Disable integrity check for password

fix lint
Revert "accept but ignore permissions to forbidden IPs"
2024-10-02 14:04:27 -07:00 · 2024-09-17 14:55:50 -07:00 · 2024-09-17 14:36:02 -07:00 · 2024-09-17 14:00:20 -07:00 · 2024-05-29 11:40:23 -07:00 · 2024-05-29 11:40:23 -07:00
68 changed files with 2284 additions and 1745 deletions
--- a/.github/workflows/actions/ubuntu-build-deps/action.yml
+++ b/.github/workflows/actions/ubuntu-build-deps/action.yml
@ -14,7 +14,7 @@ runs:
    - name: check if sudo is set
      shell: bash
      run: |
-        if [ ${{ inputs.SUDO }} = true ]
+        if [ ${{inputs.SUDO}} = true ]
        then
          AS_ROOT="sudo"
        else
@ -24,12 +24,12 @@ runs:

    - name: apt update
      shell: bash
-      run: ${{ env.AS_ROOT }} apt update
+      run: ${{env.AS_ROOT}} apt update

    - name: install build tools
      shell: bash
      run: |
-        ${{ env.AS_ROOT }} apt install -y \
+        ${{env.AS_ROOT}} apt install -y \
            build-essential \
            clang \
            clang-tidy \
@ -42,7 +42,7 @@ runs:
    - name: install coturn dependencies
      shell: bash
      run: |
-        ${{ env.AS_ROOT }} apt install -y \
+        ${{env.AS_ROOT}} apt install -y \
            libevent-dev \
            libssl-dev \
            libpq-dev \
@ -57,5 +57,5 @@ runs:
      shell: bash
      run: |
        wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb
-        ${{ env.AS_ROOT }} apt install -y ./libprom-dev-0.1.3-Linux.deb
-      working-directory: /tmp/
+        wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libpromhttp-dev-0.1.3-Linux.deb
+        ${{env.AS_ROOT}} apt install -y ./libprom-dev-0.1.3-Linux.deb ./libpromhttp-dev-0.1.3-Linux.deb
--- a/.github/workflows/amazon_linux_tests.yml
+++ b/.github/workflows/amazon_linux_tests.yml
@ -0,0 +1,46 @@
+name: AmazonLinux
+
+on:
+  push:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+# make GHA actions use node16 to use ancient container images
+# See https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
+# Unclear how long this will work though
+env:
+  ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+
+jobs:
+  builds:
+    strategy:
+      fail-fast: false
+      matrix:
+        # amazonlinux 2 is end-of-life 2025-06
+        os: [ 'amazonlinux:2', 'amazonlinux:2023' ]
+
+    runs-on: ubuntu-latest
+    container: ${{ matrix.os }}
+
+    steps:
+    - name: Install Dependencies
+      run: |
+        yum install -y gcc make gzip tar openssl-devel libevent-devel
+    # Delay checkout until after dependencies have been installed. Amazon linux is very minimal and lacks basic stuff by default.
+    # use v3 of checkout until the weird container, nodejs, glibc issue is fixed
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Configure
+      run: ./configure
+
+    - name: Compile
+      run: make
+
+    - name: Unit Test
+      run: make check
+
+    - name: Integration Test
+      working-directory: examples
+      run: ./run_tests.sh && ./run_tests_conf.sh
--- a/.github/workflows/clang-tidy.yml
+++ b/.github/workflows/clang-tidy.yml
@ -0,0 +1,47 @@
+name: clang-tidy
+
+on:
+  push:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+jobs:
+  clang-tidy:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        config: [Release]
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: install dependencies
+      uses: ./.github/workflows/actions/ubuntu-build-deps
+      with:
+        SUDO: true
+
+    - name: Configure
+      run: |
+        cmake -G Ninja -B build -DCMAKE_BUILD_TYPE=${{ matrix.config }} -DCMAKE_EXPORT_COMPILE_COMMANDS=true
+
+    - name: Compile
+      run: |
+        cmake --build build --parallel --config ${{ matrix.config }}
+
+    # Implicitly requires build/compile_commands.json to exist
+    - name: Run Clang Tidy
+      run: |
+        wget https://raw.githubusercontent.com/llvm/llvm-project/llvmorg-14.0.6/clang-tools-extra/clang-tidy/tool/run-clang-tidy.py
+        chmod +x run-clang-tidy.py
+        ./run-clang-tidy.py -j $(nproc) -p build
+
+    # Implicitly requires build/compile_commands.json to exist
+    - name: Run IWYU
+      run: |
+        wget https://raw.githubusercontent.com/include-what-you-use/include-what-you-use/clang_14/iwyu_tool.py
+        chmod +x iwyu_tool.py
+        # iwyu_tool.py returns non-zero if any executions returned nonzero. Which... happens to be useless unless the project is already IWYU clean.
+        ./iwyu_tool.py -j $(nproc) -p build -- -Xiwyu --mapping_file=${GITHUB_WORKSPACE}/iwyu-ubuntu.imp | grep -v "has correct" | uniq || exit 0
--- a/.github/workflows/clang.yml
+++ b/.github/workflows/clang.yml
@ -1,105 +0,0 @@
-name: Clang
-
-on:
-  push:
-    branches: ["master"]
-    tags: ["4.*"]
-  pull_request:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  format:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install dependencies
-        uses: ./.github/workflows/actions/ubuntu-build-deps
-        with:
-          SUDO: true
-
-      - name: Install `clang-format-15`
-        run: sudo apt install -y clang-format-15
-      - name: Prepare `clang-format`
-        run: |
-          set -e
-          if which clang-format-15 2>&1 >/dev/null
-          then
-              sudo cp $(which clang-format-15) $(which clang-format)
-          fi
-          clang-format --version
-
-      - run: ./configure
-
-      - run: make lint
-
-  sanitize:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        sanitizer:
-          - address,pointer-compare,pointer-subtract
-          - thread
-    env:
-      CFLAGS:       -fno-omit-frame-pointer -fstack-protector-all -fsanitize=${{ matrix.sanitizer }},bounds,enum -fsanitize-address-use-after-scope -fsanitize-address-use-after-return=always -fsanitize-recover=address -fsanitize-memory-track-origins=2
-      CC:           clang
-      ASAN_OPTIONS: strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:detect_leaks=0:detect_invalid_pointer_pairs=1:halt_on_error=0
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install dependencies
-        uses: ./.github/workflows/actions/ubuntu-build-deps
-        with:
-          SUDO: true
-
-      - run: ./configure
-      - run: make -j $(nproc)
-
-      - run: make check
-
-      - run: ./run_tests.sh
-        working-directory: examples/
-      - run: ./run_tests_conf.sh
-        working-directory: examples/
-      - run: ./run_tests_prom.sh
-        working-directory: examples/
-
-  tidy:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        config: ["Release"]
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install dependencies
-        uses: ./.github/workflows/actions/ubuntu-build-deps
-        with:
-          SUDO: true
-
-      - name: Configure
-        run: cmake -G Ninja -B build -DCMAKE_BUILD_TYPE=${{ matrix.config }} 
-                                     -DCMAKE_EXPORT_COMPILE_COMMANDS=true
-      - name: Compile
-        run: cmake --build build --parallel --config ${{ matrix.config }}
-
-      # Implicitly requires `build/compile_commands.json` to exist
-      - name: Run `clang-tidy`
-        run: |
-          set -e
-          wget https://raw.githubusercontent.com/llvm/llvm-project/llvmorg-14.0.6/clang-tools-extra/clang-tidy/tool/run-clang-tidy.py
-          chmod +x run-clang-tidy.py
-          ./run-clang-tidy.py -j $(nproc) -p build
-
-      # Implicitly requires `build/compile_commands.json` to exist
-      - name: Run IWYU
-        run: |
-          set -e
-          wget https://raw.githubusercontent.com/include-what-you-use/include-what-you-use/clang_14/iwyu_tool.py
-          chmod +x iwyu_tool.py
-          # iwyu_tool.py returns non-zero if any executions returned nonzero. Which... happens to be useless unless the project is already IWYU clean.
-          ./iwyu_tool.py -j $(nproc) -p build -- -Xiwyu --mapping_file=${GITHUB_WORKSPACE}/iwyu-ubuntu.imp | grep -v "has correct" | uniq || exit 0
--- a/.github/workflows/cmake.yaml
+++ b/.github/workflows/cmake.yaml
@ -2,46 +2,40 @@ name: CMake

 on:
  push:
-    branches: ["master"]
-    tags: ["4.*"]
  pull_request:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+    types: [ opened, reopened, synchronize ]

 env:
  BUILD_TYPE: Release

 jobs:
  build:
+
    runs-on: ubuntu-20.04
+
    steps:
-      - name: Install dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y \
-              libevent-dev \
-              libssl-dev \
-              libpq-dev libmariadb-dev libsqlite3-dev \
-              libhiredis-dev \
-              libmongoc-dev \
-              libmicrohttpd-dev \
-              wget
-      - uses: actions/checkout@v4
-      - name: Prometheus support
-        run: |
-          wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb && \
-              sudo apt install ./libprom-dev-0.1.3-Linux.deb && \
-              rm ./libprom-dev-0.1.3-Linux.deb
-
-      - name: Configure
-        run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-      - name: Build
-        run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
-
-      - run: ./run_tests.sh
-        working-directory: examples/
-      - run: ./run_tests_conf.sh
-        working-directory: examples/
+    - name: Install dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y \
+            wget \
+            libevent-dev \
+            libssl-dev \
+            libpq-dev libmariadb-dev libsqlite3-dev \
+            libhiredis-dev \
+            libmongoc-dev \
+            libmicrohttpd-dev
+    - uses: actions/checkout@v4
+    - name: Prometheus support
+      run: |
+        wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb && \
+            wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libpromhttp-dev-0.1.3-Linux.deb && \
+            sudo apt install ./libprom-dev-0.1.3-Linux.deb ./libpromhttp-dev-0.1.3-Linux.deb && \
+            rm ./libprom-dev-0.1.3-Linux.deb ./libpromhttp-dev-0.1.3-Linux.deb
+    - name: Configure CMake
+      run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
+    - name: Build
+      run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
+    - name: apps tests
+      run: cd examples && ./run_tests.sh && ./run_tests_conf.sh
+      
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -1,43 +1,42 @@
-name: CodeQL
+name: "CodeQL"

 on:
  push:
-    branches: ["master"]
-    tags: ["4.*"]
  pull_request:
-    branches: ["master"]
+    types: [ opened, reopened, synchronize ]
  schedule:
-    - cron: "6 13 * * 4"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+    - cron: '6 13 * * 4'

 env:
  BUILD_TYPE: Release

 jobs:
  analyze:
+    name: CodeQL Analyze
    runs-on: ubuntu-latest
    permissions:
      security-events: write
+
    steps:
-      - uses: actions/checkout@v4
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0

-      - name: Install dependencies
-        uses: ./.github/workflows/actions/ubuntu-build-deps
-        with:
-          SUDO: true
+    - name: Install Dependencies
+      uses: ./.github/workflows/actions/ubuntu-build-deps
+      with:
+        SUDO: true

-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: cpp
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: cpp

-      - name: Configure
-        run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-      - name: Build
-        run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
+    - name: Configure
+      run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}

-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+    - name: Build
+      run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
--- a/.github/workflows/compiler-sanitizers.yml
+++ b/.github/workflows/compiler-sanitizers.yml
@ -0,0 +1,47 @@
+name: compiler-sanitizers
+
+on:
+  push:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+jobs:
+  compiler-sanitizers:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        sanitizer: [ 'address,pointer-compare,pointer-subtract', 'thread' ]
+
+    env:
+      CFLAGS:       "-fno-omit-frame-pointer -fstack-protector-all -fsanitize=${{matrix.sanitizer}},bounds,enum -fsanitize-address-use-after-scope -fsanitize-address-use-after-return=always -fsanitize-recover=address -fsanitize-memory-track-origins=2"
+      CC:           "clang"
+      ASAN_OPTIONS: "strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:detect_leaks=0:detect_invalid_pointer_pairs=1:halt_on_error=0"
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    
+    - name: install dependencies
+      uses: ./.github/workflows/actions/ubuntu-build-deps
+      with:
+        SUDO: true
+
+
+    - name: Configure
+      run: |
+        ./configure
+
+    - name: Compile
+      run: |
+        make -j $(nproc)
+
+    - name: Check
+      run: |
+        make check
+
+    - name: Test
+      run: |
+        cd examples
+        ./run_tests.sh && ./run_tests_conf.sh
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -1,4 +1,4 @@
-name: Docker
+name: Docker CI

 on:
  push:
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -0,0 +1,35 @@
+name: Lint
+
+on:
+  push:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Install Dependencies
+      uses: ./.github/workflows/actions/ubuntu-build-deps
+      with:
+        SUDO: true
+
+    - name: Install clang-format-15
+      run: sudo apt install -y clang-format-15
+
+    - name: Configure
+      run: ./configure
+
+    - name: lint
+      run: |
+        if which clang-format-15 2>&1 >/dev/null
+        then
+            sudo cp $(which clang-format-15) $(which clang-format)
+        fi
+        clang-format --version
+        make lint
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@ -1,70 +0,0 @@
-name: Linux
-
-on:
-  push:
-    branches: ["master"]
-    tags: ["4.*"]
-  pull_request:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  build:
-    name: build + test
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - amazonlinux:2023
-          - ubuntu:20.04
-          - ubuntu:22.04
-          - ubuntu:24.04
-    runs-on: ubuntu-latest
-    container:
-      image: ${{ matrix.os }}
-      volumes:
-        - ${{ contains('amazonlinux:2 ubuntu:16.04 ubuntu:18.04', matrix.os) && '/node20217:/node20217:rw,rshared' || ' ' }}
-        - ${{ contains('amazonlinux:2 ubuntu:16.04 ubuntu:18.04', matrix.os) && '/node20217:/__e/node20:ro,rshared' || ' ' }}
-    steps:
-      - name: Install `yum` dependencies
-        run: yum install -y gcc make gzip tar openssl-devel libevent-devel wget which
-        if: ${{ contains(matrix.os, 'amazonlinux') }}
-
-      - name: Install Node.js 20 built against glibc 2.17 for GitHub Actions
-        run: |
-          set -ex
-          which apt \
-             && apt update \
-             && apt install -y wget xz-utils
-          which yum \
-             && yum install -y wget xz
-          wget https://unofficial-builds.nodejs.org/download/release/v20.9.0/node-v20.9.0-linux-x64-glibc-217.tar.xz
-          tar -xf node-v20.9.0-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217
-          ldd /__e/node20/bin/node
-        working-directory: /tmp/
-        if: ${{ contains('amazonlinux:2 ubuntu:16.04 ubuntu:18.04', matrix.os) }}
-
-      - uses: actions/checkout@v4
-
-      - name: Install `apt` dependencies
-        # Set env variable or otherwise `tzdata` package requires interaction.
-        env:
-          DEBIAN_FRONTEND: noninteractive
-        uses: ./.github/workflows/actions/ubuntu-build-deps
-        if: ${{ contains(matrix.os, 'ubuntu') }}
-
-      - run: ./configure
-      - run: make
-
-      - run: make check
-
-      - run: ./run_tests.sh
-        working-directory: examples/
-      - run: ./run_tests_conf.sh
-        working-directory: examples/
-      - run: ./run_tests_prom.sh
-        working-directory: examples/
-        if: ${{ contains(matrix.os, 'ubuntu') }}
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@ -1,85 +1,59 @@
-name: macOS
+name: MacOS

 on:
  push:
-    branches: ["master"]
-    tags: ["4.*"]
  pull_request:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+    types: [ opened, reopened, synchronize ]

 jobs:
-  build:
-    name: build + test
+  builds:
    strategy:
      fail-fast: false
      matrix:
-        ver: ["13", "14", "15"]
-    runs-on: macos-${{ matrix.ver }}
-    steps:
-      - uses: actions/checkout@v4
+        os: [ 'macos-12', 'macos-13', 'macos-14' ]
+    runs-on: ${{ matrix.os }}

-      - name: Relink `python` package in `brew`
-        # Unlink and re-link to prevent errors when GitHub `macos` runner images
-        # install `python` outside of `brew`, for example:
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Brew - Relink Python
+      run: |
+        # Unlink and re-link to prevent errors when github mac runner images
+        # install python outside of brew, for example:
        # https://github.com/orgs/Homebrew/discussions/3895
        # https://github.com/actions/setup-python/issues/577
        # https://github.com/actions/runner-images/issues/6459
        # https://github.com/actions/runner-images/issues/6507
        # https://github.com/actions/runner-images/issues/2322
-        run: brew list -1 
-             | grep python 
-             | while read formula; do brew unlink $formula; brew link --overwrite $formula; done
+        brew list -1 | grep python | while read formula; do brew unlink $formula; brew link --overwrite $formula; done

-      - run: brew update
-      - run: brew install wget pkg-config libevent openssl@1.1 sqlite hiredis mongo-c-driver libmicrohttpd
+    - name: Brew - Update pkg listings
+      run: |
+        brew update

-      - run: ./configure
-        env:
-          PKG_CONFIG_PATH: "${{ env.PKG_CONFIG_PATH }}:/usr/local/opt/openssl@1.1/lib/pkgconfig"
-      - run: make
+    - name: Brew - Install Dependencies
+      run: |
+        brew install \
+            wget \
+            pkg-config \
+            libevent \
+            openssl@1.1 \
+            sqlite \
+            hiredis \
+            mongo-c-driver \
+            libmicrohttpd

-      - run: make check
+    - name: Configure
+      run: PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/opt/openssl@1.1/lib/pkgconfig ./configure

-      - run: ./run_tests.sh
-        working-directory: examples/
-      - run: ./run_tests_conf.sh
-        working-directory: examples/
+    - name: Compile
+      run: make

-  build-cmake:
-    name: build + test cmake
-    strategy:
-      fail-fast: false
-      matrix:
-        ver: ["15"]
-    runs-on: macos-${{ matrix.ver }}
-    steps:
-      - uses: actions/checkout@v4
+    - name: Unit Test
+      run: make check

-      - name: Relink `python` package in `brew`
-        # Unlink and re-link to prevent errors when GitHub `macos` runner images
-        # install `python` outside of `brew`, for example:
-        # https://github.com/orgs/Homebrew/discussions/3895
-        # https://github.com/actions/setup-python/issues/577
-        # https://github.com/actions/runner-images/issues/6459
-        # https://github.com/actions/runner-images/issues/6507
-        # https://github.com/actions/runner-images/issues/2322
-        run: brew list -1 
-              | grep python 
-              | while read formula; do brew unlink $formula; brew link --overwrite $formula; done
-
-      - run: brew update
-      - run: brew install wget pkg-config libevent openssl@1.1 sqlite hiredis mongo-c-driver libmicrohttpd
-
-      - name: Configure
-        run: cmake -B ${{github.workspace}}/build
-      - name: Build
-        run: cmake --build ${{github.workspace}}/build
-
-      - run: ./run_tests.sh
-        working-directory: examples/
-      - run: ./run_tests_conf.sh
-        working-directory: examples/
+    - name: Integration Test
+      working-directory: examples
+      run: ./run_tests.sh && ./run_tests_conf.sh
--- a/.github/workflows/mingw.yml
+++ b/.github/workflows/mingw.yml
@ -1,120 +1,129 @@
-name: MinGW
+name: mingw

 on:
  push:
-    branches: ["master"]
-    tags: ["4.*"]
  pull_request:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+    types: [ opened, reopened, synchronize ]

 jobs:
  build:
    name: build
+
    strategy:
-      fail-fast: false
      matrix:
-        os: ["windows"]
-        # Customize the CMake build type here (`Release`, `Debug`, `RelWithDebInfo`, etc.)
-        BUILD_TYPE: ["Release", "Debug"]
-        BUILD_SHARED_LIBS: ["OFF"]
+        os: [windows-latest]
+        # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
+        BUILD_TYPE: [Release, Debug]
+        BUILD_SHARED_LIBS: [OFF]
+
    defaults:
      run:
        shell: cmd
-    runs-on: ${{ matrix.os }}-latest
+        
+    runs-on: ${{ matrix.os }}
    env:
      BUILD_TYPE:  ${{ matrix.BUILD_TYPE }}
-      SOURCE_DIR:  ${{ github.workspace }}\.cache\source
-      TOOSL_DIR:   ${{ github.workspace }}\.cache\tools
-      INSTALL_DIR: ${{ github.workspace }}\.cache\install_mingw_2022_02_15
+      SOURCE_DIR:  ${{github.workspace}}\.cache\source
+      TOOSL_DIR:   ${{github.workspace}}\.cache\tools
+      INSTALL_DIR: ${{github.workspace}}\.cache\install_mingw_2022_02_15
+
    steps:
-      - uses: actions/checkout@v4
+    - uses: actions/checkout@v4
+      #with:
+        #fetch-depth: 0
            
-      - name: Install dependencies
-        run: |
-          C:\msys64\usr\bin\pacman.exe -S --noconfirm ^
-              mingw-w64-x86_64-cmake ^
-              mingw-w64-x86_64-make ^
-              mingw-w64-x86_64-nsis ^
-              mingw-w64-x86_64-gcc ^
-              mingw-w64-x86_64-zlib ^
-              mingw-w64-x86_64-openssl ^
-              mingw-w64-x86_64-libevent ^
-              mingw-w64-x86_64-sqlite3 ^
-              mingw-w64-x86_64-hiredis ^
-              mingw-w64-x86_64-postgresql ^
-              mingw-w64-x86_64-libmicrohttpd ^
-              git base-devel
-        env:
-          PATH: C:\msys64\usr\bin
+    - name: pacman
+      env:
+        PATH: C:\msys64\usr\bin
+      run: |
+        C:\msys64\usr\bin\pacman.exe -S --noconfirm ^
+            mingw-w64-x86_64-cmake ^
+            mingw-w64-x86_64-make ^
+            mingw-w64-x86_64-nsis ^
+            mingw-w64-x86_64-gcc ^
+            mingw-w64-x86_64-zlib ^
+            mingw-w64-x86_64-openssl ^
+            mingw-w64-x86_64-libevent ^
+            mingw-w64-x86_64-sqlite3 ^
+            mingw-w64-x86_64-hiredis ^
+            mingw-w64-x86_64-postgresql ^
+            mingw-w64-x86_64-libmicrohttpd ^
+            git base-devel

-      - name: Create directories
-        run: |
-          cmake -E make_directory ${{ env.SOURCE_DIR }}
-          cmake -E make_directory ${{ env.TOOSL_DIR }}
-          cmake -E make_directory ${{ env.INSTALL_DIR }}
+    - name: make_directory
+      run: |
+        cmake -E make_directory ${{env.SOURCE_DIR}}
+        cmake -E make_directory ${{env.TOOSL_DIR}}
+        cmake -E make_directory ${{env.INSTALL_DIR}}
    
-      - name: Cache installed
-        uses: actions/cache@v4
-        id: cache-installed
-        with:
-          path: ${{ env.INSTALL_DIR }}
-          key: coturn-cache-installed-mingw
+    - name: Cache installed
+      uses: actions/cache@v4
+      id: cache-installed
+      with:
+        path: |
+          ${{env.INSTALL_DIR}}
+        key: coturn-cache-installed-mingw

-      - name: Build Prometheus
-        run: |
-          cd ${{ env.SOURCE_DIR }}
-          git clone https://github.com/digitalocean/prometheus-client-c.git
-          cd prometheus-client-c/prom
-          mkdir build
-          cd build
-          cmake .. -G"MinGW Makefiles" ^
-              -DBUILD_SHARED_LIBS=${{ matrix.BUILD_SHARED_LIBS }} ^
-              -DCMAKE_BUILD_TYPE=${{ matrix.BUILD_TYPE }} ^
-              -DCMAKE_INSTALL_PREFIX=${{ env.INSTALL_DIR }}
-          cmake --build . --config ${{ matrix.BUILD_TYPE }}
-          cmake --build . --config ${{ matrix.BUILD_TYPE }} --target install
-        env:
-          MSYSTEM: MINGW64
-          PATH: C:\msys64\mingw64\bin;C:\msys64\usr\bin
-        working-directory: ${{ env.SOURCE_DIR }}
-        if: ${{ false }}
+    - name: build prometheus
+      if: false
+      working-directory: ${{env.SOURCE_DIR}}
+      env:
+        MSYSTEM: MINGW64
+        PATH: C:\msys64\mingw64\bin;C:\msys64\usr\bin
+      run: |
+        cd ${{env.SOURCE_DIR}}
+        git clone https://github.com/digitalocean/prometheus-client-c.git
+        cd prometheus-client-c/prom
+        mkdir build
+        cd build
+        cmake .. -G"MinGW Makefiles" ^
+            -DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
+            -DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
+            -DCMAKE_INSTALL_PREFIX=${{env.INSTALL_DIR}}
+        cmake --build . --config ${{matrix.BUILD_TYPE}}
+        cmake --build . --config ${{matrix.BUILD_TYPE}} --target install
+        cd ${{env.SOURCE_DIR}}/prometheus-client-c/promhttp
+        mkdir build
+        cd build
+        cmake .. -G"MinGW Makefiles" ^
+            -DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
+            -DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
+            -DCMAKE_INSTALL_PREFIX=${{env.INSTALL_DIR}}
+        cmake --build . --config ${{matrix.BUILD_TYPE}}
+        cmake --build . --config ${{matrix.BUILD_TYPE}} --target install
        
-      - name: Build Coturn
-        run: |
-          cmake -E make_directory build
-          cd build
-          cmake .. -G"MinGW Makefiles" ^
-              -DBUILD_SHARED_LIBS=${{ matrix.BUILD_SHARED_LIBS }} ^
-              -DCMAKE_BUILD_TYPE=${{ matrix.BUILD_TYPE }} ^
-              -DCMAKE_INSTALL_PREFIX=${{ github.workspace }}/build/install
-          cmake --build . --config ${{ matrix.BUILD_TYPE }}
-          cmake --build . --config ${{ matrix.BUILD_TYPE }} --target install
-        env:
-          MSYSTEM: MINGW64
-          PATH: C:\msys64\mingw64\bin;C:\msys64\usr\bin
-          Prometheus_ROOT: ${{ env.INSTALL_DIR }}
-        working-directory: ${{ github.workspace }}
+    - name: build coturn
+      working-directory: ${{github.workspace}}
+      env:
+        MSYSTEM: MINGW64
+        PATH: C:\msys64\mingw64\bin;C:\msys64\usr\bin
+        Prometheus_ROOT: ${{env.INSTALL_DIR}}
+      run: |
+        cmake -E make_directory build
+        cd build
+        cmake .. -G"MinGW Makefiles" ^
+            -DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
+            -DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
+            -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/build/install
+        cmake --build . --config ${{matrix.BUILD_TYPE}}
+        cmake --build . --config ${{matrix.BUILD_TYPE}} --target install

-      - name: Package
-        run: |
-          copy /Y ${{ env.INSTALL_DIR }}\bin\*.dll install\bin
-          copy /Y ${{ env.INSTALL_DIR }}\lib\*.dll install\bin
-          copy /Y ${{ env.RUNVCPKG_VCPKG_ROOT }}\installed\${{ env.RUNVCPKG_VCPKG_TRIPLET_OUT }}\bin\*.dll install\bin
-          7z a coturn_windows_mingw.zip ${{ github.workspace }}\build\install\*
-          cmake --build . --config ${{ matrix.BUILD_TYPE }} --target package
-        working-directory: ${{ github.workspace }}\build
-        if: ${{ matrix.BUILD_TYPE == 'Release' }}
+    - name: Package
+      if: ${{ matrix.BUILD_TYPE == 'Release' }}
+      working-directory: ${{github.workspace}}\build
+      run: |
+        copy /Y ${{env.INSTALL_DIR}}\bin\*.dll install\bin
+        copy /Y ${{env.INSTALL_DIR}}\lib\*.dll install\bin
+        copy /Y ${{env.RUNVCPKG_VCPKG_ROOT}}\installed\${{env.RUNVCPKG_VCPKG_TRIPLET_OUT}}\bin\*.dll install\bin
+        7z a coturn_windows_mingw.zip ${{github.workspace}}\build\install\*
+        cmake --build . --config ${{matrix.BUILD_TYPE}} --target package

-      - name: Update artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: coturn_mingw_${{ matrix.os }}
-          path: |
-            ${{ github.workspace }}\build\coturn_windows_mingw.zip
-            ${{ github.workspace }}\build\coturn*.exe
-            ${{ github.workspace }}\build\coturn*.md5
-        if: ${{ matrix.BUILD_TYPE == 'Release' }}
+    - name: update 
+      if: ${{ matrix.BUILD_TYPE == 'Release' }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: coturn_mingw_${{ matrix.os }}
+        path: |
+          ${{github.workspace}}\build\coturn_windows_mingw.zip
+          ${{github.workspace}}\build\coturn*.exe
+          ${{github.workspace}}\build\coturn*.md5
--- a/.github/workflows/msvc-analyzer.yml
+++ b/.github/workflows/msvc-analyzer.yml
@ -0,0 +1,78 @@
+name: msvc-analyzer
+
+on:
+  push:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+jobs:
+  msvc-analyzer:
+    runs-on: windows-latest
+
+    permissions:
+      # required for all codeql to report detected outcomes
+      security-events: write
+
+    strategy:
+      matrix:
+        BUILD_TYPE: [Release]
+        BUILD_SHARED_LIBS: [OFF]
+        VCPKG_PLATFORM_TOOLSET: [v143]
+        CMAKE_GENERATOR_PLATFORM: [x64]
+
+    env:
+      SOURCE_DIR:  ${{github.workspace}}\.cache\source
+      TOOLS_DIR:   ${{github.workspace}}\.cache\tools
+      INSTALL_DIR: ${{github.workspace}}\.cache\install_msvc_x64-windows_${{matrix.BUILD_TYPE}}
+      VCPKGGITCOMMITID: 53bef8994c541b6561884a8395ea35715ece75db
+      VCPKG_PLATFORM_TOOLSET: ${{matrix.VCPKG_PLATFORM_TOOLSET}}
+      CMAKE_GENERATOR_PLATFORM: ${{matrix.CMAKE_GENERATOR_PLATFORM}}
+
+    defaults:
+      run:
+        shell: cmd
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: make directory
+      run: |
+        cmake -E make_directory ${{env.SOURCE_DIR}}
+        cmake -E make_directory ${{env.TOOLS_DIR}}
+        cmake -E make_directory ${{env.INSTALL_DIR}}
+
+    - name: run-vcpkg
+      uses: lukka/run-vcpkg@v11
+      with:
+        # If not using a submodule for vcpkg sources, this specifies which commit
+        # id must be checkout from a Git repo. It must not set if using a submodule
+        # for vcpkg.
+        vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
+
+    - name: Configure (MSVC)
+      run: |
+        cmake -B build ^
+            -A ${{matrix.CMAKE_GENERATOR_PLATFORM}} ^
+            -T ${{matrix.VCPKG_PLATFORM_TOOLSET}} ^
+            -DWITH_MYSQL=OFF ^
+            -DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
+            -DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
+            -DCMAKE_TOOLCHAIN_FILE=${{env.VCPKG_ROOT}}/scripts/buildsystems/vcpkg.cmake
+
+    - name: Initialize MSVC Code Analysis
+      uses: microsoft/msvc-code-analysis-action@v0.1.1
+      # Provide a unique ID to access the sarif output path
+      id: run-analysis
+      with:
+        cmakeBuildDirectory: build
+        buildConfiguration: ${{ matrix.BUILD_TYPE }}
+        # Ruleset file that will determine what checks will be run
+        ruleset: NativeRecommendedRules.ruleset
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+    - name: Upload SARIF to GitHub
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: ${{ steps.run-analysis.outputs.sarif }}
--- a/.github/workflows/msvc.yml
+++ b/.github/workflows/msvc.yml
@ -1,160 +1,96 @@
-name: MSVC
+name: msvc

 on:
  push:
-    branches: ["master"]
-    tags: ["4.*"]
  pull_request:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  VCPKGGITCOMMITID: 53bef8994c541b6561884a8395ea35715ece75db
+    types: [ opened, reopened, synchronize ]

 jobs:
-  code-analysis:
-    name: code analysis (windows-vc-${{ matrix.VCPKG_PLATFORM_TOOLSET }}-${{ matrix.CMAKE_GENERATOR_PLATFORM }}-${{ matrix.BUILD_TYPE }}-${{ matrix.BUILD_SHARED_LIBS }})
-    runs-on: windows-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        BUILD_TYPE: [Release]
-        BUILD_SHARED_LIBS: [OFF]
-        VCPKG_PLATFORM_TOOLSET: [v143]
-        CMAKE_GENERATOR_PLATFORM: [x64]
-    env:
-      SOURCE_DIR:  ${{ github.workspace }}\.cache\source
-      TOOLS_DIR:   ${{ github.workspace }}\.cache\tools
-      INSTALL_DIR: ${{ github.workspace }}\.cache\install_msvc_x64-windows_${{ matrix.BUILD_TYPE }}
-      VCPKG_PLATFORM_TOOLSET: ${{ matrix.VCPKG_PLATFORM_TOOLSET }}
-      CMAKE_GENERATOR_PLATFORM: ${{ matrix.CMAKE_GENERATOR_PLATFORM }}
-    defaults:
-      run:
-        shell: cmd
-    permissions:
-      security-events: write  # required for all CodeQL to report detected outcomes
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Create directories
-        run: |
-          cmake -E make_directory ${{ env.SOURCE_DIR }}
-          cmake -E make_directory ${{ env.TOOLS_DIR }}
-          cmake -E make_directory ${{ env.INSTALL_DIR }}
-
-      - name: run-vcpkg
-        uses: lukka/run-vcpkg@v11
-        with:
-          # If not using a submodule for vcpkg sources, this specifies which commit
-          # id must be checkout from a Git repo. It must not set if using a submodule
-          # for vcpkg.
-          vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
-
-      - name: Configure
-        run: |
-          cmake -B build ^
-              -A ${{ matrix.CMAKE_GENERATOR_PLATFORM }} ^
-              -T ${{ matrix.VCPKG_PLATFORM_TOOLSET }} ^
-              -DWITH_MYSQL=OFF ^
-              -DBUILD_SHARED_LIBS=${{ matrix.BUILD_SHARED_LIBS }} ^
-              -DCMAKE_BUILD_TYPE=${{ matrix.BUILD_TYPE }} ^
-              -DCMAKE_TOOLCHAIN_FILE=${{ env.VCPKG_ROOT }}/scripts/buildsystems/vcpkg.cmake
-
-      - name: Initialize MSVC Code Analysis
-        uses: microsoft/msvc-code-analysis-action@v0.1.1
-        # Provide a unique ID to access the SARIF output path.
-        id: run-analysis
-        with:
-          cmakeBuildDirectory: build
-          buildConfiguration: ${{ matrix.BUILD_TYPE }}
-          # Ruleset file that will determine what checks will be run.
-          ruleset: NativeRecommendedRules.ruleset
-
-      # Upload SARIF file to GitHub Code Scanning Alerts
-      - name: Upload SARIF to GitHub
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: ${{ steps.run-analysis.outputs.sarif }}
-
  compile:
-    name: compile (${{ matrix.os }}-vc-${{ matrix.VCPKG_PLATFORM_TOOLSET }}-${{ matrix.CMAKE_GENERATOR_PLATFORM }}-${{ matrix.BUILD_TYPE }}-${{ matrix.BUILD_SHARED_LIBS }})
+    name: ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}}
+
    strategy:
-      fail-fast: false
      matrix:
-        BUILD_TYPE: ["Release", "Debug"]
-        BUILD_SHARED_LIBS: ["OFF", "ON"]
-        CMAKE_GENERATOR_PLATFORM: ["x64", "Win32"]
-        os: ["windows"]
+        BUILD_TYPE: [Release, Debug]
+        BUILD_SHARED_LIBS: [OFF, ON]
+        CMAKE_GENERATOR_PLATFORM: [x64, Win32]
+        os: [windows-latest]
        include:
          # MSVC 2022
          - triplet: x64-windows
            VCPKG_PLATFORM_TOOLSET: v143
            CMAKE_GENERATOR_PLATFORM: x64
+
          - triplet: x86-windows
            VCPKG_PLATFORM_TOOLSET: v143
            CMAKE_GENERATOR_PLATFORM: Win32
+
          # MSVC 2019
          - triplet: x86-windows
            VCPKG_PLATFORM_TOOLSET: v142
            CMAKE_GENERATOR_PLATFORM: Win32
-    runs-on: ${{ matrix.os }}-latest
+
+    runs-on: ${{matrix.os}}
+
    env:
-      SOURCE_DIR:  ${{ github.workspace }}\.cache\source
-      TOOLS_DIR:   ${{ github.workspace }}\.cache\tools
-      INSTALL_DIR: ${{ github.workspace }}\.cache\install_msvc_${{matrix.triplet}}_${{matrix.BUILD_TYPE}}
-      VCPKG_PLATFORM_TOOLSET: ${{ matrix.VCPKG_PLATFORM_TOOLSET }}
-      CMAKE_GENERATOR_PLATFORM: ${{ matrix.CMAKE_GENERATOR_PLATFORM }}
+      SOURCE_DIR:  ${{github.workspace}}\.cache\source
+      TOOLS_DIR:   ${{github.workspace}}\.cache\tools
+      INSTALL_DIR: ${{github.workspace}}\.cache\install_msvc_${{matrix.triplet}}_${{matrix.BUILD_TYPE}}
+      VCPKGGITCOMMITID: 53bef8994c541b6561884a8395ea35715ece75db
+      VCPKG_PLATFORM_TOOLSET: ${{matrix.VCPKG_PLATFORM_TOOLSET}}
+      CMAKE_GENERATOR_PLATFORM: ${{matrix.CMAKE_GENERATOR_PLATFORM}}
+
    defaults:
      run:
        shell: cmd
+
    steps:
-      - uses: actions/checkout@v4
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0

