From cd84697ff63587fc05d89a477aae7177cc72a3d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20K=C3=A1rolyi?= Date: Sun, 22 Aug 2021 14:48:25 +0200 Subject: [PATCH 1/2] Introduce useLoopbackInterface to config --- .../org/ice4j/ice/harvest/AbstractTcpListener.java | 5 +++-- .../ice4j/ice/harvest/HostCandidateHarvester.java | 14 +++++++------- .../kotlin/org/ice4j/ice/harvest/HarvestConfig.kt | 7 +++++++ 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java b/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java index a6bd2832..7371a582 100644 --- a/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java +++ b/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java @@ -81,8 +81,9 @@ private static List getLocalAddresses( for (NetworkInterface iface : interfaces) { - if (NetworkUtils.isInterfaceLoopback(iface) - || !NetworkUtils.isInterfaceUp(iface) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterface()) + continue; + if (!NetworkUtils.isInterfaceUp(iface) || !HostCandidateHarvester.isInterfaceAllowed(iface)) { //this one is obviously not going to do diff --git a/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java b/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java index b9d5ab07..8498fa8e 100644 --- a/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java +++ b/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java @@ -236,9 +236,9 @@ public static List getAllAllowedAddresses() for (NetworkInterface iface : Collections.list(NetworkInterface.getNetworkInterfaces())) { - if (NetworkUtils.isInterfaceLoopback(iface) - || !NetworkUtils.isInterfaceUp(iface) - || !isInterfaceAllowed(iface)) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterface()) + continue; + if (!NetworkUtils.isInterfaceUp(iface) || !isInterfaceAllowed(iface)) { continue; } @@ -316,9 +316,9 @@ public void harvest(Component component, { NetworkInterface iface = interfaces.nextElement(); - if (NetworkUtils.isInterfaceLoopback(iface) - || !NetworkUtils.isInterfaceUp(iface) - || !isInterfaceAllowed(iface)) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterface()) + continue; + if (!NetworkUtils.isInterfaceUp(iface) || !isInterfaceAllowed(iface)) { //this one is obviously not going to do continue; @@ -497,7 +497,7 @@ static boolean isInterfaceAllowed(NetworkInterface iface) */ static boolean isAddressAllowed(InetAddress address) { - if (address.isLoopbackAddress()) + if (address.isLoopbackAddress() && !config.useLoopbackInterface()) { return false; } diff --git a/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt b/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt index 2afc7d0a..3a3ebf85 100644 --- a/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt +++ b/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt @@ -44,6 +44,13 @@ class HarvestConfig { } fun useIpv6() = useIpv6 + private val useLoopbackInterface: Boolean by config { + "org.ice4j.ice.harvest.USE_LOOPBACK_INTERFACE".from(configSource) + .transformedBy { !it } + "ice4j.harvest.use-loopback-interface".from(configSource) + } + fun useLoopbackInterface() = useLoopbackInterface + val useDynamicPorts: Boolean by config { "org.ice4j.ice.harvest.USE_DYNAMIC_HOST_HARVESTER".from(configSource) "ice4j.harvest.udp.use-dynamic-ports".from(configSource) From ce2ad73888f4cb8549383b2ce8870ba99757215c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20K=C3=A1rolyi?= Date: Wed, 25 Aug 2021 12:00:02 +0200 Subject: [PATCH 2/2] Pluralize config option, add documentation + default value --- doc/configuration.md | 6 ++++++ .../java/org/ice4j/ice/harvest/AbstractTcpListener.java | 2 +- .../org/ice4j/ice/harvest/HostCandidateHarvester.java | 6 +++--- src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt | 8 ++++---- src/main/resources/reference.conf | 4 ++++ 5 files changed, 18 insertions(+), 8 deletions(-) diff --git a/doc/configuration.md b/doc/configuration.md index ac851f8e..2626993b 100644 --- a/doc/configuration.md +++ b/doc/configuration.md @@ -17,6 +17,12 @@ Default: no interfaces are blocked. This property can be used to specify a ";"-separated list of interfaces which are not allowed to be used for candidate allocations. +### ```org.ice4j.ice.harvest.USE_LOOPBACK_INTERFACES``` +Default: false + +Use (NAT-ed) loopback interfaces for ICE candidate selection. +FreeBSD jails often require this when NAT-ed on the internal lo0 interface with an IPv4 address. + ### ```org.ice4j.ice.harvest.ALLOWED_ADDRESSES``` Default: all addresses are allowed. diff --git a/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java b/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java index 7371a582..0068bee2 100644 --- a/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java +++ b/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java @@ -81,7 +81,7 @@ private static List getLocalAddresses( for (NetworkInterface iface : interfaces) { - if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterface()) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterfaces()) continue; if (!NetworkUtils.isInterfaceUp(iface) || !HostCandidateHarvester.isInterfaceAllowed(iface)) diff --git a/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java b/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java index 8498fa8e..517374f2 100644 --- a/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java +++ b/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java @@ -236,7 +236,7 @@ public static List getAllAllowedAddresses() for (NetworkInterface iface : Collections.list(NetworkInterface.getNetworkInterfaces())) { - if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterface()) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterfaces()) continue; if (!NetworkUtils.isInterfaceUp(iface) || !isInterfaceAllowed(iface)) { @@ -316,7 +316,7 @@ public void harvest(Component component, { NetworkInterface iface = interfaces.nextElement(); - if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterface()) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterfaces()) continue; if (!NetworkUtils.isInterfaceUp(iface) || !isInterfaceAllowed(iface)) { @@ -497,7 +497,7 @@ static boolean isInterfaceAllowed(NetworkInterface iface) */ static boolean isAddressAllowed(InetAddress address) { - if (address.isLoopbackAddress() && !config.useLoopbackInterface()) + if (address.isLoopbackAddress() && !config.useLoopbackInterfaces()) { return false; } diff --git a/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt b/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt index 3a3ebf85..4a84e268 100644 --- a/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt +++ b/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt @@ -44,12 +44,12 @@ class HarvestConfig { } fun useIpv6() = useIpv6 - private val useLoopbackInterface: Boolean by config { - "org.ice4j.ice.harvest.USE_LOOPBACK_INTERFACE".from(configSource) + private val useLoopbackInterfaces: Boolean by config { + "org.ice4j.ice.harvest.USE_LOOPBACK_INTERFACES".from(configSource) .transformedBy { !it } - "ice4j.harvest.use-loopback-interface".from(configSource) + "ice4j.harvest.use-loopback-interfaces".from(configSource) } - fun useLoopbackInterface() = useLoopbackInterface + fun useLoopbackInterfaces() = useLoopbackInterfaces val useDynamicPorts: Boolean by config { "org.ice4j.ice.harvest.USE_DYNAMIC_HOST_HARVESTER".from(configSource) diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf index 58892d65..9be436b2 100644 --- a/src/main/resources/reference.conf +++ b/src/main/resources/reference.conf @@ -25,6 +25,10 @@ ice4j { // Configuration related to harvesting (aka gathering) of local candidates. harvest { + // Use loopback (NAT-ed) interfaces for ICE candidate selection. + // FreeBSD jails often require this when NAT-ed on the internal lo0 interface with an IPv4 address. + use-loopback-interfaces = false + // Whether to harvest IPv6 addresses. use-ipv6 = true // Whether to use link-local addresses when harvesting candidates.