| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
By default, 'candidate_identifier == NULL' only happens for 'compatibility
== NICE_COMPATIBILITY_GOOGLE'. However, keepalive=true will also trigger
the same code path so candidate_identifier must be checked to avoid a
segfault.
|
| |
|
|
|
|
|
|
| |
MacOS X and Windows don't have MSG_NOSIGNAL.
Signed-off-by: Justin Kim <justin.kim@collabora.com>
|
|
|
|
|
|
|
| |
Like all other instances of nice_RAND_bytes that were renamed
to nice_RAND_nonce.
Fixes the windows build
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The MS Office TURN servers will always return the MS_ALTERNATE_SERVER in
allocation responses, and if they are not handled, we end up using the
main turn server to send allocation requests that then get sent to the
alternate server which will return the XOR_MAPPED_ADDRESS containing
the IP address of the turn server that proxied the message instead of
our own actual external IP.
|
|
|
|
|
|
|
|
| |
https://phabricator.freedesktop.org/T7798
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: Olivier Crête <olivier.crete@collabora.com>
Differential Revision: https://phabricator.freedesktop.org/D1819
|
|
|
|
| |
Differential Revision: https://phabricator.freedesktop.org/D1754
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three STUN binding request properties should be customisable. RFC 5245
describes the retransmission timer of the STUN transaction 'RTO', and
RFC 5389 describes the number of retransmissions to send until a
response is received 'Rc'. The third property is the 'RTO' when
a reliable connection is used.
RFC 5389 introduces a supplementary property 'Rm' as a multiplier used
to compute the final timeout RTO * Rm. However, this property is not
added in libnice, because this would require breaking the public API for
STUN. Currently, our STUN implementation hardcodes a division by two for
this final timeout.
Differential Revision: https://phabricator.freedesktop.org/D1109
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to RFC 5389, section 7.2.1, a special timeout is applied to
the last retransmission (Rm * RTO), with Rm default value of 16, instead
of (64 * RTO), 2^6 when the number of transmissions Rc is set to 7.
As spotted by Olivier Crete, stun_timer_* is a public API, that cannot
be changed, and the initial delay (RTO) is not preserved in the
stun_timer_s struct. So we use a hack that implicitely guess Rm from the
number of transmissions Rc, by generalizing the default value of the
spec for Rm and Rc to other values of Rc passed in stun_timer_start(
According to the spec, with the default value of Rc=7, the last delay
should be (64 * RTO), and it is instead (16 * RTO). So the last delay
can be computed by dividing the penultimate delay by two, instead of
multiplying it by two.
Differential Revision: https://phabricator.freedesktop.org/D1108
|
|
|
|
| |
Various little things, none of which should make a functional difference.
|
| |
|
| |
|
|
|
|
| |
This makes clang happy.
|
|
|
|
|
|
| |
It's only nonce level randomness, not long term key level.
Differential Revision: https://phabricator.freedesktop.org/D1711
|
|
|
|
|
|
|
| |
GLib already uses it, instead of adding another dep.
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Differential Revision: https://phabricator.freedesktop.org/D1705
|
|
|
|
|
|
|
| |
Now that libstun depends on libgcrypt, we might as well use its SHA1 hash
support, rather than carrying around our own.
Differential Revision: https://phabricator.freedesktop.org/D1612
|
|
|
|
|
|
|
| |
Now that libstun depends on libgcrypt, we might as well use its MD5 hash
support, rather than carrying around our own.
Differential Revision: https://phabricator.freedesktop.org/D1611
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, a custom Mersenne Twister PRNG was used, which is not
securely random. In addition, its seeding fell back to wall-clock time,
which is typically predictable.
This uses libgcrypt on Linux but retains the Windows code which uses the
Windows crypt API.
Differential Revision: https://phabricator.freedesktop.org/D1610
|
|
|
|
|
|
| |
This will shortly be used to implement secure random number generation.
Differential Revision: https://phabricator.freedesktop.org/D1609
|
|
|
|
|
|
|
|
| |
The SHA-1 and MD5 implementations in libnice are about to be removed, so
stop testing them explicitly. In addition, rework the remaining test to
use the stun_sha1() API which will remain.
Differential Revision: https://phabricator.freedesktop.org/D1608
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There should never be a problem with alignment at runtime, since we’re
casting the sockaddr to sockaddr_in or sockaddr_in6 based on its
declared sa_family — anything declared as AF_INET6 should have been
allocated as a sockaddr_in6, and hence have appropriate alignment (same
for AF_INET).
This fixes a compiler warning on ARM and other alignment-sensitive
architectures.
https://phabricator.freedesktop.org/T7718
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: Olivier Crête <olivier.crete@collabora.com>
Differential Revision: https://phabricator.freedesktop.org/D1686
|
|
|
|
|
|
|
|
| |
Client should stop sending connectivity checks with legacy FINGERPRINT
when it receives a conncheck message containing IMPLEMENTATION-VERSION
attribute.
Differential Revision: https://phabricator.freedesktop.org/D1139
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to preserve compatibility with clients which use custom CRC
lookup table from [MS-ICE2], whenever a connectivity check request or
reply is sent, an additional message is sent along. These two messages
differ only in FINGERPRINT attribute - one uses regular CRC lookup table
for calculation, the other uses the modified table.
When a message is received and FINGERPRINT doesn't pass validation using
regular CRC table, the receiver also tries to verify using the modified
table.
[MS-ICE2] 3.1.4.8.2 describes this procedure.
