| public ToByteBufferStringKey ( string messageIntegrityKey, bool addFingerprint ) : byte[] | ||
| messageIntegrityKey | string | |
| addFingerprint | bool | |
| return | byte[] | |
/// <summary>
/// Performs a connectivity check for a single candidate pair entry.
/// </summary>
/// <param name="candidatePair">The candidate pair to perform a connectivity check for.</param>
/// <param name="setUseCandidate">If true indicates we are acting as the "controlling" ICE agent
/// and are nominating this candidate as the chosen one.</param>
/// <remarks>As specified in https://tools.ietf.org/html/rfc8445#section-7.2.4.</remarks>
private void SendConnectivityCheck(ChecklistEntry candidatePair, bool setUseCandidate)
{
candidatePair.State = ChecklistEntryState.InProgress;
candidatePair.LastCheckSentAt = DateTime.Now;
candidatePair.ChecksSent++;
candidatePair.RequestTransactionID = Crypto.GetRandomString(STUNv2Header.TRANSACTION_ID_LENGTH);
IPEndPoint remoteEndPoint = candidatePair.RemoteCandidate.GetEndPoint();
logger.LogDebug($"Sending ICE connectivity check from {_rtpChannel.RTPLocalEndPoint} to {remoteEndPoint} (use candidate {setUseCandidate}).");
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Encoding.ASCII.GetBytes(candidatePair.RequestTransactionID);
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + LocalIceUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, BitConverter.GetBytes(candidatePair.Priority)));
if (setUseCandidate)
{
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null));
}
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, remoteEndPoint, stunReqBytes);
}
/// <summary>
/// Performs a connectivity check for a single candidate pair entry.
/// </summary>
/// <param name="candidatePair">The candidate pair to perform a connectivity check for.</param>
/// <remarks>As specified in https://tools.ietf.org/html/rfc8445#section-7.2.4.</remarks>
private void DoConnectivityCheck(ChecklistEntry candidatePair)
{
candidatePair.State = ChecklistEntryState.InProgress;
IPAddress remoteAddress = IPAddress.Parse(candidatePair.RemoteCandidate.address);
IPEndPoint remoteEndPoint = new IPEndPoint(remoteAddress, candidatePair.RemoteCandidate.port);
logger.LogDebug($"Sending ICE connectivity check from {_rtpChannel.RTPLocalEndPoint} to {remoteEndPoint}.");
string localUser = LocalIceUser;
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + localUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null));
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, remoteEndPoint, stunReqBytes);
//localIceCandidate.LastSTUNSendAt = DateTime.Now;
}
private void ProcessStunMessage(STUNv2Message stunMessage, IPEndPoint remoteEndPoint)
{
//logger.LogDebug("STUN message received from remote " + remoteEndPoint + " " + stunMessage.Header.MessageType + ".");
if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingRequest)
{
STUNv2Message stunResponse = new STUNv2Message(STUNv2MessageTypesEnum.BindingSuccessResponse);
stunResponse.Header.TransactionId = stunMessage.Header.TransactionId;
stunResponse.AddXORMappedAddressAttribute(remoteEndPoint.Address, remoteEndPoint.Port);
// ToDo: Check authentication.
string localIcePassword = LocalIcePassword;
byte[] stunRespBytes = stunResponse.ToByteBufferStringKey(localIcePassword, true);
//iceCandidate.LocalRtpSocket.SendTo(stunRespBytes, remoteEndPoint);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, remoteEndPoint, stunRespBytes);
//iceCandidate.LastStunRequestReceivedAt = DateTime.Now;
//iceCandidate.IsStunRemoteExchangeComplete = true;
if (RemoteEndPoint == null)
{
RemoteEndPoint = remoteEndPoint;
_rtpSession.DestinationEndPoint = RemoteEndPoint;
_rtpSession.RtcpSession.ControlDestinationEndPoint = RemoteEndPoint;
//OnIceConnected?.Invoke(iceCandidate, remoteEndPoint);
IceConnectionState = IceConnectionStatesEnum.Connected;
}
if (_remoteIceCandidates != null && !_remoteIceCandidates.Any(x =>
(x.NetworkAddress == remoteEndPoint.Address.ToString() || x.RemoteAddress == remoteEndPoint.Address.ToString()) &&
(x.Port == remoteEndPoint.Port || x.RemotePort == remoteEndPoint.Port)))
{
// This STUN request has come from a socket not in the remote ICE candidates list. Add it so we can send our STUN binding request to it.
IceCandidate remoteIceCandidate = new IceCandidate("udp", remoteEndPoint.Address, remoteEndPoint.Port, IceCandidateTypesEnum.host);
logger.LogDebug("Adding missing remote ICE candidate for " + remoteEndPoint + ".");
_remoteIceCandidates.Add(remoteIceCandidate);
// Some browsers require a STUN binding request from our end before the DTLS handshake will be initiated.
// The STUN connectivity checks are already scheduled but we can speed things up by sending a binding
// request immediately.
SendStunConnectivityChecks(null);
}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingSuccessResponse)
{
// TODO: What needs to be done here?
