From: Dirk-Willem van Gulik <dirkx@webweaving.org>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: galene@lists.galene.org
Subject: [Galene] Re: udp-port range and subsequent "turn" use of ports outside that range
Date: Thu, 15 Feb 2024 16:02:03 +0100 [thread overview]
Message-ID: <C9F54841-7508-4659-A15A-1EC9396D0CC5@webweaving.org> (raw)
In-Reply-To: <87h6iehcng.wl-jch@irif.fr>
On 11 Feb 2024, at 23:14, Juliusz Chroboczek <jch@irif.fr> wrote:
>> Correct - but the issue that surprised me was the error:
>>
>>
>> turn ERROR: 2024/02/11 14:26:36 Failed to handle datagram:
>> unable to handle ChannelData from 127.0.1.12:32895:
>> failed writing to socket: write udp4 127.0.1.12:24074->DESTINATION_IP:54924:
>> sendto: permission denied
The situation is slightly more odd. With galene ran as:
/usr/local/bin/galene -static /usr/local/share/galene \
.... \
-turn OUTSIDEIP:SRCPORT \
-udp-range 18100-19100
I would expect to only see UDP traffic going out that originates from OUTSIDEIP. However a machine that has two addresses, OUTSIDEIP and OUTSIDEIP_2 one sees below traffic wise (galene is working fine).
With OUTSIDEIP and OUTSIDEIP_2 normal public IPv4 addresses on an internet server (at OVH) and 10.11.0.240 the internal address of one of the clients behind NAT at some consumer ADSL.
1) I had not expected to see OUTSIDEIP_2 in this list at all.
2) I had not expected source UDP ports such as 11247 in below list.
With the attempts to reach 10.11.0.240 a case where perhaps some RFC1918 optimisation can be applied.
Dw.
$ sudo dwatch -p `cat /var/run/galene.pid` -X udp-send
INFO Sourcing udp-send profile [found in /usr/libexec/dwatch]
INFO Watching 'udp:::send' ...
INFO Filtering pid: 2109
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:SRCPORT -> CLIENTIP:58806 48 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:SRCPORT -> CLIENTIP:7450 48 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:18824 -> OUTSIDEIP:SRCPORT 28 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:18558 -> OUTSIDEIP:SRCPORT 28 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:18757 -> 10.11.0.240:58291 108 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:11247 -> OUTSIDEIP:SRCPORT 44 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:SRCPORT -> OUTSIDEIP:18824 48 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:18757 -> 10.11.0.240:58289 108 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:SRCPORT -> OUTSIDEIP:18558 48 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:18757 -> 10.11.0.240:58291 108 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:SRCPORT -> OUTSIDEIP:11247 88 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:18757 -> 10.11.0.240:58289 108 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:11247 -> OUTSIDEIP:SRCPORT 132 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:18853 -> 10.11.0.240:58291 108 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:SRCPORT -> OUTSIDEIP:11247 84 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:18853 -> 10.11.0.240:58289 108 bytes
-> why OUTSIDEIP_2
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:SRCPORT -> CLIENTIP:58806 48 bytes
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:SRCPORT -> CLIENTIP:7450 48 bytes
-> we could probably apply RFC1918 optimisation
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP_2:18757 -> 10.11.0.240:58291 108 bytes
-> why a PORT outside the 18100-19100 range ?
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:11247 -> OUTSIDEIP:SRCPORT 44 bytes
-> testing myself. Fair enough
2024 Feb 15 14:47:09 328.328 galene[2109]: OUTSIDEIP:SRCPORT -> OUTSIDEIP:18824 48 bytes
next prev parent reply other threads:[~2024-02-15 15:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-11 14:39 [Galene] " Dirk-Willem van Gulik
2024-02-11 17:56 ` [Galene] " Juliusz Chroboczek
2024-02-11 20:53 ` Dirk-Willem van Gulik
2024-02-11 22:14 ` Juliusz Chroboczek
2024-02-15 15:02 ` Dirk-Willem van Gulik [this message]
2024-02-15 18:09 ` Juliusz Chroboczek
2024-02-15 18:12 ` Dirk-Willem van Gulik
2024-02-22 22:38 ` Juliusz Chroboczek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C9F54841-7508-4659-A15A-1EC9396D0CC5@webweaving.org \
--to=dirkx@webweaving.org \
--cc=galene@lists.galene.org \
--cc=jch@irif.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox