Attachment #660318 - Attachment description: Patch 2: nICEr; ICE stack → Patch 2: nICEr; ICE stack; This is an import with a small number of changes that we plan to upstream.

Randell Jesup [:jesup] (needinfo me)

Comment 6

•

12 years ago

Bug 766689 has the licensing patch, r+'d by gerv

Depends on: 766689

Jason Smith [:jsmith]

•

12 years ago

Comment on attachment 660321 [details] [diff] [review] Patch 4: Generic media transport subsystem with modules for ICE and DTLS r? Josh for networking (please redirect to other network peers as appropriate if you aren't comfortable doing it - biesi, mcmanus?) r? ted for makefiles in here. One in particular you'll want to look at (see my review) r? bsmith for transportlayerdtls.*

Attachment #660321 - Flags: review?(ted.mielczarek)

Attachment #660321 - Flags: review?(joshmoz)

Attachment #660321 - Flags: review?(bsmith)

•

12 years ago

Comment on attachment 660317 [details] [diff] [review] Patch 1: Import nrappkit; generic application development kit/portable runtime; Dependency for nICEr. This is an import with a small number of changes that will be upstreamed soon. Review of attachment 660317 [details] [diff] [review]: ----------------------------------------------------------------- I'm not thrilled about importing yet another platform abstraction library, but at least this one is fairly lightweight. Why is there a version of queue.h for each platform? They look the same. How much of this are we actually going to use? For example, are we actually going to be spawning the registry daemon?

Eric Rescorla (:ekr)

Assignee

Comment 13

•

12 years ago

(In reply to Robert O'Callahan (:roc) (Mozilla Corporation) from comment #12) > I'm not thrilled about importing yet another platform abstraction library, > but at least this one is fairly lightweight. Me neither, but rewriting nICEr to use an existing abstraction seemed even worse. > Why is there a version of queue.h for each platform? They look the same. They are. It's an artifact of our portability system. Originally this code ran on bsd which didn't need it, so this is how it gets filled in for other platforms. > How much of this are we actually going to use? For example, are we actually > going to be spawning the registry daemon? I have tried to remove things which are not needed. For instance registryd is not included, unless I screwed up.

Robert O'Callahan (:roc) (email my personal email if necessary)

Comment 14

•

12 years ago

(In reply to Eric Rescorla from comment #13) > > Why is there a version of queue.h for each platform? They look the same. > > They are. It's an artifact of our portability system. Originally this code > ran on bsd which didn't need it, so this is how it gets filled in for > other platforms. Would it be too much to ask to avoid that duplication? > I have tried to remove things which are not needed. For instance registryd > is not > included, unless I screwed up. Ah, I was reading the README, which is now inaccurate. Maybe there should be a separate annex which describes which parts of the README actually apply to our import.

Randell Jesup [:jesup] (needinfo me)

•

12 years ago

(In reply to Robert O'Callahan (:roc) (Mozilla Corporation) from comment #14) > (In reply to Eric Rescorla from comment #13) > > > Why is there a version of queue.h for each platform? They look the same. > > > > They are. It's an artifact of our portability system. Originally this code > > ran on bsd which didn't need it, so this is how it gets filled in for > > other platforms. > > Would it be too much to ask to avoid that duplication? No, I can probably fix it. > > I have tried to remove things which are not needed. For instance registryd > > is not > > included, unless I screwed up. > > Ah, I was reading the README, which is now inaccurate. Maybe there should be > a separate annex which describes which parts of the README actually apply to > our import. I could write something here.

Christian :Biesinger (don't email me, ping me on IRC)

Comment 18

•

12 years ago

Comment on attachment 660318 [details] [diff] [review] Patch 2: nICEr; ICE stack; This is an import with a small number of changes that we plan to upstream. Review of attachment 660318 [details] [diff] [review]: ----------------------------------------------------------------- Please, please, add a README file describing where this library is coming from. With a name like that this is literally impossible to google for (I failed). Also, please add a .diff file for the changes you made relative to upstream; as it is, it's impossible to tell (especially since it's unclear which version you imported). ::: media/mtransport/third_party/nICEr/nicer.gyp @@ +209,5 @@ > + ] > + }] > +} > + > +# gcc -g -c -o ice_candidate.d /Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/ice_candidate.c -MM -MG -DUSE_TURN -DDARWIN -DHAVE_SIN_LEN -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../net/ -DUSE_ICE -DUSE_RFC_3489_BACKWARDS_COMPATIBLE -DUSE_STUND_0_96 -DUSE_STUN_PEDANTIC -DUSE_TURN -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../stun/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../util/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../crypto/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/test/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../net/test/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../stun/test/ -g -Werror -Wall -Wno-parentheses -DHAVE_STRDUP -D__UNUSED__="__attribute__((unused))" -Drestrict=__restrict__ -I../../../../nrappkit/src/make/darwin -I../../../../nrappkit//src/util -I../../../../nrappkit//src/util/libekr -I../../../../nrappkit//src/port/darwin/include -I../../../../nrappkit//src/share -I../../../../nrappkit//src/registry -I../../../../nrappkit//src/stats -DOPENSSL -I../../../../openssl-0.9.8g/include -DSANITY_CHECKS What's up with this comment and the ones below? To clarify, this gyp file is written by you, it doesn't come from upstream?

Attachment #660318 - Flags: review?(cbiesinger) → review-

Eric Rescorla (:ekr)

Assignee

Comment 19

•

12 years ago

(In reply to Christian :Biesinger (don't email me, ping me on IRC) from comment #18) > Comment on attachment 660318 [details] [diff] [review] > Patch 2: nICEr; ICE stack; This is an import with a small number of changes > that we plan to upstream. > > Review of attachment 660318 [details] [diff] [review]: > ----------------------------------------------------------------- > > Please, please, add a README file describing where this library is coming > from. With a name like that this is literally impossible to google for (I > failed). I can do that. > Also, please add a .diff file for the changes you made relative to > upstream; as it is, it's impossible to tell (especially since it's unclear > which version you imported). My plan was to push the changes upstream. Is a .diff really helpful in that case? > ::: media/mtransport/third_party/nICEr/nicer.gyp > @@ +209,5 @@ > > + ] > > + }] > > +} > > + > > +# gcc -g -c -o ice_candidate.d /Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/ice_candidate.c -MM -MG -DUSE_TURN -DDARWIN -DHAVE_SIN_LEN -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../net/ -DUSE_ICE -DUSE_RFC_3489_BACKWARDS_COMPATIBLE -DUSE_STUND_0_96 -DUSE_STUN_PEDANTIC -DUSE_TURN -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../stun/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../util/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../crypto/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/test/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../net/test/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../stun/test/ -g -Werror -Wall -Wno-parentheses -DHAVE_STRDUP -D__UNUSED__="__attribute__((unused))" -Drestrict=__restrict__ -I../../../../nrappkit/src/make/darwin -I../../../../nrappkit//src/util -I../../../../nrappkit//src/util/libekr -I../../../../nrappkit//src/port/darwin/include -I../../../../nrappkit//src/share -I../../../../nrappkit//src/registry -I../../../../nrappkit//src/stats -DOPENSSL -I../../../../openssl-0.9.8g/include -DSANITY_CHECKS > > What's up with this comment and the ones below? They are placeholders from my conversion from make -> gyp. I started by taking a build line + all the sources and gradually moving them into gyp as needed. I guess I didn't clean up. I can do that.

Randell Jesup [:jesup] (needinfo me)

•

12 years ago

Attachment #660317 - Attachment is obsolete: true

Attachment #660317 - Flags: review?(ted.mielczarek)

Attachment #660317 - Flags: review?(roc)

Eric Rescorla (:ekr)

Assignee

Comment 24

•

12 years ago

Attached patch Patch 3: build nICEr and nrappkit (obsolete) — Details — Splinter Review

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #660319 - Attachment is obsolete: true

Attachment #660319 - Flags: review?(ted.mielczarek)

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #661650 - Attachment description: imported patch make_third_party.patch → Patch 3: build nICEr and nrappkit

Eric Rescorla (:ekr)

Assignee

Comment 25

•

12 years ago

(In reply to Eric Rescorla from comment #17) > (In reply to Robert O'Callahan (:roc) (Mozilla Corporation) from comment #14) > > (In reply to Eric Rescorla from comment #13) > > > > Why is there a version of queue.h for each platform? They look the same. > > > > > > They are. It's an artifact of our portability system. Originally this code > > > ran on bsd which didn't need it, so this is how it gets filled in for > > > other platforms. > > > > Would it be too much to ask to avoid that duplication? > > No, I can probably fix it. > > > > > I have tried to remove things which are not needed. For instance registryd > > > is not > > > included, unless I screwed up. > > > > Ah, I was reading the README, which is now inaccurate. Maybe there should be > > a separate annex which describes which parts of the README actually apply to > > our import. > > I could write something here. See revised patch.

Eric Rescorla (:ekr)

Assignee

Comment 26

•

12 years ago

Attached patch Patch 2: nICEr; ICE stack; This is an import with a small number of changes that we plan to upstream. (obsolete) — Details — Splinter Review

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #660318 - Attachment is obsolete: true

Attachment #660318 - Flags: review?(ted.mielczarek)

Eric Rescorla (:ekr)

Assignee

Comment 27

•

12 years ago

Attached patch Changes to nICEr to be upstreamed (obsolete) — Details — Splinter Review

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #661654 - Attachment is patch: true

Eric Rescorla (:ekr)

Assignee

•

12 years ago

Comment on attachment 661653 [details] [diff] [review] Patch 2: nICEr; ICE stack; This is an import with a small number of changes that we plan to upstream. +# gcc -g -c -o ice_candidate.d /Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/ice_candidate.c -MM -MG -DUSE_TURN -DDARWIN -DHAVE_SIN_LEN -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../net/ -DUSE_ICE -DUSE_RFC_3489_BACKWARDS_COMPATIBLE -DUSE_STUND_0_96 -DUSE_STUN_PEDANTIC -DUSE_TURN -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../stun/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../util/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../crypto/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../ice/test/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../net/test/ -I/Users/ekr/dev/alder/media/mtransport/third_party/nICEr/src/make/darwin/../../stun/test/ -g -Werror -Wall -Wno-parentheses -DHAVE_STRDUP -D__UNUSED__="__attribute__((unused))" -Drestrict=__restrict__ -I../../../../nrappkit/src/make/darwin -I../../../../nrappkit//src/util -I../../../../nrappkit//src/util/libekr -I../../../../nrappkit//src/port/darwin/include -I../../../../nrappkit//src/share -I../../../../nrappkit//src/registry -I../../../../nrappkit//src/stats -DOPENSSL -I../../../../openssl-0.9.8g/include -DSANITY_CHECKS + + +# "./src/ice/test/ice_test.c", I thought you were going to remove that +SVN revision 9873 so is it identical to that revision, or does it have a few changes? Sorry to be a pain but I really think that for anyone who may in the future try to match up what's in our tree with upstream, it would be much easier if what we have is either 100% identical or we provide a .diff in our tree to make it so.