//if (_turnServerEndPoint != null && remoteEndPoint.ToString() == _turnServerEndPoint.ToString())
//{
// if (iceCandidate.IsGatheringComplete == false)
// {
// var reflexAddressAttribute = stunMessage.Attributes.FirstOrDefault(y => y.AttributeType == STUNv2AttributeTypesEnum.XORMappedAddress) as STUNv2XORAddressAttribute;
// if (reflexAddressAttribute != null)
// {
// iceCandidate.StunRflxIPEndPoint = new IPEndPoint(reflexAddressAttribute.Address, reflexAddressAttribute.Port);
// iceCandidate.IsGatheringComplete = true;
// logger.LogDebug("ICE gathering complete for local socket " + iceCandidate.RtpChannel.RTPLocalEndPoint + ", rflx address " + iceCandidate.StunRflxIPEndPoint + ".");
// }
// else
// {
// iceCandidate.IsGatheringComplete = true;
// logger.LogDebug("The STUN binding response received on " + iceCandidate.RtpChannel.RTPLocalEndPoint + " from " + remoteEndPoint + " did not have an XORMappedAddress attribute, rlfx address can not be determined.");
// }
// }
//}
//else
//{
// iceCandidate.LastStunResponseReceivedAt = DateTime.Now;
// if (iceCandidate.IsStunLocalExchangeComplete == false)
// {
// iceCandidate.IsStunLocalExchangeComplete = true;
// logger.LogDebug("WebRTC client STUN exchange complete for call " + CallID + ", candidate local socket " + iceCandidate.RtpChannel.RTPLocalEndPoint + ", remote socket " + remoteEndPoint + ".");
// SetIceConnectionState(IceConnectionStatesEnum.Connected);
// }
//}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingErrorResponse)
{
logger.LogWarning($"A STUN binding error response was received from {remoteEndPoint}.");
}
else
{
logger.LogWarning($"An unrecognised STUN request was received from {remoteEndPoint}.");
}
}
/// <summary>
/// Periodically send a STUN binding request to check connectivity.
/// </summary>
/// <param name="stateInfo">Not used.</param>
private void SendStunConnectivityChecks(Object stateInfo)
{
try
{
//logger.LogDebug($"Send STUN connectivity checks, local candidates {LocalIceCandidates.Count()}, remote candidates {_remoteIceCandidates.Count()}.");
// If one of the ICE candidates has the remote RTP socket set then the negotiation is complete and the STUN checks are to keep the connection alive.
if (RemoteIceUser != null && RemoteIcePassword != null)
{
if (IsConnected)
{
// Remote RTP endpoint gets set when the DTLS negotiation is finished.
if (RemoteEndPoint != null)
{
//logger.LogDebug("Sending STUN connectivity check to client " + iceCandidate.RemoteRtpEndPoint + ".");
string localUser = LocalIceUser;
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + localUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null)); // Must send this to get DTLS started.
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, RemoteEndPoint, stunReqBytes);
_lastStunSentAt = DateTime.Now;
}
if (_lastCommunicationAt != DateTime.MinValue)
{
var secondsSinceLastResponse = DateTime.Now.Subtract(_lastCommunicationAt).TotalSeconds;
if (secondsSinceLastResponse > ICE_CONNECTED_NO_COMMUNICATIONS_TIMEOUT_SECONDS)
{
logger.LogWarning($"No packets have been received from {RemoteEndPoint} within the last {secondsSinceLastResponse:#} seconds, closing session.");
Close("Inactivity timeout.");
}
}
}
else
{
if (_remoteIceCandidates.Count() > 0)
{
foreach (var localIceCandidate in LocalIceCandidates.Where(x => x.IsStunLocalExchangeComplete == false && x.StunConnectionRequestAttempts < MAXIMUM_STUN_CONNECTION_ATTEMPTS))
{
localIceCandidate.StunConnectionRequestAttempts++;
// ToDo: Include srflx and relay addresses.
// Only supporting UDP candidates at this stage.
foreach (var remoteIceCandidate in RemoteIceCandidates.Where(x => x.Transport.ToLower() == "udp" && x.NetworkAddress.NotNullOrBlank() && x.HasConnectionError == false))
{
try
{
IPAddress remoteAddress = IPAddress.Parse(remoteIceCandidate.NetworkAddress);
logger.LogDebug($"Sending authenticated STUN binding request {localIceCandidate.StunConnectionRequestAttempts} from {_rtpChannel.RTPLocalEndPoint} to WebRTC peer at {remoteIceCandidate.NetworkAddress}:{remoteIceCandidate.Port}.");
string localUser = LocalIceUser;
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + localUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null));
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, new IPEndPoint(IPAddress.Parse(remoteIceCandidate.NetworkAddress), remoteIceCandidate.Port), stunReqBytes);
localIceCandidate.LastSTUNSendAt = DateTime.Now;
}
catch (System.Net.Sockets.SocketException sockExcp)
{
logger.LogWarning($"SocketException sending STUN request to {remoteIceCandidate.NetworkAddress}:{remoteIceCandidate.Port}, removing candidate. {sockExcp.Message}");
remoteIceCandidate.HasConnectionError = true;
}
}
}
}
}
}
if (!IsClosed)
{
var interval = GetNextStunCheckInterval(STUN_CHECK_BASE_PERIOD_MILLISECONDS);
if (m_stunChecksTimer == null)
{
m_stunChecksTimer = new Timer(SendStunConnectivityChecks, null, interval, interval);
}
else
{
m_stunChecksTimer.Change(interval, interval);
}
}
}
catch (Exception excp)
{
logger.LogError("Exception SendStunConnectivityCheck. " + excp);
//m_stunChecksTimer?.Dispose();
}
}
private void ProcessStunMessage(IceCandidate iceCandidate, STUNv2Message stunMessage, IPEndPoint remoteEndPoint)
{
//logger.Debug("STUN message received from remote " + remoteEndPoint + " " + stunMessage.Header.MessageType + ".");
if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingRequest)
{
STUNv2Message stunResponse = new STUNv2Message(STUNv2MessageTypesEnum.BindingSuccessResponse);
stunResponse.Header.TransactionId = stunMessage.Header.TransactionId;
stunResponse.AddXORMappedAddressAttribute(remoteEndPoint.Address, remoteEndPoint.Port);
// ToDo: Check authentication.
