ms-ice: limit legacy connchecks as per [MS-ICE2] 3.1.4.8.2

Client should stop sending connectivity checks with legacy FINGERPRINT
when it receives a conncheck message containing IMPLEMENTATION-VERSION
attribute.

Differential Revision: https://phabricator.freedesktop.org/D1139

2 files changed, 10 insertions, 0 deletions

diff --git a/stun/stunagent.c b/stun/stunagent.c
index cd97684..52890b5 100644
--- a/stun/stunagent.c
+++ b/stun/stunagent.c
@@ -62,6 +62,8 @@ void stun_agent_init (StunAgent *agent, const uint16_t *known_attributes,
   agent->compatibility = compatibility;
   agent->usage_flags = usage_flags;
   agent->software_attribute = NULL;
+  agent->ms_ice2_send_legacy_connchecks =
+      compatibility == STUN_COMPATIBILITY_MSICE2;
 
   for (i = 0; i < STUN_AGENT_MAX_SAVED_IDS; i++) {
     agent->sent_ids[i].valid = FALSE;
@@ -148,6 +150,7 @@ StunValidationStatus stun_agent_validate (StunAgent *agent, StunMessage *msg,
   uint8_t *hash;
   uint8_t sha[20];
   uint16_t hlen;
+  uint32_t implementation_version;
   int sent_id_idx = -1;
   uint16_t unknown;
   int error_code;
@@ -335,6 +338,12 @@ StunValidationStatus stun_agent_validate (StunAgent *agent, StunMessage *msg,
     agent->sent_ids[sent_id_idx].valid = FALSE;
   }
 
+  /* [MS-ICE2] 3.1.4.8.2 stop sending additional connectivity checks */
+  if (stun_message_find32(msg, STUN_ATTRIBUTE_MS_IMPLEMENTATION_VERSION,
+      &implementation_version) == STUN_MESSAGE_RETURN_SUCCESS) {
+    msg->agent->ms_ice2_send_legacy_connchecks = FALSE;
+  }
+
   if (stun_agent_find_unknowns (agent, msg, &unknown, 1) > 0) {
     if (stun_message_get_class (msg) == STUN_REQUEST)
       return STUN_VALIDATION_UNKNOWN_REQUEST_ATTRIBUTE;
diff --git a/stun/stunagent.h b/stun/stunagent.h
index 56587a6..aabe299 100644
--- a/stun/stunagent.h
+++ b/stun/stunagent.h
@@ -203,6 +203,7 @@ struct stun_agent_t {
   uint16_t *known_attributes;
   StunAgentUsageFlags usage_flags;
   const char *software_attribute;
+  bool ms_ice2_send_legacy_connchecks;
 };
 
 /**