signalapp/coturn
signalapp/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: signalapp:adel/test-password-auth
Branches Tags
signalapp:main
signalapp:463
signalapp:adel/test-password-auth
signalapp:462
signalapp:richard/cpu_pinning
signalapp:4.6.3a
signalapp:docker/4.6.3-r1
signalapp:docker/4.6.3-r0
signalapp:4.6.3
signalapp:docker/4.6.2-r13
signalapp:4.6.2q
signalapp:4.6.2p
signalapp:docker/4.6.2-r12
signalapp:docker/4.6.2-r11
signalapp:4.6.2o
signalapp:docker/4.6.2-r10
signalapp:4.6.2n
signalapp:docker/4.6.2-r9
signalapp:4.6.2m
signalapp:4.6.2k
signalapp:4.6.2j
signalapp:4.6.2i
signalapp:4.6.2h
signalapp:docker/4.6.2-r8
signalapp:docker/4.6.2-r7
signalapp:docker/4.6.2-r6
signalapp:4.6.2g
signalapp:4.6.2f
signalapp:docker/4.6.2-r5
signalapp:4.6.2e
signalapp:4.6.2d
signalapp:docker/4.6.2-r4
signalapp:docker/4.6.2-r3
signalapp:docker/4.6.2-r2
signalapp:4.6.2c
signalapp:4.6.2b
signalapp:docker/4.6.2-r1
signalapp:4.6.2a
signalapp:docker/4.6.2-r0
signalapp:4.6.2
signalapp:docker/4.6.1-r3
signalapp:docker/4.6.1-r2
signalapp:docker/4.6.1-r1
signalapp:docker/4.6.1-r0
signalapp:4.6.1
signalapp:docker/4.6.0-r1
signalapp:docker/4.6.0-r0
signalapp:4.6.0
signalapp:docker/4.5.2-r14
signalapp:docker/4.5.2-r13
signalapp:docker/4.5.2-r12
signalapp:docker/4.5.2-r11
signalapp:docker/4.5.2-r10
signalapp:docker/4.5.2-r9
signalapp:docker/4.5.2-r8
signalapp:docker/4.5.2-r7
signalapp:docker/4.5.2-r6
signalapp:docker/4.5.2-r5
signalapp:docker/4.5.2-r4
signalapp:docker/4.5.2-r3
signalapp:docker/4.5.2-r2
signalapp:docker/4.5.2-r1
signalapp:docker/4.5.2-r0
signalapp:debian/4.5.2-3
signalapp:debian/4.5.2-2
signalapp:debian/4.5.2-1_bpo10+1
signalapp:debian/4.5.2-1
signalapp:upstream/4.5.2
signalapp:4.5.2
signalapp:debian/4.5.1.1-1.1+deb10u2
signalapp:debian/4.5.0.5-1+deb9u3
signalapp:debian/4.5.0.5-1+deb9u2
signalapp:debian/4.5.1.1-1.1+deb10u1
signalapp:debian/4.5.1.3-1
signalapp:upstream/4.5.1.3
signalapp:debian/4.5.1.1-1.2
signalapp:debian/4.5.1.1-1.1
signalapp:4.5.1.3
signalapp:4.5.1.2
signalapp:debian/4.5.1.1-1
signalapp:upstream/4.5.1.1
signalapp:4.5.1.1
signalapp:debian/4.5.1.0-1_bpo9+1
signalapp:debian/4.5.0.5-1+deb9u1
signalapp:debian/4.5.1.0-1
signalapp:upstream/4.5.1.0
signalapp:4.5.1.0
signalapp:debian/4.5.0.8-1
signalapp:upstream/4.5.0.8
signalapp:4.5.0.8
signalapp:debian/4.5.0.7-1
signalapp:upstream/4.5.0.7
signalapp:4.5.0.7
signalapp:debian/4.5.0.6-1
signalapp:upstream/4.5.0.6
signalapp:4.5.0.6
signalapp:debian/4.5.0.5-1
signalapp:upstream/4.5.0.5
signalapp:4.5.0.5
signalapp:debian/4.5.0.4-4
signalapp:debian/4.5.0.4-1
signalapp:upstream/4.5.0.4
signalapp:4.5.0.4
signalapp:debian/4.5.0.3-1
signalapp:upstream/4.5.0.3
signalapp:4.5.0.3
signalapp:debian/4.5.0.2-3
signalapp:upstream/4.5.0.2
signalapp:4.5.0.2
signalapp:upstream/4.5.0.1
signalapp:4.5.0.1
signalapp:upstream/4.4.5.4
signalapp:4.4.5.4
signalapp:4.4.5.3
signalapp:upstream/4.4.5.3
signalapp:upstream/4.4.5.2
signalapp:upstream/4.4.5.1
signalapp:upstream/4.4.4.2
signalapp:upstream/4.4.4.1
signalapp:upstream/4.4.2.3
signalapp:upstream/4.4.2.2
signalapp:upstream/4.4.2.1
signalapp:upstream/4.4.1.2
signalapp:upstream/4.4.1.1
signalapp:upstream/4.3.3.1
signalapp:upstream/4.3.2.2
signalapp:upstream/4.3.2.1
signalapp:upstream/4.3.1.3
signalapp:upstream/4.3.1.2
signalapp:upstream/4.3.1.1
signalapp:upstream/4.2.3.1
signalapp:upstream/4.2.2.2
signalapp:upstream/4.2.1.2
signalapp:upstream/4.1.2.1
signalapp:upstream/4.1.1.1
signalapp:upstream/4.1.0.2
signalapp:upstream/4.1.0.1
signalapp:upstream/4.0.1.3
signalapp:upstream/4.0.1.2
signalapp:upstream/4.0.0.2
signalapp:upstream/4.0.0.1
signalapp:upstream/4.0.0.0
...
pull from: signalapp:main
Branches Tags
signalapp:463
signalapp:main
signalapp:adel/test-password-auth
signalapp:462
signalapp:richard/cpu_pinning
signalapp:4.6.3a
signalapp:docker/4.6.3-r1
signalapp:docker/4.6.3-r0
signalapp:4.6.3
signalapp:docker/4.6.2-r13
signalapp:4.6.2q
signalapp:4.6.2p
signalapp:docker/4.6.2-r12
signalapp:docker/4.6.2-r11
signalapp:4.6.2o
signalapp:docker/4.6.2-r10
signalapp:4.6.2n
signalapp:docker/4.6.2-r9
signalapp:4.6.2m
signalapp:4.6.2k
signalapp:4.6.2j
signalapp:4.6.2i
signalapp:4.6.2h
signalapp:docker/4.6.2-r8
signalapp:docker/4.6.2-r7
signalapp:docker/4.6.2-r6
signalapp:4.6.2g
signalapp:4.6.2f
signalapp:docker/4.6.2-r5
signalapp:4.6.2e
signalapp:4.6.2d
signalapp:docker/4.6.2-r4
signalapp:docker/4.6.2-r3
signalapp:docker/4.6.2-r2
signalapp:4.6.2c
signalapp:4.6.2b
signalapp:docker/4.6.2-r1
signalapp:4.6.2a
signalapp:docker/4.6.2-r0
signalapp:4.6.2
signalapp:docker/4.6.1-r3
signalapp:docker/4.6.1-r2
signalapp:docker/4.6.1-r1
signalapp:docker/4.6.1-r0
signalapp:4.6.1
signalapp:docker/4.6.0-r1
signalapp:docker/4.6.0-r0
signalapp:4.6.0
signalapp:docker/4.5.2-r14
signalapp:docker/4.5.2-r13
signalapp:docker/4.5.2-r12
signalapp:docker/4.5.2-r11
signalapp:docker/4.5.2-r10
signalapp:docker/4.5.2-r9
signalapp:docker/4.5.2-r8
signalapp:docker/4.5.2-r7
signalapp:docker/4.5.2-r6
signalapp:docker/4.5.2-r5
signalapp:docker/4.5.2-r4
signalapp:docker/4.5.2-r3
signalapp:docker/4.5.2-r2
signalapp:docker/4.5.2-r1
signalapp:docker/4.5.2-r0
signalapp:debian/4.5.2-3
signalapp:debian/4.5.2-2
signalapp:debian/4.5.2-1_bpo10+1
signalapp:debian/4.5.2-1
signalapp:upstream/4.5.2
signalapp:4.5.2
signalapp:debian/4.5.1.1-1.1+deb10u2
signalapp:debian/4.5.0.5-1+deb9u3
signalapp:debian/4.5.0.5-1+deb9u2
signalapp:debian/4.5.1.1-1.1+deb10u1
signalapp:debian/4.5.1.3-1
signalapp:upstream/4.5.1.3
signalapp:debian/4.5.1.1-1.2
signalapp:debian/4.5.1.1-1.1
signalapp:4.5.1.3
signalapp:4.5.1.2
signalapp:debian/4.5.1.1-1
signalapp:upstream/4.5.1.1
signalapp:4.5.1.1
signalapp:debian/4.5.1.0-1_bpo9+1
signalapp:debian/4.5.0.5-1+deb9u1
signalapp:debian/4.5.1.0-1
signalapp:upstream/4.5.1.0
signalapp:4.5.1.0
signalapp:debian/4.5.0.8-1
signalapp:upstream/4.5.0.8
signalapp:4.5.0.8
signalapp:debian/4.5.0.7-1
signalapp:upstream/4.5.0.7
signalapp:4.5.0.7
signalapp:debian/4.5.0.6-1
signalapp:upstream/4.5.0.6
signalapp:4.5.0.6
signalapp:debian/4.5.0.5-1
signalapp:upstream/4.5.0.5
signalapp:4.5.0.5
signalapp:debian/4.5.0.4-4
signalapp:debian/4.5.0.4-1
signalapp:upstream/4.5.0.4
signalapp:4.5.0.4
signalapp:debian/4.5.0.3-1
signalapp:upstream/4.5.0.3
signalapp:4.5.0.3
signalapp:debian/4.5.0.2-3
signalapp:upstream/4.5.0.2
signalapp:4.5.0.2
signalapp:upstream/4.5.0.1
signalapp:4.5.0.1
signalapp:upstream/4.4.5.4
signalapp:4.4.5.4
signalapp:4.4.5.3
signalapp:upstream/4.4.5.3
signalapp:upstream/4.4.5.2
signalapp:upstream/4.4.5.1
signalapp:upstream/4.4.4.2
signalapp:upstream/4.4.4.1
signalapp:upstream/4.4.2.3
signalapp:upstream/4.4.2.2
signalapp:upstream/4.4.2.1
signalapp:upstream/4.4.1.2
signalapp:upstream/4.4.1.1
signalapp:upstream/4.3.3.1
signalapp:upstream/4.3.2.2
signalapp:upstream/4.3.2.1
signalapp:upstream/4.3.1.3
signalapp:upstream/4.3.1.2
signalapp:upstream/4.3.1.1
signalapp:upstream/4.2.3.1
signalapp:upstream/4.2.2.2
signalapp:upstream/4.2.1.2
signalapp:upstream/4.1.2.1
signalapp:upstream/4.1.1.1
signalapp:upstream/4.1.0.2
signalapp:upstream/4.1.0.1
signalapp:upstream/4.0.1.3
signalapp:upstream/4.0.1.2
signalapp:upstream/4.0.0.2
signalapp:upstream/4.0.0.1
signalapp:upstream/4.0.0.0

34 Commits
adel/test- ... main

Author SHA1 Message Date
tyranron
e825110d38
Update Alpine to 3.21.1 version in Docker image
Some checks failed
Docker / build (arm32v7, alpine) (push) Has been cancelled
Details
Docker / build (arm32v7, debian) (push) Has been cancelled
Details
Docker / build (arm64v8, alpine) (push) Has been cancelled
Details
Docker / build (arm64v8, debian) (push) Has been cancelled
Details
Docker / build (i386, alpine) (push) Has been cancelled
Details
Docker / build (i386, debian) (push) Has been cancelled
Details
Docker / build (ppc64le, alpine) (push) Has been cancelled
Details
Docker / build (ppc64le, debian) (push) Has been cancelled
Details
Docker / build (s390x, alpine) (push) Has been cancelled
Details
Docker / build (s390x, debian) (push) Has been cancelled
Details
Docker / test (amd64, alpine) (push) Has been cancelled
Details
Docker / test (amd64, debian) (push) Has been cancelled
Details
Docker / test (arm32v6, alpine) (push) Has been cancelled
Details
Docker / test (arm32v6, debian) (push) Has been cancelled
Details
Docker / test (arm32v7, alpine) (push) Has been cancelled
Details
Docker / test (arm32v7, debian) (push) Has been cancelled
Details
Docker / test (arm64v8, alpine) (push) Has been cancelled
Details
Docker / test (arm64v8, debian) (push) Has been cancelled
Details
Docker / test (i386, alpine) (push) Has been cancelled
Details
Docker / test (i386, debian) (push) Has been cancelled
Details
Docker / test (ppc64le, alpine) (push) Has been cancelled
Details
Docker / test (ppc64le, debian) (push) Has been cancelled
Details
Docker / test (s390x, debian) (push) Has been cancelled
Details
Docker / push (alpine, docker.io) (push) Has been cancelled
Details
Docker / push (alpine, ghcr.io) (push) Has been cancelled
Details
Docker / push (alpine, quay.io) (push) Has been cancelled
Details
Docker / push (debian, docker.io) (push) Has been cancelled
Details
Docker / push (debian, ghcr.io) (push) Has been cancelled
Details
Docker / push (debian, quay.io) (push) Has been cancelled
Details
Docker / release (GitHub) (push) Has been cancelled
Details
2025-01-08 13:02:43 +02:00
guoyingbo
22aae5d0d0
Windows '_WTA' bug (#1624) 
Every time the '_WTA' is called, its initial value is null, so the
function returns directly.


c98bb93514/src/apps/common/apputils.c (L905-L908)

c98bb93514/src/apps/common/apputils.c (L939-L941)

c98bb93514/src/apps/common/apputils.c (L960-L962)

c98bb93514/src/apps/common/apputils.c (L981-L983)
 2025-01-04 17:50:29 -08:00
Pavel Punsky
c98bb93514
Fix cmake issues detecting mongo and libsystemd on macOS (#1621) 
- libsystemd does not exist on macOS - ignore it and reduce warnings
during cmake step
- mongo-c has cmake file on macOS - reusing the same code path and
reduce warnings
 2024-12-27 14:52:44 -08:00
Pavel Punsky
58f1b8926c
Fix hiredis detection by cmake (#1620) 
See #1618 for details

This fix allows proper hiredis detection on macOS when building with
cmake
 2024-12-27 11:36:58 -08:00
tyranron
326b983ece
Update Debian "bookworm" to 20241223 snapshot in Docker image 2024-12-25 11:08:34 +02:00
Pavel Punsky
89a5600be1
Drop TLS version support detection (#1617) 
With requiring openssl version at least 1.1.1 all versions of TLS (up to
and including 1.3) and DTLS 1.2 are supported
With that, no detection or ability to disable a version will be provided
 2024-12-19 17:10:49 -08:00
Pavel Punsky
20da9cd09a
Cleanup ALPN_SUPPORTED define usage (#1616) 
As of openssl 1.1.1 ALPN is supported - no need for all the ifdefs anymore
 2024-12-19 16:41:45 -08:00
Pavel Punsky
9f779a64d0
Fix warnings type conversion (#1615) 2024-12-19 09:05:37 -08:00
Alex Gustafsson
790cc6f79e
Add parameter for specifying prometheus path (#1602) 
Add a `--prometheus-path` parameter which allows users to specify at
what
path the metrics should be exposed.

This simplifies serving metrics on a specific path behind some
restrictive reverse proxies that expect the upstream server to serve
URLs with paths matching the requested path.

Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
 2024-12-18 14:50:38 -08:00
Pavel Punsky
3370eaf12d
Do not build with Ubuntu 18, use 24 (#1613) 
Re-delete file that was undeleted accidentally
 2024-12-15 17:37:03 -08:00
Michael Jones
c9878469fc
[BREAKING] Remove support for openssl older than 1.1.1 (#1397) 
Openssl 1.1.1 is end-of-life in September 2023.
This PR removes support for versions of openssl OLDER than 1.1.1
1.1.1 should still be usable after this change is merged.

I don't see any value in supporting 1.1.1, but didn't see a reason to
purge support for 1.1.1 when there are so few checks for >= 3.0.

Note that this does also remove CI support for Ubuntu 16.04. The
official version of OpenSSL from Ubuntu for this release is listed here:
https://launchpad.net/ubuntu/+source/openssl as 1.0.2g

Since no newer releases of coturn will be backported by Canonical to
Ubuntu 16.04, anyone using Coturn on this operating system will have to
download and compile it themselves. They may build their own version of
OpenSSL if they somehow cannot upgrade to a newer version of Ubuntu.

My position is that these users should prefer to upgrade to a newer
operating system than worry about chasing newer releases of Coturn.

Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
 2024-12-13 13:06:24 -08:00
Pavel Punsky
ea280f9431
[BREAKING] Cleanup deprecated options (#1599) 
Following configuration options deleted:
- `--secret-ts-exp-time`
- `--prod` - disables SOFTWARE_ATTRIBUTE in messages. Now it is default.
To enable SOFTWARE_ATTRIBUTE use `--software-attribute`
- `--no-sslv2`, `--no-sslv3` - old versions of SSL are not supported and
it is not possible to enable them

These are breaking changes - if the CLI command has any of those
arguments it will cause turnserver to terminate and notify about unknown
argument
 2024-12-13 09:31:06 -08:00
Pavel Punsky
94fcfadce1
[BREAKING] Reverse SOFTWARE_ATTRIBUTE_OPT to avoid inverse logic (#1598) 
As part of looking at #1588 , I figured that sending `SOFTWARE`
attribute is also part of a problem as it increases messages sent out by
coturn and thus increasing amplification factor. For 4.6.2, the
additional size is 24 bytes (4 bytes attribute header, and 20 bytes for
"Coturn-4.6.2 'Gorst'")

If we are to use an example from #1588, "A 62 byte request will be met
with Coturn’s 401 Unauthorized response which is 150 bytes, a factor of
~2.42." - without SOFTWARE the response will be 126 bytes which reduces
amplification factor to ~2.

As I observed with multiple providers using coturn - some of the are
sending it. Meaning, they do not set `--no-software-attribute` - most
probably due to lack of clarity about this setting.

I believe sending SOFTWARE_ATTRIBUTE should be off by default which is
hinted in the RFC
(https://datatracker.ietf.org/doc/html/rfc8489#section-16.1.2)

Detailed changes:
- Extract setting the attribute into a function to avoid code
duplication
- This option is now not reloadable
- The option is now called `software_attribute` because inverse logic
creates multiple double-not in the code which makes it harder to read.
- `no-software_attribute` is still functional but marked as deprecated
in documentation

Test Plan:
- Run local tests with different cli arguments (new and deprecated) and
confirm SOFTWARE attribute is off by default, and added when arguments
say so
 2024-12-13 09:28:45 -08:00
tyranron
a6b052c570
Upgrade Docker image to 4.6.3 Coturn version
Some checks failed
Docker / build (arm32v7, alpine) (push) Has been cancelled
Details
Docker / build (arm32v7, debian) (push) Has been cancelled
Details
Docker / build (arm64v8, alpine) (push) Has been cancelled
Details
Docker / build (arm64v8, debian) (push) Has been cancelled
Details
Docker / build (i386, alpine) (push) Has been cancelled
Details
Docker / build (i386, debian) (push) Has been cancelled
Details
Docker / build (ppc64le, alpine) (push) Has been cancelled
Details
Docker / build (ppc64le, debian) (push) Has been cancelled
Details
Docker / build (s390x, alpine) (push) Has been cancelled
Details
Docker / build (s390x, debian) (push) Has been cancelled
Details
Docker / test (amd64, alpine) (push) Has been cancelled
Details
Docker / test (amd64, debian) (push) Has been cancelled
Details
Docker / test (arm32v6, alpine) (push) Has been cancelled
Details
Docker / test (arm32v6, debian) (push) Has been cancelled
Details
Docker / test (arm32v7, alpine) (push) Has been cancelled
Details
Docker / test (arm32v7, debian) (push) Has been cancelled
Details
Docker / test (arm64v8, alpine) (push) Has been cancelled
Details
Docker / test (arm64v8, debian) (push) Has been cancelled
Details
Docker / test (i386, alpine) (push) Has been cancelled
Details
Docker / test (i386, debian) (push) Has been cancelled
Details
Docker / test (ppc64le, alpine) (push) Has been cancelled
Details
Docker / test (ppc64le, debian) (push) Has been cancelled
Details
Docker / test (s390x, debian) (push) Has been cancelled
Details
Docker / push (alpine, docker.io) (push) Has been cancelled
Details
Docker / push (alpine, ghcr.io) (push) Has been cancelled
Details
Docker / push (alpine, quay.io) (push) Has been cancelled
Details
Docker / push (debian, docker.io) (push) Has been cancelled
Details
Docker / push (debian, ghcr.io) (push) Has been cancelled
Details
Docker / push (debian, quay.io) (push) Has been cancelled
Details
Docker / release (GitHub) (push) Has been cancelled
Details
2024-12-11 19:33:47 +01:00
Kai Ren
adae3dda3e
Refactor CI workflows and fix failures due to Node.js 20 (#1610, actions/checkout#1809) 2024-12-11 19:27:05 +01:00
Pavel Punsky
b6e53ca4c9
Update version to 4.6.3 (#1609)
Some checks failed
AmazonLinux2023 / builds (amazonlinux:2023) (push) Has been cancelled
Details
AmazonLinux2 / builds (amazonlinux:2) (push) Has been cancelled
Details
Lint / build (push) Has been cancelled
Details
clang-tidy / clang-tidy (Release) (push) Has been cancelled
Details
CMake / build (push) Has been cancelled
Details
CodeQL / CodeQL Analyze (push) Has been cancelled
Details
compiler-sanitizers / compiler-sanitizers (address,pointer-compare,pointer-subtract) (push) Has been cancelled
Details
compiler-sanitizers / compiler-sanitizers (thread) (push) Has been cancelled
Details
MacOS / builds (macos-12) (push) Has been cancelled
Details
MacOS / builds (macos-13) (push) Has been cancelled
Details
MacOS / builds (macos-14) (push) Has been cancelled
Details
mingw / build (OFF, Debug, windows-latest) (push) Has been cancelled
Details
mingw / build (OFF, Release, windows-latest) (push) Has been cancelled
Details
msvc-analyzer / msvc-analyzer (OFF, Release, x64, v143) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:16.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:18.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:20.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:22.04) (push) Has been cancelled
Details 
preparing for new tag 4.6.3

---------

Co-authored-by: tyranron <tyranron@gmail.com>
 2024-12-11 10:13:38 -08:00
Pavel Punsky
329cda4715
Fix cmake and prometheus test build jobs (#1608) 
Some actions do not build with prometheus - adding prometheus tests
fails the jobs
cmake build tests did not run due to different target folder (while
reporting success) - now the bin folder is detected
 2024-12-10 19:38:39 -08:00
Alex Gustafsson
d63704c72d
Implement custom prometheus http handler (#1591) 
Implement a custom prometheus http handler in order to:

1. Support listening on a specified address as opposed to any
2. Remove the requirement on the unmaintained promhttp library

This feature comes with one limitation: if an IPv4 address is used, the
server will not listen on the IPv6-mapped address, even if IPv6 is
available. That is, dual-stacking does not work.

Solves: #1475

---------

Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
 2024-12-10 10:28:43 -08:00
tyranron
8f9c87075b
Upgrade Alpine to 3.21 version in Docker image
Some checks failed
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled
Details
msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:16.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:18.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:20.04) (push) Has been cancelled
Details
Ubuntu / builds (ubuntu:22.04) (push) Has been cancelled
Details
Docker CI / test (amd64, alpine) (push) Has been cancelled
Details
Docker CI / test (amd64, debian) (push) Has been cancelled
Details
Docker CI / test (arm32v6, alpine) (push) Has been cancelled
Details
Docker CI / test (arm32v6, debian) (push) Has been cancelled
Details
Docker CI / test (arm32v7, alpine) (push) Has been cancelled
Details
Docker CI / test (arm32v7, debian) (push) Has been cancelled
Details
Docker CI / test (arm64v8, alpine) (push) Has been cancelled
Details
Docker CI / test (arm64v8, debian) (push) Has been cancelled
Details
Docker CI / test (i386, alpine) (push) Has been cancelled
Details
Docker CI / test (i386, debian) (push) Has been cancelled
Details
Docker CI / test (ppc64le, alpine) (push) Has been cancelled
Details
Docker CI / test (ppc64le, debian) (push) Has been cancelled
Details
Docker CI / test (s390x, debian) (push) Has been cancelled
Details
Docker CI / push (alpine, docker.io) (push) Has been cancelled
Details
Docker CI / push (alpine, ghcr.io) (push) Has been cancelled
Details
Docker CI / push (alpine, quay.io) (push) Has been cancelled
Details
Docker CI / push (debian, docker.io) (push) Has been cancelled
Details
Docker CI / push (debian, ghcr.io) (push) Has been cancelled
Details
Docker CI / push (debian, quay.io) (push) Has been cancelled
Details
Docker CI / release (GitHub) (push) Has been cancelled
Details
2024-12-06 19:10:33 +01:00
tyranron
817bbd1bea
Update Debian "bookworm" to 20241202 snapshot in Docker image 2024-12-05 12:28:33 +01:00
Robert Silén
f6004a1c18
Add MariaDB support to README.md (#1601) 
Suggesting to add MariaDB to README - any reason not to?
 2024-11-21 14:13:36 -08:00
maddy
c4a954a7fc
Allow authenticating with a username to redis (#1488) 
Add ability to authenticate to redis with a password (and optionally username for redis 6.0)

Tested by building and using with redis on old and new versionss
 2024-11-18 16:51:02 -08:00
hariprasadt
e5ffe6e0a3
Easy installation of coturn on AWS (#1581) 
https://github.com/coturn/coturn/issues/1576

Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
 2024-11-18 09:00:08 -08:00
Chai-Shi
268f811f9e
Add prometheus setting suggestions on turn.conf in example folder (#1597) 
I believe that many users, like myself, prefer to reference the
`turn.conf` file when deploying the TURN server with Docker, rather than
the `Readme.turnserver`. Additionally, I think it's important to
synchronize the Prometheus settings from the README into the` turn.conf`
file for better clarity. This way, users won't overlook any essential
options.