Robert O'Callahan (:roc) (email my personal email if necessary)

Comment 37

•

12 years ago

Yeah, we usually store in our tree copies of the patches between upstream and the copy in our tree.

Eric Rescorla (:ekr)

Assignee

Comment 38

•

12 years ago

(In reply to Robert O'Callahan (:roc) (Mozilla Corporation) from comment #37) > Yeah, we usually store in our tree copies of the patches between upstream > and the copy in our tree. OK. I will add patches and re-submit for review.

Eric Rescorla (:ekr)

Assignee

Comment 39

•

12 years ago

Attached patch Patch 2: nICEr; ICE stack; This is an import with a small number of changes that we plan to upstream. — Details — Splinter Review

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #661653 - Attachment is obsolete: true

Attachment #661653 - Flags: review?(cbiesinger)

Eric Rescorla (:ekr)

Assignee

Comment 40

•

12 years ago

Attached patch Patch 1: Import nrappkit; generic application development kit/portable runtime; Dependency for nICEr. This is an import with a small number of changes that will be upstreamed soon. (obsolete) — Details — Splinter Review

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #661649 - Attachment is obsolete: true

Eric Rescorla (:ekr)

Assignee

Updated

•

Comment 43

•

12 years ago

Attached patch Patch 3: build nICEr and nrappkit r=ted (obsolete) — Details — Splinter Review

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #661650 - Attachment is obsolete: true

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Comment 44

•

12 years ago

Comment on attachment 660321 [details] [diff] [review] Patch 4: Generic media transport subsystem with modules for ICE and DTLS Review of attachment 660321 [details] [diff] [review]: ----------------------------------------------------------------- Here's the review of: [+]media/mtransport/dtlsidentity.cpp (new file) Reviewed [+]media/mtransport/dtlsidentity.h (new file) Reviewed [+]media/mtransport/logging.h (new file) Reviewed Still working on transportlayerdtls.cpp and transportlayerdtls.h ::: media/mtransport/dtlsidentity.cpp @@ +17,5 @@ > +// Helper class to avoid having a crapload of if (!NULL) statements at > +// the end to clean up. The way you use this is you instantiate the > +// object as scoped_c_ptr<PtrType> obj(value, destructor); > +// TODO(ekr@rtfm.com): Move this to some generic location > +template <class T> class scoped_c_ptr { Once bug 767241 is reviewed, you can use the types in bug 767241 so that this class is not necessary any more. That can be done in a follow-up. Personally, I would prefer this code to be switched from this Googly style to Mozilla's style (mMember vs member_ and camelCase vs horrible_underscores, return type of a function on a separate line, ns[A][C][Auto]String instead of std::string, "using namespace mozilla"). I'm not a huge fan of the Mozilla style personally, but I think that it is important to be at least consistent with ourselves. Even putting style aside, it is difficult to reason about the edge-case behavior of std::string and other STL containers given that we generally never use them and also that we have non-standard error handling (e.g. no exceptions). I am not going to mention this further during this review because there are more important issues to address first, and the landing shouldn't block on it, but it should be done in a follow-up. Ensure that all lines wrap ~80 characters so that future side-by-side diffs will be easier to review in the future. Also, I won't point out issues like trailing whitespace that Splinter points out on its own. @@ +42,5 @@ > + void (*d_)(T *); > +}; > + > +// Auto-generate an identity based on name=name > +mozilla::RefPtr<DtlsIdentity> DtlsIdentity::Generate(const std::string name) { At this point, how do you know that NSS has been initialized and that it hasn't been shut down? It seems like, at a minimum, you must implement the nsNSSShutdownObject protocol wherever you use NSS. Why do we have to pass the name as an input to this function? Couldn't we just generate a random name? Because the certificate is sent in the clear, the name is sent in the clear. So, it is better to design the API so that the application cannot choose the name, so that we don't have to worry about the application unintentionally leaking any sensitive information (e.g. PII) through the name. If the application needs access to the name, it could get it through a GetName() method on this class. Also, see my comment on collisions below. The convention for functions that return already-addrefed values is to return already_AddRefed<T>. Add a comment that says that this function generates a self-signed X.509v3 certificate and that it is based this code on NSS's certutil.c. @@ +46,5 @@ > +mozilla::RefPtr<DtlsIdentity> DtlsIdentity::Generate(const std::string name) { > + SECStatus rv; > + > + std::string subject_name_string = "CN=" + name; > + CERTName *subject_name = CERT_AsciiToName( Needs to use a smart pointer to avoid leaking. @@ +54,5 @@ > + } > + > + PK11RSAGenParams rsaparams; > + rsaparams.keySizeInBits = 1024; > + rsaparams.pe = 0x010001; ... = 65537; // We are too paranoid to use 3 as the exponent. @@ +60,5 @@ > + scoped_c_ptr<SECKEYPrivateKey> private_key(SECKEY_DestroyPrivateKey); > + scoped_c_ptr<SECKEYPublicKey> public_key(SECKEY_DestroyPublicKey); > + SECKEYPublicKey *pubkey; > + > + private_key = PK11_GenerateKeyPair(PK11_GetInternalSlot(), Check that PK11_GetInternalSlot() does not fail. @@ +79,5 @@ > + if (!certreq.get()) { > + return NULL; > + } > + > + PRTime notBefore = PR_Now() - (86400UL * PR_USEC_PER_SEC); Please make 86400UL clearer, e.g. (60 * 60 * 24 * whatever), and add a comment explaining why you chose the range -X to +30X as opposed to some other range. @@ +89,5 @@ > + return NULL; > + } > + > + unsigned long serial; > + // Note: This serial in principle could collide, but it's unlikely Is it unlikely enough? NSS simply will not allow you to create a CERTCertificate object that has the same (issuer, serial) pair as another CERTCertificate object. So, the probability of collision is tied to the probability that this identity will be useless and cause connections that use it to fail. For that reason, we should add a random component to the issuer name that further reduces the likelihood of collisions (e.g. 128 bits). @@ +110,5 @@ > + if (rv != SECSuccess) > + return NULL; > + > + // Set version to X509v3. > + *(certificate.get()->version.data) = 2; = SEC_CERTIFICATE_VERSION_3; @@ +113,5 @@ > + // Set version to X509v3. > + *(certificate.get()->version.data) = 2; > + certificate.get()->version.len = 1; > + > + SECItem innerDER; This leaks if later function calls fail. @@ +119,5 @@ > + innerDER.data = NULL; > + > + if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate.get(), > + SEC_ASN1_GET(CERT_CertificateTemplate))) > + return NULL; Use braces at lesat for statements with multi-line conditions. @@ +121,5 @@ > + if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate.get(), > + SEC_ASN1_GET(CERT_CertificateTemplate))) > + return NULL; > + > + SECItem *signedCert Leaks if SEC_DerSignData fails. @@ +141,5 @@ > +} > + > + > + > +DtlsIdentity::~DtlsIdentity() { Use smart pointer members instead of explicit destructor unless implementing the nsNSSShutDownObject protocol makes smart pointers unhelpful. @@ +153,5 @@ > +nsresult DtlsIdentity::ComputeFingerprint(const std::string algorithm, > + unsigned char *digest, > + std::size_t size, > + std::size_t *digest_length) { > + PR_ASSERT(cert_); if you implement the nsNSSShutdownObject protocol then this assertion will not be valid, I think. @@ +170,5 @@ > + > + if (algorithm == "sha-1") { > + ht = HASH_AlgSHA1; > + } else if (algorithm == "sha-224") { > + ht = HASH_AlgSHA224; It doesn't make sense to support SHA-1 and SHA-224 for these protocols, AFAICT. Let's remove this support now, or file a follow-up bug to remove it. And, let's ensure we're always sending SHA2 hashes. @@ +186,5 @@ > + PR_ASSERT(ho); > + if (!ho) > + return NS_ERROR_INVALID_ARG; > + > + PR_ASSERT(ho->length >= 20); // Double check This is not necessary. @@ +195,5 @@ > + SECStatus rv = HASH_HashBuf(ho->type, digest, > + cert->derCert.data, > + cert->derCert.len); > + > + // This should not happen the blank line and this comment are not necessary. @@ +219,5 @@ > + } > + str += group; > + } > + > + PR_ASSERT(str.size() == (size * 3 - 1)); // Check result length s/PR_ASSERT/MOZ_ASSERT everywhere. @@ +226,5 @@ > + > +// Parse a fingerprint in RFC 4572 format. > +// Note that this tolerates some badly formatted data, in particular: > +// (a) arbitrary runs of colons > +// (b) colons at the beginning or end. I don't think we should support badly-formatted fingerprints given that we're implementing a brand-new thing. And, especially, this code seems to silently do confusing things for inputs like "A:F:0". I would not expect that to get parsed to { 0xAF } like it appears to with this code; I'd expect it to get parsed to { 0xA, 0xF, 0x0 }. @@ +228,5 @@ > +// Note that this tolerates some badly formatted data, in particular: > +// (a) arbitrary runs of colons > +// (b) colons at the beginning or end. > +nsresult DtlsIdentity::ParseFingerprint(const std::string fp, > + unsigned char *digest, Why not replace digest/size/length with "string & digest /*out*/" ? @@ +233,5 @@ > + size_t size, > + size_t *length) { > + size_t offset = 0; > + bool top_half = true; > + unsigned char val = 0; use uint8_t for val since it isn't storing text; @@ +246,5 @@ > + if (top_half && (fp[i] == ':')) { > + continue; > + } else if ((fp[i] >= '0') && (fp[i] <= '9')) { > + val |= fp[i] - '0'; > + } else if ((fp[i] >= 'a') && (fp[i] <= 'f')) { lowercase should be considered invalid based on my understanding of http://tools.ietf.org/html/rfc4572#section-5. ::: media/mtransport/dtlsidentity.h @@ +46,5 @@ > + > +#include "mozilla/RefPtr.h" > +#include "nsISupportsImpl.h" > + > +class DtlsIdentity : public mozilla::RefCounted<DtlsIdentity> { It is good enough for this to be refcounted, or does the refcounting need to be thread-safe too? Need to disallow copying and assignment, right? @@ +80,5 @@ > + SECKEYPrivateKey *privkey_; > + CERTCertificate *cert_; > +}; > + > + Too many blank lines. ::: media/mtransport/logging.h @@ +1,5 @@ > +/* This Source Code Form is subject to the terms of the Mozilla Public > + * License, v. 2.0. If a copy of the MPL was not distributed with this file, > + * You can obtain one at http://mozilla.org/MPL/2.0/. */ > + > +// Original author: ekr@rtfm.com I heard we're not supposed to put these credits in any more, as part of the MPL 2.0 stuff. Check with Gerv. Also, media/mtransport is not a good home for this, IMO. MFBT or XPCOM would be better places. (Can be moved in a follow-up.) @@ +13,5 @@ > + > + > +class LogCtx { > + public: > + LogCtx(const char* name) : module_(PR_NewLogModule(name)) {} The pattern you are using will cause unnecessary static initializers to run at startup, AFAICT. It would be better to call PR_NewLogModule lazily at the time of logging, to avoid the static initializer. @@ +22,5 @@ > +private: > + PRLogModuleInfo* module_; > +}; > + > + too many blank lines. @@ +23,5 @@ > + PRLogModuleInfo* module_; > +}; > + > + > +#define MLOG_INIT(n) \ Assuming you address my comment about initializing the log module lazily, "MLOG_INIT" is a bad name for this. Maybe just MLOG_MODULE? The prefix for Mozilla-defined macros is MOZ_, not M. @@ +28,5 @@ > + static LogCtx mlog_ctx(n) > + > +#define MLOG(level, b) \ > + do { if (mlog_ctx.module()) { \ > + std::stringstream str; \ I am concerned about bringing the iostream library into Gecko, just for the sake of logging. Are we sure that this isn't adding overhead that we didn't have before? ::: media/mtransport/nr_socket_prsock.cpp @@ +74,5 @@ > + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > + POSSIBILITY OF SUCH DAMAGE. > + > + > + ekr@rtfm.com Thu Dec 20 20:14:49 2001 Somebody else needs to check the licensing issues here. ::: media/mtransport/transportlayerdtls.cpp @@ +5,5 @@ > +// Original author: ekr@rtfm.com > + > +#include <queue> > + > + too many blank lines. @@ +45,5 @@ > +// because this is only useful for NSPR. > +struct Packet { > + Packet() : data_(NULL), len_(0), offset_(0) {} > + ~Packet() { > + delete data_; This should be delete []. But, really, we should just use ScopedDeleteArray. @@ +53,5 @@ > + memcpy(data_, data, len); > + len_ = len; > + } > + > + unsigned char *data_; ScopedDeleteArray<uint8_t> @@ +59,5 @@ > + PRInt32 offset_; > +}; > + > +void NSPRHelper::PacketReceived(const void *data, PRInt32 len) { > + input_.push(new Packet()); input_.push(new Packet(data, len)); Again, I am unsure what std::vector/queue will do on OOM. @@ +117,5 @@ > +} > + > +static PRInt32 TransportLayerAvailable(PRFileDesc *f) { > + UNIMPLEMENTED; > + return -1; In these methods, we must always call PR_SetError before returning an error value (-1 or PR_FAILURE or whatever). @@ +204,5 @@ > +// This function does not support peek. > +static PRInt32 TransportLayerSend(PRFileDesc *f, const void *buf, PRInt32 amount, > + PRIntn flags, PRIntervalTime to) { > + PRInt32 written = TransportLayerWrite(f, buf, amount); > + remove blank line. @@ +242,5 @@ > + > +static PRStatus TransportLayerGetpeername(PRFileDesc *f, PRNetAddr *addr) { > + // TODO(ekr@rtfm.com): Modify to return unique names for each channel > + // somehow, as opposed to always the same static address. The current > + // implementation messes up the session cache, which is why it's off Since we're turning off the session cache anyway, can we just make this UNIMPLEMENTED like the other things? @@ +340,5 @@ > + TransportLayerReserved, > + TransportLayerReserved > +}; > + > +TransportLayerDtls::~TransportLayerDtls() { Double-check everything is getting cleaned up. @@ +354,5 @@ > + // Get the transport service as an event target > + nsresult rv; > + target_ = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv); > + > + if (!NS_SUCCEEDED(rv)) { Don't use !NS_SUCCEEDED(rv); use NS_FAILED(rv) instead. @@ +360,5 @@ > + return rv; > + } > + > + timer_ = do_CreateInstance(NS_TIMER_CONTRACTID, &rv); > + if (!NS_SUCCEEDED(rv)) { ditto. @@ +393,5 @@ > + const unsigned char *digest_value, > + size_t digest_len) { > + // Defensive programming > + if (verification_mode_ != VERIFY_UNSET && > + verification_mode_ != VERIFY_DIGEST) indent two more spaces, and use braces around the body. @@ +411,5 @@ > + return NS_OK; > +} > + > +// TODO(ekr@rtfm.com): make sure this is called from STS. Otherwise > +// we have thread safety issues See how this is checked in SSLServerCertVerification.cpp. @@ +817,5 @@ > + CERTCertificate *peer_cert = NULL; > + peer_cert = SSL_PeerCertificate(fd); > + > + // We are not set up to take this being called multiple > + // times. Change this if we ever add renegotiation. We should be calling the libssl function to disable renegotiation. ::: media/mtransport/transportlayerdtls.h @@ +26,5 @@ > +#include "transportlayer.h" > + > +struct Packet; > + > +class NSPRHelper { Please add a comment explaining how this class "helps". @@ +32,5 @@ > + NSPRHelper(TransportLayer *output) : > + output_(output), > + input_() {} > + > + void PacketReceived(const void *data, PRInt32 len); PR* (including especially PRBool) is out; now use int32_t, bool, and friends (without qualifying them with std::). @@ +40,5 @@ > + private: > + DISALLOW_COPY_ASSIGN(NSPRHelper); > + > + TransportLayer *output_; > + std::queue<Packet *> input_; make sure std::queue handles OOM correctly. @@ +43,5 @@ > + TransportLayer *output_; > + std::queue<Packet *> input_; > +}; > + > +class TransportLayerDtls : public TransportLayer { it isn't clear how this works with Gecko's NSS lifecycle; how do we ensure NSS has been initialized and that it hasn't been shut down? Do we need to implement the nsNSSShutdownObject protocol here? @@ +47,5 @@ > +class TransportLayerDtls : public TransportLayer { > +public: > + TransportLayerDtls() : > + TransportLayer(DGRAM), > + identity_(NULL), s/NULL/nullptr/g. @@ +62,5 @@ > + > + > + enum Role { CLIENT, SERVER}; > + enum Verification { VERIFY_UNSET, VERIFY_ALLOW_ALL, VERIFY_DIGEST}; > + const static int kMaxDigestLength = 64; It's better to just use nsAutoCString and avoid the issue altogether. This isn't a performance- or space- critical buffer. @@ +68,5 @@ > + // DTLS-specific operations > + void SetRole(Role role) { role_ = role;} > + Role role() { return role_; } > + > + void SetIdentity(mozilla::RefPtr<DtlsIdentity> identity) { already_AddRefed<DtlsIdentity> identity. @@ +73,5 @@ > + identity_ = identity; > + } > + nsresult SetVerificationAllowAll(); > + nsresult SetVerificationDigest(const std::string digest_algorithm, > + const unsigned char *digest_value, Again, there's no need to use raw pointers here, AFAICT. ns[Dependent|Auto]CString can efficiently handle all of this without the tedious pointer manipulations, if we just replace "digest_value" and "digest_len" with: nsACString & digest /*out*/ @@ +82,5 @@ > + > + nsresult ExportKeyingMaterial(const std::string& label, > + bool use_context, > + const std::string& context, > + unsigned char *out, Same here. nsACString & out and then we can forget about buffer overflows. @@ +85,5 @@ > + const std::string& context, > + unsigned char *out, > + unsigned int outlen); > + > + const CERTCertificate *GetPeerCert() const { return peer_cert_; } Usually a function that returns a CERTCertificate* will call CERT_DupCertificate() to give the caller a copy (really just increase the refcount). Since that's the existing convention, and since CERT_DupCertificate is cheap, I think we should just use that existing convention here and in dtlsidentity. @@ +88,5 @@ > + > + const CERTCertificate *GetPeerCert() const { return peer_cert_; } > + > + // Transport layer overrides. > + virtual nsresult InitInternal(); Use MOZ_OVERRIDE for the methods declared in the superclasses. @@ +106,5 @@ > + // A single digest to check > + class VerificationDigest { > + public: > + VerificationDigest(std::string algorithm, > + const unsigned char *value, size_t len) { This can also be simplified by using the string API. @@ +151,5 @@ > + > + Role role_; > + Verification verification_mode_; > + std::vector<mozilla::RefPtr<VerificationDigest> > digests_; > + Need to make sure all these C-typed objects are cleaned up in the destructor. @@ +153,5 @@ > + Verification verification_mode_; > + std::vector<mozilla::RefPtr<VerificationDigest> > digests_; > + > + PRFileDesc *pr_fd_; > + PRFileDesc *ssl_fd_; ScopedPRFileDesc? @@ +155,5 @@ > + > + PRFileDesc *pr_fd_; > + PRFileDesc *ssl_fd_; > + mozilla::ScopedDeletePtr<NSPRHelper> helper_; > + CERTCertificate *peer_cert_; ScpopedCERTCertificate?

