зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1554976 - Add plumbing to enable/disable host address obfuscation; r=mjf
This only enables mDNS on OS X for now. Some versions of Windows lack mDNS support, there are some oddities with resolving IPv6 addresses on Linux, and Android has not yet been tested. All of these will be addressed in follow on bugs. Differential Revision: https://phabricator.services.mozilla.com/D38496 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Dan Minor
Родитель
d467f3a90a
Коммит
2da923ff0b
|
|
@ -33,7 +33,8 @@ class MediaTransportParent : public dom::PMediaTransportParent {
|
|||
mozilla::ipc::IPCResult RecvSetTargetForDefaultLocalAddressLookup(
|
||||
const string& targetIp, uint16_t targetPort);
|
||||
mozilla::ipc::IPCResult RecvStartIceGathering(
|
||||
const bool& defaultRouteOnly, const net::NrIceStunAddrArray& stunAddrs);
|
||||
const bool& defaultRouteOnly, const bool& obfuscateAddresses,
|
||||
const net::NrIceStunAddrArray& stunAddrs);
|
||||
mozilla::ipc::IPCResult RecvActivateTransport(
|
||||
const string& transportId, const string& localUfrag,
|
||||
const string& localPwd, const int& componentCount,
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@ parent:
|
|||
uint16_t targetPort);
|
||||
|
||||
async StartIceGathering(bool defaultRouteOnly,
|
||||
bool obfuscateHostAddresses,
|
||||
NrIceStunAddrArray stunAddrs);
|
||||
|
||||
async ActivateTransport(string transportId,
|
||||
|
|
|
|||
|
|
@ -276,7 +276,8 @@ NrIceCtx::NrIceCtx(const std::string& name, Policy policy)
|
|||
policy_(policy),
|
||||
nat_(nullptr),
|
||||
proxy_config_(nullptr),
|
||||
proxy_only_(false) {}
|
||||
proxy_only_(false),
|
||||
obfuscate_host_addresses_(false) {}
|
||||
|
||||
/* static */
|
||||
RefPtr<NrIceCtx> NrIceCtx::Create(const std::string& name, bool allow_loopback,
|
||||
|
|
@ -863,9 +864,12 @@ void NrIceCtx::SetCtxFlags(bool default_route_only, bool proxy_only) {
|
|||
}
|
||||
}
|
||||
|
||||
nsresult NrIceCtx::StartGathering(bool default_route_only, bool proxy_only) {
|
||||
nsresult NrIceCtx::StartGathering(bool default_route_only, bool proxy_only,
|
||||
bool obfuscate_host_addresses) {
|
||||
ASSERT_ON_THREAD(sts_target_);
|
||||
|
||||
obfuscate_host_addresses_ = obfuscate_host_addresses;
|
||||
|
||||
SetGatheringState(ICE_CTX_GATHER_STARTED);
|
||||
|
||||
SetCtxFlags(default_route_only, proxy_only);
|
||||
|
|
@ -1042,7 +1046,7 @@ void NrIceCtx::SetGatheringState(GatheringState state) {
|
|||
void NrIceCtx::GenerateObfuscatedAddress(nr_ice_candidate* candidate,
|
||||
std::string* mdns_address,
|
||||
std::string* actual_address) {
|
||||
if (candidate->type == HOST) {
|
||||
if (candidate->type == HOST && obfuscate_host_addresses_) {
|
||||
int r;
|
||||
char addr[64];
|
||||
if ((r = nr_transport_addr_get_addrstring(&candidate->addr, addr,
|
||||
|
|
|
|||
|
|
@ -311,7 +311,8 @@ class NrIceCtx {
|
|||
bool proxy_only() const { return proxy_only_; }
|
||||
|
||||
// Start ICE gathering
|
||||
nsresult StartGathering(bool default_route_only, bool proxy_only);
|
||||
nsresult StartGathering(bool default_route_only, bool proxy_only,
|
||||
bool obfuscate_host_addresses);
|
||||
|
||||
// Start checking
|
||||
nsresult StartChecks();
|
||||
|
|
@ -395,6 +396,7 @@ class NrIceCtx {
