tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 45e6701319efb29c5f91f94e77af2c4baf19c1a5
parent 9cb06af1879ce20a698b49e4071ccb3075b2240f
Author: Dan Baker <dbaker@mozilla.com>
Date:   Mon,  1 Dec 2025 18:21:53 -0700

Bug 2000941 - Vendor libwebrtc from 63a8d4f5e3

Upstream commit: https://webrtc.googlesource.com/src/+/63a8d4f5e38d6db9e339c0674fde14dd3e70d22b
    Provide Environment for TurnServer

    Pass that Environment when creating AsyncPacketSockets with the
    TurnServer. Use unique_ptr to clarify ownership passing of
    AsyncPacketSockets and Sockets at TurnServer api.

    Bug: webrtc:42223992
    Change-Id: I750e778808aec533eb867ccef64e24b76b57b14b
    Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/408723
    Commit-Queue: Danil Chapovalov <danilchap@webrtc.org>
    Reviewed-by: Harald Alvestrand <hta@webrtc.org>
    Cr-Commit-Position: refs/heads/main@{#45601}

Diffstat:

Mthird_party/libwebrtc/README.mozilla.last-vendor | 4++--


Mthird_party/libwebrtc/examples/BUILD.gn | 3+++


Mthird_party/libwebrtc/examples/turnserver/turnserver_main.cc | 12++++++++----


Mthird_party/libwebrtc/moz-patch-stack/s0102.patch | 2+-


Mthird_party/libwebrtc/p2p/BUILD.gn | 3+++


Mthird_party/libwebrtc/p2p/base/local_network_access_port_unittest.cc | 7++++---


Mthird_party/libwebrtc/p2p/base/p2p_transport_channel_unittest.cc | 30++++++++++++++++++------------


Mthird_party/libwebrtc/p2p/base/port_unittest.cc | 11+++++++----


Mthird_party/libwebrtc/p2p/base/turn_port_unittest.cc | 2+-


Mthird_party/libwebrtc/p2p/client/basic_port_allocator_unittest.cc | 3++-


Mthird_party/libwebrtc/p2p/test/test_turn_server.h | 16++++++++++------


Mthird_party/libwebrtc/p2p/test/turn_server.cc | 86++++++++++++++++++++++++++++++++++++++++---------------------------------------


Mthird_party/libwebrtc/p2p/test/turn_server.h | 24+++++++++++++++---------


Mthird_party/libwebrtc/pc/peer_connection_rampup_tests.cc | 11+++++++----


Mthird_party/libwebrtc/pc/test/integration_test_helpers.h | 3++-


Mthird_party/libwebrtc/test/network/emulated_turn_server.cc | 4++--


16 files changed, 129 insertions(+), 92 deletions(-)

diff --git a/third_party/libwebrtc/README.mozilla.last-vendor b/third_party/libwebrtc/README.mozilla.last-vendor
@@ -1,4 +1,4 @@
 # ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
-libwebrtc updated from /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-12-02T01:19:09.715699+00:00.
+libwebrtc updated from /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-12-02T01:21:35.119040+00:00.
 # base of lastest vendoring
-640c1aeea2
+63a8d4f5e3
diff --git a/third_party/libwebrtc/examples/BUILD.gn b/third_party/libwebrtc/examples/BUILD.gn
@@ -812,6 +812,8 @@ if (is_linux || is_chromeos || is_win) {
     sources = [ "turnserver/turnserver_main.cc" ]
     deps = [
       ":read_auth_file",
+      "../api/environment",
+      "../api/environment:environment_factory",
       "../p2p:basic_packet_socket_factory",
       "../p2p:p2p_server_utils",
       "../p2p:port_interface",
@@ -821,6 +823,7 @@ if (is_linux || is_chromeos || is_win) {
       "../rtc_base:socket_address",
       "../rtc_base:socket_server",
       "../rtc_base:threading",
+      "//third_party/abseil-cpp/absl/memory",
       "//third_party/abseil-cpp/absl/strings",
     ]
   }
diff --git a/third_party/libwebrtc/examples/turnserver/turnserver_main.cc b/third_party/libwebrtc/examples/turnserver/turnserver_main.cc
@@ -11,10 +11,13 @@
 #include <fstream>
 #include <iostream>
 #include <map>
+#include <memory>
 #include <string>
 #include <utility>
 
 #include "absl/strings/string_view.h"
+#include "api/environment/environment.h"
+#include "api/environment/environment_factory.h"
 #include "examples/turnserver/read_auth_file.h"
 #include "p2p/base/basic_packet_socket_factory.h"
 #include "p2p/base/port_interface.h"
@@ -70,17 +73,18 @@ int main(int argc, char* argv[]) {
     return 1;
   }
 
+  const webrtc::Environment env = webrtc::CreateEnvironment();
   webrtc::PhysicalSocketServer socket_server;
   webrtc::AutoSocketServerThread main(&socket_server);
-  webrtc::AsyncUDPSocket* int_socket =
-      webrtc::AsyncUDPSocket::Create(&socket_server, int_addr);
+  std::unique_ptr<webrtc::AsyncUDPSocket> int_socket =
+      webrtc::AsyncUDPSocket::Create(env, int_addr, socket_server);
   if (!int_socket) {
     std::cerr << "Failed to create a UDP socket bound at" << int_addr.ToString()
               << std::endl;
     return 1;
   }
 
