Test gstreamer webrtcbin android example, in local network everything is ok.But cross network, webrtc paused. ice send from android is all typ host.
Got ice server: candidate:1 1 UDP 2015363327 127.0.0.1 42258 typ host index: 0
Got ice server: candidate:2 1 TCP 1015021823 127.0.0.1 9 typ host tcptype active index: 0
Got ice server: candidate:3 1 TCP 1010827519 127.0.0.1 36241 typ host tcptype passive index: 0
Got ice server: candidate:4 1 UDP 2015363583 10.0.2.16 40513 typ host index: 0
Got ice server: candidate:5 1 TCP 1015022079 10.0.2.16 9 typ host tcptype active index: 0
Got ice server: candidate:6 1 TCP 1010827775 10.0.2.16 52791 typ host tcptype passive index: 0
Got ice server: candidate:7 1 UDP 2015363839 10.0.2.15 38413 typ host index: 0
Got ice server: candidate:8 1 TCP 1015022335 10.0.2.15 9 typ host tcptype active index: 0
Got ice server: candidate:9 1 TCP 1010828031 10.0.2.15 42225 typ host tcptype passive index: 0
#define STUN_SERVER " stun-server=stun://47.104.15.123:3478 "
#define TURN_SERVER " turn-server=turn://jianxi:jianxi#47.104.15.123:3478 "
webrtc->pipe =
gst_parse_launch ("webrtcbin bundle-policy=max-bundle name=sendrecv "
STUN_SERVER TURN_SERVER
if set GST_WEBRTC_ICE_TRANSPORT_POLICY_RELAY, android will not send any ice candidate.
sturn turn server is okay. Can not catch stun packet with wireshark.
g_signal_connect (webrtc->webrtcbin, "on-ice-candidate",
G_CALLBACK (send_ice_candidate_message), webrtc);
g_signal_connect (webrtc->webrtcbin, "notify::ice-gathering-state",
G_CALLBACK (on_ice_gathering_state_notify), NULL);
g_signal_connect (webrtc->webrtcbin, "notify::ice-connection-state",
G_CALLBACK (on_ice_gathering_state_notify), NULL);
gstreamer get signal notify:
static void
on_ice_gathering_state_notify (GstElement * webrtcbin, GParamSpec * pspec,
gpointer user_data)
{
GstWebRTCICEConnectionState ice_connect_state;
GstWebRTCICEGatheringState ice_gather_state;
gchar *stunser = NULL, *turnser = NULL;
const gchar *new_state = "unknown";
g_object_get (webrtcbin, "stun-server", &stunser, NULL);
if(stunser) {
gst_print("stun-server: %s\n", stunser);
g_free(stunser);
}
g_object_get (webrtcbin, "turn-server", &turnser, NULL);
if(turnser) {
gst_print("turn-server: %s\n", turnser);
g_free(turnser);
}
g_object_get (webrtcbin, "ice-gathering-state", &ice_gather_state, NULL);
g_object_get (webrtcbin, "ice-connection-state", &ice_connect_state, NULL);
switch (ice_gather_state) {
case GST_WEBRTC_ICE_GATHERING_STATE_NEW:
new_state = "new";
break;
case GST_WEBRTC_ICE_GATHERING_STATE_GATHERING:
new_state = "gathering";
break;
case GST_WEBRTC_ICE_GATHERING_STATE_COMPLETE:
new_state = "complete";
break;
}
gst_print ("ICE gathering state changed to %s, %d\n", new_state, ice_connect_state);
}
2022-11-23 11:35:50.239 1638-5461 GLib+stdout org.freedesktop.gstreamer.webrtc I stun-server: stun://47.104.15.123:3478
2022-11-23 11:35:50.239 1638-5461 GLib+stdout org.freedesktop.gstreamer.webrtc I turn-server: turn://jianxi:jianxi#47.104.15.123:3478
2022-11-23 11:35:50.239 1638-5461 GLib+stdout org.freedesktop.gstreamer.webrtc I ICE gathering state changed to complete, 4
ice end is 4 GST_WEBRTC_ICE_CONNECTION_STATE_FAILED.
In most cases, it means there are some issues with connecting to stun/turn server from your device. Either the host is unreachable via udp or there are issues with authentication.
The easiest way to test it is with trickle-ice page from your device's browser. Set address and creds of your stun/turn and check if there are some relay/srflx/prflx candidates.
If so, then it's a configuration issue on gstreamer-side.
If not, then try using tcpdump and inspect stun requests/responses. Maybe you're not getting the responses, or there are some error responses which might give you an idea of what's wrong.
