1. 06 May, 2020 1 commit
  2. 05 May, 2020 5 commits
  3. 04 May, 2020 14 commits
    • Fabrice Bellet's avatar
      conncheck: more debug · 95de1465
      Fabrice Bellet authored
    • Fabrice Bellet's avatar
      conncheck: add debug about agent mode · e1fb2f0f
      Fabrice Bellet authored
    • Fabrice Bellet's avatar
    • Fabrice Bellet's avatar
    • Fabrice Bellet's avatar
      conncheck: wait for a pair until all stun requests are completed · 19c599a0
      Fabrice Bellet authored
      Only the newest stun request may need to be retransmitted, according to
      the pair retransmit flag. This is the first element of the
      stun_transactions list. Older stun requests are just kept around until
      their timeout expires, without retransmission.
      The newest stun request is usually the last one that will timeout.
      Current code was based on that assumption, causing the pair to fail when
      the newest stun request timeout expires. This is not always true, and some
      older stun requests may have a greater timeout delay.
      So, we should wait until *all* stun requests of a given pair have
      reached their timeout.
      We also refactor this part of the code, to handle the first stun and the
      other stun requests in the same loop.
    • Fabrice Bellet's avatar
      discovery: use different port numbers for every local host candidates · a04fa4d4
      Fabrice Bellet authored
      This constraint is added to handle the situation where the agent runs on
      a box doing SNAT on one of its outgoing network interface. The NAT does
      usually its best to ensure that source port number is preserved on the
      external NAT address and port. This is called "port preservation" in RFC
      When two local host candidates are allowed to have the same source port
      number, we increase the risk that a first local host candidate *is* the
      NAT mapping address and port of a second local host candidate, because
      of the "port preservation" effect. When it happens, a server reflexive
      candidate and a host candidate will have the same address and port.
      For that situation to happen, a stun request must be emitted from the
      internal address first, the NAT mapping doing the port preservation will
      be created for the internal address, and when a stun request is sent
      from the external address thereafter, a new NAT mapping will be created,
      but without port preservation, because the previous mapping already took
      that reservation.
      The problem will occur on the remote agent, when receiving a stun request
      from this address and port, that has no way to know wheather it comes from
      the host or the server reflexive candidate, if both have been advertised
      remotely, resulting in pair type mislabelling.
      This case may happen more easily when a source port range is reduced.
    • Fabrice Bellet's avatar
      agent: stay in aggressive mode after conncheck has started · 0b80cbba
      Fabrice Bellet authored
      When remote tcp candidates are received late after the conncheck has
      started, RFC 6554 suggests that we switch the nomination mode back from
      aggressive to regular. The problem is that some stun requests may
      already be inflight with the use-candidate stun flag set, and reverting
      to regular mode in that case is too late, because these inflight
      requests may nominate a pair on the remote agent, and not on the local
      agent. We prefer to just ignore remote tcp candidates that are received
      after the component state has reached state CONNECTING.
    • Fabrice Bellet's avatar
    • Fabrice Bellet's avatar
      agent: fix boundary test of max turn servers and local addresses · e7aaa5dc
      Fabrice Bellet authored
      We can accept up to 8 turn servers, with turn preference value
      starting at zero. Also fix the error message.
    • Fabrice Bellet's avatar
      discovery: add a unique local preference value per turn server · 65fd9663
      Fabrice Bellet authored
      This value is built from the position in the component turn servers
      list, and from the base address network interface position in the list
      of network interfaces. This value is used to ensure a unique candidate
      priority for each one. Also ensure that the fields that compose the
      local preference don't overlap, by checking their maximum value.  See
      RFC-8445, section "Guidelines for Choosing Type and Local
    • Fabrice Bellet's avatar
    • Fabrice Bellet's avatar
      candidate: ensuring stun priority uniqueness no more needed · f997215d
      Fabrice Bellet authored
      The uniqueness of candidate priorities is achieved by the iteration on
      the ip local addresses for local host candidates, and also on their base
      address for reflexive and relay candidates. Helper function checking
      its uniqueness at allocation time is not required anyore.
      The priority of the stun request (prflx_priority) is built from the
      priority of the local candidate of the pair, according the RFC 5245,
      section This priority must be identical to a virtual "local
      candidate of type peer-reflexive that would be learned as a consequence
      of a check from this local candidate."
      Outgoing stun requests will come from local candidates of type host or
      type relayed. The priority uniqueness of local candidates of type host
      implies the uniqueness of the computed peer-reflexive priority.  And
      relay local candidates cannot produce a peer-reflexive local candidate
      by design, so we can safely use their unique local priority too in
      the stun request.
    • Tim-Philipp Müller's avatar
      subprojects: bump glib wrap to latest stable branch for msys build · ab14d9ed
      Tim-Philipp Müller authored
      Should fix build failures with latest mingw compiler in msys.
    • Tim-Philipp Müller's avatar
      ci: update windows image · d2e491c9
      Tim-Philipp Müller authored
      The old one (v8) was removed from the gstreamer registry it seems.
  4. 02 Mar, 2020 10 commits
  5. 28 Feb, 2020 1 commit
  6. 17 Feb, 2020 2 commits
  7. 14 Feb, 2020 2 commits
    • Jakub Adam's avatar
      conncheck: Connection check reply must have a remote candidate · 502ddb83
      Jakub Adam authored
      Ensure that a conncheck reply is coming from an address and port of a
      known remote candidate and that the type of incoming socket matches that
      candidate's transport.
      Attemps to fix a Coverity issue in which no matching remote_candidate
      gets found for a connectivity reply in conn_check_handle_inbound_stun()
      (apparently due to transport mismatch), yet
      priv_map_reply_to_conn_check_request() still successfully matches it
      with a previous request.
    • Jakub Adam's avatar
      conncheck: Typo fix · 7af761f3
      Jakub Adam authored
  8. 13 Feb, 2020 5 commits