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

•

12 years ago

Comment on attachment 660321 [details] [diff] [review] Patch 4: Generic media transport subsystem with modules for ICE and DTLS Review of attachment 660321 [details] [diff] [review]: ----------------------------------------------------------------- ::: media/mtransport/build/Makefile.in @@ +1,2 @@ > +# ***** BEGIN LICENSE BLOCK ***** > +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 So I copied this from another file in Firefox. I can do whatever is appropriate here but I erred on the side of not messing with it. ::: media/mtransport/dtlsidentity.cpp @@ +16,5 @@ > + > +// Helper class to avoid having a crapload of if (!NULL) statements at > +// the end to clean up. The way you use this is you instantiate the > +// object as scoped_c_ptr<PtrType> obj(value, destructor); > +// TODO(ekr@rtfm.com): Move this to some generic location Yeah, this is a googlism. Would you like a mass change to TODO? @@ +17,5 @@ > +// Helper class to avoid having a crapload of if (!NULL) statements at > +// the end to clean up. The way you use this is you instantiate the > +// object as scoped_c_ptr<PtrType> obj(value, destructor); > +// TODO(ekr@rtfm.com): Move this to some generic location > +template <class T> class scoped_c_ptr { 1. We can't use nsACString. It causes linkage errors. 2. Per discussion on #necko, I believe std::string is OK here @@ +42,5 @@ > + void (*d_)(T *); > +}; > + > +// Auto-generate an identity based on name=name > +mozilla::RefPtr<DtlsIdentity> DtlsIdentity::Generate(const std::string name) { 1. Per our discussion the other day, I am going to handle the initialization/shutdown stuff in PeerConnection with the assumption that callers of this API will do the tirhg thing. 2. I don't have a problem with generating a random name, but that's not something we should impose as a requirement on the next layer up. I'm happy to have a nullary Generate function that takes a random name. 3. WRT already_AddRefed<T>, OK, but frankly, it strikes me as false optimization. @@ +54,5 @@ > + } > + > + PK11RSAGenParams rsaparams; > + rsaparams.keySizeInBits = 1024; > + rsaparams.pe = 0x010001; I believe I copied this from the NSS code. What are you thinking? A comment? @@ +89,5 @@ > + return NULL; > + } > + > + unsigned long serial; > + // Note: This serial in principle could collide, but it's unlikely OK. @@ +170,5 @@ > + > + if (algorithm == "sha-1") { > + ht = HASH_AlgSHA1; > + } else if (algorithm == "sha-224") { > + ht = HASH_AlgSHA224; I can make us always generate SHA-2, but I don't see a problem with accepting SHA-1. @@ +226,5 @@ > + > +// Parse a fingerprint in RFC 4572 format. > +// Note that this tolerates some badly formatted data, in particular: > +// (a) arbitrary runs of colons > +// (b) colons at the beginning or end. I believe that A:F:0 is actually rejected. I'm tolerating bad formatting because it makes the decoder somewhat simpler. I'm happy to file a bug to tighten this later. @@ +228,5 @@ > +// Note that this tolerates some badly formatted data, in particular: > +// (a) arbitrary runs of colons > +// (b) colons at the beginning or end. > +nsresult DtlsIdentity::ParseFingerprint(const std::string fp, > + unsigned char *digest, It would have to be std::string<uint8_t>. Is there really not some buffer construct that is more obviously opaque binary bytes? ::: media/mtransport/dtlsidentity.h @@ +46,5 @@ > + > +#include "mozilla/RefPtr.h" > +#include "nsISupportsImpl.h" > + > +class DtlsIdentity : public mozilla::RefCounted<DtlsIdentity> { 1. Yes, this is a hangover from when I thought REfCounted<T> was OK. 2. Yes, I'll add something here. ::: media/mtransport/logging.h @@ +17,5 @@ > + LogCtx(const char* name) : module_(PR_NewLogModule(name)) {} > + LogCtx(std::string& name) : module_(PR_NewLogModule(name.c_str())) {} > + > + PRLogModuleInfo* module() const { return module_; } > + I'll go through en masse. ::: media/mtransport/m_cpp_utils.h @@ +8,5 @@ > +#define m_cpp_utils_h__ > + > +#include "mozilla/Attributes.h" > + > +#define DISALLOW_ASSIGNMENT(T) \ I believe not. We have MOZ_DELETE but when I asked on #developers there was no macro like this. I would be happy to contribute this macro to MFBT if it's not going to be painful. ::: media/mtransport/nr_timer.cpp @@ +50,5 @@ > + int l, void **handle) { > + nsresult rv; > + > + // TODO(ekr@rtfm.com): See if this is too expensive and if so cache > + nsCOMPtr<nsITimer> timer = do_CreateInstance(NS_TIMER_CONTRACTID, &rv); OK @@ +59,5 @@ > + > + timer->InitWithCallback(new nrappkitTimerCallback(cb, arg), timeout, > + nsITimer::TYPE_ONE_SHOT); > + > + timer->AddRef(); I think I got this right, but I will double-check. @@ +74,5 @@ > + > +int NR_async_timer_cancel(void *handle) { > + nsITimer *timer = static_cast<nsITimer *>(handle); > + > + timer->Cancel(); I suspect so. will look into this. ::: media/mtransport/nricectx.cpp @@ +235,5 @@ > + nr_crypto_vtbl = &nr_ice_crypto_nss_vtbl; > + initialized = true; > + > + // Set the priorites for candidate type preferences > + NR_reg_set_uchar((char *)"ice.pref.type.srv_rflx",100); The overall plan is to write some code to investigate the interface parameters and then set preferences appropriately. The temporary plan is to hardwire some of the best-known ones and use the auto-setter for hte rest. Maybe we should file a bug? @@ +268,5 @@ > + NR_reg_set_uchar((char *)"ice.pref.interface.virbr0", 233); > + NR_reg_set_uchar((char *)"ice.pref.interface.wlan0", 232); > + } > + > + NR_reg_set_string((char *)"ice.stun.server.0.addr", (char *)"216.93.246.14"); Will add a comment with the bug #. ::: media/mtransport/nricemediastream.cpp @@ +181,5 @@ > + << name_ << "'"); > + return NS_ERROR_NOT_AVAILABLE; > + } > + > + char addr[64]; I believe it is one of those "always enough" values. Like, enough for a hex representation of IPv6 with colons. Maybe a comment? ::: media/mtransport/standalone/Makefile.in @@ +48,5 @@ > +MODULE = mtransport_s > +LIBRARY_NAME = mtransport_s > +FORCE_STATIC_LIB= 1 > +ifeq (WINNT,$(OS_TARGET)) > +VISIBILITY_FLAGS = I am not sure. Ted? @@ +74,5 @@ > + $(NULL) > + > + > +export:: $(MTRANSPORT_CPPSRCS) > + $(INSTALL) $^ . Right. this is part of the dual-compilation thing. Ted, are we planning to get rid of that? ::: media/mtransport/transportflow.cpp @@ +28,5 @@ > + old_layer->SignalStateChange.disconnect(this); > + old_layer->SignalPacketReceived.disconnect(this); > + } > + layer->SignalStateChange.connect(this, &TransportFlow::StateChange); > + layer->SignalPacketReceived.connect(this, &TransportFlow::PacketReceived); Can you define "safe"? ::: media/mtransport/transportlayerdtls.cpp @@ +2,5 @@ > + * License, v. 2.0. If a copy of the MPL was not distributed with this file, > + * You can obtain one at http://mozilla.org/MPL/2.0/. */ > + > +// Original author: ekr@rtfm.com > + It seems to me that matching them is exactly what we don't want to do. In any case, there are a bunch of different TransportLayer*s in this directory, so they certainly can't all be called TransportLayerIOLayer. @@ +5,5 @@ > +// Original author: ekr@rtfm.com > + > +#include <queue> > + > + 1. The documentation here (if any) should go into TransportLayer.h and TransportFlow.h, since they all share the same semantics. 2. WRT to the more general implementation question you are asking. we have to adapt four different I/O models: (a) NSPR (b) nICEr [recall that DTLS is *not* sitting directly on top of UDP] (c) SCTP (d) SRTP This sort of event driven model is a much better fit than a pull model like NSPRs, especially since we woudl then have to recast all this other stuff as NSPR I/O layers and because SRTP talks directly to nICEr as well as to the DTLS stack. 3. I don't understand the question about buffering. @@ +59,5 @@ > + PRInt32 offset_; > +}; > + > +void NSPRHelper::PacketReceived(const void *data, PRInt32 len) { > + input_.push(new Packet()); 1. On OOM, std::vector either throws std::bad_alloc or crashes, depending on whether -fno-exceptions is set. 2. WRT PacketReceived, what happens here is that TransportLayerDtls::PacketReceived calles NSPRHelper::PacketReceived, which immediately calls PR_Recv() afterward. That said, I do think it's potentially possible to have some pileup here depending exactly how NSS handles multiple DTLS records in the same frame. I can generate a bug. I can document the threading model, but briefly everything important has to happen on the same thread. @@ +117,5 @@ > +} > + > +static PRInt32 TransportLayerAvailable(PRFileDesc *f) { > + UNIMPLEMENTED; > + return -1; OK, I will modify UNIMPLEMENTED to do that. @@ +209,5 @@ > + return written; > +} > + > +static PRInt32 TransportLayerRecvfrom(PRFileDesc *f, void *buf, PRInt32 amount, > + PRIntn flags, PRNetAddr *addr, PRIntervalTime to) { WRT to the indent, these are supposed to line up with the "(" but a mass rename messed this up. @@ +242,5 @@ > + > +static PRStatus TransportLayerGetpeername(PRFileDesc *f, PRNetAddr *addr) { > + // TODO(ekr@rtfm.com): Modify to return unique names for each channel > + // somehow, as opposed to always the same static address. The current > + // implementation messes up the session cache, which is why it's off Yes, it's called. @@ +536,5 @@ > + downward_->SignalPacketReceived.connect(this, &TransportLayerDtls::PacketReceived); > + > + if (downward_->state() == OPEN) { > + Handshake(); > + } I don't think so... Why? @@ +644,5 @@ > + } > + > + // Now try a recv if we're open, since there might be data left > + if (state_ == OPEN) { > + unsigned char buf[2000]; The usual "more than enough room for IP" theory, since we don't know the interface MTU. I would be ok with making this larger but then as I think you suggested, it shouldn't be on the stack. Thoughts? @@ +728,5 @@ > + return SECSuccess; > +} > + > +nsresult TransportLayerDtls::SetSrtpCiphers(std::vector<PRUint16> ciphers) { > + // TODO(ekr@rtfm.com): We should check these I think it's a nice-to-have. @@ +828,5 @@ > + PR_ASSERT(peer_cert_ == NULL); > + > + switch (verification_mode_) { > + case VERIFY_UNSET: > + // Jump to error exit I do not believe that there is a missing goto. This break jumps out of the switch and thus to a SECFailure return. Do you think there is a logic error here, or just that the comment isn't clear. @@ +855,5 @@ > + // Matches all digests, we are good to go > + peer_cert_ = peer_cert; > + return SECSuccess; > + } > + } This is just belt-and-suspenders for when we add another case? ::: media/mtransport/transportlayerdtls.h @@ +26,5 @@ > +#include "transportlayer.h" > + > +struct Packet; > + > +class NSPRHelper { 1. Which class? NSPRHelper or TransportLayerDtls? 2. Yes, I'll add something. @@ +32,5 @@ > + NSPRHelper(TransportLayer *output) : > + output_(output), > + input_() {} > + > + void PacketReceived(const void *data, PRInt32 len); I believe Jesup is planning to take care of this with some script of his. @@ +40,5 @@ > + private: > + DISALLOW_COPY_ASSIGN(NSPRHelper); > + > + TransportLayer *output_; > + std::queue<Packet *> input_; It handles out of memory in the usual way. By throwing an exception and if -fno-exceptions, by crashing. @@ +62,5 @@ > + > + > + enum Role { CLIENT, SERVER}; > + enum Verification { VERIFY_UNSET, VERIFY_ALLOW_ALL, VERIFY_DIGEST}; > + const static int kMaxDigestLength = 64; It's the size of the largest known digest, SHA-512. Comment? We can't use ns*String for linkage reasons. @@ +68,5 @@ > + // DTLS-specific operations > + void SetRole(Role role) { role_ = role;} > + Role role() { return role_; } > + > + void SetIdentity(mozilla::RefPtr<DtlsIdentity> identity) { already_AddRefed and mozilla::RefPtr do not play nice together, and indeed apparently there is some controversy about whether you should use nsCOMPtr and RefPtr together https://bugzilla.mozilla.org/show_bug.cgi?id=776358 @@ +82,5 @@ > + > + nsresult ExportKeyingMaterial(const std::string& label, > + bool use_context, > + const std::string& context, > + unsigned char *out, I don't see how this removes buffer overflows, since there is going to be a memcpy inside NSS. @@ +85,5 @@ > + const std::string& context, > + unsigned char *out, > + unsigned int outlen); > + > + const CERTCertificate *GetPeerCert() const { return peer_cert_; } OK. @@ +153,5 @@ > + Verification verification_mode_; > + std::vector<mozilla::RefPtr<VerificationDigest> > digests_; > + > + PRFileDesc *pr_fd_; > + PRFileDesc *ssl_fd_; Sure. I didn't know that this and ScopedCERTCertificate existed. ::: media/mtransport/transportlayerloopback.cpp @@ +22,5 @@ > +#include "transportlayerloopback.h" > + > +MLOG_INIT("mtransport"); > + > +nsresult TransportLayerLoopback::Init() { It's just for the test harness. But we do want the unit tests to have this, so it needs to be built in opt builds. ::: media/mtransport/transportlayerprsock.cpp @@ +87,5 @@ > + } > + > + MLOG(PR_LOG_DEBUG, LAYER_INFO << "OnSocketReady(flags=" << outflags << ")"); > + > + unsigned char buf[1600]; Yeah, this is just my Ethernet myopia. As for unsigned char, I'm not sure what the advantage of uint8_t is here. ::: toolkit/toolkit-tiers.mk @@ -136,2 @@ > media/webrtc \ > - media/mtransport/third_party \ Huh. Pilot error.

