From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from weser.webweaving.org (weser.webweaving.org [148.251.234.232]) by mail.toke.dk (Postfix) with ESMTPS id 05E26AD4A8A for ; Thu, 16 Jan 2025 13:19:23 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (1024-bit key; unprotected) header.d=webweaving.org header.i=@webweaving.org header.a=rsa-sha256 header.s=shared header.b=Z51O/pkD Received: from smtpclient.apple (83-85-39-103.cable.dynamic.v4.ziggo.nl [83.85.39.103]) (authenticated bits=0) by weser.webweaving.org (8.18.1/8.18.1) with ESMTPSA id 50GCFXnJ044722 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 16 Jan 2025 13:15:34 +0100 (CET) (envelope-from dirkx@webweaving.org) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=webweaving.org; s=shared; t=1737029736; bh=RK/nLwc3Cvu8+nfXJR0hgdfNOww9N0Uk7LBsJokTlDs=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=Z51O/pkDCYLHOEjEJWJYXgM8l/6tgOx9HUIsAaq576+u0goyv5DIqopKi8XL9B5tN yNuyWJpzFbTCtks962ySxiQzxkbwdrW0LcXyoKPgh6xcocYLHuJuUzHm1wveiwU7p+ 1OX3KESWb6zFtv0fgfnlgmsG5gzEqKKeul5Eooe4= X-Authentication-Warning: weser.webweaving.org: Host 83-85-39-103.cable.dynamic.v4.ziggo.nl [83.85.39.103] claimed to be smtpclient.apple From: Dirk-Willem van Gulik Message-Id: <9942F645-605D-4F6D-AB5F-E7B5522CD3C3@webweaving.org> Content-Type: multipart/alternative; boundary="Apple-Mail=_DD82597B-9840-4FEA-9285-52E9DBA4F5D1" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.300.87.4.3\)) Date: Thu, 16 Jan 2025 13:15:33 +0100 In-Reply-To: <255B813A-A1F3-48A5-B4C8-4A340919BDCC@webweaving.org> To: Juliusz Chroboczek References: <03C86732-394C-4EF9-99A9-1643BB3AD6DB@webweaving.org> <87o708uqb4.wl-jch@irif.fr> <255B813A-A1F3-48A5-B4C8-4A340919BDCC@webweaving.org> X-Mailer: Apple Mail (2.3826.300.87.4.3) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (weser.webweaving.org [148.251.234.232]); Thu, 16 Jan 2025 13:15:36 +0100 (CET) Message-ID-Hash: BTDXIQI7CW3SVDMSTOPQ4SDL5RI4WB3B X-Message-ID-Hash: BTDXIQI7CW3SVDMSTOPQ4SDL5RI4WB3B X-MailFrom: dirkx@webweaving.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.10 Precedence: list Subject: [Galene] Re: Turn binding to the ANY Address - even when specified List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --Apple-Mail=_DD82597B-9840-4FEA-9285-52E9DBA4F5D1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 15 Jan 2025, at 16:56, Dirk-Willem van Gulik = wrote: >=20 >> On 15 Jan 2025, at 15:03, Juliusz Chroboczek wrote: >>=20 >>> When starting galene with an explcit IP Address on a machine with = multiple Ip addresses; e.g. with: >>>=20 >>> ./galene -turn 11.123.4.123:1194 .... >>>=20 >>> netstat/lsof shows that it is still bound to the ANY address: >>>=20 >>> # lsof -n | grep LISTEN >>> .... >>> galene 49935 galene 7u IPv4 0xfffff80019daf000 = 0 TCP *:1194->*:* (LISTEN) >>>=20 >>> Is this the expected behaviour (i.e. intentional and for a reason) - = or >>> a blemish/thing that I should try to fix ? >>=20 >> Only the address you specified is advertised to clients, but the = server >> listens on the wildcard address. This allows us to change the = server's >> address without tearing down the socket when running with "-turn = auto". >=20 > So I think below is a fairly simple change - where the 'auto' case is = kept as is - and the listener is ONLY bound to a specific IP if it is = specified. Otherwise it becomes *:1234 or a found public IP address. >=20 > So now [-turn [ip|fqdn]:] behaves exactly like -http. >=20 >> So let me know if it's important for you. >=20 >=20 > So being able to bind it is convenient on a machine with multiple IPs = or a machine that straddles networks. As otherwise the galene starting = `second' looses the race for 0.0.0.0. . Or a machine with an anal = firewall/ACL system - the listen() gets a permission error. Ignore this - there is a whole general class of cases when you have = VLANs, IPv6 or an iSCSI that surfaces as an interface on a machine which = goes wrong. Will repost with a better solution once I've gone through all the edge = cases. Dw --Apple-Mail=_DD82597B-9840-4FEA-9285-52E9DBA4F5D1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii On 15 Jan = 2025, at 16:56, Dirk-Willem van Gulik <dirkx@webweaving.org> = wrote:

On 15 Jan 2025, at 15:03, Juliusz Chroboczek = <jch@irif.fr> wrote:

When starting galene with an explcit IP Address on a = machine with multiple Ip addresses; e.g. with:

./galene =  -turn 11.123.4.123:1194 ....

netstat/lsof shows that it is = still bound to the ANY address:

  # lsof -n | grep = LISTEN
=    ....
   galene =    49935 galene    7u =     IPv4 0xfffff80019daf000 =        0     TCP = *:1194->*:* (LISTEN)

Is this the expected behaviour (i.e. = intentional and for a reason) - or
a blemish/thing that I should try = to fix ?

Only the address you specified is = advertised to clients, but the server
listens on the wildcard = address.  This allows us to change the server's
address without = tearing down the socket when running with "-turn = auto".

So I think below = is a fairly simple change - where the 'auto' case is kept as is - and = the listener is ONLY bound to a specific IP if it is specified. = Otherwise it becomes *:1234 or a found public IP = address.

So now [-turn = [ip|fqdn]:<port>] behaves exactly like = -http.

So let me = know if it's important for you.

So being able to = bind it is convenient on a machine with multiple IPs or a machine that = straddles networks. As otherwise the galene starting `second' looses the = race for 0.0.0.0. . Or a machine with an anal firewall/ACL system - the = listen() gets a permission = error.

Ignore this - there is a = whole general class of cases when you have VLANs, IPv6 or an iSCSI that = surfaces as an interface on a machine which goes = wrong.

Will repost with a better solution once = I've gone through all the edge = cases.

Dw

= --Apple-Mail=_DD82597B-9840-4FEA-9285-52E9DBA4F5D1--