summaryrefslogtreecommitdiff
path: root/agent
Commit message (Collapse)AuthorAgeFilesLines
* interfaces: ignore only interfaces we really want toJakub Adam2019-07-121-0/+1
| | | | | Once an interface got ignored, ALL interfaces coming after it were dropped too.
* candidate: replace uint8_t -> guint8Jakub Adam2019-07-121-2/+2
| | | Fixes MSVC build.
* debug: fix verbose modeJakub Adam2019-07-121-6/+4
| | | | Since g_parse_debug_string() was looking only at the first 4 items in GDebugKey arrays, "libnice-verbose" couldn't get activated.
* agent: fix condition for turn-tcp discovery creationFabrice Bellet2019-07-111-6/+3
| | | | | We support turn-tcp in oc2007 compatibility only and when the host candidate transport is compatible, ie when reliable_tcp is true.
* conncheck: test inbound stun address on the candidate base addressFabrice Bellet2019-07-111-1/+8
| | | | | | | | | | | | | | | | | | | | | | When receiving an stun packet on a socket, and looking for the matching local candidate, normally it doesn't make a difference to test the address or the base address. Because a pair cannot have a local candidate of type srv-rflx, where there would be a difference, the local candidate obtained will be part of a pair of the conncheck list. Except for the case of a pairs with tcp-act local candidate, where the addr has a port number of zero (tcp-act socket before connect), and the socket of the stun packet has a non-null port number (tcp-act socket after connect), corresponding to the base address of another peer-reflexive tcp-act local candidate, previously discoverd. The selection of the local candidate concerned by an inbound stun request happens when early incoming checks are processed, and when inbound stun packets are normally received during the conncheck. This commit complete commit e6a1941 (for early incoming checks) in the normal inbound stun packets code path, where is similar modification is needed.
* conncheck: improve comment on local peer-reflexive selectionFabrice Bellet2019-07-111-4/+10
| | | | | This patch rewrites the comment surrounding this code snippet, to make it clear, that this pair selection is not specific to the tcp transport.
* conncheck: nominate matching pairs across components and streamsFabrice Bellet2019-07-111-57/+207
| | | | | | | | | | | | | | | | | | | | | | The current valid pair nomination makes no effort to select pairs that could have some similarities across different components and different streams. This is normally not required by the RFC8445, but some well known applications will misbehave when the libnice agent is in this position to choose the nominated pairs (regular nomination mode, and controlling mode) and if it makes an unexpected choice from the peer point-of-view. This patch improves the stopping criterion and the selection of the preferred pair to nominate in that case. When no other pair has been nominated yet (across all streams), the previous stopping criterion still applies, and the best ranked pair of the checklist is selected. When a nominated pair exists from another component, we try to nominate a pair of the same kind (same local and remote addresses and same transport) if we have one, and possibly the best pair we have in the checklist, and else we look for a nominated pair from another stream.
* agent: fix agent reference countFabrice Bellet2019-07-041-0/+1
|
* component: don't detach the socket source twiceFabrice Bellet2019-07-041-1/+0
| | | | The source is also detached in socket_source_free()
* conncheck: define a property for a final idle timeoutFabrice Bellet2019-07-043-19/+65
| | | | | | | | | | This final idle timeout is renamed from the NICE_AGENT_MAX_TIMER_GRACE_PERIOD macro, and keeps its semantic. We also increase the default value of this timeout from 1 second to 5 seconds. This is useful for the sipe pidgin plugin that has to deal with SfB agents, that may take some time in controlling mode before choosing and testing the nominated pair
* conncheck: fix pair priorities uniquenessFabrice Bellet2019-07-043-22/+51
| | | | | | | | | | | | | | | | | | | | | | This patch fixes the priority assigned to a peer reflexive discovered local candidate, when the agent has the stun client role and receives an stun reply. This priority must be the value put in the stun request, ie the pair->rflx_priority from the parent pair. This ensures two similar ordered pairs, will generate discovered pairs ordered in the same way for the stun client, and also for the stun server on the other side. Without this identical ordered on both sides of the connections, the two agents may nominate a different pair with the aggresive nomination scenario, since both are valid. The other fix concerns the function that ensures local candidates priority uniqueness, that breaks the assumption that "two local candidates having the same priority should generate the same prflx_priority in the pairs they contribute". Respecting this assumption is important to stay coherent with the behavior of the other agent, that considers that two stun requests coming from the same peer-reflexive remote candidate will have the same remote priority (once a remote candidate is added to the component remote_candidates list, its priority is not supposed to change).
