ICE does not resolve for turns relay candidates rooted in LetsEncry…

…pt CA

https://bugs.webkit.org/show_bug.cgi?id=219274

Reviewed by Eric Carlson.

Source/ThirdParty/libwebrtc:

* Configurations/libwebrtc.iOS.exp:
* Configurations/libwebrtc.iOSsim.exp:
* Configurations/libwebrtc.mac.exp:

Source/WebCore:

Introduce a new runtime flag that is used to control whether using the new webrtc socket code path or not.

* page/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::webRTCPlatformSocketsEnabled const):
(WebCore::RuntimeEnabledFeatures::setWebRTCPlatformSocketsEnabled):

Source/WebKit:

Use NWConnection for client TCP sockets.
This allows piggy-backing on this API for things such as proxies or certificate validation.
Implementation does opening a TCP socket with TLS using NWConnection:
- If the socket is created for STUN/TURN, it is sending packets as is. For receiving data, the socket
will make sure to split received data in meaningful messages that WebProcess will process.
- If the socket is TCP for data, sent data is prefixed with the size of the data. For received data,
the length of the message is read and we wait to receive the whole message data to send it to WebProcess.

We enable that new code path based on an experimental feature.
Tested manually with TURNS servers and TCP-only connections.

* NetworkProcess/webrtc/NetworkRTCProvider.cpp:
(WebKit::NetworkRTCProvider::createClientTCPSocket):
* NetworkProcess/webrtc/NetworkRTCProvider.h:
(WebKit::NetworkRTCProvider::setPlatformSocketsEnabled):
* NetworkProcess/webrtc/NetworkRTCProvider.messages.in:
* NetworkProcess/webrtc/NetworkRTCSocketSocketCocoa.h: Added.
* NetworkProcess/webrtc/NetworkRTCSocketSocketCocoa.mm: Added.
(WebKit::socketQueue):
(WebKit::NetworkRTCSocketSocketCocoa::createClientTCPSocket):
(WebKit::isStunMessage):
(WebKit::getSTUNOrTURNMessageLength):
(WebKit::extractSTUNOrTURNMessages):
(WebKit::extractMessages):
(WebKit::processMessage):
(WebKit::NetworkRTCSocketSocketCocoa::NetworkRTCSocketSocketCocoa):
(WebKit::NetworkRTCSocketSocketCocoa::close):
(WebKit::NetworkRTCSocketSocketCocoa::setOption):
(WebKit::dataFromVector):
(WebKit::NetworkRTCSocketSocketCocoa::sendTo):
* SourcesCocoa.txt:
* WebKit.xcodeproj/project.pbxproj:
* WebProcess/Network/webrtc/LibWebRTCSocketFactory.cpp:
(WebKit::LibWebRTCSocketFactory::setConnection):

Source/WTF:

* Scripts/Preferences/WebPreferencesExperimental.yaml:


Canonical link: https://commits.webkit.org/232293@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270626 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/ThirdParty/libwebrtc/ChangeLog

@@ -1,3 +1,14 @@
+2020-12-10  Youenn Fablet  <youenn@apple.com>
+
+        ICE does not resolve for `turns` relay candidates rooted in LetsEncrypt CA
+        https://bugs.webkit.org/show_bug.cgi?id=219274
+
+        Reviewed by Eric Carlson.
+
+        * Configurations/libwebrtc.iOS.exp:
+        * Configurations/libwebrtc.iOSsim.exp:
+        * Configurations/libwebrtc.mac.exp:
+
 2020-12-04  Adam Roben  <aroben@apple.com>
 
         More FALLBACK_PLATFORM adoption

Source/ThirdParty/libwebrtc/Configurations/libwebrtc.iOS.exp

@@ -87,6 +87,7 @@ __ZN3rtc19BasicNetworkManagerC1Ev
 __ZNK3rtc13SocketAddress14IsUnresolvedIPEv
 __ZN3rtc13SocketAddress5SetIPERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEE
 __ZNK3rtc9IPAddress12ipv4_addressEv
+__ZNK3rtc9IPAddress8ToStringEv
 __ZN3rtc7NetworkC1ERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_RKNS_9IPAddressEiNS_11AdapterTypeE
 __ZN3rtc7Network6SetIPsERKNSt3__16vectorINS_16InterfaceAddressENS1_9allocatorIS3_EEEEb
 __ZN3rtc9ProxyInfoC1Ev