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Comment 48

•

12 years ago

Comment on attachment 660321 [details] [diff] [review] Patch 4: Generic media transport subsystem with modules for ICE and DTLS Review of attachment 660321 [details] [diff] [review]: ----------------------------------------------------------------- As mentioned on IRC, in the automated tests, use the PSM XPCOM component (NS_NSSCOMPONENT_CID) to initialize and shutdown NSS, to better simulate the browser environment that this code will be run in. Note that you will need to create a profile directory to use PSM. Look at my code in bug 767231 and/or in xpcom/test to see how to do this. For the things that you expect to fix in follow-up bugs: Please file the bug, assigned to yourself, reference the bug in the review comments, and have it block the "Enable WebRTC by default" bug. Then, Randell can triage them later to determine which things really need to block. ::: media/mtransport/build/Makefile.in @@ +1,2 @@ > +# ***** BEGIN LICENSE BLOCK ***** > +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 For new files that aren't originally licensed by somebody else, use: https://developer.mozilla.org/en-US/docs/Developer_Guide/Coding_Style#Mode_Line (Note also the mode line). ::: media/mtransport/dtlsidentity.cpp @@ +17,5 @@ > +// Helper class to avoid having a crapload of if (!NULL) statements at > +// the end to clean up. The way you use this is you instantiate the > +// object as scoped_c_ptr<PtrType> obj(value, destructor); > +// TODO(ekr@rtfm.com): Move this to some generic location > +template <class T> class scoped_c_ptr { Yes, std::string, vector, etc. are OK. I understand that this code cannot use the Mozilla string API due to linkage issues. @@ +42,5 @@ > + void (*d_)(T *); > +}; > + > +// Auto-generate an identity based on name=name > +mozilla::RefPtr<DtlsIdentity> DtlsIdentity::Generate(const std::string name) { 1. OK, let me know what part of the PeerConnection code is (or will be) handling this so I can look at it. 2. If we know that all of our existing code can use a random name without problem, then let's just do that because YAGNI. Otherwise, I have to review all the callers too. 3. already_AddRefed<T> is more about readability of the code than optimization. @@ +54,5 @@ > + } > + > + PK11RSAGenParams rsaparams; > + rsaparams.keySizeInBits = 1024; > + rsaparams.pe = 0x010001; The decimal value is easier to read. I don't care about the comment so much. @@ +170,5 @@ > + > + if (algorithm == "sha-1") { > + ht = HASH_AlgSHA1; > + } else if (algorithm == "sha-224") { > + ht = HASH_AlgSHA224; If we all (browsers implementing WebRTC) can agree to avoid SHA-1, it will save trouble down the road. People are already asking us to transition away from SHA-1 in other areas. If we're not sure about that agreement, please file a bug about it that blocks the "Enable WebRTC by default" bug. @@ +228,5 @@ > +// Note that this tolerates some badly formatted data, in particular: > +// (a) arbitrary runs of colons > +// (b) colons at the beginning or end. > +nsresult DtlsIdentity::ParseFingerprint(const std::string fp, > + unsigned char *digest, It is OK to avoid making this change, because this is already so pervasive and we can't use the Mozilla string API that would help make things less painful. ::: media/mtransport/transportlayerdtls.cpp @@ +2,5 @@ > + * License, v. 2.0. If a copy of the MPL was not distributed with this file, > + * You can obtain one at http://mozilla.org/MPL/2.0/. */ > + > +// Original author: ekr@rtfm.com > + I don't understand the first sentence of your comment. My point is that it is likely that the people that work on Necko will be working on this code, so it is worth making it more like the Necko/PSM code so that it is easier to figure out what's going on. I understand now that it makes less sense to rename the file than I thought; ignore that request. @@ +5,5 @@ > +// Original author: ekr@rtfm.com > + > +#include <queue> > + > + I am not questioning the design decision. My point is that, as someone wholly new to this code, and with experience with the existing Mozilla networking code, it is helpful (for others) to explain here that we're adapting the the TransportLayer's push model into NSPR's pull model, and that the pull model is inappropriate for TransportLayer. @@ +59,5 @@ > + PRInt32 offset_; > +}; > + > +void NSPRHelper::PacketReceived(const void *data, PRInt32 len) { > + input_.push(new Packet()); When you say "everything important," do you mean that some things aren't expected to be done in a single-threaded fashion? If so, which things? @@ +536,5 @@ > + downward_->SignalPacketReceived.connect(this, &TransportLayerDtls::PacketReceived); > + > + if (downward_->state() == OPEN) { > + Handshake(); > + } Never mind this comment. @@ +644,5 @@ > + } > + > + // Now try a recv if we're open, since there might be data left > + if (state_ == OPEN) { > + unsigned char buf[2000]; I thought that somewhere in this feature there is (or was supposed to be) MTU dscovery logic of some kind? ::: media/mtransport/transportlayerdtls.h @@ +26,5 @@ > +#include "transportlayer.h" > + > +struct Packet; > + > +class NSPRHelper { NSPRHelper. @@ +62,5 @@ > + > + > + enum Role { CLIENT, SERVER}; > + enum Verification { VERIFY_UNSET, VERIFY_ALLOW_ALL, VERIFY_DIGEST}; > + const static int kMaxDigestLength = 64; #include "hasht.h" const static int kMaxDigestLength = HASH_LENGTH_MAX; @@ +68,5 @@ > + // DTLS-specific operations > + void SetRole(Role role) { role_ = role;} > + Role role() { return role_; } > + > + void SetIdentity(mozilla::RefPtr<DtlsIdentity> identity) { That looks like the start of a long and unfun conversation. Actually, I am unsure why you pass the mozilla::RefPtr<DtlsIdentity> instead of just DtlsIdentity*, which is the normal convention in Gecko. @@ +73,5 @@ > + identity_ = identity; > + } > + nsresult SetVerificationAllowAll(); > + nsresult SetVerificationDigest(const std::string digest_algorithm, > + const unsigned char *digest_value, As above, just disregard this comment since we don't have the Mozilla String API available for this code. @@ +82,5 @@ > + > + nsresult ExportKeyingMaterial(const std::string& label, > + bool use_context, > + const std::string& context, > + unsigned char *out, As above, just disregard this comment since we don't have the Mozilla String API available for this code. @@ +106,5 @@ > + // A single digest to check > + class VerificationDigest { > + public: > + VerificationDigest(std::string algorithm, > + const unsigned char *value, size_t len) { As above, just disregard this comment since we don't have the Mozilla String API available for this code. @@ +153,5 @@ > + Verification verification_mode_; > + std::vector<mozilla::RefPtr<VerificationDigest> > digests_; > + > + PRFileDesc *pr_fd_; > + PRFileDesc *ssl_fd_; Looks like we need to add ScopedPRFileDesc to ScopedNSSTypes.h. (We can move it to some non-NSS-specific file later if/when people complain about depending on NSS and/or PSM.)

Eric Rescorla (:ekr)

Assignee

Comment 49

•

•

12 years ago

Comment on attachment 664195 [details] [diff] [review] Patch 3: build nICEr and nrappkit r=ted Corrying r+ forward from ted

Attachment #664195 - Attachment description: Patch 3: build nICEr and nrappkit → Patch 3: build nICEr and nrappkit r=ted

Attachment #664195 - Flags: review+

Eric Rescorla (:ekr)

Assignee

Comment 56

•

12 years ago

Attached patch Patch 3: build nICEr and nrappkit r=ted — Details — Splinter Review

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #664195 - Attachment is obsolete: true

Patrick McManus [:mcmanus]