Co-authored-by: Ben Chang <ben_chang@htc.com>
 2024-11-17 19:49:10 -08:00
Pavel Punsky
4c2a2d568f
Install openssl-1.1.1 on amazonlinux:2 instead of openssl-1.0.1 (#1595) 
In preparation to deprecation of openssl below version 1.1.1 switch to
using openssl-1.1.1 on amazonlinux:2 (where 1.0.2 is the default)

Fixes build issue for #1397
 2024-11-14 16:59:31 -08:00
tyranron
f8c5695827
Update Debian "bookworm" to 20241111 snapshot in Docker image 2024-11-13 12:17:07 +01:00
Scott Godin
edcdfc8b02
Add new Drain feature (#1529) 
Add new Drain feature

-when coturn server is in drain mode
  -current allocations will continue to work as usual
  -new allocations will be rejected with a 403 (Forbidden) response
  -when all allocations go away, then coturn will shutdown
-Enable drain mode with either
  -signaling SIGUSR1
  -turn_admin_server "drain" CLI command

This contribution is from Wire. https://wire.com/
 2024-10-27 18:56:58 -07:00
tyranron
8e3a03d2da
Update Debian "bookworm" to 20241016 snapshot in Docker image 2024-10-21 10:47:11 +02:00
Michael Jones
af4c44a818
Additional refactoring of ns_turn_allocation.* to address security scanner concerns (#1514) 
You can see the list here:
https://github.com/coturn/coturn/security/code-scanning

In this case, i'm attempting to address:

ns_turn_allocation.c:725 -- Dereferencing NULL pointer. 'ub->bufs'
contains the same NULL value as 'realloc()' did.
ns_turn_allocation.c:724 -- 'realloc' might return null pointer:
assigning null pointer to 'ub->bufs', which is passed as an argument to
'realloc', will cause the original memory block to be leaked.
ns_turn_allocation.c:604 -- Dereferencing NULL pointer. 'a->tcs.elems'
contains the same NULL value as 'realloc()' did.
    ns_turn_allocation.c:582 -- Dereferencing NULL pointer 'tc'.
ns_turn_allocation.c:603 -- 'realloc' might return null pointer:
assigning null pointer to 'a->tcs.elems', which is passed as an argument
to 'realloc', will cause the original memory block to be leaked.
    ns_turn_allocation.c:525 -- Using uninitialized memory '*chi'.
    ns_turn_allocation.c:229 -- Using uninitialized memory '*slot'.

---------

Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
 2024-10-18 20:54:47 -07:00
redraincatching
08480ce137
fixed linting error in mainrelay.c (#1558) 
fixed a formatting problem causing issues with `clang-format` in the
linting action
see
[here](https://github.com/redraincatching/coturn/actions/runs/10262259860)
for an example
 2024-10-04 10:29:22 -07:00
eakraly
86a8f659fb
Fix rpm version scripts (#1556) 
Fix #1521
 2024-10-04 10:28:11 -07:00
Sven Tennie
cbb04aa9a2
Delete dead code (#1563) 
`stun_port` isn't read after setting it. Thus, we can remove it.
 2024-10-04 10:27:31 -07:00
Mészáros Mihály
e78d8f4fae
Fix cli auth (#1578) 
Fix to avoid accept all password except the right cli_password

Co-authored-by: Mészáros Mihály <misi@eper.majd.eu>
 2024-10-04 10:26:17 -07:00
tyranron
775d8fbf70
Update Debian "bookworm" to 20240926 snapshot in Docker image 2024-09-30 16:17:57 +03:00
63 changed files with 1673 additions and 1480 deletions
Show Stats Expand all files Collapse all files

12
.github/workflows/actions/ubuntu-build-deps/action.yml vendored
View File

@ -14,7 +14,7 @@ runs:
- name: check if sudo is set
shell: bash
run: |
if [ ${{inputs.SUDO}} = true ]
if [ ${{ inputs.SUDO }} = true ]
then
AS_ROOT="sudo"
else
@ -24,12 +24,12 @@ runs:
- name: apt update
shell: bash
run: ${{env.AS_ROOT}} apt update
run: ${{ env.AS_ROOT }} apt update
- name: install build tools
shell: bash
run: |
${{env.AS_ROOT}} apt install -y \
${{ env.AS_ROOT }} apt install -y \
build-essential \
clang \
clang-tidy \
@ -42,7 +42,7 @@ runs:
- name: install coturn dependencies
shell: bash
run: |
${{env.AS_ROOT}} apt install -y \
${{ env.AS_ROOT }} apt install -y \
libevent-dev \
libssl-dev \
libpq-dev \
@ -57,5 +57,5 @@ runs:
shell: bash
run: |
wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb
wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libpromhttp-dev-0.1.3-Linux.deb
${{env.AS_ROOT}} apt install -y ./libprom-dev-0.1.3-Linux.deb ./libpromhttp-dev-0.1.3-Linux.deb
${{ env.AS_ROOT }} apt install -y ./libprom-dev-0.1.3-Linux.deb
working-directory: /tmp/

46
.github/workflows/amazon_linux_tests.yml vendored
View File

@ -1,46 +0,0 @@
name: AmazonLinux
on:
push:
pull_request:
types: [ opened, reopened, synchronize ]
# make GHA actions use node16 to use ancient container images
# See https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
# Unclear how long this will work though
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
jobs:
builds:
strategy:
fail-fast: false
matrix:
# amazonlinux 2 is end-of-life 2025-06
os: [ 'amazonlinux:2', 'amazonlinux:2023' ]
runs-on: ubuntu-latest
container: ${{ matrix.os }}
steps:
- name: Install Dependencies
run: |
yum install -y gcc make gzip tar openssl-devel libevent-devel
# Delay checkout until after dependencies have been installed. Amazon linux is very minimal and lacks basic stuff by default.
# use v3 of checkout until the weird container, nodejs, glibc issue is fixed
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Configure
run: ./configure
- name: Compile
run: make
- name: Unit Test
run: make check
- name: Integration Test
working-directory: examples
run: ./run_tests.sh && ./run_tests_conf.sh

47
.github/workflows/clang-tidy.yml vendored
View File

@ -1,47 +0,0 @@
name: clang-tidy
on:
push:
pull_request:
types: [ opened, reopened, synchronize ]
jobs:
clang-tidy:
runs-on: ubuntu-latest
strategy:
matrix:
config: [Release]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: install dependencies
uses: ./.github/workflows/actions/ubuntu-build-deps
with:
SUDO: true
- name: Configure
run: |
cmake -G Ninja -B build -DCMAKE_BUILD_TYPE=${{ matrix.config }} -DCMAKE_EXPORT_COMPILE_COMMANDS=true
- name: Compile
run: |
cmake --build build --parallel --config ${{ matrix.config }}
# Implicitly requires build/compile_commands.json to exist
- name: Run Clang Tidy
run: |
wget https://raw.githubusercontent.com/llvm/llvm-project/llvmorg-14.0.6/clang-tools-extra/clang-tidy/tool/run-clang-tidy.py
chmod +x run-clang-tidy.py
./run-clang-tidy.py -j $(nproc) -p build
# Implicitly requires build/compile_commands.json to exist
- name: Run IWYU
run: |
wget https://raw.githubusercontent.com/include-what-you-use/include-what-you-use/clang_14/iwyu_tool.py
chmod +x iwyu_tool.py
# iwyu_tool.py returns non-zero if any executions returned nonzero. Which... happens to be useless unless the project is already IWYU clean.
./iwyu_tool.py -j $(nproc) -p build -- -Xiwyu --mapping_file=${GITHUB_WORKSPACE}/iwyu-ubuntu.imp | grep -v "has correct" | uniq || exit 0

105
.github/workflows/clang.yml vendored Normal file
View File

@ -0,0 +1,105 @@
name: Clang
on:
push:
branches: ["master"]
tags: ["4.*"]
pull_request:
branches: ["master"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
format:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install dependencies
uses: ./.github/workflows/actions/ubuntu-build-deps
with:
SUDO: true
- name: Install `clang-format-15`
run: sudo apt install -y clang-format-15
- name: Prepare `clang-format`
run: |
set -e
if which clang-format-15 2>&1 >/dev/null
then
sudo cp $(which clang-format-15) $(which clang-format)
fi
clang-format --version
- run: ./configure
- run: make lint
sanitize:
runs-on: ubuntu-latest
strategy:
matrix:
sanitizer:
- address,pointer-compare,pointer-subtract
- thread
env:
CFLAGS: -fno-omit-frame-pointer -fstack-protector-all -fsanitize=${{ matrix.sanitizer }},bounds,enum -fsanitize-address-use-after-scope -fsanitize-address-use-after-return=always -fsanitize-recover=address -fsanitize-memory-track-origins=2
CC: clang
ASAN_OPTIONS: strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:detect_leaks=0:detect_invalid_pointer_pairs=1:halt_on_error=0
steps:
- uses: actions/checkout@v4
- name: Install dependencies
uses: ./.github/workflows/actions/ubuntu-build-deps
with:
SUDO: true
- run: ./configure
- run: make -j $(nproc)
- run: make check
- run: ./run_tests.sh
working-directory: examples/
- run: ./run_tests_conf.sh
working-directory: examples/
- run: ./run_tests_prom.sh
working-directory: examples/
tidy:
runs-on: ubuntu-latest
strategy:
matrix:
config: ["Release"]
steps:
- uses: actions/checkout@v4
- name: Install dependencies
uses: ./.github/workflows/actions/ubuntu-build-deps
with:
SUDO: true
- name: Configure
run: cmake -G Ninja -B build -DCMAKE_BUILD_TYPE=${{ matrix.config }}
-DCMAKE_EXPORT_COMPILE_COMMANDS=true
- name: Compile
run: cmake --build build --parallel --config ${{ matrix.config }}
# Implicitly requires `build/compile_commands.json` to exist
- name: Run `clang-tidy`
run: |
set -e
wget https://raw.githubusercontent.com/llvm/llvm-project/llvmorg-14.0.6/clang-tools-extra/clang-tidy/tool/run-clang-tidy.py
chmod +x run-clang-tidy.py
./run-clang-tidy.py -j $(nproc) -p build
# Implicitly requires `build/compile_commands.json` to exist
- name: Run IWYU
run: |
set -e
wget https://raw.githubusercontent.com/include-what-you-use/include-what-you-use/clang_14/iwyu_tool.py
chmod +x iwyu_tool.py
# iwyu_tool.py returns non-zero if any executions returned nonzero. Which... happens to be useless unless the project is already IWYU clean.
./iwyu_tool.py -j $(nproc) -p build -- -Xiwyu --mapping_file=${GITHUB_WORKSPACE}/iwyu-ubuntu.imp | grep -v "has correct" | uniq || exit 0

62
.github/workflows/cmake.yaml vendored
View File

@ -2,40 +2,46 @@ name: CMake
on:
push:
branches: ["master"]
tags: ["4.*"]
pull_request:
types: [ opened, reopened, synchronize ]
branches: ["master"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
BUILD_TYPE: Release
jobs:
build:
runs-on: ubuntu-20.04
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
wget \
libevent-dev \
libssl-dev \
libpq-dev libmariadb-dev libsqlite3-dev \
libhiredis-dev \
libmongoc-dev \
libmicrohttpd-dev
- uses: actions/checkout@v4
- name: Prometheus support
run: |
wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb && \
wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libpromhttp-dev-0.1.3-Linux.deb && \
sudo apt install ./libprom-dev-0.1.3-Linux.deb ./libpromhttp-dev-0.1.3-Linux.deb && \
rm ./libprom-dev-0.1.3-Linux.deb ./libpromhttp-dev-0.1.3-Linux.deb
- name: Configure CMake
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
- name: Build
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
- name: apps tests
run: cd examples && ./run_tests.sh && ./run_tests_conf.sh
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
libevent-dev \
libssl-dev \
libpq-dev libmariadb-dev libsqlite3-dev \
libhiredis-dev \
libmongoc-dev \
libmicrohttpd-dev \
wget
- uses: actions/checkout@v4
- name: Prometheus support
run: |
wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb && \
sudo apt install ./libprom-dev-0.1.3-Linux.deb && \
rm ./libprom-dev-0.1.3-Linux.deb
- name: Configure
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
- name: Build
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
- run: ./run_tests.sh
working-directory: examples/
- run: ./run_tests_conf.sh
working-directory: examples/

47
.github/workflows/codeql.yml vendored
View File

@ -1,42 +1,43 @@
name: "CodeQL"
name: CodeQL
on:
push:
branches: ["master"]
tags: ["4.*"]
pull_request:
types: [ opened, reopened, synchronize ]
branches: ["master"]
schedule:
- cron: '6 13 * * 4'
- cron: "6 13 * * 4"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
BUILD_TYPE: Release
jobs:
analyze:
name: CodeQL Analyze
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/checkout@v4
- name: Install Dependencies
uses: ./.github/workflows/actions/ubuntu-build-deps
with:
SUDO: true
- name: Install dependencies
uses: ./.github/workflows/actions/ubuntu-build-deps
with:
SUDO: true
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: cpp
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: cpp
- name: Configure
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
- name: Configure
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
- name: Build
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
- name: Build
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3

47
.github/workflows/compiler-sanitizers.yml vendored
View File

@ -1,47 +0,0 @@
name: compiler-sanitizers
on:
push:
pull_request:
types: [ opened, reopened, synchronize ]
jobs:
compiler-sanitizers:
runs-on: ubuntu-latest
strategy:
matrix:
sanitizer: [ 'address,pointer-compare,pointer-subtract', 'thread' ]
env:
CFLAGS: "-fno-omit-frame-pointer -fstack-protector-all -fsanitize=${{matrix.sanitizer}},bounds,enum -fsanitize-address-use-after-scope -fsanitize-address-use-after-return=always -fsanitize-recover=address -fsanitize-memory-track-origins=2"
CC: "clang"
ASAN_OPTIONS: "strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:detect_leaks=0:detect_invalid_pointer_pairs=1:halt_on_error=0"
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: install dependencies
uses: ./.github/workflows/actions/ubuntu-build-deps
with:
SUDO: true
- name: Configure
run: |
./configure
- name: Compile
run: |
make -j $(nproc)
- name: Check
run: |
make check
- name: Test
run: |
cd examples
./run_tests.sh && ./run_tests_conf.sh

2
.github/workflows/docker.yml vendored
View File

@ -1,4 +1,4 @@
name: Docker CI
name: Docker
on:
push:

35
.github/workflows/lint.yml vendored
View File

@ -1,35 +0,0 @@
name: Lint
on:
push:
pull_request:
types: [ opened, reopened, synchronize ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Dependencies
uses: ./.github/workflows/actions/ubuntu-build-deps
with:
SUDO: true
- name: Install clang-format-15
run: sudo apt install -y clang-format-15
- name: Configure
run: ./configure
- name: lint
run: |
if which clang-format-15 2>&1 >/dev/null
then
sudo cp $(which clang-format-15) $(which clang-format)
fi
clang-format --version
make lint

70
.github/workflows/linux.yml vendored Normal file
View File

@ -0,0 +1,70 @@
name: Linux
on:
push:
branches: ["master"]
tags: ["4.*"]
pull_request:
branches: ["master"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
name: build + test
strategy:
fail-fast: false
matrix:
os:
- amazonlinux:2023
- ubuntu:20.04
- ubuntu:22.04
- ubuntu:24.04
runs-on: ubuntu-latest
container:
image: ${{ matrix.os }}
volumes:
- ${{ contains('amazonlinux:2 ubuntu:16.04 ubuntu:18.04', matrix.os) && '/node20217:/node20217:rw,rshared' || ' ' }}
- ${{ contains('amazonlinux:2 ubuntu:16.04 ubuntu:18.04', matrix.os) && '/node20217:/__e/node20:ro,rshared' || ' ' }}
steps:
- name: Install `yum` dependencies
run: yum install -y gcc make gzip tar openssl-devel libevent-devel wget which
if: ${{ contains(matrix.os, 'amazonlinux') }}
- name: Install Node.js 20 built against glibc 2.17 for GitHub Actions
run: |
set -ex
which apt \
&& apt update \
&& apt install -y wget xz-utils
which yum \
&& yum install -y wget xz
wget https://unofficial-builds.nodejs.org/download/release/v20.9.0/node-v20.9.0-linux-x64-glibc-217.tar.xz
tar -xf node-v20.9.0-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217
ldd /__e/node20/bin/node
working-directory: /tmp/
if: ${{ contains('amazonlinux:2 ubuntu:16.04 ubuntu:18.04', matrix.os) }}
- uses: actions/checkout@v4
- name: Install `apt` dependencies
# Set env variable or otherwise `tzdata` package requires interaction.
env:
DEBIAN_FRONTEND: noninteractive
uses: ./.github/workflows/actions/ubuntu-build-deps
if: ${{ contains(matrix.os, 'ubuntu') }}
- run: ./configure
- run: make
- run: make check
- run: ./run_tests.sh
working-directory: examples/
- run: ./run_tests_conf.sh
working-directory: examples/
- run: ./run_tests_prom.sh
working-directory: examples/
if: ${{ contains(matrix.os, 'ubuntu') }}

100
.github/workflows/macos.yml vendored
View File

@ -1,59 +1,85 @@
name: MacOS
name: macOS
on:
push:
branches: ["master"]
tags: ["4.*"]
pull_request:
types: [ opened, reopened, synchronize ]
branches: ["master"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
builds:
build:
name: build + test
strategy:
fail-fast: false
matrix:
os: [ 'macos-12', 'macos-13', 'macos-14' ]
runs-on: ${{ matrix.os }}
ver: ["13", "14", "15"]
runs-on: macos-${{ matrix.ver }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/checkout@v4
- name: Brew - Relink Python
run: |
# Unlink and re-link to prevent errors when github mac runner images
# install python outside of brew, for example:
- name: Relink `python` package in `brew`
# Unlink and re-link to prevent errors when GitHub `macos` runner images
# install `python` outside of `brew`, for example:
# https://github.com/orgs/Homebrew/discussions/3895
# https://github.com/actions/setup-python/issues/577
# https://github.com/actions/runner-images/issues/6459
# https://github.com/actions/runner-images/issues/6507
# https://github.com/actions/runner-images/issues/2322
brew list -1 | grep python | while read formula; do brew unlink $formula; brew link --overwrite $formula; done
run: brew list -1
| grep python
| while read formula; do brew unlink $formula; brew link --overwrite $formula; done
- name: Brew - Update pkg listings
run: |
brew update
- run: brew update
- run: brew install wget pkg-config libevent openssl@1.1 sqlite hiredis mongo-c-driver libmicrohttpd
- name: Brew - Install Dependencies
run: |
brew install \
wget \
pkg-config \
libevent \
openssl@1.1 \
sqlite \
hiredis \
mongo-c-driver \
libmicrohttpd
- run: ./configure
env:
PKG_CONFIG_PATH: "${{ env.PKG_CONFIG_PATH }}:/usr/local/opt/openssl@1.1/lib/pkgconfig"
- run: make
- name: Configure
run: PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/opt/openssl@1.1/lib/pkgconfig ./configure
- run: make check
- name: Compile
run: make
- run: ./run_tests.sh
working-directory: examples/
- run: ./run_tests_conf.sh
working-directory: examples/
- name: Unit Test
run: make check
build-cmake:
name: build + test cmake
strategy:
fail-fast: false
matrix:
ver: ["15"]
runs-on: macos-${{ matrix.ver }}
steps:
- uses: actions/checkout@v4
- name: Integration Test
working-directory: examples
run: ./run_tests.sh && ./run_tests_conf.sh
- name: Relink `python` package in `brew`
# Unlink and re-link to prevent errors when GitHub `macos` runner images
# install `python` outside of `brew`, for example:
# https://github.com/orgs/Homebrew/discussions/3895
# https://github.com/actions/setup-python/issues/577
# https://github.com/actions/runner-images/issues/6459
# https://github.com/actions/runner-images/issues/6507
# https://github.com/actions/runner-images/issues/2322
run: brew list -1
| grep python
| while read formula; do brew unlink $formula; brew link --overwrite $formula; done
- run: brew update
- run: brew install wget pkg-config libevent openssl@1.1 sqlite hiredis mongo-c-driver libmicrohttpd
- name: Configure
run: cmake -B ${{github.workspace}}/build
- name: Build
run: cmake --build ${{github.workspace}}/build
- run: ./run_tests.sh
working-directory: examples/
- run: ./run_tests_conf.sh
working-directory: examples/

203
.github/workflows/mingw.yml vendored
View File

@ -1,129 +1,120 @@
name: mingw
name: MinGW
on:
push:
branches: ["master"]
tags: ["4.*"]
pull_request:
types: [ opened, reopened, synchronize ]
branches: ["master"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
name: build
strategy:
fail-fast: false
matrix:
os: [windows-latest]
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: [Release, Debug]
BUILD_SHARED_LIBS: [OFF]
os: ["windows"]
# Customize the CMake build type here (`Release`, `Debug`, `RelWithDebInfo`, etc.)
BUILD_TYPE: ["Release", "Debug"]
BUILD_SHARED_LIBS: ["OFF"]
defaults:
run:
shell: cmd
runs-on: ${{ matrix.os }}
runs-on: ${{ matrix.os }}-latest
env:
BUILD_TYPE: ${{ matrix.BUILD_TYPE }}
SOURCE_DIR: ${{github.workspace}}\.cache\source
TOOSL_DIR: ${{github.workspace}}\.cache\tools
INSTALL_DIR: ${{github.workspace}}\.cache\install_mingw_2022_02_15
SOURCE_DIR: ${{ github.workspace }}\.cache\source
TOOSL_DIR: ${{ github.workspace }}\.cache\tools
INSTALL_DIR: ${{ github.workspace }}\.cache\install_mingw_2022_02_15
steps:
- uses: actions/checkout@v4
#with:
#fetch-depth: 0
- uses: actions/checkout@v4
- name: pacman
env:
PATH: C:\msys64\usr\bin
run: |
C:\msys64\usr\bin\pacman.exe -S --noconfirm ^
mingw-w64-x86_64-cmake ^
mingw-w64-x86_64-make ^
mingw-w64-x86_64-nsis ^
mingw-w64-x86_64-gcc ^
mingw-w64-x86_64-zlib ^
mingw-w64-x86_64-openssl ^
mingw-w64-x86_64-libevent ^
mingw-w64-x86_64-sqlite3 ^
mingw-w64-x86_64-hiredis ^
mingw-w64-x86_64-postgresql ^
mingw-w64-x86_64-libmicrohttpd ^
git base-devel
- name: Install dependencies
run: |
C:\msys64\usr\bin\pacman.exe -S --noconfirm ^
mingw-w64-x86_64-cmake ^
mingw-w64-x86_64-make ^
mingw-w64-x86_64-nsis ^
mingw-w64-x86_64-gcc ^
mingw-w64-x86_64-zlib ^
mingw-w64-x86_64-openssl ^
mingw-w64-x86_64-libevent ^
mingw-w64-x86_64-sqlite3 ^
mingw-w64-x86_64-hiredis ^
mingw-w64-x86_64-postgresql ^
mingw-w64-x86_64-libmicrohttpd ^
git base-devel
env:
PATH: C:\msys64\usr\bin
- name: make_directory
run: |
cmake -E make_directory ${{env.SOURCE_DIR}}
cmake -E make_directory ${{env.TOOSL_DIR}}
cmake -E make_directory ${{env.INSTALL_DIR}}
- name: Create directories
run: |
cmake -E make_directory ${{ env.SOURCE_DIR }}
cmake -E make_directory ${{ env.TOOSL_DIR }}
cmake -E make_directory ${{ env.INSTALL_DIR }}
- name: Cache installed
uses: actions/cache@v4
id: cache-installed
with:
path: |
${{env.INSTALL_DIR}}
key: coturn-cache-installed-mingw
- name: Cache installed
uses: actions/cache@v4
id: cache-installed
with:
path: ${{ env.INSTALL_DIR }}
key: coturn-cache-installed-mingw
- name: build prometheus
if: false
working-directory: ${{env.SOURCE_DIR}}
env:
MSYSTEM: MINGW64
PATH: C:\msys64\mingw64\bin;C:\msys64\usr\bin
run: |
cd ${{env.SOURCE_DIR}}
git clone https://github.com/digitalocean/prometheus-client-c.git
cd prometheus-client-c/prom
mkdir build
cd build
cmake .. -G"MinGW Makefiles" ^
-DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
-DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
-DCMAKE_INSTALL_PREFIX=${{env.INSTALL_DIR}}
cmake --build . --config ${{matrix.BUILD_TYPE}}
cmake --build . --config ${{matrix.BUILD_TYPE}} --target install
cd ${{env.SOURCE_DIR}}/prometheus-client-c/promhttp
mkdir build
cd build
cmake .. -G"MinGW Makefiles" ^
-DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
-DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
-DCMAKE_INSTALL_PREFIX=${{env.INSTALL_DIR}}
cmake --build . --config ${{matrix.BUILD_TYPE}}
cmake --build . --config ${{matrix.BUILD_TYPE}} --target install
- name: Build Prometheus
run: |
cd ${{ env.SOURCE_DIR }}
git clone https://github.com/digitalocean/prometheus-client-c.git
cd prometheus-client-c/prom
mkdir build
cd build
cmake .. -G"MinGW Makefiles" ^
-DBUILD_SHARED_LIBS=${{ matrix.BUILD_SHARED_LIBS }} ^
-DCMAKE_BUILD_TYPE=${{ matrix.BUILD_TYPE }} ^
-DCMAKE_INSTALL_PREFIX=${{ env.INSTALL_DIR }}
cmake --build . --config ${{ matrix.BUILD_TYPE }}
cmake --build . --config ${{ matrix.BUILD_TYPE }} --target install
env:
MSYSTEM: MINGW64
PATH: C:\msys64\mingw64\bin;C:\msys64\usr\bin
working-directory: ${{ env.SOURCE_DIR }}
if: ${{ false }}
- name: build coturn
working-directory: ${{github.workspace}}
env:
MSYSTEM: MINGW64
PATH: C:\msys64\mingw64\bin;C:\msys64\usr\bin
Prometheus_ROOT: ${{env.INSTALL_DIR}}
run: |
cmake -E make_directory build
cd build
cmake .. -G"MinGW Makefiles" ^
-DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
-DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
-DCMAKE_INSTALL_PREFIX=${{github.workspace}}/build/install
cmake --build . --config ${{matrix.BUILD_TYPE}}
cmake --build . --config ${{matrix.BUILD_TYPE}} --target install
- name: Build Coturn
run: |
cmake -E make_directory build
cd build
cmake .. -G"MinGW Makefiles" ^
-DBUILD_SHARED_LIBS=${{ matrix.BUILD_SHARED_LIBS }} ^
-DCMAKE_BUILD_TYPE=${{ matrix.BUILD_TYPE }} ^
-DCMAKE_INSTALL_PREFIX=${{ github.workspace }}/build/install
cmake --build . --config ${{ matrix.BUILD_TYPE }}
cmake --build . --config ${{ matrix.BUILD_TYPE }} --target install
env:
MSYSTEM: MINGW64
PATH: C:\msys64\mingw64\bin;C:\msys64\usr\bin
Prometheus_ROOT: ${{ env.INSTALL_DIR }}
working-directory: ${{ github.workspace }}
- name: Package
if: ${{ matrix.BUILD_TYPE == 'Release' }}
working-directory: ${{github.workspace}}\build
run: |
copy /Y ${{env.INSTALL_DIR}}\bin\*.dll install\bin
copy /Y ${{env.INSTALL_DIR}}\lib\*.dll install\bin
copy /Y ${{env.RUNVCPKG_VCPKG_ROOT}}\installed\${{env.RUNVCPKG_VCPKG_TRIPLET_OUT}}\bin\*.dll install\bin
7z a coturn_windows_mingw.zip ${{github.workspace}}\build\install\*
cmake --build . --config ${{matrix.BUILD_TYPE}} --target package
- name: Package
run: |
copy /Y ${{ env.INSTALL_DIR }}\bin\*.dll install\bin
copy /Y ${{ env.INSTALL_DIR }}\lib\*.dll install\bin
copy /Y ${{ env.RUNVCPKG_VCPKG_ROOT }}\installed\${{ env.RUNVCPKG_VCPKG_TRIPLET_OUT }}\bin\*.dll install\bin
7z a coturn_windows_mingw.zip ${{ github.workspace }}\build\install\*
cmake --build . --config ${{ matrix.BUILD_TYPE }} --target package
working-directory: ${{ github.workspace }}\build
if: ${{ matrix.BUILD_TYPE == 'Release' }}
- name: update
if: ${{ matrix.BUILD_TYPE == 'Release' }}
uses: actions/upload-artifact@v4
with:
name: coturn_mingw_${{ matrix.os }}
path: |
${{github.workspace}}\build\coturn_windows_mingw.zip
${{github.workspace}}\build\coturn*.exe
${{github.workspace}}\build\coturn*.md5
- name: Update artifacts
uses: actions/upload-artifact@v4
with:
name: coturn_mingw_${{ matrix.os }}
path: |
${{ github.workspace }}\build\coturn_windows_mingw.zip
${{ github.workspace }}\build\coturn*.exe
${{ github.workspace }}\build\coturn*.md5
if: ${{ matrix.BUILD_TYPE == 'Release' }}

