdint>
+#include <memory>
 #include <vector>
 
 #include "call/rtp_demuxer.h"
 #include "media/base/fake_rtp.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/fake_packet_transport.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/test/rtp_transport_test_util.h"
 #include "pc/test/srtp_test_util.h"
 #include "rtc_base/async_packet_socket.h"
+#include "rtc_base/buffer.h"
 #include "rtc_base/byte_order.h"
 #include "rtc_base/checks.h"
 #include "rtc_base/containers/flat_set.h"
+#include "rtc_base/copy_on_write_buffer.h"
 #include "rtc_base/ssl_stream_adapter.h"
 #include "rtc_base/third_party/sigslot/sigslot.h"
 #include "test/gtest.h"

pc/transport_stats.h

@@ -11,13 +11,14 @@
 #ifndef PC_TRANSPORT_STATS_H_
 #define PC_TRANSPORT_STATS_H_
 
+#include <cstdint>
+#include <optional>
 #include <string>
 #include <vector>
 
+#include "absl/strings/string_view.h"
 #include "api/dtls_transport_interface.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/ice_transport_internal.h"
-#include "p2p/base/port.h"
 #include "rtc_base/ssl_stream_adapter.h"
 
 namespace cricket {

test/peer_scenario/BUILD.gn

@@ -64,6 +64,7 @@ if (rtc_include_tests) {
       "../../modules/audio_device:test_audio_device_module",
       "../../modules/rtp_rtcp:rtp_rtcp_format",
       "../../p2p:basic_port_allocator",
+      "../../p2p:dtls_transport_internal",
       "../../p2p:rtc_p2p",
       "../../p2p:transport_description",
       "../../pc:channel",

test/peer_scenario/scenario_connection.cc

@@ -31,11 +31,11 @@
 #include "call/rtp_packet_sink_interface.h"
 #include "media/base/rtp_utils.h"
 #include "modules/rtp_rtcp/source/rtp_packet_received.h"
-#include "p2p/base/dtls_transport_internal.h"
 #include "p2p/base/p2p_constants.h"
 #include "p2p/base/port_allocator.h"
 #include "p2p/base/transport_description.h"
 #include "p2p/client/basic_port_allocator.h"
+#include "p2p/dtls/dtls_transport_internal.h"
 #include "pc/dtls_transport.h"
 #include "pc/jsep_transport_controller.h"
 #include "pc/rtp_transport_internal.h"