mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2026-05-05 10:46:10 +02:00
Code Issues Projects Releases Wiki Activity

cleaning the branch

Browse Source
This commit is contained in:
Oleg Moskalenko 2015-07-18 21:55:56 -07:00
parent 9d0c563581
commit 930cb3d566
170 changed files with 0 additions and 60850 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
AUTHORS
View File

@ -1,53 +0,0 @@
Oleg Moskalenko <mom040267@gmail.com> :
General design and implementation
(2011-2013);
Gabor Kovesdan, http://kovesdan.org :
FreeBSD packaging
(since v1.5.2.6);
Daniel Pocock, http://danielpocock.com :
Debian packaging
(since v1.8.3.6);
John Selbie (jselbie@gmail.com) :
Stuntman interoperability, RFC5780 fixes
MS Windows port work
(since v1.8.3.6);
Lee Sylvester <lee@designrealm.co.uk> :
Status and statistics - ideas and pilot implementation
(since v1.8.4.0);
Erik Johnston <erikj@openmarket.com> :
Access Control Lists, 2013
(since v1.8.5.0);
Roman Lisagor <roman@demonware.net> :
Testing, code optimization
(since v1.8.6.0);
Vladimir Tsanev <tsachev@gmail.com> :
configure script and Makefile fixes,
Arch Linux port
(since v1.8.6.1);
Po-sheng Lin <personlin118@gmail.com> :
Libevent dependencies cleaning
(since v2.0.1.1);
Peter Dunkley <peter.dunkley@acision.com> :
CentOS/Fedora port
(since v2.6.6.1)
Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
TCP routing: testing and bug fixes
(since v3.2.2.7)
Federico Pinna <fpinna@vivocha.com>
MongoDB support
(since v4.1.0.1)
Bradley T. Hughes <bradleythughes@fastmail.fm>
FreeBSD port
(since v4.1.2.1)

1149
ChangeLog
View File

File diff suppressed because it is too large Load Diff

1167
INSTALL
View File

File diff suppressed because it is too large Load Diff

31
LICENSE
View File

@ -1,31 +0,0 @@
/*
* TURN Server - RFC5766 TURN Server implementation
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/

127
LICENSE.OpenSSL
View File

@ -1,127 +0,0 @@
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/

186
Makefile.in
View File

@ -1,186 +0,0 @@
LIBEVENT_INCLUDE = -I${PREFIX}/include/ -I/usr/local/include/
INCFLAGS = -Isrc -Isrc/apps/common -Isrc/server -Isrc/client -Isrc/client++ ${LIBEVENT_INCLUDE}
CFLAGS += ${INCFLAGS}
MAKE_DEPS = Makefile
LIBCLIENTTURN_HEADERS = src/ns_turn_defs.h src/client++/TurnMsgLib.h src/client/ns_turn_ioaddr.h src/client/ns_turn_msg.h src/client/ns_turn_msg_defs.h src/client/ns_turn_msg_defs_experimental.h src/client/ns_turn_msg_addr.h
LIBCLIENTTURN_MODS = src/client/ns_turn_ioaddr.c src/client/ns_turn_msg_addr.c src/client/ns_turn_msg.c
LIBCLIENTTURN_DEPS = ${LIBCLIENTTURN_HEADERS} ${MAKE_DEPS}
LIBCLIENTTURN_OBJS = build/obj/ns_turn_ioaddr.o build/obj/ns_turn_msg_addr.o build/obj/ns_turn_msg.o
SERVERTURN_HEADERS = src/server/ns_turn_allocation.h src/server/ns_turn_ioalib.h src/server/ns_turn_khash.h src/server/ns_turn_maps_rtcp.h src/server/ns_turn_maps.h src/server/ns_turn_server.h src/server/ns_turn_session.h
SERVERTURN_DEPS = ${LIBCLIENTTURN_HEADERS} ${SERVERTURN_HEADERS} ${MAKE_DEPS}
SERVERTURN_MODS = ${LIBCLIENTTURN_MODS} src/server/ns_turn_allocation.c src/server/ns_turn_maps_rtcp.c src/server/ns_turn_maps.c src/server/ns_turn_server.c
COMMON_HEADERS = src/apps/common/apputils.h src/apps/common/ns_turn_utils.h src/apps/common/stun_buffer.h
COMMON_MODS = src/apps/common/apputils.c src/apps/common/ns_turn_utils.c src/apps/common/stun_buffer.c
COMMON_DEPS = ${LIBCLIENTTURN_DEPS} ${COMMON_MODS} ${COMMON_HEADERS}
IMPL_HEADERS = src/apps/relay/ns_ioalib_impl.h src/apps/relay/ns_sm.h src/apps/relay/turn_ports.h
IMPL_MODS = src/apps/relay/ns_ioalib_engine_impl.c src/apps/relay/turn_ports.c src/apps/relay/http_server.c
IMPL_DEPS = ${COMMON_DEPS} ${IMPL_HEADERS} ${IMPL_MODS}
HIREDIS_HEADERS = src/apps/common/hiredis_libevent2.h
HIREDIS_MODS = src/apps/common/hiredis_libevent2.c
USERDB_HEADERS = src/apps/relay/dbdrivers/dbdriver.h src/apps/relay/dbdrivers/dbd_sqlite.h src/apps/relay/dbdrivers/dbd_pgsql.h src/apps/relay/dbdrivers/dbd_mysql.h src/apps/relay/dbdrivers/dbd_mongo.h src/apps/relay/dbdrivers/dbd_redis.h
USERDB_MODS = src/apps/relay/dbdrivers/dbdriver.c src/apps/relay/dbdrivers/dbd_sqlite.c src/apps/relay/dbdrivers/dbd_pgsql.c src/apps/relay/dbdrivers/dbd_mysql.c src/apps/relay/dbdrivers/dbd_mongo.c src/apps/relay/dbdrivers/dbd_redis.c
SERVERAPP_HEADERS = src/apps/relay/userdb.h src/apps/relay/tls_listener.h src/apps/relay/mainrelay.h src/apps/relay/turn_admin_server.h src/apps/relay/dtls_listener.h src/apps/relay/libtelnet.h ${HIREDIS_HEADERS} ${USERDB_HEADERS}
SERVERAPP_MODS = src/apps/relay/mainrelay.c src/apps/relay/netengine.c src/apps/relay/libtelnet.c src/apps/relay/turn_admin_server.c src/apps/relay/userdb.c src/apps/relay/tls_listener.c src/apps/relay/dtls_listener.c ${HIREDIS_MODS} ${USERDB_MODS}
SERVERAPP_DEPS = ${SERVERTURN_MODS} ${SERVERTURN_DEPS} ${SERVERAPP_MODS} ${SERVERAPP_HEADERS} ${COMMON_DEPS} ${IMPL_DEPS} lib/libturnclient.a
TURN_BUILD_RESULTS = bin/turnutils_stunclient bin/turnutils_rfc5769check bin/turnutils_uclient bin/turnserver bin/turnutils_peer lib/libturnclient.a include/turn/ns_turn_defs.h sqlite_empty_db
all: ${TURN_BUILD_RESULTS}
test: check
check: bin/turnutils_rfc5769check
bin/turnutils_rfc5769check
include/turn/ns_turn_defs.h: src/ns_turn_defs.h
${RMCMD} include
${MKBUILDDIR} include/turn/client
cp -pf src/client/*.h include/turn/client/
cp -pf src/client++/*.h include/turn/client/
cp -pf src/ns_turn_defs.h include/turn/
bin/turnutils_uclient: ${COMMON_DEPS} src/apps/uclient/session.h lib/libturnclient.a src/apps/uclient/mainuclient.c src/apps/uclient/uclient.c src/apps/uclient/uclient.h src/apps/uclient/startuclient.c src/apps/uclient/startuclient.h
${MKBUILDDIR} bin
${CC} ${CPPFLAGS} ${CFLAGS} src/apps/uclient/uclient.c src/apps/uclient/startuclient.c src/apps/uclient/mainuclient.c ${COMMON_MODS} -o $@ -Llib -lturnclient -Llib ${LDFLAGS}
bin/turnutils_stunclient: ${COMMON_DEPS} lib/libturnclient.a src/apps/stunclient/stunclient.c
pwd
${MKBUILDDIR} bin
${CC} ${CPPFLAGS} ${CFLAGS} src/apps/stunclient/stunclient.c ${COMMON_MODS} -o $@ -Llib -lturnclient -Llib ${LDFLAGS}
bin/turnutils_rfc5769check: ${COMMON_DEPS} lib/libturnclient.a src/apps/rfc5769/rfc5769check.c
pwd
${MKBUILDDIR} bin
${CC} ${CPPFLAGS} ${CFLAGS} src/apps/rfc5769/rfc5769check.c ${COMMON_MODS} -o $@ -Llib -lturnclient -Llib ${LDFLAGS}
bin/turnserver: ${SERVERAPP_DEPS}
${MKBUILDDIR} bin
${RMCMD} bin/turnadmin
${CC} ${CPPFLAGS} ${CFLAGS} ${DBCFLAGS} ${IMPL_MODS} -Ilib ${SERVERAPP_MODS} ${COMMON_MODS} ${SERVERTURN_MODS} -o $@ ${DBLIBS} ${LDFLAGS}
cd bin; ln -s turnserver turnadmin
bin/turnutils_peer: ${COMMON_DEPS} ${LIBCLIENTTURN_MODS} ${LIBCLIENTTURN_DEPS} lib/libturnclient.a src/apps/peer/mainudpserver.c src/apps/peer/udpserver.h src/apps/peer/udpserver.c
${MKBUILDDIR} bin
${CC} ${CPPFLAGS} ${CFLAGS} src/apps/peer/mainudpserver.c src/apps/peer/udpserver.c ${COMMON_MODS} -o $@ -Llib -lturnclient -Llib ${LDFLAGS}
### Client Library:
lib/libturnclient.a: ${LIBCLIENTTURN_OBJS} ${LIBCLIENTTURN_DEPS}
${MKBUILDDIR} lib
${ARCHIVERCMD} $@ ${LIBCLIENTTURN_OBJS}
build/obj/ns_turn_ioaddr.o: src/client/ns_turn_ioaddr.c ${LUBCLIENTTURN_DEPS}
${MKBUILDDIR} build/obj
${CC} ${CPPFLAGS} ${CFLAGS} -c src/client/ns_turn_ioaddr.c -o $@
build/obj/ns_turn_msg_addr.o: src/client/ns_turn_msg_addr.c ${LUBCLIENTTURN_DEPS}
${MKBUILDDIR} build/obj
${CC} ${CPPFLAGS} ${CFLAGS} -c src/client/ns_turn_msg_addr.c -o $@
build/obj/ns_turn_msg.o: src/client/ns_turn_msg.c ${LUBCLIENTTURN_DEPS}
${MKBUILDDIR} build/obj
${CC} ${CPPFLAGS} ${CFLAGS} -c src/client/ns_turn_msg.c -o $@
### Clean all:
clean:
${RMCMD} bin build lib obj *bak *~ */*~ */*/*~ */*/*/*~ *core */*core */*/*core include Makefile tmp sqlite
distclean: clean
### SQLite empty database:
sqlite_empty_db : sqlite/turndb
sqlite/turndb : turndb/schema.sql
${MKDIR} sqlite
${RMCMD} sqlite/turndb
${SQLITE_CMD} sqlite/turndb < turndb/schema.sql
### Install all:
install: all ${MAKE_DEPS}
${MKDIR} ${DESTDIR}${PREFIX}
${MKDIR} ${DESTDIR}${BINDIR}
${MKDIR} ${DESTDIR}${TURNDBDIR}
${MKDIR} ${DESTDIR}${MANPREFIX}/man/man1
${MKDIR} ${DESTDIR}${CONFDIR}
${MKDIR} ${DESTDIR}${LIBDIR}
${MKDIR} ${DESTDIR}${EXAMPLESDIR}
${MKDIR} ${DESTDIR}${DOCSDIR}
${MKDIR} ${DESTDIR}${SCHEMADIR}
${MKDIR} ${DESTDIR}${TURNINCLUDEDIR}
${INSTALL_PROGRAM} bin/turnserver ${DESTDIR}${BINDIR}
${INSTALL_PROGRAM} bin/turnadmin ${DESTDIR}${BINDIR}
${INSTALL_PROGRAM} bin/turnutils_uclient ${DESTDIR}${BINDIR}
${INSTALL_PROGRAM} bin/turnutils_peer ${DESTDIR}${BINDIR}
${INSTALL_PROGRAM} bin/turnutils_stunclient ${DESTDIR}${BINDIR}
${INSTALL_MAN} man/man1/turnserver.1 ${DESTDIR}${MANPREFIX}/man/man1/
${INSTALL_MAN} man/man1/turnadmin.1 ${DESTDIR}${MANPREFIX}/man/man1/
${INSTALL_MAN} man/man1/turnutils.1 ${DESTDIR}${MANPREFIX}/man/man1/
${INSTALL_MAN} man/man1/turnutils_uclient.1 ${DESTDIR}${MANPREFIX}/man/man1/
${INSTALL_MAN} man/man1/turnutils_stunclient.1 ${DESTDIR}${MANPREFIX}/man/man1/
${INSTALL_MAN} man/man1/turnutils_peer.1 ${DESTDIR}${MANPREFIX}/man/man1/
${INSTALL_MAN} man/man1/coturn.1 ${DESTDIR}${MANPREFIX}/man/man1/
${INSTALL_STATIC_LIB} lib/libturnclient.a ${DESTDIR}${LIBDIR}
${INSTALL_DATA} LICENSE ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} README.turnserver ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} README.turnadmin ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} README.turnutils ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} INSTALL ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} postinstall.txt ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} turndb/schema.sql ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} turndb/schema.sql ${DESTDIR}${SCHEMADIR}
${INSTALL_DATA} turndb/schema.mongo.sh ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} turndb/schema.mongo.sh ${DESTDIR}${SCHEMADIR}
${INSTALL_DATA} turndb/testredisdbsetup.sh ${DESTDIR}${SCHEMADIR}
${INSTALL_DATA} turndb/testmongosetup.sh ${DESTDIR}${SCHEMADIR}
${INSTALL_DATA} turndb/testsqldbsetup.sql ${DESTDIR}${SCHEMADIR}
${INSTALL_DATA} turndb/schema.userdb.redis ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} turndb/schema.userdb.redis ${DESTDIR}${SCHEMADIR}
${INSTALL_DATA} turndb/schema.stats.redis ${DESTDIR}${DOCSDIR}
${INSTALL_DATA} turndb/schema.stats.redis ${DESTDIR}${SCHEMADIR}
if [ -f sqlite/turndb ] ; then ${INSTALL_DATA} sqlite/turndb ${DESTDIR}${TURNDBDIR}/turndb; fi
${INSTALL_DATA} examples/etc/turnserver.conf ${DESTDIR}${CONFDIR}/turnserver.conf.default
${INSTALL_DIR} examples/etc ${DESTDIR}${EXAMPLESDIR}
${INSTALL_DIR} examples/scripts ${DESTDIR}${EXAMPLESDIR}
${RMCMD} ${DESTDIR}${EXAMPLESDIR}/scripts/rfc5769.sh
${INSTALL_DIR} include/turn/client ${DESTDIR}${TURNINCLUDEDIR}
${INSTALL_DATA} include/turn/ns_turn_defs.h ${DESTDIR}${TURNINCLUDEDIR}
${MORECMD} ${DESTDIR}${DOCSDIR}/postinstall.txt
deinstall: ${MAKE_DEPS}
${PKILL_PROGRAM} turnserver || ${ECHO_CMD} OK
${RMCMD} ${DESTDIR}${TURNDBDIR}/turndb
${RMCMD} ${DESTDIR}${DOCSDIR}
${RMCMD} ${DESTDIR}${SCHEMADIR}
${RMCMD} ${DESTDIR}${BINDIR}/turnserver
${RMCMD} ${DESTDIR}${BINDIR}/turnadmin
${RMCMD} ${DESTDIR}${BINDIR}/turnutils_peer
${RMCMD} ${DESTDIR}${BINDIR}/turnutils_uclient
${RMCMD} ${DESTDIR}${BINDIR}/turnutils_stunclient
${RMCMD} ${DESTDIR}${MANPREFIX}/man/man1/turnserver.1
${RMCMD} ${DESTDIR}${MANPREFIX}/man/man1/turnadmin.1
${RMCMD} ${DESTDIR}${MANPREFIX}/man/man1/turnutils.1
${RMCMD} ${DESTDIR}${MANPREFIX}/man/man1/turnutils_uclient.1
${RMCMD} ${DESTDIR}${MANPREFIX}/man/man1/turnutils_stunclient.1
${RMCMD} ${DESTDIR}${MANPREFIX}/man/man1/turnutils_peer.1
${RMCMD} ${DESTDIR}${MANPREFIX}/man/man1/coturn.1
${RMCMD} ${DESTDIR}${LIBDIR}/libturnclient.a
${RMCMD} ${DESTDIR}${EXAMPLESDIR}
${RMCMD} ${DESTDIR}${CONFDIR}/turnserver.conf.default
${RMCMD} ${DESTDIR}${TURNINCLUDEDIR}
uninstall: deinstall
reinstall: deinstall install

2
NOTE
View File

@ -1,2 +0,0 @@
This project is active in Google code: http://code.google.com/p/coturn/

119
README.md
View File

@ -1,119 +0,0 @@
**_This project evolved from rfc5766-turn-server project (https://code.google.com/p/rfc5766-turn-server/). There are many new advanced TURN specs which are going far beyond the original RFC 5766 document. This project takes the code of rfc5766-turn-server as the starter, and adds new advanced features to it._**
# Free open source implementation of TURN and STUN Server #
The TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server and gateway, too.
On-line management interface (over telnet or over HTTPS) for the TURN server is available.
The implementation also includes some extra experimental features.
Supported RFCs:
TURN specs:
* RFC 5766 - base TURN specs
* RFC 6062 - TCP relaying TURN extension
* RFC 6156 - IPv6 extension for TURN
* RFC 7443 - ALPN support for STUN & TURN
* DTLS support (http://tools.ietf.org/html/draft-petithuguenin-tram-turn-dtls-00).
* Mobile ICE (MICE) support (http://tools.ietf.org/html/draft-wing-tram-turn-mobility-02).
* TURN REST API (http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00)
* Origin field in TURN (Multi-tenant TURN Server) (https://tools.ietf.org/html/draft-ietf-tram-stun-origin-05)
* TURN Bandwidth draft specs (http://tools.ietf.org/html/draft-thomson-tram-turn-bandwidth-01)
* TURN-bis (with dual allocation) draft specs (http://tools.ietf.org/html/draft-ietf-tram-turnbis-04)
* Third-party authorization support (http://tools.ietf.org/html/draft-ietf-tram-turn-third-party-authz-16).
STUN specs:
* RFC 3489 - "classic" STUN
* RFC 5389 - base "new" STUN specs
* RFC 5769 - test vectors for STUN protocol testing
* RFC 5780 - NAT behavior discovery support
* RFC 7443 - ALPN support for STUN & TURN
Supported ICE and related specs:
* RFC 5245 - ICE
* RFC 5768 ICESIP
* RFC 6336 ICEIANA Registry
* RFC 6544 ICETCP
* RFC 5928 - TURN Resolution Mechanism
The implementation fully supports the following client-to-TURN-server protocols:
* UDP (per RFC 5766)
* TCP (per RFC 5766 and RFC 6062)
* TLS (per RFC 5766 and RFC 6062): SSL3/TLS1.0/TLS1.1/TLS1.2; ECDHE is supported.
* DTLS (http://tools.ietf.org/html/draft-petithuguenin-tram-turn-dtls-00): DTLS versions 1.0 and 1.2.
* SCTP (experimental implementation).
Supported relay protocols:
* UDP (per RFC 5766)
* TCP (per RFC 6062)
Supported user databases (for user repository, with passwords or keys, if authentication is required):
* SQLite
* MySQL
* PostgreSQL
* Redis
* MongoDB
Redis can also be used for status and statistics storage and notification.
Supported message integrity digest algorithms:
* HMAC-SHA1, with MD5-hashed keys (as required by STUN and TURN standards)
Supported TURN authentication mechanisms:
* 'classic' long-term credentials mechanism;
* TURN REST API (a modification of the long-term mechanism, for time-limited secret-based authentication, for WebRTC applications: http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00);
* experimental third-party oAuth-based client authorization option;
When used as a part of an ICE solution, for VoIP connectivity, this TURN server can handle thousands simultaneous calls per CPU (when TURN protocol is used) or tens of thousands calls when only STUN protocol is used. For virtually unlimited scalability a load balancing scheme can be used. The load balancing can be implemented with the following tools (either one or a combination of them):
* DNS SRV based load balancing;
* built-in 300 ALTERNATE-SERVER mechanism (requires 300 response support by the TURN client);
* network load-balancer server.
Traffic bandwidth limitation and congestion avoidance algorithms implemented.
The supported project target platforms are:
* Linux (Debian, Ubuntu, Mint, CentOS, Fedora, Redhat, Amazon Linux, Arch Linux, OpenSUSE)
* BSD (FreeBSD, NetBSD, OpenBSD, DragonFlyBSD)
* Solaris 11
* Mac OS X
* Cygwin (for non-production R&D purposes)
Other server platforms can be supported by request.
Any client platform is supported, including Android, iOS, Linux, OS X, Windows, and Windows Phone.
This project can be successfully used on other `*NIX` platforms, too, but that is not officially supported.
The implementation is supposed to be simple, easy to install and configure. The project focuses on performance, scalability and simplicity. The aim is to provide an enterprise-grade TURN solution.
To achieve high performance and scalability, the TURN server is implemented with the following features:
* High-performance industrial-strength Network IO engine libevent2 is used
* Configurable multi-threading model implemented to allow full usage of available CPU resources (if OS allows multi-threading)
* Multiple listening and relay addresses can be configured
* Efficient memory model used
* The TURN project code can be used in a custom proprietary networking environment. In the TURN server code, an abstract networking API is used. Only couple files in the project have to be re-written to plug-in the TURN server into a proprietary environment. With this project, only implementation for standard UNIX Networking/IO API is provided, but the user can implement any other environment. The TURN server code was originally developed for a high-performance proprietary corporate environment, then adopted for UNIX Networking API
* The TURN server works as a user space process, without imposing any special requirements on the system
To download the TURN Server software, the client messaging library and the test programs, click the tab "Downloads".
Contact information:
https://groups.google.com/forum/#!forum/turn-server-project-rfc5766-turn-server
email:mom040267@gmail.com
### Feedback is very welcome (bugs, issues, suggestions, stories, questions). ###
### Volunteers are welcome, too. ###

254
README.turnadmin
View File

@ -1,254 +0,0 @@
GENERAL INFORMATION
turnadmin is a TURN administration tool. This tool can be used to manage
the user accounts (add/remove users, generate
TURN keys for the users). For security reasons, we do not recommend
storing passwords openly. The better option is to use pre-processed "keys"
which are then used for authentication. These keys are generated by turnadmin.
Turnadmin is a link to turnserver binary, but turnadmin performs different
functions.
Options note: turnadmin has long and short option names, for most options.
Some options have only long form, some options have only short form. Their syntax
somewhat different, if an argument is required:
The short form must be used as this (for example):
$ turnadmin -u <username> ...
The long form equivalent must use the "=" character:
$ turnadmin --user=<username> ...
If this is a flag option (no argument required) then their usage are the same, for example:
$ turnadmin -k ...
is equivalent to:
$ turnadmin --key ...
You have always the use the -r <realm> option with commands for long term credentials -
because data for multiple realms can be stored in the same database.
=====================================
NAME
turnadmin - a TURN relay administration tool.
SYNOPSIS
$ turnadmin [command] [options]
$ turnadmin [ -h | --help]
DESCRIPTION
Commands:
-P, --generate-encrypted-password Generate and print to the standard
output an encrypted form of a password (for web admin user or CLI).
The value then can be used as a safe key for the password
storage on disk or in the database. Every invocation for the same password
produces a different result. The for mat of the encrypted password is:
$5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 characters,
the sha256 output is 64 characters. Character 5 is the algorithm id (sha256).
Only sha256 is supported as the hash function.
-k, --key Generate key for a long-term credentials mechanism user.
-a, --add Add or update a long-term user.
-A, --add-admin Add or update an admin user.
-d, --delete Delete a long-term user.
-D, --delete-admin Delete an admin user.
-l, --list List long-term users in the database.
-L, --list-admin List admin users in the database.
-s, --set-secret=<value> Add shared secret for TURN RESP API
-S, --show-secret Show stored shared secrets for TURN REST API
-X, --delete-secret=<value> Delete a shared secret.
--delete-all_secrets Delete all shared secrets for REST API.
-O, --add-origin Add origin-to-realm relation.
-R, --del-origin Delete origin-to-realm relation.
-I, --list-origins List origin-to-realm relations.
-g, --set-realm-option Set realm params: max-bps, total-quota, user-quota.
-G, --list-realm-options List realm params.
Options with required values:
-b, --db, --userdb SQLite user database file name (default - /var/db/turndb or
/usr/local/var/db/turndb or /var/lib/turn/turndb).
See the same option in the turnserver section.
-e, --psql-userdb PostgreSQL user database connection string.
See the --psql-userdb option in the turnserver section.
-M, --mysql-userdb MySQL user database connection string.
See the --mysql-userdb option in the turnserver section.
-J, --mongo-userdb MongoDB user database connection string.
See the --mysql-mongo option in the turnserver section.
-N, --redis-userdb Redis user database connection string.
See the --redis-userdb option in the turnserver section.
-u, --user User name.
-r, --realm Realm.
-p, --password Password.
-o, --origin Origin
--max-bps Set value of realm's max-bps parameter.
--total-quota Set value of realm's total-quota parameter.
--user-quota Set value of realm's user-quota parameter.
-h, --help Help.
Command examples:
Generate an encrypted form of a password:
$ turnadmin -P -p <password>
Generate a key:
$ turnadmin -k -u <username> -r <realm> -p <password>
Add/update a user in the in the database:
$ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm> -p <password>
Delete a user from the database:
$ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm>
List all long-term users in MySQL database:
$ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>
List all admin users in Redis database:
$ turnadmin -L --redis-userdb="<db-connection-string>"
Set secret in MySQL database:
$ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r <realm>
Show secret stored in PostgreSQL database:
$ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>
Set origin-to-realm relation in MySQL database:
$ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <origin>
Delete origin-to-realm relation from Redis DB:
$ turnadmin --redis-userdb="<db-connection-string>" -o <origin>
List all origin-to-realm relations in Redis DB:
$ turnadmin --redis-userdb="<db-connection-string>" -I
List the origin-to-realm relations in PostgreSQL DB for a single realm:
$ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>
Help:
$ turnadmin -h
=======================================
DOCS
After installation, run the command:
$ man turnadmin
or in the project root directory:
$ man -M man turnadmin
to see the man page.
=====================================
FILES
/etc/turnserver.conf
/var/db/turndb
/usr/local/var/db/turndb
/var/lib/turn/turndb
/usr/local/etc/turnserver.conf
=====================================
DIRECTORIES
/usr/local/share/turnserver
/usr/local/share/doc/turnserver
/usr/local/share/examples/turnserver
======================================
SEE ALSO
turnserver, turnutils
======================================
WEB RESOURCES
project page:
http://code.google.com/p/coturn/
Wiki page:
http://code.google.com/p/coturn/wiki/Readme
forum:
https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766-turn-server/
======================================
AUTHORS
Oleg Moskalenko <mom040267@gmail.com>
Gabor Kovesdan http://kovesdan.org/
Daniel Pocock http://danielpocock.com/
John Selbie (jselbie@gmail.com)
Lee Sylvester <lee@designrealm.co.uk>
Erik Johnston <erikj@openmarket.com>
Roman Lisagor <roman@demonware.net>
Vladimir Tsanev <tsachev@gmail.com>
Po-sheng Lin <personlin118@gmail.com>
Peter Dunkley <peter.dunkley@acision.com>
Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
Federico Pinna <fpinna@vivocha.com>
Bradley T. Hughes <bradleythughes@fastmail.fm>