78
.github/workflows/msvc-analyzer.yml vendored
View File

@ -1,78 +0,0 @@
name: msvc-analyzer
on:
push:
pull_request:
types: [ opened, reopened, synchronize ]
jobs:
msvc-analyzer:
runs-on: windows-latest
permissions:
# required for all codeql to report detected outcomes
security-events: write
strategy:
matrix:
BUILD_TYPE: [Release]
BUILD_SHARED_LIBS: [OFF]
VCPKG_PLATFORM_TOOLSET: [v143]
CMAKE_GENERATOR_PLATFORM: [x64]
env:
SOURCE_DIR: ${{github.workspace}}\.cache\source
TOOLS_DIR: ${{github.workspace}}\.cache\tools
INSTALL_DIR: ${{github.workspace}}\.cache\install_msvc_x64-windows_${{matrix.BUILD_TYPE}}
VCPKGGITCOMMITID: 53bef8994c541b6561884a8395ea35715ece75db
VCPKG_PLATFORM_TOOLSET: ${{matrix.VCPKG_PLATFORM_TOOLSET}}
CMAKE_GENERATOR_PLATFORM: ${{matrix.CMAKE_GENERATOR_PLATFORM}}
defaults:
run:
shell: cmd
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: make directory
run: |
cmake -E make_directory ${{env.SOURCE_DIR}}
cmake -E make_directory ${{env.TOOLS_DIR}}
cmake -E make_directory ${{env.INSTALL_DIR}}
- name: run-vcpkg
uses: lukka/run-vcpkg@v11
with:
# If not using a submodule for vcpkg sources, this specifies which commit
# id must be checkout from a Git repo. It must not set if using a submodule
# for vcpkg.
vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
- name: Configure (MSVC)
run: |
cmake -B build ^
-A ${{matrix.CMAKE_GENERATOR_PLATFORM}} ^
-T ${{matrix.VCPKG_PLATFORM_TOOLSET}} ^
-DWITH_MYSQL=OFF ^
-DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
-DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
-DCMAKE_TOOLCHAIN_FILE=${{env.VCPKG_ROOT}}/scripts/buildsystems/vcpkg.cmake
- name: Initialize MSVC Code Analysis
uses: microsoft/msvc-code-analysis-action@v0.1.1
# Provide a unique ID to access the sarif output path
id: run-analysis
with:
cmakeBuildDirectory: build
buildConfiguration: ${{ matrix.BUILD_TYPE }}
# Ruleset file that will determine what checks will be run
ruleset: NativeRecommendedRules.ruleset
# Upload SARIF file to GitHub Code Scanning Alerts
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.run-analysis.outputs.sarif }}

196
.github/workflows/msvc.yml vendored
View File

@ -1,96 +1,160 @@
name: msvc
name: MSVC
on:
push:
branches: ["master"]
tags: ["4.*"]
pull_request:
types: [ opened, reopened, synchronize ]
branches: ["master"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
VCPKGGITCOMMITID: 53bef8994c541b6561884a8395ea35715ece75db
jobs:
compile:
name: ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}}
code-analysis:
name: code analysis (windows-vc-${{ matrix.VCPKG_PLATFORM_TOOLSET }}-${{ matrix.CMAKE_GENERATOR_PLATFORM }}-${{ matrix.BUILD_TYPE }}-${{ matrix.BUILD_SHARED_LIBS }})
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
BUILD_TYPE: [Release, Debug]
BUILD_SHARED_LIBS: [OFF, ON]
CMAKE_GENERATOR_PLATFORM: [x64, Win32]
os: [windows-latest]
BUILD_TYPE: [Release]
BUILD_SHARED_LIBS: [OFF]
VCPKG_PLATFORM_TOOLSET: [v143]
CMAKE_GENERATOR_PLATFORM: [x64]
env:
SOURCE_DIR: ${{ github.workspace }}\.cache\source
TOOLS_DIR: ${{ github.workspace }}\.cache\tools
INSTALL_DIR: ${{ github.workspace }}\.cache\install_msvc_x64-windows_${{ matrix.BUILD_TYPE }}
VCPKG_PLATFORM_TOOLSET: ${{ matrix.VCPKG_PLATFORM_TOOLSET }}
CMAKE_GENERATOR_PLATFORM: ${{ matrix.CMAKE_GENERATOR_PLATFORM }}
defaults:
run:
shell: cmd
permissions:
security-events: write # required for all CodeQL to report detected outcomes
steps:
- uses: actions/checkout@v4
- name: Create directories
run: |
cmake -E make_directory ${{ env.SOURCE_DIR }}
cmake -E make_directory ${{ env.TOOLS_DIR }}
cmake -E make_directory ${{ env.INSTALL_DIR }}
- name: run-vcpkg
uses: lukka/run-vcpkg@v11
with:
# If not using a submodule for vcpkg sources, this specifies which commit
# id must be checkout from a Git repo. It must not set if using a submodule
# for vcpkg.
vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
- name: Configure
run: |
cmake -B build ^
-A ${{ matrix.CMAKE_GENERATOR_PLATFORM }} ^
-T ${{ matrix.VCPKG_PLATFORM_TOOLSET }} ^
-DWITH_MYSQL=OFF ^
-DBUILD_SHARED_LIBS=${{ matrix.BUILD_SHARED_LIBS }} ^
-DCMAKE_BUILD_TYPE=${{ matrix.BUILD_TYPE }} ^
-DCMAKE_TOOLCHAIN_FILE=${{ env.VCPKG_ROOT }}/scripts/buildsystems/vcpkg.cmake
- name: Initialize MSVC Code Analysis
uses: microsoft/msvc-code-analysis-action@v0.1.1
# Provide a unique ID to access the SARIF output path.
id: run-analysis
with:
cmakeBuildDirectory: build
buildConfiguration: ${{ matrix.BUILD_TYPE }}
# Ruleset file that will determine what checks will be run.
ruleset: NativeRecommendedRules.ruleset
# Upload SARIF file to GitHub Code Scanning Alerts
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
compile:
name: compile (${{ matrix.os }}-vc-${{ matrix.VCPKG_PLATFORM_TOOLSET }}-${{ matrix.CMAKE_GENERATOR_PLATFORM }}-${{ matrix.BUILD_TYPE }}-${{ matrix.BUILD_SHARED_LIBS }})
strategy:
fail-fast: false
matrix:
BUILD_TYPE: ["Release", "Debug"]
BUILD_SHARED_LIBS: ["OFF", "ON"]
CMAKE_GENERATOR_PLATFORM: ["x64", "Win32"]
os: ["windows"]
include:
# MSVC 2022
- triplet: x64-windows
VCPKG_PLATFORM_TOOLSET: v143
CMAKE_GENERATOR_PLATFORM: x64
- triplet: x86-windows
VCPKG_PLATFORM_TOOLSET: v143
CMAKE_GENERATOR_PLATFORM: Win32
# MSVC 2019
- triplet: x86-windows
VCPKG_PLATFORM_TOOLSET: v142
CMAKE_GENERATOR_PLATFORM: Win32
runs-on: ${{matrix.os}}
runs-on: ${{ matrix.os }}-latest
env:
SOURCE_DIR: ${{github.workspace}}\.cache\source
TOOLS_DIR: ${{github.workspace}}\.cache\tools
INSTALL_DIR: ${{github.workspace}}\.cache\install_msvc_${{matrix.triplet}}_${{matrix.BUILD_TYPE}}
VCPKGGITCOMMITID: 53bef8994c541b6561884a8395ea35715ece75db
VCPKG_PLATFORM_TOOLSET: ${{matrix.VCPKG_PLATFORM_TOOLSET}}
CMAKE_GENERATOR_PLATFORM: ${{matrix.CMAKE_GENERATOR_PLATFORM}}
SOURCE_DIR: ${{ github.workspace }}\.cache\source
TOOLS_DIR: ${{ github.workspace }}\.cache\tools
INSTALL_DIR: ${{ github.workspace }}\.cache\install_msvc_${{matrix.triplet}}_${{matrix.BUILD_TYPE}}
VCPKG_PLATFORM_TOOLSET: ${{ matrix.VCPKG_PLATFORM_TOOLSET }}
CMAKE_GENERATOR_PLATFORM: ${{ matrix.CMAKE_GENERATOR_PLATFORM }}
defaults:
run:
shell: cmd
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/checkout@v4
- name: make directory
run: |
cmake -E make_directory ${{env.SOURCE_DIR}}
cmake -E make_directory ${{env.TOOLS_DIR}}
cmake -E make_directory ${{env.INSTALL_DIR}}
- name: Create directories
run: |
cmake -E make_directory ${{ env.SOURCE_DIR }}
cmake -E make_directory ${{ env.TOOLS_DIR }}
cmake -E make_directory ${{ env.INSTALL_DIR }}
- name: run-vcpkg
uses: lukka/run-vcpkg@v11
with:
# If not using a submodule for vcpkg sources, this specifies which commit
# id must be checkout from a Git repo. It must not set if using a submodule
# for vcpkg.
vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
- name: run-vcpkg
uses: lukka/run-vcpkg@v11
with:
# If not using a submodule for vcpkg sources, this specifies which commit
# id must be checkout from a Git repo. It must not set if using a submodule
# for vcpkg.
vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
- name: build coturn
run: |
cmake -E make_directory ${{github.workspace}}/build
cd ${{github.workspace}}/build
cmake ${{github.workspace}} ^
-A ${{matrix.CMAKE_GENERATOR_PLATFORM}} ^
-T ${{matrix.VCPKG_PLATFORM_TOOLSET}} ^
-DWITH_MYSQL=OFF ^
-DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
-DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
-DCMAKE_INSTALL_PREFIX=${{github.workspace}}/build/install ^
-DCMAKE_TOOLCHAIN_FILE=${{env.VCPKG_ROOT}}/scripts/buildsystems/vcpkg.cmake
cmake --build . --config ${{matrix.BUILD_TYPE}}
cmake --build . --config ${{matrix.BUILD_TYPE}} --target install
- name: Build Coturn
run: |
cmake -E make_directory ${{ github.workspace }}/build
cd ${{ github.workspace }}/build
cmake ${{ github.workspace }} ^
-A ${{ matrix.CMAKE_GENERATOR_PLATFORM }} ^
-T ${{ matrix.VCPKG_PLATFORM_TOOLSET }} ^
-DWITH_MYSQL=OFF ^
-DBUILD_SHARED_LIBS=${{ matrix.BUILD_SHARED_LIBS }} ^
-DCMAKE_BUILD_TYPE=${{ matrix.BUILD_TYPE }} ^
-DCMAKE_INSTALL_PREFIX=${{ github.workspace }}/build/install ^
-DCMAKE_TOOLCHAIN_FILE=${{ env.VCPKG_ROOT }}/scripts/buildsystems/vcpkg.cmake
cmake --build . --config ${{ matrix.BUILD_TYPE }}
cmake --build . --config ${{ matrix.BUILD_TYPE }} --target install
- name: Package
if: ${{ matrix.BUILD_TYPE == 'Release' }}
working-directory: ${{github.workspace}}\build
run: |
7z a coturn_windows_msvc.zip ${{github.workspace}}\build\install\*
cmake --build . --config ${{matrix.BUILD_TYPE}} --target package
- name: Package
run: |
7z a coturn_windows_msvc.zip ${{ github.workspace }}\build\install\*
cmake --build . --config ${{ matrix.BUILD_TYPE }} --target package
working-directory: ${{ github.workspace }}\build
if: ${{ matrix.BUILD_TYPE == 'Release' }}
- name: Update
if: ${{ matrix.BUILD_TYPE == 'Release' }}
uses: actions/upload-artifact@v4
with:
name: coturn_msvc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_SHARED_LIBS}}
path: |
${{github.workspace}}\build\coturn_windows_msvc.zip
${{github.workspace}}\build\coturn*.exe
${{github.workspace}}\build\coturn*.md5
- name: Update artifacts
uses: actions/upload-artifact@v4
with:
name: coturn_msvc-${{ matrix.VCPKG_PLATFORM_TOOLSET }}-${{ matrix.CMAKE_GENERATOR_PLATFORM }}-${{ matrix.BUILD_SHARED_LIBS }}
path: |
${{ github.workspace }}\build\coturn_windows_msvc.zip
${{ github.workspace }}\build\coturn*.exe
${{ github.workspace }}\build\coturn*.md5
if: ${{ matrix.BUILD_TYPE == 'Release' }}

36
.github/workflows/ubuntu_tests.yml vendored
View File

@ -1,36 +0,0 @@
name: Ubuntu
on:
push:
pull_request:
types: [ opened, reopened, synchronize ]
# make GHA actions use node16 to use ancient container images
# See https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
# Unclear how long this will work though
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
jobs:
builds:
strategy:
fail-fast: false
matrix:
os: [ 'ubuntu:16.04', 'ubuntu:18.04', 'ubuntu:20.04', 'ubuntu:22.04' ]
runs-on: ubuntu-latest
container: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Install dependencies
# Set env variable or otherwise tzdata package requires interaction
env:
DEBIAN_FRONTEND: noninteractive
uses: ./.github/workflows/actions/ubuntu-build-deps
- name: configure
run: ./configure
- name: make
run: make
- name: make check
run: make check
- name: apps tests
run: cd examples && ./run_tests.sh && ./run_tests_conf.sh

32
AUTHORS.md
View File

@ -1,8 +1,11 @@
Thanks to the following contributors (in alphabetical order):
- Aaron Bird <25508292+Aaron-Bird@users.noreply.github.com>
- Alessandro Polidori <alessandro.polidori@nethesis.it>
- Alex Gustafsson <89969483+alexg-axis@users.noreply.github.com>
- Alexander N <a@a>
- Alexander Terczka <alex@mail.at>
- Alexander Udovichenko <udovichenko48@gmail.com>
- Antony Dovgal <tony@daylessday.org>
- Arjun <36335769+0x34d@users.noreply.github.com>
- Arne Georg Gisnås Gleditsch <argggh@appear.in>
@ -14,19 +17,24 @@ Thanks to the following contributors (in alphabetical order):
- Byron Clark <byron@theclarkfamily.name>
- Camden Narzt <c.narzt@me.com>
- Carsten Bock <carsten@ng-voice.com>
- Cédric DIJOUX <45537432+PrinceChoco@users.noreply.github.com>
- Cédric Krier <ced@b2ck.com>
- Chai-Shi <changchaishi@gmail.com>
- Corey Cole <coreyleoc@gmail.com>
- Cybermilitia <Cybermilitia@users.noreply.github.com>
- Daniil Meitis <30820460+dsmeytis@users.noreply.github.com>
- Daniil Meitis <daniil.meitis@viber.com>
- Danilo Bargen <mail@dbrgn.ch>
- Dave Lambley <dave@lambley.me.uk>
- Dave Lambley <github@davel.me.uk>
- David Florness <david@florness.com>
- David Smitmanis <davidsm@axis.com>
- David-dp- <David-dp-@users.noreply.github.com>
- Domenico Briganti <domenico.briganti@osys.it>
- Emil Ljungdahl <111423223+pando-emil@users.noreply.github.com>
- Erdem Duman <erdemduman23@gmail.com>
- Erik Moqvist <erik.moqvist@axis.com>
- Evgeny Khramtsov <xramtsov@gmail.com>
- Feral Interactive <noreply@feralinteractive.com>
- Gautier HUSSON <g.husson_git@liberasys.com>
- Giacomo Vacca <gvacca@subspace.com>
@ -34,12 +42,14 @@ Thanks to the following contributors (in alphabetical order):
- Greg Fodor <gfodor@gmail.com>
- Gregor Jasny <gjasny@googlemail.com>
- Gustavo Garcia <gustavogb@gmail.com>
- Gustavo Garcia <gustavogb@mail.com>
- Haseeb Abdul Qadir <haseebq@jumpdesktop.com>
- Hristo Venev <hristo@venev.name>
- Hui Kang <kangh@us.ibm.com>
- Hyorin Choi <17173216+hyorin@users.noreply.github.com>
- Ilya Kisleyko <osterik@gmail.com>
- James Huang <hng.jms@gmail.com>
- Jan Brasna <1784648+janbrasna@users.noreply.github.com>
- Jasper <jasper@jasperhugo.com>
- Jens Elkner <jel+coturn@cs.ovgu.de>
- Jens Elkner <jel+git@iks.cs.uni-magdeburg.de>
@ -49,6 +59,7 @@ Thanks to the following contributors (in alphabetical order):
- Johannes Weberhofer <jweberhofer@weberhofer.at>
- Jonathan GIBERT <Jonathan.GIBERT@iconsultants.fr>
- JooYoung <qkdlql@naver.com>
- Jorge <46056498+jorgectf@users.noreply.github.com>
- Juan Navarro <juan.navarro@gmx.es>
- KORAY VATANSEVER <koray.vatansever@turkcell.com.tr>
- KORAY VATANSEVER <ttkvatansever@TC08966777>
@ -67,14 +78,17 @@ Thanks to the following contributors (in alphabetical order):
- Mészáros Mihály <bakfitty@gmail.com>
- Mészáros Mihály <misi@majd.eu>
- Mészáros Mihály <misi@niif.hu>
- Michael Jones <jonesmz@users.noreply.github.com>
- Michal Biskup <eiver@eiver.pl>
- Miquel Ortega <miquel@syncrtc.com>
- Molly Miller <33266253+sysvinit@users.noreply.github.com>
- Molly Miller <molly.miller@wire.com>
- Mustafa Bingül <bnglmstf@gmail.com>
- NO NAME <45446340+linwenchen@users.noreply.github.com>
- NeoCat <neocat@neocat.jp>
- Nicolas Edet <nicedet@cisco.com>
- Nikolay Lanets <n.lanets@modxclub.ru>
- Nikolayshcx <77790944+Nikolayshcx@users.noreply.github.com>
- Oleg Moskalenko <mom040267@gmail.com>
- Orsiris de Jong <ozy@netpower.fr>
- Oskar Niburski <oskarniburski@gmail.com>
@ -90,8 +104,10 @@ Thanks to the following contributors (in alphabetical order):
- Prashanth Rajaram <prashanthr@users.noreply.github.com>
- RIORAO <lah.messagebox@gmail.com>
- Richard Garnier <richard@bitcraft.co.jp>
- Richard Russo <richard@signal.org>
- Robert Scheck <robert-scheck@users.noreply.github.com>
- Robert Scheck <robert@fedoraproject.org>
- Robert Silén <robert.silen@mariadb.org>
- Robert Tupelo-Schneck <schneck@cnri.reston.va.us>
- Rozhuk Ivan <rozhuk.im@gmail.com>
- Ruben Barkow-Kuder <rubo77@users.noreply.github.com>
@ -100,28 +116,41 @@ Thanks to the following contributors (in alphabetical order):
- Sandro Gauci <sandro@enablesecurity.com>
- Scott Godin <sgodin@sipspectrum.com>
- Sebastian Kemper <sebastian_ml@gmx.net>
- Sergey Radionov <RSATom@gmail.com>
- Sergey Safarov <s.safarov@gmail.com>
- Serhii Charykov <laammaar@gmail.com>
- Shu Muto <shu.mutow@gmail.com>
- Shu Muto <shu.mutow@nec.com>
- Stefan Junker <1181362+steveej@users.noreply.github.com>
- Stefan Sundin <git@stefansundin.com>
- Steffen Moser <public@steffen-moser.de>
- Steffen Moser <steffen.moser@uni-ulm.de>
- Subhra264 <chakrabortysubhradeep556@gmail.com>
- Sven Tennie <sven.tennie@gmail.com>
- Thibaut ACKERMANN <thib-ack@users.noreply.github.com>
- Thibaut Ackermann <thibaut.ackermann@al-enterprise.com>
- Thibaut Ackermann <thibaut.ackermann@alcatel-lucent.com>
- Tom Bevan <thehorrorthehorror@gmail.com>
- Wittmer, Christian <chris@computersalat.de>
- Wuelber Castillo <wuelber.castillo@gmail.com>
- Yoshiki Kadoshita <sublimer.me@gmail.com>
- Zebadiah Long <zeb@noblewhale.com>
- Zoey <zoey@z0ey.de>
- ashamedbit <muralianiruddhan@gmail.com>
- bpcurse <29312856+bpcurse@users.noreply.github.com>
- brevilo <brevilo@users.noreply.github.com>
- chanduthedev <chanduthedev@gmail.com>
- czephyr <alfredo.funicello@studenti.unimi.it>
- damencho <damencho@jitsi.org>
- ddeka2910 <60925700+ddeka2910@users.noreply.github.com>
- dominiquefournier <dominique@fournier38.fr>
- eakraly <eakraly@users.noreply.github.com>
- ggalperi <81175455+ggalperi@users.noreply.github.com>
- hariprasadt <hariprasad.t@samsung.com>
- huhaipeng <huhaipeng@corp.netease.com>
- islamoglus <islamogluselahaddin@gmail.com>
- korayvt <korayvt@users.noreply.github.com>
- maddy <maddy@kitty.garden>
- marcoschum <50410120+marcoschum@users.noreply.github.com>
- misi <bakfitty@gmail.com>
- mom040267 <mom040267@gmail.com>
@ -132,13 +161,16 @@ Thanks to the following contributors (in alphabetical order):
- ooookai <ooookai@users.noreply.github.com>
- r3g_5z <june@girlboss.ceo>
- raghumuppa <mupparthies@gmail.com>
- redraincatching <99604494+redraincatching@users.noreply.github.com>
- release-it <release-it@tawenda.com>
- rim <11380091+rozhuk-im@users.noreply.github.com>
- root <root@centot7.test.in.securom.me>
- seungbin-ko <seungbin.ko@navercorp.com>
- shuyin.wsy <shuyin.wsy@alibaba-inc.com>
- skystar-p <wogus150@naver.com>
- tyranron <tyranron@gmail.com>
- unicode-it <info@unicode-it.de>
- vuittont60 <81072379+vuittont60@users.noreply.github.com>
- wolmi <lenyos@gmail.com>
- xthursdayx <xthursdayx@mailbox.org>
- yohan <783b8c87@scimetis.net>

2
CMakeLists.txt
View File

@ -9,7 +9,7 @@ set(CMAKE_C_STANDARD_REQUIRED ON)
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_SOURCE_DIR}/cmake)
# TODO: Modify this when the version is released
SET(BUILD_VERSION "4.6.2")
SET(BUILD_VERSION "4.6.3")
# Find Git Version Patch
IF(EXISTS "${CMAKE_SOURCE_DIR}/.git")

