[erlang-questions] dtls error when used with chrome webrtc

Joe K goodjoe2049@REDACTED
Mon Jan 1 19:14:53 CET 2018 

I've also been thinking about turning the server into a TURN server which
would relay packets to itself, but for that I would still have to handle
Allocate STUN requests.

On Mon, Jan 1, 2018 at 9:11 PM, Joe K <goodjoe2049@REDACTED> wrote:

> Sorry for bothering you, Danil, but I was trying to make something like
> `dtls:ssl_accept` work on udp sockets and then thought I would get more
> STUN requests to keep the connection in NATs "alive" after I finally
> `sslaccept` the socket. Would I have to somehow downgrade the dtls session
> back to udp? Or is there some other way?
>
> Right now I'm thinking about a hacky approach: forking erlang's ssl
> library and checking for STUN packets in every `handle_datagram` call in
> `dtls_udp_listener`.
>
> And thank you again, you've been incredibly helpful.
>
> On Fri, Dec 29, 2017 at 5:55 PM, Facundo Olano <
> facundo.olano@REDACTED> wrote:
>
>> Hi Danil!
>>
>> The server code is for signaling (using websockets), but it also includes
>> processone/stun <https://github.com/processone/stun> as a dependency, so
>> it handles STUN/TURN as well. It also contains a couple of example
>> applications that server javascript clients that connect to the server
>> (both for signaling and ICE). The multiparty example uses a mesh.
>>
>> To be honest I don't know what DTLS+SRTP is about :P
>>
>> Thanks,
>> Facundo.
>>
>> On Fri, Dec 29, 2017 at 11:47 AM, Danil Zagoskin <z@REDACTED> wrote:
>>
>>> Hi Federico!
>>>
>>> Is it just signalling server?
>>> E.g. do you handle all the DTLS+SRTP stuff or just build a full mesh of
>>> participants?
>>>
>>> On Fri, Dec 29, 2017 at 4:48 PM, Federico Carrone <
>>> federico.carrone@REDACTED> wrote:
>>>
>>>> Joe,
>>>>
>>>> We are creating an open source erlang webrtc server replacement for
>>>> appear.in. You can check it here: https://github.com/lambdaclass
>>>> /webrtc-server
>>>>
>>>> We are using the processone stun library. I am not sure if this mail is
>>>> of any help but might be interested in checking it since it is working fine.
>>>>
>>>> Regards,
>>>> Federico.
>>>>
>>>> On Fri, Dec 29, 2017 at 9:15 AM, Joe K <goodjoe2049@REDACTED> wrote:
>>>>
>>>>> Tried this, hoped it would work, but it didn't ...
>>>>>
>>>>>     1> {ok, Socket} = gen_udp:open(9090, [binary, {active, false}]).
>>>>>     {ok,#Port<0.441>}
>>>>>     2> dtls:connect(Socket, []).
>>>>>     {error,{options,{not_supported,{packet,0}}}}
>>>>>
>>>>> On Fri, Dec 29, 2017 at 2:21 PM, Joe K <goodjoe2049@REDACTED> wrote:
>>>>>
>>>>>> > Also you may try using external STUN server (check
>>>>>> RTCPeerConnection docs) and hope browser starts with DTLS hello.
>>>>>>
>>>>>> I've tried that, but the browser still sends STUN binding requests to
>>>>>> the DTLS process. And it uses the STUN server just to find out it's address.
>>>>>>
>>>>>> > It should be quite easy to implement and it would be consistent
>>>>>> with ssl:connect/2 and ssl:ssl_accept for TCP sockets.
>>>>>>
>>>>>> Will try this now. Thank you.
>>>>>>
>>>>>> On Thu, Dec 28, 2017 at 4:34 PM, Danil Zagoskin <z@REDACTED> wrote:
>>>>>>
>>>>>>> > But now I don't know how to reply to both STUN binding request
>>>>>>> and then setup a DTLS session using erlang's ssl module.
>>>>>>> Yes, dtls implementation lacks support of starting/accepting a
>>>>>>> handshake over existing socket.
>>>>>>> It should be quite easy to implement and it would be consistent with
>>>>>>> ssl:connect/2 and ssl:ssl_accept for TCP sockets.
>>>>>>>
>>>>>>> Also you may try using external STUN server (check RTCPeerConnection
>>>>>>> docs) and hope browser starts with DTLS hello.
>>>>>>> If you try this, please share the results.
>>>>>>>
>>>>>>> On Thu, Dec 28, 2017 at 3:26 PM, Joe K <goodjoe2049@REDACTED>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Oops, I forgot to reply to the mailing list in my last email.
>>>>>>>>
>>>>>>>> The response was
>>>>>>>>
>>>>>>>>   > Maybe browser sends STUN requests to your port when you expect
>>>>>>>> DTLS hello?
>>>>>>>>   You are absolutely right, Wireshark shows that there are lots of
>>>>>>>> STUN binding requests being made, I didn't think of that.
>>>>>>>>
>>>>>>>>   > Do you use external STUN server?
>>>>>>>>   I don't use external STUN servers ... For some reason, I didn't
>>>>>>>> think I would need them.
>>>>>>>>
>>>>>>>>   > Also try checking chrome://webrtc-internals and chrome://webrtc-logs
>>>>>>>> for browser's view on what's going on.
>>>>>>>>   chrome://webrtc-logs is empty for the webrtc whole session.
>>>>>>>>
>>>>>>>> But now I don't know how to reply to both STUN binding request and
>>>>>>>> then setup a DTLS session using erlang's ssl module.
>>>>>>>>
>>>>>>>> On Thu, Dec 28, 2017 at 1:28 AM, Danil Zagoskin <z@REDACTED> wrote:
>>>>>>>>
>>>>>>>>> Hi!
>>>>>>>>> What do you see in Wireshark?
>>>>>>>>> Did you see handshake between two browsers?
>>>>>>>>> Is your application ready to receive the packet sent by browser?
>>>>>>>>> Do you use external STUN server?
>>>>>>>>> Maybe browser sends STUN requests to your port when you expect
>>>>>>>>> DTLS hello?
>>>>>>>>>
>>>>>>>>> Also try checking chrome://webrtc-internals and chrome://webrtc-logs
>>>>>>>>> for browser's view on what's going on.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Dec 28, 2017 at 12:09 AM, Joe K <goodjoe2049@REDACTED>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> I'm trying to implement parts of webrtc stack with elixir/erlang
>>>>>>>>>> and currently am stuck with setting up a dtls session.
>>>>>>>>>>
>>>>>>>>>> The minimal example is, I think, the following (in console,
>>>>>>>>>> erlang 20.2.2):
>>>>>>>>>>
>>>>>>>>>>     2> ssl:start().
>>>>>>>>>>     ok
>>>>>>>>>>     3> {ok, ListenSocket} = ssl:listen(8090, [
>>>>>>>>>>     3>   binary,
>>>>>>>>>>     3>   {ip, {0, 0, 0, 0}},
>>>>>>>>>>     3>   {protocol, dtls},
>>>>>>>>>>     3>   {keyfile, <<"priv/server.key">>},
>>>>>>>>>>     3>   {certfile, <<"priv/server.pem">>},
>>>>>>>>>>     3>   {active, false}
>>>>>>>>>>     3> ]).
>>>>>>>>>>     {ok, ...}
>>>>>>>>>>     4> {ok, AcceptSocket} = ssl:transport_accept(ListenSocket).
>>>>>>>>>>     {ok,...}
>>>>>>>>>>     5> ssl:ssl_accept(AcceptSocket).
>>>>>>>>>>     {error,{tls_alert,"record overflow"}}
>>>>>>>>>>
>>>>>>>>>> And js (with chrome canary): https://gist.github.c
>>>>>>>>>> om/idi-ot/a07b7330ff02f90373a2dcfe83883afa
>>>>>>>>>>
>>>>>>>>>> After {error,{tls_alert,"record overflow"}} the
>>>>>>>>>> RTCPeerConnection's iceConnectionState becomes "failed" and the connection
>>>>>>>>>> itself "closed".
>>>>>>>>>>
>>>>>>>>>> I wonder what I am doing wrong.
>>>>>>>>>>
>>>>>>>>>>     openssl s_client -dtls1 -connect 127.0.0.1:8089 -debug
>>>>>>>>>>
>>>>>>>>>> works fine with the code snippet above.
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> erlang-questions mailing list
>>>>>>>>>> erlang-questions@REDACTED
>>>>>>>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Danil Zagoskin | z@REDACTED
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Danil Zagoskin | z@REDACTED
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> erlang-questions mailing list
>>>>> erlang-questions@REDACTED
>>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Danil Zagoskin | z@REDACTED
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180101/db11c7ff/attachment.htm>

More information about the erlang-questions mailing list