byte[] stunRespBytes = stunResponse.ToByteBufferStringKey(LocalIcePassword, true);
iceCandidate.LocalRtpSocket.SendTo(stunRespBytes, remoteEndPoint);
iceCandidate.LastStunRequestReceivedAt = DateTime.Now;
iceCandidate.IsStunRemoteExchangeComplete = true;
if (_remoteIceCandidates != null && !_remoteIceCandidates.Any(x =>
(x.NetworkAddress == remoteEndPoint.Address.ToString() || x.RemoteAddress == remoteEndPoint.Address.ToString()) &&
(x.Port == remoteEndPoint.Port || x.RemotePort == remoteEndPoint.Port)))
{
// This STUN request has come from a socket not in the remote ICE candidates list. Add it so we can send our STUN binding request to it.
IceCandidate remoteIceCandidate = new IceCandidate()
{
Transport = "udp",
NetworkAddress = remoteEndPoint.Address.ToString(),
Port = remoteEndPoint.Port,
CandidateType = IceCandidateTypesEnum.host
};
logger.Debug("Adding missing remote ICE candidate for " + remoteEndPoint + ".");
_remoteIceCandidates.Add(remoteIceCandidate);
}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingSuccessResponse)
{
if (_turnServerEndPoint != null && remoteEndPoint.ToString() == _turnServerEndPoint.ToString())
{
if (iceCandidate.IsGatheringComplete == false)
{
var reflexAddressAttribute = stunMessage.Attributes.FirstOrDefault(y => y.AttributeType == STUNv2AttributeTypesEnum.XORMappedAddress) as STUNv2XORAddressAttribute;
if (reflexAddressAttribute != null)
{
iceCandidate.StunRflxIPEndPoint = new IPEndPoint(reflexAddressAttribute.Address, reflexAddressAttribute.Port);
iceCandidate.IsGatheringComplete = true;
logger.Debug("ICE gathering complete for local socket " + iceCandidate.LocalRtpSocket.LocalEndPoint + ", rflx address " + iceCandidate.StunRflxIPEndPoint + ".");
}
else
{
iceCandidate.IsGatheringComplete = true;
logger.Debug("The STUN binding response received on " + iceCandidate.LocalRtpSocket.LocalEndPoint + " from " + remoteEndPoint + " did not have an XORMappedAddress attribute, rlfx address can not be determined.");
}
}
}
else
{
iceCandidate.LastStunResponseReceivedAt = DateTime.Now;
if (iceCandidate.IsStunLocalExchangeComplete == false)
{
iceCandidate.IsStunLocalExchangeComplete = true;
logger.Debug("WebRTC client STUN exchange complete for call " + CallID + ", candidate local socket " + iceCandidate.LocalRtpSocket.LocalEndPoint + ", remote socket " + remoteEndPoint + ".");
SetIceConnectionState(IceConnectionStatesEnum.Connected);
}
}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingErrorResponse)
{
logger.Warn("A STUN binding error response was received on " + iceCandidate.LocalRtpSocket.LocalEndPoint + " from " + remoteEndPoint + ".");
}
else
{
logger.Warn("An unrecognised STUN request was received on " + iceCandidate.LocalRtpSocket.LocalEndPoint + " from " + remoteEndPoint + ".");
}
}
private void SendStunConnectivityChecks()
{
try
{
while (!IsClosed)
{
try
{
// If one of the ICE candidates has the remote RTP socket set then the negotiation is complete and the STUN checks are to keep the connection alive.
if (LocalIceCandidates.Any(x => x.IsConnected == true))
{
var iceCandidate = LocalIceCandidates.First(x => x.IsConnected == true);
// Remote RTP endpoint gets set when the DTLS negotiation is finished.
if (iceCandidate.RemoteRtpEndPoint != null)
{
//logger.Debug("Sending STUN connectivity check to client " + iceCandidate.RemoteRtpEndPoint + ".");
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + LocalIceUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null)); // Must send this to get DTLS started.
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
iceCandidate.LocalRtpSocket.SendTo(stunReqBytes, iceCandidate.RemoteRtpEndPoint);
iceCandidate.LastSTUNSendAt = DateTime.Now;
}
var secondsSinceLastResponse = DateTime.Now.Subtract(iceCandidate.LastCommunicationAt).TotalSeconds;
if (secondsSinceLastResponse > ICE_TIMEOUT_SECONDS)
{
logger.Warn("No STUN response was received on a connected ICE connection for " + secondsSinceLastResponse + "s, closing connection.");
iceCandidate.IsDisconnected = true;
if (LocalIceCandidates.Any(x => x.IsConnected == true) == false)
{
// If there are no connected local candidates left close the peer.
Close();
break;
}
}
}
else
{
if (_remoteIceCandidates.Count() > 0)
{
foreach (var localIceCandidate in LocalIceCandidates.Where(x => x.IsStunLocalExchangeComplete == false && x.StunConnectionRequestAttempts < MAXIMUM_STUN_CONNECTION_ATTEMPTS))
{
localIceCandidate.StunConnectionRequestAttempts++;
// ToDo: Include srflx and relay addresses.
foreach (var remoteIceCandidate in RemoteIceCandidates.Where(x => x.Transport != "tcp" && x.NetworkAddress.NotNullOrBlank())) // Only supporting UDP candidates at this stage.
{
IPAddress remoteAddress = IPAddress.Parse(remoteIceCandidate.NetworkAddress);
logger.Debug("Sending authenticated STUN binding request " + localIceCandidate.StunConnectionRequestAttempts + " from " + localIceCandidate.LocalRtpSocket.LocalEndPoint + " to WebRTC peer at " + remoteIceCandidate.NetworkAddress + ":" + remoteIceCandidate.Port + ".");
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + LocalIceUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null)); // Must send this to get DTLS started.
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
localIceCandidate.LocalRtpSocket.SendTo(stunReqBytes, new IPEndPoint(IPAddress.Parse(remoteIceCandidate.NetworkAddress), remoteIceCandidate.Port));
localIceCandidate.LastSTUNSendAt = DateTime.Now;
}
}
}
}
}
catch (Exception excp)
{
logger.Error("Exception SendStunConnectivityCheck ConnectivityCheck. " + excp);
}
if (!IsClosed)
{
Thread.Sleep(ESTABLISHED_STUN_BINDING_PERIOD_MILLISECONDS);
}
}
}
catch (Exception excp)
{
logger.Error("Exception SendStunConnectivityCheck. " + excp);
}
}
private void SendStunConnectivityChecks(Object stateInfo)
{
try
{
lock (_stunChecksTimer)
{
//logger.LogDebug($"Send STUN connectivity checks, local candidates {_candidates?.Count()}, remote candidates {_remoteCandidates?.Count()}.");
// If one of the ICE candidates has the remote RTP socket set then the negotiation is complete and the STUN checks are to keep the connection alive.
if (RemoteIceUser != null && RemoteIcePassword != null)
{
if (ConnectionState == RTCIceConnectionState.connected)
{
// Remote RTP endpoint gets set when the DTLS negotiation is finished.
if (_connectedRemoteEndPoint != null)
{
//logger.LogDebug("Sending STUN connectivity check to client " + iceCandidate.RemoteRtpEndPoint + ".");
string localUser = LocalIceUser;
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + localUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null)); // Must send this to get DTLS started.
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, _connectedRemoteEndPoint, stunReqBytes);
//_lastStunSentAt = DateTime.Now;
}
}
else
{
if (_remoteCandidates.Count() > 0 && _candidates != null)
{
foreach (var localIceCandidate in _candidates.Where(x => x.IsStunLocalExchangeComplete == false && x.StunConnectionRequestAttempts < MAXIMUM_STUN_CONNECTION_ATTEMPTS))
{
localIceCandidate.StunConnectionRequestAttempts++;
// ToDo: Include srflx and relay addresses.
// Only supporting UDP candidates at this stage.
foreach (var remoteIceCandidate in _remoteCandidates.Where(x => x.protocol == RTCIceProtocol.udp &&
x.address.NotNullOrBlank() && x.HasConnectionError == false))
{
try
{
IPAddress remoteAddress = IPAddress.Parse(remoteIceCandidate.address);
logger.LogDebug($"Sending authenticated STUN binding request {localIceCandidate.StunConnectionRequestAttempts} from {_rtpChannel.RTPLocalEndPoint} to WebRTC peer at {remoteIceCandidate.address}:{remoteIceCandidate.port}.");
string localUser = LocalIceUser;
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + localUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null));
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, new IPEndPoint(IPAddress.Parse(remoteIceCandidate.address), remoteIceCandidate.port), stunReqBytes);
localIceCandidate.LastSTUNSendAt = DateTime.Now;
}
catch (System.Net.Sockets.SocketException sockExcp)
{
logger.LogWarning($"SocketException sending STUN request to {remoteIceCandidate.address}:{remoteIceCandidate.port}, removing candidate. {sockExcp.Message}");
remoteIceCandidate.HasConnectionError = true;
}
}
}
}
}
}
//if (!_closed)
//{
// var interval = GetNextStunCheckInterval(STUN_CHECK_BASE_PERIOD_MILLISECONDS);
// if (m_stunChecksTimer == null)
// {
// m_stunChecksTimer = new Timer(SendStunConnectivityChecks, null, interval, interval);
// }
// else
// {
// m_stunChecksTimer.Change(interval, interval);
// }
//}
}
}
catch (Exception excp)
{
logger.LogError("Exception SendStunConnectivityCheck. " + excp);
//m_stunChecksTimer?.Dispose();
}
}
/// <summary>
/// Attempts to get a list of local ICE candidates.
/// </summary>
//private async Task GetIceCandidatesAsync()
//{
// // The media is being multiplexed so the audio and video RTP channel is the same.
// var rtpChannel = GetRtpChannel(SDPMediaTypesEnum.audio);
// if (rtpChannel == null)
// {
// throw new ApplicationException("Cannot start gathering ICE candidates without an RTP channel.");
// }
// else
// {
// var localIPAddresses = _offerAddresses ?? NetServices.GetAllLocalIPAddresses();
// IceNegotiationStartedAt = DateTime.Now;
// LocalIceCandidates = new List<IceCandidate>();
// foreach (var address in localIPAddresses.Where(x => x.AddressFamily == rtpChannel.RTPLocalEndPoint.AddressFamily))
// {
// var iceCandidate = new IceCandidate(address, (ushort)rtpChannel.RTPPort);
// if (_turnServerEndPoint != null)
// {
// iceCandidate.TurnServer = new TurnServer() { ServerEndPoint = _turnServerEndPoint };
// iceCandidate.InitialStunBindingCheck = SendTurnServerBindingRequest(iceCandidate);
// }
// LocalIceCandidates.Add(iceCandidate);
// }
// await Task.WhenAll(LocalIceCandidates.Where(x => x.InitialStunBindingCheck != null).Select(x => x.InitialStunBindingCheck)).ConfigureAwait(false);
// }
//}
public void ProcessStunMessage(STUNv2Message stunMessage, IPEndPoint receivedOn)
{
IPEndPoint remoteEndPoint = (!receivedOn.Address.IsIPv4MappedToIPv6) ? receivedOn : new IPEndPoint(receivedOn.Address.MapToIPv4(), receivedOn.Port);
//logger.LogDebug($"STUN message received from remote {remoteEndPoint} {stunMessage.Header.MessageType}.");
if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingRequest)
{
STUNv2Message stunResponse = new STUNv2Message(STUNv2MessageTypesEnum.BindingSuccessResponse);
stunResponse.Header.TransactionId = stunMessage.Header.TransactionId;
stunResponse.AddXORMappedAddressAttribute(remoteEndPoint.Address, remoteEndPoint.Port);
// ToDo: Check authentication.
string localIcePassword = LocalIcePassword;
byte[] stunRespBytes = stunResponse.ToByteBufferStringKey(localIcePassword, true);
//iceCandidate.LocalRtpSocket.SendTo(stunRespBytes, remoteEndPoint);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, remoteEndPoint, stunRespBytes);
//iceCandidate.LastStunRequestReceivedAt = DateTime.Now;
//iceCandidate.IsStunRemoteExchangeComplete = true;
//if (remoteEndPoint == null)
//{
//RemoteEndPoint = remoteEndPoint;
//SetDestination(SDPMediaTypesEnum.audio, RemoteEndPoint, RemoteEndPoint);
//OnIceConnected?.Invoke(iceCandidate, remoteEndPoint);
//IceConnectionState = RTCIceConnectionState.connected;
//}
if (_remoteCandidates != null && !_remoteCandidates.Any(x =>
(x.address == remoteEndPoint.Address.ToString() || x.relatedAddress == remoteEndPoint.Address.ToString()) &&
(x.port == remoteEndPoint.Port || x.relatedPort == remoteEndPoint.Port)))
{
// This STUN request has come from a socket not in the remote ICE candidates list. Add it so we can send our STUN binding request to it.
// RTCIceCandidate remoteIceCandidate = new IceCandidate("udp", remoteEndPoint.Address, (ushort)remoteEndPoint.Port, RTCIceCandidateType.host);
RTCIceCandidate peerRflxCandidate = new RTCIceCandidate(new RTCIceCandidateInit());
peerRflxCandidate.SetAddressProperties(RTCIceProtocol.udp, remoteEndPoint.Address, (ushort)remoteEndPoint.Port, RTCIceCandidateType.prflx, null, 0);
logger.LogDebug($"Adding peer reflex ICE candidate for {remoteEndPoint}.");
_remoteCandidates.Add(peerRflxCandidate);
// Some browsers require a STUN binding request from our end before the DTLS handshake will be initiated.
// The STUN connectivity checks are already scheduled but we can speed things up by sending a binding
// request immediately.
SendStunConnectivityChecks(null);
}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingSuccessResponse)
{
if (ConnectionState != RTCIceConnectionState.connected)
{
logger.LogDebug($"ICE session setting connected remote end point to {remoteEndPoint}.");
_connectedRemoteEndPoint = remoteEndPoint;
ConnectionState = RTCIceConnectionState.connected;
OnIceConnectionStateChange?.Invoke(RTCIceConnectionState.connected);
}
// TODO: What needs to be done here?