152
ChangeLog
View File

@ -1,3 +1,155 @@
Release 4.6.3
Changelist:
- Implement custom prometheus http handler (#1591) (Alex Gustafsson <89969483+alexg-axis@users.noreply.github.com>)
- Add MariaDB support to README.md (#1601) (Robert Silén <robert.silen@mariadb.org>)
- Allow authenticating with a username to redis (#1488) (maddy <maddy@kitty.garden>)
- Easy installation of coturn on AWS (#1581) (hariprasadt <hariprasad.t@samsung.com>)
- Add prometheus setting suggestions on turn.conf in example folder (#1597) (Chai-Shi <changchaishi@gmail.com>)
- Install openssl-1.1.1 on amazonlinux:2 instead of openssl-1.0.1 (#1595) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Add new Drain feature (#1529) (Scott Godin <sgodin@sipspectrum.com>)
- Additional refactoring of ns_turn_allocation.* to address security scanner concerns (#1514) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix linting error in mainrelay.c (#1558) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Fix rpm version scripts (#1556) (eakraly <eakraly@users.noreply.github.com>)
- Delete dead code (#1563) (Sven Tennie <sven.tennie@gmail.com>)
- Fix cli auth (#1578) (Mészáros Mihály <misi@majd.eu>)
- Use bool, instead of int, for the functions in ns_turn_msg.c (#1553) (Michael Jones <jonesmz@users.noreply.github.com>)
- Reformat code (#1557) (Pavel Punsky <eakraly@users.noreply.github.com>)
- configure: data files shouldn't be executable (#1542) (Sergey Radionov <RSATom@gmail.com>)
- Update libtelnet (#1545) (Michael Jones <jonesmz@users.noreply.github.com>)
- Use calloc where appropriate, avoid memset when normal buffer initialization works (#1550) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix make lint (#1547) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix compiler warnings from continuous integration (#1555) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix nodejs/glibc problem with old container images. (#1548) (Michael Jones <jonesmz@users.noreply.github.com>)
- Windows: Only attempt to bind when the network interface is up (#1527) (David Smitmanis <davidsm@axis.com>)
- Memset user_db before reading conf file, not after (#1537) (Pavel Punsky <eakraly@users.noreply.github.com>)
- added support for amazon linux and renamed tests.yml (#1401) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Check the result of malloc in send_message_to_redis (#1515) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check the result of malloc in mongo_set_realm_option_one (#1516) (Michael Jones <jonesmz@users.noreply.github.com>)
- Simplify workflow for codeql (#1517) (Michael Jones <jonesmz@users.noreply.github.com>)
- Move the hiredis_libevent2 code from common to relay (#1509) (Michael Jones <jonesmz@users.noreply.github.com>)
- Include what you use (#1512) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check the result of malloc in string_list_add (#1495) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check the result of realloc and calloc in ch_map_get (#1497) (Michael Jones <jonesmz@users.noreply.github.com>)
- Address clang-tidy warnings in db files (#1405) (Michael Jones <jonesmz@users.noreply.github.com>)
- malloc now allocates space for string terminator (#1507) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Use bool over int for the turnutils_uclient program (#1420) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix lint complaint about comment (#1506) (Michael Jones <jonesmz@users.noreply.github.com>)
- Run all of the CI except for Docker builds on any change (#1415) (Michael Jones <jonesmz@users.noreply.github.com>)
- Avoid read-past-end of string in get_bold_admin_title (#1499) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check allocation results in add_static_user_account (#1501) (Michael Jones <jonesmz@users.noreply.github.com>)
- Address some build issues introduced by api changes (#1505) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Check the result of calloc in handle_logon_request (#1498) (Michael Jones <jonesmz@users.noreply.github.com>)
- Avoid writing potentially uninitialized data to aes_128 key file (#1500) (Michael Jones <jonesmz@users.noreply.github.com>)
- Use active CPU number instead of total number (#1469) (Pavel Punsky <eakraly@users.noreply.github.com>)
- defined a magic number for stun fingerprinting (#1489) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Always run lint, regardless of branch (#1492) (Michael Jones <jonesmz@users.noreply.github.com>)
- avoid potential nullptr derefernence in udp_create_server_socket (#1496) (Michael Jones <jonesmz@users.noreply.github.com>)
- Change the various map functions to return bool instead of inconsistantly return 0, 1, or -1 (#1502) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check the result of malloc in del_alt_server (#1503) (Michael Jones <jonesmz@users.noreply.github.com>)
- Avoid nullptr dereference of server variable in various functions (#1504) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix msvc analyzer error on goto label on rfc5769check (#1486) (Gustavo Garcia <gustavogb@gmail.com>)
- Fix buffer overflow in generate_enc_password with increase rsalt by 2 (#1463) (Stefan Junker <1181362+steveej@users.noreply.github.com>)
- Fix lint errors (Gustavo Garcia <gustavogb@gmail.com>)
- Add support for raw public keys (Rfc 7250) (#1458) (Nikolayshcx <77790944+Nikolayshcx@users.noreply.github.com>)
- Fix clang-format lint warnings (Gustavo Garcia <gustavogb@mail.com>)
- Fix const during free warning in rfc5769check app (Gustavo Garcia <gustavogb@mail.com>)
- Refactor: peer_input_handle (#1325) (Kang Lin <kl222@126.com>)
- workflow tidying (#1396) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Update turnserver.conf Example about listening-ip (#1336) (Wittmer, Christian <chris@computersalat.de>)
- Fix Cmake find issue in libevent (#1466) (NO NAME <45446340+linwenchen@users.noreply.github.com>)
- CMake: Declare the variable nearby (#1387) (Kang Lin <kl222@126.com>)
- Print version only, no extra lines (#1441) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Fix memory leak in rfc5769check.c (#1410) (ashamedbit <muralianiruddhan@gmail.com>)
- Fix memory leak in netengine.c (#1411) (ashamedbit <muralianiruddhan@gmail.com>)
- Fix memory leak on http_server.c (#1412) (ashamedbit <muralianiruddhan@gmail.com>)
- ubuntu build dependencies extracted to composite actions (#1399) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Delete unused variable (#1437) (Pavel Punsky <eakraly@users.noreply.github.com>)
- changed variables in stunclient.c to bool (C11) (#1421) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- added missing function prototype of turn_random_number() (#1428) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Fix no-tls warning typo (#1426) (Jan Brasna <1784648+janbrasna@users.noreply.github.com>)
- Update SQLite.md (#1429) (dominiquefournier <dominique@fournier38.fr>)
- Adjust wording in cmake message when prometheous cannot be found. (#1418) (Michael Jones <jonesmz@users.noreply.github.com>)
- Add the InsertBraces command for clang-format to ensure that all conditionals always have braces (#1408) (Michael Jones <jonesmz@users.noreply.github.com>)
- Change minimal required cmake version to 3.16 (#1388) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Replace HeapAlloc with malloc (#1378) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Added sessionID to some log lines (#1334) (korayvt <korayvt@users.noreply.github.com>)
- Update FlowChart (#1377) (Kang Lin <kl222@126.com>)
- Add clang-tidy, include-what-you-use, and msvc-analyzer github actions (#1363) (Michael Jones <jonesmz@users.noreply.github.com>)
- Doc: add flowchart (#1328) (Kang Lin <kl222@126.com>)
- Missing session ID in coturn logs for denied IP - 1330 (#1332) (Cybermilitia <Cybermilitia@users.noreply.github.com>)
- Update lukka/run-vcpkg@11 (#1374) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Fix typos (#1345) (vuittont60 <81072379+vuittont60@users.noreply.github.com>)
- Fix mingw build (#1376) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Add github action that runs tests with compiler sanitizers (#1370) (Michael Jones <jonesmz@users.noreply.github.com>)
- Simplify macOS detection macros (#1372) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Fix potential null passed to function expecting nonnull (#1373) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Only set MHD_USE_DUAL_STACK if IPv6 is available (#1362) (Evgeny Khramtsov <xramtsov@gmail.com>)
- Remove unimplemented test folder reference from CMakeLists.txt (#1371) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Fix cmake find prometheus(fix #1304) (#1315) (Kang Lin <kl222@126.com>)
- Fix run cmake.yml in any github action (#1320) (Kang Lin <kl222@126.com>)
- Fix return correct error code for `create_relay_connection` in case of `RESERVATION-TOKEN` failure (#1319) (Subhra264 <chakrabortysubhradeep556@gmail.com>)
- Reduce ifdefs in code: TURN_NO_PROMETHEUS (#1116) (Pavel Punsky <eakraly@users.noreply.github.com>)
- strncpy doesn't return size_t (#1296) (Richard Russo <richard@signal.org>)
- Return a 400 response to HTTP requests (#1231) (Dave Lambley <dave@lambley.me.uk>)
- Fix missing strncpy in fix_stun_check_message_integrity_str (#1282) (Gustavo Garcia <gustavogb@gmail.com>)
- Fix ubuntu 16 build with GH action checkout version to v3 (#1281) (Gustavo Garcia <gustavogb@gmail.com>)
- Fix memleak in pgsql_reread_realms (#1278) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Replace srand/rand with srandom/random (#1279) (Gustavo Garcia <gustavogb@gmail.com>)
- Fix memcpy len checks stun_is_challenge_response_str (#1280) (Gustavo Garcia <gustavogb@gmail.com>)
- Add warning and disable web admin if no-tls option used (#1256) (Alexander Udovichenko <udovichenko48@gmail.com>)
- Fix formatting to fix lint error (#1258) (Pavel Punsky <eakraly@users.noreply.github.com>)
- added warnings for prometheus apt unavailability (#1184) (czephyr <alfredo.funicello@studenti.unimi.it>)
- Update version in vcpkg.json (#1254) (Kang Lin <kl222@126.com>)
- Fix error of make command in Cygwin environment (#1236) (Aaron Bird <25508292+Aaron-Bird@users.noreply.github.com>)
- Fix recursive call in delete alternate server (#1250) (Cybermilitia <Cybermilitia@users.noreply.github.com>)
- Add CodeQL workflow (#1228) (Jorge <46056498+jorgectf@users.noreply.github.com>)
- Change printf() to TURN_LOG_FUNC() for --no-stdout-log (#1221) (Robert Scheck <robert-scheck@users.noreply.github.com>)
- Fix build with libressl 3.6+ (#1198) (rim <11380091+rozhuk-im@users.noreply.github.com>)
- Update turnserver.spec (#1192) (Mathieu Aubin <mathieu@zeroserieux.com>)
Contributors:
- Aaron Bird <25508292+Aaron-Bird@users.noreply.github.com>
- Alex Gustafsson <89969483+alexg-axis@users.noreply.github.com>
- Alexander Udovichenko <udovichenko48@gmail.com>
- Chai-Shi <changchaishi@gmail.com>
- Cybermilitia <Cybermilitia@users.noreply.github.com>
- Dave Lambley <dave@lambley.me.uk>
- David Smitmanis <davidsm@axis.com>
- Evgeny Khramtsov <xramtsov@gmail.com>
- Gustavo Garcia <gustavogb@gmail.com>
- Gustavo Garcia <gustavogb@mail.com>
- Jan Brasna <1784648+janbrasna@users.noreply.github.com>
- Jorge <46056498+jorgectf@users.noreply.github.com>
- Kang Lin <kl222@126.com>
- Mathieu Aubin <mathieu@zeroserieux.com>
- Mészáros Mihály <misi@majd.eu>
- Michael Jones <jonesmz@users.noreply.github.com>
- NO NAME <45446340+linwenchen@users.noreply.github.com>
- Nikolayshcx <77790944+Nikolayshcx@users.noreply.github.com>
- Pavel Punsky <eakraly@users.noreply.github.com>
- Richard Russo <richard@signal.org>
- Robert Scheck <robert-scheck@users.noreply.github.com>
- Robert Silén <robert.silen@mariadb.org>
- Scott Godin <sgodin@sipspectrum.com>
- Sergey Radionov <RSATom@gmail.com>
- Stefan Junker <1181362+steveej@users.noreply.github.com>
- Subhra264 <chakrabortysubhradeep556@gmail.com>
- Sven Tennie <sven.tennie@gmail.com>
- Wittmer, Christian <chris@computersalat.de>
- Zoey <zoey@z0ey.de>
- ashamedbit <muralianiruddhan@gmail.com>
- czephyr <alfredo.funicello@studenti.unimi.it>
- dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- dominiquefournier <dominique@fournier38.fr>
- eakraly <eakraly@users.noreply.github.com>
- hariprasadt <hariprasad.t@samsung.com>
- korayvt <korayvt@users.noreply.github.com>
- maddy <maddy@kitty.garden>
- redraincatching <99604494+redraincatching@users.noreply.github.com>
- rim <11380091+rozhuk-im@users.noreply.github.com>
- vuittont60 <81072379+vuittont60@users.noreply.github.com>
Release 4.6.2
Changelist:

4
README.md
View File

@ -35,7 +35,7 @@ coturn requires following dependencies to be installed first
Optional
- openssl (to support TLS and DTLS, authorized STUN and TURN)
- libmicrohttp and [prometheus-client-c](https://github.com/digitalocean/prometheus-client-c) (prometheus interface)
- MySQL (user database)
- MariaDB/MySQL (user database)
- [Hiredis](https://github.com/redis/hiredis) (user database, monitoring)
- SQLite (user database)
- PostgreSQL (user database)
@ -98,7 +98,7 @@ Relay protocols:
User databases (for user repository, with passwords or keys, if authentication is required):
* SQLite
* MySQL
* MariaDB/MySQL
* PostgreSQL
* Redis
* MongoDB

5
README.turnserver
View File

@ -168,7 +168,10 @@ Flags:
-o, --daemon Run server as daemon.
--no-software-attribute Production mode: hide the software version.
--no-software-attribute DEPRECATED. See "--software-attribute".
--software-attribute Send SOFTWARE_ATTRIBUTE on messages that can have it. Disabled by default.
Equals to deprecated option "--no-software-attribute false".
-f, --fingerprint Use fingerprints in the TURN messages. If an incoming request
contains a fingerprint, then TURN server will always add

23
cmake/FindPrometheus.cmake
View File

@ -7,7 +7,7 @@
#
# Try to find prometheus
# Once done, this will define:
# Prometheus_FOUND - Prometheus (or all requested components of prom, promhttp, microhttpd) was found.
# Prometheus_FOUND - Prometheus (or all requested components of prom, microhttpd) was found.
# Prometheus_INCLUDE_DIRS - Libevent include directories
# Prometheus_LIBRARIES - libraries needed to use Prometheus
#
@ -16,9 +16,8 @@ include(FindPackageHandleStandardArgs)
find_package(PkgConfig)
pkg_check_modules(PC_prom QUIET prom)
pkg_check_modules(PC_promhttp QUIET promhttp)
pkg_check_modules(PC_microhttd QUIET microhttpd)
find_path(microhttpd_include_dir
NAMES microhttpd.h
HINTS ${Prometheus_DIR} ${Prometheus_ROOT} ${PC_microhttd_INCLUDE_DIRS} /usr
@ -47,28 +46,12 @@ find_library(
PATHS $ENV{Prometheus_DIR} $ENV{Prometheus_ROOT}
PATH_SUFFIXES lib ${CMAKE_INSTALL_LIBDIR})
find_path(promhttp_INCLUDE_DIR
NAMES promhttp.h
HINTS ${Prometheus_DIR} ${Prometheus_ROOT} ${PC_promhttp_INCLUDE_DIRS} /usr
PATHS $ENV{Prometheus_DIR} $ENV{Prometheus_ROOT}
PATH_SUFFIXES include
)
find_library(
promhttp_libs
NAMES promhttp
HINTS ${Prometheus_DIR} ${Prometheus_ROOT} ${PC_promhttp_LIBRARY_DIRS}
PATHS $ENV{Prometheus_DIR} $ENV{Prometheus_ROOT}
PATH_SUFFIXES lib ${CMAKE_INSTALL_LIBDIR})
find_package_handle_standard_args(Prometheus
REQUIRED_VARS prom_libs prom_INCLUDE_DIR
promhttp_libs promhttp_INCLUDE_DIR
microhttpd_include_dir microhttpd_libs
)
set(Prometheus_INCLUDE_DIRS
${prom_INCLUDE_DIR}
${promhttp_INCLUDE_DIR}
${microhttpd_include_dir})
set(Prometheus_LIBRARIES ${prom_libs} ${promhttp_libs} ${microhttpd_libs})
set(Prometheus_LIBRARIES ${prom_libs} ${microhttpd_libs})

26
configure vendored
View File

@ -848,30 +848,18 @@ if [ -z "${TURN_NO_PROMETHEUS}" ] ; then
ER=$?
if ! [ ${ER} -eq 0 ] ; then
${ECHO_CMD} "Prometheus lib found."
testlib promhttp
testlib microhttpd
ER=$?
if ! [ ${ER} -eq 0 ] ; then
${ECHO_CMD} "Prometheus http lib found."
testlib microhttpd
ER=$?
if ! [ ${ER} -eq 0 ] ; then
${ECHO_CMD} "Microhttpd lib found."
# Adjustments for Debian
# See: https://github.com/coturn/coturn/pull/754#issuecomment-824693226
if [ -f "/etc/debian_version" ] ; then
OSLIBS="${OSLIBS} -latomic"
fi
else
${ECHO_CMD}
${ECHO_CMD} "Warning: microhttpd development libraries are not installed properly in required location."
${ECHO_CMD} "Prometheus support will be disabled."
${ECHO_CMD} "See the docs/Prometheus.md file."
${ECHO_CMD}
OSCFLAGS="${OSCFLAGS} -DTURN_NO_PROMETHEUS"
${ECHO_CMD} "Microhttpd lib found."
# Adjustments for Debian
# See: https://github.com/coturn/coturn/pull/754#issuecomment-824693226
if [ -f "/etc/debian_version" ] ; then
OSLIBS="${OSLIBS} -latomic"
fi
else
${ECHO_CMD}
${ECHO_CMD} "Warning: Libpromhttp development libraries are not installed properly in required location."
${ECHO_CMD} "Warning: microhttpd development libraries are not installed properly in required location."
${ECHO_CMD} "Prometheus support will be disabled."
${ECHO_CMD} "See the docs/Prometheus.md file."
${ECHO_CMD}

35
docker/coturn/CHANGELOG.md
View File

@ -4,6 +4,41 @@ Coturn TURN server Docker image changelog
## [4.6.3-r1] · 2025-01-08
[4.6.3-r1]: /../../tree/docker/4.6.3-r1
### Security updated
- [Alpine Linux] 3.21.1: <https://github.com/docker-library/official-images/commit/34b47f1f4bdef69e39ae335e55b0f07af3b4fa18>
- [Debian Linux] "bookworm" 20241223 (12.8): <https://github.com/docker-library/official-images/commit/b6ea0fc48d92a7f6ef631667e82600666be53181>
## [4.6.3-r0] · 2024-12-11
[4.6.3-r0]: /../../tree/docker/4.6.3-r0
### Upgraded
- [Coturn] 4.6.3: <https://github.com/coturn/coturn/blob/4.6.3/ChangeLog>
## [4.6.2-r13] · 2024-12-06
[4.6.2-r13]: /../../tree/docker/4.6.2-r13
### Upgraded
- [Alpine Linux] 3.21: <https://alpinelinux.org/posts/Alpine-3.21.0-released.html>
### Security updated
- [Debian Linux] "bookworm" 20241202 (12.8): <https://github.com/docker-library/official-images/commit/36ffb3d236c35c22922dfeca1844d7ad119b06f5>
## [4.6.2-r12] · 2024-09-09
[4.6.2-r12]: /../../tree/docker/4.6.2-r12

4
docker/coturn/Makefile
View File

@ -24,7 +24,7 @@ dockerify = $(strip $(if $(call eq,$(1),linux/arm32v6),linux/arm/v6,\
# Project parameters #
######################
COTURN_VER ?= 4.6.2
COTURN_VER ?= 4.6.3
COTURN_MIN_VER = $(strip $(shell echo $(COTURN_VER) | cut -d '.' -f1,2))
COTURN_MAJ_VER = $(strip $(shell echo $(COTURN_VER) | cut -d '.' -f1))
@ -34,7 +34,7 @@ ALPINE_VER := alpine$(strip $(shell grep -m1 'alpine_ver=' alpine/Dockerfile \
DEBIAN_VER := $(strip $(shell grep -m1 'debian_ver=' debian/Dockerfile \
| cut -d '=' -f2))
BUILD_REV ?= 12
BUILD_REV ?= 1
NAME := coturn
OWNER := $(or $(GITHUB_REPOSITORY_OWNER),coturn)

4
docker/coturn/README.md
View File

@ -15,8 +15,8 @@ Coturn TURN server Docker image
## Supported tags and respective `Dockerfile` links
- [`4.6.2-r12`, `4.6.2-r12-debian`, `4.6.2`, `4.6.2-debian`, `4.6.2-bookworm`, `4.6`, `4.6-debian`, `4.6-bookworm`, `4`, `4-debian`, `4-bookworm`, `debian`, `bookworm`, `latest`][d1]
- [`4.6.2-r12-alpine`, `4.6.2-alpine`, `4.6.2-alpine3.20`, `4.6-alpine`, `4.6-alpine3.20`, `4-alpine`, `4-alpine3.20`, `alpine`, `alpine3.20`][d2]
- [`4.6.3-r1`, `4.6.3-r1-debian`, `4.6.3`, `4.6.3-debian`, `4.6.3-bookworm`, `4.6`, `4.6-debian`, `4.6-bookworm`, `4`, `4-debian`, `4-bookworm`, `debian`, `bookworm`, `latest`][d1]
- [`4.6.3-r1-alpine`, `4.6.3-alpine`, `4.6.3-alpine3.21`, `4.6-alpine`, `4.6-alpine3.21`, `4-alpine`, `4-alpine3.21`, `alpine`, `alpine3.21`][d2]

16
docker/coturn/alpine/Dockerfile
View File

@ -2,7 +2,7 @@
# Dockerfile of coturn/coturn:alpine Docker image.
#
ARG alpine_ver=3.20
ARG alpine_ver=3.21
@ -46,27 +46,13 @@ RUN mkdir -p /build/prom/build/ && cd /build/prom/build/ \
.. \
&& make
# Build libpromhttp.so from sources.
RUN mkdir -p /build/promhttp/build/ && cd /build/promhttp/build/ \
# Fix compiler warning: -Werror=incompatible-pointer-types
&& sed -i 's/\&promhttp_handler/(MHD_AccessHandlerCallback)\&promhttp_handler/' \
/build/promhttp/src/promhttp.c \
&& TEST=0 cmake -G "Unix Makefiles" \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_SKIP_BUILD_RPATH=TRUE \
-DCMAKE_C_FLAGS="-g -O3" \
.. \
&& make VERBOSE=1
# Install prometheus-client-c.
RUN LIBS_DIR=/out/$(dirname $(find /usr/ -name libc.so)) \
&& mkdir -p $LIBS_DIR/ \
&& cp -rf /build/prom/build/libprom.so \
/build/promhttp/build/libpromhttp.so \
$LIBS_DIR/ \
&& mkdir -p /out/usr/include/ \
&& cp -rf /build/prom/include/* \
/build/promhttp/include/* \
/out/usr/include/ \
# Preserve license file.
&& mkdir -p /out/usr/share/licenses/prometheus-client-c/ \

14
docker/coturn/debian/Dockerfile
View File

@ -46,27 +46,13 @@ RUN mkdir -p /build/prom/build/ && cd /build/prom/build/ \
.. \
&& make
# Build libpromhttp.so from sources.
RUN mkdir -p /build/promhttp/build/ && cd /build/promhttp/build/ \
# Fix compiler warning: -Werror=incompatible-pointer-types
&& sed -i 's/\&promhttp_handler/(MHD_AccessHandlerCallback)\&promhttp_handler/' \
/build/promhttp/src/promhttp.c \
&& TEST=0 cmake -G "Unix Makefiles" \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_SKIP_BUILD_RPATH=TRUE \
-DCMAKE_C_FLAGS="-g -O3" \
.. \
&& make VERBOSE=1
# Install prometheus-client-c.
RUN LIBS_DIR=/out/$(dirname $(find /usr/ -name libc.so)) \
&& mkdir -p $LIBS_DIR/ \
&& cp -rf /build/prom/build/libprom.so \
/build/promhttp/build/libpromhttp.so \
$LIBS_DIR/ \
&& mkdir -p /out/usr/include/ \
&& cp -rf /build/prom/include/* \
/build/promhttp/include/* \
/out/usr/include/ \
# Preserve license file.
&& mkdir -p /out/usr/share/licenses/prometheus-client-c/ \

6
docker/coturn/turnserver.conf
View File

@ -601,14 +601,14 @@ syslog
#
#stun-only
# Option to hide software version. Enhance security when used in production.
# Option to show software version - disabled by default.
# Revealing the specific software version of the agent through the
# SOFTWARE attribute might allow them to become more vulnerable to
# attacks against software that is known to contain security holes.
# Implementers SHOULD make usage of the SOFTWARE attribute a
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
# configurable option (https://datatracker.ietf.org/doc/html/rfc8489#section-16.1.2)
#
#no-software-attribute
#software-attribute
# Option to suppress STUN functionality, only TURN requests will be processed.
# Run as TURN server only, all STUN requests will be ignored.

10
examples/etc/turnserver.conf
View File

@ -213,6 +213,16 @@
#
#prometheus
# Enable labeling prometheus traffic metrics with client usernames.
# Labeling with client usernames is disabled by default, because this may cause memory
# leaks when using authentication with ephemeral usernames (e.g. TURN REST API).
#
#prometheus-username-labels
# Prometheus listener port (Default: 9641).
#
#prometheus-port=9641
# TURN REST API flag.
# (Time Limited Long Term Credential)
# Flag that sets a special authorization option that is based upon authentication secret.