-  webrtc::TurnServer server(&main);
+  webrtc::TurnServer server(env, &main);
   std::fstream auth_file(argv[4], std::fstream::in);
 
   TurnFileAuth auth(auth_file.is_open()
@@ -89,7 +93,7 @@ int main(int argc, char* argv[]) {
   server.set_realm(argv[3]);
   server.set_software(kSoftware);
   server.set_auth_hook(&auth);
-  server.AddInternalSocket(int_socket, webrtc::PROTO_UDP);
+  server.AddInternalSocket(std::move(int_socket), webrtc::PROTO_UDP);
   server.SetExternalSocketFactory(
       new webrtc::BasicPacketSocketFactory(&socket_server),
       webrtc::SocketAddress(ext_addr, 0));
diff --git a/third_party/libwebrtc/moz-patch-stack/s0102.patch b/third_party/libwebrtc/moz-patch-stack/s0102.patch
@@ -326,7 +326,7 @@ index 589142b014..2ee80ded55 100644
      }
    }
 diff --git a/examples/BUILD.gn b/examples/BUILD.gn
-index c8000c3c12..7a77610e07 100644
+index 7cb844d37d..2712124deb 100644
 --- a/examples/BUILD.gn
 +++ b/examples/BUILD.gn
 @@ -9,15 +9,15 @@
diff --git a/third_party/libwebrtc/p2p/BUILD.gn b/third_party/libwebrtc/p2p/BUILD.gn
@@ -1127,6 +1127,7 @@ if (rtc_include_tests) {
       "../api:sequence_checker",
       "../api:turn_customizer",
       "../api/crypto:options",
+      "../api/environment",
       "../api/transport:ecn_marking",
       "../api/transport:enums",
       "../api/transport:stun_types",
@@ -1159,6 +1160,7 @@ if (rtc_include_tests) {
       "../rtc_base/synchronization:mutex",
       "../rtc_base/third_party/sigslot",
       "../test:test_support",
+      "//third_party/abseil-cpp/absl/memory",
       "//third_party/abseil-cpp/absl/strings:string_view",
     ]
   }
@@ -1326,6 +1328,7 @@ rtc_library("p2p_server_utils") {
     "../api:array_view",
     "../api:packet_socket_factory",
     "../api:sequence_checker",
+    "../api/environment",
     "../api/task_queue",
     "../api/task_queue:pending_task_safety_flag",
     "../api/transport:stun_types",
diff --git a/third_party/libwebrtc/p2p/base/local_network_access_port_unittest.cc b/third_party/libwebrtc/p2p/base/local_network_access_port_unittest.cc
@@ -19,7 +19,6 @@
 #include "absl/strings/str_replace.h"
 #include "absl/strings/string_view.h"
 #include "api/environment/environment.h"
-#include "api/environment/environment_factory.h"
 #include "api/local_network_access_permission.h"
 #include "api/test/mock_async_dns_resolver.h"
 #include "api/test/mock_local_network_access_permission.h"
@@ -42,6 +41,7 @@
 #include "rtc_base/third_party/sigslot/sigslot.h"
 #include "rtc_base/thread.h"
 #include "rtc_base/virtual_socket_server.h"
+#include "test/create_test_environment.h"
 #include "test/gmock.h"
 #include "test/gtest.h"
 #include "test/wait_until.h"
@@ -189,7 +189,7 @@ class LocalNetworkAccessPortTest
   bool port_error_ = false;
 
   ScopedFakeClock fake_clock_;
-  const Environment env_ = CreateEnvironment();
+  const Environment env_ = CreateTestEnvironment();
   VirtualSocketServer ss_;
   AutoSocketServerThread thread_{&ss_};
   MockDnsResolvingPacketSocketFactory socket_factory_{&ss_};
@@ -200,7 +200,8 @@ class LocalNetworkAccessPortTest
                                                     : kLocalAddr};
   Network network_{"unittest", "unittest", local_address_.ipaddr(), 32};
 
-  TestTurnServer turn_server_{&thread_, &ss_, kTurnUdpIntAddr, kTurnUdpExtAddr};
+  TestTurnServer turn_server_{env_, &thread_, &ss_, kTurnUdpIntAddr,
+                              kTurnUdpExtAddr};
   TestStunServer::StunServerPtr stun_server_;
 };
 
diff --git a/third_party/libwebrtc/p2p/base/p2p_transport_channel_unittest.cc b/third_party/libwebrtc/p2p/base/p2p_transport_channel_unittest.cc
@@ -40,6 +40,7 @@
 #include "api/transport/enums.h"
 #include "api/transport/stun.h"
 #include "api/units/time_delta.h"
+#include "api/units/timestamp.h"
 #include "p2p/base/basic_ice_controller.h"
 #include "p2p/base/basic_packet_socket_factory.h"
 #include "p2p/base/candidate_pair_interface.h"
@@ -310,7 +311,6 @@ class P2PTransportChannelTestBase : public ::testing::Test,
         socket_factory_(new BasicPacketSocketFactory(ss_.get())),
         main_(ss_.get()),
         stun_server_(TestStunServer::Create(ss_.get(), kStunAddr, main_)),
-        turn_server_(&main_, ss_.get(), kTurnUdpIntAddr, kTurnUdpExtAddr),
         force_relay_(false) {
     ep1_.role_ = ICEROLE_CONTROLLING;
     ep2_.role_ = ICEROLE_CONTROLLED;
@@ -319,6 +319,8 @@ class P2PTransportChannelTestBase : public ::testing::Test,
   }
 