* conncheck: create the valid pair on early tcp stun requestsFabrice Bellet2019-07-042-0/+23
| | | | | | When replaying the incoming checks, we have to create the succeeded valid pair matching this tcp connection the same way we do it in conn_check_handle_inbound_stun().
* agent: discard sockptr on updated remote candidatesFabrice Bellet2019-07-041-0/+4
| | | | | | | | These candidates type is updated from peer-reflexive, discovered during early incoming checks, to the type of the matching regularly transmitted candidate, so the previous sockptr value is no longer of interest here. The same socket is already associated to the initial local candidate anyway, source of the early discovery.
* component: remove socket also from remote candidatesFabrice Bellet2019-07-041-0/+27
| | | | | | | | | | | A socket to be removed may also come from a peer-reflexive remote candidate, and some cleanup also needs to be done in this case. This reference in a remote peer-reflexive tcp-active candidate caused a heap-use-after-free asan error in some custom debugging dump of the list of sockets of a component, after a read error in component_io_cb(): agent_recv_message_unlocked returned -1, errno (25) : Inappropriate ioctl for device
* debug: fix verbose debug enableFabrice Bellet2019-07-041-1/+1
|
* conncheck: fix incoming checks memory leakFabrice Bellet2019-07-041-0/+3
|
* conncheck: test incoming checks on candidate base addressFabrice Bellet2019-07-041-1/+7
| | | | | | | | The candidate may be a newly discovered peer reflexive one, or a server reflexive initial candidate, where address and base address differ. Early incoming checks are received on the base address. These incoming checks may accumulate if remote credentials arrive with a delay.
* conncheck: increase dumped information in debugFabrice Bellet2019-07-041-2/+64
| | | | | In complement to the conncheck list, we dump the pair transport type, the socket type, and the incoming checks list.
* conncheck: make oc2007r2 mode more rfc5245 friendlyFabrice Bellet2019-07-041-2/+2
|
* agent: more debug when remote credential are receivedFabrice Bellet2019-07-041-0/+2
| | | | | | | This complete the similar debug trace when remote candidates are received, and help to debug our tests with the patched farstream library, where candidates and credentials are transmitted with a random delay.
* agent: signal when a selected pair foundation is updatedFabrice Bellet2019-07-041-4/+17
| | | | | | This foundation update may be needed when a selected pair contains a remote candidate that has been found by an inbound stun request, but has not been received by nice_agent_set_remote_candidates()
* Revert "conncheck: Don't lookup prflx pair for UDP candidates"Fabrice Bellet2019-07-041-7/+5
| | | | This reverts commit ca47519feda9d4dad38a06e2f7d94c0afc501364.
* component: Fix use-after-free and resolve regressionFabrice Bellet2019-07-041-6/+6
| | | | | | | | | | | | | | | | | | | conn_check_prune_socket() on nsocket must be called before removing the candidate with this socket inside the loop, to prevent the use-after-free reported initially in issue #73. But commit 541801d introduced a regression during discovery when an udp turn over tcp socket is immediately closed by a HUP condition for example. In this case, discovery_prune_socket() is never called, because we don't have a candidate with this socket inside the loop. So the nsocket is freed by the final nice_component_detach_socket() but is still used by the discovery timer callback. This commit moves the discovery_prune_socket() and conn_check_prune_socket() actions before the loop instead of after, or inside. Closes #73
* agent: fix a memory leakFabrice Bellet2019-07-041-0/+1
|
* agent: keep a ref on the agent while removal of TURN refreshesFabrice Bellet2019-07-041-0/+4
| | | | | | | The patch makes the agent alive at least until the last callback of the removal of turn refreshes when a stream is deleted from the agent. Closes #84
* discovery: fix an use-after-free in SFB user credentialsFabrice Bellet2019-07-044-24/+26
| | | | | | The base64 decoded username and password strings given to stun_usage_turn_create() should not freed immediately, since they remain used when handling the following related inbound stun replies.
* meson: Fix enum types generation to match automakeOlivier Crête2019-07-031-4/+14
| | | | | The automake generated ones are a little funky, so the meson one have to also be to not break API...
* agent: add nice_agent_get_sockets APIOlivier Crête2019-07-024-0/+59
| | | | | | | This API makes it possible to get an array of all of the sockets used by a specific component, this is useful to set options on the socket. Also bump GLib requirement to 2.54, which is the version in RHEL 7
* conncheck: add transport information to debugFabrice Bellet2019-06-271-7/+31
|
* interfaces: allow list of ignored prefixesStefan Becker2019-06-271-19/+53
| | | | | | | | Improve on commit b4abda09c79e4ce372a3771300abf568c85c7ff5 Instead of checking one prefix, check against a list of prefixes. This allows libnice to be configured to ignore interfaces from virtual machines and containers.
