aboutsummaryrefslogtreecommitdiff
path: root/src/ejabberd_stun.erl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright year to 2022Badlop2022-02-111-1/+1
|
* Update newest copyright year to 2021 (#3464)Badlop2021-01-271-1/+1
|
* ejabberd_stun: Block loopback addresses by defaultHolger Weiss2021-01-221-1/+1
| | | | | | | | | | | Don't accept loopback addresses as TURN peers by default. This makes sure the TURN service won't allow remote clients to access local UDP services. However, this will break the case where the 'turn_ipv4_address' was set to 127.0.0.1 as fallback and TURN worked "by accident" if both clients were using the same TURN service. The service then talked to itself on the loopback interface.
* Update 'stun' dependencyHolger Weiss2021-01-221-1/+1
| | | | | | The 'stun' application now rejects Teredo and 6to4 TURN peers unconditionally. Therefore, remove those networks from the default 'turn_blacklist'.
* ejabberd_stun: Rename Logger filterHolger Weiss2020-10-011-2/+2
| | | | | | | Don't overwrite the Logger filter added by the 'stun' application (which appends metadata to STUN/TURN log messages). Closes processone/stun#31.
* ejabberd_stun: Filter info/debug messagesHolger Weiss2020-07-011-0/+34
| | | | | Update 'stun' dependency, and drop the info/debug messages now logged by the 'stun' application if OTP's new logging API is used.
* Rename 'turn_v4_ip' and 'turn_v6_ip' optionsHolger Weiss2020-05-291-12/+12
| | | | | The 'turn_ipv4_address' and 'turn_ipv6_address' option names are probably more intuitive.
* ejabberd_stun: Add 'turn_blacklist' optionHolger Weiss2020-05-211-0/+3
| | | | | | | | The new 'turn_blacklist' listener option allows for specifying one or more IP addresses and/or subnet addresses/masks. The TURN server will refuse to relay traffic from/to blacklisted IP addresses. By default, Teredo and 6to4 addresses are blacklisted, as mandated by RFC 6156 (section 9.1).
* mod_stun_disco: Offer local IPv6 servicesHolger Weiss2020-05-191-1/+1
| | | | | Also announce local STUN/TURN services listening on IPv6 sockets (unless the 'offer_local_services' option is set to 'false').
* ejabberd_stun: Support IPv6 for TURNHolger Weiss2020-05-191-6/+9
| | | | | The stun application now supports RFC 6156: TURN Extension for IPv6, and therefore needs separate IPv4 and IPv6 relay addresses.
* Let ejabberd_stun listen on IPv6 socketsHolger Weiss2020-05-191-1/+1
| | | | | The stun application now allows IPv6 clients to perform STUN requests and to allocate TURN relays.
* ejabberd_stun: Tone down 'auth_realm' warningHolger Weiss2020-04-281-7/+7
| | | | | | | These days, STUN/TURN authentication can be performed with ephemeral credentials, where the REALM is irrelevant. Therefore, just log an [info] message rather than a [warning] in the case where no authentication REALM is configured but multiple virtual domains exist.
* ejabberd_stun: Fix 'turn_ip' fallbackHolger Weiss2020-04-231-13/+20
| | | | | | | | | The 'turn_ip' option validator doesn't accept an inet:ip4_address() tuple. While at it, change the logic to only perform the fallback address lookup if no 'turn_ip' is configured (analogous to the fallback mechanism for the case where the 'auth_realm' is undefined).
* ejabberd_stun: Handle hashed passwords gracefullyHolger Weiss2020-04-221-1/+8
| | | | | Don't crash when STUN/TURN authentication is performed against a SCRAM-hashed password.
* ejabberd_stun: Add 'stun_get_password' hookHolger Weiss2020-04-221-2/+11
| | | | | Add a hook that allows modules to offer a password for STUN/TURN authentication.
* ejabberd_stun: Set a default 'turn_ip'Holger Weiss2020-04-201-6/+8
| | | | | | Try to resolve the local hostname, use the result as the default 'turn_ip', and only log a warning if that fails. Using the local hostname's address by default is analogous to mod_proxy65's behavior.
* Update copyright to 2020 (#3149)Badlop2020-01-281-1/+1
|
* Correctly handle unicode in log messagesEvgeny Khramtsov2019-09-231-2/+2
|
* Use new configuration validatorEvgeny Khramtsov2019-06-141-31/+20
|
* Rename listening callback from start/2 to start/3Evgeny Khramtsov2019-04-011-9/+9
| | | | | This will prevent conflicts in callback names in mod_mqtt Old callback function is still supported.