Comment 57

•

•

12 years ago

Comment on attachment 660321 [details] [diff] [review] Patch 4: Generic media transport subsystem with modules for ICE and DTLS Review of attachment 660321 [details] [diff] [review]: ----------------------------------------------------------------- ::: media/mtransport/dtlsidentity.cpp @@ +46,5 @@ > +mozilla::RefPtr<DtlsIdentity> DtlsIdentity::Generate(const std::string name) { > + SECStatus rv; > + > + std::string subject_name_string = "CN=" + name; > + CERTName *subject_name = CERT_AsciiToName( Can you add one to ScopedNSSTypes? @@ +54,5 @@ > + } > + > + PK11RSAGenParams rsaparams; > + rsaparams.keySizeInBits = 1024; > + rsaparams.pe = 0x010001; Done @@ +60,5 @@ > + scoped_c_ptr<SECKEYPrivateKey> private_key(SECKEY_DestroyPrivateKey); > + scoped_c_ptr<SECKEYPublicKey> public_key(SECKEY_DestroyPublicKey); > + SECKEYPublicKey *pubkey; > + > + private_key = PK11_GenerateKeyPair(PK11_GetInternalSlot(), Done. @@ +79,5 @@ > + if (!certreq.get()) { > + return NULL; > + } > + > + PRTime notBefore = PR_Now() - (86400UL * PR_USEC_PER_SEC); Added a comment. @@ +89,5 @@ > + return NULL; > + } > + > + unsigned long serial; > + // Note: This serial in principle could collide, but it's unlikely Done. @@ +110,5 @@ > + if (rv != SECSuccess) > + return NULL; > + > + // Set version to X509v3. > + *(certificate.get()->version.data) = 2; Done. @@ +113,5 @@ > + // Set version to X509v3. > + *(certificate.get()->version.data) = 2; > + certificate.get()->version.len = 1; > + > + SECItem innerDER; My understanding is that the data is allocated in the arena. @@ +119,5 @@ > + innerDER.data = NULL; > + > + if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate.get(), > + SEC_ASN1_GET(CERT_CertificateTemplate))) > + return NULL; Changed this. @@ +121,5 @@ > + if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate.get(), > + SEC_ASN1_GET(CERT_CertificateTemplate))) > + return NULL; > + > + SECItem *signedCert My understanding is that the data is allocated in the arena. @@ +141,5 @@ > +} > + > + > + > +DtlsIdentity::~DtlsIdentity() { Still TODO @@ +153,5 @@ > +nsresult DtlsIdentity::ComputeFingerprint(const std::string algorithm, > + unsigned char *digest, > + std::size_t size, > + std::size_t *digest_length) { > + PR_ASSERT(cert_); This will be handled externally. @@ +170,5 @@ > + > + if (algorithm == "sha-1") { > + ht = HASH_AlgSHA1; > + } else if (algorithm == "sha-224") { > + ht = HASH_AlgSHA224; I filed a bug. @@ +186,5 @@ > + PR_ASSERT(ho); > + if (!ho) > + return NS_ERROR_INVALID_ARG; > + > + PR_ASSERT(ho->length >= 20); // Double check I would prefer to be safe. @@ +195,5 @@ > + SECStatus rv = HASH_HashBuf(ho->type, digest, > + cert->derCert.data, > + cert->derCert.len); > + > + // This should not happen done @@ +212,5 @@ > + std::string str(""); > + char group[3]; > + > + for (std::size_t i=0; i < size; i++) { > + PR_snprintf(group, 3, "%.2x", digest[i]); Done/ @@ +233,5 @@ > + size_t size, > + size_t *length) { > + size_t offset = 0; > + bool top_half = true; > + unsigned char val = 0; Done. @@ +246,5 @@ > + if (top_half && (fp[i] == ':')) { > + continue; > + } else if ((fp[i] >= '0') && (fp[i] <= '9')) { > + val |= fp[i] - '0'; > + } else if ((fp[i] >= 'a') && (fp[i] <= 'f')) { Done. ::: media/mtransport/dtlsidentity.h @@ +1,2 @@ > +/* ***** BEGIN LICENSE BLOCK ***** > + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 Done. @@ +46,5 @@ > + > +#include "mozilla/RefPtr.h" > +#include "nsISupportsImpl.h" > + > +class DtlsIdentity : public mozilla::RefCounted<DtlsIdentity> { Done. ::: media/mtransport/logging.h @@ +1,5 @@ > +/* This Source Code Form is subject to the terms of the Mozilla Public > + * License, v. 2.0. If a copy of the MPL was not distributed with this file, > + * You can obtain one at http://mozilla.org/MPL/2.0/. */ > + > +// Original author: ekr@rtfm.com Let's do it in a followup. @@ +28,5 @@ > + static LogCtx mlog_ctx(n) > + > +#define MLOG(level, b) \ > + do { if (mlog_ctx.module()) { \ > + std::stringstream str; \ Approved by Jesup for now. ::: media/mtransport/nr_socket_prsock.cpp @@ +183,5 @@ > + PRNetAddr *naddr) > + { > + int _status; > + > + memset(naddr, 0, sizeof(PRNetAddr)); Done. @@ +213,5 @@ > + memcpy(naddr->ipv6.ip._S6_un._S6_u8, > + &addr->u.addr6.sin6_addr.__u6_addr.__u6_addr8, 16); > +#endif > +#else > + // TODO(ekr@rtfm.com): make IPv6 work Done. @@ +307,5 @@ > + ABORT(r); > + } > + > + // Finally, register with the STS > + rv = stservice_->AttachSocket(fd_, this); Unfortunately gSocketThread is not available to link into my unit test harness..... Gr... AttachSocket has its own assert. Is that enough? @@ +319,5 @@ > + return(_status); > +} > + > +int NrSocket::sendto(const void *msg, size_t len, > + int flags, nr_transport_addr *to) { Done. @@ +331,5 @@ > + if(fd_==NULL) > + ABORT(R_EOD); > + > + // TODO(ekr@rtfm.com): Convert flags? > + status = PR_SendTo(fd_, msg, len, flags, &naddr, PR_INTERVAL_NO_WAIT); Done. @@ +373,5 @@ > +} > + > +// Close the socket so that the STS will detach and then kill it > +void NrSocket::close() { > + mCondition = NS_BASE_STREAM_CLOSED; My understnading was that this was safe to do on any thread, actually, because worst case the STS would pick it up the next time through. @@ +398,5 @@ > +}; > + > + > +int nr_socket_local_create(nr_transport_addr *addr, nr_socket **sockp) { > + NrSocket *sock = new NrSocket(); I am normally a big fan of smart pointers, but in this case I think the explicit stuff is clearer. ::: media/mtransport/nr_socket_prsock.h @@ +37,5 @@ > +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > +*/ > + > + > +// Implementation of nICEr/nr_socket that is tied to the Firefox STS Done. @@ +65,5 @@ > + virtual ~NrSocket() { > + PR_Close(fd_); > + } > + > + // Implement nsASocket I believe this is correct. You'll notice that this subclassed to nsASocketHandler. The result is that the dtor only fires when the STS has stopped paying attention. @@ +73,5 @@ > + // nsISupports methods > + NS_DECL_ISUPPORTS > + > + // Implementations of the async_event APIs > + int async_wait(int how, NR_async_cb cb, void *cb_arg, I think that in this case it's better to match the naming of the nr_socket APIs. WRT the underscore_, Jesup and I agreed to defer the question of conversion from Google to Mozilla style. @@ +95,5 @@ > + void fire_callback(int how); > + > + PRFileDesc *fd_; > + nr_transport_addr my_addr_; > + NR_async_cb cbs_[2]; Done. ::: media/mtransport/nricectx.cpp @@ +188,5 @@ > + // Streams which do not exist should never fail. > + PR_ASSERT(s); > + > + ctx->SetState(ICE_CTX_FAILED); > + s -> SignalFailed(s); Done @@ +235,5 @@ > + nr_crypto_vtbl = &nr_ice_crypto_nss_vtbl; > + initialized = true; > + > + // Set the priorites for candidate type preferences > + NR_reg_set_uchar((char *)"ice.pref.type.srv_rflx",100); Reopened https://bugzilla.mozilla.org/show_bug.cgi?id=786313 @@ +268,5 @@ > + NR_reg_set_uchar((char *)"ice.pref.interface.virbr0", 233); > + NR_reg_set_uchar((char *)"ice.pref.interface.wlan0", 232); > + } > + > + NR_reg_set_string((char *)"ice.stun.server.0.addr", (char *)"216.93.246.14"); https://bugzilla.mozilla.org/show_bug.cgi?id=786236 ::: media/mtransport/objs.mk @@ +45,5 @@ > + transportlayerloopback.cpp \ > + transportlayerprsock.cpp \ > + $(NULL) > + > +MTRANSPORT_CPPSRCS = $(addprefix $(topsrcdir)/media/mtransport/, $(MTRANSPORT_LCPPSRCS)) \ No newline at end of file \ No newline at end of file \ No newline at end of file \ No newline at end of file \ No newline at end of file You actually need both of these variables elsewhere. ::: media/mtransport/test/Makefile.in @@ +85,5 @@ > + -I$(topsrcdir)/media/mtransport/third_party/nrappkit/src/plugin \ > + -I$(topsrcdir)/media/mtransport/third_party/nrappkit/src/event \ > + $(NULL) > + > +# SCTP DEFINES Done. @@ +146,5 @@ > + nrappkit_unittest.cpp \ > + sockettransportservice_unittest.cpp \ > + transport_unittests.cpp \ > + runnable_utils_unittest.cpp \ > +# sctp_unittest.cpp \ It just depends on SCTP which hasn't landed on my copy of m-c. ::: media/mtransport/test/sctp_unittest.cpp @@ +25,5 @@ > +#include "mtransport_test_utils.h" > +#include "runnable_utils.h" > + > +// XXX FIX > +#include "../../../netwerk/sctp/src/usrsctp.h" Done. ::: media/mtransport/transportflow.cpp @@ +28,5 @@ > + old_layer->SignalStateChange.disconnect(this); > + old_layer->SignalPacketReceived.disconnect(this); > + } > + layer->SignalStateChange.connect(this, &TransportFlow::StateChange); > + layer->SignalPacketReceived.connect(this, &TransportFlow::PacketReceived); Added a comment that this is not thread safe. ::: media/mtransport/transportlayer.cpp @@ +45,5 @@ > + } > +} > + > +const std::string& TransportLayer::flow_id() { > + static std::string empty; Done. ::: media/mtransport/transportlayer.h @@ +7,5 @@ > +#ifndef transportlayer_h__ > +#define transportlayer_h__ > + > +// Pull in sigslot from libjingle. If we remove libjingle, we will > +// need