Implement ICE-TCP

Co-authored-by: Paul-Louis Ageneau <[email protected]>

Author: Sean-Der

CMakeLists.txt

@@ -54,6 +54,7 @@ set(LIBJUICE_SOURCES
 	${CMAKE_CURRENT_SOURCE_DIR}/src/server.c
 	${CMAKE_CURRENT_SOURCE_DIR}/src/stun.c
 	${CMAKE_CURRENT_SOURCE_DIR}/src/timestamp.c
+	${CMAKE_CURRENT_SOURCE_DIR}/src/tcp.c
 	${CMAKE_CURRENT_SOURCE_DIR}/src/turn.c
 	${CMAKE_CURRENT_SOURCE_DIR}/src/udp.c
 )
@@ -83,6 +84,7 @@ set(TESTS_SOURCES
     ${CMAKE_CURRENT_SOURCE_DIR}/test/conflict.c
     ${CMAKE_CURRENT_SOURCE_DIR}/test/bind.c
 	${CMAKE_CURRENT_SOURCE_DIR}/test/ufrag.c
+	${CMAKE_CURRENT_SOURCE_DIR}/test/tcp.c
 )
 source_group("Test Files" FILES "${TESTS_SOURCES}")
 
@@ -238,6 +240,10 @@ if(NOT NO_TESTS)
 		XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER com.github.paullouisageneau.libjuice.tests)
 
 	target_link_libraries(juice-tests juice Threads::Threads)
+
+	if(WIN32)
+		target_link_libraries(juice-tests ws2_32)
+	endif()
 endif()
 
 # Fuzzer

include/juice/juice.h

@@ -90,6 +90,11 @@ typedef enum juice_concurrency_mode {
 	JUICE_CONCURRENCY_MODE_THREAD,   // Each connection runs in its own thread
 } juice_concurrency_mode_t;
 
+typedef enum juice_ice_tcp_mode {
+	JUICE_ICE_TCP_MODE_NONE = 0, // ICE-TCP is disabled
+	JUICE_ICE_TCP_MODE_ACTIVE,   // ICE-TCP will operate as a client
+} juice_ice_tcp_mode_t;
+
 typedef struct juice_config {
 	juice_concurrency_mode_t concurrency_mode;
 
@@ -132,6 +137,7 @@ JUICE_EXPORT int juice_get_selected_addresses(juice_agent_t *agent, char *local,
 JUICE_EXPORT int juice_set_local_ice_attributes(juice_agent_t *agent, const char *ufrag, const char *pwd);
 JUICE_EXPORT const char *juice_state_to_string(juice_state_t state);
 JUICE_EXPORT int juice_mux_listen(const char *bind_address, int local_port, juice_cb_mux_incoming_t cb, void *user_ptr);
+JUICE_EXPORT int juice_set_ice_tcp_mode(juice_agent_t *agent, juice_ice_tcp_mode_t ice_tcp_mode);
 
 // ICE server
 

src/addr.c

@@ -250,14 +250,14 @@ unsigned long addr_hash(const struct sockaddr *sa, bool with_port) {
 	return hash;
 }
 
-int addr_resolve(const char *hostname, const char *service, addr_record_t *records, size_t count) {
+int addr_resolve(const char *hostname, const char *service, int socktype, addr_record_t *records, size_t count) {
 	addr_record_t *end = records + count;
 
 	struct addrinfo hints;
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = AF_UNSPEC;
-	hints.ai_socktype = SOCK_DGRAM;
-	hints.ai_protocol = IPPROTO_UDP;
+	hints.ai_socktype = socktype;
+	hints.ai_protocol = socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP;
 	hints.ai_flags = AI_ADDRCONFIG;
 	struct addrinfo *ai_list = NULL;
 	if (getaddrinfo(hostname, service, &hints, &ai_list)) {

src/addr.h

@@ -33,9 +33,10 @@ unsigned long addr_hash(const struct sockaddr *sa, bool with_port);
 typedef struct addr_record {
 	struct sockaddr_storage addr;
 	socklen_t len;
+	int socktype;
 } addr_record_t;
 