-      - name: Create directories
-        run: |
-          cmake -E make_directory ${{ env.SOURCE_DIR }}
-          cmake -E make_directory ${{ env.TOOLS_DIR }}
-          cmake -E make_directory ${{ env.INSTALL_DIR }}
+    - name: make directory
+      run: |
+        cmake -E make_directory ${{env.SOURCE_DIR}}
+        cmake -E make_directory ${{env.TOOLS_DIR}}
+        cmake -E make_directory ${{env.INSTALL_DIR}}

-      - name: run-vcpkg
-        uses: lukka/run-vcpkg@v11
-        with:
-          # If not using a submodule for vcpkg sources, this specifies which commit
-          # id must be checkout from a Git repo. It must not set if using a submodule
-          # for vcpkg.
-          vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
+    - name: run-vcpkg
+      uses: lukka/run-vcpkg@v11
+      with:
+        # If not using a submodule for vcpkg sources, this specifies which commit
+        # id must be checkout from a Git repo. It must not set if using a submodule
+        # for vcpkg.
+        vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'

-      - name: Build Coturn
-        run: |
-          cmake -E make_directory ${{ github.workspace }}/build
-          cd ${{ github.workspace }}/build
-          cmake ${{ github.workspace }} ^
-              -A ${{ matrix.CMAKE_GENERATOR_PLATFORM }} ^
-              -T ${{ matrix.VCPKG_PLATFORM_TOOLSET }} ^
-              -DWITH_MYSQL=OFF ^
-              -DBUILD_SHARED_LIBS=${{ matrix.BUILD_SHARED_LIBS }} ^
-              -DCMAKE_BUILD_TYPE=${{ matrix.BUILD_TYPE }} ^
-              -DCMAKE_INSTALL_PREFIX=${{ github.workspace }}/build/install ^
-              -DCMAKE_TOOLCHAIN_FILE=${{ env.VCPKG_ROOT }}/scripts/buildsystems/vcpkg.cmake
-          cmake --build . --config ${{ matrix.BUILD_TYPE }}
-          cmake --build . --config ${{ matrix.BUILD_TYPE }} --target install
+    - name: build coturn
+      run: |
+        cmake -E make_directory ${{github.workspace}}/build
+        cd ${{github.workspace}}/build
+        cmake ${{github.workspace}} ^
+            -A ${{matrix.CMAKE_GENERATOR_PLATFORM}} ^
+            -T ${{matrix.VCPKG_PLATFORM_TOOLSET}} ^
+            -DWITH_MYSQL=OFF ^
+            -DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
+            -DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
+            -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/build/install ^
+            -DCMAKE_TOOLCHAIN_FILE=${{env.VCPKG_ROOT}}/scripts/buildsystems/vcpkg.cmake
+        cmake --build . --config ${{matrix.BUILD_TYPE}}
+        cmake --build . --config ${{matrix.BUILD_TYPE}} --target install

-      - name: Package
-        run: |
-          7z a coturn_windows_msvc.zip ${{ github.workspace }}\build\install\*
-          cmake --build . --config ${{ matrix.BUILD_TYPE }} --target package
-        working-directory: ${{ github.workspace }}\build
-        if: ${{ matrix.BUILD_TYPE == 'Release' }}
+    - name: Package
+      if: ${{ matrix.BUILD_TYPE == 'Release' }}
+      working-directory: ${{github.workspace}}\build
+      run: |
+        7z a coturn_windows_msvc.zip ${{github.workspace}}\build\install\*
+        cmake --build . --config ${{matrix.BUILD_TYPE}} --target package

-      - name: Update artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: coturn_msvc-${{ matrix.VCPKG_PLATFORM_TOOLSET }}-${{ matrix.CMAKE_GENERATOR_PLATFORM }}-${{ matrix.BUILD_SHARED_LIBS }}
-          path: |
-            ${{ github.workspace }}\build\coturn_windows_msvc.zip
-            ${{ github.workspace }}\build\coturn*.exe
-            ${{ github.workspace }}\build\coturn*.md5
-        if: ${{ matrix.BUILD_TYPE == 'Release' }}
+    - name: Update
+      if: ${{ matrix.BUILD_TYPE == 'Release' }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: coturn_msvc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_SHARED_LIBS}}
+        path: |
+          ${{github.workspace}}\build\coturn_windows_msvc.zip
+          ${{github.workspace}}\build\coturn*.exe
+          ${{github.workspace}}\build\coturn*.md5
--- a/.github/workflows/ubuntu_tests.yml
+++ b/.github/workflows/ubuntu_tests.yml
@ -0,0 +1,36 @@
+name: Ubuntu
+
+on:
+  push:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+# make GHA actions use node16 to use ancient container images
+# See https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
+# Unclear how long this will work though
+env:
+  ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+
+jobs:
+  builds:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [  'ubuntu:16.04', 'ubuntu:18.04', 'ubuntu:20.04', 'ubuntu:22.04' ]
+    runs-on: ubuntu-latest
+    container: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v3
+    - name: Install dependencies
+      # Set env variable or otherwise tzdata package requires interaction
+      env:
+        DEBIAN_FRONTEND: noninteractive
+      uses: ./.github/workflows/actions/ubuntu-build-deps
+    - name: configure
+      run: ./configure
+    - name: make
+      run: make
+    - name: make check
+      run: make check
+    - name: apps tests
+      run: cd examples && ./run_tests.sh && ./run_tests_conf.sh
--- a/AUTHORS.md
+++ b/AUTHORS.md
@ -1,11 +1,8 @@
 Thanks to the following contributors (in alphabetical order):

- Aaron Bird <25508292+Aaron-Bird@users.noreply.github.com>
 - Alessandro Polidori <alessandro.polidori@nethesis.it>
- Alex Gustafsson <89969483+alexg-axis@users.noreply.github.com>
 - Alexander N <a@a>
 - Alexander Terczka <alex@mail.at>
- Alexander Udovichenko <udovichenko48@gmail.com>
 - Antony Dovgal <tony@daylessday.org>
 - Arjun <36335769+0x34d@users.noreply.github.com>
 - Arne Georg Gisnås Gleditsch <argggh@appear.in>
@ -17,24 +14,19 @@ Thanks to the following contributors (in alphabetical order):
 - Byron Clark <byron@theclarkfamily.name>
 - Camden Narzt <c.narzt@me.com>
 - Carsten Bock <carsten@ng-voice.com>
- Cédric DIJOUX <45537432+PrinceChoco@users.noreply.github.com>
 - Cédric Krier <ced@b2ck.com>
- Chai-Shi <changchaishi@gmail.com>
 - Corey Cole <coreyleoc@gmail.com>
- Cybermilitia <Cybermilitia@users.noreply.github.com>
 - Daniil Meitis <30820460+dsmeytis@users.noreply.github.com>
 - Daniil Meitis <daniil.meitis@viber.com>
 - Danilo Bargen <mail@dbrgn.ch>
 - Dave Lambley <dave@lambley.me.uk>
 - Dave Lambley <github@davel.me.uk>
 - David Florness <david@florness.com>
- David Smitmanis <davidsm@axis.com>
 - David-dp- <David-dp-@users.noreply.github.com>
 - Domenico Briganti <domenico.briganti@osys.it>
 - Emil Ljungdahl <111423223+pando-emil@users.noreply.github.com>
 - Erdem Duman <erdemduman23@gmail.com>
 - Erik Moqvist <erik.moqvist@axis.com>
- Evgeny Khramtsov <xramtsov@gmail.com>
 - Feral Interactive <noreply@feralinteractive.com>
 - Gautier HUSSON <g.husson_git@liberasys.com>
 - Giacomo Vacca <gvacca@subspace.com>
@ -42,14 +34,12 @@ Thanks to the following contributors (in alphabetical order):
 - Greg Fodor <gfodor@gmail.com>
 - Gregor Jasny <gjasny@googlemail.com>
 - Gustavo Garcia <gustavogb@gmail.com>
- Gustavo Garcia <gustavogb@mail.com>
 - Haseeb Abdul Qadir <haseebq@jumpdesktop.com>
 - Hristo Venev <hristo@venev.name>
 - Hui Kang <kangh@us.ibm.com>
 - Hyorin Choi <17173216+hyorin@users.noreply.github.com>
 - Ilya Kisleyko <osterik@gmail.com>
 - James Huang <hng.jms@gmail.com>
- Jan Brasna <1784648+janbrasna@users.noreply.github.com>
 - Jasper <jasper@jasperhugo.com>
 - Jens Elkner <jel+coturn@cs.ovgu.de>
 - Jens Elkner <jel+git@iks.cs.uni-magdeburg.de>
@ -59,7 +49,6 @@ Thanks to the following contributors (in alphabetical order):
 - Johannes Weberhofer <jweberhofer@weberhofer.at>
 - Jonathan GIBERT <Jonathan.GIBERT@iconsultants.fr>
 - JooYoung <qkdlql@naver.com>
- Jorge <46056498+jorgectf@users.noreply.github.com>
 - Juan Navarro <juan.navarro@gmx.es>
 - KORAY VATANSEVER <koray.vatansever@turkcell.com.tr>
 - KORAY VATANSEVER <ttkvatansever@TC08966777>
@ -78,17 +67,14 @@ Thanks to the following contributors (in alphabetical order):
 - Mészáros Mihály <bakfitty@gmail.com>
 - Mészáros Mihály <misi@majd.eu>
 - Mészáros Mihály <misi@niif.hu>
- Michael Jones <jonesmz@users.noreply.github.com>
 - Michal Biskup <eiver@eiver.pl>
 - Miquel Ortega <miquel@syncrtc.com>
 - Molly Miller <33266253+sysvinit@users.noreply.github.com>
 - Molly Miller <molly.miller@wire.com>
 - Mustafa Bingül <bnglmstf@gmail.com>
- NO NAME <45446340+linwenchen@users.noreply.github.com>
 - NeoCat <neocat@neocat.jp>
 - Nicolas Edet <nicedet@cisco.com>
 - Nikolay Lanets <n.lanets@modxclub.ru>
- Nikolayshcx <77790944+Nikolayshcx@users.noreply.github.com>
 - Oleg Moskalenko <mom040267@gmail.com>
 - Orsiris de Jong <ozy@netpower.fr>
 - Oskar Niburski <oskarniburski@gmail.com>
@ -104,10 +90,8 @@ Thanks to the following contributors (in alphabetical order):
 - Prashanth Rajaram <prashanthr@users.noreply.github.com>
 - RIORAO <lah.messagebox@gmail.com>
 - Richard Garnier <richard@bitcraft.co.jp>
- Richard Russo <richard@signal.org>
 - Robert Scheck <robert-scheck@users.noreply.github.com>
 - Robert Scheck <robert@fedoraproject.org>
- Robert Silén <robert.silen@mariadb.org>
 - Robert Tupelo-Schneck <schneck@cnri.reston.va.us>
 - Rozhuk Ivan <rozhuk.im@gmail.com>
 - Ruben Barkow-Kuder <rubo77@users.noreply.github.com>
@ -116,41 +100,28 @@ Thanks to the following contributors (in alphabetical order):
 - Sandro Gauci <sandro@enablesecurity.com>
 - Scott Godin <sgodin@sipspectrum.com>
 - Sebastian Kemper <sebastian_ml@gmx.net>
- Sergey Radionov <RSATom@gmail.com>
 - Sergey Safarov <s.safarov@gmail.com>
 - Serhii Charykov <laammaar@gmail.com>
 - Shu Muto <shu.mutow@gmail.com>
 - Shu Muto <shu.mutow@nec.com>
- Stefan Junker <1181362+steveej@users.noreply.github.com>
 - Stefan Sundin <git@stefansundin.com>
 - Steffen Moser <public@steffen-moser.de>
 - Steffen Moser <steffen.moser@uni-ulm.de>
- Subhra264 <chakrabortysubhradeep556@gmail.com>
- Sven Tennie <sven.tennie@gmail.com>
 - Thibaut ACKERMANN <thib-ack@users.noreply.github.com>
 - Thibaut Ackermann <thibaut.ackermann@al-enterprise.com>
 - Thibaut Ackermann <thibaut.ackermann@alcatel-lucent.com>
 - Tom Bevan <thehorrorthehorror@gmail.com>
- Wittmer, Christian <chris@computersalat.de>
 - Wuelber Castillo <wuelber.castillo@gmail.com>
 - Yoshiki Kadoshita <sublimer.me@gmail.com>
 - Zebadiah Long <zeb@noblewhale.com>
- Zoey <zoey@z0ey.de>
- ashamedbit <muralianiruddhan@gmail.com>
 - bpcurse <29312856+bpcurse@users.noreply.github.com>
 - brevilo <brevilo@users.noreply.github.com>
 - chanduthedev <chanduthedev@gmail.com>
- czephyr <alfredo.funicello@studenti.unimi.it>
 - damencho <damencho@jitsi.org>
 - ddeka2910 <60925700+ddeka2910@users.noreply.github.com>
- dominiquefournier <dominique@fournier38.fr>
- eakraly <eakraly@users.noreply.github.com>
 - ggalperi <81175455+ggalperi@users.noreply.github.com>
- hariprasadt <hariprasad.t@samsung.com>
 - huhaipeng <huhaipeng@corp.netease.com>
 - islamoglus <islamogluselahaddin@gmail.com>
- korayvt <korayvt@users.noreply.github.com>
- maddy <maddy@kitty.garden>
 - marcoschum <50410120+marcoschum@users.noreply.github.com>
 - misi <bakfitty@gmail.com>
 - mom040267 <mom040267@gmail.com>
@ -161,16 +132,13 @@ Thanks to the following contributors (in alphabetical order):
 - ooookai <ooookai@users.noreply.github.com>
 - r3g_5z <june@girlboss.ceo>
 - raghumuppa <mupparthies@gmail.com>
- redraincatching <99604494+redraincatching@users.noreply.github.com>
 - release-it <release-it@tawenda.com>
- rim <11380091+rozhuk-im@users.noreply.github.com>
 - root <root@centot7.test.in.securom.me>
 - seungbin-ko <seungbin.ko@navercorp.com>
 - shuyin.wsy <shuyin.wsy@alibaba-inc.com>
 - skystar-p <wogus150@naver.com>
 - tyranron <tyranron@gmail.com>
 - unicode-it <info@unicode-it.de>
- vuittont60 <81072379+vuittont60@users.noreply.github.com>
 - wolmi <lenyos@gmail.com>
 - xthursdayx <xthursdayx@mailbox.org>
 - yohan <783b8c87@scimetis.net>
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -9,7 +9,7 @@ set(CMAKE_C_STANDARD_REQUIRED ON)

 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_SOURCE_DIR}/cmake)
 # TODO: Modify this when the version is released
-SET(BUILD_VERSION "4.6.3")
+SET(BUILD_VERSION "4.6.2")

 # Find Git Version Patch
 IF(EXISTS "${CMAKE_SOURCE_DIR}/.git")
--- a/152
+++ b/152
@ -1,155 +1,3 @@
-Release 4.6.3
-
-Changelist:
- Implement custom prometheus http handler (#1591) (Alex Gustafsson <89969483+alexg-axis@users.noreply.github.com>)
- Add MariaDB support to README.md (#1601) (Robert Silén <robert.silen@mariadb.org>)
- Allow authenticating with a username to redis (#1488) (maddy <maddy@kitty.garden>)
- Easy installation of coturn on AWS (#1581) (hariprasadt <hariprasad.t@samsung.com>)
- Add prometheus setting suggestions on turn.conf in example folder (#1597) (Chai-Shi <changchaishi@gmail.com>)
- Install openssl-1.1.1 on amazonlinux:2 instead of openssl-1.0.1 (#1595) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Add new Drain feature (#1529) (Scott Godin <sgodin@sipspectrum.com>)
- Additional refactoring of ns_turn_allocation.* to address security scanner concerns (#1514) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix linting error in mainrelay.c (#1558) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Fix rpm version scripts (#1556) (eakraly <eakraly@users.noreply.github.com>)
- Delete dead code (#1563) (Sven Tennie <sven.tennie@gmail.com>)
- Fix cli auth (#1578) (Mészáros Mihály <misi@majd.eu>)
- Use bool, instead of int, for the functions in ns_turn_msg.c (#1553) (Michael Jones <jonesmz@users.noreply.github.com>)
- Reformat code (#1557) (Pavel Punsky <eakraly@users.noreply.github.com>)
- configure: data files shouldn't be executable (#1542) (Sergey Radionov <RSATom@gmail.com>)
- Update libtelnet (#1545) (Michael Jones <jonesmz@users.noreply.github.com>)
- Use calloc where appropriate, avoid memset when normal buffer initialization works (#1550) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix make lint (#1547) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix compiler warnings from continuous integration (#1555) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix nodejs/glibc problem with old container images. (#1548) (Michael Jones <jonesmz@users.noreply.github.com>)
- Windows: Only attempt to bind when the network interface is up (#1527) (David Smitmanis <davidsm@axis.com>)
- Memset user_db before reading conf file, not after (#1537) (Pavel Punsky <eakraly@users.noreply.github.com>)
- added support for amazon linux and renamed tests.yml (#1401) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Check the result of malloc in send_message_to_redis (#1515) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check the result of malloc in mongo_set_realm_option_one (#1516) (Michael Jones <jonesmz@users.noreply.github.com>)
- Simplify workflow for codeql (#1517) (Michael Jones <jonesmz@users.noreply.github.com>)
- Move the hiredis_libevent2 code from common to relay (#1509) (Michael Jones <jonesmz@users.noreply.github.com>)
- Include what you use (#1512) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check the result of malloc in string_list_add (#1495) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check the result of realloc and calloc in ch_map_get (#1497) (Michael Jones <jonesmz@users.noreply.github.com>)
- Address clang-tidy warnings in db files (#1405) (Michael Jones <jonesmz@users.noreply.github.com>)
- malloc now allocates space for string terminator (#1507) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Use bool over int for the turnutils_uclient program (#1420) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix lint complaint about comment (#1506) (Michael Jones <jonesmz@users.noreply.github.com>)
- Run all of the CI except for Docker builds on any change (#1415) (Michael Jones <jonesmz@users.noreply.github.com>)
- Avoid read-past-end of string in get_bold_admin_title (#1499) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check allocation results in add_static_user_account (#1501) (Michael Jones <jonesmz@users.noreply.github.com>)
- Address some build issues introduced by api changes (#1505) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Check the result of calloc in handle_logon_request (#1498) (Michael Jones <jonesmz@users.noreply.github.com>)
- Avoid writing potentially uninitialized data to aes_128 key file (#1500) (Michael Jones <jonesmz@users.noreply.github.com>)
- Use active CPU number instead of total number (#1469) (Pavel Punsky <eakraly@users.noreply.github.com>)
- defined a magic number for stun fingerprinting (#1489) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Always run lint, regardless of branch (#1492) (Michael Jones <jonesmz@users.noreply.github.com>)
- avoid potential nullptr derefernence in udp_create_server_socket (#1496) (Michael Jones <jonesmz@users.noreply.github.com>)
- Change the various map functions to return bool instead of inconsistantly return 0, 1, or -1 (#1502) (Michael Jones <jonesmz@users.noreply.github.com>)
- Check the result of malloc in del_alt_server (#1503) (Michael Jones <jonesmz@users.noreply.github.com>)
- Avoid nullptr dereference of server variable in various functions (#1504) (Michael Jones <jonesmz@users.noreply.github.com>)
- Fix msvc analyzer error on goto label on rfc5769check (#1486) (Gustavo Garcia <gustavogb@gmail.com>)
- Fix buffer overflow in generate_enc_password with increase rsalt by 2 (#1463) (Stefan Junker <1181362+steveej@users.noreply.github.com>)
- Fix lint errors (Gustavo Garcia <gustavogb@gmail.com>)
- Add support for raw public keys (Rfc 7250) (#1458) (Nikolayshcx <77790944+Nikolayshcx@users.noreply.github.com>)
- Fix clang-format lint warnings (Gustavo Garcia <gustavogb@mail.com>)
- Fix const during free warning in rfc5769check app (Gustavo Garcia <gustavogb@mail.com>)
- Refactor: peer_input_handle (#1325) (Kang Lin <kl222@126.com>)
- workflow tidying (#1396) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Update turnserver.conf Example about listening-ip (#1336) (Wittmer, Christian <chris@computersalat.de>)
- Fix Cmake find issue in libevent (#1466) (NO NAME <45446340+linwenchen@users.noreply.github.com>)
- CMake: Declare the variable nearby (#1387) (Kang Lin <kl222@126.com>)
- Print version only, no extra lines (#1441) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Fix memory leak in rfc5769check.c (#1410) (ashamedbit <muralianiruddhan@gmail.com>)
- Fix memory leak in netengine.c (#1411) (ashamedbit <muralianiruddhan@gmail.com>)
- Fix memory leak on http_server.c (#1412) (ashamedbit <muralianiruddhan@gmail.com>)
- ubuntu build dependencies extracted to composite actions (#1399) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Delete unused variable (#1437) (Pavel Punsky <eakraly@users.noreply.github.com>)
- changed variables in stunclient.c to bool (C11) (#1421) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- added missing function prototype of turn_random_number() (#1428) (redraincatching <99604494+redraincatching@users.noreply.github.com>)
- Fix no-tls warning typo (#1426) (Jan Brasna <1784648+janbrasna@users.noreply.github.com>)
- Update SQLite.md (#1429) (dominiquefournier <dominique@fournier38.fr>)
- Adjust wording in cmake message when prometheous cannot be found. (#1418) (Michael Jones <jonesmz@users.noreply.github.com>)
- Add the InsertBraces command for clang-format to ensure that all conditionals always have braces (#1408) (Michael Jones <jonesmz@users.noreply.github.com>)
- Change minimal required cmake version to 3.16 (#1388) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Replace HeapAlloc with malloc (#1378) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Added sessionID to some log lines (#1334) (korayvt <korayvt@users.noreply.github.com>)
- Update FlowChart (#1377) (Kang Lin <kl222@126.com>)
- Add clang-tidy, include-what-you-use, and msvc-analyzer github actions (#1363) (Michael Jones <jonesmz@users.noreply.github.com>)
- Doc: add flowchart (#1328) (Kang Lin <kl222@126.com>)
- Missing session ID in coturn logs for denied IP - 1330 (#1332) (Cybermilitia <Cybermilitia@users.noreply.github.com>)
- Update lukka/run-vcpkg@11 (#1374) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Fix typos (#1345) (vuittont60 <81072379+vuittont60@users.noreply.github.com>)
- Fix mingw build (#1376) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Add github action that runs tests with compiler sanitizers (#1370) (Michael Jones <jonesmz@users.noreply.github.com>)
- Simplify macOS detection macros (#1372) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Fix potential null passed to function expecting nonnull (#1373) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Only set MHD_USE_DUAL_STACK if IPv6 is available (#1362) (Evgeny Khramtsov <xramtsov@gmail.com>)
- Remove unimplemented test folder reference from CMakeLists.txt (#1371) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Fix cmake find prometheus(fix #1304) (#1315) (Kang Lin <kl222@126.com>)
- Fix run cmake.yml in any github action (#1320) (Kang Lin <kl222@126.com>)
- Fix return correct error code for `create_relay_connection` in case of `RESERVATION-TOKEN` failure (#1319) (Subhra264 <chakrabortysubhradeep556@gmail.com>)
- Reduce ifdefs in code: TURN_NO_PROMETHEUS (#1116) (Pavel Punsky <eakraly@users.noreply.github.com>)
- strncpy doesn't return size_t (#1296) (Richard Russo <richard@signal.org>)
- Return a 400 response to HTTP requests (#1231) (Dave Lambley <dave@lambley.me.uk>)
- Fix missing strncpy in fix_stun_check_message_integrity_str (#1282) (Gustavo Garcia <gustavogb@gmail.com>)
- Fix ubuntu 16 build with GH action checkout version to v3 (#1281) (Gustavo Garcia <gustavogb@gmail.com>)
- Fix memleak in pgsql_reread_realms (#1278) (Pavel Punsky <eakraly@users.noreply.github.com>)
- Replace srand/rand with srandom/random (#1279) (Gustavo Garcia <gustavogb@gmail.com>)
- Fix memcpy len checks stun_is_challenge_response_str (#1280) (Gustavo Garcia <gustavogb@gmail.com>)
- Add warning and disable web admin if no-tls option used (#1256) (Alexander Udovichenko <udovichenko48@gmail.com>)
- Fix formatting to fix lint error (#1258) (Pavel Punsky <eakraly@users.noreply.github.com>)
- added warnings for prometheus apt unavailability (#1184) (czephyr <alfredo.funicello@studenti.unimi.it>)
- Update version in vcpkg.json (#1254) (Kang Lin <kl222@126.com>)
- Fix error of make command in Cygwin environment (#1236) (Aaron Bird <25508292+Aaron-Bird@users.noreply.github.com>)
- Fix recursive call in delete alternate server (#1250) (Cybermilitia <Cybermilitia@users.noreply.github.com>)
- Add CodeQL workflow (#1228) (Jorge <46056498+jorgectf@users.noreply.github.com>)
- Change printf() to TURN_LOG_FUNC() for --no-stdout-log (#1221) (Robert Scheck <robert-scheck@users.noreply.github.com>)
- Fix build with libressl 3.6+ (#1198) (rim <11380091+rozhuk-im@users.noreply.github.com>)
- Update turnserver.spec (#1192) (Mathieu Aubin <mathieu@zeroserieux.com>)
-
-Contributors:
- Aaron Bird <25508292+Aaron-Bird@users.noreply.github.com>
- Alex Gustafsson <89969483+alexg-axis@users.noreply.github.com>
- Alexander Udovichenko <udovichenko48@gmail.com>
- Chai-Shi <changchaishi@gmail.com>
- Cybermilitia <Cybermilitia@users.noreply.github.com>
- Dave Lambley <dave@lambley.me.uk>
- David Smitmanis <davidsm@axis.com>
- Evgeny Khramtsov <xramtsov@gmail.com>
- Gustavo Garcia <gustavogb@gmail.com>
- Gustavo Garcia <gustavogb@mail.com>
- Jan Brasna <1784648+janbrasna@users.noreply.github.com>
- Jorge <46056498+jorgectf@users.noreply.github.com>
- Kang Lin <kl222@126.com>
- Mathieu Aubin <mathieu@zeroserieux.com>
- Mészáros Mihály <misi@majd.eu>
- Michael Jones <jonesmz@users.noreply.github.com>
- NO NAME <45446340+linwenchen@users.noreply.github.com>
- Nikolayshcx <77790944+Nikolayshcx@users.noreply.github.com>
- Pavel Punsky <eakraly@users.noreply.github.com>
- Richard Russo <richard@signal.org>
- Robert Scheck <robert-scheck@users.noreply.github.com>
- Robert Silén <robert.silen@mariadb.org>
- Scott Godin <sgodin@sipspectrum.com>
- Sergey Radionov <RSATom@gmail.com>
- Stefan Junker <1181362+steveej@users.noreply.github.com>
- Subhra264 <chakrabortysubhradeep556@gmail.com>
- Sven Tennie <sven.tennie@gmail.com>
- Wittmer, Christian <chris@computersalat.de>
- Zoey <zoey@z0ey.de>
- ashamedbit <muralianiruddhan@gmail.com>
- czephyr <alfredo.funicello@studenti.unimi.it>
- dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- dominiquefournier <dominique@fournier38.fr>
- eakraly <eakraly@users.noreply.github.com>
- hariprasadt <hariprasad.t@samsung.com>
- korayvt <korayvt@users.noreply.github.com>
- maddy <maddy@kitty.garden>
- redraincatching <99604494+redraincatching@users.noreply.github.com>
- rim <11380091+rozhuk-im@users.noreply.github.com>
- vuittont60 <81072379+vuittont60@users.noreply.github.com>
-
 Release 4.6.2

 Changelist:
--- a/README.md
+++ b/README.md
@ -35,7 +35,7 @@ coturn requires following dependencies to be installed first
 Optional
 - openssl (to support TLS and DTLS, authorized STUN and TURN)
 - libmicrohttp and [prometheus-client-c](https://github.com/digitalocean/prometheus-client-c) (prometheus interface)
- MariaDB/MySQL (user database)
+- MySQL (user database)
 - [Hiredis](https://github.com/redis/hiredis) (user database, monitoring)
 - SQLite (user database)
 - PostgreSQL (user database)
@ -98,7 +98,7 @@ Relay protocols:
 User databases (for user repository, with passwords or keys, if authentication is required):

  * SQLite
-  * MariaDB/MySQL
+  * MySQL
  * PostgreSQL
  * Redis
  * MongoDB
--- a/README.turnserver
+++ b/README.turnserver
@ -168,10 +168,7 @@ Flags:

 -o, --daemon		Run server as daemon.

--no-software-attribute	DEPRECATED. See "--software-attribute".
-
--software-attribute	Send SOFTWARE_ATTRIBUTE on messages that can have it. Disabled by default.
-		Equals to deprecated option "--no-software-attribute false".	
+--no-software-attribute	Production mode: hide the software version.

