-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RDKDEV-1085: limit port range for webrtc peer connections #1403
base: wpe-2.38
Are you sure you want to change the base?
RDKDEV-1085: limit port range for webrtc peer connections #1403
Conversation
Port range limit is retrieved from env variable: WEBRTC_PEER_PORT_RANGE
@emutavchi , Could you please look at this PR as well? It is important to know effects on all use-cases. |
What issue is this fixing? |
That is related more to our internal STB firewall setup and NASC restrictions, as a general rule we have there on input traffic default DROP rule. Problem was observed by us in the case of host to host WebRTC streaming (both being in the same local network) example drop: Aug 20 15:42:18.078218 000378-EOS2STB-008388647706 kernel: DROP: IN=eth2 OUT= MAC=4c:d0:8a:2b:c4:19:00:2b:67:13:14:a8:08:00 SRC=192.168.50.118 DST=192.168.50.201 LEN=128 TOS=0x00 PREC=0x00 TTL=64 ID=40595 DF PROTO=UDP SPT=37659 DPT=33807 LEN=108 (1) Usually without extra setup, the port is selected from ephemeral port range (next free is selected). Simply saying that env variable and setup give us more control on that behaviour and allow to selectively manage the incoming traffic. |
And on which devices is this needed? I wonder if instead of adding yet another env var this could be handled using the Quirks system. |
@philn , what do you think? Is that something needs to be outside of browser code or fine to have in browser? I am asking because it seems it is a requirement of specific platform not webrtc protocol, am I correct ? |
Well, I think this might be a browser decision, I'll investigate this further and get back asap. |
I think this could be a runtime setting in WebKit, maybe.
The protocol doesn't mandate a specific range of UDP ports afaik. It's up to each client's kernel to allocate port. |
@philn for us it is enough to have it configurable via env variable. Is my understanig correct? That to have it, we should introduce something like: WebRTCPeerPortMax: ... in Source/WTF/Scripts/Preferences/WebPreferences.yaml ... and then introduce setting implementation (glib version and extra two properties in Source/WebKit/UIProcess/ API/glib/WebKitSettings.cpp), something like: ... and also: WkPreferencesGet/WkPreferencesSet API for that new preferences ... and then propagate that via plugin config from Webkitbrowser plugin to Webkit ? Is that the way to update that pull request to introduce/upstream that ? |
Yes, see WebKit/WebKit#34221 which I need to update (some test failing). |
I'm preparing the backport from upstream, including the env var support, which will remain downstream. |
Port range limit is retrieved from env variable: WEBRTC_PEER_PORT_RANGE