Bug 82938

Summary: NiceAgentRecvFunc invoked for data even when not coming from authenticated pairs
Product: nice Reporter: Lorenzo Miniero <lminiero>
Component: GeneralAssignee: Olivier CrĂȘte <olivier.crete>
Status: RESOLVED MOVED QA Contact:
Severity: normal    
Priority: medium CC: zhixinx.liu
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Lorenzo Miniero 2014-08-22 08:20:33 UTC 
As suggested in this thread (http://lists.freedesktop.org/archives/nice/2014-August/000944.html) I'm opening an issue about a bug I encountered.

After a successful ICE setup using libnice, apparently the NiceAgentRecvFunc callback I set is invoked for a specific component even when data is not coming from any remote candidate that was negotiated and authenticated.

To make a practical and reproduceable exampe, I tried setting up a media session and, after a successful ICE setup, I used the nc command to send data to the port my application had selected (so random source port on the nc side). Surprisingly, the callback was notified, and the data was available, while I expected the library to ignore this external data as it was not part of the "connection" established between the two parties.
Comment 1 Ilya Konstantinov 2015-03-31 17:49:35 UTC 
To the best of my understanding, ICE's security is intended for the short-lived negotation, and does not extend to the session itself.

To guarantee session security, one would use something like SRTP.
Comment 2 Olivier CrĂȘte 2015-03-31 18:50:19 UTC 
Yes, but we shouldn't be accepting data from un-authenticated peer. Last draft I checked, this was required by WebRTC, and is actually required by the ICE RFC.
Comment 3 Philip Withnall 2015-06-26 13:53:18 UTC 
Migrated to Phabricator: http://phabricator.freedesktop.org/T104

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.