Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RDKDEV-1085: limit port range for webrtc peer connections #1403

Open
wants to merge 1 commit into
base: wpe-2.38
Choose a base branch
from
Open

RDKDEV-1085: limit port range for webrtc peer connections #1403

wants to merge 1 commit into from

Conversation

mikolaj-staworzynski-red
Copy link

Port range limit is retrieved from env variable: WEBRTC_PEER_PORT_RANGE

@mikolaj-staworzynski-red
RDKDEV-1085: limit port range for webrtc peer connections
8da60e2 
Port range limit is retrieved from env variable: WEBRTC_PEER_PORT_RANGE
@modeveci modeveci requested a review from philn September 19, 2024 09:39
@modeveci
Copy link

@emutavchi , Could you please look at this PR as well? It is important to know effects on all use-cases.

@philn
Copy link

philn commented Sep 19, 2024

What issue is this fixing?

@mikolaj-staworzynski-red
Copy link
Author

That is related more to our internal STB firewall setup and NASC restrictions, as a general rule we have there on input traffic default DROP rule.

Problem was observed by us in the case of host to host WebRTC streaming (both being in the same local network) example drop:

Aug 20 15:42:18.078218 000378-EOS2STB-008388647706 kernel: DROP: IN=eth2 OUT= MAC=4c:d0:8a:2b:c4:19:00:2b:67:13:14:a8:08:00 SRC=192.168.50.118 DST=192.168.50.201 LEN=128 TOS=0x00 PREC=0x00 TTL=64 ID=40595 DF PROTO=UDP SPT=37659 DPT=33807 LEN=108

(1) Usually without extra setup, the port is selected from ephemeral port range (next free is selected).
(2) Without having that kind of limitation we would need to open the wider range of ports (in our case range from port 32768 to 60999 that we would like to avoid and limit as much as possible).

Simply saying that env variable and setup give us more control on that behaviour and allow to selectively manage the incoming traffic.

@philn
Copy link

philn commented Sep 19, 2024

And on which devices is this needed? I wonder if instead of adding yet another env var this could be handled using the Quirks system.

@modeveci
Copy link

@philn , what do you think? Is that something needs to be outside of browser code or fine to have in browser? I am asking because it seems it is a requirement of specific platform not webrtc protocol, am I correct ?

@philn
Copy link

philn commented Sep 19, 2024

Well, I think this might be a browser decision, I'll investigate this further and get back asap.

@philn
Copy link

philn commented Sep 19, 2024

@philn , what do you think? Is that something needs to be outside of browser code or fine to have in browser?

I think this could be a runtime setting in WebKit, maybe.

I am asking because it seems it is a requirement of specific platform not webrtc protocol, am I correct ?

The protocol doesn't mandate a specific range of UDP ports afaik. It's up to each client's kernel to allocate port.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philn philn Awaiting requested review from philn

Assignees
No one assigned
Labels
wpe-2.38
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikolaj-staworzynski-red @modeveci @philn