Update calling routing to return urls only, no instance IPs

2026-04-19 17:28:04 +01:00 · 2025-01-24 10:46:32 -08:00
parent c9e192564c
commit 7e616a4056
7 changed files with 68 additions and 18 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/calls/routing/DynamicConfigTurnRouter.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/calls/routing/DynamicConfigTurnRouter.java
@@ -62,6 +62,11 @@ public class DynamicConfigTurnRouter {
    return turnConfig.getRandomizeRate();
  }

+  public int getDefaultInstanceIpCount() {
+    final DynamicTurnConfiguration turnConfig = dynamicConfigurationManager.getConfiguration().getTurnConfiguration();
+    return turnConfig.getDefaultInstanceIpCount();
+  }
+
  public boolean shouldRandomize() {
    long rate = getRandomizeRate();
    return rate >= RANDOMIZE_RATE_BASIS || rng.nextLong(0, DynamicConfigTurnRouter.RANDOMIZE_RATE_BASIS) < rate;
--- a/service/src/main/java/org/whispersystems/textsecuregcm/calls/routing/TurnCallRouter.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/calls/routing/TurnCallRouter.java
@@ -52,6 +52,13 @@ public class TurnCallRouter {
    this.stableSelect = stableSelect;
  }

+  public TurnServerOptions getRoutingFor(
+      @Nonnull final UUID aci,
+      @Nonnull final Optional<InetAddress> clientAddress
+  ) {
+    return getRoutingFor(aci, clientAddress,  this.configTurnRouter.getDefaultInstanceIpCount());
+  }
+
  /**
   * Gets Turn Instance addresses. Returns both the IPv4 and IPv6 addresses. Prefers to match the IP protocol of the
   * client address in datacenter selection. Returns 2 instance options of the preferred protocol for every one instance
@@ -79,10 +86,6 @@ public class TurnCallRouter {
      @Nonnull final Optional<InetAddress> clientAddress,
      final int instanceLimit
  ) {
-    if (instanceLimit < 1) {
-      throw new IllegalArgumentException("Limit cannot be less than one");
-    }
-
    String hostname = this.configTurnRouter.getHostname();

    List<String> targetedUrls = this.configTurnRouter.targetedUrls(aci);
@@ -90,7 +93,7 @@ public class TurnCallRouter {
      return new TurnServerOptions(hostname, null, targetedUrls);
    }

-    if(clientAddress.isEmpty() || this.configTurnRouter.shouldRandomize()) {
+    if(clientAddress.isEmpty() || this.configTurnRouter.shouldRandomize() || instanceLimit < 1) {
      return new TurnServerOptions(hostname, null, this.configTurnRouter.randomUrls());
    }

--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicTurnConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicTurnConfiguration.java
@@ -23,6 +23,12 @@ public class DynamicTurnConfiguration {
  @JsonProperty
  private long randomizeRate = 5_000;

+  /**
+   * Number of instance ips to return in TURN routing request
+   */
+  @JsonProperty
+  private int defaultInstanceIpCount = 0;
+
  @JsonProperty
  private List<@Valid TurnUriConfiguration> uriConfigs = Collections.emptyList();

@@ -34,6 +40,10 @@ public class DynamicTurnConfiguration {
    return randomizeRate;
  }

+  public int getDefaultInstanceIpCount() {
+    return defaultInstanceIpCount;
+  }
+
  public String getHostname() {
    return hostname;
  }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CallRoutingControllerV2.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CallRoutingControllerV2.java
@@ -18,7 +18,6 @@ import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.container.ContainerRequestContext;
 import jakarta.ws.rs.core.Context;
 import jakarta.ws.rs.core.MediaType;
-import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
@@ -40,8 +39,8 @@ import org.whispersystems.websocket.auth.ReadOnly;
@Path("/v2/calling")
 public class CallRoutingControllerV2 {

-  private static final int TURN_INSTANCE_LIMIT = 2;
  private static final Counter INVALID_IP_COUNTER = Metrics.counter(name(CallRoutingControllerV2.class, "invalidIP"));
+  private static final Counter CLOUDFLARE_TURN_ERROR_COUNTER = Metrics.counter(name(CallRoutingController.class, "cloudflareTurnError"));
  private final RateLimiters rateLimiters;
  private final TurnCallRouter turnCallRouter;
  private final TurnTokenGenerator tokenGenerator;
@@ -79,13 +78,18 @@ public class CallRoutingControllerV2 {
  public GetCallingRelaysResponse getCallingRelays(
      final @ReadOnly @Auth AuthenticatedDevice auth,
      @Context ContainerRequestContext requestContext
-  ) throws RateLimitExceededException, IOException {
+  ) throws RateLimitExceededException {
    UUID aci = auth.getAccount().getUuid();
    rateLimiters.getCallEndpointLimiter().validate(aci);

    List<TurnToken> tokens = new ArrayList<>();
-    if (experimentEnrollmentManager.isEnrolled(auth.getAccount().getNumber(), aci, "cloudflareTurn")) {
-      tokens.add(cloudflareTurnCredentialsManager.retrieveFromCloudflare());
+    try {
+      if (experimentEnrollmentManager.isEnrolled(auth.getAccount().getNumber(), aci, "cloudflareTurn")) {
+        tokens.add(cloudflareTurnCredentialsManager.retrieveFromCloudflare());
+      }
+    } catch (Exception e) {
+      // emit counter, rely on Signal URL fallback
+      CallRoutingControllerV2.CLOUDFLARE_TURN_ERROR_COUNTER.increment();
    }

    Optional<InetAddress> address = Optional.empty();
@@ -97,7 +101,7 @@ public class CallRoutingControllerV2 {
      INVALID_IP_COUNTER.increment();
    }

-    TurnServerOptions options = turnCallRouter.getRoutingFor(aci, address, TURN_INSTANCE_LIMIT);
+    TurnServerOptions options = turnCallRouter.getRoutingFor(aci, address);
    tokens.add(tokenGenerator.generateWithTurnServerOptions(options));

    return new GetCallingRelaysResponse(tokens);