Skip to content

feat(webrtc): support webrtc-direct v2#3520

Open
lidel wants to merge 1 commit into
masterfrom
feat/webrtc-direct-v2
Open

feat(webrtc): support webrtc-direct v2#3520
lidel wants to merge 1 commit into
masterfrom
feat/webrtc-direct-v2

Conversation

@lidel

@lidel lidel commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Member

Problem

/webrtc-direct lets a browser dial a public libp2p server with no signalling and no CA-signed cert. That path works by "munging" the local SDP so the server can predict the browser's ICE credentials, and Chrome is taking that ability away (the WebRTC-NoSdpMangleUfrag field trial). Once it reaches stable, browsers can no longer open /webrtc-direct connections to a go-libp2p server, which is the whole reason the transport exists.

I documented it in libp2p/specs#672 (comment)

Fix

v2 spec avoids "munging" and is proposed at:

This PR implements it while maintaining backward-compatibility with v1 clients too

Details

  • the listener accepts v1 and v2 dialers on one port, picking the flow from the ICE username fragment prefix and rejecting versions it doesn't know;
  • v2 carries the browser's own ICE password in the server ufrag, so the server recovers it from the STUN USERNAME with no signalling;
  • parsed username fragments are validated (charset and length) before they reach SDP;
  • opt-in WithDialerVersion("v2") lets a go node dial v2; v1 stays the default for now. can be flipped in future PR, but also does not matter, GO will not do the dials, JS will (feat: webrtc-direct-v2 js-libp2p#3480), so this is just for formal parity and testing

Testing

This keeps browser-to-server connectivity alive once Chrome flips the trial; verified end to end against a real Chrome (v2, munging off) and js-libp2p both ways.

Details: #3499 (comment)

References

@lidel
feat(webrtc): support webrtc-direct v2
c398b26 
Chrome is removing the SDP munging that v1 browser-to-server dials
rely on (the WebRTC-NoSdpMangleUfrag field trial), so the listener
now also speaks the v2 flow, which carries the client's ICE password
in the server ufrag instead of munging. Implements libp2p/specs#715.

- listener: parse both halves of the STUN USERNAME, dispatch on the
  ufrag prefix (v1, v2, or reject an unknown version), recover the v2
  client password, and set pion's ICE credentials to match.
- udpmux: surface the server and client ufrag separately and key the
  mux on the server (local) ufrag, which is what pion looks up.
- validation: reject STUN USERNAME fragments outside the RFC 8839
  ice-char set or length bounds before they reach SDP.
- dialer: add opt-in WithDialerVersion(2) that emits the v2 wire
  format for go-to-go and testing; v1 stays the default.
- tests: parsing/validation units plus end-to-end v1 and v2 dials
  against a single listener.
@lidel lidel requested review from MarcoPolo and sukunrt June 19, 2026 23:56
This was referenced Jun 20, 2026
Open
Open
Open
@lidel lidel marked this pull request as ready for review June 20, 2026 00:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarcoPolo MarcoPolo Awaiting requested review from MarcoPolo
@sukunrt sukunrt Awaiting requested review from sukunrt

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lidel