952
README.turnserver
View File

@ -1,952 +0,0 @@
GENERAL INFORMATION
The TURN Server project contains the source code of a TURN server and TURN client
messaging library. Also, some extra programs provided, for testing-only
purposes.
See the INSTALL file for the building instructions.
After the build, you will have the following binary images:
1. turnserver: TURN Server relay.
The compiled binary image of the TURN Server program is located in bin/ sub-directory.
2. turnadmin: TURN administration tool. See README.turnadmin and turnadmin man page.
3. turnutils_uclient. See README.turnutils and turnutils man page.
4. turnutils_peer. See README.turnutils and turnutils man page.
5. turnutils_stunclient. See README.turnutils and turnutils man page.
6. turnutils_rfc5769check. See README.turnutils and turnutils man page.
In the "examples/scripts" sub-directory, you will find the examples of command lines to be used
to run the programs. The scripts are meant to be run from examples/ sub-directory, for example:
$ cd examples
$ ./scripts/secure_relay.sh
RUNNING THE TURN SERVER
Options note: turnserver has long and short option names, for most options.
Some options have only long form, some options have only short form. Their syntax
somewhat different, if an argument is required:
The short form must be used as this (for example):
$ turnserver -L 12.34.56.78
The long form equivalent must use the "=" character:
$ turnserver --listening-ip=12.34.56.78
If this is a flag option (no argument required) then their usage are the same, for example:
$ turnserver -a
is equivalent to:
$ turnserver --lt-cred-mech
=====================================
NAME
turnserver - a TURN relay server implementation.
SYNOPSIS
$ turnserver [-n | -c <config-file> ] [flags] [ --userdb=<userdb-file> | --psql-userdb=<db-conn-string> | --mysql-userdb=<db-conn-string> | --mongo-userdb=<db-conn-string> | --redis-userdb=<db-conn-string> ] [-z | --no-auth | -a | --lt-cred-mech ] [options]
$ turnserver -h
DESCRIPTION
Config file settings:
-n Do not use configuration file, use only command line parameters.
-c Configuration file name (default - turnserver.conf).
The format of config file can be seen in
the supplied examples/etc/turnserver.conf example file. Long
names of the options are used as the configuration
items names in the file. If not an absolute path is supplied,
then the file is searched in the following directories:
* current directory
* current directory etc/ sub-directory
* upper directory level etc/
* /etc/
* /usr/local/etc/
* installation directory /etc
User database settings:
-b, --db, --userdb SQLite user database file name (default - /var/db/turndb or
/usr/local/var/db/turndb or /var/lib/turn/turndb).
-e, --psql-userdb User database connection string for PostgreSQL.
This database can be used for long-term credentials mechanism,
and it can store the secret value
for secret-based timed authentication in TURN RESP API.
The connection string format is like that:
"host=<host> dbname=<dbname> user=<db-user> password=<db-user-password> connect_timeout=<seconds>"
(for 8.x or newer Postgres).
Or:
"postgresql://username:password@hostname:port/databasename"
(for 9.x or newer Postgres).
See the INSTALL file for more explanations and examples.
Also, see http://www.PostgreSQL.org for full PostgreSQL documentation.
-M, --mysql-userdb User database connection string for MySQL or MariaDB.
This database can be used for long-term credentials mechanism,
and it can store the secret value for
secret-based timed authentication in TURN RESP API.
The connection string format is like that:
"host=<host> dbname=<dbname> user=<db-user> password=<db-user-password> connect_timeout=<seconds>"
See the INSTALL file for more explanations and examples.
Also, see http://www.mysql.org or http://mariadb.org
for full MySQL documentation.
Optional connection string parameters for the secure communications (SSL):
ca, capath, cert, key, cipher
(see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
command options description).
-J, --mongo-userdb User database connection string for MongoDB.
This database can be used for long-term credentials mechanism,
and it can store the secret value
for secret-based timed authentication in TURN RESP API.
The connection string format is like that:
"mongodb://username:password@host:port/database?options"
See the INSTALL file for more explanations and examples.
Also, see http://docs.mongodb.org/manual/
for full MongoDB documentation.
-N, --redis-userdb User database connection string for Redis.
This database can be used for long-term credentials mechanism,
and it can store the secret
value for secret-based timed authentication in TURN RESP API.
The connection string format is like that:
"ip=<ip-addr> dbname=<db-number> password=<db-password> connect_timeout=<seconds>"
See the INSTALL file for more explanations and examples.
Also, see http://redis.io for full Redis documentation.
Flags:
-v, --verbose Moderate verbose mode.
-V, --Verbose Extra verbose mode, very annoying and not recommended.
-o, --daemon Run server as daemon.
-f, --fingerprint Use fingerprints in the TURN messages. If an incoming request
contains a fingerprint, then TURN server will always add
fingerprints to the messages in this session, regardless of the
per-server setting.
-a, --lt-cred-mech Use long-term credentials mechanism (this one you need for WebRTC usage).
-z, --no-auth Do not use any credentials mechanism, allow anonymous access.
Opposite to -a and -A options. This is default option when no
authentication-related options are set.
By default, no credential mechanism is used -
any user is allowed.
--use-auth-secret TURN REST API flag.
Flag that sets a special WebRTC authorization option
that is based upon authentication secret. The feature purpose
is to support "TURN Server REST API" as described in
the TURN REST API section below.
This option uses timestamp as part of combined username:
usercombo -> "timestamp:username",
turn user -> usercombo,
turn password -> base64(hmac(input_buffer = usercombo, key = shared-secret)).
This allows TURN credentials to be accounted for a specific user id.
If you don't have a suitable id, the timestamp alone can be used.
This option is just turns on secret-based authentication.
The actual value of the secret is defined either by option static-auth-secret,
or can be found in the turn_secret table in the database.
--oauth Support oAuth authentication, as in the third-party TURN specs document.
--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 1066.
--dh2066 Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
--no-sslv3 Do not allow SSLv3 protocol.
--no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.
--no-tlsv1_1 Do not allow TLSv1.1 protocol.
--no-tlsv1_2 Do not allow TLSv1.2/DTLSv1.2 protocol.
--no-udp Do not start UDP client listeners.
--no-tcp Do not start TCP client listeners.
--no-tls Do not start TLS client listeners.
--no-dtls Do not start DTLS client listeners.
--no-udp-relay Do not allow UDP relay endpoints defined in RFC 5766,
use only TCP relay endpoints as defined in RFC 6062.
--no-tcp-relay Do not allow TCP relay endpoints defined in RFC 6062,
use only UDP relay endpoints as defined in RFC 5766.
--stale-nonce Use extra security with nonce value having limited lifetime (600 secs).
--no-stdout-log Flag to prevent stdout log messages.
By default, all log messages are going to both stdout and to
the configured log file. With this option everything will be going to
the log file only (unless the log file itself is stdout).
--syslog With this flag, all log will be redirected to the system log (syslog).
--simple-log This flag means that no log file rollover will be used, and the log file
name will be constructed as-is, without PID and date appendage.
This option can be used, for example, together with the logrotate tool.
--secure-stun Require authentication of the STUN Binding request.
By default, the clients are allowed anonymous access to the STUN Binding functionality.
-S, --stun-only Run as STUN server only, all TURN requests will be ignored.
Option to suppress TURN functionality, only STUN requests will be processed.
--no-stun Run as TURN server only, all STUN requests will be ignored.
Option to suppress STUN functionality, only TURN requests will be processed.
--no-loopback-peers Disallow peers on the loopback addresses (127.x.x.x and ::1).
--no-multicast-peers Disallow peers on well-known broadcast addresses
(224.0.0.0 and above, and FFXX:*).
--mobility Mobility with ICE (MICE) specs support.
--no-cli Turn OFF the CLI support. By default it is always ON.
See also options --cli-ip and --cli-port.
--server-relay Server relay. NON-STANDARD AND DANGEROUS OPTION.
Only for those applications when we want to run
server applications on the relay endpoints.
This option eliminates the IP permissions check
on the packets incoming to the relay endpoints.
See http://tools.ietf.org/search/rfc5766#section-17.2.3 .
--udp-self-balance (recommended for older Linuxes only)
Automatically balance UDP traffic over auxiliary servers
(if configured). The load balancing is using the
ALTERNATE-SERVER mechanism. The TURN client must support
300 ALTERNATE-SERVER response for this functionality.
--check-origin-consistency The flag that sets the origin consistency
check: across the session, all requests must have the same
main ORIGIN attribute value (if the ORIGIN was
initially used by the session).
-h Help.
Options with required values:
-d, --listening-device Listener interface device.
(NOT RECOMMENDED. Optional functionality, Linux only).
The turnserver process must have root privileges to bind the
listening endpoint to a device. If turnserver must run as a
process without root privileges, then just do not use this setting.
-L, --listening-ip Listener IP address of relay server.
Multiple listeners can be specified, for example:
-L ip1 -L ip2 -L ip3
If no IP(s) specified, then all IPv4 and
IPv6 system IPs will be used for listening.
The same ip(s) can be used as both listening and relay ip(s).
-p, --listening-port TURN listener port for UDP and TCP listeners (Default: 3478).
Note: actually, TLS & DTLS sessions can connect to the "plain" TCP & UDP
port(s), too - if allowed by configuration.
--tls-listening-port TURN listener port for TLS and DTLS listeners (Default: 5349).
Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
port(s), too - if allowed by configuration. The TURN server
"automatically" recognizes the type of traffic. Actually, two listening
endpoints (the "plain" one and the "tls" one) are equivalent in terms of
functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
For secure TCP connections, we currently support SSL version 3 and
TLS versions 1.0, 1.1, 1.2.
For secure UDP connections, we support DTLS version 1.
--alt-listening-port Alternative listening port for UDP and TCP listeners;
default (or zero) value means "listening port plus one".
This is needed for STUN CHANGE_REQUEST - in RFC 5780 sense
or in old RFC 3489 sense - for NAT behavior discovery). The TURN Server
supports CHANGE_REQUEST only if it is started with more than one
listening IP address of the same family (IPv4 or IPv6). The CHANGE_REQUEST
is only supported by UDP protocol, other protocols are listening
on that endpoint only for "symmetry".
--alt-tls-listening-port Alternative listening port for TLS and DTLS protocols.
Default (or zero) value means "TLS listening port plus one".
--aux-server Auxiliary STUN/TURN server listening endpoint.
Aux servers have almost full TURN and STUN functionality.
The (minor) limitations are:
1) Auxiliary servers do not have alternative ports and
they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
There may be multiple aux-server options, each will be used for listening
to client requests.
-i, --relay-device Relay interface device for relay sockets
(NOT RECOMMENDED. Optional, Linux only).
-E, --relay-ip Relay address (the local IP address that
will be used to relay the packets to the
peer). Multiple relay addresses may be used:
-E ip1 -E ip2 -E ip3
The same IP(s) can be used as both listening IP(s) and relay IP(s).
If no relay IP(s) specified, then the turnserver will apply the
default policy: it will decide itself which relay addresses to be
used, and it will always be using the client socket IP address as
the relay IP address of the TURN session (if the requested relay
address family is the same as the family of the client socket).
-X, --external-ip TURN Server public/private address mapping, if the server is behind NAT.
In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
as relay IP address of all allocations. This scenario works only in a simple case
when one single relay address is be used, and no CHANGE_REQUEST functionality is
required. That single relay address must be mapped by NAT to the 'external' IP.
The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
For that 'external' IP, NAT must forward ports directly (relayed port 12345
must be always mapped to the same 'external' port 12345).
In more complex case when more than one IP address is involved,
that option must be used several times, each entry must
have form "-X <public-ip/private-ip>", to map all involved addresses.
CHANGE_REQUEST (RFC5780 or RFC3489) NAT discovery STUN functionality will work
correctly, if the addresses are mapped properly, even when the TURN server itself
is behind A NAT.
By default, this value is empty, and no address mapping is used.
-m, --relay-threads Number of the relay threads to handle the established connections
(in addition to authentication thread and the listener thread).
If explicitly set to 0 then application runs relay process in a single thread,
in the same thread with the listener process (the authentication thread will
still be a separate thread). If not set, then a default optimal algorithm
will be employed (OS-dependent). In the older Linux systems
(before Linux kernel 3.9), the number of UDP threads is always one threads
per network listening endpoint - unless "-m 0" or "-m 1" is set.
--min-port Lower bound of the UDP port range for relay
endpoints allocation.
Default value is 49152, according to RFC 5766.
--max-port Upper bound of the UDP port range for relay
endpoints allocation.
Default value is 65535, according to RFC 5766.
-u, --user Long-term security mechanism credentials user account,
in the column-separated form username:key.
Multiple user accounts may used in the command line.
The key is either the user password, or
the key is generated
by turnadmin command. In the second case,
the key must be prepended with 0x symbols.
The key is calculated over the user name,
the user realm, and the user password.
This setting may not be used with TURN REST API.
-r, --realm The default realm to be used for the users when no explicit
origin/realm relationship was found in the database, or if the TURN
server is not using any database (just the commands-line settings
and the userdb file). Must be used with long-term credentials
mechanism or with TURN REST API.
-C, --rest-api-separator This is the timestamp/username separator symbol
(character) in TURN REST API. The default value is :.
-q, --user-quota Per-user allocations quota: how many concurrent
allocations a user can create. This option can also be set
through the database, for a particular realm.
-Q, --total-quota Total allocations quota: global limit on concurrent allocations.
This option can also be set through the database, for a particular realm.
-s, --max-bps Max bytes-per-second bandwidth a TURN session is allowed to handle
(input and output network streams are treated separately). Anything above
that limit will be dropped or temporary suppressed (within the
available buffer limits). This option can also be set through the
database, for a particular realm.
-B, --bps-capacity Maximum server capacity.
Total bytes-per-second bandwidth the TURN server is allowed to allocate
for the sessions, combined (input and output network streams are treated
separately).
--static-auth-secret Static authentication secret value (a string) for TURN REST API only.
If not set, then the turn server will try to use the dynamic value
in turn_secret table in user database (if present). The database-stored
value can be changed on-the-fly by a separate program, so this is why
that other mode is dynamic. Multiple shared secrets can be used
(both in the database and in the "static" fashion).
--server-name Server name used for
the oAuth authentication purposes.
The default value is the realm name.
--cert Certificate file, PEM format. Same file
search rules applied as for the configuration
file. If both --no-tls and --no-dtls options
are specified, then this parameter is not needed.
Default value is turn_server_cert.pem.
--pkey Private key file, PEM format. Same file
search rules applied as for the configuration
file. If both --no-tls and --no-dtls options
are specified, then this parameter is not needed.
Default value is turn_server_pkey.pem.
--pkey-pwd If the private key file is encrypted, then this password to be used.
--cipher-list Allowed OpenSSL cipher list for TLS/DTLS connections.
Default value is "DEFAULT".
--CA-file CA file in OpenSSL format.
Forces TURN server to verify the client SSL certificates.
By default, no CA is set and no client certificate check is performed.
--ec-curve-name Curve name for EC ciphers, if supported by OpenSSL
library (TLS and DTLS). The default value is prime256v1,
if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
an optimal curve will be automatically calculated, if not defined
by this option.
--dh-file Use custom DH TLS key, stored in PEM format in the file.
Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
-l, --log-file Option to set the full path name of the log file.
By default, the turnserver tries to open a log file in
/var/log/turnserver, /var/log, /var/tmp, /tmp and . (current)
directories (which file open operation succeeds
first that file will be used). With this option you can set the
definite log file name.
The special names are "stdout" and "-" - they will force everything
to the stdout. Also, "syslog" name will redirect everything into
the system log (syslog), as if the option "--syslog" was set.
In the runtime, the logfile can be reset with the SIGHUP signal
to the turnserver process.
--alternate-server Option to set the "redirection" mode. The value of this option
will be the address of the alternate server for UDP & TCP service in form of
<ip>[:<port>]. The server will send this value in the attribute
ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
Client will receive only values with the same address family
as the client network endpoint address family.
See RFC 5389 and RFC 5766 for ALTERNATE-SERVER functionality description.
The client must use the obtained value for subsequent TURN communications.
If more than one --alternate-server options are provided, then the functionality
can be more accurately described as "load-balancing" than a mere "redirection".
If the port number is omitted, then the default port
number 3478 for the UDP/TCP protocols will be used.
Colon (:) characters in IPv6 addresses may conflict with the syntax of
the option. To alleviate this conflict, literal IPv6 addresses are enclosed
in square brackets in such resource identifiers, for example:
[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
Multiple alternate servers can be set. They will be used in the
round-robin manner. All servers in the pool are considered of equal weight and
the load will be distributed equally. For example, if we have 4 alternate servers,
then each server will receive 25% of ALLOCATE requests. An alternate TURN server
address can be used more than one time with the alternate-server option, so this
can emulate "weighting" of the servers.
--tls-alternate-server Option to set alternative server for TLS & DTLS services in form of
<ip>:<port>. If the port number is omitted, then the default port
number 5349 for the TLS/DTLS protocols will be used. See the
previous option for the functionality description.
-O, --redis-statsdb Redis status and statistics database connection string, if used (default - empty,
no Redis stats DB used). This database keeps allocations status information, and it can
be also used for publishing and delivering traffic and allocation event notifications.
This database option can be used independently of --redis-userdb option,
and actually Redis can be used for status/statistics and SQLite or MySQL or MongoDB or
PostgreSQL can be used for the user database.
The connection string has the same parameters as redis-userdb connection string.
--max-allocate-timeout Max time, in seconds, allowed for full allocation establishment.
Default is 60 seconds.
--denied-peer-ip=<IPaddr[-IPaddr]>
--allowed-peer-ip=<IPaddr[-IPaddr]> Options to ban or allow specific ip addresses or ranges
of ip addresses. If an ip address is specified as both allowed and denied, then
the ip address is considered to be allowed. This is useful when you wish to ban
a range of ip addresses, except for a few specific ips within that range.
This can be used when you do not want users of the turn server to be able to access
machines reachable by the turn server, but would otherwise be unreachable from the
internet (e.g. when the turn server is sitting behind a NAT). The 'white" and "black" peer
IP ranges can also be dynamically changed in the database.
The allowed/denied addresses (white/black lists) rules are very simple:
1) If there is no rule for an address, then it is allowed;
2) If there is an "allowed" rule that fits the address then it is allowed - no matter what;
3) If there is no "allowed" rule that fits the address, and if there is a "denied" rule that
fits the address, then it is denied.
--pidfile File name to store the pid of the process.
Default is /var/run/turnserver.pid (if superuser account is used) or
/var/tmp/turnserver.pid .
--proc-user User name to run the process. After the initialization, the turnserver process
will make an attempt to change the current user ID to that user.
--proc-group Group name to run the process. After the initialization, the turnserver process
will make an attempt to change the current group ID to that group.
--cli-ip Local system IP address to be used for CLI management interface.
The turnserver process can be accessed for management with telnet,
at this IP address and on the CLI port (see the next parameter).
Default value is 127.0.0.1. You can use telnet or putty (in telnet mode)
to access the CLI management interface.
--cli-port CLI management interface listening port. Default is 5766.
--cli-password CLI access password. Default is empty (no password).
For the security reasons, it is recommended to use the encrypted
form of the password (see the -P command in the turnadmin
utility). The dollar signs in the encrypted form must be escaped.
--cli-max-output-sessions Maximum number of output sessions in ps CLI command.
This value can be changed on-the-fly in CLI. The default value is 256.
--ne=[1|2|3] Set network engine type for the process (for internal purposes).
==================================
LOAD BALANCE AND PERFORMANCE TUNING
This topic is covered in the wiki page:
http://code.google.com/p/coturn/wiki/turn_performance_and_load_balance
===================================
WEBRTC USAGE
This is a set of notes for the WebRTC users:
1) WebRTC uses long-term authentication mechanism, so you have to use -a
option (or --lt-cred-mech). WebRTC relaying will not work with anonymous
access. With -a option, do not forget to set the
default realm (-r option). You will also have to set up the user accounts,
for that you have a number of options:
a) command-line options (-u).
b) a database table (SQLite or PostgreSQL or MySQL or MongoDB). You will have to
set keys with turnadmin utility (see docs and wiki for turnadmin).
You cannot use open passwords in the database.
c) Redis key/value pair(s), if Redis is used. You key use either keys or
open passwords with Redis; see turndb/testredisdbsetup.sh file.
d) You also can use the TURN REST API. You will need shared secret(s) set
either through the command line option, or through the config file, or through
the database table or Redis key/value pairs.
2) Usually WebRTC uses fingerprinting (-f).
3) -v option may be nice to see the connected clients.
4) -X is needed if you are running your TURN server behind a NAT.
5) --min-port and --max-port may be needed if you want to limit the relay endpoints ports
number range.
===================================
TURN REST API
In WebRTC, the browser obtains the TURN connection information from the web
server. This information is a secure information - because it contains the
necessary TURN credentials. As these credentials are transmitted over the
public networks, we have a potential security breach.
If we have to transmit a valuable information over the public network,
then this information has to have a limited lifetime. Then the guy who
obtains this information without permission will be able to perform
only limited damage.
This is how the idea of TURN REST API - time-limited TURN credentials -
appeared. This security mechanism is based upon the long-term credentials
mechanism. The main idea of the REST API is that the web server provides
the credentials to the client, but those credentials can be used only
limited time by an application that has to create a TURN server connection.
The "classic" long-term credentials mechanism (LTCM) is described here:
http://tools.ietf.org/html/rfc5389#section-10.2
http://tools.ietf.org/html/rfc5389#section-15.4
For authentication, each user must know two things: the username and the
password. Optionally, the user must supply the ORIGIN value, so that the
server can figure out the realm to be used for the user. The nonce and
the realm values are supplied by the TURN server. But LTCM is not saying
anything about the nature and about the persistence of the username and
of the password; and this is used by the REST API.
In the TURN REST API, there is no persistent passwords for users. A user has
just the username. The password is always temporary, and it is generated by
the web server on-demand, when the user accesses the WebRTC page. And,
actually, a temporary one-time session only, username is provided to the user,
too.
The temporary user is generated as:
temporary-username="timestamp" + ":" + "username"
where username is the persistent user name, and the timestamp format is just
seconds sinse 1970 - the same value as time(NULL) function returns.
The temporary password is obtained as HMAC-SHA1 function over the temporary
username, with shared secret as the HMAC key, and then the result is encoded:
temporary-password = base64_encode(hmac-sha1(shared-secret, temporary-username))
Both the TURN server and the web server know the same shared secret. How the
shared secret is distributed among the involved entities is left to the WebRTC
deployment details - this is beyond the scope of the TURN REST API.
So, a timestamp is used for the temporary password calculation, and this
timestamp can be retrieved from the temporary username. This information
is valuable, but only temporary, while the timestamp is not expired. Without
knowledge of the shared secret, a new temporary password cannot be generated.
This is all formally described in Justin's Uberti TURN REST API document
that can be obtained following the link "TURN REST API" in the TURN Server
project's page http://code.google.com/p/coturn/.
Once the temporary username and password are obtained by the client (browser)
application, then the rest is just 'classic" long-term credentials mechanism.
For developers, we are going to describe it step-by-step below:
- a new TURN client sends a request command to the TURN server. Optionally,
it adds the ORIGIN field to it.
- TURN server sees that this is a new client and the message is not
authenticated.
- the TURN server generates a random nonce string, and return the
error 401 to the client, with nonce and realm included. If the ORIGIN
field was present in the client request, it may affect the realm value
that the server chooses for the client.
- the client sees the 401 error and it extracts two values from
the error response: the nonce and the realm.
- the client uses username, realm and password to produce a key:
key = MD5(username ":" realm ":" SASLprep(password))
(SASLprep is described here: http://tools.ietf.org/html/rfc4013)
- the client forms a new request, adds username, realm and nonce to the
request. Then, the client calculates and adds the integrity field to
the request. This is the trickiest part of the process, and it is
described in the end of section 15.4:
http://tools.ietf.org/html/rfc5389#section-15.4
- the client, optionally, adds the fingerprint field. This may be also
a tricky procedure, described in section 15.5 of the same document.
WebRTC usually uses fingerprinted TURN messages.
- the TURN server receives the request, reads the username.
- then the TURN server checks that the nonce and the realm in the request
are the valid ones.
- then the TURN server calculates the key.
- then the TURN server calculates the integrity field.
- then the TURN server compares the calculated integrity field with the
received one - they must be the same. If the integrity fields differ,
then the request is rejected.
In subsequent communications, the client may go with exactly the same
sequence, but for optimization usually the client, having already
information about realm and nonce, pre-calculates the integrity string
for each request, so that the 401 error response becomes unnecessary.
The TURN server may use "--stale-nonce" option for extra security: in
some time, the nonce expires and the client will obtain 438 error response
with the new nonce, and the client will have to start using the new nonce.
In subsequent communications, the sever and the client will always assume
the same password - the original password becomes the session parameter and
is never expiring. So the password is not changing while the session is valid
and unexpired. So, if the session is properly maintained, it may go forever,
even if the user password has been already changed (in the database). The
session simply is using the old password. Once the session got disconnected,
the client will have to use the new password to re-connect (if the password
has been changed).
An example when a new shared secret is generated every hour by the TURN server
box and then supplied to the web server, remotely, is provided in the script
examples/scripts/restapi/shared_secret_maintainer.pl .
A very important thing is that the nonce must be totally random and it must be
different for different clients and different sessions.
===================================
DATABASES
For the user database, the turnserver has the following options:
1) Users can be set in the command line, with multiple -u or --user options.
Obviously, only a few users can be set that way, and their credentials are fixed
for the turnserver process lifetime.
2) Users can be stored in SQLite DB. The default SQLite database file is /var/db/turndb
or /usr/local/var/db/turndb or /var/lib/turn/turndb.
3) Users can be stored in PostgreSQL database, if the turnserver was compiled with PostgreSQL
support. Each time turnserver checks user credentials, it reads the database (asynchronously,
of course, so that the current flow of packets is not delayed in any way), so any change in the
database content is immediately visible by the turnserver. This is the way if you need the
best scalability. The schema for the database can be found in schema.sql file.
For long-term credentials, you have to set the "keys" for the users; the "keys" are generated
by the turnadmin utility. For the key generation, you need username, password and the realm.
All users in the database must use the same realm value; if down the road you will decide
to change the realm name, then you will have to re-generate all user keys (that can be done
in a batch script). See the file turndb/testsqldbsetup.sql as an example.
4) The same is true for MySQL database. The same schema file is applicable.
The same considerations are applicable.
5) The same is true for the Redis database, but the Redis database has aa different schema -
it can be found (in the form of explanation) in schema.userdb.redis.
Also, in Redis you can store both "keys" and open passwords (for long term credentials) -
the "open password" option is less secure but more convenient for low-security environments.
See the file turndb/testredisdbsetup.sh as an example.
6) If a database is used, then users can be divided into multiple independent realms. Each realm
can be administered separately, and each realm can have its own set of users and its own
performance options (max-bps, user-quota, total-quota).
7) If you use MongoDB, the database will be setup for you automatically.
8) Of course, the turnserver can be used in non-secure mode, when users are allowed to establish
sessions anonymously. But in most cases (like WebRTC) that will not work.
For the status and statistics database, there are two choices:
1) The simplest choice is not to use it. Do not set --redis-statsdb option, and this functionality
will be simply ignored.
2) If you choose to use it, then set the --redis-statsdb option. This may be the same database
as in --redis-userdb option, or it may be a different database. You may want to use different
database for security or convenience reasons. Also, you can use different database management
systems for the user database and for the ststus and statistics database. For example, you can use
MySQL as the user database, and you can use redis for the statistics. Or you can use Redis for both.
So, we have 6 choices for the user management, and 2 choices for the statistics management. These
two are totally independent. So, you have overall 6*2=12 ways to handle persistent information,
choose any for your convenience.
You do not have to handle the database information "manually" - the turnadmin program can handle
everything for you. For PostgreSQL and MySQL you will just have to create an empty database
with schema.sql SQL script. With Redis, you do not have to do even that - just run turnadmin and
it will set the users for you (see the turnadmin manuals). If you are using SQLite, then the
turnserver or turnadmin will initialize the empty database, for you, when started. The
TURN server installation process creates an empty initialized SQLite database in the default
location (/var/db/turndb or /usr/local/var/db/turndb or /var/lib/turn/turndb, depending on the system).
=================================
ALPN
The server supports ALPNs "stun.turn" and "stun.nat-discovery", when
compiled with OpenSSL 1.0.2 or newer. If the server receives a TLS/DTLS
ClientHello message that contains one or both of those ALPNs, then the
server chooses the first stun.* label and sends it back (in the ServerHello)
in the ALPN extension field. If no stun.* label is found, then the server
does not include the ALPN information into the ServerHello.
=================================
LIBRARIES
In the lib/ sub-directory the build process will create TURN client messaging library.
In the include/ sub-directory, the necessary include files will be placed.
The C++ wrapper for the messaging functionality is located in TurnMsgLib.h header.
An example of C++ code can be found in stunclient.c file.
=================================
DOCS
After installation, run the command:
$ man turnserver
or in the project root directory:
$ man -M man turnserver
to see the man page.
In the docs/html subdirectory of the original archive tree, you will find the client library
reference. After the installation, it will be placed in PREFIX/share/doc/turnserver/html.
=================================
LOGS
When the TURN Server starts, it makes efforts to create a log file turn_<pid>.log
in the following directories:
* /var/log
* /log/
* /var/tmp
* /tmp
* current directory
If all efforts failed (due to the system permission settings) then all
log messages are sent only to the standard output of the process.
This behavior can be controlled by --log-file, --syslog and --no-stdout-log
options.
=================================
HTTPS MANAGEMENT INTERFACE
The turnserver process provides an HTTPS Web access as statistics and basic
management interface. The turnserver listens to incoming HTTPS admin
connections on the same ports as the main TURN/STUN listener. The Web admin
pages are basic and self-explanatory.
To make the HTTPS interface active, the database table admin_user must be
populated with the admin user account(s). An admin user can be a superuser
(if not assigned to a particular realm) or a restricted user (if assigned to
a realm). The restricted admin users can perform only limited actions, within
their corresponding realms.
=================================
TELNET CLI
The turnserver process provides a telnet CLI access as statistics and basic management
interface. By default, the turnserver starts a telnet CLI listener on IP 127.0.0.1 and
port 5766. That can be changed by the command-cline options of the turnserver process
(see --cli-ip and --cli-port options). The full list of telnet CLI commands is provided
in "help" command output in the telnet CLI.
=================================
CLUSTERS
TURN Server can be a part of the cluster installation. But, to support the "even port" functionality
(RTP/RTCP streams pairs) the client requests from a particular IP must be delivered to the same
TURN Server instance, so it requires some networking setup massaging for the cluster. The reason is that
the RTP and RTCP relaying endpoints must be allocated on the same relay IP. It would be possible
to design a scheme with the application-level requests forwarding (and we may do that later) but
it would affect the performance.
=================================
FILES
/etc/turnserver.conf
/var/db/turndb
/usr/local/var/db/turndb
/var/lib/turn/turndb
/usr/local/etc/turnserver.conf
=================================
DIRECTORIES
/usr/local/share/turnserver
/usr/local/share/doc/turnserver
/usr/local/share/examples/turnserver
=================================
STANDARDS
obsolete STUN RFC 3489
new STUN RFC 5389
TURN RFC 5766
TURN-TCP extension RFC 6062
TURN IPv6 extension RFC 6156
STUN/TURN test vectors RFC 5769
STUN NAT behavior discovery RFC 5780
=================================
SEE ALSO
turnadmin, turnutils
======================================
WEB RESOURCES
project page:
http://code.google.com/p/coturn/
Wiki page:
http://code.google.com/p/coturn/wiki/Readme
forum:
https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766-turn-server
======================================
AUTHORS
Oleg Moskalenko <mom040267@gmail.com>
Gabor Kovesdan http://kovesdan.org/
Daniel Pocock http://danielpocock.com/
John Selbie (jselbie@gmail.com)
Lee Sylvester <lee@designrealm.co.uk>
Erik Johnston <erikj@openmarket.com>
Roman Lisagor <roman@demonware.net>
Vladimir Tsanev <tsachev@gmail.com>
Po-sheng Lin <personlin118@gmail.com>
Peter Dunkley <peter.dunkley@acision.com>
Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
Federico Pinna <fpinna@vivocha.com>
Bradley T. Hughes <bradleythughes@fastmail.fm>

