mirror of
				https://github.com/coturn/coturn.git
				synced 2025-10-25 04:51:04 +02:00 
			
		
		
		
	RESPONSE_ORIGIN attribute only if rfc5780 is on
This commit is contained in:
		
							parent
							
								
									54ef051844
								
							
						
					
					
						commit
						708b83ea78
					
				| @ -23,10 +23,14 @@ Version 4.5.3 'dan Eider': | ||||
| 		* SSL reload has hidden bugs which cause crashes | ||||
| 	- Fix regression in PR #739 | ||||
| 	- Try to mitigate amplification attatck  | ||||
| 		* Add option --no-rfc5780 | ||||
| 		* Add new option --no-rfc5780 | ||||
| 		  to force disable RFC8750 | ||||
| 		* Add new option --no-stun-backward-compatibility | ||||
| 		  Disable handling old STUN Binding requests and disable MAPPED-ADDRESS attribute in binding response (use only the XOR-MAPPED-ADDRESS). | ||||
| 		  Disable handling old STUN Binding requests and disable | ||||
| 		  MAPPED-ADDRESS attribute in binding response (use only the | ||||
| 		  XOR-MAPPED-ADDRESS) | ||||
| 		* Add new option --response-origin-only-with-rfc5780 | ||||
| 		  Add RESPONSE_ORIGIN attribute only if rfc5780 is enabled | ||||
| 
 | ||||
| 10/01/2021 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu> | ||||
| Version 4.5.2 'dan Eider': | ||||
|  | ||||
| @ -616,6 +616,7 @@ Options with values: | ||||
|                     adds attributes to response, and this increase the possibility of an amplification attack. | ||||
|                     Strongly encouraged to use this option to decrease gain factor in STUN binding responses. | ||||
| --no-stun-backward-compatibility		Disable handling old STUN Binding requests and disable MAPPED-ADDRESS attribute in binding response (use only the XOR-MAPPED-ADDRESS). | ||||
| --response-origin-only-with-rfc5780		Only send RESPONSE-ORIGIN attribute in binding response if RFC5780 is enabled. | ||||
| 					 | ||||
| 
 | ||||
| ================================== | ||||
|  | ||||
| @ -781,3 +781,9 @@ no-rfc5780 | ||||
| # | ||||
| no-stun-backward-compatibility | ||||
| 
 | ||||
| # Only send RESPONSE-ORIGIN attribute in binding response if RFC5780 is enabled. | ||||
| # | ||||
| # Strongly encouraged to use this option to decrease gain factor in STUN | ||||
| # binding responses. | ||||
| # | ||||
| response-origin-only-with-rfc5780 | ||||
|  | ||||
| @ -188,6 +188,7 @@ ALLOCATION_DEFAULT_ADDRESS_FAMILY_IPV4,  /* allocation_default_address_family */ | ||||
| 
 | ||||
| 0,  /* log_binding */ | ||||
| 0,	/* no_stun_backward_compatibility */ | ||||
| 0	/* response_origin_only_with_rfc5780 */ | ||||
| }; | ||||
| 
 | ||||
| //////////////// OpenSSL Init //////////////////////
 | ||||
| @ -699,6 +700,7 @@ static char Usage[] = "Usage: turnserver [options]\n" | ||||
| "						Strongly encouraged to use this option to decrease gain factor in STUN binding responses.\n" | ||||
| " --no-stun-backward-compatibility		Disable handling old STUN Binding requests and disable MAPPED-ADDRESS attribute\n" | ||||
| "						in binding response (use only the XOR-MAPPED-ADDRESS).\n" | ||||
| " --response-origin-only-with-rfc5780		Only send RESPONSE-ORIGIN attribute in binding response if RFC5780 is enabled.\n" | ||||
| " -h						Help\n" | ||||
| "\n"; | ||||
| 
 | ||||
| @ -846,7 +848,8 @@ enum EXTRA_OPTS { | ||||
| 	ACME_REDIRECT_OPT, | ||||
| 	LOG_BINDING_OPT, | ||||
| 	NO_RFC5780, | ||||
| 	NO_STUN_BACKWARD_COMPATIBILITY_OPT | ||||
| 	NO_STUN_BACKWARD_COMPATIBILITY_OPT, | ||||
| 	RESPONSE_ORIGIN_ONLY_WITH_RFC5780_OPT | ||||
| }; | ||||
| 
 | ||||
| struct myoption { | ||||
| @ -985,6 +988,7 @@ static const struct myoption long_options[] = { | ||||
| 				{ "log-binding", optional_argument, NULL, LOG_BINDING_OPT }, | ||||
| 				{ "no-rfc5780", optional_argument, NULL, NO_RFC5780 }, | ||||
| 				{ "no-stun-backward-compatibility", optional_argument, NULL, NO_STUN_BACKWARD_COMPATIBILITY_OPT }, | ||||
| 				{ "response-origin-only-with-rfc5780", optional_argument, NULL, RESPONSE_ORIGIN_ONLY_WITH_RFC5780_OPT }, | ||||
| 				{ NULL, no_argument, NULL, 0 } | ||||
| }; | ||||
| 
 | ||||
| @ -1664,6 +1668,9 @@ static void set_option(int c, char *value) | ||||
| 	case NO_STUN_BACKWARD_COMPATIBILITY_OPT: | ||||
| 		turn_params.no_stun_backward_compatibility = get_bool_value(value); | ||||
| 		break; | ||||
| 	case RESPONSE_ORIGIN_ONLY_WITH_RFC5780_OPT: | ||||
| 		turn_params.response_origin_only_with_rfc5780 = get_bool_value(value); | ||||
| 		break; | ||||
| 
 | ||||
| 	/* these options have been already taken care of before: */ | ||||
| 	case 'l': | ||||
|  | ||||
| @ -340,6 +340,7 @@ typedef struct _turn_params_ { | ||||
| 
 | ||||
|   vint log_binding; | ||||
|   vint no_stun_backward_compatibility; | ||||
|   vint response_origin_only_with_rfc5780; | ||||
| } turn_params_t; | ||||
| 
 | ||||
| extern turn_params_t turn_params; | ||||
|  | ||||
| @ -1695,7 +1695,8 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int | ||||
| 		turn_params.acme_redirect, | ||||
| 		turn_params.allocation_default_address_family, | ||||
| 		&turn_params.log_binding, | ||||
| 		&turn_params.no_stun_backward_compatibility | ||||
| 		&turn_params.no_stun_backward_compatibility, | ||||
| 		&turn_params.response_origin_only_with_rfc5780 | ||||
| 		); | ||||
| 	 | ||||
| 	if(to_set_rfc5780) { | ||||
|  | ||||
| @ -2881,14 +2881,16 @@ static int handle_turn_binding(turn_turnserver *server, | ||||
| 
 | ||||
| 			if(!is_rfc5780(server)) { | ||||
| 
 | ||||
| 				if(old_stun) { | ||||
| 					stun_attr_add_addr_str(ioa_network_buffer_data(nbh), &len, | ||||
| 								OLD_STUN_ATTRIBUTE_SOURCE_ADDRESS, response_origin); | ||||
| 					stun_attr_add_addr_str(ioa_network_buffer_data(nbh), &len, | ||||
| 								OLD_STUN_ATTRIBUTE_CHANGED_ADDRESS, response_origin); | ||||
| 				} else { | ||||
| 					stun_attr_add_addr_str(ioa_network_buffer_data(nbh), &len, | ||||
| 							STUN_ATTRIBUTE_RESPONSE_ORIGIN, response_origin); | ||||
| 				if(!(*server->response_origin_only_with_rfc5780)) { | ||||
| 					if(old_stun) { | ||||
| 						stun_attr_add_addr_str(ioa_network_buffer_data(nbh), &len, | ||||
| 									OLD_STUN_ATTRIBUTE_SOURCE_ADDRESS, response_origin); | ||||
| 						stun_attr_add_addr_str(ioa_network_buffer_data(nbh), &len, | ||||
| 									OLD_STUN_ATTRIBUTE_CHANGED_ADDRESS, response_origin); | ||||
| 					} else { | ||||
| 						stun_attr_add_addr_str(ioa_network_buffer_data(nbh), &len, | ||||
| 								STUN_ATTRIBUTE_RESPONSE_ORIGIN, response_origin); | ||||
| 					} | ||||
| 				} | ||||
| 
 | ||||
| 			} else if(ss->client_socket) { | ||||
| @ -4937,7 +4939,8 @@ void init_turn_server(turn_turnserver* server, | ||||
| 		const char* acme_redirect, | ||||
| 		ALLOCATION_DEFAULT_ADDRESS_FAMILY allocation_default_address_family, | ||||
| 		vintp log_binding, | ||||
| 		vintp no_stun_backward_compatibility) { | ||||
| 		vintp no_stun_backward_compatibility, | ||||
| 		vintp response_origin_only_with_rfc5780) { | ||||
| 
 | ||||
| 	if (!server) | ||||
| 		return; | ||||
| @ -5013,6 +5016,8 @@ void init_turn_server(turn_turnserver* server, | ||||
| 	server->log_binding = log_binding; | ||||
| 
 | ||||
| 	server->no_stun_backward_compatibility = no_stun_backward_compatibility; | ||||
| 
 | ||||
| 	server->response_origin_only_with_rfc5780 = response_origin_only_with_rfc5780; | ||||
| } | ||||
| 
 | ||||
| ioa_engine_handle turn_server_get_engine(turn_turnserver *s) { | ||||
|  | ||||
| @ -190,6 +190,9 @@ struct _turn_turnserver { | ||||
| 
 | ||||
| 	/* Disable handling old STUN Binding Requests and disable MAPPED-ADDRESS attribute in response */ | ||||
| 	vintp no_stun_backward_compatibility; | ||||
| 
 | ||||
| 	/* Only send RESPONSE-ORIGIN attribute in response if RFC5780 is enabled */ | ||||
| 	vintp response_origin_only_with_rfc5780; | ||||
| }; | ||||
| 
 | ||||
| const char * get_version(turn_turnserver *server); | ||||
| @ -238,7 +241,8 @@ void init_turn_server(turn_turnserver* server, | ||||
| 					const char* acme_redirect, | ||||
| 					ALLOCATION_DEFAULT_ADDRESS_FAMILY allocation_default_address_family, | ||||
| 					vintp log_binding, | ||||
| 					vintp no_stun_backward_compatibility | ||||
| 					vintp no_stun_backward_compatibility, | ||||
| 					vintp response_origin_only_with_rfc5780 | ||||
| 					); | ||||
| 
 | ||||
| ioa_engine_handle turn_server_get_engine(turn_turnserver *s); | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user