-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: don't panic on STUN requests for unknown interfaces #493
fix: don't panic on STUN requests for unknown interfaces #493
Conversation
// The local candidate will be | ||
// either a host candidate (for cases where the request was not received | ||
// through a relay) or a relayed candidate (for cases where it is | ||
// received through a relay). The local candidate can never be a | ||
// server-reflexive candidate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am wondering if this is still true with our changes in #455? Shouldn't we instead also check for server-reflexive candidates and compare the base instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The .expect
here comes from the assumption you're going to configure all ways you are going to receive traffic. server-reflexive (and peer-reflexive) are secondary (not configured), they are discovered and more crucially always received via a primary (host or relayed).
The logic below would be very strange if the local_idx can be a secondary (reflexive). It would imply we can make a NAT - NAT like a server reflexive of a server reflexive.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does this scenario not use .accepts_message()
to test whether the ICE agent want the packet?
While I accept we don't have to panic, I still believe the user should configure the ICE agent correctly. Silently discarding random UDP packets means it's easy to introduce bugs and not notice a misconfiguration.
We do use |
Line 767 in 3c5edee
|
Interesting! That would be good to know. It makes a big difference to me if accepts_message says "yes" and handle_message says "panic"! Spontaneously it seems these should be in lockstep. |
See the comment above. i think we'd have to change Note that the way this panic gets triggered for us is:
Combinding (1) and (2) leads to a race condition where we might have already invalidated a candidate but the remote wants to still send use STUN requests. |
Right. Hm. Maybe we should just add the interface check to the accepts message. Neither of "I accept it and discard it", or "I accept it and panic" seems entirely right. |
My take on it is:
Perhaps as a compromise, we could make |
We can also (additionally) align the two APIs such that the entire packet can be passed to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm good merging this now, if you think it's ok?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we return false
now, should we also change stun_server_handle_message
to return false
in case we discard it based on an unknown candidate?
I tried that but didn't like where it was going. Places like I decided that rather than muddle the semantics, the bool is exactly that of |
Okay, in that case, isn't that commit unrelated to this change? I am not sure how atomic you want to be on your PRs but it could be done separately in that case. Otherwise, I am happy with this going in :) |
Let's merge it! I'll reference the PR twice in the changelog. |
This bump includes a fix that triggers a panic on unknown interfaces (algesten/str0m#493). The panic is what is currently blocking #4268 from proceeding.
This bump includes a fix that triggers a panic on unknown interfaces (algesten/str0m#493). The panic is what is currently blocking #4268 from proceeding.
This bump includes a fix that triggers a panic on unknown interfaces (algesten/str0m#493). The panic is what is currently blocking #4268 from proceeding.
Resolves: #473.