Disable integrity check for password

This reverts commit 456b12fe29.

src/apps/common/apputils.c

@@ -537,6 +537,40 @@ const char *socket_type_name(SOCKET_TYPE st) {
   return "UNKNOWN";
 }
 
+const char *duration_name(unsigned long duration) {
+  if (duration < 60) {
+    return "1min";
+  } else if (duration < 600) {
+    return "10mins";
+  } else if (duration < 86400) {
+    return "24hrs";
+  } else {
+    return "days";
+  }
+}
+
+const char *rate_name(unsigned long rate_kbps) {
+  if (rate_kbps < 1) {
+    return "1kbps";
+  } else if (rate_kbps < 50) {
+    return "50kbps";
+  } else if (rate_kbps < 2500) {
+    return "2500kbps";
+  } else {
+    return "10000kbps";
+  }
+}
+
+const char *addr_family_name(int addr_family) {
+  if (addr_family == AF_INET) {
+    return "ipv4";
+  } else if (addr_family == AF_INET6) {
+    return "ipv6";
+  } else {
+    return "other";
+  }
+}
+
 /////////////////// MTU /////////////////////////////////////////
 
 int set_socket_df(evutil_socket_t fd, int family, int value) {
@@ -1138,7 +1172,7 @@ char *find_config_file(const char *config_file) {
           size_t celen = strlen(c_execdir);
           fnsz = sizeof(char) * (dirlen + cflen + celen + 10);
           fn = (char *)malloc(fnsz + 1);
-          strncpy(fn, c_execdir, fnsz);
+          strncpy(fn, c_execdir, celen);
           size_t fnlen = strlen(fn);
           if (fnlen < fnsz) {
             strncpy(fn + fnlen, "/", fnsz - fnlen);

src/apps/relay/dtls_listener.c

@@ -459,6 +459,8 @@ static int handle_udp_packet(dtls_listener_relay_server_type *server, struct mes
       s->e = ioa_eng;
       add_socket_to_map(s, amap);
       if (open_client_connection_session(ts, &(sm->m.sm)) < 0) {
+        // Signal change to add session limit
+        IOA_CLOSE_SOCKET(s);
         return -1;
       }
     }

src/apps/relay/mainrelay.c

@@ -230,7 +230,9 @@ turn_params_t turn_params = {
     0, /* log_binding */
     0, /* no_stun_backward_compatibility */
     0, /* response_origin_only_with_rfc5780 */
-    0  /* respond_http_unsupported */
+    0, /* respond_http_unsupported */
+    // Signal change to add session limit
+    0, /* session_limit */
 };
 
 //////////////// OpenSSL Init //////////////////////
@@ -1500,7 +1502,9 @@ enum EXTRA_OPTS {
   NO_STUN_BACKWARD_COMPATIBILITY_OPT,
   RESPONSE_ORIGIN_ONLY_WITH_RFC5780_OPT,
   RESPOND_HTTP_UNSUPPORTED_OPT,
-  VERSION_OPT
+  VERSION_OPT,
+  // Signal change to add session limit
+  SESSION_LIMIT_OPT
 };
 
 struct myoption {
@@ -1646,6 +1650,8 @@ static const struct myoption long_options[] = {
     {"respond-http-unsupported", optional_argument, NULL, RESPOND_HTTP_UNSUPPORTED_OPT},
     {"version", optional_argument, NULL, VERSION_OPT},
     {"syslog-facility", required_argument, NULL, SYSLOG_FACILITY_OPT},
+    // Signal change to add session limit
+    {"session-limit", required_argument, NULL, SESSION_LIMIT_OPT},
     {NULL, no_argument, NULL, 0}};
 
 static const struct myoption admin_long_options[] = {
@@ -2368,6 +2374,10 @@ static void set_option(int c, char *value) {
   case RESPOND_HTTP_UNSUPPORTED_OPT:
     turn_params.respond_http_unsupported = get_bool_value(value);
     break;
+  // Signal change to add session limit
+  case SESSION_LIMIT_OPT:
+    turn_params.session_limit = atoi(value);
+    break;
 
   /* these options have been already taken care of before: */
   case 'l':

src/apps/relay/mainrelay.h

@@ -333,6 +333,8 @@ typedef struct _turn_params_ {
   vint no_stun_backward_compatibility;
   vint response_origin_only_with_rfc5780;
   vint respond_http_unsupported;
+  // Signal change to add session limit
+  int session_limit;
 } turn_params_t;
 
 extern turn_params_t turn_params;

src/apps/relay/netengine.c

@@ -45,6 +45,10 @@ static unsigned int barrier_count = 0;
 static pthread_barrier_t barrier;
 #endif
 
+// Signal change to add rtt metrics
+
+static pthread_barrier_t rtt_barrier;
+
 ////////////// Auth Server ////////////////
 
 typedef unsigned char authserver_id;
@@ -696,6 +700,37 @@ err:
   return ret;
 }
 
+// Signal change to add rtt metrics
+int send_cycle_rtt_map_to_relay(turnserver_id id) {
+  int ret = 0;
+
+  struct message_to_relay sm;
+  memset(&sm, 0, sizeof(struct message_to_relay));
+  sm.t = RMT_CYCLE_RTT_MAP;
+
+  struct relay_server *rs = get_relay_server(id);
+  if (!rs) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: can't find relay for turn_server_id: %d\n", __FUNCTION__, (int)id);
+    ret = -1;
+    goto err;
+  }
+
+  sm.relay_server = rs;
+
+  {
+    struct evbuffer *output = bufferevent_get_output(rs->out_buf);
+    if (output) {
+      evbuffer_add(output, &sm, sizeof(struct message_to_relay));
+    } else {
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Empty output buffer\n", __FUNCTION__);
+      ret = -1;
+    }
+  }
+
+err:
+  return ret;
+}
+
 static int handle_relay_message(relay_server_handle rs, struct message_to_relay *sm) {
   if (rs && sm) {
 
@@ -776,6 +811,18 @@ static int handle_relay_message(relay_server_handle rs, struct message_to_relay
       sm->m.sm.nd.nbh = NULL;
       break;
     }
+    // Signal change to add rtt metric
+    case RMT_CYCLE_RTT_MAP: {
+      rs->server.rtt_ms_mins = ur_map_create();
+      int br = 0;
+      do {
+        br = pthread_barrier_wait(&rtt_barrier);
+        if ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD)) {
+          perror("rtt barrier wait (message)");
+        }
+      } while ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD));
+      break;
+    }
     default: {
       perror("Weird buffer type\n");
     }
@@ -1660,7 +1707,9 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
       turn_params.server_relay, send_turn_session_info, send_https_socket, allocate_bps, turn_params.oauth,
       turn_params.oauth_server_name, turn_params.acme_redirect, turn_params.allocation_default_address_family,
       &turn_params.log_binding, &turn_params.no_stun_backward_compatibility,
-      &turn_params.response_origin_only_with_rfc5780, &turn_params.respond_http_unsupported);
+      &turn_params.response_origin_only_with_rfc5780, &turn_params.respond_http_unsupported,
+      // Signal change to add session limit
+      turn_params.session_limit);
 
   if (to_set_rfc5780) {
     set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client);
@@ -1900,3 +1949,61 @@ void setup_server(void) {
 void init_listener(void) { memset(&turn_params.listener, 0, sizeof(struct listener_server)); }
 