-int addr_resolve(const char *hostname, const char *service, addr_record_t *records, size_t count);
+int addr_resolve(const char *hostname, const char *service, int socktype, addr_record_t *records, size_t count);
 bool addr_is_numeric_hostname(const char *hostname);
 
 bool addr_record_is_equal(const addr_record_t *a, const addr_record_t *b, bool compare_ports);

src/agent.c

@@ -92,6 +92,7 @@ juice_agent_t *agent_create(const juice_config_t *config) {
 	}
 
 	bool alloc_failed = false;
+	agent->ice_tcp_mode = JUICE_ICE_TCP_MODE_NONE;
 	agent->config.concurrency_mode = config->concurrency_mode;
 	agent->config.stun_server_host = alloc_string_copy(config->stun_server_host, &alloc_failed);
 	agent->config.stun_server_port = config->stun_server_port;
@@ -211,6 +212,20 @@ static thread_return_t THREAD_CALL resolver_thread_entry(void *arg) {
 	return (thread_return_t)0;
 }
 
+void agent_add_ice_tcp_local_candidate(juice_agent_t *agent, addr_record_t *record) {
+	ice_candidate_t candidate;
+	if (ice_create_local_candidate(ICE_CANDIDATE_TYPE_HOST, 1, agent->local.candidates_count, record, &candidate, ICE_CANDIDATE_TRANSPORT_TCP_TYPE_ACTIVE)) {
+        JLOG_ERROR("Failed to create ice-tcp candidate");
+		return;
+	}
+
+	if (ice_add_candidate(&candidate, &agent->local)) {
+		JLOG_ERROR("Failed to add ice-tcp candidate to local description");
+	}
+
+	return;
+}
+
 int agent_gather_candidates(juice_agent_t *agent) {
 	JLOG_VERBOSE("Gathering candidates");
 	if (agent->conn_impl) {
@@ -252,7 +267,7 @@ int agent_gather_candidates(juice_agent_t *agent) {
 	for (int i = 0; i < records_count; ++i) {
 		ice_candidate_t candidate;
 		if (ice_create_local_candidate(ICE_CANDIDATE_TYPE_HOST, 1, agent->local.candidates_count,
-		                               records + i, &candidate)) {
+		                               records + i, &candidate, ICE_CANDIDATE_TRANSPORT_UDP)) {
 			JLOG_ERROR("Failed to create host candidate");
 			continue;
 		}
@@ -266,6 +281,14 @@ int agent_gather_candidates(juice_agent_t *agent) {
 		}
 	}
 
+	if (agent->ice_tcp_mode == JUICE_ICE_TCP_MODE_ACTIVE) {
+		if (records_count > 0) {
+			agent_add_ice_tcp_local_candidate(agent, &records[0]);
+		} else {
+			JLOG_WARN("No local host candidates gathered, unable to add ice-tcp");
+		}
+	}
+
 	ice_sort_candidates(&agent->local);
 
 	for (int i = 0; i < agent->entries_count; ++i)
@@ -341,7 +364,7 @@ int agent_resolve_servers(juice_agent_t *agent) {
 			conn_unlock(agent);
 
 			addr_record_t records[DEFAULT_MAX_RECORDS_COUNT];
-			int records_count = addr_resolve(hostname, service, records, DEFAULT_MAX_RECORDS_COUNT);
+			int records_count = addr_resolve(hostname, service, SOCK_DGRAM, records, DEFAULT_MAX_RECORDS_COUNT);
 
 			conn_lock(agent);
 
@@ -426,7 +449,7 @@ int agent_resolve_servers(juice_agent_t *agent) {
 		conn_unlock(agent);
 
 		addr_record_t records[MAX_STUN_SERVER_RECORDS_COUNT];
-		int records_count = addr_resolve(hostname, service, records, MAX_STUN_SERVER_RECORDS_COUNT);
+		int records_count = addr_resolve(hostname, service, SOCK_DGRAM, records, MAX_STUN_SERVER_RECORDS_COUNT);
 
 		conn_lock(agent);
 
@@ -825,6 +848,34 @@ int agent_input(juice_agent_t *agent, char *buf, size_t len, const addr_record_t
 	return -1;
 }
 
