ChromeOS firewall fails to open local ports for Pepper Socket API. |
||||||||
Issue descriptionSaw the following message in the log: [6367:6367:0117/181706.934843:WARNING:pepper_udp_socket_message_filter.cc(542)] Firewall hole could not be opened. From cursory look at the related code it appears firewall may not allow to open ports on addresses that are longer than 16 characters in string representation, i.e. most IPv6 addresses. See kMaxInterfaceNameLen in https://chromium.googlesource.com/chromiumos/platform2/+/master/permission_broker/port_tracker.cc
,
Jan 18 2017
If that's supposed to be an interface name then there is a bug in content/browser/renderer_host/pepper/pepper_socket_utils.cc - it sends result of net::IPEndPoint::ToString() as an interface name
,
Jan 18 2017
The parameter is called "iface". It's supposed to be an interface name.
,
Jan 18 2017
+avallee, can you comment? (AFAICT you added firewall support in pepper API) Another related issue I see is that firewall ports are not open for WebRTC connections (see https://codesearch.chromium.org/chromium/src/content/browser/renderer_host/p2p/socket_host_udp.cc?sq=package:chromium&dr=CSs ) Is there a tracking bug for that issue?
,
Jan 19 2017
Should the Pepper callsite just be passing "", to open the port up across all interfaces?
,
Jan 19 2017
If that's what you want to do, then yes. I wonder how this ever worked. Why wasn't it failing before?
,
Jan 19 2017
Looking at the code, what I wrote about using the address was wrong. Either it should just open the port on all interfaces or else needs to match the ip back to an interface name somewhere.
,
Jan 23 2017
pending fix https://codereview.chromium.org/2650793003/
,
Jan 23 2017
Jorge, I filed bug 684040 to investigate why everything still worked dispute this bug.
,
Jan 24 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/58b74d7b4bbc0f48f47e2fc4f408e79571a650c5 commit 58b74d7b4bbc0f48f47e2fc4f408e79571a650c5 Author: sergeyu <sergeyu@chromium.org> Date: Tue Jan 24 00:21:59 2017 Fix Pepper socket API to open incoming ports in the firewall. Previously the API would request ports to be opened passing IP address as an interface name. Updated it to pass an empty string, so the port gets open on all interfaces. BUG= 682339 Review-Url: https://codereview.chromium.org/2650793003 Cr-Commit-Position: refs/heads/master@{#445556} [modify] https://crrev.com/58b74d7b4bbc0f48f47e2fc4f408e79571a650c5/content/browser/renderer_host/pepper/pepper_socket_utils.cc
,
Jan 24 2017
,
Apr 17 2017
,
May 30 2017
,
Aug 1 2017
,
Oct 14 2017
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by jorgelo@chromium.org
, Jan 18 2017