awslabs · lherman-cs · Apr 28, 2020 · Apr 23, 2020 · Apr 24, 2020 · Apr 28, 2020
diff --git a/.travis.yml b/.travis.yml
@@ -58,6 +58,9 @@ matrix:
     - name: "Linux GCC Code Coverage"
       os: linux
       compiler: gcc
+      before_install:
+        # TODO: Remove the following line. This is only a workaround for enabling IPv6, https://github.com/travis-ci/travis-ci/issues/8891.
+        - sudo sh -c 'echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6'
       before_script:
         - mkdir build && cd build && cmake .. -DCODE_COVERAGE=TRUE -DBUILD_TEST=TRUE
       after_success:
@@ -71,18 +74,27 @@ matrix:
       env:
         - ASAN_OPTIONS=detect_odr_violation=0:detect_leaks=1
         - LSAN_OPTIONS=suppressions=../tst/suppressions/LSAN.supp
+      before_install:
+        # TODO: Remove the following line. This is only a workaround for enabling IPv6, https://github.com/travis-ci/travis-ci/issues/8891.
+        - sudo sh -c 'echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6'
       before_script: mkdir build && cd build && cmake .. -DBUILD_TEST=TRUE -DADDRESS_SANITIZER=TRUE
 
     # UndefinedBehaviorSanitizer
     - name: "Linux Clang UndefinedBehaviorSanitizer"
       os: linux
       compiler: clang
       env: UBSAN_OPTIONS=halt_on_error=1
+      before_install:
+        # TODO: Remove the following line. This is only a workaround for enabling IPv6, https://github.com/travis-ci/travis-ci/issues/8891.
+        - sudo sh -c 'echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6'
       before_script: mkdir build && cd build && cmake .. -DBUILD_TEST=TRUE -DUNDEFINED_BEHAVIOR_SANITIZER=TRUE
 
     # MemorySanitizer
     - name: "Linux Clang MemorySanitizer"
       before_install:
+        # TODO: Remove the following 2 lines. This is only a workaround for enabling IPv6, https://github.com/travis-ci/travis-ci/issues/8891.
+        - echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json
+        - sudo service docker restart
         - mkdir build
         - docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -w /src/build -dit --name msan-tester -v $(pwd):/src seaduboi/kvs-msan-tester
         - msan-tester() { docker exec -it msan-tester "$@"; }
@@ -97,12 +109,17 @@ matrix:
       os: linux
       compiler: clang
       env: TSAN_OPTIONS=halt_on_error=1:suppressions=../tst/suppressions/TSAN.supp
+      before_install:
+        # TODO: Remove the following line. This is only a workaround for enabling IPv6, https://github.com/travis-ci/travis-ci/issues/8891.
+        - sudo sh -c 'echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6'
       before_script: mkdir build && cd build && cmake .. -DBUILD_TEST=TRUE -DTHREAD_SANITIZER=TRUE
 
     # Old Version GCC 4.4
     - name: "Linux GCC 4.4 Build"
       os: linux
       before_install:
+        # TODO: Remove the following line. This is only a workaround for enabling IPv6, https://github.com/travis-ci/travis-ci/issues/8891.
+        - sudo sh -c 'echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6'
         - sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
         - sudo apt-get -q update
         - sudo apt-get -y install gcc-4.4
@@ -113,6 +130,9 @@ matrix:
     # Static Build
     - name: "Static Build"
       before_install:
+        # TODO: Remove the following 2 lines. This is only a workaround for enabling IPv6, https://github.com/travis-ci/travis-ci/issues/8891.
+        - echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json
+        - sudo service docker restart
         - mkdir build
         - docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -w /src/build -dit --name alpine -v $(pwd):/src alpine
         - alpine() { docker exec -it alpine "$@"; }
@@ -135,6 +155,9 @@ matrix:
             - g++-arm-linux-gnueabi
             - binutils-arm-linux-gnueabi
       compiler: gcc
+      before_install:
+        # TODO: Remove the following line. This is only a workaround for enabling IPv6, https://github.com/travis-ci/travis-ci/issues/8891.
+        - sudo sh -c 'echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6'
       before_script:
         - export CC=arm-linux-gnueabi-gcc CXX=arm-linux-gnueabi-g++
         - mkdir build && cd build

