Can I use WebRTC to open a UDP connection?

Question

We need send data to our users' devices using the TFTP protocol, which is a simple FTP-like protocol that works over UDP.

Since we can't open a UDP socket using javascript, we have been using our server as a proxy, sending the data to our server and opening a UDP connection from the server to the device. That does have the drawback that our users need to learn about NAT and configure port forwarding.

So the question is, could we use WebRTC to open a direct UDP socket to send and receive between the browser and the devices?

http://www.webrtc.org/reference/webrtc-internals/vienetwork#TOC-SendUDPPacket suggests that we could send some raw UDP data over the socket (that is, if it's possible to access that layer over javascript. i'm not sure about that), but I see no way to fetch a raw UDP response.

Any help much appreciated

I should tell you my new UDP joke, but.. you might never get it. — jAndy, Dec 11 '12 at 00:50
I hope this article might help a lot. [How to send a UDP Packet with WebRtc?](https://stackoverflow.com/a/70039639/10413749) — Muhammad Usman Bashir, Nov 19 '21 at 18:57

score 13 · Accepted Answer · answered Dec 13 '12 at 20:05

13

No. There are too many security issues allowing WebRTC to send to a random address/port - we have to make sure it doesn't work as a DDOS platform, so we require the target to implement ICE as an implicit permission to send data, and we also don't allow sending arbitrary data, just SRTP mediastreams and data in DataChannels (over SCTP over DTLS over UDP+ICE).

answered Dec 13 '12 at 20:05

jesup

6,765
27
32

4

Why worry about DDOS in WebRTC? Can't you already do from a client by just endlessly creating images, submitting forms, XHRs and what not? What's so special about prevent DDOS with WebRTC? Message after message on the webrtc mailing list, and question after question highlights the grand desire for being able to use WebRTC to send data back to the server, not just peer to peer. I don't even get why peer to peer was developed first. Being able to voice chat with just one other person is of limited use. The immediate question is, how do I add another user to my call? With an MCU. Not easy. – Bjorn Sep 30 '13 at 15:13
1

One could restrict back to server webrtc with the same same-origin policy that already exists, or some file on the original domain the way flash does it. Or CORS headers. – Bjorn Sep 30 '13 at 15:16
1

Code distributed in webpages/ads/etc could act as a DDOS if it can send arbitrarily large amounts of (fill the upstream pipe) to a IP address. Please read the rtcweb security considerations draft for examples. Sites can more easily handle connection-oriented DDOS attacks since they can control accepting the connections (pace them, etc). I'll note that the request here was for peer-to-peer raw UDP, which is something else entirely, and not what you seem to be asking for. – jesup Oct 17 '13 at 06:07
3

And WebRTC absolutely can be used to send data to servers; in fact that's a primary usecase. And for A/V communication (the primary goal of WebRTC), P2P has big advantages, especially if you're not Google (in particular lower latency, and for the service much lower bandwidth costs, which is why you have all these free WebRTC sites up now.) P2P also enables a lot of interesting uses of DataChannels – jesup Oct 17 '13 at 06:12
@BjornTipling - This is a common theme in the GOOGLEAPPLEMICROSOFT protocols being created. They are making the protocols so that they can't replace existing services and saying it is for security purposes. For example, in Websocket, the client must mask all data. Why? so that proxies or other middle service cannot add malicious content within frame data - yet nothing in the protocol is designed to stop such services from unmasking, modifying, and remasking the modified content. THE MASKING KEY IS SENT WITH EACH MESSAGE! Total no-brainer. – JSON Jan 28 '14 at 10:26
1

@JSON I do believe that masking is in place to stop cached responses from being sent when the HTTP handshake is initiated, not for security. – Owen Delahoy Apr 17 '14 at 19:46

score 2 · Answer 2 · answered Dec 11 '12 at 11:47

No, you cannot send raw UDP data using WebRTC like that.

The ViENetwork lib where you can find the SendUDPPacket method is used inside Chrome to handle packet transmissions, Windows QoS support and other network settings, but you don't have direct access to it.

One of the main features of WebRTC is the Data Channel that will bring the possibility to establish a peer-to-peer connection between two browsers, to allow raw data to be exchanged. This is still under construction in Chrome and Firefox as you can see here.

This can be what you are searching for, as you can establish a connection to send raw data and you will only have to worry in find a way to establish this connections to your other endpoint, if that's what you want.

That won't work, since we're talking about very specific hardware on the other end (mostly Arduino), which can talk only via TFTP. Pitty though... — tzikis, Dec 11 '12 at 15:19

Can I use WebRTC to open a UDP connection?

2 Answers2

Linked