I used a command like this to update the paths:
perl -pi -e "s/webrtc\/base/webrtc\/rtc_base/g" `find webrtc/rtc_base -name "*.cc" -o -name "*.h"`
BUG=webrtc:7634
NOPRESUBMIT=True # cpplint errors that aren't caused by this CL.
Review-Url: https://codereview.webrtc.org/2969623003
Cr-Commit-Position: refs/heads/master@{#18870}
Before this CL, we would negotiate:
- No crypto suites for data m= sections.
- A full set for audio m= sections.
- The full set, minus SRTP_AES128_CM_SHA1_32 for video m= sections.
However, this doesn't make sense with BUNDLE, since any DTLS
association could end up being used for any type of media. If
video is "bundled on" the audio transport (which is typical), it
will actually end up using SRTP_AES128_CM_SHA1_32.
So, this CL moves the responsibility of deciding SRTP crypto suites out
of BaseChannel and into DtlsTransport. The only two possibilities are
now "normal set" or "normal set + GCM", if enabled by the PC factory
options.
This fixes an issue (see linked bug) that was occurring when audio/video
were "bundled onto" the data transport. Since the data transport
wasn't negotiating any SRTP crypto suites, none were available to use
for audio/video, so the application would get black video/no audio.
This CL doesn't affect the SDES SRTP crypto suite negotiation;
it only affects the negotiation in the DLTS handshake, through
the use_srtp extension.
BUG=chromium:711243
Review-Url: https://codereview.webrtc.org/2815513012
Cr-Commit-Position: refs/heads/master@{#17810}
JSEP implementations are required to always generate offers with
"actpass", but remote endpoints are not. So we should accept remote
offers with the current negotiated DTLS role.
This was recently clarified in dtls-sdp; it was somewhat ambiguous
before.
Also doing a bit of refactoring of JsepTransport (making a method
private that should have been private, fixing unit tests that were
directly calling said method).
BUG=webrtc:7072
Review-Url: https://codereview.webrtc.org/2770903003
Cr-Commit-Position: refs/heads/master@{#17396}
This is the naming scheme we've been using for internal interfaces.
Also, this CL will introduce a PacketTransportInterface in the webrtc namespace,
which would get too easily confused with the rtc:: one:
https://codereview.webrtc.org/2675173003/
BUG=None
Review-Url: https://codereview.webrtc.org/2679103006
Cr-Commit-Position: refs/heads/master@{#16539}
Bulk of the changes were done using
git grep -l '#include "webrtc/base/common.h"' | \
xargs sed -i '\,^#include.*webrtc/base/common\.h,d'
followed by adding back the include in the few places where it is
still needed, and in one case (pseudotcp.cc) instead deleting its use
of RTC_UNUSED.
BUG=webrtc:6424
Review-Url: https://codereview.webrtc.org/2644103002
Cr-Commit-Position: refs/heads/master@{#16263}
... As opposed to DtlsTransportInternal.
The code is suboptimal right now, storing two pointers to the different
interfaces. This will all be cleaned up when we have an "RtpTransport"
abstraction that BaseChannel can use.
This CL also cleans up the "fake transport" classes a bit, and gives
them their own header files.
BUG=None
Review-Url: https://codereview.webrtc.org/2648233003
Cr-Commit-Position: refs/heads/master@{#16258}
These defines don't work any more, so they only cause confusion:
FEATURE_ENABLE_SSL
HAVE_OPENSSL_SSL_H
SSL_USE_OPENSSL
BUG=webrtc:7025
Review-Url: https://codereview.webrtc.org/2640513002
Cr-Commit-Position: refs/heads/master@{#16224}
Reason for revert:
Broke chromium build, due to a config being removed. Will add it back and remove the dependency in a chromium CL.
Original issue's description:
> Removing #defines previously used for building without BoringSSL/OpenSSL.
