Bug 233752

Summary:

REGRESSION (iOS 15): Safari loses Network access when establishing WebRTC session

Product:

WebKit

Reporter:

David Gölzhäuser <david.goelzhaeuser>

Component:

WebRTC

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

david.goelzhaeuser, eric.carlson, ews-watchlist, ggaren, glefebvr, mwake, oscar.divorraescoda, silviapfeiffer1, tsavell, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar

Version:

Safari 15

Hardware:

iPhone / iPad

OS:

iOS 15

See Also:

https://bugs.webkit.org/show_bug.cgi?id=227210

Attachments:

Description	Flags
Wireshark log	none
Patch	none

David Gölzhäuser

Reported 2021-12-01 23:57:10 PST

Some users of our Intercom noticed a strange behaviour regarding WebRTC calls on iPhones running iOS 15. When trying to establish a connection with the intercom via WebRTC no network communication is possible anymore, Websockets and HTTPs requests will just run in a timeout. After some investigation with Wireshark we noticed that it looked like the iPhone is not answering the DTLS Handshake correctly, as Wireshark shows "DTLS" instead of "DTLSv1.2" or "DTLSv1.0". The iOS OS Log shows that boringssl successfully finishes, but shortly after I see the following messages: 08:48:15.515922+0100 com.apple.WebKit.Networking nw_read_request_report [C35] Receive failed with error "Connection refused" 08:48:15.516001+0100 com.apple.WebKit.Networking NetworkRTCUDPSocketCocoaConnections failed processing UDP data with error 61 There is something going on with UDP which would match the not finished DTLS handshake. This issue described only affects srflx candidates, host or relay candidates would work, but we can't relay every iPhone user through our Relay server yet. As the feature is implemented for an Intercom (Door Camera) remote access via srflx is essential I also found this thread which I think describes a similar issue: https://developer.apple.com/forums/thread/689293 Further Logs or dumps can be supplied if nessesary.

Attachments
Wireshark log (674.94 KB, image/jpeg) 2021-12-02 01:20 PST, David Gölzhäuser	no flags	Details
Patch (1.92 KB, patch) 2021-12-09 09:00 PST, youenn fablet	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

David Gölzhäuser

Comment 1 2021-12-02 01:20:13 PST

Created attachment 445689 [details] Wireshark log This is a Wireshark of the issue, here you can see the DTLS without any version and that the iPhone is cycling through Binding requests and and then a DTLS from the Intercom. The iPhone also gets a bit warm. I redacted the external IP addresses: Red = Our STUN/TURN server Yellow = The Public IP of my network Blue = The Public IP of the network with the Intercom in it 10.7.10.145 is the iPhone 192.168.62.20 is the Intercom

David Gölzhäuser

Comment 2 2021-12-02 06:57:26 PST

As our app is Cordova based we tried to implement cordova-plugin-iosrtc (https://github.com/cordova-rtc/cordova-plugin-iosrtc), it implements many aspects of WebRTC on its own and also used libwebrtc from Chrome M87. This strongly indicates that there is a bug in iOS Safaris WebRTC handling.

David Gölzhäuser

Comment 3 2021-12-02 08:56:08 PST

When disabling the Experimental Feature "WebRTC Platform UDP Sockets" in the iOS Safari Settings and restarting Safari the issue is resolved. I assume this is due to this commit https://git.webkit.org/?p=WebKit.git;a=commit;h=94f31e8bfa57b5f69a8be638ba7560008a9b7757 This enables the Socket abstraction to enable iCloud Private Relay for WebRTC, although WebRTC still leaks public IP addresses, I assume the proxying is still work in progress.

David Gölzhäuser

Comment 4 2021-12-02 08:58:39 PST

However this issue persists in any Cordova based applications as the WKWebView ignores the setting from Safari. I couldn't find a way how to disable this flag programmatically.

David Gölzhäuser

Comment 5 2021-12-03 01:12:38 PST

This issue is fixed with iOS 15.2 Developer Beta 4. Can someone explain what the issue was? I am unable to find a matching commit in WebKit, so I assume it was a general issue in the Socket handling in iOS?

youenn fablet

Comment 6 2021-12-03 01:17:05 PST

(In reply to David Gölzhäuser from comment #5) > This issue is fixed with iOS 15.2 Developer Beta 4. > > Can someone explain what the issue was? I am unable to find a matching > commit in WebKit, so I assume it was a general issue in the Socket handling > in iOS? Difficult to say, I am glad this is fixed. @David, if you can still reproduce, you can privately send me a sysdiagnose (youenn@apple.com). Or if you have a way for me to reproduce this issue. > Websockets and HTTPs requests will just run in a timeout. So all networking to the intercom was broken? Was private relay on?

David Gölzhäuser

Comment 7 2021-12-03 02:50:47 PST

I am unable to reproduce this in our development environment, only three users (two of are employees of our company) report these issues. I have access to two systems which I used to analyze this issue. I may be able to ask for access. > So all networking to the intercom was broken? Was private relay on? This issue happens in the Safari App and in our Cordova based app. When using the Safari App all network communication is timed out, even if I switch to a different tab and try to load https://www.apple.com. In our Cordova based app all network traffic is timing out, so I guess its for the whole application process? iCloud Private Relay was not turned on. There is no difference when its on or off. Further: I checked the WebKit code and it looks like the libWebRTC sockets abstraction to Cocoa Network API is always active as long as the Experimental feature "WebRTC Platform UDP Sockets" is turned on. However proxying WebRTC through iCloud Private Relay is not enabled (yet), as the public IP address leaks when using a STUN server.

youenn fablet

Comment 8 2021-12-08 00:20:08 PST

This might be

Radar WebKit Bug Importer

Comment 9 2021-12-08 00:20:27 PST

<rdar://problem/86196093>

David Gölzhäuser

Comment 10 2021-12-08 05:10:21 PST

The issue is back in iOS 15.2 RC in WKWebView, Safari has no issue tho.

youenn fablet

Comment 11 2021-12-09 09:00:45 PST

Created attachment 446557 [details] Patch

Geoffrey Garen

Comment 12 2021-12-09 13:57:45 PST

Comment on attachment 446557 [details] Patch r=me

EWS

Comment 13 2021-12-10 02:40:40 PST

Committed r286841 (245074@main): <https://commits.webkit.org/245074@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 446557 [details].

youenn fablet

Comment 14 2021-12-10 02:46:44 PST

@David, I hope you will be able to test in MacOS Safari Tech Preview when the fix gets there. Since I do not have your exact setup, it would be good to validate that this now works. If not, another sysdiagnose might help since the behavior will have changed.

youenn fablet

Comment 15 2021-12-10 08:43:59 PST

Comment on attachment 446557 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=446557&action=review > Source/WebKit/NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm:292 > + RELEASE_LOG_ERROR_IF(!!error, WebRTC, "NetworkRTCUDPSocketCocoaConnections failed processing UDP data with error %d", nw_error_get_error_code(error)); But now we have excessive logging. I guess we need to log only if there is an error and the error code is different from the previous one.

David Gölzhäuser

Comment 16 2021-12-10 12:23:11 PST

I am currently updating my Mac to the latest Technology Preview and macOS Beta. I can confirm that the issue is still available in iOS 15.2 RC 2 Released today, but I assume the fix has not landed in that build yet. I will keep you updated

David Gölzhäuser

Comment 17 2021-12-10 13:18:11 PST

@Youenn, I sent you sysdiagnistic from macOS using the latest Safari Tech Preview via email.

Truitt Savell

Comment 18 2021-12-10 15:38:19 PST

It looks like the changes here caused many webrtc tests to flakily timeout or fail on iOS. tracking in https://bugs.webkit.org/show_bug.cgi?id=234181

David Gölzhäuser

Comment 19 2021-12-12 23:00:17 PST

I'll change the status to "Reopened" again

David Gölzhäuser

Comment 20 2021-12-20 15:46:55 PST

The issue appears to be fixed again in iOS 15.3 Beta 1.

David Gölzhäuser

Comment 21 2022-01-12 23:59:32 PST

This issue appears to be back in iOS 15.3 Beta 2.

David Gölzhäuser

Comment 22 2022-01-12 23:59:42 PST

This issue appears to be back in iOS 15.3 Beta 2.

David Gölzhäuser

Comment 23 2022-01-21 01:10:16 PST

This issue is still present in iOS 15.3 RC.

youenn fablet

Comment 24 2022-01-29 01:12:03 PST

Can you try iOS 15.4 beta1?

David Gölzhäuser

Comment 25 2022-02-01 00:21:03 PST

This issue is fixed again in iOS 15.4 Beta 1

David Gölzhäuser

Comment 26 2022-02-09 08:56:05 PST

This issue is still fixed in iOS 15.4 Beta 2 Did you do anything to fix this?

youenn fablet

Comment 27 2022-02-09 09:57:14 PST

(In reply to David Gölzhäuser from comment #26) > This issue is still fixed in iOS 15.4 Beta 2 > > Did you do anything to fix this? The above fix made it to iOS 15.4 betas (but not iOS 15.3). Marking at resolved, thanks for your testing!

Note You need to log in before you can comment on or make changes to this bug.