diff options
-rw-r--r-- | pjnath/include/pjnath/stun_msg.h | 10 | ||||
-rw-r--r-- | pjnath/src/pjnath/stun_msg.c | 4 | ||||
-rw-r--r-- | pjnath/src/pjturn-srv/allocation.c | 28 | ||||
-rw-r--r-- | pjnath/src/pjturn-srv/auth.c | 5 | ||||
-rw-r--r-- | pjnath/src/pjturn-srv/main.c | 9 | ||||
-rw-r--r-- | pjnath/src/pjturn-srv/server.c | 2 |
6 files changed, 43 insertions, 15 deletions
diff --git a/pjnath/include/pjnath/stun_msg.h b/pjnath/include/pjnath/stun_msg.h index c88397bc..7c3805ea 100644 --- a/pjnath/include/pjnath/stun_msg.h +++ b/pjnath/include/pjnath/stun_msg.h @@ -1158,7 +1158,15 @@ enum pj_stun_decode_options * When specified, it tells the session NOT to authenticate the * message. */ - PJ_STUN_NO_AUTHENTICATE = 4 + PJ_STUN_NO_AUTHENTICATE = 4, + + /** + * Disable FINGERPRINT verification. This option can be used when calling + * #pj_stun_msg_check() and #pj_stun_msg_decode() to disable the + * verification of FINGERPRINT, for example when the STUN usage says when + * FINGERPRINT mechanism shall not * be used. + */ + PJ_STUN_NO_FINGERPRINT_CHECK = 8 }; diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c index 716683fb..21315f3b 100644 --- a/pjnath/src/pjnath/stun_msg.c +++ b/pjnath/src/pjnath/stun_msg.c @@ -1868,7 +1868,9 @@ PJ_DEF(pj_status_t) pj_stun_msg_check(const pj_uint8_t *pdu, unsigned pdu_len, if (GETVAL32H(pdu, 4) == PJ_STUN_MAGIC) { /* Check if FINGERPRINT attribute is present */ - if (GETVAL16H(pdu, msg_len + 20 - 8) == PJ_STUN_ATTR_FINGERPRINT) { + if ((options & PJ_STUN_NO_FINGERPRINT_CHECK )==0 && + GETVAL16H(pdu, msg_len + 20 - 8) == PJ_STUN_ATTR_FINGERPRINT) + { pj_uint16_t attr_len = GETVAL16H(pdu, msg_len + 20 - 8 + 2); pj_uint32_t fingerprint = GETVAL32H(pdu, msg_len + 20 - 8 + 4); pj_uint32_t crc; diff --git a/pjnath/src/pjturn-srv/allocation.c b/pjnath/src/pjturn-srv/allocation.c index b552bc45..b2215e0d 100644 --- a/pjnath/src/pjturn-srv/allocation.c +++ b/pjnath/src/pjturn-srv/allocation.c @@ -825,9 +825,10 @@ static pj_turn_permission *create_permission(pj_turn_allocation *alloc, pj_gettimeofday(&perm->expiry); perm->expiry.sec += PJ_TURN_PERM_TIMEOUT; - /* Register to hash table */ - pj_hash_set(alloc->pool, alloc->peer_table, &perm->hkey.peer_addr, - pj_sockaddr_get_len(&perm->hkey.peer_addr), 0, perm); + /* Register to hash table (only the address part!) */ + pj_hash_set(alloc->pool, alloc->peer_table, + pj_sockaddr_get_addr(&perm->hkey.peer_addr), + pj_sockaddr_get_addr_len(&perm->hkey.peer_addr), 0, perm); return perm; } @@ -845,8 +846,9 @@ static pj_turn_permission *check_permission_expiry(pj_turn_permission *perm) } /* Remove from permission hash table */ - pj_hash_set(NULL, alloc->peer_table, &perm->hkey.peer_addr, - pj_sockaddr_get_len(&perm->hkey.peer_addr), 0, NULL); + pj_hash_set(NULL, alloc->peer_table, + pj_sockaddr_get_addr(&perm->hkey.peer_addr), + pj_sockaddr_get_addr_len(&perm->hkey.peer_addr), 0, NULL); /* Remove from channel