Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] ip address obfuscation #81

Merged
merged 3 commits into from
May 23, 2016
Merged

[WIP] ip address obfuscation #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8ece744
ip address obfuscation
fippo May 22, 2016
7bddd82
obfuscate in sdp
fippo May 22, 2016
ddf71ff
obfuscate ip addresses in getStats
fippo May 22, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions app.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ var config = require('config');
var uuid = require('uuid');
var statsMangler = require('./getstats-mangle');
var statsDecompressor = require('./getstats-deltacompression').decompress;
var obfuscate = require('./obfuscator');
var express = require('express');

var Store = require('./store')({
Expand Down Expand Up @@ -126,6 +127,7 @@ function run(keys) {
});
break;
default:
obfuscate(data);
if (!db[referer][clientid].peerConnections[data[1]]) {
db[referer][clientid].peerConnections[data[1]] = [];
baseStats[data[1]] = {};
Expand Down
96 changes: 96 additions & 0 deletions obfuscator.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
// obfuscate ip addresses which should not be stored long-term.

var SDPUtils = require('sdp');

// obfuscate ip, keeping address family intact.
function obfuscateIP(ip) {
if (ip.indexOf('[') === 0) { // IPv6
return '::1';
}
if (ip.indexOf('192.168.') === 0) {
return '192.168.x.x';
} else if (ip.indexOf('172.16.') === 0) {
return '172.16.x.x';
} else if (ip.indexOf('10.') === 0) {
return '10.x.x.x';
} else {
return '0.0.0.0';
}
}

// obfuscate the ip in ice candidates. Does NOT obfuscate the ip of the TURN server to allow
// selecting/grouping sessions by TURN server.
function obfuscateCandidate(candidate) {
var cand = SDPUtils.parseCandidate(candidate);
if (cand.type !== 'relay') {
cand.ip = obfuscateIP(cand.ip);
}
if (cand.relatedAddress) {
cand.relatedAddress = obfuscateIP(cand.relatedAddress);
}
return SDPUtils.writeCandidate(cand);
}

function obfuscateSDP(sdp) {
var lines = SDPUtils.splitLines(sdp);
return lines.map(function(line) {
// obfuscate a=candidate, c= and a=rtcp
if (line.indexOf('a=candidate:') === 0) {
return obfuscateCandidate(line);
} else if (line.indexOf('c=') === 0) {
return 'c=IN IP4 0.0.0.0';
} else if (line.indexOf('a=rtcp:') === 0) {
return 'a=rtcp:9 IN IP4 0.0.0.0';
} else {
return line;
}
}).join('\r\n').trim() + '\r\n';
}

function obfuscateStats(stats) {
Object.keys(stats).forEach(function(id) {
var report = stats[id];
if (report.ipAddress) {
report.ipAddress = obfuscateIP(report.ipAddress);
}
['googLocalAddress', 'googRemoteAddress'].forEach(function(name) {
// contains both address and port
var port;
if (report[name]) {
if (report[name][0] === '[') {
port = report[name].substr(report[name].indexOf(']') + 2);
} else {
port = report[name].substr(report[name].indexOf(':') + 1);
}
report[name] = obfuscateIP(report[name]) + ':' + port;
}
});
});
}

module.exports = function(data) {
switch(data[0]) {
case 'addIceCandidate':
case 'onicecandidate':
if (data[2] && data[2].candidate) {
data[2].candidate = obfuscateCandidate(data[2].candidate);
}
break;
case 'setLocalDescription':
case 'setRemoteDescription':
case 'createOfferOnSuccess':
case 'createAnswerOnSuccess':
if (data[2] && data[2].sdp) {
data[2].sdp = obfuscateSDP(data[2].sdp);
}
break;
case 'getStats':
case 'getstats':
if (data[2]) {
obfuscateStats(data[2]);
}
break;
default:
break;
}
};
1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
"pg": "^4.4.6",
"pg-promise": "^3.2.3",
"platform": "^1.3.1",
"sdp": "^1.0.0",
"uuid": "^2.0.1",
"ws": "^0.8.1"
},
Expand Down
6 changes: 3 additions & 3 deletions test/clienttest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@
"time": "2016-01-28T18:24:20.304Z",
"type": "onicecandidate",
"value": {
"candidate": "candidate:1608896916 1 udp 2122194687 10.1.5.92 47183 typ host generation 0",
"candidate": "candidate:1608896916 1 udp 2122194687 10.1.5.92 47183 typ srflx raddr 1.2.3.4 rport 47183 generation 0",
"sdpMid": "audio",
"sdpMLineIndex": 0
}
Expand All @@ -107,7 +107,7 @@
"time": "2016-01-28T18:24:20.308Z",
"type": "onicecandidate",
"value": {
"candidate": "candidate:211962667 2 udp 2122260222 10.0.3.1 52923 typ host generation 0",
"candidate": "candidate:211962667 2 udp 2122260222 10.0.3.1 52923 typ relay raddr 1.2.3.4 rport 52923 generation 0",
"sdpMid": "audio",
"sdpMLineIndex": 0
}
Expand Down Expand Up @@ -11168,4 +11168,4 @@
}
]
}
}
}