//if (_turnServerEndPoint != null && remoteEndPoint.ToString() == _turnServerEndPoint.ToString())
//{
// if (iceCandidate.IsGatheringComplete == false)
// {
// var reflexAddressAttribute = stunMessage.Attributes.FirstOrDefault(y => y.AttributeType == STUNv2AttributeTypesEnum.XORMappedAddress) as STUNv2XORAddressAttribute;
// if (reflexAddressAttribute != null)
// {
// iceCandidate.StunRflxIPEndPoint = new IPEndPoint(reflexAddressAttribute.Address, reflexAddressAttribute.Port);
// iceCandidate.IsGatheringComplete = true;
// logger.LogDebug("ICE gathering complete for local socket " + iceCandidate.RtpChannel.RTPLocalEndPoint + ", rflx address " + iceCandidate.StunRflxIPEndPoint + ".");
// }
// else
// {
// iceCandidate.IsGatheringComplete = true;
// logger.LogDebug("The STUN binding response received on " + iceCandidate.RtpChannel.RTPLocalEndPoint + " from " + remoteEndPoint + " did not have an XORMappedAddress attribute, rlfx address can not be determined.");
// }
// }
//}
//else
//{
// iceCandidate.LastStunResponseReceivedAt = DateTime.Now;
// if (iceCandidate.IsStunLocalExchangeComplete == false)
// {
// iceCandidate.IsStunLocalExchangeComplete = true;
// logger.LogDebug("WebRTC client STUN exchange complete for call " + CallID + ", candidate local socket " + iceCandidate.RtpChannel.RTPLocalEndPoint + ", remote socket " + remoteEndPoint + ".");
// SetIceConnectionState(IceConnectionStatesEnum.Connected);
// }
//}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingErrorResponse)
{
logger.LogWarning($"A STUN binding error response was received from {remoteEndPoint}.");
}
else
{
logger.LogWarning($"An unrecognised STUN request was received from {remoteEndPoint}.");
}
}
private void SendStunConnectivityChecks()
{
try
{
while (!IsClosed)
{
try
{
// If one of the ICE candidates has the remote RTP socket set then the negotiation is complete and the STUN checks are to keep the connection alive.
if (LocalIceCandidates.Any(x => x.IsConnected == true))
{
var iceCandidate = LocalIceCandidates.First(x => x.IsConnected == true);
// Remote RTP endpoint gets set when the DTLS negotiation is finished.
if (iceCandidate.RemoteRtpEndPoint != null)
{
//logger.Debug("Sending STUN connectivity check to client " + iceCandidate.RemoteRtpEndPoint + ".");
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + LocalIceUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null)); // Must send this to get DTLS started.
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
iceCandidate.LocalRtpSocket.SendTo(stunReqBytes, iceCandidate.RemoteRtpEndPoint);
iceCandidate.LastSTUNSendAt = DateTime.Now;
}
var secondsSinceLastResponse = DateTime.Now.Subtract(iceCandidate.LastCommunicationAt).TotalSeconds;
if (secondsSinceLastResponse > ICE_TIMEOUT_SECONDS)
{
logger.Warn("No STUN response was received on a connected ICE connection for " + secondsSinceLastResponse + "s, closing connection.");
iceCandidate.IsDisconnected = true;
if (LocalIceCandidates.Any(x => x.IsConnected == true) == false)
{
// If there are no connected local candidates left close the peer.
Close();
break;
}
}
}
else
{
if (_remoteIceCandidates.Count() > 0)
{
foreach (var localIceCandidate in LocalIceCandidates.Where(x => x.IsStunLocalExchangeComplete == false && x.StunConnectionRequestAttempts < MAXIMUM_STUN_CONNECTION_ATTEMPTS))
{
localIceCandidate.StunConnectionRequestAttempts++;
// ToDo: Include srflx and relay addresses.
foreach (var remoteIceCandidate in RemoteIceCandidates.Where(x => x.Transport != "tcp" && x.NetworkAddress.NotNullOrBlank())) // Only supporting UDP candidates at this stage.
{
IPAddress remoteAddress = IPAddress.Parse(remoteIceCandidate.NetworkAddress);
logger.Debug("Sending authenticated STUN binding request " + localIceCandidate.StunConnectionRequestAttempts + " from " + localIceCandidate.LocalRtpSocket.LocalEndPoint + " to WebRTC peer at " + remoteIceCandidate.NetworkAddress + ":" + remoteIceCandidate.Port + ".");
STUNv2Message stunRequest = new STUNv2Message(STUNv2MessageTypesEnum.BindingRequest);
stunRequest.Header.TransactionId = Guid.NewGuid().ToByteArray().Take(12).ToArray();
stunRequest.AddUsernameAttribute(RemoteIceUser + ":" + LocalIceUser);
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.Priority, new byte[] { 0x6e, 0x7f, 0x1e, 0xff }));
stunRequest.Attributes.Add(new STUNv2Attribute(STUNv2AttributeTypesEnum.UseCandidate, null)); // Must send this to get DTLS started.
byte[] stunReqBytes = stunRequest.ToByteBufferStringKey(RemoteIcePassword, true);
localIceCandidate.LocalRtpSocket.SendTo(stunReqBytes, new IPEndPoint(IPAddress.Parse(remoteIceCandidate.NetworkAddress), remoteIceCandidate.Port));
localIceCandidate.LastSTUNSendAt = DateTime.Now;
}
}
}
}
}
catch (Exception excp)
{
logger.Error("Exception SendStunConnectivityCheck ConnectivityCheck. " + excp);
}
if (!IsClosed)
{
Thread.Sleep(ESTABLISHED_STUN_BINDING_PERIOD_MILLISECONDS);
}
}
}
catch (Exception excp)
{
logger.Error("Exception SendStunConnectivityCheck. " + excp);
}
}
private void ProcessStunMessage(IceCandidate iceCandidate, STUNv2Message stunMessage, IPEndPoint remoteEndPoint)
{
//logger.Debug("STUN message received from remote " + remoteEndPoint + " " + stunMessage.Header.MessageType + ".");
if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingRequest)
{
STUNv2Message stunResponse = new STUNv2Message(STUNv2MessageTypesEnum.BindingSuccessResponse);
stunResponse.Header.TransactionId = stunMessage.Header.TransactionId;
stunResponse.AddXORMappedAddressAttribute(remoteEndPoint.Address, remoteEndPoint.Port);
// ToDo: Check authentication.
