Re: No DTLS alert on PeerConnection.close()?

2016-09-20 Thread Lorenzo Miniero 
Il giorno lunedì 19 settembre 2016 23:00:49 UTC+2, Nils Ohlmeier ha scritto:
> Lorenzo I create bug 1303867 to track and discuss this.
> 


Thanks! Let me know if there's anything else you need me to provide.

Lorenzo


>   Nils
> 
> > On Sep 19, 2016, at 12:53, Nils Ohlmeier  wrote:
> > 
> > A security bug around this behavior (which is not disclosed to the public 
> > yet) has been fixed and uplifted to 48, which probably causes this new 
> > behavior.
> > 
> >  Nils
> > 
> >> On Sep 19, 2016, at 02:22, Lorenzo Miniero  wrote:
> >> 
> >> Il giorno lunedì 19 settembre 2016 11:18:52 UTC+2, Martin Thomson ha 
> >> scritto:
> >>> No good info on the bug, which seems plausible.  I do have an
> >>> observation though:
> >>> 
> >>> You can't rely on DTLS alerts arriving, since they are not
> >>> retransmitted.  You should use signaling for session termination.
> >>> 
> >> 
> >> 
> >> Hi Martin,
> >> 
> >> yep, you're right, and in some modules we're already doing this, although 
> >> it's not happening in this case which is what made the bug pop up.
> >> 
> >> Thanks,
> >> Lorenzo
> >> 
> >> 
> >>> On Mon, Sep 19, 2016 at 6:44 PM, Lorenzo Miniero  
> >>> wrote:
>  Hi,
>  
>  I've noticed a weird behaviour that seems to have started happening with 
>  Firefox 48, and is apparently happening with the latest Nightly as well. 
>  It looks like Firefox is not sending a DTLS alert anymore when a 
>  PeerConnection is closed. You can test this easily by opening this web 
>  page in a couple of tabs:
>  
>  https://janus.conf.meetecho.com/videocalltest.html
>  
>  This is a demo of a WebRTC call with media going through my WebRTC 
>  server. To replicate the issue, just choose two different usernames and 
>  have one call the other, and then have one of the two hangup. This will 
>  result, for both users, in a call to the PeerConnection.close(), and 
>  about:webrtc confirms both PCs are indeed closed, but looking at the 
>  traffic via Wireshark/tcpdump no DTLS alert is sent to the server by 
>  either of them. This makes the server actually unaware of the PC being 
>  closed.
>  
>  Is this a known issue?
>  
>  Thanks!
>  Lorenzo
>  ___
>  dev-media mailing list
>  dev-media@lists.mozilla.org
>  https://lists.mozilla.org/listinfo/dev-media
> >> 
> >> ___
> >> dev-media mailing list
> >> dev-media@lists.mozilla.org
> >> https://lists.mozilla.org/listinfo/dev-media
> >

___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: No DTLS alert on PeerConnection.close()?

2016-09-19 Thread Nils Ohlmeier 
Lorenzo I create bug 1303867 to track and discuss this.

  Nils

> On Sep 19, 2016, at 12:53, Nils Ohlmeier  wrote:
> 
> A security bug around this behavior (which is not disclosed to the public 
> yet) has been fixed and uplifted to 48, which probably causes this new 
> behavior.
> 
>  Nils
> 
>> On Sep 19, 2016, at 02:22, Lorenzo Miniero  wrote:
>> 
>> Il giorno lunedì 19 settembre 2016 11:18:52 UTC+2, Martin Thomson ha scritto:
>>> No good info on the bug, which seems plausible.  I do have an
>>> observation though:
>>> 
>>> You can't rely on DTLS alerts arriving, since they are not
>>> retransmitted.  You should use signaling for session termination.
>>> 
>> 
>> 
>> Hi Martin,
>> 
>> yep, you're right, and in some modules we're already doing this, although 
>> it's not happening in this case which is what made the bug pop up.
>> 
>> Thanks,
>> Lorenzo
>> 
>> 
>>> On Mon, Sep 19, 2016 at 6:44 PM, Lorenzo Miniero  wrote:
 Hi,
 
 I've noticed a weird behaviour that seems to have started happening with 
 Firefox 48, and is apparently happening with the latest Nightly as well. 
 It looks like Firefox is not sending a DTLS alert anymore when a 
 PeerConnection is closed. You can test this easily by opening this web 
 page in a couple of tabs:
 
 https://janus.conf.meetecho.com/videocalltest.html
 
 This is a demo of a WebRTC call with media going through my WebRTC server. 
 To replicate the issue, just choose two different usernames and have one 
 call the other, and then have one of the two hangup. This will result, for 
 both users, in a call to the PeerConnection.close(), and about:webrtc 
 confirms both PCs are indeed closed, but looking at the traffic via 
 Wireshark/tcpdump no DTLS alert is sent to the server by either of them. 
 This makes the server actually unaware of the PC being closed.
 
 Is this a known issue?
 
 Thanks!
 Lorenzo
 ___
 dev-media mailing list
 dev-media@lists.mozilla.org
 https://lists.mozilla.org/listinfo/dev-media
>> 
>> ___
>> dev-media mailing list
>> dev-media@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/dev-media
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: No DTLS alert on PeerConnection.close()?

2016-09-19 Thread Martin Thomson 
No good info on the bug, which seems plausible.  I do have an
observation though:

You can't rely on DTLS alerts arriving, since they are not
retransmitted.  You should use signaling for session termination.

On Mon, Sep 19, 2016 at 6:44 PM, Lorenzo Miniero  wrote:
> Hi,
>
> I've noticed a weird behaviour that seems to have started happening with 
> Firefox 48, and is apparently happening with the latest Nightly as well. It 
> looks like Firefox is not sending a DTLS alert anymore when a PeerConnection 
> is closed. You can test this easily by opening this web page in a couple of 
> tabs:
>
> https://janus.conf.meetecho.com/videocalltest.html
>
> This is a demo of a WebRTC call with media going through my WebRTC server. To 
> replicate the issue, just choose two different usernames and have one call 
> the other, and then have one of the two hangup. This will result, for both 
> users, in a call to the PeerConnection.close(), and about:webrtc confirms 
> both PCs are indeed closed, but looking at the traffic via Wireshark/tcpdump 
> no DTLS alert is sent to the server by either of them. This makes the server 
> actually unaware of the PC being closed.
>
> Is this a known issue?
>
> Thanks!
> Lorenzo
> ___
> dev-media mailing list
> dev-media@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-media
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media