Land the post-DTLS hardening and interop follow-up work#21
Open
vvhh2002 wants to merge 15 commits intorestsend:mainfrom
Open
Land the post-DTLS hardening and interop follow-up work#21vvhh2002 wants to merge 15 commits intorestsend:mainfrom
vvhh2002 wants to merge 15 commits intorestsend:mainfrom
Conversation
- 新增 issue/task 清单与自动化验证方案文档,明确分层测试、完成门禁和任务拆分\n- 新增更新步骤文档,按安全、规范、网络媒体和工程化阶段梳理修正路径\n- 补齐各阶段目标、建议修改位置、验收标准和执行顺序
Issue: ISSUE-01 baseline/regression-safety-net Summary: - 新增 regression_baseline smoke test,覆盖 security、signaling、datachannel、network、media、stats 六类关键入口 - 新增 scripts/run_regression_group.sh,提供分组与 all 模式的统一本地回归入口 - 将 DTLS、reinvite、ordered channel、TURN、simulcast、media flow 等现有关键测试纳入固定分组映射 Files: - tests/regression_baseline.rs - scripts/run_regression_group.sh Verification: - cargo fmt --all - cargo test --test regression_baseline - bash -n scripts/run_regression_group.sh - ./scripts/run_regression_group.sh all Result: - pass Risk: - stats 组当前仍以 smoke test 为主,真实统计项覆盖要在后续 stats issue 中继续补齐 - 分组脚本当前是本地执行入口,CI 映射仍可在后续单独收敛 Follow-up: - 继续执行 ISSUE-02 security/srtp-replay-window - 如需进入 CI,可把同一分组映射迁移到 workflow job
Issue: ISSUE-02 security/srtp-replay-window Summary: - 为 RTP 和 SRTCP 增加 64 包 replay window,拒绝重复包和窗口外旧包 - 为 replay reject 增加明确错误类型,并在 RtpTransport 中输出日志 - 将 SRTP/SRTCP replay reject 计入 StatsCollector 的 Transport 统计项 - 新增 replay window 和本地集成测试覆盖乱序、重复包和过旧包场景 Files: - src/errors.rs - src/peer_connection.rs - src/srtp.rs - src/stats_collector.rs - src/transports/rtp.rs - tests/srtp_replay_window.rs - tests/srtp_replay_integration.rs Verification: - cargo fmt --all - cargo test --test srtp_replay_window - cargo test --test srtp_replay_integration - cargo test --lib protect_and_unprotect_roundtrip - cargo test --lib roc_rollover_reordered - cargo test --lib test_stats_collector_replay_rejects Result: - pass Risk: - SRTCP index wraparound 的长期行为仍未单独覆盖 Follow-up: - 继续 ISSUE-03 dtls-sctp-buffer-limits
Issue: ISSUE-03 security/dtls-sctp-buffer-limits Summary: - 将 DTLS handshake fragment 重组上限接入 dtls_buffer_size,并在 fragment 头范围非法或超限时直接失败握手 - 修正 HandshakeMessage 编码长度字段,使分片握手消息保留 total_length - 为 DataChannel 单消息重组增加 64KiB 上限,并为 ordered channel 待排序队列增加 128KiB 上限 - DataChannel 入站重组超限时清空缓冲并关闭触发问题的 channel,避免单 channel 持续占用内存 - 新增 DTLS 超限与 malformed fragment 测试,以及 DataChannel 接近阈值/超限的集成测试 Files: - src/transports/dtls/handshake.rs - src/transports/dtls/mod.rs - src/transports/dtls/tests.rs - src/transports/sctp.rs - tests/datachannel_reassembly_limits.rs - tests/security_malformed_buffers.rs Verification: - cargo fmt --all - cargo test dtls_fragment_reassembly_rejects_oversized_message - cargo test --test datachannel_reassembly_limits - cargo test --test security_malformed_buffers - cargo test test_handshake_message_encode_decode_fragment_header Result: - pass Risk: - 目前异常输入测试覆盖到 DTLS malformed fragment 和 DataChannel 超限路径,尚未单独补原始 SCTP DATA chunk 级别的恶意输入夹具 Follow-up: - 继续 ISSUE-04 signaling/pranswer-rollback
- 在 src/peer_connection.rs 中实现本地与远端 rollback 恢复,支持 pranswer 过渡到最终 answer,并补齐无效状态分支。 - 新增 tests/signaling_pranswer_rollback.rs,覆盖 local rollback、remote rollback、pranswer->answer 与 invalid state。 - 扩展 tests/rtp_reinvite_test.rs 和 tests/rtp_reinvite_comprehensive_test.rs,补充 rollback 与 pranswer 的 reinvite 回归。
