spektr/niom-turn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add: Automatically create permission for connected peers is not exist.

Browse Source
This commit is contained in:
ghost 2025-12-29 03:08:57 +01:00
parent a434a6ad8a
commit 295bac11e3
2 changed files with 66 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/server.rs
View File

@ -401,15 +401,39 @@ pub async fn udp_reader_loop_with_limits(
}; };
if !allocation.is_peer_allowed(&peer_addr) { if !allocation.is_peer_allowed(&peer_addr) {
let resp = build_error_response_with_integrity_mode( match allocs.add_permission(peer, peer_addr) {
&msg.header, Ok(()) => {
403, tracing::info!(
"Peer Not Permitted", "added implicit permission for {} -> {} (via CHANNEL-BIND)",
&key, peer,
mi_mode, peer_addr
); );
let _ = udp.send_to(&resp, &peer).await; crate::metrics::inc_permission_added();
continue; }
Err(e) => {
tracing::error!(
"failed to add implicit permission {} -> {}: {:?}",
peer,
peer_addr,
e
);
let (code, reason) = match e.downcast_ref::<AllocationError>() {
Some(AllocationError::PermissionQuotaExceeded) => {
(508, "Insufficient Capacity")
}
_ => (403, "Peer Not Permitted"),
};
let resp = build_error_response_with_integrity_mode(
&msg.header,
code,
reason,
&key,
mi_mode,
);
let _ = udp.send_to(&resp, &peer).await;
continue;
}
}
} }
if let Err(e) = allocs.add_channel_binding(peer, channel, peer_addr) { if let Err(e) = allocs.add_channel_binding(peer, channel, peer_addr) {

42
src/turn_stream.rs
View File

@ -545,15 +545,39 @@ where
}; };
if !allocation.is_peer_allowed(&peer_addr) { if !allocation.is_peer_allowed(&peer_addr) {
let resp = build_error_response_with_integrity_mode( match allocs.add_permission(peer, peer_addr) {
&msg.header, Ok(()) => {
403, tracing::info!(
"Peer Not Permitted", "added implicit permission for {} -> {} (via CHANNEL-BIND)",
key, peer,
mi_mode, peer_addr
); );
let _ = tx.send(resp).await; crate::metrics::inc_permission_added();
continue; }
Err(e) => {
tracing::error!(
"failed to add implicit permission {} -> {}: {:?}",
peer,
peer_addr,
e
);
let (code, reason) = match e.downcast_ref::<AllocationError>() {
Some(AllocationError::PermissionQuotaExceeded) => {
(508, "Insufficient Capacity")
}
_ => (403, "Peer Not Permitted"),
};
let resp = build_error_response_with_integrity_mode(
&msg.header,
code,
reason,
key,
mi_mode,
);
let _ = tx.send(resp).await;
continue;
}
}
} }
if let Err(e) = if let Err(e) =