mirror of
				https://github.com/coturn/coturn.git
				synced 2025-10-26 12:31:00 +01:00 
			
		
		
		
	Merge branch 'master' into PR288
This commit is contained in:
		
						commit
						05ecf28a95
					
				
							
								
								
									
										41
									
								
								.travis.yml
									
									
									
									
									
								
							
							
						
						
									
										41
									
								
								.travis.yml
									
									
									
									
									
								
							| @ -66,11 +66,46 @@ matrix: | |||||||
|         - libhiredis-dev |         - libhiredis-dev | ||||||
|   - os: osx |   - os: osx | ||||||
|     osx_image: xcode11.3 |     osx_image: xcode11.3 | ||||||
|   - os: osx |  # - os: osx | ||||||
|     osx_image: xcode11.6 |  #   osx_image: xcode11.6 | ||||||
|   - os: osx |   - os: osx | ||||||
|     osx_image: xcode12 |     osx_image: xcode12 | ||||||
| 
 |   - os: linux | ||||||
|  |     arch: ppc64le | ||||||
|  |     dist: xenial | ||||||
|  |     sudo: required | ||||||
|  |     addons: | ||||||
|  |       apt: | ||||||
|  |         packages: | ||||||
|  |         - mysql-client | ||||||
|  |         - debhelper | ||||||
|  |         - dpkg-dev | ||||||
|  |         - libssl-dev | ||||||
|  |         - libevent-dev | ||||||
|  |         - sqlite3 | ||||||
|  |         - libsqlite3-dev | ||||||
|  |         - postgresql-client | ||||||
|  |         - libpq-dev | ||||||
|  |         - libmysqlclient-dev | ||||||
|  |         - libhiredis-dev | ||||||
|  |   - os: linux | ||||||
|  |     arch: ppc64le | ||||||
|  |     dist: bionic | ||||||
|  |     sudo: required | ||||||
|  |     addons: | ||||||
|  |       apt: | ||||||
|  |         packages: | ||||||
|  |         - mysql-client | ||||||
|  |         - debhelper | ||||||
|  |         - dpkg-dev | ||||||
|  |         - libssl-dev | ||||||
|  |         - libevent-dev | ||||||
|  |         - sqlite3 | ||||||
|  |         - libsqlite3-dev | ||||||
|  |         - postgresql-client | ||||||
|  |         - libpq-dev | ||||||
|  |         - libmysqlclient-dev | ||||||
|  |         - libhiredis-dev | ||||||
| 
 | 
 | ||||||
| notifications: | notifications: | ||||||
|   slack: |   slack: | ||||||
|  | |||||||
							
								
								
									
										29
									
								
								ChangeLog
									
									
									
									
									
								
							
							
						
						
									
										29
									
								
								ChangeLog
									
									
									
									
									
								
							| @ -3,6 +3,35 @@ Version 4.5.2 'dan Eider': | |||||||
| 	- fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report) | 	- fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report) | ||||||
| 	- merge PR #517 (by wolmi) | 	- merge PR #517 (by wolmi) | ||||||
| 		* add prometheus metrics | 		* add prometheus metrics | ||||||
|  | 	- merge PR #637 (by David Florness) | ||||||
|  | 	    * Delete trailing whitespace in example configuration files | ||||||
|  | 	- merge PR #631 (by Debabrata Deka) | ||||||
|  | 	    * Add architecture ppc64le to travis build | ||||||
|  | 	- merge PR #627 (by Samuel) | ||||||
|  | 		* Fix misleading option in doc (prometheus) | ||||||
|  | 	- merge PR #643 (by tupelo-schneck) | ||||||
|  | 		* Allow RFC6062 TCP relay data to look like TLS | ||||||
|  | 	- merge PR #655 (by plinss) | ||||||
|  | 		* Add support for proxy protocol V1  | ||||||
|  | 	- merge PR #618 (by Paul Wayper) | ||||||
|  | 		* Print full date and time in logs | ||||||
|  | 		* Add new options: "new-log-timestamp" and "new-log-timestamp-format" | ||||||
|  | 	- merge PR #599 (by Cédric Krier) | ||||||
|  | 		* Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL | ||||||
|  | 	- update Docker mongoDB and fix with workaround the missing systemctl | ||||||
|  | 	- merge PR #660 (by Camden Narzt) | ||||||
|  | 		* fix compilation on macOS Big Sur | ||||||
|  | 	- merge PR #546 (by jelmd) | ||||||
|  | 		* Add ACME redirect url | ||||||
|  | 	- merge PR #551 (by jelmd) | ||||||
|  | 		* support of --acme-redirect <URL> | ||||||
|  | 	- merge PR #672 further acme fixes (by jemld) | ||||||
|  | 		* fix acme security, redundancy, consistency | ||||||
|  | 	- Disable binding request logging to avoid DoS attacks. (Breaking change!) | ||||||
|  | 		* Add new --log-binding option to enable binding request logging | ||||||
|  | 	- Fix stale-nonce documentation. Resolves #604 | ||||||
|  | 	- Version number is changed to semver 2.0 | ||||||
|  | 
 | ||||||
| 24/06/2020 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu> | 24/06/2020 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu> | ||||||
| Version 4.5.1.3 'dan Eider': | Version 4.5.1.3 'dan Eider': | ||||||
| 	- merge PR #575: (by osterik) | 	- merge PR #575: (by osterik) | ||||||
|  | |||||||
| @ -21,7 +21,7 @@ COMMON_MODS = src/apps/common/apputils.c src/apps/common/ns_turn_utils.c src/app | |||||||
| COMMON_DEPS = ${LIBCLIENTTURN_DEPS} ${COMMON_MODS} ${COMMON_HEADERS} | COMMON_DEPS = ${LIBCLIENTTURN_DEPS} ${COMMON_MODS} ${COMMON_HEADERS} | ||||||
| 
 | 
 | ||||||
| IMPL_HEADERS = src/apps/relay/ns_ioalib_impl.h src/apps/relay/ns_sm.h src/apps/relay/turn_ports.h | IMPL_HEADERS = src/apps/relay/ns_ioalib_impl.h src/apps/relay/ns_sm.h src/apps/relay/turn_ports.h | ||||||
| IMPL_MODS = src/apps/relay/ns_ioalib_engine_impl.c src/apps/relay/turn_ports.c src/apps/relay/http_server.c | IMPL_MODS = src/apps/relay/ns_ioalib_engine_impl.c src/apps/relay/turn_ports.c src/apps/relay/http_server.c src/apps/relay/acme.c | ||||||
| IMPL_DEPS = ${COMMON_DEPS} ${IMPL_HEADERS} ${IMPL_MODS} | IMPL_DEPS = ${COMMON_DEPS} ${IMPL_HEADERS} ${IMPL_MODS} | ||||||
| 
 | 
 | ||||||
| HIREDIS_HEADERS = src/apps/common/hiredis_libevent2.h | HIREDIS_HEADERS = src/apps/common/hiredis_libevent2.h | ||||||
|  | |||||||
| @ -121,7 +121,8 @@ Contact information: | |||||||
| 
 | 
 | ||||||
| https://groups.google.com/forum/#!forum/turn-server-project-rfc5766-turn-server | https://groups.google.com/forum/#!forum/turn-server-project-rfc5766-turn-server | ||||||
| 
 | 
 | ||||||
| email:mom040267@gmail.com | email:misi@majd.eu | ||||||
|  |       mom040267@gmail.com | ||||||
| 
 | 
 | ||||||
| ### Feedback is very welcome (bugs, issues, suggestions, stories, questions). ### | ### Feedback is very welcome (bugs, issues, suggestions, stories, questions). ### | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -271,4 +271,8 @@ to see the man page. | |||||||
| 
 | 
 | ||||||
| 	Bradley T. Hughes <bradleythughes@fastmail.fm> | 	Bradley T. Hughes <bradleythughes@fastmail.fm> | ||||||
| 
 | 
 | ||||||
|         Mihaly Meszaros <misi@majd.eu> | 	Mihály Mészáros <misi@majd.eu> | ||||||
|  | 
 | ||||||
|  |   ACTIVE MAINTAINERS | ||||||
|  | 
 | ||||||
|  | 	Mihály Mészáros <misi@majd.eu> | ||||||
| @ -225,6 +225,12 @@ Flags: | |||||||
| 			name will be constructed as-is, without PID and date appendage. | 			name will be constructed as-is, without PID and date appendage. | ||||||
| 			This option can be used, for example, together with the logrotate tool. | 			This option can be used, for example, together with the logrotate tool. | ||||||
| 
 | 
 | ||||||
|  | --new-log-timestamp				Enable full ISO-8601 timestamp in all logs. | ||||||
|  | 
 | ||||||
|  | --new-log-timestamp-format    	<format>	Set timestamp format (in strftime(1) format) | ||||||
|  | 
 | ||||||
|  | --log-binding					Log STUN binding request. It is now disabled by default to avoid DoS attacks. | ||||||
|  | 
 | ||||||
| --secure-stun		Require authentication of the STUN Binding request. | --secure-stun		Require authentication of the STUN Binding request. | ||||||
| 			By default, the clients are allowed anonymous access to the STUN Binding functionality. | 			By default, the clients are allowed anonymous access to the STUN Binding functionality. | ||||||
| 
 | 
 | ||||||
| @ -265,8 +271,8 @@ Flags: | |||||||
| 			check: across the session, all requests must have the same | 			check: across the session, all requests must have the same | ||||||
| 			main ORIGIN attribute value (if the ORIGIN was | 			main ORIGIN attribute value (if the ORIGIN was | ||||||
| 			initially used by the session). | 			initially used by the session). | ||||||
|  --no-prometheus	Disable prometheus metrics. By default it is |  --prometheus		Enable prometheus metrics. By default it is | ||||||
| 			enabled and listening on port 9641 unther the path /metrics | 			disabled. Would listen on port 9641 unther the path /metrics | ||||||
| 			also the path / on this port can be used as a health check | 			also the path / on this port can be used as a health check | ||||||
| 
 | 
 | ||||||
| -h			Help. | -h			Help. | ||||||
| @ -275,6 +281,7 @@ Options with values: | |||||||
| 
 | 
 | ||||||
| --stale-nonce[=<value>]		Use extra security with nonce value having | --stale-nonce[=<value>]		Use extra security with nonce value having | ||||||
| 							limited lifetime, in seconds (default 600 secs). | 							limited lifetime, in seconds (default 600 secs). | ||||||
|  | 							Set it to 0 for unlimited nonce lifetime. | ||||||
| 
 | 
 | ||||||
| --max-allocate-lifetime		Set the maximum value for the allocation lifetime. | --max-allocate-lifetime		Set the maximum value for the allocation lifetime. | ||||||
| 							Default to 3600 secs. | 							Default to 3600 secs. | ||||||
| @ -543,6 +550,12 @@ Options with values: | |||||||
| 			Default is /var/run/turnserver.pid (if superuser account is used) or | 			Default is /var/run/turnserver.pid (if superuser account is used) or | ||||||
| 			/var/tmp/turnserver.pid . | 			/var/tmp/turnserver.pid . | ||||||
| 
 | 
 | ||||||
|  | --acme-redirect  <URL>	Redirect ACME/RFC8555 (like Let's Encrypt challenge) requests, i.e. | ||||||
|  | 			HTTP GET requests matching '^/.well-known/acme-challenge/(.*)' | ||||||
|  | 			to <URL>$1 with $1 == (.*). No validation of <URL> will be done, | ||||||
|  | 			so make sure you do not forget the trailing slash. If <URL> is an empty | ||||||
|  | 			string (the default value), no special handling of such requests will be done. | ||||||
|  | 
 | ||||||
| --proc-user		User name to run the process. After the initialization, the turnserver process | --proc-user		User name to run the process. After the initialization, the turnserver process | ||||||
| 			will make an attempt to change the current user ID to that user. | 			will make an attempt to change the current user ID to that user. | ||||||
| 
 | 
 | ||||||
| @ -997,4 +1010,8 @@ https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766- | |||||||
| 
 | 
 | ||||||
| 	Bradley T. Hughes <bradleythughes@fastmail.fm> | 	Bradley T. Hughes <bradleythughes@fastmail.fm> | ||||||
| 
 | 
 | ||||||
|         Mihaly Meszaros <misi@majd.eu> |     Mihály Mészáros <misi@majd.eu> | ||||||
|  | 
 | ||||||
|  |   ACTIVE MAINTAINERS | ||||||
|  | 
 | ||||||
|  | 	Mihály Mészáros <misi@majd.eu> | ||||||
|  | |||||||
| @ -474,4 +474,8 @@ SEE ALSO | |||||||
| 
 | 
 | ||||||
| 	Bradley T. Hughes <bradleythughes@fastmail.fm> | 	Bradley T. Hughes <bradleythughes@fastmail.fm> | ||||||
| 
 | 
 | ||||||
|         Mihaly Meszaros <misi@majd.eu> | 	Mihály Mészáros <misi@majd.eu> | ||||||
|  | 
 | ||||||
|  |   ACTIVE MAINTAINERS | ||||||
|  | 
 | ||||||
|  | 	Mihály Mészáros <misi@majd.eu> | ||||||
							
								
								
									
										11
									
								
								configure
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										11
									
								
								configure
									
									
									
									
										vendored
									
									
								