diff --git a/src/source/Ice/IceAgent.c b/src/source/Ice/IceAgent.c
@@ -254,8 +254,10 @@ STATUS iceAgentAddRemoteCandidate(PIceAgent pIceAgent, PCHAR pIceCandidateString
     BOOL locked = FALSE;
     PIceCandidate pIceCandidate = NULL, pDuplicatedIceCandidate = NULL;
     PCHAR curr, tail, next;
-    UINT32 tokenLen, portValue, remoteCandidateCount, i;
-    BOOL foundIpAndPort = FALSE, freeIceCandidateIfFail = TRUE;
+    UINT32 tokenLen, portValue, remoteCandidateCount, i, len;
+    BOOL freeIceCandidateIfFail = TRUE;
+    BOOL foundIp = FALSE, foundPort = FALSE;
+    CHAR ipBuf[KVS_IP_ADDRESS_STRING_BUFFER_LEN];
     KvsIpAddress candidateIpAddr;
 
     CHK(pIceAgent != NULL && pIceCandidateString != NULL, STATUS_NULL_ARG);
@@ -271,26 +273,32 @@ STATUS iceAgentAddRemoteCandidate(PIceAgent pIceAgent, PCHAR pIceCandidateString
 
     curr = pIceCandidateString;
     tail = pIceCandidateString + STRLEN(pIceCandidateString);
-    while ((next = STRNCHR(curr, tail - curr, ' ')) != NULL && !foundIpAndPort) {
+    while ((next = STRNCHR(curr, tail - curr, ' ')) != NULL && !(foundIp && foundPort)) {
         tokenLen = (UINT32) (next - curr);
         CHK(STRNCMPI("tcp", curr, tokenLen) != 0, STATUS_ICE_CANDIDATE_STRING_IS_TCP);
 
-        if (candidateIpAddr.address[0] != 0) {
+        if (foundIp) {
             CHK_STATUS(STRTOUI32(curr, curr + tokenLen, 10, &portValue));
 
             candidateIpAddr.port = htons(portValue);
-            candidateIpAddr.family = KVS_IP_FAMILY_TYPE_IPV4;
-        } else if (STRNCHR(curr, tokenLen, '.') != NULL) {
-            CHK(tokenLen <= KVS_MAX_IPV4_ADDRESS_STRING_LEN, STATUS_ICE_CANDIDATE_STRING_INVALID_IP); // IPv4 is 15 characters at most
-            CHK_STATUS(populateIpFromString(&candidateIpAddr, curr));
+            foundPort = TRUE;
+        } else {
+            len = MIN(next - curr, KVS_IP_ADDRESS_STRING_BUFFER_LEN - 1);
+            STRNCPY(ipBuf, curr, len);
+            ipBuf[len] = '\0';
+
+            if ((foundIp = inet_pton(AF_INET, ipBuf, candidateIpAddr.address) == 1 ? TRUE : FALSE)) {
+                candidateIpAddr.family = KVS_IP_FAMILY_TYPE_IPV4;
+            } else if ((foundIp = inet_pton(AF_INET6, ipBuf, candidateIpAddr.address) == 1 ? TRUE : FALSE)) {
+                candidateIpAddr.family = KVS_IP_FAMILY_TYPE_IPV6;
+            }
         }
 
         curr = next + 1;
-        foundIpAndPort = (candidateIpAddr.port != 0) && (candidateIpAddr.address[0] != 0);
     }
 
-    CHK(candidateIpAddr.port != 0, STATUS_ICE_CANDIDATE_STRING_MISSING_PORT);
-    CHK(candidateIpAddr.address[0] != 0, STATUS_ICE_CANDIDATE_STRING_MISSING_IP);
+    CHK(foundPort, STATUS_ICE_CANDIDATE_STRING_MISSING_PORT);
+    CHK(foundIp, STATUS_ICE_CANDIDATE_STRING_MISSING_IP);
 
     CHK_STATUS(findCandidateWithIp(&candidateIpAddr, pIceAgent->remoteCandidates, &pDuplicatedIceCandidate));
     CHK(pDuplicatedIceCandidate == NULL, retStatus);
@@ -341,8 +349,7 @@ STATUS iceAgentInitHostCandidate(PIceAgent pIceAgent)
         // make sure pIceAgent->localCandidates has no duplicates
         CHK_STATUS(findCandidateWithIp(pIpAddress, pIceAgent->localCandidates, &pDuplicatedIceCandidate));
 