>
> These defines don't work any more, so they only cause confusion:
>
> FEATURE_ENABLE_SSL
> HAVE_OPENSSL_SSL_H
> SSL_USE_OPENSSL
>
> BUG=webrtc:7025
>
> Review-Url: https://codereview.webrtc.org/2640513002
> Cr-Commit-Position: refs/heads/master@{#16196}
> Committed: eaa826c2eeTBR=kjellander@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:7025
Review-Url: https://codereview.webrtc.org/2648003003
Cr-Commit-Position: refs/heads/master@{#16197}
These defines don't work any more, so they only cause confusion:
FEATURE_ENABLE_SSL
HAVE_OPENSSL_SSL_H
SSL_USE_OPENSSL
BUG=webrtc:7025
Review-Url: https://codereview.webrtc.org/2640513002
Cr-Commit-Position: refs/heads/master@{#16196}
DtlsTransportChannelWrapper is renamed to be DtlsTransport which inherits from
DtlsTransportInternal. There will be no concept of "channel" in p2p level.
Both P2PTransportChannel and DtlsTransport don't depend on TransportChannel
and TransportChannelImpl any more and they are removed in this CL.
BUG=none
Review-Url: https://codereview.webrtc.org/2606123002
Cr-Commit-Position: refs/heads/master@{#16173}
Reason for revert:
Failed the memory check.
May need to fix the memory leak.
Original issue's description:
> make the DtlsTransportWrapper inherit form DtlsTransportInternal
>
> BUG=none
>
> Review-Url: https://codereview.webrtc.org/2606123002
> Cr-Commit-Position: refs/heads/master@{#16160}
> Committed: 5aed06c8d3TBR=deadbeef@webrtc.org,pthatcher@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=none
Review-Url: https://codereview.webrtc.org/2639203004
Cr-Commit-Position: refs/heads/master@{#16162}
In top level test functions, replaced with gtest ASSERT_*. In helper
methods in main test files, replaced with EXPECT_* or RTC_DCHECK on a
case-by-case basis.
In separate mock/fake classes used by tests (which might be of some
use also in tests of third-party applications), ASSERT was replaced
with RTC_CHECK, using
git grep -l ' ASSERT(' | grep -v common.h | \
xargs sed -i 's/ ASSERT(/ RTC_CHECK(/'
followed by additional includes of base/checks.h in affected files,
and git cl format.
BUG=webrtc:6424
Review-Url: https://codereview.webrtc.org/2622413005
Cr-Commit-Position: refs/heads/master@{#16150}
Make P2PTransportChannel inherit from IceTransportInternal instead of
TransportChannelImpl and TransportChannel, so that the DTLS-related methods can
be separated from P2PTransportChannel.
BUG=webrtc:6951
Review-Url: https://codereview.webrtc.org/2608353003
Cr-Commit-Position: refs/heads/master@{#16041}
Reason for revert:
Breaks Chromium WebRTC FYI bots:
https://build.chromium.org/p/chromium.webrtc.fyi/builders/Linux%20Builder/builds/12337
The error was masked by another breaking change that was committer earlier. This is the first build showing the error.
Original issue's description:
> Make P2PTransportChannel inherit from IceTransportInternal.
>
> Make P2PTransportChannel inherit from IceTransportInternal instead of
> TransportChannelImpl and TransportChannel, so that the DTLS-related methods can
> be separated from P2PTransportChannel.
>
> BUG=none
>
> Review-Url: https://codereview.webrtc.org/2590063002
> Cr-Commit-Position: refs/heads/master@{#15743}
> Committed: 12749d89d9TBR=deadbeef@webrtc.org,zhihuang@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=none
Review-Url: https://codereview.webrtc.org/2594343002
Cr-Commit-Position: refs/heads/master@{#15751}
Make P2PTransportChannel inherit from IceTransportInternal instead of
TransportChannelImpl and TransportChannel, so that the DTLS-related methods can
be separated from P2PTransportChannel.