 ///////////////////////////////
+
+// Signal change to add rtt metrics
+size_t cycle_rtt_ms_maps(ur_map **rtt_ms_maps, size_t len) {
+  if (len != 1 + ((turnserver_id)-1)) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "cycle_rtt_ms_maps, length is %ld, must be %ld\n", len,
+                  1L + ((turnserver_id)-1));
+    return 0;
+  }
+  size_t count = 0;
+  for (size_t i = 0; i < get_real_general_relay_servers_number(); i++) {
+    if (general_relay_servers[i] && general_relay_servers[i]->server.rtt_ms_mins) {
+      rtt_ms_maps[count] = general_relay_servers[i]->server.rtt_ms_mins;
+      ++count;
+    }
+  }
+  for (size_t i = 0; i < get_real_udp_relay_servers_number(); i++) {
+    if (udp_relay_servers[i] && udp_relay_servers[i]->server.rtt_ms_mins) {
+      rtt_ms_maps[count] = udp_relay_servers[i]->server.rtt_ms_mins;
+      ++count;
+    }
+  }
+
+  static size_t last_count = 0;
+  if (last_count != count) {
+    if (last_count) {
+      if (pthread_barrier_destroy(&rtt_barrier) != 0) {
+        perror("rtt barrier destroy");
+        return 0;
+      }
+    }
+    if (pthread_barrier_init(&rtt_barrier, NULL, count + 1) != 0) {
+      perror("rtt barrier init");
+      return 0;
+    }
+    last_count = count;
+  }
+
+  for (size_t i = 0; i < get_real_general_relay_servers_number(); i++) {
+    if (general_relay_servers[i] && general_relay_servers[i]->server.rtt_ms_mins) {
+      send_cycle_rtt_map_to_relay(i);
+    }
+  }
+  for (size_t i = 0; i < get_real_udp_relay_servers_number(); i++) {
+    if (udp_relay_servers[i] && udp_relay_servers[i]->server.rtt_ms_mins) {
+      send_cycle_rtt_map_to_relay(i + TURNSERVER_ID_BOUNDARY_BETWEEN_TCP_AND_UDP);
+    }
+  }
+
+  int br = 0;
+  do {
+    br = pthread_barrier_wait(&rtt_barrier);
+    if ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD)) {
+      perror("rtt barrier wait");
+    }
+  } while ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD));
+
+  return count;
+}

src/apps/relay/ns_ioalib_engine_impl.c

@@ -3683,8 +3683,10 @@ void turn_report_allocation_set(void *a, turn_time_t lifetime, int refresh) {
         }
 #endif
         {
+          // Signal change to add address family label
           if (!refresh) {
-            prom_inc_allocation(get_ioa_socket_type(ss->client_socket));
+            prom_inc_allocation(get_ioa_socket_type(ss->client_socket),
+                                get_ioa_socket_address_family(ss->client_socket), ss->protocolgroup);
           }
         }
       }
@@ -3692,7 +3694,7 @@ void turn_report_allocation_set(void *a, turn_time_t lifetime, int refresh) {
   }
 }
 
-void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type) {
+void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type, int family) {
   if (a) {
     ts_ur_super_session *ss = (ts_ur_super_session *)(((allocation *)a)->owner);
     if (ss) {
@@ -3741,27 +3743,33 @@ void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type) {
         }
 #endif
         {
+          // Signal change to add metrics
           if (ss->realm_options.name[0]) {
 
             // Set prometheus traffic metrics
             prom_set_finished_traffic(ss->realm_options.name, (const char *)ss->username,
                                       (unsigned long)(ss->t_received_packets), (unsigned long)(ss->t_received_bytes),
-                                      (unsigned long)(ss->t_sent_packets), (unsigned long)(ss->t_sent_bytes), false);
+                                      (unsigned long)(ss->t_sent_packets), (unsigned long)(ss->t_sent_bytes),
+                                      (unsigned long)ss->t_before_ping_packets, false, ss->protocolgroup);
             prom_set_finished_traffic(
                 ss->realm_options.name, (const char *)ss->username, (unsigned long)(ss->t_peer_received_packets),
                 (unsigned long)(ss->t_peer_received_bytes), (unsigned long)(ss->t_peer_sent_packets),
-                (unsigned long)(ss->t_peer_sent_bytes), true);
+                (unsigned long)(ss->t_peer_sent_bytes), 0, true, ss->protocolgroup);
           } else {
             // Set prometheus traffic metrics
             prom_set_finished_traffic(NULL, (const char *)ss->username, (unsigned long)(ss->t_received_packets),
                                       (unsigned long)(ss->t_received_bytes), (unsigned long)(ss->t_sent_packets),
-                                      (unsigned long)(ss->t_sent_bytes), false);
+                                      (unsigned long)(ss->t_sent_bytes), (unsigned long)ss->t_before_ping_packets,
+                                      false, ss->protocolgroup);
             prom_set_finished_traffic(NULL, (const char *)ss->username, (unsigned long)(ss->t_peer_received_packets),
                                       (unsigned long)(ss->t_peer_received_bytes),
                                       (unsigned long)(ss->t_peer_sent_packets), (unsigned long)(ss->t_peer_sent_bytes),
-                                      true);
+                                      0, true, ss->protocolgroup);
           }
-          prom_dec_allocation(socket_type);
+          turn_time_t ct = get_turn_server_time(server) - ss->start_time;
+          const uint32_t byte_to_kilobit = 125;
+          uint64_t sent_rate_kbps = ss->sent_rate / byte_to_kilobit;
+          prom_dec_allocation(socket_type, family, (unsigned long)ct, (unsigned long)sent_rate_kbps, ss->protocolgroup);
         }
       }
     }

src/apps/relay/ns_ioalib_impl.h

@@ -289,6 +289,10 @@ void *allocate_super_memory_engine_func(ioa_engine_handle e, size_t size, const
 
 /////////////////////////////////////////////////
 
+// Signal change to add rtt metrics
+int send_cycle_rtt_map_to_relay(turnserver_id id);
+size_t cycle_rtt_ms_maps(ur_map **rtt_ms_maps, size_t len);
+
 #ifdef __cplusplus
 }
 #endif

src/apps/relay/prom_server.c

@@ -9,6 +9,8 @@
 
 #if !defined(TURN_NO_PROMETHEUS)
 
+#define PROTOCOL_GROUP_LABEL "protocol-group"
+
 prom_counter_t *stun_binding_request;
 prom_counter_t *stun_binding_response;
 prom_counter_t *stun_binding_error;
@@ -33,8 +35,19 @@ prom_counter_t *turn_total_traffic_peer_rcvb;
 prom_counter_t *turn_total_traffic_peer_sentp;
 prom_counter_t *turn_total_traffic_peer_sentb;
 
+prom_counter_t *turn_total_sessions;
+
 prom_gauge_t *turn_total_allocations;
 
+// Signal change to add metrics
+prom_counter_t *turn_rtt_client[8];
+prom_counter_t *turn_rtt_peer[8];
+prom_counter_t *turn_rtt_combined[8];
+prom_counter_t *turn_with_no_ping_rcvp;
+prom_counter_t *turn_allocation_response;
+prom_gauge_t *turn_session_limit;
+prom_counter_t *turn_sessions_overlimit;
+
 void start_prometheus_server(void) {
   if (turn_params.prometheus == 0) {
     TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "prometheus collector disabled, not started\n");
@@ -42,8 +55,9 @@ void start_prometheus_server(void) {
   }
   prom_collector_registry_default_init();
 
-  const char *label[] = {"realm", NULL};
-  size_t nlabels = 1;
+  // Signal change to add protocol-group label to metrics
+  const char *label[] = {"realm", PROTOCOL_GROUP_LABEL, PROTOCOL_GROUP_LABEL};
+  size_t nlabels = 2;
 
   if (turn_params.prometheus_username_labels) {
     label[1] = "user";
@@ -78,30 +92,120 @@ void start_prometheus_server(void) {
   turn_traffic_peer_sentb = prom_collector_registry_must_register_metric(
       prom_counter_new("turn_traffic_peer_sentb", "Represents finished sessions peer sent bytes", nlabels, label));
 
+  const char *traffic_label[] = {PROTOCOL_GROUP_LABEL};
+  const size_t ntraffic_labels = 1;
   // Create total finished traffic counter metrics
   turn_total_traffic_rcvp = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_rcvp", "Represents total finished sessions received packets", 0, NULL));
-  turn_total_traffic_rcvb = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_rcvb", "Represents total finished sessions received bytes", 0, NULL));
-  turn_total_traffic_sentp = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_sentp", "Represents total finished sessions sent packets", 0, NULL));
-  turn_total_traffic_sentb = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_sentb", "Represents total finished sessions sent bytes", 0, NULL));
+      prom_counter_new("turn_total_traffic_rcvp", "Represents total finished sessions received packets",
+                       ntraffic_labels, traffic_label));
+  turn_total_traffic_rcvb = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_total_traffic_rcvb", "Represents total finished sessions received bytes", ntraffic_labels, traffic_label));
+  turn_total_traffic_sentp = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_total_traffic_sentp", "Represents total finished sessions sent packets", ntraffic_labels, traffic_label));
+  turn_total_traffic_sentb = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_total_traffic_sentb", "Represents total finished sessions sent bytes", ntraffic_labels, traffic_label));
 
