New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 878465 link

Starred by 3 users
Status: Fixed
Owner:
qingsi@chromium.org
Closed: Dec 3
Cc:
qingsi@chromium.org
jeroendb@chromium.org
emadomara@chromium.org
zstein@chromium.org
webrtc-network-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac , Fuchsia
Pri: 1
Type: Feature
Launch-Accessibility: NotReviewed
Launch-Exp-Leadership: NotReviewed
Launch-Leadership: NotReviewed
Launch-Legal: ReviewRequested
Launch-Privacy: ReviewRequested
Launch-Security: Yes
Launch-Test: NotReviewed
Launch-UI: NotReviewed
Rollout-Type: TBD

Blocked on:
issue 875740
issue 879271
issue 879746
issue webrtc:9861
issue 903568


Sign in to add a comment

mDNS service for IP handling in WebRTC

Project Member Reported by qingsi@chromium.org, Aug 28 
Feature description:

WebRTC currently exposes the private IP addresses of endpoints (via ICE candidate gathering) to applications in an attempt to establish a direct peer-to-peer link and increase the probability of successful connection between the endpoints. The ICE gathering process and the signaling of these private addresses as host candidates have strong privacy implications (e.g. browser fingerprinting) but are however often performed without user consent. 

In the Internet-Draft (draft-mdns-ice-candidates-00), using mDNS to obfuscate the private IP addresses of endpoints is proposed as a privacy measure to amend the current ICE candidate gathering behavior.

We intend to implement this feature for WebRTC (in Chromium), enabling IP handling modes defined in the Internet Draft (draft-ietf-rtcweb-ip-handling-09) and also new modes beyond the definition therein.

Eng owner: qingsi@chromium.org, zstein@chromium.org

Design doc:
https://docs.google.com/document/d/1UrzolChnwJlQK3tJPbMCM7LUFPHbpVRf77_O-ZFn8vc

Implementation notes: https://docs.google.com/document/d/1TkDF98463kyiMp-fN6U0k1Mswux9xqL9e5FAqPo1HTs

Comment 1 by zstein@chromium.org, Aug 31

Blockedon: 879271

Comment 2 by zstein@chromium.org, Aug 31

Blockedon: 879746

Comment 3 by zstein@chromium.org, Sep 7

Blockedon: 875740

Comment 4 by qingsi@chromium.org, Sep 17

Cc: jeroendb@chromium.org qingsi@chromium.org
 Issue 875740  has been merged into this issue.

Comment 5 by eugene...@chromium.org, Sep 20

Labels: -OS-iOS
iOS does not use Blink
Project Member

Comment 6 by bugdroid1@chromium.org, Sep 27 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ecd69251f0ccbefee3d3f128054f8f817324383c

commit ecd69251f0ccbefee3d3f128054f8f817324383c
Author: Qingsi Wang <qingsi@google.com>
Date: Thu Sep 27 21:35:55 2018

Enable parsing of DNS queries and writing of DNS responses.

This CL adds utilities to DnsQuery to allow the parsing of a DNS
query in the wire format if it is a valid query with a single question.
A new constructor of DnsResponder is also added to generate DNS
responses in the wire format with multiple resource record as answers.
Name compression in multiple answers are not yet implemented in this CL.

Combined with the existing utilities in //net/dns/, we now have a full
set of capabilities to parse and generate DNS/mDNS queries and response.

Bug:  878465 
Change-Id: Ifeae0d17243df037af7a3ea0bffb1079018ea714
Reviewed-on: https://chromium-review.googlesource.com/1203320
Commit-Queue: Qingsi Wang <qingsi@google.com>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Eric Orth <ericorth@chromium.org>
Cr-Commit-Position: refs/heads/master@{#594877}
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/BUILD.gn
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_protocol.h
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_query.cc
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_query.h
[add] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_query_parse_fuzzer.cc
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_query_unittest.cc
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_response.cc
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_response.h
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_response_unittest.cc
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/dns_transaction.cc
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/record_rdata.cc
[modify] https://crrev.com/ecd69251f0ccbefee3d3f128054f8f817324383c/net/dns/record_rdata.h

Comment 7 by zstein@webrtc.org, Oct 10

Blockedon: webrtc:9861

Comment 8 by mpdenton@chromium.org, Oct 22

Labels: -Launch-Security-ReviewRequested Launch-Security-Yes
Flipping security bit, all the major areas look good.
Project Member

Comment 9 by bugdroid1@chromium.org, Nov 2 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c2213d5d6e8702362b2798ee2c84a125a1312f46

commit c2213d5d6e8702362b2798ee2c84a125a1312f46
Author: Qingsi Wang <qingsi@google.com>
Date: Fri Nov 02 01:28:12 2018

Add the mDNS responder service.