I got a problem with my webRTC-project. My code works well at Chrome and Firefox until version 52. Since Firefox 53 i got the error: "ICE failed, see about:webrtc for more details". This is my code:
let connection;
let dataChannel;
const initCon = (initiatorBoolean, choosenONE) => {
createConnection();
startConnection(initiatorBoolean, choosenONE);
console.log('initCon(' + initiatorBoolean + ') / choosenONE = ' +choosenONE);
}
var boolJoin = false;
var lobbies = [];
var me = prompt("Please enter your name", "Bert");
// Helper für das Errorlogging
const logErrors = err => console.log(err);
// Websockets-Verbindung herstellen
const socket = io.connect('http://7daysclub.de:8080');
/* Methode to send information between to Users
*#param
*receiver= User who get the message
*type= Type of the message: could be init, joined, getUsers, setUsers, offer, answer, candidate
*descr= Content of the message
*/
const sendMessage = (receiver, type, descr) => {
message = Object.assign({to: 'default'}, {
user: receiver,
type: type,
descr: descr,
from: me
});
socket.emit('message', message);
console.log("send: " + message.type + ". to: " + message.user);
};
const createConnection = () => {
//Verbindung erstellen
connection = new RTCPeerConnection( {
'iceServers': [
{
/*
'urls': 'stun:stun.l.google.com:19302'
*/
'urls': 'stun:185.223.29.90:3478'
},
{
'urls': 'turn:185.223.29.90:3478',
'credential': '***',
'username': '***'
}
]
});
connection.oniceconnectionstatechange = function(event) {
console.log('state: '+connection.iceConnectionState );
if (connection.iceConnectionState === "failed" ||
connection.iceConnectionState === "disconnected" ||
connection.iceConnectionState === "closed") {
// Handle the failure
}
};
}
const call = choosenONE => {
if (!boolJoin) {
sendMessage(choosenONE, 'joined', null);
}
};
// Nachricht vom Signaling-Kanal empfangen
const receiveMessage = message => {
console.log("receive: " + message.type);
//Filter messages
if (message.user != 'all' && message.user != me) {
console.log("Block= " + message.user);
return;
}
// Nachricht verarbeiten
switch (message.type) {
// Partner ist verfügbar
case 'joined':
choosenONE = message.from;
sendMessage( choosenONE, 'init', null);
boolJoin = true;
initCon(true, choosenONE);
break;
case 'getUsers':
sendMessage(message.from,'setUsers', null)
lobbies.push(message.from);
lobbylist();
console.log('add User: ' + lobbies[lobbies.length-1] + ' to List');
break;
case 'setUsers':
lobbies.push(message.from);
console.log('add User: ' + lobbies[lobbies.length-1] + ' to List');
lobbylist();
break;
// Verbindungsaufbau wurde vom Partner angefordert
case 'init':
choosenONE = message.from;
boolJoin = true;
initCon(false, choosenONE);
break;
// Ein SDP-Verbindungsangebot ist eingegangen – wir erstellen eine Antwort
case 'offer':
connection
.setRemoteDescription(new RTCSessionDescription(message.descr))
.then(() => connection.createAnswer())
.then(answer => connection.setLocalDescription(new RTCSessionDescription(answer)))
.then(() => sendMessage(message.from,'answer', connection.localDescription, me))
.catch(logErrors);
break;
// Eine SDP-Verbindungsantwort auf unsere Anfrage ist eingegangen.
case 'answer':
connection.setRemoteDescription(new RTCSessionDescription(message.descr));
break;
// Der Partner hat eine mögliche Host-Port-Kombination ("ICE Candidate") gefunden
case 'candidate':
connection.addIceCandidate(new RTCIceCandidate({candidate: message.descr}));
break;
}
};
socket.on('message', receiveMessage);
// Verbindung initialisieren
const startConnection = (isCreator, choosenONE) => {
// Wenn wir mögliche Kommunikationsendpunkte finden, diese an den Partner weitergeben
connection.onicecandidate = event => {
if (event.candidate) {
sendMessage(choosenONE, 'candidate', event.candidate.candidate);
}
};
// Wenn die Gegenseite einen Stream hinzufügt, diesen an das video-element hängen
connection.ontrack = (e) => {
document.getElementById('vidRemote').src = window.URL.createObjectURL(e.stream);
};
// Falls wir der erste Teilnehmer sind, starten wir den Verbindungsaufbau
if (isCreator) {
// Datenkanal anlegen
dataChannel = connection.createDataChannel('chat');
onDataChannelCreated(dataChannel);
connection
.createOffer()
.then(offer => connection.setLocalDescription(new RTCSessionDescription(offer)))
.then(() => sendMessage(choosenONE, 'offer', connection.localDescription))
.catch(logErrors);
} else {
// Wenn wir nicht der Initiator sind, reagieren wir nur auf das Anlegen eines Datenkanals
connection.ondatachannel = function (event) {
dataChannel = event.channel;
onDataChannelCreated(dataChannel);
};
}
};
const onDataChannelCreated = (channel, choosenONE) => {
// Sobald der Datenkanal verfügbar ist, Chateingaben zulassen
channel.onopen = () => {
const enterChat = document.getElementById('enterChat');
enterChat.disabled = false;
enterChat.onkeyup = (keyevent) => {
// Bei "Enter" absenden
if (keyevent.keyCode === 13) {
dataChannel.send(enterChat.value);
appendChatMessage(me+':', enterChat.value);
enterChat.value = '';
}
}
};
channel.onmessage = (message) => appendChatMessage(choosenONE+':', message.data);
};
const appendChatMessage = (name, text) => {
const displayChat = document.getElementById('displayChat');
const time = new Date().toString('H:i:s');
displayChat.innerHTML = `<p>${name} - ${time}<br>${text}</p>` + displayChat.innerHTML;
};
function lobbylist() {
allusers = "";
lobbies.forEach( element => {
allusers += "<li><button onclick=\"call('"+element+"')\">"+element+"</button></li>"
});
document.getElementById('lobbylist').innerHTML = allusers;
}
//Alle User bei Ankunft erfragen
sendMessage('all','getUsers', null);
lobbylist();
And about:webrtc =
(registry/INFO) insert 'ice' (registry) succeeded: ice
(registry/INFO) insert 'ice.pref' (registry) succeeded: ice.pref
(registry/INFO) insert 'ice.pref.type' (registry) succeeded: ice.pref.type
(registry/INFO) insert 'ice.pref.type.srv_rflx' (UCHAR) succeeded: 0x64
(registry/INFO) insert 'ice.pref.type.peer_rflx' (UCHAR) succeeded: 0x6e
(registry/INFO) insert 'ice.pref.type.host' (UCHAR) succeeded: 0x7e
(registry/INFO) insert 'ice.pref.type.relayed' (UCHAR) succeeded: 0x05
(registry/INFO) insert 'ice.pref.type.srv_rflx_tcp' (UCHAR) succeeded: 0x63
(registry/INFO) insert 'ice.pref.type.peer_rflx_tcp' (UCHAR) succeeded: 0x6d
(registry/INFO) insert 'ice.pref.type.host_tcp' (UCHAR) succeeded: 0x7d
(registry/INFO) insert 'ice.pref.type.relayed_tcp' (UCHAR) succeeded: 0x00
(registry/INFO) insert 'stun' (registry) succeeded: stun
(registry/INFO) insert 'stun.client' (registry) succeeded: stun.client
(registry/INFO) insert 'stun.client.maximum_transmits' (UINT4) succeeded: 7
(registry/INFO) insert 'ice.trickle_grace_period' (UINT4) succeeded: 5000