334
README.turnutils
View File

@ -1,334 +0,0 @@
GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used
for testing and for setting up the TURN server.
1. turnutils_uclient: emulates multiple UDP,TCP,TLS or DTLS clients.
(this program is provided for the testing purposes only !)
The compiled binary image of this program is located in bin/
sub-directory.
2. turnutils_peer: a simple stateless UDP-only "echo" server,
to be used as the final server in relay pattern ("peer"). For every incoming
UDP packet, it simply echoes it back.
(this program is provided for the testing purposes only !)
When the test clients are communicating in the client-to-client manner
(when the "turnutils_uclient" program is used with "-y" option) then the
turnutils_peer is not needed.
The compiled binary image of this program is located in bin/ subdirectory.
3. turnutils_stunclient: a simple STUN client example.
The compiled binary image of this program is located in bin/ subdirectory.
4. turnutils_rfc5769check: a utility that checks the correctness of the
STUN/TURN protocol implementation. This utility is used only for the compilation
check procedure, it is not copied to the installation destination.
In the "examples/scripts" subdirectory, you will find the examples of command lines to be used
to run the programs. The scripts are meant to be run from examples/ subdirectory, for example:
$ cd examples
$ ./scripts/secure_relay.sh
=====================================
NAME
turnutils_uclient - this client emulation application is supplied for the test purposes only.
SYNOPSIS
$ turnutils_uclient [-tTSvsyhcxg] [options] <TURN-Server-IP-address>
DESCRIPTION
It was designed to simulate multiple clients. It uses asynch IO API in
libevent to handle multiple clients. A client connects to the relay,
negotiates the session, and sends multiple (configured number) messages to the server (relay),
expecting the same number of replies. The length of the messages is configurable.
The message is an arbitrary octet stream.
The number of the messages to send is configurable.
Flags:
-t Use TCP for communications between client and TURN server (default is UDP).
-b Use SCTP for communications between client and TURN server (default is UDP).
-T Use TCP for the relay transport (default - UDP). Implies options -t, -y, -c,
and ignores flags and options -s, -e, -r and -g. Can be used together
with -b.
-P Passive TCP (RFC6062 with active peer). Implies -T.
-S Secure SSL connection: SSL/TLS for TCP, DTLS for UDP, TLS/SCTP for SCTP.
-U Secure unencrypted connection (suite eNULL): SSL/TLS for TCP, DTLS for UDP.
-v Verbose.
-s Use "Send" method in TURN; by default, it uses TURN Channels.
-y Use client-to-client connections:
RTP/RTCP pair of channels to another RTP/RTCP pair of channels.
with this option the turnutils_peer application is not used,
as the allocated relay endpoints are talking to each other.
-h Hang on indefinitely after the last sent packet.
-c Do not create rtcp connections.
-x Request IPv6 relay address (RFC6156).
-X IPv4 relay address explicitly requested.
-g Set DONT_FRAGMENT parameter in TURN requests.
-D Do mandatory channel padding even for UDP (like pjnath).
-N do negative tests (some limited cases only).
-R do negative protocol tests.
-O DOS attack mode.
-M Use TURN ICE Mobility.
-I Do not set permissions on TURN relay endpoints
(for testing the non-standard server relay functionality).
-G Generate extra requests (create permissions, channel bind).
-B Random disconnect after a few initial packets.
-Z Dual allocation (SSODA). Implies -c option.
-J Use oAuth with default test key kid='north'.
Options with required values:
-l Message length (Default: 100 Bytes).
-i Certificate file (for secure connections only, optional).
-k Private key file (for secure connections only).
-E CA file for server certificate verification,
if the server certificate to be verified.
-p TURN Server port (Defaults: 3478 unsecure, 5349 secure).
-n Number of messages to send (Default: 5).
-d Local interface device (optional, Linux only).
-L Local IP address (optional).
-m Number of clients (Default: 1, 2 or 4, depending on options).
-e Peer address.
-r Peer port (Default: 3480).
-z Per-session packet interval in milliseconds (Default: 20).
-u STUN/TURN user name.
-w STUN/TURN user password.
-W TURN REST API authentication secret. Is not compatible with -A flag.
-C This is the timestamp/username separator symbol (character) in
TURN REST API. The default value is :.
-F Cipher suite for TLS/DTLS. Default value is DEFAULT.
-o the ORIGIN STUN attribute value.
-a Bandwidth for the bandwidth request in ALLOCATE. The default value is zero.
See the examples in the "examples/scripts" directory.
======================================
NAME
turnutils_peer - a simple UDP-only echo backend server.
SYNOPSYS
$ turnutils_peer [-v] [options]
DESCRIPTION
This application is used for the test purposes only, as a peer for the turnutils_uclient application.
Options with required values:
-p Listening UDP port (Default: 3480).
-d Listening interface device (optional)
-L Listening address of turnutils_peer server. Multiple listening addresses can be used, IPv4 and IPv6.
If no listener address(es) defined, then it listens on all IPv4 and IPv6 addresses.
-v Verbose
========================================
NAME
turnutils_stunclient - a basic STUN client.
SYNOPSIS
$ turnutils_stunclient [options] <STUN-Server-IP-address>
DESCRIPTION
It sends a "new" STUN RFC 5389 request (over UDP) and shows the reply information.
Options with required values:
-p STUN server port (Default: 3478).
-L Local address to use (optional).
-f Force RFC 5780 processing.
The turnutils_stunclient program checks the results of the first request,
and if it finds that the STUN server supports RFC 5780
(the binding response reveals that) then the turnutils_stunclient makes a couple more
requests with different parameters, to demonstrate the NAT discovery capabilities.
This utility does not support the "old" "classic" STUN protocol (RFC 3489).
=====================================
NAME
turnutils_rfc5769check - a utility that tests the correctness of STUN protocol implementation.
SYNOPSIS
$ turnutils_rfc5769check
DESCRIPTION
turnutils_rfc5769check tests the correctness of STUN protocol implementation
against the test vectors predefined in RFC 5769 and prints the results of the
tests on the screen. This utility is used only for the compilation
check procedure, it is not copied to the installation destination.
Usage:
$ turnutils_rfc5769check
===================================
DOCS
After installation, run the command:
$ man turnutils
or in the project root directory:
$ man -M man turnutils
to see the man page.
=====================================
FILES
/etc/turnserver.conf
/var/db/turndb
/usr/local/var/db/turndb
/var/lib/turn/turndb
/usr/local/etc/turnserver.conf
=================================
DIRECTORIES
/usr/local/share/turnserver
/usr/local/share/doc/turnserver
/usr/local/share/examples/turnserver
===================================
STANDARDS
new STUN RFC 5389
TURN RFC 5766
TURN-TCP extension RFC 6062
TURN IPv6 extension RFC 6156
STUN/TURN test vectors RFC 5769
STUN NAT behavior discovery RFC 5780
====================================
SEE ALSO
turnserver, turnadmin
======================================
WEB RESOURCES
project page:
http://code.google.com/p/coturn/
Wiki page:
http://code.google.com/p/coturn/wiki/Readme
forum:
https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766-turn-server/
======================================
AUTHORS
Oleg Moskalenko <mom040267@gmail.com>
Gabor Kovesdan http://kovesdan.org/
Daniel Pocock http://danielpocock.com/
John Selbie (jselbie@gmail.com)
Lee Sylvester <lee@designrealm.co.uk>
Erik Johnston <erikj@openmarket.com>
Roman Lisagor <roman@demonware.net>
Vladimir Tsanev <tsachev@gmail.com>
Po-sheng Lin <personlin118@gmail.com>
Peter Dunkley <peter.dunkley@acision.com>
Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
Federico Pinna <fpinna@vivocha.com>
Bradley T. Hughes <bradleythughes@fastmail.fm>

128
STATUS
View File

@ -1,128 +0,0 @@
Currently implemented functionality:
1) RFC5389 (new STUN protocol) full server and client
implementations. We do not maintain strict compatibility
with the obsolete RFC 3489 "old STUN" protocol.
2) RFC5766 TURN protocol full server and client
implementations. We support file-based long term
user credentials, for now. We added experimental DTLS
protocol, too.
3) RFC6156 TURN IPv6 extension.
4) We support the following client-to-server
network transports for TURN messages:
a) UDP
b) TCP
c) TLS
d) DTLS
5) Performance tested.
6) Torture and stability tests.
7) Multiple *NIX platforms tested and supported.
8) TTL field handling implemented for all platforms, preferred behavior in RFC5766.
9) TOS (DiffServ and ECN) field handling (preferred behavior of RFC 5766) implemented,
for Linux. Other platforms support the alternative behavior of RFC 5766.
10) DF field alternative behavior of RFC 5766 implemented.
11) Bandwidth limitation per session implemented.
12) RFC 5769 test vectors implemented (where applicable).
13) RFC 5780 STUN extension: NAT behavior discovery.
14) C++ mapping implemented.
15) RFC 6062 TCP relaying implemented.
16) Users can be stored in PostgreSQL database.
17) Users can be stored in MySQL database.
18) TURN Server REST API implemented.
19) Short-term credentials mechanism implemented.
20) Simple load-balancing with ALTERNATE-SERVER implemented.
21) Redis database support added.
22) RFC3489 backward compatibility.
23) Multithreaded TCP relay processing (UDP relay has been
multithreaded from the beginning).
24) Networking engine 2.0 implemented, with more scalable approach
to the UDP sockets handling.
25) DOS attack prevention logic added to the server; DOS attack client
emulation implemented.
26) Linux UDP sockets workaround added to counter RFC 1122 behavior.
27) DTLS sockets re-implemented for better scalability and for Cygwin
compatibility.
28) A number of TLS/DTLS improvements added: multiple protocols support, certificate check option.
29) SHA256 support added (experimental).
30) UDP network engine optimized for the new Linux kernels (3.9+).
31) ICE Mobility draft implemented (experimental).
32) CLI implemented.
33) DH and EC TLS ciphers added.
34) HTTP "keep alive" request supported.
35) Optimized (for thousands and more sessions) timers implementation.
36) TCP network engine optimized for the new Linux kernels (3.9+).
37) telnet-based monitor implemented.
38) Package memory copy eliminated in traffic routing.
39) Congestion avoidance implemented, for all protocols.
40) Coturn project forked from rfc5766-turn-server.
41) Multi-tenant server implemented (ORIGIN support).
42) Bandwidth draft support added.
43) MongoDB support added.
44) Double (dual) allocation added (SSODA draft).
45) Secure MySQL connection implemented.
46) Third-party security mechanism (through oAuth) implemented.
47) SQLite support added as default database.
48) DTLS1.2 supported.
49) ALPN stun.turn and stun.nat-discovery supported.
50) SSLv2 support cancelled.
51) The short-term credentials server-side support cancelled (still
supported in the client library).
52) Web HTTPS admin interface implemented.
53) SHA384 and SHA512 support added (experimental).
54) native SCTP experimental support.
Things to be implemented in future (the development roadmap)
are described in the TODO file.

100
TODO
View File

@ -1,100 +0,0 @@
==================================================================
### I. PLATFORMS SUPPORT ###
==================================================================
1) Fedora official package.
2) MS Windows support.
Cygwin is supported. A "real" MS-Windows port would
involve a usable GUI.
==================================================================
### II. DOCS ###
==================================================================
1) User's manual.
2) Developer's manual.
==================================================================
### III. NETWORK ENGINE ###
==================================================================
1) Kernel module for data channels.
==================================================================
### IV. PERFORMANCE OPTIMIZATION ###
==================================================================
1) A smarter load balancer has to be implemented.
The load balancer has to have a heartbeat channels with
the slave servers, currently it is only just a dumb
round-robin load distributor.
==================================================================
### V. SECURITY ###
==================================================================
1) EC curve new features in OpenSSL 1.0.2
==================================================================
### VI. STANDARDS SUPPORT ###
==================================================================
1) For extra difficult NAT/FWs, consider implementing Websockets.
2) Redirect draft.
3) STUN-bis: new integrity attribute, algorithms.
4) Third-party authorization updates.
==================================================================
### VII. MISC FEATURES ###
==================================================================
1) Locale support (?).
Currently we assume that all text data is 8-bits ASCII
encoded, like C locale. It would be nice to support localized
strings (both 8-bits and 2-bytes). But I am not sure
whether this is really important, given the essentially
backend nature of the TURN Server. The TURN server is so
deeply "hidden" in the network infrastructure that the
significant code complication may be unjustified.
2) Traffic recording (for selected allocations).
That would be a helpful feature for a large enterprise
(for testing and security purposes).
3) Ganglia monitoring.
4) Key exchange mechanism for oAuth.
==================================================================
### VIII. CODING STUFF ###
==================================================================
1) Peer app for TCP relay.
==================================================================

1263
configure vendored
View File

File diff suppressed because it is too large Load Diff

23
examples/etc/turn_client_cert.pem
View File

@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDzjCCArYCCQD3YHhln4EqhDANBgkqhkiG9w0BAQUFADCBpzELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxKzApBgNVBAoT
IlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3QxFDASBgNVBAsTC2Rl
dmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAy
NjdAZ21haWwuY29tMCAXDTEyMTEyNzAwNDEwNVoYDzIxMTIxMTAzMDA0MTA1WjCB
pzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3Jl
ZWsxKzApBgNVBAoTIlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3Qx
FDASBgNVBAsTC2RldmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcN
AQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEosxFd
dEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40pwcm
BJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PBXinM
gtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKAqDYd
FY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1skOXF
Vm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
AQAhXgGdXXf0dMPdkfl4jv4dqFNSmax6wmeNc+oJC9qIFVDLsdAaAWXZ+pZHYIMR
UN8mQobsIZdfPQ0gs8CgUwrKziAjA92y2Q/I7vsg83qRLhysGC5etYMD/wlySDDS
AJKraevDPTEdmfNstCblubNG2PIeqV1isWtPMqB2dMsCeyzJXVyfD0QcABzFv4Fs
MMy7JI7MsctNh1tjV/0TsddDMeMLs22rix5fS8MZ6uunFzIuJ0MshFNehXFuvz0B
uNmn0k7djUm3h+2Avs3YGCo/8GtqHapc/lva/9gT+iEW0e7i0Ru5Jhar66VMzJqv
+wEhQafC77d3vWHtXQU8dYmM
-----END CERTIFICATE-----

27
examples/etc/turn_client_pkey.pem
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEo
sxFddEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40
pwcmBJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PB
XinMgtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKA
qDYdFY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1s
kOXFVm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABAoIBAH5ITN8FZEe10gws
qUrkcRD2h3aI/gMyetzGz45UUERmfq17xvY5M1eA884kNmbowoMhfoO9hqBSOYkA
Ndh9p5he5L+GLeyRlDi9WEFQ4iqCnC2uEEW/bMBAcVIhcvkGOT4ROiOPDRlsuaUh
v7cxe2OeYZVra7L1vJzC+eVYyNBN5CgK8w08MPEkupQS9+Jvr0QWCikRz187cG45
EiDMrBKyJNE9lY6u4P8gJ+/NgaASWP/D3kbsjiQ2OwSGLrwDAvWC7Bx2GK3/0goA
btp7YGaWvp+mE5V91cOW+PfweC5Do4MjOr4ToNkczW0AxKE5o94yo56h+II5bX6N
z65VvtkCgYEA/Sq/3S2yup/Oodzj003KG4skWYFrj7KXeXgm7RZcpNwkd8JaFXJ/
Cwl7/3bkRv6RHLmXX/2hcNWlxq3u6Efs1EjtycdArU68kO01vLdExJYIzHKmHikV
n+T4hukxGDzObxn3lH1KcOodh/x572Uufn79dewoZCPzH8t/jiMOWGcCgYEA4JfN
66Kq/oDookqenM9Ij5l6zeeNwzMjIlkU2eG0DAH0KdsBN/hTGGGRQVBk03YREQmK
crEhGAZxzfrX5fK11UVG3C2pqAtrVe6FuD32vFUpP1MO0ftSA889NoEwGdNZV4pV
Mk0+6xVCNOatj2inMXlQq5s68WfCzkiWD7uLCv8CgYBcwuYsF4tuYBGpMzNzAAS2
1OPLu+T6cPiZdFHm+xOVAGiITPkO9LXiCGabsydvb+UhvkrdzCP0IQQt6RsplvkK
y3H9RfnHxprHC3NuI0SaN1Mf/j4pvOoEfTQm0pi/hcAp6zzQ9ptpBg8t/W98LPm9
NbCPHamrD5UMqFajcOrXrwKBgD8D2M8IcRm/aYY/kYlFz4Ia+g3Trj7alj0I6YTI
gw/rbGph/FGL5ySsG2lL+T4rnlY9aw8LC9IF3OCCRRlLpCEWsu8MENIJgjA2IGa1
XAkzi8MstrfL4BMZjn9AeBKG7kZVldnrOoATEuRs5L2cC20iMLQ1dbBOAKaITzJS
2IxZAoGBAKqwr/uennxJrnMtpjLBgcphoU3aXJZvzzDqlOaqzJp6Xmbese4sDEe0
hvVHreigDzOnGnqL/vSjTDWaLqS/O1iE7p+UrGIkZj/Zl6Jk54OX6AHmWE2LhdlU
FYgIQKX7fuocpF1Dpe7xEeVwvdp+UqbDzHQg1CWGe1cBPYDYIkSH
-----END RSA PRIVATE KEY-----

22
examples/etc/turn_server_cert.pem
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDsDCCApgCCQCmgrJCiQlGOTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoT
E1RVUk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYD
VQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMCAX
DTEyMTEyNTA4MjAxNloYDzIxMTIxMTAxMDgyMDE2WjCBmDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoTE1RV
Uk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYDVQQD
EwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+l
JI/GwlVzdzQ3+F4clMQDR1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJ
d2DUFADkF+7I674XwX8U2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj
9yPkqnO0c3ko1/OzIQCcs09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZE
psCztA+KCCoiJf7NenOvVhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLe
IcopqSbg9CRIKe1HOL8YTvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQAB
MA0GCSqGSIb3DQEBBQUAA4IBAQATbrBOLV4e8Qmsby9+srxXsdbNc60PmDZ4WiZ1
IElfWmzM7wGXm9sJg1PX/7T24R1tbwZGLIhZnkhecG372GChULZJ9Pdjh0Ab2nK5
LRKHXTpjp/xOJvx0JMCIIyRnGZT1nABPOk8uEjNW8PaU6yhQ4f5nKaSOgYGRCln6
dcy5vylCsyD9Q7GXs0KOC38XD+Ycv6VLX4zKJ2Yum50Wt643nLjG9RlGT3FXWJ1K
HUbPC5TO6bcYLdiTjaYr+X8xC/x6h/Ngdo/16w7fRmQQ4uS+TVXrg8ITmI71KX/I
m7C9jbsubwzrhW84oZXYf+o/0ATtEAhiVLnHifKCCYikqfVj
-----END CERTIFICATE-----

27
examples/etc/turn_server_pkey.pem
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+lJI/GwlVzdzQ3+F4clMQD
R1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJd2DUFADkF+7I674XwX8U
2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj9yPkqnO0c3ko1/OzIQCc
s09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZEpsCztA+KCCoiJf7NenOv
VhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLeIcopqSbg9CRIKe1HOL8Y
TvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQABAoIBADUPHCXUyKLCwKFH
NEf27sGZxX71H+NfaseioLT/3/8DDyagncfDB7I4OL2YEKC8YScpD3xv1n59BFcZ
oRtDzW+1AkVpm+VRCWYAWSXHFhkuJ6WKaVr9UOeMHStqQCcktP/kLKqU6s9UJDnM
pOHNPVzBjl+jHxHs/gGyxuKxSH2Anwkrzpiv5j0obKFnw3QtAqeZRs1NlvPtYt2S
eihZWr8r8LqylPk9ga9MYmO79Yr+EPVaqd6bmz4MpZJ4/7LEjx03Q6azdMCPhFNY
cYzPIDZFEj81Zj/tqA2MU/uTTUUrcXint4dHRJs34m5N68PV1Y1XhhH6FG0+X711
ZymudoECgYEA/ChS5zmmOoLoaq2441+PzQbDP45qR6+G4slHwC8RDZhsYw0hQnp9
n44Qagpt74J4FjxT20BdE714DZP32IqagUwatWRQ+z3UoGafkJSNc5JSEogwZ65C
nC8RI1pPHLEvE8IzBJiqUA1kbMOMfTYW694wdN9JVZang05/AXaJzm8CgYEAwpJ8
nJRR9JFweHRrRgnrVk0Qi+ABbN9T/nhPXYab2vjBfeBOTA1Mob0M3zMJDCnL2i+D
K1GzE6WaYHElr45j2Wfphd/rRTk74WR4BaPpTCGaAhBQNn0ufqUkKsCPEAlTU+nG
iyXP4OvdMPjEBckjbKm/mlX7m0njSHAY6SWNorsCgYEAi8Yubk3efwChpMC3hBIs
vBHLmSdwclwyAPRh+X4djdO4AQ/+J8OObytond86IVHJD0pRkW+UKKUWLzCeakIq
cxGknHgHC72yZ1d7i8FMx4uMQwmLC23lLn5ImbgtslHlLqavcRTPE6DY0hFzhtS8
z/JSGfbLx83C/V49uKnkqbECgYA6h1oYt70XdpCAi3ShcuZp5XCuwslq+JsJlyM4
nP9RFTcPKGQlGHMOzBGNKor0L7Z0gYpRg5f8tvoDPMX7UzfR9CIY9UyOXDMZD+HS
wIWzMwBi0olueqV7zy1b9uSSDFwWh+IDhXJM1GaLDqnYm7KeQ0mxoV+4TLej2KSF
rZg3dQKBgQCVrVxFV8jHBsRsH5PzMx6pUSAollmuyte9mGU1MIE7EZf+LEQIAjGZ
9jvtAILYVJXwVZv1/zNxldUfBNuWc95ft+Gg7FEN0p0uLpdYNXQUcXuJaJ9tJ1td
ZfvRcrUXdFNKYt9/yaGeHVaIQfp4W1faZD7OnII7EOVkUKyv/qNGAA==
-----END RSA PRIVATE KEY-----