							| @ -423,6 +423,17 @@ if [ "${SYSTEM}" = "NetBSD" ] ; then | |||||||
| 	fi | 	fi | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
|  | # If acme_redirect does not work, send_data_from_ioa_socket_nbh() probably | ||||||
|  | # does not work. Set LIBEV_OK=1 to use a workaround for it. | ||||||
|  | if [ -z "${LIBEV_OK}" ]; then | ||||||
|  | 	LIBEV_OK=1 | ||||||
|  | 	if [ "${SYSTEM}" = "Linux" ]; then | ||||||
|  | 		OS=$( lsb_release -si 2>/dev/null ) | ||||||
|  | 		[ "${OS}" = "Ubuntu" ] && LIBEV_OK=0 | ||||||
|  | 	fi | ||||||
|  | fi | ||||||
|  | [ "${LIBEV_OK}" = "1" ] && OSCFLAGS="${OSCFLAGS} -DLIBEV_OK" | ||||||
|  | 
 | ||||||
| ########################### | ########################### | ||||||
| # Install shell commands | # Install shell commands | ||||||
| ########################### | ########################### | ||||||
|  | |||||||
| @ -13,7 +13,7 @@ WORKDIR ${BUILD_PREFIX} | |||||||
| RUN git clone https://github.com/coturn/coturn.git | RUN git clone https://github.com/coturn/coturn.git | ||||||
| 
 | 
 | ||||||
| # Build Coturn | # Build Coturn | ||||||
| WORKDIR coturn | WORKDIR ${BUILD_PREFIX}/coturn | ||||||
| RUN ./configure | RUN ./configure | ||||||
| RUN make | RUN make | ||||||
| 
 | 
 | ||||||
| @ -34,14 +34,17 @@ COPY --from=coturn-build ${BUILD_PREFIX}/coturn/turndb ${INSTALL_PREFIX}/turndb | |||||||
| # Install lib dependencies | # Install lib dependencies | ||||||
| RUN export DEBIAN_FRONTEND=noninteractive && \ | RUN export DEBIAN_FRONTEND=noninteractive && \ | ||||||
| 	apt-get update && \ | 	apt-get update && \ | ||||||
| 	apt-get install -y libc6>=2.15 libevent-core-2.1-6>=libevent-core-2.1-6 libevent-extra-2.1-6>=2.1.8-stable-4 libevent-openssl-2.1-6>=2.1.8-stable-4 libevent-pthreads-2.1-6>=2.1.8-stable-4 libhiredis0.14>=0.14.0 libmariadbclient-dev>=10.3.17 libpq5>=8.4~ libsqlite3-0>=3.6.0 libssl1.1>=1.1.0 libmongoc-1.0 libbson-1.0 | 	apt-get install -y libc6 libevent-core-2.1-6 libevent-extra-2.1-6 libevent-openssl-2.1-6 libevent-pthreads-2.1-6 libhiredis0.14 libmariadbclient-dev libpq5 libsqlite3-0 libssl1.1 libmongoc-1.0-0 libbson-1.0-0 | ||||||
| RUN apt-get install -y default-mysql-client postgresql-client redis-tools | RUN apt-get install -y default-mysql-client postgresql-client redis-tools | ||||||
| 
 | 
 | ||||||
|  | # Workaround for MongoDB | ||||||
|  | RUN ln -s /bin/echo /bin/systemctl | ||||||
|  | 
 | ||||||
| # Install MongoDB | # Install MongoDB | ||||||
| RUN apt-get update && \ | RUN apt-get update && \ | ||||||
|   apt-get install -y wget gnupg && \ |   apt-get install -y wget gnupg && \ | ||||||
|   wget -qO - https://www.mongodb.org/static/pgp/server-4.0.asc | apt-key add - && \ |   wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - && \ | ||||||
|   echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" | tee /etc/apt/sources.list.d/mongodb-org-4.0.list && \ |   echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.4 main" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list && \ | ||||||
|   echo "deb http://deb.debian.org/debian/ stretch main" | tee /etc/apt/sources.list.d/debian-stretch.list && \ |   echo "deb http://deb.debian.org/debian/ stretch main" | tee /etc/apt/sources.list.d/debian-stretch.list && \ | ||||||
|   apt-get update && \ |   apt-get update && \ | ||||||
|   apt-get install -y libcurl3 mongodb-org mongodb-org-server mongodb-org |   apt-get install -y libcurl3 mongodb-org mongodb-org-server mongodb-org | ||||||
|  | |||||||
| @ -411,9 +411,9 @@ realm=example.org | |||||||
| 
 | 
 | ||||||
| # Uncomment if extra security is desired, | # Uncomment if extra security is desired, | ||||||
| # with nonce value having a limited lifetime. | # with nonce value having a limited lifetime. | ||||||
| # By default, the nonce value is unique for a session, | # The nonce value is unique for a session. | ||||||
| # and has an unlimited lifetime.  |  | ||||||
| # Set this option to limit the nonce lifetime. | # Set this option to limit the nonce lifetime. | ||||||
|  | # Set it to 0 for unlimited lifetime. | ||||||
| # It defaults to 600 secs (10 min) if no value is provided. After that delay, | # It defaults to 600 secs (10 min) if no value is provided. After that delay, | ||||||
| # the client will get 438 error and will have to re-authenticate itself. | # the client will get 438 error and will have to re-authenticate itself. | ||||||
| # | # | ||||||
|  | |||||||
| @ -423,9 +423,9 @@ | |||||||
| 
 | 
 | ||||||
| # Uncomment if extra security is desired, | # Uncomment if extra security is desired, | ||||||
| # with nonce value having a limited lifetime. | # with nonce value having a limited lifetime. | ||||||
| # By default, the nonce value is unique for a session, | # The nonce value is unique for a session. | ||||||
| # and has an unlimited lifetime.  |  | ||||||
| # Set this option to limit the nonce lifetime. | # Set this option to limit the nonce lifetime. | ||||||
|  | # Set it to 0 for unlimited lifetime. | ||||||
| # It defaults to 600 secs (10 min) if no value is provided. After that delay, | # It defaults to 600 secs (10 min) if no value is provided. After that delay, | ||||||
| # the client will get 438 error and will have to re-authenticate itself. | # the client will get 438 error and will have to re-authenticate itself. | ||||||
| # | # | ||||||
| @ -534,6 +534,16 @@ | |||||||
| # | # | ||||||
| #simple-log | #simple-log | ||||||
| 
 | 
 | ||||||
|  | # Enable full ISO-8601 timestamp in all logs. | ||||||
|  | #new-log-timestamp | ||||||
|  | 
 | ||||||
|  | # Set timestamp format (in strftime(1) format) | ||||||
|  | #new-log-timestamp-format "%FT%T%z" | ||||||
|  | 
 | ||||||
|  | # Disabled by default binding logging in verbose log mode to avoid DoS attacks. | ||||||
|  | # Enable binding logging and UDP endpoint logs in verbose log mode. | ||||||
|  | #log-binding | ||||||
|  | 
 | ||||||
| # Option to set the "redirection" mode. The value of this option | # Option to set the "redirection" mode. The value of this option | ||||||
| # will be the address of the alternate server for UDP & TCP service in the form of | # will be the address of the alternate server for UDP & TCP service in the form of | ||||||
| # <ip>[:<port>]. The server will send this value in the attribute | # <ip>[:<port>]. The server will send this value in the attribute | ||||||
| @ -713,6 +723,10 @@ | |||||||
| # | # | ||||||
| #web-admin-listen-on-workers | #web-admin-listen-on-workers | ||||||
| 
 | 
 | ||||||
|  | #acme-redirect=http://redirectserver/.well-known/acme-challenge/ | ||||||
|  | # Redirect ACME, i.e. HTTP GET requests matching '^/.well-known/acme-challenge/(.*)' to '<URL>$1'. | ||||||
|  | # Default is '', i.e. no special handling for such requests. | ||||||
|  | 
 | ||||||
| # Server relay. NON-STANDARD AND DANGEROUS OPTION. | # Server relay. NON-STANDARD AND DANGEROUS OPTION. | ||||||
| # Only for those applications when you want to run | # Only for those applications when you want to run | ||||||
| # server applications on the relay endpoints. | # server applications on the relay endpoints. | ||||||
|  | |||||||
| @ -2,7 +2,7 @@ | |||||||
| 
 | 
 | ||||||
| # Run it from the root of the coturn source tree | # Run it from the root of the coturn source tree | ||||||
| 
 | 
 | ||||||
| V=4.5.1.3 | V=4.5.2 | ||||||
| 
 | 
 | ||||||
| PACKDIR=`pwd`/../coturn-releases/ | PACKDIR=`pwd`/../coturn-releases/ | ||||||
| SRCDIR=`pwd` | SRCDIR=`pwd` | ||||||
|  | |||||||
| @ -1,5 +1,5 @@ | |||||||
| .\" Text automatically generated by txt2man | .\" Text automatically generated by txt2man | ||||||
| .TH TURN 1 "03 August 2020" "" "" | .TH TURN 1 "05 January 2021" "" "" | ||||||
| .SH GENERAL INFORMATION | .SH GENERAL INFORMATION | ||||||
| 
 | 
 | ||||||
| \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage | \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage | ||||||
| @ -48,8 +48,8 @@ is equivalent to: | |||||||
| .fi | .fi | ||||||
| You have always the use the \fB\-r\fP <realm> option with commands for long term credentials \- | You have always the use the \fB\-r\fP <realm> option with commands for long term credentials \- | ||||||
| because data for multiple realms can be stored in the same database. | because data for multiple realms can be stored in the same database. | ||||||
| .SH ===================================== | .PP | ||||||
| 
 | ===================================== | ||||||
| .SS  NAME | .SS  NAME | ||||||
| \fB | \fB | ||||||
| \fBturnadmin \fP\- a TURN relay administration tool. | \fBturnadmin \fP\- a TURN relay administration tool. | ||||||
| @ -288,8 +288,8 @@ $ \fIturnadmin\fP \fB\-\-file\-key\-path\fP <key\-file> \fB\-v\fP <encrypted> | |||||||
| Help: | Help: | ||||||
| .PP | .PP | ||||||
| $ \fIturnadmin\fP \fB\-h\fP | $ \fIturnadmin\fP \fB\-h\fP | ||||||
| .SH ======================================= | .PP | ||||||
| 
 | ======================================= | ||||||
| .SS  DOCS | .SS  DOCS | ||||||
| 
 | 
 | ||||||
| After installation, run the \fIcommand\fP: | After installation, run the \fIcommand\fP: | ||||||
| @ -301,8 +301,8 @@ or in the project root directory: | |||||||
| $ man \fB\-M\fP man \fIturnadmin\fP | $ man \fB\-M\fP man \fIturnadmin\fP | ||||||
| .PP | .PP | ||||||
| to see the man page. | to see the man page. | ||||||
| .SH ===================================== | .PP | ||||||
| 
 | ===================================== | ||||||
| .SS  FILES | .SS  FILES | ||||||
| 
 | 
 | ||||||
| /etc/turnserver.conf | /etc/turnserver.conf | ||||||
| @ -314,8 +314,8 @@ to see the man page. | |||||||
| /var/lib/turn/turndb | /var/lib/turn/turndb | ||||||
| .PP | .PP | ||||||
| /usr/local/etc/turnserver.conf | /usr/local/etc/turnserver.conf | ||||||
| .SH ===================================== | .PP | ||||||
| 
 | ===================================== | ||||||
| .SS  DIRECTORIES | .SS  DIRECTORIES | ||||||
| 
 | 
 | ||||||
| /usr/local/share/\fIturnserver\fP | /usr/local/share/\fIturnserver\fP | ||||||
| @ -323,13 +323,14 @@ to see the man page. | |||||||
| /usr/local/share/doc/\fIturnserver\fP | /usr/local/share/doc/\fIturnserver\fP | ||||||
| .PP | .PP | ||||||
| /usr/local/share/examples/\fIturnserver\fP | /usr/local/share/examples/\fIturnserver\fP | ||||||
| .SH ====================================== | .PP | ||||||
| 
 | ====================================== | ||||||
| .SS  SEE ALSO | .SS  SEE ALSO | ||||||
| 
 | 
 | ||||||
| \fIturnserver\fP, \fIturnutils\fP | \fIturnserver\fP, \fIturnutils\fP | ||||||
| .SH ====================================== | .RE | ||||||
| 
 | .PP | ||||||
|  | ====================================== | ||||||
| .SS  WEB RESOURCES | .SS  WEB RESOURCES | ||||||
| 
 | 
 | ||||||
| project page: | project page: | ||||||
| @ -343,8 +344,9 @@ https://github.com/coturn/coturn/wiki | |||||||
| forum: | forum: | ||||||
| .PP | .PP | ||||||
| https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server/ | https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server/ | ||||||
| .SH ====================================== | .RE | ||||||
| 
 | .PP | ||||||
|  | ====================================== | ||||||
| .SS  AUTHORS | .SS  AUTHORS | ||||||
| 
 | 
 | ||||||
| Oleg Moskalenko <mom040267@gmail.com> | Oleg Moskalenko <mom040267@gmail.com> | ||||||
| @ -373,4 +375,7 @@ Federico Pinna <fpinna@vivocha.com> | |||||||
| .PP | .PP | ||||||
| Bradley T. Hughes <bradleythughes@fastmail.fm> | Bradley T. Hughes <bradleythughes@fastmail.fm> | ||||||
| .PP | .PP | ||||||
| Mihaly Meszaros <misi@majd.eu> | Mihály Mészáros <misi@majd.eu> | ||||||
|  | .SS  ACTIVE MAINTAINERS | ||||||
|  | 
 | ||||||
|  | Mihály Mészáros <misi@majd.eu> | ||||||
|  | |||||||
| @ -1,5 +1,5 @@ | |||||||
| .\" Text automatically generated by txt2man | .\" Text automatically generated by txt2man | ||||||
| .TH TURN 1 "03 August 2020" "" "" | .TH TURN 1 "05 January 2021" "" "" | ||||||
| .SH GENERAL INFORMATION | .SH GENERAL INFORMATION | ||||||
| 
 | 
 | ||||||
| The \fBTURN Server\fP project contains the source code of a TURN server and TURN client | The \fBTURN Server\fP project contains the source code of a TURN server and TURN client | ||||||
| @ -78,8 +78,7 @@ is equivalent to: | |||||||
| 
 | 
 | ||||||
| .fam T | .fam T | ||||||
| .fi | .fi | ||||||
| .SH ===================================== | ===================================== | ||||||
| 
 |  | ||||||
| .SS  NAME | .SS  NAME | ||||||
| \fB | \fB | ||||||
| \fBturnserver \fP\- a TURN relay server implementation. | \fBturnserver \fP\- a TURN relay server implementation. | ||||||
| @ -338,6 +337,18 @@ name will be constructed as\-is, without PID and date appendage. | |||||||
| This option can be used, for example, together with the logrotate tool. | This option can be used, for example, together with the logrotate tool. | ||||||
| .TP | .TP | ||||||
| .B | .B | ||||||
|  | \fB\-\-new\-log\-timestamp\fP | ||||||
|  | Enable full ISO\-8601 timestamp in all logs. | ||||||
|  | .TP | ||||||
|  | .B | ||||||
|  | \fB\-\-new\-log\-timestamp\-format\fP | ||||||
|  | <format>        Set timestamp format (in \fBstrftime\fP(1) format) | ||||||
|  | .TP | ||||||
|  | .B | ||||||
|  | \fB\-\-log\-binding\fP | ||||||
|  | Log STUN binding request. It is now disabled by default to avoid DoS attacks. | ||||||
|  | .TP | ||||||
|  | .B | ||||||
| \fB\-\-secure\-stun\fP | \fB\-\-secure\-stun\fP | ||||||
| Require authentication of the STUN Binding request. | Require authentication of the STUN Binding request. | ||||||
| By default, the clients are allowed anonymous access to the STUN Binding functionality. | By default, the clients are allowed anonymous access to the STUN Binding functionality. | ||||||
| @ -400,9 +411,9 @@ initially used by the session). | |||||||
| .RS | .RS | ||||||
| .TP | .TP | ||||||
| .B | .B | ||||||
| \fB\-\-no\-prometheus\fP | \fB\-\-prometheus\fP | ||||||
| Disable prometheus metrics. By default it is | Enable prometheus metrics. By default it is | ||||||
| enabled and listening on port 9641 unther the path /metrics | disabled. Would listen on port 9641 unther the path /metrics | ||||||
| also the path / on this port can be used as a health check | also the path / on this port can be used as a health check | ||||||
| .RE | .RE | ||||||
| .TP | .TP | ||||||
| @ -416,6 +427,7 @@ Options with values: | |||||||
| \fB\-\-stale\-nonce\fP[=<value>] | \fB\-\-stale\-nonce\fP[=<value>] | ||||||
| Use extra security with nonce value having | Use extra security with nonce value having | ||||||
| limited lifetime, in seconds (default 600 secs). | limited lifetime, in seconds (default 600 secs). | ||||||
|  | Set it to 0 for unlimited nonce lifetime. | ||||||
| .TP | .TP | ||||||
| .B | .B | ||||||
| \fB\-\-max\-allocate\-lifetime\fP | \fB\-\-max\-allocate\-lifetime\fP | ||||||
| @ -780,6 +792,14 @@ Default is /var/run/turnserver.pid (if superuser account is used) or | |||||||
| /var/tmp/turnserver.pid . | /var/tmp/turnserver.pid . | ||||||
| .TP | .TP | ||||||
| .B | .B | ||||||
|  | \fB\-\-acme\-redirect\fP | ||||||
|  | <URL>  Redirect ACME/RFC8555 (like Let's Encrypt challenge) requests, i.e. | ||||||
|  | HTTP GET requests matching '^/.well\-known/acme\-challenge/(.*)' | ||||||
|  | to <URL>$1 with $1 == (.*). No validation of <URL> will be done, | ||||||
|  | so make sure you do not forget the trailing slash. If <URL> is an empty | ||||||
|  | string (the default value), no special handling of such requests will be done. | ||||||
|  | .TP | ||||||
|  | .B | ||||||
| \fB\-\-proc\-user\fP | \fB\-\-proc\-user\fP | ||||||
| User name to run the process. After the initialization, the \fIturnserver\fP process | User name to run the process. After the initialization, the \fIturnserver\fP process | ||||||
| will make an attempt to change the current user ID to that user. | will make an attempt to change the current user ID to that user. | ||||||
| @ -840,15 +860,15 @@ By default it is disabled for security resons! | |||||||
| .B | .B | ||||||
| \fB\-\-ne\fP=[1|2|3] | \fB\-\-ne\fP=[1|2|3] | ||||||
| Set network engine type for the process (for internal purposes). | Set network engine type for the process (for internal purposes). | ||||||
| .SH ================================== | .PP | ||||||
| 
 | ================================== | ||||||
| .SH LOAD BALANCE AND PERFORMANCE TUNING | .SH LOAD BALANCE AND PERFORMANCE TUNING | ||||||
| 
 | 
 | ||||||
| This topic is covered in the wiki page: | This topic is covered in the wiki page: | ||||||
| .PP | .PP | ||||||
| https://github.com/coturn/coturn/wiki/turn_performance_and_load_balance | https://github.com/coturn/coturn/wiki/turn_performance_and_load_balance | ||||||
| .SH =================================== | .PP | ||||||
| 
 | =================================== | ||||||
| .SH WEBRTC USAGE | .SH WEBRTC USAGE | ||||||
| 
 | 
 | ||||||
| This is a set of notes for the WebRTC users: | This is a set of notes for the WebRTC users: | ||||||
| @ -885,8 +905,8 @@ Usually WebRTC uses fingerprinting (\fB\-f\fP). | |||||||
| .IP 5) 4 | .IP 5) 4 | ||||||
| \fB\-\-min\-port\fP and \fB\-\-max\-port\fP may be needed if you want to limit the relay endpoints ports | \fB\-\-min\-port\fP and \fB\-\-max\-port\fP may be needed if you want to limit the relay endpoints ports | ||||||
| number range. | number range. | ||||||
| .SH =================================== | .PP | ||||||
| 
 | =================================== | ||||||
| .SH TURN REST API | .SH TURN REST API | ||||||
| 
 | 
 | ||||||
| In WebRTC, the browser obtains the TURN connection information from the web | In WebRTC, the browser obtains the TURN connection information from the web | ||||||
| @ -1024,8 +1044,8 @@ examples/scripts/restapi/shared_secret_maintainer.pl . | |||||||
| .PP | .PP | ||||||
| A very important thing is that the nonce must be totally random and it must be | A very important thing is that the nonce must be totally random and it must be | ||||||
| different for different clients and different sessions. | different for different clients and different sessions. | ||||||
| .SH =================================== | .PP | ||||||
| 
 | =================================== | ||||||
| .SH DATABASES | .SH DATABASES | ||||||
| 
 | 
 | ||||||
| For the user database, the \fIturnserver\fP has the following \fIoptions\fP: | For the user database, the \fIturnserver\fP has the following \fIoptions\fP: | ||||||
| @ -1088,8 +1108,8 @@ it will set the users for you (see the \fIturnadmin\fP manuals). If you are usin | |||||||
| \fIturnserver\fP or \fIturnadmin\fP will initialize the empty database, for you, when started. The | \fIturnserver\fP or \fIturnadmin\fP will initialize the empty database, for you, when started. The | ||||||
| TURN server installation process creates an empty initialized SQLite database in the default | TURN server installation process creates an empty initialized SQLite database in the default | ||||||
| location (/var/db/turndb or /usr/local/var/db/turndb or /var/lib/turn/turndb, depending on the system). | location (/var/db/turndb or /usr/local/var/db/turndb or /var/lib/turn/turndb, depending on the system). | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH ALPN | .SH ALPN | ||||||
| 
 | 
 | ||||||
| The server supports ALPNs "stun.turn" and "stun.nat\-discovery", when | The server supports ALPNs "stun.turn" and "stun.nat\-discovery", when | ||||||
| @ -1098,16 +1118,16 @@ ClientHello message that contains one or both of those ALPNs, then the | |||||||
| server chooses the first stun.* label and sends it back (in the ServerHello) | server chooses the first stun.* label and sends it back (in the ServerHello) | ||||||
| in the ALPN extension field. If no stun.* label is found, then the server | in the ALPN extension field. If no stun.* label is found, then the server | ||||||
| does not include the ALPN information into the ServerHello. | does not include the ALPN information into the ServerHello. | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH LIBRARIES | .SH LIBRARIES | ||||||
| 
 | 
 | ||||||
| In the lib/ sub\-directory the build process will create TURN client messaging library. | In the lib/ sub\-directory the build process will create TURN client messaging library. | ||||||
| In the include/ sub\-directory, the necessary include files will be placed. | In the include/ sub\-directory, the necessary include files will be placed. | ||||||
| The C++ wrapper for the messaging functionality is located in TurnMsgLib.h header. | The C++ wrapper for the messaging functionality is located in TurnMsgLib.h header. | ||||||
| An example of C++ code can be found in stunclient.c file. | An example of C++ code can be found in stunclient.c file. | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH DOCS | .SH DOCS | ||||||
| 
 | 
 | ||||||
| After installation, run the command: | After installation, run the command: | ||||||
| @ -1122,8 +1142,8 @@ to see the man page. | |||||||
| .PP | .PP | ||||||
| In the docs/html subdirectory of the original archive tree, you will find the client library | In the docs/html subdirectory of the original archive tree, you will find the client library | ||||||
| reference. After the installation, it will be placed in PREFIX/share/doc/\fIturnserver\fP/html. | reference. After the installation, it will be placed in PREFIX/share/doc/\fIturnserver\fP/html. | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH LOGS | .SH LOGS | ||||||