byte[] stunRespBytes = stunResponse.ToByteBufferStringKey(LocalIcePassword, true);
iceCandidate.LocalRtpSocket.SendTo(stunRespBytes, remoteEndPoint);
iceCandidate.LastStunRequestReceivedAt = DateTime.Now;
iceCandidate.IsStunRemoteExchangeComplete = true;
if (_remoteIceCandidates != null && !_remoteIceCandidates.Any(x =>
(x.NetworkAddress == remoteEndPoint.Address.ToString() || x.RemoteAddress == remoteEndPoint.Address.ToString()) &&
(x.Port == remoteEndPoint.Port || x.RemotePort == remoteEndPoint.Port)))
{
// This STUN request has come from a socket not in the remote ICE candidates list. Add it so we can send our STUN binding request to it.
IceCandidate remoteIceCandidate = new IceCandidate()
{
Transport = "udp",
NetworkAddress = remoteEndPoint.Address.ToString(),
Port = remoteEndPoint.Port,
CandidateType = IceCandidateTypesEnum.host
};
logger.Debug("Adding missing remote ICE candidate for " + remoteEndPoint + ".");
_remoteIceCandidates.Add(remoteIceCandidate);
}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingSuccessResponse)
{
if (_turnServerEndPoint != null && remoteEndPoint.ToString() == _turnServerEndPoint.ToString())
{
if (iceCandidate.IsGatheringComplete == false)
{
var reflexAddressAttribute = stunMessage.Attributes.FirstOrDefault(y => y.AttributeType == STUNv2AttributeTypesEnum.XORMappedAddress) as STUNv2XORAddressAttribute;
if (reflexAddressAttribute != null)
{
iceCandidate.StunRflxIPEndPoint = new IPEndPoint(reflexAddressAttribute.Address, reflexAddressAttribute.Port);
iceCandidate.IsGatheringComplete = true;
logger.Debug("ICE gathering complete for local socket " + iceCandidate.LocalRtpSocket.LocalEndPoint + ", rflx address " + iceCandidate.StunRflxIPEndPoint + ".");
}
else
{
iceCandidate.IsGatheringComplete = true;
logger.Debug("The STUN binding response received on " + iceCandidate.LocalRtpSocket.LocalEndPoint + " from " + remoteEndPoint + " did not have an XORMappedAddress attribute, rlfx address can not be determined.");
}
}
}
else
{
iceCandidate.LastStunResponseReceivedAt = DateTime.Now;
if (iceCandidate.IsStunLocalExchangeComplete == false)
{
iceCandidate.IsStunLocalExchangeComplete = true;
logger.Debug("WebRTC client STUN exchange complete for call " + CallID + ", candidate local socket " + iceCandidate.LocalRtpSocket.LocalEndPoint + ", remote socket " + remoteEndPoint + ".");
SetIceConnectionState(IceConnectionStatesEnum.Connected);
}
}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingErrorResponse)
{
logger.Warn("A STUN binding error response was received on " + iceCandidate.LocalRtpSocket.LocalEndPoint + " from " + remoteEndPoint + ".");
}
else
{
logger.Warn("An unrecognised STUN request was received on " + iceCandidate.LocalRtpSocket.LocalEndPoint + " from " + remoteEndPoint + ".");
}
}
/// <summary>
/// Processes a received STUN request or response.
/// </summary>
/// <param name="stunMessage">The STUN message received.</param>
/// <param name="remoteEndPoint">The remote end point the STUN packet was received from.</param>
public void ProcessStunMessage(STUNv2Message stunMessage, IPEndPoint remoteEndPoint)
{
remoteEndPoint = (!remoteEndPoint.Address.IsIPv4MappedToIPv6) ? remoteEndPoint : new IPEndPoint(remoteEndPoint.Address.MapToIPv4(), remoteEndPoint.Port);
//logger.LogDebug($"STUN message received from remote {remoteEndPoint} {stunMessage.Header.MessageType}.");
if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingRequest)
{
// TODO: The integrity check method needs to be implemented (currently just returns true).
bool result = stunMessage.CheckIntegrity(System.Text.Encoding.UTF8.GetBytes(LocalIcePassword), LocalIceUser, RemoteIceUser);
if (!result)
{
// Send STUN error response.
STUNv2Message stunErrResponse = new STUNv2Message(STUNv2MessageTypesEnum.BindingErrorResponse);
stunErrResponse.Header.TransactionId = stunMessage.Header.TransactionId;
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, remoteEndPoint, stunErrResponse.ToByteBuffer(null, false));
}
else
{
var matchingCandidate = (_remoteCandidates != null) ? _remoteCandidates.Where(x => x.IsEquivalentEndPoint(RTCIceProtocol.udp, remoteEndPoint)).FirstOrDefault() : null;
if (matchingCandidate == null)
{
// This STUN request has come from a socket not in the remote ICE candidates list.
// Add a new remote peer reflexive candidate.