623
examples/etc/turnserver.conf
View File

@ -1,623 +0,0 @@
# Coturn TURN SERVER configuration file
#
# Boolean values note: where boolean value is supposed to be used,
# you can use '0', 'off', 'no', 'false', 'f' as 'false,
# and you can use '1', 'on', 'yes', 'true', 't' as 'true'
# If the value is missed, then it means 'true'.
#
# Listener interface device (optional, Linux only).
# NOT RECOMMENDED.
#
#listening-device=eth0
# TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
#
#listening-port=3478
# TURN listener port for TLS (Default: 5349).
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
# port(s), too - if allowed by configuration. The TURN server
# "automatically" recognizes the type of traffic. Actually, two listening
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
# functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
# For secure TCP connections, we currently support SSL version 3 and
# TLS version 1.0, 1.1 and 1.2.
# For secure UDP connections, we support DTLS version 1.
#
#tls-listening-port=5349
# Alternative listening port for UDP and TCP listeners;
# default (or zero) value means "listening port plus one".
# This is needed for RFC 5780 support
# (STUN extension specs, NAT behavior discovery). The TURN Server
# supports RFC 5780 only if it is started with more than one
# listening IP address of the same family (IPv4 or IPv6).
# RFC 5780 is supported only by UDP protocol, other protocols
# are listening to that endpoint only for "symmetry".
#
#alt-listening-port=0
# Alternative listening port for TLS and DTLS protocols.
# Default (or zero) value means "TLS listening port plus one".
#
#alt-tls-listening-port=0
# Listener IP address of relay server. Multiple listeners can be specified.
# If no IP(s) specified in the config file or in the command line options,
# then all IPv4 and IPv6 system IPs will be used for listening.
#
#listening-ip=172.17.19.101
#listening-ip=10.207.21.238
#listening-ip=2607:f0d0:1002:51::4
# Auxiliary STUN/TURN server listening endpoint.
# Aux servers have almost full TURN and STUN functionality.
# The (minor) limitations are:
#
# 1) Auxiliary servers do not have alternative ports and
# they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
#
# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
#
# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
#
# There may be multiple aux-server options, each will be used for listening
# to client requests.
#
#aux-server=172.17.19.110:33478
#aux-server=[2607:f0d0:1002:51::4]:33478
# (recommended for older Linuxes only)
# Automatically balance UDP traffic over auxiliary servers (if configured).
# The load balancing is using the ALTERNATE-SERVER mechanism.
# The TURN client must support 300 ALTERNATE-SERVER response for this
# functionality.
#
#udp-self-balance
# Relay interface device for relay sockets (optional, Linux only).
# NOT RECOMMENDED.
#
#relay-device=eth1
# Relay address (the local IP address that will be used to relay the
# packets to the peer).
# Multiple relay addresses may be used.
# The same IP(s) can be used as both listening IP(s) and relay IP(s).
#
# If no relay IP(s) specified, then the turnserver will apply the default
# policy: it will decide itself which relay addresses to be used, and it
# will always be using the client socket IP address as the relay IP address
# of the TURN session (if the requested relay address family is the same
# as the family of the client socket).
#
#relay-ip=172.17.19.105
#relay-ip=2607:f0d0:1002:51::5
# For Amazon EC2 users:
#
# TURN Server public/private address mapping, if the server is behind NAT.
# In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
# as relay IP address of all allocations. This scenario works only in a simple case
# when one single relay address is be used, and no RFC5780 functionality is required.
# That single relay address must be mapped by NAT to the 'external' IP.
# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
# For that 'external' IP, NAT must forward ports directly (relayed port 12345
# must be always mapped to the same 'external' port 12345).
#
# In more complex case when more than one IP address is involved,
# that option must be used several times, each entry must
# have form "-X <public-ip/private-ip>", to map all involved addresses.
# RFC5780 NAT discovery STUN functionality will work correctly,
# if the addresses are mapped properly, even when the TURN server itself
# is behind A NAT.
#
# By default, this value is empty, and no address mapping is used.
#
#external-ip=60.70.80.91
#
#OR:
#
#external-ip=60.70.80.91/172.17.19.101
#external-ip=60.70.80.92/172.17.19.102
# Number of the relay threads to handle the established connections
# (in addition to authentication thread and the listener thread).
# If explicitly set to 0 then application runs relay process in a
# single thread, in the same thread with the listener process
# (the authentication thread will still be a separate thread).
#
# If this parameter is not set, then the default OS-dependent
# thread pattern algorithm will be employed. Usually the default
# algorithm is the most optimal, so you have to change this option
# only if you want to make some fine tweaks.
#
# In the older systems (Linux kernel before 3.9),
# the number of UDP threads is always one thread per network listening
# endpoint - including the auxiliary endpoints - unless 0 (zero) or
# 1 (one) value is set.
#
#relay-threads=0
# Lower and upper bounds of the UDP relay endpoints:
# (default values are 49152 and 65535)
#
#min-port=49152
#max-port=65535
# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
# By default the verbose mode is off.
#verbose
# Uncomment to run TURN server in 'extra' verbose mode.
# This mode is very annoying and produces lots of output.
# Not recommended under any normal circumstances.
#
#Verbose
# Uncomment to use fingerprints in the TURN messages.
# By default the fingerprints are off.
#
#fingerprint
# Uncomment to use long-term credential mechanism.
# By default no credentials mechanism is used (any user allowed).
#
#lt-cred-mech
# This option is opposite to lt-cred-mech.
# (TURN Server with no-auth option allows anonymous access).
# If neither option is defined, and no users are defined,
# then no-auth is default. If at least one user is defined,
# in this file or in command line or in usersdb file, then
# lt-cred-mech is default.
#
#no-auth
# TURN REST API flag.
# Flag that sets a special authorization option that is based upon authentication secret.
# This feature can be used with the long-term authentication mechanism, only.
# This feature purpose is to support "TURN Server REST API", see
# "TURN REST API" link in the project's page
# http://code.google.com/p/coturn/.
#
# This option is used with timestamp:
#
# usercombo -> "timestamp:userid"
# turn user -> usercombo
# turn password -> base64(hmac(secret key, usercombo))
#
# This allows TURN credentials to be accounted for a specific user id.
# If you don't have a suitable id, the timestamp alone can be used.
# This option is just turning on secret-based authentication.
# The actual value of the secret is defined either by option static-auth-secret,
# or can be found in the turn_secret table in the database (see below).
#
#use-auth-secret
# 'Static' authentication secret value (a string) for TURN REST API only.
# If not set, then the turn server
# will try to use the 'dynamic' value in turn_secret table
# in user database (if present). The database-stored value can be changed on-the-fly
# by a separate program, so this is why that other mode is 'dynamic'.
#
#static-auth-secret=north
# Server name used for
# the oAuth authentication purposes.
# The default value is the realm name.
#
#server-name=blackdow.carleon.gov
# Flag that allows oAuth authentication.
#
#oauth
# 'Static' user accounts for long term credentials mechanism, only.
# This option cannot be used with TURN REST API.
# 'Static' user accounts are NOT dynamically checked by the turnserver process,
# so that they can NOT be changed while the turnserver is running.
#
#user=username1:key1
#user=username2:key2
# OR:
#user=username1:password1
#user=username2:password2
#
# Keys must be generated by turnadmin utility. The key value depends
# on user name, realm, and password:
#
# Example:
# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
# ('0x' in the beginning of the key is what differentiates the key from
# password. If it has 0x then it is a key, otherwise it is a password).
#
# The corresponding user account entry in the config file will be:
#
#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
# Or, equivalently, with open clear password (less secure):
#user=ninefingers:youhavetoberealistic
#
# SQLite database file name.
#
# Default file name is /var/db/turndb or /usr/local/var/db/turndb or
# /var/lib/turn/turndb.
#
#userdb=/var/db/turndb
# PostgreSQL database connection string in the case that we are using PostgreSQL
# as the user database.
# This database can be used for long-term credential mechanism
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
# versions connection string format, see
# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
# for 9.x and newer connection string formats.
#
#psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
# MySQL database connection string in the case that we are using MySQL
# as the user database.
# This database can be used for long-term credential mechanism
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
#
# Optional connection string parameters for the secure communications (SSL):
# ca, capath, cert, key, cipher
# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
# command options description).
#
# Use string format as below (space separated parameters, all optional):
#
#mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds>"
# MongoDB database connection string in the case that we are using MongoDB
# as the user database.
# This database can be used for long-term credential mechanism
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
# Use string format is described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
#
#mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
# Redis database connection string in the case that we are using Redis
# as the user database.
# This database can be used for long-term credential mechanism
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
# Use string format as below (space separated parameters, all optional):
#
#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
# This database keeps allocations status information, and it can be also used for publishing
# and delivering traffic and allocation event notifications.
# The connection string has the same parameters as redis-userdb connection string.
# Use string format as below (space separated parameters, all optional):
#
#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
# The default realm to be used for the users when no explicit
# origin/realm relationship was found in the database, or if the TURN
# server is not using any database (just the commands-line settings
# and the userdb file). Must be used with long-term credentials
# mechanism or with TURN REST API.
#
#realm=mycompany.org
# The flag that sets the origin consistency
# check: across the session, all requests must have the same
# main ORIGIN attribute value (if the ORIGIN was
# initially used by the session).
#
#check-origin-consistency
# Per-user allocation quota.
# default value is 0 (no quota, unlimited number of sessions per user).
# This option can also be set through the database, for a particular realm.
#
#user-quota=0
# Total allocation quota.
# default value is 0 (no quota).
# This option can also be set through the database, for a particular realm.
#
#total-quota=0
# Max bytes-per-second bandwidth a TURN session is allowed to handle
# (input and output network streams are treated separately). Anything above
# that limit will be dropped or temporary suppressed (within
# the available buffer limits).
# This option can also be set through the database, for a particular realm.
#
#max-bps=0
#
# Maximum server capacity.
# Total bytes-per-second bandwidth the TURN server is allowed to allocate
# for the sessions, combined (input and output network streams are treated separately).
#
# bps-capacity=0
# Uncomment if no UDP client listener is desired.
# By default UDP client listener is always started.
#
#no-udp
# Uncomment if no TCP client listener is desired.
# By default TCP client listener is always started.
#
#no-tcp
# Uncomment if no TLS client listener is desired.
# By default TLS client listener is always started.
#
#no-tls
# Uncomment if no DTLS client listener is desired.
# By default DTLS client listener is always started.
#
#no-dtls
# Uncomment if no UDP relay endpoints are allowed.
# By default UDP relay endpoints are enabled (like in RFC 5766).
#
#no-udp-relay
# Uncomment if no TCP relay endpoints are allowed.
# By default TCP relay endpoints are enabled (like in RFC 6062).
#
#no-tcp-relay
# Uncomment if extra security is desired,
# with nonce value having limited lifetime (600 secs).
# By default, the nonce value is unique for a session,
# but it has unlimited lifetime. With this option,
# the nonce lifetime is limited to 600 seconds, after that
# the client will get 438 error and will have to re-authenticate itself.
#
#stale-nonce
# Certificate file.
# Use an absolute path or path relative to the
# configuration file.
#
#cert=/usr/local/etc/turn_server_cert.pem
# Private key file.
# Use an absolute path or path relative to the
# configuration file.
# Use PEM file format.
#
#pkey=/usr/local/etc/turn_server_pkey.pem
# Private key file password, if it is in encoded format.
# This option has no default value.
#
#pkey-pwd=...
# Allowed OpenSSL cipher list for TLS/DTLS connections.
# Default value is "DEFAULT".
#
#cipher-list="DEFAULT"
# CA file in OpenSSL format.
# Forces TURN server to verify the client SSL certificates.
# By default it is not set: there is no default value and the client
# certificate is not checked.
#
# Example:
#CA-file=/etc/ssh/id_rsa.cert
# Curve name for EC ciphers, if supported by OpenSSL
# library (TLS and DTLS). The default value is prime256v1,
# if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
# an optimal curve will be automatically calculated, if not defined
# by this option.
#
#ec-curve-name=prime256v1
# Use 566 bits predefined DH TLS key. Default size of the key is 1066.
#
#dh566
# Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
#
#dh2066
# Use custom DH TLS key, stored in PEM format in the file.
# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
#
#dh-file=<DH-PEM-file-name>
# Flag to prevent stdout log messages.
# By default, all log messages are going to both stdout and to
# the configured log file. With this option everything will be
# going to the configured log only (unless the log file itself is stdout).
#
#no-stdout-log
# Option to set the log file name.
# By default, the turnserver tries to open a log file in
# /var/log, /var/tmp, /tmp and current directories directories
# (which open operation succeeds first that file will be used).
# With this option you can set the definite log file name.
# The special names are "stdout" and "-" - they will force everything
# to the stdout. Also, the "syslog" name will force everything to
# the system log (syslog).
# In the runtime, the logfile can be reset with the SIGHUP signal
# to the turnserver process.
#
#log-file=/var/tmp/turn.log
# Option to redirect all log output into system log (syslog).
#
#syslog
# This flag means that no log file rollover will be used, and the log file
# name will be constructed as-is, without PID and date appendage.
# This option can be used, for example, together with the logrotate tool.
#
#simple-log
# Option to set the "redirection" mode. The value of this option
# will be the address of the alternate server for UDP & TCP service in form of
# <ip>[:<port>]. The server will send this value in the attribute
# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
# Client will receive only values with the same address family
# as the client network endpoint address family.
# See RFC 5389 and RFC 5766 for ALTERNATE-SERVER functionality description.
# The client must use the obtained value for subsequent TURN communications.
# If more than one --alternate-server options are provided, then the functionality
# can be more accurately described as "load-balancing" than a mere "redirection".
# If the port number is omitted, then the default port
# number 3478 for the UDP/TCP protocols will be used.
# Colon (:) characters in IPv6 addresses may conflict with the syntax of
# the option. To alleviate this conflict, literal IPv6 addresses are enclosed
# in square brackets in such resource identifiers, for example:
# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
# Multiple alternate servers can be set. They will be used in the
# round-robin manner. All servers in the pool are considered of equal weight and
# the load will be distributed equally. For example, if we have 4 alternate servers,
# then each server will receive 25% of ALLOCATE requests. A alternate TURN server
# address can be used more than one time with the alternate-server option, so this
# can emulate "weighting" of the servers.
#
# Examples:
#alternate-server=1.2.3.4:5678
#alternate-server=11.22.33.44:56789
#alternate-server=5.6.7.8
#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
# Option to set alternative server for TLS & DTLS services in form of
# <ip>:<port>. If the port number is omitted, then the default port
# number 5349 for the TLS/DTLS protocols will be used. See the previous
# option for the functionality description.
#
# Examples:
#tls-alternate-server=1.2.3.4:5678
#tls-alternate-server=11.22.33.44:56789
#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
# Option to suppress TURN functionality, only STUN requests will be processed.
# Run as STUN server only, all TURN requests will be ignored.
# By default, this option is NOT set.
#
#stun-only
# Option to suppress STUN functionality, only TURN requests will be processed.
# Run as TURN server only, all STUN requests will be ignored.
# By default, this option is NOT set.
#
#no-stun
# This is the timestamp/username separator symbol (character) in TURN REST API.
# The default value is ':'.
# rest-api-separator=:
# Flag that can be used to disallow peers on the loopback addresses (127.x.x.x and ::1).
# This is an extra security measure.
#
#no-loopback-peers
# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
# This is an extra security measure.
#
#no-multicast-peers
# Option to set the max time, in seconds, allowed for full allocation establishment.
# Default is 60 seconds.
#
#max-allocate-timeout=60
# Option to allow or ban specific ip addresses or ranges of ip addresses.
# If an ip address is specified as both allowed and denied, then the ip address is
# considered to be allowed. This is useful when you wish to ban a range of ip
# addresses, except for a few specific ips within that range.
#
# This can be used when you do not want users of the turn server to be able to access
# machines reachable by the turn server, but would otherwise be unreachable from the
# internet (e.g. when the turn server is sitting behind a NAT)
#
# Examples:
# denied-peer-ip=83.166.64.0-83.166.95.255
# allowed-peer-ip=83.166.68.45
# File name to store the pid of the process.
# Default is /var/run/turnserver.pid (if superuser account is used) or
# /var/tmp/turnserver.pid .
#
#pidfile="/var/run/turnserver.pid"
# Require authentication of the STUN Binding request.
# By default, the clients are allowed anonymous access to the STUN Binding functionality.
#
#secure-stun
# Mobility with ICE (MICE) specs support.
#
#mobility
# User name to run the process. After the initialization, the turnserver process
# will make an attempt to change the current user ID to that user.
#
#proc-user=<user-name>
# Group name to run the process. After the initialization, the turnserver process
# will make an attempt to change the current group ID to that group.
#
#proc-group=<group-name>
# Turn OFF the CLI support.
# By default it is always ON.
# See also options cli-ip and cli-port.
#
#no-cli
#Local system IP address to be used for CLI server endpoint. Default value
# is 127.0.0.1.
#
#cli-ip=127.0.0.1
# CLI server port. Default is 5766.
#
#cli-port=5766
# CLI access password. Default is empty (no password).
# For the security reasons, it is recommended to use the encrypted
# for of the password (see the -P command in the turnadmin utility).
#
# Secure form for password 'qwerty':
#
#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
#
# Or unsecure form for the same paassword:
#
#cli-password=qwerty
# Server relay. NON-STANDARD AND DANGEROUS OPTION.
# Only for those applications when we want to run
# server applications on the relay endpoints.
# This option eliminates the IP permissions check on
# the packets incoming to the relay endpoints.
#
#server-relay
# Maximum number of output sessions in ps CLI command.
# This value can be changed on-the-fly in CLI. The default value is 256.
#
#cli-max-output-sessions
# Set network engine type for the process (for internal purposes).
#
#ne=[1|2|3]
# Do not allow an SSL/TLS/DTLS version of protocol
#
#no-sslv3
#no-tlsv1
#no-tlsv1_1
#no-tlsv1_2

35
examples/scripts/basic/dos_attack.sh
View File

@ -1,35 +0,0 @@
#!/bin/sh
#
# This is an example of a script for DOS attack emulation
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
while [ 0 ] ; do
PATH=examples/bin/:../bin/:bin/:${PATH} turnutils_uclient -O -D -G -n 1 -m 12 -e 127.0.0.1 -X -g $@ ::1 &
PATH=examples/bin/:../bin/:bin/:${PATH} turnutils_uclient -O -G -n 1 -m 12 -y -s $@ 127.0.0.1 &
PATH=examples/bin/:../bin:bin/:${PATH} turnutils_uclient -O -G -t -n 1 -m 12 -e 127.0.0.1 -X -g $@ ::1 &
PATH=examples/bin/:../bin:bin/:${PATH} turnutils_uclient -O -G -T -n 1 -m 12 -y -s $@ 127.0.0.1 &
sleep 1
type killall >>/dev/null 2>>/dev/null
ER=$?
if [ ${ER} -eq 0 ] ; then
killall turnutils_uclient >>/dev/null 2>>/dev/null
else
type pkill >>/dev/null 2>>/dev/null
ER=$?
if [ ${ER} -eq 0 ] ; then
pkill turnutils_u >>/dev/null 2>>/dev/null
fi
fi
done

30
examples/scripts/basic/relay.sh
View File

@ -1,30 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# non-secure mode (when authentication is not used).
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
# Other options:
# set bandwidth limit on client session 3000000 bytes per second (--max-bps)
# use fingerprints (-f)
# use 3 relay threads (-m 3)
# use min UDP relay port 32355 and max UDP relay port 65535
# --no-tls and --no-dtls mean that we are not trying to
# --no-auth means that no authentication to be used,
# allow anonymous users.
# start TLS and DTLS services.
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="bin:../bin:../../bin:${PATH}" turnserver -v --syslog -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --no-tls --no-dtls --no-auth --db="var/db/turndb" $@

27
examples/scripts/basic/tcp_client.sh
View File

@ -1,27 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "unsecure" TURN TCP client.
# Options:
# 1) -t is present, it means that TCP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 11) -X means that IPv4 relay address is requested.
# 12) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:bin/:${PATH} turnutils_uclient -t -n 1000 -m 10 -l 3037 -e 127.0.0.1 -g -X $@ ::1

25
examples/scripts/basic/tcp_client_c2c_tcp_relay.sh
View File

@ -1,25 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "unsecure" TURN TCP client
# with TCP relay endpoints (RFC 6062).
# Options:
# 1) -T is present, it means that TCP networking is used with TCP relay endpoints.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -y means that the clients will connect to the 'neighbor' clients, no peer app will be used.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:bin/:${PATH} turnutils_uclient -T -n 1000 -m 10 -l 170 -y -g $@ ::1

29
examples/scripts/basic/udp_c2c_client.sh
View File

@ -1,29 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "unsecure" TURN UDP client,
# in client-to-client fashion (when client talks to another client
# through their corresponding allocated relayed endpoints).
# Options:
# 1) -t is absent, it means that UDP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -y means "client to client" communication pattern.
# the client calculates the peer address
# (which is the allocated relayed endpoint of the next client in array of clients).
# 8) -l 170 means that the payload size of the packets is 170 bytes
# like average audio RTP packet).
# 9) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 10) 127.0.0.1 (the last parameter) is the TURN Server IP address.
# 11) -z 5 means that we want 5 ms interval between the packets (per each session).
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:bin/:${PATH} turnutils_uclient -n 1000 -m 10 -y -l 170 -z 15 $@ 127.0.0.1

28
examples/scripts/basic/udp_client.sh
View File

@ -1,28 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "unsecure" TURN UDP client.
# Options:
# 0) -D means "mandatory padding", like pjnath does;
# 1) -t is absent, it means that UDP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 171 means that the payload size of the packets is 171 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 11) -X means that IPv4 relay address is requested.
# 12) 127.0.0.1 (the last parameter) is the TURN Server IP address. We use IPv4 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:bin/:${PATH} turnutils_uclient -D -n 1000 -m 10 -l 171 -e 127.0.0.1 -g -X $@ 127.0.0.1

38
examples/scripts/loadbalance/master_relay.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
#
# This is an example of a MASTER TURN server that distributes
# the load among several "slave" TURN servers.
#
# The TURN Server is started in
# secure mode (when authentication is used) - see option -a
# that means "use long-term credential mechanism".
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1. We use 127.0.0.1 as the relay address, too.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) "--user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee" means
# "allow user 'ninefinger' with generated key '0xbc807ee29df3c9ffa736523fb2c4e8ee' ".
# 7) "--user=gorst:hero" means "allow user 'gorst' with password 'hero' ".
# 8) "--log-file=stdout" means that all log output will go to the stdout.
# 9) "-v" means normal verbose mode (with some moderate logging).
# 10) --no-dtls and --no-tls measn that we are not using DTLS & TLS protocols here
# (for the sake of simplicity).
# 11) --alternate-server options set the "slave" servers.
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -E 127.0.0.1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee --user=gorst:hero -r north.gov --log-file=stdout -v --no-dtls --no-tls --alternate-server=127.0.0.1:3333 --alternate-server=127.0.0.1:4444 $@

37
examples/scripts/loadbalance/slave_relay_1.sh
View File

@ -1,37 +0,0 @@
#!/bin/sh
#
# This is an example of a SLAVE TURN server that accepts
# the redirected requests.
#
# The TURN Server is started in
# secure mode (when authentication is used) - see option -a
# that means "use long-term credential mechanism".
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1. We use 127.0.0.1 as the relay address, too.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 10000 and max UDP relay port 19999
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) "--user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee" means
# "allow user 'ninefinger' with generated key '0xbc807ee29df3c9ffa736523fb2c4e8ee' ".
# 7) "--user=gorst:hero" means "allow user 'gorst' with password 'hero' ".
# 8) "--log-file=stdout" means that all log output will go to the stdout.
# 9) "-v" means normal verbose mode (with some moderate logging).
# 10) --no-dtls and --no-tls measn that we are not using DTLS & TLS protocols here
# (for the sake of simplicity).
# 11) -p 3333 means that we are using UDP & TCP listening port 3333.
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -E 127.0.0.1 --max-bps=3000000 -f -m 3 --min-port=10000 --max-port=19999 --user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee --user=gorst:hero -r north.gov --log-file=stdout -v --no-dtls --no-tls -p 3333 --cli-port=5767 $@

37
examples/scripts/loadbalance/slave_relay_2.sh
View File

@ -1,37 +0,0 @@
#!/bin/sh
#
# This is an example of a SLAVE TURN server that accepts
# the redirected requests.
#
# The TURN Server is started in
# secure mode (when authentication is used) - see option -a
# that means "use long-term credential mechanism".
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1. We use 127.0.0.1 as the relay address, too.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 20000 and max UDP relay port 29999
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) "--user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee" means
# "allow user 'ninefinger' with generated key '0xbc807ee29df3c9ffa736523fb2c4e8ee' ".
# 7) "--user=gorst:hero" means "allow user 'gorst' with password 'hero' ".
# 8) "--log-file=stdout" means that all log output will go to the stdout.
# 9) "-v" means normal verbose mode (with some moderate logging).
# 10) --no-dtls and --no-tls measn that we are not using DTLS & TLS protocols here
# (for the sake of simplicity).
# 11) -p 4444 means that we are using UDP & TCP listening port 4444.
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -E 127.0.0.1 --max-bps=3000000 -f -m 3 --min-port=20000 --max-port=29999 --user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee --user=gorst:hero -r north.gov --log-file=stdout -v --no-dtls --no-tls -p 4444 --cli-port=5768 $@

29
examples/scripts/loadbalance/tcp_c2c_tcp_relay.sh
View File

@ -1,29 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN TCP client
# with the long-term credentials mechanism and with
# TCP relay endpoints (RFC 6062).
#
# Options:
#
# 1) -T is present, it means that TCP networking is used, with TCP relay endpoints (RFC 6062).
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -y means that the clients will connect to the 'neighbor' clients, no peer app will be used.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u gorst means that if the server challenges the client with
# authentication challenge, then we use account "gorst".
# 11) -w hero sets the password for the account as "hero".
# 12) 127.0.0.1 (the last parameter) is the TURN Server IP address.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -T -n 1000 -m 10 -l 170 -y -g -u gorst -w hero $@ 127.0.0.1

31
examples/scripts/loadbalance/udp_c2c.sh
View File

@ -1,31 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN UDP client
# with the long-term credentials mechanism,
# in client-to-client communication patter.
#
# Options:
#
# 1) -t is absent, it means that UDP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -y means that the clients will be connecting to each other and the peer will not be used.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u ninefingers means that if the server challenges the client with
# authentication challenge, then we use account "ninefingers".
# 11) -w youhavetoberealistic sets the password for the account as "youhavetoberealistic".
# 12) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 13) 127.0.0.1 (the last parameter) is the TURN Server IP address.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -n 1000 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y $@ 127.0.0.1

49
examples/scripts/longtermsecure/secure_dos_attack.sh
View File

@ -1,49 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a DOS attack in a
# "secure" environment
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
while [ 0 ] ; do
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -O -n 10 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -O -n 10 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -O -S -k turn_client_pkey.pem -n 10 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -O -t -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -O -T -n 10 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -O -T -S -k turn_client_pkey.pem -n 10 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -O -t -S -k turn_client_pkey.pem -n 10 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1 &
sleep 2
type killall >>/dev/null 2>>/dev/null
ER=$?
if [ ${ER} -eq 0 ] ; then
killall turnutils_uclient >>/dev/null 2>>/dev/null
fi
type pkill >>/dev/null 2>>/dev/null
ER=$?
if [ ${ER} -eq 0 ] ; then
pkill turnutils_u >>/dev/null 2>>/dev/null
pkill turnutils_uclie >>/dev/null 2>>/dev/null
pkill turnutils_uclient >>/dev/null 2>>/dev/null
else
sleep 10
fi
done

36
examples/scripts/longtermsecure/secure_dtls_client.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN DTLS client
# with the long-term credentials mechanism.
#
# Options:
#
# 1) -t is absent, it means that UDP networking is used.
# 2) -S means "SSL protocol with default encryption"
# 3) -i absent.
# 4) -k sets private key file for TLS.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer IPv4 address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u ninefingers means that if the server challenges the client with
# authentication challenge, then we use account "ninefingers".
# 11) -w youhavetoberealistic sets the password for the account.
# 12) -s option absent - that means that the client will be using
# the channel mechanism for data.
# 13) 127.0.0.1 (the last parameter) is the TURN Server IP address.
# We use IPv6 - to - IPv4 here to illustrate how the TURN Server
# converts the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -k turn_client_pkey.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic $@ 127.0.0.1

36
examples/scripts/longtermsecure/secure_dtls_client_cert.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN DTLS client
# with the long-term credentials mechanism and with certificate check.
#
# Options:
#
# 1) -t is absent, it means that UDP networking is used.
# 2) -S means "SSL protocol with default encryption"
# 3) -i sets certificate file for TLS. -R sets certificate check mode.
# -E sets CA file for certificate check.
# 4) -k sets private key file for TLS.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer IPv4 address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u bolt means that if the server challenges the client with
# authentication challenge, then we use account "bolt".
# 11) -w kwyjibo sets the password for the account.
# 12) -s option means that the client will be using "send" mechanism for data.
# 13) 127.0.0.1 (the last parameter) is the TURN Server IP address.
# We use IPv6 - to - IPv4 here to illustrate how the TURN Server
# converts the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1

35
examples/scripts/longtermsecure/secure_relay.sh
View File

@ -1,35 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure mode (when authentication is used) - see option -a
# that means "use long-term credential mechanism".
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 10 relay threads (-m 10)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) "--user=ninefingers:youhavetoberealistic" means
# "allow user 'ninefinger' with password 'youhavetoberealistic' ".
# 7) "--user=gorst:hero" means "allow user 'gorst' with password 'hero' ".
# 8) "--cert=turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) "-v" means normal verbose mode (with some moderate logging).
# 12) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -v --cipher-list=ALL --db=var/db/turndb $@

38
examples/scripts/longtermsecure/secure_relay_cert.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure mode (when authentication is used) - see option -a
# that means "use long-term credential mechanism".
#
# This script shows how to use certificate check option.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 10 relay threads (-m 10)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r bolt.co" means "use authentication realm 'bolt.co'"
# 6) "--user=ninefingers:youhavetoberealistic" means "allow user
# 'ninefinger' with password 'youhavetoberealistic'.".
# 7) "--user=bolt:kwyjibo" means "allow user 'bolt' with password 'kwyjibo' ".
# 8) "--cert=..." sets the OpenSSL certificate file name.
# 9) "--pkey=..." sets the OpenSSL private key name.
# 10) --CA-file sets the CA file for client certificate check.
# 11) "--log-file=stdout" means that all log output will go to the stdout.
# 12) "-v" means normal verbose mode (with some moderate logging).
# 13) --cipher-list="ALL:!eNULL:!aNULL:!NULL" measn "all ciphers, except anonymous".
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --db=var/db/turndb $@

34
examples/scripts/longtermsecure/secure_sctp_client.sh
View File

@ -1,34 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN TLS client
# with the long-term credentials mechanism.
#
# Options:
#
# 1) -b is present, it means that SCTP networking is used.
# 2) -S means "SSL/TLS protocol with default cipher" will be used over SCTP.
# 3) -i absent.
# 4) -k sets private key file for TLS.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u gorst means that if the server challenges the client with
# authentication challenge, then we use account "gorst".
# 11) -w hero sets the password for the account as "hero".
# 12) -s option means that the client will be using "send" mechanism for data.
# 13) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -b -S -k turn_client_pkey.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1

31
examples/scripts/longtermsecure/secure_tcp_client.sh
View File

@ -1,31 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN TCP client
# with the long-term credentials mechanism.
#
# Options:
#
# 1) -t is present, it means that TCP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u gorst means that if the server challenges the client with
# authentication challenge, then we use account "gorst".
# 11) -w hero sets the password for the account as "hero".
# 12) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 13) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -t -n 3000 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1

31
examples/scripts/longtermsecure/secure_tcp_client_c2c_tcp_relay.sh
View File

@ -1,31 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN TCP client
# with the long-term credentials mechanism and with
# TCP relay endpoints (RFC 6062).
#
# Options:
#
# 1) -T is present, it means that TCP networking is used, with TCP relay endpoints (RFC 6062).
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -y means that the clients will connect to the 'neighbor' clients, no peer app will be used.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u gorst means that if the server challenges the client with
# authentication challenge, then we use account "gorst".
# 11) -w hero sets the password for the account as "hero".
# 12) 127.0.0.1 (the last parameter) is the TURN Server IP address. We use IPv4 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -T -n 1000 -m 10 -l 170 -y -g -u gorst -w hero $@ 127.0.0.1

34
examples/scripts/longtermsecure/secure_tls_client.sh
View File

@ -1,34 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN TLS client
# with the long-term credentials mechanism.
#
# Options:
#
# 1) -t is present, it means that TCP networking is used.
# 2) -S means "SSL/TLS protocol with default cipher".
# 3) -i absent.
# 4) -k sets private key file for TLS.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u gorst means that if the server challenges the client with
# authentication challenge, then we use account "gorst".
# 11) -w hero sets the password for the account as "hero".
# 12) -s option means that the client will be using "send" mechanism for data.
# 13) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -k turn_client_pkey.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1

35
examples/scripts/longtermsecure/secure_tls_client_c2c_tcp_relay.sh
View File

@ -1,35 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN TLS client
# with the long-term credentials mechanism and with
# TCP relay endpoints (RFC 6062).
#
# Options:
#
# 1) -T is present, it means that TCP networking is used, with TCP
# relay endpoints (RFC 6062.
# 2) -S means that "secure protocol", that is TLS in the case of TCP,
# will be used between the client and the TURN Server.
# 3) -i absent.
# 4) -k sets private key file for TLS.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -y means that the clients will connect to the 'neighbor' clients, no peer app will be used.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u gorst means that if the server challenges the client with
# authentication challenge, then we use account "gorst".
# 11) -w hero sets the password for the account as "hero".
# 12) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/postgres/9.2-pgdg/lib
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -T -S -k turn_client_pkey.pem -n 1000 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1

36
examples/scripts/longtermsecure/secure_tls_client_cert.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN DTLS client
# with the long-term credentials mechanism and with certificate check.
#
# Options:
#
# 1) -t means that TCP networking is used.
# 2) -S means "SSL protocol with default encryption"
# 3) -i sets certificate file for TLS. -R sets certificate check mode.
# -E sets CA file for certificate check.
# 4) -k sets private key file for TLS.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer IPv4 address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u bolt means that if the server challenges the client with
# authentication challenge, then we use account "bolt".
# 11) -w kwyjibo sets the password for the account.
# 12) -s option means that the client will be using "send" mechanism for data.
# 13) 127.0.0.1 (the last parameter) is the TURN Server IP address.
# We use IPv6 - to - IPv4 here to illustrate how the TURN Server
# converts the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1

32
examples/scripts/longtermsecure/secure_udp_c2c.sh
View File

@ -1,32 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN UDP client
# with the long-term credentials mechanism,
# in client-to-client communication patter.
#
# Options:
#
# 1) -t is absent, it means that UDP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -y means that the clients will be connecting to each other and the peer will not be used.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u ninefingers means that if the server challenges the client with
# authentication challenge, then we use account "ninefingers".
# 11) -w youhavetoberealistic sets the password for the account as "youhavetoberealistic".
# 12) -s option is present - it means that the client will be using
# the DATA mechanism for data.
# 13) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -s -n 1000 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y $@ ::1

32
examples/scripts/longtermsecure/secure_udp_client.sh
View File

@ -1,32 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN UDP client
# with the long-term credentials mechanism.
#
# Options:
#
# 1) -t is absent, it means that UDP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u ninefingers means that if the server challenges the client with
# authentication challenge, then we use account "ninefingers".
# 11) -w youhavetoberealistic sets the password for the account as "youhavetoberealistic".
# 12) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 13) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic $@ ::1

34
examples/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh
View File

@ -1,34 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure mode with MongoDB database for users
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) --mongo-userdb="mongodb://localhost/coturn"
# means that local MongoDB database "turn" will be used.
# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 9) "--log-file=stdout" means that all log output will go to the stdout.
# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
# 11) --oauth - support oAuth security dialog
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

35
examples/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh
View File

@ -1,35 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure mode with MySQL database for users
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30"
# means that local MySQL database "coturn" will be used, with database user "turn" and
# database user password "turn", and connection timeout 30 seconds.
# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 9) "--log-file=stdout" means that all log output will go to the stdout.
# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
# 11) --oauth - support oAuth security dialog
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

36
examples/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure mode with SSL connection to a MySQL database for users
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) --mysql-userdb="host=localhost dbname=coturn user=turn password=turn cipher=DHE-RSA-AES256-SHA connect_timeout=30"
# means that local MySQL database "coturn" will be used, with database user "turn" and
# database user password "turn", and with SSL connection with cipher DHE-RSA-AES256-SHA,
# and connection timeout 30 seconds.
# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 9) "--log-file=stdout" means that all log output will go to the stdout.
# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
# 11) --oauth - support oAuth security dialog
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn cipher=DHE-RSA-AES256-SHA connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

38
examples/scripts/longtermsecuredb/secure_relay_with_db_psql.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure mode with Postgres database for users
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30"
# means that local database "coturn" will be used, with database user "turn" and database user
# password "turn".
# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 9) "--log-file=stdout" means that all log output will go to the stdout.
# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
# 11) --oauth - support oAuth security dialog
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@
# Newer PostgreSQL style connection string example:
# PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb=postgresql://turn:turn@/turn --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

38
examples/scripts/longtermsecuredb/secure_relay_with_db_redis.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure mode with Redis database for users
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30"
# means that local Redis database 0 will be used,
# database password is "turn", and connection timeout 30 seconds.
# 7) --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30"
# means that we want to use Redis for status and statistics information,
# and this will be the database number 3.
# 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
# 12) --oauth - support oAuth security dialog
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

35
examples/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh
View File

@ -1,35 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure mode with SQLite database for users
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) --db=<file-name>
# means that local database <file-name> will be used.
# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 9) "--log-file=stdout" means that all log output will go to the stdout.
# 10) --cipher-list=ALL means that we support all OpenSSL ciphers
# 11) --oauth - support oAuth security dialog
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@