to either bring that in separately or refactor this code Removed. @@ +31,5 @@ > + virtual const std::string id() { return name; } \ > + static std::string ID() { return name; } > + > +// Abstract base class for network transport layers. > +class TransportLayer : public sigslot::has_slots<> { In the README. ::: media/mtransport/transportlayerdtls.cpp @@ +5,5 @@ > +// Original author: ekr@rtfm.com > + > +#include <queue> > + > + Comment added. @@ +48,5 @@ > + ~Packet() { > + delete data_; > + } > + void Assign(const void *data, PRInt32 len) { > + data_ = new unsigned char[len]; These can't practically be bigger than 16k or so, so I think this is OK fo rnow. @@ +59,5 @@ > + PRInt32 offset_; > +}; > + > +void NSPRHelper::PacketReceived(const void *data, PRInt32 len) { > + input_.push(new Packet()); I didn't want to use a constructor here because it made packet require some sort of assignment/copy construction and that seemed like more trouble than it was worth. @@ +117,5 @@ > +} > + > +static PRInt32 TransportLayerAvailable(PRFileDesc *f) { > + UNIMPLEMENTED; > + return -1; Done. @@ +189,5 @@ > +// Note: this is always nonblocking and assumes a zero timeout. > +// This function does not support peek. > +static PRInt32 TransportLayerRecv(PRFileDesc *f, void *buf, PRInt32 amount, > + PRIntn flags, PRIntervalTime to) { > + PR_ASSERT(flags == 0); Done. @@ +191,5 @@ > +static PRInt32 TransportLayerRecv(PRFileDesc *f, void *buf, PRInt32 amount, > + PRIntn flags, PRIntervalTime to) { > + PR_ASSERT(flags == 0); > + > + if (flags != 0) { Done. @@ +200,5 @@ > + return TransportLayerRead(f, buf, amount); > +} > + > +// Note: this is always nonblocking and assumes a zero timeout. > +// This function does not support peek. Done. @@ +204,5 @@ > +// This function does not support peek. > +static PRInt32 TransportLayerSend(PRFileDesc *f, const void *buf, PRInt32 amount, > + PRIntn flags, PRIntervalTime to) { > + PRInt32 written = TransportLayerWrite(f, buf, amount); > + Done. @@ +209,5 @@ > + return written; > +} > + > +static PRInt32 TransportLayerRecvfrom(PRFileDesc *f, void *buf, PRInt32 amount, > + PRIntn flags, PRNetAddr *addr, PRIntervalTime to) { File reindented. @@ +242,5 @@ > + > +static PRStatus TransportLayerGetpeername(PRFileDesc *f, PRNetAddr *addr) { > + // TODO(ekr@rtfm.com): Modify to return unique names for each channel > + // somehow, as opposed to always the same static address. The current > + // implementation messes up the session cache, which is why it's off I added a bug.https://bugzilla.mozilla.org/show_bug.cgi?id=797422 @@ +301,5 @@ > + UNIMPLEMENTED; > + return -1; > +} > + > +static const struct PRIOMethods nss_methods = { Done. @@ +340,5 @@ > + TransportLayerReserved, > + TransportLayerReserved > +}; > + > +TransportLayerDtls::~TransportLayerDtls() { I think it's fine/ @@ +354,5 @@ > + // Get the transport service as an event target > + nsresult rv; > + target_ = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv); > + > + if (!NS_SUCCEEDED(rv)) { Done. @@ +360,5 @@ > + return rv; > + } > + > + timer_ = do_CreateInstance(NS_TIMER_CONTRACTID, &rv); > + if (!NS_SUCCEEDED(rv)) { Done. @@ +393,5 @@ > + const unsigned char *digest_value, > + size_t digest_len) { > + // Defensive programming > + if (verification_mode_ != VERIFY_UNSET && > + verification_mode_ != VERIFY_DIGEST) Done. @@ +411,5 @@ > + return NS_OK; > +} > + > +// TODO(ekr@rtfm.com): make sure this is called from STS. Otherwise > +// we have thread safety issues Filed bug: https://bugzilla.mozilla.org/show_bug.cgi?id=797423 @@ +419,5 @@ > + if (!downward_) { > + MLOG(PR_LOG_ERROR, "DTLS layer with nothing below. This is useless"); > + return false; > + } > + helper_ = new NSPRHelper(downward_); Done. @@ +487,5 @@ > + } > + > + if (mode_ != DGRAM) { > + // Disable SSLv3 > + rv = SSL_OptionSet(ssl_fd, SSL_ENABLE_SSL3, PR_FALSE); Done. @@ +559,5 @@ > + MLOG(PR_LOG_ERROR, LAYER_INFO << "State change of lower layer to INIT forbidden"); > + SetState(ERROR); > + break; > + case CONNECTING: > + break; It doesn't change our behavior. I added a log. @@ +644,5 @@ > + } > + > + // Now try a recv if we're open, since there might be data left > + if (state_ == OPEN) { > + unsigned char buf[2000]; DTLS has some PMTU discovery but you can't depend on it for this. Jesup: I have filed a bug. https://bugzilla.mozilla.org/show_bug.cgi?id=797432 @@ +679,5 @@ > + PRInt32 rv = PR_Send(ssl_fd_, data, len, 0, PR_INTERVAL_NO_WAIT); > + > + if (rv > 0) { > + // We have data > + MLOG(PR_LOG_DEBUG, LAYER_INFO << "Wrote " << rv << " bytes to NSS"); Done. @@ +710,5 @@ > + > + TransportLayerDtls *stream = reinterpret_cast<TransportLayerDtls *>(arg); > + > + if (!stream->identity_) { > + MLOG(PR_LOG_ERROR, "No identity available"); Done. @@ +721,5 @@ > + } > + > + *pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey()); > + if (!pRetKey) { > + CERT_DestroyCertificate(*pRetCert); Done. @@ +723,5 @@ > + *pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey()); > + if (!pRetKey) { > + CERT_DestroyCertificate(*pRetCert); > + return SECFailure; > + } Done. @@ +743,5 @@ > + } > + > + return NS_OK; > +} > + That would be very useful. @@ +752,5 @@ > + unsigned int outlen) { > + SECStatus rv = SSL_ExportKeyingMaterial(ssl_fd_, > + label.c_str(), > + label.size(), > + use_context ? PR_TRUE : PR_FALSE, done. @@ +775,5 @@ > + > + return stream->AuthCertificateHook(fd, checksig, isServer); > +} > + > +SECStatus TransportLayerDtls::CheckDigest(mozilla::RefPtr<VerificationDigest> digest, Changed to const & @@ +790,5 @@ > + &computed_digest_len); > + if (!NS_SUCCEEDED(res)) { > + MLOG(PR_LOG_ERROR, "Could not compute peer fingerprint for digest " << > + digest->algorithm_); > + // Go to end Done. @@ +814,5 @@ > +SECStatus TransportLayerDtls::AuthCertificateHook(PRFileDesc *fd, > + PRBool checksig, > + PRBool isServer) { > + CERTCertificate *peer_cert = NULL; > + peer_cert = SSL_PeerCertificate(fd); Done. @@ +817,5 @@ > + CERTCertificate *peer_cert = NULL; > + peer_cert = SSL_PeerCertificate(fd); > + > + // We are not set up to take this being called multiple > + // times. Change this if we ever add renegotiation. Done. @@ +819,5 @@ > + > + // We are not set up to take this being called multiple > + // times. Change this if we ever add renegotiation. > + PR_ASSERT(!auth_hook_called_); > + if (auth_hook_called_) Done. @@ +820,5 @@ > + // We are not set up to take this being called multiple > + // times. Change this if we ever add renegotiation. > + PR_ASSERT(!auth_hook_called_); > + if (auth_hook_called_) > + return SECFailure; Done. @@ +828,5 @@ > + PR_ASSERT(peer_cert_ == NULL); > + > + switch (verification_mode_) { > + case VERIFY_UNSET: > + // Jump to error exit Rewrote. @@ +835,5 @@ > + peer_cert_ = peer_cert; > + return SECSuccess; > + > + case VERIFY_DIGEST: { > + CERTCertificate *peer_cert = Done. @@ +841,5 @@ > + > + PR_ASSERT(digests_.size() != 0); > + // Check all the provided digests > + > + SECStatus res= SECFailure; Done. @@ +855,5 @@ > + // Matches all digests, we are good to go > + peer_cert_ = peer_cert; > + return SECSuccess; > + } > + } Done. @@ +860,5 @@ > + } > + > + if (peer_cert) { > + CERT_DestroyCertificate(peer_cert); > + } It's called in the checking fxns. ::: media/mtransport/transportlayerdtls.h @@ +26,5 @@ > +#include "transportlayer.h" > + > +struct Packet; > + > +class NSPRHelper { I don't think this is the right plan here... This really isn't like a SocketInfo. It's a bridge to an NSPR underlying socket. I've renamed it to TransportLayerNSPRAdapter. The threading model documentation is in the README. @@ +43,5 @@ > + TransportLayer *output_; > + std::queue<Packet *> input_; > +}; > + > +class TransportLayerDtls : public TransportLayer { 1. Per Jesup, I am intending to defer this sort of style renaming. 2. We are going to handle the shutdown in PEerConnection. @@ +68,5 @@ > + // DTLS-specific operations > + void SetRole(Role role) { role_ = role;} > + Role role() { return role_; } > + > + void SetIdentity(mozilla::RefPtr<DtlsIdentity> identity) { Because I don't want the raw pointer to escape. Changed this to be a const &. @@ +153,5 @@ > + Verification verification_mode_; > + std::vector<mozilla::RefPtr<VerificationDigest> > digests_; > + > + PRFileDesc *pr_fd_; > + PRFileDesc *ssl_fd_; Currently we are PR_Close()ing ssl_fd_. My understanding was that this would transitively close pr_fd_. When we have ScopedPRFileDesc, we can obviously just convert ssl_fd_ @@ +155,5 @@ > + > + PRFileDesc *pr_fd_; > + PRFileDesc *ssl_fd_; > + mozilla::ScopedDeletePtr<NSPRHelper> helper_; > + CERTCertificate *peer_cert_; Done. ::: media/mtransport/transportlayerice.cpp @@ +77,5 @@ > +#ifdef ERROR > +#undef ERROR > +#endif > + > +MLOG_INIT("mtransport"); Done. ::: media/mtransport/transportlayerloopback.h @@ +78,5 @@ > + class QueuedPacket { > + public: > + QueuedPacket() : data_(NULL), len_(0) {} > + ~QueuedPacket() { > + delete data_; Done.

