Disable encryption for PeerConnection in native webrtc
921 views
Skip to first unread message
valenti...@gmail.com
Sep 13, 2018, 1:58:57 AM9/13/18
to discuss-webrtc
Hello,
I am currently working on a project which is trying to build a communication adapter which uses webrtc to transport game data. The project ist Forged Alliance Forever (Supreme Commander) and this is the repositoy: github.com/FAForever/ice-adapter
The communication adapter ist working now, but we would like to disable encryption, because it wastes traffic which may be limited in large games with many participants.
So here is the question:
Is it possible to disable encryption for a peerconnection using the native webrtc release 68?
If so, how? Do you have a minimal example?
I tried the following things (sorry for code snippets):
_pcfactory = webrtc::CreateModularPeerConnectionFactory(nullptr,
nullptr,
nullptr,
nullptr,
nullptr,
nullptr);
webrtc::PeerConnectionFactoryInterface::Options webRtcOptions;
webRtcOptions.disable_encryption = true;
_pcfactory->SetOptions(webRtcOptions);
and later:
webrtc::PeerConnectionInterface::RTCConfiguration configuration;
configuration.servers = _iceServerList;
configuration.enable_rtp_data_channel = true;
_peerConnection = _pcfactory->CreatePeerConnection(configuration,
nullptr,
nullptr,
_peerConnectionObserver.get());
So the problems i am facing now is, that I get aborts from within webrtc and i cannot understand what is happening.
Kind Regards,
Valentin
Lennart Grahl
Sep 14, 2018, 3:35:14 AM9/14/18
to discuss-webrtc
Hi,
you cannot disable encryption for SCTP-based data channels. And RTP-based data channels are not in the spec. But is this just a hunch or do you have actual evidence that it would waste bandwidth? Because I'm certain that this is not the case after the initial DTLS handshake. The byte overhead of DTLS and its encryption will be negligible. The impact of the fixed MTU of 1200 in all implementations I've seen so far will have a much higher impact. If you really are concerned about that, you may want to help the usrsctp people to implement a new path MTU algorithm or implement path MTU discovery in the browsers themselves. Or improve your protocol to use fewer bytes. But disabling encryption is not the way to go here.
Also, since your code indicates that you allow browsers to create data channel as well, be aware of the following bugs:
1. Firefox with maxRetransmit 0 is broken up to version 62: https://bugzilla.mozilla.org/show_bug.cgi?id=1464917
2. Chrome with maxRetransmit 0 is broken up to version... I have no idea actually because I don't understand their bug tracker: https://bugs.chromium.org/p/chromium/issues/detail?id=696681
Cheers
Lennart
valenti...@gmail.com
Sep 18, 2018, 1:41:04 PM9/18/18
to discuss-webrtc
Hi Lennart,
thank you for your answer. I have actual evidence, the application, the supreme commander game, sends packets with sizes of around 40 bytes in average. As far as I can see, the DTLS header uses 12 bytes, additionally depending on the encryption padding is added. Correct me, if I am wrong, but this is significant overhead. Additionally, we have measured an increase in game data bandwidth of around 150%. In sum, we have bandwidth of factor 2.5 to the original game data transfer (without using webrtc). The game transmits data from each client to each client, therefore the bandwidth increases exponentially with the number of players.
I have seen from the webrtc standard, that an unencrypted data channel is not allowed / specified. But i am asking for the possibilities of the chromium webrtc library.
Is it possible to "misuse" the library to transfer arbitrary data over a data channel (or possibly over a media channel) without encryption?
When your answer is "no" aswell, i have another question. Is it possible to just use the ICE-functionality of the webrtc library with simple UDP sockets?
Kind Regards,
Valentin
thank you for your answer. I have actual evidence, the application, the supreme commander game, sends packets with sizes of around 40 bytes in average. As far as I can see, the DTLS header uses 12 bytes, additionally depending on the encryption padding is added. Correct me, if I am wrong, but this is significant overhead. Additionally, we have measured an increase in game data bandwidth of around 150%. In sum, we have bandwidth of factor 2.5 to the original game data transfer (without using webrtc). The game transmits data from each client to each client, therefore the bandwidth increases exponentially with the number of players.
I have seen from the webrtc standard, that an unencrypted data channel is not allowed / specified. But i am asking for the possibilities of the chromium webrtc library.
Is it possible to "misuse" the library to transfer arbitrary data over a data channel (or possibly over a media channel) without encryption?
When your answer is "no" aswell, i have another question. Is it possible to just use the ICE-functionality of the webrtc library with simple UDP sockets?
Kind Regards,
Valentin
Lennart Grahl
Sep 19, 2018, 6:37:44 AM9/19/18
to discuss-webrtc
Hi,
before we go deep into discussions about whether the overhead of a few bytes makes any difference on when UDP starts to drop packets (since your packets are still far, far less than the usual MTU), an area where I'm not an expert in, let me ask this: It seems you don't even need compatibility with browsers? If so, why use WebRTC? I would recommend a lean ICE implementation instead (such as the awesome re library).
Cheers
Lennart
valenti...@gmail.com
Sep 19, 2018, 3:43:04 PM9/19/18
to discuss-webrtc
Hi,
Yes, we don't need compatibility with browsers. We want to use webrtc to overcome connection issues with a game where we can't change the network implementation, because it is closed source. The game uses UDP and implements it's own retransmission mechanism.
You are right, a lean ICE Implementation would fit best. As i joined the project, the other authors tried different C++ ICE libraries and reported that those weren't stable. They chose to use webrtc, because it looks promising regarding updates and stability. The implementation of the adapter was almost finished as we discovered, that bandwidth may be a problem, when using SCTP with DTLS. So the intention is to find a "cheap" way to fix this problem by somehow disabling the encryption. Therefore the question :)
So do you see a reasonable way to disable encryption or is this a lot of work?
Regards,
Valentin
Lennart Grahl
Sep 19, 2018, 5:17:46 PM9/19/18
to discuss-webrtc
I have no idea how much work it would be to do this. I've heard that there are low-level components available to write custom transports, so perhaps you don't even need to maintain a fork of the library. But I'm pretty certain many ICE libraries will be at least as stable as libwebrtc is... and they don't bring a whole jungle of stuff along you don't even want to use, at least in your case.
Cheers
Lennart
Alexandre GOUAILLARD
Sep 19, 2018, 8:59:45 PM9/19/18
to discuss...@googlegroups.com
actually,
many webrtc servers, and browsers, use third party its for ICE:
libnice, https://nice.freedesktop.org/wiki/
since firefox use nICEr internally, for example, I don t think webrtc can be considered more stable ...
libnice is used by kurento media server, janus, ring central, and quite a few others as well since it is used by GStreamer which is at the core of Pexip, webkit, ....
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/94c13a26-8da2-4828-81df-c7f37911cba6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alex. Gouaillard, PhD, PhD, MBA
------------------------------------------------------------------------------------
President - CoSMo Software Consulting, Singapore
------------------------------------------------------------------------------------
Reply all
Reply to author
Forward
0 new messages