From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass smtp.mailfrom=orleans.occnc.com; dkim=pass header.d=orleans.occnc.com; arc=none (Message is not ARC signed); dmarc=none Received: from mta6-tap0.andover.occnc.com (mta6-tap0.andover.occnc.com [IPv6:2600:2c00:b000:2500::153]) by mail.toke.dk (Postfix) with ESMTPS id F2075E9F979 for ; Tue, 24 Mar 2026 04:48:04 +0100 (CET) Received: from harbor6.andover.occnc.com (harbor6.andover.occnc.com [IPv6:2600:2c00:b000:2500::610b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519MLKEM768 server-signature ECDSA (secp384r1) server-digest SHA384) (Client did not present a certificate) (Authenticated sender: curtis@occnc.com) by mta6-tap0.andover.occnc.com (Postfix) with ESMTPSA id D5EC6F7E6; Mon, 23 Mar 2026 23:48:00 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orleans.occnc.com; s=curtis-orleans-20250605-224653; t=1774324081; bh=YbCNrNDXOPwLkzjw9Eu8rGdLd5ZCVveor66NvZeaXPQ=; h=To:cc:Reply-To:From:Subject:In-reply-to:Date; b=CYoUniPHv7M2ecRdrgAMimALNOW9bgBVvNaQk/sVoiDxkffsnA5E0TOhqz2waR5Nx uAAEIdQU0y0sPycrZUpM2J8U7MrAJrTMJ3hyqpvNt1n+C78dWzFQCs1SYfsa6vbeEH p2QUitfW47DRBE5hH95vjOY6PNpxMRKmTfoRcGR8rvcA4CeCypS/1+Hm+9StDGiw8/ jFWJCrxMRD/+sll6PiQ/ovkGLAefv/3w+OdAfolQT3J+fLEvMg40xESYm4JJnL+Qkd g2MiqPi3UxMVDx34KgpV+8yK8BPzl0aY5lw9wUon0zaF9nrecu4hf6QnzMMDIRs3G+ miV/jbIBGLOHw== To: Curtis Villamizar cc: Juliusz Chroboczek , galene@lists.galene.org From: Curtis Villamizar In-reply-to: Your message of "Sat, 21 Mar 2026 20:33:12 -0400." MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <8646.1774323661.1@harbor6.andover.occnc.com> Content-Transfer-Encoding: quoted-printable Date: Mon, 23 Mar 2026 23:41:01 -0400 Message-ID: <177432409034.1734.9147625319715687134@gauss> Message-ID-Hash: FUQPEQLFWHIOPNBJSPN6U46T3D6VWCAL X-Message-ID-Hash: FUQPEQLFWHIOPNBJSPN6U46T3D6VWCAL X-MailFrom: curtis@orleans.occnc.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list Reply-To: Curtis Villamizar Subject: [Galene] Galene and multiple IP listeners (was Re: galene on IPv6 only) List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: replying to myself ... again I changed the subject but kept the In-reply-to for the benefit of mailing lists software threads tracking. This is a separate but closely related topic. I made some changes that affect the command line. I added some bool flags: -help, -dryrun, -expandwildcard. I changed -http but kept compatibilty with existing use. The argument is now a comma or space separated list. I also changed -insecure a bit but kept compatibilty with existing use. Using -insecure changes a default. The main change is to allow multiple listeners to be attached to the http instance. Some can use http such as on port 80. Some can use https such as on port 443. Before sending patches I would like to know if there is agreement on the objective. One objective, multiple addresses, is indirectly described by the -help that was added. -cpuprofile file store CPU profile in file -data directory data directory (default "./data/") + -disable-relay-test disable the relay test + -disable-turn disable TURN (if true overrides -turn) + -dryrun log messages and exit + -expandwildcard expand a wildcard entry to the list of interface addresses -groups directory group description directory (default "./groups/") + -help print help message and exit -http address * space or comma separately list of web server address (default ":8= 443") -insecure act as an HTTP server rather than HTTPS -mdns gather mDNS addresses -memprofile file store memory profile in file -mutexprofile file store mutex profile in file -recordings directory recordings directory (default "./recordings/") -relay-only require use of TURN relays for all media traffic -static directory web server root directory (default "./static/") -turn address built-in TURN server address ("" to disable) (default "auto") -udp-range port UDP port (multiplexing) or port1-port2 (range) Addreses are of the following formats: [
]:[=3D(secure|insecure) If address is omited either a wildcard or all of the interface addresses will be used. Port must be a port number or well known port name. Addresses can be a host name and all DNS addresses (all DNS A records and AAAA records) will be used. An Address can be IPv4 dotted quad format. An Address can also be IPv6 format inside '[' amd ']'. An equal sign ('=3D') followed by either 'i', 'insecure', 's', or 'secure' determines whether TLS is used. The -insecure flags changes the default from secure to insecure. Examples: 0.0.0.0:80=3Di,[::]:443=3Ds no TLS on port 80, TLS on 443 :http=3Dinsecure,:https=3Dsecure same thing said differently myhost.example.com:443 lookup DNS addresses and use [2001:db8::1]:443 use an example IPv6 on port 443 127.0.0.1:443,[::1]:443 run on IPv4 and IPv6 loopback :443 default TLS use on 443 aka https Any amoount of white space or commas can be used to separate entries in the list of addresses, but shell escaping or quotes will be needed on linux/*ix/*bsd command lines. An alternate to the -http argument is to list the addresses on the command line. Both can be used. Duplicates are removed. Multiple http listenners may be created. A good way to see how the address list is expanded is to use -dryrun. The blurb following the flags.Output() dump is also part of the -help output. After flags were parsed additional arguments were ignored. Making the Address variable an AddressList the following lines were different. galene [other args] -http ":80=3Di :443=3Ds" galene [other args] -http :80=3Di :443=3Ds In the second case the :443=3Ds was silently ignored. Making any trailing arguments additions to AddressList so the above two produce the same result. The next two have an unexpected addition because the default to -http is currently :8443. galene [other args] :80=3Di :443=3Ds galene [other args] ":80=3Di :443=3Ds" In both cases the result is :8443=3Ds :80=3Di :443=3Ds, where :8443 takes the default of https (no -insecure used). That could be fixed by making the default for -http an empty string and then processing trailing args and then if AddressList is empty substituting ":8443". I think that is the best solution as it doesn't change existing use. The default is just added in a different place. The -expandwildcard changes the way something like :443 is expanded. Normally it is expanded to "tcp4 :443 secure" plus "tcp6 :443 secure" for a dual stack host so go net library does two wildcard listen, one each for tcp4 and tcp6. If the host only has IPv4 or IPv6 addresses but not both it only does one listen. With -expandwildcard the wildcard (the missing address) is expanded to the set of interface addresses, including loopback. So three addresses and two protocol families yields six instances of listener. Similarly if you give it a host name it does a DNS lookup and produces a list of addresses, some IPv4 and some IPv6. It uses tcp4 for the IPv4 and tcp6 for the IPv6. It doesn't matter whether there is one IP address or a dozen, just not zero. For more than one address, more than on listener is needed. I'm using the -disable-relay-test. Right now the -disable-turn breaks things even though setting "auto" with no turn server and -disable-relay-test does nothing except complain "TURN: no public addresses". Also mDNS keeps getting turned on which I haven't looked at. I need to fix -disable-turn or remove it. I'm not sending the diffs yet. First I would like to know if this is something that is wanted/needed by galene. Once that is decided it might be best to send diffs as a github pull request. Curtis