+void agent_register_entry_for_candidate_pair(juice_agent_t *agent, ice_candidate_pair_t *pair, agent_stun_entry_t *relay_entry) {
+	JLOG_VERBOSE("Registering STUN entry %d for candidate pair checking", agent->entries_count);
+	agent_stun_entry_t *entry = agent->entries + agent->entries_count;
+	entry->type = AGENT_STUN_ENTRY_TYPE_CHECK;
+	entry->state = AGENT_STUN_ENTRY_STATE_IDLE;
+	entry->mode = AGENT_MODE_UNKNOWN;
+	entry->pair = pair;
+	entry->record = pair->remote->resolved;
+	entry->relay_entry = relay_entry;
+	juice_random(entry->transaction_id, STUN_TRANSACTION_ID_SIZE);
+	entry->transaction_id_expired = false;
+	++agent->entries_count;
+
+	if (pair->remote->type == ICE_CANDIDATE_TYPE_HOST)
+		agent_translate_host_candidate_entry(agent, entry);
+}
+
+void agent_tcp_conn_connected(juice_agent_t *agent) {
+	for (int i = 0; i < agent->candidate_pairs_count; ++i) {
+		ice_candidate_pair_t *pair = agent->ordered_pairs[i];
+		if (pair->remote->transport != ICE_CANDIDATE_TRANSPORT_UDP) {
+			agent_register_entry_for_candidate_pair(agent, pair, NULL);
+			agent_unfreeze_candidate_pair(agent, pair);
+		}
+	}
+	conn_interrupt(agent);
+}
+
 int agent_bookkeeping(juice_agent_t *agent, timestamp_t *next_timestamp) {
 	JLOG_VERBOSE("Bookkeeping...");
 
@@ -998,6 +1049,10 @@ int agent_bookkeeping(juice_agent_t *agent, timestamp_t *next_timestamp) {
 				++pending_count;
 			}
 		}
+
+		if (pair->remote->transport != ICE_CANDIDATE_TRANSPORT_UDP) {
+			conn_tcp_connect(agent, &pair->remote->resolved, agent_tcp_conn_connected);
+		}
 	}
 
 	if (agent->mode == AGENT_MODE_CONTROLLING && nominated_pair) {
@@ -1629,7 +1684,7 @@ int agent_send_stun_binding(juice_agent_t *agent, agent_stun_entry_t *entry, stu
 			                ? (int)(entry->pair->local - agent->local.candidates)
 			                : 0;
 			msg.priority =
-			    ice_compute_priority(ICE_CANDIDATE_TYPE_PEER_REFLEXIVE, family, 1, index);
+			    ice_compute_priority(ICE_CANDIDATE_TYPE_PEER_REFLEXIVE, family, 1, index, false);
 
 			// RFC 8445 8.1.1. Nominating Pairs:
 			// Once the controlling agent has picked a valid pair for nomination, it repeats the
@@ -2177,7 +2232,7 @@ int agent_add_local_relayed_candidate(juice_agent_t *agent, const addr_record_t
 	}
 	ice_candidate_t candidate;
 	if (ice_create_local_candidate(ICE_CANDIDATE_TYPE_RELAYED, 1, agent->local.candidates_count,
-	                               record, &candidate)) {
+	                               record, &candidate, ICE_CANDIDATE_TRANSPORT_UDP)) {
 		JLOG_ERROR("Failed to create relayed candidate");
 		return -1;
 	}
@@ -2220,7 +2275,7 @@ int agent_add_local_reflexive_candidate(juice_agent_t *agent, ice_candidate_type
 		return 0;
 	}
 	ice_candidate_t candidate;
-	if (ice_create_local_candidate(type, 1, agent->local.candidates_count, record, &candidate)) {
+	if (ice_create_local_candidate(type, 1, agent->local.candidates_count, record, &candidate, ICE_CANDIDATE_TRANSPORT_UDP)) {
 		JLOG_ERROR("Failed to create reflexive candidate");
 		return -1;
 	}
@@ -2260,7 +2315,7 @@ int agent_add_remote_reflexive_candidate(juice_agent_t *agent, ice_candidate_typ
 		return 0;
 	}
 	ice_candidate_t candidate;
-	if (ice_create_local_candidate(type, 1, agent->local.candidates_count, record, &candidate)) {
+	if (ice_create_local_candidate(type, 1, agent->local.candidates_count, record, &candidate, ICE_CANDIDATE_TRANSPORT_UDP)) {
 		JLOG_ERROR("Failed to create reflexive candidate");
 		return -1;
 	}
@@ -2297,6 +2352,27 @@ int agent_add_candidate_pair(juice_agent_t *agent, ice_candidate_t *local, // lo
 		return -1;
 	}
 
