This reverts commit 4de5839c1117e5bb96148c8575a74a69bde02768.
Reason for revert: Bug fixed + DCHECK added
Original change's description:
> Revert "Move piggybacking controller from P2PTC to DTLS transport"
>
> This reverts commit 29e639e0a495a537c610182ab9b04aed8cf10426.
>
> Reason for revert: found bug accessing variable after it has been moved.
>
> Original change's description:
> > Move piggybacking controller from P2PTC to DTLS transport
> >
> > The DTLS-STUN piggybacking controller is associated with both the DTLS
> > transport and the ICE transport (P2PTransportChannel). It turned out to
> > be more closely associated with the DTLS transport and requires less
> > plumbing when moved there.
> >
> > The config option to enable the feature remains as part of the ICE
> > transport config since the ICE transport does not know its "upstream"
> > DTLS transport and hence can not query the config from it.
> >
> > BUG=webrtc:367395350
> >
> > Change-Id: Iafd5abd8b65855bcf32bf840414d96513d8e6300
> > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/375283
> > Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
> > Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
> > Cr-Commit-Position: refs/heads/main@{#43823}
>
> Bug: webrtc:367395350
> Change-Id: I2d83de8890b0aa230dd9e21cb5ce2eb03c8d3564
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/375861
> Bot-Commit: rubber-stamper@appspot.gserviceaccount.com <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
> Cr-Commit-Position: refs/heads/main@{#43824}
Bug: webrtc:367395350
Change-Id: I4b4acccf15de565736b072ca2de88a1551a6378e
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/375862
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43825}
This reverts commit 29e639e0a495a537c610182ab9b04aed8cf10426.
Reason for revert: found bug accessing variable after it has been moved.
Original change's description:
> Move piggybacking controller from P2PTC to DTLS transport
>
> The DTLS-STUN piggybacking controller is associated with both the DTLS
> transport and the ICE transport (P2PTransportChannel). It turned out to
> be more closely associated with the DTLS transport and requires less
> plumbing when moved there.
>
> The config option to enable the feature remains as part of the ICE
> transport config since the ICE transport does not know its "upstream"
> DTLS transport and hence can not query the config from it.
>
> BUG=webrtc:367395350
>
> Change-Id: Iafd5abd8b65855bcf32bf840414d96513d8e6300
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/375283
> Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
> Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
> Cr-Commit-Position: refs/heads/main@{#43823}
Bug: webrtc:367395350
Change-Id: I2d83de8890b0aa230dd9e21cb5ce2eb03c8d3564
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/375861
Bot-Commit: rubber-stamper@appspot.gserviceaccount.com <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43824}
The DTLS-STUN piggybacking controller is associated with both the DTLS
transport and the ICE transport (P2PTransportChannel). It turned out to
be more closely associated with the DTLS transport and requires less
plumbing when moved there.
The config option to enable the feature remains as part of the ICE
transport config since the ICE transport does not know its "upstream"
DTLS transport and hence can not query the config from it.
BUG=webrtc:367395350
Change-Id: Iafd5abd8b65855bcf32bf840414d96513d8e6300
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/375283
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43823}
DTLS 1.3 encrypts more parts of the handshake so we move from
deep packet inspection to looking at the state of DTLS to
decide whether to intercept the packet.
BUG=webrtc:367395350
Change-Id: Idb1eda0437f24002f48381af5d6a167a4a153381
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/374501
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43794}
the lack of this led to a DTLS restart in the default case.
Also reduce the log level from "ERROR" to "INFO".
BUG=webrtc:367395350
Change-Id: I52cd74f508ca4b4c28b11220ea82d95081558eee
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/374503
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43752}
This change puts the DTLS handshake as payload of STUN packets with a custom STUN attribute (registered with the IANA) and starts the DTLS handshake before the ICE transport becomes writable. Effectively, STUN acts as a transport layer for DTLS during the handshake phase.
This will theoretically reduce the call setup time by one RTT for aggressive nomination or two RTTs for regular nomination.
The latest DTLS packet (flight) is cached and sent on every STUN request or response. DTLS packets are extracted from every authenticated STUN request or response and handled to the DTLS layer for processing.
The caching also increases the resilience to packet loss as STUN pacing is more aggressive (every 20ms) than the exponential backoff used by DTLS which should reduce call setup time in lossy networks.
If the other side of the connection does not support this feature the fallback to normal DTLS happens as soon as the ICE transport becomes writable. This also handles edge-cases like fragmentation of the DTLS handshake.
The feature is only supported when ECDSA certificates are used since RSA certificates are too large to transport as STUN attributes. The observed attributes for the server and client flights with the certificates were around 600 to 650 bytes. This may be further reduced by using raw public keys defined in RFC 7250.
This feature is disabled by default and guarded by the field trial
WebRTC-IceHandshakeDtls
and requires experimentation and standardization before roll-out in the browser.
Parts of this landed in
https://webrtc-review.googlesource.com/c/src/+/370679
BUG=webrtc:367395350
Change-Id: I4809438b2a267c4690a9b2bd6f1766d2f959500d
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/362480
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43742}
where we can not extract any message_seq for piggybacking.
BUG=webrtc:367395350
Change-Id: I2e42d3b1304b5cf204c34bc8a136f17c363e011c
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/372881
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43731}
This patchs adds a field trial for enabling DTLS1.3, WebRTC-ForceDtls13
- "Enabled" set max version to DTLS1.3
- "Only" set min & max version to DTLS1.3
Wireup a FieldTrialsView so that this does not
use the global string.
Also convert the WebRTC-DisableTlsSessionTicketKillswitch
from global string to FieldTrialsView.
BUG=webrtc:383141571
Change-Id: Ia775efc1dcbffd01bfddb6030490438cb8de89d7
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/372261
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43616}
Modify openssl_stream_adapter to check/set
timer regardless of dtls state. This is needed for DTLS1.3
orelse handshake will never complete if last client
packet is lost (e.g if retransmit is not triggered after
writable) as show by TestHandshakeLoseSecondClientPacket.
TestHandshakeLoseSecondClientPacket works with/without this
patch if using DTLS1.2.
BUG=webrtc:383141571
Change-Id: I2757783c9e79686d1fbe0eff12341ab9e3863fdd
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/372201
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43610}
which implements the handshaking logic of the DTLS-STUN piggybacking.
Not wired up yet, split from
https://webrtc-review.googlesource.com/c/src/+/362480
BUG=webrtc:367395350
Change-Id: I9ee8ff17af4ec96fb891d9852ac50825155735a8
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/370679
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43606}
- add DTLS1.3 ciphers (without KeyType)
- remove code in dtls_transport.cc that tries to parse DTLS packet
- cleanup some test
- start on test for packet loss during dtls handshake (more to come!)
After this patch is submitted, it is possible
to set max version = dtls1.3 and it will active
but DON'T do it yet.
BUG=webrtc:383141571
Change-Id: I6f9a120c53415ccee7a560ea83bd0c2636702997
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/371300
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43595}
for (partially) parsing DTLS packets and extracting the msg_seqs
BUG=webrtc:367395350
Change-Id: Ieb0fc121c6dc82118ced5939c1a9ebe2d72e3cb3
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/370181
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43501}