18
examples/run_tests.sh
View File

@ -1,14 +1,20 @@
#!/bin/bash
# Detect cmake build and adjust path
BINDIR="../bin"
if [ ! -f $BINDIR/turnserver ]; then
BINDIR="../build/bin"
fi
echo 'Running turnserver'
../bin/turnserver --use-auth-secret --static-auth-secret=secret --realm=north.gov --allow-loopback-peers --no-cli --cert ../examples/ca/turn_server_cert.pem --pkey ../examples/ca/turn_server_pkey.pem > /dev/null &
$BINDIR/turnserver --use-auth-secret --static-auth-secret=secret --realm=north.gov --allow-loopback-peers --no-cli --cert ../examples/ca/turn_server_cert.pem --pkey ../examples/ca/turn_server_pkey.pem > /dev/null &
echo 'Running peer client'
../bin/turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 > /dev/null &
$BINDIR/turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 > /dev/null &
sleep 2
echo 'Running turn client TCP'
../bin/turnutils_uclient -t -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
$BINDIR/turnutils_uclient -t -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
if [ $? -eq 0 ]; then
echo OK
else
@ -17,7 +23,7 @@ else
fi
echo 'Running turn client TLS'
../bin/turnutils_uclient -t -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
$BINDIR/turnutils_uclient -t -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
if [ $? -eq 0 ]; then
echo OK
else
@ -26,7 +32,7 @@ else
fi
echo 'Running turn client UDP'
../bin/turnutils_uclient -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
$BINDIR/turnutils_uclient -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
if [ $? -eq 0 ]; then
echo OK
else
@ -35,7 +41,7 @@ else
fi
echo 'Running turn client DTLS'
../bin/turnutils_uclient -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
$BINDIR/turnutils_uclient -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
if [ $? -eq 0 ]; then
echo OK
else

35
examples/run_tests_conf.sh
View File

@ -1,22 +1,29 @@
#!/bin/bash
echo 'Create turnserver.conf file'
echo "use-auth-secret" > ../bin/turnserver.conf
echo "static-auth-secret=secret" >> ../bin/turnserver.conf
echo "realm=north.gov" >> ../bin/turnserver.conf
echo "allow-loopback-peers" >> ../bin/turnserver.conf
echo "no-cli" >> ../bin/turnserver.conf
echo "cert=../examples/ca/turn_server_cert.pem" >> ../bin/turnserver.conf
echo "pkey=../examples/ca/turn_server_pkey.pem" >> ../bin/turnserver.conf
# Detect cmake build and adjust path
BINDIR="../bin"
if [ ! -f $BINDIR/turnserver ]; then
BINDIR="../build/bin"
fi
echo "Creating $BINDIR/turnserver.conf file"
echo "use-auth-secret" > $BINDIR/turnserver.conf
echo "static-auth-secret=secret" >> $BINDIR/turnserver.conf
echo "realm=north.gov" >> $BINDIR/turnserver.conf
echo "allow-loopback-peers" >> $BINDIR/turnserver.conf
echo "no-cli" >> $BINDIR/turnserver.conf
echo "cert=../examples/ca/turn_server_cert.pem" >> $BINDIR/turnserver.conf
echo "pkey=../examples/ca/turn_server_pkey.pem" >> $BINDIR/turnserver.conf
echo 'Running turnserver'
../bin/turnserver -c ../bin/turnserver.conf > /dev/null &
$BINDIR/turnserver -c $BINDIR/turnserver.conf > /dev/null &
echo 'Running peer client'
../bin/turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 > /dev/null &
$BINDIR/turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 > /dev/null &
sleep 2
echo 'Running turn client TCP'
../bin/turnutils_uclient -t -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
$BINDIR/turnutils_uclient -t -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
if [ $? -eq 0 ]; then
echo OK
else
@ -25,7 +32,7 @@ else
fi
echo 'Running turn client TLS'
../bin/turnutils_uclient -t -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
$BINDIR/turnutils_uclient -t -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
if [ $? -eq 0 ]; then
echo OK
else
@ -34,7 +41,7 @@ else
fi
echo 'Running turn client UDP'
../bin/turnutils_uclient -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
$BINDIR/turnutils_uclient -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
if [ $? -eq 0 ]; then
echo OK
else
@ -43,7 +50,7 @@ else
fi
echo 'Running turn client DTLS'
../bin/turnutils_uclient -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
$BINDIR/turnutils_uclient -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
if [ $? -eq 0 ]; then
echo OK
else

73
examples/run_tests_prom.sh Executable file
View File

@ -0,0 +1,73 @@
#!/bin/bash
# Detect cmake build and adjust path
BINDIR="../bin"
if [ ! -f $BINDIR/turnserver ]; then
BINDIR="../build/bin"
fi
function assert_prom_no_response() {
wget --quiet --output-document=/dev/null --tries=1 "$1"
status="$?"
if [ "$status" -eq 0 ]; then
echo FAIL
exit 1
else
echo OK
fi
}
function assert_prom_response() {
# Match something that looks like the expected body
wget --quiet --output-document=- --tries=1 "$1" | grep 'TYPE\|HELP\|counter\|gauge' >/dev/null
status="$?"
if [ "$status" -eq 0 ]; then
echo OK
else
echo FAIL
exit "$status"
fi
}
echo "Running without prometheus"
$BINDIR/turnserver /dev/null &
turnserver_pid="$!"
sleep 2
assert_prom_no_response "http://localhost:9641/metrics"
kill "$turnserver_pid"
echo "Running turnserver with prometheus, using defaults"
$BINDIR/turnserver --prometheus > /dev/null &
turnserver_pid="$!"
sleep 2
assert_prom_response "http://localhost:9641/metrics"
kill "$turnserver_pid"
echo "Running turnserver with prometheus, using custom address"
$BINDIR/turnserver --prometheus --prometheus-address="127.0.0.1" > /dev/null &
turnserver_pid="$!"
sleep 2
assert_prom_response "http://127.0.0.1:9641/metrics"
kill "$turnserver_pid"
echo "Running turnserver with prometheus, using custom port"
$BINDIR/turnserver --prometheus --prometheus-port="8080" > /dev/null &
turnserver_pid="$!"
sleep 2
assert_prom_response "http://localhost:8080/metrics"
kill "$turnserver_pid"
echo "Running turnserver with prometheus, using custom address and port"
$BINDIR/turnserver --prometheus --prometheus-address="127.0.0.1" --prometheus-port="8080" > /dev/null &
turnserver_pid="$!"
sleep 2
assert_prom_response "http://127.0.0.1:8080/metrics"
kill "$turnserver_pid"
echo "Running turnserver with prometheus, using custom path"
$BINDIR/turnserver --prometheus --prometheus-path="/coturn/metrics" > /dev/null &
turnserver_pid="$!"
sleep 2
assert_prom_response "http://localhost:9641/coturn/metrics"
kill "$turnserver_pid"

2
examples/scripts/pack.sh
View File

@ -2,7 +2,7 @@
# Run it from the root of the coturn source tree
V=4.5.2
V=4.6.3
PACKDIR=`pwd`/../coturn-releases/
SRCDIR=`pwd`

2
rpm/build.settings.sh
View File

@ -2,7 +2,7 @@
# Common settings script.
TURNVERSION=4.5.2
TURNVERSION=4.6.3
BUILDDIR=~/rpmbuild
ARCH=`uname -p`

2
rpm/turnserver.spec
View File

@ -1,5 +1,5 @@
Name: turnserver
Version: 4.6.2
Version: 4.6.3
Release: 0%{dist}
Summary: Coturn TURN Server

175
scripts/install_coturn_on_aws_ec2.sh Normal file
View File

@ -0,0 +1,175 @@
#!/bin/bash
#####################################################################################
############## purpose : install coturn as a server ########
############## verification on aws : tested & verified on aws ec2 ########
############## platform : aws ec2 ########
############## aws ubuntu version : ubuntu 22.04 LTS ########
############## coturn base version : 4.6.3 ########
############## dependent tools : installs prometheus client as well ########
############## file permissions : chmod 777 install_coturn_on_aws_ec2.sh #####
############## run command : ./install_coturn_on_aws_ec2.sh ########
############## developer : hariprasad.t@samsung.com ########
#####################################################################################
coturn_package="https://github.com/coturn/coturn/archive/refs/tags/4.6.3.tar.gz"
coturn_version="4.6.3"
if [ "$#" -eq 0 ]
then
echo "coturn version is not supplied as argument, installing below version as default."
echo "default coturn package: $coturn_package"
else
coturn_package="https://github.com/coturn/coturn/archive/refs/tags/$1.tar.gz"
coturn_version="$1"
echo "installing coturn package: $coturn_package"
fi
echo "--------> this script installs coturn server version $1 on aws ec2 instance..."
echo "--------> create user turnserver..."
sudo adduser --gecos "" --disabled-password turnserver
echo "--------> updating packages..."
sudo DEBIAN_FRONTEND=noninteractive apt-get -y update
sudo DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
### install all dependent packages
echo "--------> installing dependent packages..."
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y gcc make openssl-dev build-essential pkg-config libsystemd-dev musl-dev sqlite
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y libssl-dev libsqlite3-dev libevent-dev libpq-dev libmysqlclient-dev libhiredis-dev libmicrohttpd-dev
### download prometheus client libraries
echo "--------> installing prometheus client..."
wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb
wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libpromhttp-dev-0.1.3-Linux.deb
sudo dpkg -i prometheus-client/libprom-dev-0.1.3-Linux.deb
sudo dpkg -i prometheus-client/libpromhttp-dev-0.1.3-Linux.deb
### download coturn source code
echo "--------> downloading coturn $coturn_package"
wget "$coturn_package"
tar -xf "$coturn_version.tar.gz"
cd "coturn-$coturn_version"
./configure
### compile & install coturn
make
echo "--------> installing coturn ..."
sudo make install
sudo bash -c "cat > /etc/default/coturn << EOL
TURNSERVER_ENABLED=1
EXTRA_OPTIONS=-v
EOL"
echo "--------> generating random key for realm..."
secret_key=$(bash -c 'openssl rand -hex 32')
### fetch ec2 public ip and private ip using metadata token (applicable for v2 version of metadata)
echo "--------> retrieving public & private ips of ec2 instance..."
aws_token=$(bash -c 'curl -s -X PUT "http://instance-data/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"')
public_ip=$(bash -c 'curl -s -H "X-aws-ec2-metadata-token:'$aws_token'" -X GET "http://instance-data/latest/meta-data/public-ipv4"')
private_ip=$(bash -c 'curl -s -H "X-aws-ec2-metadata-token:'$aws_token'" -X GET "http://instance-data/latest/meta-data/local-ipv4"')
echo "--------> public ip: $public_ip, private ip: $private_ip"
sudo bash -c "mv /etc/turnserver.conf /etc/turnserver.conf.original"
### create configuration file for coturn with basic expected parameters
### change below values as per your requirement.. like ports, username, password, etc.
echo "--------> applying new config changes..."
sudo bash -c "cat > /etc/turnserver.conf << EOL
listening-port=3478
tls-listening-port=5349
# allow only TLSv1.2+
no-tlsv1
no-tlsv1_1
userdb=/usr/local/var/db/turndb
no-cli
min-port=45000
max-port=65535
log-file=/var/log/turnserver/turnserver.log
verbose
fingerprint
realm=${secret_key}
lt-cred-mech
user=username:password
external-ip=${public_ip}/${private_ip}
new-log-timestamp
new-log-timestamp-format \"%FT%T%z\"
log-binding
prometheus
EOL"
### make coturn as auto recoverable by making it as a service
sudo bash -c "cat > /lib/systemd/system/coturn.service << EOL
[Unit]
Description=coTURN STUN Server
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=network.target
[Service]
User=turnserver
Group=turnserver
Type=notify
EnvironmentFile=/etc/default/coturn
ExecStart=/usr/local/bin/turnserver -c /etc/turnserver.conf --pidfile=
Restart=on-failure
InaccessibleDirectories=/home
PrivateTmp=yes
LimitCORE=infinity
LimitNOFILE=1000000
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
[Install]
WantedBy=multi-user.target
EOL"
### memory based database configurations
sudo bash -c "sudo mkdir -p /var/lib/turn/turndb"
sudo bash -c "sudo chown turnserver:turnserver /var/lib/turn/turndb"
### apply log rotation policy to avoid "disk full" issues
echo "--------> setting log rotation policy..."
sudo bash -c "sudo mkdir -p /var/log/turnserver"
sudo bash -c "sudo chown turnserver:turnserver /var/log/turnserver"
sudo bash -c "cat > /etc/logrotate.d/coturn << EOL
/var/log/turnserver/*.log
{
rotate 7
daily
missingok
notifempty
compress
postrotate
/bin/systemctl kill -s HUP coturn.service
endscript
}
EOL"
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
#Running coTURN on privileged port 443
sudo bash -c "setcap cap_net_bind_service=+ep /usr/local/bin/turnserver"
sudo bash -c "sudo chown turnserver:turnserver /etc/default/coturn"
sudo bash -c "sudo chown turnserver:turnserver /etc/turnserver.conf"
echo "--------> starting coturn as a service..."
sudo systemctl enable coturn.service
sudo systemctl daemon-reload
sudo systemctl restart coturn.service
echo "--------> coturn is running successfully..."
####
echo "------ verification steps after installation -------"
echo "a. check with command: ps -eaf | grep turnserver"
echo "b. check with command: systemctl status coturn"
echo "c. check configuration: cat /etc/turnserver.conf"
echo "----------------------------------------------------"
####

4
src/apps/common/apputils.c
View File

@ -903,7 +903,7 @@ char *dirname(char *path) {
* \return
*/
static char *_WTA(__in wchar_t *pszInBuf, __in int nInSize, __out char **pszOutBuf, __out int *pnOutSize) {
if (!pszInBuf || !pszOutBuf || !*pszOutBuf || !pnOutSize || nInSize <= 0) {
if (!pszInBuf || !pszOutBuf || !pnOutSize || nInSize <= 0) {
return NULL;
}
*pnOutSize = WideCharToMultiByte((UINT)0, (DWORD)0, pszInBuf, nInSize, NULL, 0, NULL, NULL);
@ -1332,7 +1332,7 @@ void build_base64_decoding_table(void) {
char *table = (char *)calloc(256, sizeof(char));
for (char i = 0; i < 64; i++) {
for (size_t i = 0; i < 64; i++) {
table[(unsigned char)encoding_table[i]] = i;
}
decoding_table = table;

58
src/apps/common/apputils.h
View File

@ -55,85 +55,35 @@ extern "C" {
extern int IS_TURN_SERVER;
/* ALPN */
#define OPENSSL_FIRST_ALPN_VERSION (0x10002003L)
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
#define ALPN_SUPPORTED 1
#else
#define ALPN_SUPPORTED 0
#endif
/* TLS */
#if defined(TURN_NO_TLS)
#define TLS_SUPPORTED 0
#define TLSv1_1_SUPPORTED 0
#define TLSv1_2_SUPPORTED 0
#else
#define TLS_SUPPORTED 1
#if defined(SSL_OP_NO_TLSv1_1)
#define TLSv1_1_SUPPORTED 1
#else
#define TLSv1_1_SUPPORTED 0
#endif
#if defined(SSL_OP_NO_TLSv1_2)
#define TLSv1_2_SUPPORTED 1
#else
#define TLSv1_2_SUPPORTED 0
#endif
#if defined(SSL_OP_NO_TLSv1_3)
#define TLSv1_3_SUPPORTED 1
#else
#define TLSv1_3_SUPPORTED 0
#endif
#endif
#if defined(TURN_NO_DTLS) || (!defined(DTLS_CTRL_LISTEN) && (OPENSSL_VERSION_NUMBER < 0x10100000L))
#if defined(TURN_NO_DTLS)
#define DTLS_SUPPORTED 0
#define DTLSv1_2_SUPPORTED 0
#else
#define DTLS_SUPPORTED 1
#if defined(SSL_OP_NO_DTLSv1_2)
#define DTLSv1_2_SUPPORTED 1
#else
#define DTLSv1_2_SUPPORTED 0
#endif
#endif
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
#define SSL_SESSION_ECDH_AUTO_SUPPORTED 1
#else
#define SSL_SESSION_ECDH_AUTO_SUPPORTED 0
#endif
/////////// SSL //////////////////////////
// clang-format off
enum _TURN_TLS_TYPE {
TURN_TLS_NO = 0,
TURN_TLS_SSL23,
TURN_TLS_v1_0,
#if TLSv1_1_SUPPORTED
TURN_TLS_v1_1,
#if TLSv1_2_SUPPORTED
TURN_TLS_v1_2,
#endif
#endif
TURN_TLS_v1_3,
TURN_TLS_TOTAL
};
// clang-format on
typedef enum _TURN_TLS_TYPE TURN_TLS_TYPE;

18
src/apps/relay/CMakeLists.txt
View File

@ -75,7 +75,7 @@ else()
list(APPEND turnserver_DEFINED TURN_NO_MYSQL)
endif()
if(WIN32)
if(WIN32 OR APPLE)
find_package(mongoc-1.0)
if(mongoc-1.0_FOUND)
list(APPEND turnserver_LIBS mongo::mongoc_shared)
@ -87,24 +87,24 @@ if(WIN32)
else()
find_package(mongo)
if(mongo_FOUND)
list(APPEND turnserver_LIBS mongo)
list(APPEND SOURCE_FILES dbdrivers/dbd_mongo.c)
list(APPEND turnserver_LIBS mongo)
list(APPEND SOURCE_FILES dbdrivers/dbd_mongo.c)
list(APPEND HEADER_FILES dbdrivers/dbd_mongo.h)
else()
list(APPEND turnserver_DEFINED TURN_NO_MONGO)
list(APPEND turnserver_DEFINED TURN_NO_MONGO)
endif()
endif()
find_package(hiredis)
if(hiredis_FOUND)
list(APPEND turnserver_LIBS hiredis::hiredis)
pkg_check_modules(HIREDIS IMPORTED_TARGET hiredis)
if(HIREDIS_FOUND)
list(APPEND turnserver_LIBS PkgConfig::HIREDIS)
list(APPEND SOURCE_FILES hiredis_libevent2.c dbdrivers/dbd_redis.c)
list(APPEND HEADER_FILES hiredis_libevent2.h dbdrivers/dbd_redis.h)
else()
list(APPEND turnserver_DEFINED TURN_NO_HIREDIS)
endif()
if(UNIX)
if(UNIX AND (NOT APPLE))
find_package(libsystemd)
if(NOT libsystemd_FOUND)
list(APPEND turnserver_DEFINED TURN_NO_SYSTEMD)
@ -119,7 +119,7 @@ if(Prometheus_FOUND)
list(APPEND turnserver_include_dirs ${Prometheus_INCLUDE_DIRS})
else()
message(AUTHOR_WARNING "Could not find prometheus. Please install "
"prom, promhttp, microhttpd, and set Prometheus_ROOT. "
"prom, microhttpd, and set Prometheus_ROOT. "
"See docs/Prometheus.md")
list(APPEND turnserver_DEFINED TURN_NO_PROMETHEUS)
endif()

4
src/apps/relay/dbdrivers/dbd_mysql.c
View File

@ -106,12 +106,8 @@ char *decryptPassword(char *in, const unsigned char *mykey) {
struct ctr_state state;
init_ctr(&state, iv);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
CRYPTO_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num,
(block128_f)AES_encrypt);
#else
AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num);
#endif
strcat(last, (char *)outdata);
out = (char *)malloc(sizeof(char) * (strlen(last) + 1)); // add 1 to allocate space for terminating '\0'

34
src/apps/relay/dbdrivers/dbd_redis.c
View File

@ -49,6 +49,7 @@ static void turnFreeRedisReply(void *reply) {
struct _Ryconninfo {
char *host;
char *dbname;
char *user;
char *password;
unsigned int connect_timeout;
unsigned int port;
@ -64,6 +65,9 @@ static void RyconninfoFree(Ryconninfo *co) {
if (co->dbname) {
free(co->dbname);
}
if (co->user) {
free(co->user);
}
if (co->password) {
free(co->password);
}
@ -117,13 +121,13 @@ static Ryconninfo *RyconninfoParse(const char *userdb, char **errmsg) {
} else if (!strcmp(s, "database")) {
co->dbname = strdup(seq + 1);
} else if (!strcmp(s, "user")) {
;
co->user = strdup(seq + 1);
} else if (!strcmp(s, "uname")) {
;
co->user = strdup(seq + 1);
} else if (!strcmp(s, "name")) {
;
co->user = strdup(seq + 1);
} else if (!strcmp(s, "username")) {
;
co->user = strdup(seq + 1);
} else if (!strcmp(s, "password")) {
co->password = strdup(seq + 1);
} else if (!strcmp(s, "pwd")) {
@ -162,9 +166,6 @@ static Ryconninfo *RyconninfoParse(const char *userdb, char **errmsg) {
if (!(co->host)) {
co->host = strdup("127.0.0.1");
}
if (!(co->password)) {
co->password = strdup("");
}
}
return co;
@ -224,8 +225,12 @@ redis_context_handle get_redis_async_connection(struct event_base *base, redis_s
if (!rc) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot initialize Redis DB async connection\n");
} else {
if (co->password) {
turnFreeRedisReply(redisCommand(rc, "AUTH %s", co->password));
if (co->password && strlen(co->password)) {
if (co->user && strlen(co->user)) {
turnFreeRedisReply(redisCommand(rc, "AUTH %s %s", co->user, co->password));
} else {
turnFreeRedisReply(redisCommand(rc, "AUTH %s", co->password));
}
}
if (co->dbname) {
turnFreeRedisReply(redisCommand(rc, "select %s", co->dbname));
@ -267,7 +272,7 @@ redis_context_handle get_redis_async_connection(struct event_base *base, redis_s
}
}
ret = redisLibeventAttach(base, co->host, co->port, co->password, atoi(co->dbname));
ret = redisLibeventAttach(base, co->host, co->port, co->user, co->password, atoi(co->dbname));
if (!ret) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot initialize Redis DB connection\n");
@ -347,8 +352,13 @@ static redisContext *get_redis_connection(void) {
}
redisFree(redisconnection);
redisconnection = NULL;
} else if (co->password) {
void *reply = redisCommand(redisconnection, "AUTH %s", co->password);
} else if (co->password && strlen(co->password)) {
void *reply;
if (co->user && strlen(co->user)) {
reply = redisCommand(redisconnection, "AUTH %s %s", co->user, co->password);
} else {
reply = redisCommand(redisconnection, "AUTH %s", co->password);
}
if (!reply) {
if (redisconnection->err && redisconnection->errstr[0]) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Redis: %s\n", redisconnection->errstr);

19
src/apps/relay/dtls_listener.c
View File

@ -201,12 +201,7 @@ static int generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie
return 1;
}
static int verify_cookie(SSL *ssl,
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
const
#endif
unsigned char *cookie,
unsigned int cookie_len) {
static int verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len) {
unsigned int resultlength = 0;
unsigned char result[COOKIE_SECRET_LENGTH];
@ -284,14 +279,8 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty
SSL_set_bio(connecting_ssl, NULL, wbio);
SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
#endif
#else
#if defined(SSL_OP_NO_RENEGOTIATION)
| SSL_OP_NO_RENEGOTIATION
#endif
#endif
);
SSL_set_max_cert_list(connecting_ssl, 655350);
@ -555,14 +544,8 @@ static int create_new_connected_udp_socket(dtls_listener_relay_server_type *serv
SSL_set_bio(connecting_ssl, NULL, wbio);
SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
#endif
#else
#if defined(SSL_OP_NO_RENEGOTIATION)
| SSL_OP_NO_RENEGOTIATION
#endif
#endif
);

30
src/apps/relay/hiredis_libevent2.c
View File

@ -50,6 +50,7 @@ struct redisLibeventEvents {
int rev_set, wev_set;
char *ip;
int port;
char *user;
char *pwd;
int db;
};
@ -212,7 +213,7 @@ void send_message_to_redis(redis_context_handle rch, const char *command, const
///////////////////////// Attach /////////////////////////////////
redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int port0, char *pwd, int db) {
redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int port0, char *user, char *pwd, int db) {
char ip[256];
if (ip0 && ip0[0]) {
@ -246,6 +247,9 @@ redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int
e->base = base;
e->ip = strdup(ip);
e->port = port;
if (user) {
e->user = strdup(user);
}
if (pwd) {
e->pwd = strdup(pwd);
}
@ -274,9 +278,15 @@ redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int
e->wev_set = 1;
// Authentication
if (redis_le_valid(e) && pwd) {
if (redisAsyncCommand(ac, NULL, e, "AUTH %s", pwd) != REDIS_OK) {
e->invalid = 1;
if (redis_le_valid(e) && pwd && strlen(pwd)) {
if (user && strlen(user)) {
if (redisAsyncCommand(ac, NULL, e, "AUTH %s %s", e->user, e->pwd) != REDIS_OK) {
e->invalid = 1;
}
} else {
if (redisAsyncCommand(ac, NULL, e, "AUTH %s", e->pwd) != REDIS_OK) {
e->invalid = 1;
}
}
}
@ -349,9 +359,15 @@ static void redis_reconnect(struct redisLibeventEvents *e) {
e->invalid = 0;
// Authentication
if (redis_le_valid(e) && e->pwd) {
if (redisAsyncCommand(ac, NULL, e, "AUTH %s", e->pwd) != REDIS_OK) {
e->invalid = 1;
if (redis_le_valid(e) && e->pwd && strlen(e->pwd)) {
if (e->user && strlen(e->user)) {
if (redisAsyncCommand(ac, NULL, e, "AUTH %s %s", e->user, e->pwd) != REDIS_OK) {
e->invalid = 1;
}
} else {
if (redisAsyncCommand(ac, NULL, e, "AUTH %s", e->pwd) != REDIS_OK) {
e->invalid = 1;
}
}
}

2
src/apps/relay/hiredis_libevent2.h
View File

@ -48,7 +48,7 @@ typedef void *redis_context_handle;
#if !defined(TURN_NO_HIREDIS)
redis_context_handle redisLibeventAttach(struct event_base *base, char *ip, int port, char *pwd, int db);
redis_context_handle redisLibeventAttach(struct event_base *base, char *ip, int port, char *user, char *pwd, int db);
void send_message_to_redis(redis_context_handle rch, const char *command, const char *key, const char *format, ...);