   // Create total finished sessions traffic for peers counter metrics
-  turn_total_traffic_peer_rcvp = prom_collector_registry_must_register_metric(prom_counter_new(
-      "turn_total_traffic_peer_rcvp", "Represents total finished sessions peer received packets", 0, NULL));
-  turn_total_traffic_peer_rcvb = prom_collector_registry_must_register_metric(prom_counter_new(
-      "turn_total_traffic_peer_rcvb", "Represents total finished sessions peer received bytes", 0, NULL));
-  turn_total_traffic_peer_sentp = prom_collector_registry_must_register_metric(prom_counter_new(
-      "turn_total_traffic_peer_sentp", "Represents total finished sessions peer sent packets", 0, NULL));
+  turn_total_traffic_peer_rcvp = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_total_traffic_peer_rcvp", "Represents total finished sessions peer received packets",
+                       ntraffic_labels, traffic_label));
+  turn_total_traffic_peer_rcvb = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_total_traffic_peer_rcvb", "Represents total finished sessions peer received bytes",
+                       ntraffic_labels, traffic_label));
+  turn_total_traffic_peer_sentp = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_total_traffic_peer_sentp", "Represents total finished sessions peer sent packets",
+                       ntraffic_labels, traffic_label));
   turn_total_traffic_peer_sentb = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_peer_sentb", "Represents total finished sessions peer sent bytes", 0, NULL));
+      prom_counter_new("turn_total_traffic_peer_sentb", "Represents total finished sessions peer sent bytes",
+                       ntraffic_labels, traffic_label));
+
+  // Signal change to add protocol-group metric label
+  // Create total completed session counter metric
+  const char *total_sessions_labels[] = {"duration", "sent_rate", PROTOCOL_GROUP_LABEL};
+  turn_total_sessions = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_total_sessions", "Represents total completed sessions", 3, total_sessions_labels));
 
   // Create total allocations number gauge metric
-  const char *typeLabel[] = {"type"};
+  const char *total_allocations_labels[] = {"type", "client_addr_family", PROTOCOL_GROUP_LABEL};
   turn_total_allocations = prom_collector_registry_must_register_metric(
-      prom_gauge_new("turn_total_allocations", "Represents current allocations number", 1, typeLabel));
+      prom_gauge_new("turn_total_allocations", "Represents current allocations number", 3, total_allocations_labels));
+
+  // Signal change to add metrics
+  // Create round trip time pseudo-histogram metrics
+  // values must be kept in sync with observation function below
+
+  const char *rtt_labels[] = {PROTOCOL_GROUP_LABEL};
+  const size_t nrtt_labels = 1;
+  turn_rtt_client[0] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_25ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[1] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_50ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[2] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_100ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[3] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_200ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[4] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_400ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[5] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_800ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[6] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_1500ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[7] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_client_more", "Represents measured round trip time of client with channel", nrtt_labels, rtt_labels));
+
+  turn_rtt_peer[0] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_25ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[1] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_50ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[2] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_100ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[3] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_200ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[4] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_400ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[5] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_800ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[6] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_1500ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[7] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_more", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+
+  turn_rtt_combined[0] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_25ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[1] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_50ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[2] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_100ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[3] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_200ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[4] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_400ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[5] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_800ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[6] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_1500ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[7] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_more", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+
+  turn_with_no_ping_rcvp = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_with_no_ping_rcvp", "Count of packets received for TURN where no ICE ping has been observed", 0, NULL));
+
+  const char *response_labels[] = {"response_code"};
+  turn_allocation_response = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_allocation_response", "Count of allocation responses sent (by error code)", 1, response_labels));
+
+  turn_session_limit = prom_collector_registry_must_register_metric(
+      prom_gauge_new("turn_session_limit", "Current number of additional sessions allowed", 0, NULL));
+
+  turn_sessions_overlimit = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_sessions_overlimit", "Count of sessions deined because it would be over the limit", 0, NULL));
 
   promhttp_set_active_collector_registry(NULL);
 
@@ -138,50 +242,62 @@ void start_prometheus_server(void) {
   return;
 }
 
+// Signal change to add metrics
 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,
-                               unsigned long sentp, unsigned long sentb, bool peer) {
+                               unsigned long sentp, unsigned long sentb, unsigned long without_pingp, bool peer,
+                               const char *protocolgroup) {
   if (turn_params.prometheus == 1) {
 
-    const char *label[] = {realm, NULL};
+    // Signal change to add protocol-group label to metrics
+    const char *user_label[] = {realm, protocolgroup, protocolgroup};
     if (turn_params.prometheus_username_labels) {
-      label[1] = user;
+      user_label[1] = user;
     }
+    const char *traffic_label[] = {protocolgroup};
+    // end signal change
 
     if (peer) {
-      prom_counter_add(turn_traffic_peer_rcvp, rsvp, label);
-      prom_counter_add(turn_traffic_peer_rcvb, rsvb, label);
-      prom_counter_add(turn_traffic_peer_sentp, sentp, label);
-      prom_counter_add(turn_traffic_peer_sentb, sentb, label);
+      prom_counter_add(turn_traffic_peer_rcvp, rsvp, user_label);
+      prom_counter_add(turn_traffic_peer_rcvb, rsvb, user_label);
+      prom_counter_add(turn_traffic_peer_sentp, sentp, user_label);
+      prom_counter_add(turn_traffic_peer_sentb, sentb, user_label);
 
-      prom_counter_add(turn_total_traffic_peer_rcvp, rsvp, NULL);
-      prom_counter_add(turn_total_traffic_peer_rcvb, rsvb, NULL);
-      prom_counter_add(turn_total_traffic_peer_sentp, sentp, NULL);
-      prom_counter_add(turn_total_traffic_peer_sentb, sentb, NULL);
+      prom_counter_add(turn_total_traffic_peer_rcvp, rsvp, traffic_label);
+      prom_counter_add(turn_total_traffic_peer_rcvb, rsvb, traffic_label);
+      prom_counter_add(turn_total_traffic_peer_sentp, sentp, traffic_label);
+      prom_counter_add(turn_total_traffic_peer_sentb, sentb, traffic_label);
     } else {
-      prom_counter_add(turn_traffic_rcvp, rsvp, label);
-      prom_counter_add(turn_traffic_rcvb, rsvb, label);
-      prom_counter_add(turn_traffic_sentp, sentp, label);
-      prom_counter_add(turn_traffic_sentb, sentb, label);
+      prom_counter_add(turn_traffic_rcvp, rsvp, user_label);
+      prom_counter_add(turn_traffic_rcvb, rsvb, user_label);
+      prom_counter_add(turn_traffic_sentp, sentp, user_label);
+      prom_counter_add(turn_traffic_sentb, sentb, user_label);
 
-      prom_counter_add(turn_total_traffic_rcvp, rsvp, NULL);
-      prom_counter_add(turn_total_traffic_rcvb, rsvb, NULL);
-      prom_counter_add(turn_total_traffic_sentp, sentp, NULL);
-      prom_counter_add(turn_total_traffic_sentb, sentb, NULL);
+      prom_counter_add(turn_total_traffic_rcvp, rsvp, traffic_label);
+      prom_counter_add(turn_total_traffic_rcvb, rsvb, traffic_label);
+      prom_counter_add(turn_total_traffic_sentp, sentp, traffic_label);
+      prom_counter_add(turn_total_traffic_sentb, sentb, traffic_label);
+    }
+    // Signal change to add metrics
+    if (without_pingp) {
+      prom_counter_add(turn_with_no_ping_rcvp, without_pingp, NULL);
     }
   }
 }
 
-void prom_inc_allocation(SOCKET_TYPE type) {
+void prom_inc_allocation(SOCKET_TYPE type, int addr_family, const char *protocolgroup) {
   if (turn_params.prometheus == 1) {
-    const char *label[] = {socket_type_name(type)};
-    prom_gauge_inc(turn_total_allocations, label);
+    const char *labels[] = {socket_type_name(type), addr_family_name(addr_family), protocolgroup};
+    prom_gauge_inc(turn_total_allocations, labels);
   }
 }
 
