| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
| |
Attribute is proposed here: https://tools.ietf.org/html/draft-thatcher-ice-renomination-00
WebRTC supports this attribute: controlling side provides attribute value increased by one each time selected pair is changed:
https://chromium.googlesource.com/external/webrtc/+/3c7d599750405bc734e1d5adbf1b54265b725a9d/p2p/base/p2ptransportchannel.cc#1821
|
| |
|
| |
|
|
|
|
| |
Closes #71
|
| |
|
|
|
|
| |
coturn doesn't authenticate us before sending us to an alternate server.
|
| |
|
|
|
|
| |
Errors reported by lintian -EvIL -pedantic.
|
|
|
|
|
|
|
| |
Meson needs to see all libraries a target depends on so that it can add
each to PATH when running "meson test".
Avoids "*.dll was not found" errors.
|
| |
|
| |
|
|
|
|
|
| |
stdint.h is available since vs2010 and stdbool.h since vs2013,
so we should be able to just use that these days.
|
|
|
|
| |
Tested inside Cerbero with VS 2017
|
|
|
|
|
|
|
|
| |
Just implement argument parsing ourselves here.
It's not really more lines of code than the getopt.h variant
and makes things build on Windows with MSVC without having to
ship a separate getopt implementation.
|
| |
|
|
|
|
|
|
|
| |
By default, 'candidate_identifier == NULL' only happens for 'compatibility
== NICE_COMPATIBILITY_GOOGLE'. However, keepalive=true will also trigger
the same code path so candidate_identifier must be checked to avoid a
segfault.
|
| |
|
|
|
|
|
|
| |
MacOS X and Windows don't have MSG_NOSIGNAL.
Signed-off-by: Justin Kim <justin.kim@collabora.com>
|
|
|
|
|
|
|
| |
Like all other instances of nice_RAND_bytes that were renamed
to nice_RAND_nonce.
Fixes the windows build
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The MS Office TURN servers will always return the MS_ALTERNATE_SERVER in
allocation responses, and if they are not handled, we end up using the
main turn server to send allocation requests that then get sent to the
alternate server which will return the XOR_MAPPED_ADDRESS containing
the IP address of the turn server that proxied the message instead of
our own actual external IP.
|
|
|
|
|
|
|
|
| |
https://phabricator.freedesktop.org/T7798
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: Olivier Crête <olivier.crete@collabora.com>
Differential Revision: https://phabricator.freedesktop.org/D1819
|
|
|
|
| |
Differential Revision: https://phabricator.freedesktop.org/D1754
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three STUN binding request properties should be customisable. RFC 5245
describes the retransmission timer of the STUN transaction 'RTO', and
RFC 5389 describes the number of retransmissions to send until a
response is received 'Rc'. The third property is the 'RTO' when
a reliable connection is used.
RFC 5389 introduces a supplementary property 'Rm' as a multiplier used
to compute the final timeout RTO * Rm. However, this property is not
added in libnice, because this would require breaking the public API for
STUN. Currently, our STUN implementation hardcodes a division by two for
this final timeout.
Differential Revision: https://phabricator.freedesktop.org/D1109
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to RFC 5389, section 7.2.1, a special timeout is applied to
the last retransmission (Rm * RTO), with Rm default value of 16, instead
of (64 * RTO), 2^6 when the number of transmissions Rc is set to 7.
As spotted by Olivier Crete, stun_timer_* is a public API, that cannot
be changed, and the initial delay (RTO) is not preserved in the
stun_timer_s struct. So we use a hack that implicitely guess Rm from the
number of transmissions Rc, by generalizing the default value of the
spec for Rm and Rc to other values of Rc passed in stun_timer_start(
According to the spec, with the default value of Rc=7, the last delay
should be (64 * RTO), and it is instead (16 * RTO). So the last delay
can be computed by dividing the penultimate delay by two, instead of
multiplying it by two.
Differential Revision: https://phabricator.freedesktop.org/D1108
|
|
|
|
| |
Various little things, none of which should make a functional difference.
|
| |
|
| |
|
|
|
|
| |
This makes clang happy.
|
|
|
|
|
|
| |
It's only nonce level randomness, not long term key level.
Differential Revision: https://phabricator.freedesktop.org/D1711
|
|
|
|
|
|
|
| |
GLib already uses it, instead of adding another dep.
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Differential Revision: https://phabricator.freedesktop.org/D1705
|
|
|
|
|
|
|
| |
Now that libstun depends on libgcrypt, we might as well use its SHA1 hash
support, rather than carrying around our own.
Differential Revision: https://phabricator.freedesktop.org/D1612
|
|
|
|
|
|
|
| |
Now that libstun depends on libgcrypt, we might as well use its MD5 hash
support, rather than carrying around our own.
Differential Revision: https://phabricator.freedesktop.org/D1611
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, a custom Mersenne Twister PRNG was used, which is not
securely random. In addition, its seeding fell back to wall-clock time,
which is typically predictable.
This uses libgcrypt on Linux but retains the Windows code which uses the
Windows crypt API.
Differential Revision: https://phabricator.freedesktop.org/D1610
|
|
|
|
|
|
| |
This will shortly be used to implement secure random number generation.
Differential Revision: https://phabricator.freedesktop.org/D1609
|
|
|
|
|
|
|
|
| |
The SHA-1 and MD5 implementations in libnice are about to be removed, so
stop testing them explicitly. In addition, rework the remaining test to
use the stun_sha1() API which will remain.
Differential Revision: https://phabricator.freedesktop.org/D1608
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There should never be a problem with alignment at runtime, since we’re
casting the sockaddr to sockaddr_in or sockaddr_in6 based on its
declared sa_family — anything declared as AF_INET6 should have been
allocated as a sockaddr_in6, and hence have appropriate alignment (same
for AF_INET).
This fixes a compiler warning on ARM and other alignment-sensitive
architectures.
https://phabricator.freedesktop.org/T7718
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: Olivier Crête <olivier.crete@collabora.com>
Differential Revision: https://phabricator.freedesktop.org/D1686
|
|
|
|
|
|
|
|
| |
Client should stop sending connectivity checks with legacy FINGERPRINT
when it receives a conncheck message containing IMPLEMENTATION-VERSION
attribute.
Differential Revision: https://phabricator.freedesktop.org/D1139
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to preserve compatibility with clients which use custom CRC
lookup table from [MS-ICE2], whenever a connectivity check request or
reply is sent, an additional message is sent along. These two messages
differ only in FINGERPRINT attribute - one uses regular CRC lookup table
for calculation, the other uses the modified table.
When a message is received and FINGERPRINT doesn't pass validation using
regular CRC table, the receiver also tries to verify using the modified
table.
[MS-ICE2] 3.1.4.8.2 describes this procedure.
The commit fixes compatibility with older MSOC and Lync clients.
Differential Revision: https://phabricator.freedesktop.org/D1138
|
|
|
|
|
|
|
|
|
| |
Windows Live Messenger is a discontinued service. We can repurpose
STUN_COMPATIBILITY_WLM2009 as [MS-ICE2] compatibility.
The orignial WLM enumerator is kept for the sake of API compatibility.
Differential Revision: https://phabricator.freedesktop.org/D1137
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Connectivity checks that are fully conforming to [MS-ICE2] should
contain IMPLEMENTATION-VERSION attribute ([MS-ICE2] 2.2.2.2) equal to 2
and their FINGERPRINT should be calculated as described in RFC5389
section 15.5 (i.e. using standard CRC lookup table).
We need this because some Skype for Business clients no longer accept
messages whose FINGERPRINT contains a value calculated using Microsoft's
old custom CRC table (specified verbatim in [MS-ICE2] 3.1.4.8.2).
The change creates a compatibility breakage with legacy Lync clients
which will be fixed in following commits.
Differential Revision: https://phabricator.freedesktop.org/D1136
|
|
|
|
|
|
|
|
|
|
| |
Windows Live Messenger is a discontinued service. The only users of WLM
mode seem to be Lync clients, so STUN_USAGE_ICE_COMPATIBILITY_WLM2009
can be repurposed as [MS-ICE2] compatibility.
We keep the WLM enumerator for the sake of API compatibility.
Differential Revision: https://phabricator.freedesktop.org/D1135
|
| |
|
|
|
|
|
|
|
|
|
| |
Also reduce the normal timeout to make the test bearable.
This is what RFC 5389 section 7.2.1
Differential Revision: https://phabricator.freedesktop.org/D1056
Maniphest Task: https://phabricator.freedesktop.org/T3339
|
|
|
|
| |
We really care about the maximum transmissions, the first one counts.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the role conflict handling in stun ICE usage,
according to RFC 5245, by adding including missing cases in the
test. The role switch not only depends of the comparison of the
stun ice-controlling/controlled attrib with the agent tie breaker
value, but it also depends on the current role of the agent.
This patch also changes the value returned by
stun_usage_ice_conncheck_create_reply() when a role conflict exists
but doesn't change the role of the agent, causing an error stun
response. Previously, this case could not be differenciated by the
caller from a case with no role conflict. Now by examinating the
return value, and whether the control param changed, the caller
can check the four possibles situations. The stun test suite is
updated to match this change.
Differential Revision: https://phabricator.freedesktop.org/D873
|
|
|
|
| |
This is recommended by the STUN RFC 5389.
|