36
examples/scripts/mobile/mobile_dtls_client.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN DTLS client
# with "mobile" option and the long-term credentials mechanism.
#
# Options:
#
# 1) -t is absent, it means that UDP networking is used.
# 2) -S means "SSL protocol with default encryption"
# 3) -i absent.
# 4) -k sets private key file for TLS.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer IPv4 address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u ninefingers means that if the server challenges the client with
# authentication challenge, then we use account "ninefingers".
# 11) -w youhavetoberealistic sets the password for the account.
# 12) -s option means that the client will be using "send" mechanism for data.
# 13) -M turns on the Mobile ICE TURN functionality.
# 14) 127.0.0.1 (the last parameter) is the TURN Server IP address.
# We use IPv6 - to - IPv4 here to illustrate how the TURN Server
# converts the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -k turn_client_pkey.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -s -M $@ 127.0.0.1

36
examples/scripts/mobile/mobile_relay.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This is an example how to start a "mobile" TURN Server in
# secure mode (when authentication is used) - see option -a
# that means "use long-term credential mechanism".
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 10 relay threads (-m 10)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) "-r north.gov" means "use authentication realm north.gov"
# 6) "--user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee" means
# "allow user 'ninefinger' with generated key '0xbc807ee29df3c9ffa736523fb2c4e8ee' ".
# 7) "--user=gorst:hero" means "allow user 'gorst' with password 'hero' ".
# 8) "--cert=turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) "-v" means normal verbose mode (with some moderate logging).
# 12) "--mobility" turns on the Mobile ICE TURN functionality.
# 13) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -v --mobility --cipher-list=ALL $@

32
examples/scripts/mobile/mobile_tcp_client.sh
View File

@ -1,32 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" "mobile"
# TURN TCP client with the long-term credentials mechanism.
#
# Options:
#
# 1) -t is present, it means that TCP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u gorst means that if the server challenges the client with
# authentication challenge, then we use account "gorst".
# 11) -w hero sets the password for the account as "hero".
# 12) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 13) -M turns on the Mobile ICE TURN functionality.
# 14) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -t -n 3000 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -M $@ ::1

36
examples/scripts/mobile/mobile_tls_client_c2c_tcp_relay.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN TLS client
# with "mobile" option and with the long-term credentials mechanism and with
# TCP relay endpoints (RFC 6062).
#
# Options:
#
# 1) -T is present, it means that TCP networking is used, with TCP
# relay endpoints (RFC 6062.
# 2) -S means that "secure protocol", that is TLS in the case of TCP,
# will be used between the client and the TURN Server.
# 3) -i absent.
# 4) -k sets private key file for TLS.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -y means that the clients will connect to the 'neighbor' clients, no peer app will be used.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u gorst means that if the server challenges the client with
# authentication challenge, then we use account "gorst".
# 11) -w hero sets the password for the account as "hero".
# 12) -M turns on the Mobile ICE TURN functionality.
# 13) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/postgres/9.2-pgdg/lib
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -T -S -k turn_client_pkey.pem -n 1000 -m 10 -l 170 -y -g -u gorst -w hero -M $@ ::1

33
examples/scripts/mobile/mobile_udp_client.sh
View File

@ -1,33 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN UDP client
# with "mobile" option and with the long-term credentials mechanism.
#
# Options:
#
# 1) -t is absent, it means that UDP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u ninefingers means that if the server challenges the client with
# authentication challenge, then we use account "ninefingers".
# 11) -w youhavetoberealistic sets the password for the account as "youhavetoberealistic".
# 12) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 13) -M turns on the Mobile ICE TURN functionality.
# 14) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here
# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -M $@ ::1

16
examples/scripts/peer.sh
View File

@ -1,16 +0,0 @@
#!/bin/sh
#
# This is a script for the peer application,
# for testing only purposes. It opens UDP echo-like sockets
# on IPv4 address 127.0.0.1 and IPv6 address ::1.
# The default port 3480 is used.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:bin/:../bin:${PATH} turnutils_peer -L 127.0.0.1 -L ::1 -L 0.0.0.0 $@

28
examples/scripts/readme.txt
View File

@ -1,28 +0,0 @@
This directory contains various example scripts for the TURN server
functionality illustration.
1) peer.sh starts the "peer" application that serves as a peer for all examples.
2) "basic" directory contains set of scripts which works together to demonstrate
very basic anynymous functionality of the TURN server. The "peer.sh" must be used, too.
3) "longtermsecure" directory contains set of scripts demonstrating the long-term
authentication mechanism (peer.sh to be used, too).
4) "longtermsecuredb" shows how to start TURN server with database. The clients from the
directory "longtermsecure" can be used with the relay scripts in the "longtermsecuredb"
directory. Of course, the database (SQLite, PostgreSQL, MySQL, Redis or MongoDB) must
be set for these scripts to work correctly.
5) "restapi" shows how to use TURN REST API.
6) "loadbalance" shows how to use the simple load-balancing mechanism based upon the
ALTERNATE-SERVER functionality.
7) "selfloadbalance" shows how to use the "self-load-balance" TURN server capabilities.
8) "mobile" shows the "mobile" connections - how the TURN session can change its client
address.

36
examples/scripts/restapi/secure_relay_secret.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure 'static' 'secret' mode (see TURNServerRESTAPI.pdf)
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) --use-auth-secret means that we are using 'secret' authentication mode.
# 6) --static-auth-secret=logen means that we will be using 'static' secret value.
# 7) --realm=north.gov sets realm value as "north.gov".
# 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) "-q 100" means that single user can create no more than 100 sessions
# 12) "-Q 300" means that there may be no more than 300 sessions totally
# 13) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --static-auth-secret=logen --realm=north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -q 100 -Q 300 --cipher-list=ALL $@

37
examples/scripts/restapi/secure_relay_secret_with_db_mongo.sh
View File

@ -1,37 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure 'dynamic' 'secret' mode (see TURNServerRESTAPI.pdf)
# with MongoDB database for users information
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) --use-auth-secret means that we are using 'secret' authentication mode.
# Absense of --static-auth-secret value means that we will be taking the secret value
# from the database ('dynamic' mode).
# 6) --realm=north.gov sets realm value as "north.gov".
# 7) --mongo-userdb="mongodb://localhost/coturn"
# means that local MongoDB database "coturn" will be used.
# 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

38
examples/scripts/restapi/secure_relay_secret_with_db_mysql.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure 'dynamic' 'secret' mode (see TURNServerRESTAPI.pdf)
# with MySQL database for users information
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) --use-auth-secret means that we are using 'secret' authentication mode.
# Absense of --static-auth-secret value means that we will be taking the secret value
# from the database ('dynamic' mode).
# 6) --realm=north.gov sets realm value as "north.gov".
# 7) --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30"
# means that local MySQL database "coturn" will be used, with database user "turn" and
# with database user password "turn", and connection timeout 30 seconds.
# 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

38
examples/scripts/restapi/secure_relay_secret_with_db_psql.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure 'dynamic' 'secret' mode (see TURNServerRESTAPI.pdf)
# with PostgreSQL database for users information
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) --use-auth-secret means that we are using 'secret' authentication mode.
# Absense of --static-auth-secret value means that we will be taking the secret value
# from the database ('dynamic' mode).
# 6)--realm=north.gov sets realm value as "north.gov".
# 7) --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30"
# means that local PostgreSQL database "coturn" will be used, with database user "turn" and
# with database user password "turn", and connection timeout 30 seconds.
# 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

38
examples/scripts/restapi/secure_relay_secret_with_db_redis.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure 'dynamic' 'secret' mode (see TURNServerRESTAPI.pdf)
# with Redis database for users information
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) --use-auth-secret means that we are using 'secret' authentication mode.
# Absense of --static-auth-secret value means that we will be taking the secret value
# from the database ('dynamic' mode).
# 6) --realm=north.gov sets realm value as "north.gov".
# 7) --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30"
# means that local Redis database 0 will be used, with database
# password "turn", and connection timeout 30 seconds.
# 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cipher-list=ALL $@

37
examples/scripts/restapi/secure_relay_secret_with_db_sqlite.sh
View File

@ -1,37 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server in
# secure 'dynamic' 'secret' mode (see TURNServerRESTAPI.pdf)
# with SQLite database for users information
# with the long-term credentials mechanism.
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 2) use fingerprints (-f)
# 3) use 3 relay threads (-m 3)
# 4) use min UDP relay port 32355 and max UDP relay port 65535
# 5) --use-auth-secret means that we are using 'secret' authentication mode.
# Absense of --static-auth-secret value means that we will be taking the secret value
# from the database ('dynamic' mode).
# 6) --realm=north.gov sets realm value as "north.gov".
# 7) --db=<file-name>
# means that local SQLite database <file-name> will be used.
# 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 10) "--log-file=stdout" means that all log output will go to the stdout.
# 11) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --realm=north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@

31
examples/scripts/restapi/secure_udp_client_with_secret.sh
View File

@ -1,31 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a "secure" TURN UDP client
# with the long-term credentials mechanism and with
# secret-based authorization (see TURNServerRESTAPI.pdf document).
#
# Options:
#
# 1) -t is absent, it means that UDP networking is used.
# 5) -n 1000 means 1000 messages per single emulated client. Messages
# are sent with interval of 20 milliseconds, to emulate an RTP stream.
# 6) -m 10 means that 10 clients are emulated.
# 7) -l 170 means that the payload size of the packets is 170 bytes
# (like average audio RTP packet).
# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1.
# 9) -g means "set DONT_FRAGMENT parameter in TURN requests".
# 10) -u ninefingers means that if the server challenges the client with
# authentication challenge, then we use account "ninefingers".
# 11) -W logen sets the secret for the secret-based authentication as "logen".
# 12) -s option is absent - it means that the client will be using
# the "channel" mechanism for data.
# 13) ::1 (the last parameter) is the TURN Server IPv6 address.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -z 5 -n 10000 -s -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -W logen $@ ::1

105
examples/scripts/restapi/shared_secret_maintainer.pl
View File

@ -1,105 +0,0 @@
#!/usr/bin/perl
#
# This is an example of Perl script maintaining dynamic shared secret
# database for the REST API
#
use strict;
use warnings;
use DBI;
use HTTP::Request::Common;
my $DBNAME="turn";
my $DBUSERNAME="turn";
my $DBPWD="turn";
my $DBHOST="localhost";
my $webserver = 'http://example.com/';
my $old_secret = "";
my $current_secret="";
my $INTERVAL=3600;
my $dbh;
$dbh = DBI->connect("DBI:mysql:$DBNAME;host=$DBHOST", $DBUSERNAME, $DBPWD)
|| die "Could not connect to database: $DBI::errstr";
$dbh->do('CREATE TABLE IF NOT EXISTS turn_secret (value varchar(512))');
my $c = $dbh->do("delete from turn_secret");
print "Deleted $c rows\n";
$dbh->disconnect();
do {
$dbh = DBI->connect("DBI:mysql:$DBNAME;host=$DBHOST", $DBUSERNAME, $DBPWD)
|| die "Could not connect to database: $DBI::errstr";
$dbh->do('CREATE TABLE IF NOT EXISTS turn_secret (value varchar(512))');
if(length($current_secret)) {
if(length($old_secret)) {
remove_secret($dbh, $old_secret);
}
$old_secret=$current_secret;
}
print "CURRENT SECRET TO BE (RE)GENERATED\n";
$current_secret = generate_secret();
insert_secret($dbh, $current_secret);
$dbh->disconnect();
#
# Web server interaction example:
# Here we can put code to submit this secret to the web server:
#
my $req = POST($webserver, Content => [param => $current_secret]);
$req->method('PUT');
print $req->as_string,"\n";
#
# Alternatively, you can use this link for compute-on-demand:
# https://github.com/alfreddatakillen/computeengineondemand
#
# write your code here.
#
sleep($INTERVAL);
} while(1);
sub remove_secret {
my $dbh = shift;
my $secret=shift;
my $c = $dbh->do("delete from turn_secret where value = '$secret'");
print "Deleted $c rows\n";
}
sub insert_secret {
my $dbh = shift;
my $secret=shift;
my $c = $dbh->do("insert into turn_secret values('$secret')");
print "Inserted $c rows\n";
}
sub generate_secret {
my @chars = ('0'..'9', 'A'..'F');
my $len = 8;
my $string;
while($len--){ $string .= $chars[rand @chars] };
return $string;
}

14
examples/scripts/rfc5769.sh
View File

@ -1,14 +0,0 @@
#!/bin/sh
#
# This is a script for RFC 5769 STUN protocol check.
# It checks whether the main code was compiled correctly.
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:bin/:../bin:${PATH} turnutils_rfc5769check $@

174
examples/scripts/selfloadbalance/secure_dos_attack.sh
View File

@ -1,174 +0,0 @@
#!/bin/sh
#
# This is an example of a script to run a DOS attack
# in a "secure" environment on a server with
# self-load-balancing option
#
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
export SLEEP_TIME=11
while [ 0 ] ; do
rm -rf /var/log/turnserver/*
##########################
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -S -k turn_client_pkey.pem -n 10 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s -p 12345 $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y -p 12346 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s -p 12346 $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12346 $@ ::1 &
###########################
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -S -k turn_client_pkey.pem -n 10 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s -p 12345 $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y -p 12346 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s -p 12346 $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -B -N -R -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -B -N -R -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12346 $@ ::1 &
###########################
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -S -k turn_client_pkey.pem -n 10 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s -p 12345 $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12345 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -n 30 -m 10 -l 170 -g -u ninefingers -w youhavetoberealistic -y -p 12346 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e ::1 -x -g -u ninefingers -w youhavetoberealistic -s -p 12346 $@ 127.0.0.1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -t -n 50 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -O -N -R -G -T -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -T -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -y -g -u gorst -w hero -p 12346 $@ ::1 &
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -O -N -R -G -t -S -k turn_client_pkey.pem -n 30 -m 10 -l 170 -e 127.0.0.1 -X -g -u gorst -w hero -p 12346 $@ ::1 &
#########################
sleep ${SLEEP_TIME}
type killall >>/dev/null 2>>/dev/null
ER=$?
if [ ${ER} -eq 0 ] ; then
killall turnutils_uclient >>/dev/null 2>>/dev/null
fi
type pkill >>/dev/null 2>>/dev/null
ER=$?
if [ ${ER} -eq 0 ] ; then
pkill turnutils_u >>/dev/null 2>>/dev/null
pkill turnutils_uclie >>/dev/null 2>>/dev/null
pkill turnutils_uclient >>/dev/null 2>>/dev/null
else
sleep 10
fi
done

42
examples/scripts/selfloadbalance/secure_relay.sh
View File

@ -1,42 +0,0 @@
#!/bin/sh
#
# This is an example how to start a TURN Server
# with self-udp-balancing, in secure mode
# (when authentication is used) - see option -a
# that means "use long-term credential mechanism".
#
# We start here a TURN Server listening on IPv4 address
# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as
# IPv4 relay address, and we use ::1 as IPv6 relay address.
#
# Other options:
#
# 1) --aux-server=... options start two auxiliary severs on IP address 127.0.0.1
# and ports 12345 and 12346, and two auxiliary servers on IP adress ::1
# with the same ports.
# 2) --self-udp-balance option forces the server to distribute the load from the
# main server points to the auxiliary servers through the ALTERNATE-SERVER
# mechanism.
# 3) set bandwidth limit on client session 3000000 bytes per second (--max-bps).
# 4) use fingerprints (-f)
# 5) use 10 relay threads (-m 10)
# 6) use min UDP relay port 32355 and max UDP relay port 65535
# 7) "-r north.gov" means "use authentication realm north.gov"
# 8) "--user=ninefingers:youhavetoberealistic" means
# "allow user 'ninefinger' with password 'youhavetoberealistic' ".
# 9) "--user=gorst:hero" means "allow user 'gorst' with password 'hero' ".
# 10) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name.
# 11) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name.
# 12) "--log-file=stdout" means that all log output will go to the stdout.
# 13) "-v" means normal verbose mode (with some moderate logging).
# 14) --cipher-list=ALL means that we support all OpenSSL ciphers
# Other parameters (config file name, etc) are default.
if [ -d examples ] ; then
cd examples
fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --aux-server=127.0.0.1:12345 --aux-server=[::1]:12345 --aux-server=127.0.0.1:12346 --aux-server=[::1]:12346 --udp-self-balance --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=gorst:hero -r north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --db=var/db/turndb $@

BIN
examples/var/db/turndb
View File

Binary file not shown.

15
make-man.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
rm -rf man/man1/*
txt2man -s 1 -t TURN -I turnserver -I turnadmin -I turnutils -I turnutils_uclient -I turnutils_stunclient -I turnutils_rfc5769check -I turnutils_peer -B "TURN Server" README.turnserver | sed -e 's/-/\\-/g' > man/man1/turnserver.1
txt2man -s 1 -t TURN -I turnserver -I turnadmin -I turnutils -I turnutils_uclient -I turnutils_stunclient -I turnutils_rfc5769check -I turnutils_peer -B "TURN Server" README.turnadmin | sed -e 's/-/\\-/g'> man/man1/turnadmin.1
txt2man -s 1 -t TURN -I turnserver -I turnadmin -I turnutils -I turnutils_uclient -I turnutils_stunclient -I turnutils_rfc5769check -I turnutils_peer -B "TURN Server" README.turnutils | sed -e 's/-/\\-/g' > man/man1/turnutils.1
cd man/man1; ln -s turnutils.1 turnutils_uclient.1;cd ../..
cd man/man1; ln -s turnutils.1 turnutils_peer.1;cd ../..
cd man/man1; ln -s turnutils.1 turnutils_stunclient.1;cd ../..
cd man/man1; ln -s turnserver.1 coturn.1;cd ../..

1
man/man1/coturn.1
View File

@ -1 +0,0 @@
turnserver.1

342
man/man1/turnadmin.1
View File

@ -1,342 +0,0 @@
.\" Text automatically generated by txt2man
.TH TURN 1 "15 June 2015" "" ""
.SH GENERAL INFORMATION
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage
the user accounts (add/remove users, generate
TURN keys for the users). For security reasons, we do not recommend
storing passwords openly. The better option is to use pre\-processed "keys"
which are then used for authentication. These keys are generated by \fIturnadmin\fP.
Turnadmin is a link to \fIturnserver\fP binary, but \fIturnadmin\fP performs different
functions.
.PP
Options note: \fIturnadmin\fP has long and short option names, for most options.
Some options have only long form, some options have only short form. Their syntax
somewhat different, if an argument is required:
.PP
The short form must be used as this (for example):
.PP
.nf
.fam C
$ turnadmin \-u <username> \.\.\.
.fam T
.fi
The long form equivalent must use the "=" character:
.PP
.nf
.fam C
$ turnadmin \-\-user=<username> \.\.\.
.fam T
.fi
If this is a flag option (no argument required) then their usage are the same, for example:
.PP
.nf
.fam C
$ turnadmin \-k \.\.\.
.fam T
.fi
is equivalent to:
.PP
.nf
.fam C
$ turnadmin \-\-key \.\.\.
.fam T
.fi
You have always the use the \fB\-r\fP <realm> option with commands for long term credentials \-
because data for multiple realms can be stored in the same database.
.PP
=====================================
.SS NAME
\fB
\fBturnadmin \fP\- a TURN relay administration tool.
\fB
.SS SYNOPSIS
$ \fIturnadmin\fP [command] [options]
.PP
$ \fIturnadmin\fP [ \fB\-h\fP | \fB\-\-help\fP]
.SS DESCRIPTION
.TP
.B
Commands:
.TP
.B
\fB\-P\fP, \fB\-\-generate\-encrypted\-password\fP
Generate and print to the standard
output an encrypted form of a password (for web admin user or CLI).
The value then can be used as a safe key for the password
storage on disk or in the database. Every invocation for the same password
produces a different result. The for mat of the encrypted password is:
$5$<\.\.\.salt\.\.\.>$<\.\.\.sha256(salt+password)\.\.\.>. Salt is 16 characters,
the sha256 output is 64 characters. Character 5 is the algorithm id (sha256).
Only sha256 is supported as the hash function.
.TP
.B
\fB\-k\fP, \fB\-\-key\fP
Generate key for a long\-term credentials mechanism user.
.TP
.B
\fB\-a\fP, \fB\-\-add\fP
Add or update a long\-term user.
.TP
.B
\fB\-A\fP, \fB\-\-add\-admin\fP
Add or update an admin user.
.TP
.B
\fB\-d\fP, \fB\-\-delete\fP
Delete a long\-term user.
.TP
.B
\fB\-D\fP, \fB\-\-delete\-admin\fP
Delete an admin user.
.TP
.B
\fB\-l\fP, \fB\-\-list\fP
List long\-term users in the database.
.TP
.B
\fB\-L\fP, \fB\-\-list\-admin\fP
List admin users in the database.
.PP
\fB\-s\fP, \fB\-\-set\-secret\fP=<value> Add shared secret for TURN RESP API
.TP
.B
\fB\-S\fP, \fB\-\-show\-secret\fP
Show stored shared secrets for TURN REST API
.PP
\fB\-X\fP, \fB\-\-delete\-secret\fP=<value> Delete a shared secret.
.RS
.TP
.B
\fB\-\-delete\-all_secrets\fP
Delete all shared secrets for REST API.
.RE
.TP
.B
\fB\-O\fP, \fB\-\-add\-origin\fP
Add origin\-to\-realm relation.
.TP
.B
\fB\-R\fP, \fB\-\-del\-origin\fP
Delete origin\-to\-realm relation.
.TP
.B
\fB\-I\fP, \fB\-\-list\-origins\fP
List origin\-to\-realm relations.
.TP
.B
\fB\-g\fP, \fB\-\-set\-realm\-option\fP
Set realm params: max\-bps, total\-quota, user\-quota.
.TP
.B
\fB\-G\fP, \fB\-\-list\-realm\-options\fP
List realm params.
.TP
.B
Options with required values:
.TP
.B
\fB\-b\fP, \fB\-\-db\fP, \fB\-\-userdb\fP
SQLite user database file name (default \- /var/db/turndb or
/usr/local/var/db/turndb or /var/lib/turn/turndb).
See the same option in the \fIturnserver\fP section.
.TP
.B
\fB\-e\fP, \fB\-\-psql\-userdb\fP
PostgreSQL user database connection string.
See the \fB\-\-psql\-userdb\fP option in the \fIturnserver\fP section.
.TP
.B
\fB\-M\fP, \fB\-\-mysql\-userdb\fP
MySQL user database connection string.
See the \fB\-\-mysql\-userdb\fP option in the \fIturnserver\fP section.
.TP
.B
\fB\-J\fP, \fB\-\-mongo\-userdb\fP
MongoDB user database connection string.
See the \fB\-\-mysql\-mongo\fP option in the \fIturnserver\fP section.
.TP
.B
\fB\-N\fP, \fB\-\-redis\-userdb\fP
Redis user database connection string.
See the \fB\-\-redis\-userdb\fP option in the \fIturnserver\fP section.
.TP
.B
\fB\-u\fP, \fB\-\-user\fP
User name.
.TP
.B
\fB\-r\fP, \fB\-\-realm\fP
Realm.
.TP
.B
\fB\-p\fP, \fB\-\-password\fP
Password.
.TP
.B
\fB\-o\fP, \fB\-\-origin\fP
Origin
.TP
.B
\fB\-\-max\-bps\fP
Set value of realm's max\-bps parameter.
.TP
.B
\fB\-\-total\-quota\fP
Set value of realm's total\-quota parameter.
.TP
.B
\fB\-\-user\-quota\fP
Set value of realm's user\-quota parameter.
.TP
.B
\fB\-h\fP, \fB\-\-help\fP
Help.
.TP
.B
Command examples:
.PP
Generate an encrypted form of a password:
.PP
$ \fIturnadmin\fP \fB\-P\fP \fB\-p\fP <password>
.PP
Generate a key:
.PP
$ \fIturnadmin\fP \fB\-k\fP \fB\-u\fP <username> \fB\-r\fP <realm> \fB\-p\fP <password>
.PP
Add/update a user in the in the database:
.PP
$ \fIturnadmin\fP \fB\-a\fP [\fB\-b\fP <userdb\-file> | \fB\-e\fP <db\-connection\-string> | \fB\-M\fP <db\-connection\-string> | \fB\-N\fP <db\-connection\-string> ] \fB\-u\fP <username> \fB\-r\fP <realm> \fB\-p\fP <password>
.PP
Delete a user from the database:
.PP
$ \fIturnadmin\fP \fB\-d\fP [\fB\-b\fP <userdb\-file> | \fB\-e\fP <db\-connection\-string> | \fB\-M\fP <db\-connection\-string> | \fB\-N\fP <db\-connection\-string> ] \fB\-u\fP <username> \fB\-r\fP <realm>
.PP
List all long\-term users in MySQL database:
.PP
$ \fIturnadmin\fP \fB\-l\fP \fB\-\-mysql\-userdb\fP="<db\-connection\-string>" \fB\-r\fP <realm>
.PP
List all admin users in Redis database:
.PP
$ \fIturnadmin\fP \fB\-L\fP \fB\-\-redis\-userdb\fP="<db\-connection\-string>"
.PP
Set secret in MySQL database:
.PP
$ \fIturnadmin\fP \fB\-s\fP <secret> \fB\-\-mysql\-userdb\fP="<db\-connection\-string>" \fB\-r\fP <realm>
.PP
Show secret stored in PostgreSQL database:
.PP
$ \fIturnadmin\fP \fB\-S\fP \fB\-\-psql\-userdb\fP="<db\-connection\-string>" \fB\-r\fP <realm>
.PP
Set origin\-to\-realm relation in MySQL database:
.PP
$ \fIturnadmin\fP \fB\-\-mysql\-userdb\fP="<db\-connection\-string>" \fB\-r\fP <realm> \fB\-o\fP <origin>
.PP
Delete origin\-to\-realm relation from Redis DB:
.PP
$ \fIturnadmin\fP \fB\-\-redis\-userdb\fP="<db\-connection\-string>" \fB\-o\fP <origin>
.PP
List all origin\-to\-realm relations in Redis DB:
.PP
$ \fIturnadmin\fP \fB\-\-redis\-userdb\fP="<db\-connection\-string>" \fB\-I\fP
.PP
List the origin\-to\-realm relations in PostgreSQL DB for a single realm:
.PP
$ \fIturnadmin\fP \fB\-\-psql\-userdb\fP="<db\-connection\-string>" \fB\-I\fP \fB\-r\fP <realm>
.TP
.B
Help:
.PP
$ \fIturnadmin\fP \fB\-h\fP
.PP
=======================================
.SS DOCS
After installation, run the command:
.PP
$ man \fIturnadmin\fP
.PP
or in the project root directory:
.PP
$ man \fB\-M\fP man \fIturnadmin\fP
.PP
to see the man page.
.PP
=====================================
.SS FILES
/etc/turnserver.conf
.PP
/var/db/turndb
.PP
/usr/local/var/db/turndb
.PP
/var/lib/turn/turndb
.PP
/usr/local/etc/turnserver.conf
.PP
=====================================
.SS DIRECTORIES
/usr/local/share/\fIturnserver\fP
.PP
/usr/local/share/doc/\fIturnserver\fP
.PP
/usr/local/share/examples/\fIturnserver\fP
.PP
======================================
.SS SEE ALSO
\fIturnserver\fP, \fIturnutils\fP
.RE
.PP
======================================
.SS WEB RESOURCES
project page:
.PP
http://code.google.com/p/coturn/
.PP
Wiki page:
.PP
http://code.google.com/p/coturn/wiki/Readme
.PP
forum:
.PP
https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server/
.RE
.PP
======================================
.SS AUTHORS
Oleg Moskalenko <mom040267@gmail.com>
.PP
Gabor Kovesdan http://kovesdan.org/
.PP
Daniel Pocock http://danielpocock.com/
.PP
John Selbie (jselbie@gmail.com)
.PP
Lee Sylvester <lee@designrealm.co.uk>
.PP
Erik Johnston <erikj@openmarket.com>
.PP
Roman Lisagor <roman@demonware.net>
.PP
Vladimir Tsanev <tsachev@gmail.com>
.PP
Po\-sheng Lin <personlin118@gmail.com>
.PP
Peter Dunkley <peter.dunkley@acision.com>
.PP
Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
.PP
Federico Pinna <fpinna@vivocha.com>
.PP
Bradley T. Hughes <bradleythughes@fastmail.fm>

