churn doesn't work between chrome and firefox #1597
Comments
|
The first issue I found is that After introducing a workaround (a 3 second timer to stop waiting for |
trevj
changed the title
|
Have been digging into this. Firefox -> Firefox works just fine, as does Chrome -> Chrome. There's something about the way we mangle candidate lines that is incompatible with how Chrome produces them, and how Firefox consumes them. So far, I've tried a few things:
Not much success yet, though. |
|
Oh, another thing: the set of STUN servers specified by uProxy takes ~10 seconds to complete gathering on Chrome. We need to dig into this, too. Reckon there'll be several things required to fix this. |
|
So, Firefox doesn't like to act as a Specifically, if WebRTC A (on Firefox) is communicating with a WebRTC B who reports A's address as 127.0.0.1 then Firefox's WebRTC A will not establish a connection with B. Wireshark can be used to identify this issue: you will see STUN messages with With the current code, this happens when a uProxy running under Firefox attempts to connect with uProxy running on Chrome. Chrome respects the 127.0.0.1 supplied to churn-pipe but it turns out freedom-for-firefox always binds to If I change that second argument to The easiest fix is to have churn-pipe bind to a non-127.0.0.1 address; we can just bind to the same address/interface as the obfuscated WebRTC connection. For bonus points (extra security, for those having public IPs) the pipe really should only accept packets from the obfuscated WebRTC connection's address and port. |
Well, as you pointed out, it looks like our implementation of bind in Firefox ignores this address anyway. Do we have to fix that first? |
|
We may not need any fix on the Firefox side -- AFAICT, calling |
|
Right. Is it then guaranteed that packets sent to some interface will see that same interface as the source address? I'm not aware of any such guarantee. AFAIK, the implementation could still set the source address to localhost. |
|
A little more info on
Right, I see no guarantee that your source address for packets won't be 127.0.0.1 -- but Wireshark tells me this isn't happening right now. I will file an issue to investigate further. |
|
Let's:
|
|
OK, filed freedom-for-firefox issue: freedomjs/freedom-for-firefox#67 |
|
And the fix to bind to 0.0.0.0: |
|
We now understand that this is a deliberate choice in Firefox, albeit not one that was deliberated at great length. It's possible that we could get a change to Firefox's behavior here, but given that Firefox 38 will be the Extended Support Release for two years, I think it behooves us to focus on making our code work in that version. For context see the chat log on this topic. |
|
I think this is the major outstanding TODO: |
Simple SOCKS with churn works fine, but not uProxy. Seems to be just Firefox, and it seems to be related to the timing of ICE candidates: the obfuscated connection times out while the probe connection is still generating signalling messages. Weird!
However, this happens even if I specify no STUN servers -- there's clearly more going on here.
The text was updated successfully, but these errors were encountered: