[libnice] New method proposal: nice_agent_set_port_exclusions()

Olivier Crête olivier.crete at collabora.com
Thu Dec 5 16:13:32 UTC 2019


Yes do open a MR, it sounds like a good feature to have.


On December 5, 2019 10:21:15 a.m. EST, Juan Navarro <juan.navarro at gmx.es> wrote:
>I've been experimenting with the idea of adding a new method to
>NiceAgent: a function similar to nice_agent_set_port_range() but with a
>complimentary purpose. While set_port_range() is able to define, well,
>port range that should be used for local candidates during the
>process, a method such as nice_agent_set_port_exclusions() would be
>to define a set of ports that should be _avoided_.
>The method would have a signature such as this:
>nice_agent_set_port_exclusions (
>     NiceAgent *agent,
>     guint stream_id,
>     guint component_id,
>     gchar* ports);
>And 'ports' would be a string such as this:
>* Don't use port 1234
>* Don't use port 5678
>* Don't use any port between 2000 and 4000 (inclusive)
>The rationale for such feature is that it adapts better to the needs
>that are common in typical cloud deployments, where a specific set of
>control ports should not be made accessible from the outside, with no
>reason whatsoever to prevent such access from all other ports in
>For a concrete example: A quick glance at one test Kubernetes
>shows that these ports are sensitive and shouldn't be opened up to the
>These include control ports for Kubernetes itself.
>Instead of finding what is the biggest range that can be opened without
>touching any of those ports, it would be just easier (and easier to
>maintain for the Devops guys) to just specify a blacklist that includes
>all these ports, and pass it to libnice:
>I already have code that implements this, and having it in upstream is
>always nicer than maintaining it downstream. Would this feature be
>interesting for libnice? If so, I'd open a Merge Request for discussion
>and code review.
>Juan Navarro
>Kurento maintainer & developer
>j1elo @ Twitter <https://twitter.com/j1elo> / GitHub

Olivier Crête
olivier.crete at collabora.com

More information about the nice mailing list