(registry/INFO) insert 'ice.tcp' (registry) succeeded: ice.tcp
(registry/INFO) insert 'ice.tcp.so_sock_count' (INT4) succeeded: 0
(registry/INFO) insert 'ice.tcp.listen_backlog' (INT4) succeeded: 10
(registry/INFO) insert 'ice.tcp.disable' (char) succeeded: \000
(generic/EMERG) Exit UDP socket connected
(generic/ERR) UDP socket error:Internal error at z:/build/build/src/dom/network/UDPSocketParent.cpp:283 this=00000000120CC400
(ice/INFO) z:/build/build/src/media/mtransport/third_party/nICEr/src/net/nr_socket_multi_tcp.c:173 function nr_socket_multi_tcp_create_stun_server_socket skipping UDP STUN server(addr:IP4:185.223.29.90:3478/UDP)
(ice/INFO) z:/build/build/src/media/mtransport/third_party/nICEr/src/net/nr_socket_multi_tcp.c:173 function nr_socket_multi_tcp_create_stun_server_socket skipping UDP STUN server(addr:IP4:185.223.29.90:3478/UDP)
(ice/WARNING) z:/build/build/src/media/mtransport/third_party/nICEr/src/net/nr_socket_multi_tcp.c:617 function nr_socket_multi_tcp_listen failed with error 3
(ice/WARNING) ICE(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/)): failed to create passive TCP host candidate: 3
(ice/NOTICE) ICE(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/)): peer (PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default) no streams with non-empty check lists
(ice/NOTICE) ICE(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/)): peer (PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default) no streams with pre-answer requests
(ice/NOTICE) ICE(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/)): peer (PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default) no checks to start
(ice/ERR) ICE(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/)): peer (PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default) pairing local trickle ICE candidate host(IP4:192.168.0.4:54605/UDP)
(ice/ERR) ICE(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/)): peer (PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default) pairing local trickle ICE candidate host(IP4:192.168.0.4:62417/TCP) active
(stun/INFO) Unrecognized attribute: 0x802b
(stun/INFO) STUN-CLIENT(srflx(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)): Received response; processing
(ice/ERR) ICE(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/)): peer (PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default) pairing local trickle ICE candidate srflx(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)
(stun/INFO) STUN-CLIENT(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)::TURN): Received response; processing
(stun/WARNING) STUN-CLIENT(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)::TURN): Error processing response: Retry may be possible, stun error code 401.
(stun/INFO) STUN-CLIENT(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)::TURN): Received response; processing
(stun/WARNING) STUN-CLIENT(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)::TURN): Error processing response: Retry may be possible, stun error code 401.
(turn/WARNING) TURN(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)): Exceeded the number of retries
(turn/WARNING) TURN(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)): mode 20, nr_turn_client_error_cb
(turn/WARNING) TURN(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)) failed
(turn/INFO) TURN(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)): cancelling
(turn/WARNING) ICE-CANDIDATE(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)): nr_turn_allocated_cb called with state 4
(turn/WARNING) ICE-CANDIDATE(relay(IP4:192.168.0.4:54605/UDP|IP4:185.223.29.90:3478/UDP)): nr_turn_allocated_cb failed
(ice/INFO) ICE(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/)): peer (PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default) Trickle grace period is over; marking every component with only failed pairs as failed.
(ice/INFO) ICE-PEER(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default)/STREAM(0-1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/) aLevel=0)/COMP(1): All pairs are failed, and grace period has elapsed. Marking component as failed.
(ice/INFO) ICE-PEER(PC:1512241952789000 (id=19327352835 url=http://7daysclub.de/webrtc2/):default): all checks completed success=0 fail=1
(generic/EMERG) Exit UDP socket connected
(generic/ERR) UDP socket error:Internal error at z:/build/build/src/dom/network/UDPSocketParent.cpp:283 this=000000000BAE3000
(ice/INFO) z:/build/build/src/media/mtransport/third_party/nICEr/src/net/nr_socket_multi_tcp.c:173 function nr_socket_multi_tcp_create_stun_server_socket skipping UDP STUN server(addr:IP4:185.223.29.90:3478/UDP)
(ice/INFO) z:/build/build/src/media/mtransport/third_party/nICEr/src/net/nr_socket_multi_tcp.c:173 function nr_socket_multi_tcp_create_stun_server_socket skipping UDP STUN server(addr:IP4:185.223.29.90:3478/UDP)
(ice/WARNING) z:/build/build/src/media/mtransport/third_party/nICEr/src/net/nr_socket_multi_tcp.c:617 function nr_socket_multi_tcp_listen failed with error 3
(ice/WARNING) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): failed to create passive TCP host candidate: 3
(ice/NOTICE) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): peer (PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default) no streams with non-empty check lists
(ice/NOTICE) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): peer (PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default) no streams with pre-answer requests
(ice/NOTICE) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): peer (PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default) no checks to start
(ice/ERR) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): peer (PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default) pairing local trickle ICE candidate host(IP4:192.168.0.4:63286/UDP)
(ice/ERR) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): peer (PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default) pairing local trickle ICE candidate host(IP4:192.168.0.4:54433/TCP) active
(stun/INFO) Unrecognized attribute: 0x802b
(stun/INFO) STUN-CLIENT(srflx(IP4:192.168.0.4:63286/UDP|IP4:185.223.29.90:3478/UDP)): Received response; processing
(ice/ERR) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): peer (PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default) pairing local trickle ICE candidate srflx(IP4:192.168.0.4:63286/UDP|IP4:185.223.29.90:3478/UDP)
(stun/INFO) STUN-CLIENT(relay(IP4:192.168.0.4:63286/UDP|IP4:185.223.29.90:3478/UDP)::TURN): Received response; processing
(stun/WARNING) STUN-CLIENT(relay(IP4:192.168.0.4:63286/UDP|IP4:185.223.29.90:3478/UDP)::TURN): Error processing response: Retry may be possible, stun error code 401.