Source/ThirdParty/libwebrtc/Configurations/libwebrtc.iOSsim.exp

@@ -87,6 +87,7 @@ __ZN3rtc19BasicNetworkManagerC1Ev
 __ZNK3rtc13SocketAddress14IsUnresolvedIPEv
 __ZN3rtc13SocketAddress5SetIPERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEE
 __ZNK3rtc9IPAddress12ipv4_addressEv
+__ZNK3rtc9IPAddress8ToStringEv
 __ZN3rtc7NetworkC1ERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_RKNS_9IPAddressEiNS_11AdapterTypeE
 __ZN3rtc7Network6SetIPsERKNSt3__16vectorINS_16InterfaceAddressENS1_9allocatorIS3_EEEEb
 __ZN3rtc9ProxyInfoC1Ev

Source/ThirdParty/libwebrtc/Configurations/libwebrtc.mac.exp

@@ -87,6 +87,7 @@ __ZN3rtc19BasicNetworkManagerC1Ev
 __ZNK3rtc13SocketAddress14IsUnresolvedIPEv
 __ZN3rtc13SocketAddress5SetIPERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEE
 __ZNK3rtc9IPAddress12ipv4_addressEv
+__ZNK3rtc9IPAddress8ToStringEv
 __ZN3rtc7NetworkC1ERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_RKNS_9IPAddressEiNS_11AdapterTypeE
 __ZN3rtc7Network6SetIPsERKNSt3__16vectorINS_16InterfaceAddressENS1_9allocatorIS3_EEEEb
 __ZN3rtc9ProxyInfoC1Ev

Source/WTF/ChangeLog

@@ -1,3 +1,12 @@
+2020-12-10  Youenn Fablet  <youenn@apple.com>
+
+        ICE does not resolve for `turns` relay candidates rooted in LetsEncrypt CA
+        https://bugs.webkit.org/show_bug.cgi?id=219274
+
+        Reviewed by Eric Carlson.
+
+        * Scripts/Preferences/WebPreferencesExperimental.yaml:
+
 2020-12-10  Jiewen Tan  <jiewen_tan@apple.com>
 
         Unreviewed, build fix after r270616

Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml

@@ -1049,6 +1049,16 @@ WebRTCPlatformCodecsInGPUProcessEnabled:
     WebKit:
       default: WebKit::defaultWebRTCCodecsInGPUProcess()
 
+WebRTCPlatformSocketsEnabled:
+  type: bool
+  humanReadableName: "WebRTC Platform Sockets"
+  humanReadableDescription: "Enable WebRTC Platform Sockets"
+  webcoreBinding: RuntimeEnabledFeatures
+  condition: ENABLE(WEB_RTC)
+  defaultValue:
+    WebKit:
+      default: false
+
 WebRTCVP9Profile0CodecEnabled:
   type: bool
   humanReadableName: "WebRTC VP9 profile 0 codec"

Source/WebCore/ChangeLog

@@ -1,3 +1,16 @@
+2020-12-10  Youenn Fablet  <youenn@apple.com>
+
+        ICE does not resolve for `turns` relay candidates rooted in LetsEncrypt CA
+        https://bugs.webkit.org/show_bug.cgi?id=219274
+
+        Reviewed by Eric Carlson.
+
+        Introduce a new runtime flag that is used to control whether using the new webrtc socket code path or not.
+
+        * page/RuntimeEnabledFeatures.h:
+        (WebCore::RuntimeEnabledFeatures::webRTCPlatformSocketsEnabled const):
+        (WebCore::RuntimeEnabledFeatures::setWebRTCPlatformSocketsEnabled):
+
 2020-12-10  Aditya Keerthi  <akeerthi@apple.com>
 
         [iOS][FCR] Add new look for input type=range

Source/WebCore/page/RuntimeEnabledFeatures.h

@@ -165,6 +165,8 @@ class RuntimeEnabledFeatures {
     void setWebRTCH264SimulcastEnabled(bool isEnabled) { m_isWebRTCH264SimulcastEnabled = isEnabled; }
     bool webRTCPlatformCodecsInGPUProcessEnabled() const { return m_isWebRTCPlatformCodecsInGPUProcessEnabled; }
     void setWebRTCPlatformCodecsInGPUProcessEnabled(bool isEnabled) { m_isWebRTCPlatformCodecsInGPUProcessEnabled = isEnabled; }
+    bool webRTCPlatformSocketsEnabled() const { return m_isWebRTCPlatformSocketsEnabled; }
+    void setWebRTCPlatformSocketsEnabled(bool isEnabled) { m_isWebRTCPlatformSocketsEnabled = isEnabled; }
 #endif
 
 #if ENABLE(DATALIST_ELEMENT)
@@ -317,6 +319,7 @@ class RuntimeEnabledFeatures {
     bool m_isWebRTCVP9Profile0CodecEnabled { false };
     bool m_isWebRTCVP9Profile2CodecEnabled { false };
     bool m_isWebRTCH264LowLatencyEncoderEnabled { false };
+    bool m_isWebRTCPlatformSocketsEnabled { false };
 #endif
 
