Confirmed users
214
edits
Media/WebRTC/WebRTCE10S: Difference between revisions
→Network Proxies
| Line 66: | Line 66: | ||
==== Network Proxies ==== | ==== Network Proxies ==== | ||
The first design is to do only the primitive networking operations in the parent | |||
process and have ICE talk to the proxies that remote those operations, | |||
as shown below. This is approximately the design Google uses. | |||
https://raw.github.com/mozilla/webrtc/master/planning/network-e10s-socket-proxy.png | https://raw.github.com/mozilla/webrtc/master/planning/network-e10s-socket-proxy.png | ||
The advantage of this design is that it is relatively straightforward to execute | |||
and that the APIs that are required are relatively limited. I.e., | |||
- List all the interfaces and their addresses | |||
- Bind a socket to a given interface/address | |||
- Send a packet to a given remote address from a given socket | |||
- Receive a packet on a given socket and learn the remote address | |||
The major disadvantage of this design is that it provides the content process | |||
with a fair amount of control over the network and thus potentially represents | |||
a threat if/when the content process is compromised. For instance, | |||
if the content process is compromised, it could send arbitrary UDP or | |||
TCP packets to anywhere in the network that is accessible to the phone. | |||
Of course, this is already a risk in the desktop version. | |||
We might be able to mitigate this risk somewhat by installing some | |||
primitive packet filtering on the parent process side. For instance, we | |||
could enforce the following policy: | |||
* A socket maintains two tables: | |||
** An outstanding STUN transaction table | |||
** A "permissions" table of accepted remote addresses | |||
* When a content process tries to send a non-STUN formatted packet, the socket rejects it unless the remote address is in the permissions table | |||
* When a content process sends a STUN-formatted packet, it gets transmitted and added to the outstanding STUN transaction table | |||
* When packet is received, it is checked against the outstanding STUN transaction table. If a transaction completes, then the address is added to the permissions table. | |||
==== ICE In Parent ==== | ==== ICE In Parent ==== | ||
https://raw.github.com/mozilla/webrtc/master/planning/network-e10s-ice-parent.png | https://raw.github.com/mozilla/webrtc/master/planning/network-e10s-ice-parent.png | ||