MT#55283 loosen check from e969a7942

The internally used VALID flag doesn't reflect the "valid" state from
the RFC, possibly leading to legitimate packets (DTLS etc) to be
ignored. Introduce a new flag to track which ICE pairs have been
authenticated through requests or responses.

Change-Id: I11b8e2bb6a7638ab9405304c6f45c29b20d3739c

daemon/ice.c

@@ -1259,6 +1259,8 @@ int ice_request(stream_fd *sfd, const endpoint_t *src,
 			goto err;
 	}
 
+	PAIR_SET(pair, AUTHENTICATED);
+
 	if (!AGENT_ISSET(ag, LITE_SELF)) {
 		/* determine role conflict */
 		if (attrs->controlling && AGENT_ISSET(ag, CONTROLLING)) {
@@ -1391,6 +1393,8 @@ int ice_response(stream_fd *sfd, const endpoint_t *src,
 		goto out;
 	}
 
+	PAIR_SET(pair, AUTHENTICATED);
+
 	/* we don't discover peer reflexive here (RFC 5245 7.1.3.2.1) as we don't expect to be behind NAT */
 	/* we also skip parts of 7.1.3.2.2 as we don't do server reflexive */
 
@@ -1533,7 +1537,7 @@ bool ice_peer_address_known(struct ice_agent *ag, const endpoint_t *sin, struct
 	struct ice_candidate_pair *pair = __pair_lookup(ag, cand, ifa);
 	if (!pair)
 		return false;
-	if (!PAIR_ISSET(pair, VALID))
+	if (!PAIR_ISSET(pair, AUTHENTICATED))
 		return false;
 
 	return true;

include/ice.h

@@ -38,6 +38,7 @@
 #define ICE_PAIR_VALID			0x0040
 #define ICE_PAIR_TO_USE			0x0080
 #define ICE_PAIR_TRIGGERED		0x0100
+#define ICE_PAIR_AUTHENTICATED		0x0200
 
 #define PAIR_ISSET(p, f)	bf_isset(&(p)->pair_flags, ICE_PAIR_ ## f)
 #define PAIR_SET(p, f)		bf_set(&(p)->pair_flags, ICE_PAIR_ ## f)