   void CreatePortAllocators(const Environment& env) {
+    turn_server_.emplace(env, &main_, ss_.get(), kTurnUdpIntAddr,
+                         kTurnUdpExtAddr);
     ServerAddresses stun_servers = {kStunAddr};
     ep1_.allocator_ = CreateBasicPortAllocator(
         env, &ep1_.network_manager_, socket_factory_.get(), stun_servers,
@@ -538,7 +540,10 @@ class P2PTransportChannelTestBase : public ::testing::Test,
   P2PTransportChannel* ep2_ch1() { return ep2_.cd1_.ch_.get(); }
   P2PTransportChannel* ep2_ch2() { return ep2_.cd2_.ch_.get(); }
 
-  TestTurnServer* test_turn_server() { return &turn_server_; }
+  TestTurnServer* test_turn_server() {
+    EXPECT_TRUE(turn_server_.has_value());
+    return &*turn_server_;
+  }
   VirtualSocketServer* virtual_socket_server() { return vss_.get(); }
 
   // Common results.
@@ -1020,7 +1025,7 @@ class P2PTransportChannelTestBase : public ::testing::Test,
   scoped_refptr<PendingTaskSafetyFlag> safety_ =
       PendingTaskSafetyFlag::Create();
   TestStunServer::StunServerPtr stun_server_;
-  TestTurnServer turn_server_;
+  std::optional<TestTurnServer> turn_server_;
   Endpoint ep1_;
   Endpoint ep2_;
   RemoteIceParameterSource remote_ice_parameter_source_ = FROM_CANDIDATE;
@@ -5274,15 +5279,13 @@ TEST_F(P2PTransportChannelPingTest, TestMaxOutstandingPingsFieldTrial) {
 class P2PTransportChannelMostLikelyToWorkFirstTest
     : public P2PTransportChannelPingTest {
  public:
-  P2PTransportChannelMostLikelyToWorkFirstTest()
-      : turn_server_(Thread::Current(),
-                     ss(),
-                     kTurnUdpIntAddr,
-                     kTurnUdpExtAddr) {
+  P2PTransportChannelMostLikelyToWorkFirstTest() {
     network_manager_.AddInterface(kPublicAddrs[0]);
   }
 
   BasicPortAllocator& CreatePortAllocator(const Environment& env) {
+    turn_server_.emplace(env, Thread::Current(), ss(), kTurnUdpIntAddr,
+                         kTurnUdpExtAddr);
     port_allocator_ = CreateBasicPortAllocator(
         env, &network_manager_, packet_socket_factory(), ServerAddresses(),
         kTurnUdpIntAddr, SocketAddress());
@@ -5310,7 +5313,10 @@ class P2PTransportChannelMostLikelyToWorkFirstTest
     return *channel_;
   }
 
-  TestTurnServer* turn_server() { return &turn_server_; }
+  TestTurnServer& turn_server() {
+    EXPECT_TRUE(turn_server_.has_value());
+    return *turn_server_;
+  }
 
   // This verifies the next pingable connection has the expected candidates'
   // types and, for relay local candidate, the expected relay protocol and ping
@@ -5331,7 +5337,7 @@ class P2PTransportChannelMostLikelyToWorkFirstTest
  private:
   std::unique_ptr<BasicPortAllocator> port_allocator_;
   FakeNetworkManager network_manager_{Thread::Current()};
-  TestTurnServer turn_server_;
+  std::optional<TestTurnServer> turn_server_;
   std::unique_ptr<P2PTransportChannel> channel_;
 };
 
@@ -5535,12 +5541,12 @@ TEST_F(P2PTransportChannelMostLikelyToWorkFirstTest,
 // followed by the rest.
 TEST_F(P2PTransportChannelMostLikelyToWorkFirstTest, TestTcpTurn) {
   const Environment env = CreateEnvironment();
-  // Add a Tcp Turn server.
-  turn_server()->AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
   RelayServerConfig config;
   config.credentials = kRelayCredentials;
   config.ports.push_back(ProtocolAddress(kTurnTcpIntAddr, PROTO_TCP));
   CreatePortAllocator(env).AddTurnServerForTesting(config);
+  // Add a Tcp Turn server.
+  turn_server().AddInternalSocket(kTurnTcpIntAddr, PROTO_TCP);
 