 -f, --fingerprint	Use fingerprints in the TURN messages. If an incoming request
 			contains a fingerprint, then TURN server will always add
--- a/cmake/FindPrometheus.cmake
+++ b/cmake/FindPrometheus.cmake
@ -7,7 +7,7 @@
 #
 # Try to find prometheus
 # Once done, this will define:
-#  Prometheus_FOUND        - Prometheus (or all requested components of prom, microhttpd) was found.
+#  Prometheus_FOUND        - Prometheus (or all requested components of prom, promhttp, microhttpd) was found.
 #  Prometheus_INCLUDE_DIRS - Libevent include directories
 #  Prometheus_LIBRARIES    - libraries needed to use Prometheus
 #
@ -16,8 +16,9 @@ include(FindPackageHandleStandardArgs)

 find_package(PkgConfig)
 pkg_check_modules(PC_prom QUIET prom)
+pkg_check_modules(PC_promhttp QUIET promhttp)
 pkg_check_modules(PC_microhttd QUIET microhttpd)
-
+    
 find_path(microhttpd_include_dir
    NAMES microhttpd.h
    HINTS ${Prometheus_DIR} ${Prometheus_ROOT} ${PC_microhttd_INCLUDE_DIRS} /usr
@ -46,12 +47,28 @@ find_library(
    PATHS $ENV{Prometheus_DIR} $ENV{Prometheus_ROOT}
    PATH_SUFFIXES lib ${CMAKE_INSTALL_LIBDIR})

+find_path(promhttp_INCLUDE_DIR
+    NAMES promhttp.h
+    HINTS ${Prometheus_DIR} ${Prometheus_ROOT} ${PC_promhttp_INCLUDE_DIRS} /usr
+    PATHS $ENV{Prometheus_DIR} $ENV{Prometheus_ROOT}
+    PATH_SUFFIXES include
+    )
+
+find_library(
+    promhttp_libs
+    NAMES promhttp
+    HINTS ${Prometheus_DIR} ${Prometheus_ROOT} ${PC_promhttp_LIBRARY_DIRS}
+    PATHS $ENV{Prometheus_DIR} $ENV{Prometheus_ROOT}
+    PATH_SUFFIXES lib ${CMAKE_INSTALL_LIBDIR})
+
 find_package_handle_standard_args(Prometheus
    REQUIRED_VARS prom_libs prom_INCLUDE_DIR
+        promhttp_libs promhttp_INCLUDE_DIR
        microhttpd_include_dir microhttpd_libs
        )

 set(Prometheus_INCLUDE_DIRS
    ${prom_INCLUDE_DIR}
+    ${promhttp_INCLUDE_DIR}
    ${microhttpd_include_dir})
-set(Prometheus_LIBRARIES ${prom_libs} ${microhttpd_libs})
+set(Prometheus_LIBRARIES ${prom_libs} ${promhttp_libs} ${microhttpd_libs})
--- a/26
+++ b/26
@ -848,18 +848,30 @@ if [ -z "${TURN_NO_PROMETHEUS}" ] ; then
    ER=$?
    if ! [ ${ER} -eq 0 ] ; then
        ${ECHO_CMD} "Prometheus lib found."
-        testlib microhttpd
+        testlib promhttp
        ER=$?
        if ! [ ${ER} -eq 0 ] ; then
-            ${ECHO_CMD} "Microhttpd lib found."
-            # Adjustments for Debian
-            # See: https://github.com/coturn/coturn/pull/754#issuecomment-824693226
-            if [ -f "/etc/debian_version" ] ; then
-                OSLIBS="${OSLIBS} -latomic"
+            ${ECHO_CMD} "Prometheus http lib found."
+            testlib microhttpd
+            ER=$?
+            if ! [ ${ER} -eq 0 ] ; then
+                ${ECHO_CMD} "Microhttpd lib found."
+                # Adjustments for Debian
+                # See: https://github.com/coturn/coturn/pull/754#issuecomment-824693226
+                if [ -f "/etc/debian_version" ] ; then
+                    OSLIBS="${OSLIBS} -latomic"
+                fi
+            else
+                ${ECHO_CMD}
+                ${ECHO_CMD} "Warning: microhttpd development libraries are not installed properly in required location."
+                ${ECHO_CMD} "Prometheus support will be disabled."
+                ${ECHO_CMD} "See the docs/Prometheus.md file."
+                ${ECHO_CMD}
+                OSCFLAGS="${OSCFLAGS} -DTURN_NO_PROMETHEUS"
            fi
        else
            ${ECHO_CMD}
-            ${ECHO_CMD} "Warning: microhttpd development libraries are not installed properly in required location."
+            ${ECHO_CMD} "Warning: Libpromhttp development libraries are not installed properly in required location."
            ${ECHO_CMD} "Prometheus support will be disabled."
            ${ECHO_CMD} "See the docs/Prometheus.md file."
            ${ECHO_CMD}
--- a/docker/coturn/CHANGELOG.md
+++ b/docker/coturn/CHANGELOG.md
@ -4,41 +4,6 @@ Coturn TURN server Docker image changelog



-## [4.6.3-r1] · 2025-01-08
-[4.6.3-r1]: /../../tree/docker/4.6.3-r1
-
-### Security updated
-
- [Alpine Linux] 3.21.1: <https://github.com/docker-library/official-images/commit/34b47f1f4bdef69e39ae335e55b0f07af3b4fa18>
- [Debian Linux] "bookworm" 20241223 (12.8): <https://github.com/docker-library/official-images/commit/b6ea0fc48d92a7f6ef631667e82600666be53181>
-
-
-
-
-## [4.6.3-r0] · 2024-12-11
-[4.6.3-r0]: /../../tree/docker/4.6.3-r0
-
-### Upgraded
-
- [Coturn] 4.6.3: <https://github.com/coturn/coturn/blob/4.6.3/ChangeLog>
-
-
-
-
-## [4.6.2-r13] · 2024-12-06
-[4.6.2-r13]: /../../tree/docker/4.6.2-r13
-
-### Upgraded
-
- [Alpine Linux] 3.21: <https://alpinelinux.org/posts/Alpine-3.21.0-released.html>
-
-### Security updated
-
- [Debian Linux] "bookworm" 20241202 (12.8): <https://github.com/docker-library/official-images/commit/36ffb3d236c35c22922dfeca1844d7ad119b06f5>
-
-
-
-
 ## [4.6.2-r12] · 2024-09-09
 [4.6.2-r12]: /../../tree/docker/4.6.2-r12

--- a/docker/coturn/Makefile
+++ b/docker/coturn/Makefile
@ -24,7 +24,7 @@ dockerify = $(strip $(if $(call eq,$(1),linux/arm32v6),linux/arm/v6,\
 # Project parameters #
 ######################

-COTURN_VER ?= 4.6.3
+COTURN_VER ?= 4.6.2
 COTURN_MIN_VER = $(strip $(shell echo $(COTURN_VER) | cut -d '.' -f1,2))
 COTURN_MAJ_VER = $(strip $(shell echo $(COTURN_VER) | cut -d '.' -f1))

@ -34,7 +34,7 @@ ALPINE_VER := alpine$(strip $(shell grep -m1 'alpine_ver=' alpine/Dockerfile \
 DEBIAN_VER := $(strip $(shell grep -m1 'debian_ver=' debian/Dockerfile \
                              | cut -d '=' -f2))

-BUILD_REV ?= 1
+BUILD_REV ?= 12

 NAME := coturn
 OWNER := $(or $(GITHUB_REPOSITORY_OWNER),coturn)
--- a/docker/coturn/README.md
+++ b/docker/coturn/README.md
@ -15,8 +15,8 @@ Coturn TURN server Docker image

 ## Supported tags and respective `Dockerfile` links

- [`4.6.3-r1`, `4.6.3-r1-debian`, `4.6.3`, `4.6.3-debian`, `4.6.3-bookworm`, `4.6`, `4.6-debian`, `4.6-bookworm`, `4`, `4-debian`, `4-bookworm`, `debian`, `bookworm`, `latest`][d1]
- [`4.6.3-r1-alpine`, `4.6.3-alpine`, `4.6.3-alpine3.21`, `4.6-alpine`, `4.6-alpine3.21`, `4-alpine`, `4-alpine3.21`, `alpine`, `alpine3.21`][d2]
+- [`4.6.2-r12`, `4.6.2-r12-debian`, `4.6.2`, `4.6.2-debian`, `4.6.2-bookworm`, `4.6`, `4.6-debian`, `4.6-bookworm`, `4`, `4-debian`, `4-bookworm`, `debian`, `bookworm`, `latest`][d1]
+- [`4.6.2-r12-alpine`, `4.6.2-alpine`, `4.6.2-alpine3.20`, `4.6-alpine`, `4.6-alpine3.20`, `4-alpine`, `4-alpine3.20`, `alpine`, `alpine3.20`][d2]



--- a/docker/coturn/alpine/Dockerfile
+++ b/docker/coturn/alpine/Dockerfile
@ -2,7 +2,7 @@
 # Dockerfile of coturn/coturn:alpine Docker image.
 #

-ARG alpine_ver=3.21
+ARG alpine_ver=3.20



@ -46,13 +46,27 @@ RUN mkdir -p /build/prom/build/ && cd /build/prom/build/ \
                 .. \
 && make

+# Build libpromhttp.so from sources.
+RUN mkdir -p /build/promhttp/build/ && cd /build/promhttp/build/ \
+ # Fix compiler warning: -Werror=incompatible-pointer-types
+ && sed -i 's/\&promhttp_handler/(MHD_AccessHandlerCallback)\&promhttp_handler/' \
+           /build/promhttp/src/promhttp.c \
+ && TEST=0 cmake -G "Unix Makefiles" \
+                 -DCMAKE_INSTALL_PREFIX=/usr \
+                 -DCMAKE_SKIP_BUILD_RPATH=TRUE \
+                 -DCMAKE_C_FLAGS="-g -O3" \
+                 .. \
+ && make VERBOSE=1
+
 # Install prometheus-client-c.
 RUN LIBS_DIR=/out/$(dirname $(find /usr/ -name libc.so)) \
 && mkdir -p $LIBS_DIR/ \
 && cp -rf /build/prom/build/libprom.so \
+           /build/promhttp/build/libpromhttp.so \
       $LIBS_DIR/ \
 && mkdir -p /out/usr/include/ \
 && cp -rf /build/prom/include/* \
+           /build/promhttp/include/* \
       /out/usr/include/ \
 # Preserve license file.
 && mkdir -p /out/usr/share/licenses/prometheus-client-c/ \
--- a/docker/coturn/debian/Dockerfile
+++ b/docker/coturn/debian/Dockerfile
@ -46,13 +46,27 @@ RUN mkdir -p /build/prom/build/ && cd /build/prom/build/ \
                 .. \
 && make

+# Build libpromhttp.so from sources.
+RUN mkdir -p /build/promhttp/build/ && cd /build/promhttp/build/ \
+ # Fix compiler warning: -Werror=incompatible-pointer-types
+ && sed -i 's/\&promhttp_handler/(MHD_AccessHandlerCallback)\&promhttp_handler/' \
+           /build/promhttp/src/promhttp.c \
+ && TEST=0 cmake -G "Unix Makefiles" \
+                 -DCMAKE_INSTALL_PREFIX=/usr \
+                 -DCMAKE_SKIP_BUILD_RPATH=TRUE \
+                 -DCMAKE_C_FLAGS="-g -O3" \
+                 .. \
+ && make VERBOSE=1
+
 # Install prometheus-client-c.
 RUN LIBS_DIR=/out/$(dirname $(find /usr/ -name libc.so)) \
 && mkdir -p $LIBS_DIR/ \
 && cp -rf /build/prom/build/libprom.so \
+           /build/promhttp/build/libpromhttp.so \
       $LIBS_DIR/ \
 && mkdir -p /out/usr/include/ \
 && cp -rf /build/prom/include/* \
+           /build/promhttp/include/* \
       /out/usr/include/ \
 # Preserve license file.
 && mkdir -p /out/usr/share/licenses/prometheus-client-c/ \
--- a/docker/coturn/turnserver.conf
+++ b/docker/coturn/turnserver.conf
@ -601,14 +601,14 @@ syslog
 #
 #stun-only

-# Option to show software version - disabled by default. 
+# Option to hide software version. Enhance security when used in production.
 # Revealing the specific software version of the agent through the
 # SOFTWARE attribute might allow them to become more vulnerable to
 # attacks against software that is known to contain security holes.
 # Implementers SHOULD make usage of the SOFTWARE attribute a
-# configurable option (https://datatracker.ietf.org/doc/html/rfc8489#section-16.1.2)
+# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
 #
-#software-attribute
+#no-software-attribute

 # Option to suppress STUN functionality, only TURN requests will be processed.
 # Run as TURN server only, all STUN requests will be ignored.
--- a/examples/etc/turnserver.conf
+++ b/examples/etc/turnserver.conf
@ -213,16 +213,6 @@
 #
 #prometheus

-# Enable labeling prometheus traffic metrics with client usernames.
-# Labeling with client usernames is disabled by default, because this may cause memory
-# leaks when using authentication with ephemeral usernames (e.g. TURN REST API).
-#
-#prometheus-username-labels
-
-# Prometheus listener port (Default: 9641).
-#
-#prometheus-port=9641
-
 # TURN REST API flag.
 # (Time Limited Long Term Credential)
 # Flag that sets a special authorization option that is based upon authentication secret.
--- a/examples/run_tests.sh
+++ b/examples/run_tests.sh
@ -1,20 +1,14 @@
 #!/bin/bash

-# Detect cmake build and adjust path
-BINDIR="../bin"
-if [ ! -f $BINDIR/turnserver ]; then
-    BINDIR="../build/bin"
-fi
-
 echo 'Running turnserver'
-$BINDIR/turnserver --use-auth-secret  --static-auth-secret=secret --realm=north.gov --allow-loopback-peers --no-cli --cert ../examples/ca/turn_server_cert.pem --pkey ../examples/ca/turn_server_pkey.pem > /dev/null &
+../bin/turnserver --use-auth-secret  --static-auth-secret=secret --realm=north.gov --allow-loopback-peers --no-cli --cert ../examples/ca/turn_server_cert.pem --pkey ../examples/ca/turn_server_pkey.pem > /dev/null &
 echo 'Running peer client'
-$BINDIR/turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 > /dev/null &
+../bin/turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 > /dev/null &

 sleep 2

 echo 'Running turn client TCP'
-$BINDIR/turnutils_uclient -t -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
+../bin/turnutils_uclient -t -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
 if [ $? -eq 0 ]; then
    echo OK
 else
@ -23,7 +17,7 @@ else
 fi

 echo 'Running turn client TLS'
-$BINDIR/turnutils_uclient -t -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
+../bin/turnutils_uclient -t -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
 if [ $? -eq 0 ]; then
    echo OK
 else
@ -32,7 +26,7 @@ else
 fi

 echo 'Running turn client UDP'
-$BINDIR/turnutils_uclient -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1  | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
+../bin/turnutils_uclient -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1  | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
 if [ $? -eq 0 ]; then
    echo OK
 else
@ -41,7 +35,7 @@ else
 fi

 echo 'Running turn client DTLS'
-$BINDIR/turnutils_uclient -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1  | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
+../bin/turnutils_uclient -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1  | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
 if [ $? -eq 0 ]; then
    echo OK
 else
--- a/examples/run_tests_conf.sh
+++ b/examples/run_tests_conf.sh
@ -1,29 +1,22 @@
 #!/bin/bash
-
-# Detect cmake build and adjust path
-BINDIR="../bin"
-if [ ! -f $BINDIR/turnserver ]; then
-    BINDIR="../build/bin"
-fi
-
-echo "Creating $BINDIR/turnserver.conf file"
-echo "use-auth-secret" > $BINDIR/turnserver.conf
-echo "static-auth-secret=secret" >> $BINDIR/turnserver.conf
-echo "realm=north.gov" >> $BINDIR/turnserver.conf
-echo "allow-loopback-peers" >> $BINDIR/turnserver.conf
-echo "no-cli" >> $BINDIR/turnserver.conf
-echo "cert=../examples/ca/turn_server_cert.pem" >> $BINDIR/turnserver.conf
-echo "pkey=../examples/ca/turn_server_pkey.pem" >> $BINDIR/turnserver.conf
+echo 'Create turnserver.conf file'
+echo "use-auth-secret" > ../bin/turnserver.conf
+echo "static-auth-secret=secret" >> ../bin/turnserver.conf
+echo "realm=north.gov" >> ../bin/turnserver.conf
+echo "allow-loopback-peers" >> ../bin/turnserver.conf
+echo "no-cli" >> ../bin/turnserver.conf
+echo "cert=../examples/ca/turn_server_cert.pem" >> ../bin/turnserver.conf
+echo "pkey=../examples/ca/turn_server_pkey.pem" >> ../bin/turnserver.conf

 echo 'Running turnserver'
-$BINDIR/turnserver -c $BINDIR/turnserver.conf > /dev/null &
+../bin/turnserver -c ../bin/turnserver.conf > /dev/null &
 echo 'Running peer client'
-$BINDIR/turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 > /dev/null &
+../bin/turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 > /dev/null &

 sleep 2

 echo 'Running turn client TCP'
-$BINDIR/turnutils_uclient -t -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
+../bin/turnutils_uclient -t -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
 if [ $? -eq 0 ]; then
    echo OK
 else
@ -32,7 +25,7 @@ else
 fi

 echo 'Running turn client TLS'
-$BINDIR/turnutils_uclient -t -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
+../bin/turnutils_uclient -t -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1 | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
 if [ $? -eq 0 ]; then
    echo OK
 else
@ -41,7 +34,7 @@ else
 fi

 echo 'Running turn client UDP'
-$BINDIR/turnutils_uclient -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1  | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
+../bin/turnutils_uclient -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1  | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
 if [ $? -eq 0 ]; then
    echo OK
 else
@ -50,7 +43,7 @@ else
 fi

 echo 'Running turn client DTLS'
-$BINDIR/turnutils_uclient -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1  | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
+../bin/turnutils_uclient -S -e 127.0.0.1 -X -g -u user -W secret 127.0.0.1  | grep "start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000" > /dev/null
 if [ $? -eq 0 ]; then
    echo OK
 else
--- a/examples/run_tests_prom.sh
+++ b/examples/run_tests_prom.sh
@ -1,73 +0,0 @@
-#!/bin/bash
-
-
-# Detect cmake build and adjust path
-BINDIR="../bin"
-if [ ! -f $BINDIR/turnserver ]; then
-    BINDIR="../build/bin"
-fi
-
-function assert_prom_no_response() {
-  wget --quiet --output-document=/dev/null --tries=1 "$1"
-  status="$?"
-  if [ "$status" -eq 0 ]; then
-    echo FAIL
-    exit 1
-  else
-    echo OK
-  fi
-}
-
-function assert_prom_response() {
-  # Match something that looks like the expected body
-  wget --quiet --output-document=- --tries=1 "$1" | grep 'TYPE\|HELP\|counter\|gauge' >/dev/null
-  status="$?"
-  if [ "$status" -eq 0 ]; then
-    echo OK
-  else
-    echo FAIL
-    exit "$status"
-  fi
-}
-
-echo "Running without prometheus"
-$BINDIR/turnserver /dev/null &
-turnserver_pid="$!"
-sleep 2
-assert_prom_no_response "http://localhost:9641/metrics"
-kill "$turnserver_pid"
-
-echo "Running turnserver with prometheus, using defaults"
-$BINDIR/turnserver --prometheus > /dev/null &
-turnserver_pid="$!"
-sleep 2
-assert_prom_response "http://localhost:9641/metrics"
-kill "$turnserver_pid"
-
-echo "Running turnserver with prometheus, using custom address"
-$BINDIR/turnserver --prometheus --prometheus-address="127.0.0.1" > /dev/null &
-turnserver_pid="$!"
-sleep 2
-assert_prom_response "http://127.0.0.1:9641/metrics"
-kill "$turnserver_pid"
- 
-echo "Running turnserver with prometheus, using custom port"
-$BINDIR/turnserver --prometheus --prometheus-port="8080" > /dev/null &
-turnserver_pid="$!"
-sleep 2
-assert_prom_response "http://localhost:8080/metrics"
-kill "$turnserver_pid"
-
-echo "Running turnserver with prometheus, using custom address and port"
-$BINDIR/turnserver --prometheus --prometheus-address="127.0.0.1" --prometheus-port="8080" > /dev/null &
-turnserver_pid="$!"
-sleep 2
-assert_prom_response "http://127.0.0.1:8080/metrics"
-kill "$turnserver_pid"
-
-echo "Running turnserver with prometheus, using custom path"
-$BINDIR/turnserver --prometheus --prometheus-path="/coturn/metrics" > /dev/null &
-turnserver_pid="$!"
-sleep 2
-assert_prom_response "http://localhost:9641/coturn/metrics"
-kill "$turnserver_pid"
--- a/examples/scripts/pack.sh
+++ b/examples/scripts/pack.sh
@ -2,7 +2,7 @@

 # Run it from the root of the coturn source tree

-V=4.6.3
+V=4.5.2

 PACKDIR=`pwd`/../coturn-releases/
 SRCDIR=`pwd`
--- a/rpm/build.settings.sh
+++ b/rpm/build.settings.sh
@ -2,7 +2,7 @@

 # Common settings script.

-TURNVERSION=4.6.3
+TURNVERSION=4.5.2
 BUILDDIR=~/rpmbuild
 ARCH=`uname -p`

--- a/rpm/turnserver.spec
+++ b/rpm/turnserver.spec
@ -1,5 +1,5 @@
 Name:		turnserver
-Version:	4.6.3
+Version:	4.6.2
 Release:	0%{dist}
 Summary:	Coturn TURN Server

--- a/run_server.sh
+++ b/run_server.sh
--- a/scripts/install_coturn_on_aws_ec2.sh
+++ b/scripts/install_coturn_on_aws_ec2.sh
@ -1,175 +0,0 @@
-#!/bin/bash
-#####################################################################################
-############## purpose                 : install coturn as a server          ########
-############## verification on aws     : tested & verified on aws ec2        ########
-############## platform                : aws ec2                             ########
-############## aws ubuntu version      : ubuntu 22.04 LTS                    ########
-############## coturn base version     : 4.6.3                               ########
-############## dependent tools         : installs prometheus client as well  ########
-############## file permissions        : chmod 777 install_coturn_on_aws_ec2.sh #####
-############## run command             : ./install_coturn_on_aws_ec2.sh      ########
-############## developer               : hariprasad.t@samsung.com            ########
-#####################################################################################
-
-coturn_package="https://github.com/coturn/coturn/archive/refs/tags/4.6.3.tar.gz"
-coturn_version="4.6.3"
-
-if [ "$#" -eq 0 ]
-then
-  echo "coturn version is not supplied as argument, installing below version as default."
-  echo "default coturn package: $coturn_package"
-else
-  coturn_package="https://github.com/coturn/coturn/archive/refs/tags/$1.tar.gz"
-  coturn_version="$1"
-  echo "installing coturn package: $coturn_package"
-fi
-
-echo "--------> this script installs coturn server version $1 on aws ec2 instance..."
-
-echo "--------> create user turnserver..."
-sudo adduser --gecos "" --disabled-password turnserver
-
-echo "--------> updating packages..."
-sudo DEBIAN_FRONTEND=noninteractive apt-get -y update
-sudo DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
-
-### install all dependent packages
-echo "--------> installing dependent packages..."
-sudo DEBIAN_FRONTEND=noninteractive apt-get install -y gcc make openssl-dev build-essential pkg-config libsystemd-dev musl-dev sqlite
-sudo DEBIAN_FRONTEND=noninteractive apt-get install -y libssl-dev libsqlite3-dev libevent-dev libpq-dev libmysqlclient-dev libhiredis-dev libmicrohttpd-dev
-
-### download prometheus client libraries
-echo "--------> installing prometheus client..."
-wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb
-wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libpromhttp-dev-0.1.3-Linux.deb
-sudo dpkg -i prometheus-client/libprom-dev-0.1.3-Linux.deb
-sudo dpkg -i prometheus-client/libpromhttp-dev-0.1.3-Linux.deb
-
-### download coturn source code
-echo "--------> downloading coturn $coturn_package"
-wget "$coturn_package"
-tar -xf "$coturn_version.tar.gz"
-cd "coturn-$coturn_version"
-./configure
-
-### compile & install coturn
-make
-echo "--------> installing coturn ..."
-sudo make install
-
-sudo bash -c "cat > /etc/default/coturn << EOL
-TURNSERVER_ENABLED=1
-EXTRA_OPTIONS=-v
-EOL"
-
-echo "--------> generating random key for realm..."
-secret_key=$(bash -c 'openssl rand -hex 32')
-
-### fetch ec2 public ip and private ip using metadata token (applicable for v2 version of metadata)
-echo "--------> retrieving public & private ips of ec2 instance..."
-aws_token=$(bash -c 'curl -s -X PUT "http://instance-data/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"')
-public_ip=$(bash -c 'curl -s -H "X-aws-ec2-metadata-token:'$aws_token'" -X GET "http://instance-data/latest/meta-data/public-ipv4"')
-private_ip=$(bash -c 'curl -s -H "X-aws-ec2-metadata-token:'$aws_token'" -X GET "http://instance-data/latest/meta-data/local-ipv4"')
-
-echo "--------> public ip: $public_ip, private ip: $private_ip"
-
-sudo bash -c "mv /etc/turnserver.conf /etc/turnserver.conf.original"
-
-### create configuration file for coturn with basic expected parameters
-### change below values as per your requirement.. like ports, username, password, etc.
-echo "--------> applying new config changes..."
-sudo bash -c "cat > /etc/turnserver.conf << EOL
-listening-port=3478
-tls-listening-port=5349
-# allow only TLSv1.2+
-no-tlsv1
-no-tlsv1_1
-userdb=/usr/local/var/db/turndb
-no-cli
-min-port=45000
-max-port=65535
-log-file=/var/log/turnserver/turnserver.log
-verbose
-fingerprint
-realm=${secret_key}
-lt-cred-mech
-user=username:password
-external-ip=${public_ip}/${private_ip}
-new-log-timestamp
-new-log-timestamp-format \"%FT%T%z\"
-log-binding
-prometheus
-EOL"
-
-### make coturn as auto recoverable by making it as a service
-sudo bash -c "cat > /lib/systemd/system/coturn.service << EOL
-[Unit]
-Description=coTURN STUN Server
-Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
-After=network.target
-
-[Service]
-User=turnserver
-Group=turnserver
-Type=notify
-EnvironmentFile=/etc/default/coturn
-ExecStart=/usr/local/bin/turnserver -c /etc/turnserver.conf --pidfile=
-Restart=on-failure
-InaccessibleDirectories=/home
-PrivateTmp=yes
-LimitCORE=infinity
-LimitNOFILE=1000000
-LimitNPROC=60000
-LimitRTPRIO=infinity
-LimitRTTIME=7000000
-
-[Install]
-WantedBy=multi-user.target
-EOL"
-
-### memory based database configurations
-sudo bash -c "sudo mkdir -p /var/lib/turn/turndb"
-sudo bash -c "sudo chown turnserver:turnserver /var/lib/turn/turndb"
-
-### apply log rotation policy to avoid "disk full" issues
-echo "--------> setting log rotation policy..."
-sudo bash -c "sudo mkdir -p /var/log/turnserver"
-sudo bash -c "sudo chown turnserver:turnserver /var/log/turnserver"
-sudo bash -c "cat > /etc/logrotate.d/coturn << EOL
-/var/log/turnserver/*.log
-{
-        rotate 7
-        daily
-        missingok
-        notifempty
-        compress
-        postrotate
-                /bin/systemctl kill -s HUP coturn.service
-        endscript
-}
-EOL"
-
-sudo ufw allow 80/tcp
-sudo ufw allow 443/tcp
-sudo ufw allow 3478/udp
-sudo ufw allow 5349/tcp
-
-#Running coTURN on privileged port 443
-sudo bash -c "setcap cap_net_bind_service=+ep /usr/local/bin/turnserver"
-
-sudo bash -c "sudo chown turnserver:turnserver /etc/default/coturn"
-sudo bash -c "sudo chown turnserver:turnserver /etc/turnserver.conf"
-
-echo "--------> starting coturn as a service..."
-sudo systemctl enable coturn.service
-sudo systemctl daemon-reload
-sudo systemctl restart coturn.service
-echo "--------> coturn is running successfully..."
-
-####
-echo "------ verification steps after installation -------"
-echo "a. check with command: ps -eaf | grep turnserver"
-echo "b. check with command: systemctl status coturn"
-echo "c. check configuration: cat /etc/turnserver.conf"
-echo "----------------------------------------------------"
-####
--- a/src/apps/common/apputils.c
+++ b/src/apps/common/apputils.c
@ -537,6 +537,40 @@ const char *socket_type_name(SOCKET_TYPE st) {
  return "UNKNOWN";
 }

+const char *duration_name(unsigned long duration) {
+  if (duration < 60) {
+    return "1min";
+  } else if (duration < 600) {
+    return "10mins";
+  } else if (duration < 86400) {
+    return "24hrs";
+  } else {
+    return "days";
+  }
+}
+
+const char *rate_name(unsigned long rate_kbps) {
+  if (rate_kbps < 1) {
+    return "1kbps";
+  } else if (rate_kbps < 50) {
+    return "50kbps";
+  } else if (rate_kbps < 2500) {
+    return "2500kbps";
+  } else {
+    return "10000kbps";
+  }
+}
+
+const char *addr_family_name(int addr_family) {
+  if (addr_family == AF_INET) {
+    return "ipv4";
+  } else if (addr_family == AF_INET6) {
+    return "ipv6";
+  } else {
+    return "other";
+  }
+}
+
 /////////////////// MTU /////////////////////////////////////////

 int set_socket_df(evutil_socket_t fd, int family, int value) {
@ -903,7 +937,7 @@ char *dirname(char *path) {
 * \return
 */
 static char *_WTA(__in wchar_t *pszInBuf, __in int nInSize, __out char **pszOutBuf, __out int *pnOutSize) {
-  if (!pszInBuf || !pszOutBuf || !pnOutSize || nInSize <= 0) {
+  if (!pszInBuf || !pszOutBuf || !*pszOutBuf || !pnOutSize || nInSize <= 0) {
    return NULL;
  }
  *pnOutSize = WideCharToMultiByte((UINT)0, (DWORD)0, pszInBuf, nInSize, NULL, 0, NULL, NULL);
@ -1138,7 +1172,7 @@ char *find_config_file(const char *config_file) {
          size_t celen = strlen(c_execdir);
          fnsz = sizeof(char) * (dirlen + cflen + celen + 10);
          fn = (char *)malloc(fnsz + 1);
-          strncpy(fn, c_execdir, fnsz);
+          strncpy(fn, c_execdir, celen);
          size_t fnlen = strlen(fn);
          if (fnlen < fnsz) {
            strncpy(fn + fnlen, "/", fnsz - fnlen);
@ -1332,7 +1366,7 @@ void build_base64_decoding_table(void) {

  char *table = (char *)calloc(256, sizeof(char));

-  for (size_t i = 0; i < 64; i++) {
+  for (char i = 0; i < 64; i++) {
    table[(unsigned char)encoding_table[i]] = i;
  }
  decoding_table = table;
--- a/src/apps/common/apputils.h
+++ b/src/apps/common/apputils.h
@ -55,35 +55,85 @@ extern "C" {

 extern int IS_TURN_SERVER;

+/* ALPN */
+
+#define OPENSSL_FIRST_ALPN_VERSION (0x10002003L)
+
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
+#define ALPN_SUPPORTED 1
+#else
+#define ALPN_SUPPORTED 0
+#endif
+
 /* TLS */

 #if defined(TURN_NO_TLS)
+
 #define TLS_SUPPORTED 0
+#define TLSv1_1_SUPPORTED 0
+#define TLSv1_2_SUPPORTED 0
+
 #else
+
 #define TLS_SUPPORTED 1
-#endif

-#if defined(TURN_NO_DTLS)
-#define DTLS_SUPPORTED 0
+#if defined(SSL_OP_NO_TLSv1_1)
+#define TLSv1_1_SUPPORTED 1
 #else
-#define DTLS_SUPPORTED 1
+#define TLSv1_1_SUPPORTED 0
 #endif

+#if defined(SSL_OP_NO_TLSv1_2)
+#define TLSv1_2_SUPPORTED 1
+#else
+#define TLSv1_2_SUPPORTED 0
+#endif
+
+#if defined(SSL_OP_NO_TLSv1_3)
+#define TLSv1_3_SUPPORTED 1
+#else
+#define TLSv1_3_SUPPORTED 0
+#endif
+
+#endif
+
+#if defined(TURN_NO_DTLS) || (!defined(DTLS_CTRL_LISTEN) && (OPENSSL_VERSION_NUMBER < 0x10100000L))
+
+#define DTLS_SUPPORTED 0
+#define DTLSv1_2_SUPPORTED 0
+
+#else
+
+#define DTLS_SUPPORTED 1
+
+#if defined(SSL_OP_NO_DTLSv1_2)
+#define DTLSv1_2_SUPPORTED 1
+#else
+#define DTLSv1_2_SUPPORTED 0
+#endif
+
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
 #define SSL_SESSION_ECDH_AUTO_SUPPORTED 1
+#else
+#define SSL_SESSION_ECDH_AUTO_SUPPORTED 0
+#endif

 /////////// SSL //////////////////////////

-// clang-format off
 enum _TURN_TLS_TYPE {
  TURN_TLS_NO = 0,
  TURN_TLS_SSL23,
  TURN_TLS_v1_0,
+#if TLSv1_1_SUPPORTED
  TURN_TLS_v1_1,
+#if TLSv1_2_SUPPORTED
  TURN_TLS_v1_2,
-  TURN_TLS_v1_3,
+#endif
+#endif
  TURN_TLS_TOTAL
 };
-// clang-format on

 typedef enum _TURN_TLS_TYPE TURN_TLS_TYPE;

--- a/src/apps/relay/CMakeLists.txt
+++ b/src/apps/relay/CMakeLists.txt
@ -75,7 +75,7 @@ else()
    list(APPEND turnserver_DEFINED TURN_NO_MYSQL)
 endif()

-if(WIN32 OR APPLE)
+if(WIN32)
 	find_package(mongoc-1.0)
 	if(mongoc-1.0_FOUND)
 		list(APPEND turnserver_LIBS mongo::mongoc_shared)
@ -87,24 +87,24 @@ if(WIN32 OR APPLE)
 else()
 	find_package(mongo)
 	if(mongo_FOUND)
-        list(APPEND turnserver_LIBS mongo)
-        list(APPEND SOURCE_FILES dbdrivers/dbd_mongo.c)
+    list(APPEND turnserver_LIBS mongo)
+    list(APPEND SOURCE_FILES dbdrivers/dbd_mongo.c)
 		list(APPEND HEADER_FILES dbdrivers/dbd_mongo.h)
 	else()
-        list(APPEND turnserver_DEFINED TURN_NO_MONGO)
+    list(APPEND turnserver_DEFINED TURN_NO_MONGO)
 	endif()
 endif()

