From 2803a0b4b70af9684e05ef5ed3f0c2fbca4b6c93 Mon Sep 17 00:00:00 2001 From: Jakub Adam Date: Wed, 29 Jun 2016 06:40:27 +0000 Subject: ms-ice: limit legacy connchecks as per [MS-ICE2] 3.1.4.8.2 Client should stop sending connectivity checks with legacy FINGERPRINT when it receives a conncheck message containing IMPLEMENTATION-VERSION attribute. Differential Revision: https://phabricator.freedesktop.org/D1139 --- agent/conncheck.c | 4 ++++ stun/stunagent.c | 9 +++++++++ stun/stunagent.h | 1 + 3 files changed, 14 insertions(+) diff --git a/agent/conncheck.c b/agent/conncheck.c index b7ae90a..dda2f2f 100644 --- a/agent/conncheck.c +++ b/agent/conncheck.c @@ -787,6 +787,10 @@ static void ms_ice2_legacy_conncheck_send(StunMessage *msg, NiceSocket *sock, uint16_t fingerprint_len; size_t buffer_len; + if (msg->agent->ms_ice2_send_legacy_connchecks == FALSE) { + return; + } + fingerprint_attr = (uint32_t *)stun_message_find (msg, STUN_ATTRIBUTE_FINGERPRINT, &fingerprint_len); diff --git a/stun/stunagent.c b/stun/stunagent.c index cd97684..52890b5 100644 --- a/stun/stunagent.c +++ b/stun/stunagent.c @@ -62,6 +62,8 @@ void stun_agent_init (StunAgent *agent, const uint16_t *known_attributes, agent->compatibility = compatibility; agent->usage_flags = usage_flags; agent->software_attribute = NULL; + agent->ms_ice2_send_legacy_connchecks = + compatibility == STUN_COMPATIBILITY_MSICE2; for (i = 0; i < STUN_AGENT_MAX_SAVED_IDS; i++) { agent->sent_ids[i].valid = FALSE; @@ -148,6 +150,7 @@ StunValidationStatus stun_agent_validate (StunAgent *agent, StunMessage *msg, uint8_t *hash; uint8_t sha[20]; uint16_t hlen; + uint32_t implementation_version; int sent_id_idx = -1; uint16_t unknown; int error_code; @@ -335,6 +338,12 @@ StunValidationStatus stun_agent_validate (StunAgent *agent, StunMessage *msg, agent->sent_ids[sent_id_idx].valid = FALSE; } + /* [MS-ICE2] 3.1.4.8.2 stop sending additional connectivity checks */ + if (stun_message_find32(msg, STUN_ATTRIBUTE_MS_IMPLEMENTATION_VERSION, + &implementation_version) == STUN_MESSAGE_RETURN_SUCCESS) { + msg->agent->ms_ice2_send_legacy_connchecks = FALSE; + } + if (stun_agent_find_unknowns (agent, msg, &unknown, 1) > 0) { if (stun_message_get_class (msg) == STUN_REQUEST) return STUN_VALIDATION_UNKNOWN_REQUEST_ATTRIBUTE; diff --git a/stun/stunagent.h b/stun/stunagent.h index 56587a6..aabe299 100644 --- a/stun/stunagent.h +++ b/stun/stunagent.h @@ -203,6 +203,7 @@ struct stun_agent_t { uint16_t *known_attributes; StunAgentUsageFlags usage_flags; const char *software_attribute; + bool ms_ice2_send_legacy_connchecks; }; /** -- cgit v1.2.1