1195
man/man1/turnserver.1
View File

File diff suppressed because it is too large Load Diff

452
man/man1/turnutils.1
View File

@ -1,452 +0,0 @@
.\" Text automatically generated by txt2man
.TH TURN 1 "15 June 2015" "" ""
.SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used
for testing and for setting up the TURN server.
.TP
.B
1.
\fIturnutils_uclient\fP: emulates multiple UDP,TCP,TLS or DTLS clients.
(this program is provided for the testing purposes only !)
The compiled binary image of this program is located in bin/
sub\-directory.
.TP
.B
2.
\fIturnutils_peer\fP: a simple stateless UDP\-only "echo" server,
to be used as the final server in relay pattern ("peer"). For every incoming
UDP packet, it simply echoes it back.
(this program is provided for the testing purposes only !)
When the test clients are communicating in the client\-to\-client manner
(when the "\fIturnutils_uclient\fP" program is used with "\fB\-y\fP" option) then the
\fIturnutils_peer\fP is not needed.
.PP
The compiled binary image of this program is located in bin/ subdirectory.
.TP
.B
3.
\fIturnutils_stunclient\fP: a simple STUN client example.
The compiled binary image of this program is located in bin/ subdirectory.
.TP
.B
4.
\fIturnutils_rfc5769check\fP: a utility that checks the correctness of the
STUN/TURN protocol implementation. This utility is used only for the compilation
check procedure, it is not copied to the installation destination.
.RE
.PP
.RS
In the "examples/scripts" subdirectory, you will find the examples of command lines to be used
to run the programs. The scripts are meant to be run from examples/ subdirectory, for example:
.PP
$ cd examples
.PP
$ ./scripts/secure_relay.sh
.PP
=====================================
.SS NAME
\fB
\fBturnutils_uclient \fP\- this client emulation application is supplied for the test purposes only.
\fB
.SS SYNOPSIS
$ \fIturnutils_uclient\fP [\fB\-tTSvsyhcxg\fP] [options] <TURN\-Server\-IP\-address>
.SS DESCRIPTION
It was designed to simulate multiple clients. It uses asynch IO API in
libevent to handle multiple clients. A client connects to the relay,
negotiates the session, and sends multiple (configured number) messages to the server (relay),
expecting the same number of replies. The length of the messages is configurable.
The message is an arbitrary octet stream.
The number of the messages to send is configurable.
.TP
.B
Flags:
.TP
.B
\fB\-t\fP
Use TCP for communications between client and TURN server (default is UDP).
.TP
.B
\fB\-b\fP
Use SCTP for communications between client and TURN server (default is UDP).
.TP
.B
\fB\-T\fP
Use TCP for the relay transport (default \- UDP). Implies options \fB\-t\fP, \fB\-y\fP, \fB\-c\fP,
and ignores flags and options \fB\-s\fP, \fB\-e\fP, \fB\-r\fP and \fB\-g\fP. Can be used together
with \fB\-b\fP.
.TP
.B
\fB\-P\fP
Passive TCP (RFC6062 with active peer). Implies \fB\-T\fP.
.TP
.B
\fB\-S\fP
Secure SSL connection: SSL/TLS for TCP, DTLS for UDP, TLS/SCTP for SCTP.
.TP
.B
\fB\-U\fP
Secure unencrypted connection (suite eNULL): SSL/TLS for TCP, DTLS for UDP.
.TP
.B
\fB\-v\fP
Verbose.
.TP
.B
\fB\-s\fP
Use "Send" method in TURN; by default, it uses TURN Channels.
.TP
.B
\fB\-y\fP
Use client\-to\-client connections:
RTP/RTCP pair of channels to another RTP/RTCP pair of channels.
with this option the \fIturnutils_peer\fP application is not used,
as the allocated relay endpoints are talking to each other.
.TP
.B
\fB\-h\fP
Hang on indefinitely after the last sent packet.
.TP
.B
\fB\-c\fP
Do not create rtcp connections.
.TP
.B
\fB\-x\fP
Request IPv6 relay address (RFC6156).
.TP
.B
\fB\-X\fP
IPv4 relay address explicitly requested.
.TP
.B
\fB\-g\fP
Set DONT_FRAGMENT parameter in TURN requests.
.TP
.B
\fB\-D\fP
Do mandatory channel padding even for UDP (like pjnath).
.TP
.B
\fB\-N\fP
do negative tests (some limited cases only).
.TP
.B
\fB\-R\fP
do negative protocol tests.
.TP
.B
\fB\-O\fP
DOS attack mode.
.TP
.B
\fB\-M\fP
Use TURN ICE Mobility.
.TP
.B
\fB\-I\fP
Do not set permissions on TURN relay endpoints
(for testing the non\-standard server relay functionality).
.TP
.B
\fB\-G\fP
Generate extra requests (create permissions, channel bind).
.TP
.B
\fB\-B\fP
Random disconnect after a few initial packets.
.TP
.B
\fB\-Z\fP
Dual allocation (SSODA). Implies \fB\-c\fP option.
.TP
.B
\fB\-J\fP
Use oAuth with default test key kid='north'.
.TP
.B
Options with required values:
.TP
.B
\fB\-l\fP
Message length (Default: 100 Bytes).
.TP
.B
\fB\-i\fP
Certificate file (for secure connections only, optional).
.TP
.B
\fB\-k\fP
Private key file (for secure connections only).
.TP
.B
\fB\-E\fP
CA file for server certificate verification,
if the server certificate to be verified.
.TP
.B
\fB\-p\fP
\fBTURN Server\fP port (Defaults: 3478 unsecure, 5349 secure).
.TP
.B
\fB\-n\fP
Number of messages to send (Default: 5).
.TP
.B
\fB\-d\fP
Local interface device (optional, Linux only).
.TP
.B
\fB\-L\fP
Local IP address (optional).
.TP
.B
\fB\-m\fP
Number of clients (Default: 1, 2 or 4, depending on options).
.TP
.B
\fB\-e\fP
Peer address.
.TP
.B
\fB\-r\fP
Peer port (Default: 3480).
.TP
.B
\fB\-z\fP
Per\-session packet interval in milliseconds (Default: 20).
.TP
.B
\fB\-u\fP
STUN/TURN user name.
.TP
.B
\fB\-w\fP
STUN/TURN user password.
.TP
.B
\fB\-W\fP
TURN REST API authentication secret. Is not compatible with \fB\-A\fP flag.
.TP
.B
\fB\-C\fP
This is the timestamp/username separator symbol (character) in
TURN REST API. The default value is :.
.TP
.B
\fB\-F\fP
Cipher suite for TLS/DTLS. Default value is DEFAULT.
.TP
.B
\fB\-o\fP
the ORIGIN STUN attribute value.
.TP
.B
\fB\-a\fP
Bandwidth for the bandwidth request in ALLOCATE. The default value is zero.
.PP
See the examples in the "examples/scripts" directory.
.PP
======================================
.SS NAME
\fB
\fBturnutils_peer \fP\- a simple UDP\-only echo backend server.
\fB
.SS SYNOPSYS
$ \fIturnutils_peer\fP [\fB\-v\fP] [options]
.SS DESCRIPTION
This application is used for the test purposes only, as a peer for the \fIturnutils_uclient\fP application.
.TP
.B
Options with required values:
.TP
.B
\fB\-p\fP
Listening UDP port (Default: 3480).
.TP
.B
\fB\-d\fP
Listening interface device (optional)
.TP
.B
\fB\-L\fP
Listening address of \fIturnutils_peer\fP server. Multiple listening addresses can be used, IPv4 and IPv6.
If no listener \fBaddress\fP(es) defined, then it listens on all IPv4 and IPv6 addresses.
.TP
.B
\fB\-v\fP
Verbose
.PP
========================================
.SS NAME
\fB
\fBturnutils_stunclient \fP\- a basic STUN client.
\fB
.SS SYNOPSIS
.nf
.fam C
$ \fIturnutils_stunclient\fP [\fIoptions\fP] <STUN\-Server\-IP\-address>
.fam T
.fi
.fam T
.fi
.SS DESCRIPTION
It sends a "new" STUN RFC 5389 request (over UDP) and shows the reply information.
.TP
.B
Options with required values:
.TP
.B
\fB\-p\fP
STUN server port (Default: 3478).
.TP
.B
\fB\-L\fP
Local address to use (optional).
.TP
.B
\fB\-f\fP
Force RFC 5780 processing.
.PP
The \fIturnutils_stunclient\fP program checks the results of the first request,
and if it finds that the STUN server supports RFC 5780
(the binding response reveals that) then the \fIturnutils_stunclient\fP makes a couple more
requests with different parameters, to demonstrate the NAT discovery capabilities.
.PP
This utility does not support the "old" "classic" STUN protocol (RFC 3489).
.PP
=====================================
.SS NAME
\fB
\fBturnutils_rfc5769check \fP\- a utility that tests the correctness of STUN protocol implementation.
\fB
.SS SYNOPSIS
.nf
.fam C
$ \fIturnutils_rfc5769check\fP
.fam T
.fi
.fam T
.fi
.SS DESCRIPTION
\fIturnutils_rfc5769check\fP tests the correctness of STUN protocol implementation
against the test vectors predefined in RFC 5769 and prints the results of the
tests on the screen. This utility is used only for the compilation
check procedure, it is not copied to the installation destination.
.TP
.B
Usage:
.PP
$ \fIturnutils_rfc5769check\fP
.PP
===================================
.SH DOCS
After installation, run the command:
.PP
$ man \fIturnutils\fP
.PP
or in the project root directory:
.PP
$ man \fB\-M\fP man \fIturnutils\fP
.PP
to see the man page.
.PP
=====================================
.SH FILES
/etc/turnserver.conf
.PP
/var/db/turndb
.PP
/usr/local/var/db/turndb
.PP
/var/lib/turn/turndb
.PP
/usr/local/etc/turnserver.conf
.PP
=================================
.SH DIRECTORIES
/usr/local/share/\fIturnserver\fP
.PP
/usr/local/share/doc/\fIturnserver\fP
.PP
/usr/local/share/examples/\fIturnserver\fP
.PP
===================================
.SH STANDARDS
new STUN RFC 5389
.PP
TURN RFC 5766
.PP
TURN\-TCP extension RFC 6062
.PP
TURN IPv6 extension RFC 6156
.PP
STUN/TURN test vectors RFC 5769
.PP
STUN NAT behavior discovery RFC 5780
.PP
====================================
.SH SEE ALSO
\fIturnserver\fP, \fIturnadmin\fP
.RE
.PP
======================================
.SS WEB RESOURCES
project page:
.PP
http://code.google.com/p/coturn/
.PP
Wiki page:
.PP
http://code.google.com/p/coturn/wiki/Readme
.PP
forum:
.PP
https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server/
.RE
.PP
======================================
.SS AUTHORS
Oleg Moskalenko <mom040267@gmail.com>
.PP
Gabor Kovesdan http://kovesdan.org/
.PP
Daniel Pocock http://danielpocock.com/
.PP
John Selbie (jselbie@gmail.com)
.PP
Lee Sylvester <lee@designrealm.co.uk>
.PP
Erik Johnston <erikj@openmarket.com>
.PP
Roman Lisagor <roman@demonware.net>
.PP
Vladimir Tsanev <tsachev@gmail.com>
.PP
Po\-sheng Lin <personlin118@gmail.com>
.PP
Peter Dunkley <peter.dunkley@acision.com>
.PP
Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
.PP
Federico Pinna <fpinna@vivocha.com>
.PP
Bradley T. Hughes <bradleythughes@fastmail.fm>

1
man/man1/turnutils_peer.1
View File

@ -1 +0,0 @@
turnutils.1

1
man/man1/turnutils_stunclient.1
View File

@ -1 +0,0 @@
turnutils.1

1
man/man1/turnutils_uclient.1
View File

@ -1 +0,0 @@
turnutils.1

39
postinstall.txt
View File

@ -1,39 +0,0 @@
==================================================================
1) If you system supports automatic start-up system daemon services,
the, to enable the turnserver as an automatically started system
service, you have to:
a) Create and edit /etc/turnserver.conf or
/usr/local/etc/turnserver.conf .
Use /usr/local/etc/turnserver.conf.default as an example.
b) For user accounts settings: set up SQLite or PostgreSQL or
MySQL or MongoDB or Redis database for user accounts.
Use /usr/local/share/turnserver/schema.sql as SQL database schema,
or use /usr/local/share/turnserver/schema.userdb.redis as Redis
database schema description and/or
/usr/local/share/turnserver/schema.stats.redis
as Redis status & statistics database schema description.
If you are using SQLite, the default database location is in
/var/db/turndb or in /usr/local/var/db/turndb or in /var/lib/turn/turndb.
c) add whatever is necessary to enable start-up daemon for the
/usr/local/bin/turnserver.
2) If you do not want the turnserver to be a system service,
then you can start/stop it "manually", using the "turnserver"
executable with appropriate options (see the documentation).
3) To create database schema, use schema in file
/usr/local/share/turnserver/schema.sql.
4) For additional information, run:
$ man turnserver
$ man turnadmin
$ man turnutils
==================================================================

88
rpm/CentOS6.pre.build.sh
View File

@ -1,88 +0,0 @@
#!/bin/bash
# CentOS6 preparation script.
CPWD=`pwd`
. ./common.pre.build.sh
cd ${CPWD}
LIBEVENT_MAJOR_VERSION=2
LIBEVENT_VERSION=${LIBEVENT_MAJOR_VERSION}.0.21
LIBEVENT_DISTRO=libevent-${LIBEVENT_VERSION}-stable.tar.gz
LIBEVENT_SPEC_DIR=libevent.rpm
LIBEVENTSPEC_SVN_URL=${TURNSERVER_SVN_URL}/${LIBEVENT_SPEC_DIR}
LIBEVENT_SPEC_FILE=libevent.spec
# Common packs
PACKS="mysql-devel sqlite sqlite-devel"
sudo yum -y install ${PACKS}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install package(s) ${PACKS}"
cd ${CPWD}
exit -1
fi
# Libevent2:
if ! [ -f ${BUILDDIR}/SPECS/${LIBEVENT_SPEC_FILE} ] ; then
cd ${BUILDDIR}/tmp
rm -rf ${LIBEVENT_SPEC_DIR}
svn export ${LIBEVENTSPEC_SVN_URL} ${LIBEVENT_SPEC_DIR}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
cd ${CPWD}
exit -1
fi
if ! [ -f ${LIBEVENT_SPEC_DIR}/${LIBEVENT_SPEC_FILE} ] ; then
echo "ERROR: cannot download ${LIBEVENT_SPEC_FILE} file"
cd ${CPWD}
exit -1
fi
cp ${LIBEVENT_SPEC_DIR}/${LIBEVENT_SPEC_FILE} ${BUILDDIR}/SPECS
cp ${LIBEVENT_SPEC_DIR}/${LIBEVENT_DISTRO} ${BUILDDIR}/SOURCES
fi
cd ${BUILDDIR}/SPECS
rpmbuild -ba ${BUILDDIR}/SPECS/${LIBEVENT_SPEC_FILE}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
cd ${CPWD}
exit -1
fi
PACK=${BUILDDIR}/RPMS/${ARCH}/libevent-${LIBEVENT_MAJOR_VERSION}*.rpm
sudo rpm ${RPMOPTIONS} ${PACK}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install packages ${PACK}"
cd ${CPWD}
exit -1
fi
PACK=${BUILDDIR}/RPMS/${ARCH}/libevent-devel*.rpm
sudo rpm ${RPMOPTIONS} ${PACK}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install packages ${PACK}"
cd ${CPWD}
exit -1
fi
# EPEL (for hiredis)
cd ${CPWD}
./epel6.install.sh
# Platform file
echo "CentOS6.6" > ${BUILDDIR}/platform
cp ${CPWD}/epel6.install.sh ${BUILDDIR}/install.sh
cd ${CPWD}

33
rpm/CentOS7.pre.build.sh
View File

@ -1,33 +0,0 @@
#!/bin/bash
# CentOS7 preparation script.
CPWD=`pwd`
. ./common.pre.build.sh
cd ${CPWD}
# Common packs
PACKS="libevent-devel mariadb-devel sqlite sqlite-devel"
sudo yum -y install ${PACKS}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install package(s) ${PACKS}"
cd ${CPWD}
exit -1
fi
# EPEL (for hiredis)
cd ${CPWD}
./epel7.install.sh
# Platform file
echo "CentOS7.1" > ${BUILDDIR}/platform
cp ${CPWD}/epel7.install.sh ${BUILDDIR}/install.sh
cd ${CPWD}

20
rpm/Fedora.pre.build.sh
View File

@ -1,20 +0,0 @@
#!/bin/bash
CPWD=`pwd`
# Fedora preparation script.
. ./common.pre.build.sh
PACKS="libevent-devel mariadb-devel sqlite sqlite-devel"
sudo yum -y install ${PACKS}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install package(s) ${PACKS}"
cd ${CPWD}
exit -1
fi
echo "Fedora20" > ${BUILDDIR}/platform
cd ${CPWD}

47
rpm/build.instructions.txt
View File

@ -1,47 +0,0 @@
MANUAL PROCESS FOR CENTOS 6:
The first thing you need to build/use the TURN server with CentOS is to build and install libevent 2.x.x. CentOS 6 ships with libevent 1.x.x. You can find a .spec file to build libevent 2.x.x here: https://github.com/crocodilertc/libevent
To build libevent:
1) Install the dependencies for building libevent: gcc, make, redhat-rpm-config, doxygen, openssl-devel, rpm-build
2) $ mkdir ~/rpmbuild
3) $ mkdir ~/rpmbuild/SOURCES
4) $ mkdir ~/rpmbuild/SPECS
5) Put the tarball for libevent (https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz) and put it into ~/rpmbuild/SOURCES
6) Put the .spec for libevent (https://raw.github.com/crocodilertc/libevent/master/libevent.spec) into ~/rpmbuild/SPECS
7) Build the RPMs, "rpmbuild -ba ~/rpmbuild/SPECS/libevent.spec"
To build the TURN server:
1) Install libevent and libevent-devel rpms
2) Install EPEL (http://fedoraproject.org/wiki/EPEL) - needed for hiredis
3) Install the dependencies for building the TURN server:
gcc, make, redhat-rpm-config,
openssl-devel,
libevent-devel >= 2.0.0,
sqlite, sqlite-devel,
mysql-devel (or mariadb-devel), postgresql-devel, hiredis-devel
4) $ mkdir ~/rpmbuild
5) $ mkdir ~/rpmbuild/SOURCES
6) Export the TURN server from SVN, "svn export http://coturn.googlecode.com/svn/trunk/ turnserver-2.6.7.0"
7) Create a tarball, "tar zcf ~/rpmbuild/SOURCES/turnserver-2.6.7.0.tar.gz turnserver-2.6.7.0"
8) Build the RPMs, "rpmbuild -ta ~/rpmbuild/SOURCES/turnserver-2.6.7.0.tar.gz"
AUTOMATED PROCESS FOR CENTOS 6:
$ cd <...>/coturn/rpm
$ ./CentOS6.pre.build.sh
$ ./build.sh
(then see the tarball in ~/rpmbuild/RPMS/<arch>)
AUTOMATED PROCESS FOR Fedora:
$ cd <...>/coturn/rpm
$ ./Fedora.pre.build.sh
$ ./build.sh
(then see the tarball in ~/rpmbuild/RPMS/<arch>)

14
rpm/build.settings.sh
View File

@ -1,14 +0,0 @@
#!/bin/bash
# Common settings script.
TURNVERSION=4.4.5.3
BUILDDIR=~/rpmbuild
ARCH=`uname -p`
TURNSERVER_SVN_URL=http://coturn.googlecode.com/svn
TURNSERVER_SVN_URL_VER=trunk
WGETOPTIONS="--no-check-certificate"
RPMOPTIONS="-ivh --force"

99
rpm/build.sh
View File

@ -1,99 +0,0 @@
#!/bin/bash
CPWD=`pwd`
. ./build.settings.sh
# Required packages
PACKS="postgresql-devel hiredis-devel"
sudo yum -y install ${PACKS}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install packages ${PACKS}"
cd ${CPWD}
exit -1
fi
# TURN
cd ${BUILDDIR}/tmp
rm -rf turnserver-${TURNVERSION}
svn export ${TURNSERVER_SVN_URL}/${TURNSERVER_SVN_URL_VER}/ turnserver-${TURNVERSION}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
cd ${CPWD}
exit -1
fi
tar zcf ${BUILDDIR}/SOURCES/turnserver-${TURNVERSION}.tar.gz turnserver-${TURNVERSION}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
cd ${CPWD}
exit -1
fi
rpmbuild -ta ${BUILDDIR}/SOURCES/turnserver-${TURNVERSION}.tar.gz
ER=$?
if ! [ ${ER} -eq 0 ] ; then
cd ${CPWD}
exit -1
fi
# Make binary tarball
cd ${BUILDDIR}/RPMS/${ARCH}
mkdir -p di
mv *debuginfo* di
mv *devel* di
rm -rf turnserver-${TURNVERSION}
mkdir turnserver-${TURNVERSION}
mv *.rpm turnserver-${TURNVERSION}/
rm -rf turnserver-${TURNVERSION}/install.sh
if [ -f ${BUILDDIR}/install.sh ] ; then
cat ${BUILDDIR}/install.sh > turnserver-${TURNVERSION}/install.sh
else
echo "#!/bin/sh" > turnserver-${TURNVERSION}/install.sh
fi
cat <<EOF >>turnserver-${TURNVERSION}/install.sh
sudo yum -y install openssl
sudo yum -y install telnet
sudo yum -y install sqlite
for i in *.rpm ; do
sudo yum -y install \${i}
ER=\$?
if ! [ \${ER} -eq 0 ] ; then
sudo rpm -Uvh \${i}
ER=\$?
if ! [ \${ER} -eq 0 ] ; then
sudo rpm -ivh --force \${i}
ER=\$?
if ! [ \${ER} -eq 0 ] ; then
echo "ERROR: cannot install package \${i}"
exit -1
fi
fi
fi
done
echo SUCCESS !
EOF
chmod a+x turnserver-${TURNVERSION}/install.sh
cp ${CPWD}/uninstall.turnserver.sh turnserver-${TURNVERSION}/
chmod a+x turnserver-${TURNVERSION}/uninstall.turnserver.sh
PLATFORM=`cat ${BUILDDIR}/platform`
tar cvfz turnserver-${TURNVERSION}-${PLATFORM}-${ARCH}.tar.gz turnserver-${TURNVERSION}
cd ${CPWD}

26
rpm/common.pre.build.sh
View File

@ -1,26 +0,0 @@
#!/bin/bash
# Common preparation script.
. ./build.settings.sh
# DIRS
rm -rf ${BUILDDIR}
mkdir -p ${BUILDDIR}
mkdir -p ${BUILDDIR}/SOURCES
mkdir -p ${BUILDDIR}/SPECS
mkdir -p ${BUILDDIR}/RPMS
mkdir -p ${BUILDDIR}/tmp
# Common packs
PACKS="make gcc redhat-rpm-config rpm-build doxygen openssl-devel svn"
sudo yum -y install ${PACKS}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install packages ${PACKS}"
exit -1
fi

39
rpm/epel6.install.sh
View File

@ -1,39 +0,0 @@
#!/bin/bash
CPWD=`pwd`
# Epel installation script
EPEL=epel-release-6-8.noarch
EPELRPM=${EPEL}.rpm
BUILDDIR=~/rpmbuild
WGETOPTIONS="--no-check-certificate"
RPMOPTIONS="-ivh --force"
mkdir -p ${BUILDDIR}
mkdir -p ${BUILDDIR}/RPMS
sudo yum -y install wget
cd ${BUILDDIR}/RPMS
if ! [ -f ${EPELRPM} ] ; then
wget ${WGETOPTIONS} http://download.fedoraproject.org/pub/epel/6/i386/${EPELRPM}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
cd ${CPWD}
exit -1
fi
fi
PACK=${EPELRPM}
sudo rpm ${RPMOPTIONS} ${PACK}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install package ${PACK}"
cd ${CPWD}
exit -1
fi
cd ${CPWD}

39
rpm/epel7.install.sh
View File

@ -1,39 +0,0 @@
#!/bin/bash
CPWD=`pwd`
# Epel installation script
EPEL=epel-release-7-5.noarch
EPELRPM=${EPEL}.rpm
BUILDDIR=~/rpmbuild
WGETOPTIONS="--no-check-certificate"
RPMOPTIONS="-ivh --force"
mkdir -p ${BUILDDIR}
mkdir -p ${BUILDDIR}/RPMS
sudo yum -y install wget
cd ${BUILDDIR}/RPMS
if ! [ -f ${EPELRPM} ] ; then
wget ${WGETOPTIONS} http://download.fedoraproject.org/pub/epel/7/x86_64/e/${EPELRPM}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
cd ${CPWD}
exit -1
fi
fi
PACK=${EPELRPM}
sudo rpm ${RPMOPTIONS} ${PACK}
ER=$?
if ! [ ${ER} -eq 0 ] ; then
echo "Cannot install package ${PACK}"
cd ${CPWD}
exit -1
fi
cd ${CPWD}

82
rpm/turnserver.init.el
View File

@ -1,82 +0,0 @@
#!/bin/bash
#
# Startup script for TURN Server
#
# chkconfig: 345 85 15
# description: RFC 5766 TURN Server
#
# processname: turnserver
# pidfile: /var/run/turnserver.pid
# config: /etc/turnserver/turnserver.conf
#
### BEGIN INIT INFO
# Provides: turnserver
# Required-Start: $local_fs $network
# Short-Description: RFC 5766 TURN Server
# Description: RFC 5766 TURN Server
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
TURN=/usr/bin/turnserver
PROG=turnserver
TURNCFG=/etc/turnserver/$PROG.conf
PID_FILE=/var/run/$PROG.pid
LOCK_FILE=/var/lock/subsys/$PROG
DEFAULTS=/etc/sysconfig/$PROG
RETVAL=0
USER=turnserver
start() {
echo -n $"Starting $PROG: "
daemon --user=$USER $TURN $OPTIONS
RETVAL=$?
if [ $RETVAL = 0 ]; then
pidofproc $TURN > $PID_FILE
RETVAL=$?
[ $RETVAL = 0 ] && touch $LOCK_FILE && success
fi
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $PROG: "
killproc $TURN
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f $LOCK_FILE $PID_FILE
}
[ -f $DEFAULTS ] && . $DEFAULTS
OPTIONS="-o -c $TURNCFG $EXTRA_OPTIONS"
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $TURN
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f $PID_FILE ] ; then
stop
start
fi
;;
*)
echo $"Usage: $PROG {start|stop|restart|condrestart|status|help}"
exit 1
esac
exit $RETVAL

15
rpm/turnserver.service.fc
View File

@ -1,15 +0,0 @@
[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
Type=forking
EnvironmentFile=/etc/sysconfig/turnserver
PIDFile=/var/run/turnserver.pid
ExecStart=/usr/bin/turnserver -o -c /etc/turnserver/turnserver.conf $EXTRA_OPTIONS
ExecStopPost=/usr/bin/rm -f /var/run/turnserver.pid
Restart=on-abort
[Install]
WantedBy=multi-user.target