-pkg_check_modules(HIREDIS IMPORTED_TARGET hiredis)
-if(HIREDIS_FOUND)
-    list(APPEND turnserver_LIBS PkgConfig::HIREDIS)
+find_package(hiredis)
+if(hiredis_FOUND)
+    list(APPEND turnserver_LIBS hiredis::hiredis)
    list(APPEND SOURCE_FILES hiredis_libevent2.c dbdrivers/dbd_redis.c)
    list(APPEND HEADER_FILES hiredis_libevent2.h dbdrivers/dbd_redis.h)
 else()
    list(APPEND turnserver_DEFINED TURN_NO_HIREDIS)
 endif()

-if(UNIX AND (NOT APPLE))
+if(UNIX)
    find_package(libsystemd)
    if(NOT libsystemd_FOUND)
        list(APPEND turnserver_DEFINED TURN_NO_SYSTEMD)
@ -119,7 +119,7 @@ if(Prometheus_FOUND)
    list(APPEND turnserver_include_dirs ${Prometheus_INCLUDE_DIRS})
 else()
    message(AUTHOR_WARNING "Could not find prometheus. Please install "
-        "prom, microhttpd, and set Prometheus_ROOT. "
+        "prom, promhttp, microhttpd, and set Prometheus_ROOT. "
        "See docs/Prometheus.md")
    list(APPEND turnserver_DEFINED TURN_NO_PROMETHEUS)
 endif()
--- a/src/apps/relay/dbdrivers/dbd_mysql.c
+++ b/src/apps/relay/dbdrivers/dbd_mysql.c
@ -106,8 +106,12 @@ char *decryptPassword(char *in, const unsigned char *mykey) {
  struct ctr_state state;
  init_ctr(&state, iv);

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  CRYPTO_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num,
                        (block128_f)AES_encrypt);
+#else
+  AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num);
+#endif

  strcat(last, (char *)outdata);
  out = (char *)malloc(sizeof(char) * (strlen(last) + 1)); // add 1 to allocate space for terminating '\0'
--- a/src/apps/relay/dbdrivers/dbd_redis.c
+++ b/src/apps/relay/dbdrivers/dbd_redis.c
@ -49,7 +49,6 @@ static void turnFreeRedisReply(void *reply) {
 struct _Ryconninfo {
  char *host;
  char *dbname;
-  char *user;
  char *password;
  unsigned int connect_timeout;
  unsigned int port;
@ -65,9 +64,6 @@ static void RyconninfoFree(Ryconninfo *co) {
    if (co->dbname) {
      free(co->dbname);
    }
-    if (co->user) {
-      free(co->user);
-    }
    if (co->password) {
      free(co->password);
    }
@ -121,13 +117,13 @@ static Ryconninfo *RyconninfoParse(const char *userdb, char **errmsg) {
      } else if (!strcmp(s, "database")) {
        co->dbname = strdup(seq + 1);
      } else if (!strcmp(s, "user")) {
-        co->user = strdup(seq + 1);
+        ;
      } else if (!strcmp(s, "uname")) {
-        co->user = strdup(seq + 1);
+        ;
      } else if (!strcmp(s, "name")) {
-        co->user = strdup(seq + 1);
+        ;
      } else if (!strcmp(s, "username")) {
-        co->user = strdup(seq + 1);
+        ;
      } else if (!strcmp(s, "password")) {
        co->password = strdup(seq + 1);
      } else if (!strcmp(s, "pwd")) {
@ -166,6 +162,9 @@ static Ryconninfo *RyconninfoParse(const char *userdb, char **errmsg) {
    if (!(co->host)) {
      co->host = strdup("127.0.0.1");
    }
+    if (!(co->password)) {
+      co->password = strdup("");
+    }
  }

  return co;
@ -225,12 +224,8 @@ redis_context_handle get_redis_async_connection(struct event_base *base, redis_s
        if (!rc) {
          TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot initialize Redis DB async connection\n");
        } else {
-          if (co->password && strlen(co->password)) {
-            if (co->user && strlen(co->user)) {
-              turnFreeRedisReply(redisCommand(rc, "AUTH %s %s", co->user, co->password));
-            } else {
-              turnFreeRedisReply(redisCommand(rc, "AUTH %s", co->password));
-            }
+          if (co->password) {
+            turnFreeRedisReply(redisCommand(rc, "AUTH %s", co->password));
          }
          if (co->dbname) {
            turnFreeRedisReply(redisCommand(rc, "select %s", co->dbname));
@ -272,7 +267,7 @@ redis_context_handle get_redis_async_connection(struct event_base *base, redis_s
        }
      }

-      ret = redisLibeventAttach(base, co->host, co->port, co->user, co->password, atoi(co->dbname));
+      ret = redisLibeventAttach(base, co->host, co->port, co->password, atoi(co->dbname));

      if (!ret) {
        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot initialize Redis DB connection\n");
@ -352,13 +347,8 @@ static redisContext *get_redis_connection(void) {
          }
          redisFree(redisconnection);
          redisconnection = NULL;
-        } else if (co->password && strlen(co->password)) {
-          void *reply;
-          if (co->user && strlen(co->user)) {
-            reply = redisCommand(redisconnection, "AUTH %s %s", co->user, co->password);
-          } else {
-            reply = redisCommand(redisconnection, "AUTH %s", co->password);
-          }
+        } else if (co->password) {
+          void *reply = redisCommand(redisconnection, "AUTH %s", co->password);
          if (!reply) {
            if (redisconnection->err && redisconnection->errstr[0]) {
              TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Redis: %s\n", redisconnection->errstr);
--- a/src/apps/relay/dtls_listener.c
+++ b/src/apps/relay/dtls_listener.c
@ -201,7 +201,12 @@ static int generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie
  return 1;
 }

-static int verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len) {
+static int verify_cookie(SSL *ssl,
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+                         const
+#endif
+                         unsigned char *cookie,
+                         unsigned int cookie_len) {
  unsigned int resultlength = 0;
  unsigned char result[COOKIE_SECRET_LENGTH];

@ -279,8 +284,14 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty

  SSL_set_bio(connecting_ssl, NULL, wbio);
  SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+                                      | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+#endif
+#else
 #if defined(SSL_OP_NO_RENEGOTIATION)
                                      | SSL_OP_NO_RENEGOTIATION
+#endif
 #endif
  );
  SSL_set_max_cert_list(connecting_ssl, 655350);
@ -448,6 +459,8 @@ static int handle_udp_packet(dtls_listener_relay_server_type *server, struct mes
      s->e = ioa_eng;
      add_socket_to_map(s, amap);
      if (open_client_connection_session(ts, &(sm->m.sm)) < 0) {
+        // Signal change to add session limit
+        IOA_CLOSE_SOCKET(s);
        return -1;
      }
    }
@ -544,8 +557,14 @@ static int create_new_connected_udp_socket(dtls_listener_relay_server_type *serv
    SSL_set_bio(connecting_ssl, NULL, wbio);

    SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+                                        | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+#endif
+#else
 #if defined(SSL_OP_NO_RENEGOTIATION)
                                        | SSL_OP_NO_RENEGOTIATION
+#endif
 #endif
    );

--- a/src/apps/relay/hiredis_libevent2.c
+++ b/src/apps/relay/hiredis_libevent2.c
@ -50,7 +50,6 @@ struct redisLibeventEvents {
  int rev_set, wev_set;
  char *ip;
  int port;
-  char *user;
  char *pwd;
  int db;
 };
@ -213,7 +212,7 @@ void send_message_to_redis(redis_context_handle rch, const char *command, const

 ///////////////////////// Attach /////////////////////////////////

-redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int port0, char *user, char *pwd, int db) {
+redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int port0, char *pwd, int db) {

  char ip[256];
  if (ip0 && ip0[0]) {
@ -247,9 +246,6 @@ redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int
  e->base = base;
  e->ip = strdup(ip);
  e->port = port;
-  if (user) {
-    e->user = strdup(user);
-  }
  if (pwd) {
    e->pwd = strdup(pwd);
  }
@ -278,15 +274,9 @@ redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int
  e->wev_set = 1;

  // Authentication
-  if (redis_le_valid(e) && pwd && strlen(pwd)) {
-    if (user && strlen(user)) {
-      if (redisAsyncCommand(ac, NULL, e, "AUTH %s %s", e->user, e->pwd) != REDIS_OK) {
-        e->invalid = 1;
-      }
-    } else {
-      if (redisAsyncCommand(ac, NULL, e, "AUTH %s", e->pwd) != REDIS_OK) {
-        e->invalid = 1;
-      }
+  if (redis_le_valid(e) && pwd) {
+    if (redisAsyncCommand(ac, NULL, e, "AUTH %s", pwd) != REDIS_OK) {
+      e->invalid = 1;
    }
  }

@ -359,15 +349,9 @@ static void redis_reconnect(struct redisLibeventEvents *e) {
  e->invalid = 0;

  // Authentication
-  if (redis_le_valid(e) && e->pwd && strlen(e->pwd)) {
-    if (e->user && strlen(e->user)) {
-      if (redisAsyncCommand(ac, NULL, e, "AUTH %s %s", e->user, e->pwd) != REDIS_OK) {
-        e->invalid = 1;
-      }
-    } else {
-      if (redisAsyncCommand(ac, NULL, e, "AUTH %s", e->pwd) != REDIS_OK) {
-        e->invalid = 1;
-      }
+  if (redis_le_valid(e) && e->pwd) {
+    if (redisAsyncCommand(ac, NULL, e, "AUTH %s", e->pwd) != REDIS_OK) {
+      e->invalid = 1;
    }
  }

--- a/src/apps/relay/hiredis_libevent2.h
+++ b/src/apps/relay/hiredis_libevent2.h
@ -48,7 +48,7 @@ typedef void *redis_context_handle;

 #if !defined(TURN_NO_HIREDIS)

-redis_context_handle redisLibeventAttach(struct event_base *base, char *ip, int port, char *user, char *pwd, int db);
+redis_context_handle redisLibeventAttach(struct event_base *base, char *ip, int port, char *pwd, int db);

 void send_message_to_redis(redis_context_handle rch, const char *command, const char *key, const char *format, ...);

--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@ -40,6 +40,10 @@
 #define MAX_TRIES 3
 #endif

+#if (!defined OPENSSL_VERSION_1_1_1)
+#define OPENSSL_VERSION_1_1_1 0x10101000L
+#endif
+
 ////// TEMPORARY data //////////

 static int use_lt_credentials = 0;
@ -51,10 +55,14 @@ static int use_tltc = 0;

 ////// ALPN //////////

+#if ALPN_SUPPORTED
+
 char STUN_ALPN[128] = "stun.nat-discovery";
 char TURN_ALPN[128] = "stun.turn";
 char HTTP_ALPN[128] = "http/1.1";

+#endif
+
 ////// TURNDB //////////////

 #if defined(Q)
@ -113,7 +121,7 @@ turn_params_t turn_params = {
    //////////////// Common params ////////////////////
    TURN_VERBOSE_NONE, /* verbose */
    0,                 /* turn_daemon */
-    false,             /* software_attribute */
+    0,                 /* no_software_attribute */
    0,                 /* web_admin_listen_on_workers */

    0, /* do_not_use_config_file */
@ -180,8 +188,7 @@ turn_params_t turn_params = {
    {NULL, 0, {0, NULL}}, /*tls_alternate_servers_list*/

    /////////////// stop server ////////////////
-    false, /*drain_turn_server*/
-    false, /*stop_turn_server*/
+    0, /*stop_turn_server*/

    /////////////// MISC PARAMS ////////////////
    0,                                  /* stun_only */
@ -204,8 +211,6 @@ turn_params_t turn_params = {
    0,                                  /* user_quota */
    0,                                  /* prometheus disabled by default */
    DEFAULT_PROM_SERVER_PORT,           /* prometheus port */
-    "",                                 /* prometheus address */
-    "/metrics",                         /* prometheus path */
    0, /* prometheus username labelling disabled by default when prometheus is enabled */

    ///////////// Users DB //////////////
@ -225,7 +230,9 @@ turn_params_t turn_params = {
    0, /* log_binding */
    0, /* no_stun_backward_compatibility */
    0, /* response_origin_only_with_rfc5780 */
-    0  /* respond_http_unsupported */
+    0, /* respond_http_unsupported */
+    // Signal change to add session limit
+    0, /* session_limit */
 };

 //////////////// OpenSSL Init //////////////////////
@ -257,7 +264,6 @@ static void read_config_file(int argc, char **argv, int pass);
 static void reload_ssl_certs(evutil_socket_t sock, short events, void *args);

 static void shutdown_handler(evutil_socket_t sock, short events, void *args);
-static void drain_handler(evutil_socket_t sock, short events, void *args);

 //////////////////////////////////////////////////

@ -1022,8 +1028,7 @@ static char Usage[] =
    " -v, --verbose					'Moderate' verbose mode.\n"
    " -V, --Verbose					Extra verbose mode, very annoying (for debug purposes only).\n"
    " -o, --daemon					Start process as daemon (detach from current shell).\n"
-    " --no-software-attribute	 		DEPRECATED Production mode: hide the software version.\n"
-    " --software-attribute	 		Enable sending software attribute (for debugging).\n"
+    " --no-software-attribute	 		Production mode: hide the software version (formerly --prod).\n"
    " -f, --fingerprint				Use fingerprints in the TURN messages.\n"
    " -a, --lt-cred-mech				Use the long-term credential mechanism.\n"
    " -z, --no-auth					Do not use any credential mechanism, allow anonymous access.\n"
@ -1133,8 +1138,6 @@ static char Usage[] =
    "enabled it will listen on port 9641 under the path /metrics\n"
    "						also the path / on this port can be used as a health check\n"
    " --prometheus-port		<port>		Prometheus metrics port (Default: 9641).\n"
-    " --prometheus-address		<address>		Prometheus listening address (Default: any).\n"
-    " --prometheus-path		<path>		Prometheus serve path (Default: /metrics).\n"
    " --prometheus-username-labels			When metrics are enabled, add labels with client usernames.\n"
 #endif
    " --use-auth-secret				TURN REST API flag.\n"
@ -1433,8 +1436,6 @@ enum EXTRA_OPTS {
  PERMISSION_LIFETIME_OPT,
  PROMETHEUS_OPT,
  PROMETHEUS_PORT_OPT,
-  PROMETHEUS_ADDRESS_OPT,
-  PROMETHEUS_PATH_OPT,
  PROMETHEUS_ENABLE_USERNAMES_OPT,
  AUTH_SECRET_OPT,
  NO_AUTH_PINGS_OPT,
@ -1442,6 +1443,7 @@ enum EXTRA_OPTS {
  NO_DYNAMIC_REALMS_OPT,
  DEL_ALL_AUTH_SECRETS_OPT,
  STATIC_AUTH_SECRET_VAL_OPT,
+  AUTH_SECRET_TS_EXP, /* deprecated */
  NO_STDOUT_LOG_OPT,
  SYSLOG_OPT,
  SYSLOG_FACILITY_OPT,
@ -1480,6 +1482,8 @@ enum EXTRA_OPTS {
  DH566_OPT,
  DH1066_OPT,
  NE_TYPE_OPT,
+  NO_SSLV2_OPT, /*deprecated*/
+  NO_SSLV3_OPT, /*deprecated*/
  NO_TLSV1_OPT,
  NO_TLSV1_1_OPT,
  NO_TLSV1_2_OPT,
@ -1489,8 +1493,7 @@ enum EXTRA_OPTS {
  ADMIN_USER_QUOTA_OPT,
  SERVER_NAME_OPT,
  OAUTH_OPT,
-  SOFTWARE_ATTRIBUTE_OPT,
-  DEPRECATED_NO_SOFTWARE_ATTRIBUTE_OPT,
+  NO_SOFTWARE_ATTRIBUTE_OPT,
  NO_HTTP_OPT,
  SECRET_KEY_OPT,
  ACME_REDIRECT_OPT,
@ -1499,7 +1502,9 @@ enum EXTRA_OPTS {
  NO_STUN_BACKWARD_COMPATIBILITY_OPT,
  RESPONSE_ORIGIN_ONLY_WITH_RFC5780_OPT,
  RESPOND_HTTP_UNSUPPORTED_OPT,
-  VERSION_OPT
+  VERSION_OPT,
+  // Signal change to add session limit
+  SESSION_LIMIT_OPT
 };

 struct myoption {
@ -1553,8 +1558,6 @@ static const struct myoption long_options[] = {
 #if !defined(TURN_NO_PROMETHEUS)
    {"prometheus", optional_argument, NULL, PROMETHEUS_OPT},
    {"prometheus-port", optional_argument, NULL, PROMETHEUS_PORT_OPT},
-    {"prometheus-address", optional_argument, NULL, PROMETHEUS_ADDRESS_OPT},
-    {"prometheus-path", optional_argument, NULL, PROMETHEUS_PATH_OPT},
    {"prometheus-username-labels", optional_argument, NULL, PROMETHEUS_ENABLE_USERNAMES_OPT},
 #endif
    {"use-auth-secret", optional_argument, NULL, AUTH_SECRET_OPT},
@ -1562,6 +1565,7 @@ static const struct myoption long_options[] = {
    {"no-auth-pings", optional_argument, NULL, NO_AUTH_PINGS_OPT},
    {"no-dynamic-ip-list", optional_argument, NULL, NO_DYNAMIC_IP_LIST_OPT},
    {"no-dynamic-realms", optional_argument, NULL, NO_DYNAMIC_REALMS_OPT},
+    /* deprecated: */ {"secret-ts-exp-time", optional_argument, NULL, AUTH_SECRET_TS_EXP},
    {"realm", required_argument, NULL, 'r'},
    {"server-name", required_argument, NULL, SERVER_NAME_OPT},
    {"oauth", optional_argument, NULL, OAUTH_OPT},
@ -1572,8 +1576,8 @@ static const struct myoption long_options[] = {
    {"verbose", optional_argument, NULL, 'v'},
    {"Verbose", optional_argument, NULL, 'V'},
    {"daemon", optional_argument, NULL, 'o'},
-    /* deprecated: */ {"no-software-attribute", optional_argument, NULL, DEPRECATED_NO_SOFTWARE_ATTRIBUTE_OPT},
-    {"software-attribute", optional_argument, NULL, SOFTWARE_ATTRIBUTE_OPT},
+    /* deprecated: */ {"prod", optional_argument, NULL, NO_SOFTWARE_ATTRIBUTE_OPT},
+    {"no-software-attribute", optional_argument, NULL, NO_SOFTWARE_ATTRIBUTE_OPT},
    {"fingerprint", optional_argument, NULL, 'f'},
    {"check-origin-consistency", optional_argument, NULL, CHECK_ORIGIN_CONSISTENCY_OPT},
    {"no-udp", optional_argument, NULL, NO_UDP_OPT},
@ -1630,6 +1634,8 @@ static const struct myoption long_options[] = {
    {"dh566", optional_argument, NULL, DH566_OPT},
    {"dh1066", optional_argument, NULL, DH1066_OPT},
    {"ne", required_argument, NULL, NE_TYPE_OPT},
+    {"no-sslv2", optional_argument, NULL, NO_SSLV2_OPT}, /* deprecated */
+    {"no-sslv3", optional_argument, NULL, NO_SSLV3_OPT}, /* deprecated */
    {"no-tlsv1", optional_argument, NULL, NO_TLSV1_OPT},
    {"no-tlsv1_1", optional_argument, NULL, NO_TLSV1_1_OPT},
    {"no-tlsv1_2", optional_argument, NULL, NO_TLSV1_2_OPT},
@ -1644,6 +1650,8 @@ static const struct myoption long_options[] = {
    {"respond-http-unsupported", optional_argument, NULL, RESPOND_HTTP_UNSUPPORTED_OPT},
    {"version", optional_argument, NULL, VERSION_OPT},
    {"syslog-facility", required_argument, NULL, SYSLOG_FACILITY_OPT},
+    // Signal change to add session limit
+    {"session-limit", required_argument, NULL, SESSION_LIMIT_OPT},
    {NULL, no_argument, NULL, 0}};

 static const struct myoption admin_long_options[] = {
@ -1732,8 +1740,12 @@ void encrypt_aes_128(unsigned char *in, const unsigned char *mykey) {
  struct ctr_state state;
  init_ctr(&state, iv);

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  CRYPTO_ctr128_encrypt(in, out, strlen((char *)in), &key, state.ivec, state.ecount, &state.num,
                        (block128_f)AES_encrypt);
+#else
+  AES_ctr128_encrypt(in, out, strlen((char *)in), &key, state.ivec, state.ecount, &state.num);
+#endif

  totalSize += strlen((char *)in);
  size = strlen((char *)in);
@ -1824,8 +1836,12 @@ void decrypt_aes_128(char *in, const unsigned char *mykey) {
  struct ctr_state state;
  init_ctr(&state, iv);

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  CRYPTO_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num,
                        (block128_f)AES_encrypt);
+#else
+  AES_ctr128_encrypt(encryptedText, outdata, newTotalSize, &key, state.ivec, state.ecount, &state.num);
+#endif

  strcat(last, (char *)outdata);
  printf("%s\n", last);
@ -1904,6 +1920,12 @@ static void set_option(int c, char *value) {
      turn_params.oauth = get_bool_value(value);
    }
    break;
+  case NO_SSLV2_OPT:
+    // deprecated
+    break;
+  case NO_SSLV3_OPT:
+    // deprecated
+    break;
  case NO_TLSV1_OPT:
    turn_params.no_tlsv1 = get_bool_value(value);
    break;
@ -2148,11 +2170,8 @@ static void set_option(int c, char *value) {
      anon_credentials = 1;
    }
    break;
-  case DEPRECATED_NO_SOFTWARE_ATTRIBUTE_OPT:
-    turn_params.software_attribute = !(bool)get_bool_value(value);
-    break;
-  case SOFTWARE_ATTRIBUTE_OPT:
-    turn_params.software_attribute = (bool)get_bool_value(value);
+  case NO_SOFTWARE_ATTRIBUTE_OPT:
+    turn_params.no_software_attribute = get_bool_value(value);
    break;
  case 'f':
    turn_params.fingerprint = get_bool_value(value);
@ -2204,12 +2223,6 @@ static void set_option(int c, char *value) {
  case PROMETHEUS_PORT_OPT:
    turn_params.prometheus_port = atoi(value);
    break;
-  case PROMETHEUS_ADDRESS_OPT:
-    STRCPY(turn_params.prometheus_address, value);
-    break;
-  case PROMETHEUS_PATH_OPT:
-    STRCPY(turn_params.prometheus_path, value);
-    break;
  case PROMETHEUS_ENABLE_USERNAMES_OPT:
    turn_params.prometheus_username_labels = 1;
    break;
@ -2235,6 +2248,9 @@ static void set_option(int c, char *value) {
    turn_params.ct = TURN_CREDENTIALS_LONG_TERM;
    use_lt_credentials = 1;
    break;
+  case AUTH_SECRET_TS_EXP:
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: Option --secret-ts-exp-time deprecated and has no effect.\n");
+    break;
  case 'r':
    set_default_realm_name(value);
    break;
@ -2358,6 +2374,10 @@ static void set_option(int c, char *value) {
  case RESPOND_HTTP_UNSUPPORTED_OPT:
    turn_params.respond_http_unsupported = get_bool_value(value);
    break;
+  // Signal change to add session limit
+  case SESSION_LIMIT_OPT:
+    turn_params.session_limit = atoi(value);
+    break;

  /* these options have been already taken care of before: */
  case 'l':
@ -2809,17 +2829,29 @@ static void print_features(unsigned long mfn) {

 #if !TLS_SUPPORTED
  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS is not supported\n");
-#else
+#elif TLSv1_3_SUPPORTED
  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.3 supported\n");
+#elif TLSv1_2_SUPPORTED
+  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.2 supported\n");
+#elif TLSv1_1_SUPPORTED
+  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.1 supported\n");
+#elif TLSv1_SUPPORTED
+  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS 1.0 supported\n");
 #endif

 #if !DTLS_SUPPORTED
  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS is not supported\n");
-#else
+#elif DTLSv1_2_SUPPORTED
  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS 1.2 supported\n");
+#elif DTLS_SUPPORTED
+  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS supported\n");
 #endif

+#if ALPN_SUPPORTED
  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN supported\n");
+#else
+  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN is not supported\n");
+#endif

  if (ENC_ALG_NUM == 0) {
    TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Third-party authorization (oAuth) is not supported\n");
@ -3010,7 +3042,7 @@ int main(int argc, char **argv) {
    return adminmain(argc, argv);
  }

-  memset(&turn_params.default_users_db.ram_db, 0, sizeof(ram_users_db_t));
+  memset(&turn_params.default_users_db, 0, sizeof(default_users_db_t));
  turn_params.default_users_db.ram_db.static_accounts = ur_string_map_create(free);

  // Zero pass apply the log options.
@ -3322,8 +3354,6 @@ int main(int argc, char **argv) {
  event_add(ev, NULL);
  ev = evsignal_new(turn_params.listener.event_base, SIGINT, shutdown_handler, NULL);
  event_add(ev, NULL);
-  ev = evsignal_new(turn_params.listener.event_base, SIGUSR1, drain_handler, NULL);
-  event_add(ev, NULL);
 #endif

  drop_privileges();
@ -3339,10 +3369,65 @@ int main(int argc, char **argv) {
 ////////// OpenSSL locking ////////////////////////////////////////

 #if defined(OPENSSL_THREADS)
+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
+
+// array larger than anything that OpenSSL may need:
+static TURN_MUTEX_DECLARE(mutex_buf[256]);
+static int mutex_buf_initialized = 0;
+
+void coturn_locking_function(int mode, int n, const char *file, int line);
+void coturn_locking_function(int mode, int n, const char *file, int line) {
+  UNUSED_ARG(file);
+  UNUSED_ARG(line);
+  if (mutex_buf_initialized && (n < CRYPTO_num_locks())) {
+    if (mode & CRYPTO_LOCK) {
+      TURN_MUTEX_LOCK(&(mutex_buf[n]));
+    } else {
+      TURN_MUTEX_UNLOCK(&(mutex_buf[n]));
+    }
+  }
+}
+
+void coturn_id_function(CRYPTO_THREADID *ctid);
+void coturn_id_function(CRYPTO_THREADID *ctid) {
+  UNUSED_ARG(ctid);
+  CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self());
+}
+
+static int THREAD_setup(void) {
+  int i;
+  for (i = 0; i < CRYPTO_num_locks(); i++) {
+    TURN_MUTEX_INIT(&(mutex_buf[i]));
+  }
+
+  mutex_buf_initialized = 1;
+  CRYPTO_THREADID_set_callback(coturn_id_function);
+  CRYPTO_set_locking_callback(coturn_locking_function);
+  return 1;
+}
+
+int THREAD_cleanup(void) {
+  int i;
+
+  if (!mutex_buf_initialized) {
+    return 0;
+  }
+
+  CRYPTO_THREADID_set_callback(NULL);
+  CRYPTO_set_locking_callback(NULL);
+  for (i = 0; i < CRYPTO_num_locks(); i++) {
+    TURN_MUTEX_DESTROY(&(mutex_buf[i]));
+  }
+
+  mutex_buf_initialized = 0;
+  return 1;
+}
+#else
 static int THREAD_setup(void) { return 1; }

 int THREAD_cleanup(void);
 int THREAD_cleanup(void) { return 1; }
+#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */
 #endif /* defined(OPENSSL_THREADS) */

 static void adjust_key_file_name(char *fn, const char *file_title, int critical) {
@ -3418,7 +3503,16 @@ static DH *get_dh566(void) {
  if ((dh = DH_new()) == NULL) {
    return (NULL);
  }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  dh->p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL);
+  dh->g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL);
+  if ((dh->p == NULL) || (dh->g == NULL)) {
+    DH_free(dh);
+    return (NULL);
+  }
+#else
  DH_set0_pqg(dh, BN_bin2bn(dh566_p, sizeof(dh566_p), NULL), NULL, BN_bin2bn(dh566_g, sizeof(dh566_g), NULL));
+#endif
  return (dh);
 }

@ -3446,7 +3540,16 @@ static DH *get_dh1066(void) {
  if ((dh = DH_new()) == NULL) {
    return (NULL);
  }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  dh->p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL);
+  dh->g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL);
+  if ((dh->p == NULL) || (dh->g == NULL)) {
+    DH_free(dh);
+    return (NULL);
+  }
+#else
  DH_set0_pqg(dh, BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL), NULL, BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL));
+#endif
  return (dh);
 }

@ -3483,7 +3586,16 @@ static DH *get_dh2066(void) {
  if ((dh = DH_new()) == NULL) {
    return (NULL);
  }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  dh->p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL);
+  dh->g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL);
+  if ((dh->p == NULL) || (dh->g == NULL)) {
+    DH_free(dh);
+    return (NULL);
+  }
+#else
  DH_set0_pqg(dh, BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL), NULL, BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL));
+#endif
  return (dh);
 }

@ -3495,6 +3607,8 @@ static int pem_password_func(char *buf, int size, int rwflag, void *password) {
  return (strlen(buf));
 }

+#if ALPN_SUPPORTED
+
 static int ServerALPNCallback(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in,
                              unsigned int inlen, void *arg) {

@ -3541,12 +3655,18 @@ static int ServerALPNCallback(SSL *ssl, const unsigned char **out, unsigned char
  return SSL_TLSEXT_ERR_NOACK; //???
 }

+#endif
+
 static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *method) {
  SSL_CTX *ctx = SSL_CTX_new(method);
  int err = 0;
  int rc = 0;
+#if ALPN_SUPPORTED
  SSL_CTX_set_alpn_select_cb(ctx, ServerALPNCallback, NULL);
+#endif
+
  SSL_CTX_set_default_passwd_cb_userdata(ctx, turn_params.tls_password);
+
  SSL_CTX_set_default_passwd_cb(ctx, pem_password_func);

  if (!(turn_params.cipher_list[0])) {
@ -3559,7 +3679,10 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho

  SSL_CTX_set_cipher_list(ctx, turn_params.cipher_list);
  SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+
+#if TLSv1_3_SUPPORTED
  SSL_CTX_set_ciphersuites(ctx, turn_params.cipher_list);
+#endif

  if (!SSL_CTX_use_certificate_chain_file(ctx, turn_params.cert_file)) {
    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: no certificate found\n", protocol);
@ -3635,6 +3758,11 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
    }

    if (set_auto_curve) {
+#if SSL_SESSION_ECDH_AUTO_SUPPORTED
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+      SSL_CTX_set_ecdh_auto(ctx, 1);
+#endif
+#endif
      set_auto_curve = 0;
    }
  }
@ -3787,6 +3915,22 @@ static void openssl_load_certificates(void) {

  TURN_MUTEX_LOCK(&turn_params.tls_mutex);
  if (!turn_params.no_tls) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    set_ctx(&turn_params.tls_ctx, "TLS", TLSv1_2_server_method()); /*openssl-1.0.2 version specific API */
+    if (turn_params.no_tlsv1) {
+      SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1);
+    }
+#if TLSv1_1_SUPPORTED
+    if (turn_params.no_tlsv1_1) {
+      SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1_1);
+    }
+#if TLSv1_2_SUPPORTED
+    if (turn_params.no_tlsv1_2) {
+      SSL_CTX_set_options(turn_params.tls_ctx, SSL_OP_NO_TLSv1_2);
+    }
+#endif
+#endif
+#else // OPENSSL_VERSION_NUMBER < 0x10100000L
    set_ctx(&turn_params.tls_ctx, "TLS", TLS_server_method());
    if (turn_params.no_tlsv1) {
      SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_1_VERSION);
@ -3794,16 +3938,36 @@ static void openssl_load_certificates(void) {
    if (turn_params.no_tlsv1_1) {
      SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_2_VERSION);
    }
+#if TLSv1_3_SUPPORTED
    if (turn_params.no_tlsv1_2) {
      SSL_CTX_set_min_proto_version(turn_params.tls_ctx, TLS1_3_VERSION);
    }
+#endif
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
    TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS cipher suite: %s\n", turn_params.cipher_list);
  }

  if (!turn_params.no_dtls) {
 #if !DTLS_SUPPORTED
    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "ERROR: DTLS is not supported.\n");
+#elif OPENSSL_VERSION_NUMBER < 0x10000000L
+    TURN_LOG_FUNC(
+        TURN_LOG_LEVEL_WARNING,
+        "WARNING: TURN Server was compiled with rather old OpenSSL version, DTLS may not be working correctly.\n");
 #else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // before openssl-1.1.0 no version independent API
+#if DTLSv1_2_SUPPORTED
+    set_ctx(&turn_params.dtls_ctx, "DTLS", DTLSv1_2_server_method()); // openssl-1.0.2
+    if (turn_params.no_tlsv1_2) {
+      SSL_CTX_set_options(turn_params.dtls_ctx, SSL_OP_NO_DTLSv1_2);
+    }
+#else
+    set_ctx(&turn_params.dtls_ctx, "DTLS", DTLSv1_server_method()); // < openssl-1.0.2
+#endif
+    if (turn_params.no_tlsv1 || turn_params.no_tlsv1_1) {
+      SSL_CTX_set_options(turn_params.dtls_ctx, SSL_OP_NO_DTLSv1);
+    }
+#else  // OPENSSL_VERSION_NUMBER < 0x10100000L
    set_ctx(&turn_params.dtls_ctx, "DTLS", DTLS_server_method());
    if (turn_params.no_tlsv1 || turn_params.no_tlsv1_1) {
      SSL_CTX_set_min_proto_version(turn_params.dtls_ctx, DTLS1_2_VERSION);
@ -3811,6 +3975,7 @@ static void openssl_load_certificates(void) {
    if (turn_params.no_tlsv1_2) {
      SSL_CTX_set_max_proto_version(turn_params.dtls_ctx, DTLS1_VERSION);
    }
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
    setup_dtls_callbacks(turn_params.dtls_ctx);
    TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS cipher suite: %s\n", turn_params.cipher_list);
 #endif
@ -3832,15 +3997,7 @@ static void reload_ssl_certs(evutil_socket_t sock, short events, void *args) {

 static void shutdown_handler(evutil_socket_t sock, short events, void *args) {
  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Terminating on signal %d\n", sock);
-  turn_params.stop_turn_server = true;
-
-  UNUSED_ARG(events);
-  UNUSED_ARG(args);
-}
-
-static void drain_handler(evutil_socket_t sock, short events, void *args) {
-  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Draining then terminating on signal %d\n", sock);
-  enable_drain_mode();
+  turn_params.stop_turn_server = 1;