(stun/INFO) STUN-CLIENT(relay(IP4:192.168.0.4:63286/UDP|IP4:185.223.29.90:3478/UDP)::TURN): Received response; processing
(turn/INFO) TURN(relay(IP4:192.168.0.4:63286/UDP|IP4:185.223.29.90:3478/UDP)): Succesfully allocated addr IP4:185.223.29.90:50497/UDP lifetime=3600
(ice/ERR) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): peer (PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default) pairing local trickle ICE candidate turn-relay(IP4:192.168.0.4:63286/UDP|IP4:185.223.29.90:50497/UDP)
(ice/INFO) ICE(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/)): peer (PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default) Trickle grace period is over; marking every component with only failed pairs as failed.
(ice/INFO) ICE-PEER(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default)/STREAM(0-1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/) aLevel=0)/COMP(1): All pairs are failed, and grace period has elapsed. Marking component as failed.
(ice/INFO) ICE-PEER(PC:1512242125375000 (id=19327352836 url=http://7daysclub.de/webrtc2/):default): all checks completed success=0 fail=1
+++++++ END ++++++++
And my turnserver config looks like this:
# TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
#
listening-port=3478
# TURN listener port for TLS (Default: 5349).
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
# port(s), too - if allowed by configuration. The TURN server
# "automatically" recognizes the type of traffic. Actually, two listening
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
# functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
# For secure TCP connections, we currently support SSL version 3 and
# TLS version 1.0, 1.1 and 1.2. SSL2 "encapculation mode" is also supported.
# For secure UDP connections, we support DTLS version 1.
#
tls-listening-port=5349
# Listener IP address of relay server. Multiple listeners can be specified.
# If no IP(s) specified in the config file or in the command line options,
# then all IPv4 and IPv6 system IPs will be used for listening.
#
listening-ip=185.223.29.90
# Relay address (the local IP address that will be used to relay the
# packets to the peer).
# Multiple relay addresses may be used.
# The same IP(s) can be used as both listening IP(s) and relay IP(s).
#
# If no relay IP(s) specified, then the turnserver will apply the default
# policy: it will decide itself which relay addresses to be used, and it
# will always be using the client socket IP address as the relay IP address
# of the TURN session (if the requested relay address family is the same
# as the family of the client socket).
#
relay-ip=185.223.29.90
lt-cred-mech
# Realm for long-term credentials mechanism and for TURN REST API.
#
realm=7daysclub.de
#Local system IP address to be used for CLI server endpoint. Default value
# is 127.0.0.1.
#
cli-ip=185.223.29.90
# CLI server port. Default is 5766.
#
cli-port=5766
Looking at your online demo there is no a=candidate line in the remote SDP which suggests the candidate is never added.
sendMessage(choosenONE, 'candidate', event.candidate.candidate);
this is discarding the sdpMid and sdpMLineIndex which needs to be signalled to the remote peer. Add a .catch to your addIceCandidate to log any errors.
I am trying to setup a Kurento media server behind an nginx proxy & testing with the Kurento-hello-world example. The TURN server is in place & Kurento is up.
I added the TURN url in file /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini as explained here
turnURL=kurento:kurento#193.147.XXX.XXX:3478
I opened the specified ports :
3478 TCP & UDP
49152-65535 UDP
EDIT : I notice TURN is announcing a remote HEAD IP that seems to be in my network, but is not linked to my project and never specified in configs, as seen in the browser console, I receive a candidate 2 with the unknown external IP and a candidate 3 with good external IP but wonder if the browser can be stocked trying to connect to a bad one. Is it possible to avoid TURN propose a specific address ?
Locally, I can see (netstat -tulpn) the candidates UDP ports allocted on both kurento & TURN machines. The video input that should come from the server never appears, meaning the Connection is never achieved ?
TURN Server :
handle_udp_packet: New UDP endpoint: local addr 192.168.LO.CAL:3478, remote addr 130.206.UNK.KNO:54384
realm <x> user <>: incoming packet OLD BINDING processed, success
realm <x> user <kurento>: incoming packet OLD BINDING processed, success
realm <x> user <kurento>: incoming packet OLD BINDING processed, success
realm <x> user <>: incoming packet OLD BINDING processed, success
realm <x> user <>: incoming packet OLD BINDING processed, success
realm <x> user <kurento>: incoming packet OLD BINDING processed, success
closed (2nd stage), user <> realm <x> origin <>, local 192.168.LO.CAL:3478, remote **130.206.UNK.KNO**:54384, reason: allocation watchdog determined stale session state
Brower Hello-World Console :
WebRTC loopback starting
Use freeice
...
Created SDP offer
Local description set
...
onOffer
Got MediaPipeline
...
Local candidate:
{}
Got WebRtcEndpoint
Got FaceOverlayFilter
Connecting...
SDP answer obtained. Processing...
SDP answer received, setting remote description
SDP answer received, setting remote description
Remote candidate:
{
__module__: 'kurento'
,
__type__: 'IceCandidate'
,
candidate: 'candidate:1 1 UDP 2013266431 192.168.LO.CAL 53311 typ host'
,
sdpMLineIndex: 0
,
sdpMid: 'audio'
}
ICE candidate received
Remote candidate:
{
__module__: 'kurento'
,
__type__: 'IceCandidate'
,
candidate: 'candidate:1 1 UDP 2013266431 192.168.LO.CAL 53311 typ host'
,
sdpMLineIndex: 1
,
sdpMid: 'video'
}
ICE candidate received
Remote URL:
'blob:http%3A//localhost%3A8080/7b1cfb2c-d8bd-4e74-9a98-990ff35ac3fe'
Remote candidate:
{
__module__: 'kurento'
,
__type__: 'IceCandidate'
,
candidate: 'candidate:1 2 UDP 2013266430 192.168.LO.CAL 54384 typ host'
,
sdpMLineIndex: 0
,
sdpMid: 'audio'
}
ICE candidate received
Remote candidate:
{
__module__: 'kurento'
,
__type__: 'IceCandidate'
,
candidate: 'candidate:1 2 UDP 2013266430 192.168.LO.CAL 54384 typ host'
,
sdpMLineIndex: 1
,
sdpMid: 'video'
}
ICE candidate received
Loopback established
Remote candidate:
{
__module__: 'kurento'
,
__type__: 'IceCandidate'
,
candidate: 'candidate:2 1 UDP 1677721855 130.206.UNK.KNO 53311 typ srflx raddr 192.168.LO.CAL rport 53311'
,
sdpMLineIndex: 0
,
sdpMid: 'audio'
}
ICE candidate received
Remote candidate:
{
__module__: 'kurento'
,
__type__: 'IceCandidate'
,
candidate: 'candidate:2 1 UDP 1677721855 130.206.UNK.KNO 53311 typ srflx raddr 192.168.LO.CAL rport 53311'
,
sdpMLineIndex: 1
,
sdpMid: 'video'
}
ICE candidate received
Remote candidate:
{
__module__: 'kurento'
,
__type__: 'IceCandidate'
,
candidate: 'candidate:3 1 UDP 1006633215 130.206.REM.OTE 63499 typ relay raddr 192.168.LO.CAL rport 53311'
,
sdpMLineIndex: 0
,
sdpMid: 'audio'
}
ICE candidate received
Remote candidate:
{
__module__: 'kurento'
,
__type__: 'IceCandidate'
,
candidate: 'candidate:3 1 UDP 1006633215 130.206.REM.OTE 63499 typ relay raddr 192.168.LOC.AL rport 53311'
,
sdpMLineIndex: 1
,
sdpMid: 'video'
}
ICE candidate received
And the kurento log (sorry) :
pointImpl.cpp:281 WebRtcEndpointImpl() stun port 3478
pointImpl.cpp:285 WebRtcEndpointImpl() stun address 130.206.REM.OTE
pointImpl.cpp:294 WebRtcEndpointImpl() turn info:
...
Transport.cpp:482 processMessage() Message: >{"id":19,"jsonrpc":"2.0","method":"invoke","params":{"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","operation":"gatherCandidates","sessionId":"f3b4f17e-d7e1-44d6-aec5-e0106ce37c50"}}
EventHandler.cpp:52 sendEvent() Sending event: {"jsonrpc":"2.0","method":"onEvent","params":{"value":{"data":{"candidate":{"__module__":"kurento","__type__":"IceCandidate","candidate":"candidate:1 1 UDP 2013266431 192.168.LO.CAL 58764 typ host","sdpMLineIndex":0,"sdpMid":"audio"},"source":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","tags":[],"timestamp":"1449959528","type":"OnIceCandidate"},"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","type":"OnIceCandidate"}}}
-> f3b4f17e-d7e1-44d6-aec5-e0106ce37c50
KurentoEventHandler EventHandler.cpp:52 sendEvent() Sending event: {"jsonrpc":"2.0","method":"onEvent","params":{"value":{"data":{"candidate":{"__module__":"kurento","__type__":"IceCandidate","candidate":"candidate:1 1 UDP 2013266431 192.168.LO.CAL 58764 typ host","sdpMLineIndex":1,"sdpMid":"video"},"source":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","tags":[],"timestamp":"1449959528","type":"OnIceCandidate"},"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","type":"OnIceCandidate"}}}
-> f3b4f17e-d7e1-44d6-aec5-e0106ce37c50
KurentoEventHandler EventHandler.cpp:52 sendEvent() Sending event: {"jsonrpc":"2.0","method":"onEvent","params":{"value":{"data":{"candidate":{"__module__":"kurento","__type__":"IceCandidate","candidate":"candidate:1 2 UDP 2013266430 192.168.LO.CAL 36158 typ host","sdpMLineIndex":0,"sdpMid":"audio"},"source":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","tags":[],"timestamp":"1449959528","type":"OnIceCandidate"},"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","type":"OnIceCandidate"}}}
-> f3b4f17e-d7e1-44d6-aec5-e0106ce37c50
KurentoEventHandler EventHandler.cpp:52 sendEvent() Sending event: {"jsonrpc":"2.0","method":"onEvent","params":{"value":{"data":{"candidate":{"__module__":"kurento","__type__":"IceCandidate","candidate":"candidate:1 2 UDP 2013266430 192.168.LO.CAL 36158 typ host","sdpMLineIndex":1,"sdpMid":"video"},"source":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","tags":[],"timestamp":"1449959528","type":"OnIceCandidate"},"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","type":"OnIceCandidate"}}}
-> f3b4f17e-d7e1-44d6-aec5-e0106ce37c50
Transport.cpp:484 processMessage() Response: >{"id":19,"jsonrpc":"2.0","result":{"sessionId":"f3b4f17e-d7e1-44d6-aec5-e0106ce37c50","value":null}}
Transport.cpp:482 processMessage() Message: >{"id":20,"jsonrpc":"2.0","method":"invoke","params":{"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter","operation":"setOverlayedImage","operationParams":{"heightPercent":1.6000000000000001,"offsetXPercent":-0.34999999999999998,"offsetYPercent":-1.2,"uri":"https://localhost:8080/img/mario-wings.png","widthPercent":1.6000000000000001},"sessionId":"f3b4f17e-d7e1-44d6-aec5-e0106ce37c50"}}
Transport.cpp:484 processMessage() Response: >{"id":20,"jsonrpc":"2.0","result":{"sessionId":"f3b4f17e-d7e1-44d6-aec5-e0106ce37c50","value":null}}
Transport.cpp:482 processMessage() Message: >{"id":21,"jsonrpc":"2.0","method":"invoke","params":{"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","operation":"connect","operationParams":{"sink":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter"},"sessionId":"f3b4f17e-d7e1-44d6-aec5-e0106ce37c50"}}
ementImpl.cpp:655 connect() Connecting 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint -> 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter params AUDIO