hash table, if assigned a channel number */ if (perm->channel != PJ_TURN_INVALID_CHANNEL) { @@ -865,9 +867,14 @@ lookup_permission_by_addr(pj_turn_allocation *alloc, { pj_turn_permission *perm; + PJ_UNUSED_ARG(addr_len); + /* Lookup in peer hash table */ - perm = (pj_turn_permission*) pj_hash_get(alloc->peer_table, peer_addr, - addr_len, NULL); + perm = (pj_turn_permission*) + pj_hash_get(alloc->peer_table, + pj_sockaddr_get_addr(peer_addr), + pj_sockaddr_get_addr_len(peer_addr), + NULL); return perm ? check_permission_expiry(perm) : NULL; } @@ -920,8 +927,13 @@ PJ_DEF(void) pj_turn_allocation_on_rx_client_pkt(pj_turn_allocation *alloc, * Pass this through to the STUN session, which will call * our stun_on_rx_request() or stun_on_rx_indication() * callbacks. + * + * Note: currently it is necessary to specify the + * PJ_STUN_NO_FINGERPRINT_CHECK otherwise the FINGERPRINT + * attribute inside STUN Send Indication message will mess up + * with fingerprint checking. */ - unsigned options = PJ_STUN_CHECK_PACKET; + unsigned options = PJ_STUN_CHECK_PACKET | PJ_STUN_NO_FINGERPRINT_CHECK; unsigned parsed_len = 0; if (pkt->transport->listener->tp_type == PJ_TURN_TP_UDP) diff --git a/pjnath/src/pjturn-srv/auth.c b/pjnath/src/pjturn-srv/auth.c index e02079e4..0f7e6991 100644 --- a/pjnath/src/pjturn-srv/auth.c +++ b/pjnath/src/pjturn-srv/auth.c @@ -33,7 +33,10 @@ static struct cred_t char passwd[MAX_PASSWORD]; } g_cred[] = { - { "user", "passwd" }, + { "100", "100" }, + { "700", "700" }, + { "701", "701" }, + { "702", "702" } }; #define THE_NONCE "pjnath" diff --git a/pjnath/src/pjturn-srv/main.c b/pjnath/src/pjturn-srv/main.c index 4ebdcde8..26c1171d 100644 --- a/pjnath/src/pjturn-srv/main.c +++ b/pjnath/src/pjturn-srv/main.c @@ -19,7 +19,10 @@ #include "turn.h" #include "auth.h" -#define REALM "pjsip.org" +#define REALM "pjsip.org" +#define TURN_PORT PJ_STUN_TURN_PORT +//#define TURN_PORT 34780 + static pj_caching_pool g_cp; @@ -138,12 +141,12 @@ int main() return err("Error creating server", status); status = pj_turn_listener_create_udp(srv, pj_AF_INET(), NULL, - PJ_STUN_PORT, 1, 0, &listener); + TURN_PORT, 1, 0, &listener); if (status != PJ_SUCCESS) return err("Error creating UDP listener", status); status = pj_turn_listener_create_tcp(srv, pj_AF_INET(), NULL, - PJ_STUN_PORT, 1, 0, &listener); + TURN_PORT, 1, 0, &listener); if (status != PJ_SUCCESS) return err("Error creating listener", status); diff --git a/pjnath/src/pjturn-srv/server.c b/pjnath/src/pjturn-srv/server.c index 17ded7b0..79792b78 100644 --- a/pjnath/src/pjturn-srv/server.c +++ b/pjnath/src/pjturn-srv/server.c @@ -581,7 +581,7 @@ PJ_DEF(void) pj_turn_srv_on_rx_pkt(pj_turn_srv *srv, pj_status_t status; /* Check that this is a STUN message */ - options = PJ_STUN_CHECK_PACKET; + options = PJ_STUN_CHECK_PACKET | PJ_STUN_NO_FINGERPRINT_CHECK; if (pkt->transport->listener->tp_type == PJ_TURN_TP_UDP) options |= PJ_STUN_IS_DATAGRAM; |