The commit fixes compatibility with older MSOC and Lync clients.
Differential Revision: https://phabricator.freedesktop.org/D1138
|
|
|
|
|
|
|
|
|
| |
Windows Live Messenger is a discontinued service. We can repurpose
STUN_COMPATIBILITY_WLM2009 as [MS-ICE2] compatibility.
The orignial WLM enumerator is kept for the sake of API compatibility.
Differential Revision: https://phabricator.freedesktop.org/D1137
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Connectivity checks that are fully conforming to [MS-ICE2] should
contain IMPLEMENTATION-VERSION attribute ([MS-ICE2] 2.2.2.2) equal to 2
and their FINGERPRINT should be calculated as described in RFC5389
section 15.5 (i.e. using standard CRC lookup table).
We need this because some Skype for Business clients no longer accept
messages whose FINGERPRINT contains a value calculated using Microsoft's
old custom CRC table (specified verbatim in [MS-ICE2] 3.1.4.8.2).
The change creates a compatibility breakage with legacy Lync clients
which will be fixed in following commits.
Differential Revision: https://phabricator.freedesktop.org/D1136
|
|
|
|
|
|
|
|
|
|
| |
Windows Live Messenger is a discontinued service. The only users of WLM
mode seem to be Lync clients, so STUN_USAGE_ICE_COMPATIBILITY_WLM2009
can be repurposed as [MS-ICE2] compatibility.
We keep the WLM enumerator for the sake of API compatibility.
Differential Revision: https://phabricator.freedesktop.org/D1135
|
| |
|
|
|
|
|
|
|
|
|
| |
Also reduce the normal timeout to make the test bearable.
This is what RFC 5389 section 7.2.1
Differential Revision: https://phabricator.freedesktop.org/D1056
Maniphest Task: https://phabricator.freedesktop.org/T3339
|
|
|
|
| |
We really care about the maximum transmissions, the first one counts.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the role conflict handling in stun ICE usage,
according to RFC 5245, by adding including missing cases in the
test. The role switch not only depends of the comparison of the
stun ice-controlling/controlled attrib with the agent tie breaker
value, but it also depends on the current role of the agent.
This patch also changes the value returned by
stun_usage_ice_conncheck_create_reply() when a role conflict exists
but doesn't change the role of the agent, causing an error stun
response. Previously, this case could not be differenciated by the
caller from a case with no role conflict. Now by examinating the
return value, and whether the control param changed, the caller
can check the four possibles situations. The stun test suite is
updated to match this change.
Differential Revision: https://phabricator.freedesktop.org/D873
|
|
|
|
| |
This is recommended by the STUN RFC 5389.
|
|
|
|
|
| |
Reviewed-by: Olivier Crête <olivier.crete@collabora.com>
Differential Revision: https://phabricator.freedesktop.org/D807
|
|
|
|
|
|
|
| |
To match debug_enable in agent/debug.c. Debug can still be enabled by
calling stun_debug_enable() or nice_debug_enable().
Spotted on the mailing list by Tom Chen.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per [MS-TURN] Section 2.2.1, TURN message type 0x0104 "Send request
response" isn't supported and the TURN server MUST NOT send them. Thus,
libnice should not remember Send requests in agent->sent_ids because
without replies coming, the number of allowed pending transaction gets
quickly exhausted, causing our data packets to be dropped until a
request timeout frees some space in the queue.
This behavior resulted in choppy reception of our audio on a Lync client
when connected via Lync Edge (TURN) Server.
Maniphest Tasks: T126
Reviewers: pwithnall
Projects: #libnice
Reviewed By: pwithnall
Subscribers: pwithnall
Differential Revision: https://phabricator.freedesktop.org/D223
|
| |
|
|
|
|
| |
This fixes some compiler warnings.
|
|
|
|
| |
This remove a gcc warning
|
|
|
|
| |
As detected by GCC 4.9.
|
|
|
|
|
| |
NULL is ((gpointer) 0). nul is '\0'. Arrays can be NULL terminated.
Strings can be nul terminated.
|
|
|
|
|
|
|
| |
Dynamic on-stack arrays are not supported in Visual Studio.
This has the downside of introducing an extra memory allocation into
libstun, but it’s on a debug path so should be harmless.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Visual Studio 2010 still doesn’t support C99, and snprintf() is a C99
function, so compilation fails with:
error: C3861: 'snprintf': identifier not found
Use sprintf() instead, which is C89 and thus supported. This does not
make the code unsafe, as the format specifier is constrained to two
characters (+ trailing nul), which are guaranteed to fit in the array
bounds.
Reported on the mailing list:
http://lists.freedesktop.org/archives/nice/2014-October/000978.html
|
|
|
|
|
| |
This straightens out the last few bits of the documentation and almost
allows `make check` to pass in docs/.
|
|
|
|
|
|
|
|
|
| |
The symbol is not exported, but nevertheless leaks in the static version
of libnice, due to limitations on symbol visibilities with static
libraries. OpenSSL has a symbol named RAND_bytes(), which ours clashes
with if the two are linked together statically.
Avoid this by prefixing ours with ‘nice_’.
|
|
|
|
|
|
| |
Since dropping a STUN message due to having insufficient buffer space in
libstun can cause ICE negotiation to fail. So we want it to be more
obvious in the logs.
|
|
|
|
| |
ssize_t should definitely be signed, not unsigned.
|
|
|
|
|
|
| |
Send thing one line at a time, so no explicit \n
Also make it possible to set a log handler explicitly
|
| |
|
| |
|