| 
 | 
 | ||||||
| When the \fBTURN Server\fP starts, it makes efforts to create a log file turn_<pid>.log | When the \fBTURN Server\fP starts, it makes efforts to create a log file turn_<pid>.log | ||||||
| @ -1146,8 +1166,8 @@ log messages are sent only to the standard output of the process. | |||||||
| .PP | .PP | ||||||
| This behavior can be controlled by \fB\-\-log\-file\fP, \fB\-\-syslog\fP and \fB\-\-no\-stdout\-log\fP | This behavior can be controlled by \fB\-\-log\-file\fP, \fB\-\-syslog\fP and \fB\-\-no\-stdout\-log\fP | ||||||
| \fIoptions\fP. | \fIoptions\fP. | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH HTTPS MANAGEMENT INTERFACE | .SH HTTPS MANAGEMENT INTERFACE | ||||||
| 
 | 
 | ||||||
| The \fIturnserver\fP process provides an HTTPS Web access as statistics and basic | The \fIturnserver\fP process provides an HTTPS Web access as statistics and basic | ||||||
| @ -1160,8 +1180,8 @@ populated with the admin user \fBaccount\fP(s). An admin user can be a superuser | |||||||
| (if not assigned to a particular realm) or a restricted user (if assigned to | (if not assigned to a particular realm) or a restricted user (if assigned to | ||||||
| a realm). The restricted admin users can perform only limited actions, within | a realm). The restricted admin users can perform only limited actions, within | ||||||
| their corresponding realms. | their corresponding realms. | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH TELNET CLI | .SH TELNET CLI | ||||||
| 
 | 
 | ||||||
| The \fIturnserver\fP process provides a telnet CLI access as statistics and basic management | The \fIturnserver\fP process provides a telnet CLI access as statistics and basic management | ||||||
| @ -1169,8 +1189,8 @@ interface. By default, the \fIturnserver\fP starts a telnet CLI listener on IP 1 | |||||||
| port 5766. That can be changed by the command\-cline \fIoptions\fP of the \fIturnserver\fP process | port 5766. That can be changed by the command\-cline \fIoptions\fP of the \fIturnserver\fP process | ||||||
| (see \fB\-\-cli\-ip\fP and \fB\-\-cli\-port\fP \fIoptions\fP). The full list of telnet CLI commands is provided | (see \fB\-\-cli\-ip\fP and \fB\-\-cli\-port\fP \fIoptions\fP). The full list of telnet CLI commands is provided | ||||||
| in "help" command output in the telnet CLI. | in "help" command output in the telnet CLI. | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH CLUSTERS | .SH CLUSTERS | ||||||
| 
 | 
 | ||||||
| \fBTURN Server\fP can be a part of the cluster installation. But, to support the "even port" functionality | \fBTURN Server\fP can be a part of the cluster installation. But, to support the "even port" functionality | ||||||
| @ -1179,8 +1199,8 @@ in "help" command output in the telnet CLI. | |||||||
| the RTP and RTCP relaying endpoints must be allocated on the same relay IP. It would be possible | the RTP and RTCP relaying endpoints must be allocated on the same relay IP. It would be possible | ||||||
| to design a scheme with the application\-level requests forwarding (and we may do that later) but | to design a scheme with the application\-level requests forwarding (and we may do that later) but | ||||||
| it would affect the performance. | it would affect the performance. | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH FILES | .SH FILES | ||||||
| 
 | 
 | ||||||
| /etc/turnserver.conf | /etc/turnserver.conf | ||||||
| @ -1192,8 +1212,8 @@ it would affect the performance. | |||||||
| /var/lib/turn/turndb | /var/lib/turn/turndb | ||||||
| .PP | .PP | ||||||
| /usr/local/etc/turnserver.conf | /usr/local/etc/turnserver.conf | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH DIRECTORIES | .SH DIRECTORIES | ||||||
| 
 | 
 | ||||||
| /usr/local/share/\fIturnserver\fP | /usr/local/share/\fIturnserver\fP | ||||||
| @ -1201,15 +1221,16 @@ it would affect the performance. | |||||||
| /usr/local/share/doc/\fIturnserver\fP | /usr/local/share/doc/\fIturnserver\fP | ||||||
| .PP | .PP | ||||||
| /usr/local/share/examples/\fIturnserver\fP | /usr/local/share/examples/\fIturnserver\fP | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH STANDARDS | .SH STANDARDS | ||||||
| 
 | 
 | ||||||
| obsolete STUN RFC 3489 | obsolete STUN RFC 3489 | ||||||
| .PP | .PP | ||||||
| new STUN RFC 5389 | new STUN RFC 5389 | ||||||
| .SH TURN RFC 5766 | .PP | ||||||
| 
 | TURN RFC 5766 | ||||||
|  | .PP | ||||||
| TURN\-TCP extension RFC 6062 | TURN\-TCP extension RFC 6062 | ||||||
| .PP | .PP | ||||||
| TURN IPv6 extension RFC 6156 | TURN IPv6 extension RFC 6156 | ||||||
| @ -1217,13 +1238,14 @@ TURN IPv6 extension RFC 6156 | |||||||
| STUN/TURN test vectors RFC 5769 | STUN/TURN test vectors RFC 5769 | ||||||
| .PP | .PP | ||||||
| STUN NAT behavior discovery RFC 5780 | STUN NAT behavior discovery RFC 5780 | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH SEE ALSO | .SH SEE ALSO | ||||||
| 
 | 
 | ||||||
| \fIturnadmin\fP, \fIturnutils\fP | \fIturnadmin\fP, \fIturnutils\fP | ||||||
| .SH ====================================== | .RE | ||||||
| 
 | .PP | ||||||
|  | ====================================== | ||||||
| .SS  WEB RESOURCES | .SS  WEB RESOURCES | ||||||
| 
 | 
 | ||||||
| project page: | project page: | ||||||
| @ -1237,8 +1259,8 @@ https://github.com/coturn/coturn/wiki | |||||||
| forum: | forum: | ||||||
| .PP | .PP | ||||||
| https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server | https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server | ||||||
| .SH ====================================== | .PP | ||||||
| 
 | ====================================== | ||||||
| .SS  AUTHORS | .SS  AUTHORS | ||||||
| 
 | 
 | ||||||
| Oleg Moskalenko <mom040267@gmail.com> | Oleg Moskalenko <mom040267@gmail.com> | ||||||
| @ -1266,5 +1288,9 @@ Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp> | |||||||
| Federico Pinna <fpinna@vivocha.com> | Federico Pinna <fpinna@vivocha.com> | ||||||
| .PP | .PP | ||||||
| Bradley T. Hughes <bradleythughes@fastmail.fm> | Bradley T. Hughes <bradleythughes@fastmail.fm> | ||||||
|  | .RE | ||||||
| .PP | .PP | ||||||
| Mihaly Meszaros <misi@majd.eu> | Mihály Mészáros <misi@majd.eu> | ||||||
|  | .SS  ACTIVE MAINTAINERS | ||||||
|  | 
 | ||||||
|  | Mihály Mészáros <misi@majd.eu> | ||||||
|  | |||||||
| @ -1,5 +1,5 @@ | |||||||
| .\" Text automatically generated by txt2man | .\" Text automatically generated by txt2man | ||||||
| .TH TURN 1 "03 August 2020" "" "" | .TH TURN 1 "05 January 2021" "" "" | ||||||
| .SH GENERAL INFORMATION | .SH GENERAL INFORMATION | ||||||
| 
 | 
 | ||||||
| A set of turnutils_* programs provides some utility functionality to be used | A set of turnutils_* programs provides some utility functionality to be used | ||||||
| @ -63,8 +63,8 @@ script in examples/scripts/oauth.sh. | |||||||
| .RE | .RE | ||||||
| .PP | .PP | ||||||
| 
 | 
 | ||||||
| .SH ===================================== | .RS | ||||||
| 
 | ===================================== | ||||||
| .SS  NAME | .SS  NAME | ||||||
| \fB | \fB | ||||||
| \fBturnutils_uclient \fP\- this client emulation application is supplied for the test purposes only. | \fBturnutils_uclient \fP\- this client emulation application is supplied for the test purposes only. | ||||||
| @ -276,8 +276,8 @@ the ORIGIN STUN attribute value. | |||||||
| Bandwidth for the bandwidth request in ALLOCATE. The default value is zero. | Bandwidth for the bandwidth request in ALLOCATE. The default value is zero. | ||||||
| .PP | .PP | ||||||
| See the examples in the "examples/scripts" directory. | See the examples in the "examples/scripts" directory. | ||||||
| .SH ====================================== | .PP | ||||||
| 
 | ====================================== | ||||||
| .SS  NAME | .SS  NAME | ||||||
| \fB | \fB | ||||||
| \fBturnutils_peer \fP\- a simple UDP\-only echo backend server. | \fBturnutils_peer \fP\- a simple UDP\-only echo backend server. | ||||||
| @ -314,8 +314,8 @@ If no listener \fBaddress\fP(es) defined, then it listens on all IPv4 and IPv6 a | |||||||
| .B | .B | ||||||
| \fB\-v\fP | \fB\-v\fP | ||||||
| Verbose | Verbose | ||||||
| .SH ======================================== | .PP | ||||||
| 
 | ======================================== | ||||||
| .SS  NAME | .SS  NAME | ||||||
| \fB | \fB | ||||||
| \fBturnutils_stunclient \fP\- a basic STUN client. | \fBturnutils_stunclient \fP\- a basic STUN client. | ||||||
| @ -354,8 +354,8 @@ and if it finds that the STUN server supports RFC 5780 | |||||||
| requests with different parameters, to demonstrate the NAT discovery capabilities. | requests with different parameters, to demonstrate the NAT discovery capabilities. | ||||||
| .PP | .PP | ||||||
| This utility does not support the "old" "classic" STUN protocol (RFC 3489). | This utility does not support the "old" "classic" STUN protocol (RFC 3489). | ||||||
| .SH ===================================== | .PP | ||||||
| 
 | ===================================== | ||||||
| .SS  NAME | .SS  NAME | ||||||
| \fB | \fB | ||||||
| \fBturnutils_rfc5769check \fP\- a utility that tests the correctness of STUN protocol implementation. | \fBturnutils_rfc5769check \fP\- a utility that tests the correctness of STUN protocol implementation. | ||||||
| @ -380,8 +380,8 @@ check procedure, it is not copied to the installation destination. | |||||||
| Usage: | Usage: | ||||||
| .PP | .PP | ||||||
| $ \fIturnutils_rfc5769check\fP | $ \fIturnutils_rfc5769check\fP | ||||||
| .SH ===================================== | .PP | ||||||
| 
 | ===================================== | ||||||
| .SS  NAME | .SS  NAME | ||||||
| \fB | \fB | ||||||
| \fBturnutils_natdiscovery \fP\- a utility that discovers NAT mapping and filtering | \fBturnutils_natdiscovery \fP\- a utility that discovers NAT mapping and filtering | ||||||
| @ -462,8 +462,8 @@ Used by mapping lifetime behavior discovery | |||||||
| Usage: | Usage: | ||||||
| .PP | .PP | ||||||
| $ \fIturnutils_natdiscovery\fP \fB\-m\fP \fB\-f\fP stun.example.com | $ \fIturnutils_natdiscovery\fP \fB\-m\fP \fB\-f\fP stun.example.com | ||||||
| .SH ===================================== | .PP | ||||||
| 
 | ===================================== | ||||||
| .SS  NAME | .SS  NAME | ||||||
| \fB | \fB | ||||||
| \fBturnutils_oauth \fP\- a utility that helps OAuth access_token generation/encryption and validation/decyption | \fBturnutils_oauth \fP\- a utility that helps OAuth access_token generation/encryption and validation/decyption | ||||||
| @ -568,8 +568,8 @@ stun client hmac algorithm | |||||||
| Usage: | Usage: | ||||||
| .PP | .PP | ||||||
| $ \fIturnutils_natdiscovery\fP | $ \fIturnutils_natdiscovery\fP | ||||||
| .SH =================================== | .PP | ||||||
| 
 | =================================== | ||||||
| .SH DOCS | .SH DOCS | ||||||
| 
 | 
 | ||||||
| After installation, run the command: | After installation, run the command: | ||||||
| @ -581,8 +581,8 @@ or in the project root directory: | |||||||
| $ man \fB\-M\fP man \fIturnutils\fP | $ man \fB\-M\fP man \fIturnutils\fP | ||||||
| .PP | .PP | ||||||
| to see the man page. | to see the man page. | ||||||
| .SH ===================================== | .PP | ||||||
| 
 | ===================================== | ||||||
| .SH FILES | .SH FILES | ||||||
| 
 | 
 | ||||||
| /etc/turnserver.conf | /etc/turnserver.conf | ||||||
| @ -594,8 +594,8 @@ to see the man page. | |||||||
| /var/lib/turn/turndb | /var/lib/turn/turndb | ||||||
| .PP | .PP | ||||||
| /usr/local/etc/turnserver.conf | /usr/local/etc/turnserver.conf | ||||||
| .SH ================================= | .PP | ||||||
| 
 | ================================= | ||||||
| .SH DIRECTORIES | .SH DIRECTORIES | ||||||
| 
 | 
 | ||||||
| /usr/local/share/\fIturnserver\fP | /usr/local/share/\fIturnserver\fP | ||||||
| @ -603,13 +603,14 @@ to see the man page. | |||||||
| /usr/local/share/doc/\fIturnserver\fP | /usr/local/share/doc/\fIturnserver\fP | ||||||
| .PP | .PP | ||||||
| /usr/local/share/examples/\fIturnserver\fP | /usr/local/share/examples/\fIturnserver\fP | ||||||
| .SH =================================== | .PP | ||||||
| 
 | =================================== | ||||||
| .SH STANDARDS | .SH STANDARDS | ||||||
| 
 | 
 | ||||||
| new STUN RFC 5389 | new STUN RFC 5389 | ||||||
| .SH TURN RFC 5766 | .PP | ||||||
| 
 | TURN RFC 5766 | ||||||
|  | .PP | ||||||
| TURN\-TCP extension RFC 6062 | TURN\-TCP extension RFC 6062 | ||||||
| .PP | .PP | ||||||
| TURN IPv6 extension RFC 6156 | TURN IPv6 extension RFC 6156 | ||||||
| @ -617,13 +618,14 @@ TURN IPv6 extension RFC 6156 | |||||||
| STUN/TURN test vectors RFC 5769 | STUN/TURN test vectors RFC 5769 | ||||||
| .PP | .PP | ||||||
| STUN NAT behavior discovery RFC 5780 | STUN NAT behavior discovery RFC 5780 | ||||||
| .SH ==================================== | .PP | ||||||
| 
 | ==================================== | ||||||
| .SH SEE ALSO | .SH SEE ALSO | ||||||
| 
 | 
 | ||||||
| \fIturnserver\fP, \fIturnadmin\fP | \fIturnserver\fP, \fIturnadmin\fP | ||||||
| .SH ====================================== | .RE | ||||||
| 
 | .PP | ||||||
|  | ====================================== | ||||||
| .SS  WEB RESOURCES | .SS  WEB RESOURCES | ||||||
| 
 | 
 | ||||||
| project page: | project page: | ||||||
| @ -637,8 +639,9 @@ https://github.com/coturn/coturn/wiki | |||||||
| forum: | forum: | ||||||
| .PP | .PP | ||||||
| https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server/ | https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server/ | ||||||
| .SH ====================================== | .RE | ||||||
| 
 | .PP | ||||||
|  | ====================================== | ||||||
| .SS  AUTHORS | .SS  AUTHORS | ||||||
| 
 | 
 | ||||||
| Oleg Moskalenko <mom040267@gmail.com> | Oleg Moskalenko <mom040267@gmail.com> | ||||||
| @ -667,4 +670,7 @@ Federico Pinna <fpinna@vivocha.com> | |||||||
| .PP | .PP | ||||||
| Bradley T. Hughes <bradleythughes@fastmail.fm> | Bradley T. Hughes <bradleythughes@fastmail.fm> | ||||||
| .PP | .PP | ||||||
| Mihaly Meszaros <misi@majd.eu> | Mihály Mészáros <misi@majd.eu> | ||||||
|  | .SS  ACTIVE MAINTAINERS | ||||||
|  | 
 | ||||||
|  | Mihály Mészáros <misi@majd.eu> | ||||||
|  | |||||||
| @ -2,7 +2,7 @@ | |||||||
| 
 | 
 | ||||||
| # Common settings script. | # Common settings script. | ||||||
| 
 | 
 | ||||||
| TURNVERSION=4.5.1.3 | TURNVERSION=4.5.2 | ||||||
| BUILDDIR=~/rpmbuild | BUILDDIR=~/rpmbuild | ||||||
| ARCH=`uname -p` | ARCH=`uname -p` | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -1,5 +1,5 @@ | |||||||
| Name:		turnserver | Name:		turnserver | ||||||
| Version:	4.5.1.3 | Version:	4.5.2 | ||||||
| Release:	0%{dist} | Release:	0%{dist} | ||||||
| Summary:	Coturn TURN Server | Summary:	Coturn TURN Server | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -42,9 +42,4 @@ | |||||||
| #include <openssl/dh.h> | #include <openssl/dh.h> | ||||||
| #include <openssl/bn.h> | #include <openssl/bn.h> | ||||||
| 
 | 
 | ||||||
| #if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) |  | ||||||
| #undef OPENSSL_VERSION_NUMBER |  | ||||||
| #define OPENSSL_VERSION_NUMBER 0x1000107FL |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #endif //__NST_OPENSSL_LIB__
 | #endif //__NST_OPENSSL_LIB__
 | ||||||
|  | |||||||
| @ -158,42 +158,16 @@ void set_no_stdout_log(int val) | |||||||
| 	no_stdout_log = val; | 	no_stdout_log = val; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void turn_log_func_default(TURN_LOG_LEVEL level, const char* format, ...) | #define MAX_LOG_TIMESTAMP_FORMAT_LEN 48 | ||||||
| { | static char turn_log_timestamp_format[MAX_LOG_TIMESTAMP_FORMAT_LEN] = "%FT%T%z"; | ||||||
| #if !defined(TURN_LOG_FUNC_IMPL) |  | ||||||
| 	{ |  | ||||||
| 		va_list args; |  | ||||||
| 		va_start(args,format); |  | ||||||
| 		vrtpprintf(level, format, args); |  | ||||||
| 		va_end(args); |  | ||||||
| 	} |  | ||||||
| #endif |  | ||||||
| 
 | 
 | ||||||
|  | void set_turn_log_timestamp_format(char* new_format) | ||||||
| { | { | ||||||
| 		va_list args; | 	strncpy(turn_log_timestamp_format, new_format, MAX_LOG_TIMESTAMP_FORMAT_LEN-1); | ||||||
| 		va_start(args,format); |  | ||||||
| #if defined(TURN_LOG_FUNC_IMPL) |  | ||||||
| 		TURN_LOG_FUNC_IMPL(level,format,args); |  | ||||||
| #else |  | ||||||
| #define MAX_RTPPRINTF_BUFFER_SIZE (1024) |  | ||||||
| 		char s[MAX_RTPPRINTF_BUFFER_SIZE+1]; |  | ||||||
| #undef MAX_RTPPRINTF_BUFFER_SIZE |  | ||||||
| 		if (level == TURN_LOG_LEVEL_ERROR) { |  | ||||||
| 			snprintf(s,sizeof(s)-100,"%lu: ERROR: ",(unsigned long)log_time()); |  | ||||||
| 			size_t slen = strlen(s); |  | ||||||
| 			vsnprintf(s+slen,sizeof(s)-slen-1,format, args); |  | ||||||
| 			fwrite(s,strlen(s),1,stdout); |  | ||||||
| 		} else if(!no_stdout_log) { |  | ||||||
| 			snprintf(s,sizeof(s)-100,"%lu: ",(unsigned long)log_time()); |  | ||||||
| 			size_t slen = strlen(s); |  | ||||||
| 			vsnprintf(s+slen,sizeof(s)-slen-1,format, args); |  | ||||||
| 			fwrite(s,strlen(s),1,stdout); |  | ||||||
| 		} |  | ||||||
| #endif |  | ||||||
| 		va_end(args); |  | ||||||
| 	} |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | int use_new_log_timestamp_format = 0; | ||||||
|  | 
 | ||||||
| void addr_debug_print(int verbose, const ioa_addr *addr, const char* s) | void addr_debug_print(int verbose, const ioa_addr *addr, const char* s) | ||||||
| { | { | ||||||
| 	if (verbose) { | 	if (verbose) { | ||||||
| @ -512,20 +486,29 @@ static int get_syslog_level(TURN_LOG_LEVEL level) | |||||||
| 	return LOG_INFO; | 	return LOG_INFO; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| int vrtpprintf(TURN_LOG_LEVEL level, const char *format, va_list args) | void turn_log_func_default(TURN_LOG_LEVEL level, const char* format, ...) | ||||||
| { | { | ||||||
|  | 	va_list args; | ||||||
|  | 	va_start(args,format); | ||||||
|  | #if defined(TURN_LOG_FUNC_IMPL) | ||||||
|  | 	TURN_LOG_FUNC_IMPL(level,format,args); | ||||||
|  | #else | ||||||
| 	/* Fix for Issue 24, raised by John Selbie: */ | 	/* Fix for Issue 24, raised by John Selbie: */ | ||||||
| #define MAX_RTPPRINTF_BUFFER_SIZE (1024) | #define MAX_RTPPRINTF_BUFFER_SIZE (1024) | ||||||
| 	char s[MAX_RTPPRINTF_BUFFER_SIZE+1]; | 	char s[MAX_RTPPRINTF_BUFFER_SIZE+1]; | ||||||
| #undef MAX_RTPPRINTF_BUFFER_SIZE | #undef MAX_RTPPRINTF_BUFFER_SIZE | ||||||
| 
 | 	size_t so_far = 0; | ||||||
| 	size_t sz; | 	if (use_new_log_timestamp_format) { | ||||||
| 
 | 		time_t now = time(NULL); | ||||||
| 	snprintf(s, sizeof(s), "%lu: ",(unsigned long)log_time()); | 		so_far += strftime(s, sizeof(s), turn_log_timestamp_format, localtime(&now)); | ||||||
| 	sz=strlen(s); | 	} else { | ||||||
| 	vsnprintf(s+sz, sizeof(s)-1-sz, format, args); | 		so_far += snprintf(s, sizeof(s), "%lu: ", (unsigned long)log_time()); | ||||||
| 	s[sizeof(s)-1]=0; | 	} | ||||||
| 
 | 	so_far += snprintf(s + so_far, sizeof(s)-100, (level == TURN_LOG_LEVEL_ERROR) ? ": ERROR: " : ": "); | ||||||
|  | 	so_far += vsnprintf(s + so_far,sizeof(s) - (so_far+1), format, args); | ||||||
|  | 	/* always write to stdout */ | ||||||
|  | 	fwrite(s, so_far, 1, stdout); | ||||||
|  | 	/* write to syslog or to log file */ | ||||||
| 	if(to_syslog) { | 	if(to_syslog) { | ||||||
| 		syslog(get_syslog_level(level),"%s",s); | 		syslog(get_syslog_level(level),"%s",s); | ||||||
| 	} else { | 	} else { | ||||||
| @ -538,16 +521,9 @@ int vrtpprintf(TURN_LOG_LEVEL level, const char *format, va_list args) | |||||||
| 		} | 		} | ||||||
| 		log_unlock(); | 		log_unlock(); | ||||||
| 	} | 	} | ||||||
| 
 | #endif | ||||||
| 	return 0; |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| void rtpprintf(const char *format, ...) |  | ||||||
| { |  | ||||||
| 	va_list args; |  | ||||||
| 	va_start (args, format); |  | ||||||
| 	vrtpprintf(TURN_LOG_LEVEL_INFO, format, args); |  | ||||||
| 	va_end(args); | 	va_end(args); | ||||||
|  | 
 | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ///////////// ORIGIN ///////////////////
 | ///////////// ORIGIN ///////////////////
 | ||||||
|  | |||||||
| @ -61,6 +61,8 @@ void set_no_stdout_log(int val); | |||||||
| void set_log_to_syslog(int val); | void set_log_to_syslog(int val); | ||||||
| void set_simple_log(int val); | void set_simple_log(int val); | ||||||
| 
 | 
 | ||||||
|  | void set_turn_log_timestamp_format(char* new_format); | ||||||
|  | 
 | ||||||
| void turn_log_func_default(TURN_LOG_LEVEL level, const char* format, ...); | void turn_log_func_default(TURN_LOG_LEVEL level, const char* format, ...); | ||||||
| 
 | 
 | ||||||
| void addr_debug_print(int verbose, const ioa_addr *addr, const char* s); | void addr_debug_print(int verbose, const ioa_addr *addr, const char* s); | ||||||
| @ -69,6 +71,7 @@ void addr_debug_print(int verbose, const ioa_addr *addr, const char* s); | |||||||
| 
 | 
 | ||||||
| extern volatile int _log_time_value_set; | extern volatile int _log_time_value_set; | ||||||
| extern volatile turn_time_t _log_time_value; | extern volatile turn_time_t _log_time_value; | ||||||
|  | extern int use_new_log_timestamp_format; | ||||||
| 
 | 
 | ||||||
| void rtpprintf(const char *format, ...); | void rtpprintf(const char *format, ...); | ||||||
| int vrtpprintf(TURN_LOG_LEVEL level, const char *format, va_list args); | int vrtpprintf(TURN_LOG_LEVEL level, const char *format, va_list args); | ||||||
|  | |||||||
							