Attachment #660321 - Flags: review?

Attachment #660321 - Flags: review-

Eric Rescorla (:ekr)

Assignee

Comment 62

•

12 years ago

The uploaded patch should address nearly just the technical issues. The two exceptions are: (1) Jesup had raised a question about reference management for nr_timer.cpp (2) There are a few questions bsmith had raised about freeing stuff that either need explicit frees or scoped pointers. There are also the following mostly-mechanical transformations that I need to make: 1. Trailing whitespace. 2. PR_ASSERT -> MOZ_ASSERT 3. MLOG_INIT -> MOZ_LOG_MODULE MLOG -> MOZ_LOG 4. NULL -> nullptr 5. Namespace mozilla Finally, there are some things I would like to defer: 1. Add MOZ_OVERRIDE to overrides. 2. More documentation for TransportLayer and TransportLayerFlow (though I added some in README).

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #667584 - Flags: review?(bsmith)

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #667584 - Flags: review?(ted.mielczarek)

(not currently active) Ted Mielczarek

Comment 63

•

•

12 years ago

Attachment #668083 - Flags: review?(rjesup)

Eric Rescorla (:ekr)

Assignee

Comment 72

•

12 years ago

Note: patch 4 compiles on Mac, compiles but does not link on Linux (pending Webrtc.org uplift) and has some unknown compile error on Win. I will debug the Win problem this afternoon/eve unless Jesup gets to it first.

Randell Jesup [:jesup] (needinfo me)

•

12 years ago

Attachment #668083 - Attachment is obsolete: true

Attachment #668083 - Flags: review?(bsmith)

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #668083 - Attachment is obsolete: false

Randell Jesup [:jesup] (needinfo me)

Updated

•

12 years ago

Attachment #668080 - Attachment description: imported patch nrappkit.patch → Patch 1: imported patch nrappkit.patch

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Comment 77

•

12 years ago

Attached patch Review comments as patch — Details — Splinter Review

Here are the changes I think need to be made, in patch form.