+	bool is_tcp = remote->transport != ICE_CANDIDATE_TRANSPORT_UDP;
+	if (is_tcp) {
+		if (agent->ice_tcp_mode != JUICE_ICE_TCP_MODE_ACTIVE) {
+			JLOG_WARN("ICE-TCP is disabled ignoring TCP Candidate");
+			return 0;
+		}
+
+		if (remote->transport != ICE_CANDIDATE_TRANSPORT_TCP_TYPE_PASSIVE && remote->transport != ICE_CANDIDATE_TRANSPORT_TCP_TYPE_SO) {
+			JLOG_INFO("Ignoring ICE-TCP Candidate that is not passive or simultaneous open");
+			return 0;
+		}
+
+		for (int i = 0; i < agent->candidate_pairs_count; ++i) {
+			ice_candidate_pair_t *pair = &agent->candidate_pairs[i];
+			if (pair->remote->transport != ICE_CANDIDATE_TRANSPORT_UDP) {
+				JLOG_INFO("Only one ICE-TCP remote candidate is supported ignoring TCP Candidate");
+				return 0;
+			}
+		}
+	}
+
 	JLOG_VERBOSE("Adding new candidate pair, priority=%" PRIu64, pair.priority);
 
 	// Add pair
@@ -2327,20 +2403,9 @@ int agent_add_candidate_pair(juice_agent_t *agent, ice_candidate_t *local, // lo
 		}
 	}
 
-	JLOG_VERBOSE("Registering STUN entry %d for candidate pair checking", agent->entries_count);
-	agent_stun_entry_t *entry = agent->entries + agent->entries_count;
-	entry->type = AGENT_STUN_ENTRY_TYPE_CHECK;
-	entry->state = AGENT_STUN_ENTRY_STATE_IDLE;
-	entry->mode = AGENT_MODE_UNKNOWN;
-	entry->pair = pos;
-	entry->record = pos->remote->resolved;
-	entry->relay_entry = relay_entry;
-	juice_random(entry->transaction_id, STUN_TRANSACTION_ID_SIZE);
-	entry->transaction_id_expired = false;
-	++agent->entries_count;
-
-	if (remote->type == ICE_CANDIDATE_TYPE_HOST)
-		agent_translate_host_candidate_entry(agent, entry);
+	if (!is_tcp) {
+		agent_register_entry_for_candidate_pair(agent, pos, relay_entry);
+	}
 
 	if (agent->mode == AGENT_MODE_CONTROLLING) {
 		for (int i = 0; i < agent->candidate_pairs_count; ++i) {
@@ -2358,7 +2423,7 @@ int agent_add_candidate_pair(juice_agent_t *agent, ice_candidate_t *local, // lo
 	}
 
 	// There is only one component, therefore we can unfreeze if no pair is nominated
-	if (*agent->remote.ice_ufrag != '\0' &&
+	if (!is_tcp && *agent->remote.ice_ufrag != '\0' &&
 	    (!agent->selected_pair || !agent->selected_pair->nominated)) {
 		JLOG_VERBOSE("Unfreezing the new candidate pair");
 		agent_unfreeze_candidate_pair(agent, pos);
@@ -2623,6 +2688,17 @@ agent_stun_entry_t *agent_find_entry_from_record(juice_agent_t *agent, const add
 	return NULL;
 }
 
+int agent_set_ice_tcp_mode(juice_agent_t *agent, juice_ice_tcp_mode_t ice_tcp_mode)
+{
+	if (agent->conn_impl) {
+		JLOG_WARN("Unable to set ICE attributes, candidates gathering already started");
+		return JUICE_ERR_FAILED;
+	}
+
+	agent->ice_tcp_mode = ice_tcp_mode;
+	return JUICE_ERR_SUCCESS;
+}
+
 void agent_translate_host_candidate_entry(juice_agent_t *agent, agent_stun_entry_t *entry) {
 	if (!entry->pair || entry->pair->remote->type != ICE_CANDIDATE_TYPE_HOST)
 		return;

src/agent.h

@@ -126,6 +126,7 @@ struct juice_agent {
 	juice_config_t config;
 	juice_state_t state;
 	agent_mode_t mode;
+	juice_ice_tcp_mode_t ice_tcp_mode;
 
 	ice_description_t local;
 	ice_description_t remote;
@@ -236,5 +237,6 @@ agent_stun_entry_t *
 agent_find_entry_from_record(juice_agent_t *agent, const addr_record_t *record,
                              const addr_record_t *relayed); // relayed may be NULL
 void agent_translate_host_candidate_entry(juice_agent_t *agent, agent_stun_entry_t *entry);
+int agent_set_ice_tcp_mode(juice_agent_t *agent, juice_ice_tcp_mode_t ice_tcp_mode);
 
