/** {@inheritDoc} */
@Override
public RawPacket transform(RawPacket pkt) {
byte[] buf = pkt.getBuffer();
int off = pkt.getOffset();
int len = pkt.getLength();
// If the specified pkt represents a DTLS record, then it should pass
// through this PacketTransformer (e.g. it has been sent through
// DatagramTransportImpl).
if (isDtlsRecord(buf, off, len)) return pkt;
// SRTP
if (!transformEngine.isSrtpDisabled()) {
// DTLS-SRTP has not been initialized yet or has failed to
// initialize.
SinglePacketTransformer srtpTransformer = waitInitializeAndGetSRTPTransformer();
if (srtpTransformer != null) pkt = srtpTransformer.transform(pkt);
else if (DROP_UNENCRYPTED_PKTS) pkt = null;
// XXX Else, it is our explicit policy to let the received packet
// pass through and rely on the SrtpListener to notify the user that
// the session is not secured.
}
// Pure/non-SRTP DTLS
else {
// The specified pkt will pass through this PacketTransformer only
// if it gets transformed into a DTLS record.
pkt = null;
sendApplicationData(buf, off, len);
}
return pkt;
}
private void runOnDtlsTransport(StreamConnector connector) throws IOException {
DtlsControlImpl dtlsControl = (DtlsControlImpl) getTransportManager().getDtlsControl(this);
DtlsTransformEngine engine = dtlsControl.getTransformEngine();
final DtlsPacketTransformer transformer = (DtlsPacketTransformer) engine.getRTPTransformer();
byte[] receiveBuffer = new byte[SCTP_BUFFER_SIZE];
if (LOG_SCTP_PACKETS) {
System.setProperty(
ConfigurationService.PNAME_SC_HOME_DIR_LOCATION, System.getProperty("java.io.tmpdir"));
System.setProperty(
ConfigurationService.PNAME_SC_HOME_DIR_NAME, SctpConnection.class.getName());
}
synchronized (this) {
// FIXME local SCTP port is hardcoded in bridge offer SDP (Jitsi
// Meet)
sctpSocket = Sctp.createSocket(5000);
assocIsUp = false;
acceptedIncomingConnection = false;
}
// Implement output network link for SCTP stack on DTLS transport
sctpSocket.setLink(
new NetworkLink() {
@Override
public void onConnOut(SctpSocket s, byte[] packet) throws IOException {
if (LOG_SCTP_PACKETS) {
LibJitsi.getPacketLoggingService()
.logPacket(
PacketLoggingService.ProtocolName.ICE4J,
new byte[] {0, 0, 0, (byte) debugId},
5000,
new byte[] {0, 0, 0, (byte) (debugId + 1)},
remoteSctpPort,
PacketLoggingService.TransportName.UDP,
true,
packet);
}
// Send through DTLS transport
transformer.sendApplicationData(packet, 0, packet.length);
}
});
if (logger.isDebugEnabled()) {
logger.debug("Connecting SCTP to port: " + remoteSctpPort + " to " + getEndpoint().getID());
}
sctpSocket.setNotificationListener(this);
sctpSocket.listen();
// FIXME manage threads
threadPool.execute(
new Runnable() {
@Override
public void run() {
SctpSocket sctpSocket = null;
try {
// sctpSocket is set to null on close
sctpSocket = SctpConnection.this.sctpSocket;
while (sctpSocket != null) {
if (sctpSocket.accept()) {
acceptedIncomingConnection = true;
break;
}
Thread.sleep(100);
sctpSocket = SctpConnection.this.sctpSocket;
}
if (isReady()) {
notifySctpConnectionReady();
}
} catch (Exception e) {
logger.error("Error accepting SCTP connection", e);
}
if (sctpSocket == null && logger.isInfoEnabled()) {
logger.info(
"SctpConnection " + getID() + " closed" + " before SctpSocket accept()-ed.");
}
}
});
// Notify that from now on SCTP connection is considered functional
sctpSocket.setDataCallback(this);
// Setup iceSocket
DatagramSocket datagramSocket = connector.getDataSocket();
if (datagramSocket != null) {
this.iceSocket = new IceUdpSocketWrapper(datagramSocket);
} else {
this.iceSocket = new IceTcpSocketWrapper(connector.getDataTCPSocket());
}
DatagramPacket rcvPacket = new DatagramPacket(receiveBuffer, 0, receiveBuffer.length);
// Receive loop, breaks when SCTP socket is closed
try {
do {
iceSocket.receive(rcvPacket);
RawPacket raw =
new RawPacket(rcvPacket.getData(), rcvPacket.getOffset(), rcvPacket.getLength());
raw = transformer.reverseTransform(raw);
// Check for app data
if (raw == null) continue;
if (LOG_SCTP_PACKETS) {
LibJitsi.getPacketLoggingService()
.logPacket(
PacketLoggingService.ProtocolName.ICE4J,
new byte[] {0, 0, 0, (byte) (debugId + 1)},
remoteSctpPort,
new byte[] {0, 0, 0, (byte) debugId},
5000,
PacketLoggingService.TransportName.UDP,
false,
raw.getBuffer(),
raw.getOffset(),
raw.getLength());
}
// Pass network packet to SCTP stack
sctpSocket.onConnIn(raw.getBuffer(), raw.getOffset(), raw.getLength());
} while (true);
} finally {
// Eventually, close the socket although it should happen from
// expire().
synchronized (this) {
assocIsUp = false;
acceptedIncomingConnection = false;
if (sctpSocket != null) {
sctpSocket.close();
sctpSocket = null;
}
}
}
}
/**
* Runs in {@link #connectThread} to initialize {@link #dtlsTransport}.