ementImpl.cpp:655 connect() Connecting 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint -> 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter params VIDEO
ementImpl.cpp:655 connect() Connecting 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint -> 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter params DATA
Transport.cpp:484 processMessage() Response: >{"id":21,"jsonrpc":"2.0","result":{"sessionId":"f3b4f17e-d7e1-44d6-aec5-e0106ce37c50","value":null}}
Transport.cpp:482 processMessage() Message: >{"id":22,"jsonrpc":"2.0","method":"invoke","params":{"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter","operation":"connect","operationParams":{"sink":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint"},"sessionId":"f3b4f17e-d7e1-44d6-aec5-e0106ce37c50"}}
ementImpl.cpp:655 connect() Connecting 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter -> 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint params AUDIO
ementImpl.cpp:655 connect() Connecting 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter -> 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint params VIDEO
ementImpl.cpp:655 connect() Connecting 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/d4e4e54b-1610-4b0c-93e7-5f46558c7a40_kurento.FaceOverlayFilter -> 235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint params DATA
EventHandler.cpp:52 sendEvent() Sending event: {"jsonrpc":"2.0","method":"onEvent","params":{"value":{"data":{"candidate":{"__module__":"kurento","__type__":"IceCandidate","candidate":"candidate:2 1 UDP 1677721855 130.206.UNK.KNO 58764 typ srflx raddr 192.168.LO.CAL rport 58764","sdpMLineIndex":0,"sdpMid":"audio"},"source":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","tags":[],"timestamp":"1449959528","type":"OnIceCandidate"},"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","type":"OnIceCandidate"}}}
-> f3b4f17e-d7e1-44d6-aec5-e0106ce37c50
EventHandler.cpp:52 sendEvent() Sending event: {"jsonrpc":"2.0","method":"onEvent","params":{"value":{"data":{"candidate":{"__module__":"kurento","__type__":"IceCandidate","candidate":"candidate:2 1 UDP 1677721855 130.206.UNK.KNO 58764 typ srflx raddr 192.168.LO.CAL rport 58764","sdpMLineIndex":1,"sdpMid":"video"},"source":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","tags":[],"timestamp":"1449959528","type":"OnIceCandidate"},"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","type":"OnIceCandidate"}}}
-> f3b4f17e-d7e1-44d6-aec5-e0106ce37c50
Transport.cpp:484 processMessage() Response: >{"id":22,"jsonrpc":"2.0","result":{"sessionId":"f3b4f17e-d7e1-44d6-aec5-e0106ce37c50","value":null}}
EventHandler.cpp:52 sendEvent() Sending event: {"jsonrpc":"2.0","method":"onEvent","params":{"value":{"data":{"candidate":{"__module__":"kurento","__type__":"IceCandidate","candidate":"candidate:3 1 UDP 1006633215 130.206.REM.OTE 52131 typ relay raddr 192.168.LO.CAL rport 58764","sdpMLineIndex":0,"sdpMid":"audio"},"source":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","tags":[],"timestamp":"1449959528","type":"OnIceCandidate"},"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","type":"OnIceCandidate"}}}
-> f3b4f17e-d7e1-44d6-aec5-e0106ce37c50
EventHandler.cpp:52 sendEvent() Sending event: {"jsonrpc":"2.0","method":"onEvent","params":{"value":{"data":{"candidate":{"__module__":"kurento","__type__":"IceCandidate","candidate":"candidate:3 1 UDP 1006633215 130.206.REM.OTE52131 typ relay raddr 192.168.LO.CAL rport 58764","sdpMLineIndex":1,"sdpMid":"video"},"source":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","tags":[],"timestamp":"1449959528","type":"OnIceCandidate"},"object":"235a7f0a-87c0-4b8d-a726-e91b7095ea7b_kurento.MediaPipeline/4d01d709-1471-4fa6-b889-b3a79cb4e02c_kurento.WebRtcEndpoint","type":"OnIceCandidate"}}}
-> f3b4f17e-d7e1-44d6-aec5-e0106ce37c50
Transport.cpp:543 closeHandler() Connection closed
Transport.cpp:504 openHandler() Client connected from http://localhost:8080
Thanks !
EDIT : installed packages/version
gstreamer1.5-libav:amd64/1.5.2.1~20150901123759.34.g07a7b16.trusty
gstreamer1.5-nice:amd64/0.1.7.1~20151125151103.10.ge060eb5.trusty
gstreamer1.5-plugins-bad:amd64/1.5.2.1~20150901123827.61.gced9e06.trusty
gstreamer1.5-plugins-base:amd64/1.7.0.1~20151125150805.140.g2b445d5.trusty
gstreamer1.5-plugins-good:amd64/.7.0.1~20151125150841.141.g0708286.trusty
gstreamer1.5-plugins-ugly:amd64/1.7.0.1~20151126085656.24.g9ec26a4.trusty
gstreamer1.5-pulseaudio:amd64/1.7.0.1~20151125150841.141.g0708286.trusty
gstreamer1.5-x:amd64/1.7.0.1~20151125150805.140.g2b445d5.trusty
kms-core-6.0/6.2.0.trusty
kms-elements-6.0/6.2.0.trusty
kms-filters-6.0/6.2.0.trusty
kms-jsonrpc-1.0/1.0.1.trusty
kmsjsoncpp/1.6.3~20151125151041.38.g263929e.trusty
kurento-media-server-6.0/6.1.0.trusty
libgstreamer-plugins-bad1.5-0:amd64/1.5.2.1~20150901123827.61.gced9e06.trusty
libgstreamer-plugins-base1.5-0:amd64/1.7.0.1~20151125150805.140.g2b445d5.trusty
libgstreamer1.5-0:amd64/1.7.0.1~20151125150753.298.g6d22bfb.trusty
libnice10:amd64/0.1.7.1~20151125151103.10.ge060eb5.trusty
openwebrtc-gst-plugins/0.10.0~20151125150950.100.g61cc54b.trusty
Hello Jean-Baptiste Heren , This is the issue of dependencies. So i
suggest you to please installed all of your dependencies correctly or
upgarde your dist first and than install Kurento-media-server 6.0
after that you will be able to resloved all of these issues in one go
for same related issue with commands please follow the link answer:-
And also install openJdk7
Node Tutorial one to Many has no loading the remote server Stream Spinner moving endless
Thanks
I try to create a web server on iPhone to provide urls of images in ablum.