233
src/apps/relay/mainrelay.c
View File

@ -40,10 +40,6 @@
#define MAX_TRIES 3
#endif
#if (!defined OPENSSL_VERSION_1_1_1)
#define OPENSSL_VERSION_1_1_1 0x10101000L
#endif
////// TEMPORARY data //////////
static int use_lt_credentials = 0;
@ -55,14 +51,10 @@ static int use_tltc = 0;
////// ALPN //////////
#if ALPN_SUPPORTED
char STUN_ALPN[128] = "stun.nat-discovery";
char TURN_ALPN[128] = "stun.turn";
char HTTP_ALPN[128] = "http/1.1";
#endif
////// TURNDB //////////////
#if defined(Q)
@ -121,7 +113,7 @@ turn_params_t turn_params = {
//////////////// Common params ////////////////////
TURN_VERBOSE_NONE, /* verbose */
0, /* turn_daemon */
0, /* no_software_attribute */
false, /* software_attribute */
0, /* web_admin_listen_on_workers */
0, /* do_not_use_config_file */
@ -188,7 +180,8 @@ turn_params_t turn_params = {
{NULL, 0, {0, NULL}}, /*tls_alternate_servers_list*/
/////////////// stop server ////////////////
0, /*stop_turn_server*/
false, /*drain_turn_server*/
false, /*stop_turn_server*/
/////////////// MISC PARAMS ////////////////
0, /* stun_only */
@ -211,6 +204,8 @@ turn_params_t turn_params = {
0, /* user_quota */
0, /* prometheus disabled by default */
DEFAULT_PROM_SERVER_PORT, /* prometheus port */
"", /* prometheus address */
"/metrics", /* prometheus path */
0, /* prometheus username labelling disabled by default when prometheus is enabled */
///////////// Users DB //////////////
@ -262,6 +257,7 @@ static void read_config_file(int argc, char **argv, int pass);
static void reload_ssl_certs(evutil_socket_t sock, short events, void *args);
static void shutdown_handler(evutil_socket_t sock, short events, void *args);
static void drain_handler(evutil_socket_t sock, short events, void *args);
//////////////////////////////////////////////////
@ -1026,7 +1022,8 @@ static char Usage[] =
" -v, --verbose 'Moderate' verbose mode.\n"
" -V, --Verbose Extra verbose mode, very annoying (for debug purposes only).\n"
" -o, --daemon Start process as daemon (detach from current shell).\n"
" --no-software-attribute Production mode: hide the software version (formerly --prod).\n"
" --no-software-attribute DEPRECATED Production mode: hide the software version.\n"
" --software-attribute Enable sending software attribute (for debugging).\n"
" -f, --fingerprint Use fingerprints in the TURN messages.\n"
" -a, --lt-cred-mech Use the long-term credential mechanism.\n"
" -z, --no-auth Do not use any credential mechanism, allow anonymous access.\n"
@ -1136,6 +1133,8 @@ static char Usage[] =
"enabled it will listen on port 9641 under the path /metrics\n"
" also the path / on this port can be used as a health check\n"
" --prometheus-port <port> Prometheus metrics port (Default: 9641).\n"
" --prometheus-address <address> Prometheus listening address (Default: any).\n"
" --prometheus-path <path> Prometheus serve path (Default: /metrics).\n"
" --prometheus-username-labels When metrics are enabled, add labels with client usernames.\n"
#endif
" --use-auth-secret TURN REST API flag.\n"
@ -1434,6 +1433,8 @@ enum EXTRA_OPTS {
PERMISSION_LIFETIME_OPT,
PROMETHEUS_OPT,
PROMETHEUS_PORT_OPT,
PROMETHEUS_ADDRESS_OPT,
PROMETHEUS_PATH_OPT,
PROMETHEUS_ENABLE_USERNAMES_OPT,
AUTH_SECRET_OPT,
NO_AUTH_PINGS_OPT,
@ -1441,7 +1442,6 @@ enum EXTRA_OPTS {
NO_DYNAMIC_REALMS_OPT,
DEL_ALL_AUTH_SECRETS_OPT,
STATIC_AUTH_SECRET_VAL_OPT,
AUTH_SECRET_TS_EXP, /* deprecated */
NO_STDOUT_LOG_OPT,
SYSLOG_OPT,
SYSLOG_FACILITY_OPT,
@ -1480,8 +1480,6 @@ enum EXTRA_OPTS {
DH566_OPT,
DH1066_OPT,
NE_TYPE_OPT,
NO_SSLV2_OPT, /*deprecated*/
NO_SSLV3_OPT, /*deprecated*/
NO_TLSV1_OPT,
NO_TLSV1_1_OPT,
NO_TLSV1_2_OPT,
@ -1491,7 +1489,8 @@ enum EXTRA_OPTS {
ADMIN_USER_QUOTA_OPT,
SERVER_NAME_OPT,
OAUTH_OPT,
NO_SOFTWARE_ATTRIBUTE_OPT,
SOFTWARE_ATTRIBUTE_OPT,
DEPRECATED_NO_SOFTWARE_ATTRIBUTE_OPT,
NO_HTTP_OPT,
SECRET_KEY_OPT,
ACME_REDIRECT_OPT,
@ -1554,6 +1553,8 @@ static const struct myoption long_options[] = {
#if !defined(TURN_NO_PROMETHEUS)
{"prometheus", optional_argument, NULL, PROMETHEUS_OPT},
{"prometheus-port", optional_argument, NULL, PROMETHEUS_PORT_OPT},
{"prometheus-address", optional_argument, NULL, PROMETHEUS_ADDRESS_OPT},
{"prometheus-path", optional_argument, NULL, PROMETHEUS_PATH_OPT},
{"prometheus-username-labels", optional_argument, NULL, PROMETHEUS_ENABLE_USERNAMES_OPT},
#endif
{"use-auth-secret", optional_argument, NULL, AUTH_SECRET_OPT},
@ -1561,7 +1562,6 @@ static const struct myoption long_options[] = {
{"no-auth-pings", optional_argument, NULL, NO_AUTH_PINGS_OPT},
{"no-dynamic-ip-list", optional_argument, NULL, NO_DYNAMIC_IP_LIST_OPT},
{"no-dynamic-realms", optional_argument, NULL, NO_DYNAMIC_REALMS_OPT},
/* deprecated: */ {"secret-ts-exp-time", optional_argument, NULL, AUTH_SECRET_TS_EXP},
{"realm", required_argument, NULL, 'r'},
{"server-name", required_argument, NULL, SERVER_NAME_OPT},
{"oauth", optional_argument, NULL, OAUTH_OPT},
@ -1572,8 +1572,8 @@ static const struct myoption long_options[] = {
{"verbose", optional_argument, NULL, 'v'},
{"Verbose", optional_argument, NULL, 'V'},
{"daemon", optional_argument, NULL, 'o'},
/* deprecated: */ {"prod", optional_argument, NULL, NO_SOFTWARE_ATTRIBUTE_OPT},
{"no-software-attribute", optional_argument, NULL, NO_SOFTWARE_ATTRIBUTE_OPT},
/* deprecated: */ {"no-software-attribute", optional_argument, NULL, DEPRECATED_NO_SOFTWARE_ATTRIBUTE_OPT},
{"software-attribute", optional_argument, NULL, SOFTWARE_ATTRIBUTE_OPT},
{"fingerprint", optional_argument, NULL, 'f'},
{"check-origin-consistency", optional_argument, NULL, CHECK_ORIGIN_CONSISTENCY_OPT},
{"no-udp", optional_argument, NULL, NO_UDP_OPT},
@ -1630,8 +1630,6 @@ static const struct myoption long_options[] = {
{"dh566", optional_argument, NULL, DH566_OPT},
{"dh1066", optional_argument, NULL, DH1066_OPT},
{"ne", required_argument, NULL, NE_TYPE_OPT},
{"no-sslv2", optional_argument, NULL, NO_SSLV2_OPT}, /* deprecated */
{"no-sslv3", optional_argument, NULL, NO_SSLV3_OPT}, /* deprecated */
{"no-tlsv1", optional_argument, NULL, NO_TLSV1_OPT},
{"no-tlsv1_1", optional_argument, NULL, NO_TLSV1_1_OPT},
{"no-tlsv1_2", optional_argument, NULL, NO_TLSV1_2_OPT},
@ -1734,12 +1732,8 @@ void encrypt_aes_128(unsigned char *in, const unsigned char *mykey) {
struct ctr_state state;
init_ctr(&state, iv);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
CRYPTO_ctr128_encrypt(in, out, strlen((char *)in), &key, state.ivec, state.ecount, &state.num,
(block128_f)AES_encrypt);
#else
AES_ctr128_encrypt(in, out, strlen((char *)in), &key, state.ivec, state.ecount, &state.num);
#endif
totalSize += strlen((char *)in);
size = strlen((char *)in);
@ -1830,12 +1824,8 @@ void decrypt_aes_128(char *in, const unsigned char *mykey) {
struct ctr_state state;
init_ctr(&state, iv);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
CRYPTO_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num,
(block128_f)AES_encrypt);
#else
AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num);
#endif
strcat(last, (char *)outdata);
printf("%s\n", last);
@ -1914,12 +1904,6 @@ static void set_option(int c, char *value) {
turn_params.oauth = get_bool_value(value);
}
break;
case NO_SSLV2_OPT:
// deprecated
break;
case NO_SSLV3_OPT:
// deprecated
break;
case NO_TLSV1_OPT:
turn_params.no_tlsv1 = get_bool_value(value);
break;
@ -2164,8 +2148,11 @@ static void set_option(int c, char *value) {
anon_credentials = 1;
}
break;
case NO_SOFTWARE_ATTRIBUTE_OPT:
turn_params.no_software_attribute = get_bool_value(value);
case DEPRECATED_NO_SOFTWARE_ATTRIBUTE_OPT:
turn_params.software_attribute = !(bool)get_bool_value(value);
break;
case SOFTWARE_ATTRIBUTE_OPT:
turn_params.software_attribute = (bool)get_bool_value(value);
break;
case 'f':
turn_params.fingerprint = get_bool_value(value);
@ -2217,6 +2204,12 @@ static void set_option(int c, char *value) {
case PROMETHEUS_PORT_OPT:
turn_params.prometheus_port = atoi(value);
break;
case PROMETHEUS_ADDRESS_OPT:
STRCPY(turn_params.prometheus_address, value);
break;
case PROMETHEUS_PATH_OPT:
STRCPY(turn_params.prometheus_path, value);
break;
case PROMETHEUS_ENABLE_USERNAMES_OPT:
turn_params.prometheus_username_labels = 1;
break;
@ -2242,9 +2235,6 @@ static void set_option(int c, char *value) {
turn_params.ct = TURN_CREDENTIALS_LONG_TERM;
use_lt_credentials = 1;
break;
case AUTH_SECRET_TS_EXP:
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: Option --secret-ts-exp-time deprecated and has no effect.\n");
break;
case 'r':
set_default_realm_name(value);
break;
@ -2819,29 +2809,17 @@ static void print_features(unsigned long mfn) {
#if !TLS_SUPPORTED
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS is not supported\n");
#elif TLSv1_3_SUPPORTED
#else
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.3 supported\n");
#elif TLSv1_2_SUPPORTED
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.2 supported\n");
#elif TLSv1_1_SUPPORTED
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.1 supported\n");
#elif TLSv1_SUPPORTED
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.0 supported\n");
#endif
#if !DTLS_SUPPORTED
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS is not supported\n");
#elif DTLSv1_2_SUPPORTED
#else
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS 1.2 supported\n");
#elif DTLS_SUPPORTED
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS supported\n");
#endif
#if ALPN_SUPPORTED
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN supported\n");
#else
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN is not supported\n");
#endif
if (ENC_ALG_NUM == 0) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Third-party authorization (oAuth) is not supported\n");
@ -3032,7 +3010,7 @@ int main(int argc, char **argv) {
return adminmain(argc, argv);
}
memset(&turn_params.default_users_db, 0, sizeof(default_users_db_t));
memset(&turn_params.default_users_db.ram_db, 0, sizeof(ram_users_db_t));
turn_params.default_users_db.ram_db.static_accounts = ur_string_map_create(free);
// Zero pass apply the log options.
@ -3344,6 +3322,8 @@ int main(int argc, char **argv) {
event_add(ev, NULL);
ev = evsignal_new(turn_params.listener.event_base, SIGINT, shutdown_handler, NULL);
event_add(ev, NULL);
ev = evsignal_new(turn_params.listener.event_base, SIGUSR1, drain_handler, NULL);
event_add(ev, NULL);
#endif
drop_privileges();
@ -3359,65 +3339,10 @@ int main(int argc, char **argv) {
////////// OpenSSL locking ////////////////////////////////////////
#if defined(OPENSSL_THREADS)
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
// array larger than anything that OpenSSL may need:
static TURN_MUTEX_DECLARE(mutex_buf[256]);
static int mutex_buf_initialized = 0;
void coturn_locking_function(int mode, int n, const char *file, int line);
void coturn_locking_function(int mode, int n, const char *file, int line) {
UNUSED_ARG(file);
UNUSED_ARG(line);
if (mutex_buf_initialized && (n < CRYPTO_num_locks())) {
if (mode & CRYPTO_LOCK) {
TURN_MUTEX_LOCK(&(mutex_buf[n]));
} else {
TURN_MUTEX_UNLOCK(&(mutex_buf[n]));
}
}
}
void coturn_id_function(CRYPTO_THREADID *ctid);
void coturn_id_function(CRYPTO_THREADID *ctid) {
UNUSED_ARG(ctid);
CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self());
}
static int THREAD_setup(void) {
int i;
for (i = 0; i < CRYPTO_num_locks(); i++) {
TURN_MUTEX_INIT(&(mutex_buf[i]));
}
mutex_buf_initialized = 1;
CRYPTO_THREADID_set_callback(coturn_id_function);
CRYPTO_set_locking_callback(coturn_locking_function);
return 1;
}
int THREAD_cleanup(void) {
int i;
if (!mutex_buf_initialized) {
return 0;
}
CRYPTO_THREADID_set_callback(NULL);
CRYPTO_set_locking_callback(NULL);
for (i = 0; i < CRYPTO_num_locks(); i++) {
TURN_MUTEX_DESTROY(&(mutex_buf[i]));
}
mutex_buf_initialized = 0;
return 1;
}
#else
static int THREAD_setup(void) { return 1; }
int THREAD_cleanup(void);
int THREAD_cleanup(void) { return 1; }
#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */
#endif /* defined(OPENSSL_THREADS) */
static void adjust_key_file_name(char *fn, const char *file_title, int critical) {
@ -3493,16 +3418,7 @@ static DH *get_dh566(void) {
if ((dh = DH_new()) == NULL) {
return (NULL);
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
dh->p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL);
dh->g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) {
DH_free(dh);
return (NULL);
}
#else
DH_set0_pqg(dh, BN_bin2bn(dh566_p, sizeof(dh566_p), NULL), NULL, BN_bin2bn(dh566_g, sizeof(dh566_g), NULL));
#endif
return (dh);
}
@ -3530,16 +3446,7 @@ static DH *get_dh1066(void) {
if ((dh = DH_new()) == NULL) {
return (NULL);
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
dh->p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL);
dh->g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) {
DH_free(dh);
return (NULL);
}
#else
DH_set0_pqg(dh, BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL), NULL, BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL));
#endif
return (dh);
}
@ -3576,16 +3483,7 @@ static DH *get_dh2066(void) {
if ((dh = DH_new()) == NULL) {
return (NULL);
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
dh->p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL);
dh->g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) {
DH_free(dh);
return (NULL);
}
#else
DH_set0_pqg(dh, BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL), NULL, BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL));
#endif
return (dh);
}
@ -3597,8 +3495,6 @@ static int pem_password_func(char *buf, int size, int rwflag, void *password) {
return (strlen(buf));
}
#if ALPN_SUPPORTED
static int ServerALPNCallback(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg) {
@ -3645,18 +3541,12 @@ static int ServerALPNCallback(SSL *ssl, const unsigned char **out, unsigned char
return SSL_TLSEXT_ERR_NOACK; //???
}
#endif
static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *method) {
SSL_CTX *ctx = SSL_CTX_new(method);
int err = 0;
int rc = 0;
#if ALPN_SUPPORTED
SSL_CTX_set_alpn_select_cb(ctx, ServerALPNCallback, NULL);
#endif
SSL_CTX_set_default_passwd_cb_userdata(ctx, turn_params.tls_password);
SSL_CTX_set_default_passwd_cb(ctx, pem_password_func);
if (!(turn_params.cipher_list[0])) {
@ -3669,10 +3559,7 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
SSL_CTX_set_cipher_list(ctx, turn_params.cipher_list);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
#if TLSv1_3_SUPPORTED
SSL_CTX_set_ciphersuites(ctx, turn_params.cipher_list);
#endif
if (!SSL_CTX_use_certificate_chain_file(ctx, turn_params.cert_file)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: no certificate found\n", protocol);
@ -3748,11 +3635,6 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
}
if (set_auto_curve) {
#if SSL_SESSION_ECDH_AUTO_SUPPORTED
#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_CTX_set_ecdh_auto(ctx, 1);
#endif
#endif
set_auto_curve = 0;
}
}
@ -3905,22 +3787,6 @@ static void openssl_load_certificates(void) {
TURN_MUTEX_LOCK(&turn_params.tls_mutex);
if (!turn_params.no_tls) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
set_ctx(&turn_params.tls_ctx, "TLS", TLSv1_2_server_method()); /*openssl-1.0.2 version specific API */
if (turn_params.no_tlsv1) {
SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1);
}
#if TLSv1_1_SUPPORTED
if (turn_params.no_tlsv1_1) {
SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1_1);
}
#if TLSv1_2_SUPPORTED
if (turn_params.no_tlsv1_2) {
SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1_2);
}
#endif
#endif
#else // OPENSSL_VERSION_NUMBER < 0x10100000L
set_ctx(&turn_params.tls_ctx, "TLS", TLS_server_method());
if (turn_params.no_tlsv1) {
SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_1_VERSION);
@ -3928,36 +3794,16 @@ static void openssl_load_certificates(void) {
if (turn_params.no_tlsv1_1) {
SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_2_VERSION);
}
#if TLSv1_3_SUPPORTED
if (turn_params.no_tlsv1_2) {
SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_3_VERSION);
}
#endif
#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS cipher suite: %s\n", turn_params.cipher_list);
}
if (!turn_params.no_dtls) {
#if !DTLS_SUPPORTED
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "ERROR: DTLS is not supported.\n");
#elif OPENSSL_VERSION_NUMBER < 0x10000000L
TURN_LOG_FUNC(
TURN_LOG_LEVEL_WARNING,
"WARNING: TURN Server was compiled with rather old OpenSSL version, DTLS may not be working correctly.\n");
#else
#if OPENSSL_VERSION_NUMBER < 0x10100000L // before openssl-1.1.0 no version independent API
#if DTLSv1_2_SUPPORTED
set_ctx(&turn_params.dtls_ctx, "DTLS", DTLSv1_2_server_method()); // openssl-1.0.2
if (turn_params.no_tlsv1_2) {
SSL_CTX_set_options(turn_params.dtls_ctx, SSL_OP_NO_DTLSv1_2);
}
#else
set_ctx(&turn_params.dtls_ctx, "DTLS", DTLSv1_server_method()); // < openssl-1.0.2
#endif
if (turn_params.no_tlsv1 || turn_params.no_tlsv1_1) {
SSL_CTX_set_options(turn_params.dtls_ctx, SSL_OP_NO_DTLSv1);
}
#else // OPENSSL_VERSION_NUMBER < 0x10100000L
set_ctx(&turn_params.dtls_ctx, "DTLS", DTLS_server_method());
if (turn_params.no_tlsv1 || turn_params.no_tlsv1_1) {
SSL_CTX_set_min_proto_version(turn_params.dtls_ctx, DTLS1_2_VERSION);
@ -3965,7 +3811,6 @@ static void openssl_load_certificates(void) {
if (turn_params.no_tlsv1_2) {
SSL_CTX_set_max_proto_version(turn_params.dtls_ctx, DTLS1_VERSION);
}
#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
setup_dtls_callbacks(turn_params.dtls_ctx);
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS cipher suite: %s\n", turn_params.cipher_list);
#endif
@ -3987,7 +3832,15 @@ static void reload_ssl_certs(evutil_socket_t sock, short events, void *args) {
static void shutdown_handler(evutil_socket_t sock, short events, void *args) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Terminating on signal %d\n", sock);
turn_params.stop_turn_server = 1;
turn_params.stop_turn_server = true;
UNUSED_ARG(events);
UNUSED_ARG(args);
}
static void drain_handler(evutil_socket_t sock, short events, void *args) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Draining then terminating on signal %d\n", sock);
enable_drain_mode();
UNUSED_ARG(events);
UNUSED_ARG(args);

16
src/apps/relay/mainrelay.h
View File

@ -87,9 +87,7 @@
#include <openssl/pem.h>
#include <openssl/ssl.h>
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#include <openssl/modes.h>
#endif
#if !defined(TURN_NO_SYSTEMD)
#include <systemd/sd-daemon.h>
@ -105,12 +103,10 @@ extern "C" {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#define DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
#if TLSv1_3_SUPPORTED
#define DEFAULT_CIPHERSUITES OSSL_default_ciphersuites()
#endif
#else
#define DEFAULT_CIPHER_LIST "DEFAULT"
#if TLSv1_3_SUPPORTED && defined(TLS_DEFAULT_CIPHERSUITES)
#if defined(TLS_DEFAULT_CIPHERSUITES)
#define DEFAULT_CIPHERSUITES TLS_DEFAULT_CIPHERSUITES
#endif
#endif
@ -210,7 +206,7 @@ typedef struct _turn_params_ {
int verbose;
int turn_daemon;
int no_software_attribute;
bool software_attribute;
int web_admin_listen_on_workers;
int do_not_use_config_file;
@ -286,8 +282,9 @@ typedef struct _turn_params_ {
turn_server_addrs_list_t alternate_servers_list;
turn_server_addrs_list_t tls_alternate_servers_list;
/////////////// stop server ////////////////
int stop_turn_server;
/////////////// stop/drain server ////////////////
bool drain_turn_server;
bool stop_turn_server;
////////////// MISC PARAMS ////////////////
@ -311,6 +308,8 @@ typedef struct _turn_params_ {
vint user_quota;
int prometheus;
int prometheus_port;
char prometheus_address[INET6_ADDRSTRLEN];
char prometheus_path[1025];
int prometheus_username_labels;
/////// Users DB ///////////
@ -377,6 +376,7 @@ void send_auth_message_to_auth_server(struct auth_message *am);
void init_listener(void);
void setup_server(void);
void run_listener_server(struct listener_server *ls);
void enable_drain_mode(void);
////////// BPS ////////////////

28
src/apps/relay/netengine.c
View File

@ -33,8 +33,7 @@
#include "ns_turn_ioalib.h"
//////////// Backward compatibility with OpenSSL 1.0.x //////////////
#if (OPENSSL_VERSION_NUMBER < 0x10100001L || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x3040000fL))
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x3040000fL
#define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX)
#endif
@ -1605,6 +1604,11 @@ void run_listener_server(struct listener_server *ls) {
}
}
if (turn_params.drain_turn_server && global_allocation_count == 0) {
turn_params.stop_turn_server = true;
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Drain complete, shutting down now...\n");
}
run_events(ls->event_base, ls->ioa_eng);
rollover_logfile();
@ -1648,12 +1652,12 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
bufferevent_enable(rs->auth_in_buf, EV_READ);
init_turn_server(
&(rs->server), rs->id, turn_params.verbose, rs->ioa_eng, turn_params.ct, 0, turn_params.fingerprint,
&(rs->server), rs->id, turn_params.verbose, rs->ioa_eng, turn_params.ct, turn_params.fingerprint,
DONT_FRAGMENT_SUPPORTED, start_user_check, check_new_allocation_quota, release_allocation_quota,
turn_params.external_ip, &turn_params.check_origin, &turn_params.no_tcp_relay, &turn_params.no_udp_relay,
&turn_params.stale_nonce, &turn_params.max_allocate_lifetime, &turn_params.channel_lifetime,
&turn_params.permission_lifetime, &turn_params.stun_only, &turn_params.no_stun,
&turn_params.no_software_attribute, &turn_params.web_admin_listen_on_workers, &turn_params.alternate_servers_list,
&turn_params.permission_lifetime, &turn_params.stun_only, &turn_params.no_stun, turn_params.software_attribute,
&turn_params.web_admin_listen_on_workers, &turn_params.alternate_servers_list,
&turn_params.tls_alternate_servers_list, &turn_params.aux_servers_list, turn_params.udp_self_balance,
&turn_params.no_multicast_peers, &turn_params.allow_loopback_peers, &turn_params.ip_whitelist,
&turn_params.ip_blacklist, send_socket_to_relay, &turn_params.secure_stun, &turn_params.mobility,
@ -1899,4 +1903,18 @@ void setup_server(void) {
void init_listener(void) { memset(&turn_params.listener, 0, sizeof(struct listener_server)); }
void enable_drain_mode(void) {
// Tell each turn_server we are draining
for (size_t i = 0; i < get_real_general_relay_servers_number(); i++) {
if (general_relay_servers[i]) {
general_relay_servers[i]->server.is_draining = true;
}
}
for (size_t i = 0; i < get_real_udp_relay_servers_number(); i++) {
if (udp_relay_servers[i]) {
udp_relay_servers[i]->server.is_draining = true;
}
}
turn_params.drain_turn_server = true;
}
///////////////////////////////

25
src/apps/relay/ns_ioalib_engine_impl.c
View File

@ -1371,30 +1371,9 @@ ioa_socket_handle create_ioa_socket_from_fd(ioa_engine_handle e, ioa_socket_raw
}
static void ssl_info_callback(SSL *ssl, int where, int ret) {
UNUSED_ARG(ret);
UNUSED_ARG(ssl);
UNUSED_ARG(where);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
if (0 != (where & SSL_CB_HANDSHAKE_START)) {
ioa_socket_handle s = (ioa_socket_handle)SSL_get_app_data(ssl);
if (s) {
++(s->ssl_renegs);
}
} else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
if (ssl->s3) {
ioa_socket_handle s = (ioa_socket_handle)SSL_get_app_data(ssl);
if (s) {
if (s->ssl_renegs > SSL_MAX_RENEG_NUMBER) {
ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
}
}
}
}
#endif
#endif
}
typedef void (*ssl_info_callback_t)(const SSL *ssl, int type, int val);
@ -1835,7 +1814,7 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve
BIO *rbio = BIO_new_mem_buf(buffer, old_buffer_len);
BIO_set_mem_eof_return(rbio, -1);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL)
#if defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL
ssl->rbio = rbio;
#else
SSL_set0_rbio(ssl, rbio);
@ -1934,7 +1913,7 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve
if (ret > 0) {
ioa_network_buffer_add_offset_size(nbh, (uint16_t)buf_size, 0, (size_t)ret);
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL)
#if defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL
ssl->rbio = NULL;
BIO_free(rbio);
#else

72
src/apps/relay/prom_server.c
View File

@ -35,6 +35,42 @@ prom_counter_t *turn_total_traffic_peer_sentb;
prom_gauge_t *turn_total_allocations;
#if MHD_VERSION >= 0x00097002
#define MHD_RESULT enum MHD_Result
#else
#define MHD_RESULT int
#endif
MHD_RESULT promhttp_handler(void *cls, struct MHD_Connection *connection, const char *url, const char *method,
const char *version, const char *upload_data, size_t *upload_data_size, void **con_cls) {
MHD_RESULT ret;
char *body = "not found";
enum MHD_ResponseMemoryMode mode = MHD_RESPMEM_PERSISTENT;
unsigned int status = MHD_HTTP_NOT_FOUND;
if (strcmp(method, "GET") != 0) {
status = MHD_HTTP_METHOD_NOT_ALLOWED;
body = "method not allowed";
} else if (strcmp(url, turn_params.prometheus_path) == 0) {
body = prom_collector_registry_bridge(PROM_COLLECTOR_REGISTRY_DEFAULT);
mode = MHD_RESPMEM_MUST_FREE;
status = MHD_HTTP_OK;
}
struct MHD_Response *response = MHD_create_response_from_buffer(strlen(body), body, mode);
if (response == NULL) {
if (mode == MHD_RESPMEM_MUST_FREE) {
free(body);
}
ret = MHD_NO;
} else {
ret = MHD_queue_response(connection, status, response);
MHD_destroy_response(response);
}
return ret;
}
void start_prometheus_server(void) {
if (turn_params.prometheus == 0) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "prometheus collector disabled, not started\n");
@ -103,13 +139,8 @@ void start_prometheus_server(void) {
turn_total_allocations = prom_collector_registry_must_register_metric(
prom_gauge_new("turn_total_allocations", "Represents current allocations number", 1, typeLabel));
promhttp_set_active_collector_registry(NULL);
// some flags appeared first in microhttpd v0.9.53
unsigned int flags = 0;
if (MHD_is_feature_supported(MHD_FEATURE_IPv6) && is_ipv6_enabled()) {
flags |= MHD_USE_DUAL_STACK;
}
#if MHD_VERSION >= 0x00095300
flags |= MHD_USE_ERROR_LOG;
#endif
@ -127,7 +158,36 @@ void start_prometheus_server(void) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "prometheus exporter server will start using SELECT. "
"The exporter might be unreachable on highly used servers\n");
}
struct MHD_Daemon *daemon = promhttp_start_daemon(flags, turn_params.prometheus_port, NULL, NULL);
ioa_addr server_addr;
addr_set_any(&server_addr);
if (turn_params.prometheus_address[0]) {
if (make_ioa_addr((const uint8_t *)turn_params.prometheus_address, turn_params.prometheus_port, &server_addr) < 0) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "could not parse prometheus collector's server address\n");
return;
}
if (is_ipv6_enabled() && server_addr.ss.sa_family == AF_INET6) {
flags |= MHD_USE_IPv6;
}
} else {
if (MHD_is_feature_supported(MHD_FEATURE_IPv6) && is_ipv6_enabled()) {
flags |= MHD_USE_DUAL_STACK;
server_addr.ss.sa_family = AF_INET6;
server_addr.s6.sin6_port = htons((uint16_t)turn_params.prometheus_port);
} else {
server_addr.ss.sa_family = AF_INET;
server_addr.s4.sin_port = htons((uint16_t)turn_params.prometheus_port);
}
}
uint8_t addr[MAX_IOA_ADDR_STRING];
addr_to_string(&server_addr, addr);
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "prometheus exporter server will listen on %s\n", addr);
struct MHD_Daemon *daemon =
MHD_start_daemon(flags, 0, NULL, NULL, &promhttp_handler, NULL, MHD_OPTION_LISTENING_ADDRESS_REUSE, 1,
MHD_OPTION_SOCK_ADDR, &server_addr, MHD_OPTION_END);
if (daemon == NULL) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "could not start prometheus collector\n");
return;

