From 41010f95bb22ac72336a7d959df3fe6ffa80d25d Mon Sep 17 00:00:00 2001 From: Yury Yarashevich Date: Thu, 19 Jan 2023 17:56:03 +0100 Subject: [PATCH] Log resolved & unresolved turn server address as sensitive string. This should help to debug problems with DNS resolution of turn server name. E.g. DNS server returns fake IP address to block turn server. Similar change to stun_port.cc were done in https://webrtc-review.googlesource.com/c/src/+/215926 Bug: None Change-Id: If1cc410f4cd0f89620d3678aabf05a0f1b22a393 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/290992 Reviewed-by: Harald Alvestrand Commit-Queue: Yury Yarashevich Cr-Commit-Position: refs/heads/main@{#39152} --- p2p/base/stun_port.cc | 11 +++++------ p2p/base/turn_port.cc | 30 ++++++++++++++--------------- rtc_base/socket_address.cc | 16 +++++++++++---- rtc_base/socket_address.h | 6 +++--- rtc_base/socket_address_unittest.cc | 29 ++++++++++++++++++++++++++++ 5 files changed, 64 insertions(+), 28 deletions(-) diff --git a/p2p/base/stun_port.cc b/p2p/base/stun_port.cc index fdb7edce57..9fd39da8f3 100644 --- a/p2p/base/stun_port.cc +++ b/p2p/base/stun_port.cc @@ -332,9 +332,9 @@ int UDPPort::SendTo(const void* data, if (send_error_count_ < kSendErrorLogLimit) { ++send_error_count_; RTC_LOG(LS_ERROR) << ToString() << ": UDP send of " << size - << " bytes to host " << addr.ToSensitiveString() << " (" - << addr.ToResolvedSensitiveString() - << ") failed with error " << error_; + << " bytes to host " + << addr.ToSensitiveNameAndAddressString() + << " failed with error " << error_; } } else { send_error_count_ = 0; @@ -631,9 +631,8 @@ void UDPPort::OnSendPacket(const void* data, size_t size, StunRequest* req) { if (socket_->SendTo(data, size, sreq->server_addr(), options) < 0) { RTC_LOG_ERR_EX(LS_ERROR, socket_->GetError()) << "UDP send of " << size << " bytes to host " - << sreq->server_addr().ToSensitiveString() << " (" - << sreq->server_addr().ToResolvedSensitiveString() - << ") failed with error " << error_; + << sreq->server_addr().ToSensitiveNameAndAddressString() + << " failed with error " << error_; } stats_.stun_binding_requests_sent++; } diff --git a/p2p/base/turn_port.cc b/p2p/base/turn_port.cc index 33662a95ba..089910e072 100644 --- a/p2p/base/turn_port.cc +++ b/p2p/base/turn_port.cc @@ -393,9 +393,10 @@ void TurnPort::PrepareAddress() { // Insert the current address to prevent redirection pingpong. attempted_server_addresses_.insert(server_address_.address); - RTC_LOG(LS_INFO) << ToString() << ": Trying to connect to TURN server via " - << ProtoToString(server_address_.proto) << " @ " - << server_address_.address.ToSensitiveString(); + RTC_LOG(LS_INFO) + << ToString() << ": Trying to connect to TURN server via " + << ProtoToString(server_address_.proto) << " @ " + << server_address_.address.ToSensitiveNameAndAddressString(); if (!CreateTurnClientSocket()) { RTC_LOG(LS_ERROR) << "Failed to create TURN client socket"; OnAllocateError(SERVER_NOT_REACHABLE_ERROR, @@ -502,21 +503,21 @@ void TurnPort::OnSocketConnect(rtc::AsyncPacketSocket* socket) { })) { if (socket->GetLocalAddress().IsLoopbackIP()) { RTC_LOG(LS_WARNING) << "Socket is bound to the address:" - << socket_address.ipaddr().ToSensitiveString() + << socket_address.ToSensitiveNameAndAddressString() << ", rather than an address associated with network:" << Network()->ToString() << ". Still allowing it since it's localhost."; } else if (IPIsAny(Network()->GetBestIP())) { RTC_LOG(LS_WARNING) << "Socket is bound to the address:" - << socket_address.ipaddr().ToSensitiveString() + << socket_address.ToSensitiveNameAndAddressString() << ", rather than an address associated with network:" << Network()->ToString() << ". Still allowing it since it's the 'any' address" ", possibly caused by multiple_routes being disabled."; } else { RTC_LOG(LS_WARNING) << "Socket is bound to the address:" - << socket_address.ipaddr().ToSensitiveString() + << socket_address.ToSensitiveNameAndAddressString() << ", rather than an address associated with network:" << Network()->ToString() << ". Discarding TURN port."; OnAllocateError( @@ -712,11 +713,10 @@ bool TurnPort::HandleIncomingPacket(rtc::AsyncPacketSocket* socket, // alternative server redirection. TODO(guoweis): add a unit test for this // race condition. if (remote_addr != server_address_.address) { - RTC_LOG(LS_WARNING) << ToString() - << ": Discarding TURN message from unknown address: " - << remote_addr.ToSensitiveString() - << " server_address_: " - << server_address_.address.ToSensitiveString(); + RTC_LOG(LS_WARNING) + << ToString() << ": Discarding TURN message from unknown address: " + << remote_addr.ToSensitiveNameAndAddressString() << " server_address_: " + << server_address_.address.ToSensitiveNameAndAddressString(); return false; } @@ -791,7 +791,7 @@ bool TurnPort::SetAlternateServer(const rtc::SocketAddress& address) { AttemptedServerSet::iterator iter = attempted_server_addresses_.find(address); if (iter != attempted_server_addresses_.end()) { RTC_LOG(LS_WARNING) << ToString() << ": Redirection to [" - << address.ToSensitiveString() + << address.ToSensitiveNameAndAddressString() << "] ignored, allocation failed."; return false; } @@ -812,9 +812,9 @@ bool TurnPort::SetAlternateServer(const rtc::SocketAddress& address) { } RTC_LOG(LS_INFO) << ToString() << ": Redirecting from TURN server [" - << server_address_.address.ToSensitiveString() - << "] to TURN server [" << address.ToSensitiveString() - << "]"; + << server_address_.address.ToSensitiveNameAndAddressString() + << "] to TURN server [" + << address.ToSensitiveNameAndAddressString() << "]"; server_address_ = ProtocolAddress(address, server_address_.proto); // Insert the current address to prevent redirection pingpong. diff --git a/rtc_base/socket_address.cc b/rtc_base/socket_address.cc index 93d6860a70..8601fc9040 100644 --- a/rtc_base/socket_address.cc +++ b/rtc_base/socket_address.cc @@ -179,13 +179,21 @@ std::string SocketAddress::ToSensitiveString() const { return sb.str(); } -std::string SocketAddress::ToResolvedSensitiveString() const { - if (IsUnresolvedIP()) { - return ""; +std::string SocketAddress::ToSensitiveNameAndAddressString() const { + if (IsUnresolvedIP() || literal_ || hostname_.empty()) { + return ToSensitiveString(); } char buf[1024]; rtc::SimpleStringBuilder sb(buf); - sb << ipaddr().ToSensitiveString() << ":" << port(); + sb << HostAsSensitiveURIString() << ":" << port(); + sb << " ("; + if (ip_.family() == AF_INET6) { + sb << "[" << ipaddr().ToSensitiveString() << "]"; + } else { + sb << ipaddr().ToSensitiveString(); + } + sb << ":" << port() << ")"; + return sb.str(); } diff --git a/rtc_base/socket_address.h b/rtc_base/socket_address.h index 99e14d8eab..b58a6db3b7 100644 --- a/rtc_base/socket_address.h +++ b/rtc_base/socket_address.h @@ -126,9 +126,9 @@ class RTC_EXPORT SocketAddress { // Same as ToString but anonymizes it by hiding the last part. std::string ToSensitiveString() const; - // Returns hostname:port string if address is resolved, otherwise returns - // empty string. - std::string ToResolvedSensitiveString() const; + // Returns sensitive description of address in a form which both includes + // resolved and unresolved addresses based on their availability. + std::string ToSensitiveNameAndAddressString() const; // Parses hostname:port and [hostname]:port. bool FromString(absl::string_view str); diff --git a/rtc_base/socket_address_unittest.cc b/rtc_base/socket_address_unittest.cc index d1c911abff..f10e43f148 100644 --- a/rtc_base/socket_address_unittest.cc +++ b/rtc_base/socket_address_unittest.cc @@ -334,4 +334,33 @@ TEST(SocketAddressTest, TestToSensitiveString) { EXPECT_EQ(kTestV6AddrFullAnonymizedString, addr_v6.ToSensitiveString()); } +TEST(SocketAddressTest, TestToSensitiveNameAndAddressString) { + SocketAddress ipv4OnlyLiteral("1.2.3.4", 5678); + EXPECT_EQ("1.2.3.x:5678", ipv4OnlyLiteral.ToSensitiveNameAndAddressString()); + + SocketAddress ipv4OnlyAddress(IPAddress(0x01020304), 5678); + EXPECT_EQ("1.2.3.x:5678", ipv4OnlyAddress.ToSensitiveNameAndAddressString()); + + SocketAddress hostOnly("webrtc.org", 443); + EXPECT_EQ("webrtc.org:443", hostOnly.ToSensitiveNameAndAddressString()); + + SocketAddress hostAndIpv4("webrtc.org", 80); + hostAndIpv4.SetResolvedIP(IPAddress(0x01020304)); + EXPECT_EQ("webrtc.org:80 (1.2.3.x:80)", + hostAndIpv4.ToSensitiveNameAndAddressString()); + + SocketAddress ipv6OnlyLiteral(kTestV6AddrString, 5678); + EXPECT_EQ(kTestV6AddrFullAnonymizedString, + ipv6OnlyLiteral.ToSensitiveNameAndAddressString()); + + SocketAddress ipv6OnlyAddress(IPAddress(kTestV6Addr), 5678); + EXPECT_EQ(kTestV6AddrFullAnonymizedString, + ipv6OnlyAddress.ToSensitiveNameAndAddressString()); + + SocketAddress hostAndIpv6("webrtc.org", 5678); + hostAndIpv6.SetResolvedIP(IPAddress(kTestV6Addr)); + EXPECT_EQ("webrtc.org:5678 (" + kTestV6AddrFullAnonymizedString + ")", + hostAndIpv6.ToSensitiveNameAndAddressString()); +} + } // namespace rtc