Before sending response to client, I need to do some adjustment on images (something like re-size).
These actions take up to 1 or 1.5 sec per image before response to client. (especially on iPhone 4)
The client side cannot receive data even though messages on xcode console already showed how many bytes has been GET on some sockets.
What options can I use to solve this problem?
Another question is what happens if I increase ConnectedStateCoalescingInterval value up to 2.0 or 3.0 seconds?
Thanks.
========= 2015/08/24 13:05 Updated
Here is my addHandlerForMethod:path:requestClass:asyncProcessBlock:
[_webServer addHandlerForMethod:#"GET" path:[NSString stringWithFormat:#"/image/%#",assetId] requestClass:[GCDWebServerRequest class] asyncProcessBlock:^(GCDWebServerRequest *request, GCDWebServerCompletionBlock completionBlock)
{
__strong typeof(weakself) strongself = weakself;
[strongself requestImageDataByAssetURL:assetURL completionCb:^(NSData *photoData) {
GCDWebServerDataResponse* response = [GCDWebServerDataResponse responseWithData:photoData contentType:#"image/png"];
completionBlock(response);
}];
}];
Here is requestImageDataByAssetURL:completionCb:
- (void)requestImageDataByAssetURL:(NSURL *)assetURL completionCb:(void(^)(NSData *photoData))cbfunc {
__block NSData *photoData;
ALAssetsLibrary* library = [[ALAssetsLibrary alloc] init];
[library assetForURL:assetURL resultBlock:^(ALAsset *asset) {
#autoreleasepool {
uint64_t begin = mach_absolute_time();
// <do some image processing here>
uint64_t end = mach_absolute_time();
NSLog(#"Time taken to imageResize %g s", MachTimeToSecs(end - begin));
cbfunc(photoData);
}
} failureBlock:^(NSError *error) {
NSLog(#"[%#] fail. Error=%#", NSStringFromSelector(_cmd), error.localizedDescription);
cbfunc(nil);
}];
}
Here is the log:
[DEBUG] [2015-08-24 04:48:09 +0000] Did open connection on socket 32
[DEBUG] Connection received 221 bytes on socket 32
[DEBUG] Connection on socket 32 preflighting request "GET /image/9D959040-9FA8-4197-8150-8DC72339955D" with 221 bytes body
[DEBUG] Connection on socket 32 processing request "GET /image/9D959040-9FA8-4197-8150-8DC72339955D" with 221 bytes body
[DEBUG] [2015-08-24 04:48:10 +0000] Did open connection on socket 34
2015-08-24 12:48:10.799 xBoard[2981:3707] Time taken to imageResize 1.52039 s
[DEBUG] Connection received 221 bytes on socket 34
[DEBUG] Connection on socket 34 preflighting request "GET /image/9D959040-9FA8-4197-8150-8DC72339955D" with 221 bytes body
[DEBUG] Connection on socket 34 processing request "GET /image/9D959040-9FA8-4197-8150-8DC72339955D" with 221 bytes body
[DEBUG] Connection sent 171 bytes on socket 32
[DEBUG] Connection sent 123575 bytes on socket 32
[DEBUG] Did close connection on socket 32
[VERBOSE] [172.16.20.174:8080] 172.16.21.97:34450 200 "GET /image/9D959040-9FA8-4197-8150-8DC72339955D" (221 | 123746)
2015-08-24 12:48:12.028 xBoard[2981:4f0b] Time taken to imageResize 1.06382 s
[DEBUG] Connection sent 171 bytes on socket 34
[DEBUG] Connection sent 123575 bytes on socket 34
[DEBUG] Did close connection on socket 34
[VERBOSE] [172.16.20.174:8080] 172.16.21.97:50852 200 "GET /image/9D959040-9FA8-4197-8150-8DC72339955D" (221 | 123746)
We can see it creates the first socket(32).
Then creates the second socket(34) for the same image request immediately.
It seems that GCDWebServer close the first socket immediately. But why?
P.S. By the way, the client side use Android Volley library to download image instead of using web browsers.
There doesn't seem to be anything wrong according to the log: 2 GET requests for the path /image/9D959040-9FA8-4197-8150-8DC72339955D are processed on sockets 32 and 34, and each return 123,575 bytes.
Try using a desktop web browser like Chrome and its web inspector. If everything works correctly, then the problem is with your Android app.
the following code creates a client authenticated SSL context using PKCS#11 device (smart card). It all works great with Java 6:
// Configure the SunPkcs11 provider
String pkcs11config;
pkcs11config = "name = Cryptoki";
pkcs11config += "\nlibrary = /SCDriver/libbit4ipki.dylib";
InputStream confStream = new ByteArrayInputStream(pkcs11config.getBytes());
SunPKCS11 sunpkcs11 = new SunPKCS11(confStream);
Security.addProvider(sunpkcs11);
// Specify keystore builder parameters for PKCS#11 keystores
Builder scBuilder = Builder.newInstance("PKCS11", sunpkcs11, new KeyStore.CallbackHandlerProtection(new PasswordRetriever()));
// Create and init KeyManagerFactory
KeyManagerFactory factory = KeyManagerFactory.getInstance("NewSunX509");
factory.init(new KeyStoreBuilderParameters(scBuilder));
// create and init ssl context
m_ssl_context = SSLContext.getInstance("TLS");
m_ssl_context.init(factory.getKeyManagers(), new TrustManager[] {new PkTrustManager()}, null);
SSLContext.setDefault(m_ssl_context);
The PkTrustManager is simply and 'empty' class, taking any server/client certificate for good, and PasswordRetriever just asks for password through a dialog box
(By request I post source code for these).
