prosody
53b4549c2209
util/prosodyctl/check.lua
Software / code / prosody
Comparison
util/prosodyctl/check.lua @ 12384:53b4549c2209
prosodyctl: check turn: Add check for private IP returned from STUN.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 05 Mar 2022 20:34:58 +0000 |
| parent | 12383:a9b6ed86b573 |
| child | 12385:92b35a41bb3c |
comparison
equal
deleted
inserted
replaced
| 12383:a9b6ed86b573 | 12384:53b4549c2209 |
|---|---|
| 61 return false, "Probe endpoint did not return a success status"; | 61 return false, "Probe endpoint did not return a success status"; |
| 62 end | 62 end |
| 63 | 63 |
| 64 local function check_turn_service(turn_service, ping_service) | 64 local function check_turn_service(turn_service, ping_service) |
| 65 local stun = require "net.stun"; | 65 local stun = require "net.stun"; |
| 66 local ip = require "util.ip"; | |
| 66 | 67 |
| 67 -- Create UDP socket for communication with the server | 68 -- Create UDP socket for communication with the server |
| 68 local sock = assert(require "socket".udp()); | 69 local sock = assert(require "socket".udp()); |
| 69 sock:setsockname("*", 0); | 70 sock:setsockname("*", 0); |
| 70 sock:setpeername(turn_service.host, turn_service.port); | 71 sock:setpeername(turn_service.host, turn_service.port); |
| 100 | 101 |
| 101 result.external_ip = bind_result:get_xor_mapped_address(); | 102 result.external_ip = bind_result:get_xor_mapped_address(); |
| 102 if not result.external_ip then | 103 if not result.external_ip then |
| 103 result.error = "STUN server did not return an address"; | 104 result.error = "STUN server did not return an address"; |
| 104 return result; | 105 return result; |
| 106 end | |
| 107 if ip.new_ip(result.external_ip.address).private then | |
| 108 table.insert(result.warnings, "STUN returned a private IP! Is the TURN server behind a NAT and misconfigured?"); | |
| 105 end | 109 end |
| 106 | 110 |
| 107 -- Send a TURN "allocate" request. Expected to fail due to auth, but | 111 -- Send a TURN "allocate" request. Expected to fail due to auth, but |
| 108 -- necessary to obtain a valid realm/nonce from the server. | 112 -- necessary to obtain a valid realm/nonce from the server. |
| 109 local pre_request = stun.new_packet("allocate", "request"); | 113 local pre_request = stun.new_packet("allocate", "request"); |