 #if ENABLE(DATALIST_ELEMENT)

Source/WebKit/ChangeLog

@@ -1,3 +1,45 @@
+2020-12-10  Youenn Fablet  <youenn@apple.com>
+
+        ICE does not resolve for `turns` relay candidates rooted in LetsEncrypt CA
+        https://bugs.webkit.org/show_bug.cgi?id=219274
+
+        Reviewed by Eric Carlson.
+
+        Use NWConnection for client TCP sockets.
+        This allows piggy-backing on this API for things such as proxies or certificate validation.
+        Implementation does opening a TCP socket with TLS using NWConnection:
+        - If the socket is created for STUN/TURN, it is sending packets as is. For receiving data, the socket
+        will make sure to split received data in meaningful messages that WebProcess will process.
+        - If the socket is TCP for data, sent data is prefixed with the size of the data. For received data,
+        the length of the message is read and we wait to receive the whole message data to send it to WebProcess.
+
+        We enable that new code path based on an experimental feature.
+        Tested manually with TURNS servers and TCP-only connections.
+
+        * NetworkProcess/webrtc/NetworkRTCProvider.cpp:
+        (WebKit::NetworkRTCProvider::createClientTCPSocket):
+        * NetworkProcess/webrtc/NetworkRTCProvider.h:
+        (WebKit::NetworkRTCProvider::setPlatformSocketsEnabled):
+        * NetworkProcess/webrtc/NetworkRTCProvider.messages.in:
+        * NetworkProcess/webrtc/NetworkRTCSocketSocketCocoa.h: Added.
+        * NetworkProcess/webrtc/NetworkRTCSocketSocketCocoa.mm: Added.
+        (WebKit::socketQueue):
+        (WebKit::NetworkRTCSocketSocketCocoa::createClientTCPSocket):
+        (WebKit::isStunMessage):
+        (WebKit::getSTUNOrTURNMessageLength):
+        (WebKit::extractSTUNOrTURNMessages):
+        (WebKit::extractMessages):
+        (WebKit::processMessage):
+        (WebKit::NetworkRTCSocketSocketCocoa::NetworkRTCSocketSocketCocoa):
+        (WebKit::NetworkRTCSocketSocketCocoa::close):
+        (WebKit::NetworkRTCSocketSocketCocoa::setOption):
+        (WebKit::dataFromVector):
+        (WebKit::NetworkRTCSocketSocketCocoa::sendTo):
+        * SourcesCocoa.txt:
+        * WebKit.xcodeproj/project.pbxproj:
+        * WebProcess/Network/webrtc/LibWebRTCSocketFactory.cpp:
+        (WebKit::LibWebRTCSocketFactory::setConnection):
+
 2020-12-10  Antoine Quint  <graouts@webkit.org>
 
         Unified WebKit build fails

Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.cpp

@@ -46,6 +46,7 @@
 
 #if PLATFORM(COCOA)
 #include "NetworkRTCResolverCocoa.h"
+#include "NetworkRTCSocketCocoa.h"
 #endif
 
 namespace WebKit {
@@ -175,6 +176,14 @@ void NetworkRTCProvider::createClientTCPSocket(LibWebRTCSocketIdentifier identif
             return;
         }
         callOnRTCNetworkThread([this, identifier, localAddress = RTCNetwork::isolatedCopy(localAddress.value), remoteAddress = RTCNetwork::isolatedCopy(remoteAddress.value), proxyInfo = proxyInfoFromSession(remoteAddress, *session), userAgent = WTFMove(userAgent).isolatedCopy(), options]() mutable {
+#if PLATFORM(COCOA)
+            if (m_platformSocketsEnabled) {
+                if (auto socket = NetworkRTCSocketCocoa::createClientTCPSocket(identifier, *this, remoteAddress, options, m_ipcConnection.copyRef())) {
+                    addSocket(identifier, WTFMove(socket));
+                    return;
+                }
+            }
+#endif
             rtc::PacketSocketTcpOptions tcpOptions;
             tcpOptions.opts = options;
             std::unique_ptr<rtc::AsyncPacketSocket> socket(m_packetSocketFactory->CreateClientTcpSocket(localAddress, remoteAddress, proxyInfo, userAgent.utf8().data(), tcpOptions));
@@ -351,14 +360,6 @@ void NetworkRTCProvider::callOnRTCNetworkThread(Function<void()>&& callback)
     m_rtcNetworkThread.Post(RTC_FROM_HERE, this, 1, new NetworkMessageData(*this, WTFMove(callback)));
 }
 