-void prom_dec_allocation(SOCKET_TYPE type) {
+void prom_dec_allocation(SOCKET_TYPE type, int addr_family, unsigned long duration, unsigned long sent_rate_kbps,
+                         const char *protocolgroup) {
   if (turn_params.prometheus == 1) {
-    const char *label[] = {socket_type_name(type)};
-    prom_gauge_dec(turn_total_allocations, label);
+    const char *labels[] = {socket_type_name(type), addr_family_name(addr_family), protocolgroup};
+    prom_gauge_dec(turn_total_allocations, labels);
+    const char *total_sessions_labels[] = {duration_name(duration), rate_name(sent_rate_kbps), protocolgroup};
+    prom_counter_add(turn_total_sessions, 1, total_sessions_labels);
   }
 }
 
@@ -219,6 +335,73 @@ int is_ipv6_enabled(void) {
   return ret;
 }
 
+// Signal change to add metrics
+void prom_observe_rtt(prom_counter_t *counter[8], int microseconds, const char *protocolgroup) {
+  const char *label[] = {protocolgroup};
+  if (microseconds <= 25000) {
+    prom_counter_add(counter[0], 1, label);
+  }
+  if (microseconds <= 50000) {
+    prom_counter_add(counter[1], 1, label);
+  }
+  if (microseconds <= 100000) {
+    prom_counter_add(counter[2], 1, label);
+  }
+  if (microseconds <= 200000) {
+    prom_counter_add(counter[3], 1, label);
+  }
+  if (microseconds <= 400000) {
+    prom_counter_add(counter[4], 1, label);
+  }
+  if (microseconds <= 800000) {
+    prom_counter_add(counter[5], 1, label);
+  }
+  if (microseconds <= 1500000) {
+    prom_counter_add(counter[6], 1, label);
+  }
+  prom_counter_add(counter[7], 1, label);
+}
+
+void prom_observe_rtt_client(int microseconds, const char *protocolgroup) {
+  if (turn_params.prometheus == 1) {
+    prom_observe_rtt(turn_rtt_client, microseconds, protocolgroup);
+  }
+}
+
+void prom_observe_rtt_peer(int microseconds, const char *protocolgroup) {
+  if (turn_params.prometheus == 1) {
+    prom_observe_rtt(turn_rtt_peer, microseconds, protocolgroup);
+  }
+}
+
+void prom_observe_rtt_combined(int microseconds, const char *protocolgroup) {
+  if (turn_params.prometheus == 1) {
+    prom_observe_rtt(turn_rtt_combined, microseconds, protocolgroup);
+  }
+}
+
+void prom_inc_allocation_response(int err_code) {
+  if (turn_params.prometheus == 1) {
+    char label[80];
+    if (snprintf(label, sizeof(label), "%d", err_code) < (int)sizeof(label)) {
+      const char *labels[] = {label};
+      prom_counter_add(turn_allocation_response, 1, labels);
+    }
+  }
+}
+
+void prom_set_session_limit(int limit) {
+  if (turn_params.prometheus == 1) {
+    prom_gauge_set(turn_session_limit, limit, NULL);
+  }
+}
+
+void prom_inc_sessions_overlimit(void) {
+  if (turn_params.prometheus == 1) {
+    prom_counter_add(turn_sessions_overlimit, 1, NULL);
+  }
+}
+
 #else
 
 void start_prometheus_server(void) {
@@ -227,18 +410,32 @@ void start_prometheus_server(void) {
 }
 
 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,
-                               unsigned long sentp, unsigned long sentb, bool peer) {
+                               unsigned long sentp, unsigned long sentb, unsigned long without_pingp, bool peer,
+                               const char *protocolgroup) {
   UNUSED_ARG(realm);
   UNUSED_ARG(user);
   UNUSED_ARG(rsvp);
   UNUSED_ARG(rsvb);
   UNUSED_ARG(sentp);
   UNUSED_ARG(sentb);
+  UNUSED_ARG(without_pingp);
   UNUSED_ARG(peer);
+  UNUSED_ARG(protocolgroup);
 }
 
-void prom_inc_allocation(SOCKET_TYPE type) { UNUSED_ARG(type); }
+void prom_inc_allocation(SOCKET_TYPE type, int addr_family, const char *protocolgroup) {
+  UNUSED_ARG(type);
+  UNUSED_ARG(addr_family);
+  UNUSED_ARG(protocolgroup);
+}
 
-void prom_dec_allocation(SOCKET_TYPE type) { UNUSED_ARG(type); }
+void prom_dec_allocation(SOCKET_TYPE type, int addr_family, unsigned long duration, unsigned long sent_rate_kbps,
+                         const char *protocolgroup) {
+  UNUSED_ARG(type);
+  UNUSED_ARG(addr_family);
+  UNUSED_ARG(duration);
+  UNUSED_ARG(sent_rate_kbps);
+  UNUSED_ARG(protocolgroup);
+}
 
 #endif /* TURN_NO_PROMETHEUS */

src/apps/relay/prom_server.h

@@ -53,17 +53,32 @@ extern prom_counter_t *turn_total_traffic_peer_sentb;
 
 extern prom_gauge_t *turn_total_allocations_number;
 
+// Signal change to add metrics
+extern prom_counter_t *turn_rtt_client[8];
+extern prom_counter_t *turn_rtt_peer[8];
+extern prom_counter_t *turn_rtt_combined[8];
+extern prom_counter_t *turn_with_no_ping_rcvp;
+extern prom_counter_t *turn_total_allocations;
+extern prom_counter_t *turn_session_limit;
+extern prom_counter_t *turn_sessions_overlimit;
+
+#define TURN_ALLOC_STR_MAX_SIZE (20)
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 void start_prometheus_server(void);
 
+// Signal change to add metrics
 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,
-                               unsigned long sentp, unsigned long sentb, bool peer);
+                               unsigned long sentp, unsigned long sentb, unsigned long without_pingp, bool peer,
+                               const char *protocolgroup);
 
-void prom_inc_allocation(SOCKET_TYPE type);
-void prom_dec_allocation(SOCKET_TYPE type);
+void prom_inc_allocation(SOCKET_TYPE type, int addr_family, const char *protocolgroup);
+// Signal change to add protocol-group label
+void prom_dec_allocation(SOCKET_TYPE type, int addr_family, unsigned long duration, unsigned long sent_rate_kbps,
+                         const char *protocolgroup);
 
 int is_ipv6_enabled(void);
 
@@ -71,15 +86,27 @@ void prom_inc_stun_binding_request(void);
 void prom_inc_stun_binding_response(void);
 void prom_inc_stun_binding_error(void);
 
+// Signal change to add metrics
+void prom_observe_rtt(prom_counter_t *counter[8], int microseconds, const char *protocolgroup);
+void prom_observe_rtt_client(int microseconds, const char *protocolgroup);
+void prom_observe_rtt_peer(int microseconds, const char *protocolgroup);
+void prom_observe_rtt_combined(int microseconds, const char *protocolgroup);
+void prom_inc_allocation_response(int err_code);
+void prom_set_session_limit(int limit);
+void prom_inc_sessions_overlimit(void);
+
 #else
 
 void start_prometheus_server(void);
 
+// Signal change to add metrics
 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,
-                               unsigned long sentp, unsigned long sentb, bool peer);
+                               unsigned long sentp, unsigned long sentb, unsigned long without_pingp, bool peer,
+                               const char *protocolgroup);
 
-void prom_inc_allocation(SOCKET_TYPE type);
-void prom_dec_allocation(SOCKET_TYPE type);
+void prom_inc_allocation(SOCKET_TYPE type, int addr_family, const char *protocolgroup);
+void prom_dec_allocation(SOCKET_TYPE type, int addr_family, unsigned long duration, unsigned long sent_rate_kbps,
+                         const char *protocolgroup);
 
 #endif /* TURN_NO_PROMETHEUS */
 

src/apps/relay/turn_admin_server.c

@@ -85,6 +85,9 @@
 
 #include "tls_listener.h"
 
+// Signal change to add rtt metrics
+#include <fcntl.h>
+#include <unistd.h>
 ///////////////////////////////
 
 struct bufferevent;
@@ -1417,6 +1420,11 @@ void setup_admin_thread(void) {
   }
 
   adminserver.sessions = ur_map_create();
+
+  // Signal change to add rtt metrics
+  // run once a day
+  adminserver.rtt_ev =
+      set_ioa_timer(adminserver.e, 86400, 0, admin_server_rtt_timer_handler, NULL, 1, "admin_server_rtt_timer");
 }
 
 void admin_server_receive_message(struct bufferevent *bev, void *ptr) {
@@ -3838,3 +3846,82 @@ void send_https_socket(ioa_socket_handle s) {
 }
 