*
* @param dtlsProtocol
* @param tlsPeer
* @param datagramTransport
*/
private void runInConnectThread(
DTLSProtocol dtlsProtocol, TlsPeer tlsPeer, DatagramTransport datagramTransport) {
DTLSTransport dtlsTransport = null;
final boolean srtp = !transformEngine.isSrtpDisabled();
int srtpProtectionProfile = 0;
TlsContext tlsContext = null;
// DTLS client
if (dtlsProtocol instanceof DTLSClientProtocol) {
DTLSClientProtocol dtlsClientProtocol = (DTLSClientProtocol) dtlsProtocol;
TlsClientImpl tlsClient = (TlsClientImpl) tlsPeer;
for (int i = CONNECT_TRIES - 1; i >= 0; i--) {
if (!enterRunInConnectThreadLoop(i, datagramTransport)) break;
try {
dtlsTransport = dtlsClientProtocol.connect(tlsClient, datagramTransport);
break;
} catch (IOException ioe) {
if (!handleRunInConnectThreadException(
ioe, "Failed to connect this DTLS client to a DTLS" + " server!", i)) {
break;
}
}
}
if (dtlsTransport != null && srtp) {
srtpProtectionProfile = tlsClient.getChosenProtectionProfile();
tlsContext = tlsClient.getContext();
}
}
// DTLS server
else if (dtlsProtocol instanceof DTLSServerProtocol) {
DTLSServerProtocol dtlsServerProtocol = (DTLSServerProtocol) dtlsProtocol;
TlsServerImpl tlsServer = (TlsServerImpl) tlsPeer;
for (int i = CONNECT_TRIES - 1; i >= 0; i--) {
if (!enterRunInConnectThreadLoop(i, datagramTransport)) break;
try {
dtlsTransport = dtlsServerProtocol.accept(tlsServer, datagramTransport);
break;
} catch (IOException ioe) {
if (!handleRunInConnectThreadException(
ioe, "Failed to accept a connection from a DTLS client!", i)) {
break;
}
}
}
if (dtlsTransport != null && srtp) {
srtpProtectionProfile = tlsServer.getChosenProtectionProfile();
tlsContext = tlsServer.getContext();
}
} else {
// It MUST be either a DTLS client or a DTLS server.
throw new IllegalStateException("dtlsProtocol");
}
SinglePacketTransformer srtpTransformer =
(dtlsTransport == null || !srtp)
? null
: initializeSRTPTransformer(srtpProtectionProfile, tlsContext);
boolean closeSRTPTransformer;
synchronized (this) {
if (Thread.currentThread().equals(this.connectThread)
&& datagramTransport.equals(this.datagramTransport)) {
this.dtlsTransport = dtlsTransport;
_srtpTransformer = srtpTransformer;
notifyAll();
}
closeSRTPTransformer = (_srtpTransformer != srtpTransformer);
}
if (closeSRTPTransformer && srtpTransformer != null) srtpTransformer.close();
}
/** {@inheritDoc} */
@Override
public RawPacket reverseTransform(RawPacket pkt) {
byte[] buf = pkt.getBuffer();
int off = pkt.getOffset();
int len = pkt.getLength();
if (isDtlsRecord(buf, off, len)) {
if (rtcpmux && Component.RTCP == componentID) {
// This should never happen.
logger.warn(
"Dropping a DTLS record, because it was received on the"
+ " RTCP channel while rtcpmux is in use.");
return null;
}
boolean receive;
synchronized (this) {
if (datagramTransport == null) {
receive = false;
} else {
datagramTransport.queueReceive(buf, off, len);
receive = true;
}
}
if (receive) {
DTLSTransport dtlsTransport = this.dtlsTransport;
if (dtlsTransport == null) {
// The specified pkt looks like a DTLS record and it has
// been consumed for the purposes of the secure channel
// represented by this PacketTransformer.
pkt = null;
} else {
try {
int receiveLimit = dtlsTransport.getReceiveLimit();
int delta = receiveLimit - len;
if (delta > 0) {
pkt.grow(delta);
buf = pkt.getBuffer();
off = pkt.getOffset();
len = pkt.getLength();
} else if (delta < 0) {
pkt.shrink(-delta);
buf = pkt.getBuffer();
off = pkt.getOffset();
len = pkt.getLength();
}
int received = dtlsTransport.receive(buf, off, len, DTLS_TRANSPORT_RECEIVE_WAITMILLIS);
if (received <= 0) {
// No application data was decoded.
pkt = null;
} else {
delta = len - received;
if (delta > 0) pkt.shrink(delta);
}
} catch (IOException ioe) {
pkt = null;
// SrtpControl.start(MediaType) starts its associated
// TransformEngine. We will use that mediaType to signal
// the normal stop then as well i.e. we will ignore
// exception after the procedure to stop this
// PacketTransformer has begun.
if (mediaType != null && !tlsPeerHasRaisedCloseNotifyWarning) {
logger.error("Failed to decode a DTLS record!", ioe);
}
}
}
} else {
// The specified pkt looks like a DTLS record but it is
// unexpected in the current state of the secure channel
// represented by this PacketTransformer. This PacketTransformer
// has not been started (successfully) or has been closed.
pkt = null;
}
} else if (transformEngine.isSrtpDisabled()) {
// In pure DTLS mode only DTLS records pass through.
pkt = null;
} else {
// DTLS-SRTP has not been initialized yet or has failed to
// initialize.
SinglePacketTransformer srtpTransformer = waitInitializeAndGetSRTPTransformer();
if (srtpTransformer != null) pkt = srtpTransformer.reverseTransform(pkt);
else if (DROP_UNENCRYPTED_PKTS) pkt = null;
// XXX Else, it is our explicit policy to let the received packet
// pass through and rely on the SrtpListener to notify the user that
// the session is not secured.
}
return pkt;
}