Add a Preference to allow WebRTC only bind to "any address" (all 0s). This...

Add a Preference to allow WebRTC only bind to "any address" (all 0s). This way, no local IP or private ISP's public IP leaked when VPN is the default route. Add webrtc.multiple_routes_disabled preference to RendererPreferences. Default is false. When set to true, a new port allocator flag will be passed to P2PPortAllocator which will have WebRTC only bind to all 0s (any address) IP and the default route will be used as how chrome/http is routed. Each rtc_peer_connection_handler is associated with a WebFrame and it leads to a webview and then the mapping RenderViewImpl which has RendererPreferences that we care. The corresponding webrtc change is at https://webrtc-codereview.appspot.com/39129004 BUG=333752 Review URL: https://codereview.chromium.org/916873004 Cr-Commit-Position: refs/heads/master@{#317047}

Add a Preference to allow WebRTC only bind to "any address" (all 0s). This...
Add a Preference to allow WebRTC only bind to "any address" (all 0s). This way, no local IP or private ISP's public IP leaked when VPN is the default route. Add webrtc.multiple_routes_disabled preference to RendererPreferences. Default is false. When set to true, a new port allocator flag will be passed to P2PPortAllocator which will have WebRTC only bind to all 0s (any address) IP and the default route will be used as how chrome/http is routed. Each rtc_peer_connection_handler is associated with a WebFrame and it leads to a webview and then the mapping RenderViewImpl which has RendererPreferences that we care. The corresponding webrtc change is at https://webrtc-codereview.appspot.com/39129004 BUG=333752 Review URL: https://codereview.chromium.org/916873004 Cr-Commit-Position: refs/heads/master@{#317047}
7c98bab0 · guoweis · Commit bot · 7431bb29 · 7c98bab0 · 7c98bab0
Commit 7c98bab0 authored Feb 19, 2015 by guoweis Committed by Commit bot Feb 19, 2015
10 changed files
--- a/chrome/browser/renderer_preferences_util.cc
+++ b/chrome/browser/renderer_preferences_util.cc
@@ -46,6 +46,10 @@ void UpdateFromSystemSettings(content::RendererPreferences* prefs,
  prefs->enable_referrers = pref_service->GetBoolean(prefs::kEnableReferrers);
  prefs->enable_do_not_track =
      pref_service->GetBoolean(prefs::kEnableDoNotTrack);
+#if defined(ENABLE_WEBRTC)
+  prefs->enable_webrtc_multiple_routes =
+      pref_service->GetBoolean(prefs::kWebRTCMultipleRoutesEnabled);
+#endif

  double default_zoom_level = 0;
  bool default_zoom_level_set = false;

--- a/chrome/browser/ui/browser_ui_prefs.cc
+++ b/chrome/browser/ui/browser_ui_prefs.cc
@@ -157,6 +157,12 @@ void RegisterBrowserUserPrefs(user_prefs::PrefRegistrySyncable* registry) {
      prefs::kEnableDoNotTrack,
      false,
      user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
+#if defined(ENABLE_WEBRTC)
+  registry->RegisterBooleanPref(
+      prefs::kWebRTCMultipleRoutesEnabled,
+      true,
+      user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
+#endif

  // Dictionaries to keep track of default tasks in the file browser.
  registry->RegisterDictionaryPref(

--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -1248,6 +1248,12 @@ const char kCopresenceAuthenticatedDeviceId[] =
 const char kCopresenceAnonymousDeviceId[] = "apps.copresence.unauth_device_id";
 #endif

+// Whether WebRTC should bind to individual NICs to explore all possible routing
+// options. Default is true.
+#if defined(ENABLE_WEBRTC)
+const char kWebRTCMultipleRoutesEnabled[] = "webrtc.multiple_routes_enabled";
+#endif
+
 // *************** LOCAL STATE ***************
 // These are attached to the machine/installation


--- a/chrome/common/pref_names.h
+++ b/chrome/common/pref_names.h
@@ -419,6 +419,10 @@ extern const char kCopresenceAuthenticatedDeviceId[];
 extern const char kCopresenceAnonymousDeviceId[];
 #endif

+#if defined(ENABLE_WEBRTC)
+extern const char kWebRTCMultipleRoutesEnabled[];
+#endif
+
 // Local state prefs. Please add Profile prefs above instead.
 extern const char kCertRevocationCheckingEnabled[];
 extern const char kCertRevocationCheckingRequiredLocalAnchors[];

--- a/content/common/view_messages.h
+++ b/content/common/view_messages.h
@@ -224,6 +224,7 @@ IPC_STRUCT_TRAITS_BEGIN(content::RendererPreferences)
  IPC_STRUCT_TRAITS_MEMBER(use_custom_colors)
  IPC_STRUCT_TRAITS_MEMBER(enable_referrers)
  IPC_STRUCT_TRAITS_MEMBER(enable_do_not_track)
+  IPC_STRUCT_TRAITS_MEMBER(enable_webrtc_multiple_routes)
  IPC_STRUCT_TRAITS_MEMBER(default_zoom_level)
  IPC_STRUCT_TRAITS_MEMBER(user_agent_override)
  IPC_STRUCT_TRAITS_MEMBER(accept_languages)

--- a/content/public/common/renderer_preferences.cc
+++ b/content/public/common/renderer_preferences.cc
@@ -31,6 +31,7 @@ RendererPreferences::RendererPreferences()
      use_custom_colors(true),
      enable_referrers(true),
      enable_do_not_track(false),
+      enable_webrtc_multiple_routes(true),
      default_zoom_level(0),
      report_frame_name_changes(false),
      tap_multiple_targets_strategy(TAP_MULTIPLE_TARGETS_STRATEGY_POPUP),

