Comments (9)
This is rfc5764. To be clear, SRTP I/O should do any other package. This package only for dtls. The use_srtp
extension might be implemented by this package.The internal socket of dtls I/O might be reused. It's just a duplex stream:
dtls/src/node_modules/lib/socket.js
Lines 281 to 289 in 626c5bb
Anyway, SRTP is a part of Media API which is not my priority. I focused only on datachannels. Only any business interests and support may change my internal priority πΈ .
from dtls.
Let my clarify that I'm not asking for this dtls
lib to do SRTP I/O at all. I just meant that it may enable it by negotiating use_srtp
DTLS extension in the handshake.
Now, sorry for the off-topic:
What it comes to my mind when I see all these stun
, ice
, dtls
, etc great libs is the ability to create a modular DataChannel or a SRTP stack in Node. Let me show it in pseudo-code:
const ice = require('@nodertc/ice');
const dtls = require('@nodertc/dtls');
const rtp = require('@foo/rtp');
const srtp = require('@foo/srtp');
const is_rtp = require('is-rtp');
// Create a ICE connection.
const iceConnection = ice.connect(
{
remoteCandidates : [ {}, {}, {}... ],
userFrag : 'iaasdgjahsdgjh',
password : '1234'
});
// Wait for ICE to be established.
await new Promise((resolve) => iceConnection.on('connected', resolve));
// Create a DTLS association on top of the ICE connection.
// Note that iceConnection.getSocket() does not return a net.Socket
// but a special object with similar interface. This is because ICE
// may move to a different ip:port tuple at any time due to reconnections
// after ICE disconnections.
const dtlsConnection = dtls.connect(
{
socket : iceConnection.getSocket(),
useSrtp : true
});
// Wait for DTLS to be connected.
await new Promise((resolve) => dtlsConnection.on('connected', resolve));
// Create a SRTP session with the material negotiated via DTLS.
const srtpSession = srtp.createSession(
{
keys : dtlsConnection.getSrtpKeys()
});
// Create a dummy RTP packet.
const rtpPacket = rtp.createPacket(
{
payloadType : 111,
seq : 12345,
timestamp : Date.now(),
payload : new Buffer(...)
});
// Encrypt the packet with SRTP.
const srtpPacket = srtpSession.encrypt(rtpPacket);
// Send the SRTP packet.
iceConnection.send(srtpPacket.getRaw());
// Listen for incoming SRTP packets.
iceConnection.on('packet', (packet) =>
{
if (is_rtp(packet))
{
const srtpPacket = rtp.parse(packet);
const rtpPacket = srtpSession.decrypt(srtpPacket);
console.log(
'received RTP packet [payloadType:%d, seq:%d]',
rtpPacket.getPayloadType(), rtpPacket.getSeq());
}
});
Do you have something like this in mind? Jjust ignore the RTP/SRTP stuff above, please, it can be done by a 3rd party library.
from dtls.
Yes, you're right. It may look somethings like this. One note: srtp/rtp
should wait for complete dtls connection:
//...
dtlsConnection.once('connect', () => {
// ready for any i/o.
});
//...
from dtls.
Yes, I already waited for DTLS connection in my pseudo code above:
// Wait for DTLS to be connected.
await new Promise((resolve) => dtlsConnection.on('connect', resolve));
:)
from dtls.
Let me just one question more, please.
I'm looking for the best way to implement DataChannel in my SFU mediasoup. mediasoup is Node with C++ subprocesses that handle media (UDP, TCP, ICE, DTLS, SRTP, etc). The Node layer controls those C++ subprocesses via UnixSocket.
Once the DTLS is established, I already have a C++ API to send and receive "DTLS application data":
- https://github.com/versatica/mediasoup/blob/v3/worker/src/RTC/DtlsTransport.cpp?ts=2#L810
- https://github.com/versatica/mediasoup/blob/v3/worker/src/RTC/DtlsTransport.cpp?ts=2#L804
If we assume that those "DTLS application data" are SCTP packets, I can push them verbatim to the mediasoup Node.js layer and use your sctp
and datachannel
libs to process them, am I right?
Assuming that, it's not clear to me how to combine both sctp
and datachannel
libs. I expect that received DTLS data should be given to the sctp
lib. However, it seems that sctp
requires a transport
(got via dtls.connect()
), and dtls
requires a UDP socket which breaks my modular design. Basically I don't want that Node.js does networking at all, I already do networking at C++ level.
Is my use case possible using your libs? Perhaps the dtls
Socket can be provided with a Node Stream pair instead of having to pass a UDP socket?
P.S. I do not see any API in sctp
for sending data to the remote endpoint. Do I miss something?
from dtls.
First, sctp
was implemented by not me. I fixed only 2 things:
- i deleted native dependencies
- internal udp transport might be just a duplex stream
This module may have bugs and do not follow my standards of code quality. You may ask @latysheff as original author sctp about stability.
As i sayd before, after my fixes tansport
may be just a duplex stream. See
https://github.com/nodertc/nodertc/blob/a7bd7aca00bd389723f3cdc665653459667c408a/index.js#L328-L350
for details. It's nodertc prototype.
from dtls.
P.S. I do not see any API in
sctp
for sending data to the remote endpoint. Do I miss something?
The API of sctp module is the same as Node's Net module. That is, use socket.write()
to send data. There are also examples of how to use sctp sockets.
p.s. For now, there is no active support for the module, code is not covered by unit tests, but overall stability is fairly good, if viewed as black box. I have conducted long-running load tests, compatibility tests, etc, and noticed no memory leaks or crashes.
from dtls.
Thanks to both for your comments. So now there are two Node SCTP implementations that can run over DTLS:
- @nodertc/sctp, which accepts a duplex stream as transport.
- @latysheff/node-sctp, which requires a real UDP socket (so not valid for my use case).
@reklatsmasters, if you are building a complete DataChannel stack I assume you'll have to eventually work on @nodertc/sctp
as a core component of that DataChannel stack, am I right?
from dtls.
@ibc yes.See https://github.com/nodertc/nodertc/blob/a7bd7aca00bd389723f3cdc665653459667c408a/index.js to understand how itβs work.
from dtls.
Related Issues (20)
- Error: Invalid key length when TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher selected
- Incorrect CertificateRequest message
- Cannnot connect to the server with client certificate
- options.socket should be duplex stream or dgram.
- Is there any plans to add Raw Public Key support in the near future? HOT 6
- Drop aes-ccm block cipher
- Specified custom port doesn't seem to work HOT 4
- Explicitly verify server finished checksum
- remove `bl`, use `binary-data` instead
- Module not found: Error: Can't resolve 'lib/socket' HOT 8
- Add an integration tests for an every cipher suite
- Improve chacha20-poly1305 detection.
- Resume session
- TLS_RSA_WITH_AES_128_CBC_SHA (x002f) cipher suite HOT 3
- add connection_id extension
- DTLS Server Side implementation HOT 4
- doesnt work HOT 1
- Client connection to openssl server fails
- Connecting to IPv6 address does not work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dtls.