								
								
									
										92
									
								
								src/apps/relay/acme.c
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										92
									
								
								src/apps/relay/acme.c
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,92 @@ | |||||||
|  | 
 | ||||||
|  | /*
 | ||||||
|  |  * Copyright (C) 2020 Jens Elkner.  All rights reserved. | ||||||
|  |  * | ||||||
|  |  * License: MIT - see https://opensource.org/licenses/MIT
 | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | #include "acme.h" | ||||||
|  | #include "ns_ioalib_impl.h" | ||||||
|  | 
 | ||||||
|  | #define GET_ACME_PREFIX "GET /.well-known/acme-challenge/" | ||||||
|  | #define GET_ACME_PREFIX_LEN 32 | ||||||
|  | 
 | ||||||
|  | static int is_acme_req(char *req, size_t len) { | ||||||
|  | 	static const char *A = "                                             -  0123456789       ABCDEFGHIJKLMNOPQRSTUVWXYZ    _ abcdefghijklmnopqrstuvwxyz     "; | ||||||
|  | 	int c, i, k; | ||||||
|  | 
 | ||||||
|  | 	// Check first request line. Should be like: GET path HTTP/1.x
 | ||||||
|  | 	if (strncmp(req, GET_ACME_PREFIX, GET_ACME_PREFIX_LEN)) | ||||||
|  | 		return -1; | ||||||
|  | 	// Usually (for LE) the "method path" is 32 + 43 = 55 chars. But other
 | ||||||
|  | 	// implementations may choose longer pathes. We define PATHMAX = 127 chars
 | ||||||
|  | 	// to be prepared for "DoS" attacks (STUN msg size max. is ~ 64K).
 | ||||||
|  | 	len =- 21;					// min size of trailing headers
 | ||||||
|  | 	if (len > 131) | ||||||
|  | 		len = 131; | ||||||
|  | 	for (i=GET_ACME_PREFIX_LEN; i < (int) len; i++) { | ||||||
|  | 		// find the end of the path
 | ||||||
|  | 		if (req[i] != ' ') | ||||||
|  | 			continue; | ||||||
|  | 		// consider path < 10 chars invalid. Also we wanna see a "trailer".
 | ||||||
|  | 		if (i < (GET_ACME_PREFIX_LEN + 10) || strncmp(req + i, " HTTP/1.", 8)) | ||||||
|  | 			return -2; | ||||||
|  | 		// finally check for allowed chars
 | ||||||
|  | 		for (k=GET_ACME_PREFIX_LEN; k < i; k++) { | ||||||
|  | 			c = req[k]; | ||||||
|  | 			if ((c > 127) || (A[c] == ' ')) | ||||||
|  | 				return -3; | ||||||
|  | 		} | ||||||
|  | 		// all checks passed: sufficient for us to answer with a redirect
 | ||||||
|  | 		return i; | ||||||
|  | 	} | ||||||
|  | 	return -4;		// end of path not found
 | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | int try_acme_redirect(char *req, size_t len, const char *url, | ||||||
|  | 	ioa_socket_handle s) | ||||||
|  | { | ||||||
|  | 	static const char *HTML =  | ||||||
|  | 		"<html><head><title>301 Moved Permanently</title></head>\
 | ||||||
|  | 		<body><h1>301 Moved Permanently</h1></body></html>"; | ||||||
|  | 	char http_response[1024]; | ||||||
|  | 	size_t plen, rlen; | ||||||
|  | 
 | ||||||
|  | 	if (url == NULL || url[0] == '\0' || req == NULL || s == 0 ) | ||||||
|  | 		return 1; | ||||||
|  | 	if (len < (GET_ACME_PREFIX_LEN + 32) || len > (512 - GET_ACME_PREFIX_LEN) | ||||||
|  | 			|| (plen = is_acme_req(req, len)) < (GET_ACME_PREFIX_LEN + 1)) | ||||||
|  | 		return 2; | ||||||
|  | 
 | ||||||
|  | 	req[plen] = '\0'; | ||||||
|  | 
 | ||||||
|  | 	snprintf(http_response, sizeof(http_response) - 1, | ||||||
|  | 		"HTTP/1.1 301 Moved Permanently\r\n" | ||||||
|  | 		"Content-Type: text/html\r\n" | ||||||
|  | 		"Content-Length: %ld\r\n" | ||||||
|  | 		"Connection: close\r\n" | ||||||
|  | 		"Location: %s%s\r\n" | ||||||
|  | 		"\r\n%s", strlen(HTML), url, req + GET_ACME_PREFIX_LEN, HTML); | ||||||
|  | 
 | ||||||
|  | 	rlen = strlen(http_response); | ||||||
|  | 
 | ||||||
|  | #ifdef LIBEV_OK | ||||||
|  | 	ioa_network_buffer_handle nbh_acme = ioa_network_buffer_allocate(s->e); | ||||||
|  | 	uint8_t *data = ioa_network_buffer_data(nbh_acme); | ||||||
|  | 	bcopy(http_response, data, rlen); | ||||||
|  | 	ioa_network_buffer_set_size(nbh_acme, rlen); | ||||||
|  | 	send_data_from_ioa_socket_nbh(s, NULL, nbh_acme, TTL_IGNORE, TOS_IGNORE, NULL); | ||||||
|  | #else | ||||||
|  | 	if (write(s->fd, http_response, rlen) == -1) { | ||||||
|  | 		TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, | ||||||
|  | 			"Sending redirect to '%s%s' failed",url, req + GET_ACME_PREFIX_LEN); | ||||||
|  | 	} else if (((turn_turnserver *)s->session->server)->verbose) { | ||||||
|  | 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "ACME redirected to %s%s\n", | ||||||
|  | 			url, req + GET_ACME_PREFIX_LEN); | ||||||
|  | 	} | ||||||
|  | #endif | ||||||
|  | 
 | ||||||
|  | 	req[plen] = ' '; | ||||||
|  | 
 | ||||||
|  | 	return 0; | ||||||
|  | } | ||||||
							
								
								
