diff --git a/doc/configuration.md b/doc/configuration.md index ac851f8e..2626993b 100644 --- a/doc/configuration.md +++ b/doc/configuration.md @@ -17,6 +17,12 @@ Default: no interfaces are blocked. This property can be used to specify a ";"-separated list of interfaces which are not allowed to be used for candidate allocations. +### ```org.ice4j.ice.harvest.USE_LOOPBACK_INTERFACES``` +Default: false + +Use (NAT-ed) loopback interfaces for ICE candidate selection. +FreeBSD jails often require this when NAT-ed on the internal lo0 interface with an IPv4 address. + ### ```org.ice4j.ice.harvest.ALLOWED_ADDRESSES``` Default: all addresses are allowed. diff --git a/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java b/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java index a6bd2832..0068bee2 100644 --- a/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java +++ b/src/main/java/org/ice4j/ice/harvest/AbstractTcpListener.java @@ -81,8 +81,9 @@ private static List getLocalAddresses( for (NetworkInterface iface : interfaces) { - if (NetworkUtils.isInterfaceLoopback(iface) - || !NetworkUtils.isInterfaceUp(iface) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterfaces()) + continue; + if (!NetworkUtils.isInterfaceUp(iface) || !HostCandidateHarvester.isInterfaceAllowed(iface)) { //this one is obviously not going to do diff --git a/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java b/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java index b9d5ab07..517374f2 100644 --- a/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java +++ b/src/main/java/org/ice4j/ice/harvest/HostCandidateHarvester.java @@ -236,9 +236,9 @@ public static List getAllAllowedAddresses() for (NetworkInterface iface : Collections.list(NetworkInterface.getNetworkInterfaces())) { - if (NetworkUtils.isInterfaceLoopback(iface) - || !NetworkUtils.isInterfaceUp(iface) - || !isInterfaceAllowed(iface)) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterfaces()) + continue; + if (!NetworkUtils.isInterfaceUp(iface) || !isInterfaceAllowed(iface)) { continue; } @@ -316,9 +316,9 @@ public void harvest(Component component, { NetworkInterface iface = interfaces.nextElement(); - if (NetworkUtils.isInterfaceLoopback(iface) - || !NetworkUtils.isInterfaceUp(iface) - || !isInterfaceAllowed(iface)) + if (NetworkUtils.isInterfaceLoopback(iface) && !config.useLoopbackInterfaces()) + continue; + if (!NetworkUtils.isInterfaceUp(iface) || !isInterfaceAllowed(iface)) { //this one is obviously not going to do continue; @@ -497,7 +497,7 @@ static boolean isInterfaceAllowed(NetworkInterface iface) */ static boolean isAddressAllowed(InetAddress address) { - if (address.isLoopbackAddress()) + if (address.isLoopbackAddress() && !config.useLoopbackInterfaces()) { return false; } diff --git a/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt b/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt index 2afc7d0a..4a84e268 100644 --- a/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt +++ b/src/main/kotlin/org/ice4j/ice/harvest/HarvestConfig.kt @@ -44,6 +44,13 @@ class HarvestConfig { } fun useIpv6() = useIpv6 + private val useLoopbackInterfaces: Boolean by config { + "org.ice4j.ice.harvest.USE_LOOPBACK_INTERFACES".from(configSource) + .transformedBy { !it } + "ice4j.harvest.use-loopback-interfaces".from(configSource) + } + fun useLoopbackInterfaces() = useLoopbackInterfaces + val useDynamicPorts: Boolean by config { "org.ice4j.ice.harvest.USE_DYNAMIC_HOST_HARVESTER".from(configSource) "ice4j.harvest.udp.use-dynamic-ports".from(configSource) diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf index 58892d65..9be436b2 100644 --- a/src/main/resources/reference.conf +++ b/src/main/resources/reference.conf @@ -25,6 +25,10 @@ ice4j { // Configuration related to harvesting (aka gathering) of local candidates. harvest { + // Use loopback (NAT-ed) interfaces for ICE candidate selection. + // FreeBSD jails often require this when NAT-ed on the internal lo0 interface with an IPv4 address. + use-loopback-interfaces = false + // Whether to harvest IPv6 addresses. use-ipv6 = true // Whether to use link-local addresses when harvesting candidates.