  UNUSED_ARG(events);
  UNUSED_ARG(args);
--- a/src/apps/relay/mainrelay.h
+++ b/src/apps/relay/mainrelay.h
@ -87,7 +87,9 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 #include <openssl/modes.h>
+#endif

 #if !defined(TURN_NO_SYSTEMD)
 #include <systemd/sd-daemon.h>
@ -103,10 +105,12 @@ extern "C" {

 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #define DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
+#if TLSv1_3_SUPPORTED
 #define DEFAULT_CIPHERSUITES OSSL_default_ciphersuites()
+#endif
 #else
 #define DEFAULT_CIPHER_LIST "DEFAULT"
-#if defined(TLS_DEFAULT_CIPHERSUITES)
+#if TLSv1_3_SUPPORTED && defined(TLS_DEFAULT_CIPHERSUITES)
 #define DEFAULT_CIPHERSUITES TLS_DEFAULT_CIPHERSUITES
 #endif
 #endif
@ -206,7 +210,7 @@ typedef struct _turn_params_ {

  int verbose;
  int turn_daemon;
-  bool software_attribute;
+  int no_software_attribute;
  int web_admin_listen_on_workers;

  int do_not_use_config_file;
@ -282,9 +286,8 @@ typedef struct _turn_params_ {
  turn_server_addrs_list_t alternate_servers_list;
  turn_server_addrs_list_t tls_alternate_servers_list;

-  /////////////// stop/drain server ////////////////
-  bool drain_turn_server;
-  bool stop_turn_server;
+  /////////////// stop server ////////////////
+  int stop_turn_server;

  ////////////// MISC PARAMS ////////////////

@ -308,8 +311,6 @@ typedef struct _turn_params_ {
  vint user_quota;
  int prometheus;
  int prometheus_port;
-  char prometheus_address[INET6_ADDRSTRLEN];
-  char prometheus_path[1025];
  int prometheus_username_labels;

  /////// Users DB ///////////
@ -332,6 +333,8 @@ typedef struct _turn_params_ {
  vint no_stun_backward_compatibility;
  vint response_origin_only_with_rfc5780;
  vint respond_http_unsupported;
+  // Signal change to add session limit
+  int session_limit;
 } turn_params_t;

 extern turn_params_t turn_params;
@ -376,7 +379,6 @@ void send_auth_message_to_auth_server(struct auth_message *am);
 void init_listener(void);
 void setup_server(void);
 void run_listener_server(struct listener_server *ls);
-void enable_drain_mode(void);

 ////////// BPS ////////////////

--- a/src/apps/relay/netengine.c
+++ b/src/apps/relay/netengine.c
@ -33,7 +33,8 @@
 #include "ns_turn_ioalib.h"

 //////////// Backward compatibility with OpenSSL 1.0.x //////////////
-#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x3040000fL
+#if (OPENSSL_VERSION_NUMBER < 0x10100001L ||                                                                           \
+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x3040000fL))
 #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX)
 #endif

@ -44,6 +45,10 @@ static unsigned int barrier_count = 0;
 static pthread_barrier_t barrier;
 #endif

+// Signal change to add rtt metrics
+
+static pthread_barrier_t rtt_barrier;
+
 ////////////// Auth Server ////////////////

 typedef unsigned char authserver_id;
@ -695,6 +700,37 @@ err:
  return ret;
 }

+// Signal change to add rtt metrics
+int send_cycle_rtt_map_to_relay(turnserver_id id) {
+  int ret = 0;
+
+  struct message_to_relay sm;
+  memset(&sm, 0, sizeof(struct message_to_relay));
+  sm.t = RMT_CYCLE_RTT_MAP;
+
+  struct relay_server *rs = get_relay_server(id);
+  if (!rs) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: can't find relay for turn_server_id: %d\n", __FUNCTION__, (int)id);
+    ret = -1;
+    goto err;
+  }
+
+  sm.relay_server = rs;
+
+  {
+    struct evbuffer *output = bufferevent_get_output(rs->out_buf);
+    if (output) {
+      evbuffer_add(output, &sm, sizeof(struct message_to_relay));
+    } else {
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Empty output buffer\n", __FUNCTION__);
+      ret = -1;
+    }
+  }
+
+err:
+  return ret;
+}
+
 static int handle_relay_message(relay_server_handle rs, struct message_to_relay *sm) {
  if (rs && sm) {

@ -775,6 +811,18 @@ static int handle_relay_message(relay_server_handle rs, struct message_to_relay
      sm->m.sm.nd.nbh = NULL;
      break;
    }
+    // Signal change to add rtt metric
+    case RMT_CYCLE_RTT_MAP: {
+      rs->server.rtt_ms_mins = ur_map_create();
+      int br = 0;
+      do {
+        br = pthread_barrier_wait(&rtt_barrier);
+        if ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD)) {
+          perror("rtt barrier wait (message)");
+        }
+      } while ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD));
+      break;
+    }
    default: {
      perror("Weird buffer type\n");
    }
@ -1604,11 +1652,6 @@ void run_listener_server(struct listener_server *ls) {
      }
    }

-    if (turn_params.drain_turn_server && global_allocation_count == 0) {
-      turn_params.stop_turn_server = true;
-      TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Drain complete, shutting down now...\n");
-    }
-
    run_events(ls->event_base, ls->ioa_eng);

    rollover_logfile();
@ -1652,19 +1695,21 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
  bufferevent_enable(rs->auth_in_buf, EV_READ);

  init_turn_server(
-      &(rs->server), rs->id, turn_params.verbose, rs->ioa_eng, turn_params.ct, turn_params.fingerprint,
+      &(rs->server), rs->id, turn_params.verbose, rs->ioa_eng, turn_params.ct, 0, turn_params.fingerprint,
      DONT_FRAGMENT_SUPPORTED, start_user_check, check_new_allocation_quota, release_allocation_quota,
      turn_params.external_ip, &turn_params.check_origin, &turn_params.no_tcp_relay, &turn_params.no_udp_relay,
      &turn_params.stale_nonce, &turn_params.max_allocate_lifetime, &turn_params.channel_lifetime,
-      &turn_params.permission_lifetime, &turn_params.stun_only, &turn_params.no_stun, turn_params.software_attribute,
-      &turn_params.web_admin_listen_on_workers, &turn_params.alternate_servers_list,
+      &turn_params.permission_lifetime, &turn_params.stun_only, &turn_params.no_stun,
+      &turn_params.no_software_attribute, &turn_params.web_admin_listen_on_workers, &turn_params.alternate_servers_list,
      &turn_params.tls_alternate_servers_list, &turn_params.aux_servers_list, turn_params.udp_self_balance,
      &turn_params.no_multicast_peers, &turn_params.allow_loopback_peers, &turn_params.ip_whitelist,
      &turn_params.ip_blacklist, send_socket_to_relay, &turn_params.secure_stun, &turn_params.mobility,
      turn_params.server_relay, send_turn_session_info, send_https_socket, allocate_bps, turn_params.oauth,
      turn_params.oauth_server_name, turn_params.acme_redirect, turn_params.allocation_default_address_family,
      &turn_params.log_binding, &turn_params.no_stun_backward_compatibility,
-      &turn_params.response_origin_only_with_rfc5780, &turn_params.respond_http_unsupported);
+      &turn_params.response_origin_only_with_rfc5780, &turn_params.respond_http_unsupported,
+      // Signal change to add session limit
+      turn_params.session_limit);

  if (to_set_rfc5780) {
    set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client);
@ -1903,18 +1948,62 @@ void setup_server(void) {

 void init_listener(void) { memset(&turn_params.listener, 0, sizeof(struct listener_server)); }

-void enable_drain_mode(void) {
-  // Tell each turn_server we are draining
+///////////////////////////////
+
+// Signal change to add rtt metrics
+size_t cycle_rtt_ms_maps(ur_map **rtt_ms_maps, size_t len) {
+  if (len != 1 + ((turnserver_id)-1)) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "cycle_rtt_ms_maps, length is %ld, must be %ld\n", len,
+                  1L + ((turnserver_id)-1));
+    return 0;
+  }
+  size_t count = 0;
  for (size_t i = 0; i < get_real_general_relay_servers_number(); i++) {
-    if (general_relay_servers[i]) {
-      general_relay_servers[i]->server.is_draining = true;
+    if (general_relay_servers[i] && general_relay_servers[i]->server.rtt_ms_mins) {
+      rtt_ms_maps[count] = general_relay_servers[i]->server.rtt_ms_mins;
+      ++count;
    }
  }
  for (size_t i = 0; i < get_real_udp_relay_servers_number(); i++) {
-    if (udp_relay_servers[i]) {
-      udp_relay_servers[i]->server.is_draining = true;
+    if (udp_relay_servers[i] && udp_relay_servers[i]->server.rtt_ms_mins) {
+      rtt_ms_maps[count] = udp_relay_servers[i]->server.rtt_ms_mins;
+      ++count;
    }
  }
-  turn_params.drain_turn_server = true;
+
+  static size_t last_count = 0;
+  if (last_count != count) {
+    if (last_count) {
+      if (pthread_barrier_destroy(&rtt_barrier) != 0) {
+        perror("rtt barrier destroy");
+        return 0;
+      }
+    }
+    if (pthread_barrier_init(&rtt_barrier, NULL, count + 1) != 0) {
+      perror("rtt barrier init");
+      return 0;
+    }
+    last_count = count;
+  }
+
+  for (size_t i = 0; i < get_real_general_relay_servers_number(); i++) {
+    if (general_relay_servers[i] && general_relay_servers[i]->server.rtt_ms_mins) {
+      send_cycle_rtt_map_to_relay(i);
+    }
+  }
+  for (size_t i = 0; i < get_real_udp_relay_servers_number(); i++) {
+    if (udp_relay_servers[i] && udp_relay_servers[i]->server.rtt_ms_mins) {
+      send_cycle_rtt_map_to_relay(i + TURNSERVER_ID_BOUNDARY_BETWEEN_TCP_AND_UDP);
+    }
+  }
+
+  int br = 0;
+  do {
+    br = pthread_barrier_wait(&rtt_barrier);
+    if ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD)) {
+      perror("rtt barrier wait");
+    }
+  } while ((br < 0) && (br != PTHREAD_BARRIER_SERIAL_THREAD));
+
+  return count;
 }
-///////////////////////////////
--- a/src/apps/relay/ns_ioalib_engine_impl.c
+++ b/src/apps/relay/ns_ioalib_engine_impl.c
@ -1371,9 +1371,30 @@ ioa_socket_handle create_ioa_socket_from_fd(ioa_engine_handle e, ioa_socket_raw
 }

 static void ssl_info_callback(SSL *ssl, int where, int ret) {
+
  UNUSED_ARG(ret);
  UNUSED_ARG(ssl);
  UNUSED_ARG(where);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+  if (0 != (where & SSL_CB_HANDSHAKE_START)) {
+    ioa_socket_handle s = (ioa_socket_handle)SSL_get_app_data(ssl);
+    if (s) {
+      ++(s->ssl_renegs);
+    }
+  } else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
+    if (ssl->s3) {
+      ioa_socket_handle s = (ioa_socket_handle)SSL_get_app_data(ssl);
+      if (s) {
+        if (s->ssl_renegs > SSL_MAX_RENEG_NUMBER) {
+          ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+        }
+      }
+    }
+  }
+#endif
+#endif
 }

 typedef void (*ssl_info_callback_t)(const SSL *ssl, int type, int val);
@ -1814,7 +1835,7 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve
  BIO *rbio = BIO_new_mem_buf(buffer, old_buffer_len);
  BIO_set_mem_eof_return(rbio, -1);

-#if defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL)
  ssl->rbio = rbio;
 #else
  SSL_set0_rbio(ssl, rbio);
@ -1913,7 +1934,7 @@ int ssl_read(evutil_socket_t fd, SSL *ssl, ioa_network_buffer_handle nbh, int ve
  if (ret > 0) {
    ioa_network_buffer_add_offset_size(nbh, (uint16_t)buf_size, 0, (size_t)ret);
  }
-#if defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x3040000fL)
  ssl->rbio = NULL;
  BIO_free(rbio);
 #else
@ -3662,8 +3683,10 @@ void turn_report_allocation_set(void *a, turn_time_t lifetime, int refresh) {
        }
 #endif
        {
+          // Signal change to add address family label
          if (!refresh) {
-            prom_inc_allocation(get_ioa_socket_type(ss->client_socket));
+            prom_inc_allocation(get_ioa_socket_type(ss->client_socket),
+                                get_ioa_socket_address_family(ss->client_socket), ss->protocolgroup);
          }
        }
      }
@ -3671,7 +3694,7 @@ void turn_report_allocation_set(void *a, turn_time_t lifetime, int refresh) {
  }
 }

-void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type) {
+void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type, int family) {
  if (a) {
    ts_ur_super_session *ss = (ts_ur_super_session *)(((allocation *)a)->owner);
    if (ss) {
@ -3720,27 +3743,33 @@ void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type) {
        }
 #endif
        {
+          // Signal change to add metrics
          if (ss->realm_options.name[0]) {

            // Set prometheus traffic metrics
            prom_set_finished_traffic(ss->realm_options.name, (const char *)ss->username,
                                      (unsigned long)(ss->t_received_packets), (unsigned long)(ss->t_received_bytes),
-                                      (unsigned long)(ss->t_sent_packets), (unsigned long)(ss->t_sent_bytes), false);
+                                      (unsigned long)(ss->t_sent_packets), (unsigned long)(ss->t_sent_bytes),
+                                      (unsigned long)ss->t_before_ping_packets, false, ss->protocolgroup);
            prom_set_finished_traffic(
                ss->realm_options.name, (const char *)ss->username, (unsigned long)(ss->t_peer_received_packets),
                (unsigned long)(ss->t_peer_received_bytes), (unsigned long)(ss->t_peer_sent_packets),
-                (unsigned long)(ss->t_peer_sent_bytes), true);
+                (unsigned long)(ss->t_peer_sent_bytes), 0, true, ss->protocolgroup);
          } else {
            // Set prometheus traffic metrics
            prom_set_finished_traffic(NULL, (const char *)ss->username, (unsigned long)(ss->t_received_packets),
                                      (unsigned long)(ss->t_received_bytes), (unsigned long)(ss->t_sent_packets),
-                                      (unsigned long)(ss->t_sent_bytes), false);
+                                      (unsigned long)(ss->t_sent_bytes), (unsigned long)ss->t_before_ping_packets,
+                                      false, ss->protocolgroup);
            prom_set_finished_traffic(NULL, (const char *)ss->username, (unsigned long)(ss->t_peer_received_packets),
                                      (unsigned long)(ss->t_peer_received_bytes),
                                      (unsigned long)(ss->t_peer_sent_packets), (unsigned long)(ss->t_peer_sent_bytes),
-                                      true);
+                                      0, true, ss->protocolgroup);
          }
-          prom_dec_allocation(socket_type);
+          turn_time_t ct = get_turn_server_time(server) - ss->start_time;
+          const uint32_t byte_to_kilobit = 125;
+          uint64_t sent_rate_kbps = ss->sent_rate / byte_to_kilobit;
+          prom_dec_allocation(socket_type, family, (unsigned long)ct, (unsigned long)sent_rate_kbps, ss->protocolgroup);
        }
      }
    }
--- a/src/apps/relay/ns_ioalib_impl.h
+++ b/src/apps/relay/ns_ioalib_impl.h
@ -289,6 +289,10 @@ void *allocate_super_memory_engine_func(ioa_engine_handle e, size_t size, const

 /////////////////////////////////////////////////

+// Signal change to add rtt metrics
+int send_cycle_rtt_map_to_relay(turnserver_id id);
+size_t cycle_rtt_ms_maps(ur_map **rtt_ms_maps, size_t len);
+
 #ifdef __cplusplus
 }
 #endif
--- a/src/apps/relay/prom_server.c
+++ b/src/apps/relay/prom_server.c
@ -9,6 +9,8 @@

 #if !defined(TURN_NO_PROMETHEUS)

+#define PROTOCOL_GROUP_LABEL "protocol-group"
+
 prom_counter_t *stun_binding_request;
 prom_counter_t *stun_binding_response;
 prom_counter_t *stun_binding_error;
@ -33,43 +35,18 @@ prom_counter_t *turn_total_traffic_peer_rcvb;
 prom_counter_t *turn_total_traffic_peer_sentp;
 prom_counter_t *turn_total_traffic_peer_sentb;

+prom_counter_t *turn_total_sessions;
+
 prom_gauge_t *turn_total_allocations;

-#if MHD_VERSION >= 0x00097002
-#define MHD_RESULT enum MHD_Result
-#else
-#define MHD_RESULT int
-#endif
-
-MHD_RESULT promhttp_handler(void *cls, struct MHD_Connection *connection, const char *url, const char *method,
-                            const char *version, const char *upload_data, size_t *upload_data_size, void **con_cls) {
-  MHD_RESULT ret;
-
-  char *body = "not found";
-  enum MHD_ResponseMemoryMode mode = MHD_RESPMEM_PERSISTENT;
-  unsigned int status = MHD_HTTP_NOT_FOUND;
-
-  if (strcmp(method, "GET") != 0) {
-    status = MHD_HTTP_METHOD_NOT_ALLOWED;
-    body = "method not allowed";
-  } else if (strcmp(url, turn_params.prometheus_path) == 0) {
-    body = prom_collector_registry_bridge(PROM_COLLECTOR_REGISTRY_DEFAULT);
-    mode = MHD_RESPMEM_MUST_FREE;
-    status = MHD_HTTP_OK;
-  }
-
-  struct MHD_Response *response = MHD_create_response_from_buffer(strlen(body), body, mode);
-  if (response == NULL) {
-    if (mode == MHD_RESPMEM_MUST_FREE) {
-      free(body);
-    }
-    ret = MHD_NO;
-  } else {
-    ret = MHD_queue_response(connection, status, response);
-    MHD_destroy_response(response);
-  }
-  return ret;
-}
+// Signal change to add metrics
+prom_counter_t *turn_rtt_client[8];
+prom_counter_t *turn_rtt_peer[8];
+prom_counter_t *turn_rtt_combined[8];
+prom_counter_t *turn_with_no_ping_rcvp;
+prom_counter_t *turn_allocation_response;
+prom_gauge_t *turn_session_limit;
+prom_counter_t *turn_sessions_overlimit;

 void start_prometheus_server(void) {
  if (turn_params.prometheus == 0) {
@ -78,8 +55,9 @@ void start_prometheus_server(void) {
  }
  prom_collector_registry_default_init();

-  const char *label[] = {"realm", NULL};
-  size_t nlabels = 1;
+  // Signal change to add protocol-group label to metrics
+  const char *label[] = {"realm", PROTOCOL_GROUP_LABEL, PROTOCOL_GROUP_LABEL};
+  size_t nlabels = 2;

  if (turn_params.prometheus_username_labels) {
    label[1] = "user";
@ -114,33 +92,128 @@ void start_prometheus_server(void) {
  turn_traffic_peer_sentb = prom_collector_registry_must_register_metric(
      prom_counter_new("turn_traffic_peer_sentb", "Represents finished sessions peer sent bytes", nlabels, label));

+  const char *traffic_label[] = {PROTOCOL_GROUP_LABEL};
+  const size_t ntraffic_labels = 1;
  // Create total finished traffic counter metrics
  turn_total_traffic_rcvp = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_rcvp", "Represents total finished sessions received packets", 0, NULL));
-  turn_total_traffic_rcvb = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_rcvb", "Represents total finished sessions received bytes", 0, NULL));
-  turn_total_traffic_sentp = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_sentp", "Represents total finished sessions sent packets", 0, NULL));
-  turn_total_traffic_sentb = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_sentb", "Represents total finished sessions sent bytes", 0, NULL));
+      prom_counter_new("turn_total_traffic_rcvp", "Represents total finished sessions received packets",
+                       ntraffic_labels, traffic_label));
+  turn_total_traffic_rcvb = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_total_traffic_rcvb", "Represents total finished sessions received bytes", ntraffic_labels, traffic_label));
+  turn_total_traffic_sentp = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_total_traffic_sentp", "Represents total finished sessions sent packets", ntraffic_labels, traffic_label));
+  turn_total_traffic_sentb = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_total_traffic_sentb", "Represents total finished sessions sent bytes", ntraffic_labels, traffic_label));

  // Create total finished sessions traffic for peers counter metrics
-  turn_total_traffic_peer_rcvp = prom_collector_registry_must_register_metric(prom_counter_new(
-      "turn_total_traffic_peer_rcvp", "Represents total finished sessions peer received packets", 0, NULL));
-  turn_total_traffic_peer_rcvb = prom_collector_registry_must_register_metric(prom_counter_new(
-      "turn_total_traffic_peer_rcvb", "Represents total finished sessions peer received bytes", 0, NULL));
-  turn_total_traffic_peer_sentp = prom_collector_registry_must_register_metric(prom_counter_new(
-      "turn_total_traffic_peer_sentp", "Represents total finished sessions peer sent packets", 0, NULL));
+  turn_total_traffic_peer_rcvp = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_total_traffic_peer_rcvp", "Represents total finished sessions peer received packets",
+                       ntraffic_labels, traffic_label));
+  turn_total_traffic_peer_rcvb = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_total_traffic_peer_rcvb", "Represents total finished sessions peer received bytes",
+                       ntraffic_labels, traffic_label));
+  turn_total_traffic_peer_sentp = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_total_traffic_peer_sentp", "Represents total finished sessions peer sent packets",
+                       ntraffic_labels, traffic_label));
  turn_total_traffic_peer_sentb = prom_collector_registry_must_register_metric(
-      prom_counter_new("turn_total_traffic_peer_sentb", "Represents total finished sessions peer sent bytes", 0, NULL));
+      prom_counter_new("turn_total_traffic_peer_sentb", "Represents total finished sessions peer sent bytes",
+                       ntraffic_labels, traffic_label));
+
+  // Signal change to add protocol-group metric label
+  // Create total completed session counter metric
+  const char *total_sessions_labels[] = {"duration", "sent_rate", PROTOCOL_GROUP_LABEL};
+  turn_total_sessions = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_total_sessions", "Represents total completed sessions", 3, total_sessions_labels));

  // Create total allocations number gauge metric
-  const char *typeLabel[] = {"type"};
+  const char *total_allocations_labels[] = {"type", "client_addr_family", PROTOCOL_GROUP_LABEL};
  turn_total_allocations = prom_collector_registry_must_register_metric(
-      prom_gauge_new("turn_total_allocations", "Represents current allocations number", 1, typeLabel));
+      prom_gauge_new("turn_total_allocations", "Represents current allocations number", 3, total_allocations_labels));
+
+  // Signal change to add metrics
+  // Create round trip time pseudo-histogram metrics
+  // values must be kept in sync with observation function below
+
+  const char *rtt_labels[] = {PROTOCOL_GROUP_LABEL};
+  const size_t nrtt_labels = 1;
+  turn_rtt_client[0] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_25ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[1] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_50ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[2] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_100ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[3] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_200ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[4] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_400ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[5] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_800ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[6] = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_rtt_client_le_1500ms", "Represents measured round trip time of client with channel",
+                       nrtt_labels, rtt_labels));
+  turn_rtt_client[7] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_client_more", "Represents measured round trip time of client with channel", nrtt_labels, rtt_labels));
+
+  turn_rtt_peer[0] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_25ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[1] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_50ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[2] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_100ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[3] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_200ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[4] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_400ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[5] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_800ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[6] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_le_1500ms", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+  turn_rtt_peer[7] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_peer_more", "Represents measured round trip time of peer with channel", nrtt_labels, rtt_labels));
+
+  turn_rtt_combined[0] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_25ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[1] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_50ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[2] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_100ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[3] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_200ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[4] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_400ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[5] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_800ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[6] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_le_1500ms", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+  turn_rtt_combined[7] = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_rtt_combined_more", "Represents combined round trip time of channel", nrtt_labels, rtt_labels));
+
+  turn_with_no_ping_rcvp = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_with_no_ping_rcvp", "Count of packets received for TURN where no ICE ping has been observed", 0, NULL));
+
+  const char *response_labels[] = {"response_code"};
+  turn_allocation_response = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_allocation_response", "Count of allocation responses sent (by error code)", 1, response_labels));
+
+  turn_session_limit = prom_collector_registry_must_register_metric(
+      prom_gauge_new("turn_session_limit", "Current number of additional sessions allowed", 0, NULL));
+
+  turn_sessions_overlimit = prom_collector_registry_must_register_metric(prom_counter_new(
+      "turn_sessions_overlimit", "Count of sessions deined because it would be over the limit", 0, NULL));
+
+  promhttp_set_active_collector_registry(NULL);

  // some flags appeared first in microhttpd v0.9.53
  unsigned int flags = 0;
+  if (MHD_is_feature_supported(MHD_FEATURE_IPv6) && is_ipv6_enabled()) {
+    flags |= MHD_USE_DUAL_STACK;
+  }
 #if MHD_VERSION >= 0x00095300
  flags |= MHD_USE_ERROR_LOG;
 #endif
@ -158,36 +231,7 @@ void start_prometheus_server(void) {
    TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "prometheus exporter server will start using SELECT. "
                                          "The exporter might be unreachable on highly used servers\n");
  }
-
-  ioa_addr server_addr;
-  addr_set_any(&server_addr);
-  if (turn_params.prometheus_address[0]) {
-    if (make_ioa_addr((const uint8_t *)turn_params.prometheus_address, turn_params.prometheus_port, &server_addr) < 0) {
-      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "could not parse prometheus collector's server address\n");
-      return;
-    }
-
-    if (is_ipv6_enabled() && server_addr.ss.sa_family == AF_INET6) {
-      flags |= MHD_USE_IPv6;
-    }
-  } else {
-    if (MHD_is_feature_supported(MHD_FEATURE_IPv6) && is_ipv6_enabled()) {
-      flags |= MHD_USE_DUAL_STACK;
-      server_addr.ss.sa_family = AF_INET6;
-      server_addr.s6.sin6_port = htons((uint16_t)turn_params.prometheus_port);
-    } else {
-      server_addr.ss.sa_family = AF_INET;
-      server_addr.s4.sin_port = htons((uint16_t)turn_params.prometheus_port);
-    }
-  }
-
-  uint8_t addr[MAX_IOA_ADDR_STRING];
-  addr_to_string(&server_addr, addr);
-  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "prometheus exporter server will listen on %s\n", addr);
-
-  struct MHD_Daemon *daemon =
-      MHD_start_daemon(flags, 0, NULL, NULL, &promhttp_handler, NULL, MHD_OPTION_LISTENING_ADDRESS_REUSE, 1,
-                       MHD_OPTION_SOCK_ADDR, &server_addr, MHD_OPTION_END);
+  struct MHD_Daemon *daemon = promhttp_start_daemon(flags, turn_params.prometheus_port, NULL, NULL);
  if (daemon == NULL) {
    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "could not start prometheus collector\n");
    return;
@ -198,50 +242,62 @@ void start_prometheus_server(void) {
  return;
 }

+// Signal change to add metrics
 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,
-                               unsigned long sentp, unsigned long sentb, bool peer) {
+                               unsigned long sentp, unsigned long sentb, unsigned long without_pingp, bool peer,
+                               const char *protocolgroup) {
  if (turn_params.prometheus == 1) {

-    const char *label[] = {realm, NULL};
+    // Signal change to add protocol-group label to metrics
+    const char *user_label[] = {realm, protocolgroup, protocolgroup};
    if (turn_params.prometheus_username_labels) {
-      label[1] = user;
+      user_label[1] = user;
    }
+    const char *traffic_label[] = {protocolgroup};
+    // end signal change

    if (peer) {
-      prom_counter_add(turn_traffic_peer_rcvp, rsvp, label);
-      prom_counter_add(turn_traffic_peer_rcvb, rsvb, label);
-      prom_counter_add(turn_traffic_peer_sentp, sentp, label);
-      prom_counter_add(turn_traffic_peer_sentb, sentb, label);
+      prom_counter_add(turn_traffic_peer_rcvp, rsvp, user_label);
+      prom_counter_add(turn_traffic_peer_rcvb, rsvb, user_label);
+      prom_counter_add(turn_traffic_peer_sentp, sentp, user_label);
+      prom_counter_add(turn_traffic_peer_sentb, sentb, user_label);

-      prom_counter_add(turn_total_traffic_peer_rcvp, rsvp, NULL);
-      prom_counter_add(turn_total_traffic_peer_rcvb, rsvb, NULL);
-      prom_counter_add(turn_total_traffic_peer_sentp, sentp, NULL);
-      prom_counter_add(turn_total_traffic_peer_sentb, sentb, NULL);
+      prom_counter_add(turn_total_traffic_peer_rcvp, rsvp, traffic_label);
+      prom_counter_add(turn_total_traffic_peer_rcvb, rsvb, traffic_label);
+      prom_counter_add(turn_total_traffic_peer_sentp, sentp, traffic_label);
+      prom_counter_add(turn_total_traffic_peer_sentb, sentb, traffic_label);
    } else {
-      prom_counter_add(turn_traffic_rcvp, rsvp, label);
-      prom_counter_add(turn_traffic_rcvb, rsvb, label);
-      prom_counter_add(turn_traffic_sentp, sentp, label);
-      prom_counter_add(turn_traffic_sentb, sentb, label);
+      prom_counter_add(turn_traffic_rcvp, rsvp, user_label);
+      prom_counter_add(turn_traffic_rcvb, rsvb, user_label);
+      prom_counter_add(turn_traffic_sentp, sentp, user_label);
+      prom_counter_add(turn_traffic_sentb, sentb, user_label);

-      prom_counter_add(turn_total_traffic_rcvp, rsvp, NULL);
-      prom_counter_add(turn_total_traffic_rcvb, rsvb, NULL);
-      prom_counter_add(turn_total_traffic_sentp, sentp, NULL);
-      prom_counter_add(turn_total_traffic_sentb, sentb, NULL);
+      prom_counter_add(turn_total_traffic_rcvp, rsvp, traffic_label);
+      prom_counter_add(turn_total_traffic_rcvb, rsvb, traffic_label);
+      prom_counter_add(turn_total_traffic_sentp, sentp, traffic_label);
+      prom_counter_add(turn_total_traffic_sentb, sentb, traffic_label);
+    }
+    // Signal change to add metrics
+    if (without_pingp) {
+      prom_counter_add(turn_with_no_ping_rcvp, without_pingp, NULL);
    }
  }
 }

-void prom_inc_allocation(SOCKET_TYPE type) {
+void prom_inc_allocation(SOCKET_TYPE type, int addr_family, const char *protocolgroup) {
  if (turn_params.prometheus == 1) {
-    const char *label[] = {socket_type_name(type)};
-    prom_gauge_inc(turn_total_allocations, label);
+    const char *labels[] = {socket_type_name(type), addr_family_name(addr_family), protocolgroup};
+    prom_gauge_inc(turn_total_allocations, labels);
  }
 }

-void prom_dec_allocation(SOCKET_TYPE type) {
+void prom_dec_allocation(SOCKET_TYPE type, int addr_family, unsigned long duration, unsigned long sent_rate_kbps,
+                         const char *protocolgroup) {
  if (turn_params.prometheus == 1) {
-    const char *label[] = {socket_type_name(type)};
-    prom_gauge_dec(turn_total_allocations, label);
+    const char *labels[] = {socket_type_name(type), addr_family_name(addr_family), protocolgroup};
+    prom_gauge_dec(turn_total_allocations, labels);
+    const char *total_sessions_labels[] = {duration_name(duration), rate_name(sent_rate_kbps), protocolgroup};
+    prom_counter_add(turn_total_sessions, 1, total_sessions_labels);
  }
 }