BUG=none
Review-Url: https://codereview.webrtc.org/2590063002
Cr-Commit-Position: refs/heads/master@{#15743}
Their base class, Transport, still exists, but it now has a more specific
role: a helper class that applies TransportDescriptions. And is renamed
to JsepTransport as a result.
TransportController is now the entity primarily responsible for managing
TransportChannels. It also starts storing pointers to the DTLS and ICE
chanels separately, which will make it easier to remove
TransportChannel/TransportChannelImpl in a subsequent CL.
BUG=None
Review-Url: https://codereview.webrtc.org/2517883002
Cr-Commit-Position: refs/heads/master@{#15453}
Reason for revert:
Deletion of transport.h broke downstream builds.
Going to reland with transport.h containing enums/etc.
Original issue's description:
> Refactoring that removes P2PTransport and DtlsTransport classes.
>
> Their base class, Transport, still exists, but it now has a more specific
> role: a helper class that applies TransportDescriptions. And is renamed
> to JsepTransport as a result.
>
> TransportController is now the entity primarily responsible for managing
> TransportChannels. It also starts storing pointers to the DTLS and ICE
> chanels separately, which will make it easier to remove
> TransportChannel/TransportChannelImpl in a subsequent CL.
>
> BUG=None
>
> Committed: https://crrev.com/bd28681d02dee8c185aeb39207e8154f0ad14a37
> Cr-Commit-Position: refs/heads/master@{#15450}
TBR=pthatcher@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=None
Review-Url: https://codereview.webrtc.org/2553043004
Cr-Commit-Position: refs/heads/master@{#15452}
Their base class, Transport, still exists, but it now has a more specific
role: a helper class that applies TransportDescriptions. And is renamed
to JsepTransport as a result.
TransportController is now the entity primarily responsible for managing
TransportChannels. It also starts storing pointers to the DTLS and ICE
chanels separately, which will make it easier to remove
TransportChannel/TransportChannelImpl in a subsequent CL.
BUG=None
Review-Url: https://codereview.webrtc.org/2517883002
Cr-Commit-Position: refs/heads/master@{#15450}
Introduce rtc::PacketTransportInterface. Refactor cricket::TransportChannel.
Fix signal slots parameter types in all related code.
BUG=webrtc:6531
Review-Url: https://codereview.webrtc.org/2416023002
Cr-Commit-Position: refs/heads/master@{#14778}
This means the DTLS handshake can make progress while the SDP answer
containing the fingerprint is still in transit. If the signaling path
if significantly slower than the media path, this can have a moderate
impact on call setup time.
Of course, until the fingerprint is verified no media can be sent. Any
attempted write will result in SR_BLOCK.
This essentially fulfills the requirements of RFC 4572, Section 6.2:
Note that when the offer/answer model is being used, it is possible
for a media connection to outrace the answer back to the offerer.
Thus, if the offerer has offered a 'setup:passive' or 'setup:actpass'
role, it MUST (as specified in RFC 4145 [2]) begin listening for an
incoming connection as soon as it sends its offer. However, it MUST
NOT assume that the data transmitted over the TLS connection is valid
until it has received a matching fingerprint in an SDP answer. If
the fingerprint, once it arrives, does not match the client's
certificate, the server endpoint MUST terminate the media connection
with a bad_certificate error, as stated in the previous paragraph.
BUG=webrtc:6387
Review-Url: https://codereview.webrtc.org/2163683003
Cr-Commit-Position: refs/heads/master@{#14461}
Reason for revert:
Broke a downstream user of SSLStreamAdapter. Need to add the new interface (returning error code instead of bool) in a backwards compatible way.
Original issue's description:
> Allow the DTLS fingerprint verification to occur after the handshake.
>
> This means the DTLS handshake can make progress while the SDP answer
> containing the fingerprint is still in transit. If the signaling path
> if significantly slower than the media path, this can have a moderate
> impact on call setup time.