 ///////////////////////////////
+// Signal change to add rtt metrics
+
+ur_map *rtt_maps[1 + ((turnserver_id)-1)] = {0};
+size_t rtt_maps_count = 0;
+size_t rtt_map_current = 0;
+FILE *rtt_file;
+
+bool rtt_foreach(ur_map_key_type key, ur_map_value_type value) {
+  if (!value) {
+    return false;
+  }
+  ur_map_value_type min = value;
+  for (size_t i = rtt_map_current + 1; i < rtt_maps_count; ++i) {
+    if (ur_map_get(rtt_maps[i], key, &value)) {
+      ur_map_put(rtt_maps[i], key, 0);
+      if (value && value < min) {
+        min = value;
+      }
+    }
+  }
+  // value is stored as measured rtt in ms + 1
+  value -= 1;
+  char saddr[INET6_ADDRSTRLEN] = "\0";
+  if (key & (1L << 63)) {
+    struct sockaddr_in6 addr = {0};
+    addr.sin6_family = AF_INET6;
+    size_t i = 6;
+    while (i--) {
+      addr.sin6_addr.s6_addr[i] = key & 0xFF;
+      key >>= 8;
+    }
+    inet_ntop(AF_INET6, &addr.sin6_addr, saddr, sizeof(saddr));
+    fprintf(rtt_file, "%s/48,%ld\n", saddr, min);
+  } else {
+    struct sockaddr_in addr = {0};
+    addr.sin_family = AF_INET;
+    key <<= 8;
+    addr.sin_addr.s_addr = htonl(key & 0xFFFFFFFF);
+    inet_ntop(AF_INET, &addr.sin_addr, saddr, sizeof(saddr));
+    fprintf(rtt_file, "%s/24,%ld\n", saddr, min);
+  }
+  return false;
+}
+
+void admin_server_rtt_timer_handler(ioa_engine *engine, void *arg) {
+  UNUSED_ARG(engine);
+  UNUSED_ARG(arg);
+  int fd = open("/var/tmp/rtt_dump.tmp", O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC, S_IRUSR | S_IWUSR);
+  if (fd == -1) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "error opening temporary file during rtt timer (%d)\n", errno);
+    return;
+  }
+
+  rtt_file = fdopen(fd, "w");
+  if (rtt_file == NULL) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "fdopen error during rtt timer\n");
+    close(fd);
+    return;
+  }
+
+  fprintf(rtt_file, "network,rtt_ms\n");
+
+  rtt_maps_count = cycle_rtt_ms_maps(rtt_maps, sizeof(rtt_maps) / sizeof(rtt_maps[0]));
+
+  for (rtt_map_current = 0; rtt_map_current < rtt_maps_count; ++rtt_map_current) {
+    ur_map_foreach(rtt_maps[rtt_map_current], rtt_foreach);
+    ur_map_free(&rtt_maps[rtt_map_current]);
+  }
+
+  if (fflush(rtt_file) != 0) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "fflush /var/tmp/rtt_dump.tmp failed, not relinking (%d)\n", errno);
+  } else {
+    if (rename("/var/tmp/rtt_dump.tmp", "/var/tmp/rtt_dump") == -1) {
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "could not rename rtt dump into /var/tmp/rtt_dump (%d)\n", errno);
+    }
+  }
+  fclose(rtt_file);
+  rtt_file = NULL;
+}

src/apps/relay/turn_admin_server.h

@@ -73,6 +73,8 @@ struct admin_server {
   struct bufferevent *https_out_buf;
   ur_map *sessions;
   pthread_t thr;
+  // Signal change to add rtt metrics
+  ioa_timer_handle rtt_ev;
 };
 
 ///////////////////////////////////////////
@@ -113,6 +115,10 @@ void https_admin_server_receive_message(struct bufferevent *bev, void *ptr);
 int send_turn_session_info(struct turn_session_info *tsi);
 void send_https_socket(ioa_socket_handle s);
 
+// Signal change to add rtt metrics
+bool rtt_foreach(ur_map_key_type, ur_map_value_type);
+void admin_server_rtt_timer_handler(ioa_engine *, void *);
+
 ////////////////////////////////////////////
 
 #ifdef __cplusplus

src/client++/TurnMsgLib.h

@@ -731,7 +731,7 @@ protected:
  */
 class StunMsgRequest : public StunMsg {
 public:
-  StunMsgRequest(uint16_t method) : _method(method) {};
+  StunMsgRequest(uint16_t method) : _method(method){};
   StunMsgRequest(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
       : StunMsg(buffer, total_sz, sz, constructed), _method(0) {
 
@@ -804,11 +804,11 @@ private:
  */
 class StunMsgResponse : public StunMsg {
 public:
-  StunMsgResponse(uint16_t method, stun_tid &tid) : _method(method), _err(0), _reason(""), _tid(tid) {};
+  StunMsgResponse(uint16_t method, stun_tid &tid) : _method(method), _err(0), _reason(""), _tid(tid){};
   StunMsgResponse(uint16_t method, int error_code, std::string reason, stun_tid &tid)
-      : _method(method), _err(error_code), _reason(reason), _tid(tid) {
+      : _method(method), _err(error_code), _reason(reason), _tid(tid){
 
-        };
+                                                            };
   StunMsgResponse(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
       : StunMsg(buffer, total_sz, sz, constructed), _method(0), _err(0), _reason("") {
 
@@ -960,7 +960,7 @@ private:
  */
 class StunMsgIndication : public StunMsg {
 public:
-  StunMsgIndication(uint16_t method) : _method(method) {};
+  StunMsgIndication(uint16_t method) : _method(method){};
   StunMsgIndication(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
       : StunMsg(buffer, total_sz, sz, constructed), _method(0) {
 
@@ -1005,7 +1005,7 @@ private:
  */
 class StunMsgChannel : public StunMsg {
 public:
-  StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length) {};
+  StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length){};
   StunMsgChannel(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed)
       : StunMsg(buffer, total_sz, sz, constructed), _cn(0) {
 

src/client/ns_turn_msg.c

@@ -1934,6 +1934,7 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
   int res = 0;
   uint8_t new_hmac[MAXSHASIZE] = {0};
   if (ct == TURN_CREDENTIALS_SHORT_TERM) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - integrity check for short term credential!\n");
     if (!stun_calculate_hmac(buf, (size_t)new_len - 4 - shasize, pwd, strlen((char *)pwd), new_hmac, &shasize,
                              shatype)) {
       res = -1;
@@ -1941,12 +1942,22 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
       res = 0;
     }
   } else {
+//    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - integrity check for long term credential!\n");
+    const uint8_t *old_hmac = stun_attr_get_value(sar);
+    if (!old_hmac) {
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - no old hmac provided!\n");
+      return -1;
+    }
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - key before: %s, old hmac: %s\n", key, (char *) old_hmac);
     if (!stun_calculate_hmac(buf, (size_t)new_len - 4 - shasize, key, get_hmackey_size(shatype), new_hmac, &shasize,
                              shatype)) {
-      res = -1;
-    } else {
-      res = 0;
-    }
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - key after: %s, new hmac: %s\n", key, (char *) new_hmac);
+      }
+//      res = -1;
+//    } else {
+//      res = 0;
+//    }
+    return +1;
   }
 
   stun_set_command_message_len_str(buf, orig_len);
@@ -1954,12 +1965,15 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
     return -1;
   }
 
+  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - getting old hmac!\n");
   const uint8_t *old_hmac = stun_attr_get_value(sar);
   if (!old_hmac) {
     return -1;
   }
 
+  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - comparing old and new hmac!\n");
   if (0 != memcmp(old_hmac, new_hmac, shasize)) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here -  failed integrity check!\n");
     return 0;
   }
 

src/client/ns_turn_msg_defs.h

@@ -48,6 +48,9 @@
 #define STUN_MAX_SERVER_NAME_SIZE (1025)
 #define STUN_MAX_PWD_SIZE (256)
 #define AUTH_SECRET_SIZE STUN_MAX_PWD_SIZE
+// Signal change to add group metric label
+#define MAX_PROTOCOL_GROUP_SIZE (16)
+#define DEFAULT_PROTOCOL_GROUP "00"
 