@ -279,6 +335,73 @@ int is_ipv6_enabled(void) {
  return ret;
 }

+// Signal change to add metrics
+void prom_observe_rtt(prom_counter_t *counter[8], int microseconds, const char *protocolgroup) {
+  const char *label[] = {protocolgroup};
+  if (microseconds <= 25000) {
+    prom_counter_add(counter[0], 1, label);
+  }
+  if (microseconds <= 50000) {
+    prom_counter_add(counter[1], 1, label);
+  }
+  if (microseconds <= 100000) {
+    prom_counter_add(counter[2], 1, label);
+  }
+  if (microseconds <= 200000) {
+    prom_counter_add(counter[3], 1, label);
+  }
+  if (microseconds <= 400000) {
+    prom_counter_add(counter[4], 1, label);
+  }
+  if (microseconds <= 800000) {
+    prom_counter_add(counter[5], 1, label);
+  }
+  if (microseconds <= 1500000) {
+    prom_counter_add(counter[6], 1, label);
+  }
+  prom_counter_add(counter[7], 1, label);
+}
+
+void prom_observe_rtt_client(int microseconds, const char *protocolgroup) {
+  if (turn_params.prometheus == 1) {
+    prom_observe_rtt(turn_rtt_client, microseconds, protocolgroup);
+  }
+}
+
+void prom_observe_rtt_peer(int microseconds, const char *protocolgroup) {
+  if (turn_params.prometheus == 1) {
+    prom_observe_rtt(turn_rtt_peer, microseconds, protocolgroup);
+  }
+}
+
+void prom_observe_rtt_combined(int microseconds, const char *protocolgroup) {
+  if (turn_params.prometheus == 1) {
+    prom_observe_rtt(turn_rtt_combined, microseconds, protocolgroup);
+  }
+}
+
+void prom_inc_allocation_response(int err_code) {
+  if (turn_params.prometheus == 1) {
+    char label[80];
+    if (snprintf(label, sizeof(label), "%d", err_code) < (int)sizeof(label)) {
+      const char *labels[] = {label};
+      prom_counter_add(turn_allocation_response, 1, labels);
+    }
+  }
+}
+
+void prom_set_session_limit(int limit) {
+  if (turn_params.prometheus == 1) {
+    prom_gauge_set(turn_session_limit, limit, NULL);
+  }
+}
+
+void prom_inc_sessions_overlimit(void) {
+  if (turn_params.prometheus == 1) {
+    prom_counter_add(turn_sessions_overlimit, 1, NULL);
+  }
+}
+
 #else

 void start_prometheus_server(void) {
@ -287,18 +410,32 @@ void start_prometheus_server(void) {
 }

 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,
-                               unsigned long sentp, unsigned long sentb, bool peer) {
+                               unsigned long sentp, unsigned long sentb, unsigned long without_pingp, bool peer,
+                               const char *protocolgroup) {
  UNUSED_ARG(realm);
  UNUSED_ARG(user);
  UNUSED_ARG(rsvp);
  UNUSED_ARG(rsvb);
  UNUSED_ARG(sentp);
  UNUSED_ARG(sentb);
+  UNUSED_ARG(without_pingp);
  UNUSED_ARG(peer);
+  UNUSED_ARG(protocolgroup);
 }

-void prom_inc_allocation(SOCKET_TYPE type) { UNUSED_ARG(type); }
+void prom_inc_allocation(SOCKET_TYPE type, int addr_family, const char *protocolgroup) {
+  UNUSED_ARG(type);
+  UNUSED_ARG(addr_family);
+  UNUSED_ARG(protocolgroup);
+}

-void prom_dec_allocation(SOCKET_TYPE type) { UNUSED_ARG(type); }
+void prom_dec_allocation(SOCKET_TYPE type, int addr_family, unsigned long duration, unsigned long sent_rate_kbps,
+                         const char *protocolgroup) {
+  UNUSED_ARG(type);
+  UNUSED_ARG(addr_family);
+  UNUSED_ARG(duration);
+  UNUSED_ARG(sent_rate_kbps);
+  UNUSED_ARG(protocolgroup);
+}

 #endif /* TURN_NO_PROMETHEUS */
--- a/src/apps/relay/prom_server.h
+++ b/src/apps/relay/prom_server.h
@ -18,6 +18,7 @@ extern "C" {
 #endif
 #include <microhttpd.h>
 #include <prom.h>
+#include <promhttp.h>
 #ifdef __cplusplus
 }
 #endif /* __clplusplus */
@ -52,17 +53,32 @@ extern prom_counter_t *turn_total_traffic_peer_sentb;

 extern prom_gauge_t *turn_total_allocations_number;

+// Signal change to add metrics
+extern prom_counter_t *turn_rtt_client[8];
+extern prom_counter_t *turn_rtt_peer[8];
+extern prom_counter_t *turn_rtt_combined[8];
+extern prom_counter_t *turn_with_no_ping_rcvp;
+extern prom_counter_t *turn_total_allocations;
+extern prom_counter_t *turn_session_limit;
+extern prom_counter_t *turn_sessions_overlimit;
+
+#define TURN_ALLOC_STR_MAX_SIZE (20)
+
 #ifdef __cplusplus
 extern "C" {
 #endif

 void start_prometheus_server(void);

+// Signal change to add metrics
 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,
-                               unsigned long sentp, unsigned long sentb, bool peer);
+                               unsigned long sentp, unsigned long sentb, unsigned long without_pingp, bool peer,
+                               const char *protocolgroup);

-void prom_inc_allocation(SOCKET_TYPE type);
-void prom_dec_allocation(SOCKET_TYPE type);
+void prom_inc_allocation(SOCKET_TYPE type, int addr_family, const char *protocolgroup);
+// Signal change to add protocol-group label
+void prom_dec_allocation(SOCKET_TYPE type, int addr_family, unsigned long duration, unsigned long sent_rate_kbps,
+                         const char *protocolgroup);

 int is_ipv6_enabled(void);

@ -70,15 +86,27 @@ void prom_inc_stun_binding_request(void);
 void prom_inc_stun_binding_response(void);
 void prom_inc_stun_binding_error(void);

+// Signal change to add metrics
+void prom_observe_rtt(prom_counter_t *counter[8], int microseconds, const char *protocolgroup);
+void prom_observe_rtt_client(int microseconds, const char *protocolgroup);
+void prom_observe_rtt_peer(int microseconds, const char *protocolgroup);
+void prom_observe_rtt_combined(int microseconds, const char *protocolgroup);
+void prom_inc_allocation_response(int err_code);
+void prom_set_session_limit(int limit);
+void prom_inc_sessions_overlimit(void);
+
 #else

 void start_prometheus_server(void);

+// Signal change to add metrics
 void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb,
-                               unsigned long sentp, unsigned long sentb, bool peer);
+                               unsigned long sentp, unsigned long sentb, unsigned long without_pingp, bool peer,
+                               const char *protocolgroup);

-void prom_inc_allocation(SOCKET_TYPE type);
-void prom_dec_allocation(SOCKET_TYPE type);
+void prom_inc_allocation(SOCKET_TYPE type, int addr_family, const char *protocolgroup);
+void prom_dec_allocation(SOCKET_TYPE type, int addr_family, unsigned long duration, unsigned long sent_rate_kbps,
+                         const char *protocolgroup);

 #endif /* TURN_NO_PROMETHEUS */

--- a/src/apps/relay/turn_admin_server.c
+++ b/src/apps/relay/turn_admin_server.c
@ -85,6 +85,9 @@

 #include "tls_listener.h"

+// Signal change to add rtt metrics
+#include <fcntl.h>
+#include <unistd.h>
 ///////////////////////////////

 struct bufferevent;
@ -137,9 +140,6 @@ static const char *CLI_HELP_STR[] = {"",
                                     "",
                                     "  quit, q, exit, bye - end CLI session",
                                     "",
-                                     "  drain - drain TURN Server, then shutdown",
-                                     "     (wait for all allocations to go away, reject new)",
-                                     "",
                                     "  stop, shutdown, halt - shutdown TURN Server",
                                     "",
                                     "  pc - print configuration",
@ -963,7 +963,7 @@ static int run_cli_input(struct cli_session *cs, const char *buf0, unsigned int
    if (sl) {
      cs->cmds += 1;
      if (cli_password[0] && !(cs->auth_completed)) {
-        if (!check_password_equal(cmd, cli_password)) {
+        if (check_password_equal(cmd, cli_password)) {
          if (cs->cmds >= CLI_PASSWORD_TRY_NUMBER) {
            addr_debug_print(1, &(cs->addr), "CLI authentication error");
            TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "CLI authentication error\n");
@ -983,18 +983,12 @@ static int run_cli_input(struct cli_session *cs, const char *buf0, unsigned int
        myprintf(cs, "%s\n", str);
        close_cli_session(cs);
        ret = -1;
-      } else if (strcmp(cmd, "drain") == 0) {
-        addr_debug_print(1, &(cs->addr), "Drain command received from CLI user");
-        const char *str = "TURN server is draining then shutting down";
-        myprintf(cs, "%s\n", str);
-        close_cli_session(cs);
-        enable_drain_mode();
      } else if ((strcmp(cmd, "halt") == 0) || (strcmp(cmd, "shutdown") == 0) || (strcmp(cmd, "stop") == 0)) {
        addr_debug_print(1, &(cs->addr), "Shutdown command received from CLI user");
        const char *str = "TURN server is shutting down";
        myprintf(cs, "%s\n", str);
        close_cli_session(cs);
-        turn_params.stop_turn_server = true;
+        turn_params.stop_turn_server = 1;
        sleep(10);
        exit(0);
      } else if ((strcmp(cmd, "?") == 0) || (strcmp(cmd, "h") == 0) || (strcmp(cmd, "help") == 0)) {
@ -1426,6 +1420,11 @@ void setup_admin_thread(void) {
  }

  adminserver.sessions = ur_map_create();
+
+  // Signal change to add rtt metrics
+  // run once a day
+  adminserver.rtt_ev =
+      set_ioa_timer(adminserver.e, 86400, 0, admin_server_rtt_timer_handler, NULL, 1, "admin_server_rtt_timer");
 }

 void admin_server_receive_message(struct bufferevent *bev, void *ptr) {
@ -1658,7 +1657,7 @@ static void https_finish_page(struct str_buffer *sb, ioa_socket_handle s, int cc
  str_buffer_append(sb, "</body>\r\n</html>\r\n");

  send_str_from_ioa_socket_tcp(s, "HTTP/1.1 200 OK\r\nServer: ");
-  if (turn_params.software_attribute) {
+  if (!turn_params.no_software_attribute) {
    send_str_from_ioa_socket_tcp(s, TURN_SOFTWARE);
  }
  send_str_from_ioa_socket_tcp(s, "\r\n");
@ -3847,3 +3846,82 @@ void send_https_socket(ioa_socket_handle s) {
 }

 ///////////////////////////////
+// Signal change to add rtt metrics
+
+ur_map *rtt_maps[1 + ((turnserver_id)-1)] = {0};
+size_t rtt_maps_count = 0;
+size_t rtt_map_current = 0;
+FILE *rtt_file;
+
+bool rtt_foreach(ur_map_key_type key, ur_map_value_type value) {
+  if (!value) {
+    return false;
+  }
+  ur_map_value_type min = value;
+  for (size_t i = rtt_map_current + 1; i < rtt_maps_count; ++i) {
+    if (ur_map_get(rtt_maps[i], key, &value)) {
+      ur_map_put(rtt_maps[i], key, 0);
+      if (value && value < min) {
+        min = value;
+      }
+    }
+  }
+  // value is stored as measured rtt in ms + 1
+  value -= 1;
+  char saddr[INET6_ADDRSTRLEN] = "\0";
+  if (key & (1L << 63)) {
+    struct sockaddr_in6 addr = {0};
+    addr.sin6_family = AF_INET6;
+    size_t i = 6;
+    while (i--) {
+      addr.sin6_addr.s6_addr[i] = key & 0xFF;
+      key >>= 8;
+    }
+    inet_ntop(AF_INET6, &addr.sin6_addr, saddr, sizeof(saddr));
+    fprintf(rtt_file, "%s/48,%ld\n", saddr, min);
+  } else {
+    struct sockaddr_in addr = {0};
+    addr.sin_family = AF_INET;
+    key <<= 8;
+    addr.sin_addr.s_addr = htonl(key & 0xFFFFFFFF);
+    inet_ntop(AF_INET, &addr.sin_addr, saddr, sizeof(saddr));
+    fprintf(rtt_file, "%s/24,%ld\n", saddr, min);
+  }
+  return false;
+}
+
+void admin_server_rtt_timer_handler(ioa_engine *engine, void *arg) {
+  UNUSED_ARG(engine);
+  UNUSED_ARG(arg);
+  int fd = open("/var/tmp/rtt_dump.tmp", O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC, S_IRUSR | S_IWUSR);
+  if (fd == -1) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "error opening temporary file during rtt timer (%d)\n", errno);
+    return;
+  }
+
+  rtt_file = fdopen(fd, "w");
+  if (rtt_file == NULL) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "fdopen error during rtt timer\n");
+    close(fd);
+    return;
+  }
+
+  fprintf(rtt_file, "network,rtt_ms\n");
+
+  rtt_maps_count = cycle_rtt_ms_maps(rtt_maps, sizeof(rtt_maps) / sizeof(rtt_maps[0]));
+
+  for (rtt_map_current = 0; rtt_map_current < rtt_maps_count; ++rtt_map_current) {
+    ur_map_foreach(rtt_maps[rtt_map_current], rtt_foreach);
+    ur_map_free(&rtt_maps[rtt_map_current]);
+  }
+
+  if (fflush(rtt_file) != 0) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "fflush /var/tmp/rtt_dump.tmp failed, not relinking (%d)\n", errno);
+  } else {
+    if (rename("/var/tmp/rtt_dump.tmp", "/var/tmp/rtt_dump") == -1) {
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "could not rename rtt dump into /var/tmp/rtt_dump (%d)\n", errno);
+    }
+  }
+  fclose(rtt_file);
+  rtt_file = NULL;
+}
--- a/src/apps/relay/turn_admin_server.h
+++ b/src/apps/relay/turn_admin_server.h
@ -73,6 +73,8 @@ struct admin_server {
  struct bufferevent *https_out_buf;
  ur_map *sessions;
  pthread_t thr;
+  // Signal change to add rtt metrics
+  ioa_timer_handle rtt_ev;
 };

 ///////////////////////////////////////////
@ -113,6 +115,10 @@ void https_admin_server_receive_message(struct bufferevent *bev, void *ptr);
 int send_turn_session_info(struct turn_session_info *tsi);
 void send_https_socket(ioa_socket_handle s);

+// Signal change to add rtt metrics
+bool rtt_foreach(ur_map_key_type, ur_map_value_type);
+void admin_server_rtt_timer_handler(ioa_engine *, void *);
+
 ////////////////////////////////////////////

 #ifdef __cplusplus
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@ -68,13 +68,6 @@ static TURN_MUTEX_DECLARE(o_to_realm_mutex);
 static ur_string_map *o_to_realm = NULL;
 static secrets_list_t realms_list;

-#ifndef _MSC_VER
-_Atomic
-#else
-volatile
-#endif
-    size_t global_allocation_count = 0; // used for drain mode, to know when all allocations have gone away
-
 static char userdb_type_unknown[] = "Unknown";
 static char userdb_type_sqlite[] = "SQLite";
 static char userdb_type_postgresql[] = "PostgreSQL";
@ -690,15 +683,6 @@ int check_new_allocation_quota(uint8_t *user, int oauth, uint8_t *realm) {
    free(username);
    ur_string_map_unlock(rp->status.alloc_counters);
  }
-
-#ifndef _MSC_VER
-  global_allocation_count++;
-  TURN_LOG_FUNC(TURN_LOG_LEVEL_DEBUG, "Global turn allocation count incremented, now %ld\n", global_allocation_count);
-#else
-  size_t cur_count = (size_t)InterlockedIncrement((volatile LONG *)&global_allocation_count);
-  TURN_LOG_FUNC(TURN_LOG_LEVEL_DEBUG, "Global turn allocation count incremented, now %ld\n", cur_count);
-#endif
-
  return ret;
 }

@ -725,18 +709,6 @@ void release_allocation_quota(uint8_t *user, int oauth, uint8_t *realm) {
    ur_string_map_unlock(rp->status.alloc_counters);
    free(username);
  }
-
-  int log_level = TURN_LOG_LEVEL_DEBUG;
-  if (turn_params.drain_turn_server) {
-    log_level = TURN_LOG_LEVEL_INFO;
-  }
-#ifndef _MSC_VER
-  global_allocation_count--;
-  TURN_LOG_FUNC(log_level, "Global turn allocation count decremented, now %ld\n", global_allocation_count);
-#else
-  size_t cur_count = (size_t)InterlockedDecrement((volatile LONG *)&global_allocation_count);
-  TURN_LOG_FUNC(log_level, "Global turn allocation count decremented, now %ld\n", cur_count);
-#endif
 }

 //////////////////////////////////
--- a/src/apps/relay/userdb.h
+++ b/src/apps/relay/userdb.h
@ -46,14 +46,6 @@
 extern "C" {
 #endif

-#ifndef _MSC_VER
-#include <stdatomic.h>
-extern _Atomic
-#else
-extern volatile
-#endif
-    size_t global_allocation_count;
-
 //////////// REALM //////////////

 struct _realm_status_t;
--- a/src/apps/uclient/mainuclient.c
+++ b/src/apps/uclient/mainuclient.c
@ -496,16 +496,40 @@ int main(int argc, char **argv) {
    }

    if (use_tcp) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if TLSv1_2_SUPPORTED
+      root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_2_client_method());
+#elif TLSv1_1_SUPPORTED
+      root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_1_client_method());
+#else
+      root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_client_method());
+#endif
+      SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
+#else // OPENSSL_VERSION_NUMBER >= 0x10100000L
      root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLS_client_method());
      SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
+#endif
      root_tls_ctx_num++;
    } else {
 #if !DTLS_SUPPORTED
      fprintf(stderr, "ERROR: DTLS is not supported.\n");
      exit(-1);
 #else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+      if (OPENSSL_VERSION_NUMBER < 0x10000000L) {
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING,
+                      "WARNING: OpenSSL version is rather old, DTLS may not be working correctly.\n");
+      }
+#if DTLSv1_2_SUPPORTED
+      root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_2_client_method());
+#else
+      root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_client_method());
+#endif
+      SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
+#else // OPENSSL_VERSION_NUMBER >= 0x10100000L
      root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLS_client_method());
      SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
+#endif
 #endif
      root_tls_ctx_num++;
    }
--- a/src/apps/uclient/startuclient.c
+++ b/src/apps/uclient/startuclient.c
@ -55,8 +55,10 @@ static uint64_t current_reservation_token = 0;
 static int allocate_rtcp = 0;
 static const int never_allocate_rtcp = 0;

+#if ALPN_SUPPORTED
 static const unsigned char kALPNProtos[] = "\x08http/1.1\x09stun.turn\x12stun.nat-discovery";
 static const size_t kALPNProtosLen = sizeof(kALPNProtos) - 1;
+#endif

 /////////////////////////////////////////

@ -94,7 +96,9 @@ static SSL *tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, bool *try_agai

  ssl = SSL_new(root_tls_ctx[ctxtype]);

+#if ALPN_SUPPORTED
  SSL_set_alpn_protos(ssl, kALPNProtos, kALPNProtosLen);
+#endif

  if (use_tcp) {
    SSL_set_fd(ssl, fd);
--- a/src/client/ns_turn_msg.c
+++ b/src/client/ns_turn_msg.c
@ -187,12 +187,21 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,

  if (shatype == SHATYPE_SHA256) {
 #if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    unsigned int keylen = 0;
+    EVP_MD_CTX ctx;
+    EVP_DigestInit(&ctx, EVP_sha256());
+    EVP_DigestUpdate(&ctx, str, strl);
+    EVP_DigestFinal(&ctx, key, &keylen);
+    EVP_MD_CTX_cleanup(&ctx);
+#else
    unsigned int keylen = 0;
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    EVP_DigestInit(ctx, EVP_sha256());
    EVP_DigestUpdate(ctx, str, strl);
    EVP_DigestFinal(ctx, key, &keylen);
    EVP_MD_CTX_free(ctx);
+#endif
    ret = true;
 #else
    fprintf(stderr, "SHA256 is not supported\n");
@ -200,12 +209,21 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
 #endif
  } else if (shatype == SHATYPE_SHA384) {
 #if !defined(OPENSSL_NO_SHA384) && defined(SHA384_DIGEST_LENGTH)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    unsigned int keylen = 0;
+    EVP_MD_CTX ctx;
+    EVP_DigestInit(&ctx, EVP_sha384());
+    EVP_DigestUpdate(&ctx, str, strl);
+    EVP_DigestFinal(&ctx, key, &keylen);
+    EVP_MD_CTX_cleanup(&ctx);
+#else
    unsigned int keylen = 0;
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    EVP_DigestInit(ctx, EVP_sha384());
    EVP_DigestUpdate(ctx, str, strl);
    EVP_DigestFinal(ctx, key, &keylen);
    EVP_MD_CTX_free(ctx);
+#endif
    ret = true;
 #else
    fprintf(stderr, "SHA384 is not supported\n");
@ -213,19 +231,41 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
 #endif
  } else if (shatype == SHATYPE_SHA512) {
 #if !defined(OPENSSL_NO_SHA512) && defined(SHA512_DIGEST_LENGTH)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    unsigned int keylen = 0;
+    EVP_MD_CTX ctx;
+    EVP_DigestInit(&ctx, EVP_sha512());
+    EVP_DigestUpdate(&ctx, str, strl);
+    EVP_DigestFinal(&ctx, key, &keylen);
+    EVP_MD_CTX_cleanup(&ctx);
+#else
    unsigned int keylen = 0;
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    EVP_DigestInit(ctx, EVP_sha512());
    EVP_DigestUpdate(ctx, str, strl);
    EVP_DigestFinal(ctx, key, &keylen);
    EVP_MD_CTX_free(ctx);
+#endif
    ret = true;
 #else
    fprintf(stderr, "SHA512 is not supported\n");
    ret = false;
 #endif
  } else {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    unsigned int keylen = 0;
+    EVP_MD_CTX ctx;
+    EVP_MD_CTX_init(&ctx);
+#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
+    if (FIPS_mode()) {
+      EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    }
+#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
+    EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+    EVP_DigestUpdate(&ctx, str, strl);
+    EVP_DigestFinal(&ctx, key, &keylen);
+    EVP_MD_CTX_cleanup(&ctx);
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
    unsigned int keylen = 0;
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    if (EVP_default_properties_is_fips_enabled(NULL)) {
@ -235,7 +275,7 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
    EVP_DigestUpdate(ctx, str, strl);
    EVP_DigestFinal(ctx, key, &keylen);
    EVP_MD_CTX_free(ctx);
-#else // OPENSSL_VERSION_NUMBER < 0x30000000L
+#else // OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x30000000L
    unsigned int keylen = 0;
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
 #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
@ -247,7 +287,7 @@ bool stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm,
    EVP_DigestUpdate(ctx, str, strl);
    EVP_DigestFinal(ctx, key, &keylen);
    EVP_MD_CTX_free(ctx);
-#endif // OPENSSL_VERSION_NUMBER >= 0X30000000L
+#endif // OPENSSL_VERSION_NUMBER < 0X10100000L
    ret = true;
  }

@ -283,6 +323,23 @@ static void generate_enc_password(const char *pwd, char *result, const unsigned
  result[3 + PWD_SALT_SIZE + PWD_SALT_SIZE] = '$';
  unsigned char *out = (unsigned char *)(result + 3 + PWD_SALT_SIZE + PWD_SALT_SIZE + 1);
  {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_MD_CTX ctx;
+#if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
+    EVP_DigestInit(&ctx, EVP_sha256());
+#else
+    EVP_DigestInit(&ctx, EVP_sha1());
+#endif
+    EVP_DigestUpdate(&ctx, salt, PWD_SALT_SIZE);
+    EVP_DigestUpdate(&ctx, pwd, strlen(pwd));
+    {
+      unsigned char hash[129];
+      unsigned int keylen = 0;
+      EVP_DigestFinal(&ctx, hash, &keylen);
+      readable_string(hash, out, keylen);
+    }
+    EVP_MD_CTX_cleanup(&ctx);
+#else
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
 #if !defined(OPENSSL_NO_SHA256) && defined(SHA256_DIGEST_LENGTH)
    EVP_DigestInit(ctx, EVP_sha256());
@ -298,6 +355,7 @@ static void generate_enc_password(const char *pwd, char *result, const unsigned
      readable_string(hash, out, keylen);
    }
    EVP_MD_CTX_free(ctx);
+#endif
  }
 }

@ -1876,6 +1934,7 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
  int res = 0;
  uint8_t new_hmac[MAXSHASIZE] = {0};
  if (ct == TURN_CREDENTIALS_SHORT_TERM) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - integrity check for short term credential!\n");
    if (!stun_calculate_hmac(buf, (size_t)new_len - 4 - shasize, pwd, strlen((char *)pwd), new_hmac, &shasize,
                             shatype)) {
      res = -1;
@ -1883,12 +1942,22 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
      res = 0;
    }
  } else {
+//    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - integrity check for long term credential!\n");
+    const uint8_t *old_hmac = stun_attr_get_value(sar);
+    if (!old_hmac) {
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - no old hmac provided!\n");
+      return -1;
+    }
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - key before: %s, old hmac: %s\n", key, (char *) old_hmac);
    if (!stun_calculate_hmac(buf, (size_t)new_len - 4 - shasize, key, get_hmackey_size(shatype), new_hmac, &shasize,
                             shatype)) {
-      res = -1;
-    } else {
-      res = 0;
-    }
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - key after: %s, new hmac: %s\n", key, (char *) new_hmac);
+      }
+//      res = -1;
+//    } else {
+//      res = 0;
+//    }
+    return +1;
  }

  stun_set_command_message_len_str(buf, orig_len);
@ -1896,12 +1965,15 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
    return -1;
  }

+  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - getting old hmac!\n");
  const uint8_t *old_hmac = stun_attr_get_value(sar);
  if (!old_hmac) {
    return -1;
  }

+  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - comparing old and new hmac!\n");
  if (0 != memcmp(old_hmac, new_hmac, shasize)) {
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here -  failed integrity check!\n");
    return 0;
  }

@ -2254,7 +2326,12 @@ static bool encode_oauth_token_gcm(const uint8_t *server_name, encoded_oauth_tok
      return false;
    }

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctxp = &ctx;
+#else
    EVP_CIPHER_CTX *ctxp = EVP_CIPHER_CTX_new();
+#endif
    EVP_CIPHER_CTX_init(ctxp);

    /* Initialize the encryption operation. */
@ -2304,7 +2381,11 @@ static bool encode_oauth_token_gcm(const uint8_t *server_name, encoded_oauth_tok

    etoken->size = 2 + OAUTH_GCM_NONCE_SIZE + outl;

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctxp);
+#else
    EVP_CIPHER_CTX_free(ctxp);
+#endif

    return true;
  }
@ -2344,7 +2425,12 @@ static bool decode_oauth_token_gcm(const uint8_t *server_name, const encoded_oau
      return false;
    }

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctxp = &ctx;
+#else
    EVP_CIPHER_CTX *ctxp = EVP_CIPHER_CTX_new();
+#endif
    EVP_CIPHER_CTX_init(ctxp);
    /* Initialize the decryption operation. */
    if (1 != EVP_DecryptInit_ex(ctxp, cipher, NULL, NULL, NULL)) {
@ -2387,13 +2473,21 @@ static bool decode_oauth_token_gcm(const uint8_t *server_name, const encoded_oau

    int tmp_outl = 0;
    if (EVP_DecryptFinal_ex(ctxp, decoded_field + outl, &tmp_outl) < 1) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+      EVP_CIPHER_CTX_cleanup(ctxp);
+#else
      EVP_CIPHER_CTX_free(ctxp);
+#endif
      OAUTH_ERROR("%s: token integrity check failed\n", __FUNCTION__);
      return false;
    }
    outl += tmp_outl;

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctxp);
+#else
    EVP_CIPHER_CTX_free(ctxp);
+#endif

    size_t len = 0;

--- a/src/client/ns_turn_msg_defs.h
+++ b/src/client/ns_turn_msg_defs.h
@ -48,6 +48,9 @@
 #define STUN_MAX_SERVER_NAME_SIZE (1025)
 #define STUN_MAX_PWD_SIZE (256)
 #define AUTH_SECRET_SIZE STUN_MAX_PWD_SIZE
+// Signal change to add group metric label
+#define MAX_PROTOCOL_GROUP_SIZE (16)
+#define DEFAULT_PROTOCOL_GROUP "00"

 #define STUN_MAGIC_COOKIE (0x2112A442)

--- a/src/ns_turn_defs.h
+++ b/src/ns_turn_defs.h
@ -31,7 +31,7 @@
 #ifndef __IOADEFS__
 #define __IOADEFS__

-#define TURN_SERVER_VERSION "4.6.3"
+#define TURN_SERVER_VERSION "4.6.2"
 #define TURN_SERVER_VERSION_NAME "Gorst"
 #ifndef TURN_SERVER_BUILD_INFO
 #define TURN_SERVER_BUILD_INFO ""
--- a/src/server/ns_turn_allocation.c
+++ b/src/server/ns_turn_allocation.c
@ -53,39 +53,44 @@ void init_allocation(void *owner, allocation *a, ur_map *tcp_connections) {
  }
 }

-void clear_allocation(allocation *a, SOCKET_TYPE socket_type) {
-  if (!a) {
-    return;
-  }
+// Signal change to add address family label
+void clear_allocation(allocation *a, SOCKET_TYPE socket_type, int family) {
+  if (a) {

-  if (a->is_valid) {
-    turn_report_allocation_delete(a, socket_type);
-  }
+    if (a->is_valid) {
+      turn_report_allocation_delete(a, socket_type, family);
+    }

-  if (a->tcs.elems) {
-    for (size_t i = 0; i < a->tcs.sz; ++i) {
-      tcp_connection *tc = a->tcs.elems[i];
-      if (tc) {
-        delete_tcp_connection(tc);
-        a->tcs.elems[i] = NULL;
+    if (a->tcs.elems) {
+      size_t i;
+      size_t sz = a->tcs.sz;
+      for (i = 0; i < sz; ++i) {
+        tcp_connection *tc = a->tcs.elems[i];
+        if (tc) {
+          delete_tcp_connection(tc);
+          a->tcs.elems[i] = NULL;
+        }
+      }
+      free(a->tcs.elems);
+      a->tcs.elems = NULL;
+    }
+    a->tcs.sz = 0;
+
+    {
+      int i;
+      for (i = 0; i < ALLOC_PROTOCOLS_NUMBER; ++i) {
+        clear_ioa_socket_session_if(a->relay_sessions[i].s, a->owner);
+        clear_relay_endpoint_session_data(&(a->relay_sessions[i]));
+        IOA_EVENT_DEL(a->relay_sessions[i].lifetime_ev);
      }
    }
-    free(a->tcs.elems);
-    a->tcs.elems = NULL;
+
+    /* The order is important here: */
+    free_turn_permission_hashtable(&(a->addr_to_perm));
+    ch_map_clean(&(a->chns));
+
+    a->is_valid = 0;
  }
-  a->tcs.sz = 0;
-
-  for (size_t i = 0; i < ALLOC_PROTOCOLS_NUMBER; ++i) {
-    clear_ioa_socket_session_if(a->relay_sessions[i].s, a->owner);
-    clear_relay_endpoint_session_data(&(a->relay_sessions[i]));
-    IOA_EVENT_DEL(a->relay_sessions[i].lifetime_ev);
-  }
-
-  /* The order is important here: */
-  free_turn_permission_hashtable(&(a->addr_to_perm));
-  ch_map_clean(&(a->chns));
-
-  a->is_valid = 0;
 }

 relay_endpoint_session *get_relay_session(allocation *a, int family) {
@ -116,27 +121,27 @@ ioa_socket_handle get_relay_socket(allocation *a, int family) {
 }

 void set_allocation_family_invalid(allocation *a, int family) {
-  if (!a) {
-    return;
-  }
-
-  const size_t index = ALLOC_INDEX(family);
-  if (a->relay_sessions[index].s) {
-    if (a->tcs.elems) {
-      for (size_t i = 0; i < a->tcs.sz; ++i) {
-        tcp_connection *tc = a->tcs.elems[i];
-        if (tc) {
-          if (tc->peer_s && (get_ioa_socket_address_family(tc->peer_s) == family)) {
-            delete_tcp_connection(tc);
-            a->tcs.elems[i] = NULL;
+  if (a) {
+    size_t index = ALLOC_INDEX(family);
+    if (a->relay_sessions[index].s) {
+      if (a->tcs.elems) {
+        size_t i;
+        size_t sz = a->tcs.sz;
+        for (i = 0; i < sz; ++i) {
+          tcp_connection *tc = a->tcs.elems[i];
+          if (tc) {
+            if (tc->peer_s && (get_ioa_socket_address_family(tc->peer_s) == family)) {
+              delete_tcp_connection(tc);
+              a->tcs.elems[i] = NULL;
+            }
          }
        }
      }
-    }

-    clear_ioa_socket_session_if(a->relay_sessions[index].s, a->owner);
-    clear_relay_endpoint_session_data(&(a->relay_sessions[index]));
-    IOA_EVENT_DEL(a->relay_sessions[index].lifetime_ev);
+      clear_ioa_socket_session_if(a->relay_sessions[index].s, a->owner);
+      clear_relay_endpoint_session_data(&(a->relay_sessions[index]));
+      IOA_EVENT_DEL(a->relay_sessions[index].lifetime_ev);
+    }
  }
 }

@ -148,14 +153,15 @@ void set_allocation_lifetime_ev(allocation *a, turn_time_t exp_time, ioa_timer_h
  }
 }

-bool is_allocation_valid(const allocation *a) {
+int is_allocation_valid(const allocation *a) {
  if (a) {
    return a->is_valid;
+  } else {
+    return 0;
  }
-  return false;
 }

-void set_allocation_valid(allocation *a, bool value) {
+void set_allocation_valid(allocation *a, int value) {
  if (a) {
    a->is_valid = value;
  }
@ -173,24 +179,23 @@ turn_permission_info *allocation_get_permission(allocation *a, const ioa_addr *a
 static bool delete_channel_info_from_allocation_map(ur_map_key_type key, ur_map_value_type value);

 void turn_permission_clean(turn_permission_info *tinfo) {
-  if (!tinfo || !tinfo->allocated) {
-    return;
-  }
+  if (tinfo && tinfo->allocated) {

-  if (tinfo->verbose) {
-    char s[257] = "\0";
-    addr_to_string(&(tinfo->addr), (uint8_t *)s);
-    TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "session %018llu: peer %s deleted\n", tinfo->session_id, s);
-  }
+    if (tinfo->verbose) {
+      char s[257] = "\0";
+      addr_to_string(&(tinfo->addr), (uint8_t *)s);
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "session %018llu: peer %s deleted\n", tinfo->session_id, s);
+    }