1
src/apps/relay/prom_server.h
View File

@ -18,7 +18,6 @@ extern "C" {
#endif
#include <microhttpd.h>
#include <prom.h>
#include <promhttp.h>
#ifdef __cplusplus
}
#endif /* __clplusplus */

15
src/apps/relay/turn_admin_server.c
View File

@ -137,6 +137,9 @@ static const char *CLI_HELP_STR[] = {"",
"",
" quit, q, exit, bye - end CLI session",
"",
" drain - drain TURN Server, then shutdown",
" (wait for all allocations to go away, reject new)",
"",
" stop, shutdown, halt - shutdown TURN Server",
"",
" pc - print configuration",
@ -960,7 +963,7 @@ static int run_cli_input(struct cli_session *cs, const char *buf0, unsigned int
if (sl) {
cs->cmds += 1;
if (cli_password[0] && !(cs->auth_completed)) {
if (check_password_equal(cmd, cli_password)) {
if (!check_password_equal(cmd, cli_password)) {
if (cs->cmds >= CLI_PASSWORD_TRY_NUMBER) {
addr_debug_print(1, &(cs->addr), "CLI authentication error");
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "CLI authentication error\n");
@ -980,12 +983,18 @@ static int run_cli_input(struct cli_session *cs, const char *buf0, unsigned int
myprintf(cs, "%s\n", str);
close_cli_session(cs);
ret = -1;
} else if (strcmp(cmd, "drain") == 0) {
addr_debug_print(1, &(cs->addr), "Drain command received from CLI user");
const char *str = "TURN server is draining then shutting down";
myprintf(cs, "%s\n", str);
close_cli_session(cs);
enable_drain_mode();
} else if ((strcmp(cmd, "halt") == 0) || (strcmp(cmd, "shutdown") == 0) || (strcmp(cmd, "stop") == 0)) {
addr_debug_print(1, &(cs->addr), "Shutdown command received from CLI user");
const char *str = "TURN server is shutting down";
myprintf(cs, "%s\n", str);
close_cli_session(cs);
turn_params.stop_turn_server = 1;
turn_params.stop_turn_server = true;
sleep(10);
exit(0);
} else if ((strcmp(cmd, "?") == 0) || (strcmp(cmd, "h") == 0) || (strcmp(cmd, "help") == 0)) {
@ -1649,7 +1658,7 @@ static void https_finish_page(struct str_buffer *sb, ioa_socket_handle s, int cc
str_buffer_append(sb, "</body>\r\n</html>\r\n");
send_str_from_ioa_socket_tcp(s, "HTTP/1.1 200 OK\r\nServer: ");
if (!turn_params.no_software_attribute) {
if (turn_params.software_attribute) {
send_str_from_ioa_socket_tcp(s, TURN_SOFTWARE);
}
send_str_from_ioa_socket_tcp(s, "\r\n");

28
src/apps/relay/userdb.c
View File

@ -68,6 +68,13 @@ static TURN_MUTEX_DECLARE(o_to_realm_mutex);
static ur_string_map *o_to_realm = NULL;
static secrets_list_t realms_list;
#ifndef _MSC_VER
_Atomic
#else
volatile
#endif
size_t global_allocation_count = 0; // used for drain mode, to know when all allocations have gone away
static char userdb_type_unknown[] = "Unknown";
static char userdb_type_sqlite[] = "SQLite";
static char userdb_type_postgresql[] = "PostgreSQL";
@ -683,6 +690,15 @@ int check_new_allocation_quota(uint8_t *user, int oauth, uint8_t *realm) {
free(username);
ur_string_map_unlock(rp->status.alloc_counters);
}
#ifndef _MSC_VER
global_allocation_count++;
TURN_LOG_FUNC(TURN_LOG_LEVEL_DEBUG, "Global turn allocation count incremented, now %ld\n", global_allocation_count);
#else
size_t cur_count = (size_t)InterlockedIncrement((volatile LONG *)&global_allocation_count);
TURN_LOG_FUNC(TURN_LOG_LEVEL_DEBUG, "Global turn allocation count incremented, now %ld\n", cur_count);
#endif
return ret;
}
@ -709,6 +725,18 @@ void release_allocation_quota(uint8_t *user, int oauth, uint8_t *realm) {
ur_string_map_unlock(rp->status.alloc_counters);
free(username);
}
int log_level = TURN_LOG_LEVEL_DEBUG;
if (turn_params.drain_turn_server) {
log_level = TURN_LOG_LEVEL_INFO;
}
#ifndef _MSC_VER
global_allocation_count--;
TURN_LOG_FUNC(log_level, "Global turn allocation count decremented, now %ld\n", global_allocation_count);
#else
size_t cur_count = (size_t)InterlockedDecrement((volatile LONG *)&global_allocation_count);
TURN_LOG_FUNC(log_level, "Global turn allocation count decremented, now %ld\n", cur_count);
#endif
}
//////////////////////////////////

8
src/apps/relay/userdb.h
View File

@ -46,6 +46,14 @@
extern "C" {
#endif
#ifndef _MSC_VER
#include <stdatomic.h>
extern _Atomic
#else
extern volatile
#endif
size_t global_allocation_count;
//////////// REALM //////////////
struct _realm_status_t;

24
src/apps/uclient/mainuclient.c
View File

@ -496,40 +496,16 @@ int main(int argc, char **argv) {
}
if (use_tcp) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if TLSv1_2_SUPPORTED
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_2_client_method());
#elif TLSv1_1_SUPPORTED
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_1_client_method());
#else
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_client_method());
#endif
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
#else // OPENSSL_VERSION_NUMBER >= 0x10100000L
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLS_client_method());
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
#endif
root_tls_ctx_num++;
} else {
#if !DTLS_SUPPORTED
fprintf(stderr, "ERROR: DTLS is not supported.\n");
exit(-1);
#else
#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (OPENSSL_VERSION_NUMBER < 0x10000000L) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING,
"WARNING: OpenSSL version is rather old, DTLS may not be working correctly.\n");
}
#if DTLSv1_2_SUPPORTED
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_2_client_method());
#else
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_client_method());
#endif
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
#else // OPENSSL_VERSION_NUMBER >= 0x10100000L
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLS_client_method());
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
#endif
#endif
root_tls_ctx_num++;
}

4
src/apps/uclient/startuclient.c
View File

@ -55,10 +55,8 @@ static uint64_t current_reservation_token = 0;
static int allocate_rtcp = 0;
static const int never_allocate_rtcp = 0;
#if ALPN_SUPPORTED
static const unsigned char kALPNProtos[] = "\x08http/1.1\x09stun.turn\x12stun.nat-discovery";
static const size_t kALPNProtosLen = sizeof(kALPNProtos) - 1;
#endif
/////////////////////////////////////////
@ -96,9 +94,7 @@ static SSL *tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, bool *try_agai
ssl = SSL_new(root_tls_ctx[ctxtype]);
#if ALPN_SUPPORTED
SSL_set_alpn_protos(ssl, kALPNProtos, kALPNProtosLen);
#endif
if (use_tcp) {
SSL_set_fd(ssl, fd);

12
src/client++/TurnMsgLib.h
View File

@ -731,7 +731,7 @@ protected:
*/
class StunMsgRequest : public StunMsg {
public:
StunMsgRequest(uint16_t method) : _method(method) {};
StunMsgRequest(uint16_t method) : _method(method){};
StunMsgRequest(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
: StunMsg(buffer, total_sz, sz, constructed), _method(0) {
@ -804,11 +804,11 @@ private:
*/
class StunMsgResponse : public StunMsg {
public:
StunMsgResponse(uint16_t method, stun_tid &tid) : _method(method), _err(0), _reason(""), _tid(tid) {};
StunMsgResponse(uint16_t method, stun_tid &tid) : _method(method), _err(0), _reason(""), _tid(tid){};
StunMsgResponse(uint16_t method, int error_code, std::string reason, stun_tid &tid)
: _method(method), _err(error_code), _reason(reason), _tid(tid) {
: _method(method), _err(error_code), _reason(reason), _tid(tid){
};
};
StunMsgResponse(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
: StunMsg(buffer, total_sz, sz, constructed), _method(0), _err(0), _reason("") {
@ -960,7 +960,7 @@ private:
*/
class StunMsgIndication : public StunMsg {
public:
StunMsgIndication(uint16_t method) : _method(method) {};
StunMsgIndication(uint16_t method) : _method(method){};
StunMsgIndication(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
: StunMsg(buffer, total_sz, sz, constructed), _method(0) {
@ -1005,7 +1005,7 @@ private:
*/
class StunMsgChannel : public StunMsg {
public:
StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length) {};
StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length){};
StunMsgChannel(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
: StunMsg(buffer, total_sz, sz, constructed), _cn(0) {

86
src/client/ns_turn_msg.c
View File

@ -187,21 +187,12 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
if (shatype == SHATYPE_SHA256) {
#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
#if OPENSSL_VERSION_NUMBER < 0x10100000L
unsigned int keylen = 0;
EVP_MD_CTX ctx;
EVP_DigestInit(&ctx, EVP_sha256());
EVP_DigestUpdate(&ctx, str, strl);
EVP_DigestFinal(&ctx, key, &keylen);
EVP_MD_CTX_cleanup(&ctx);
#else
unsigned int keylen = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_sha256());
EVP_DigestUpdate(ctx, str, strl);
EVP_DigestFinal(ctx, key, &keylen);
EVP_MD_CTX_free(ctx);
#endif
ret = true;
#else
fprintf(stderr, "SHA256 is not supported\n");
@ -209,21 +200,12 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
#endif
} else if (shatype == SHATYPE_SHA384) {
#if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH)
#if OPENSSL_VERSION_NUMBER < 0x10100000L
unsigned int keylen = 0;
EVP_MD_CTX ctx;
EVP_DigestInit(&ctx, EVP_sha384());
EVP_DigestUpdate(&ctx, str, strl);
EVP_DigestFinal(&ctx, key, &keylen);
EVP_MD_CTX_cleanup(&ctx);
#else
unsigned int keylen = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_sha384());
EVP_DigestUpdate(ctx, str, strl);
EVP_DigestFinal(ctx, key, &keylen);
EVP_MD_CTX_free(ctx);
#endif
ret = true;
#else
fprintf(stderr, "SHA384 is not supported\n");
@ -231,41 +213,19 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
#endif
} else if (shatype == SHATYPE_SHA512) {
#if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH)
#if OPENSSL_VERSION_NUMBER < 0x10100000L
unsigned int keylen = 0;
EVP_MD_CTX ctx;
EVP_DigestInit(&ctx, EVP_sha512());
EVP_DigestUpdate(&ctx, str, strl);
EVP_DigestFinal(&ctx, key, &keylen);
EVP_MD_CTX_cleanup(&ctx);
#else
unsigned int keylen = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_sha512());
EVP_DigestUpdate(ctx, str, strl);
EVP_DigestFinal(ctx, key, &keylen);
EVP_MD_CTX_free(ctx);
#endif
ret = true;
#else
fprintf(stderr, "SHA512 is not supported\n");
ret = false;
#endif
} else {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
unsigned int keylen = 0;
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
if (FIPS_mode()) {
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
}
#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
EVP_DigestUpdate(&ctx, str, strl);
EVP_DigestFinal(&ctx, key, &keylen);
EVP_MD_CTX_cleanup(&ctx);
#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
unsigned int keylen = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
if (EVP_default_properties_is_fips_enabled(NULL)) {
@ -275,7 +235,7 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
EVP_DigestUpdate(ctx, str, strl);
EVP_DigestFinal(ctx, key, &keylen);
EVP_MD_CTX_free(ctx);
#else // OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x30000000L
#else // OPENSSL_VERSION_NUMBER < 0x30000000L
unsigned int keylen = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
@ -287,7 +247,7 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
EVP_DigestUpdate(ctx, str, strl);
EVP_DigestFinal(ctx, key, &keylen);
EVP_MD_CTX_free(ctx);
#endif // OPENSSL_VERSION_NUMBER < 0X10100000L
#endif // OPENSSL_VERSION_NUMBER >= 0X30000000L
ret = true;
}
@ -323,23 +283,6 @@ static void generate_enc_password(const char *pwd, char *result, const unsigned
result[3 + PWD_SALT_SIZE + PWD_SALT_SIZE] = '$';
unsigned char *out = (unsigned char *)(result + 3 + PWD_SALT_SIZE + PWD_SALT_SIZE + 1);
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_MD_CTX ctx;
#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
EVP_DigestInit(&ctx, EVP_sha256());
#else
EVP_DigestInit(&ctx, EVP_sha1());
#endif
EVP_DigestUpdate(&ctx, salt, PWD_SALT_SIZE);
EVP_DigestUpdate(&ctx, pwd, strlen(pwd));
{
unsigned char hash[129];
unsigned int keylen = 0;
EVP_DigestFinal(&ctx, hash, &keylen);
readable_string(hash, out, keylen);
}
EVP_MD_CTX_cleanup(&ctx);
#else
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
EVP_DigestInit(ctx, EVP_sha256());
@ -355,7 +298,6 @@ static void generate_enc_password(const char *pwd, char *result, const unsigned
readable_string(hash, out, keylen);
}
EVP_MD_CTX_free(ctx);
#endif
}
}
@ -2312,12 +2254,7 @@ static bool encode_oauth_token_gcm(const uint8_t *server_name, encoded_oauth_tok
return false;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctxp = &ctx;
#else
EVP_CIPHER_CTX *ctxp = EVP_CIPHER_CTX_new();
#endif
EVP_CIPHER_CTX_init(ctxp);
/* Initialize the encryption operation. */
@ -2367,11 +2304,7 @@ static bool encode_oauth_token_gcm(const uint8_t *server_name, encoded_oauth_tok
etoken->size = 2 + OAUTH_GCM_NONCE_SIZE + outl;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX_cleanup(ctxp);
#else
EVP_CIPHER_CTX_free(ctxp);
#endif
return true;
}
@ -2411,12 +2344,7 @@ static bool decode_oauth_token_gcm(const uint8_t *server_name, const encoded_oau
return false;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctxp = &ctx;
#else
EVP_CIPHER_CTX *ctxp = EVP_CIPHER_CTX_new();
#endif
EVP_CIPHER_CTX_init(ctxp);
/* Initialize the decryption operation. */
if (1 != EVP_DecryptInit_ex(ctxp, cipher, NULL, NULL, NULL)) {
@ -2459,21 +2387,13 @@ static bool decode_oauth_token_gcm(const uint8_t *server_name, const encoded_oau
int tmp_outl = 0;
if (EVP_DecryptFinal_ex(ctxp, decoded_field + outl, &tmp_outl) < 1) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX_cleanup(ctxp);
#else
EVP_CIPHER_CTX_free(ctxp);
#endif
OAUTH_ERROR("%s: token integrity check failed\n", __FUNCTION__);
return false;
}
outl += tmp_outl;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX_cleanup(ctxp);
#else
EVP_CIPHER_CTX_free(ctxp);
#endif
size_t len = 0;

2
src/ns_turn_defs.h
View File

@ -31,7 +31,7 @@
#ifndef __IOADEFS__
#define __IOADEFS__
#define TURN_SERVER_VERSION "4.6.2"
#define TURN_SERVER_VERSION "4.6.3"
#define TURN_SERVER_VERSION_NAME "Gorst"
#ifndef TURN_SERVER_BUILD_INFO
#define TURN_SERVER_BUILD_INFO ""