RTCIceCandidate peerRflxCandidate = new RTCIceCandidate(new RTCIceCandidateInit());
peerRflxCandidate.SetAddressProperties(RTCIceProtocol.udp, remoteEndPoint.Address, (ushort)remoteEndPoint.Port, RTCIceCandidateType.prflx, null, 0);
logger.LogDebug($"Adding peer reflex ICE candidate for {remoteEndPoint}.");
_remoteCandidates.Add(peerRflxCandidate);
UpdateChecklist(peerRflxCandidate);
matchingCandidate = peerRflxCandidate;
}
// Find the checklist entry for this remote candidate and update its status.
var matchingChecklistEntry = _checklist.Where(x => x.RemoteCandidate.foundation == matchingCandidate.foundation).FirstOrDefault();
if (matchingChecklistEntry == null)
{
logger.LogWarning("ICE session STUN request matched a remote candidate but NOT a checklist entry.");
}
//else
//{
// if (!IsController)
// {
// matchingChecklistEntry.State = ChecklistEntryState.Succeeded;
// }
//}
// The UseCandidate attribute is only meant to be set by the "Controller" peer. This implementation
// will accept it irrespective of the peer roles. If the remote peer wants us to use a certain remote
// end point then so be it.
if (stunMessage.Attributes.Any(x => x.AttributeType == STUNv2AttributeTypesEnum.UseCandidate))
{
if (ConnectionState != RTCIceConnectionState.connected)
{
// If we are the "controlled" agent and get a "use candidate" attribute that sets the matching candidate as nominated
// as per https://tools.ietf.org/html/rfc8445#section-7.3.1.5.
if (matchingChecklistEntry == null)
{
logger.LogWarning("ICE session STUN request had UseCandidate set but no matching checklist entry was found.");
}
else
{
logger.LogDebug($"ICE session remote peer nominated entry from binding request: {matchingChecklistEntry.RemoteCandidate}");
SetNominatedEntry(matchingChecklistEntry);
}
}
}
STUNv2Message stunResponse = new STUNv2Message(STUNv2MessageTypesEnum.BindingSuccessResponse);
stunResponse.Header.TransactionId = stunMessage.Header.TransactionId;
stunResponse.AddXORMappedAddressAttribute(remoteEndPoint.Address, remoteEndPoint.Port);
string localIcePassword = LocalIcePassword;
byte[] stunRespBytes = stunResponse.ToByteBufferStringKey(localIcePassword, true);
_rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, remoteEndPoint, stunRespBytes);
}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingSuccessResponse)
{
// Correlate with request using transaction ID as per https://tools.ietf.org/html/rfc8445#section-7.2.5.
// Actions to take on a successful STUN response https://tools.ietf.org/html/rfc8445#section-7.2.5.3
// - Discover peer reflexive remote candidates
// (TODO: According to https://tools.ietf.org/html/rfc8445#section-7.2.5.3.1 peer reflexive get added to the local candidates list?)
// - Construct a valid pair which means match a candidate pair in the check list and mark it as valid (since a successful STUN exchange
// has now taken place on it). A new entry may need to be created for this pair since peer reflexive candidates are not added to the connectivity
// check checklist.
// - Update state of candidate pair that generated the check to Succeeded.
// - If the controlling candidate set the USE_CANDIDATE attribute then the ICE agent that receives the successful response sets the nominated
// flag of the pair to true. Once the nominated flag is set it concludes the ICE processing for that component.
if (_checklistState == ChecklistState.Running)
{
string txID = Encoding.ASCII.GetString(stunMessage.Header.TransactionId);
// Attempt to find the checklist entry for this transaction ID.
var matchingChecklistEntry = _checklist.Where(x => x.RequestTransactionID == txID).FirstOrDefault();
if (matchingChecklistEntry == null)
{
logger.LogWarning("ICE session STUN response transaction ID did not match a checklist entry.");
}
else
{
matchingChecklistEntry.State = ChecklistEntryState.Succeeded;
if (matchingChecklistEntry.Nominated)
{
logger.LogDebug($"ICE session remote peer nominated entry from binding response: {matchingChecklistEntry.RemoteCandidate}");
// This is the response to a connectivity check that had the "UseCandidate" attribute set.
SetNominatedEntry(matchingChecklistEntry);
}
else if (this.IsController && !_checklist.Any(x => x.Nominated))
{
// If we are the controlling ICE agent it's up to us to decide when to nominate a candidate pair to use for the connection.
// To start with we'll just use whichever pair gets the first successful STUN exchange. If needs be the selection algorithm can
// improve over time.
matchingChecklistEntry.ChecksSent = 0;
matchingChecklistEntry.LastCheckSentAt = DateTime.MinValue;
matchingChecklistEntry.Nominated = true;
SendConnectivityCheck(matchingChecklistEntry, true);
}
}
}
}
else if (stunMessage.Header.MessageType == STUNv2MessageTypesEnum.BindingErrorResponse)
{
logger.LogWarning($"A STUN binding error response was received from {remoteEndPoint}.");
// Attempt to find the checklist entry for this transaction ID.
string txID = Encoding.ASCII.GetString(stunMessage.Header.TransactionId);
var matchingChecklistEntry = _checklist.Where(x => x.RequestTransactionID == txID).FirstOrDefault();
if (matchingChecklistEntry == null)
{
logger.LogWarning("ICE session STUN error response transaction ID did not match a checklist entry.");
}
else
{
logger.LogWarning($"ICE session check list entry set to failed: {matchingChecklistEntry.RemoteCandidate}");
matchingChecklistEntry.State = ChecklistEntryState.Failed;
}
}
else
{
logger.LogWarning($"An unrecognised STUN request was received from {remoteEndPoint}.");
}
}