-void NetworkRTCProvider::sendFromMainThread(Function<void(IPC::Connection&)>&& callback)
-{
-    callOnMainThread([provider = makeRef(*this), callback = WTFMove(callback)]() {
-        if (provider->m_connection)
-            callback(provider->m_connection->connection());
-    });
-}
-
 } // namespace WebKit
 
 #endif // USE(LIBWEBRTC)

Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.h

@@ -87,7 +87,6 @@ class NetworkRTCProvider : public rtc::MessageHandler, public IPC::Connection::T
     void close();
 
     void callOnRTCNetworkThread(Function<void()>&&);
-    void sendFromMainThread(Function<void(IPC::Connection&)>&&);
 
     void newConnection(Socket&, std::unique_ptr<rtc::AsyncPacketSocket>&&);
 
@@ -108,6 +107,7 @@ class NetworkRTCProvider : public rtc::MessageHandler, public IPC::Connection::T
     void sendToSocket(WebCore::LibWebRTCSocketIdentifier, const IPC::DataReference&, RTCNetwork::SocketAddress&&, RTCPacketOptions&&);
     void closeSocket(WebCore::LibWebRTCSocketIdentifier);
     void setSocketOption(WebCore::LibWebRTCSocketIdentifier, int option, int value);
+    void setPlatformSocketsEnabled(bool enabled) { m_platformSocketsEnabled = enabled; }
 
     void createResolver(LibWebRTCResolverIdentifier, String&&);
     void stopResolver(LibWebRTCResolverIdentifier);
@@ -137,6 +137,7 @@ class NetworkRTCProvider : public rtc::MessageHandler, public IPC::Connection::T
     HashMap<WebCore::LibWebRTCSocketIdentifier, std::unique_ptr<rtc::AsyncPacketSocket>> m_pendingIncomingSockets;
     bool m_isListeningSocketAuthorized { true };
     bool m_canLog { false };
+    bool m_platformSocketsEnabled { false };
 };
 
 } // namespace WebKit

Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.messages.in

@@ -28,6 +28,8 @@ messages -> NetworkRTCProvider {
     CreateClientTCPSocket(WebCore::LibWebRTCSocketIdentifier identifier, WebKit::RTCNetwork::SocketAddress localAddress, WebKit::RTCNetwork::SocketAddress remoteAddress, String userAgent, int options)
     WrapNewTCPConnection(WebCore::LibWebRTCSocketIdentifier identifier, WebCore::LibWebRTCSocketIdentifier newConnectionSocketIdentifier)
 
+    void SetPlatformSocketsEnabled(bool enabled)
+
     CreateResolver(WebKit::LibWebRTCResolverIdentifier identifier, String address)
     StopResolver(WebKit::LibWebRTCResolverIdentifier identifier)
 

Source/WebKit/NetworkProcess/webrtc/NetworkRTCSocketCocoa.h

@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if USE(LIBWEBRTC) && PLATFORM(COCOA)
+
+#include "NetworkRTCProvider.h"
+#include <Network/Network.h>
+
+namespace rtc {
+class SocketAddress;
+}
+
+namespace WebKit {
+
+class NetworkRTCSocketCocoa final : public NetworkRTCProvider::Socket {
+    WTF_MAKE_FAST_ALLOCATED;
+public:
+    static std::unique_ptr<NetworkRTCProvider::Socket> createClientTCPSocket(WebCore::LibWebRTCSocketIdentifier, NetworkRTCProvider&, const rtc::SocketAddress&, int options, Ref<IPC::Connection>&&);
+
+    NetworkRTCSocketCocoa(WebCore::LibWebRTCSocketIdentifier, NetworkRTCProvider&, const rtc::SocketAddress&, int options, Ref<IPC::Connection>&&);
+
+private:
+    // NetworkRTCProvider::Socket.
+    WebCore::LibWebRTCSocketIdentifier identifier() const final { return m_identifier; }
+    Type type() const final { return Type::ClientTCP; }
+    void close() final;
+    void setOption(int option, int value) final;
+    void sendTo(const uint8_t*, size_t, const rtc::SocketAddress&, const rtc::PacketOptions&) final;
+
+    Vector<uint8_t> createMessageBuffer(const uint8_t*, size_t);
+
+    WebCore::LibWebRTCSocketIdentifier m_identifier;
+    NetworkRTCProvider& m_rtcProvider;
+    Ref<IPC::Connection> m_connection;
+    RetainPtr<nw_connection_t> m_nwConnection;
+    bool m_isSTUN { false };
+};
+
+} // namespace WebKit
+
+#endif // USE(LIBWEBRTC) && PLATFORM(COCOA)