-
-
Notifications
You must be signed in to change notification settings - Fork 346
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
replace legacy / hard-wired WebRTC IP handling policy changes with existing kWebRTCIPHandlingPolicy preference #589
Comments
Thanks for submitting an issue.
Yes, I am aware of the deprecation in progress, I left them changed just in case as it was not clear to me if they had any effect. From reading the code a few weeks ago I remember that when the browser finds them at initialization time they are simply used to set the new preference value and supposedly never accessed again.
This corresponds to the patch used before fixing #553; you can read there why this was not sufficient: Custom Content Tabs would ignore that policy and use the default instead. |
Yeah, it just migrates from them in
I think it does respect the policy. This code path just isn't used for the WebView or custom tabs since it sets up preferences for the browser specifically. You would need to register the preference elsewhere. The preference does work, just not registering it only for the browser. It applies to other preferences that are set there too. |
That is correct, however I do not know how to set the default preference for the Custom Content Tabs or the SystemWebView, thus the old patch (same as yours) would leave those two use-cases uncovered. The only extra information that I have verified exposes is the local IP address (LAN), see this comment. @thestinger would you know how to set the default preferences also for CCTs and the SystemWebView (or any other preferences set which may exist)? |
Maybe it can be set in |
That looks like the set of blink-specific preferences, it is a very small set compared to the browser/user preferences/settings. It might even be possible that the preferences we are looking for live outside Chromium, somehow, since apps might set/define them for Custom Content Tabs. |
The fallback causing |
Something like this would work and wouldn't require hard-wiring different values for the 'default' setting which is meant to have everything enabled: diff --git a/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc b/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
index 15929f4ae020..4ad46c6bf38c 100644
--- a/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
+++ b/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
@@ -82,7 +82,9 @@ WebRTCIPHandlingPolicy GetWebRTCIPHandlingPolicy(const String& preference) {
return DEFAULT_PUBLIC_INTERFACE_ONLY;
if (preference == kWebRTCIPHandlingDisableNonProxiedUdp)
return DISABLE_NON_PROXIED_UDP;
- return DEFAULT;
+ if (preference == kWebRTCIPHandlingDefault)
+ return DEFAULT;
+ return DISABLE_NON_PROXIED_UDP;
}
bool IsValidPortRange(uint16_t min_port, uint16_t max_port) { That way, only having it explicitly set to that option would trigger that case. This will work unless something is actually explicitly setting it to that, and that doesn't seem to be what's happening. I think what's happening is the preference is just not being set so it falls through. |
I think so too, it is a default. I had seen that switch-like block in The change you proposed can be tested relatively easily thanks to the I am however hesitant to change the patch in any direction until I understand better how preferences work for Custom Content Tabs and the SystemWebView; on a side topic: other preferences whose default we are changing are also reverting to default for these 2 use cases, which is a bit concerning. |
From #553:
An update related to most recent v100. ChromiumVanilla Chromium behaviour currently is: Regular tabs
CCTs
Support/LeaksFor both regular tabs and CCTs:
This has not changed recently in upstream Chromium, I am summarising it here for reference. BromiteRegular tabs
CCTs
Support/LeaksFor both regular tabs and CCTs:
ConclusionI made a summary here of how it works in Chromium and what Bromite changes here: https://github.com/bromite/bromite/wiki/WebRTC @thestinger after some tests and changes I believe that now the patch is behaving as you suggested and it is less invasive; functionality is still not working as expected because of the disabled non-proxied UDP, but that is on purpose in Bromite. With the introduction of an user setting it will be possible for users to control this as they please while the defaults in Bromite stays non-leaking: #1965 |
I don’t understand why you’re explicitly adding a case for kDefault when it’s the only remaining case. All the other cases are listed directly above… |
Ah, I hadn't read the thread fully. it's weird that the preference isn't being passed to GetWebRTCIPHandlingPolicy but it's possible for you to just eliminate the duplicate check for kWebRTCIPHandlingDisableNonProxiedUdp. |
Which duplicate check? |
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
Prevent leaks of local IP address and public IP address (when using VPN) See also: * bromite/bromite#553 * bromite/bromite#589 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html Change-Id: Ie7785ef845eb357c826f52593efe980d983b682e
The patch in question:
https://github.com/bromite/bromite/blob/master/build/patches/Change-default-webRTC-policy-to-not-use-any-address.patch
The
kWebRTCMultipleRoutesEnabled
andkWebRTCNonProxiedUdpEnabled
preferences are obsolete legacy options replaced bykWebRTCIPHandlingPolicy
. Those shouldn't be used anymore and were supposed to be removed by now.The changes to the
DEFAULT
case in the current patch are changing how the non-restricted IP handling policy works rather than enabling a restricted IP handling policy by default.This is a better approach using the existing option:
The text was updated successfully, but these errors were encountered: