- added usage of range selection class to assist with allowed/denied ranges of values to ice gatherer

robin-raymond · robin-raymond · commit 9aaaa082a849 · 2017-08-14T10:55:07.000-04:00
diff --git a/ortc/cpp/ortc_ICEGatherer.cpp b/ortc/cpp/ortc_ICEGatherer.cpp
@@ -397,6 +397,29 @@ namespace ortc
         ISettings::setBool(ORTC_SETTING_GATHERER_GATHER_PASSIVE_TCP_CANDIDATES, true);
 
         ISettings::setUInt(ORTC_SETTING_GATHERER_RECHECK_IP_ADDRESSES_IN_SECONDS, 60);
+
+        {
+          zsLib::RangeSelection<WORD> range;
+#ifdef _WIN32
+          range.allow(5000, 65535);
+          range.deny(443, 443);
+          range.deny(500, 500);
+          range.deny(1900, 1900);
+          range.deny(2869, 2869);
+          range.deny(3074, 3074);
+          range.deny(3076, 3076);
+          range.deny(4016, 4016);
+          range.deny(4211, 4211);
+          range.deny(4222, 4223);
+          range.deny(4500, 4500);
+          range.deny(4600, 4601);
+          range.deny(5355, 5355);
+          range.deny(49152, 57343);
+#else
+          range.allow(5000, 65535);
+#endif //_WIN32
+          range.exportToSetting(ORTC_SETTING_GATHERER_PORT_RESTRICTIONS);
+        }
       }
       
     };
@@ -573,7 +596,8 @@ namespace ortc
       mMaxTotalBuffers(ISettings::getUInt(ORTC_SETTING_GATHERER_MAX_TOTAL_INCOMING_PACKET_BUFFERING)),
       mMaxTCPBufferingSizePendingConnection(ISettings::getUInt(ORTC_SETTING_GATHERER_MAX_PENDING_OUTGOING_TCP_SOCKET_BUFFERING_IN_BYTES)),
       mMaxTCPBufferingSizeConnected(ISettings::getUInt(ORTC_SETTING_GATHERER_MAX_CONNECTED_TCP_SOCKET_BUFFERING_IN_BYTES)),
-      mGatherPassiveTCP(ISettings::getBool(ORTC_SETTING_GATHERER_GATHER_PASSIVE_TCP_CANDIDATES))
+      mGatherPassiveTCP(ISettings::getBool(ORTC_SETTING_GATHERER_GATHER_PASSIVE_TCP_CANDIDATES)),
+      mPortRestriction(RangeSelection::createFromSetting(ORTC_SETTING_GATHERER_PORT_RESTRICTIONS))
     {
       mSTUNPacketParseOptions = STUNPacket::ParseOptions(STUNPacket::RFC_AllowAll, false, "ortc::ICEGatherer", mID);
 
@@ -4927,6 +4951,10 @@ namespace ortc
           } else {
             ZS_LOG_WARNING(Debug, log("will not attempt to rebind to default port") + ZS_PARAM("ip address", ioBindIP.string()))
           }
+        } else if (!firstAttempt) {
+          WORD selectedPort = mPortRestriction.getRandomPosition(IHelper::random(0, std::numeric_limits<size_t>::max()));
+          ioBindIP.setPort(selectedPort);
+          ZS_LOG_DEBUG(log("will attempt to bind to chosen port") + ZS_PARAM("ip address", ioBindIP.string()))
         }
 
         socket->bind(ioBindIP);
@@ -4946,6 +4974,10 @@ namespace ortc
         WORD bindPort = local.getPort();
         ioBindIP.setPort(bindPort);
         if (0 == mDefaultPort) {
+          if (!mPortRestriction.isAllowed(mDefaultPort)) {
+            ZS_LOG_WARNING(Detail, log("OS selected a port that is within the denied ports allowed (will attempt rebind on random, non OS chosen, and non denied port)") + ZS_PARAM("port", bindPort));
+            ZS_THROW_CUSTOM_PROPERTIES_1(Socket::Exceptions::Unspecified, 0, String("OS port selection was within denied port range: " + string(bindPort)));
+          }
           mDefaultPort = bindPort;
           ZS_LOG_TRACE(log("selected default bind port") + ZS_PARAMIZE(mDefaultPort))
         }
diff --git a/ortc/internal/ortc_ICEGatherer.h b/ortc/internal/ortc_ICEGatherer.h
@@ -46,13 +46,16 @@
 #include <zsLib/MessageQueueAssociator.h>
 #include <zsLib/Socket.h>
 #include <zsLib/ITimer.h>
+#include <zsLib/RangeSelection.h>
 
 #include <cryptopp/queue.h>
 
 #define ORTC_SETTING_GATHERER_INTERFACE_NAME_MAPPING  "ortc/gatherer/interface-name-mapping"
 #define ORTC_SETTING_GATHERER_USERNAME_FRAG_LENGTH  "ortc/gatherer/username-frag-length"
 #define ORTC_SETTING_GATHERER_PASSWORD_LENGTH  "ortc/gatherer/password-length"
 
+#define ORTC_SETTING_GATHERER_PORT_RESTRICTIONS "ortc/gatherer/port-restrictions" // use zsLib::RangeSelection<uint16_t> to set this setting
+
 #define ORTC_SETTING_GATHERER_CANDIDATE_TYPE_PREFERENCE_PRIORITY_PREFIX "ortc/gatherer/canadidate-type-priority-"  // (0..126) << (24)
 #define ORTC_SETTING_GATHERER_PROTOCOL_TYPE_PREFERENCE_PRIORITY_PREFIX "ortc/gatherer/protocol-type-priority-"     // (0..0x3) << (24-2)
 #define ORTC_SETTING_GATHERER_INTERFACE_TYPE_PREFERENCE_PRIORITY_PREFIX "ortc/gatherer/interface-type-priority-"   // (0..0xF) << (24-6)
@@ -320,6 +323,7 @@ namespace ortc
       typedef std::map<LocalCandidateRemoteIPPair, RoutePtr> LocalCandidateRemoteIPRouteMap;
 
       typedef CryptoPP::ByteQueue ByteQueue;
+      typedef zsLib::RangeSelection<WORD> RangeSelection;
 
     public:
       struct ConstructorOptions
@@ -1070,6 +1074,7 @@ namespace ortc
       String mHostsHash;
       String mOptionsHash;
 
+      RangeSelection mPortRestriction;
       WORD mDefaultPort {0};
 
       String mLastFixedHostPortsHostsHash;