* interfaces: ignore non-running interfacesStefan Becker2019-06-271-0/+13
| | | | Check for IFF_UP and IFF_RUNNING flags on the interface.
* interfaces: detect IPv6 ULA & link-local addressesStefan Becker2019-06-271-0/+10
| | | | | | | Update nice_interfaces_is_private_ip() to handle IPv6 too: - unique local address block: fc00::/7 - link-local address block: fe80::/10
* interfaces: add missing support for IGNORED_IFACE_PREFIXStefan Becker2019-06-261-0/+5
| | | | | | This fixes commit b4abda09c79e4ce372a3771300abf568c85c7ff5 Copy the implementation to the !HAVE_GETIFADDRS branch too.
* interfaces: support multiple loopbacksStefan Becker2019-06-261-4/+4
| | | | | Clone implementation from HAVE_GETIFADDRS branch to !HAVE_GETIFADDRS branch of nice_interfaces_get_local_ips()
* conncheck: Don't lookup prflx pair for UDP candidatesJakub Adam2019-05-291-5/+7
| | | | Code comment mentions peer reflexive candidate pair should be selected only in the case of TCP local candidates, but it was done in all cases.
* agent: Replace closed signal with GASyncResult type functionOlivier Crête2019-05-094-32/+29
| | | | This makes the API more GIO style
* agent: add nice_agent_close_async() APIJakub Adam2019-05-092-0/+34
| | | | | Asynchronously closes resources the agent has allocated on remote servers.
* agent: Add "closed" signalJakub Adam2019-05-091-0/+23
|
* discovery: Asynchronous removal of TURN refreshesJakub Adam2019-05-095-68/+261
| | | | | | | | When deleting a turn refresh, ensure the assocaited port allocations on the TURN server are properly removed. This means wait for a response for our 0-lifetime refresh request and implement retransmissions. Only delete the refresh after TURN port removal has been confirmed or all our retransmissions timed out.
* component: Refactor nice_component_clean_turn_servers()Jakub Adam2019-05-091-14/+15
| | | | First collect the relay candidates, then dispose them in a loop.
* discovery: Remove unused refresh_prune_socket()Jakub Adam2019-05-092-17/+0
|
* agent: G_GNUC_FALLTHROUGH macro for compatibility with older glibJakub Adam2019-05-091-0/+8
|
* conncheck: NOMINATION STUN attribute supportAndrey Skryabin2019-05-084-0/+92
| | | | | | Attribute is proposed here: https://tools.ietf.org/html/draft-thatcher-ice-renomination-00 WebRTC supports this attribute: controlling side provides attribute value increased by one each time selected pair is changed: https://chromium.googlesource.com/external/webrtc/+/3c7d599750405bc734e1d5adbf1b54265b725a9d/p2p/base/p2ptransportchannel.cc#1821
* component: Fix use-after-freeJakub Adam2019-03-111-5/+6
| | | | | | | conn_check_prune_socket() was trying to access deleted NiceCandidate instance. Prune the socket before removing the candidate. Closes #73
* tests: rename test-dribble to test-trickleJakub Adam2019-03-081-1/+1
|
* agent: trickle ICE modeJakub Adam2019-03-086-0/+80
| | | | | | | | | In this mode, activated by setting "ice-trickle" property of a NiceAgent to TRUE, a component without a successful connectivity check will wait indefinitely for more remote candidates to come. nice_agent_peer_candidate_gathering_done() must be called after receiving the last remote candidate for the component to finally change its state to NICE_COMPONENT_STATE_FAILED.
* agent: don't print TURN password unless the logging is verboseJakub Adam2019-02-121-1/+2
| | | Limits accidental leakage of secret information.
* turn: Allow lifetimes under 60sOlivier Crête2019-01-291-7/+14
| | | | | Don't set a timeout to the very far future if the lifetime sent by the server is under 60s. Instead of doing "lifetime - 60", switch to lifetime/2.
* component_io_cb: Avoid potential deadlockJakub Adam2019-01-291-1/+2
| | | | | Don't unref NiceAgent while holding agent mutex. If it's the last reference, nice_agent_dispose() will try to acquire the mutex again and deadlock.
* turn: Replace magic numbers with defineOlivier Crête2019-01-221-4/+4
|
View Lorry Controller Status