diff options
| author | Benny Prijono <bennylp@teluu.com> | 2008-04-13 21:48:44 +0000 |
|---|---|---|
| committer | Benny Prijono <bennylp@teluu.com> | 2008-04-13 21:48:44 +0000 |
| commit | 4a8f891d8fafd8dec50620ce45076dbe112f9f3e (patch) | |
| tree | d40dc7094548ee80099ca845c0b01f34cd70a596 /pjnath/src/pjturn-srv | |
| parent | 848e880ca8c2811caeccceba3f325d28c63adec0 (diff) | |
More ticket #485: fixed TURN server permission not allowing peer with the same IP to get through, and added option to disable FINGERPRINT verification in TURN server since it is currently broken when TURN is used with ICE (which has a FINGERPRINT in its Binding Request)
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1924 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjnath/src/pjturn-srv')
| -rw-r--r-- | pjnath/src/pjturn-srv/allocation.c | 28 | ||||
| -rw-r--r-- | pjnath/src/pjturn-srv/auth.c | 5 | ||||
| -rw-r--r-- | pjnath/src/pjturn-srv/main.c | 9 | ||||
| -rw-r--r-- | pjnath/src/pjturn-srv/server.c | 2 |
4 files changed, 31 insertions, 13 deletions
diff --git a/pjnath/src/pjturn-srv/allocation.c b/pjnath/src/pjturn-srv/allocation.c index b552bc45..b2215e0d 100644 --- a/pjnath/src/pjturn-srv/allocation.c +++ b/pjnath/src/pjturn-srv/allocation.c @@ -825,9 +825,10 @@ static pj_turn_permission *create_permission(pj_turn_allocation *alloc, pj_gettimeofday(&perm->expiry); perm->expiry.sec += PJ_TURN_PERM_TIMEOUT; - /* Register to hash table */ - pj_hash_set(alloc->pool, alloc->peer_table, &perm->hkey.peer_addr, - pj_sockaddr_get_len(&perm->hkey.peer_addr), 0, perm); + /* Register to hash table (only the address part!) */ + pj_hash_set(alloc->pool, alloc->peer_table, + pj_sockaddr_get_addr(&perm->hkey.peer_addr), + pj_sockaddr_get_addr_len(&perm->hkey.peer_addr), 0, perm); return perm; } @@ -845,8 +846,9 @@ static pj_turn_permission *check_permission_expiry(pj_turn_permission *perm) } /* Remove from permission hash table */ - pj_hash_set(NULL, alloc->peer_table, &perm->hkey.peer_addr, - pj_sockaddr_get_len(&perm->hkey.peer_addr), 0, NULL); + pj_hash_set(NULL, alloc->peer_table, + pj_sockaddr_get_addr(&perm->hkey.peer_addr), + pj_sockaddr_get_addr_len(&perm->hkey.peer_addr), 0, NULL); /* Remove from channel hash table, if assigned a channel number */ if (perm->channel != PJ_TURN_INVALID_CHANNEL) { @@ -865,9 +867,14 @@ lookup_permission_by_addr(pj_turn_allocation *alloc, { pj_turn_permission *perm; + PJ_UNUSED_ARG(addr_len); + /* Lookup in peer hash table */ - perm = (pj_turn_permission*) pj_hash_get(alloc->peer_table, peer_addr, - addr_len, NULL); + perm = (pj_turn_permission*) + pj_hash_get(alloc->peer_table, + pj_sockaddr_get_addr(peer_addr), + pj_sockaddr_get_addr_len(peer_addr), + NULL); return perm ? check_permission_expiry(perm) : NULL; } @@ -920,8 +927,13 @@ PJ_DEF(void) pj_turn_allocation_on_rx_client_pkt(pj_turn_allocation *alloc, * Pass this through to the STUN session, which will call * our stun_on_rx_request() or stun_on_rx_indication() * callbacks. + * + * Note: currently it is necessary to specify the + * PJ_STUN_NO_FINGERPRINT_CHECK otherwise the FINGERPRINT + * attribute inside STUN Send Indication message will mess up + * with fingerprint checking. */ - unsigned options = PJ_STUN_CHECK_PACKET; + unsigned options = PJ_STUN_CHECK_PACKET | PJ_STUN_NO_FINGERPRINT_CHECK; unsigned parsed_len = 0; if (pkt->transport->listener->tp_type == PJ_TURN_TP_UDP) diff --git a/pjnath/src/pjturn-srv/auth.c b/pjnath/src/pjturn-srv/auth.c index e02079e4..0f7e6991 100644 --- a/pjnath/src/pjturn-srv/auth.c +++ b/pjnath/src/pjturn-srv/auth.c @@ -33,7 +33,10 @@ static struct cred_t char passwd[MAX_PASSWORD]; } g_cred[] = { - { "user", "passwd" }, + { "100", "100" }, + { "700", "700" }, + { "701", "701" }, + { "702", "702" } }; #define THE_NONCE "pjnath" diff --git a/pjnath/src/pjturn-srv/main.c b/pjnath/src/pjturn-srv/main.c index 4ebdcde8..26c1171d 100644 --- a/pjnath/src/pjturn-srv/main.c +++ b/pjnath/src/pjturn-srv/main.c @@ -19,7 +19,10 @@ #include "turn.h" #include "auth.h" -#define REALM "pjsip.org" +#define REALM "pjsip.org" +#define TURN_PORT PJ_STUN_TURN_PORT +//#define TURN_PORT 34780 + static pj_caching_pool g_cp; @@ -138,12 +141,12 @@ int main() return err("Error creating server", status); status = pj_turn_listener_create_udp(srv, pj_AF_INET(), NULL, - PJ_STUN_PORT, 1, 0, &listener); + TURN_PORT, 1, 0, &listener); if (status != PJ_SUCCESS) return err("Error creating UDP listener", status); status = pj_turn_listener_create_tcp(srv, pj_AF_INET(), NULL, - PJ_STUN_PORT, 1, 0, &listener); + TURN_PORT, 1, 0, &listener); if (status != PJ_SUCCESS) return err("Error creating listener", status); diff --git a/pjnath/src/pjturn-srv/server.c b/pjnath/src/pjturn-srv/server.c index 17ded7b0..79792b78 100644 --- a/pjnath/src/pjturn-srv/server.c +++ b/pjnath/src/pjturn-srv/server.c @@ -581,7 +581,7 @@ PJ_DEF(void) pj_turn_srv_on_rx_pkt(pj_turn_srv *srv, pj_status_t status; /* Check that this is a STUN message */ - options = PJ_STUN_CHECK_PACKET; + options = PJ_STUN_CHECK_PACKET | PJ_STUN_NO_FINGERPRINT_CHECK; if (pkt->transport->listener->tp_type == PJ_TURN_TP_UDP) options |= PJ_STUN_IS_DATAGRAM; |