fix(coturn): v0.1.2.1 — enable rfc5780 and require external-ip pair form#13
Merged
fix(coturn): v0.1.2.1 — enable rfc5780 and require external-ip pair form#13
Conversation
Two real-world bugs in the bundled coturn config that defeat v0.1.2's headline filtering classification feature: 1. Missing rfc5780 directive. coturn 4.x defaults RFC 5780 NAT behavior discovery to OFF (--no-rfc5780 is deprecated default; --rfc5780 enables). Without it, coturn logs "RFC5780 disabled! /NAT behavior discovery/" and silently omits OTHER-ADDRESS from Binding responses. natcheck capability detection misses, filtering reports "untested" with WarnFilteringSkippedNoChangeRequest. 2. Bare external-ip=PUBLIC triggers "STUN CHANGE_REQUEST not supported: only one IP address is provided". coturn requires the pair form external-ip=public/private even on a single-NIC VM where the two IPs differ (public from cloud provider, private from `ip addr`). Net effect of (1)+(2): a user following docs/coturn-setup.md on a $5 VPS got coturn that didn't speak §4.4. Filtering classification never ran. Verified locally with coturn 4.10.0: with rfc5780 enabled and external-ip pair form, the "RFC5780 disabled" and "STUN CHANGE_REQUEST not supported" warnings clear.
Reflects the two coturn config fixes from 67230ff. Adds a verification step (step 4) that has the user grep coturn's stdout for the two specific WARNING/INFO lines that signal a misconfigured §4.4 path, since natcheck's "filtering: untested" verdict alone doesn't tell the user which side of the wire is at fault.
No code or schema delta. Conf-asset and setup-doc patch only. Promotes [Unreleased] → [0.1.2.1] with link refs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Patch release fixing two real-world bugs in the bundled coturn config that defeat v0.1.2's headline filtering classification feature.
What broke
Discovered by trying to validate v0.1.2 end-to-end against a real coturn 4.10.0:
rfc5780directive. coturn 4.x defaults RFC 5780 NAT behavior discovery to OFF. Withoutrfc5780in the conf, coturn logsRFC5780 disabled! /NAT behavior discovery/and silently omitsOTHER-ADDRESSfrom Binding responses. natcheck capability detection (internal/cli/cli.go:79–89) misses, filtering reportsuntestedwithWarnFilteringSkippedNoChangeRequest.external-ip=PUBLICtriggersSTUN CHANGE_REQUEST not supported: only one IP address is provided. coturn requires the pair formexternal-ip=public/privateeven on a single-NIC VM where the two IPs differ (public from cloud provider, private fromip addr).Net effect: a user following
docs/coturn-setup.mdon a $5 VPS got coturn that didn't speak §4.4. Filtering classification never ran, despite v0.1.2 being about filtering classification.What changed
examples/coturn-natcheck.conf— addsrfc5780; switchesexternal-ip=YOUR_PUBLIC_IP→external-ip=YOUR_PUBLIC_IP/YOUR_PRIVATE_IP; expands the surrounding comments.docs/coturn-setup.md— documents both requirements; adds a verification step (step 4) that has the user grep coturn's stdout for the two specific WARNING/INFO lines that signal a misconfigured §4.4 path. The "untested" failure-mode bullet now points back to step 4.CHANGELOG.md—[0.1.2.1]Fixed entry, link refs.Scope
Conf-asset + docs only. No Go source change.
go install github.com/1mb-dev/natcheck/cmd/natcheck@v0.1.2produces the same binary as@v0.1.2.1. The patch tag exists so the Homebrew formula and changelog can point at the corrected setup story.Test plan
make test(race, count=1) — green (no code change but sanity)make lint— 0 issuesgofmt -l .— cleanrfc5780enabled,STUN CHANGE_REQUEST not supportedwarning gone — verified locallygh release create v0.1.2.1brew upgrade natchecklands the correctedexamples/anddocs/for users who installed via brew)