[Turnserver-devel] Issue with listen_address configuration

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I've been testing TURN RFC5766 support in libnice, and I realized that the way 
turnserver configuration was designed was flawed with regards to 'listen_address'.

You recently(?) added the possibility to specify a list of IP addresses to 
listen_address in turnserver.conf.
What behavior one would expect is that turnserver listens on those IP addresses, 
but that's not what actually happens.
It's also expected that if you set both listen_address and listen_address6, it 
would bind on both ipv4 and ipv6 addresses, but it doesn't do that (from reading 
the code, I didn't actually test it).

First, from the code, it looks like you listen to either "::" or "0.0.0.0" 
depending on whether or not the listen_address6 is defined. This is wrong 
because you should listen on both ipv4 and ipv6 if both are defined, but also, 
because you should listen on the addresses specified by the listen_address 
values, not bind on all interfaces.
Another thing that I think is wrong is that the configuration shouldn't even 
make us specify the IP to listen to, instead, we should specify the interface to 
listen to, because the IP address can change and you don't want to reconfigure 
the server everytime it does.
I understand that turnserver's users are mostly servers with static IPs, but I 
do development using it on a laptop that moves constantly, and it's not only 
annoying, but it's also not a 'normal' behavior if I may say so.

Now the biggest problem I have is that the list of IP addresses in there aren't 
just "addresses to listen on", the algorithm you use when you receive an 
allocation request is like this :
allocate_request:
     get listen_address
     choose a *random* address in the list
     create a socket with that address

so you basically take a random IP address in that list, and try to allocate the 
request on it. Which may or may not fail (and if it fails, you retry 5 times but 
using always the same address previously selected)...
I noticed this when I was testing something locally, and I didn't realize that 
my turnserver.conf had two IP addresses listed for listen_address, one of which 
was invalid (no interface was bound to that IP). So I would send 4 allocate 
request, and they either all succeed, or all fail or a random number of 
allocations would succeed and the others would fail with error 500.
That's what prompted me to jump into the code to figure this out.

The correct behavior should be that the IP to listen to should be the same as 
the IP from which we received the allocation request. So the algorithm should be :
allocate_request(sock, message, saddr, ...):
     if local address of the socket that received \
      the request (saddr) is in listen_address: then
           create a socket with that address

I believe that this way, the result would be much better, with a behavior that 
is more expected and that I believe everyone will be happy with.

Let me know what you think.

Thanks for reading,
Youness.