mirror of
https://github.com/livekit/livekit.git
synced 2026-05-15 00:55:32 +00:00
Don't collect external address for ip filterd out (#1135)
This commit is contained in:
cnderrauber
+90
-71
@@ -69,10 +69,24 @@ func NewWebRTCConfig(conf *config.Config, externalIP string) (*WebRTCConfig, err
|
||||
LoggerFactory: logging.NewLoggerFactory(logger.GetLogger()),
|
||||
}
|
||||
|
||||
if len(rtcConf.Interfaces.Includes) != 0 || len(rtcConf.Interfaces.Excludes) != 0 {
|
||||
s.SetInterfaceFilter(InterfaceFilterFromConf(rtcConf.Interfaces))
|
||||
}
|
||||
|
||||
var ipFilter func(net.IP) bool
|
||||
if len(rtcConf.IPs.Includes) != 0 || len(rtcConf.IPs.Excludes) != 0 {
|
||||
filter, err := IPFilterFromConf(rtcConf.IPs)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ipFilter = filter
|
||||
s.SetIPFilter(filter)
|
||||
}
|
||||
|
||||
// force it to the node IPs that the user has set
|
||||
if externalIP != "" && (conf.RTC.UseExternalIP || (conf.RTC.NodeIP != "" && !conf.RTC.NodeIPAutoGenerated)) {
|
||||
if conf.RTC.UseExternalIP {
|
||||
ips, err := getNAT1to1IPsForConf(conf)
|
||||
ips, err := getNAT1to1IPsForConf(conf, ipFilter)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -206,75 +220,6 @@ func NewWebRTCConfig(conf *config.Config, externalIP string) (*WebRTCConfig, err
|
||||
}
|
||||
}
|
||||
|
||||
if len(rtcConf.Interfaces.Includes) != 0 || len(rtcConf.Interfaces.Excludes) != 0 {
|
||||
includes := rtcConf.Interfaces.Includes
|
||||
excludes := rtcConf.Interfaces.Excludes
|
||||
s.SetInterfaceFilter(func(s string) bool {
|
||||
// filter by include interfaces
|
||||
if len(includes) > 0 {
|
||||
for _, iface := range includes {
|
||||
if iface == s {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// filter by exclude interfaces
|
||||
if len(excludes) > 0 {
|
||||
for _, iface := range excludes {
|
||||
if iface == s {
|
||||
return false
|
||||
}
|
||||
}
|
||||
}
|
||||
return true
|
||||
})
|
||||
}
|
||||
|
||||
if len(rtcConf.IPs.Includes) != 0 || len(rtcConf.IPs.Excludes) != 0 {
|
||||
var ipnets [2][]*net.IPNet
|
||||
for i, ips := range [][]string{rtcConf.IPs.Includes, rtcConf.IPs.Excludes} {
|
||||
ipnets[i], err = func(fromIPs []string) ([]*net.IPNet, error) {
|
||||
var toNets []*net.IPNet
|
||||
for _, ip := range fromIPs {
|
||||
_, ipnet, err := net.ParseCIDR(ip)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
toNets = append(toNets, ipnet)
|
||||
}
|
||||
return toNets, nil
|
||||
}(ips)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
includes, excludes := ipnets[0], ipnets[1]
|
||||
|
||||
s.SetIPFilter(func(ip net.IP) bool {
|
||||
if len(includes) > 0 {
|
||||
for _, ipn := range includes {
|
||||
if ipn.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
if len(excludes) > 0 {
|
||||
for _, ipn := range excludes {
|
||||
if ipn.Contains(ip) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
}
|
||||
return true
|
||||
})
|
||||
}
|
||||
|
||||
return &WebRTCConfig{
|
||||
Configuration: c,
|
||||
SettingEngine: s,
|
||||
@@ -301,7 +246,7 @@ func iceServerForStunServers(servers []string) webrtc.ICEServer {
|
||||
return iceServer
|
||||
}
|
||||
|
||||
func getNAT1to1IPsForConf(conf *config.Config) ([]string, error) {
|
||||
func getNAT1to1IPsForConf(conf *config.Config, ipFilter func(net.IP) bool) ([]string, error) {
|
||||
stunServers := conf.RTC.STUNServers
|
||||
if len(stunServers) == 0 {
|
||||
stunServers = config.DefaultStunServers
|
||||
@@ -316,6 +261,10 @@ func getNAT1to1IPsForConf(conf *config.Config) ([]string, error) {
|
||||
}
|
||||
addrCh := make(chan ipmapping, len(localIPs))
|
||||
for _, ip := range localIPs {
|
||||
if ipFilter != nil && !ipFilter(net.ParseIP(ip)) {
|
||||
continue
|
||||
}
|
||||
|
||||
go func(localIP string) {
|
||||
addr, err := config.GetExternalIP(stunServers, &net.UDPAddr{IP: net.ParseIP(localIP)})
|
||||
if err != nil {
|
||||
@@ -373,3 +322,73 @@ done:
|
||||
}
|
||||
return nat1to1IPs, nil
|
||||
}
|
||||
|
||||
func InterfaceFilterFromConf(ifs config.InterfacesConfig) func(string) bool {
|
||||
includes := ifs.Includes
|
||||
excludes := ifs.Excludes
|
||||
return func(s string) bool {
|
||||
// filter by include interfaces
|
||||
if len(includes) > 0 {
|
||||
for _, iface := range includes {
|
||||
if iface == s {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// filter by exclude interfaces
|
||||
if len(excludes) > 0 {
|
||||
for _, iface := range excludes {
|
||||
if iface == s {
|
||||
return false
|
||||
}
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
func IPFilterFromConf(ips config.IPsConfig) (func(ip net.IP) bool, error) {
|
||||
var ipnets [2][]*net.IPNet
|
||||
var err error
|
||||
for i, ips := range [][]string{ips.Includes, ips.Excludes} {
|
||||
ipnets[i], err = func(fromIPs []string) ([]*net.IPNet, error) {
|
||||
var toNets []*net.IPNet
|
||||
for _, ip := range fromIPs {
|
||||
_, ipnet, err := net.ParseCIDR(ip)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
toNets = append(toNets, ipnet)
|
||||
}
|
||||
return toNets, nil
|
||||
}(ips)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
includes, excludes := ipnets[0], ipnets[1]
|
||||
|
||||
return func(ip net.IP) bool {
|
||||
if len(includes) > 0 {
|
||||
for _, ipn := range includes {
|
||||
if ipn.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
if len(excludes) > 0 {
|
||||
for _, ipn := range excludes {
|
||||
if ipn.Contains(ip) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
}
|
||||
return true
|
||||
}, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user