Chrome sends STUN requests with source IP address that doesn't match the network interface
Reported by
alexdruz...@gmail.com,
Oct 17 2016
|
|||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36 Steps to reproduce the problem: 1. Enable multiple internet connections 2. Try to make call to Freeswitch server 3. ICE connection will fail because of wrong ICE candidate usage What is the expected behavior? What went wrong? We are using Freeswitch for conference calls through WebRTC. The problem in common looks like Chrome and Freeswitch can't agreed which ICE candidate to use and because of that they can't make DTLS handshake. This issue has 3 parts: 1) Chrome does not add some of srflx ICE candidates discovered by STUN server. IP addresses: 1) 172.15.1.1 - local VM (VirtualBox) 2) 192.168.22.57 - local ethernet interface 3) 192.168.41.185 - local wi-fi interface STUN server discover public IP address and ports for ethernet and wi-fi interfaces: Ethernet: 192.168.22.57:54230 -> 80.254.60.17:54230 Ethernet: 192.168.22.57:44112 -> 80.254.60.17:44112 Wi-Fi: 192.168.41.185:42752 -> 80.254.60.17:42752 Wi-Fi: 192.168.41.185:46978 -> 80.254.60.17:46978 But in SDP Chrome includes only srflx candidates discovered from Ethernet interface: a=candidate:1861086701 1 udp 2122260223 172.15.1.1 43367 typ host generation 0 network-id 3 a=candidate:988003974 1 udp 2122194687 192.168.22.57 54230 typ host generation 0 network-id 1 a=candidate:3404510875 1 udp 2122129151 192.168.41.185 42752 typ host generation 0 network-id 4 network-cost 10 a=candidate:1861086701 2 udp 2122260222 172.15.1.1 55301 typ host generation 0 network-id 3 a=candidate:988003974 2 udp 2122194686 192.168.22.57 44112 typ host generation 0 network-id 1 a=candidate:3404510875 2 udp 2122129150 192.168.41.185 46978 typ host generation 0 network-id 4 network-cost 10 a=candidate:3148593202 1 udp 1685987071 80.254.60.17 54230 typ srflx raddr 192.168.22.57 rport 54230 generation 0 network-id 1 a=candidate:3148593202 2 udp 1685987070 80.254.60.17 44112 typ srflx raddr 192.168.22.57 rport 44112 generation 0 network-id 1 2) Chrome sends STUN pings to Freeswitch from srflx candidate he does not include in SDP May be it's not an issue, but looks weird for me. Chrome already has all necessary candidates (I set really big timeout to collect all candidates), but for some reasons he decided not to include one of srflx candidates in SDP. So why he sends STUN pings from this interface after all? Fragment from freeswitch.log after receiving STUN ping from this interface: 2016-09-26 11:03:40.912987 [NOTICE] switch_rtp.c:1258 Auto Changing video stun/rtp/dtls port from 172.15.1.1:43367 to 80.254.60.17:42752 I can explain this as: Freeswitch chooses main candidate as 172.15.1.1:43367, but he can't receive STUN pings from this interface and falls back to candidate from STUN pings he receives from Chrome (80.254.60.17:42752). 3) Chrome ignores attempt to make DTLS handshake from candidate he does not include in SDP By some reasons chrome ignores srlfx candidate from my Wi-Fi interface. But by sending STUN pings to Freeswitch Chrome provokes him to prefer this particular candidate. After that Freeswitch sends back to Chrome STUN request and tries to make DTLS handshake but Chrome ignores it. All logs and dumps in attachments. Attach one or more files to this issue Did this work before? N/A Does this work in other browsers? Yes Chrome version: 53.0.2785.116 Channel: stable OS Version: Ubuntu 16.04 Flash Version: Shockwave Flash 23.0 r0
,
Oct 26 2016
,
Oct 28 2016
Addressing each of the points: 1. This is definitely confusing. I notice that after receiving the binding success response, Chrome keeps re-transmitting the request (and with the same transaction ID). So Wireshark sees the response, but for some reason Chrome doesn't. 2. Chrome doesn't send the requests from a srflx candidate intentionally; it's just sending from the port on the Wi-Fi interface, and the NAT translates the address. However, what does appear wrong is that Freeswitch chooses a candidate pair it received a binding request on, but no binding response. The purpose of the two-way connectivity checks is to ensure that packets can be both sent and received over a path. In this case, it looks like Chrome can send packets over the Wi-Fi interface but can't receive them. 3. If Chrome isn't seeing the packets on the Wi-Fi interface, that would explain this. So I see two problems. One, that Chrome isn't receiving packets on the Wi-Fi interface, which may be a problem with Chrome or the OS/network configuration. And second, that Freeswitch selects a candidate pair that has not yet been validated. Can you look into whether or not your Wi-Fi interface is functioning properly with Chrome? Maybe disable your Ethernet interface and try testing with AppRTC.
,
Nov 10 2016
First of all thank you for the diving into this problem. I will try to make some clarifications on the last two items in issue list: 2. Chrome sends binding requests from WiFi interface and receives binding success responses from the same interface. You can use this query in wirheshark on a client dump (52.202.171.116 is an address of Freeswitch): stun && ip.src == 52.202.171.116 && ip.dst == 192.168.41.185 But when Freeswitch tries to send binding requests back to Chrome on the WiFi interface Chrome ignores it. This query shows that WiFi interface never sends binding success response back to Freeswitch: stun && ip.dst == 52.202.171.116 && ip.src == 192.168.41.185 3. This is still an issue (may be provoked by the second item) because as I see in wireshark dump Chrome has all necessary information to start DTLS handshake. Seems like WiFi interface works properly with Chrome. AppRTC is not the same case because it's p2p call, not conference. But anyway it works with my WiFi interface.
,
Nov 10 2016
Could you attach a native Chrome log? https://webrtc.org/native-code/logging/ That may help determine why we don't seem to be processing any packets received on the Wi-Fi interface. Also, does the issue still occur if you take the VM out of the equation?
,
Nov 14 2016
I don't see anything out of the ordinary in the failure log, unfortunately. It's just as if the packets were never received. I did notice something on closer inspection of the packet capture, though. The STUN packets sent from the 192.168.22.57 and 192.168.41.185 addresses both have same "Linux cooked capture" source address. Meaning they're probably both sent from the Ethernet interface? I don't understand how this could happen, since the Ethernet subnet is 192.168.22.X/24. But it seems likely this is related. honghaiz@, do you have any ideas?
,
Nov 22 2016
Thank you for providing more feedback. Adding requester "deadbeef@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 22 2016
The log in #6 only showed that no STUN request/response packets were received. If you could provide complete logs for one session, including both freeswitch logs, Chrome logs and the pcap at the client, that will be more helpful for debugging. Thanks.
,
Nov 29 2016
Contrary to everything I assumed, I recently learned that on Linux, calling bind() with an IP address doesn't actually force packets to be sent on the network interface associated with that address. To ensure that packets are sent from the network interface we intend, we may need to use sendmsg() with IP_PKTINFO. I'm changing the bug title to represent the issue Chrome is to blame for (as far as I can tell).
,
Mar 13 2017
Cleaning up "Needs-Review" label as we are not using this label for triage anymore. Ref bug for this cleanup 684919
,
Apr 3 2018
Removing owner and setting status to Available, since the issue isn't currently being worked on. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by hdodda@chromium.org
, Oct 19 2016Labels: TE-NeedsTriageHelp