WebRTC will improve its IP handling with mDNS and replace private IP
addresses with mDNS hostnames when signaling ICE host candidates to the
application. See the Internet Draft (draft-mdns-ice-candidates-02) for
the detailed approach.

This CL defines a Mojo interface of mDNS responder and implements it as
a service that will be consumed by WebRTC.

Bug:  878465 
Cq-Include-Trybots: luci.chromium.try:linux_mojo
Change-Id: I4b644286467622b3dfdb728a9d5f3a4bde9fc1ec
Reviewed-on: https://chromium-review.googlesource.com/c/1182875
Reviewed-by: Chris Palmer <palmer@chromium.org>
Reviewed-by: Eric Orth <ericorth@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Qingsi Wang <qingsi@google.com>
Cr-Commit-Position: refs/heads/master@{#604803}
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/chrome/browser/BUILD.gn
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/chrome/common/features.gni
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/chrome/test/BUILD.gn
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/content/browser/renderer_host/render_process_host_impl.cc
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/content/browser/renderer_host/render_process_host_impl.h
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/content/public/app/mojo/content_browser_manifest.json
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/dns/BUILD.gn
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/dns/dns_protocol.h
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/dns/dns_response.cc
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/dns/dns_response.h
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/dns/dns_response_unittest.cc
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/dns/dns_util.cc
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/dns/dns_util.h
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/dns/record_rdata.h
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/net/features.gni
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/BUILD.gn
[add] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/mdns_responder.cc
[add] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/mdns_responder.h
[add] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/mdns_responder_unittest.cc
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/network_context.cc
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/network_context.h
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/public/mojom/BUILD.gn
[add] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/public/mojom/mdns_responder.mojom
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/public/mojom/network_context.mojom
[modify] https://crrev.com/c2213d5d6e8702362b2798ee2c84a125a1312f46/services/network/test/test_network_context.h
Project Member

Comment 10 by bugdroid1@chromium.org, Nov 3 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5

commit ec2dbf9484712fed760ea13e1bb532f1a1dd7db5
Author: Qingsi Wang <qingsi@google.com>
Date: Sat Nov 03 05:33:04 2018

Implement the WebRTC MdnsResponderInterface in Chromium.

MdnsResponderInterface is introduced in WebRTC to handle the hostname
generation and resolution of ICE host candidates when concealing their
local IP addresses. For WebRTC in Chromium, we implement it as a client
of the service provided by network::mojom::MdnsResponder.

Bug:  878465 
Change-Id: Id7b79694deba0ef308e51f83d6134062ddcb3985
Reviewed-on: https://chromium-review.googlesource.com/c/1206002
Commit-Queue: Qingsi Wang <qingsi@google.com>
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Jesse Doherty <jwd@chromium.org>
Cr-Commit-Position: refs/heads/master@{#605153}
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/chrome/browser/about_flags.cc
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/chrome/browser/flag_descriptions.cc
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/chrome/browser/flag_descriptions.h
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/BUILD.gn
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/media/webrtc/peer_connection_dependency_factory.cc
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/media/webrtc/peer_connection_dependency_factory.h
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/p2p/filtering_network_manager.cc
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/p2p/filtering_network_manager.h
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/p2p/ipc_network_manager.cc
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/p2p/ipc_network_manager.h
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/p2p/ipc_network_manager_unittest.cc
[add] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/p2p/mdns_responder_adapter.cc
[add] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/content/renderer/p2p/mdns_responder_adapter.h
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/jingle/glue/utils.cc
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/jingle/glue/utils.h
[modify] https://crrev.com/ec2dbf9484712fed760ea13e1bb532f1a1dd7db5/tools/metrics/histograms/enums.xml

Comment 11 by zstein@chromium.org, Nov 8

Blockedon: 903568

Comment 12 by qingsi@chromium.org, Dec 3

Labels: -OS-Android M-72
Status: Fixed (was: Assigned)
Support on Mac OS is currently blocked by 899310, but the feature code is available on all desktop platforms in M72, hence marking this feature bug as fixed now.

Comment 13 Deleted

Comment 14 by tapitma...@gmail.com, Jan 5 

I'm not sure what the current plan is, but I would like to request that the Chromium team not disable host candidates until all the major browsers have mDNS candidates working well and widely deployed. I'm currently developing a LAN game that depends on host candidates. It works great between Chrome and Firefox, but not at all on Safari (at least without getUserMedia, which doesn't make sense for my game) due to it being mDNS-only for host candidates, as far as I can tell.

Sign in to add a comment