									
										57
									
								
								src/apps/relay/acme.h
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								src/apps/relay/acme.h
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,57 @@ | |||||||
|  | /*
 | ||||||
|  |  * Copyright (C) 2011, 2012, 2013, 2014 Citrix Systems | ||||||
|  |  * | ||||||
|  |  * All rights reserved. | ||||||
|  |  * | ||||||
|  |  * Redistribution and use in source and binary forms, with or without | ||||||
|  |  * modification, are permitted provided that the following conditions | ||||||
|  |  * are met: | ||||||
|  |  * 1. Redistributions of source code must retain the above copyright | ||||||
|  |  *    notice, this list of conditions and the following disclaimer. | ||||||
|  |  * 2. Redistributions in binary form must reproduce the above copyright | ||||||
|  |  *    notice, this list of conditions and the following disclaimer in the | ||||||
|  |  *    documentation and/or other materials provided with the distribution. | ||||||
|  |  * 3. Neither the name of the project nor the names of its contributors | ||||||
|  |  *    may be used to endorse or promote products derived from this software | ||||||
|  |  *    without specific prior written permission. | ||||||
|  |  * | ||||||
|  |  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | ||||||
|  |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||||||
|  |  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||||||
|  |  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | ||||||
|  |  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||||||
|  |  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||||||
|  |  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||||
|  |  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||||
|  |  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||||
|  |  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||||
|  |  * SUCH DAMAGE. | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | #ifndef __TURN_ACME__ | ||||||
|  | #define __TURN_ACME__ | ||||||
|  | 
 | ||||||
|  | #include "ns_turn_utils.h" | ||||||
|  | #include "ns_turn_server.h" | ||||||
|  | #include "apputils.h" | ||||||
|  | 
 | ||||||
|  | #include <stdlib.h> | ||||||
|  | #include <stdio.h> | ||||||
|  | 
 | ||||||
|  | #ifdef __cplusplus | ||||||
|  | extern "C" { | ||||||
|  | #endif | ||||||
|  | 
 | ||||||
|  | ///////////// ACME /////////////////////
 | ||||||
|  | 
 | ||||||
|  | int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle s); | ||||||
|  | 
 | ||||||
|  | ///////////////////////////////////////
 | ||||||
|  | 
 | ||||||
|  | #ifdef __cplusplus | ||||||
|  | } | ||||||
|  | #endif | ||||||
|  | 
 | ||||||
|  | #endif | ||||||
|  | /// __TURN_ACME__ ///
 | ||||||
|  | 
 | ||||||
| @ -1124,7 +1124,7 @@ static void mongo_reread_realms(secrets_list_t * realms_list) { | |||||||
| 								ur_string_map_value_type value = | 								ur_string_map_value_type value = | ||||||
| 										(ur_string_map_value_type) (rval); | 										(ur_string_map_value_type) (rval); | ||||||
| 								ur_string_map_put(o_to_realm_new, | 								ur_string_map_put(o_to_realm_new, | ||||||
| 										(const ur_string_map_key_type) _origin, | 										(ur_string_map_key_type) _origin, | ||||||
| 										value); | 										value); | ||||||
| 								free(_origin); | 								free(_origin); | ||||||
| 							} | 							} | ||||||
|  | |||||||
| @ -1048,7 +1048,7 @@ static void mysql_reread_realms(secrets_list_t * realms_list) { | |||||||
| 									char *rval=strdup(row[1]); | 									char *rval=strdup(row[1]); | ||||||
| 									get_realm(rval); | 									get_realm(rval); | ||||||
| 									ur_string_map_value_type value = (ur_string_map_value_type)rval; | 									ur_string_map_value_type value = (ur_string_map_value_type)rval; | ||||||
| 									ur_string_map_put(o_to_realm_new, (const ur_string_map_key_type) oval, value); | 									ur_string_map_put(o_to_realm_new, (ur_string_map_key_type) oval, value); | ||||||
| 								} | 								} | ||||||
| 							} | 							} | ||||||
| 						} | 						} | ||||||
|  | |||||||
| @ -758,7 +758,7 @@ static void pgsql_reread_realms(secrets_list_t * realms_list) { | |||||||
| 						if(rval) { | 						if(rval) { | ||||||
| 							get_realm(rval); | 							get_realm(rval); | ||||||
| 							ur_string_map_value_type value = strdup(rval); | 							ur_string_map_value_type value = strdup(rval); | ||||||
| 							ur_string_map_put(o_to_realm_new, (const ur_string_map_key_type) oval, value); | 							ur_string_map_put(o_to_realm_new, (ur_string_map_key_type) oval, value); | ||||||
| 						} | 						} | ||||||
| 					} | 					} | ||||||
| 				} | 				} | ||||||
|  | |||||||
| @ -1161,7 +1161,7 @@ static void redis_reread_realms(secrets_list_t * realms_list) { | |||||||
| 					} else { | 					} else { | ||||||
| 						get_realm(rget->str); | 						get_realm(rget->str); | ||||||
| 						ur_string_map_value_type value = strdup(rget->str); | 						ur_string_map_value_type value = strdup(rget->str); | ||||||
| 						ur_string_map_put(o_to_realm_new, (const ur_string_map_key_type) origin, value); | 						ur_string_map_put(o_to_realm_new, (ur_string_map_key_type) origin, value); | ||||||
| 					} | 					} | ||||||
| 					turnFreeRedisReply(rget); | 					turnFreeRedisReply(rget); | ||||||
| 				} | 				} | ||||||
|  | |||||||
| @ -1038,7 +1038,7 @@ static void sqlite_reread_realms(secrets_list_t * realms_list) | |||||||
| 
 | 
 | ||||||
| 						get_realm(rval); | 						get_realm(rval); | ||||||
| 						ur_string_map_value_type value = rval; | 						ur_string_map_value_type value = rval; | ||||||
| 						ur_string_map_put(o_to_realm_new, (const ur_string_map_key_type) oval, value); | 						ur_string_map_put(o_to_realm_new, (ur_string_map_key_type) oval, value); | ||||||
| 
 | 
 | ||||||
| 						free(oval); | 						free(oval); | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -456,7 +456,7 @@ static int handle_udp_packet(dtls_listener_relay_server_type *server, | |||||||
| 		sm->m.sm.s = s; | 		sm->m.sm.s = s; | ||||||
| 
 | 
 | ||||||
| 		if (s) { | 		if (s) { | ||||||
| 			if(verbose) { | 			if(verbose && turn_params.log_binding) { | ||||||
| 				uint8_t saddr[129]; | 				uint8_t saddr[129]; | ||||||
| 				uint8_t rsaddr[129]; | 				uint8_t rsaddr[129]; | ||||||
| 				addr_to_string(get_local_addr_from_ioa_socket(s),saddr); | 				addr_to_string(get_local_addr_from_ioa_socket(s),saddr); | ||||||
|  | |||||||
| @ -114,7 +114,7 @@ NULL, PTHREAD_MUTEX_INITIALIZER, | |||||||
| 
 | 
 | ||||||
| //////////////// Common params ////////////////////
 | //////////////// Common params ////////////////////
 | ||||||
| TURN_VERBOSE_NONE,0,0,0,0, | TURN_VERBOSE_NONE,0,0,0,0, | ||||||
| "/var/run/turnserver.pid", | "/var/run/turnserver.pid","", | ||||||
| DEFAULT_STUN_PORT,DEFAULT_STUN_TLS_PORT,0,0,0,1, | DEFAULT_STUN_PORT,DEFAULT_STUN_TLS_PORT,0,0,0,1, | ||||||
| 0,0,0,0,0, | 0,0,0,0,0, | ||||||
| "", | "", | ||||||
| @ -168,7 +168,9 @@ DEFAULT_CPUS_NUMBER, | |||||||
| 0,  /* keep_address_family */ | 0,  /* keep_address_family */ | ||||||
| 0,  /* no_auth_pings */ | 0,  /* no_auth_pings */ | ||||||
| 0,  /* no_dynamic_ip_list */ | 0,  /* no_dynamic_ip_list */ | ||||||
| 0   /* no_dynamic_realms */ | 0,  /* no_dynamic_realms */ | ||||||
|  | 
 | ||||||
|  | 0   /* log_binding */ | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| //////////////// OpenSSL Init //////////////////////
 | //////////////// OpenSSL Init //////////////////////
 | ||||||
| @ -603,6 +605,9 @@ static char Usage[] = "Usage: turnserver [options]\n" | |||||||
| " --simple-log					This flag means that no log file rollover will be used, and the log file\n" | " --simple-log					This flag means that no log file rollover will be used, and the log file\n" | ||||||
| "						name will be constructed as-is, without PID and date appendage.\n" | "						name will be constructed as-is, without PID and date appendage.\n" | ||||||
| "						This option can be used, for example, together with the logrotate tool.\n" | "						This option can be used, for example, together with the logrotate tool.\n" | ||||||
|  | " --new-log-timestamp				Enable full ISO-8601 timestamp in all logs.\n" | ||||||
|  | " --new-log-timestamp-format    	<format>	Set timestamp format (in strftime(1) format)\n" | ||||||
|  | " --log-binding					Log STUN binding request. It is now disabled by default to avoid DoS attacks.\n" | ||||||
| " --stale-nonce[=<value>]			Use extra security with nonce value having limited lifetime (default 600 secs).\n" | " --stale-nonce[=<value>]			Use extra security with nonce value having limited lifetime (default 600 secs).\n" | ||||||
| " --max-allocate-lifetime	<value>		Set the maximum value for the allocation lifetime. Default to 3600 secs.\n" | " --max-allocate-lifetime	<value>		Set the maximum value for the allocation lifetime. Default to 3600 secs.\n" | ||||||
| " --channel-lifetime		<value>		Set the lifetime for channel binding, default to 600 secs.\n" | " --channel-lifetime		<value>		Set the lifetime for channel binding, default to 600 secs.\n" | ||||||
| @ -627,6 +632,8 @@ static char Usage[] = "Usage: turnserver [options]\n" | |||||||
| " --pidfile <\"pid-file-name\">			File name to store the pid of the process.\n" | " --pidfile <\"pid-file-name\">			File name to store the pid of the process.\n" | ||||||
| "						Default is /var/run/turnserver.pid (if superuser account is used) or\n" | "						Default is /var/run/turnserver.pid (if superuser account is used) or\n" | ||||||
| "						/var/tmp/turnserver.pid .\n" | "						/var/tmp/turnserver.pid .\n" | ||||||
|  | " --acme-redirect <URL>				Redirect ACME, i.e. HTTP GET requests matching '^/.well-known/acme-challenge/(.*)' to '<URL>$1'.\n" | ||||||
|  | "						Default is '', i.e. no special handling for such requests.\n" | ||||||
| " --secure-stun					Require authentication of the STUN Binding request.\n" | " --secure-stun					Require authentication of the STUN Binding request.\n" | ||||||
| "						By default, the clients are allowed anonymous access to the STUN Binding functionality.\n" | "						By default, the clients are allowed anonymous access to the STUN Binding functionality.\n" | ||||||
| " --proc-user <user-name>			User name to run the turnserver process.\n" | " --proc-user <user-name>			User name to run the turnserver process.\n" | ||||||
| @ -662,10 +669,6 @@ static char Usage[] = "Usage: turnserver [options]\n" | |||||||
| "						This value can be changed on-the-fly in CLI. The default value is 256.\n" | "						This value can be changed on-the-fly in CLI. The default value is 256.\n" | ||||||
| " --ne=[1|2|3]					Set network engine type for the process (for internal purposes).\n" | " --ne=[1|2|3]					Set network engine type for the process (for internal purposes).\n" | ||||||
| " -h						Help\n" | " -h						Help\n" | ||||||
| "\n" |  | ||||||
| " For more information, see the wiki pages:\n" |  | ||||||
| "\n" |  | ||||||
| "	https://github.com/coturn/coturn/wiki/\n" |  | ||||||
| "\n"; | "\n"; | ||||||
| 
 | 
 | ||||||
| static char AdminUsage[] = "Usage: turnadmin [command] [options]\n" | static char AdminUsage[] = "Usage: turnadmin [command] [options]\n" | ||||||
| @ -761,6 +764,8 @@ enum EXTRA_OPTS { | |||||||
| 	NO_STDOUT_LOG_OPT, | 	NO_STDOUT_LOG_OPT, | ||||||
| 	SYSLOG_OPT, | 	SYSLOG_OPT, | ||||||
| 	SIMPLE_LOG_OPT, | 	SIMPLE_LOG_OPT, | ||||||
|  | 	NEW_LOG_TIMESTAMP_OPT, | ||||||
|  | 	NEW_LOG_TIMESTAMP_FORMAT_OPT, | ||||||
| 	AUX_SERVER_OPT, | 	AUX_SERVER_OPT, | ||||||
| 	UDP_SELF_BALANCE_OPT, | 	UDP_SELF_BALANCE_OPT, | ||||||
| 	ALTERNATE_SERVER_OPT, | 	ALTERNATE_SERVER_OPT, | ||||||
| @ -806,7 +811,9 @@ enum EXTRA_OPTS { | |||||||
| 	OAUTH_OPT, | 	OAUTH_OPT, | ||||||
| 	NO_SOFTWARE_ATTRIBUTE_OPT, | 	NO_SOFTWARE_ATTRIBUTE_OPT, | ||||||
| 	NO_HTTP_OPT, | 	NO_HTTP_OPT, | ||||||
| 	SECRET_KEY_OPT | 	SECRET_KEY_OPT, | ||||||
|  | 	ACME_REDIRECT_OPT, | ||||||
|  | 	LOG_BINDING_OPT | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| struct myoption { | struct myoption { | ||||||
| @ -899,6 +906,8 @@ static const struct myoption long_options[] = { | |||||||
| 				{ "no-stdout-log", optional_argument, NULL, NO_STDOUT_LOG_OPT }, | 				{ "no-stdout-log", optional_argument, NULL, NO_STDOUT_LOG_OPT }, | ||||||
| 				{ "syslog", optional_argument, NULL, SYSLOG_OPT }, | 				{ "syslog", optional_argument, NULL, SYSLOG_OPT }, | ||||||
| 				{ "simple-log", optional_argument, NULL, SIMPLE_LOG_OPT }, | 				{ "simple-log", optional_argument, NULL, SIMPLE_LOG_OPT }, | ||||||
|  | 				{ "new-log-timestamp", optional_argument, NULL, NEW_LOG_TIMESTAMP_OPT }, | ||||||
|  | 				{ "new-log-timestamp-format", required_argument, NULL, NEW_LOG_TIMESTAMP_FORMAT_OPT }, | ||||||
| 				{ "aux-server", required_argument, NULL, AUX_SERVER_OPT }, | 				{ "aux-server", required_argument, NULL, AUX_SERVER_OPT }, | ||||||
| 				{ "udp-self-balance", optional_argument, NULL, UDP_SELF_BALANCE_OPT }, | 				{ "udp-self-balance", optional_argument, NULL, UDP_SELF_BALANCE_OPT }, | ||||||
| 				{ "alternate-server", required_argument, NULL, ALTERNATE_SERVER_OPT }, | 				{ "alternate-server", required_argument, NULL, ALTERNATE_SERVER_OPT }, | ||||||
| @ -938,6 +947,9 @@ static const struct myoption long_options[] = { | |||||||
| 				{ "no-tlsv1_2", optional_argument, NULL, NO_TLSV1_2_OPT }, | 				{ "no-tlsv1_2", optional_argument, NULL, NO_TLSV1_2_OPT }, | ||||||
| 				{ "secret-key-file", required_argument, NULL, SECRET_KEY_OPT }, | 				{ "secret-key-file", required_argument, NULL, SECRET_KEY_OPT }, | ||||||
| 				{ "keep-address-family", optional_argument, NULL, 'K' }, | 				{ "keep-address-family", optional_argument, NULL, 'K' }, | ||||||
|  | 				{ "acme-redirect", required_argument, NULL, ACME_REDIRECT_OPT }, | ||||||
|  | 				{ "log-binding", optional_argument, NULL, LOG_BINDING_OPT }, | ||||||
|  | 
 | ||||||
| 				{ NULL, no_argument, NULL, 0 } | 				{ NULL, no_argument, NULL, 0 } | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| @ -1161,7 +1173,7 @@ static void set_option(int c, char *value) | |||||||
| 	  STRCPY(turn_params.oauth_server_name,value); | 	  STRCPY(turn_params.oauth_server_name,value); | ||||||
| 	  break; | 	  break; | ||||||
|   case OAUTH_OPT: |   case OAUTH_OPT: | ||||||
| 	  if(!ENC_ALG_NUM) { | 	  if( ENC_ALG_NUM == 0) { | ||||||
| 		  TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: option --oauth is not supported; ignored.\n"); | 		  TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: option --oauth is not supported; ignored.\n"); | ||||||
| 	  } else { | 	  } else { | ||||||
| 		  turn_params.oauth = get_bool_value(value); | 		  turn_params.oauth = get_bool_value(value); | ||||||
| @ -1362,6 +1374,8 @@ static void set_option(int c, char *value) | |||||||
| 						TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,"-X : Wrong address format: %s\n",div); | 						TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,"-X : Wrong address format: %s\n",div); | ||||||
| 					} else { | 					} else { | ||||||
| 						ioa_addr_add_mapping(&apub,&apriv); | 						ioa_addr_add_mapping(&apub,&apriv); | ||||||
|  | 						if (add_ip_list_range((const char *)div, NULL, &turn_params.ip_whitelist) == 0) | ||||||
|  | 							TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Whitelisting external-ip private part: %s\n", div); | ||||||
| 					} | 					} | ||||||
| 				} | 				} | ||||||
| 				free(nval); | 				free(nval); | ||||||
| @ -1581,16 +1595,25 @@ static void set_option(int c, char *value) | |||||||
| 	case PIDFILE_OPT: | 	case PIDFILE_OPT: | ||||||
| 		STRCPY(turn_params.pidfile,value); | 		STRCPY(turn_params.pidfile,value); | ||||||
| 		break; | 		break; | ||||||
|  | 	case ACME_REDIRECT_OPT: | ||||||
|  | 		STRCPY(turn_params.acme_redirect,value); | ||||||
|  | 		break; | ||||||
| 	case 'C': | 	case 'C': | ||||||
| 		if(value && *value) { | 		if(value && *value) { | ||||||
| 			turn_params.rest_api_separator=*value; | 			turn_params.rest_api_separator=*value; | ||||||
| 		} | 		} | ||||||
| 		break; | 		break; | ||||||
|  | 	case LOG_BINDING_OPT: | ||||||
|  | 		turn_params.log_binding = get_bool_value(value); | ||||||
|  | 		break; | ||||||
|  | 
 | ||||||
| 	/* these options have been already taken care of before: */ | 	/* these options have been already taken care of before: */ | ||||||
| 	case 'l': | 	case 'l': | ||||||
| 	case NO_STDOUT_LOG_OPT: | 	case NO_STDOUT_LOG_OPT: | ||||||
| 	case SYSLOG_OPT: | 	case SYSLOG_OPT: | ||||||
| 	case SIMPLE_LOG_OPT: | 	case SIMPLE_LOG_OPT: | ||||||
|  | 	case NEW_LOG_TIMESTAMP_OPT: | ||||||
|  | 	case NEW_LOG_TIMESTAMP_FORMAT_OPT: | ||||||
| 	case 'c': | 	case 'c': | ||||||
| 	case 'n': | 	case 'n': | ||||||
| 	case 'h': | 	case 'h': | ||||||
| @ -1717,9 +1740,13 @@ static void read_config_file(int argc, char **argv, int pass) | |||||||
| 						set_log_to_syslog(get_bool_value(value)); | 						set_log_to_syslog(get_bool_value(value)); | ||||||
| 					} else if((pass==0) && (c==SIMPLE_LOG_OPT)) { | 					} else if((pass==0) && (c==SIMPLE_LOG_OPT)) { | ||||||
| 						set_simple_log(get_bool_value(value)); | 						set_simple_log(get_bool_value(value)); | ||||||
| 					} else if((pass == 0) && (c != 'u')) { | 					} else if ((pass==0) && (c==NEW_LOG_TIMESTAMP_OPT)) { | ||||||
|  | 						use_new_log_timestamp_format=1; | ||||||
|  | 					} else if ((pass==0) && (c==NEW_LOG_TIMESTAMP_FORMAT_OPT)) { | ||||||
|  | 						set_turn_log_timestamp_format(value); | ||||||
|  | 					} else if((pass == 1) && (c != 'u')) { | ||||||
| 						set_option(c, value); | 						set_option(c, value); | ||||||
| 					} else if((pass > 0) && (c == 'u')) { | 					} else if((pass == 2) && (c == 'u')) { | ||||||
| 						set_option(c, value); | 						set_option(c, value); | ||||||
| 					} | 					} | ||||||
| 					if (s[slen - 1] == 59) { | 					if (s[slen - 1] == 59) { | ||||||
| @ -2031,7 +2058,7 @@ static void print_features(unsigned long mfn) | |||||||
| 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN is not supported\n"); | 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TURN/STUN ALPN is not supported\n"); | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
| 	if(!ENC_ALG_NUM) { | 	if(ENC_ALG_NUM == 0) { | ||||||
| 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Third-party authorization (oAuth) is not supported\n"); | 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Third-party authorization (oAuth) is not supported\n"); | ||||||
| 	} else { | 	} else { | ||||||
| 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Third-party authorization (oAuth) supported\n"); | 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Third-party authorization (oAuth) supported\n"); | ||||||
| @ -2197,6 +2224,12 @@ int main(int argc, char **argv) | |||||||
| 			case SIMPLE_LOG_OPT: | 			case SIMPLE_LOG_OPT: | ||||||
| 				set_simple_log(get_bool_value(optarg)); | 				set_simple_log(get_bool_value(optarg)); | ||||||
| 				break; | 				break; | ||||||
|  | 			case NEW_LOG_TIMESTAMP_OPT: | ||||||
|  | 				use_new_log_timestamp_format=1; | ||||||
|  | 				break; | ||||||
|  | 			case NEW_LOG_TIMESTAMP_FORMAT_OPT: | ||||||
|  | 				set_turn_log_timestamp_format(optarg); | ||||||
|  | 				break; | ||||||
| 			default: | 			default: | ||||||
| 				; | 				; | ||||||
| 			} | 			} | ||||||
| @ -2233,8 +2266,10 @@ int main(int argc, char **argv) | |||||||
| 
 | 
 | ||||||
| 	if(strstr(argv[0],"turnadmin")) | 	if(strstr(argv[0],"turnadmin")) | ||||||
| 		return adminmain(argc,argv); | 		return adminmain(argc,argv); | ||||||
| 
 | 	// Zero pass apply the log options.
 | ||||||
| 	read_config_file(argc,argv,0); | 	read_config_file(argc,argv,0); | ||||||
|  | 	// First pass read other config options
 | ||||||
|  | 	read_config_file(argc,argv,1); | ||||||
| 
 | 
 | ||||||
| 	struct uoptions uo; | 	struct uoptions uo; | ||||||
| 	uo.u.m = long_options; | 	uo.u.m = long_options; | ||||||
| @ -2244,7 +2279,8 @@ int main(int argc, char **argv) | |||||||
| 			set_option(c,optarg); | 			set_option(c,optarg); | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	read_config_file(argc,argv,1); | 	// Second pass read -u options
 | ||||||
|  | 	read_config_file(argc,argv,2); | ||||||
| 
 | 
 | ||||||
| 	{ | 	{ | ||||||
| 		unsigned long mfn = set_system_parameters(1); | 		unsigned long mfn = set_system_parameters(1); | ||||||
| @ -2259,6 +2295,9 @@ int main(int argc, char **argv) | |||||||
| 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Domain name: %s\n",turn_params.domain); | 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Domain name: %s\n",turn_params.domain); | ||||||
| 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default realm: %s\n",get_realm(NULL)->options.name); | 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default realm: %s\n",get_realm(NULL)->options.name); | ||||||
| 
 | 
 | ||||||
|  | 	if(turn_params.acme_redirect[0]) { | ||||||
|  | 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "ACME redirect URL: %s\n",turn_params.acme_redirect); | ||||||
|  | 	} | ||||||
| 	if(turn_params.oauth && turn_params.oauth_server_name[0]) { | 	if(turn_params.oauth && turn_params.oauth_server_name[0]) { | ||||||
| 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "oAuth server name: %s\n",turn_params.oauth_server_name); | 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "oAuth server name: %s\n",turn_params.oauth_server_name); | ||||||
| 	} | 	} | ||||||
| @ -2554,7 +2593,7 @@ static int THREAD_setup(void) { | |||||||
| 
 | 
 | ||||||
| 	mutex_buf_initialized = 1; | 	mutex_buf_initialized = 1; | ||||||
| 
 | 
 | ||||||
| #if OPENSSL_VERSION_NUMBER >= 0x10000000L | #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1 | ||||||
| 	CRYPTO_THREADID_set_callback(coturn_id_function); | 	CRYPTO_THREADID_set_callback(coturn_id_function); | ||||||
| #else | #else | ||||||
| 	CRYPTO_set_id_callback(coturn_id_function); | 	CRYPTO_set_id_callback(coturn_id_function); | ||||||
| @ -2576,7 +2615,7 @@ int THREAD_cleanup(void) { | |||||||
|   if (!mutex_buf_initialized) |   if (!mutex_buf_initialized) | ||||||
|     return 0; |     return 0; | ||||||
| 
 | 
 | ||||||
| #if OPENSSL_VERSION_NUMBER >= 0x10000000L | #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1 | ||||||
| 	CRYPTO_THREADID_set_callback(NULL); | 	CRYPTO_THREADID_set_callback(NULL); | ||||||
| #else | #else | ||||||
| 	CRYPTO_set_id_callback(NULL); | 	CRYPTO_set_id_callback(NULL); | ||||||
|  | |||||||
| @ -219,6 +219,7 @@ typedef struct _turn_params_ { | |||||||
|   int do_not_use_config_file; |   int do_not_use_config_file; | ||||||
| 
 | 
 | ||||||
|   char pidfile[1025]; |   char pidfile[1025]; | ||||||
|  |   char acme_redirect[1025]; | ||||||
| 
 | 
 | ||||||
|   ////////////////  Listener server /////////////////
 |   ////////////////  Listener server /////////////////
 | ||||||
| 
 | 
 | ||||||
| @ -332,6 +333,8 @@ typedef struct _turn_params_ { | |||||||
|   int no_dynamic_ip_list; |   int no_dynamic_ip_list; | ||||||
|   int no_dynamic_realms; |   int no_dynamic_realms; | ||||||
| 
 | 
 | ||||||
|  |   vint log_binding; | ||||||
|  |    | ||||||
| } turn_params_t; | } turn_params_t; | ||||||
| 
 | 
 | ||||||
| extern turn_params_t turn_params; | extern turn_params_t turn_params; | ||||||
|  | |||||||
| @ -1667,7 +1667,9 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int | |||||||
| 			 allocate_bps, | 			 allocate_bps, | ||||||
| 			 turn_params.oauth, | 			 turn_params.oauth, | ||||||
| 			 turn_params.oauth_server_name, | 			 turn_params.oauth_server_name, | ||||||
| 			 turn_params.keep_address_family); | 			 turn_params.acme_redirect, | ||||||
|  | 			 turn_params.keep_address_family, | ||||||
|  | 			 &turn_params.log_binding); | ||||||
| 	 | 	 | ||||||
| 	if(to_set_rfc5780) { | 	if(to_set_rfc5780) { | ||||||
| 		set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client); | 		set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client); | ||||||
|  | |||||||
| @ -1833,7 +1833,7 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network_buffer_handle nbh, int ve | |||||||
| 	BIO* rbio = BIO_new_mem_buf(buffer, old_buffer_len); | 	BIO* rbio = BIO_new_mem_buf(buffer, old_buffer_len); | ||||||
| 	BIO_set_mem_eof_return(rbio, -1); | 	BIO_set_mem_eof_return(rbio, -1); | ||||||
| 
 | 
 | ||||||
| #if OPENSSL_VERSION_NUMBER < 0x10100000L | #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER | ||||||
| 	ssl->rbio = rbio; | 	ssl->rbio = rbio; | ||||||
| #else | #else | ||||||
| 	SSL_set0_rbio(ssl,rbio); | 	SSL_set0_rbio(ssl,rbio); | ||||||
| @ -1928,7 +1928,7 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network_buffer_handle nbh, int ve | |||||||
| 	if(ret>0) { | 	if(ret>0) { | ||||||
| 		ioa_network_buffer_add_offset_size(nbh, (uint16_t)buf_size, 0, (size_t)ret); | 		ioa_network_buffer_add_offset_size(nbh, (uint16_t)buf_size, 0, (size_t)ret); | ||||||
| 	} | 	} | ||||||
| #if OPENSSL_VERSION_NUMBER < 0x10100000L | #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER | ||||||
| 	ssl->rbio = NULL; | 	ssl->rbio = NULL; | ||||||
| 	BIO_free(rbio); | 	BIO_free(rbio); | ||||||
| #else | #else | ||||||
| @ -2166,6 +2166,101 @@ static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd) | |||||||
| } | } | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
|  | 
 | ||||||
|  | static size_t proxy_string_field(char *field, size_t max, uint8_t *buf, size_t index, size_t len) | ||||||
|  | { | ||||||
|  | 	size_t count = 0; | ||||||
|  | 	while((index < len) && (count < max)) { | ||||||
|  | 		if((0x20 == buf[index]) || (0x0D == buf[index])) { | ||||||
|  | 			field[count] = 0x00; | ||||||
|  | 			return ++index; | ||||||
|  | 		} | ||||||
|  | 		field[count++] = buf[index++]; | ||||||
|  | 	} | ||||||
|  | 	return 0; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | static ssize_t socket_parse_proxy_v1(ioa_socket_handle s, uint8_t *buf, size_t len) | ||||||
|  | { | ||||||
|  | 	if(len < 11) { | ||||||
|  | 		return 0 ; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	/* Check for proxy-v1 magic field */ | ||||||
|  | 	char magic[] = {0x50, 0x52, 0x4F, 0x58, 0x59, 0x20}; | ||||||
|  | 	if(memcmp(magic, buf, sizeof(magic))) { | ||||||
|  | 		return -1; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	/* Read family */ | ||||||
|  | 	char tcp4[] = {0x54, 0x43, 0x50, 0x34, 0x20}; | ||||||
|  | 	char tcp6[] = {0x54, 0x43, 0x50, 0x36, 0x20}; | ||||||
|  | 	int family; | ||||||
|  | 	if(0 == memcmp(tcp4, &buf[6], sizeof(tcp4))) { /* IPv4 */ | ||||||
|  | 		family = AF_INET; | ||||||
|  | 	} else if(0 == memcmp(tcp6, &buf[6], sizeof(tcp6))) { /* IPv6 */ | ||||||
|  | 		family = AF_INET6; | ||||||
|  | 	} else { | ||||||
|  | 		return -1; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	char saddr[40]; | ||||||
|  | 	char daddr[40]; | ||||||
|  | 	char sport[6]; | ||||||
|  | 	char dport[6]; | ||||||
|  | 
 | ||||||
|  | 	size_t tlen = 11; | ||||||
|  | 	/* Read source address */ | ||||||
|  | 	tlen = proxy_string_field(saddr, sizeof(saddr), buf, tlen, len); | ||||||
|  | 	if(0 == tlen) return -1; | ||||||
|  | 
 | ||||||
|  | 	/* Read dest address */ | ||||||
|  | 	tlen = proxy_string_field(daddr, sizeof(daddr), buf, tlen, len); | ||||||
|  | 	if(0 == tlen) return -1; | ||||||
|  | 
 | ||||||
|  | 	/* Read source port */ | ||||||
|  | 	tlen = proxy_string_field(sport, sizeof(sport), buf, tlen, len); | ||||||
|  | 	if(0 == tlen) return -1; | ||||||
|  | 
 | ||||||
|  | 	/* Read dest port */ | ||||||
|  | 	tlen = proxy_string_field(dport, sizeof(dport), buf, tlen, len); | ||||||
|  | 	if(0 == tlen) return -1; | ||||||
|  | 
 | ||||||
|  | 	/* Final line feed */ | ||||||
|  | 	if ((len <= tlen) || (0x0A != buf[tlen])) return -1; | ||||||
|  | 
 | ||||||
|  | 	tlen++; | ||||||
|  | 
 | ||||||
|  | 	int sport_int = atoi(sport); | ||||||
|  | 	int dport_int = atoi(dport); | ||||||
|  | 	if((sport_int < 0) || (0xFFFF < sport_int)) return -1; | ||||||
|  | 	if((dport_int < 0) || (0xFFFF < dport_int)) return -1; | ||||||
|  | 
 | ||||||
|  | 	if (AF_INET == family) { | ||||||
|  | 		struct sockaddr_in remote, local; | ||||||
|  | 		remote.sin_family = local.sin_family = AF_INET; | ||||||
|  | 		if(1 != inet_pton(AF_INET, saddr, &remote.sin_addr.s_addr)) return -1; | ||||||
|  | 		if(1 != inet_pton(AF_INET, daddr, &local.sin_addr.s_addr)) return -1; | ||||||
|  | 		remote.sin_port = htons((uint16_t)sport_int); | ||||||
|  | 		local.sin_port = htons((uint16_t)dport_int); | ||||||
|  | 
 | ||||||
|  | 		addr_cpy4(&(s->local_addr),  &local); | ||||||
|  | 		addr_cpy4(&(s->remote_addr), &remote); | ||||||
|  | 
 | ||||||
|  | 	} else { | ||||||
|  | 		struct sockaddr_in6 remote, local; | ||||||
|  | 		remote.sin6_family = local.sin6_family = AF_INET6; | ||||||
|  | 		if(1 != inet_pton(AF_INET6, saddr, &remote.sin6_addr.s6_addr)) return -1; | ||||||
|  | 		if(1 != inet_pton(AF_INET6, daddr, &local.sin6_addr.s6_addr)) return -1; | ||||||
|  | 		remote.sin6_port = htons((uint16_t)sport_int); | ||||||
|  | 		local.sin6_port = htons((uint16_t)dport_int); | ||||||
|  | 
 | ||||||
|  | 		addr_cpy6(&(s->local_addr),  &local); | ||||||
|  | 		addr_cpy6(&(s->remote_addr), &remote); | ||||||
|  | 	} | ||||||
|  | 	return tlen; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| static ssize_t socket_parse_proxy_v2(ioa_socket_handle s, uint8_t *buf, size_t len) | static ssize_t socket_parse_proxy_v2(ioa_socket_handle s, uint8_t *buf, size_t len) | ||||||
| { | { | ||||||
| 	if(len < 16){ | 	if(len < 16){ | ||||||
| @ -2227,6 +2322,16 @@ static ssize_t socket_parse_proxy_v2(ioa_socket_handle s, uint8_t *buf, size_t l | |||||||
| 	return tlen; | 	return tlen; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | static ssize_t socket_parse_proxy(ioa_socket_handle s, uint8_t *buf, size_t len) | ||||||
|  | { | ||||||
|  | 	ssize_t tlen = socket_parse_proxy_v2(s, buf, len); | ||||||
|  | 	if(-1 == tlen) { | ||||||
|  | 		tlen = socket_parse_proxy_v1(s, buf, len); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	return tlen; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| static int socket_input_worker(ioa_socket_handle s) | static int socket_input_worker(ioa_socket_handle s) | ||||||
| { | { | ||||||
| 	int len = 0; | 	int len = 0; | ||||||
| @ -2450,7 +2555,7 @@ static int socket_input_worker(ioa_socket_handle s) | |||||||
| 				  blen=(ev_ssize_t)STUN_BUFFER_SIZE; | 				  blen=(ev_ssize_t)STUN_BUFFER_SIZE; | ||||||
| 
 | 
 | ||||||
| 				if(s->st == TCP_SOCKET_PROXY){ | 				if(s->st == TCP_SOCKET_PROXY){ | ||||||
| 					ssize_t tlen = socket_parse_proxy_v2(s, buf_elem->buf.buf, blen); | 					ssize_t tlen = socket_parse_proxy(s, buf_elem->buf.buf, blen); | ||||||
| 					blen = 0; | 					blen = 0; | ||||||
| 					if (tlen < 0){ | 					if (tlen < 0){ | ||||||
| 						s->tobeclosed = 1; | 						s->tobeclosed = 1; | ||||||
| @ -3374,7 +3479,7 @@ int register_callback_on_ioa_socket(ioa_engine_handle e, ioa_socket_handle s, in | |||||||
| 						} | 						} | ||||||
| 					} else { | 					} else { | ||||||
| #if TLS_SUPPORTED | #if TLS_SUPPORTED | ||||||
| 						if(check_tentative_tls(s->fd)) { | 						if((s->sat != TCP_CLIENT_DATA_SOCKET) && (s->sat != TCP_RELAY_DATA_SOCKET) && check_tentative_tls(s->fd)) { | ||||||
| 							s->tobeclosed = 1; | 							s->tobeclosed = 1; | ||||||
| 							return -1; | 							return -1; | ||||||
| 						} | 						} | ||||||
|  | |||||||
| @ -75,7 +75,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Iterator constructor: creates iterator on raw messagebuffer. | 	 * Iterator constructor: creates iterator on raw messagebuffer. | ||||||
| 	 */ | 	 */ | ||||||
| 	StunAttrIterator(uint8_t *buf, size_t sz) throw (WrongStunBufferFormatException) : | 	StunAttrIterator(uint8_t *buf, size_t sz) : | ||||||
| 		_buf(buf), _sz(sz)  { | 		_buf(buf), _sz(sz)  { | ||||||
