WebRTC existing session - google-chrome

WebRTC comes essentially in 3 flavors depending on the network situation:
No NAT - session is peer to peer
NAT - session uses STUN but is eventually peer to peer for the media
NAT+Firewall: in which case session is not peer to peer and media goes through a TURN server.
Is there a way/tool to figure out for an existing live session if it is using a TURN server or if it's peer to peer?
I am using chrome. If a tool exists for other browsers I am happy to know about it as well.
Thx

this pull request for the webrtc samples makes the constraints/getStats sample show the ip address. Instead of the local and remote ip around here you want the candidateType property.
If either of them is "relay" you are using a turn server. If both are "host" this is a direct connection without NAT. For all other cases NAT is used.
Note that this sample is currently a bit of a mess since the getStats API changed a bit.

Related

Connect to MySQL database by using route exposed on openshift

I have just exposed my database on openshift and it gives me an 'https://....' url
Does anybody know how to connect using DBeaver by using this url that openshift gave to me.
The error that dbeaver says to me is the following
Malformed database URL, failed to parse the main URL sections.
Short answer: You can't with aRoute
Route can only expose http/https traffic
If you want to expose tcp traffic (like for a database), do not create aRouteand change yourServicetype to "NodePort"`
Check my previous answer for this kind of problem (exposing MQ in this case): How to connect to IBM MQ deployed to OpenShift?
OpenShift doc on NodePorts: https://docs.openshift.com/container-platform/4.7/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.html
There's another way to do this.
If your Route is set to "passthrough" it will just look at the SNI headers to determine where to route the traffic but won't unwrap it (and expect http inside) which will let it pass other traffic through to a pod.
I use this mechanism to run a ZNC bouncer (irc traffic) behind SNI.
The downside is you need to provide your own TLS cert inside the pod instead of leveraging the general one available to *.apps.(cluster).com
As for the specific error, "Malformed database URL", I've not used this software but from a quick websearch it looks like you want to rewrite the https://(appname).(clustername).com into a jdbc:.../hostname... string, and then enable TLS in settings.
I found this page that talks about setting it up, so it might be helpful if you've not around found it -- https://github.com/dbeaver/dbeaver/issues/9573

Chrome WebRTC over TCP

I'm trying to have WebRTC media over TCP with a gateway in between but I'm having some interesting issues on the ICE connection phase. Before further advances, it's important to know that I have the same setup for UDP and everything works correctly.
In the gateway we modify the remote answer SDP to include a single TCP candidate (the media port is also modified to include the same port):
a=candidate:1 1 tcp 1 <gw_ip> <gw_port> typ host tcptype passive generation 0
Also I'm sending the attribute setup as passive:
a=setup:passive
Seconds after applying the remote description on Chrome, I'm receiving a STUN BIND request on the gateway which I'm answering with a Bind Success response (I've checked both Transaction ID and Message Integrity and they seem fine).
After this chrome simple doesn't continue the ICE checking (neither DTLS messages). I've enabled chrome logs to see if some error was happening and I've found an interesting output:
"Ignoring STUN binding response message on shared socket"
I've taken a look at chromium source code and it seems this is being shown because chrome is using a shared socket but I cannot understand it's reason.
Any ideas? Thanks!
After a deep investigation I've found out that the TCP stream wasn't being parsed correctly on the gateway side.
This stream in specific, uses a length framing mechanism that wasn't being applied on the inbound/outbound data, therefore provoking several issues on the process pipeline.
Refer to rfc5389 for more information regarding the framing mechanism:
https://www.rfc-editor.org/rfc/rfc5389

Using zabbix_sender for host discovery

I'm writing an application which delivers data from remote devices over an HTTP API. These devices are on a mobile data connection and have limited resources.
I wish to receive custom monitoring data over the HTTP API, relying on the security model designed in the application, and push that data to Zabbix directly (or indirectly) from node.js. I do not wish to use Zabbix Agent on the remote devices.
I see that I can use zabbix_sender to send data to a Zabbix server containing a pre-configured host. This works great. I intend to deliver monitoring data over my custom API, and when received give this data to zabbix_sender inside the server network.
The problem is there are many devices in the field and more are being added all the time.
TL;DR:
When zabbix_sender provides a custom hostname which doesn't exist in Zabbix already, it fails.
I would like to auto-add discovered hosts, based upon new hostnames from zabbix_sender. How would I do this?
Also, extra respect if anyone can give examples of how to avoid zabbix_sender and send data directly from node.js to the Zabbix server. I mean: suggest an NPM package that you have experience using. (Update: Found working node.js package here: https://www.npmjs.com/package/node-zabbix-sender)
Zabbix configuration: I'm learning from Zabbix 2.4 installed in Docker, no custom configuration from this Dockerhub: https://hub.docker.com/r/zabbix/zabbix-2.4/
Probably the best would be to use the Zabbix API to create hosts directly.
Alternatively, you could set up an action and emulate active agent connection, which would make Zabbix create the host via the active agent auto-regstration.
You could also use low level discovery (LLD) to send in JSON, which would result in hosts/items being created, based on prototypes.
In all of these cases you have to wait for one minute (by default) for the hosts to appear in the Zabbix cache, then you can send the data.
Also note that Zabbix 2.4 is not supported anymore, it will receive no fixes - it is not a "long-term support" release.

Can you run a true ping in Java?

I have done a fair amount of research these last few weeks trying to create a connection diagnostic tool, I don't so much want to just check to see if the connection is available but to diagnose if there is jitter, packet loss, etc..
So far it seems that Java doesn't support a true ICMP request and that there are a few workarounds out there but none of which achieve what I'm trying to do.
Does anyone know if this sort of tool can be built or should I start looking into other options?
It seems that InetAdress is using ICMP when its possible:
https://docs.oracle.com/javase/7/docs/api/java/net/InetAddress.html
take a look at public boolean isReachable(int timeout)
Test whether that address is reachable. Best effort is made by the
implementation to try to reach the host, but firewalls and server
configuration may block requests resulting in a unreachable status
while some specific ports may be accessible. A typical implementation
will use ICMP ECHO REQUESTs if the privilege can be obtained,
otherwise it will try to establish a TCP connection on port 7 (Echo)
of the destination host.
You can find a simple use example here:
How to test if a remote system is reachable
or here How to ping an IP address
I believe ICMP4J does exactly what you need: Internet Control Message Protocol for Java
You can use 'Exec' to run ping at the command line (assuming your OS supports this), or JNI to interface to a native application to do the pinging.
Creating your own implementation of the ICMP protocol would not be trivial.
If you do use Exec be aware of it's limitations which are not always obvious in initial testing:
http://www.javaworld.com/article/2071275/core-java/when-runtime-exec---won-t.html

NodeJS + HTML5 + Telnet = isitpossible?

I have this project for my classes i'm currently workin' on. here it is:
WebPage client for Telnet not on standard ports, with ability to choose a port and connect
I have machines with telnet servers on them, just waiting for connection.
So my idea was to set up a nodeJS with express server on a dedicated machine. This would handle connections through telnet and host a page for clients, that would use socket.io to exchange information with server side.
But as i'm new to such technologies (telecommunications student) i wonder if it is possible. I spotted something like this - jsterm.com by Peter Nitsch, but i see there are some massive gaps in code and the demo does not really work so i don't know if it actually works. Did anyone try this?
My other problem is - when i send information to nodeJS server through websockets, which seems achievable for me, what do i do with this information? Do i just set up another websocket to pass the same data i got from client websocket directly to the telnet port?
Can sockets connect directly to specific port, without any websocket waiting on the other side?
If my idea is wrong, could anyone help me - maybe there exists some nice solution - i was thinking about Anyterm for example but i see that it requires an apache server and runs completely different technologies...
Just to be clear, WebSocket connections are not raw TCP socket connections. They have extra header information in each packet, browser to server data is masked using a running XOR, etc.
In order for the browser to communicate with a normal TCP server (e.g. a telnet server) you will need some sort of bridge service. It just so happens that such a thing already exists. websockify is a server that accepts WebSocket connections and bridges them to a raw TCP server.
In fact, the websockify project already includes a working telnet client as an example application. However, note that one limitation of websockify (for security reasons) is that the client cannot pick an arbitrary server address/port to connect to. The target address(es) must be predefined, either as a single target specified on the command line for websockify, or as multiple targets specified in a configuration file (and selected via a token in the WebSocket connect string).
There are multiple implementations of websockify in different languages (python, C, node, ruby, Clojure) however, only the python version currently supports multiple targets via a configuration file.
Disclaimer: I created websockify.