--- a/content/public/common/renderer_preferences.h
+++ b/content/public/common/renderer_preferences.h
@@ -96,6 +96,9 @@ struct CONTENT_EXPORT RendererPreferences {
  // Set to true to indicate that the preference to set DNT to 1 is enabled.
  bool enable_do_not_track;

+  // Set to false to indicate that WebRTC should use the OS default routing.
+  bool enable_webrtc_multiple_routes;
+
  // Default page zoom level.
  double default_zoom_level;


--- a/content/renderer/media/webrtc/peer_connection_dependency_factory.cc
+++ b/content/renderer/media/webrtc/peer_connection_dependency_factory.cc
@@ -11,6 +11,7 @@
 #include "base/synchronization/waitable_event.h"
 #include "content/common/media/media_stream_messages.h"
 #include "content/public/common/content_switches.h"
+#include "content/public/common/renderer_preferences.h"
 #include "content/renderer/media/media_stream.h"
 #include "content/renderer/media/media_stream_audio_processor.h"
 #include "content/renderer/media/media_stream_audio_processor_options.h"
@@ -33,6 +34,7 @@
 #include "content/renderer/p2p/ipc_socket_factory.h"
 #include "content/renderer/p2p/port_allocator.h"
 #include "content/renderer/render_thread_impl.h"
+#include "content/renderer/render_view_impl.h"
 #include "jingle/glue/thread_wrapper.h"
 #include "media/filters/gpu_video_accelerator_factories.h"
 #include "third_party/WebKit/public/platform/WebMediaConstraints.h"
@@ -114,14 +116,14 @@ void HarmonizeConstraintsAndEffects(RTCMediaConstraints* constraints,

 class P2PPortAllocatorFactory : public webrtc::PortAllocatorFactoryInterface {
 public:
-  P2PPortAllocatorFactory(
-      P2PSocketDispatcher* socket_dispatcher,
-      rtc::NetworkManager* network_manager,
-      rtc::PacketSocketFactory* socket_factory)
+  P2PPortAllocatorFactory(P2PSocketDispatcher* socket_dispatcher,
+                          rtc::NetworkManager* network_manager,
+                          rtc::PacketSocketFactory* socket_factory,
+                          bool enable_multiple_routes)
      : socket_dispatcher_(socket_dispatcher),
        network_manager_(network_manager),
-        socket_factory_(socket_factory) {
-  }
+        socket_factory_(socket_factory),
+        enable_multiple_routes_(enable_multiple_routes) {}

  cricket::PortAllocator* CreatePortAllocator(
      const std::vector<StunConfiguration>& stun_servers,
@@ -147,6 +149,7 @@ class P2PPortAllocatorFactory : public webrtc::PortAllocatorFactoryInterface {
          turn_configurations[i].server.hostname(),
          turn_configurations[i].server.port()));
    }
+    config.enable_multiple_routes = enable_multiple_routes_;

    return new P2PPortAllocator(
        socket_dispatcher_.get(), network_manager_, socket_factory_, config);
@@ -161,6 +164,10 @@ class P2PPortAllocatorFactory : public webrtc::PortAllocatorFactoryInterface {
  // PeerConnectionDependencyFactory.
  rtc::NetworkManager* network_manager_;
  rtc::PacketSocketFactory* socket_factory_;
+
+  // When false, only 'any' address (all 0s) will be bound for address
+  // discovery.
+  bool enable_multiple_routes_;
 };

 PeerConnectionDependencyFactory::PeerConnectionDependencyFactory(
@@ -394,11 +401,21 @@ PeerConnectionDependencyFactory::CreatePeerConnection(
  if (!GetPcFactory().get())
    return NULL;

+  // Copy the flag from Preference associated with this WebFrame.
+  bool enable_multiple_routes = true;
+  if (web_frame && web_frame->view()) {
+    RenderViewImpl* renderer_view_impl =
+        RenderViewImpl::FromWebView(web_frame->view());
+    if (renderer_view_impl) {
+      enable_multiple_routes = renderer_view_impl->renderer_preferences()
+                                    .enable_webrtc_multiple_routes;
+    }
+  }
+
  scoped_refptr<P2PPortAllocatorFactory> pa_factory =
-        new rtc::RefCountedObject<P2PPortAllocatorFactory>(
-            p2p_socket_dispatcher_.get(),
-            network_manager_,
-            socket_factory_.get());
+      new rtc::RefCountedObject<P2PPortAllocatorFactory>(
+          p2p_socket_dispatcher_.get(), network_manager_, socket_factory_.get(),
+          enable_multiple_routes);

  PeerConnectionIdentityService* identity_service =
      new PeerConnectionIdentityService(

--- a/content/renderer/p2p/port_allocator.cc
+++ b/content/renderer/p2p/port_allocator.cc
@@ -31,6 +31,8 @@ P2PPortAllocator::P2PPortAllocator(
  uint32 flags = 0;
  if (config_.disable_tcp_transport)
    flags |= cricket::PORTALLOCATOR_DISABLE_TCP;
+  if (!config_.enable_multiple_routes)
+    flags |= cricket::PORTALLOCATOR_DISABLE_ADAPTER_ENUMERATION;
  set_flags(flags);
  set_allow_tcp_listen(false);
 }

--- a/content/renderer/p2p/port_allocator.h
+++ b/content/renderer/p2p/port_allocator.h
@@ -36,6 +36,9 @@ class P2PPortAllocator : public cricket::BasicPortAllocator {

    // Disable TCP-based transport when set to true.
    bool disable_tcp_transport;
+
+    // Disable binding to individual NICs when set to false.
+    bool enable_multiple_routes;
  };

  P2PPortAllocator(P2PSocketDispatcher* socket_dispatcher,