ICE mode 2 implementation on dual stack configurations is prone to fail
Categories
(Core :: WebRTC: Networking, defect, P3)
Tracking
()
People
(Reporter: lgrahl, Assigned: mjf)
References
Details
(Whiteboard: [wfh])
Attachments
(1 file)
The current ICE mode 2 implementation (aka gather default interface addresses) often leads to ICE failures or unnecessary bad connections on dual stack configurations.
When a website has been received via IPv6, only the IPv6 address of the default interface is being used. This breaks host-to-host connections that would have been possible via IPv4. In addition to that, it lets ICE fail completely when STUN/TURN servers are not reachable by IPv6.
The same applies to IPv4: When a website has been received via IPv4, only the IPv4 address of the default interface is being used. This breaks host-to-host connections that would have been possible via IPv6. In addition to that, it lets ICE fail completely when STUN/TURN servers are not reachable by IPv4.
The current implementation violates draft-ietf-rtcweb-ip-handling sec 5.2:
Once an interface has been chosen, the private IPv4
and IPv6 addresses associated with this interface MUST be
discovered and provided to the application. This ensures
that direct connections can still be established in this
mode.
Proposed solution: Resolve the interface that shipped the website and gather all addresses of that interface.
Background: For Threema Web, we have removed AAAA records for our STUN/TURN servers as part of an optimisation. Due to this, if our website has been shipped via IPv6, Firefox refuses to contact our TURN servers even though it is perfectly capable to do so. While investigating, we found out the above mentioned behaviour.
|
||
Comment 1•5 years ago
|
||
Thanks for the report. Right now, we are indeed simply using the IP address the origin was loaded with. I agree that we should be attempting to take that IP address, find its interface, and obtain the rest of the addresses on it.
|
||
Comment 2•5 years ago
|
||
If I remember correctly, I ran into this while testing some stuff out before Christmas. As far as I can tell, this changed with Bug 1506219, which added code here [1] that only checks for ipv4 or ipv6. For the site I was testing, we were hitting the top branch of the if statement and only getting one of ipv4 or ipv6.
|
|
||
Comment 3•5 years ago
|
||
|
|
||
Comment 4•5 years ago
|
||
So now, we just ask "What did we use to load this origin?", and don't try to interrogate the networking code at all.
|
||
Comment 5•5 years ago
|
||
FWIW: We regard this as a serious bug and as a company running on WebRTC, it's a reason for us to tell our users to move to another browser for their WebRTC applications. It would be great to get this fixed asap. Thanks.
|
||
Comment 6•5 years ago
|
||
Byron: does that mean that this is fixed?
|
|
||
Comment 7•5 years ago
|
||
No. Right now, if we have a network interface with multiple IP addresses on it (eg; a V4 and V6), and we load an origin with the V4 address, we do not gather the V6 address from the same interface. We need some way of asking necko "What interface was this origin loaded with, and what are the IP addresses associated with this interface?"
|
|
||
Comment 8•5 years ago
|
||
I guess we could also do this down in nICEr...
|
Assignee | |
Comment 9•5 years ago
|
||
My plan is to start looking at this later today.
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 10•5 years ago
|
||
|
||
Comment 11•5 years ago
|
||
|
||
Comment 12•5 years ago
|
||
| bugherder | ||
|
||
Comment 13•5 years ago
|
||
Since the status are different for nightly and release, what's the status for beta?
For more information, please visit auto_nag documentation.
|
||
Updated•5 years ago
|
Description
•