accept but ignore permissions to forbidden IPs
This commit is contained in:
Richard Russo
parent
4604638bb9
commit
456b12fe29
@ -47,6 +47,7 @@ prom_counter_t *turn_with_no_ping_rcvp;
|
||||
prom_counter_t *turn_allocation_response;
|
||||
prom_gauge_t *turn_session_limit;
|
||||
prom_counter_t *turn_sessions_overlimit;
|
||||
prom_counter_t *turn_ignored_denied_peer;
|
||||
|
||||
void start_prometheus_server(void) {
|
||||
if (turn_params.prometheus == 0) {
|
||||
@ -207,6 +208,9 @@ void start_prometheus_server(void) {
|
||||
turn_sessions_overlimit = prom_collector_registry_must_register_metric(prom_counter_new(
|
||||
"turn_sessions_overlimit", "Count of sessions deined because it would be over the limit", 0, NULL));
|
||||
|
||||
turn_ignored_denied_peer = prom_collector_registry_must_register_metric(prom_counter_new(
|
||||
"turn_ignored_denied_peer", "Count of permissions accepted but ignored because peer ip is denied", 0, NULL));
|
||||
|
||||
promhttp_set_active_collector_registry(NULL);
|
||||
|
||||
// some flags appeared first in microhttpd v0.9.53
|
||||
@ -402,6 +406,12 @@ void prom_inc_sessions_overlimit(void) {
|
||||
}
|
||||
}
|
||||
|
||||
void prom_inc_ignored_denied_peer(void) {
|
||||
if (turn_params.prometheus == 1) {
|
||||
prom_counter_add(turn_ignored_denied_peer, 1, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
void start_prometheus_server(void) {
|
||||
|
||||
@ -61,6 +61,7 @@ extern prom_counter_t *turn_with_no_ping_rcvp;
|
||||
extern prom_counter_t *turn_total_allocations;
|
||||
extern prom_counter_t *turn_session_limit;
|
||||
extern prom_counter_t *turn_sessions_overlimit;
|
||||
extern prom_counter_t *turn_ignored_denied_peer;
|
||||
|
||||
#define TURN_ALLOC_STR_MAX_SIZE (20)
|
||||
|
||||
@ -94,6 +95,7 @@ void prom_observe_rtt_combined(int microseconds, const char *protocolgroup);
|
||||
void prom_inc_allocation_response(int err_code);
|
||||
void prom_set_session_limit(int limit);
|
||||
void prom_inc_sessions_overlimit(void);
|
||||
void prom_inc_ignored_denied_peer(void);
|
||||
|
||||
#else
|
||||
|
||||
|
||||
@ -3237,9 +3237,12 @@ static int handle_turn_create_permission(turn_turnserver *server, ts_ur_super_se
|
||||
if (!get_relay_socket(a, peer_addr.ss.sa_family)) {
|
||||
*err_code = 443;
|
||||
*reason = (const uint8_t *)"Peer Address Family Mismatch (4)";
|
||||
// Signal change to accept but ignore perrmissions to forbidden IPs
|
||||
/*
|
||||
} else if (!good_peer_addr(server, ss->realm_options.name, &peer_addr, ss->id)) {
|
||||
*err_code = 403;
|
||||
*reason = (const uint8_t *)"Forbidden IP";
|
||||
*/
|
||||
} else {
|
||||
addr_found++;
|
||||
}
|
||||
@ -3288,10 +3291,15 @@ static int handle_turn_create_permission(turn_turnserver *server, ts_ur_super_se
|
||||
stun_attr_get_addr_str(ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh),
|
||||
sar, &peer_addr, NULL);
|
||||
|
||||
addr_set_port(&peer_addr, 0);
|
||||
if (update_permission(ss, &peer_addr) < 0) {
|
||||
*err_code = 500;
|
||||
*reason = (const uint8_t *)"Cannot update some permissions (critical server software error)";
|
||||
// Signal change to accept but ignore permissions to forbidden IPs
|
||||
if (good_peer_addr(server, ss->realm_options.name, &peer_addr, ss->id)) {
|
||||
addr_set_port(&peer_addr, 0);
|
||||
if (update_permission(ss, &peer_addr) < 0) {
|
||||
*err_code = 500;
|
||||
*reason = (const uint8_t *)"Cannot update some permissions (critical server software error)";
|
||||
}
|
||||
} else {
|
||||
prom_inc_ignored_denied_peer();
|
||||
}
|
||||
} break;
|
||||
default:;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user