   P2PTransportChannel& ch =
       StartTransportChannel(env, true, TimeDelta::Millis(500));
diff --git a/third_party/libwebrtc/p2p/base/port_unittest.cc b/third_party/libwebrtc/p2p/base/port_unittest.cc
@@ -72,6 +72,7 @@
 #include "rtc_base/thread.h"
 #include "rtc_base/time_utils.h"
 #include "rtc_base/virtual_socket_server.h"
+#include "test/create_test_environment.h"
 #include "test/create_test_field_trials.h"
 #include "test/gmock.h"
 #include "test/gtest.h"
@@ -440,7 +441,7 @@ class PortTest : public ::testing::Test, public sigslot::has_slots<> {
         nat_socket_factory1_(&nat_factory1_),
         nat_socket_factory2_(&nat_factory2_),
         stun_server_(TestStunServer::Create(ss_.get(), kStunAddr, main_)),
-        turn_server_(&main_, ss_.get(), kTurnUdpIntAddr, kTurnUdpExtAddr),
+        turn_server_(env_, &main_, ss_.get(), kTurnUdpIntAddr, kTurnUdpExtAddr),
         username_(CreateRandomString(ICE_UFRAG_LENGTH)),
         password_(CreateRandomString(ICE_PWD_LENGTH)),
         role_conflict_(false),
@@ -938,8 +939,10 @@ class PortTest : public ::testing::Test, public sigslot::has_slots<> {
 
   VirtualSocketServer* vss() { return ss_.get(); }
 
+  const Environment& env() const { return env_; }
+
  private:
-  const Environment env_ = CreateEnvironment();
+  const Environment env_ = CreateTestEnvironment();
   // When a "create port" helper method is called with an IP, we create a
   // Network with that IP and add it to this list. Using a list instead of a
   // vector so that when it grows, pointers aren't invalidated.
@@ -2933,7 +2936,7 @@ TEST_F(PortTest, TestCandidateFoundation) {
   // Running a second turn server, to get different base IP address.
   SocketAddress kTurnUdpIntAddr2("99.99.98.4", STUN_SERVER_PORT);
   SocketAddress kTurnUdpExtAddr2("99.99.98.5", 0);
-  TestTurnServer turn_server2(Thread::Current(), vss(), kTurnUdpIntAddr2,
+  TestTurnServer turn_server2(env(), Thread::Current(), vss(), kTurnUdpIntAddr2,
                               kTurnUdpExtAddr2);
   auto turnport3 = CreateTurnPort(kLocalAddr1, nat_socket_factory1(), PROTO_UDP,
                                   PROTO_UDP, kTurnUdpIntAddr2);
@@ -2946,7 +2949,7 @@ TEST_F(PortTest, TestCandidateFoundation) {
 
   // Start a TCP turn server, and check that two turn candidates have
   // different foundations if their relay protocols are different.
-  TestTurnServer turn_server3(Thread::Current(), vss(), kTurnTcpIntAddr,
+  TestTurnServer turn_server3(env(), Thread::Current(), vss(), kTurnTcpIntAddr,
                               kTurnUdpExtAddr, PROTO_TCP);
   auto turnport4 =
       CreateTurnPort(kLocalAddr1, nat_socket_factory1(), PROTO_TCP, PROTO_UDP);
diff --git a/third_party/libwebrtc/p2p/base/turn_port_unittest.cc b/third_party/libwebrtc/p2p/base/turn_port_unittest.cc
@@ -216,7 +216,7 @@ class TurnPortTest : public ::testing::Test,
   TurnPortTest()
       : ss_(new TurnPortTestVirtualSocketServer()),
         main_(ss_.get()),
-        turn_server_(&main_, ss_.get(), kTurnUdpIntAddr, kTurnUdpExtAddr),
+        turn_server_(env_, &main_, ss_.get(), kTurnUdpIntAddr, kTurnUdpExtAddr),
         socket_factory_(ss_.get()) {
     // Some code uses "last received time == 0" to represent "nothing received
     // so far", so we need to start the fake clock at a nonzero time...
diff --git a/third_party/libwebrtc/p2p/client/basic_port_allocator_unittest.cc b/third_party/libwebrtc/p2p/client/basic_port_allocator_unittest.cc
@@ -167,7 +167,8 @@ class BasicPortAllocatorTestBase : public ::testing::Test,
         nat_factory_(vss_.get(), kNatUdpAddr, kNatTcpAddr),
         nat_socket_factory_(new BasicPacketSocketFactory(&nat_factory_)),
         stun_server_(TestStunServer::Create(fss_.get(), kStunAddr, thread_)),
-        turn_server_(Thread::Current(),
+        turn_server_(env_,
+                     Thread::Current(),
                      fss_.get(),
                      kTurnUdpIntAddr,
                      kTurnUdpExtAddr),
diff --git a/third_party/libwebrtc/p2p/test/test_turn_server.h b/third_party/libwebrtc/p2p/test/test_turn_server.h
@@ -18,6 +18,7 @@
 #include <vector>
 
