Add TURN/STUN end-to-end probes and per-test flags to pam tunnel diagnose#2020
Open
Add TURN/STUN end-to-end probes and per-test flags to pam tunnel diagnose#2020
Conversation
…nose; fix log noise
tunnel_and_connections.py:
- Add --turn-test flag: establishes a real WebRTC/TURN connection through
the gateway without proxying traffic, reproducing the full ICE path
- Add --stun-only flag: same probe with TURN credentials stripped on both
sides, restricting ICE to host/srflx candidates; confirms the reflexive
path works independently of the relay. Mutually exclusive with --turn-test
- Add --probe-duration (default 30s) to hold the connection open; use
360+ to trigger and verify survival of the ~300s permission refresh cycle
- Add --probe-count for concurrent connection load testing
- Add --stress-test: connection cycling, throughput across 64B–256KB frame
sizes, and concurrent load; implies --turn-test
- Add --test-dns/--test-aws/--test-tcp/--test-udp/--test-ice/--test-webrtc
flags as per-test alternatives to the comma-separated --test string;
both styles can be combined and are merged into a single validated set
- Add _yellow() color helper for diagnostic output
- Section header, connect label, hold message, throughput, and stability
labels all adapt to STUN vs TURN mode
tunnel_helpers.py:
- Add probe_stun_only param to start_rust_tunnel: strips turn_url,
turn_username, turn_password from webrtc_settings so Commander's ICE
agent gathers no relay candidates; sends stun_only=True to gateway
- Add turn.client.relay_conn to webrtc crate suppression lists so the
periodic "fail to refresh permissions" error no longer leaks to terminal
- Add NullHandler to all loggers configured with propagate=False; without
a handler Python's lastResort StreamHandler fires when callHandlers()
finds found=0, bypassing propagate=False
miroberts
changed the title
miroberts
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
tunnel_and_connections.py:
the gateway without proxying traffic, reproducing the full ICE path
sides, restricting ICE to host/srflx candidates; confirms the reflexive
path works independently of the relay. Mutually exclusive with --turn-test
360+ to trigger and verify survival of the ~300s permission refresh cycle
sizes, and concurrent load; implies --turn-test
flags as per-test alternatives to the comma-separated --test string;
both styles can be combined and are merged into a single validated set
labels all adapt to STUN vs TURN mode
tunnel_helpers.py:
turn_username, turn_password from webrtc_settings so Commander's ICE
agent gathers no relay candidates; sends stun_only=True to gateway
periodic "fail to refresh permissions" error no longer leaks to terminal
a handler Python's lastResort StreamHandler fires when callHandlers()
finds found=0, bypassing propagate=False