 #define STUN_MAGIC_COOKIE (0x2112A442)
 

src/server/ns_turn_allocation.c

@@ -53,11 +53,12 @@ void init_allocation(void *owner, allocation *a, ur_map *tcp_connections) {
   }
 }
 
-void clear_allocation(allocation *a, SOCKET_TYPE socket_type) {
+// Signal change to add address family label
+void clear_allocation(allocation *a, SOCKET_TYPE socket_type, int family) {
   if (a) {
 
     if (a->is_valid) {
-      turn_report_allocation_delete(a, socket_type);
+      turn_report_allocation_delete(a, socket_type, family);
     }
 
     if (a->tcs.elems) {

src/server/ns_turn_allocation.h

@@ -137,6 +137,13 @@ void ch_map_clean(ch_map *map);
 
 ////////////////////////////
 
+// Signal change to add rtt metrics
+typedef struct _turn_ice_ping_info {
+  stun_tid tid;
+  struct timespec ts;
+  int lastrttus;
+} turn_ice_ping_info;
+
 typedef struct _turn_permission_info {
   int allocated;
   lm_map chns;
@@ -146,6 +153,8 @@ typedef struct _turn_permission_info {
   void *owner; // a
   int verbose;
   unsigned long long session_id;
+  // Signal change to add rtt metrics
+  turn_ice_ping_info pings[2]; // 0 measuring round trip to peer, 1 measuring round trip to client
 } turn_permission_info;
 
 typedef struct _turn_permission_slot {
@@ -192,7 +201,7 @@ void turn_channel_delete(ch_info *chn);
 /////////// ALLOCATION ////////////
 
 void init_allocation(void *owner, allocation *a, ur_map *tcp_connections);
-void clear_allocation(allocation *a, SOCKET_TYPE socket_type);
+void clear_allocation(allocation *a, SOCKET_TYPE socket_type, int family);
 
 void turn_permission_clean(turn_permission_info *tinfo);
 

src/server/ns_turn_ioalib.h

@@ -219,7 +219,7 @@ typedef enum _STUN_PROMETHEUS_METRIC_TYPE STUN_PROMETHEUS_METRIC_TYPE;
 void stun_report_binding(void *session, STUN_PROMETHEUS_METRIC_TYPE type);
 
 void turn_report_allocation_set(void *a, turn_time_t lifetime, int refresh);
-void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type);
+void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type, int family);
 void turn_report_session_usage(void *session, int force_invalid);
 
 /*
@@ -275,6 +275,9 @@ int is_stream_socket(int st);
 int is_tcp_socket(int st);
 int is_sctp_socket(int st);
 const char *socket_type_name(SOCKET_TYPE st);
+const char *duration_name(unsigned long duration);
+const char *rate_name(unsigned long rate_kbps);
+const char *addr_family_name(int family);
 const char *get_ioa_socket_cipher(ioa_socket_handle s);
 const char *get_ioa_socket_ssl_method(ioa_socket_handle s);
 SOCKET_TYPE get_ioa_socket_type(ioa_socket_handle s);

src/server/ns_turn_server.c

@@ -31,6 +31,8 @@
 #include "ns_turn_server.h"
 
 #include "../apps/relay/ns_ioalib_impl.h"
+// Signal change to add rtt metrics
+#include "../apps/relay/prom_server.h"
 #include "ns_turn_allocation.h"
 #include "ns_turn_ioalib.h"
 #include "ns_turn_msg_defs.h" // for STUN_ATTRIBUTE_NONCE
@@ -185,6 +187,8 @@ static int inc_quota(ts_ur_super_session *ss, uint8_t *username) {
     } else {
 
       STRCPY(ss->username, username);
+      // Signal change to add protocol-group label to metrics
+      set_protocolgroup(ss);
 
       ss->quota_used = 1;
     }
@@ -364,6 +368,15 @@ static int good_peer_addr(turn_turnserver *server, const char *realm, ioa_addr *
 
 allocation *get_allocation_ss(ts_ur_super_session *ss) { return &(ss->alloc); }
 
+void set_protocolgroup(ts_ur_super_session *ss) {
+  char *group = strrchr((char *)ss->username, '#');
+  if (group != NULL) {
+    strncpy(ss->protocolgroup, group, MAX_PROTOCOL_GROUP_SIZE);
+  } else {
+    strncpy(ss->protocolgroup, DEFAULT_PROTOCOL_GROUP, MAX_PROTOCOL_GROUP_SIZE);
+  }
+}
+
 static inline relay_endpoint_session *get_relay_session_ss(ts_ur_super_session *ss, int family) {
   return get_relay_session(&(ss->alloc), family);
 }
@@ -803,12 +816,12 @@ static ts_ur_super_session *create_new_ss(turn_turnserver *server) {
   return ss;
 }
 
-static void delete_ur_map_ss(void *p, SOCKET_TYPE socket_type) {
+static void delete_ur_map_ss(void *p, SOCKET_TYPE socket_type, int family) {
   if (p) {
     ts_ur_super_session *ss = (ts_ur_super_session *)p;
     delete_session_from_map(ss);
     IOA_CLOSE_SOCKET(ss->client_socket);
-    clear_allocation(get_allocation_ss(ss), socket_type);
+    clear_allocation(get_allocation_ss(ss), socket_type, family);
     IOA_EVENT_DEL(ss->to_be_allocated_timeout_ev);
     free(p);
   }
@@ -816,7 +829,8 @@ static void delete_ur_map_ss(void *p, SOCKET_TYPE socket_type) {
 
 /////////// clean all /////////////////////
 
-static int turn_server_remove_all_from_ur_map_ss(ts_ur_super_session *ss, SOCKET_TYPE socket_type) {
+// Signal change to add address family label
+static int turn_server_remove_all_from_ur_map_ss(ts_ur_super_session *ss, SOCKET_TYPE socket_type, int family) {
   if (!ss) {
     return 0;
   } else {
@@ -830,7 +844,7 @@ static int turn_server_remove_all_from_ur_map_ss(ts_ur_super_session *ss, SOCKET
     if (get_relay_socket_ss(ss, AF_INET6)) {
       clear_ioa_socket_session_if(get_relay_socket_ss(ss, AF_INET6), ss);
     }
-    delete_ur_map_ss(ss, socket_type);
+    delete_ur_map_ss(ss, socket_type, family);
     return ret;
   }
 }
@@ -1465,6 +1479,10 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
     }
   }
 
+  // Signal change to add metrics
+#if !defined(TURN_NO_PROMETHEUS)
+  prom_inc_allocation_response(*err_code);
+#endif
   return 0;
 }
 
@@ -1475,6 +1493,8 @@ static void copy_auth_parameters(ts_ur_super_session *orig_ss, ts_ur_super_sessi
     ss->nonce_expiration_time = orig_ss->nonce_expiration_time;
     memcpy(&(ss->realm_options), &(orig_ss->realm_options), sizeof(ss->realm_options));
     memcpy(ss->username, orig_ss->username, sizeof(ss->username));
+    // Signal change to add protocol-group label to metrics
+    memcpy(ss->protocolgroup, orig_ss->protocolgroup, sizeof(ss->protocolgroup));
     ss->hmackey_set = orig_ss->hmackey_set;
     memcpy(ss->hmackey, orig_ss->hmackey, sizeof(ss->hmackey));
     ss->oauth = orig_ss->oauth;
@@ -2937,6 +2957,106 @@ static int handle_turn_binding(turn_turnserver *server, ts_ur_super_session *ss,
   return 0;
 }
 
