Relay cannot work since 1.8.7.0 with pjsip

[GoogleCodeExporter]

Relay(TURN) cannot work since 1.8.7.0 with pjnath library, but it works in 
1.8.1.0.
I configured [key:password] to be authorized.
In 1.8.7.0, client always sent the {Binding Request user: 69525f90:4ae13d6c} 
request and got no response.
In 1.8.1.0, client can get the {Binding Request user: 69525f90:4ae13d6c 
XOR-PEER-ADDRESS: *.*.*.*:5180} response and then go into CreatePermission step.

what's the difference between them?

Original issue reported on code.google.com by LittleCl...@gmail.com on 18 Nov 2013 at 10:12

[GoogleCodeExporter]

sorry, [username:password] instead of above

Original comment by LittleCl...@gmail.com on 18 Nov 2013 at 10:17

[GoogleCodeExporter]

That's strange.

1) Binding request usually does not require authorization and just ignores 
user/password/etc.

2) Versions 1.8.* are very old and tons of bugs have been fixed since then. Get 
a newer version, like 3.0.

3) PJNATH has bugs, itself.

4) try a newer version. If you still have a problem, then run wireshark and get 
the capture of the traffic. Then attach it to the bug. There is not enough 
information here.

Original comment by mom040...@gmail.com on 18 Nov 2013 at 5:42

• Changed state: Waitingforadditionalinformation

[GoogleCodeExporter]

Both 3.0.0.0 and 2.6.7.1 cannot work.
In attached pcap files:
121.199.35.59 is turnserver v1.8.1.0
115.29.178.59 is turnserver v3.0.0.0
Set filter UDP to show STUN packets.

Original comment by LittleCl...@gmail.com on 19 Nov 2013 at 3:09

Attachments:

• turnserver_testing-v1.8.1.0.pcap
• turnserver_testing-v3.0.0.0.pcap

[GoogleCodeExporter]

In the pcap files above, No.222 and No.1289 packet are smiliar.
v1.8.1.0 turnserver then send Binding Request to 115.193.168.136(client) with 
port 3478,
but v3.0.0.0 doesn't.

Original comment by LittleCl...@gmail.com on 19 Nov 2013 at 5:29

[GoogleCodeExporter]

As I said, many bugs were fixed after 1.8.1.0. What you see in 1.8.1.0 is a 
wrong buggy behavior, a security violation. The packet 1289 in 1.8.1.0.pcap is 
a packet that came from the peer 101.68.78.198:15689 to the relay endpoint - 
but if you examine the "create permission" packets (1257 and 1258) you will see 
that the permissions were NOT set for the peer 101.68.78.198:15689. That packet 
must be ignored - but the version 1.8.1.0 had a serious security bug and this 
is why it incorrectly forwarded it to the client. The versions 1.8.7.0 and 
later fixed that bug, so the packets from unknown peers are ignored.

If any packet from a "wild" unknown peer would be forwarded to the client - can 
you imagine what a mess would it be ? It is forbidden by the TURN specs. If 
PJNATH uses that behavior then they have a big problem.

Either your network topology is incorrect, or you have to demand fixes from the 
PJNATH team. I do not know how I can help here - I cannot allow that behavior.

Original comment by mom040...@gmail.com on 19 Nov 2013 at 6:21

[GoogleCodeExporter]

... check with PJNATH people and double-check your network topology whether you 
are doing right things. If do you need some non-standard custom functionality, 
then send me a email.

Original comment by mom040...@gmail.com on 19 Nov 2013 at 6:26

[GoogleCodeExporter]

Original comment by mom040...@gmail.com on 19 Nov 2013 at 6:51

• Changed state: Invalid