409
rpm/turnserver.spec
View File

@ -1,409 +0,0 @@
Name: turnserver
Version: 4.4.5.3
Release: 0%{dist}
Summary: Coturn TURN Server
Group: System Environment/Libraries
License: BSD
URL: https://code.google.com/p/coturn/
Source0: http://turnserver.open-sys.org/downloads/v%{version}/%{name}-%{version}.tar.gz
BuildRequires: gcc, make, redhat-rpm-config, sqlite-devel
BuildRequires: openssl-devel, libevent-devel >= 2.0.0, postgresql-devel
BuildRequires: hiredis-devel
Requires: openssl, sqlite, libevent >= 2.0.0, mysql-libs, postgresql-libs
Requires: hiredis, perl-DBI, perl-libwww-perl
Requires: telnet
%if 0%{?el6}
BuildRequires: epel-release, mysql-devel
Requires: epel-release, mysql-libs
%else
BuildRequires: mariadb-devel
Requires: mariadb-libs
%endif
%description
The TURN Server is a VoIP media traffic NAT traversal server and gateway. It
can be used as a general-purpose network traffic TURN server/gateway, too.
This implementation also includes some extra features. Supported RFCs:
TURN specs:
- RFC 5766 - base TURN specs
- RFC 6062 - TCP relaying TURN extension
- RFC 6156 - IPv6 extension for TURN
- Experimental DTLS support as client protocol.
STUN specs:
- RFC 3489 - "classic" STUN
- RFC 5389 - base "new" STUN specs
- RFC 5769 - test vectors for STUN protocol testing
- RFC 5780 - NAT behavior discovery support
The implementation fully supports the following client-to-TURN-server protocols:
- UDP (per RFC 5766)
- TCP (per RFC 5766 and RFC 6062)
- TLS (per RFC 5766 and RFC 6062); SSL3/TLS1.0/TLS1.1/TLS1.2
- DTLS (experimental non-standard feature)
Supported relay protocols:
- UDP (per RFC 5766)
- TCP (per RFC 6062)
Supported user databases (for user repository, with passwords or keys, if
authentication is required):
- SQLite
- MySQL
- PostgreSQL
- Redis
Redis can also be used for status and statistics storage and notification.
Supported TURN authentication mechanisms:
- long-term
- TURN REST API (a modification of the long-term mechanism, for time-limited
secret-based authentication, for WebRTC applications)
The load balancing can be implemented with the following tools (either one or a
combination of them):
- network load-balancer server
- DNS-based load balancing
- built-in ALTERNATE-SERVER mechanism.
%package utils
Summary: TURN client utils
Group: System Environment/Libraries
Requires: turnserver-client-libs = %{version}-%{release}
%description utils
This package contains the TURN client utils.
%package client-libs
Summary: TURN client library
Group: System Environment/Libraries
Requires: openssl, libevent >= 2.0.0
%description client-libs
This package contains the TURN client library.
%package client-devel
Summary: TURN client development headers.
Group: Development/Libraries
Requires: turnserver-client-libs = %{version}-%{release}
%description client-devel
This package contains the TURN client development headers.
%prep
%setup -q -n %{name}-%{version}
%build
PREFIX=%{_prefix} CONFDIR=%{_sysconfdir}/%{name} EXAMPLESDIR=%{_datadir}/%{name} \
MANPREFIX=%{_datadir} LIBDIR=%{_libdir} MORECMD=cat ./configure
make
%install
rm -rf $RPM_BUILD_ROOT
DESTDIR=$RPM_BUILD_ROOT make install
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
install -m644 rpm/turnserver.sysconfig \
$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/turnserver
%if 0%{?el6}
cat $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/turnserver.conf.default | \
sed s/#syslog/syslog/g | \
sed s/#no-stdout-log/no-stdout-log/g > \
$RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/turnserver.conf
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rc.d/init.d
install -m755 rpm/turnserver.init.el \
$RPM_BUILD_ROOT/%{_sysconfdir}/rc.d/init.d/turnserver
%else
cat $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/turnserver.conf.default | \
sed s/#syslog/syslog/g | \
sed s/#no-stdout-log/no-stdout-log/g | \
sed s/#pidfile/pidfile/g > \
$RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/turnserver.conf
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
install -m755 rpm/turnserver.service.fc \
$RPM_BUILD_ROOT/%{_unitdir}/turnserver.service
%endif
rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/turnserver.conf.default
%clean
rm -rf "$RPM_BUILD_ROOT"
%pre
%{_sbindir}/groupadd -r turnserver 2> /dev/null || :
%{_sbindir}/useradd -r -g turnserver -s /bin/false -c "TURN Server daemon" -d \
%{_datadir}/%{name} turnserver 2> /dev/null || :
%post
%if 0%{?el6}
/sbin/chkconfig --add turnserver
%else
/bin/systemctl --system daemon-reload
%endif
%preun
if [ $1 = 0 ]; then
%if 0%{?el6}
/sbin/service turnserver stop > /dev/null 2>&1
/sbin/chkconfig --del turnserver
%else
/bin/systemctl stop turnserver.service
/bin/systemctl disable turnserver.service 2> /dev/null
%endif
fi
%postun
%if 0%{?fedora}
/bin/systemctl --system daemon-reload
%endif
%files
%defattr(-,root,root)
%{_bindir}/turnserver
%{_bindir}/turnadmin
%{_localstatedir}/db/turndb
%{_mandir}/man1/coturn.1.gz
%{_mandir}/man1/turnserver.1.gz
%{_mandir}/man1/turnadmin.1.gz
%dir %attr(-,turnserver,turnserver) %{_sysconfdir}/%{name}
%config(noreplace) %attr(0644,turnserver,turnserver) %{_sysconfdir}/%{name}/turnserver.conf
%config(noreplace) %{_sysconfdir}/sysconfig/turnserver
%if 0%{?el6}
%config %{_sysconfdir}/rc.d/init.d/turnserver
%else
%config %{_unitdir}/turnserver.service
%endif
%dir %{_docdir}/%{name}
%{_docdir}/%{name}/LICENSE
%{_docdir}/%{name}/INSTALL
%{_docdir}/%{name}/postinstall.txt
%{_docdir}/%{name}/README.turnadmin
%{_docdir}/%{name}/README.turnserver
%{_docdir}/%{name}/schema.sql
%{_docdir}/%{name}/schema.mongo.sh
%{_docdir}/%{name}/schema.stats.redis
%{_docdir}/%{name}/schema.userdb.redis
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/schema.sql
%{_datadir}/%{name}/schema.mongo.sh
%{_datadir}/%{name}/schema.stats.redis
%{_datadir}/%{name}/schema.userdb.redis
%{_datadir}/%{name}/testredisdbsetup.sh
%{_datadir}/%{name}/testmongosetup.sh
%{_datadir}/%{name}/testsqldbsetup.sql
%dir %{_datadir}/%{name}/etc
%{_datadir}/%{name}/etc/turn_server_cert.pem
%{_datadir}/%{name}/etc/turn_server_pkey.pem
%{_datadir}/%{name}/etc/turnserver.conf
%dir %{_datadir}/%{name}/scripts
%{_datadir}/%{name}/scripts/peer.sh
%{_datadir}/%{name}/scripts/readme.txt
%dir %{_datadir}/%{name}/scripts/basic
%{_datadir}/%{name}/scripts/basic/dos_attack.sh
%{_datadir}/%{name}/scripts/basic/relay.sh
%{_datadir}/%{name}/scripts/basic/tcp_client.sh
%{_datadir}/%{name}/scripts/basic/tcp_client_c2c_tcp_relay.sh
%{_datadir}/%{name}/scripts/basic/udp_c2c_client.sh
%{_datadir}/%{name}/scripts/basic/udp_client.sh
%dir %{_datadir}/%{name}/scripts/loadbalance
%{_datadir}/%{name}/scripts/loadbalance/master_relay.sh
%{_datadir}/%{name}/scripts/loadbalance/slave_relay_1.sh
%{_datadir}/%{name}/scripts/loadbalance/slave_relay_2.sh
%{_datadir}/%{name}/scripts/loadbalance/tcp_c2c_tcp_relay.sh
%{_datadir}/%{name}/scripts/loadbalance/udp_c2c.sh
%dir %{_datadir}/%{name}/scripts/longtermsecure
%{_datadir}/%{name}/scripts/longtermsecure/secure_dos_attack.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_dtls_client.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_dtls_client_cert.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_tls_client_cert.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_relay.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_relay_cert.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_tcp_client.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_tcp_client_c2c_tcp_relay.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_tls_client.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_tls_client_c2c_tcp_relay.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_udp_c2c.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_udp_client.sh
%{_datadir}/%{name}/scripts/longtermsecure/secure_sctp_client.sh
%dir %{_datadir}/%{name}/scripts/longtermsecuredb
%{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh
%{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh
%{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh
%{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_psql.sh
%{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_redis.sh
%{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh
%dir %{_datadir}/%{name}/scripts/restapi
%{_datadir}/%{name}/scripts/restapi/secure_relay_secret.sh
%{_datadir}/%{name}/scripts/restapi/secure_relay_secret_with_db_mysql.sh
%{_datadir}/%{name}/scripts/restapi/secure_relay_secret_with_db_psql.sh
%{_datadir}/%{name}/scripts/restapi/secure_relay_secret_with_db_redis.sh
%{_datadir}/%{name}/scripts/restapi/secure_relay_secret_with_db_mongo.sh
%{_datadir}/%{name}/scripts/restapi/secure_relay_secret_with_db_sqlite.sh
%{_datadir}/%{name}/scripts/restapi/secure_udp_client_with_secret.sh
%{_datadir}/%{name}/scripts/restapi/shared_secret_maintainer.pl
%dir %{_datadir}/%{name}/scripts/selfloadbalance
%{_datadir}/%{name}/scripts/selfloadbalance/secure_dos_attack.sh
%{_datadir}/%{name}/scripts/selfloadbalance/secure_relay.sh
%dir %{_datadir}/%{name}/scripts/mobile
%{_datadir}/%{name}/scripts/mobile/mobile_relay.sh
%{_datadir}/%{name}/scripts/mobile/mobile_dtls_client.sh
%{_datadir}/%{name}/scripts/mobile/mobile_tcp_client.sh
%{_datadir}/%{name}/scripts/mobile/mobile_tls_client_c2c_tcp_relay.sh
%{_datadir}/%{name}/scripts/mobile/mobile_udp_client.sh
%files utils
%defattr(-,root,root)
%{_bindir}/turnutils_peer
%{_bindir}/turnutils_stunclient
%{_bindir}/turnutils_uclient
%{_mandir}/man1/turnutils.1.gz
%{_mandir}/man1/turnutils_peer.1.gz
%{_mandir}/man1/turnutils_stunclient.1.gz
%{_mandir}/man1/turnutils_uclient.1.gz
%dir %{_docdir}/%{name}
%{_docdir}/%{name}/LICENSE
%{_docdir}/%{name}/README.turnutils
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/etc
%{_datadir}/%{name}/etc/turn_client_cert.pem
%{_datadir}/%{name}/etc/turn_client_pkey.pem
%files client-libs
%{_docdir}/%{name}/LICENSE
%{_libdir}/libturnclient.a
%files client-devel
%{_docdir}/%{name}/LICENSE
%dir %{_includedir}/turn
%{_includedir}/turn/ns_turn_defs.h
%dir %{_includedir}/turn/client
%{_includedir}/turn/client/ns_turn_ioaddr.h
%{_includedir}/turn/client/ns_turn_msg_addr.h
%{_includedir}/turn/client/ns_turn_msg_defs.h
%{_includedir}/turn/client/ns_turn_msg_defs_experimental.h
%{_includedir}/turn/client/ns_turn_msg.h
%{_includedir}/turn/client/TurnMsgLib.h
%changelog
* Sat Jun 20 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.5.3
* Wed May 29 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.5.2
* Tue Mar 31 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.4.2
* Sun Mar 15 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.4.1
* Sat Feb 28 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.2.3
* Wed Feb 18 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.2.2
* Tue Feb 3 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.2.1
* Sun Feb 1 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.1.2
* Sat Jan 24 2015 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.4.1.1
* Wed Dec 24 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.3.3.1
* Sun Dec 14 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.3.2.2
* Sat Nov 29 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.3.1.3
* Mon Nov 23 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.3.1.2
* Mon Nov 22 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.3.1.1
* Thu Nov 07 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.2.3.1
* Sun Oct 26 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.2.2.2
* Sun Oct 05 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.2.1.2
* Thu Aug 14 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.1.2.1
* Tue Jul 29 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.1.1.1
* Tue Jul 22 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.1.0.2
* Wed Jun 25 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.0.1.4
* Fri Jun 13 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.0.1.3
* Fri Jun 06 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.0.1.2
* Sun May 18 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.0.0.2
* Wed May 07 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.0.0.1
* Wed Apr 30 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 4.0.0.0
* Tue Feb 04 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.2.2.6
* Sat Jan 25 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.2.2.5
* Fri Jan 24 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.2.2.4
* Thu Jan 23 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.2.2.3
* Tue Jan 21 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.2.2.2
* Sat Jan 11 2014 Oleg Moskalenko <mom040267@gmail.com>
- CPU optimization, added to 3.2.2.1
* Mon Jan 06 2014 Oleg Moskalenko <mom040267@gmail.com>
- Linux epoll performance improvements, added to 3.2.1.4
* Mon Jan 06 2014 Oleg Moskalenko <mom040267@gmail.com>
- Telnet client installation added to 3.2.1.3
* Sun Jan 05 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.2.1.2
* Fri Jan 03 2014 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.2.1.1
* Thu Dec 26 2013 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.2.1.0
* Wed Dec 25 2013 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.1.6.0
* Mon Dec 23 2013 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.1.5.3
* Fri Dec 20 2013 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.1.5.1
* Thu Dec 19 2013 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.1.4.2
* Sat Dec 14 2013 Oleg Moskalenko <mom040267@gmail.com>
- Sync to 3.1.3.1
* Wed Dec 11 2013 Oleg Moskalenko <mom040267@gmail.com>
- OpenSSL installation fixed 3.1.2.3
* Tue Dec 10 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 3.1.2.2
* Mon Dec 09 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 3.1.2.1
* Sun Dec 01 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 3.1.1.0
* Sat Nov 30 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 3.0.2.1.
* Thu Nov 28 2013 Oleg Moskalenko <mom040267@gmail.com>
- Config file setting fixed: version 3.0.1.4.
* Wed Nov 27 2013 Oleg Moskalenko <mom040267@gmail.com>
- Config file setting fixed: version 3.0.1.3.
* Mon Nov 25 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 3.0.1.2
* Sun Nov 10 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 3.0.0.0
* Fri Nov 8 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 2.6.7.2
* Thu Nov 7 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 2.6.7.1
* Sun Nov 3 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 2.6.7.0
* Sat Nov 2 2013 Peter Dunkley <peter.dunkley@crocodilertc.net>
- Added Fedora support
* Thu Oct 31 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 2.6.6.2
* Sun Oct 27 2013 Oleg Moskalenko <mom040267@gmail.com>
- Updated to version 2.6.6.1
* Sun Oct 27 2013 Peter Dunkley <peter.dunkley@crocodilertc.net>
- Updated to version 2.6.6.0
* Fri May 3 2013 Peter Dunkley <peter.dunkley@crocodilertc.net>
- First version

5
rpm/turnserver.sysconfig
View File

@ -1,5 +0,0 @@
#
# TURN Server startup options
#
EXTRA_OPTIONS=""

19
rpm/uninstall.turnserver.sh
View File

@ -1,19 +0,0 @@
#!/bin/sh
for i in `rpm -q -a | grep turnserver-utils-`
do
echo $i
sudo rpm -e $i
done
for i in `rpm -q -a | grep turnserver-client-libs-`
do
echo $i
sudo rpm -e $i
done
for i in `rpm -q -a | grep turnserver.*-`
do
echo $i
sudo rpm -e $i
done

1142
src/apps/common/apputils.c
View File

File diff suppressed because it is too large Load Diff

252
src/apps/common/apputils.h
View File

@ -1,252 +0,0 @@
/*
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef __APP_LIB__
#define __APP_LIB__
#include <event2/event.h>
#include <openssl/ssl.h>
#include "ns_turn_ioaddr.h"
#include "ns_turn_msg_defs.h"
#include "ns_turn_ioalib.h"
#ifdef __cplusplus
extern "C" {
#endif
//////////// Common defines ///////////////////////////
#define PEER_DEFAULT_PORT (3480)
#define DTLS_MAX_RECV_TIMEOUT (5)
#define UR_CLIENT_SOCK_BUF_SIZE (65536)
#define UR_SERVER_SOCK_BUF_SIZE (UR_CLIENT_SOCK_BUF_SIZE * 32)
extern int IS_TURN_SERVER;
/* ALPN */
#define OPENSSL_FIRST_ALPN_VERSION (0x10002003L)
#define STUN_ALPN "stun.nat-discovery"
#define TURN_ALPN "stun.turn"
#define HTTP_ALPN "http/1.1"
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
#define ALPN_SUPPORTED 1
#else
#define ALPN_SUPPORTED 0
#endif
/* TLS */
#if defined(TURN_NO_TLS)
#define TLS_SUPPORTED 0
#define TLSv1_1_SUPPORTED 0
#define TLSv1_2_SUPPORTED 0
#else
#define TLS_SUPPORTED 1
#if defined(SSL_OP_NO_TLSv1_1)
#define TLSv1_1_SUPPORTED 1
#else
#define TLSv1_1_SUPPORTED 0
#endif
#if defined(SSL_OP_NO_TLSv1_2)
#define TLSv1_2_SUPPORTED 1
#else
#define TLSv1_2_SUPPORTED 0
#endif
#endif
#if defined(TURN_NO_DTLS) || !defined(DTLS_CTRL_LISTEN)
#define DTLS_SUPPORTED 0
#define DTLSv1_2_SUPPORTED 0
#else
#define DTLS_SUPPORTED 1
#if defined(SSL_OP_NO_DTLSv1_2)
#define DTLSv1_2_SUPPORTED 1
#else
#define DTLSv1_2_SUPPORTED 0
#endif
#endif
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
#define SSL_SESSION_ECDH_AUTO_SUPPORTED 1
#else
#define SSL_SESSION_ECDH_AUTO_SUPPORTED 0
#endif
/////////// SSL //////////////////////////
enum _TURN_TLS_TYPE {
TURN_TLS_NO=0,
TURN_TLS_SSL23,
TURN_TLS_v1_0,
#if TLSv1_1_SUPPORTED
TURN_TLS_v1_1,
#if TLSv1_2_SUPPORTED
TURN_TLS_v1_2,
#endif
#endif
TURN_TLS_TOTAL
};
typedef enum _TURN_TLS_TYPE TURN_TLS_TYPE;
////////////////////////////////////////////
struct _oauth_key_data_raw {
char kid[OAUTH_KID_SIZE+1];
char ikm_key[OAUTH_KEY_SIZE+1];
u64bits timestamp;
u32bits lifetime;
char as_rs_alg[OAUTH_ALG_SIZE+1];
};
typedef struct _oauth_key_data_raw oauth_key_data_raw;
//////////////////////////////////////////
#define EVENT_DEL(ev) if(ev) { event_del(ev); event_free(ev); ev=NULL; }
//////////////////////////////////////////
#define ioa_socket_raw int
///////////////////////// Sockets ///////////////////////////////
#if defined(WIN32)
/** Do the platform-specific call needed to close a socket returned from
socket() or accept(). */
#define socket_closesocket(s) closesocket(s)
#else
/** Do the platform-specific call needed to close a socket returned from
socket() or accept(). */
#define socket_closesocket(s) close(s)
#endif
void read_spare_buffer(evutil_socket_t fd);
int set_sock_buf_size(evutil_socket_t fd, int sz);
int socket_set_reusable(evutil_socket_t fd, int reusable, SOCKET_TYPE st);
int sock_bind_to_device(evutil_socket_t fd, const unsigned char* ifname);
int socket_set_nonblocking(evutil_socket_t fd);
int socket_tcp_set_keepalive(evutil_socket_t fd, SOCKET_TYPE st);
int addr_connect(evutil_socket_t fd, const ioa_addr* addr, int *out_errno);
int addr_bind(evutil_socket_t fd, const ioa_addr* addr, int reusable, int debug, SOCKET_TYPE st);
int addr_get_from_sock(evutil_socket_t fd, ioa_addr *addr);
int handle_socket_error(void);
#define CORRECT_RAW_TTL(ttl) do { if(ttl<0 || ttl>255) ttl=TTL_DEFAULT; } while(0)
#define CORRECT_RAW_TOS(tos) do { if(tos<0 || tos>255) tos=TOS_DEFAULT; } while(0)
int set_raw_socket_tos(evutil_socket_t fd, int family, int tos);
int set_raw_socket_ttl(evutil_socket_t fd, int family, int ttl);
int get_raw_socket_tos(evutil_socket_t fd, int family);
int get_raw_socket_ttl(evutil_socket_t fd, int family);
/////////////////////// SYS /////////////////////
void ignore_sigpipe(void);
unsigned long set_system_parameters(int max_resources);
///////////////////////// MTU //////////////////////////
#define MAX_MTU (1500 - 20 - 8)
#define MIN_MTU (576 - 20 - 8)
#define SOSO_MTU (1300)
#define MTU_STEP (68)
int set_socket_df(evutil_socket_t fd, int family, int value);
int set_mtu_df(SSL* ssl, evutil_socket_t fd, int family, int mtu, int df_value, int verbose);
int decrease_mtu(SSL* ssl, int mtu, int verbose);
int get_socket_mtu(evutil_socket_t fd, int family, int verbose);
////////////////// Misc utils /////////////////////////
char *skip_blanks(char* s);
////////////////// File search ////////////////////////
char* find_config_file(const char *config_file, int print_file_name);
void set_execdir(void);
void print_abs_file_name(const char *msg1, const char *msg2, const char *fn);
////////////////// Base64 /////////////////////////////
char *base64_encode(const unsigned char *data,
size_t input_length,
size_t *output_length);
void build_base64_decoding_table(void);
unsigned char *base64_decode(const char *data,
size_t input_length,
size_t *output_length);
///////////// SSL ////////////////
const char* turn_get_ssl_method(SSL *ssl, const char* mdefault);
////////////// OAUTH UTILS ////////////////
void convert_oauth_key_data_raw(const oauth_key_data_raw *raw, oauth_key_data *oakd);
//////////// Event Base /////////////////////
struct event_base *turn_event_base_new(void);
///////////////////////////////////////////////////////
#ifdef __cplusplus
}
#endif
#endif //__APP_LIB__

385
src/apps/common/hiredis_libevent2.c
View File

@ -1,385 +0,0 @@
/*
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <stdlib.h>
#include <stdarg.h>
#if !defined(TURN_NO_HIREDIS)
#include "hiredis_libevent2.h"
#include "ns_turn_utils.h"
#include <event2/bufferevent.h>
#include <event2/buffer.h>
#include <hiredis/hiredis.h>
#include <hiredis/async.h>
//////////////// Libevent context ///////////////////////
struct redisLibeventEvents
{
redisAsyncContext *context;
int invalid;
int allocated;
struct event_base *base;
struct event *rev, *wev;
int rev_set, wev_set;
char *ip;
int port;
char *pwd;
int db;
};
///////////// Messages ////////////////////////////
struct redis_message
{
char format[513];
char arg[513];
};
/////////////////// forward declarations ///////////////
static void redis_reconnect(struct redisLibeventEvents *e);
//////////////////////////////////////////////////////////
static int redis_le_valid(struct redisLibeventEvents *e)
{
return (e && !(e->invalid) && (e->context));
}
/////////////////// Callbacks ////////////////////////////
static void redisLibeventReadEvent(int fd, short event, void *arg) {
((void)fd); ((void)event);
struct redisLibeventEvents *e = (struct redisLibeventEvents*)arg;
if(redis_le_valid(e)) {
{
char buf[8];
int len = 0;
do {
len = recv(fd,buf,sizeof(buf),MSG_PEEK);
} while((len<0)&&(errno == EINTR));
if(len<1) {
e->invalid = 1;
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Redis connection broken: e=0x%lx\n", __FUNCTION__, ((unsigned long)e));
}
}
if(redis_le_valid(e)) {
redisAsyncHandleRead(e->context);
}
} else {
redis_reconnect(e);
}
}
static void redisLibeventWriteEvent(int fd, short event, void *arg) {
((void)fd); ((void)event);
struct redisLibeventEvents *e = (struct redisLibeventEvents*)arg;
if(redis_le_valid(e)) {
redisAsyncHandleWrite(e->context);
}
}
static void redisLibeventAddRead(void *privdata) {
struct redisLibeventEvents *e = (struct redisLibeventEvents*)privdata;
if(e && (e->rev) && !(e->rev_set)) {
event_add(e->rev,NULL);
e->rev_set = 1;
}
}
static void redisLibeventDelRead(void *privdata) {
struct redisLibeventEvents *e = (struct redisLibeventEvents*)privdata;
if(e && e->rev && e->rev_set) {
event_del(e->rev);
e->rev_set = 0;
}
}
static void redisLibeventAddWrite(void *privdata) {
struct redisLibeventEvents *e = (struct redisLibeventEvents*)privdata;
if(e && (e->wev) && !(e->wev_set)) {
event_add(e->wev,NULL);
e->wev_set = 1;
}
}
static void redisLibeventDelWrite(void *privdata) {
struct redisLibeventEvents *e = (struct redisLibeventEvents*)privdata;
if(e && e->wev && e->wev_set) {
event_del(e->wev);
e->wev_set = 0;
}
}
static void redisLibeventCleanup(void *privdata)
{
if (privdata) {
struct redisLibeventEvents *e = (struct redisLibeventEvents *) privdata;
if (e->allocated) {
if (e->rev) {
if(e->rev_set)
event_del(e->rev);
event_free(e->rev);
e->rev = NULL;
}
e->rev_set = 0;
if (e->wev) {
if(e->wev_set)
event_del(e->wev);
event_free(e->wev);
e->wev = NULL;
}
e->wev_set = 0;
e->context = NULL;
}
}
}
///////////////////////// Send-receive ///////////////////////////
void redis_async_init(void)
{
;
}
int is_redis_asyncconn_good(redis_context_handle rch)
{
if(rch) {
struct redisLibeventEvents *e = (struct redisLibeventEvents*)rch;
if(redis_le_valid(e))
return 1;
}
return 0;
}
void send_message_to_redis(redis_context_handle rch, const char *command, const char *key, const char *format,...)
{
if(!rch) {
return;
} else {
struct redisLibeventEvents *e = (struct redisLibeventEvents*)rch;
if(!redis_le_valid(e)) {
redis_reconnect(e);
}
if(!redis_le_valid(e)) {
;
} else {
redisAsyncContext *ac=e->context;
struct redis_message rm;
snprintf(rm.format,sizeof(rm.format)-3,"%s %s ", command, key);
strcpy(rm.format+strlen(rm.format),"%s");
va_list args;
va_start (args, format);
vsnprintf(rm.arg, sizeof(rm.arg)-1, format, args);
va_end (args);
if((redisAsyncCommand(ac, NULL, e, rm.format, rm.arg)!=REDIS_OK)) {
e->invalid = 1;
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Redis connection broken: ac=0x%lx, e=0x%lx\n", __FUNCTION__,(unsigned long)ac,(unsigned long)e);
}
}
}
}
///////////////////////// Attach /////////////////////////////////
redis_context_handle redisLibeventAttach(struct event_base *base, char *ip0, int port0, char *pwd, int db)
{
struct redisLibeventEvents *e = NULL;
redisAsyncContext *ac = NULL;
char ip[256];
if(ip0 && ip0[0])
STRCPY(ip,ip0);
else
STRCPY(ip,"127.0.0.1");
int port = DEFAULT_REDIS_PORT;
if(port0>0)
port=port0;
ac = redisAsyncConnect(ip, port);
if (!ac) {
fprintf(stderr,"Error: %s:%s\n", ac->errstr, ac->c.errstr);
return NULL;
}
/* Create container for context and r/w events */
e = (struct redisLibeventEvents*)turn_malloc(sizeof(struct redisLibeventEvents));
ns_bzero(e,sizeof(struct redisLibeventEvents));
e->allocated = 1;
e->context = ac;
e->base = base;
e->ip = turn_strdup(ip);
e->port = port;
if(pwd)
e->pwd = turn_strdup(pwd);
e->db = db;
/* Register functions to start/stop listening for events */
ac->ev.addRead = redisLibeventAddRead;
ac->ev.delRead = redisLibeventDelRead;
ac->ev.addWrite = redisLibeventAddWrite;
ac->ev.delWrite = redisLibeventDelWrite;
ac->ev.cleanup = redisLibeventCleanup;
ac->ev.data = e;
/* Initialize and install read/write events */
e->rev = event_new(e->base,e->context->c.fd,
EV_READ|EV_PERSIST,redisLibeventReadEvent,
e);
e->wev = event_new(e->base,e->context->c.fd,
EV_WRITE,redisLibeventWriteEvent,
e);
if (e->rev == NULL || e->wev == NULL) {
turn_free(e, sizeof(struct redisLibeventEvents));
return NULL;
}
event_add(e->wev, NULL);
e->wev_set = 1;
//Authentication
if(redis_le_valid(e) && pwd) {
if(redisAsyncCommand(ac, NULL, e, "AUTH %s", pwd)!=REDIS_OK) {
e->invalid = 1;
}
}
if(redis_le_valid(e)) {
if(redisAsyncCommand(ac, NULL, e, "SELECT %d", db)!=REDIS_OK) {
e->invalid = 1;
}
}
return (redis_context_handle)e;
}
static void redis_reconnect(struct redisLibeventEvents *e)
{
if(!e || !(e->allocated))
return;
if (e->rev) {
if(e->rev_set)
event_del(e->rev);
event_free(e->rev);
e->rev = NULL;
}
e->rev_set = 0;
if (e->wev) {
if(e->wev_set)
event_del(e->wev);
event_free(e->wev);
e->wev = NULL;
}
e->wev_set = 0;
redisAsyncContext *ac = NULL;
if(e->context) {
e->context = NULL;
}
ac = redisAsyncConnect(e->ip, e->port);
if(!ac) {
return;
}
e->context = ac;
/* Register functions to start/stop listening for events */
ac->ev.addRead = redisLibeventAddRead;
ac->ev.delRead = redisLibeventDelRead;
ac->ev.addWrite = redisLibeventAddWrite;
ac->ev.delWrite = redisLibeventDelWrite;
ac->ev.cleanup = redisLibeventCleanup;
ac->ev.data = e;
/* Initialize and install read/write events */
e->rev = event_new(e->base,e->context->c.fd,
EV_READ,redisLibeventReadEvent,
e);
e->wev = event_new(e->base,e->context->c.fd,
EV_WRITE,redisLibeventWriteEvent,
e);
if (e->rev == NULL || e->wev == NULL) {
return;
}
event_add(e->wev, NULL);
e->wev_set = 1;
e->invalid = 0;
//Authentication
if(redis_le_valid(e) && e->pwd) {
if(redisAsyncCommand(ac, NULL, e, "AUTH %s", e->pwd)!=REDIS_OK) {
e->invalid = 1;
}
}
if(redis_le_valid(e)) {
if(redisAsyncCommand(ac, NULL, e, "SELECT %d", e->db)!=REDIS_OK) {
e->invalid = 1;
}
}
if(redis_le_valid(e)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: Re-connected to redis, async\n", __FUNCTION__);
}
}
/////////////////////////////////////////////////////////
#endif
/* TURN_NO_HIREDIS */

67
src/apps/common/hiredis_libevent2.h
View File

@ -1,67 +0,0 @@
/*
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef __HIREDIS_LIBEVENT_H__
#define __HIREDIS_LIBEVENT_H__
#include <event2/event.h>
#ifdef __cplusplus
extern "C" {
#endif
//////////////////////////////////////
#define DEFAULT_REDIS_PORT (6379)
typedef void* redis_context_handle;
//////////////////////////////////////
#if !defined(TURN_NO_HIREDIS)
void redis_async_init(void);
redis_context_handle redisLibeventAttach(struct event_base *base, char *ip, int port, char *pwd, int db);
void send_message_to_redis(redis_context_handle rch, const char *command, const char *key, const char *format,...);
int is_redis_asyncconn_good(redis_context_handle rch);
#endif
/* TURN_NO_HIREDIS */
#ifdef __cplusplus
}
#endif
#endif
/*__HIREDIS_LIBEVENT_H__*/