|
|||
RefPtr<TestNat> nat_;
|
||||
std::shared_ptr<NrSocketProxyConfig> proxy_config_;
|
||||
bool proxy_only_;
|
||||
bool obfuscate_host_addresses_;
|
||||
std::map<std::string, std::string> obfuscated_host_addresses_;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -537,7 +537,7 @@ class IceTestPeer : public sigslot::has_slots<> {
|
|||
|
||||
test_utils_->sts_target()->Dispatch(
|
||||
WrapRunnableRet(&res, ice_ctx_, &NrIceCtx::StartGathering,
|
||||
default_route_only, false),
|
||||
default_route_only, false, false),
|
||||
NS_DISPATCH_SYNC);
|
||||
|
||||
ASSERT_TRUE(NS_SUCCEEDED(res));
|
||||
|
|
|
|||
|
|
@ -619,7 +619,7 @@ class TransportTestPeer : public sigslot::has_slots<> {
|
|||
|
||||
// Start gathering
|
||||
test_utils_->sts_target()->Dispatch(
|
||||
WrapRunnableRet(&res, ice_ctx_, &NrIceCtx::StartGathering, false,
|
||||
WrapRunnableRet(&res, ice_ctx_, &NrIceCtx::StartGathering, false, false,
|
||||
false),
|
||||
NS_DISPATCH_SYNC);
|
||||
ASSERT_TRUE(NS_SUCCEEDED(res));
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@ class LoopbackTransport : public MediaTransportHandler {
|
|||
// capture permissions have been granted on the window, which could easily
|
||||
// change between Init (ie; when the PC is created) and StartIceGathering
|
||||
// (ie; when we set the local description).
|
||||
void StartIceGathering(bool aDefaultRouteOnly,
|
||||
void StartIceGathering(bool aDefaultRouteOnly, bool aObfuscateAddresses,
|
||||
// TODO: It probably makes sense to look
|
||||
// this up internally
|
||||
const nsTArray<NrIceStunAddr>& aStunAddrs) override {}
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ class MediaTransportHandlerSTS : public MediaTransportHandler,
|
|||
// capture permissions have been granted on the window, which could easily
|
||||
// change between Init (ie; when the PC is created) and StartIceGathering
|
||||
// (ie; when we set the local description).
|
||||
void StartIceGathering(bool aDefaultRouteOnly,
|
||||
void StartIceGathering(bool aDefaultRouteOnly, bool aObfuscateHostAddresses,
|
||||
// This will go away once mtransport moves to its
|
||||
// own process, because we won't need to get this
|
||||
// via IPC anymore
|
||||
|
|
@ -657,7 +657,8 @@ void MediaTransportHandlerSTS::SetTargetForDefaultLocalAddressLookup(
|
|||
}
|
||||
|
||||
void MediaTransportHandlerSTS::StartIceGathering(
|
||||
bool aDefaultRouteOnly, const nsTArray<NrIceStunAddr>& aStunAddrs) {
|
||||
bool aDefaultRouteOnly, bool aObfuscateHostAddresses,
|
||||
const nsTArray<NrIceStunAddr>& aStunAddrs) {
|
||||
mInitPromise->Then(
|
||||
mStsThread, __func__,
|
||||
[=, self = RefPtr<MediaTransportHandlerSTS>(this)]() {
|
||||
|
|
@ -677,7 +678,8 @@ void MediaTransportHandlerSTS::StartIceGathering(
|
|||
|
||||
// Start gathering, but only if there are streams
|
||||
if (!mIceCtx->GetStreams().empty()) {
|
||||
mIceCtx->StartGathering(aDefaultRouteOnly, mProxyOnly);
|
||||
mIceCtx->StartGathering(aDefaultRouteOnly, mProxyOnly,
|
||||
aObfuscateHostAddresses);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -86,6 +86,7 @@ class MediaTransportHandler {
|
|||
// change between Init (ie; when the PC is created) and StartIceGathering
|
||||
// (ie; when we set the local description).