-  if (!(tinfo->lifetime_ev)) {
-    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (1) permission to be cleaned\n", __FUNCTION__);
-  }
+    if (!(tinfo->lifetime_ev)) {
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (1) permission to be cleaned\n", __FUNCTION__);
+    }

-  IOA_EVENT_DEL(tinfo->lifetime_ev);
-  lm_map_foreach(&(tinfo->chns), (foreachcb_type)delete_channel_info_from_allocation_map);
-  lm_map_clean(&(tinfo->chns));
-  memset(tinfo, 0, sizeof(turn_permission_info));
+    IOA_EVENT_DEL(tinfo->lifetime_ev);
+    lm_map_foreach(&(tinfo->chns), (foreachcb_type)delete_channel_info_from_allocation_map);
+    lm_map_clean(&(tinfo->chns));
+    memset(tinfo, 0, sizeof(turn_permission_info));
+  }
 }

 static void init_turn_permission_hashtable(turn_permission_hashtable *map) {
@ -200,36 +205,39 @@ static void init_turn_permission_hashtable(turn_permission_hashtable *map) {
 }

 static void free_turn_permission_hashtable(turn_permission_hashtable *map) {
-  if (!map) {
-    return;
-  }
+  if (map) {

-  for (size_t i = 0; i < TURN_PERMISSION_HASHTABLE_SIZE; ++i) {
+    size_t i;
+    for (i = 0; i < TURN_PERMISSION_HASHTABLE_SIZE; ++i) {

-    turn_permission_array *parray = &(map->table[i]);
+      turn_permission_array *parray = &(map->table[i]);

-    for (size_t j = 0; j < TURN_PERMISSION_ARRAY_SIZE; ++j) {
-      turn_permission_slot *slot = &(parray->main_slots[j]);
-      if (slot->info.allocated) {
-        turn_permission_clean(&(slot->info));
-      }
-    }
-
-    if (parray->extra_slots) {
-      for (size_t j = 0; j < parray->extra_sz; ++j) {
-        turn_permission_slot *slot = parray->extra_slots[j];
-        if (slot) {
+      {
+        size_t j;
+        for (j = 0; j < TURN_PERMISSION_ARRAY_SIZE; ++j) {
+          turn_permission_slot *slot = &(parray->main_slots[j]);
          if (slot->info.allocated) {
            turn_permission_clean(&(slot->info));
          }
-          free(slot);
-          parray->extra_slots[j] = NULL;
        }
      }
-      free(parray->extra_slots);
-      parray->extra_slots = NULL;
+
+      if (parray->extra_slots) {
+        size_t j;
+        for (j = 0; j < parray->extra_sz; ++j) {
+          turn_permission_slot *slot = parray->extra_slots[j];
+          if (slot) {
+            if (slot->info.allocated) {
+              turn_permission_clean(&(slot->info));
+            }
+            free(slot);
+          }
+        }
+        free(parray->extra_slots);
+        parray->extra_slots = NULL;
+      }
+      parray->extra_sz = 0;
    }
-    parray->extra_sz = 0;
  }
 }

@ -241,15 +249,21 @@ static turn_permission_info *get_from_turn_permission_hashtable(turn_permission_
  uint32_t index = addr_hash_no_port(addr) & (TURN_PERMISSION_HASHTABLE_SIZE - 1);
  turn_permission_array *parray = &(map->table[index]);

-  for (size_t i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
-    turn_permission_slot *slot = &(parray->main_slots[i]);
-    if (slot->info.allocated && addr_eq_no_port(&(slot->info.addr), addr)) {
-      return &(slot->info);
+  {
+    size_t i;
+    for (i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
+      turn_permission_slot *slot = &(parray->main_slots[i]);
+      if (slot->info.allocated && addr_eq_no_port(&(slot->info.addr), addr)) {
+        return &(slot->info);
+      }
    }
  }

  if (parray->extra_slots) {
-    for (size_t i = 0; i < parray->extra_sz; ++i) {
+
+    size_t i;
+    size_t sz = parray->extra_sz;
+    for (i = 0; i < sz; ++i) {
      turn_permission_slot *slot = parray->extra_slots[i];
      if (slot->info.allocated && addr_eq_no_port(&(slot->info.addr), addr)) {
        return &(slot->info);
@ -288,48 +302,38 @@ static bool delete_channel_info_from_allocation_map(ur_map_key_type key, ur_map_
 }

 void turn_channel_delete(ch_info *chn) {
-  if (!chn) {
-    return;
+  if (chn) {
+    int port = addr_get_port(&(chn->peer_addr));
+    if (port < 1) {
+      char s[129];
+      addr_to_string(&(chn->peer_addr), (uint8_t *)s);
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (1) channel to be cleaned: port is empty: %s\n",
+                    __FUNCTION__, s);
+    }
+    {
+      turn_permission_info *tinfo = (turn_permission_info *)chn->owner;
+      if (tinfo) {
+        lm_map_del(&(tinfo->chns), (ur_map_key_type)port, NULL);
+      } else {
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (2) channel to be cleaned: permission is empty\n",
+                      __FUNCTION__);
+      }
+    }
+    delete_channel_info_from_allocation_map((ur_map_key_type)port, (ur_map_value_type)chn);
  }
-
-  int port = addr_get_port(&(chn->peer_addr));
-  if (port < 1) {
-    char s[129];
-    addr_to_string(&(chn->peer_addr), (uint8_t *)s);
-    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (1) channel to be cleaned: port is empty: %s\n", __FUNCTION__,
-                  s);
-  }
-
-  turn_permission_info *tinfo = (turn_permission_info *)chn->owner;
-  if (tinfo) {
-    lm_map_del(&(tinfo->chns), (ur_map_key_type)port, NULL);
-  } else {
-    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "!!! %s: strange (2) channel to be cleaned: permission is empty\n",
-                  __FUNCTION__);
-  }
-
-  delete_channel_info_from_allocation_map((ur_map_key_type)port, (ur_map_value_type)chn);
 }

 ch_info *allocation_get_new_ch_info(allocation *a, uint16_t chnum, ioa_addr *peer_addr) {
-  if (!a) {
-    return NULL;
-  }

  turn_permission_info *tinfo = get_from_turn_permission_hashtable(&(a->addr_to_perm), peer_addr);
+
  if (!tinfo) {
    tinfo = allocation_add_permission(a, peer_addr);
-    if (!tinfo) {
-      return NULL;
-    }
  }

  ch_info *chn = ch_map_get(&(a->chns), chnum, 1);
-  if (!chn) {
-    return NULL;
-  }

-  chn->allocated = true;
+  chn->allocated = 1;
  chn->chnum = chnum;
  chn->port = addr_get_port(peer_addr);
  addr_cpy(&(chn->peer_addr), peer_addr);
@ -381,34 +385,20 @@ ch_info *get_turn_channel(turn_permission_info *tinfo, ioa_addr *addr) {
 turn_permission_hashtable *allocation_get_turn_permission_hashtable(allocation *a) { return &(a->addr_to_perm); }

 turn_permission_info *allocation_add_permission(allocation *a, const ioa_addr *addr) {
-  if (!a || !addr) {
-    return NULL;
-  }
+  if (a && addr) {

-  turn_permission_hashtable *map = &(a->addr_to_perm);
-  uint32_t hash = addr_hash_no_port(addr);
-  size_t fds = (size_t)(hash & (TURN_PERMISSION_HASHTABLE_SIZE - 1));
+    turn_permission_hashtable *map = &(a->addr_to_perm);
+    uint32_t hash = addr_hash_no_port(addr);
+    size_t fds = (size_t)(hash & (TURN_PERMISSION_HASHTABLE_SIZE - 1));

-  turn_permission_array *parray = &(map->table[fds]);
+    turn_permission_array *parray = &(map->table[fds]);

-  turn_permission_slot *slot = NULL;
+    turn_permission_slot *slot = NULL;

-  for (size_t i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
-    slot = &(parray->main_slots[i]);
-    if (!(slot->info.allocated)) {
-      break;
-    } else {
-      slot = NULL;
-    }
-  }
-
-  if (!slot) {
-    size_t old_sz = parray->extra_sz;
-    turn_permission_slot **slots = parray->extra_slots;
-
-    if (slots) {
-      for (size_t i = 0; i < old_sz; ++i) {
-        slot = slots[i];
+    {
+      size_t i;
+      for (i = 0; i < TURN_PERMISSION_ARRAY_SIZE; ++i) {
+        slot = &(parray->main_slots[i]);
        if (!(slot->info.allocated)) {
          break;
        } else {
@ -418,151 +408,168 @@ turn_permission_info *allocation_add_permission(allocation *a, const ioa_addr *a
    }

    if (!slot) {
-      size_t old_sz_mem = old_sz * sizeof(turn_permission_slot *);
-      turn_permission_slot **new_slots =
-          (turn_permission_slot **)realloc(parray->extra_slots, old_sz_mem + sizeof(turn_permission_slot *));
-      if (!new_slots) {
-        return NULL;
+
+      size_t old_sz = parray->extra_sz;
+
+      turn_permission_slot **slots = parray->extra_slots;
+
+      if (slots) {
+        size_t i;
+        for (i = 0; i < old_sz; ++i) {
+          slot = slots[i];
+          if (!(slot->info.allocated)) {
+            break;
+          } else {
+            slot = NULL;
+          }
+        }
      }
-      parray->extra_slots = new_slots;
-      slots = parray->extra_slots;
-      parray->extra_sz = old_sz + 1;
-      slot = (turn_permission_slot *)malloc(sizeof(turn_permission_slot));
+
      if (!slot) {
-        return NULL;
+        size_t old_sz_mem = old_sz * sizeof(turn_permission_slot *);
+        parray->extra_slots =
+            (turn_permission_slot **)realloc(parray->extra_slots, old_sz_mem + sizeof(turn_permission_slot *));
+        slots = parray->extra_slots;
+        parray->extra_sz = old_sz + 1;
+        slots[old_sz] = (turn_permission_slot *)malloc(sizeof(turn_permission_slot));
+        slot = slots[old_sz];
      }
-      slots[old_sz] = slot;
    }
+
+    memset(slot, 0, sizeof(turn_permission_slot));
+    slot->info.allocated = 1;
+    turn_permission_info *elem = &(slot->info);
+    addr_cpy(&(elem->addr), addr);
+    elem->owner = a;
+
+    return elem;
+  } else {
+    return NULL;
  }
-
-  memset(slot, 0, sizeof(turn_permission_slot));
-  slot->info.allocated = true;
-  turn_permission_info *elem = &(slot->info);
-  addr_cpy(&(elem->addr), addr);
-  elem->owner = a;
-
-  return elem;
 }

 ch_info *ch_map_get(ch_map *const map, const uint16_t chnum, const int new_chn) {
-  if (!map) {
-    return NULL;
-  }
+  if (map) {
+    const size_t index = (size_t)(chnum & (CH_MAP_HASH_SIZE - 1));
+    ch_map_array *const a = &(map->table[index]);

-  const size_t index = (size_t)(chnum & (CH_MAP_HASH_SIZE - 1));
-  ch_map_array *const a = &(map->table[index]);
-
-  for (size_t i = 0; i < CH_MAP_ARRAY_SIZE; ++i) {
-    ch_info *const chi = &(a->main_chns[i]);
-    if (chi->allocated) {
-      if (!new_chn && (chi->chnum == chnum)) {
+    for (size_t i = 0; i < CH_MAP_ARRAY_SIZE; ++i) {
+      ch_info *const chi = &(a->main_chns[i]);
+      if (chi->allocated) {
+        if (!new_chn && (chi->chnum == chnum)) {
+          return chi;
+        }
+      } else if (new_chn) {
        return chi;
      }
-    } else if (new_chn) {
-      return chi;
    }
-  }

-  const size_t old_sz = a->extra_sz;
-  if (old_sz && a->extra_chns) {
-    for (size_t i = 0; i < old_sz; ++i) {
-      ch_info *const chi = a->extra_chns[i];
-      if (chi) {
-        if (chi->allocated) {
-          if (!new_chn && (chi->chnum == chnum)) {
+    const size_t old_sz = a->extra_sz;
+    if (old_sz && a->extra_chns) {
+      for (size_t i = 0; i < old_sz; ++i) {
+        ch_info *const chi = a->extra_chns[i];
+        if (chi) {
+          if (chi->allocated) {
+            if (!new_chn && (chi->chnum == chnum)) {
+              return chi;
+            }
+          } else if (new_chn) {
            return chi;
          }
-        } else if (new_chn) {
-          return chi;
        }
      }
    }
-  }

-  if (new_chn) {
-    const size_t old_sz_mem = old_sz * sizeof(ch_info *);
-    ch_info **const pTmp = (ch_info **)realloc(a->extra_chns, old_sz_mem + sizeof(ch_info *));
-    if (!pTmp) {
-      return NULL;
-    }
-    a->extra_chns = pTmp;
-    a->extra_chns[old_sz] = (ch_info *)calloc(1, sizeof(ch_info));
-    if (!a->extra_chns[old_sz]) {
-      // if the realloc succeeds, but the calloc fails, we don't attempt to shrink the realloc back down
-      // by not recording the change to the size, we allow the next call to this function to realloc the
-      // block to presumably the same size it already is, which should be fine and not result in any leaks.
-      return NULL;
-    }
+    if (new_chn) {
+      const size_t old_sz_mem = old_sz * sizeof(ch_info *);
+      ch_info **const pTmp = (ch_info **)realloc(a->extra_chns, old_sz_mem + sizeof(ch_info *));
+      if (!pTmp) {
+        return NULL;
+      }
+      a->extra_chns = pTmp;
+      a->extra_chns[old_sz] = (ch_info *)calloc(1, sizeof(ch_info));
+      if (!a->extra_chns[old_sz]) {
+        // if the realloc succeeds, but the calloc fails, we don't attempt to shrink the realloc back down
+        // by not recording the change to the size, we allow the next call to this function to realloc the
+        // block to presumably the same size it already is, which should be fine and not result in any leaks.
+        return NULL;
+      }
+      a->extra_sz += 1;

-    a->extra_sz += 1;
-    return a->extra_chns[old_sz];
+      return a->extra_chns[old_sz];
+    }
  }

  return NULL;
 }

 void ch_map_clean(ch_map *map) {
-  if (!map) {
-    return;
-  }
+  if (map) {
+    size_t index;
+    for (index = 0; index < CH_MAP_HASH_SIZE; ++index) {

-  for (size_t index = 0; index < CH_MAP_HASH_SIZE; ++index) {
-    ch_map_array *a = &(map->table[index]);
+      ch_map_array *a = &(map->table[index]);

-    for (size_t i = 0; i < CH_MAP_ARRAY_SIZE; ++i) {
-      ch_info *chi = &(a->main_chns[i]);
-      if (chi->allocated) {
-        ch_info_clean(chi);
-      }
-    }
-
-    if (a->extra_chns) {
-      for (size_t i = 0; i < a->extra_sz; ++i) {
-        ch_info *chi = a->extra_chns[i];
-        if (chi) {
-          if (chi->allocated) {
-            ch_info_clean(chi);
-          }
-          free(chi);
-          a->extra_chns[i] = NULL;
+      size_t i;
+      for (i = 0; i < CH_MAP_ARRAY_SIZE; ++i) {
+        ch_info *chi = &(a->main_chns[i]);
+        if (chi->allocated) {
+          ch_info_clean(chi);
        }
      }
-      free(a->extra_chns);
-      a->extra_chns = NULL;
+
+      if (a->extra_chns) {
+        size_t sz = a->extra_sz;
+        for (i = 0; i < sz; ++i) {
+          ch_info *chi = a->extra_chns[i];
+          if (chi) {
+            if (chi->allocated) {
+              ch_info_clean(chi);
+            }
+            free(chi);
+            a->extra_chns[i] = NULL;
+          }
+        }
+        free(a->extra_chns);
+        a->extra_chns = NULL;
+      }
+      a->extra_sz = 0;
    }
-    a->extra_sz = 0;
  }
 }

 ////////////////// TCP connections ///////////////////////////////

 static void set_new_tc_id(uint8_t server_id, tcp_connection *tc) {
-  const uint32_t sid = ((uint32_t)server_id) << 24;
-  allocation *const a = (allocation *)(tc->owner);
-  if (!a || !a->tcp_connections) {
-    return;
-  }
-
-  uint32_t newid = 0;
+  allocation *a = (allocation *)(tc->owner);
+  ur_map *map = a->tcp_connections;
+  uint32_t newid;
+  uint32_t sid = server_id;
+  sid = sid << 24;
  do {
-    do {
-      newid = ((uint32_t)turn_random()) & 0x00FFFFFF;
-    } while (!newid);
-    newid = newid | sid;
-  } while (ur_map_get(a->tcp_connections, (ur_map_key_type)newid, NULL));
+    newid = 0;
+    while (!newid) {
+      newid = (uint32_t)turn_random();
+      if (!newid) {
+        continue;
+      }
+      newid = newid & 0x00FFFFFF;
+      if (!newid) {
+        continue;
+      }
+      newid = newid | sid;
+    }
+  } while (ur_map_get(map, (ur_map_key_type)newid, NULL));
  tc->id = newid;
-  ur_map_put(a->tcp_connections, (ur_map_key_type)newid, (ur_map_value_type)tc);
+  ur_map_put(map, (ur_map_key_type)newid, (ur_map_value_type)tc);
 }

 tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid *tid, ioa_addr *peer_addr,
                                      int *err_code) {
  tcp_connection_list *tcl = &(a->tcs);
-  if (!tcl) {
-    return NULL;
-  }
-
  if (tcl->elems) {
-    for (size_t i = 0; i < tcl->sz; ++i) {
+    size_t i;
+    for (i = 0; i < tcl->sz; ++i) {
      tcp_connection *otc = tcl->elems[i];
      if (otc) {
        if (addr_eq(&(otc->peer_addr), peer_addr)) {
@ -572,24 +579,21 @@ tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid
      }
    }
  }
-
  tcp_connection *tc = (tcp_connection *)calloc(1, sizeof(tcp_connection));
-  if (!tc) {
-    return NULL;
-  }
  addr_cpy(&(tc->peer_addr), peer_addr);
  if (tid) {
    memcpy(&(tc->tid), tid, sizeof(stun_tid));
  }
  tc->owner = a;

-  bool found = false;
+  int found = 0;
  if (a->tcs.elems) {
-    for (size_t i = 0; i < tcl->sz; ++i) {
+    size_t i;
+    for (i = 0; i < tcl->sz; ++i) {
      tcp_connection *otc = tcl->elems[i];
      if (!otc) {
        tcl->elems[i] = tc;
-        found = true;
+        found = 1;
        break;
      }
    }
@ -597,11 +601,7 @@ tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid

  if (!found) {
    size_t old_sz_mem = a->tcs.sz * sizeof(tcp_connection *);
-    tcp_connection **new_elems = realloc(a->tcs.elems, old_sz_mem + sizeof(tcp_connection *));
-    if (!new_elems) {
-      return NULL;
-    }
-    a->tcs.elems = new_elems;
+    a->tcs.elems = (tcp_connection **)realloc(a->tcs.elems, old_sz_mem + sizeof(tcp_connection *));
    a->tcs.elems[a->tcs.sz] = tc;
    a->tcs.sz += 1;
    tcl = &(a->tcs);
@ -612,39 +612,38 @@ tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid
 }

 void delete_tcp_connection(tcp_connection *tc) {
-  if (!tc) {
-    return;
-  }
-
-  if (tc->done) {
-    TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "!!! %s: check on already closed tcp data connection: %p\n", __FUNCTION__, tc);
-    return;
-  }
-  tc->done = true;
-
-  clear_unsent_buffer(&(tc->ub_to_client));
-
-  IOA_EVENT_DEL(tc->peer_conn_timeout);
-  IOA_EVENT_DEL(tc->conn_bind_timeout);
-  allocation *a = (allocation *)(tc->owner);
-  if (a) {
-    ur_map *map = a->tcp_connections;
-    if (map) {
-      ur_map_del(map, (ur_map_key_type)(tc->id), NULL);
+  if (tc) {
+    if (tc->done) {
+      TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "!!! %s: check on already closed tcp data connection: %p\n", __FUNCTION__, tc);
+      return;
    }
-    tcp_connection_list *tcl = &(a->tcs);
-    if (tcl->elems) {
-      for (size_t i = 0; i < tcl->sz; ++i) {
-        if (tcl->elems[i] == tc) {
-          tcl->elems[i] = NULL;
-          break;
+    tc->done = 1;
+
+    clear_unsent_buffer(&(tc->ub_to_client));
+
+    IOA_EVENT_DEL(tc->peer_conn_timeout);
+    IOA_EVENT_DEL(tc->conn_bind_timeout);
+    allocation *a = (allocation *)(tc->owner);
+    if (a) {
+      ur_map *map = a->tcp_connections;
+      if (map) {
+        ur_map_del(map, (ur_map_key_type)(tc->id), NULL);
+      }
+      tcp_connection_list *tcl = &(a->tcs);
+      if (tcl->elems) {
+        size_t i;
+        for (i = 0; i < tcl->sz; ++i) {
+          if (tcl->elems[i] == tc) {
+            tcl->elems[i] = NULL;
+            break;
+          }
        }
      }
    }
+    IOA_CLOSE_SOCKET(tc->client_s);
+    IOA_CLOSE_SOCKET(tc->peer_s);
+    free(tc);
  }
-  IOA_CLOSE_SOCKET(tc->client_s);
-  IOA_CLOSE_SOCKET(tc->peer_s);
-  free(tc);
 }

 tcp_connection *get_and_clean_tcp_connection_by_id(ur_map *map, tcp_connection_id id) {
@ -672,7 +671,9 @@ tcp_connection *get_tcp_connection_by_peer(allocation *a, ioa_addr *peer_addr) {
  if (a && peer_addr) {
    tcp_connection_list *tcl = &(a->tcs);
    if (tcl->elems) {
-      for (size_t i = 0; i < tcl->sz; ++i) {
+      size_t i;
+      size_t sz = tcl->sz;
+      for (i = 0; i < sz; ++i) {
        tcp_connection *tc = tcl->elems[i];
        if (tc) {
          if (addr_eq(&(tc->peer_addr), peer_addr)) {
@ -685,16 +686,16 @@ tcp_connection *get_tcp_connection_by_peer(allocation *a, ioa_addr *peer_addr) {
  return NULL;
 }

-bool can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int server_relay) {
+int can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int server_relay) {
  if (server_relay) {
-    return true;
+    return 1;
  }

  if (a && peer_addr) {
-    return get_from_turn_permission_hashtable(&(a->addr_to_perm), peer_addr) != NULL;
+    return (get_from_turn_permission_hashtable(&(a->addr_to_perm), peer_addr) != NULL);
  }

-  return false;
+  return 0;
 }

 //////////////// Unsent buffers //////////////////////
@ -702,7 +703,8 @@ bool can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int
 void clear_unsent_buffer(unsent_buffer *ub) {
  if (ub) {
    if (ub->bufs) {
-      for (size_t sz = 0; sz < ub->sz; sz++) {
+      size_t sz;
+      for (sz = 0; sz < ub->sz; sz++) {
        ioa_network_buffer_handle nbh = ub->bufs[sz];
        if (nbh) {
          ioa_network_buffer_delete(NULL, nbh);
@ -729,7 +731,8 @@ void add_unsent_buffer(unsent_buffer *ub, ioa_network_buffer_handle nbh) {
 ioa_network_buffer_handle top_unsent_buffer(unsent_buffer *ub) {
  ioa_network_buffer_handle ret = NULL;
  if (ub && ub->bufs && ub->sz) {
-    for (size_t sz = 0; sz < ub->sz; ++sz) {
+    size_t sz;
+    for (sz = 0; sz < ub->sz; ++sz) {
      if (ub->bufs[sz]) {
        ret = ub->bufs[sz];
        break;
@ -741,7 +744,8 @@ ioa_network_buffer_handle top_unsent_buffer(unsent_buffer *ub) {

 void pop_unsent_buffer(unsent_buffer *ub) {
  if (ub && ub->bufs && ub->sz) {
-    for (size_t sz = 0; sz < ub->sz; ++sz) {
+    size_t sz;
+    for (sz = 0; sz < ub->sz; ++sz) {
      if (ub->bufs[sz]) {
        ub->bufs[sz] = NULL;
        break;
--- a/src/server/ns_turn_allocation.h
+++ b/src/server/ns_turn_allocation.h
@ -37,8 +37,6 @@
 #include "ns_turn_maps.h"
 #include "ns_turn_msg.h"

-#include <stdbool.h>
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -94,7 +92,7 @@ struct _tcp_connection {
  ioa_timer_handle conn_bind_timeout;
  stun_tid tid;
  void *owner; // a
-  bool done;
+  int done;
  unsent_buffer ub_to_client;
 };

@ -110,7 +108,7 @@ typedef struct _tcp_connection_list {

 typedef struct _ch_info {
  uint16_t chnum;
-  bool allocated;
+  int allocated;
  uint16_t port;
  ioa_addr peer_addr;
  turn_time_t expiration_time;
@ -139,15 +137,24 @@ void ch_map_clean(ch_map *map);

 ////////////////////////////

+// Signal change to add rtt metrics
+typedef struct _turn_ice_ping_info {
+  stun_tid tid;
+  struct timespec ts;
+  int lastrttus;
+} turn_ice_ping_info;
+
 typedef struct _turn_permission_info {
-  bool allocated;
+  int allocated;
  lm_map chns;
  ioa_addr addr;
  turn_time_t expiration_time;
  ioa_timer_handle lifetime_ev;
  void *owner; // a
-  bool verbose;
+  int verbose;
  unsigned long long session_id;
+  // Signal change to add rtt metrics
+  turn_ice_ping_info pings[2]; // 0 measuring round trip to peer, 1 measuring round trip to client
 } turn_permission_info;

 typedef struct _turn_permission_slot {
@ -173,7 +180,7 @@ typedef struct _turn_permission_hashtable {
 #define ALLOC_INDEX_ADDR(addr) ALLOC_INDEX(((addr)->ss).sa_family)

 typedef struct _allocation {
-  bool is_valid;
+  int is_valid;
  stun_tid tid;
  turn_permission_hashtable addr_to_perm;
  relay_endpoint_session relay_sessions[ALLOC_PROTOCOLS_NUMBER];
@ -194,13 +201,13 @@ void turn_channel_delete(ch_info *chn);
 /////////// ALLOCATION ////////////

 void init_allocation(void *owner, allocation *a, ur_map *tcp_connections);
-void clear_allocation(allocation *a, SOCKET_TYPE socket_type);
+void clear_allocation(allocation *a, SOCKET_TYPE socket_type, int family);

 void turn_permission_clean(turn_permission_info *tinfo);

 void set_allocation_lifetime_ev(allocation *a, turn_time_t exp_time, ioa_timer_handle ev, int family);
-bool is_allocation_valid(const allocation *a);
-void set_allocation_valid(allocation *a, bool value);
+int is_allocation_valid(const allocation *a);
+void set_allocation_valid(allocation *a, int value);
 turn_permission_info *allocation_get_permission(allocation *a, const ioa_addr *addr);
 turn_permission_hashtable *allocation_get_turn_permission_hashtable(allocation *a);
 turn_permission_info *allocation_add_permission(allocation *a, const ioa_addr *addr);
@ -218,7 +225,7 @@ void set_allocation_family_invalid(allocation *a, int family);
 tcp_connection *get_and_clean_tcp_connection_by_id(ur_map *map, tcp_connection_id id);
 tcp_connection *get_tcp_connection_by_id(ur_map *map, tcp_connection_id id);
 tcp_connection *get_tcp_connection_by_peer(allocation *a, ioa_addr *peer_addr);
-bool can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int server_relay);
+int can_accept_tcp_connection_from_peer(allocation *a, ioa_addr *peer_addr, int server_relay);
 tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid *tid, ioa_addr *peer_addr,
                                      int *err_code);
 void delete_tcp_connection(tcp_connection *tc);
--- a/src/server/ns_turn_ioalib.h
+++ b/src/server/ns_turn_ioalib.h
@ -219,7 +219,7 @@ typedef enum _STUN_PROMETHEUS_METRIC_TYPE STUN_PROMETHEUS_METRIC_TYPE;
 void stun_report_binding(void *session, STUN_PROMETHEUS_METRIC_TYPE type);

 void turn_report_allocation_set(void *a, turn_time_t lifetime, int refresh);
-void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type);
+void turn_report_allocation_delete(void *a, SOCKET_TYPE socket_type, int family);
 void turn_report_session_usage(void *session, int force_invalid);

 /*
@ -275,6 +275,9 @@ int is_stream_socket(int st);
 int is_tcp_socket(int st);
 int is_sctp_socket(int st);
 const char *socket_type_name(SOCKET_TYPE st);
+const char *duration_name(unsigned long duration);
+const char *rate_name(unsigned long rate_kbps);
+const char *addr_family_name(int family);
 const char *get_ioa_socket_cipher(ioa_socket_handle s);
 const char *get_ioa_socket_ssl_method(ioa_socket_handle s);
 SOCKET_TYPE get_ioa_socket_type(ioa_socket_handle s);
--- a/src/server/ns_turn_server.c
+++ b/src/server/ns_turn_server.c
@ -31,6 +31,8 @@
 #include "ns_turn_server.h"

 #include "../apps/relay/ns_ioalib_impl.h"
+// Signal change to add rtt metrics
+#include "../apps/relay/prom_server.h"
 #include "ns_turn_allocation.h"
 #include "ns_turn_ioalib.h"
 #include "ns_turn_msg_defs.h" // for STUN_ATTRIBUTE_NONCE
@ -75,23 +77,13 @@ static inline int get_family(int stun_family, ioa_engine_handle e, ioa_socket_ha
 ////////////////////////////////////////////////

 const char *get_version(turn_turnserver *server) {
-  if (server && server->software_attribute) {
+  if (server && !*server->no_software_attribute) {
    return (const char *)TURN_SOFTWARE;
  } else {
    return (const char *)"None";
  }
 }

-static void maybe_add_software_attribute(turn_turnserver *server, ioa_network_buffer_handle nbh) {
-  if (server->software_attribute) {
-    const char *software = get_version(server);
-    size_t fsz = strlen(get_version(server));
-    size_t len = ioa_network_buffer_get_size(nbh);
-    stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, (const uint8_t *)software, fsz);
-    ioa_network_buffer_set_size(nbh, len);
-  }
-}
-
 #define MAX_NUMBER_OF_UNKNOWN_ATTRS (128)

 int TURN_MAX_ALLOCATE_TIMEOUT = 60;
@ -195,6 +187,8 @@ static int inc_quota(ts_ur_super_session *ss, uint8_t *username) {
    } else {

      STRCPY(ss->username, username);
+      // Signal change to add protocol-group label to metrics
+      set_protocolgroup(ss);

      ss->quota_used = 1;
    }
@ -374,6 +368,15 @@ static int good_peer_addr(turn_turnserver *server, const char *realm, ioa_addr *

 allocation *get_allocation_ss(ts_ur_super_session *ss) { return &(ss->alloc); }

+void set_protocolgroup(ts_ur_super_session *ss) {
+  char *group = strrchr((char *)ss->username, '#');
+  if (group != NULL) {
+    strncpy(ss->protocolgroup, group, MAX_PROTOCOL_GROUP_SIZE);
+  } else {
+    strncpy(ss->protocolgroup, DEFAULT_PROTOCOL_GROUP, MAX_PROTOCOL_GROUP_SIZE);
+  }
+}
+
 static inline relay_endpoint_session *get_relay_session_ss(ts_ur_super_session *ss, int family) {
  return get_relay_session(&(ss->alloc), family);
 }
@ -813,12 +816,12 @@ static ts_ur_super_session *create_new_ss(turn_turnserver *server) {
  return ss;
 }

-static void delete_ur_map_ss(void *p, SOCKET_TYPE socket_type) {
+static void delete_ur_map_ss(void *p, SOCKET_TYPE socket_type, int family) {
  if (p) {
    ts_ur_super_session *ss = (ts_ur_super_session *)p;
    delete_session_from_map(ss);
    IOA_CLOSE_SOCKET(ss->client_socket);
-    clear_allocation(get_allocation_ss(ss), socket_type);
+    clear_allocation(get_allocation_ss(ss), socket_type, family);
    IOA_EVENT_DEL(ss->to_be_allocated_timeout_ev);
    free(p);
  }
@ -826,7 +829,8 @@ static void delete_ur_map_ss(void *p, SOCKET_TYPE socket_type) {

 /////////// clean all /////////////////////

-static int turn_server_remove_all_from_ur_map_ss(ts_ur_super_session *ss, SOCKET_TYPE socket_type) {
+// Signal change to add address family label
+static int turn_server_remove_all_from_ur_map_ss(ts_ur_super_session *ss, SOCKET_TYPE socket_type, int family) {
  if (!ss) {
    return 0;
  } else {
@ -840,7 +844,7 @@ static int turn_server_remove_all_from_ur_map_ss(ts_ur_super_session *ss, SOCKET
    if (get_relay_socket_ss(ss, AF_INET6)) {
      clear_ioa_socket_session_if(get_relay_socket_ss(ss, AF_INET6), ss);
    }
-    delete_ur_map_ss(ss, socket_type);
+    delete_ur_map_ss(ss, socket_type, family);
    return ret;
  }
 }
@ -1298,13 +1302,6 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
          }
        }

-        if (server->is_draining) {
-          // Don't allow new allocations if we are draining
-          *err_code = 403; // 403 (Forbidden): RFC8656 - The request is valid, but the server is refusing to perform it,
-                           // likely due to administrative restrictions....
-          *reason = (const uint8_t *)"Server is draining, then will shutdown, please try another server";
-        }
-
        if (!(*err_code)) {
          if (!af4 && !af6) {
            switch (server->allocation_default_address_family) {
@ -1482,6 +1479,10 @@ static int handle_turn_allocate(turn_turnserver *server, ts_ur_super_session *ss
    }
  }