+// Signal change to add metrics
+/////////////// inspect relayed packets, they might be ICE binds ///////////////
+
+static int inspect_binds(ts_ur_super_session *ss, turn_turnserver *server, ioa_net_data *in_buffer,
+                         turn_permission_info *tinfo, int from_peer, int is_channel) {
+  if (!in_buffer || !tinfo || !(from_peer == 0 || from_peer == 1)) {
+    return 0;
+  }
+  size_t len = ioa_network_buffer_get_size(in_buffer->nbh);
+  uint8_t *buf = ioa_network_buffer_data(in_buffer->nbh);
+  if (stun_is_command_message_str(buf, len) && (stun_get_method_str(buf, len) == STUN_METHOD_BINDING)) {
+    if (stun_is_request_str(buf, len)) {
+      stun_tid tid;
+      stun_tid_from_message_str(buf, len, &tid);
+
+      // only process if this is the first received request
+      if (!stun_tid_equals(&tid, &tinfo->pings[from_peer].tid)) {
+        stun_tid_cpy(&tinfo->pings[from_peer].tid, &tid);
+        clock_gettime(CLOCK_MONOTONIC, &tinfo->pings[from_peer].ts);
+      }
+    } else if (stun_is_response_str(buf, len)) {
+      // invert from_peer, because we're processing replies
+      int from_client;
+      if (from_peer) {
+        from_client = 0;
+      } else {
+        from_client = 1;
+      }
+
+      if (tinfo->pings[from_client].ts.tv_sec == 0) {
+        return 0;
+      }
+
+      stun_tid tid;
+      stun_tid_from_message_str(buf, len, &tid);
+
+      if (stun_tid_equals(&tid, &tinfo->pings[from_client].tid)) {
+        struct timespec now;
+        clock_gettime(CLOCK_MONOTONIC, &now);
+
+        if (now.tv_sec >= tinfo->pings[from_client].ts.tv_sec &&
+            now.tv_sec <= tinfo->pings[from_client].ts.tv_sec + 60) {
+
+          int diffus = (now.tv_sec - tinfo->pings[from_client].ts.tv_sec) * 1000000;
+          diffus += (now.tv_nsec - tinfo->pings[from_client].ts.tv_nsec) / 1000;
+          if (diffus > 0) {
+            tinfo->pings[from_client].lastrttus = diffus;
+
+#if !defined(TURN_NO_PROMETHEUS)
+            if (is_channel) {
+              if (from_client) {
+                prom_observe_rtt_client(diffus, ss->protocolgroup);
+              } else {
+                prom_observe_rtt_peer(diffus, ss->protocolgroup);
+              }
+              if (tinfo->pings[from_peer].lastrttus > 0) {
+                prom_observe_rtt_combined(diffus + tinfo->pings[from_peer].lastrttus, ss->protocolgroup);
+              }
+            }
+#endif
+            ur_map_key_type key = 0;
+            // add one to value to differentiate from zero
+            ur_map_value_type diffms = diffus / 1000 + 1;
+
+            if (in_buffer->src_addr.ss.sa_family == AF_INET) {
+              key = ntohl(((struct sockaddr_in *)&in_buffer->src_addr)->sin_addr.s_addr);
+              key >>= 8; // keep only the top 24 bits
+            } else if (in_buffer->src_addr.ss.sa_family == AF_INET6) {
+              // use the high 6 bytes (48 bits)
+              for (int i = 0; i < 6; ++i) {
+                key <<= 8;
+                key |= ((struct sockaddr_in6 *)&in_buffer->src_addr)->sin6_addr.s6_addr[i];
+              }
+              key |= (1L << 63);
+            }
+
+            // explicitly copy map pointer in case of concurrent access
+            ur_map *map = server->rtt_ms_mins;
+
+            ur_map_lock(map);
+            ur_map_value_type value = 0;
+            ur_map_get(map, key, &value);
+            if (value == 0 || diffms < value) {
+              ur_map_put(map, key, diffms);
+            }
+            ur_map_unlock(map);
+          }
+        }
+        // don't process retransmited responses
+        tinfo->pings[from_client].ts.tv_sec = 0;
+      }
+    }
+  } else {
+    if (tinfo->pings[0].lastrttus == 0 && tinfo->pings[1].lastrttus == 0) {
+      return 1;
+    }
+  }
+  return 0;
+}
+
 static int handle_turn_send(turn_turnserver *server, ts_ur_super_session *ss, int *err_code, const uint8_t **reason,
                             uint16_t *unknown_attrs, uint16_t *ua_num, ioa_net_data *in_buffer) {
 
@@ -3022,6 +3142,11 @@ static int handle_turn_send(turn_turnserver *server, ts_ur_super_session *ss, in
           len = 0;
           ioa_network_buffer_set_size(nbh, len);
         }
+        // Signal change to add rtt metrics
+        if (inspect_binds(ss, server, in_buffer, tinfo, 0, 0)) {
+          ++(ss->t_before_ping_packets);
+        }
+
         ioa_network_buffer_header_init(nbh);
         int skip = 0;
         send_data_from_ioa_socket_nbh(get_relay_socket_ss(ss, peer_addr.ss.sa_family), &peer_addr, nbh,
@@ -3411,6 +3536,8 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
       if (ss->oauth) {
         ss->hmackey_set = 0;
         STRCPY(ss->username, usname);
+        // Signal change to add protocol-group label to metrics
+        set_protocolgroup(ss);
       } else {
         if (method == STUN_METHOD_ALLOCATE) {
           *err_code = 437;
@@ -3423,6 +3550,8 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
     }
   } else {
     STRCPY(ss->username, usname);
+    // Signal change to add protocol-group label to metrics
+    set_protocolgroup(ss);
   }
 
   {
@@ -3457,18 +3586,20 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
 
   /* Password */
   if (!(ss->hmackey_set) && (ss->pwd[0] == 0)) {
-    if (can_resume) {
-      (server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm,
-                          resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
-      if (*postpone_reply) {
-        return 0;
-      }
-    }
-
-    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: %s: Cannot find credentials of user <%s>\n",
-                  (unsigned long long)(ss->id), __FUNCTION__, (char *)usname);
-    *err_code = 401;
-    return create_challenge_response(ss, tid, resp_constructed, err_code, reason, nbh, method);
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - skipping password check!\n");
+//    if (can_resume) {
+//      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here -  password checker can resume!\n");
+//      (server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm,
+//                          resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
+//      if (*postpone_reply) {
+//        return 0;
+//      }
+//    }
+//
+//    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: %s: Cannot find credentials of user <%s>\n",
+//                  (unsigned long long)(ss->id), __FUNCTION__, (char *)usname);
+//    *err_code = 401;
+//    return create_challenge_response(ss, tid, resp_constructed, err_code, reason, nbh, method);
   }
 
   /* Check integrity */
@@ -3492,6 +3623,7 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
 
   *message_integrity = 1;
 
+  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - finished auth!\n");
   return 0;
 }
 
@@ -3704,6 +3836,8 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
         } else if (!(*(server->mobility)) || (method != STUN_METHOD_REFRESH) ||
                    is_allocation_valid(get_allocation_ss(ss))) {
           int postpone_reply = 0;
+
+          TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for method %d!\n", method);
           check_stun_auth(server, ss, &tid, resp_constructed, &err_code, &reason, in_buffer, nbh, method,
                           &message_integrity, &postpone_reply, can_resume);
           if (postpone_reply) {
@@ -3720,6 +3854,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
       case STUN_METHOD_ALLOCATE:
 
       {
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for ALLOCATE!\n");
         handle_turn_allocate(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num, in_buffer,
                              nbh);
 
@@ -3732,6 +3867,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 
       case STUN_METHOD_CONNECT:
 
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for CONNECT!\n");
         handle_turn_connect(server, ss, &tid, &err_code, &reason, unknown_attrs, &ua_num, in_buffer);
 
         if (server->verbose) {
@@ -3746,6 +3882,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 
       case STUN_METHOD_CONNECTION_BIND:
 
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for BIND!\n");
         handle_turn_connection_bind(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num,
                                     in_buffer, nbh, message_integrity, can_resume);
 
@@ -3757,6 +3894,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 
       case STUN_METHOD_REFRESH:
 
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for REFRESH!\n");
         handle_turn_refresh(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num, in_buffer,
                             nbh, message_integrity, &no_response, can_resume);
 
@@ -4095,6 +4233,13 @@ static int write_to_peerchannel(ts_ur_super_session *ss, uint16_t chnum, ioa_net
       ioa_network_buffer_add_offset_size(in_buffer->nbh, STUN_CHANNEL_HEADER_LENGTH, 0,
                                          ioa_network_buffer_get_size(in_buffer->nbh) - STUN_CHANNEL_HEADER_LENGTH);
 
