diff options
| author | Jakub Adam <jakub.adam@ktknet.cz> | 2016-06-29 06:40:27 +0000 |
|---|---|---|
| committer | Olivier CrĂȘte <olivier.crete@collabora.com> | 2016-10-26 17:50:38 -0400 |
| commit | 2803a0b4b70af9684e05ef5ed3f0c2fbca4b6c93 (patch) | |
| tree | 869ba84d16f83b0e69b64a91b5c74026e4ac14d5 | |
| parent | 7e5ab23cbb7b2d1e4023a8016abf4793e9606bbb (diff) | |
| download | libnice-2803a0b4b70af9684e05ef5ed3f0c2fbca4b6c93.tar.gz | |
ms-ice: limit legacy connchecks as per [MS-ICE2] 3.1.4.8.2
Client should stop sending connectivity checks with legacy FINGERPRINT
when it receives a conncheck message containing IMPLEMENTATION-VERSION
attribute.
Differential Revision: https://phabricator.freedesktop.org/D1139
| -rw-r--r-- | agent/conncheck.c | 4 | ||||
| -rw-r--r-- | stun/stunagent.c | 9 | ||||
| -rw-r--r-- | stun/stunagent.h | 1 |
3 files changed, 14 insertions, 0 deletions
diff --git a/agent/conncheck.c b/agent/conncheck.c index b7ae90a..dda2f2f 100644 --- a/agent/conncheck.c +++ b/agent/conncheck.c @@ -787,6 +787,10 @@ static void ms_ice2_legacy_conncheck_send(StunMessage *msg, NiceSocket *sock, uint16_t fingerprint_len; size_t buffer_len; + if (msg->agent->ms_ice2_send_legacy_connchecks == FALSE) { + return; + } + fingerprint_attr = (uint32_t *)stun_message_find (msg, STUN_ATTRIBUTE_FINGERPRINT, &fingerprint_len); diff --git a/stun/stunagent.c b/stun/stunagent.c index cd97684..52890b5 100644 --- a/stun/stunagent.c +++ b/stun/stunagent.c @@ -62,6 +62,8 @@ void stun_agent_init (StunAgent *agent, const uint16_t *known_attributes, agent->compatibility = compatibility; agent->usage_flags = usage_flags; agent->software_attribute = NULL; + agent->ms_ice2_send_legacy_connchecks = + compatibility == STUN_COMPATIBILITY_MSICE2; for (i = 0; i < STUN_AGENT_MAX_SAVED_IDS; i++) { agent->sent_ids[i].valid = FALSE; @@ -148,6 +150,7 @@ StunValidationStatus stun_agent_validate (StunAgent *agent, StunMessage *msg, uint8_t *hash; uint8_t sha[20]; uint16_t hlen; + uint32_t implementation_version; int sent_id_idx = -1; uint16_t unknown; int error_code; @@ -335,6 +338,12 @@ StunValidationStatus stun_agent_validate (StunAgent *agent, StunMessage *msg, agent->sent_ids[sent_id_idx].valid = FALSE; } + /* [MS-ICE2] 3.1.4.8.2 stop sending additional connectivity checks */ + if (stun_message_find32(msg, STUN_ATTRIBUTE_MS_IMPLEMENTATION_VERSION, + &implementation_version) == STUN_MESSAGE_RETURN_SUCCESS) { + msg->agent->ms_ice2_send_legacy_connchecks = FALSE; + } + if (stun_agent_find_unknowns (agent, msg, &unknown, 1) > 0) { if (stun_message_get_class (msg) == STUN_REQUEST) return STUN_VALIDATION_UNKNOWN_REQUEST_ATTRIBUTE; diff --git a/stun/stunagent.h b/stun/stunagent.h index 56587a6..aabe299 100644 --- a/stun/stunagent.h +++ b/stun/stunagent.h @@ -203,6 +203,7 @@ struct stun_agent_t { uint16_t *known_attributes; StunAgentUsageFlags usage_flags; const char *software_attribute; + bool ms_ice2_send_legacy_connchecks; }; /** |