From 27b261eb58116e1dd395124e90ccbcc09d13b135 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu>
Date: Tue, 5 Jan 2021 09:55:55 +0000
Subject: [PATCH] Disable binding logging to avoid DoS attack

* Add new option log-binding
---
 ChangeLog                      |  2 ++
 README.turnserver              |  2 ++
 examples/etc/turnserver.conf   |  4 ++++
 man/man1/turnadmin.1           |  2 +-
 man/man1/turnserver.1          |  6 +++++-
 man/man1/turnutils.1           |  2 +-
 src/apps/relay/dtls_listener.c |  2 +-
 src/apps/relay/mainrelay.c     | 13 +++++++++++--
 src/apps/relay/mainrelay.h     |  2 ++
 src/apps/relay/netengine.c     |  3 ++-
 src/server/ns_turn_server.c    | 11 +++++++----
 src/server/ns_turn_server.h    |  6 +++++-
 12 files changed, 43 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f2210baa..9d647154 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,8 @@ Version 4.5.2 'dan Eider':
 		* Add ACME redirect url
 	- merge PR #551 (by jelmd)
 		* support of --acme-redirect <URL>
+	- Disable binding request logging to avoid DoS attacks. (Breaking change!)
+		* Add new --log-binding option to enable binding request logging
 
 24/06/2020 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
 Version 4.5.1.3 'dan Eider':
diff --git a/README.turnserver b/README.turnserver
index df74704b..46e3bbc3 100644
--- a/README.turnserver
+++ b/README.turnserver
@@ -229,6 +229,8 @@ Flags:
 
 --new-log-timestamp-format    	<format>	Set timestamp format (in strftime(1) format)
 
+--log-binding					Log STUN binding request. It is now disabled by default to avoid DoS attacks.
+
 --secure-stun		Require authentication of the STUN Binding request.
 			By default, the clients are allowed anonymous access to the STUN Binding functionality.
 
diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf
index 906a4b98..d5e39ea4 100644
--- a/examples/etc/turnserver.conf
+++ b/examples/etc/turnserver.conf
@@ -540,6 +540,10 @@
 # Set timestamp format (in strftime(1) format)
 #new-log-timestamp-format "%FT%T%z"
 
+# Disabled by default binding logging in verbose log mode to avoid DoS attacks.
+# Enable binding logging and UDP endpoint logs in verbose log mode.
+#log-binding
+
 # Option to set the "redirection" mode. The value of this option
 # will be the address of the alternate server for UDP & TCP service in the form of
 # <ip>[:<port>]. The server will send this value in the attribute
diff --git a/man/man1/turnadmin.1 b/man/man1/turnadmin.1
index 8540085b..d19ce74d 100644
--- a/man/man1/turnadmin.1
+++ b/man/man1/turnadmin.1
@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "15 December 2020" "" ""
+.TH TURN 1 "05 January 2021" "" ""
 .SH GENERAL INFORMATION
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage
diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1
index f52a25c5..9286e018 100644
--- a/man/man1/turnserver.1
+++ b/man/man1/turnserver.1
@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "15 December 2020" "" ""
+.TH TURN 1 "05 January 2021" "" ""
 .SH GENERAL INFORMATION
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
@@ -345,6 +345,10 @@ Enable full ISO\-8601 timestamp in all logs.
 <format>        Set timestamp format (in \fBstrftime\fP(1) format)
 .TP
 .B
+\fB\-\-log\-binding\fP
+Log STUN binding request. It is now disabled by default to avoid DoS attacks.
+.TP
+.B
 \fB\-\-secure\-stun\fP
 Require authentication of the STUN Binding request.
 By default, the clients are allowed anonymous access to the STUN Binding functionality.
diff --git a/man/man1/turnutils.1 b/man/man1/turnutils.1
index 809f83a4..26b98805 100644
--- a/man/man1/turnutils.1
+++ b/man/man1/turnutils.1
@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "15 December 2020" "" ""
+.TH TURN 1 "05 January 2021" "" ""
 .SH GENERAL INFORMATION
 
 A set of turnutils_* programs provides some utility functionality to be used
diff --git a/src/apps/relay/dtls_listener.c b/src/apps/relay/dtls_listener.c
index 08a17e7d..7689a134 100644
--- a/src/apps/relay/dtls_listener.c
+++ b/src/apps/relay/dtls_listener.c
@@ -456,7 +456,7 @@ static int handle_udp_packet(dtls_listener_relay_server_type *server,
 		sm->m.sm.s = s;
 
 		if (s) {
-			if(verbose) {
+			if(verbose && turn_params.log_binding) {
 				uint8_t saddr[129];
 				uint8_t rsaddr[129];
 				addr_to_string(get_local_addr_from_ioa_socket(s),saddr);
diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
index 102b8f1d..42213019 100644
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@@ -168,7 +168,9 @@ DEFAULT_CPUS_NUMBER,
 0,  /* keep_address_family */
 0,  /* no_auth_pings */
 0,  /* no_dynamic_ip_list */
-0   /* no_dynamic_realms */
+0,  /* no_dynamic_realms */
+
+0   /* log_binding */
 };
 