-        if (pIpAddress->family == KVS_IP_FAMILY_TYPE_IPV4 && // Disable ipv6 gathering for now
-            pDuplicatedIceCandidate == NULL &&
+        if (pDuplicatedIceCandidate == NULL &&
             STATUS_SUCCEEDED(createSocketConnection(pIpAddress, NULL, KVS_SOCKET_PROTOCOL_UDP, (UINT64) pIceAgent,
                                                     incomingDataHandler, pIceAgent->kvsRtcConfiguration.sendBufSize, &pSocketConnection))) {
             pTmpIceCandidate = MEMCALLOC(1, SIZEOF(IceCandidate));
@@ -747,7 +754,10 @@ STATUS createIceCandidatePairs(PIceAgent pIceAgent, PIceCandidate pIceCandidate,
         pCurrentIceCandidate = (PIceCandidate) data;
         pCurNode = pCurNode->pNext;
 
-        if (pCurrentIceCandidate->state == ICE_CANDIDATE_STATE_VALID) {
+        // https://tools.ietf.org/html/rfc8445#section-6.1.2.2
+        // pair local and remote candidates with the same family
+        if (pCurrentIceCandidate->state == ICE_CANDIDATE_STATE_VALID &&
+                pCurrentIceCandidate->ipAddress.family == pIceCandidate->ipAddress.family) {
             pIceCandidatePair = (PIceCandidatePair) MEMCALLOC(1, SIZEOF(IceCandidatePair));
             CHK(pIceCandidatePair != NULL, STATUS_NOT_ENOUGH_MEMORY);
 
@@ -1047,20 +1057,21 @@ STATUS iceAgentSendSrflxCandidateRequest(PIceAgent pIceAgent)
             switch(pCandidate->iceCandidateType) {
                 case ICE_CANDIDATE_TYPE_SERVER_REFLEXIVE:
                     pIceServer = &(pIceAgent->iceServers[pCandidate->iceServerIndex]);
-                    transactionIdStoreInsert(pIceAgent->pStunBindingRequestTransactionIdStore,
-                                             pBindingRequest->header.transactionId);
-                    retStatus =  iceUtilsSendStunPacket(pBindingRequest,
-                                                        NULL,
-                                                        0,
-                                                        &pIceServer->ipAddress,
-                                                        pCandidate->pSocketConnection,
-                                                        NULL,
-                                                        FALSE);
-                    if (STATUS_FAILED(retStatus)) {
-                        DLOGD("iceUtilsSendStunPacket failed with 0x%08x", retStatus);
-                        retStatus = STATUS_SUCCESS;
+                    if (pIceServer->ipAddress.family == pCandidate->ipAddress.family) {
+                        transactionIdStoreInsert(pIceAgent->pStunBindingRequestTransactionIdStore,
+                                                 pBindingRequest->header.transactionId);
+                        retStatus =  iceUtilsSendStunPacket(pBindingRequest,
+                                                            NULL,
+                                                            0,
+                                                            &pIceServer->ipAddress,
+                                                            pCandidate->pSocketConnection,
+                                                            NULL,
+                                                            FALSE);
+                        if (STATUS_FAILED(retStatus)) {
+                            DLOGD("iceUtilsSendStunPacket failed with 0x%08x", retStatus);
+                            retStatus = STATUS_SUCCESS;
+                        }
                     }
-
                     break;
 
                 default:
@@ -1324,7 +1335,9 @@ STATUS iceAgentInitSrflxCandidate(PIceAgent pIceAgent)
         pCurNode = pCurNode->pNext;
         pCandidate = (PIceCandidate) data;
 