| 		if(!stun_is_command_message_str(_buf, _sz)) { | 		if(!stun_is_command_message_str(_buf, _sz)) { | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| @ -87,7 +87,7 @@ public: | |||||||
| 	 * Iterator constructor: create iterator over message. | 	 * Iterator constructor: create iterator over message. | ||||||
| 	 */ | 	 */ | ||||||
| 	template<class T> | 	template<class T> | ||||||
| 	StunAttrIterator(T &msg) throw (WrongStunBufferFormatException) : | 	StunAttrIterator(T &msg) : | ||||||
| 		_buf(msg.getRawBuffer()), _sz(msg.getSize())  { | 		_buf(msg.getRawBuffer()), _sz(msg.getSize())  { | ||||||
| 		if(!stun_is_command_message_str(_buf, _sz)) { | 		if(!stun_is_command_message_str(_buf, _sz)) { | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| @ -99,7 +99,7 @@ public: | |||||||
| 	 * Iterator constructor: creates iterator over raw buffer, starting from first | 	 * Iterator constructor: creates iterator over raw buffer, starting from first | ||||||
| 	 * location of an attribute of particular type. | 	 * location of an attribute of particular type. | ||||||
| 	 */ | 	 */ | ||||||
| 	StunAttrIterator(uint8_t *buf, size_t sz, uint16_t attr_type) throw (WrongStunBufferFormatException) : | 	StunAttrIterator(uint8_t *buf, size_t sz, uint16_t attr_type) : | ||||||
| 			_buf(buf), _sz(sz)  { | 			_buf(buf), _sz(sz)  { | ||||||
| 		if(!stun_is_command_message_str(_buf, _sz)) { | 		if(!stun_is_command_message_str(_buf, _sz)) { | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| @ -112,7 +112,7 @@ public: | |||||||
| 	 * location of an attribute of particular type. | 	 * location of an attribute of particular type. | ||||||
| 	 */ | 	 */ | ||||||
| 	template<class T> | 	template<class T> | ||||||
| 	StunAttrIterator(T &msg, uint16_t attr_type) throw (WrongStunBufferFormatException) : | 	StunAttrIterator(T &msg, uint16_t attr_type) : | ||||||
| 			_buf(msg.getRawBuffer()), _sz(msg.getSize())  { | 			_buf(msg.getRawBuffer()), _sz(msg.getSize())  { | ||||||
| 		if(!stun_is_command_message_str(_buf, _sz)) { | 		if(!stun_is_command_message_str(_buf, _sz)) { | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| @ -123,7 +123,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Moves iterator to next attribute location | 	 * Moves iterator to next attribute location | ||||||
| 	 */ | 	 */ | ||||||
| 	void next() throw(EndOfStunMsgException) { | 	void next() { | ||||||
| 		if(!_sar) { | 		if(!_sar) { | ||||||
| 			throw EndOfStunMsgException(); | 			throw EndOfStunMsgException(); | ||||||
| 		} | 		} | ||||||
| @ -167,7 +167,7 @@ public: | |||||||
| 	 * Return raw memroy field of the attribute value. | 	 * Return raw memroy field of the attribute value. | ||||||
| 	 * If the attribute value length is zero (0), then return NULL. | 	 * If the attribute value length is zero (0), then return NULL. | ||||||
| 	 */ | 	 */ | ||||||
| 	const uint8_t *getRawBuffer(size_t &sz) const throw(WrongStunAttrFormatException) { | 	const uint8_t *getRawBuffer(size_t &sz) const { | ||||||
| 		int len = stun_attr_get_len(_sar); | 		int len = stun_attr_get_len(_sar); | ||||||
| 		if(len<0) | 		if(len<0) | ||||||
| 			throw WrongStunAttrFormatException(); | 			throw WrongStunAttrFormatException(); | ||||||
| @ -196,7 +196,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Constructs attribute from iterator | 	 * Constructs attribute from iterator | ||||||
| 	 */ | 	 */ | ||||||
| 	StunAttr(const StunAttrIterator &iter) throw(WrongStunAttrFormatException, EndOfStunMsgException) { | 	StunAttr(const StunAttrIterator &iter) { | ||||||
| 		if(iter.eof()) { | 		if(iter.eof()) { | ||||||
| 			throw EndOfStunMsgException(); | 			throw EndOfStunMsgException(); | ||||||
| 		} | 		} | ||||||
| @ -219,7 +219,7 @@ public: | |||||||
| 	 */ | 	 */ | ||||||
| 	virtual ~StunAttr() { | 	virtual ~StunAttr() { | ||||||
| 		if(_value) | 		if(_value) | ||||||
| 			free(_value,_sz); | 			free(_value); | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	/**
 | 	/**
 | ||||||
| @ -233,11 +233,11 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Set raw data value | 	 * Set raw data value | ||||||
| 	 */ | 	 */ | ||||||
| 	void setRawValue(uint8_t *value, size_t sz) throw(WrongStunAttrFormatException) { | 	void setRawValue(uint8_t *value, size_t sz) { | ||||||
| 		if(sz>0xFFFF) | 		if(sz>0xFFFF) | ||||||
| 			throw WrongStunAttrFormatException(); | 			throw WrongStunAttrFormatException(); | ||||||
| 		if(_value) | 		if(_value) | ||||||
| 			free(_value,_sz); | 			free(_value); | ||||||
| 		_sz = sz; | 		_sz = sz; | ||||||
| 		_value=(uint8_t*)malloc(_sz); | 		_value=(uint8_t*)malloc(_sz); | ||||||
| 		if(value) | 		if(value) | ||||||
| @ -262,7 +262,7 @@ public: | |||||||
| 	 * Add attribute to a message | 	 * Add attribute to a message | ||||||
| 	 */ | 	 */ | ||||||
| 	template<class T> | 	template<class T> | ||||||
| 	int addToMsg(T &msg) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	int addToMsg(T &msg) { | ||||||
| 		if(!_attr_type) | 		if(!_attr_type) | ||||||
| 			throw WrongStunAttrFormatException(); | 			throw WrongStunAttrFormatException(); | ||||||
| 		uint8_t *buffer = msg.getRawBuffer(); | 		uint8_t *buffer = msg.getRawBuffer(); | ||||||
| @ -281,7 +281,7 @@ protected: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Virtual function member to add attribute to a raw buffer | 	 * Virtual function member to add attribute to a raw buffer | ||||||
| 	 */ | 	 */ | ||||||
| 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) { | ||||||
| 		if(buffer) { | 		if(buffer) { | ||||||
| 			if(!_value) | 			if(!_value) | ||||||
| 				throw WrongStunAttrFormatException(); | 				throw WrongStunAttrFormatException(); | ||||||
| @ -313,8 +313,7 @@ public: | |||||||
| 	StunAttrChannelNumber() : _cn(0) { | 	StunAttrChannelNumber() : _cn(0) { | ||||||
| 		setType(STUN_ATTRIBUTE_CHANNEL_NUMBER); | 		setType(STUN_ATTRIBUTE_CHANNEL_NUMBER); | ||||||
| 	} | 	} | ||||||
| 	StunAttrChannelNumber(const StunAttrIterator &iter) | 	StunAttrChannelNumber(const StunAttrIterator &iter) : | ||||||
| 		throw(WrongStunAttrFormatException, EndOfStunMsgException) : |  | ||||||
| 		StunAttr(iter) { | 		StunAttr(iter) { | ||||||
| 
 | 
 | ||||||
| 		if(iter.eof()) | 		if(iter.eof()) | ||||||
| @ -331,7 +330,7 @@ public: | |||||||
| 		_cn = cn; | 		_cn = cn; | ||||||
| 	} | 	} | ||||||
| protected: | protected: | ||||||
| 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) { | ||||||
| 		return stun_attr_add_channel_number_str(buffer,&sz,_cn); | 		return stun_attr_add_channel_number_str(buffer,&sz,_cn); | ||||||
| 	} | 	} | ||||||
| private: | private: | ||||||
| @ -346,8 +345,7 @@ public: | |||||||
| 	StunAttrEvenPort() : _ep(0) { | 	StunAttrEvenPort() : _ep(0) { | ||||||
| 		setType(STUN_ATTRIBUTE_EVEN_PORT); | 		setType(STUN_ATTRIBUTE_EVEN_PORT); | ||||||
| 	} | 	} | ||||||
| 	StunAttrEvenPort(const StunAttrIterator &iter) | 	StunAttrEvenPort(const StunAttrIterator &iter) : | ||||||
| 		throw(WrongStunAttrFormatException, EndOfStunMsgException) : |  | ||||||
| 		StunAttr(iter) { | 		StunAttr(iter) { | ||||||
| 
 | 
 | ||||||
| 		if(iter.eof()) | 		if(iter.eof()) | ||||||
| @ -362,7 +360,7 @@ public: | |||||||
| 		_ep = ep; | 		_ep = ep; | ||||||
| 	} | 	} | ||||||
| protected: | protected: | ||||||
| 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) { | ||||||
| 		return stun_attr_add_str(buffer, &sz, STUN_ATTRIBUTE_EVEN_PORT, &_ep, 1); | 		return stun_attr_add_str(buffer, &sz, STUN_ATTRIBUTE_EVEN_PORT, &_ep, 1); | ||||||
| 	} | 	} | ||||||
| private: | private: | ||||||
| @ -377,8 +375,7 @@ public: | |||||||
| 	StunAttrReservationToken() : _rt(0) { | 	StunAttrReservationToken() : _rt(0) { | ||||||
| 		setType(STUN_ATTRIBUTE_RESERVATION_TOKEN); | 		setType(STUN_ATTRIBUTE_RESERVATION_TOKEN); | ||||||
| 	} | 	} | ||||||
| 	StunAttrReservationToken(const StunAttrIterator &iter) | 	StunAttrReservationToken(const StunAttrIterator &iter) : | ||||||
| 		throw(WrongStunAttrFormatException, EndOfStunMsgException) : |  | ||||||
| 		StunAttr(iter) { | 		StunAttr(iter) { | ||||||
| 
 | 
 | ||||||
| 		if(iter.eof()) | 		if(iter.eof()) | ||||||
| @ -393,7 +390,7 @@ public: | |||||||
| 		_rt = rt; | 		_rt = rt; | ||||||
| 	} | 	} | ||||||
| protected: | protected: | ||||||
| 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) { | ||||||
| 		uint64_t reservation_token = ioa_ntoh64(_rt); | 		uint64_t reservation_token = ioa_ntoh64(_rt); | ||||||
| 		return stun_attr_add_str(buffer, &sz, STUN_ATTRIBUTE_RESERVATION_TOKEN, (uint8_t*) (&reservation_token), 8); | 		return stun_attr_add_str(buffer, &sz, STUN_ATTRIBUTE_RESERVATION_TOKEN, (uint8_t*) (&reservation_token), 8); | ||||||
| 	} | 	} | ||||||
| @ -410,8 +407,7 @@ public: | |||||||
| 		addr_set_any(&_addr); | 		addr_set_any(&_addr); | ||||||
| 		setType(attr_type); | 		setType(attr_type); | ||||||
| 	} | 	} | ||||||
| 	StunAttrAddr(const StunAttrIterator &iter) | 	StunAttrAddr(const StunAttrIterator &iter) : | ||||||
| 		throw(WrongStunAttrFormatException, EndOfStunMsgException) : |  | ||||||
| 		StunAttr(iter) { | 		StunAttr(iter) { | ||||||
| 
 | 
 | ||||||
| 		if(iter.eof()) | 		if(iter.eof()) | ||||||
| @ -430,7 +426,7 @@ public: | |||||||
| 		addr_cpy(&_addr,&addr); | 		addr_cpy(&_addr,&addr); | ||||||
| 	} | 	} | ||||||
| protected: | protected: | ||||||
| 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) { | ||||||
| 		return stun_attr_add_addr_str(buffer, &sz, getType(), &_addr); | 		return stun_attr_add_addr_str(buffer, &sz, getType(), &_addr); | ||||||
| 	} | 	} | ||||||
| private: | private: | ||||||
| @ -445,8 +441,7 @@ public: | |||||||
| 	StunAttrChangeRequest() : _changeIp(0), _changePort(0) { | 	StunAttrChangeRequest() : _changeIp(0), _changePort(0) { | ||||||
| 		setType(STUN_ATTRIBUTE_CHANGE_REQUEST); | 		setType(STUN_ATTRIBUTE_CHANGE_REQUEST); | ||||||
| 	} | 	} | ||||||
| 	StunAttrChangeRequest(const StunAttrIterator &iter) | 	StunAttrChangeRequest(const StunAttrIterator &iter) : | ||||||
| 		throw(WrongStunAttrFormatException, EndOfStunMsgException) : |  | ||||||
| 		StunAttr(iter) { | 		StunAttr(iter) { | ||||||
| 
 | 
 | ||||||
| 		if(iter.eof()) | 		if(iter.eof()) | ||||||
| @ -476,7 +471,7 @@ public: | |||||||
| 			_changePort = 0; | 			_changePort = 0; | ||||||
| 	} | 	} | ||||||
| protected: | protected: | ||||||
| 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) { | ||||||
| 		return stun_attr_add_change_request_str(buffer, &sz, _changeIp, _changePort); | 		return stun_attr_add_change_request_str(buffer, &sz, _changeIp, _changePort); | ||||||
| 	} | 	} | ||||||
| private: | private: | ||||||
| @ -492,8 +487,7 @@ public: | |||||||
| 	StunAttrResponsePort() : _rp(0) { | 	StunAttrResponsePort() : _rp(0) { | ||||||
| 		setType(STUN_ATTRIBUTE_RESPONSE_PORT); | 		setType(STUN_ATTRIBUTE_RESPONSE_PORT); | ||||||
| 	} | 	} | ||||||
| 	StunAttrResponsePort(const StunAttrIterator &iter) | 	StunAttrResponsePort(const StunAttrIterator &iter) : | ||||||
| 		throw(WrongStunAttrFormatException, EndOfStunMsgException) : |  | ||||||
| 		StunAttr(iter) { | 		StunAttr(iter) { | ||||||
| 
 | 
 | ||||||
| 		if(iter.eof()) | 		if(iter.eof()) | ||||||
| @ -513,7 +507,7 @@ public: | |||||||
| 		_rp = p; | 		_rp = p; | ||||||
| 	} | 	} | ||||||
| protected: | protected: | ||||||
| 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) { | ||||||
| 		return stun_attr_add_response_port_str(buffer, &sz, _rp); | 		return stun_attr_add_response_port_str(buffer, &sz, _rp); | ||||||
| 	} | 	} | ||||||
| private: | private: | ||||||
| @ -528,8 +522,7 @@ public: | |||||||
| 	StunAttrPadding() : _p(0) { | 	StunAttrPadding() : _p(0) { | ||||||
| 		setType(STUN_ATTRIBUTE_PADDING); | 		setType(STUN_ATTRIBUTE_PADDING); | ||||||
| 	} | 	} | ||||||
| 	StunAttrPadding(const StunAttrIterator &iter) | 	StunAttrPadding(const StunAttrIterator &iter) : | ||||||
| 		throw(WrongStunAttrFormatException, EndOfStunMsgException) : |  | ||||||
| 		StunAttr(iter) { | 		StunAttr(iter) { | ||||||
| 
 | 
 | ||||||
| 		if(iter.eof()) | 		if(iter.eof()) | ||||||
| @ -552,7 +545,7 @@ public: | |||||||
| 		_p = p; | 		_p = p; | ||||||
| 	} | 	} | ||||||
| protected: | protected: | ||||||
| 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	virtual int addToBuffer(uint8_t *buffer, size_t &sz) { | ||||||
| 		return stun_attr_add_padding_str(buffer, &sz, _p); | 		return stun_attr_add_padding_str(buffer, &sz, _p); | ||||||
| 	} | 	} | ||||||
| private: | private: | ||||||
| @ -588,7 +581,7 @@ public: | |||||||
| 	 */ | 	 */ | ||||||
| 	virtual ~StunMsg() { | 	virtual ~StunMsg() { | ||||||
| 		if(_deallocate && _buffer) { | 		if(_deallocate && _buffer) { | ||||||
| 			free(_buffer, _allocated_sz); | 			free(_buffer); | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -623,7 +616,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Set message size | 	 * Set message size | ||||||
| 	 */ | 	 */ | ||||||
| 	void setSize(size_t sz) throw(WrongStunBufferFormatException) { | 	void setSize(size_t sz) { | ||||||
| 		if(sz>_allocated_sz) | 		if(sz>_allocated_sz) | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| 		_sz = sz; | 		_sz = sz; | ||||||
| @ -700,14 +693,14 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Add attribute to the message | 	 * Add attribute to the message | ||||||
| 	 */ | 	 */ | ||||||
| 	int addAttr(StunAttr &attr) throw(WrongStunAttrFormatException, WrongStunBufferFormatException) { | 	int addAttr(StunAttr &attr) { | ||||||
| 		return attr.addToMsg(*this); | 		return attr.addToMsg(*this); | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Get transaction ID | 	 * Get transaction ID | ||||||
| 	 */ | 	 */ | ||||||
| 	virtual stun_tid getTid() const throw(WrongStunBufferFormatException) { | 	virtual stun_tid getTid() const { | ||||||
| 		if(!_constructed || !isCommand()) | 		if(!_constructed || !isCommand()) | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| 		stun_tid tid; | 		stun_tid tid; | ||||||
| @ -718,7 +711,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Set transaction ID | 	 * Set transaction ID | ||||||
| 	 */ | 	 */ | ||||||
| 	virtual void setTid(stun_tid &tid) throw(WrongStunBufferFormatException) { | 	virtual void setTid(stun_tid &tid) { | ||||||
| 		if(!_constructed || !isCommand()) | 		if(!_constructed || !isCommand()) | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| 		stun_tid_message_cpy(_buffer, &tid); | 		stun_tid_message_cpy(_buffer, &tid); | ||||||
| @ -727,7 +720,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Add fingerprint to the message | 	 * Add fingerprint to the message | ||||||
| 	 */ | 	 */ | ||||||
| 	void addFingerprint() throw(WrongStunBufferFormatException) { | 	void addFingerprint() { | ||||||
| 		if(!_constructed || !isCommand()) | 		if(!_constructed || !isCommand()) | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| 		stun_attr_add_fingerprint_str(_buffer,&_sz); | 		stun_attr_add_fingerprint_str(_buffer,&_sz); | ||||||
| @ -736,8 +729,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Check message integrity, in secure communications. | 	 * Check message integrity, in secure communications. | ||||||
| 	 */ | 	 */ | ||||||
| 	bool checkMessageIntegrity(turn_credential_type ct, std::string &uname, std::string &realm, std::string &upwd) const | 	bool checkMessageIntegrity(turn_credential_type ct, std::string &uname, std::string &realm, std::string &upwd) const { | ||||||
| 		throw(WrongStunBufferFormatException) { |  | ||||||
| 		if(!_constructed || !isCommand()) | 		if(!_constructed || !isCommand()) | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| 		uint8_t *suname=(uint8_t*)strdup(uname.c_str()); | 		uint8_t *suname=(uint8_t*)strdup(uname.c_str()); | ||||||
| @ -754,8 +746,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Adds long-term message integrity data to the message. | 	 * Adds long-term message integrity data to the message. | ||||||
