RFC 5766 TURN client implementation in go
License: MIT License
Package turnc implements TURN [RFC5766] client.
Based on pion/stun and gortc/turn packages.
Work in progress
Check out the contributing wiki to join the group of amazing people making this project possible:
MIT
Connecting through twilio TURN server with credentials.
No errors.
We receive a bunch of these error messages. Like, dozens.
Failed to create TURN permission unexpected error response: CreatePermission error response (error 403: Forbidden IP)
Failed to create TURN permission unexpected error response: CreatePermission error response (error 443: Peer Address Family Mismatch (4))
==================
WARNING: DATA RACE
Read at 0x00c0000d1b43 by goroutine 108:
testing.(*common).logDepth()
/opt/go/src/testing/testing.go:629 +0x132
testing.(*common).Logf()
/opt/go/src/testing/testing.go:614 +0x90
github.com/pion/turnc.(*verboseConn).Read()
/home/sean/Documents/Programming/Go/Code/src/github.com/pion/turnc/client_test.go:153 +0x124
github.com/pion/turnc.(*Client).readUntilClosed()
/home/sean/Documents/Programming/Go/Code/src/github.com/pion/turnc/client.go:164 +0xee
Previous write at 0x00c0000d1b43 by goroutine 14:
testing.tRunner.func1()
/opt/go/src/testing/testing.go:856 +0x33e
testing.tRunner()
/opt/go/src/testing/testing.go:869 +0x17f
Goroutine 108 (running) created at:
github.com/pion/turnc.New()
/home/sean/Documents/Programming/Go/Code/src/github.com/pion/turnc/client.go:107 +0x356
github.com/pion/turnc.TestClient_STUNHandler.func4()
/home/sean/Documents/Programming/Go/Code/src/github.com/pion/turnc/client_test.go:485 +0x2f0
testing.tRunner()
/opt/go/src/testing/testing.go:865 +0x163
Goroutine 14 (finished) created at:
testing.(*T).Run()
/opt/go/src/testing/testing.go:916 +0x699
testing.runTests.func1()
/opt/go/src/testing/testing.go:1157 +0xa8
testing.tRunner()
/opt/go/src/testing/testing.go:865 +0x163
testing.runTests()
/opt/go/src/testing/testing.go:1155 +0x523
testing.(*M).Run()
/opt/go/src/testing/testing.go:1072 +0x2eb
main.main()
_testmain.go:118 +0x334
==================
contributors, commit messages and checks like panic being used in library code are missing
When we decode the realm we don't properly copy it.
Because of this we are unable to create any permissions later (fails message-integrity checks)
Use shim log
Not sure if this is in the stun package or this one, but if pions is configured with a turn server that happens to be offline it very aggressively tries to read the closed socket. If the turn sever is alive then there is no issue.
Showing nodes accounting for 65.23s, 84.59% of 77.11s total
Dropped 66 nodes (cum <= 0.39s)
Showing top 10 nodes out of 17
flat flat% sum% cum cum%
12.12s 15.72% 15.72% 12.12s 15.72% runtime.unlock
11.43s 14.82% 30.54% 11.43s 14.82% runtime.lock
11.39s 14.77% 45.31% 34.94s 45.31% runtime.chanrecv
5.34s 6.93% 52.24% 56.76s 73.61% net.(*pipe).Read
5.21s 6.76% 58.99% 40.15s 52.07% runtime.selectnbrecv
4.56s 5.91% 64.91% 47.02s 60.98% net.(*pipe).read
4.38s 5.68% 70.59% 6.65s 8.62% runtime.ifaceeq
4.21s 5.46% 76.05% 42.46s 55.06% net.isClosedChan
3.49s 4.53% 80.57% 37.56s 48.71% github.com/pion/turnc.(*Client).readUntilClosed
3.10s 4.02% 84.59% 29.69s 38.50% github.com/pion/stun.(*Message).ReadFrom
I am adding a E2E test in pion/ice that asserts no routines are leaked.
Even after I close all permissions I am getting https://gist.github.com/Sean-Der/dbd0ed46c9d05798bdf4ecf66224fb07
I don't see a way to close a Allocation so these might be attached to that. Haven't really dived in yet
See pion/ice#46
TURN client's permission should allow inbound packets from a transport address for which the IP address is permitted but the port number can be any. ("address-restricted")
"Permission" should be per protocol+IP address only as RFC suggests. Otherwise, it can not detect a prflx candidate which would happen when the other end is behind a symmetric NAT.
From: https://tools.ietf.org/html/rfc5766#section-2.3
To ease concerns amongst enterprise IT administrators that TURN could be
used to bypass corporate firewall security, TURN includes the notion of permissions.
TURN permissions mimic the address-restricted filtering mechanism of NATs that
comply with [RFC4787].
.. meaning.. NOT "address-port-restricted"!
Also in the section 8 - Permissions:
When a UDP datagram arrives at the relayed transport address for the
allocation, the server extracts the source IP address from the IP
header. The server then compares this address with the IP address
associated with each permission in the list of permissions for the
allocation. If no match is found, relaying is not permitted, and the
server silently discards the UDP datagram. If an exact match is
found, then the permission check is considered to have succeeded and
the server continues to process the UDP datagram as specified
elsewhere (Section 10.3). Note that only addresses are compared and
port numbers are not considered.
As the current pion/turnc discards a packet coming from an unseen transport address, it is not capable of detecting the peer-reflexive candidate. This happens when one end uses TURN server but the other end is behind a symmtric NAT and not using TURN server.
I believe this is the case I am experiencing in the real world.
A rough idea...:
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.