 #include "absl/strings/string_view.h"
+#include "api/environment/environment.h"
 #include "api/sequence_checker.h"
 #include "api/transport/stun.h"
 #include "p2p/base/basic_packet_socket_factory.h"
@@ -60,14 +61,15 @@ class TestTurnRedirector : public TurnRedirectInterface {
 
 class TestTurnServer : public TurnAuthInterface {
  public:
-  TestTurnServer(Thread* thread,
+  TestTurnServer(const Environment& env,
+                 Thread* thread,
                  SocketFactory* socket_factory,
                  const SocketAddress& int_addr,
                  const SocketAddress& udp_ext_addr,
                  ProtocolType int_protocol = PROTO_UDP,
                  bool ignore_bad_cert = true,
                  absl::string_view common_name = "test turn server")
-      : server_(thread), socket_factory_(socket_factory) {
+      : env_(env), server_(env, thread), socket_factory_(socket_factory) {
     AddInternalSocket(int_addr, int_protocol, ignore_bad_cert, common_name);
     server_.SetExternalSocketFactory(
         new BasicPacketSocketFactory(socket_factory), udp_ext_addr);
@@ -105,11 +107,12 @@ class TestTurnServer : public TurnAuthInterface {
     RTC_DCHECK(thread_checker_.IsCurrent());
     if (proto == PROTO_UDP) {
       server_.AddInternalSocket(
-          AsyncUDPSocket::Create(socket_factory_, int_addr), proto);
+          AsyncUDPSocket::Create(env_, int_addr, *socket_factory_), proto);
     } else if (proto == PROTO_TCP || proto == PROTO_TLS) {
       // For TCP we need to create a server socket which can listen for incoming
       // new connections.
-      Socket* socket = socket_factory_->CreateSocket(AF_INET, SOCK_STREAM);
+      std::unique_ptr<Socket> socket =
+          socket_factory_->Create(AF_INET, SOCK_STREAM);
       socket->Bind(int_addr);
       socket->Listen(5);
       if (proto == PROTO_TLS) {
@@ -123,10 +126,10 @@ class TestTurnServer : public TurnAuthInterface {
         ssl_adapter_factory->SetIdentity(
             SSLIdentity::Create(common_name, KeyParams()));
         ssl_adapter_factory->SetIgnoreBadCert(ignore_bad_cert);
-        server_.AddInternalServerSocket(socket, proto,
+        server_.AddInternalServerSocket(std::move(socket), proto,
                                         std::move(ssl_adapter_factory));
       } else {
-        server_.AddInternalServerSocket(socket, proto);
+        server_.AddInternalServerSocket(std::move(socket), proto);
       }
     } else {
       RTC_DCHECK_NOTREACHED() << "Unknown protocol type: " << proto;
@@ -158,6 +161,7 @@ class TestTurnServer : public TurnAuthInterface {
                                      std::string(username), key);
   }
 
+  const Environment env_;
   TurnServer server_;
   SocketFactory* socket_factory_;
   SequenceChecker thread_checker_;
diff --git a/third_party/libwebrtc/p2p/test/turn_server.cc b/third_party/libwebrtc/p2p/test/turn_server.cc
@@ -22,6 +22,7 @@
 #include "absl/memory/memory.h"
 #include "absl/strings/string_view.h"
 #include "api/array_view.h"
+#include "api/environment/environment.h"
 #include "api/packet_socket_factory.h"
 #include "api/sequence_checker.h"
 #include "api/task_queue/pending_task_safety_flag.h"
@@ -86,8 +87,9 @@ static void InitErrorResponse(int code,
       STUN_ATTR_ERROR_CODE, code, std::string(reason)));
 }
 
-TurnServer::TurnServer(TaskQueueBase* thread)
-    : thread_(thread),
+TurnServer::TurnServer(const Environment& env, TaskQueueBase* thread)
+    : env_(env),
+      thread_(thread),
       nonce_key_(CreateRandomString(kNonceKeySize)),
       auth_hook_(nullptr),
       redirect_hook_(nullptr),
@@ -95,25 +97,21 @@ TurnServer::TurnServer(TaskQueueBase* thread)
 
 TurnServer::~TurnServer() {
   RTC_DCHECK_RUN_ON(thread_);
-  for (InternalSocketMap::iterator it = server_sockets_.begin();
-       it != server_sockets_.end(); ++it) {
-    AsyncPacketSocket* socket = it->first;
+  for (auto& [socket, unused] : server_sockets_) {
     delete socket;
   }
 
-  for (ServerSocketMap::iterator it = server_listen_sockets_.begin();
-       it != server_listen_sockets_.end(); ++it) {
-    Socket* socket = it->first;
+  for (auto& [socket, unused] : server_listen_sockets_) {
     delete socket;
   }
 }
 
-void TurnServer::AddInternalSocket(AsyncPacketSocket* socket,
-                                   ProtocolType proto) {
+void TurnServer::AddInternalSocket(std::unique_ptr<AsyncPacketSocket> socket,
+                                   ProtocolType protocol) {
   RTC_DCHECK_RUN_ON(thread_);
-  RTC_DCHECK(server_sockets_.end() == server_sockets_.find(socket));
-  server_sockets_[socket] = proto;
-  socket->RegisterReceivedPacketCallback(
+  auto [it, inserted] = server_sockets_.emplace(socket.release(), protocol);
+  RTC_DCHECK(inserted);
+  it->first->RegisterReceivedPacketCallback(
       [&](AsyncPacketSocket* socket, const ReceivedIpPacket& packet) {
         RTC_DCHECK_RUN_ON(thread_);
         OnInternalPacket(socket, packet);
@@ -121,16 +119,17 @@ void TurnServer::AddInternalSocket(AsyncPacketSocket* socket,
 }
 