-        if (pCandidate->iceCandidateType == ICE_CANDIDATE_TYPE_HOST) {
+        // TODO: Stop skipping IPv6. Stun serialization and deserialization needs to be implemented properly first.
+        if (pCandidate->iceCandidateType == ICE_CANDIDATE_TYPE_HOST && 
+              IS_IPV4_ADDR(&pCandidate->ipAddress)) {
             for (j = 0; j < pIceAgent->iceServersCount; j++) {
                 if (!pIceAgent->iceServers[j].isTurn) {
                     CHK((pNewCandidate = (PIceCandidate) MEMCALLOC(1, SIZEOF(IceCandidate))) != NULL,
@@ -1402,8 +1415,15 @@ STATUS iceAgentInitRelayCandidate(PIceAgent pIceAgent)
             pSocketAddrForTurn = NULL;
             // if an VPN interface (isPointToPoint is TRUE) is found, use that instead
             for(i = 0; i < pIceAgent->localNetworkInterfaceCount; ++i) {
-                if(pIceAgent->localNetworkInterfaces[i].family == pIceAgent->iceServers[j].ipAddress.family &&
-                   (pSocketAddrForTurn == NULL || pIceAgent->localNetworkInterfaces[i].isPointToPoint)) {
+                // TODO: Stop skipping IPv6. Stun serialization and deserialization needs to be implemented properly first. 
+                // Also, we need to handle the following kinds of relays:
+                //   1. IPv4-to-IPv6
+                //   2. IPv6-to-IPv6
+                //   3. IPv6-to-IPv4
+                // RFC: https://tools.ietf.org/html/rfc6156
+                if(pIceAgent->localNetworkInterfaces[i].family == KVS_IP_FAMILY_TYPE_IPV4 &&
+                    pIceAgent->localNetworkInterfaces[i].family == pIceAgent->iceServers[j].ipAddress.family &&
+                    (pSocketAddrForTurn == NULL || pIceAgent->localNetworkInterfaces[i].isPointToPoint)) {
                     pSocketAddrForTurn = &pIceAgent->localNetworkInterfaces[i];
                 }
             }
@@ -1460,8 +1480,12 @@ STATUS iceAgentInitRelayCandidate(PIceAgent pIceAgent)
                     pCurNode = pCurNode->pNext;
                     pCandidate = (PIceCandidate) data;
 
-                    CHK_STATUS(turnConnectionAddPeer(pCurrentTurnConnectionTracker->pTurnConnection,
-                                                     &pCandidate->ipAddress));
+                    // TODO: Stop skipping IPv6. Since we're allowing IPv6 remote candidates from iceAgentAddRemoteCandidate for host candidates,
+                    // it's possible to have a situation where the turn server uses IPv4 and the remote candidate uses IPv6.
+                    if (IS_IPV4_ADDR(&pCandidate->ipAddress)) {
+                      CHK_STATUS(turnConnectionAddPeer(pCurrentTurnConnectionTracker->pTurnConnection,
+                                                       &pCandidate->ipAddress));
+                    }
                 }
 
                 MUTEX_UNLOCK(pIceAgent->lock);
@@ -1863,18 +1887,32 @@ STATUS iceCandidateSerialize(PIceCandidate pIceCandidate, PCHAR pOutputData, PUI
                                  pIceCandidate->ipAddress.address[3],
                                  (UINT16) getInt16(pIceCandidate->ipAddress.port),
                                  iceAgentGetCandidateTypeStr(pIceCandidate->iceCandidateType));
+    } else {
+        amountWritten = SNPRINTF(pOutputData,
+                                 pOutputData == NULL ? 0 : *pOutputLength,
+                                 "%u 1 udp %u %02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X "
+                                 "%d typ %s raddr ::/0 rport 0 generation 0 network-cost 999",
+                                 pIceCandidate->foundation,
+                                 pIceCandidate->priority,
+                                 pIceCandidate->ipAddress.address[0], pIceCandidate->ipAddress.address[1],
+                                 pIceCandidate->ipAddress.address[2], pIceCandidate->ipAddress.address[3],
+                                 pIceCandidate->ipAddress.address[4], pIceCandidate->ipAddress.address[5],
+                                 pIceCandidate->ipAddress.address[6], pIceCandidate->ipAddress.address[7],
+                                 pIceCandidate->ipAddress.address[8], pIceCandidate->ipAddress.address[9],
+                                 pIceCandidate->ipAddress.address[10], pIceCandidate->ipAddress.address[11],
+                                 pIceCandidate->ipAddress.address[12], pIceCandidate->ipAddress.address[13],
+                                 pIceCandidate->ipAddress.address[14], pIceCandidate->ipAddress.address[15],
+                                 (UINT16) getInt16(pIceCandidate->ipAddress.port),
+                                 iceAgentGetCandidateTypeStr(pIceCandidate->iceCandidateType));
+    }
 
-        CHK_WARN(amountWritten > 0, STATUS_INTERNAL_ERROR, "SNPRINTF failed");
-
-        if (pOutputData == NULL) {
-            *pOutputLength = ((UINT32) amountWritten) + 1; // +1 for null terminator
-        } else {
-            // amountWritten doesnt account for null char
-            CHK(amountWritten < (INT32) *pOutputLength, STATUS_BUFFER_TOO_SMALL);
-        }
+    CHK_WARN(amountWritten > 0, STATUS_INTERNAL_ERROR, "SNPRINTF failed");
 