>
> Of course, until the fingerprint is verified no media can be sent. Any
> attempted write will result in SR_BLOCK.
>
> This essentially fulfills the requirements of RFC 4572, Section 6.2:
>
> Note that when the offer/answer model is being used, it is possible
> for a media connection to outrace the answer back to the offerer.
> Thus, if the offerer has offered a 'setup:passive' or 'setup:actpass'
> role, it MUST (as specified in RFC 4145 [2]) begin listening for an
> incoming connection as soon as it sends its offer. However, it MUST
> NOT assume that the data transmitted over the TLS connection is valid
> until it has received a matching fingerprint in an SDP answer. If
> the fingerprint, once it arrives, does not match the client's
> certificate, the server endpoint MUST terminate the media connection
> with a bad_certificate error, as stated in the previous paragraph.
>
> BUG=webrtc:6387
> R=mattdr@webrtc.org, pthatcher@webrtc.org
>
> Committed: https://crrev.com/042041bf9585f92e962387c59ca805f1218338f9
> Cr-Commit-Position: refs/heads/master@{#14296}
TBR=pthatcher@webrtc.org,mattdr@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:6387
Review-Url: https://codereview.webrtc.org/2352863003
Cr-Commit-Position: refs/heads/master@{#14298}
This means the DTLS handshake can make progress while the SDP answer
containing the fingerprint is still in transit. If the signaling path
if significantly slower than the media path, this can have a moderate
impact on call setup time.
Of course, until the fingerprint is verified no media can be sent. Any
attempted write will result in SR_BLOCK.
This essentially fulfills the requirements of RFC 4572, Section 6.2:
Note that when the offer/answer model is being used, it is possible
for a media connection to outrace the answer back to the offerer.
Thus, if the offerer has offered a 'setup:passive' or 'setup:actpass'
role, it MUST (as specified in RFC 4145 [2]) begin listening for an
incoming connection as soon as it sends its offer. However, it MUST
NOT assume that the data transmitted over the TLS connection is valid
until it has received a matching fingerprint in an SDP answer. If
the fingerprint, once it arrives, does not match the client's
certificate, the server endpoint MUST terminate the media connection
with a bad_certificate error, as stated in the previous paragraph.
BUG=webrtc:6387
R=mattdr@webrtc.org, pthatcher@webrtc.org
Review URL: https://codereview.webrtc.org/2163683003 .
Cr-Commit-Position: refs/heads/master@{#14296}
The DtlsTransportChannel wasn't properly handling the
P2PTransportChannel becoming writable before receiving a remote
fingerprint; it wasn't starting the DTLS handshake whenever this
happened.
Review-Url: https://codereview.webrtc.org/2140283002
Cr-Commit-Position: refs/heads/master@{#13469}
Reason for revert:
Breaks user code. Said code needs to stop using scoped_ptr!
Original issue's description:
> Remove webrtc/base/scoped_ptr.h
>
> BUG=webrtc:5520
>
> NOTRY=True
>
> Committed: https://crrev.com/65fc62e9dd8a8716db625aaef76ab92f542ecc5a
> Cr-Commit-Position: refs/heads/master@{#12684}
TBR=tommi@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:5520
Review-Url: https://codereview.webrtc.org/1965063003
Cr-Commit-Position: refs/heads/master@{#12686}
In some cases, the DTLS ClientHello may arrive before the server's
transport is writable (before it receives a STUN ping response), or
even before it receives a remote fingerprint. If this packet is
discarded, it may take a second for a it to be sent again.
So, this CL caches it instead of dropping it, and feeds it into
the SSL library once the handshake has been started.
BUG=webrtc:5789
Review-Url: https://codereview.webrtc.org/1912323002
Cr-Commit-Position: refs/heads/master@{#12634}
This propagated into various other places. Also had to #include headers that
were implicitly pulled by "scoped_ptr.h".
BUG=webrtc:5520
Review URL: https://codereview.webrtc.org/1920043002
Cr-Commit-Position: refs/heads/master@{#12501}
Instead of using a raw pointer output parameter. This affects
SSLStreamAdapter::GetPeerCertificate
Transport::GetRemoteSSLCertificate
TransportChannel::GetRemoteSSLCertificate
TransportController::GetRemoteSSLCertificate
WebRtcSession::GetRemoteSSLCertificate
This is a good idea in general, but will also be very convenient when
scoped_ptr is gone, since unique_ptr doesn't have an .accept() method.
BUG=webrtc:5520
Review URL: https://codereview.webrtc.org/1802013002
Cr-Commit-Position: refs/heads/master@{#12262}
The old code insists on exact cipher suite matches with hardwired expectations. It does this matching parameterized with key type (RSA vs ECDSA) and TLS version (DTLS vs TLS and version 1.0 vs 1.2).
This CL changes things to check against a white-list of cipher suites, with the check parameterized with key type (again RSA vs ECDSA). Then separately checks TLS version since the old implicit check of TLS version by means of resulting cipher suite was too blunt.
Using a white list for cipher suites isn't perfect, but it is safe and requires minimal maintenance. It allows compatibility with not just one exact version of underlying crypto lib, but any version with reasonable defaults.
The CL also re-enables critical tests which had to be disabled recently to allow a boringssl roll.
BUG=webrtc:5634
Review URL: https://codereview.webrtc.org/1774583002
Cr-Commit-Position: refs/heads/master@{#11951}
It's never used anywhere, so it only causes confusion between
itself and SessionDescriptionInterface::candidates.
Review URL: https://codereview.webrtc.org/1642733002
Cr-Commit-Position: refs/heads/master@{#11420}
We can now use std::move instead!
This CL leaves the Pass methods in place; a follow-up CL will add deprecation annotations to them.
Review URL: https://codereview.webrtc.org/1460043002
Cr-Commit-Position: refs/heads/master@{#11064}
Reason for revert:
Broke chromium fyi build.
Original issue's description:
> Convert internal representation of Srtp cryptos from string to int.
>
> Note that the coversion from int to string happens in 3 places
> 1) SDP layer from int to external names. mediasession.cc GetSupportedSuiteNames.
> 2) for SSL_CTX_set_tlsext_use_srtp(), converting from int to internal names.
> 3) stats collection also needs external names.
>
> External names are like AES_CM_128_HMAC_SHA1_80, specified in sslstreamadapter.cc.
> Internal names are like SRTP_AES128_CM_SHA1_80, specified in opensslstreamadapter.cc.
>
> The conversion from string to int happens in one place only, SDP layer, SrtpFilter::ApplyParams().
>
> BUG=webrtc:5043
>
> Committed: https://crrev.com/2764e1027a08a5543e04b854a27a520801faf6eb
> Cr-Commit-Position: refs/heads/master@{#10701}
TBR=juberti@webrtc.org,pthatcher@webrtc.org,juberti@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:5043
Review URL: https://codereview.webrtc.org/1455233005
Cr-Commit-Position: refs/heads/master@{#10702}
Note that the coversion from int to string happens in 3 places
1) SDP layer from int to external names. mediasession.cc GetSupportedSuiteNames.
2) for SSL_CTX_set_tlsext_use_srtp(), converting from int to internal names.
3) stats collection also needs external names.
External names are like AES_CM_128_HMAC_SHA1_80, specified in sslstreamadapter.cc.
Internal names are like SRTP_AES128_CM_SHA1_80, specified in opensslstreamadapter.cc.
The conversion from string to int happens in one place only, SDP layer, SrtpFilter::ApplyParams().
BUG=webrtc:5043
Review URL: https://codereview.webrtc.org/1416673006
Cr-Commit-Position: refs/heads/master@{#10701}
