On 10/20/2010 10:10 AM, [email protected] wrote: > Hi all, > > I have a doubt about the way telepathy-gabble implements jingle file > transfer. > Please correct me if my below understanding is wrong : > > - Basically for solving NAT problem, libnice is used > - As part of ICE protocol, for gathering 'candidate' transport > addresses, we need STUN / TURN servers > - for this purpose, why should telepathy-gabble trigger " > http://relay.google.com:80/create_session " ?? > > inside jingle-factory.c , libsoup APIs are used to make a HTTP GET > request to the above URL, with headers "X-Talk-Google-Relay-Auth" & > "X-Google-Relay-Auth" > > In response, we get a list of TURN/STUN server IPs & Ports etc. You're right so far. Although we need STUN for candidate gathering, TURN is only necessary if there is no way to connect directly (both peers on symmetric NATs).
> > Instead of this method, why can't we use what the below XML Stanza returns : > > Request stanza : > <iq type="get" to="[email protected] <mailto:[email protected]>" > id="135485202046"><query xmlns="google:jingleinfo"/></iq> > > Response stanza : > <iq to="[email protected]/16b4cb7b <http://[email protected]/16b4cb7b>" > from="[email protected] <mailto:[email protected]>" id="135485202046" > type="result"><query xmlns="google:jingleinfo"><stun><server > host="stun.l.google.com <http://stun.l.google.com>" udp="19302"/><server > host="stun3.l.google.com <http://stun3.l.google.com>" > udp="19302"/><server host="stun2.l.google.com > <http://stun2.l.google.com>" udp="19302"/><server > host="stun1.l.google.com <http://stun1.l.google.com>" > udp="19302"/><server host="stun4.l.google.com > <http://stun4.l.google.com>" > udp="19302"/></stun><relay><token>CAESGwoSZjIwMDEwNjdAZ21haWwuY29tENbv0dG8JRoQmHtoMHjFafn/K0opvlnb0A==</token><server > host="relay.google.com <http://relay.google.com>" udp="19295" > tcp="19294" tcpssl="443"/></relay></query></iq> That does give us the ip/port for the STUN and TURN servers, yes.. but the TURN server isn't a "free for all" server, it's a google server and only google users can use it. In order to use TURN, one must always authenticate to it first. It is done by adding a username/password to the STUN messages sent to the TURN server. For security reasons, the username and passwords to be sent must be randomly generated and have a short life (in short-term credentials mode, which is the only mode supported by google servers). In the XML stanza, there is no username/password, so the HTTP request being sent is in order to get that username/password needed to authenticate with the TURN server. If you look at the response we get, it doesn't only include stun and turn ip/ports, it also includes a username and a password. That U/P combination will only be valid if the "X-Talk-Google-Relay-Auth" header contains a valid authentication token (which is the one received in that stanza you mentioned). That U/P combination will also only be valid for 30 seconds, that's why it needs to be done right before requesting the TURN server to allocate a port for us. > > Kindly point to me, if there is a different way to understand... I hope it answers your question. You can't do any different way to achieve this (the stanza contains the token to be used for the HTTP request, so it is the normal/expected/only way of doing it). Unless you set up a non-google TURN server (don't know if it's possible) and configure a username/password and have the server support long-term credentials authentication methods. p.s: why is it bothering you by the way ? Youness. > > Regards > Uday Kiran > > > > _______________________________________________ > telepathy mailing list > [email protected] > http://lists.freedesktop.org/mailman/listinfo/telepathy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ telepathy mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/telepathy