 void TurnServer::AddInternalServerSocket(
-    Socket* socket,
-    ProtocolType proto,
+    std::unique_ptr<Socket> socket,
+    ProtocolType protocol,
     std::unique_ptr<SSLAdapterFactory> ssl_adapter_factory) {
   RTC_DCHECK_RUN_ON(thread_);
-
-  RTC_DCHECK(server_listen_sockets_.end() ==
-             server_listen_sockets_.find(socket));
-  server_listen_sockets_[socket] = {
-      .proto = proto, .ssl_adapter_factory = std::move(ssl_adapter_factory)};
-  socket->SignalReadEvent.connect(this, &TurnServer::OnNewInternalConnection);
+  auto [iter, inserted] = server_listen_sockets_.emplace(
+      socket.release(),
+      ServerSocketInfo{.proto = protocol,
+                       .ssl_adapter_factory = std::move(ssl_adapter_factory)});
+  RTC_DCHECK(inserted);
+  iter->first->SignalReadEvent.connect(this,
+                                       &TurnServer::OnNewInternalConnection);
 }
 
 void TurnServer::SetExternalSocketFactory(PacketSocketFactory* factory,
@@ -152,23 +151,25 @@ void TurnServer::AcceptConnection(Socket* server_socket) {
 
   // Check if someone is trying to connect to us.
   SocketAddress accept_addr;
-  Socket* accepted_socket = server_socket->Accept(&accept_addr);
+  std::unique_ptr<Socket> accepted_socket =
+      absl::WrapUnique(server_socket->Accept(&accept_addr));
   if (accepted_socket != nullptr) {
     const ServerSocketInfo& info = server_listen_sockets_[server_socket];
     if (info.ssl_adapter_factory) {
-      SSLAdapter* ssl_adapter =
-          info.ssl_adapter_factory->CreateAdapter(accepted_socket);
+      std::unique_ptr<SSLAdapter> ssl_adapter = absl::WrapUnique(
+          info.ssl_adapter_factory->CreateAdapter(accepted_socket.release()));
       ssl_adapter->StartSSL("");
-      accepted_socket = ssl_adapter;
+      accepted_socket = std::move(ssl_adapter);
     }
-    AsyncStunTCPSocket* tcp_socket = new AsyncStunTCPSocket(accepted_socket);
+    auto tcp_socket =
+        std::make_unique<AsyncStunTCPSocket>(env_, std::move(accepted_socket));
 
     tcp_socket->SubscribeCloseEvent(this,
                                     [this](AsyncPacketSocket* s, int err) {
                                       OnInternalSocketClose(s, err);
                                     });
     // Finally add the socket so it can start communicating with the client.
-    AddInternalSocket(tcp_socket, info.proto);
+    AddInternalSocket(std::move(tcp_socket), info.proto);
   }
 }
 
@@ -184,7 +185,7 @@ void TurnServer::OnInternalPacket(AsyncPacketSocket* socket,
   if (packet.payload().size() < TURN_CHANNEL_HEADER_SIZE) {
     return;
   }
-  InternalSocketMap::iterator iter = server_sockets_.find(socket);
+  auto iter = server_sockets_.find(socket);
   RTC_DCHECK(iter != server_sockets_.end());
   TurnServerConnection conn(packet.source_address(), iter->second, socket);
   uint16_t msg_type = GetBE16(packet.payload().data());
@@ -427,17 +428,17 @@ TurnServerAllocation* TurnServer::FindAllocation(TurnServerConnection* conn) {
 TurnServerAllocation* TurnServer::CreateAllocation(TurnServerConnection* conn,
                                                    int proto,
                                                    absl::string_view key) {
-  AsyncPacketSocket* external_socket =
-      (external_socket_factory_)
-          ? external_socket_factory_->CreateUdpSocket(external_addr_, 0, 0)
-          : nullptr;
+  std::unique_ptr<AsyncPacketSocket> external_socket =
+      (external_socket_factory_) ? external_socket_factory_->CreateUdpSocket(
+                                       env_, external_addr_, 0, 0)
+                                 : nullptr;
   if (!external_socket) {
     return nullptr;
   }
 
   // The Allocation takes ownership of the socket.
-  TurnServerAllocation* allocation =
-      new TurnServerAllocation(this, thread_, *conn, external_socket, key);
+  TurnServerAllocation* allocation = new TurnServerAllocation(
+      this, thread_, *conn, std::move(external_socket), key);
   allocations_[*conn].reset(allocation);
   return allocation;
 }
@@ -507,7 +508,7 @@ void TurnServer::Send(TurnServerConnection* conn, const ByteBufferWriter& buf) {
 void TurnServer::DestroyAllocation(TurnServerAllocation* allocation) {
   // Removing the internal socket if the connection is not udp.
   AsyncPacketSocket* socket = allocation->conn()->socket();
-  InternalSocketMap::iterator iter = server_sockets_.find(socket);
+  auto iter = server_sockets_.find(socket);
   // Skip if the socket serving this allocation is UDP, as this will be shared
   // by all allocations.
   // Note: We may not find a socket if it's a TCP socket that was closed, and
@@ -520,7 +521,7 @@ void TurnServer::DestroyAllocation(TurnServerAllocation* allocation) {
 }
 
 void TurnServer::DestroyInternalSocket(AsyncPacketSocket* socket) {
-  InternalSocketMap::iterator iter = server_sockets_.find(socket);
+  auto iter = server_sockets_.find(socket);
   if (iter != server_sockets_.end()) {
     AsyncPacketSocket* server_socket = iter->first;
     server_socket->UnsubscribeCloseEvent(this);
@@ -559,15 +560,16 @@ std::string TurnServerConnection::ToString() const {
   return ost.Release();
 }
 
-TurnServerAllocation::TurnServerAllocation(TurnServer* server,
-                                           TaskQueueBase* thread,
-                                           const TurnServerConnection& conn,
-                                           AsyncPacketSocket* socket,
-                                           absl::string_view key)
+TurnServerAllocation::TurnServerAllocation(
+    TurnServer* server,
+    TaskQueueBase* thread,
+    const TurnServerConnection& conn,
+    std::unique_ptr<AsyncPacketSocket> server_socket,
+    absl::string_view key)
     : server_(server),
       thread_(thread),
       conn_(conn),
-      external_socket_(socket),
+      external_socket_(std::move(server_socket)),
       key_(key) {
   external_socket_->RegisterReceivedPacketCallback(
       [&](AsyncPacketSocket* socket, const ReceivedIpPacket& packet) {
diff --git a/third_party/libwebrtc/p2p/test/turn_server.h b/third_party/libwebrtc/p2p/test/turn_server.h
@@ -21,6 +21,7 @@
 
 #include "absl/strings/string_view.h"
 #include "api/array_view.h"
+#include "api/environment/environment.h"
 #include "api/packet_socket_factory.h"
 #include "api/sequence_checker.h"
 #include "api/task_queue/pending_task_safety_flag.h"
@@ -78,7 +79,7 @@ class TurnServerAllocation final {
   TurnServerAllocation(TurnServer* server_,
                        TaskQueueBase* thread,
                        const TurnServerConnection& conn,
-                       AsyncPacketSocket* server_socket,
+                       std::unique_ptr<AsyncPacketSocket> server_socket,
                        absl::string_view key);
   ~TurnServerAllocation();
 
@@ -183,7 +184,7 @@ class TurnServer : public sigslot::has_slots<> {
   typedef std::map<TurnServerConnection, std::unique_ptr<TurnServerAllocation>>
       AllocationMap;
 
-  explicit TurnServer(TaskQueueBase* thread);
+  TurnServer(const Environment& env, TaskQueueBase* thread);
   ~TurnServer() override;
 
   // Gets/sets the realm value to use for the server.
@@ -244,13 +245,14 @@ class TurnServer : public sigslot::has_slots<> {
   }
 
   // Starts listening for packets from internal clients.
-  void AddInternalSocket(AsyncPacketSocket* socket, ProtocolType proto);
+  void AddInternalSocket(std::unique_ptr<AsyncPacketSocket> socket,
+                         ProtocolType protocol);
   // Starts listening for the connections on this socket. When someone tries
   // to connect, the connection will be accepted and a new internal socket
   // will be added.
   void AddInternalServerSocket(
-      Socket* socket,
-      ProtocolType proto,
+      std::unique_ptr<Socket> socket,
+      ProtocolType protocol,
       std::unique_ptr<SSLAdapterFactory> ssl_adapter_factory = nullptr);
   // Specifies the factory to use for creating external sockets.
   void SetExternalSocketFactory(PacketSocketFactory* factory,
@@ -325,14 +327,13 @@ class TurnServer : public sigslot::has_slots<> {
   void DestroyAllocation(TurnServerAllocation* allocation) RTC_RUN_ON(thread_);
   void DestroyInternalSocket(AsyncPacketSocket* socket) RTC_RUN_ON(thread_);
 
-  typedef std::map<AsyncPacketSocket*, ProtocolType> InternalSocketMap;
   struct ServerSocketInfo {
     ProtocolType proto;
     // If non-null, used to wrap accepted sockets.
     std::unique_ptr<SSLAdapterFactory> ssl_adapter_factory;
   };
-  typedef std::map<Socket*, ServerSocketInfo> ServerSocketMap;
 
+  const Environment env_;
   TaskQueueBase* const thread_;
   const std::string nonce_key_;
   std::string realm_ RTC_GUARDED_BY(thread_);
@@ -347,8 +348,13 @@ class TurnServer : public sigslot::has_slots<> {
   // Check for permission when receiving an external packet.
   bool enable_permission_checks_ = true;
 
-  InternalSocketMap server_sockets_ RTC_GUARDED_BY(thread_);
-  ServerSocketMap server_listen_sockets_ RTC_GUARDED_BY(thread_);
+  // `server_sockets_` and `server_listen_sockets_` use raw pointers as keys,
+  // but de-facto they should be unique_ptr. It is responsibility of the
+  // TurnServer to de-allocate keys when map entries are erased.
+  std::map<AsyncPacketSocket*, ProtocolType> server_sockets_
+      RTC_GUARDED_BY(thread_);
+  std::map<Socket*, ServerSocketInfo> server_listen_sockets_
+      RTC_GUARDED_BY(thread_);
   std::unique_ptr<PacketSocketFactory> external_socket_factory_
       RTC_GUARDED_BY(thread_);
   SocketAddress external_addr_ RTC_GUARDED_BY(thread_);
diff --git a/third_party/libwebrtc/pc/peer_connection_rampup_tests.cc b/third_party/libwebrtc/pc/peer_connection_rampup_tests.cc
@@ -17,6 +17,7 @@
 #include "api/audio_options.h"
 #include "api/create_modular_peer_connection_factory.h"
 #include "api/enable_media_with_defaults.h"
+#include "api/environment/environment.h"
 #include "api/jsep.h"
 #include "api/make_ref_counted.h"
 #include "api/media_stream_interface.h"
@@ -57,6 +58,7 @@
 #include "rtc_base/thread.h"
 #include "rtc_base/virtual_socket_server.h"
 #include "system_wrappers/include/clock.h"
+#include "test/create_test_environment.h"
 #include "test/gmock.h"
 #include "test/gtest.h"
 #include "test/wait_until.h"
@@ -149,7 +151,7 @@ class PeerConnectionWrapperForRampUpTest : public PeerConnectionWrapper {
 class PeerConnectionRampUpTest : public ::testing::Test {
  public:
   PeerConnectionRampUpTest()
-      : clock_(Clock::GetRealTimeClock()),
+      : env_(CreateTestEnvironment()),
         firewall_socket_server_(&virtual_socket_server_),
         network_thread_(&firewall_socket_server_),
         worker_thread_(Thread::Create()) {
@@ -175,6 +177,7 @@ class PeerConnectionRampUpTest : public ::testing::Test {
   std::unique_ptr<PeerConnectionWrapperForRampUpTest>
   CreatePeerConnectionWrapper(const RTCConfiguration& config) {
     PeerConnectionFactoryDependencies pcf_deps;
+    pcf_deps.env = env_;
     pcf_deps.network_thread = network_thread();
     pcf_deps.worker_thread = worker_thread_.get();
     pcf_deps.signaling_thread = Thread::Current();
@@ -215,7 +218,7 @@ class PeerConnectionRampUpTest : public ::testing::Test {
     ASSERT_TRUE(caller_);
     ASSERT_TRUE(callee_);
     FrameGeneratorCapturerVideoTrackSource::Config config;
-    caller_->AddTrack(caller_->CreateLocalVideoTrack(config, clock_));
+    caller_->AddTrack(caller_->CreateLocalVideoTrack(config, &env_.clock()));
     // Disable highpass filter so that we can get all the test audio frames.
     AudioOptions options;
     options.highpass_filter = false;
@@ -258,7 +261,7 @@ class PeerConnectionRampUpTest : public ::testing::Test {
       static const SocketAddress turn_server_external_address{
           kTurnExternalAddress, kTurnExternalPort};
       turn_server = std::make_unique<TestTurnServer>(
-          thread, factory, turn_server_internal_address,
+          env_, thread, factory, turn_server_internal_address,
           turn_server_external_address, type, true /*ignore_bad_certs=*/,
           common_name);
     });
@@ -324,7 +327,7 @@ class PeerConnectionRampUpTest : public ::testing::Test {
     return 0;
   }
 
-  Clock* const clock_;
+  const Environment env_;
   // The turn servers should be accessed & deleted on the network thread to
   // avoid a race with the socket read/write which occurs on the network thread.
   std::vector<std::unique_ptr<TestTurnServer>> turn_servers_;
diff --git a/third_party/libwebrtc/pc/test/integration_test_helpers.h b/third_party/libwebrtc/pc/test/integration_test_helpers.h
@@ -1658,7 +1658,8 @@ class PeerConnectionIntegrationBaseTest : public ::testing::Test {
     std::unique_ptr<TestTurnServer> turn_server;
     SendTask(network_thread(), [&] {
       turn_server = std::make_unique<TestTurnServer>(
-          thread, socket_factory, internal_address, external_address, type,
+          CreateTestEnvironment(), thread, socket_factory, internal_address,
+          external_address, type,
           /*ignore_bad_certs=*/true, common_name);
     });
     turn_servers_.push_back(std::move(turn_server));
diff --git a/third_party/libwebrtc/test/network/emulated_turn_server.cc b/third_party/libwebrtc/test/network/emulated_turn_server.cc
@@ -142,7 +142,7 @@ EmulatedTURNServer::EmulatedTURNServer(const Environment& env,
   ice_config_.password = "keso";
   SendTask(thread_.get(), [&] {
     RTC_DCHECK_RUN_ON(thread_.get());
-    turn_server_ = std::make_unique<TurnServer>(thread_.get());
+    turn_server_ = std::make_unique<TurnServer>(env, thread_.get());
     turn_server_->set_realm(kTestRealm);
     turn_server_->set_realm(kTestSoftware);
     turn_server_->set_auth_hook(this);
@@ -150,7 +150,7 @@ EmulatedTURNServer::EmulatedTURNServer(const Environment& env,
 
     std::unique_ptr<AsyncPacketSocket> client_socket = Wrap(client_);
     client_address_ = client_socket->GetLocalAddress();
-    turn_server_->AddInternalSocket(client_socket.release(), PROTO_UDP);
+    turn_server_->AddInternalSocket(std::move(client_socket), PROTO_UDP);
     turn_server_->SetExternalSocketFactory(new PacketSocketFactoryWrapper(this),
                                            SocketAddress());
     char buf[256];