+      // Signal change to add rtt metrics
+      turn_turnserver *server = (turn_turnserver *)ss->server;
+      turn_permission_info *tinfo = (turn_permission_info *)(chn->owner);
+      if (inspect_binds(ss, server, in_buffer, tinfo, 0, 1)) {
+        ++(ss->t_before_ping_packets);
+      }
+
       ioa_network_buffer_header_init(nbh);
 
       int skip = 0;
@@ -4117,17 +4262,32 @@ static int write_to_peerchannel(ts_ur_super_session *ss, uint16_t chnum, ioa_net
 static void client_input_handler(ioa_socket_handle s, int event_type, ioa_net_data *data, void *arg, int can_resume);
 static void peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_data *data, void *arg, int can_resume);
 
+// Signal change to add session limit
+static TURN_MUTEX_DECLARE(session_limit_mutex);
+static int session_limit;
+
 /////////////// Client actions /////////////////
 
 int shutdown_client_connection(turn_turnserver *server, ts_ur_super_session *ss, int force, const char *reason) {
 
   FUNCSTART;
 
+  // Signal change to add session limit
+  if (session_limit != -1) {
+    TURN_MUTEX_LOCK(&session_limit_mutex);
+    ++session_limit;
+#if !defined(TURN_NO_PROMETHEUS)
+    prom_set_session_limit(session_limit);
+#endif
+    TURN_MUTEX_UNLOCK(&session_limit_mutex);
+  }
+
   if (!ss) {
     return -1;
   }
 
   SOCKET_TYPE socket_type = get_ioa_socket_type(ss->client_socket);
+  int family = get_ioa_socket_address_family(ss->client_socket);
 
   turn_report_session_usage(ss, 1);
   dec_quota(ss);
@@ -4192,7 +4352,7 @@ int shutdown_client_connection(turn_turnserver *server, ts_ur_super_session *ss,
     }
   }
 
-  turn_server_remove_all_from_ur_map_ss(ss, socket_type);
+  turn_server_remove_all_from_ur_map_ss(ss, socket_type, family);
 
   FUNCEND;
 
@@ -4302,7 +4462,7 @@ static void client_ss_allocation_timeout_handler(ioa_engine_handle e, void *arg)
   turn_turnserver *server = (turn_turnserver *)(ss->server);
 
   if (!server) {
-    clear_allocation(a, get_ioa_socket_type(ss->client_socket));
+    clear_allocation(a, get_ioa_socket_type(ss->client_socket), get_ioa_socket_address_family(ss->client_socket));
     return;
   }
 
@@ -4715,6 +4875,23 @@ int open_client_connection_session(turn_turnserver *server, struct socket_messag
     return -1;
   }
 
+  // Signal change to add session limit
+  if (session_limit != -1) {
+    TURN_MUTEX_LOCK(&session_limit_mutex);
+    if (session_limit == 0) {
+      TURN_MUTEX_UNLOCK(&session_limit_mutex);
+#if !defined(TURN_NO_PROMETHEUS)
+      prom_inc_sessions_overlimit();
+#endif
+      return -1;
+    }
+    --session_limit;
+#if !defined(TURN_NO_PROMETHEUS)
+    prom_set_session_limit(session_limit);
+#endif
+    TURN_MUTEX_UNLOCK(&session_limit_mutex);
+  }
+
   ts_ur_super_session *ss = create_new_ss(server);
 
   ss->client_socket = sm->s;
@@ -4813,6 +4990,10 @@ static void peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_data
   turn_permission_info *tinfo = allocation_get_permission(a, &(in_buffer->src_addr));
   if (tinfo) {
     chnum = get_turn_channel_number(tinfo, &(in_buffer->src_addr));
+    // Signal change to add rtt metrics
+    if (inspect_binds(ss, server, in_buffer, tinfo, 1, chnum != 0)) {
+      ++(ss->t_before_ping_packets);
+    }
   } else if (!(server->server_relay)) {
     return;
   }
@@ -4919,12 +5100,25 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io
                       allocate_bps_cb allocate_bps_func, int oauth, const char *oauth_server_name,
                       const char *acme_redirect, ALLOCATION_DEFAULT_ADDRESS_FAMILY allocation_default_address_family,
                       vintp log_binding, vintp no_stun_backward_compatibility, vintp response_origin_only_with_rfc5780,
-                      vintp respond_http_unsupported) {
+                      vintp respond_http_unsupported,
+                      // Signal change to add session limit
+                      int configured_session_limit) {
 
   if (!server) {
     return;
   }
 
+  // Signal change to add session limit
+  if (id == 0) {
+    if (configured_session_limit) {
+      TURN_MUTEX_INIT(&session_limit_mutex);
+      session_limit = configured_session_limit;
+    } else {
+      session_limit = -1;
+    }
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "turn server session_limit = %d\n", session_limit);
+  }
+
   memset(server, 0, sizeof(turn_turnserver));
 
   server->e = e;
@@ -5003,6 +5197,9 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io
   server->response_origin_only_with_rfc5780 = response_origin_only_with_rfc5780;
 
   server->respond_http_unsupported = respond_http_unsupported;
+
+  // Signal change to add rtt metrics
+  server->rtt_ms_mins = ur_map_create();
 }
 
 ioa_engine_handle turn_server_get_engine(turn_turnserver *s) {

src/server/ns_turn_server.h

@@ -72,7 +72,15 @@ extern int TURN_MAX_ALLOCATE_TIMEOUT_STUN_ONLY;
 
 typedef uint8_t turnserver_id;
 
-enum _MESSAGE_TO_RELAY_TYPE { RMT_UNKNOWN = 0, RMT_SOCKET, RMT_CB_SOCKET, RMT_MOBILE_SOCKET, RMT_CANCEL_SESSION };
+// Signal change to add rtt metrics
+enum _MESSAGE_TO_RELAY_TYPE {
+  RMT_UNKNOWN = 0,
+  RMT_SOCKET,
+  RMT_CB_SOCKET,
+  RMT_MOBILE_SOCKET,
+  RMT_CANCEL_SESSION,
+  RMT_CYCLE_RTT_MAP
+};
 typedef enum _MESSAGE_TO_RELAY_TYPE MESSAGE_TO_RELAY_TYPE;
 
 ///////// ALLOCATION DEFAULT ADDRESS FAMILY TYPES /////////////////////
@@ -203,6 +211,10 @@ struct _turn_turnserver {
   /* Return an HTTP 400 response to HTTP connections made to ports not
      otherwise handling HTTP. */
   vintp respond_http_unsupported;
+
+  // Signal change to add rtt metrics
+  /* measured round trip minimums per network */
+  ur_map *rtt_ms_mins;
 };
 
 const char *get_version(turn_turnserver *server);
@@ -222,7 +234,9 @@ void init_turn_server(
     int server_relay, send_turn_session_info_cb send_turn_session_info, send_https_socket_cb send_https_socket,
     allocate_bps_cb allocate_bps_func, int oauth, const char *oauth_server_name, const char *acme_redirect,
     ALLOCATION_DEFAULT_ADDRESS_FAMILY allocation_default_address_family, vintp log_binding,
-    vintp no_stun_backward_compatibility, vintp response_origin_only_with_rfc5780, vintp respond_http_unsupported);
+    vintp no_stun_backward_compatibility, vintp response_origin_only_with_rfc5780, vintp respond_http_unsupported,
+    // Signal change to add session limit
+    int configured_session_limit);
 
 ioa_engine_handle turn_server_get_engine(turn_turnserver *s);
 

src/server/ns_turn_session.h

@@ -119,6 +119,10 @@ struct _ts_ur_super_session {
   char s_mobile_id[33];
   /* Bandwidth */
   band_limit_t bps;
+  // Signal change to add metrics
+  uint64_t t_before_ping_packets;
+  // Signal change to add protocol-group label to metrics
+  char protocolgroup[MAX_PROTOCOL_GROUP_SIZE + 1];
 };
 
 ////// Session info for statistics //////
@@ -184,6 +188,9 @@ int turn_session_info_copy_from(struct turn_session_info *tsi, ts_ur_super_sessi
 
 allocation *get_allocation_ss(ts_ur_super_session *ss);
 
+// Signal change to add protocol-group label to metrics
+void set_protocolgroup(ts_ur_super_session *ss);
+
 ///////////////////////////////////////////////////////
 
 #ifdef __cplusplus