 //////////////// OpenSSL Init //////////////////////
@@ -605,6 +607,7 @@ static char Usage[] = "Usage: turnserver [options]\n"
 "						This option can be used, for example, together with the logrotate tool.\n"
 " --new-log-timestamp				Enable full ISO-8601 timestamp in all logs.\n"
 " --new-log-timestamp-format    	<format>	Set timestamp format (in strftime(1) format)\n"
+" --log-binding					Log STUN binding request. It is now disabled by default to avoid DoS attacks.\n"
 " --stale-nonce[=<value>]			Use extra security with nonce value having limited lifetime (default 600 secs).\n"
 " --max-allocate-lifetime	<value>		Set the maximum value for the allocation lifetime. Default to 3600 secs.\n"
 " --channel-lifetime		<value>		Set the lifetime for channel binding, default to 600 secs.\n"
@@ -813,7 +816,8 @@ enum EXTRA_OPTS {
 	NO_SOFTWARE_ATTRIBUTE_OPT,
 	NO_HTTP_OPT,
 	SECRET_KEY_OPT,
-	ACME_REDIRECT_OPT
+	ACME_REDIRECT_OPT,
+	LOG_BINDING_OPT
 };
 
 struct myoption {
@@ -948,6 +952,8 @@ static const struct myoption long_options[] = {
 				{ "secret-key-file", required_argument, NULL, SECRET_KEY_OPT },
 				{ "keep-address-family", optional_argument, NULL, 'K' },
 				{ "acme-redirect", required_argument, NULL, ACME_REDIRECT_OPT },
+				{ "log-binding", optional_argument, NULL, LOG_BINDING_OPT },
+
 				{ NULL, no_argument, NULL, 0 }
 };
 
@@ -1607,6 +1613,9 @@ static void set_option(int c, char *value)
 	case NEW_LOG_TIMESTAMP_FORMAT_OPT:
 		set_turn_log_timestamp_format(value);
 		break;
+	case LOG_BINDING_OPT:
+		turn_params.log_binding = get_bool_value(value);
+		break;
 
 	/* these options have been already taken care of before: */
 	case 'l':
diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h
index 0bcdbbd4..5b6f7cdd 100644
--- a/src/apps/relay/mainrelay.h
+++ b/src/apps/relay/mainrelay.h
@@ -333,6 +333,8 @@ typedef struct _turn_params_ {
   int no_dynamic_ip_list;
   int no_dynamic_realms;
 
+  vint log_binding;
+  
 } turn_params_t;
 
 extern turn_params_t turn_params;
diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c
index 20f558cd..6a456f6a 100644
--- a/src/apps/relay/netengine.c
+++ b/src/apps/relay/netengine.c
@@ -1668,7 +1668,8 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
 			 turn_params.oauth,
 			 turn_params.oauth_server_name,
 			 turn_params.acme_redirect,
-			 turn_params.keep_address_family);
+			 turn_params.keep_address_family,
+			 &turn_params.log_binding);
 	
 	if(to_set_rfc5780) {
 		set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client);
diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c
index 4ed12d44..3d9034f3 100644
--- a/src/server/ns_turn_server.c
+++ b/src/server/ns_turn_server.c
@@ -3832,13 +3832,13 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 							&dest_changed, &response_destination,
 							0, 0);
 
-				if(server->verbose) {
+				if(server->verbose && server->log_binding) {
 				  log_method(ss, "BINDING", err_code, reason);
 				}
 
 				if(*resp_constructed && !err_code && (origin_changed || dest_changed)) {
 
-					if (server->verbose) {
+					if (server->verbose && server->log_binding) {
 						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "RFC 5780 request successfully processed\n");
 					}
 
@@ -4014,7 +4014,7 @@ static int handle_old_stun_command(turn_turnserver *server, ts_ur_super_session
 						&dest_changed, &response_destination,
 						cookie,1);
 
-			if(server->verbose) {
+			if(server->verbose && *(server->log_binding)) {
 			  log_method(ss, "OLD BINDING", err_code, reason);
 			}
 
@@ -4929,7 +4929,8 @@ void init_turn_server(turn_turnserver* server,
 		int oauth,
 		const char* oauth_server_name,
 		const char* acme_redirect,
-		int keep_address_family) {
+		int keep_address_family,
+		vintp log_binding) {
 
 	if (!server)
 		return;
@@ -5001,6 +5002,8 @@ void init_turn_server(turn_turnserver* server,
 	server->keep_address_family = keep_address_family;
 
 	set_ioa_timer(server->e, 1, 0, timer_timeout_handler, server, 1, "timer_timeout_handler");
+
+	server->log_binding = log_binding;
 }
 
 ioa_engine_handle turn_server_get_engine(turn_turnserver *s) {
diff --git a/src/server/ns_turn_server.h b/src/server/ns_turn_server.h
index 0df99716..aab33e36 100644
--- a/src/server/ns_turn_server.h
+++ b/src/server/ns_turn_server.h
@@ -176,6 +176,9 @@ struct _turn_turnserver {
 
 	/* Keep Address Family */
 	int keep_address_family;
+
+	/* Log Binding Requrest */
+	vintp log_binding;
 };
 
 const char * get_version(turn_turnserver *server);
@@ -222,7 +225,8 @@ void init_turn_server(turn_turnserver* server,
 				    int oauth,
 				    const char* oauth_server_name,
 					const char* acme_redirect,
-					int keep_address_family);
+					int keep_address_family,
+					vintp log_binding);
 
 ioa_engine_handle turn_server_get_engine(turn_turnserver *s);