Issue: ISSUE-05 media/codec-runtime-model Summary: - 扩展 RtpCodecParameters,保留 codec_name、fmtp、rtcp-fb,并提供 codec_specific_parameters 解析入口。 - 在 SDP 解析与 answer 生成中引入 codec 能力交集,answer 复用远端 payload type,不兼容 codec 生成拒绝的 m-line。 - 本地 answer/pranswer 落地后将协商结果写回 transceiver 运行时,同时避免覆盖远端 extmap。 Files: - src/peer_connection.rs - src/sdp.rs - src/config.rs - tests/codec_runtime_model.rs - tests/codec_negotiation_integration.rs - 以及受 RtpCodecParameters 扩展影响的现有 RTP/interop 测试 Verification: - cargo fmt --all - cargo test --test codec_runtime_model - cargo test --test codec_negotiation_integration - cargo check --tests - cargo test --test rtp_reinvite_test - cargo test --test rtp_reinvite_comprehensive_test - cargo test --test media_flow Result: - pass Risk: - 当前 answer 的 fmtp 仍以本地能力为主、远端 offer 为辅,复杂 H264 profile 兼容策略后续还需要更细粒度协商。 Follow-up: - 继续 ISSUE-06 config/certificate-plumbing
Summary: - 新增基于 headless_chrome 的 browser_interop 浏览器集成测试 - 覆盖 pranswer/answer、Opus fmtp 协商和 DataChannel 消息往返 - 将三条浏览器子用例接入 signaling、datachannel、media 回归分组 Files: - Cargo.toml - tests/browser_interop.rs - scripts/run_regression_group.sh Verification: - cargo fmt --all - cargo test --test browser_interop - ./scripts/run_regression_group.sh signaling - ./scripts/run_regression_group.sh datachannel - ./scripts/run_regression_group.sh media Result: - pass Risk: - 浏览器用例需要在非沙箱环境运行,沙箱内会受本地 Chrome 调试端口绑定限制
Issue: ISSUE-06 config/certificate-plumbing Summary: - 支持从 PEM 证书链和私钥加载运行时 DTLS 证书 - 新增 PeerConnection::try_new,给错误证书配置提供明确失败路径 - 未配置证书时继续使用自签证书,并保持 SDP fingerprint 生成 Files: - src/peer_connection.rs - src/transports/dtls/mod.rs - tests/certificate_config.rs - tests/certificate_fingerprint_integration.rs Verification: - cargo fmt --all - cargo test --test certificate_config - cargo test --test certificate_fingerprint_integration - cargo test --test regression_baseline regression_security_entrypoints_exist Result: - pass Risk: - 当前运行时只支持单个证书配置 - 私钥加载路径当前要求 PKCS#8 PEM
Issue: ISSUE-07 interop/datachannel-default-ordering Summary: - 将 DataChannelConfig 默认值改为 ordered=true,和浏览器默认语义保持一致 - 抽出并测试 DCEP channel_type 选择逻辑,确保 ordered/unordered 与可靠性组合编码正确 - 新增跨栈测试验证默认 ordered reliable 和显式 unordered 两条路径 Files: - src/transports/datachannel.rs - src/transports/sctp.rs - tests/ordered_channel_test.rs - tests/datachannel_default_semantics.rs Verification: - cargo test --lib test_dcep_channel_type_matches_ordering_and_reliability - cargo test --test ordered_channel_test - cargo test --test datachannel_default_semantics - cargo test --test interop_datachannel Result: - pass Risk: - webrtc-rs 互操作测试需要在非沙箱环境运行,本地 ICE/UDP 受限时会出现假失败
Summary: - 新增浏览器侧接收 Rust 发起 DataChannel 的互操作测试 - 覆盖默认 ordered=true 与显式 ordered=false 两条真实浏览器路径 - 将新增浏览器用例接入 datachannel 回归分组 Files: - tests/browser_interop.rs - scripts/run_regression_group.sh Verification: - cargo fmt --all - cargo test --test browser_interop -- --nocapture - ./scripts/run_regression_group.sh datachannel Risk: - 浏览器互操作测试依赖本机 Chrome/Chromium 和本地 ICE/UDP 绑定,沙箱内可能无法运行
Issue: ISSUE-08 config/remove-misleading-api-surface Summary: - 为 RtcConfiguration 增加集中运行时支持校验,避免配置被静默接受 - 将 bundle_policy 默认值收敛为 MaxBundle,并对 Balanced/MaxCompat 提前报错 - 对 TURN OAuth 凭据和不完整的 RTP 端口范围配置给出明确错误 - 为 PeerConnection 和 IceTransport 增加 try_new/try_build 校验入口 Files: - src/config.rs - src/peer_connection.rs - src/transports/ice/mod.rs - tests/config_support_matrix.rs Verification: - cargo fmt --all - cargo check --tests - cargo test --test config_support_matrix - cargo test --test certificate_config --test certificate_fingerprint_integration Result: - pass Risk: - 默认 bundle_policy 从 Balanced 收敛为 MaxBundle,会影响读取默认值的调用方,但与当前实际单传输行为一致 Follow-up: - ISSUE-09 继续处理 TURN TCP/TLS 与 candidate transport 语义
Summary: - 修正 interop_pion 示例对新版 codec 运行时模型的适配,恢复 e2e_interop 编译与回归 - 收敛同机 webrtc-rs 互操作测试到稳定的 IPv4 与 loopback 候选,消除临时 IPv6/link-local 接口带来的抖动 - 调整 RTP latching 测试以基于当前选中的 ICE pair 进行迁移断言,避免错误的本地地址假设 - 在 issue checklist 中新增独立的 IPv6 host candidate 校验事项,并明确主回归与 IPv6 专项验证的边界 Files: - docs/rustrtc-issue-task-checklist.md - examples/interop_pion.rs - tests/interop_webrtc.rs - tests/rtp_latching_test.rs Verification: - cargo fmt --all - cargo check --example interop_pion - cargo test --test e2e_interop -- --nocapture - cargo test --test interop_webrtc -- --nocapture - cargo test --test rtp_latching_test -- --nocapture - cargo test --tests Result: - pass Risk: - e2e_interop 的 Go 辅助示例仍缺少 go.sum 依赖,当前按测试内既有逻辑跳过 Go 构建失败场景 - IPv6 host candidate 语义尚未实现独立专项测试,已在 checklist 中单列 ISSUE-11 跟进
Summary:
- 完成 ISSUE-09,补齐 TURN over TCP/TLS、TURN STUN 属性解析和 relay candidate 语义回归
- 收敛同机 webrtc-rs、RTP 直连和 Rust/Go e2e 的不稳定测试,补上本地 TURN helper 与浏览器回归覆盖
- 统一 rustls CryptoProvider 到 aws_lc_rs,并修正 examples 对当前 codec 运行时模型的结构体初始化
Files:
- src/config.rs src/transports/ice/{mod.rs,stun.rs,tests.rs,turn.rs}
- tests/{interop_turn_tcp.rs,interop_turn_tls.rs,turn_candidate_semantics.rs,e2e_interop.rs,interop_datachannel.rs,interop_simulcast.rs,interop_webrtc.rs,datachannel_default_semantics.rs,rtp_latching_test.rs,rtp_mode_test.rs,browser_interop.rs} tests/clients/{local_turn_server/mod.rs,turn_interop_case.rs}
- scripts/run_regression_group.sh docs/rustrtc-issue-task-checklist.md examples/interop_pion_go/go.sum
- examples/{interop_pion.rs,rtp_bench_sut.rs,rtp_reinvite_demo.rs,rustrtc_sfu.rs,echo_server.rs,benchmark.rs,rtp_play.rs,latency_optimization.rs,audio_saver.rs,datachannel_chat.rs,datachannel_stress.rs,dtls_srtp_bench.rs,sctp_benchmark.rs}
Verification:
- cargo test --tests
- ./scripts/run_regression_group.sh all
- cargo check --tests --examples
- cargo test --test e2e_interop -- --nocapture
Risk:
- 同机互操作测试已显式约束 IPv4 和 loopback 以保证稳定性,不覆盖 IPv6/link-local 主回归路径
- TURN/TLS 自签名证书验证绕过仅在 allow_insecure_turn_tls 测试配置下启用
Summary: - 修正 WebRTC rollback 在 remote description 校验中被误要求 DTLS fingerprint 的问题 - 为手写 WebRTC SDP 测试补齐 fingerprint,适配 upstream main 的更严格校验 - 串行化 Rust/Go e2e 场景并等待服务端真正监听,收敛全量回归中的超时 - 收紧 RTP latching 地址对选择,避免 loopback/LAN 混合地址导致的假失败 Files: - src/peer_connection.rs - tests/codec_negotiation_integration.rs - tests/codec_runtime_model.rs - tests/e2e_interop.rs - tests/rtp_latching_test.rs - tests/rtp_reinvite_comprehensive_test.rs - tests/rtp_reinvite_test.rs - tests/signaling_pranswer_rollback.rs Verification: - cargo test --test e2e_interop -- --nocapture - cargo test --test rtp_reinvite_comprehensive_test -- --nocapture - cargo test --test rtp_latching_test -- --nocapture - cargo test --tests -- --format=terse Risk: - rtp_latching 在缺少同域本地地址对的主机上会跳过测试,不再强行验证不可稳定复现的迁移路径 - e2e_interop 仍依赖本机 Go/浏览器/本地端口环境,但已经去掉并发互扰和固定 sleep 带来的主要不稳定性
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Key Changes
Validation
Notes