Re: [rtcweb] Please require user consent for data channels
Simon Perreault <sperreault@jive.com> Mon, 20 July 2015 14:00 UTC
Return-Path: <sperreault@jive.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 454581A889B for <rtcweb@ietfa.amsl.com>; Mon, 20 Jul 2015 07:00:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_41=0.6, J_CHICKENPOX_61=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TbHp22bHZmQH for <rtcweb@ietfa.amsl.com>; Mon, 20 Jul 2015 07:00:35 -0700 (PDT)
Received: from mail-wg0-f48.google.com (mail-wg0-f48.google.com [74.125.82.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE6C31A889F for <rtcweb@ietf.org>; Mon, 20 Jul 2015 07:00:34 -0700 (PDT)
Received: by wgav7 with SMTP id v7so65910223wga.2 for <rtcweb@ietf.org>; Mon, 20 Jul 2015 07:00:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=vTNbWUPG9EdtAiWLv/0TDXClcxXnMZ7WRIe652Yyq2c=; b=JIIUb+hMTiJkQfVx3PP6dKhwhGwCToACdjm6rvacZ2j1XyA50Ll0X+W8hdbsz9PQn9 FytJib4p5kn9O3FKjWwM8CThUgWsY/b6gRsJ4jvfToLAJOMdI4d9C96dsysRtw0BAq9J 8SqZ6dh0hl2puwzor9YhMLammUNS8UJbPGyCDzSbwXAjqGCMfoLOsq8iTJoDs9njzJHZ TQXyrslmo7H/mok7KoMegz4+2RsC5a2t3kc68U78eYbC9c/Gl/ZkY4cC6OT5e/IFTRZm b2sFifxKowLEZpFgTu+jPlyNfEzm/Hewa3j47WUvXTMPzgYunNwWhpxXUI6uw4b37AO2 ihpQ==
X-Gm-Message-State: ALoCoQmcH8w6lWO0eo2IjGOg/nz/4JjKt0MHDgBjC4b0zkOebxkc0oIxDl82odvAQJYYGnFsxXqx
X-Received: by 10.180.91.40 with SMTP id cb8mr9368740wib.54.1437400833594; Mon, 20 Jul 2015 07:00:33 -0700 (PDT)
Received: from dhcp-b3b5.meeting.ietf.org ([2001:67c:370:176:8c28:2ddb:9d64:1c21]) by smtp.googlemail.com with ESMTPSA id j7sm32165591wjz.11.2015.07.20.07.00.32 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Jul 2015 07:00:32 -0700 (PDT)
Message-ID: <55ACFEFE.3030108@jive.com>
Date: Mon, 20 Jul 2015 16:00:30 +0200
From: Simon Perreault <sperreault@jive.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Tim Panton <tim@phonefromhere.com>
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com> <55A95364.2070806@gmail.com> <CAOJ7v-3t9BQabR2e4EHs4G0Sec4sU9DFC2aiSXXYrat+an+RYg@mail.gmail.com> <55A96DA3.1040907@gmail.com> <CAOJ7v-1ui7349NzK6NZNRHPbnHWZajctk4cDgMKqRZSv47EYdA@mail.gmail.com> <55A9860D.8030903@gmail.com> <CAOJ7v-3LGd32rnpFVW_U0s3+iVaJXsL4vt_YAo=cyp6YyOArdw@mail.gmail.com> <CALiegfmiS18Jux-kCgOhTKKiyGtMertj6xCegpFrox5NOf9EJg@mail.gmail.com> <CABkgnnW0Tmjqz823vKiF84_u6HasBJC7ERMYCO2HL_NPj5saTA@mail.gmail.com> <CALiegfkpbLy1QXxr-RRF0oOpVv1sWsFeab=vvC4iT4DnPtjKQw@mail.gmail.com> <CABkgnnVWcuhX2NjZgx87L+Uo6df6rEBWW73cxbaX3mu_VfHmCA@mail.gmail.com> <CALiegfkQWAn-jMrjhcDPA3rtowOPVk-S8z3c-jvjpNmjtf=3hA@mail.gmail.com> <CABkgnnWERM4oxozNCSvRf1o0Wm-d9Bjw=9B+xh_NJ+h6GfBJ6Q@mail.gmail.com> <7F818FAC-5559-4074-B1FC-EB9516A98FB7@phonefromhere.com> <55ACEA74.8050 300@jive.com> <13F9D9AE-7B6B-40DE-BDD7-DDED28382EAB@phonefromhere.com> <55ACF718.3010000@jive.com>
In-Reply-To: <55ACF718.3010000@jive.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/-ycr5C8DjEhRzjoOPaRYgVXFifQ>
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 14:00:36 -0000
Le 2015-07-20 15:26, Simon Perreault a écrit : >> I can think of some financial institutions who’s IDSs will go off when packets >> > to public external addresses start turning up on internal LANS . (hopefully they >> > will get dropped at the egress router, but by then the IDS will have paged someone). > But that's not going to happen unless there's a route. I think there > could be a misunderstanding here. For example, if there's a VPN with a > 10.0.0.0/8 route but no default route, the ICE client will *not* send a > request to a TURN server listening on 192.0.2.1 over the VPN interface. > That would make no sense whatsoever. Just to be sure I am not going crazy, I just wrote this test: > #include <sys/socket.h> > #include <sys/types.h> > > #include <netinet/in.h> > #include <string.h> > > int > main(int argc, char *argv[]) > { > int s; > struct sockaddr_in sin; > char foo[] = "bar"; > > s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); > > sin.sin_family = AF_INET; > sin.sin_addr.s_addr = inet_addr("192.168.2.128"); > sin.sin_port = htons(1234); > memset(&sin.sin_zero, 0, sizeof(sin.sin_zero)); > bind(s, (struct sockaddr *)&sin, sizeof(sin)); > > sin.sin_family = AF_INET; > sin.sin_addr.s_addr = inet_addr("192.168.2.200"); > sin.sin_port = htons(53); > memset(&sin.sin_zero, 0, sizeof(sin.sin_zero)); > sendto(s, foo, sizeof(foo), 0, (struct sockaddr *)&sin, sizeof(sin)); > > sin.sin_family = AF_INET; > sin.sin_addr.s_addr = inet_addr("8.8.8.8"); > sin.sin_port = htons(53); > memset(&sin.sin_zero, 0, sizeof(sin.sin_zero)); > sendto(s, foo, sizeof(foo), 0, (struct sockaddr *)&sin, sizeof(sin)); > > return (0); > } I ran it on this system: > sperreault@debian:~$ ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:0c:29:66:b9:2c brd ff:ff:ff:ff:ff:ff > inet 192.168.2.128/24 brd 192.168.2.255 scope global eth0 > inet6 fe80::20c:29ff:fe66:b92c/64 scope link > valid_lft forever preferred_lft forever > sperreault@debian:~$ ip r > 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.128 > sperreault@debian:~$ Strace's output is: > bind(3, {sa_family=AF_INET, sin_port=htons(1234), sin_addr=inet_addr("192.168.2.128")}, 16) = 0 > sendto(3, "bar\0", 4, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.2.200")}, 16) = 4 > sendto(3, "bar\0", 4, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 16) = -1 ENETUNREACH (Network is unreachable) This confirms that bind() does not override the routing table. Simon
- [rtcweb] Please require user consent for data cha… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Lorenzo Miniero
- Re: [rtcweb] Please require user consent for data… Michael Tuexen
- Re: [rtcweb] Please require user consent for data… tim panton
- Re: [rtcweb] Please require user consent for data… Bernard Aboba
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Timothy B. Terriberry
- Re: [rtcweb] Please require user consent for data… Victor Pascual Avila
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Eric Rescorla
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Stephen Farrell
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Jonathan Lennox
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Randell Jesup
- Re: [rtcweb] Please require user consent for data… Roman Shpount