@@ -2216,35 +2216,35 @@ defmodule ExICE.Priv.ICEAgent do
22162216 find_local_cand ( Map . values ( ice_agent . local_cands ) , xor_addr . address , xor_addr . port )
22172217
22182218 cond do
2219+ # When we try to send UDP datagram from bridge interfaces, that can be used to create local candidates,
2220+ # our source IP address is translated from bridge one to our physical network interface card address.
2221+
2222+ # This behavior can cause specific scenarios to arise:
2223+
2224+ # L - local side
2225+ # R - remote side
2226+ # RC1 - remote candidate
2227+
2228+ # 1. L opens socket on interface 1 (I1), port 5000 - first local candidate (LC1)
2229+ # 2. L opens socket on interface 2 (I2), port 5000 - second local candidate (LC2)
2230+ # 3. L sends a connectivity check from LC1 to RC1.
2231+ # Given LC1 operates via I1, which is a bridge interface, its source address is rewritten to I2.
2232+ # This also creates a mapping in host's NAT from I1:5000 to I2:5000.
2233+ # 4. R perceives the request from L as originating from I2, port 5000, and responds successfully to I2, port 5000
2234+ # 5. This response arrives to the I1 port 5000 (because of the mapping in host's NAT).
2235+ # L notices that R recognized its check as one coming from I2, port 5000.
2236+
2237+ # At this moment, sending anything from I2:5000 would require OS to create another mapping in its NAT table from I2:5000 to I2:5000.
2238+ # However, because there is already an existing NAT mapping from I1:5000 to I2:5000 this send operation will fail and return an EPERM error.
2239+
2240+ # We consistently use the discovered pair socket for sending.
2241+ # Therefore, we cannot use LC2-RC1 as a valid pair discovered through a check on LC1-RC1.
2242+ # Attempting to send anything from LC1-RC1 would actually involve using the LC2 socket.
2243+ # This action is not possible while the mapping from I1:5000 to I2:5000 exists.
22192244 local_cand && local_cand . base . socket == conn_check_local_cand . base . socket ->
22202245 { local_cand , ice_agent }
22212246
22222247 local_cand ->
2223- # When we try to send UDP datagram from bridge interfaces, that can be used to create local candidates,
2224- # our source IP address is translated from bridge one to our physical network interface card address.
2225-
2226- # This behavior can cause specific scenarios to arise:
2227-
2228- # L - local side
2229- # R - remote side
2230- # RC1 - remote candidate
2231-
2232- # 1. L opens socket on interface 1 (I1), port 5000 - first local candidate (LC1)
2233- # 2. L opens socket on interface 2 (I2), port 5000 - second local candidate (LC2)
2234- # 3. L sends a connectivity check from LC1 to RC1.
2235- # Given LC1 operates via I1, which is a bridge interface, its source address is rewritten to I2.
2236- # This also creates a mapping in host's NAT from I1:5000 to I2:5000.
2237- # 4. R perceives the request from L as originating from I2, port 5000, and responds successfully to I2, port 5000
2238- # 5. This response arrives to the I1 port 5000 (because of the mapping in host's NAT).
2239- # L notices that R recognized its check as one coming from I2, port 5000.
2240-
2241- # At this moment, sending anything from I2:5000 would require OS to create another mapping in its NAT table from I2:5000 to I2:5000.
2242- # However, because there is already an existing NAT mapping from I1:5000 to I2:5000 this send operation will fail and return an EPERM error.
2243-
2244- # We consistently use the discovered pair socket for sending.
2245- # Therefore, we cannot use LC2-RC1 as a valid pair discovered through a check on LC1-RC1.
2246- # Attempting to send anything from LC1-RC1 would actually involve using the LC2 socket.
2247- # This action is not possible while the mapping from I1:5000 to I2:5000 exists.
22482248 { conn_check_local_cand , ice_agent }
22492249
22502250 true ->
0 commit comments