597
src/server/ns_turn_allocation.c
View File

@ -54,42 +54,38 @@ void init_allocation(void *owner, allocation *a, ur_map *tcp_connections) {
}
void clear_allocation(allocation *a, SOCKET_TYPE socket_type) {
if (a) {
if (a->is_valid) {
turn_report_allocation_delete(a, socket_type);
}
if (a->tcs.elems) {
size_t i;
size_t sz = a->tcs.sz;
for (i = 0; i < sz; ++i) {
tcp_connection *tc = a->tcs.elems[i];
if (tc) {
delete_tcp_connection(tc);
a->tcs.elems[i] = NULL;
}
}
free(a->tcs.elems);
a->tcs.elems = NULL;
}
a->tcs.sz = 0;
{
int i;
for (i = 0; i < ALLOC_PROTOCOLS_NUMBER; ++i) {
clear_ioa_socket_session_if(a->relay_sessions[i].s, a->owner);
clear_relay_endpoint_session_data(&(a->relay_sessions[i]));
IOA_EVENT_DEL(a->relay_sessions[i].lifetime_ev);
}
}
/* The order is important here: */
free_turn_permission_hashtable(&(a->addr_to_perm));
ch_map_clean(&(a->chns));
a->is_valid = 0;
if (!a) {
return;
}
if (a->is_valid) {
turn_report_allocation_delete(a, socket_type);
}
if (a->tcs.elems) {
for (size_t i = 0; i < a->tcs.sz; ++i) {
tcp_connection *tc = a->tcs.elems[i];
if (tc) {
delete_tcp_connection(tc);
a->tcs.elems[i] = NULL;
}
}
free(a->tcs.elems);
a->tcs.elems = NULL;
}
a->tcs.sz = 0;
for (size_t i = 0; i < ALLOC_PROTOCOLS_NUMBER; ++i) {
clear_ioa_socket_session_if(a->relay_sessions[i].s, a->owner);
clear_relay_endpoint_session_data(&(a->relay_sessions[i]));
IOA_EVENT_DEL(a->relay_sessions[i].lifetime_ev);
}
/* The order is important here: */
free_turn_permission_hashtable(&(a->addr_to_perm));
ch_map_clean(&(a->chns));
a->is_valid = 0;
}
relay_endpoint_session *get_relay_session(allocation *a, int family) {
@ -120,27 +116,27 @@ ioa_socket_handle get_relay_socket(allocation *a, int family) {
}
void set_allocation_family_invalid(allocation *a, int family) {
if (a) {
size_t index = ALLOC_INDEX(family);
if (a->relay_sessions[index].s) {
if (a->tcs.elems) {
size_t i;
size_t sz = a->tcs.sz;
for (i = 0; i < sz; ++i) {
tcp_connection *tc = a->tcs.elems[i];
if (tc) {
if (tc->peer_s && (get_ioa_socket_address_family(tc->peer_s) == family)) {
delete_tcp_connection(tc);
a->tcs.elems[i] = NULL;
}
if (!a) {
return;
}
const size_t index = ALLOC_INDEX(family);
if (a->relay_sessions[index].s) {
if (a->tcs.elems) {
for (size_t i = 0; i < a->tcs.sz; ++i) {
tcp_connection *tc = a->tcs.elems[i];
if (tc) {
if (tc->peer_s && (get_ioa_socket_address_family(tc->peer_s) == family)) {
delete_tcp_connection(tc);
a->tcs.elems[i] = NULL;
}
}
}
clear_ioa_socket_session_if(a->relay_sessions[index].s, a->owner);
clear_relay_endpoint_session_data(&(a->relay_sessions[index]));
IOA_EVENT_DEL(a->relay_sessions[index].lifetime_ev);
}
clear_ioa_socket_session_if(a->relay_sessions[index].s, a->owner);
clear_relay_endpoint_session_data(&(a->relay_sessions[index]));
IOA_EVENT_DEL(a->relay_sessions[index].lifetime_ev);
}
}
@ -152,15 +148,14 @@ void set_allocation_lifetime_ev(allocation *a, turn_time_t exp_time, ioa_timer_h
}
}
int is_allocation_valid(const allocation *a) {
bool is_allocation_valid(const allocation *a) {
if (a) {
return a->is_valid;
} else {
return 0;
}
return false;
}
void set_allocation_valid(allocation *a, int value) {
void set_allocation_valid(allocation *a, bool value) {
if (a) {
a->is_valid = value;
}
@ -178,23 +173,24 @@ turn_permission_info *allocation_get_permission(allocation *a, const ioa_addr *a
static bool delete_channel_info_from_allocation_map(ur_map_key_type key, ur_map_value_type value);
void turn_permission_clean(turn_permission_info *tinfo) {
if (tinfo && tinfo->allocated) {
if (tinfo->verbose) {
char s[257] = "\0";
addr_to_string(&(tinfo->addr), (uint8_t *)s);
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "session %018llu: peer %s deleted\n", tinfo->session_id, s);
}
if (!(tinfo->lifetime_ev)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (1) permission to be cleaned\n", __FUNCTION__);
}
IOA_EVENT_DEL(tinfo->lifetime_ev);
lm_map_foreach(&(tinfo->chns), (foreachcb_type)delete_channel_info_from_allocation_map);
lm_map_clean(&(tinfo->chns));
memset(tinfo, 0, sizeof(turn_permission_info));
if (!tinfo || !tinfo->allocated) {
return;
}
if (tinfo->verbose) {
char s[257] = "\0";
addr_to_string(&(tinfo->addr), (uint8_t *)s);
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "session %018llu: peer %s deleted\n", tinfo->session_id, s);
}
if (!(tinfo->lifetime_ev)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (1) permission to be cleaned\n", __FUNCTION__);
}
IOA_EVENT_DEL(tinfo->lifetime_ev);
lm_map_foreach(&(tinfo->chns), (foreachcb_type)delete_channel_info_from_allocation_map);
lm_map_clean(&(tinfo->chns));
memset(tinfo, 0, sizeof(turn_permission_info));
}
static void init_turn_permission_hashtable(turn_permission_hashtable *map) {
@ -204,39 +200,36 @@ static void init_turn_permission_hashtable(turn_permission_hashtable *map) {
}
static void free_turn_permission_hashtable(turn_permission_hashtable *map) {
if (map) {
if (!map) {
return;
}
size_t i;
for (i = 0; i < TURN_PERMISSION_HASHTABLE_SIZE; ++i) {
for (size_t i = 0; i < TURN_PERMISSION_HASHTABLE_SIZE; ++i) {
turn_permission_array *parray = &(map->table[i]);
turn_permission_array *parray = &(map->table[i]);
{
size_t j;
for (j = 0; j < TURN_PERMISSION_ARRAY_SIZE; ++j) {
turn_permission_slot *slot = &(parray->main_slots[j]);
for (size_t j = 0; j < TURN_PERMISSION_ARRAY_SIZE; ++j) {
turn_permission_slot *slot = &(parray->main_slots[j]);
if (slot->info.allocated) {
turn_permission_clean(&(slot->info));
}
}
if (parray->extra_slots) {
for (size_t j = 0; j < parray->extra_sz; ++j) {
turn_permission_slot *slot = parray->extra_slots[j];
if (slot) {
if (slot->info.allocated) {
turn_permission_clean(&(slot->info));
}
free(slot);
parray->extra_slots[j] = NULL;
}
}
if (parray->extra_slots) {
size_t j;
for (j = 0; j < parray->extra_sz; ++j) {
turn_permission_slot *slot = parray->extra_slots[j];
if (slot) {
if (slot->info.allocated) {
turn_permission_clean(&(slot->info));
}
free(slot);
}
}
free(parray->extra_slots);
parray->extra_slots = NULL;
}
parray->extra_sz = 0;
free(parray->extra_slots);
parray->extra_slots = NULL;
}
parray->extra_sz = 0;
}
}
@ -248,21 +241,15 @@ static turn_permission_info *get_from_turn_permission_hashtable(turn_permission_
uint32_t index = addr_hash_no_port(addr) & (TURN_PERMISSION_HASHTABLE_SIZE - 1);
turn_permission_array *parray = &(map->table[index]);
{
size_t i;
for (i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
turn_permission_slot *slot = &(parray->main_slots[i]);
if (slot->info.allocated && addr_eq_no_port(&(slot->info.addr), addr)) {
return &(slot->info);
}
for (size_t i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
turn_permission_slot *slot = &(parray->main_slots[i]);
if (slot->info.allocated && addr_eq_no_port(&(slot->info.addr), addr)) {
return &(slot->info);
}
}
if (parray->extra_slots) {
size_t i;
size_t sz = parray->extra_sz;
for (i = 0; i < sz; ++i) {
for (size_t i = 0; i < parray->extra_sz; ++i) {
turn_permission_slot *slot = parray->extra_slots[i];
if (slot->info.allocated && addr_eq_no_port(&(slot->info.addr), addr)) {
return &(slot->info);
@ -301,38 +288,48 @@ static bool delete_channel_info_from_allocation_map(ur_map_key_type key, ur_map_
}
void turn_channel_delete(ch_info *chn) {
if (chn) {
int port = addr_get_port(&(chn->peer_addr));
if (port < 1) {
char s[129];
addr_to_string(&(chn->peer_addr), (uint8_t *)s);
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (1) channel to be cleaned: port is empty: %s\n",
__FUNCTION__, s);
}
{
turn_permission_info *tinfo = (turn_permission_info *)chn->owner;
if (tinfo) {
lm_map_del(&(tinfo->chns), (ur_map_key_type)port, NULL);
} else {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (2) channel to be cleaned: permission is empty\n",
__FUNCTION__);
}
}
delete_channel_info_from_allocation_map((ur_map_key_type)port, (ur_map_value_type)chn);
if (!chn) {
return;
}
int port = addr_get_port(&(chn->peer_addr));
if (port < 1) {
char s[129];
addr_to_string(&(chn->peer_addr), (uint8_t *)s);
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (1) channel to be cleaned: port is empty: %s\n", __FUNCTION__,
s);
}
turn_permission_info *tinfo = (turn_permission_info *)chn->owner;
if (tinfo) {
lm_map_del(&(tinfo->chns), (ur_map_key_type)port, NULL);
} else {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (2) channel to be cleaned: permission is empty\n",
__FUNCTION__);
}
delete_channel_info_from_allocation_map((ur_map_key_type)port, (ur_map_value_type)chn);
}
ch_info *allocation_get_new_ch_info(allocation *a, uint16_t chnum, ioa_addr *peer_addr) {
if (!a) {
return NULL;
}
turn_permission_info *tinfo = get_from_turn_permission_hashtable(&(a->addr_to_perm), peer_addr);
if (!tinfo) {
tinfo = allocation_add_permission(a, peer_addr);
if (!tinfo) {
return NULL;
}
}
ch_info *chn = ch_map_get(&(a->chns), chnum, 1);
if (!chn) {
return NULL;
}
chn->allocated = 1;
chn->allocated = true;
chn->chnum = chnum;
chn->port = addr_get_port(peer_addr);
addr_cpy(&(chn->peer_addr), peer_addr);
@ -384,20 +381,34 @@ ch_info *get_turn_channel(turn_permission_info *tinfo, ioa_addr *addr) {
turn_permission_hashtable *allocation_get_turn_permission_hashtable(allocation *a) { return &(a->addr_to_perm); }
turn_permission_info *allocation_add_permission(allocation *a, const ioa_addr *addr) {
if (a && addr) {
if (!a || !addr) {
return NULL;
}
turn_permission_hashtable *map = &(a->addr_to_perm);
uint32_t hash = addr_hash_no_port(addr);
size_t fds = (size_t)(hash & (TURN_PERMISSION_HASHTABLE_SIZE - 1));
turn_permission_hashtable *map = &(a->addr_to_perm);
uint32_t hash = addr_hash_no_port(addr);
size_t fds = (size_t)(hash & (TURN_PERMISSION_HASHTABLE_SIZE - 1));
turn_permission_array *parray = &(map->table[fds]);
turn_permission_array *parray = &(map->table[fds]);
turn_permission_slot *slot = NULL;
turn_permission_slot *slot = NULL;
{
size_t i;
for (i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
slot = &(parray->main_slots[i]);
for (size_t i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
slot = &(parray->main_slots[i]);
if (!(slot->info.allocated)) {
break;
} else {
slot = NULL;
}
}
if (!slot) {
size_t old_sz = parray->extra_sz;
turn_permission_slot **slots = parray->extra_slots;
if (slots) {
for (size_t i = 0; i < old_sz; ++i) {
slot = slots[i];
if (!(slot->info.allocated)) {
break;
} else {
@ -407,168 +418,151 @@ turn_permission_info *allocation_add_permission(allocation *a, const ioa_addr *a
}
if (!slot) {
size_t old_sz = parray->extra_sz;
turn_permission_slot **slots = parray->extra_slots;
if (slots) {
size_t i;
for (i = 0; i < old_sz; ++i) {
slot = slots[i];
if (!(slot->info.allocated)) {
break;
} else {
slot = NULL;
}
}
size_t old_sz_mem = old_sz * sizeof(turn_permission_slot *);
turn_permission_slot **new_slots =
(turn_permission_slot **)realloc(parray->extra_slots, old_sz_mem + sizeof(turn_permission_slot *));
if (!new_slots) {
return NULL;
}
parray->extra_slots = new_slots;
slots = parray->extra_slots;
parray->extra_sz = old_sz + 1;
slot = (turn_permission_slot *)malloc(sizeof(turn_permission_slot));
if (!slot) {
size_t old_sz_mem = old_sz * sizeof(turn_permission_slot *);
parray->extra_slots =
(turn_permission_slot **)realloc(parray->extra_slots, old_sz_mem + sizeof(turn_permission_slot *));
slots = parray->extra_slots;
parray->extra_sz = old_sz + 1;
slots[old_sz] = (turn_permission_slot *)malloc(sizeof(turn_permission_slot));
slot = slots[old_sz];
return NULL;
}
slots[old_sz] = slot;
}
memset(slot, 0, sizeof(turn_permission_slot));
slot->info.allocated = 1;
turn_permission_info *elem = &(slot->info);
addr_cpy(&(elem->addr), addr);
elem->owner = a;
return elem;
} else {
return NULL;
}
memset(slot, 0, sizeof(turn_permission_slot));
slot->info.allocated = true;
turn_permission_info *elem = &(slot->info);
addr_cpy(&(elem->addr), addr);
elem->owner = a;
return elem;
}
ch_info *ch_map_get(ch_map *const map, const uint16_t chnum, const int new_chn) {
if (map) {
const size_t index = (size_t)(chnum & (CH_MAP_HASH_SIZE - 1));
ch_map_array *const a = &(map->table[index]);
if (!map) {
return NULL;
}
for (size_t i = 0; i < CH_MAP_ARRAY_SIZE; ++i) {
ch_info *const chi = &(a->main_chns[i]);
if (chi->allocated) {
if (!new_chn && (chi->chnum == chnum)) {
return chi;
}
} else if (new_chn) {
const size_t index = (size_t)(chnum & (CH_MAP_HASH_SIZE - 1));
ch_map_array *const a = &(map->table[index]);
for (size_t i = 0; i < CH_MAP_ARRAY_SIZE; ++i) {
ch_info *const chi = &(a->main_chns[i]);
if (chi->allocated) {
if (!new_chn && (chi->chnum == chnum)) {
return chi;
}
} else if (new_chn) {
return chi;
}
}
const size_t old_sz = a->extra_sz;
if (old_sz && a->extra_chns) {
for (size_t i = 0; i < old_sz; ++i) {
ch_info *const chi = a->extra_chns[i];
if (chi) {
if (chi->allocated) {
if (!new_chn && (chi->chnum == chnum)) {
return chi;
}
} else if (new_chn) {
const size_t old_sz = a->extra_sz;
if (old_sz && a->extra_chns) {
for (size_t i = 0; i < old_sz; ++i) {
ch_info *const chi = a->extra_chns[i];
if (chi) {
if (chi->allocated) {
if (!new_chn && (chi->chnum == chnum)) {
return chi;
}
} else if (new_chn) {
return chi;
}
}
}
}
if (new_chn) {
const size_t old_sz_mem = old_sz * sizeof(ch_info *);
ch_info **const pTmp = (ch_info **)realloc(a->extra_chns, old_sz_mem + sizeof(ch_info *));
if (!pTmp) {
return NULL;
}
a->extra_chns = pTmp;
a->extra_chns[old_sz] = (ch_info *)calloc(1, sizeof(ch_info));
if (!a->extra_chns[old_sz]) {
// if the realloc succeeds, but the calloc fails, we don't attempt to shrink the realloc back down
// by not recording the change to the size, we allow the next call to this function to realloc the
// block to presumably the same size it already is, which should be fine and not result in any leaks.
return NULL;
}
a->extra_sz += 1;
return a->extra_chns[old_sz];
if (new_chn) {
const size_t old_sz_mem = old_sz * sizeof(ch_info *);
ch_info **const pTmp = (ch_info **)realloc(a->extra_chns, old_sz_mem + sizeof(ch_info *));
if (!pTmp) {
return NULL;
}
a->extra_chns = pTmp;
a->extra_chns[old_sz] = (ch_info *)calloc(1, sizeof(ch_info));
if (!a->extra_chns[old_sz]) {
// if the realloc succeeds, but the calloc fails, we don't attempt to shrink the realloc back down
// by not recording the change to the size, we allow the next call to this function to realloc the
// block to presumably the same size it already is, which should be fine and not result in any leaks.
return NULL;
}
a->extra_sz += 1;
return a->extra_chns[old_sz];
}
return NULL;
}
void ch_map_clean(ch_map *map) {
if (map) {
size_t index;
for (index = 0; index < CH_MAP_HASH_SIZE; ++index) {
if (!map) {
return;
}
ch_map_array *a = &(map->table[index]);
for (size_t index = 0; index < CH_MAP_HASH_SIZE; ++index) {
ch_map_array *a = &(map->table[index]);
size_t i;
for (i = 0; i < CH_MAP_ARRAY_SIZE; ++i) {
ch_info *chi = &(a->main_chns[i]);
if (chi->allocated) {
ch_info_clean(chi);
}
for (size_t i = 0; i < CH_MAP_ARRAY_SIZE; ++i) {
ch_info *chi = &(a->main_chns[i]);
if (chi->allocated) {
ch_info_clean(chi);
}
if (a->extra_chns) {
size_t sz = a->extra_sz;
for (i = 0; i < sz; ++i) {
ch_info *chi = a->extra_chns[i];
if (chi) {
if (chi->allocated) {
ch_info_clean(chi);
}
free(chi);
a->extra_chns[i] = NULL;
}
}
free(a->extra_chns);
a->extra_chns = NULL;
}
a->extra_sz = 0;
}
if (a->extra_chns) {
for (size_t i = 0; i < a->extra_sz; ++i) {
ch_info *chi = a->extra_chns[i];
if (chi) {
if (chi->allocated) {
ch_info_clean(chi);
}
free(chi);
a->extra_chns[i] = NULL;
}
}
free(a->extra_chns);
a->extra_chns = NULL;
}
a->extra_sz = 0;
}
}
////////////////// TCP connections ///////////////////////////////
static void set_new_tc_id(uint8_t server_id, tcp_connection *tc) {
allocation *a = (allocation *)(tc->owner);
ur_map *map = a->tcp_connections;
uint32_t newid;
uint32_t sid = server_id;
sid = sid << 24;
const uint32_t sid = ((uint32_t)server_id) << 24;
allocation *const a = (allocation *)(tc->owner);
if (!a || !a->tcp_connections) {
return;
}
uint32_t newid = 0;
do {
newid = 0;
while (!newid) {
newid = (uint32_t)turn_random();
if (!newid) {
continue;
}
newid = newid & 0x00FFFFFF;
if (!newid) {
continue;
}
newid = newid | sid;
}
} while (ur_map_get(map, (ur_map_key_type)newid, NULL));
do {
newid = ((uint32_t)turn_random()) & 0x00FFFFFF;
} while (!newid);
newid = newid | sid;
} while (ur_map_get(a->tcp_connections, (ur_map_key_type)newid, NULL));
tc->id = newid;
ur_map_put(map, (ur_map_key_type)newid, (ur_map_value_type)tc);
ur_map_put(a->tcp_connections, (ur_map_key_type)newid, (ur_map_value_type)tc);
}
tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid *tid, ioa_addr *peer_addr,
int *err_code) {
tcp_connection_list *tcl = &(a->tcs);
if (!tcl) {
return NULL;
}
if (tcl->elems) {
size_t i;
for (i = 0; i < tcl->sz; ++i) {
for (size_t i = 0; i < tcl->sz; ++i) {
tcp_connection *otc = tcl->elems[i];
if (otc) {
if (addr_eq(&(otc->peer_addr), peer_addr)) {
@ -578,21 +572,24 @@ tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid
}
}
}
tcp_connection *tc = (tcp_connection *)calloc(1, sizeof(tcp_connection));
if (!tc) {
return NULL;
}
addr_cpy(&(tc->peer_addr), peer_addr);
if (tid) {
memcpy(&(tc->tid), tid, sizeof(stun_tid));
}
tc->owner = a;
int found = 0;
bool found = false;
if (a->tcs.elems) {
size_t i;
for (i = 0; i < tcl->sz; ++i) {
for (size_t i = 0; i < tcl->sz; ++i) {
tcp_connection *otc = tcl->elems[i];
if (!otc) {
tcl->elems[i] = tc;
found = 1;
found = true;
break;
}
}
@ -600,7 +597,11 @@ tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid
if (!found) {
size_t old_sz_mem = a->tcs.sz * sizeof(tcp_connection *);
a->tcs.elems = (tcp_connection **)realloc(a->tcs.elems, old_sz_mem + sizeof(tcp_connection *));
tcp_connection **new_elems = realloc(a->tcs.elems, old_sz_mem + sizeof(tcp_connection *));
if (!new_elems) {
return NULL;
}
a->tcs.elems = new_elems;
a->tcs.elems[a->tcs.sz] = tc;
a->tcs.sz += 1;
tcl = &(a->tcs);
@ -611,38 +612,39 @@ tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid
}
void delete_tcp_connection(tcp_connection *tc) {
if (tc) {
if (tc->done) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "!!! %s: check on already closed tcp data connection: %p\n", __FUNCTION__, tc);
return;
if (!tc) {
return;
}
if (tc->done) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "!!! %s: check on already closed tcp data connection: %p\n", __FUNCTION__, tc);
return;
}
tc->done = true;
clear_unsent_buffer(&(tc->ub_to_client));
IOA_EVENT_DEL(tc->peer_conn_timeout);
IOA_EVENT_DEL(tc->conn_bind_timeout);
allocation *a = (allocation *)(tc->owner);
if (a) {
ur_map *map = a->tcp_connections;
if (map) {
ur_map_del(map, (ur_map_key_type)(tc->id), NULL);
}
tc->done = 1;
clear_unsent_buffer(&(tc->ub_to_client));
IOA_EVENT_DEL(tc->peer_conn_timeout);
IOA_EVENT_DEL(tc->conn_bind_timeout);
allocation *a = (allocation *)(tc->owner);
if (a) {
ur_map *map = a->tcp_connections;
if (map) {
ur_map_del(map, (ur_map_key_type)(tc->id), NULL);
}
tcp_connection_list *tcl = &(a->tcs);
if (tcl->elems) {
size_t i;
for (i = 0; i < tcl->sz; ++i) {
if (tcl->elems[i] == tc) {
tcl->elems[i] = NULL;
break;
}
tcp_connection_list *tcl = &(a->tcs);
if (tcl->elems) {
for (size_t i = 0; i < tcl->sz; ++i) {
if (tcl->elems[i] == tc) {
tcl->elems[i] = NULL;
break;
}
}
}
IOA_CLOSE_SOCKET(tc->client_s);
IOA_CLOSE_SOCKET(tc->peer_s);
free(tc);
}
IOA_CLOSE_SOCKET(tc->client_s);
IOA_CLOSE_SOCKET(tc->peer_s);
free(tc);
}
tcp_connection *get_and_clean_tcp_connection_by_id(ur_map *map, tcp_connection_id id) {
@ -670,9 +672,7 @@ tcp_connection *get_tcp_connection_by_peer(allocation *a, ioa_addr *peer_addr) {
if (a && peer_addr) {
tcp_connection_list *tcl = &(a->tcs);
if (tcl->elems) {
size_t i;
size_t sz = tcl->sz;
for (i = 0; i < sz; ++i) {
for (size_t i = 0; i < tcl->sz; ++i) {
tcp_connection *tc = tcl->elems[i];
if (tc) {
if (addr_eq(&(tc->peer_addr), peer_addr)) {
@ -685,16 +685,16 @@ tcp_connection *get_tcp_connection_by_peer(allocation *a, ioa_addr *peer_addr) {
return NULL;
}
int can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int server_relay) {
bool can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int server_relay) {
if (server_relay) {
return 1;
return true;
}
if (a && peer_addr) {
return (get_from_turn_permission_hashtable(&(a->addr_to_perm), peer_addr) != NULL);
return get_from_turn_permission_hashtable(&(a->addr_to_perm), peer_addr) != NULL;
}
return 0;
return false;
}
//////////////// Unsent buffers //////////////////////
@ -702,8 +702,7 @@ int can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int
void clear_unsent_buffer(unsent_buffer *ub) {
if (ub) {
if (ub->bufs) {
size_t sz;
for (sz = 0; sz < ub->sz; sz++) {
for (size_t sz = 0; sz < ub->sz; sz++) {
ioa_network_buffer_handle nbh = ub->bufs[sz];
if (nbh) {
ioa_network_buffer_delete(NULL, nbh);
@ -730,8 +729,7 @@ void add_unsent_buffer(unsent_buffer *ub, ioa_network_buffer_handle nbh) {
ioa_network_buffer_handle top_unsent_buffer(unsent_buffer *ub) {
ioa_network_buffer_handle ret = NULL;
if (ub && ub->bufs && ub->sz) {
size_t sz;
for (sz = 0; sz < ub->sz; ++sz) {
for (size_t sz = 0; sz < ub->sz; ++sz) {
if (ub->bufs[sz]) {
ret = ub->bufs[sz];
break;
@ -743,8 +741,7 @@ ioa_network_buffer_handle top_unsent_buffer(unsent_buffer *ub) {
void pop_unsent_buffer(unsent_buffer *ub) {
if (ub && ub->bufs && ub->sz) {
size_t sz;
for (sz = 0; sz < ub->sz; ++sz) {
for (size_t sz = 0; sz < ub->sz; ++sz) {
if (ub->bufs[sz]) {
ub->bufs[sz] = NULL;
break;

18
src/server/ns_turn_allocation.h
View File

@ -37,6 +37,8 @@
#include "ns_turn_maps.h"
#include "ns_turn_msg.h"
#include <stdbool.h>
#ifdef __cplusplus
extern "C" {
#endif
@ -92,7 +94,7 @@ struct _tcp_connection {
ioa_timer_handle conn_bind_timeout;
stun_tid tid;
void *owner; // a
int done;
bool done;
unsent_buffer ub_to_client;
};
@ -108,7 +110,7 @@ typedef struct _tcp_connection_list {
typedef struct _ch_info {
uint16_t chnum;
int allocated;
bool allocated;
uint16_t port;
ioa_addr peer_addr;
turn_time_t expiration_time;
@ -138,13 +140,13 @@ void ch_map_clean(ch_map *map);
////////////////////////////
typedef struct _turn_permission_info {
int allocated;
bool allocated;
lm_map chns;
ioa_addr addr;
turn_time_t expiration_time;
ioa_timer_handle lifetime_ev;
void *owner; // a
int verbose;
bool verbose;
unsigned long long session_id;
} turn_permission_info;
@ -171,7 +173,7 @@ typedef struct _turn_permission_hashtable {
#define ALLOC_INDEX_ADDR(addr) ALLOC_INDEX(((addr)->ss).sa_family)
typedef struct _allocation {
int is_valid;
bool is_valid;
stun_tid tid;
turn_permission_hashtable addr_to_perm;
relay_endpoint_session relay_sessions[ALLOC_PROTOCOLS_NUMBER];
@ -197,8 +199,8 @@ void clear_allocation(allocation *a, SOCKET_TYPE socket_type);
void turn_permission_clean(turn_permission_info *tinfo);
void set_allocation_lifetime_ev(allocation *a, turn_time_t exp_time, ioa_timer_handle ev, int family);
int is_allocation_valid(const allocation *a);
void set_allocation_valid(allocation *a, int value);
bool is_allocation_valid(const allocation *a);
void set_allocation_valid(allocation *a, bool value);
turn_permission_info *allocation_get_permission(allocation *a, const ioa_addr *addr);
turn_permission_hashtable *allocation_get_turn_permission_hashtable(allocation *a);
turn_permission_info *allocation_add_permission(allocation *a, const ioa_addr *addr);
@ -216,7 +218,7 @@ void set_allocation_family_invalid(allocation *a, int family);
tcp_connection *get_and_clean_tcp_connection_by_id(ur_map *map, tcp_connection_id id);
tcp_connection *get_tcp_connection_by_id(ur_map *map, tcp_connection_id id);
tcp_connection *get_tcp_connection_by_peer(allocation *a, ioa_addr *peer_addr);
int can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int server_relay);
bool can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int server_relay);
tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid *tid, ioa_addr *peer_addr,
int *err_code);
void delete_tcp_connection(tcp_connection *tc);

78
src/server/ns_turn_server.c
View File

@ -75,13 +75,23 @@ static inline int get_family(int stun_family, ioa_engine_handle e, ioa_socket_ha
////////////////////////////////////////////////
const char *get_version(turn_turnserver *server) {
if (server && !*server->no_software_attribute) {
if (server && server->software_attribute) {
return (const char *)TURN_SOFTWARE;
} else {
return (const char *)"None";
}
}
static void maybe_add_software_attribute(turn_turnserver *server, ioa_network_buffer_handle nbh) {
if (server->software_attribute) {
const char *software = get_version(server);
size_t fsz = strlen(get_version(server));
size_t len = ioa_network_buffer_get_size(nbh);
stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, (const uint8_t *)software, fsz);
ioa_network_buffer_set_size(nbh, len);
}
}
#define MAX_NUMBER_OF_UNKNOWN_ATTRS (128)
int TURN_MAX_ALLOCATE_TIMEOUT = 60;
@ -1288,6 +1298,13 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
}
}
if (server->is_draining) {
// Don't allow new allocations if we are draining
*err_code = 403; // 403 (Forbidden): RFC8656 - The request is valid, but the server is refusing to perform it,
// likely due to administrative restrictions....
*reason = (const uint8_t *)"Server is draining, then will shutdown, please try another server";
}
if (!(*err_code)) {
if (!af4 && !af6) {
switch (server->allocation_default_address_family) {
@ -1761,13 +1778,7 @@ static int handle_turn_refresh(turn_turnserver *server, ts_ur_super_session *ss,
(uint8_t *)ss->s_mobile_id, strlen(ss->s_mobile_id));
ioa_network_buffer_set_size(nbh, len);
if (!(*server->no_software_attribute)) {
const uint8_t *field = (const uint8_t *)get_version(server);
size_t fsz = strlen(get_version(server));
size_t len = ioa_network_buffer_get_size(nbh);
stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
ioa_network_buffer_set_size(nbh, len);
}
maybe_add_software_attribute(server, nbh);
if (message_integrity) {
size_t len = ioa_network_buffer_get_size(nbh);
@ -2245,13 +2256,7 @@ static void tcp_peer_accept_connection(ioa_socket_handle s, void *arg) {
ioa_network_buffer_set_size(nbh, len);
if (!(*server->no_software_attribute)) {
const uint8_t *field = (const uint8_t *)get_version(server);
size_t fsz = strlen(get_version(server));
size_t len = ioa_network_buffer_get_size(nbh);
stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
ioa_network_buffer_set_size(nbh, len);
}
maybe_add_software_attribute(server, nbh);
if ((server->fingerprint) || ss->enforce_fingerprints) {
size_t len = ioa_network_buffer_get_size(nbh);
@ -2523,13 +2528,7 @@ int turnserver_accept_tcp_client_data_connection(turn_turnserver *server, tcp_co
}
}
if (!(*server->no_software_attribute)) {
size_t fsz = strlen(get_version(server));
const uint8_t *field = (const uint8_t *)get_version(server);
size_t len = ioa_network_buffer_get_size(nbh);
stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
ioa_network_buffer_set_size(nbh, len);
}
maybe_add_software_attribute(server, nbh);
if (message_integrity && ss) {
size_t len = ioa_network_buffer_get_size(nbh);
@ -3807,13 +3806,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
(unsigned long long)(ss->id));
}
if (!(*server->no_software_attribute)) {
const uint8_t *field = (const uint8_t *)get_version(server);
size_t fsz = strlen(get_version(server));
size_t len = ioa_network_buffer_get_size(nbh);
stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
ioa_network_buffer_set_size(nbh, len);
}
maybe_add_software_attribute(server, nbh);
send_turn_message_to(server, nbh, &response_origin, &response_destination);
stun_report_binding(ss, STUN_PROMETHEUS_METRIC_TYPE_RESPONSE);
@ -3913,13 +3906,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
*resp_constructed = 1;
}
if (!(*server->no_software_attribute)) {
const uint8_t *field = (const uint8_t *)get_version(server);
size_t fsz = strlen(get_version(server));
size_t len = ioa_network_buffer_get_size(nbh);
stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
ioa_network_buffer_set_size(nbh, len);
}
maybe_add_software_attribute(server, nbh);
if (message_integrity) {
size_t len = ioa_network_buffer_get_size(nbh);
@ -4848,13 +4835,7 @@ static void peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_data
stun_attr_add_addr_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_XOR_PEER_ADDRESS, &(in_buffer->src_addr));
ioa_network_buffer_set_size(nbh, len);
if (!(*server->no_software_attribute)) {
const uint8_t *field = (const uint8_t *)get_version(server);
size_t fsz = strlen(get_version(server));
size_t len = ioa_network_buffer_get_size(nbh);
stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
ioa_network_buffer_set_size(nbh, len);
}
maybe_add_software_attribute(server, nbh);
if ((server->fingerprint) || ss->enforce_fingerprints) {
size_t len = ioa_network_buffer_get_size(nbh);
@ -4905,11 +4886,11 @@ static void client_input_handler(ioa_socket_handle s, int event_type, ioa_net_da
///////////////////////////////////////////////////////////
void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, ioa_engine_handle e,
turn_credential_type ct, int stun_port, int fingerprint, dont_fragment_option_t dont_fragment,
turn_credential_type ct, int fingerprint, dont_fragment_option_t dont_fragment,
get_user_key_cb userkeycb, check_new_allocation_quota_cb chquotacb,
release_allocation_quota_cb raqcb, ioa_addr *external_ip, vintp check_origin, vintp no_tcp_relay,
vintp no_udp_relay, vintp stale_nonce, vintp max_allocate_lifetime, vintp channel_lifetime,
vintp permission_lifetime, vintp stun_only, vintp no_stun, vintp no_software_attribute,
vintp permission_lifetime, vintp stun_only, vintp no_stun, bool software_attribute,
vintp web_admin_listen_on_workers, turn_server_addrs_list_t *alternate_servers_list,
turn_server_addrs_list_t *tls_alternate_servers_list, turn_server_addrs_list_t *aux_servers_list,
int self_udp_balance, vintp no_multicast_peers, vintp allow_loopback_peers,
@ -4970,7 +4951,7 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io
server->permission_lifetime = permission_lifetime;
server->stun_only = stun_only;
server->no_stun = no_stun;
server->no_software_attribute = no_software_attribute;
server->software_attribute = software_attribute;
server->web_admin_listen_on_workers = web_admin_listen_on_workers;
server->dont_fragment = dont_fragment;
@ -4979,9 +4960,6 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io
addr_cpy(&(server->external_ip), external_ip);
server->external_ip_set = 1;
}
if (stun_port < 1) {
stun_port = DEFAULT_STUN_PORT;
}
server->verbose = verbose;
@ -5003,6 +4981,8 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io
server->response_origin_only_with_rfc5780 = response_origin_only_with_rfc5780;
server->respond_http_unsupported = respond_http_unsupported;
server->is_draining = false;
}
ioa_engine_handle turn_server_get_engine(turn_turnserver *s) {

9
src/server/ns_turn_server.h
View File

@ -134,7 +134,7 @@ struct _turn_turnserver {
vintp permission_lifetime;
vintp stun_only;
vintp no_stun;
vintp no_software_attribute;
bool software_attribute;
vintp web_admin_listen_on_workers;
vintp secure_stun;
turn_credential_type ct;
@ -203,6 +203,9 @@ struct _turn_turnserver {
/* Return an HTTP 400 response to HTTP connections made to ports not
otherwise handling HTTP. */
vintp respond_http_unsupported;
/* Set to true on SIGUSR1 */
bool is_draining;
};
const char *get_version(turn_turnserver *server);
@ -210,11 +213,11 @@ const char *get_version(turn_turnserver *server);
///////////////////////////////////////////
void init_turn_server(
turn_turnserver *server, turnserver_id id, int verbose, ioa_engine_handle e, turn_credential_type ct, int stun_port,
turn_turnserver *server, turnserver_id id, int verbose, ioa_engine_handle e, turn_credential_type ct,
int fingerprint, dont_fragment_option_t dont_fragment, get_user_key_cb userkeycb,
check_new_allocation_quota_cb chquotacb, release_allocation_quota_cb raqcb, ioa_addr *external_addr,
vintp check_origin, vintp no_tcp_relay, vintp no_udp_relay, vintp stale_nonce, vintp max_allocate_lifetime,
vintp channel_lifetime, vintp permission_lifetime, vintp stun_only, vintp no_stun, vintp no_software_attribute,
vintp channel_lifetime, vintp permission_lifetime, vintp stun_only, vintp no_stun, bool software_attribute,
vintp web_admin_listen_on_workers, turn_server_addrs_list_t *alternate_servers_list,
turn_server_addrs_list_t *tls_alternate_servers_list, turn_server_addrs_list_t *aux_servers_list,
int self_udp_balance, vintp no_multicast_peers, vintp allow_loopback_peers, ip_range_list_t *ip_whitelist,

2
vcpkg.json
View File

@ -1,6 +1,6 @@
{
"name": "coturn",
"version-string": "4.6.2",
"version-string": "4.6.3",
"dependencies": [
{
"name": "pthreads",