On Java 7 instead I get the following exception during SSL handshake of the ssl context:
java.security.InvalidKeyException: Class does not represent an RSA key: sun.security.pkcs11.P11Key$P11PrivateKey
at iaik.pkcs.pkcs1.RSACipher.engineInit(Unknown Source)
at iaik.pkcs.pkcs1.RSACipher.engineInit(Unknown Source)
at iaik.security.rsa.RSA.init(Unknown Source)
at iaik.security.rsa.RawRSASignature.engineInitSign(Unknown Source)
at java.security.SignatureSpi.engineInitSign(SignatureSpi.java:103)
at java.security.Signature.initSign(Signature.java:529)
at sun.security.ssl.RSASignature.engineInitSign(RSASignature.java:125)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1136)
at java.security.Signature.initSign(Signature.java:529)
at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(HandshakeMessage.java:1556)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:982)
... 14 more
In the best case, I'd say something has changed in Java internals, but checking the Oracle documentation, I didn't find any supposed changes on the NewSunX509 key manager, or other components. I double checked the code and it seems compliant to the specifications (through there's for sure something I missed!).
I tried to add the configuration flags:
System.setProperty("javax.net.ssl.keyStoreType", "pkcs11");
System.setProperty("javax.net.ssl.keyStore", "NONE");
System.setProperty("javax.net.ssl.trustStoreType", "pkcs11");
System.setProperty("javax.net.ssl.trustStore", "NONE");
System.setProperty("javax.net.ssl.keyStoreProvider", sunpkcs11.getName() );
JCEMapper.setProviderId(sunpkcs11.getName());
But no change, same error... and they are not required in Java 6 where all works.
Thanks in advance anyone can help or has any ideas!
PS: By request from #owlstead added -Djava.security.debug=sunpkcs11 and got the following output:
SunPKCS11 loading ---DummyConfig-1---
sunpkcs11: Initializing PKCS#11 library /SCDriver/libbit4ipki.dylib
Information for provider SunPKCS11-Cryptoki
Library info:
cryptokiVersion: 2.20
manufacturerID: bit4id srl
flags: 0
libraryDescription: bit4id PKCS#11
libraryVersion: 1.02
All slots: 0
Slots with tokens: 0
Slot info for slot 0:
slotDescription: bit4id miniLector-U38 00 00
manufacturerID: unknown
flags: CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE | CKF_HW_SLOT
hardwareVersion: 0.00
firmwareVersion: 0.00
Token info for token in slot 0:
label: CNS
manufacturerID: ST Incard
model: CNS (LB)
serialNumber: 7420057800291590
flags: CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED
ulMaxSessionCount: CK_EFFECTIVELY_INFINITE
ulSessionCount: 0
ulMaxRwSessionCount: CK_EFFECTIVELY_INFINITE
ulRwSessionCount: CK_UNAVAILABLE_INFORMATION
ulMaxPinLen: 8
ulMinPinLen: 5
ulTotalPublicMemory: 31988
ulFreePublicMemory: CK_UNAVAILABLE_INFORMATION
ulTotalPrivateMemory: 780
ulFreePrivateMemory: CK_UNAVAILABLE_INFORMATION
hardwareVersion: 0.00
firmwareVersion: 0.00
utcTime: 0000000000000000
Mechanism CKM_RSA_PKCS:
ulMinKeySize: 1024
ulMaxKeySize: 1024
flags: 2561 = CKF_HW | CKF_DECRYPT | CKF_SIGN
Mechanism CKM_RSA_PKCS_KEY_PAIR_GEN:
ulMinKeySize: 1024
ulMaxKeySize: 1024
flags: 65537 = CKF_HW | CKF_GENERATE_KEY_PAIR
Mechanism CKM_SHA1_RSA_PKCS:
ulMinKeySize: 1024
ulMaxKeySize: 1024
flags: 2049 = CKF_HW | CKF_SIGN
Mechanism CKM_SHA_1:
ulMinKeySize: 0
ulMaxKeySize: 0
flags: 1024 = CKF_DIGEST
Mechanism CKM_SHA256:
ulMinKeySize: 0
ulMaxKeySize: 0
flags: 1024 = CKF_DIGEST
Mechanism CKM_SHA256_RSA_PKCS:
ulMinKeySize: 1024
ulMaxKeySize: 1024
flags: 2049 = CKF_HW | CKF_SIGN
Mechanism CKM_SHA384:
ulMinKeySize: 0
ulMaxKeySize: 0
flags: 1024 = CKF_DIGEST
Mechanism CKM_SHA384_RSA_PKCS:
ulMinKeySize: 1024
ulMaxKeySize: 1024
flags: 2049 = CKF_HW | CKF_SIGN
Mechanism CKM_SHA512:
ulMinKeySize: 0
ulMaxKeySize: 0
flags: 1024 = CKF_DIGEST
Mechanism CKM_SHA512_RSA_PKCS:
ulMinKeySize: 1024
ulMaxKeySize: 1024
flags: 2049 = CKF_HW | CKF_SIGN
Mechanism CKM_RSA_X_509:
ulMinKeySize: 1024
ulMaxKeySize: 1024
flags: 2561 = CKF_HW | CKF_DECRYPT | CKF_SIGN
Password per token PKCS11 [SunPKCS11-Cryptoki]: sunpkcs11: login succeeded
sunpkcs11: user already logged in
javax.net.ssl.SSLHandshakeException: Error signing certificate verify
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
*....... (continues with the exception as described above)*
Note: With the last update of Java 6, my code stops working on Java 6 as well :(
Solved by adding the line of code:
Security.removeProvider("IAIK");
before the line:
Security.addProvider(sunpkcs11);
This works correctly with all versions of java6 and java7 (hoping they won't screw again something in java8... :)
Looks like the IAIK provider inserts itself as a PKCS11 provider but then makes calls to the private key using it as a software key... because it's actually a software provider.