[Telepathy] Doubt regarding Jingle file transfer over ICE
youness.alaoui at collabora.co.uk
Wed Oct 20 14:09:02 PDT 2010
On 10/20/2010 10:10 AM, udayjandhyala at gmail.com wrote:
> Hi all,
> I have a doubt about the way telepathy-gabble implements jingle file
> Please correct me if my below understanding is wrong :
> - Basically for solving NAT problem, libnice is used
> - As part of ICE protocol, for gathering 'candidate' transport
> addresses, we need STUN / TURN servers
> - for this purpose, why should telepathy-gabble trigger "
> http://relay.google.com:80/create_session " ??
> inside jingle-factory.c , libsoup APIs are used to make a HTTP GET
> request to the above URL, with headers "X-Talk-Google-Relay-Auth" &
> In response, we get a list of TURN/STUN server IPs & Ports etc.
You're right so far.
Although we need STUN for candidate gathering, TURN is only necessary if there
is no way to connect directly (both peers on symmetric NATs).
> Instead of this method, why can't we use what the below XML Stanza returns :
> Request stanza :
> <iq type="get" to="user at gmail.com <mailto:user at gmail.com>"
> id="135485202046"><query xmlns="google:jingleinfo"/></iq>
> Response stanza :
> <iq to="user at gmail.com/16b4cb7b <http://firstname.lastname@example.org/16b4cb7b>"
> from="user at gmail.com <mailto:user at gmail.com>" id="135485202046"
> type="result"><query xmlns="google:jingleinfo"><stun><server
> host="stun.l.google.com <http://stun.l.google.com>" udp="19302"/><server
> host="stun3.l.google.com <http://stun3.l.google.com>"
> udp="19302"/><server host="stun2.l.google.com
> <http://stun2.l.google.com>" udp="19302"/><server
> host="stun1.l.google.com <http://stun1.l.google.com>"
> udp="19302"/><server host="stun4.l.google.com
> host="relay.google.com <http://relay.google.com>" udp="19295"
> tcp="19294" tcpssl="443"/></relay></query></iq>
That does give us the ip/port for the STUN and TURN servers, yes.. but the TURN
server isn't a "free for all" server, it's a google server and only google users
can use it. In order to use TURN, one must always authenticate to it first. It
is done by adding a username/password to the STUN messages sent to the TURN server.
For security reasons, the username and passwords to be sent must be randomly
generated and have a short life (in short-term credentials mode, which is the
only mode supported by google servers).
In the XML stanza, there is no username/password, so the HTTP request being sent
is in order to get that username/password needed to authenticate with the TURN
If you look at the response we get, it doesn't only include stun and turn
ip/ports, it also includes a username and a password. That U/P combination will
only be valid if the "X-Talk-Google-Relay-Auth" header contains a valid
authentication token (which is the one received in that stanza you mentioned).
That U/P combination will also only be valid for 30 seconds, that's why it needs
to be done right before requesting the TURN server to allocate a port for us.
> Kindly point to me, if there is a different way to understand...
I hope it answers your question. You can't do any different way to achieve this
(the stanza contains the token to be used for the HTTP request, so it is the
normal/expected/only way of doing it). Unless you set up a non-google TURN
server (don't know if it's possible) and configure a username/password and have
the server support long-term credentials authentication methods.
p.s: why is it bothering you by the way ?
> Uday Kiran
> telepathy mailing list
> telepathy at lists.freedesktop.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the telepathy