|
||||
virtual void StartIceGathering(bool aDefaultRouteOnly,
|
||||
bool aObfuscateHostAddresses,
|
||||
// TODO: It probably makes sense to look
|
||||
// this up internally
|
||||
const nsTArray<NrIceStunAddr>& aStunAddrs) = 0;
|
||||
|
|
|
|||
|
|
@ -209,14 +209,15 @@ void MediaTransportHandlerIPC::SetTargetForDefaultLocalAddressLookup(
|
|||
// change between Init (ie; when the PC is created) and StartIceGathering
|
||||
// (ie; when we set the local description).
|
||||
void MediaTransportHandlerIPC::StartIceGathering(
|
||||
bool aDefaultRouteOnly,
|
||||
bool aDefaultRouteOnly, bool aObfuscateHostAddresses,
|
||||
// TODO(bug 1522205): It probably makes sense to look this up internally
|
||||
const nsTArray<NrIceStunAddr>& aStunAddrs) {
|
||||
mInitPromise->Then(
|
||||
mCallbackThread, __func__,
|
||||
[=, self = RefPtr<MediaTransportHandlerIPC>(this)](bool /*dummy*/) {
|
||||
if (mChild) {
|
||||
mChild->SendStartIceGathering(aDefaultRouteOnly, aStunAddrs);
|
||||
mChild->SendStartIceGathering(aDefaultRouteOnly,
|
||||
aObfuscateHostAddresses, aStunAddrs);
|
||||
}
|
||||
},
|
||||
[](const nsCString& aError) {});
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ class MediaTransportHandlerIPC : public MediaTransportHandler {
|
|||
// capture permissions have been granted on the window, which could easily
|
||||
// change between Init (ie; when the PC is created) and StartIceGathering
|
||||
// (ie; when we set the local description).
|
||||
void StartIceGathering(bool aDefaultRouteOnly,
|
||||
void StartIceGathering(bool aDefaultRouteOnly, bool aObfuscateHostAddresses,
|
||||
// TODO: It probably makes sense to look
|
||||
// this up internally
|
||||
const nsTArray<NrIceStunAddr>& aStunAddrs) override;
|
||||
|
|
|
|||
|
|
@ -158,8 +158,10 @@ MediaTransportParent::RecvSetTargetForDefaultLocalAddressLookup(
|
|||
}
|
||||
|
||||
mozilla::ipc::IPCResult MediaTransportParent::RecvStartIceGathering(
|
||||
const bool& defaultRouteOnly, const net::NrIceStunAddrArray& stunAddrs) {
|
||||
mImpl->mHandler->StartIceGathering(defaultRouteOnly, stunAddrs);
|
||||
const bool& defaultRouteOnly, const bool& obfuscateHostAddresses,
|
||||
const net::NrIceStunAddrArray& stunAddrs) {
|
||||
mImpl->mHandler->StartIceGathering(defaultRouteOnly, obfuscateHostAddresses,
|
||||
stunAddrs);
|
||||
return ipc::IPCResult::Ok();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -299,6 +299,18 @@ bool PeerConnectionMedia::GetPrefDefaultAddressOnly() const {
|
|||
return default_address_only;
|
||||
}
|
||||
|
||||
bool PeerConnectionMedia::GetPrefObfuscateHostAddresses() const {
|
||||
ASSERT_ON_THREAD(mMainThread); // will crash on STS thread
|
||||
|
||||
uint64_t winId = mParent->GetWindow()->WindowID();
|
||||
|
||||
bool obfuscate_host_addresses = Preferences::GetBool(
|
||||
"media.peerconnection.ice.obfuscate_host_addresses", false);
|
||||