Attachment #668666 - Flags: review?(ekr)

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Comment 78

•

12 years ago

Comment on attachment 668666 [details] [diff] [review] Review comments as patch Review of attachment 668666 [details] [diff] [review]: ----------------------------------------------------------------- ::: media/mtransport/dtlsidentity.cpp @@ +21,5 @@ > if (cert_) > CERT_DestroyCertificate(cert_); > } > > +TemporaryRef<DtlsIdentity> DtlsIdentity::Generate() { TemporaryRef for return values. @@ +23,5 @@ > } > > +TemporaryRef<DtlsIdentity> DtlsIdentity::Generate() { > + > + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); I combined the two Generate() functions together so they could share the slot variable. I made these functions use GenerateRandomOnSlot() to avoid locking issues noted by wtc. @@ +64,3 @@ > if (private_key == nullptr) > return nullptr; > + public_key = pubkey; replaced X.reset(Y) with X = Y; @@ +81,5 @@ > // This is a sort of arbitrary range designed to be valid > // now with some slack in case the other side expects > // some before expiry. > + // > + // Note: explicit casts necessary to avoid fixed this trailing whitespace already. @@ +82,5 @@ > // now with some slack in case the other side expects > // some before expiry. > + // > + // Note: explicit casts necessary to avoid > + // warning C4307: '*' : integral constant overflow seems like we were overflowing at least on Windows. @@ +144,5 @@ > return nullptr; > } > certificate->derCert = *signedCert; > > + return new DtlsIdentity(private_key.forget(), certificate.forget()); Use implicit conversion to smart pointer as described in the RefPtr.h examples, to make things easier to read. ::: media/mtransport/nricectx.cpp @@ +96,2 @@ > > + SECStatus rv = PK11_GenerateRandomOnSlot(slot, buf, len); Same lock contention issue. ::: media/mtransport/nricemediastream.cpp @@ +165,5 @@ > << name_ << "'"); > return; > } > > + for (int i=0; i<attrct; i++) { signed/unsigned comparison warnings. ::: media/mtransport/third_party/nICEr/nicer.gyp @@ +21,5 @@ > '../nrappkit/src/share', > '../nrappkit/src/stats', > '../nrappkit/src/util', > '../nrappkit/src/util/libekr', > + '../nrappkit/src/port/generic/include', needed to build on windows. ::: media/mtransport/transportlayerdtls.cpp @@ +28,5 @@ > namespace mozilla { > > MOZ_MTLOG_MODULE("mtransport"); > > +static PRDescIdentity transport_layer_identity = PR_INVALID_IO_LAYER; The old name made me confused about whether we were talking about the built-in NSPR layer or our new layer. @@ +200,5 @@ > // This function does not support peek. > static int32_t TransportLayerRecv(PRFileDesc *f, void *buf, int32_t amount, > int32_t flags, PRIntervalTime to) { > MOZ_ASSERT(flags == 0); > + if (flags != 0) { Removed checks of "to" and misleading comment. @@ +349,5 @@ > }; > > TransportLayerDtls::~TransportLayerDtls() { > + if (timer_) { > + timer_->Cancel(); timer_ may be null here. @@ +442,3 @@ > } > + > + ScopedPRFileDesc pr_fd(PR_CreateIOLayerStub(transport_layer_identity, pr_fd_ did not need to be a member function. @@ +450,2 @@ > > + ScopedPRFileDesc ssl_fd; ssl_fd previous leaked. @@ +561,5 @@ > MOZ_MTLOG(PR_LOG_ERROR, "Couldn't set certificate validation hook"); > return false; > } > > + ssl_fd_ = ssl_fd.forget(); ssl_fd_ should be set before we call SSL_ResetHandshake, I think.

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Comment 79

•

12 years ago

Comment on attachment 668666 [details] [diff] [review] Review comments as patch Review of attachment 668666 [details] [diff] [review]: ----------------------------------------------------------------- ::: media/mtransport/transportlayerdtls.cpp @@ +436,5 @@ > MOZ_MTLOG(PR_LOG_ERROR, "Can't start DTLS without specifying a verification mode"); > return false; > } > > + if (transport_layer_identity == PR_INVALID_IO_LAYER) { Also, notice that there was a significant typo in the previous code (an extraneous "!").

Eric Rescorla (:ekr)

Assignee

Comment 80

•

12 years ago

Comment on attachment 668666 [details] [diff] [review] Review comments as patch Review of attachment 668666 [details] [diff] [review]: ----------------------------------------------------------------- lgtm with two comments below. Also nicer.gyp is part of patch 2, not patch 4. ::: media/mtransport/transportlayerdtls.cpp @@ +561,5 @@ > MOZ_MTLOG(PR_LOG_ERROR, "Couldn't set certificate validation hook"); > return false; > } > > + ssl_fd_ = ssl_fd.forget(); This seems OK, but then let's reset ssl_fd_ to nullptr if it fails. ::: media/mtransport/transportlayerdtls.h @@ +54,1 @@ > ssl_fd_(nullptr), If you're going to remove these initializers, remove this one as well.

Attachment #668666 - Flags: review?(ekr) → review+

Eric Rescorla (:ekr)

Assignee

Comment 81

•

12 years ago

Attached patch Fix bsmith linkage errors (obsolete) — Details — Splinter Review

(no longer active)

Updated

•

12 years ago

Attachment #668806 - Flags: review+

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Comment 82

•

12 years ago

Attached patch Review comments as patch [v2] (obsolete) — Details — Splinter Review

Attachment #668666 - Attachment is obsolete: true

Attachment #668841 - Flags: review?(ekr)

Eric Rescorla (:ekr)

Assignee

Comment 83

•

12 years ago

Attached patch Fix bsmith linkage errors — Details — Splinter Review

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #668806 - Attachment is obsolete: true

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #668843 - Flags: review?(bsmith)

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #668843 - Flags: review?(rjesup)

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Comment 84

•

Comment 85

•

12 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/a8fac69129b0 https://hg.mozilla.org/integration/mozilla-inbound/rev/da39ec3b9778 https://hg.mozilla.org/integration/mozilla-inbound/rev/b5246d1cd364 https://hg.mozilla.org/integration/mozilla-inbound/rev/cbce2911566d

Phil Ringnalda (:philor)

Comment 86

•

12 years ago

https://hg.mozilla.org/mozilla-central/rev/cbce2911566d https://hg.mozilla.org/mozilla-central/rev/b5246d1cd364 https://hg.mozilla.org/mozilla-central/rev/da39ec3b9778 https://hg.mozilla.org/mozilla-central/rev/a8fac69129b0

Status: NEW → RESOLVED

•

12 years ago

Depends on: 805470

Eric Rescorla (:ekr)

Assignee

Updated

•

12 years ago

Attachment #660321 - Flags: review?

Daniel Holbert [:dholbert]

Updated

•

12 years ago

Blocks: 835692

Daniel Holbert [:dholbert]

Updated

•

12 years ago

Blocks: 836126

Patch 1: Import nrappkit; generic application development kit/portable runtime; Dependency for nICEr. This is an import with a small number of changes that will be upstreamed soon. 12 years ago Eric Rescorla (:ekr) 410.67 KB, patch		Details \| Diff \| Splinter Review
Patch 2: nICEr; ICE stack; This is an import with a small number of changes that we plan to upstream. 12 years ago Eric Rescorla (:ekr) 477.50 KB, patch	Biesinger : review-	Details \| Diff \| Splinter Review
Patch 3: build nICEr and nrappkit 12 years ago Eric Rescorla (:ekr) 5.72 KB, patch		Details \| Diff \| Splinter Review
Patch 4: Generic media transport subsystem with modules for ICE and DTLS 12 years ago Eric Rescorla (:ekr) 204.40 KB, patch	mcmanus : review+	Details \| Diff \| Splinter Review
Patch 1: Import nrappkit; generic application development kit/portable runtime; Dependency for nICEr. This is an import with a small number of changes that will be upstreamed soon. 12 years ago Eric Rescorla (:ekr) 369.86 KB, patch	roc : review+	Details \| Diff \| Splinter Review
Patch 3: build nICEr and nrappkit 12 years ago Eric Rescorla (:ekr) 5.72 KB, patch	ted : review+	Details \| Diff \| Splinter Review
Patch 2: nICEr; ICE stack; This is an import with a small number of changes that we plan to upstream. 12 years ago Eric Rescorla (:ekr) 480.02 KB, patch		Details \| Diff \| Splinter Review
Changes to nICEr to be upstreamed 12 years ago Eric Rescorla (:ekr) 79.23 KB, patch		Details \| Diff \| Splinter Review
Patch 2: nICEr; ICE stack; This is an import with a small number of changes that we plan to upstream. 12 years ago Eric Rescorla (:ekr) 559.40 KB, patch	Biesinger : review+	Details \| Diff \| Splinter Review
Patch 1: Import nrappkit; generic application development kit/portable runtime; Dependency for nICEr. This is an import with a small number of changes that will be upstreamed soon. 12 years ago Eric Rescorla (:ekr) 387.74 KB, patch	roc : review+	Details \| Diff \| Splinter Review
Patch 3: build nICEr and nrappkit r=ted 12 years ago Eric Rescorla (:ekr) 5.65 KB, patch	jesup : review+	Details \| Diff \| Splinter Review
Patch 3: build nICEr and nrappkit r=ted 12 years ago Eric Rescorla (:ekr) 5.51 KB, patch		Details \| Diff \| Splinter Review
Update of patch 4; WIP 12 years ago Eric Rescorla (:ekr) 203.05 KB, patch		Details \| Diff \| Splinter Review
Update of patch 4; WIP 12 years ago Eric Rescorla (:ekr) 207.00 KB, patch		Details \| Diff \| Splinter Review
Patch 4: Generic media transport subsystem with modules for ICE and DTLS 12 years ago Eric Rescorla (:ekr) 211.03 KB, patch	ted : review+	Details \| Diff \| Splinter Review
Patch 1: imported patch nrappkit.patch 12 years ago Eric Rescorla (:ekr) 382.23 KB, patch	jesup : review+	Details \| Diff \| Splinter Review
Add sigslot 12 years ago Eric Rescorla (:ekr) 74.54 KB, patch		Details \| Diff \| Splinter Review
Patch 4: Generic media transport subsystem with modules for ICE and DTLS 12 years ago Eric Rescorla (:ekr) 215.23 KB, patch	jesup : review+	Details \| Diff \| Splinter Review
interdiffs for patch 4 against alder (effectively against the previous patch) 12 years ago Randell Jesup [:jesup] (needinfo me) 179.48 KB, patch		Details \| Diff \| Splinter Review
Interdiffs for media/mtransport/dtls (to make bsmith's life easier) 12 years ago Randell Jesup [:jesup] (needinfo me) 57.76 KB, patch		Details \| Diff \| Splinter Review
Patch 4: Generic media transport subsystem with modules for ICE and DTLS 12 years ago Eric Rescorla (:ekr) 215.26 KB, patch		Details \| Diff \| Splinter Review
Review comments as patch 12 years ago Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 24.06 KB, patch	ekr : review+	Details \| Diff \| Splinter Review
Fix bsmith linkage errors 12 years ago Eric Rescorla (:ekr) 1.46 KB, patch	ehsan.akhgari : review+	Details \| Diff \| Splinter Review
Review comments as patch [v2] 12 years ago Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 27.50 KB, patch		Details \| Diff \| Splinter Review
Fix bsmith linkage errors 12 years ago Eric Rescorla (:ekr) 4.04 KB, patch	briansmith : review+ jesup : review+	Details \| Diff \| Splinter Review