 #endif

src/conn.c

@@ -22,13 +22,13 @@
 
 static conn_mode_entry_t mode_entries[MODE_ENTRIES_SIZE] = {
     {conn_poll_registry_init, conn_poll_registry_cleanup, conn_poll_init, conn_poll_cleanup,
-     conn_poll_lock, conn_poll_unlock, conn_poll_interrupt, conn_poll_send, conn_poll_get_addrs,
+     conn_poll_lock, conn_poll_unlock, conn_poll_interrupt, conn_poll_send, conn_poll_tcp_connect_func, conn_poll_get_addrs,
      NULL, NULL, NULL, MUTEX_INITIALIZER, NULL},
     {conn_mux_registry_init, conn_mux_registry_cleanup, conn_mux_init, conn_mux_cleanup,
-     conn_mux_lock, conn_mux_unlock, conn_mux_interrupt, conn_mux_send, conn_mux_get_addrs,
+     conn_mux_lock, conn_mux_unlock, conn_mux_interrupt, conn_mux_send, NULL, conn_mux_get_addrs,
      conn_mux_listen, conn_mux_get_registry, conn_mux_can_release_registry, MUTEX_INITIALIZER, NULL},
     {NULL, NULL, conn_thread_init, conn_thread_cleanup,
-     conn_thread_lock, conn_thread_unlock, conn_thread_interrupt, conn_thread_send, conn_thread_get_addrs,
+     conn_thread_lock, conn_thread_unlock, conn_thread_interrupt, conn_thread_send, NULL, conn_thread_get_addrs,
      NULL, NULL, NULL, MUTEX_INITIALIZER, NULL}
 };
 
@@ -253,6 +253,17 @@ int conn_send(juice_agent_t *agent, const addr_record_t *dst, const char *data,
 	return get_agent_mode_entry(agent)->send_func(agent, dst, data, size, ds);
 }
 
+void conn_tcp_connect(juice_agent_t *agent, const addr_record_t *dst, void (*callback)(juice_agent_t*)) {
+	if (!agent->conn_impl)
+		return;
+
+	tcp_connect_func *tcp_connect_func = get_agent_mode_entry(agent)->tcp_connect_func;
+	if (tcp_connect_func == NULL)
+		return;
+
+	tcp_connect_func(agent, dst, callback);
+}
+
 int conn_get_addrs(juice_agent_t *agent, addr_record_t *records, size_t size) {
 	if (!agent->conn_impl)
 		return -1;

src/conn.h

@@ -32,6 +32,8 @@ typedef struct conn_registry {
 	int agents_count;
 } conn_registry_t;
 
+typedef void tcp_connect_func(juice_agent_t *agent, const addr_record_t *dst, void (*callback)(juice_agent_t*));
+
 typedef struct conn_mode_entry {
 	int (*registry_init_func)(conn_registry_t *registry, udp_socket_config_t *config);
 	void (*registry_cleanup_func)(conn_registry_t *registry);
@@ -44,6 +46,7 @@ typedef struct conn_mode_entry {
 	int (*interrupt_func)(juice_agent_t *agent);
 	int (*send_func)(juice_agent_t *agent, const addr_record_t *dst, const char *data, size_t size,
 	                 int ds);
+	tcp_connect_func *tcp_connect_func;
 	int (*get_addrs_func)(juice_agent_t *agent, addr_record_t *records, size_t size);
 	int (*mux_listen_func)(conn_registry_t *registry, juice_cb_mux_incoming_t cb, void *user_ptr);
 	conn_registry_t *(*get_registry_func)(udp_socket_config_t *config);
@@ -61,6 +64,7 @@ void conn_unlock(juice_agent_t *agent);
 int conn_interrupt(juice_agent_t *agent);
 int conn_send(juice_agent_t *agent, const addr_record_t *dst, const char *data, size_t size,
               int ds);
+void conn_tcp_connect(juice_agent_t *agent, const addr_record_t *dst, void (*callback)(juice_agent_t*));
 int conn_get_addrs(juice_agent_t *agent, addr_record_t *records, size_t size);
 
 #endif