* Update copyright to 2019 (#2756)Badlop2019-01-081-1/+1
|
* Add forgotten TURN options to validatorEvgeny Khramtsov2018-09-291-0/+2
| | | | Fixes #2621
* Fail early when loading unavailable SIP or STUN modulesEvgeny Khramtsov2018-09-181-10/+9
|
* Refactor ejabberd_listenerEvgeny Khramtsov2018-09-181-26/+19
|
* Refactor ejabberd listener APIEvgeny Khramtsov2018-09-171-7/+13
|
* Move shaper to p1_utils repoEvgeniy Khramtsov2018-07-051-1/+1
|
* Get rid of ejabberd.hrl headerEvgeniy Khramtsov2018-06-141-5/+4
| | | | | | | | | The header consisted of too many unrelated stuff and macros misuse. Some stuff is moved into scram.hrl and type_compat.hrl. All macros have been replaced with the corresponding function calls. TODO: probably type_compat.hrl is not even needed anymore since we support only Erlang >= OTP 17.5
* Add validator for 'accept_interval' listening optionEvgeniy Khramtsov2018-04-301-1/+3
|
* Validate additional listen optsStu Tomlinson2018-02-281-1/+3
| | | | | | | | | The options "inet", "inet6" and "backlog" are valid listen options, but are currently logged as errors (even though they do work): 2018-02-28 16:08:44.141 [error] <0.338.0>@ejabberd_listener:validate_module_option:630 unknown listen option 'backlog' for 'ejabberd_c2s' will be likely ignored, available options are: access, shaper, certfile, ciphers, dhfile, cafile, client_cafile, protocol_options, tls, tls_compression, starttls, starttls_required, tls_verify, zlib, max_fsm_queue This adds the necessary validators so they are correctly recognized.
* Update copyright datesEvgeniy Khramtsov2018-01-051-1/+1
|
* Rely on Server Name Indication for incoming Direct-TLS connectionsEvgeniy Khramtsov2017-12-241-3/+25
| | | | | This commit also deprecates `certfile` option for ejabberd_http listener.
* Cleanup some headersChristophe Romain2017-11-101-1/+2
|
* Introduce --enable-stun and --enable-sip configure optionsEvgeniy Khramtsov2017-05-231-0/+16
| | | | | STUN/TURN and SIP is not compiled by default anymore. Use --enable-stun, --enable-sip or --enable-all to enable them.
* Introduce Certficate ManagerEvgeniy Khramtsov2017-05-121-1/+4
| | | | | | | | | | | | | | | | | | | | The major goal is to simplify certificate management in ejabberd. Currently it requires some effort from a user to configure certficates, especially in the situation where a lot of virtual domains are hosted. The task is splitted in several sub-tasks: * Implement basic certificate validator. The validator should check all configured certificates for existence, validity, duration and so on. The validator should not perform any actions in the case of errors except logging an error message. This is actually implemented by this commit. * All certificates should be configured inside a single section (something like 'certfiles') where ejabberd should parse them, check the full-chain, find the corresponding private keys and, if needed, resort chains and split the certficates into separate files for easy to use by fast_tls. * Options like 'domain_certfile', 'c2s_certfile' or 's2s_certfile' should probably be deprecated, since the process of matching certificates with the corresponding virtual hosts should be done automatically and these options only introduce configuration errors without any meaningful purpose.
* Check presence of some files during option validationEvgeniy Khramtsov2017-05-121-1/+1
|
* Don't call gen_mod:get_opt() outside of modulesEvgeniy Khramtsov2017-05-081-3/+3
|
* Don't validate an option in gen_mod:get*opt() functionsEvgeniy Khramtsov2017-04-301-9/+44
| | | | | | | | | | | | | | The changes are very similar to those from previous commit: * Now there is no need to pass validating function in gen_mod:get_opt() and gen_mod:get_module_opt() functions, because the modules' configuration keeps already validated values. * New functions gen_mod:get_opt/2 and gen_mod:get_module_opt/3 are introduced. * Functions gen_mod:get_opt/4 and get_module_opt/5 are deprecated. If the functions are still called, the "function" argument is simply ignored. * Validating callback Mod:listen_opt_type/1 is introduced to validate listening options at startup.
* Cleanup file headersChristophe Romain2017-01-031-5/+4
|
* Update copyright date automatically (#1442)Badlop2017-01-021-1/+1
|
* Move to new dependencies for SIP and STUNMickael Remond2016-02-031-2/+2
|
* Update copyright to 2016 (#901)Badlop2016-01-131-1/+1
|
* Document a few more supported protocolsBadlop2015-06-221-0/+1
|
* Remove unused validation codeEvgeniy Khramtsov2015-06-031-10/+1
|
* Add config validation at startupEvgeniy Khramtsov2015-06-011-2/+11
|
* Document protocol support (EJABS-1620)Badlop2015-05-211-0/+2
|
* Fix missing copyright dates to 2015 (EJAB-1733)Christophe Romain2015-01-211-0/+17
|
* TURN support (EJAB-1017)Evgeniy Khramtsov2014-05-081-0/+83