obfuscate_host_addresses &=
|
||||
!MediaManager::Get()->IsActivelyCapturingOrHasAPermission(winId);
|
||||
return obfuscate_host_addresses;
|
||||
}
|
||||
|
||||
void PeerConnectionMedia::ConnectSignals() {
|
||||
mTransportHandler->SignalGatheringStateChange.connect(
|
||||
this, &PeerConnectionMedia::IceGatheringStateChange_s);
|
||||
|
|
@ -350,7 +362,8 @@ void PeerConnectionMedia::GatherIfReady() {
|
|||
mQueuedIceCtxOperations.clear();
|
||||
nsCOMPtr<nsIRunnable> runnable(WrapRunnable(
|
||||
RefPtr<PeerConnectionMedia>(this),
|
||||
&PeerConnectionMedia::EnsureIceGathering, GetPrefDefaultAddressOnly()));
|
||||
&PeerConnectionMedia::EnsureIceGathering, GetPrefDefaultAddressOnly(),
|
||||
GetPrefObfuscateHostAddresses()));
|
||||
|
||||
PerformOrEnqueueIceCtxOperation(runnable);
|
||||
}
|
||||
|
|
@ -400,7 +413,8 @@ nsresult PeerConnectionMedia::SetTargetForDefaultLocalAddressLookup() {
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
void PeerConnectionMedia::EnsureIceGathering(bool aDefaultRouteOnly) {
|
||||
void PeerConnectionMedia::EnsureIceGathering(bool aDefaultRouteOnly,
|
||||
bool aObfuscateHostAddresses) {
|
||||
if (mProxyConfig) {
|
||||
// Note that this could check if PrivacyRequested() is set on the PC and
|
||||
// remove "webrtc" from the ALPN list. But that would only work if the PC
|
||||
|
|
@ -430,7 +444,8 @@ void PeerConnectionMedia::EnsureIceGathering(bool aDefaultRouteOnly) {
|
|||
return;
|
||||
}
|
||||
|
||||
mTransportHandler->StartIceGathering(aDefaultRouteOnly, mStunAddrs);
|
||||
mTransportHandler->StartIceGathering(aDefaultRouteOnly,
|
||||
aObfuscateHostAddresses, mStunAddrs);
|
||||
}
|
||||
|
||||
void PeerConnectionMedia::SelfDestruct() {
|
||||
|
|
|
|||
|
|
@ -167,9 +167,10 @@ class PeerConnectionMedia : public sigslot::has_slots<> {
|
|||
void FlushIceCtxOperationQueueIfReady();
|
||||
void PerformOrEnqueueIceCtxOperation(nsIRunnable* runnable);
|
||||
nsresult SetTargetForDefaultLocalAddressLookup();
|
||||
void EnsureIceGathering(bool aDefaultRouteOnly);
|
||||
void EnsureIceGathering(bool aDefaultRouteOnly, bool aObfuscateHostAddresses);
|
||||
|
||||
bool GetPrefDefaultAddressOnly() const;
|
||||
bool GetPrefObfuscateHostAddresses() const;
|
||||
|
||||
void ConnectSignals();
|
||||
|
||||
|
|
|
|||
|
|
@ -551,6 +551,7 @@ pref("media.videocontrols.picture-in-picture.video-toggle.always-show", false);
|
|||
pref("media.peerconnection.ice.trickle_grace_period", 5000);
|
||||
pref("media.peerconnection.ice.no_host", false);
|
||||
pref("media.peerconnection.ice.default_address_only", false);
|
||||
pref("media.peerconnection.ice.obfuscate_host_addresses", false);
|
||||
pref("media.peerconnection.ice.proxy_only_if_behind_proxy", false);
|
||||
pref("media.peerconnection.ice.proxy_only", false);
|
||||
pref("media.peerconnection.turn.disable", false);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче