From sgcWebSockets 2022.8.0 a new component has been added to the sgcWebSockets library, the TsgcRTCPeerConnection.
The TsgcRTCPeerConnection is a client component that allows to connect peers using P2P through UDP. The flow can be break into 4 steps:- Signaling
- Connecting
- Securing
- Communicating
To implement those steps, the client make use of the following protocols:
- WebSocket: this protocol is used for signaling, the clients exchange the Session Description Protocol and the local, public and Relayed IP addresses.
- UDP: this is the transport protocol, the client use UDP to send/receive messages between peers.
- DTLS: similar to TLS, is an encryption specification that secures the message between peers, avoiding third-parties to read/write messages.
- STUN: protocol to obtain public ip address.
- TURN: protocol to relay ip address when peers are behind NATs.
- ICE: protocol to find which IP Address and Ports are accessible between peers.
Signaling
When the client starts it has no idea who is going to communicate with and what they are going to communicate about. Signaling uses the SDP (Session Description Protocol) which contains details like:
- IPs and Ports the peer is reachable
- Fingerprint's Certificate used to secure the communication.
- User and Password.
- ...
The Signaling makes use of the WebSocket protocol to exchange the data, it works through a subprotocol and it's implemented in the TsgcWSPServer_RTCPeerConnection component on server side.
The TsgcRTCPeerConnection already creates internally a websocket client with TsgcWSPClient_RTCPeerConnection attached.
To obtain the IPs and Ports, the client makes use of the STUN/TURN protocols to obtain this information. So a STUN/TURN server is required too.
Links:
- RTCPeerConnection WebSocket Server
- RTCPeerConnection WebSocket Client
- RTCPeerConnection STUN TURN
- RTCPeerConnection Signaling
Connecting
Once the 2 peers now the candidates and SDPs, the client uses another standard protocol called ICE.
ICE (Interactive Connection Establishment) allows the establishment of a connection between 2 peers. The peers can be in the same network or behind a NAT... ICE is a solution to establishing a direct connection without a central server. If the connection can not be P2P, ICE will use TURN to relay the data using a TURN server.
Once ICE finds a valid candidate that can connect between 2 peers, then the next step is encrypt the communication
Links:
Securing
After the peers have connected, the communication must be secure. This is done using DTLS, which is a cryptographic protocol used to secure communication over UDP.
Once the DTLS handshake has been successfully processed, another protocol is used, SRTP (Secure Real-Time Transport Protocol), currently SRTP is not implemented.
Links:
Communicating
Once the 2 peers are using a secure protocol, the communication is done using 2 protocols:
- RTP: Real Time Transport Protocol: used to exchange media encrypted with SRTP.
- SCTP: Stream Control Transmission Protocol, used to send and receive DataChannel messages encrypted with dTLS.
Currently these protocols are not implemented, but you can send/receive data using DTLS over UDP.
First open the websocket server and then open 2 peers in different machines. The demo makes use of the public STUN/TURN server from esegece.com. For production, a dedicated STUN/TURN server must be deployed.