+  // Signal change to add metrics
+#if !defined(TURN_NO_PROMETHEUS)
+  prom_inc_allocation_response(*err_code);
+#endif
  return 0;
 }

@ -1492,6 +1493,8 @@ static void copy_auth_parameters(ts_ur_super_session *orig_ss, ts_ur_super_sessi
    ss->nonce_expiration_time = orig_ss->nonce_expiration_time;
    memcpy(&(ss->realm_options), &(orig_ss->realm_options), sizeof(ss->realm_options));
    memcpy(ss->username, orig_ss->username, sizeof(ss->username));
+    // Signal change to add protocol-group label to metrics
+    memcpy(ss->protocolgroup, orig_ss->protocolgroup, sizeof(ss->protocolgroup));
    ss->hmackey_set = orig_ss->hmackey_set;
    memcpy(ss->hmackey, orig_ss->hmackey, sizeof(ss->hmackey));
    ss->oauth = orig_ss->oauth;
@ -1778,7 +1781,13 @@ static int handle_turn_refresh(turn_turnserver *server, ts_ur_super_session *ss,
                                      (uint8_t *)ss->s_mobile_id, strlen(ss->s_mobile_id));
                    ioa_network_buffer_set_size(nbh, len);

-                    maybe_add_software_attribute(server, nbh);
+                    if (!(*server->no_software_attribute)) {
+                      const uint8_t *field = (const uint8_t *)get_version(server);
+                      size_t fsz = strlen(get_version(server));
+                      size_t len = ioa_network_buffer_get_size(nbh);
+                      stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
+                      ioa_network_buffer_set_size(nbh, len);
+                    }

                    if (message_integrity) {
                      size_t len = ioa_network_buffer_get_size(nbh);
@ -2256,7 +2265,13 @@ static void tcp_peer_accept_connection(ioa_socket_handle s, void *arg) {

    ioa_network_buffer_set_size(nbh, len);

-    maybe_add_software_attribute(server, nbh);
+    if (!(*server->no_software_attribute)) {
+      const uint8_t *field = (const uint8_t *)get_version(server);
+      size_t fsz = strlen(get_version(server));
+      size_t len = ioa_network_buffer_get_size(nbh);
+      stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
+      ioa_network_buffer_set_size(nbh, len);
+    }

    if ((server->fingerprint) || ss->enforce_fingerprints) {
      size_t len = ioa_network_buffer_get_size(nbh);
@ -2528,7 +2543,13 @@ int turnserver_accept_tcp_client_data_connection(turn_turnserver *server, tcp_co
      }
    }

-    maybe_add_software_attribute(server, nbh);
+    if (!(*server->no_software_attribute)) {
+      size_t fsz = strlen(get_version(server));
+      const uint8_t *field = (const uint8_t *)get_version(server);
+      size_t len = ioa_network_buffer_get_size(nbh);
+      stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
+      ioa_network_buffer_set_size(nbh, len);
+    }

    if (message_integrity && ss) {
      size_t len = ioa_network_buffer_get_size(nbh);
@ -2936,6 +2957,106 @@ static int handle_turn_binding(turn_turnserver *server, ts_ur_super_session *ss,
  return 0;
 }

+// Signal change to add metrics
+/////////////// inspect relayed packets, they might be ICE binds ///////////////
+
+static int inspect_binds(ts_ur_super_session *ss, turn_turnserver *server, ioa_net_data *in_buffer,
+                         turn_permission_info *tinfo, int from_peer, int is_channel) {
+  if (!in_buffer || !tinfo || !(from_peer == 0 || from_peer == 1)) {
+    return 0;
+  }
+  size_t len = ioa_network_buffer_get_size(in_buffer->nbh);
+  uint8_t *buf = ioa_network_buffer_data(in_buffer->nbh);
+  if (stun_is_command_message_str(buf, len) && (stun_get_method_str(buf, len) == STUN_METHOD_BINDING)) {
+    if (stun_is_request_str(buf, len)) {
+      stun_tid tid;
+      stun_tid_from_message_str(buf, len, &tid);
+
+      // only process if this is the first received request
+      if (!stun_tid_equals(&tid, &tinfo->pings[from_peer].tid)) {
+        stun_tid_cpy(&tinfo->pings[from_peer].tid, &tid);
+        clock_gettime(CLOCK_MONOTONIC, &tinfo->pings[from_peer].ts);
+      }
+    } else if (stun_is_response_str(buf, len)) {
+      // invert from_peer, because we're processing replies
+      int from_client;
+      if (from_peer) {
+        from_client = 0;
+      } else {
+        from_client = 1;
+      }
+
+      if (tinfo->pings[from_client].ts.tv_sec == 0) {
+        return 0;
+      }
+
+      stun_tid tid;
+      stun_tid_from_message_str(buf, len, &tid);
+
+      if (stun_tid_equals(&tid, &tinfo->pings[from_client].tid)) {
+        struct timespec now;
+        clock_gettime(CLOCK_MONOTONIC, &now);
+
+        if (now.tv_sec >= tinfo->pings[from_client].ts.tv_sec &&
+            now.tv_sec <= tinfo->pings[from_client].ts.tv_sec + 60) {
+
+          int diffus = (now.tv_sec - tinfo->pings[from_client].ts.tv_sec) * 1000000;
+          diffus += (now.tv_nsec - tinfo->pings[from_client].ts.tv_nsec) / 1000;
+          if (diffus > 0) {
+            tinfo->pings[from_client].lastrttus = diffus;
+
+#if !defined(TURN_NO_PROMETHEUS)
+            if (is_channel) {
+              if (from_client) {
+                prom_observe_rtt_client(diffus, ss->protocolgroup);
+              } else {
+                prom_observe_rtt_peer(diffus, ss->protocolgroup);
+              }
+              if (tinfo->pings[from_peer].lastrttus > 0) {
+                prom_observe_rtt_combined(diffus + tinfo->pings[from_peer].lastrttus, ss->protocolgroup);
+              }
+            }
+#endif
+            ur_map_key_type key = 0;
+            // add one to value to differentiate from zero
+            ur_map_value_type diffms = diffus / 1000 + 1;
+
+            if (in_buffer->src_addr.ss.sa_family == AF_INET) {
+              key = ntohl(((struct sockaddr_in *)&in_buffer->src_addr)->sin_addr.s_addr);
+              key >>= 8; // keep only the top 24 bits
+            } else if (in_buffer->src_addr.ss.sa_family == AF_INET6) {
+              // use the high 6 bytes (48 bits)
+              for (int i = 0; i < 6; ++i) {
+                key <<= 8;
+                key |= ((struct sockaddr_in6 *)&in_buffer->src_addr)->sin6_addr.s6_addr[i];
+              }
+              key |= (1L << 63);
+            }
+
+            // explicitly copy map pointer in case of concurrent access
+            ur_map *map = server->rtt_ms_mins;
+
+            ur_map_lock(map);
+            ur_map_value_type value = 0;
+            ur_map_get(map, key, &value);
+            if (value == 0 || diffms < value) {
+              ur_map_put(map, key, diffms);
+            }
+            ur_map_unlock(map);
+          }
+        }
+        // don't process retransmited responses
+        tinfo->pings[from_client].ts.tv_sec = 0;
+      }
+    }
+  } else {
+    if (tinfo->pings[0].lastrttus == 0 && tinfo->pings[1].lastrttus == 0) {
+      return 1;
+    }
+  }
+  return 0;
+}
+
 static int handle_turn_send(turn_turnserver *server, ts_ur_super_session *ss, int *err_code, const uint8_t **reason,
                            uint16_t *unknown_attrs, uint16_t *ua_num, ioa_net_data *in_buffer) {

@ -3021,6 +3142,11 @@ static int handle_turn_send(turn_turnserver *server, ts_ur_super_session *ss, in
          len = 0;
          ioa_network_buffer_set_size(nbh, len);
        }
+        // Signal change to add rtt metrics
+        if (inspect_binds(ss, server, in_buffer, tinfo, 0, 0)) {
+          ++(ss->t_before_ping_packets);
+        }
+
        ioa_network_buffer_header_init(nbh);
        int skip = 0;
        send_data_from_ioa_socket_nbh(get_relay_socket_ss(ss, peer_addr.ss.sa_family), &peer_addr, nbh,
@ -3410,6 +3536,8 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
      if (ss->oauth) {
        ss->hmackey_set = 0;
        STRCPY(ss->username, usname);
+        // Signal change to add protocol-group label to metrics
+        set_protocolgroup(ss);
      } else {
        if (method == STUN_METHOD_ALLOCATE) {
          *err_code = 437;
@ -3422,6 +3550,8 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu
    }
  } else {
    STRCPY(ss->username, usname);
+    // Signal change to add protocol-group label to metrics
+    set_protocolgroup(ss);
  }

  {
@ -3456,18 +3586,20 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu

  /* Password */
  if (!(ss->hmackey_set) && (ss->pwd[0] == 0)) {
-    if (can_resume) {
-      (server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm,
-                          resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
-      if (*postpone_reply) {
-        return 0;
-      }
-    }
-
-    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: %s: Cannot find credentials of user <%s>\n",
-                  (unsigned long long)(ss->id), __FUNCTION__, (char *)usname);
-    *err_code = 401;
-    return create_challenge_response(ss, tid, resp_constructed, err_code, reason, nbh, method);
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - skipping password check!\n");
+//    if (can_resume) {
+//      TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here -  password checker can resume!\n");
+//      (server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm,
+//                          resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
+//      if (*postpone_reply) {
+//        return 0;
+//      }
+//    }
+//
+//    TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: %s: Cannot find credentials of user <%s>\n",
+//                  (unsigned long long)(ss->id), __FUNCTION__, (char *)usname);
+//    *err_code = 401;
+//    return create_challenge_response(ss, tid, resp_constructed, err_code, reason, nbh, method);
  }

  /* Check integrity */
@ -3491,6 +3623,7 @@ static int check_stun_auth(turn_turnserver *server, ts_ur_super_session *ss, stu

  *message_integrity = 1;

+  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - finished auth!\n");
  return 0;
 }

@ -3703,6 +3836,8 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
        } else if (!(*(server->mobility)) || (method != STUN_METHOD_REFRESH) ||
                   is_allocation_valid(get_allocation_ss(ss))) {
          int postpone_reply = 0;
+
+          TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for method %d!\n", method);
          check_stun_auth(server, ss, &tid, resp_constructed, &err_code, &reason, in_buffer, nbh, method,
                          &message_integrity, &postpone_reply, can_resume);
          if (postpone_reply) {
@ -3719,6 +3854,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
      case STUN_METHOD_ALLOCATE:

      {
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for ALLOCATE!\n");
        handle_turn_allocate(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num, in_buffer,
                             nbh);

@ -3731,6 +3867,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,

      case STUN_METHOD_CONNECT:

+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for CONNECT!\n");
        handle_turn_connect(server, ss, &tid, &err_code, &reason, unknown_attrs, &ua_num, in_buffer);

        if (server->verbose) {
@ -3745,6 +3882,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,

      case STUN_METHOD_CONNECTION_BIND:

+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for BIND!\n");
        handle_turn_connection_bind(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num,
                                    in_buffer, nbh, message_integrity, can_resume);

@ -3756,6 +3894,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,

      case STUN_METHOD_REFRESH:

+        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Custom log here - handling turn command for REFRESH!\n");
        handle_turn_refresh(server, ss, &tid, resp_constructed, &err_code, &reason, unknown_attrs, &ua_num, in_buffer,
                            nbh, message_integrity, &no_response, can_resume);

@ -3806,7 +3945,13 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
                          (unsigned long long)(ss->id));
          }

-          maybe_add_software_attribute(server, nbh);
+          if (!(*server->no_software_attribute)) {
+            const uint8_t *field = (const uint8_t *)get_version(server);
+            size_t fsz = strlen(get_version(server));
+            size_t len = ioa_network_buffer_get_size(nbh);
+            stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
+            ioa_network_buffer_set_size(nbh, len);
+          }

          send_turn_message_to(server, nbh, &response_origin, &response_destination);
          stun_report_binding(ss, STUN_PROMETHEUS_METRIC_TYPE_RESPONSE);
@ -3906,7 +4051,13 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
      *resp_constructed = 1;
    }

-    maybe_add_software_attribute(server, nbh);
+    if (!(*server->no_software_attribute)) {
+      const uint8_t *field = (const uint8_t *)get_version(server);
+      size_t fsz = strlen(get_version(server));
+      size_t len = ioa_network_buffer_get_size(nbh);
+      stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
+      ioa_network_buffer_set_size(nbh, len);
+    }

    if (message_integrity) {
      size_t len = ioa_network_buffer_get_size(nbh);
@ -4082,6 +4233,13 @@ static int write_to_peerchannel(ts_ur_super_session *ss, uint16_t chnum, ioa_net
      ioa_network_buffer_add_offset_size(in_buffer->nbh, STUN_CHANNEL_HEADER_LENGTH, 0,
                                         ioa_network_buffer_get_size(in_buffer->nbh) - STUN_CHANNEL_HEADER_LENGTH);

+      // Signal change to add rtt metrics
+      turn_turnserver *server = (turn_turnserver *)ss->server;
+      turn_permission_info *tinfo = (turn_permission_info *)(chn->owner);
+      if (inspect_binds(ss, server, in_buffer, tinfo, 0, 1)) {
+        ++(ss->t_before_ping_packets);
+      }
+
      ioa_network_buffer_header_init(nbh);

      int skip = 0;
@ -4104,17 +4262,32 @@ static int write_to_peerchannel(ts_ur_super_session *ss, uint16_t chnum, ioa_net
 static void client_input_handler(ioa_socket_handle s, int event_type, ioa_net_data *data, void *arg, int can_resume);
 static void peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_data *data, void *arg, int can_resume);

+// Signal change to add session limit
+static TURN_MUTEX_DECLARE(session_limit_mutex);
+static int session_limit;
+
 /////////////// Client actions /////////////////

 int shutdown_client_connection(turn_turnserver *server, ts_ur_super_session *ss, int force, const char *reason) {

  FUNCSTART;

+  // Signal change to add session limit
+  if (session_limit != -1) {
+    TURN_MUTEX_LOCK(&session_limit_mutex);
+    ++session_limit;
+#if !defined(TURN_NO_PROMETHEUS)
+    prom_set_session_limit(session_limit);
+#endif
+    TURN_MUTEX_UNLOCK(&session_limit_mutex);
+  }
+
  if (!ss) {
    return -1;
  }

  SOCKET_TYPE socket_type = get_ioa_socket_type(ss->client_socket);
+  int family = get_ioa_socket_address_family(ss->client_socket);

  turn_report_session_usage(ss, 1);
  dec_quota(ss);
@ -4179,7 +4352,7 @@ int shutdown_client_connection(turn_turnserver *server, ts_ur_super_session *ss,
    }
  }

-  turn_server_remove_all_from_ur_map_ss(ss, socket_type);
+  turn_server_remove_all_from_ur_map_ss(ss, socket_type, family);

  FUNCEND;

@ -4289,7 +4462,7 @@ static void client_ss_allocation_timeout_handler(ioa_engine_handle e, void *arg)
  turn_turnserver *server = (turn_turnserver *)(ss->server);

  if (!server) {
-    clear_allocation(a, get_ioa_socket_type(ss->client_socket));
+    clear_allocation(a, get_ioa_socket_type(ss->client_socket), get_ioa_socket_address_family(ss->client_socket));
    return;
  }

@ -4702,6 +4875,23 @@ int open_client_connection_session(turn_turnserver *server, struct socket_messag
    return -1;
  }

+  // Signal change to add session limit
+  if (session_limit != -1) {
+    TURN_MUTEX_LOCK(&session_limit_mutex);
+    if (session_limit == 0) {
+      TURN_MUTEX_UNLOCK(&session_limit_mutex);
+#if !defined(TURN_NO_PROMETHEUS)
+      prom_inc_sessions_overlimit();
+#endif
+      return -1;
+    }
+    --session_limit;
+#if !defined(TURN_NO_PROMETHEUS)
+    prom_set_session_limit(session_limit);
+#endif
+    TURN_MUTEX_UNLOCK(&session_limit_mutex);
+  }
+
  ts_ur_super_session *ss = create_new_ss(server);

  ss->client_socket = sm->s;
@ -4800,6 +4990,10 @@ static void peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_data
  turn_permission_info *tinfo = allocation_get_permission(a, &(in_buffer->src_addr));
  if (tinfo) {
    chnum = get_turn_channel_number(tinfo, &(in_buffer->src_addr));
+    // Signal change to add rtt metrics
+    if (inspect_binds(ss, server, in_buffer, tinfo, 1, chnum != 0)) {
+      ++(ss->t_before_ping_packets);
+    }
  } else if (!(server->server_relay)) {
    return;
  }
@ -4835,7 +5029,13 @@ static void peer_input_handler(ioa_socket_handle s, int event_type, ioa_net_data
    stun_attr_add_addr_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_XOR_PEER_ADDRESS, &(in_buffer->src_addr));
    ioa_network_buffer_set_size(nbh, len);

-    maybe_add_software_attribute(server, nbh);
+    if (!(*server->no_software_attribute)) {
+      const uint8_t *field = (const uint8_t *)get_version(server);
+      size_t fsz = strlen(get_version(server));
+      size_t len = ioa_network_buffer_get_size(nbh);
+      stun_attr_add_str(ioa_network_buffer_data(nbh), &len, STUN_ATTRIBUTE_SOFTWARE, field, fsz);
+      ioa_network_buffer_set_size(nbh, len);
+    }

    if ((server->fingerprint) || ss->enforce_fingerprints) {
      size_t len = ioa_network_buffer_get_size(nbh);
@ -4886,11 +5086,11 @@ static void client_input_handler(ioa_socket_handle s, int event_type, ioa_net_da
 ///////////////////////////////////////////////////////////

 void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, ioa_engine_handle e,
-                      turn_credential_type ct, int fingerprint, dont_fragment_option_t dont_fragment,
+                      turn_credential_type ct, int stun_port, int fingerprint, dont_fragment_option_t dont_fragment,
                      get_user_key_cb userkeycb, check_new_allocation_quota_cb chquotacb,
                      release_allocation_quota_cb raqcb, ioa_addr *external_ip, vintp check_origin, vintp no_tcp_relay,
                      vintp no_udp_relay, vintp stale_nonce, vintp max_allocate_lifetime, vintp channel_lifetime,
-                      vintp permission_lifetime, vintp stun_only, vintp no_stun, bool software_attribute,
+                      vintp permission_lifetime, vintp stun_only, vintp no_stun, vintp no_software_attribute,
                      vintp web_admin_listen_on_workers, turn_server_addrs_list_t *alternate_servers_list,
                      turn_server_addrs_list_t *tls_alternate_servers_list, turn_server_addrs_list_t *aux_servers_list,
                      int self_udp_balance, vintp no_multicast_peers, vintp allow_loopback_peers,
@ -4900,12 +5100,25 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io
                      allocate_bps_cb allocate_bps_func, int oauth, const char *oauth_server_name,
                      const char *acme_redirect, ALLOCATION_DEFAULT_ADDRESS_FAMILY allocation_default_address_family,
                      vintp log_binding, vintp no_stun_backward_compatibility, vintp response_origin_only_with_rfc5780,
-                      vintp respond_http_unsupported) {
+                      vintp respond_http_unsupported,
+                      // Signal change to add session limit
+                      int configured_session_limit) {

  if (!server) {
    return;
  }

+  // Signal change to add session limit
+  if (id == 0) {
+    if (configured_session_limit) {
+      TURN_MUTEX_INIT(&session_limit_mutex);
+      session_limit = configured_session_limit;
+    } else {
+      session_limit = -1;
+    }
+    TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "turn server session_limit = %d\n", session_limit);
+  }
+
  memset(server, 0, sizeof(turn_turnserver));

  server->e = e;
@ -4951,7 +5164,7 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io
  server->permission_lifetime = permission_lifetime;
  server->stun_only = stun_only;
  server->no_stun = no_stun;
-  server->software_attribute = software_attribute;
+  server->no_software_attribute = no_software_attribute;
  server->web_admin_listen_on_workers = web_admin_listen_on_workers;

  server->dont_fragment = dont_fragment;
@ -4960,6 +5173,9 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io
    addr_cpy(&(server->external_ip), external_ip);
    server->external_ip_set = 1;
  }
+  if (stun_port < 1) {
+    stun_port = DEFAULT_STUN_PORT;
+  }

  server->verbose = verbose;

@ -4982,7 +5198,8 @@ void init_turn_server(turn_turnserver *server, turnserver_id id, int verbose, io

  server->respond_http_unsupported = respond_http_unsupported;

-  server->is_draining = false;
+  // Signal change to add rtt metrics
+  server->rtt_ms_mins = ur_map_create();
 }

 ioa_engine_handle turn_server_get_engine(turn_turnserver *s) {
--- a/src/server/ns_turn_server.h
+++ b/src/server/ns_turn_server.h
@ -72,7 +72,15 @@ extern int TURN_MAX_ALLOCATE_TIMEOUT_STUN_ONLY;

 typedef uint8_t turnserver_id;

-enum _MESSAGE_TO_RELAY_TYPE { RMT_UNKNOWN = 0, RMT_SOCKET, RMT_CB_SOCKET, RMT_MOBILE_SOCKET, RMT_CANCEL_SESSION };
+// Signal change to add rtt metrics
+enum _MESSAGE_TO_RELAY_TYPE {
+  RMT_UNKNOWN = 0,
+  RMT_SOCKET,
+  RMT_CB_SOCKET,
+  RMT_MOBILE_SOCKET,
+  RMT_CANCEL_SESSION,
+  RMT_CYCLE_RTT_MAP
+};
 typedef enum _MESSAGE_TO_RELAY_TYPE MESSAGE_TO_RELAY_TYPE;

 ///////// ALLOCATION DEFAULT ADDRESS FAMILY TYPES /////////////////////
@ -134,7 +142,7 @@ struct _turn_turnserver {
  vintp permission_lifetime;
  vintp stun_only;
  vintp no_stun;
-  bool software_attribute;
+  vintp no_software_attribute;
  vintp web_admin_listen_on_workers;
  vintp secure_stun;
  turn_credential_type ct;
@ -204,8 +212,9 @@ struct _turn_turnserver {
     otherwise handling HTTP. */
  vintp respond_http_unsupported;

-  /* Set to true on SIGUSR1 */
-  bool is_draining;
+  // Signal change to add rtt metrics
+  /* measured round trip minimums per network */
+  ur_map *rtt_ms_mins;
 };

 const char *get_version(turn_turnserver *server);
@ -213,11 +222,11 @@ const char *get_version(turn_turnserver *server);
 ///////////////////////////////////////////

 void init_turn_server(
-    turn_turnserver *server, turnserver_id id, int verbose, ioa_engine_handle e, turn_credential_type ct,
+    turn_turnserver *server, turnserver_id id, int verbose, ioa_engine_handle e, turn_credential_type ct, int stun_port,
    int fingerprint, dont_fragment_option_t dont_fragment, get_user_key_cb userkeycb,
    check_new_allocation_quota_cb chquotacb, release_allocation_quota_cb raqcb, ioa_addr *external_addr,
    vintp check_origin, vintp no_tcp_relay, vintp no_udp_relay, vintp stale_nonce, vintp max_allocate_lifetime,
-    vintp channel_lifetime, vintp permission_lifetime, vintp stun_only, vintp no_stun, bool software_attribute,
+    vintp channel_lifetime, vintp permission_lifetime, vintp stun_only, vintp no_stun, vintp no_software_attribute,
    vintp web_admin_listen_on_workers, turn_server_addrs_list_t *alternate_servers_list,
    turn_server_addrs_list_t *tls_alternate_servers_list, turn_server_addrs_list_t *aux_servers_list,
    int self_udp_balance, vintp no_multicast_peers, vintp allow_loopback_peers, ip_range_list_t *ip_whitelist,
@ -225,7 +234,9 @@ void init_turn_server(
    int server_relay, send_turn_session_info_cb send_turn_session_info, send_https_socket_cb send_https_socket,
    allocate_bps_cb allocate_bps_func, int oauth, const char *oauth_server_name, const char *acme_redirect,
    ALLOCATION_DEFAULT_ADDRESS_FAMILY allocation_default_address_family, vintp log_binding,
-    vintp no_stun_backward_compatibility, vintp response_origin_only_with_rfc5780, vintp respond_http_unsupported);
+    vintp no_stun_backward_compatibility, vintp response_origin_only_with_rfc5780, vintp respond_http_unsupported,
+    // Signal change to add session limit
+    int configured_session_limit);

 ioa_engine_handle turn_server_get_engine(turn_turnserver *s);

--- a/src/server/ns_turn_session.h
+++ b/src/server/ns_turn_session.h
@ -119,6 +119,10 @@ struct _ts_ur_super_session {
  char s_mobile_id[33];
  /* Bandwidth */
  band_limit_t bps;
+  // Signal change to add metrics
+  uint64_t t_before_ping_packets;
+  // Signal change to add protocol-group label to metrics
+  char protocolgroup[MAX_PROTOCOL_GROUP_SIZE + 1];
 };

 ////// Session info for statistics //////
@ -184,6 +188,9 @@ int turn_session_info_copy_from(struct turn_session_info *tsi, ts_ur_super_sessi

 allocation *get_allocation_ss(ts_ur_super_session *ss);

+// Signal change to add protocol-group label to metrics
+void set_protocolgroup(ts_ur_super_session *ss);
+
 ///////////////////////////////////////////////////////

 #ifdef __cplusplus
--- a/vcpkg.json
+++ b/vcpkg.json
@ -1,6 +1,6 @@
 {
  "name": "coturn",
-  "version-string": "4.6.3",
+  "version-string": "4.6.2",
  "dependencies": [
    {
      "name": "pthreads",
Author	SHA1	Message	Date
Adel Lahlou	03c97fe0b9	Disable integrity check for password Some checks failed clang-tidy / clang-tidy (Release) (push) Has been cancelled Details AmazonLinux / builds (amazonlinux:2) (push) Has been cancelled Details AmazonLinux / builds (amazonlinux:2023) (push) Has been cancelled Details CMake / build (push) Has been cancelled Details CodeQL / CodeQL Analyze (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (address,pointer-compare,pointer-subtract) (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (thread) (push) Has been cancelled Details Lint / build (push) Has been cancelled Details MacOS / builds (macos-12) (push) Has been cancelled Details MacOS / builds (macos-13) (push) Has been cancelled Details MacOS / builds (macos-14) (push) Has been cancelled Details mingw / build (OFF, Debug, windows-latest) (push) Has been cancelled Details mingw / build (OFF, Release, windows-latest) (push) Has been cancelled Details msvc-analyzer / msvc-analyzer (OFF, Release, x64, v143) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details Ubuntu / builds (ubuntu:16.04) (push) Has been cancelled Details Ubuntu / builds (ubuntu:18.04) (push) Has been cancelled Details Ubuntu / builds (ubuntu:20.04) (push) Has been cancelled Details Ubuntu / builds (ubuntu:22.04) (push) Has been cancelled Details	2024-10-02 14:04:27 -07:00
Richard Russo	a2b6942f61	fix lint Some checks failed compiler-sanitizers / compiler-sanitizers (address,pointer-compare,pointer-subtract) (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (thread) (push) Has been cancelled Details Lint / build (push) Has been cancelled Details MacOS / builds (macos-12) (push) Has been cancelled Details MacOS / builds (macos-13) (push) Has been cancelled Details AmazonLinux / builds (amazonlinux:2) (push) Has been cancelled Details AmazonLinux / builds (amazonlinux:2023) (push) Has been cancelled Details clang-tidy / clang-tidy (Release) (push) Has been cancelled Details CMake / build (push) Has been cancelled Details CodeQL / CodeQL Analyze (push) Has been cancelled Details MacOS / builds (macos-14) (push) Has been cancelled Details mingw / build (OFF, Debug, windows-latest) (push) Has been cancelled Details mingw / build (OFF, Release, windows-latest) (push) Has been cancelled Details msvc-analyzer / msvc-analyzer (OFF, Release, x64, v143) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details Ubuntu / builds (ubuntu:16.04) (push) Has been cancelled Details Ubuntu / builds (ubuntu:18.04) (push) Has been cancelled Details Ubuntu / builds (ubuntu:20.04) (push) Has been cancelled Details Ubuntu / builds (ubuntu:22.04) (push) Has been cancelled Details	2024-09-17 14:55:50 -07:00
Richard Russo	dcaae5a54d	Revert "accept but ignore permissions to forbidden IPs" This reverts commit `456b12fe29`.	2024-09-17 14:36:02 -07:00
Richard Russo	da88c01a9c	Merge branch 'main' into 462	2024-09-17 14:00:20 -07:00
Richard Russo	2f8fbd2485	fix linting Some checks failed C/C++ CI / builds (ubuntu:20.04) (push) Has been cancelled Details C/C++ CI / builds (ubuntu:22.04) (push) Has been cancelled Details clang-tidy / clang-tidy (Release) (push) Has been cancelled Details CMake / build (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details CodeQL / Analyze (cpp) (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (address,pointer-compare,pointer-subtract) (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (thread) (push) Has been cancelled Details Lint / build (push) Has been cancelled Details MacOS / builds (macos-11) (push) Has been cancelled Details MacOS / builds (macos-12) (push) Has been cancelled Details mingw / build (OFF, Debug, windows-latest) (push) Has been cancelled Details mingw / build (OFF, Release, windows-latest) (push) Has been cancelled Details msvc-analyzer / msvc-analyzer (OFF, Release, x64, v143) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v142, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details C/C++ CI / builds (ubuntu:16.04) (push) Has been cancelled Details C/C++ CI / builds (ubuntu:18.04) (push) Has been cancelled Details	2024-05-29 11:40:23 -07:00
Richard Russo	456b12fe29	accept but ignore permissions to forbidden IPs	2024-05-29 11:40:23 -07:00
Richard Russo	4604638bb9	Update rtt_foreach to return bool Follow up to `7f119911`, because of `f3b73f60`	2024-05-28 13:18:56 -07:00
Richard Russo	2cbcdb1241	Merge branch 'main' into 462	2024-05-28 13:05:42 -07:00
Richard Russo	1c3dfac113	Add a session limit. Some checks failed clang-tidy / clang-tidy (Release) (push) Has been cancelled Details CMake / build (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (address,pointer-compare,pointer-subtract) (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (thread) (push) Has been cancelled Details mingw / build (OFF, Debug, windows-latest) (push) Has been cancelled Details mingw / build (OFF, Release, windows-latest) (push) Has been cancelled Details msvc-analyzer / msvc-analyzer (OFF, Release, x64, v143) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details	2024-05-14 13:22:43 -07:00
Richard Russo	3bf84400b8	Add a metric to track allocation responses by code	2024-05-14 13:22:43 -07:00
adel-signal	fb910c950d	Add protocolgroup prometheus metrics Some checks failed clang-tidy / clang-tidy (Release) (push) Has been cancelled Details CMake / build (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (address,pointer-compare,pointer-subtract) (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (thread) (push) Has been cancelled Details mingw / build (OFF, Debug, windows-latest) (push) Has been cancelled Details mingw / build (OFF, Release, windows-latest) (push) Has been cancelled Details msvc-analyzer / msvc-analyzer (OFF, Release, x64, v143) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details	2024-04-03 10:35:28 -07:00
Richard Russo	ed86f80f01	Count packets received when there was no ICE ping Some checks failed compiler-sanitizers / compiler-sanitizers (address,pointer-compare,pointer-subtract) (push) Has been cancelled Details msvc-analyzer / msvc-analyzer (OFF, Release, x64, v143) (push) Has been cancelled Details clang-tidy / clang-tidy (Release) (push) Has been cancelled Details CMake / build (push) Has been cancelled Details compiler-sanitizers / compiler-sanitizers (thread) (push) Has been cancelled Details mingw / build (OFF, Debug, windows-latest) (push) Has been cancelled Details mingw / build (OFF, Release, windows-latest) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (OFF, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Debug, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, Win32, v141, windows-latest, x86-windows) (push) Has been cancelled Details msvc / ${{matrix.os}}-vc-${{matrix.VCPKG_PLATFORM_TOOLSET}}-${{matrix.CMAKE_GENERATOR_PLATFORM}}-${{matrix.BUILD_TYPE}}-${{matrix.BUILD_SHARED_LIBS}} (ON, Release, x64, v143, windows-latest, x64-windows) (push) Has been cancelled Details	2024-02-27 14:44:14 -08:00
Richard Russo	40043d1915	don't update len to the length of the password	2024-01-25 13:25:19 -08:00
Richard Russo	700a6bdfb0	don't try to copy past the end of c_execdir	2024-01-25 13:25:19 -08:00
Richard Russo	ec7079f712	strncpy doesn't return size_t	2024-01-25 13:25:19 -08:00
Richard Russo	7f119911ba	Keep a map of minimum round trip time by network To reduce lock contention, one map per relay server. Admin server periodically tells the relay servers to cycle to fresh maps, and the admin server outputs the old maps for external analysis. Also, clang-format earlier changes	2024-01-25 13:25:19 -08:00
Richard Russo	7de3df6f62	Measure round trip times during relayed sessions	2024-01-25 13:25:19 -08:00
Iñaqui	b401285599	Keep 1kbps to distinguish active and non-active sessions	2024-01-25 13:18:17 -08:00
Iñaqui	ed9c686403	Reduce labels and label values	2024-01-25 13:18:17 -08:00
Iñaqui	707229a8e0	Get address family when socket still valid	2024-01-25 13:18:17 -08:00
Iñaqui	fde2685100	Add a client address family label to prometheus	2024-01-25 13:18:17 -08:00
Iñaqui	0ea6fc8728	duration and rate counter metric	2024-01-25 13:18:17 -08:00