From 0b70e024faa1fa712a7f8f15b602f10ae7348f19 Mon Sep 17 00:00:00 2001 From: Fabrice Bellet Date: Wed, 12 Jun 2019 21:44:48 +0200 Subject: conncheck: test inbound stun address on the candidate base address When receiving an stun packet on a socket, and looking for the matching local candidate, normally it doesn't make a difference to test the address or the base address. Because a pair cannot have a local candidate of type srv-rflx, where there would be a difference, the local candidate obtained will be part of a pair of the conncheck list. Except for the case of a pairs with tcp-act local candidate, where the addr has a port number of zero (tcp-act socket before connect), and the socket of the stun packet has a non-null port number (tcp-act socket after connect), corresponding to the base address of another peer-reflexive tcp-act local candidate, previously discoverd. The selection of the local candidate concerned by an inbound stun request happens when early incoming checks are processed, and when inbound stun packets are normally received during the conncheck. This commit complete commit e6a1941 (for early incoming checks) in the normal inbound stun packets code path, where is similar modification is needed. --- agent/conncheck.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/agent/conncheck.c b/agent/conncheck.c index ca5c516..e139ead 100644 --- a/agent/conncheck.c +++ b/agent/conncheck.c @@ -4468,7 +4468,14 @@ gboolean conn_check_handle_inbound_stun (NiceAgent *agent, NiceStream *stream, } for (i = component->local_candidates; i; i = i->next) { NiceCandidate *cand = i->data; - if (nice_address_equal (&nicesock->addr, &cand->addr)) { + NiceAddress *addr; + + if (cand->type == NICE_CANDIDATE_TYPE_RELAYED) + addr = &cand->addr; + else + addr = &cand->base_addr; + + if (nice_address_equal (&nicesock->addr, addr)) { local_candidate = cand; break; } -- cgit v1.2.1