+    if (pOutputData == NULL) {
+        *pOutputLength = ((UINT32) amountWritten) + 1; // +1 for null terminator
     } else {
-        DLOGW("ipv6 not supported yet");
+        // amountWritten doesnt account for null char
+        CHK(amountWritten < (INT32) *pOutputLength, STATUS_BUFFER_TOO_SMALL);
     }
 
 CleanUp:

diff --git a/src/source/Ice/IceUtils.c b/src/source/Ice/IceUtils.c
@@ -185,45 +185,6 @@ STATUS iceUtilsSendData(PBYTE buffer, UINT32 size,
     return retStatus;
 }
 
-// only work with ipv4 right now
-STATUS populateIpFromString(PKvsIpAddress pKvsIpAddress, PCHAR pBuff)
-{
-    ENTERS();
-    STATUS retStatus = STATUS_SUCCESS;
-    PCHAR curr, tail, next;
-    UINT8 octet = 0;
-    UINT32 ipValue;
-
-    CHK(pKvsIpAddress != NULL && pBuff != NULL, STATUS_NULL_ARG);
-    CHK(STRNLEN(pBuff, KVS_MAX_IPV4_ADDRESS_STRING_LEN) > 0, STATUS_INVALID_ARG);
-
-    curr = pBuff;
-    tail = pBuff + STRLEN(pBuff);
-    // first 3 octet should always end with a '.', the last octet may end with ' ' or '\0'
-    while ((next = STRNCHR(curr, tail - curr, '.')) != NULL && octet < 3) {
-        CHK_STATUS(STRTOUI32(curr, curr + (next - curr), 10, &ipValue));
-        pKvsIpAddress->address[octet] = (UINT8) ipValue;
-        octet++;
-
-        curr = next + 1;
-    }
-
-    // work with string containing just ip address and string that has ip address as substring
-    if ((next = STRNCHR(curr, tail - curr, ' ')) != NULL || (next = STRNCHR(curr, tail - curr, '\0')) != NULL) {
-        CHK_STATUS(STRTOUI32(curr, curr + (next - curr), 10, &ipValue));
-        pKvsIpAddress->address[octet] = (UINT8) ipValue;
-        octet++;
-    }
-
-    CHK(octet == 4, STATUS_ICE_CANDIDATE_STRING_INVALID_IP); // IPv4 MUST have 4 octets
-CleanUp:
-
-    CHK_LOG_ERR(retStatus);
-
-    LEAVES();
-    return retStatus;
-}
-
 STATUS parseIceServer(PIceServer pIceServer, PCHAR url, PCHAR username, PCHAR credential)
 {
     ENTERS();

diff --git a/src/source/Ice/IceUtils.h b/src/source/Ice/IceUtils.h
@@ -37,8 +37,6 @@ STATUS iceUtilsPackageStunPacket(PStunPacket, PBYTE, UINT32, PBYTE, PUINT32);
 STATUS iceUtilsSendStunPacket(PStunPacket, PBYTE, UINT32, PKvsIpAddress, PSocketConnection, struct __TurnConnection*, BOOL);
 STATUS iceUtilsSendData(PBYTE, UINT32, PKvsIpAddress, PSocketConnection, struct __TurnConnection*, BOOL);
 
-STATUS populateIpFromString(PKvsIpAddress, PCHAR);
-
 typedef struct {
     BOOL isTurn;
     CHAR url[MAX_ICE_CONFIG_URI_LEN + 1];

diff --git a/src/source/Ice/Network.c b/src/source/Ice/Network.c
@@ -51,6 +51,12 @@ STATUS getLocalhostIpAddresses(PKvsIpAddress destIpList, PUINT32 pDestIpListLen,
                     destIpList[ipCount].family = KVS_IP_FAMILY_TYPE_IPV6;
                     destIpList[ipCount].port = 0;
                     pIpv6Addr = (struct sockaddr_in6 *) ifa->ifa_addr;
+                    // Ignore link local: not very useful and will add work unnecessarily
+                    // Ignore site local: https://tools.ietf.org/html/rfc8445#section-5.1.1.1
+                    if (IN6_IS_ADDR_LINKLOCAL(&pIpv6Addr->sin6_addr) ||
+                        IN6_IS_ADDR_SITELOCAL(&pIpv6Addr->sin6_addr)) {
+                      continue;
+                    }
                     MEMCPY(destIpList[ipCount].address, &pIpv6Addr->sin6_addr, IPV6_ADDRESS_LENGTH);
                 }