| 	 */ | 	 */ | ||||||
| 	void addLTMessageIntegrity(std::string &uname, std::string &realm, std::string &upwd, std::string &nonce) | 	void addLTMessageIntegrity(std::string &uname, std::string &realm, std::string &upwd, std::string &nonce) { | ||||||
| 		throw(WrongStunBufferFormatException) { |  | ||||||
| 
 | 
 | ||||||
| 		if(!_constructed || !isCommand()) | 		if(!_constructed || !isCommand()) | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| @ -776,8 +767,7 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Adds short-term message integrity data to the message. | 	 * Adds short-term message integrity data to the message. | ||||||
| 	 */ | 	 */ | ||||||
| 	void addSTMessageIntegrity(std::string &uname, std::string &upwd) | 	void addSTMessageIntegrity(std::string &uname, std::string &upwd) { | ||||||
| 		throw(WrongStunBufferFormatException) { |  | ||||||
| 
 | 
 | ||||||
| 		if(!_constructed || !isCommand()) | 		if(!_constructed || !isCommand()) | ||||||
| 			throw WrongStunBufferFormatException(); | 			throw WrongStunBufferFormatException(); | ||||||
| @ -808,8 +798,7 @@ protected: | |||||||
| class StunMsgRequest : public StunMsg { | class StunMsgRequest : public StunMsg { | ||||||
| public: | public: | ||||||
| 	StunMsgRequest(uint16_t method) : _method(method) {}; | 	StunMsgRequest(uint16_t method) : _method(method) {}; | ||||||
| 	StunMsgRequest(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) | 	StunMsgRequest(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) : | ||||||
| 		throw(WrongStunBufferFormatException) : |  | ||||||
| 			StunMsg(buffer,total_sz,sz,constructed),_method(0) { | 			StunMsg(buffer,total_sz,sz,constructed),_method(0) { | ||||||
| 
 | 
 | ||||||
| 		if(constructed) { | 		if(constructed) { | ||||||
| @ -893,8 +882,7 @@ public: | |||||||
| 		_method(method), _err(error_code), _reason(reason), _tid(tid) { | 		_method(method), _err(error_code), _reason(reason), _tid(tid) { | ||||||
| 
 | 
 | ||||||
| 	}; | 	}; | ||||||
| 	StunMsgResponse(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) | 	StunMsgResponse(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) : | ||||||
| 		throw(WrongStunBufferFormatException) : |  | ||||||
| 			StunMsg(buffer,total_sz,sz,constructed),_method(0),_err(0),_reason("") { | 			StunMsg(buffer,total_sz,sz,constructed),_method(0),_err(0),_reason("") { | ||||||
| 
 | 
 | ||||||
| 		if(constructed) { | 		if(constructed) { | ||||||
| @ -949,14 +937,14 @@ public: | |||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Set transaction ID | 	 * Set transaction ID | ||||||
| 	 */ | 	 */ | ||||||
| 	void setTid(stun_tid &tid) throw(WrongStunBufferFormatException) { | 	void setTid(stun_tid &tid) { | ||||||
| 		_tid = tid; | 		_tid = tid; | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	/**
 | 	/**
 | ||||||
| 	 * Get transaction ID | 	 * Get transaction ID | ||||||
| 	 */ | 	 */ | ||||||
| 	virtual stun_tid getTid() const throw(WrongStunBufferFormatException) { | 	virtual stun_tid getTid() const { | ||||||
| 		return _tid; | 		return _tid; | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -1074,8 +1062,7 @@ private: | |||||||
| class StunMsgIndication : public StunMsg { | class StunMsgIndication : public StunMsg { | ||||||
| public: | public: | ||||||
| 	StunMsgIndication(uint16_t method) : _method(method) {}; | 	StunMsgIndication(uint16_t method) : _method(method) {}; | ||||||
| 	StunMsgIndication(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) | 	StunMsgIndication(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) : | ||||||
| 		throw(WrongStunBufferFormatException) : |  | ||||||
| 			StunMsg(buffer,total_sz,sz,constructed),_method(0) { | 			StunMsg(buffer,total_sz,sz,constructed),_method(0) { | ||||||
| 
 | 
 | ||||||
| 		if(constructed) { | 		if(constructed) { | ||||||
| @ -1123,8 +1110,7 @@ private: | |||||||
| class StunMsgChannel : public StunMsg { | class StunMsgChannel : public StunMsg { | ||||||
| public: | public: | ||||||
| 	StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length) {}; | 	StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length) {}; | ||||||
| 	StunMsgChannel(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) | 	StunMsgChannel(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) : | ||||||
| 		throw(WrongStunBufferFormatException) : |  | ||||||
| 			StunMsg(buffer,total_sz,sz,constructed),_cn(0) { | 			StunMsg(buffer,total_sz,sz,constructed),_cn(0) { | ||||||
| 
 | 
 | ||||||
| 		if(constructed) { | 		if(constructed) { | ||||||
|  | |||||||
| @ -244,7 +244,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c | |||||||
| 		unsigned int keylen = 0; | 		unsigned int keylen = 0; | ||||||
| 		EVP_MD_CTX ctx; | 		EVP_MD_CTX ctx; | ||||||
| 		EVP_MD_CTX_init(&ctx); | 		EVP_MD_CTX_init(&ctx); | ||||||
| #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW | #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER) | ||||||
| 		if (FIPS_mode()) { | 		if (FIPS_mode()) { | ||||||
| 			EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 			EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||||||
| 		} | 		} | ||||||
| @ -256,7 +256,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c | |||||||
| #else | #else | ||||||
| 		unsigned int keylen = 0; | 		unsigned int keylen = 0; | ||||||
| 		EVP_MD_CTX *ctx = EVP_MD_CTX_new(); | 		EVP_MD_CTX *ctx = EVP_MD_CTX_new(); | ||||||
| #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW | #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER) | ||||||
| 		if (FIPS_mode()) { | 		if (FIPS_mode()) { | ||||||
| 			EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 			EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||||||
| 		} | 		} | ||||||
|  | |||||||
| @ -31,7 +31,7 @@ | |||||||
| #ifndef __IOADEFS__ | #ifndef __IOADEFS__ | ||||||
| #define __IOADEFS__ | #define __IOADEFS__ | ||||||
| 
 | 
 | ||||||
| #define TURN_SERVER_VERSION "4.5.1.3" | #define TURN_SERVER_VERSION "4.5.2" | ||||||
| #define TURN_SERVER_VERSION_NAME "dan Eider" | #define TURN_SERVER_VERSION_NAME "dan Eider" | ||||||
| #define TURN_SOFTWARE "Coturn-" TURN_SERVER_VERSION " '" TURN_SERVER_VERSION_NAME "'" | #define TURN_SOFTWARE "Coturn-" TURN_SERVER_VERSION " '" TURN_SERVER_VERSION_NAME "'" | ||||||
| 
 | 
 | ||||||
| @ -39,6 +39,10 @@ | |||||||
| #include <sys/param.h> | #include <sys/param.h> | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
|  | #if defined(__APPLE__) || defined(__DARWIN__) || defined(__MACH__) | ||||||
|  | #define __APPLE_USE_RFC_3542 | ||||||
|  | #endif | ||||||
|  | 
 | ||||||
| #include <sys/types.h> | #include <sys/types.h> | ||||||
| #include <sys/socket.h> | #include <sys/socket.h> | ||||||
| #include <netinet/in.h> | #include <netinet/in.h> | ||||||
|  | |||||||
| @ -286,6 +286,14 @@ int get_default_protocol_port(const char* scheme, size_t slen); | |||||||
| 
 | 
 | ||||||
| void handle_http_echo(ioa_socket_handle s); | void handle_http_echo(ioa_socket_handle s); | ||||||
| 
 | 
 | ||||||
|  | ///////////// ACME /////////////////////
 | ||||||
|  | 
 | ||||||
|  | int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle s); | ||||||
|  | 
 | ||||||
|  | ///////////// ACME /////////////////////
 | ||||||
|  | 
 | ||||||
|  | int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle s); | ||||||
|  | 
 | ||||||
| ///////////////////////////////////////
 | ///////////////////////////////////////
 | ||||||
| 
 | 
 | ||||||
| #ifdef __cplusplus | #ifdef __cplusplus | ||||||
|  | |||||||
| @ -3832,13 +3832,13 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss, | |||||||
| 							&dest_changed, &response_destination, | 							&dest_changed, &response_destination, | ||||||
| 							0, 0); | 							0, 0); | ||||||
| 
 | 
 | ||||||
| 				if(server->verbose) { | 				if(server->verbose && server->log_binding) { | ||||||
| 				  log_method(ss, "BINDING", err_code, reason); | 				  log_method(ss, "BINDING", err_code, reason); | ||||||
| 				} | 				} | ||||||
| 
 | 
 | ||||||
| 				if(*resp_constructed && !err_code && (origin_changed || dest_changed)) { | 				if(*resp_constructed && !err_code && (origin_changed || dest_changed)) { | ||||||
| 
 | 
 | ||||||
| 					if (server->verbose) { | 					if (server->verbose && server->log_binding) { | ||||||
| 						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "RFC 5780 request successfully processed\n"); | 						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "RFC 5780 request successfully processed\n"); | ||||||
| 					} | 					} | ||||||
| 
 | 
 | ||||||
| @ -4014,7 +4014,7 @@ static int handle_old_stun_command(turn_turnserver *server, ts_ur_super_session | |||||||
| 						&dest_changed, &response_destination, | 						&dest_changed, &response_destination, | ||||||
| 						cookie,1); | 						cookie,1); | ||||||
| 
 | 
 | ||||||
| 			if(server->verbose) { | 			if(server->verbose && *(server->log_binding)) { | ||||||
| 			  log_method(ss, "OLD BINDING", err_code, reason); | 			  log_method(ss, "OLD BINDING", err_code, reason); | ||||||
| 			} | 			} | ||||||
| 
 | 
 | ||||||
| @ -4624,14 +4624,27 @@ static int read_client_connection(turn_turnserver *server, | |||||||
| 	} else { | 	} else { | ||||||
| 		SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket); | 		SOCKET_TYPE st = get_ioa_socket_type(ss->client_socket); | ||||||
| 		if(is_stream_socket(st)) { | 		if(is_stream_socket(st)) { | ||||||
| 			if(is_http((char*)ioa_network_buffer_data(in_buffer->nbh), ioa_network_buffer_get_size(in_buffer->nbh))) { | 			if(is_http((char*)ioa_network_buffer_data(in_buffer->nbh), | ||||||
|  | 			ioa_network_buffer_get_size(in_buffer->nbh))) { | ||||||
|  | 
 | ||||||
| 				const char *proto = "HTTP"; | 				const char *proto = "HTTP"; | ||||||
| 				ioa_network_buffer_data(in_buffer->nbh)[ioa_network_buffer_get_size(in_buffer->nbh)] = 0; | 				if ((st == TCP_SOCKET) && | ||||||
| 				if (*server->web_admin_listen_on_workers) { | 					( | ||||||
|  | 						try_acme_redirect( | ||||||
|  | 							(char*)ioa_network_buffer_data(in_buffer->nbh), | ||||||
|  | 							ioa_network_buffer_get_size(in_buffer->nbh), | ||||||
|  | 							server->acme_redirect, | ||||||
|  | 							ss->client_socket | ||||||
|  | 						) == 0 | ||||||
|  | 					) | ||||||
|  | 				) { | ||||||
|  | 					ss->to_be_closed = 1; | ||||||
|  | 					return 0; | ||||||
|  | 				} else if (*server->web_admin_listen_on_workers) { | ||||||
| 					if(st==TLS_SOCKET) { | 					if(st==TLS_SOCKET) { | ||||||
| 						proto = "HTTPS"; | 						proto = "HTTPS"; | ||||||
| 						set_ioa_socket_app_type(ss->client_socket,HTTPS_CLIENT_SOCKET); | 						set_ioa_socket_app_type(ss->client_socket,HTTPS_CLIENT_SOCKET); | ||||||
| 						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: %s (%s %s) request: %s\n", __FUNCTION__, proto, get_ioa_socket_cipher(ss->client_socket), get_ioa_socket_ssl_method(ss->client_socket), (char*)ioa_network_buffer_data(in_buffer->nbh)); | 						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: %s (%s %s) request: %s\n", __FUNCTION__, proto, get_ioa_socket_cipher(ss->client_socket), get_ioa_socket_ssl_method(ss->client_socket), ioa_network_buffer_get_size(in_buffer->nbh)); | ||||||
| 						if(server->send_https_socket) { | 						if(server->send_https_socket) { | ||||||
| 							TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s socket to be detached: 0x%lx, st=%d, sat=%d\n", __FUNCTION__,(long)ss->client_socket, get_ioa_socket_type(ss->client_socket), get_ioa_socket_app_type(ss->client_socket)); | 							TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s socket to be detached: 0x%lx, st=%d, sat=%d\n", __FUNCTION__,(long)ss->client_socket, get_ioa_socket_type(ss->client_socket), get_ioa_socket_app_type(ss->client_socket)); | ||||||
| 							ioa_socket_handle new_s = detach_ioa_socket(ss->client_socket); | 							ioa_socket_handle new_s = detach_ioa_socket(ss->client_socket); | ||||||
| @ -4644,7 +4657,7 @@ static int read_client_connection(turn_turnserver *server, | |||||||
| 					} else { | 					} else { | ||||||
| 						set_ioa_socket_app_type(ss->client_socket,HTTP_CLIENT_SOCKET); | 						set_ioa_socket_app_type(ss->client_socket,HTTP_CLIENT_SOCKET); | ||||||
| 						if(server->verbose) { | 						if(server->verbose) { | ||||||
| 							TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: %s request: %s\n", __FUNCTION__, proto, (char*)ioa_network_buffer_data(in_buffer->nbh)); | 							TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: %s request: %s\n", __FUNCTION__, proto, ioa_network_buffer_get_size(in_buffer->nbh)); | ||||||
| 						} | 						} | ||||||
| 						handle_http_echo(ss->client_socket); | 						handle_http_echo(ss->client_socket); | ||||||
| 					} | 					} | ||||||
| @ -4915,7 +4928,9 @@ void init_turn_server(turn_turnserver* server, | |||||||
| 		allocate_bps_cb allocate_bps_func, | 		allocate_bps_cb allocate_bps_func, | ||||||
| 		int oauth, | 		int oauth, | ||||||
| 		const char* oauth_server_name, | 		const char* oauth_server_name, | ||||||
| 		int keep_address_family) { | 		const char* acme_redirect, | ||||||
|  | 		int keep_address_family, | ||||||
|  | 		vintp log_binding) { | ||||||
| 
 | 
 | ||||||
| 	if (!server) | 	if (!server) | ||||||
| 		return; | 		return; | ||||||
| @ -4944,6 +4959,7 @@ void init_turn_server(turn_turnserver* server, | |||||||
| 		server->oauth_server_name = oauth_server_name; | 		server->oauth_server_name = oauth_server_name; | ||||||
| 	if(mobility) | 	if(mobility) | ||||||
| 		server->mobile_connections_map = ur_map_create(); | 		server->mobile_connections_map = ur_map_create(); | ||||||
|  | 	server->acme_redirect = acme_redirect; | ||||||
| 
 | 
 | ||||||
| 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"turn server id=%d created\n",(int)id); | 	TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"turn server id=%d created\n",(int)id); | ||||||
| 
 | 
 | ||||||
| @ -4986,6 +5002,8 @@ void init_turn_server(turn_turnserver* server, | |||||||
| 	server->keep_address_family = keep_address_family; | 	server->keep_address_family = keep_address_family; | ||||||
| 
 | 
 | ||||||
| 	set_ioa_timer(server->e, 1, 0, timer_timeout_handler, server, 1, "timer_timeout_handler"); | 	set_ioa_timer(server->e, 1, 0, timer_timeout_handler, server, 1, "timer_timeout_handler"); | ||||||
|  | 
 | ||||||
|  | 	server->log_binding = log_binding; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ioa_engine_handle turn_server_get_engine(turn_turnserver *s) { | ioa_engine_handle turn_server_get_engine(turn_turnserver *s) { | ||||||
|  | |||||||
| @ -171,8 +171,14 @@ struct _turn_turnserver { | |||||||
| 	int oauth; | 	int oauth; | ||||||
| 	const char* oauth_server_name; | 	const char* oauth_server_name; | ||||||
| 
 | 
 | ||||||
|  | 	/* ACME redirect URL */ | ||||||
|  | 	const char* acme_redirect; | ||||||
|  | 
 | ||||||
| 	/* Keep Address Family */ | 	/* Keep Address Family */ | ||||||
| 	int keep_address_family; | 	int keep_address_family; | ||||||
|  | 
 | ||||||
|  | 	/* Log Binding Requrest */ | ||||||
|  | 	vintp log_binding; | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| const char * get_version(turn_turnserver *server); | const char * get_version(turn_turnserver *server); | ||||||
| @ -218,7 +224,9 @@ void init_turn_server(turn_turnserver* server, | |||||||
| 				    allocate_bps_cb allocate_bps_func, | 				    allocate_bps_cb allocate_bps_func, | ||||||
| 				    int oauth, | 				    int oauth, | ||||||
| 				    const char* oauth_server_name, | 				    const char* oauth_server_name, | ||||||
| 					int keep_address_family); | 					const char* acme_redirect, | ||||||
|  | 					int keep_address_family, | ||||||
|  | 					vintp log_binding); | ||||||
| 
 | 
 | ||||||
| ioa_engine_handle turn_server_get_engine(turn_turnserver *s); | ioa_engine_handle turn_server_get_engine(turn_turnserver *s); | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user