888
src/apps/common/ns_turn_utils.c
View File

@ -1,888 +0,0 @@
/*
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ns_turn_utils.h"
#include "ns_turn_ioalib.h"
#include "ns_turn_msg_defs.h"
#include <event2/http.h>
#include <time.h>
#include <pthread.h>
#include <syslog.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <signal.h>
////////// LOG TIME OPTIMIZATION ///////////
static volatile turn_time_t log_start_time = 0;
volatile int _log_time_value_set = 0;
volatile turn_time_t _log_time_value = 0;
static inline turn_time_t log_time(void)
{
if(!log_start_time)
log_start_time = turn_time();
if(_log_time_value_set)
return (_log_time_value - log_start_time);
return (turn_time() - log_start_time);
}
////////// MUTEXES /////////////
#define MAGIC_CODE (0xEFCD1983)
int turn_mutex_lock(const turn_mutex *mutex) {
if(mutex && mutex->mutex && (mutex->data == MAGIC_CODE)) {
int ret = 0;
ret = pthread_mutex_lock((pthread_mutex_t*)mutex->mutex);
if(ret<0) {
perror("Mutex lock");
}
return ret;
} else {
printf("Uninitialized mutex\n");
return -1;
}
}
int turn_mutex_unlock(const turn_mutex *mutex) {
if(mutex && mutex->mutex && (mutex->data == MAGIC_CODE)) {
int ret = 0;
ret = pthread_mutex_unlock((pthread_mutex_t*)mutex->mutex);
if(ret<0) {
perror("Mutex unlock");
}
return ret;
} else {
printf("Uninitialized mutex\n");
return -1;
}
}
int turn_mutex_init(turn_mutex* mutex) {
if(mutex) {
mutex->data=MAGIC_CODE;
mutex->mutex=turn_malloc(sizeof(pthread_mutex_t));
pthread_mutex_init((pthread_mutex_t*)mutex->mutex,NULL);
return 0;
} else {
return -1;
}
}
int turn_mutex_init_recursive(turn_mutex* mutex) {
int ret = -1;
if (mutex) {
pthread_mutexattr_t attr;
if (pthread_mutexattr_init(&attr) < 0) {
perror("Cannot init mutex attr");
} else {
if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE) < 0) {
perror("Cannot set type on mutex attr");
} else {
mutex->mutex = turn_malloc(sizeof(pthread_mutex_t));
mutex->data = MAGIC_CODE;
if ((ret = pthread_mutex_init((pthread_mutex_t*) mutex->mutex,
&attr)) < 0) {
perror("Cannot init mutex");
mutex->data = 0;
turn_free(mutex->mutex,sizeof(pthread_mutex_t));
mutex->mutex = NULL;
}
}
pthread_mutexattr_destroy(&attr);
}
}
return ret;
}
int turn_mutex_destroy(turn_mutex* mutex) {
if(mutex && mutex->mutex && mutex->data == MAGIC_CODE) {
int ret = 0;
ret = pthread_mutex_destroy((pthread_mutex_t*)(mutex->mutex));
turn_free(mutex->mutex, sizeof(pthread_mutex_t));
mutex->mutex=NULL;
mutex->data=0;
return ret;
} else {
return 0;
}
}
///////////////////////// LOG ///////////////////////////////////
#if defined(TURN_LOG_FUNC_IMPL)
extern void TURN_LOG_FUNC_IMPL(TURN_LOG_LEVEL level, const s08bits* format, va_list args);
#endif
static int no_stdout_log = 0;
void set_no_stdout_log(int val)
{
no_stdout_log = val;
}
void turn_log_func_default(TURN_LOG_LEVEL level, const s08bits* format, ...)
{
#if !defined(TURN_LOG_FUNC_IMPL)
{
va_list args;
va_start(args,format);
vrtpprintf(level, format, args);
va_end(args);
}
#endif
{
va_list args;
va_start(args,format);
#if defined(TURN_LOG_FUNC_IMPL)
TURN_LOG_FUNC_IMPL(level,format,args);
#else
#define MAX_RTPPRINTF_BUFFER_SIZE (1024)
char s[MAX_RTPPRINTF_BUFFER_SIZE+1];
#undef MAX_RTPPRINTF_BUFFER_SIZE
if (level == TURN_LOG_LEVEL_ERROR) {
snprintf(s,sizeof(s)-100,"%lu: ERROR: ",(unsigned long)log_time());
size_t slen = strlen(s);
vsnprintf(s+slen,sizeof(s)-slen-1,format, args);
fwrite(s,strlen(s),1,stdout);
} else if(!no_stdout_log) {
snprintf(s,sizeof(s)-100,"%lu: ",(unsigned long)log_time());
size_t slen = strlen(s);
vsnprintf(s+slen,sizeof(s)-slen-1,format, args);
fwrite(s,strlen(s),1,stdout);
}
#endif
va_end(args);
}
}
void addr_debug_print(int verbose, const ioa_addr *addr, const s08bits* s)
{
if (verbose) {
if (!addr) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: EMPTY\n", s);
} else {
s08bits addrbuf[INET6_ADDRSTRLEN];
if (!s)
s = "";
if (addr->ss.sa_family == AF_INET) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "IPv4. %s: %s:%d\n", s, inet_ntop(AF_INET,
&addr->s4.sin_addr, addrbuf, INET6_ADDRSTRLEN),
nswap16(addr->s4.sin_port));
} else if (addr->ss.sa_family == AF_INET6) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "IPv6. %s: %s:%d\n", s, inet_ntop(AF_INET6,
&addr->s6.sin6_addr, addrbuf, INET6_ADDRSTRLEN),
nswap16(addr->s6.sin6_port));
} else {
if (addr_any_no_port(addr)) {
TURN_LOG_FUNC(
TURN_LOG_LEVEL_INFO,
"IP. %s: 0.0.0.0:%d\n",
s,
nswap16(addr->s4.sin_port));
} else {
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: wrong IP address family: %d\n", s,
(int) (addr->ss.sa_family));
}
}
}
}
}
/*************************************/
#define FILE_STR_LEN (1025)
static FILE* _rtpfile = NULL;
static int to_syslog = 0;
static int simple_log = 0;
static char log_fn[FILE_STR_LEN]="\0";
static char log_fn_base[FILE_STR_LEN]="\0";
static turn_mutex log_mutex;
static int log_mutex_inited = 0;
static void log_lock(void) {
if(!log_mutex_inited) {
log_mutex_inited=1;
turn_mutex_init_recursive(&log_mutex);
}
turn_mutex_lock(&log_mutex);
}
static void log_unlock(void) {
turn_mutex_unlock(&log_mutex);
}
static void get_date(char *s, size_t sz) {
time_t curtm;
struct tm* tm_info;
curtm = time(NULL);
tm_info = localtime(&curtm);
strftime(s, sz, "%F", tm_info);
}
void set_logfile(const char *fn)
{
if(fn) {
log_lock();
if(strcmp(fn,log_fn_base)) {
reset_rtpprintf();
STRCPY(log_fn_base,fn);
}
log_unlock();
}
}
void reset_rtpprintf(void)
{
log_lock();
if(_rtpfile) {
if(_rtpfile != stdout)
fclose(_rtpfile);
_rtpfile = NULL;
}
log_unlock();
}
#define set_log_file_name(base, f) set_log_file_name_func(base, f, sizeof(f))
static void set_log_file_name_func(char *base, char *f, size_t fsz)
{
if(simple_log) {
strncpy(f,base,fsz);
return;
}
char logdate[125];
char *tail=turn_strdup(".log");
get_date(logdate,sizeof(logdate));
char *base1=turn_strdup(base);
int len=(int)strlen(base1);
--len;
while(len>=0) {
if((base1[len]==' ')||(base1[len]=='\t')) {
base1[len]='_';
}
--len;
}
len=(int)strlen(base1);
while(len>=0) {
if(base1[len]=='/')
break;
else if(base1[len]=='.') {
turn_free(tail,strlen(tail)+1);
tail=turn_strdup(base1+len);
base1[len]=0;
if(strlen(tail)<2) {
turn_free(tail,strlen(tail)+1);
tail = turn_strdup(".log");
}
break;
}
--len;
}
len=(int)strlen(base1);
if(len>0 && (base1[len-1]!='/') && (base1[len-1]!='-') && (base1[len-1]!='_')) {
snprintf(f, FILE_STR_LEN, "%s_%s%s", base1,logdate,tail);
} else {
snprintf(f, FILE_STR_LEN, "%s%s%s", base1,logdate,tail);
}
turn_free(base1,strlen(base1)+1);
turn_free(tail,strlen(tail)+1);
}
static void sighup_callback_handler(int signum)
{
if(signum == SIGHUP) {
printf("%s: resetting the log file\n",__FUNCTION__);
reset_rtpprintf();
}
}
static void set_rtpfile(void)
{
if(to_syslog) {
return;
} else if (!_rtpfile) {
signal(SIGHUP, sighup_callback_handler);
if(log_fn_base[0]) {
if(!strcmp(log_fn_base,"syslog")) {
_rtpfile = stdout;
to_syslog = 1;
} else if(!strcmp(log_fn_base,"stdout")|| !strcmp(log_fn_base,"-")) {
_rtpfile = stdout;
no_stdout_log = 1;
} else {
set_log_file_name(log_fn_base,log_fn);
_rtpfile = fopen(log_fn, "w");
if(_rtpfile)
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", log_fn);
}
if (!_rtpfile) {
fprintf(stderr,"ERROR: Cannot open log file for writing: %s\n",log_fn);
} else {
return;
}
}
}
if(!_rtpfile) {
char logbase[FILE_STR_LEN];
char logtail[FILE_STR_LEN];
char logf[FILE_STR_LEN];
if(simple_log)
snprintf(logtail, FILE_STR_LEN, "turn.log");
else
snprintf(logtail, FILE_STR_LEN, "turn_%d_", (int)getpid());
snprintf(logbase, FILE_STR_LEN, "/var/log/turnserver/%s", logtail);
set_log_file_name(logbase, logf);
_rtpfile = fopen(logf, "w");
if(_rtpfile)
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
else {
snprintf(logbase, FILE_STR_LEN, "/var/log/%s", logtail);
set_log_file_name(logbase, logf);
_rtpfile = fopen(logf, "w");
if(_rtpfile)
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
else {
snprintf(logbase, FILE_STR_LEN, "/var/tmp/%s", logtail);
set_log_file_name(logbase, logf);
_rtpfile = fopen(logf, "w");
if(_rtpfile)
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
else {
snprintf(logbase, FILE_STR_LEN, "/tmp/%s", logtail);
set_log_file_name(logbase, logf);
_rtpfile = fopen(logf, "w");
if(_rtpfile)
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
else {
snprintf(logbase, FILE_STR_LEN, "%s", logtail);
set_log_file_name(logbase, logf);
_rtpfile = fopen(logf, "w");
if(_rtpfile)
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
else {
_rtpfile = stdout;
return;
}
}
}
}
}
STRCPY(log_fn_base,logbase);
STRCPY(log_fn,logf);
}
}
void set_log_to_syslog(int val)
{
to_syslog = val;
}
void set_simple_log(int val)
{
simple_log = val;
}
#define Q(x) #x
#define QUOTE(x) Q(x)
void rollover_logfile(void)
{
if(to_syslog || !(log_fn[0]))
return;
{
FILE *f = fopen(log_fn,"r");
if(!f) {
fprintf(stderr, "log file is damaged\n");
reset_rtpprintf();
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file reopened: %s\n", log_fn);
return;
} else {
fclose(f);
}
}
if(simple_log)
return;
log_lock();
if(_rtpfile && log_fn[0] && (_rtpfile != stdout)) {
char logf[FILE_STR_LEN];
set_log_file_name(log_fn_base,logf);
if(strcmp(log_fn,logf)) {
fclose(_rtpfile);
log_fn[0]=0;
_rtpfile = fopen(logf, "w");
if(_rtpfile) {
STRCPY(log_fn,logf);
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", log_fn);
} else {
_rtpfile = stdout;
}
}
}
log_unlock();
}
static int get_syslog_level(TURN_LOG_LEVEL level)
{
switch(level) {
case TURN_LOG_LEVEL_CONTROL:
return LOG_NOTICE;
case TURN_LOG_LEVEL_WARNING:
return LOG_WARNING;
case TURN_LOG_LEVEL_ERROR:
return LOG_ERR;
default:
;
};
return LOG_INFO;
}
int vrtpprintf(TURN_LOG_LEVEL level, const char *format, va_list args)
{
/* Fix for Issue 24, raised by John Selbie: */
#define MAX_RTPPRINTF_BUFFER_SIZE (1024)
char s[MAX_RTPPRINTF_BUFFER_SIZE+1];
#undef MAX_RTPPRINTF_BUFFER_SIZE
size_t sz;
snprintf(s, sizeof(s), "%lu: ",(unsigned long)log_time());
sz=strlen(s);
vsnprintf(s+sz, sizeof(s)-1-sz, format, args);
s[sizeof(s)-1]=0;
if(to_syslog) {
syslog(get_syslog_level(level),"%s",s);
} else {
log_lock();
set_rtpfile();
if(fprintf(_rtpfile,"%s",s)<0) {
reset_rtpprintf();
} else if(fflush(_rtpfile)<0) {
reset_rtpprintf();
}
log_unlock();
}
return 0;
}
void rtpprintf(const char *format, ...)
{
va_list args;
va_start (args, format);
vrtpprintf(TURN_LOG_LEVEL_INFO, format, args);
va_end (args);
}
///////////// ORIGIN ///////////////////
int get_default_protocol_port(const char* scheme, size_t slen)
{
if(scheme && (slen>0)) {
switch(slen) {
case 3:
if(!memcmp("ftp",scheme,3))
return 21;
if(!memcmp("svn",scheme,3))
return 3690;
if(!memcmp("ssh",scheme,4))
return 22;
if(!memcmp("sip",scheme,3))
return 5060;
break;
case 4:
if(!memcmp("http",scheme,4))
return 80;
if(!memcmp("ldap",scheme,4))
return 389;
if(!memcmp("sips",scheme,4))
return 5061;
if(!memcmp("turn",scheme,4))
return 3478;
if(!memcmp("stun",scheme,4))
return 3478;
break;
case 5:
if(!memcmp("https",scheme,5))
return 443;
if(!memcmp("ldaps",scheme,5))
return 636;
if(!memcmp("turns",scheme,5))
return 5349;
if(!memcmp("stuns",scheme,5))
return 5349;
break;
case 6:
if(!memcmp("telnet",scheme,6))
return 23;
if(!memcmp("radius",scheme,6))
return 1645;
break;
case 7:
if(!memcmp("svn+ssh",scheme,7))
return 22;
break;
default:
return 0;
};
}
return 0;
}
int get_canonic_origin(const char* o, char *co, int sz)
{
int ret = -1;
if(o && o[0] && co) {
co[0]=0;
struct evhttp_uri *uri = evhttp_uri_parse(o);
if(uri) {
const char *scheme = evhttp_uri_get_scheme(uri);
if(scheme && scheme[0]) {
size_t schlen = strlen(scheme);
if((schlen<(size_t)sz) && (schlen<STUN_MAX_ORIGIN_SIZE)) {
const char *host = evhttp_uri_get_host(uri);
if(host && host[0]) {
char otmp[STUN_MAX_ORIGIN_SIZE+STUN_MAX_ORIGIN_SIZE];
ns_bcopy(scheme,otmp,schlen);
otmp[schlen]=0;
{
unsigned char *s = (unsigned char*)otmp;
while(*s) {
*s = (unsigned char)tolower((int)*s);
++s;
}
}
int port = evhttp_uri_get_port(uri);
if(port<1) {
port = get_default_protocol_port(otmp, schlen);
}
if(port>0)
snprintf(otmp+schlen,sizeof(otmp)-schlen-1,"://%s:%d",host,port);
else
snprintf(otmp+schlen,sizeof(otmp)-schlen-1,"://%s",host);
{
unsigned char *s = (unsigned char*)otmp + schlen + 3;
while(*s) {
*s = (unsigned char)tolower((int)*s);
++s;
}
}
strncpy(co,otmp,sz);
co[sz]=0;
ret = 0;
}
}
}
evhttp_uri_free(uri);
}
}
if(ret<0) {
strncpy(co,o,sz);
co[sz]=0;
}
return ret;
}
//////////////////////////////////////////////////////////////////
#ifdef __cplusplus
#if defined(TURN_MEMORY_DEBUG)
#include <map>
#include <set>
#include <string>
static volatile int tmm_init = 0;
static pthread_mutex_t tm;
typedef void* ptrtype;
typedef std::set<ptrtype> ptrs_t;
typedef std::map<std::string,ptrs_t> str_to_ptrs_t;
typedef std::map<ptrtype,std::string> ptr_to_str_t;
static str_to_ptrs_t str_to_ptrs;
static ptr_to_str_t ptr_to_str;
static void tm_init(void) {
if(!tmm_init) {
pthread_mutex_init(&tm,NULL);
tmm_init = 1;
}
}
static void add_tm_ptr(void *ptr, const char *id) {
UNUSED_ARG(ptr);
UNUSED_ARG(id);
if(!ptr)
return;
std::string sid(id);
str_to_ptrs_t::iterator iter;
pthread_mutex_lock(&tm);
iter = str_to_ptrs.find(sid);
if(iter == str_to_ptrs.end()) {
std::set<ptrtype> sp;
sp.insert(ptr);
str_to_ptrs[sid]=sp;
} else {
iter->second.insert(ptr);
}
ptr_to_str[ptr]=sid;
pthread_mutex_unlock(&tm);
}
static void del_tm_ptr(void *ptr, const char *id) {
UNUSED_ARG(ptr);
UNUSED_ARG(id);
if(!ptr)
return;
pthread_mutex_lock(&tm);
ptr_to_str_t::iterator pts_iter = ptr_to_str.find(ptr);
if(pts_iter == ptr_to_str.end()) {
printf("Tring to free unknown pointer (1): %s\n",id);
} else {
std::string sid = pts_iter->second;
ptr_to_str.erase(pts_iter);
str_to_ptrs_t::iterator iter = str_to_ptrs.find(sid);
if(iter == str_to_ptrs.end()) {
printf("Tring to free unknown pointer (2): %s\n",id);
} else {
iter->second.erase(ptr);
}
}
pthread_mutex_unlock(&tm);
}
static void tm_id(char *id, const char* function, int line) {
sprintf(id,"%s:%d",function,line);
}
#define TM_START() char id[128];tm_id(id,function,line);tm_init()
extern "C" void* debug_ptr_add_func(void *ptr, const char* function, int line) {
TM_START();
add_tm_ptr(ptr,id);
return ptr;
}
extern "C" void debug_ptr_del_func(void *ptr, const char* function, int line) {
TM_START();
del_tm_ptr(ptr,id);
}
extern "C" void tm_print_func(void);
void tm_print_func(void) {
pthread_mutex_lock(&tm);
printf("=============================================\n");
for(str_to_ptrs_t::const_iterator iter=str_to_ptrs.begin();iter != str_to_ptrs.end();++iter) {
if(iter->second.size())
printf("%s: %s: %d\n",__FUNCTION__,iter->first.c_str(),(int)(iter->second.size()));
}
printf("=============================================\n");
pthread_mutex_unlock(&tm);
}
extern "C" void *turn_malloc_func(size_t sz, const char* function, int line);
void *turn_malloc_func(size_t sz, const char* function, int line) {
TM_START();
void *ptr = malloc(sz);
add_tm_ptr(ptr,id);
return ptr;
}
extern "C" void *turn_realloc_func(void *ptr, size_t old_sz, size_t new_sz, const char* function, int line);
void *turn_realloc_func(void *ptr, size_t old_sz, size_t new_sz, const char* function, int line) {
UNUSED_ARG(old_sz);
TM_START();
if(ptr)
del_tm_ptr(ptr,id);
ptr = realloc(ptr,new_sz);
add_tm_ptr(ptr,id);
return ptr;
}
extern "C" void turn_free_func(void *ptr, size_t sz, const char* function, int line);
void turn_free_func(void *ptr, size_t sz, const char* function, int line) {
UNUSED_ARG(sz);
TM_START();
del_tm_ptr(ptr,id);
free(ptr);
}
extern "C" void turn_free_simple(void *ptr);
void turn_free_simple(void *ptr) {
tm_init();
del_tm_ptr(ptr,__FUNCTION__);
free(ptr);
}
extern "C" void *turn_calloc_func(size_t number, size_t size, const char* function, int line);
void *turn_calloc_func(size_t number, size_t size, const char* function, int line) {
TM_START();
void *ptr = calloc(number,size);
add_tm_ptr(ptr,id);
return ptr;
}
extern "C" char *turn_strdup_func(const char* s, const char* function, int line);
char *turn_strdup_func(const char* s, const char* function, int line) {
TM_START();
char *ptr = strdup(s);
add_tm_ptr(ptr,id);
return ptr;
}
#endif
#endif
////////////////////////////////
int is_secure_username(const u08bits *username)
{
int ret = 0;
if(username) {
unsigned char *s0 = (unsigned char*)turn_strdup((const char*)username);
unsigned char *s = s0;
while(*s) {
*s = (unsigned char)tolower((int)*s);
++s;
}
s = s0;
if(strstr((char*)s," ")||strstr((char*)s,"\t")||strstr((char*)s,"'")||strstr((char*)s,"\"")||strstr((char*)s,"\n")||strstr((char*)s,"\r")||strstr((char*)s,"\\")) {
;
} else if(strstr((char*)s,"union")&&strstr((char*)s,"select")) {
;
} else {
ret = 1;
}
turn_free(s,strlen((char*)s));
}
return ret;
}
//////////////////////////////////////////////////////////////////

89
src/apps/common/ns_turn_utils.h
View File

@ -1,89 +0,0 @@
/*
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef __TURN_ULIB__
#define __TURN_ULIB__
#if !defined(TURN_LOG_FUNC)
//#define TURN_LOG_FUNC(level, ...) printf (__VA_ARGS__)
#define TURN_LOG_FUNC turn_log_func_default
#endif
#include "ns_turn_ioaddr.h"
#ifdef __cplusplus
extern "C" {
#endif
//////////////////////// LOG //////////////////////////
typedef enum {
TURN_LOG_LEVEL_INFO = 0,
TURN_LOG_LEVEL_CONTROL,
TURN_LOG_LEVEL_WARNING,
TURN_LOG_LEVEL_ERROR
} TURN_LOG_LEVEL;
#define TURN_VERBOSE_NONE (0)
#define TURN_VERBOSE_NORMAL (1)
#define TURN_VERBOSE_EXTRA (2)
#define eve(v) ((v)==TURN_VERBOSE_EXTRA)
void set_no_stdout_log(int val);
void set_log_to_syslog(int val);
void set_simple_log(int val);
void turn_log_func_default(TURN_LOG_LEVEL level, const s08bits* format, ...);
void addr_debug_print(int verbose, const ioa_addr *addr, const s08bits* s);
/* Log */
extern volatile int _log_time_value_set;
extern volatile turn_time_t _log_time_value;
void rtpprintf(const char *format, ...);
int vrtpprintf(TURN_LOG_LEVEL level, const char *format, va_list args);
void reset_rtpprintf(void);
void set_logfile(const char *fn);
void rollover_logfile(void);
///////////////////////////////////////////////////////
int is_secure_username(const u08bits *username);
///////////////////////////////////////////////////////
#ifdef __cplusplus
}
#endif
#endif //__TURN_ULIB__

253
src/apps/common/stun_buffer.c
View File

@ -1,253 +0,0 @@
/*
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "stun_buffer.h"
////////////////////// BUFFERS ///////////////////////////
int stun_init_buffer(stun_buffer *buf) {
if(!buf) return -1;
ns_bzero(buf->buf,sizeof(buf->buf));
buf->len=0;
buf->offset=0;
buf->coffset=0;
return 0;
}
int stun_get_size(const stun_buffer *buf) {
if(!buf) return 0;
return sizeof(buf->buf);
}
////////////////////////////////////////////////////////////
void stun_tid_from_message(const stun_buffer *buf, stun_tid* id) {
stun_tid_from_message_str(buf->buf,(size_t)(buf->len), id);
}
void stun_tid_generate_in_message(stun_buffer* buf, stun_tid* id) {
if(buf) {
stun_tid_generate_in_message_str(buf->buf, id);
}
}
////////////////////////////////////////////////////////
static inline int is_channel_msg(const stun_buffer* buf) {
if(buf && buf->len>0) {
return is_channel_msg_str(buf->buf, (size_t)(buf->len));
}
return 0;
}
int stun_is_command_message(const stun_buffer* buf) {
if(!buf || buf->len<=0)
return 0;
else
return stun_is_command_message_str(buf->buf,(size_t)(buf->len));
}
int stun_is_request(const stun_buffer* buf) {
return stun_is_request_str(buf->buf,(size_t)buf->len);
}
int stun_is_success_response(const stun_buffer* buf) {
return stun_is_success_response_str(buf->buf, (size_t)(buf->len));
}
int stun_is_error_response(const stun_buffer* buf, int *err_code, u08bits *err_msg, size_t err_msg_size) {
return stun_is_error_response_str(buf->buf, (size_t)(buf->len), err_code, err_msg, err_msg_size);
}
int stun_is_response(const stun_buffer* buf) {
return stun_is_response_str(buf->buf,(size_t)(buf->len));
}
int stun_is_indication(const stun_buffer* buf) {
if(is_channel_msg(buf)) return 0;
return IS_STUN_INDICATION(stun_get_msg_type(buf));
}
u16bits stun_get_method(const stun_buffer* buf) {
return stun_get_method_str(buf->buf, (size_t)(buf->len));
}
u16bits stun_get_msg_type(const stun_buffer* buf) {
if(!buf) return (u16bits)-1;
return stun_get_msg_type_str(buf->buf,(size_t)buf->len);
}
////////////////////////////////////////////////////////////
static void stun_init_command(u16bits message_type, stun_buffer* buf) {
buf->len=stun_get_size(buf);
stun_init_command_str(message_type, buf->buf, (size_t*)(&(buf->len)));
}
void stun_init_request(u16bits method, stun_buffer* buf) {
stun_init_command(stun_make_request(method), buf);
}
void stun_init_indication(u16bits method, stun_buffer* buf) {
stun_init_command(stun_make_indication(method), buf);
}
void stun_init_success_response(u16bits method, stun_buffer* buf, stun_tid* id) {
buf->len=stun_get_size(buf);
stun_init_success_response_str(method, buf->buf, (size_t*)(&(buf->len)), id);
}
void stun_init_error_response(u16bits method, stun_buffer* buf, u16bits error_code, const u08bits *reason, stun_tid* id) {
buf->len=stun_get_size(buf);
stun_init_error_response_str(method, buf->buf, (size_t*)(&(buf->len)), error_code, reason, id);
}
///////////////////////////////////////////////////////////////////////////////
int stun_get_command_message_len(const stun_buffer* buf) {
return stun_get_command_message_len_str(buf->buf, (size_t)(buf->len));
}
///////////////////////////////////////////////////////////////////////////////
int stun_init_channel_message(u16bits chnumber, stun_buffer* buf, int length, int do_padding) {
return stun_init_channel_message_str(chnumber, buf->buf, (size_t*)(&(buf->len)), length, do_padding);
}
int stun_is_channel_message(stun_buffer* buf, u16bits* chnumber, int is_padding_mandatory) {
if(!buf) return 0;
size_t blen = (size_t)buf->len;
int ret = stun_is_channel_message_str(buf->buf, &blen, chnumber, is_padding_mandatory);
if(ret) {
buf->len=(ssize_t)blen;
}
return ret;
}
///////////////////////////////////////////////////////////////////////////////
int stun_set_allocate_request(stun_buffer* buf, u32bits lifetime, int af4, int af6, u08bits transport, int mobile, const char *rt, int ep) {
return stun_set_allocate_request_str(buf->buf, (size_t*)(&(buf->len)), lifetime, af4, af6, transport, mobile, rt, ep);
}
int stun_set_allocate_response(stun_buffer* buf, stun_tid* tid,
const ioa_addr *relayed_addr1, const ioa_addr *relayed_addr2,
const ioa_addr *reflexive_addr,
u32bits lifetime, int error_code, const u08bits *reason,
u64bits reservation_token, char *mobile_id) {
return stun_set_allocate_response_str(buf->buf, (size_t*)(&(buf->len)), tid,
relayed_addr1, relayed_addr2, reflexive_addr,
lifetime, error_code, reason,
reservation_token, mobile_id);
}
///////////////////////////////////////////////////////////////////////////////
u16bits stun_set_channel_bind_request(stun_buffer* buf,
const ioa_addr* peer_addr, u16bits channel_number) {
return stun_set_channel_bind_request_str(buf->buf,(size_t*)(&(buf->len)), peer_addr, channel_number);
}
void stun_set_channel_bind_response(stun_buffer* buf, stun_tid* tid, int error_code, const u08bits *reason) {
stun_set_channel_bind_response_str(buf->buf, (size_t*)(&(buf->len)), tid, error_code, reason);
}
////////////////////////////////////////////////////////////////
stun_attr_ref stun_attr_get_first(const stun_buffer* buf) {
return stun_attr_get_first_str(buf->buf, (size_t)(buf->len));
}
stun_attr_ref stun_attr_get_next(const stun_buffer* buf, stun_attr_ref prev) {
return stun_attr_get_next_str(buf->buf, (size_t)(buf->len), prev);
}
int stun_attr_add(stun_buffer* buf, u16bits attr, const s08bits* avalue, int alen) {
return stun_attr_add_str(buf->buf, (size_t*)(&(buf->len)), attr, (const u08bits *)avalue, alen);
}
int stun_attr_add_channel_number(stun_buffer* buf, u16bits chnumber) {
return stun_attr_add_channel_number_str(buf->buf, (size_t *)(&(buf->len)), chnumber);
}
int stun_attr_add_addr(stun_buffer *buf,u16bits attr_type, const ioa_addr* ca) {
return stun_attr_add_addr_str(buf->buf,(size_t*)(&(buf->len)), attr_type, ca);
}
int stun_attr_get_addr(const stun_buffer *buf, stun_attr_ref attr, ioa_addr* ca,
const ioa_addr *default_addr) {
return stun_attr_get_addr_str(buf->buf, (size_t)(buf->len), attr, ca, default_addr);
}
int stun_attr_get_first_addr(const stun_buffer *buf, u16bits attr_type, ioa_addr* ca,
const ioa_addr *default_addr) {
return stun_attr_get_first_addr_str(buf->buf, (size_t)(buf->len), attr_type, ca, default_addr);
}
int stun_attr_add_even_port(stun_buffer* buf, uint8_t value) {
if(value) value=0x80;
return stun_attr_add(buf,STUN_ATTRIBUTE_EVEN_PORT,(const s08bits*)&value,1);
}
u16bits stun_attr_get_first_channel_number(const stun_buffer *buf) {
return stun_attr_get_first_channel_number_str(buf->buf, (size_t)(buf->len));
}
stun_attr_ref stun_attr_get_first_by_type(const stun_buffer* buf, u16bits attr_type) {
return stun_attr_get_first_by_type_str(buf->buf, (size_t)(buf->len), attr_type);
}
///////////////////////////////////////////////////////////////////////////////
void stun_set_binding_request(stun_buffer* buf) {
stun_set_binding_request_str(buf->buf, (size_t*)(&(buf->len)));
}
int stun_set_binding_response(stun_buffer* buf, stun_tid* tid,
const ioa_addr *reflexive_addr, int error_code, const u08bits *reason) {
return stun_set_binding_response_str(buf->buf, (size_t*)(&(buf->len)), tid,
reflexive_addr, error_code, reason,
0,0);
}
void stun_prepare_binding_request(stun_buffer* buf) {
stun_set_binding_request_str(buf->buf, (size_t*)(&(buf->len)));
}
int stun_is_binding_response(const stun_buffer* buf) {
return stun_is_binding_response_str(buf->buf, (size_t)(buf->len));
}
///////////////////////////////////////////////////////

132
src/apps/common/stun_buffer.h
View File

@ -1,132 +0,0 @@
/*
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef __TURN_STUN_BUF__
#define __TURN_STUN_BUF__
#include "ns_turn_msg.h"
#ifdef __cplusplus
extern "C" {
#endif
///////////////////////////////////////////////////////////////
typedef struct _stun_buffer {
u08bits channel[STUN_CHANNEL_HEADER_LENGTH];
u08bits buf[STUN_BUFFER_SIZE];
size_t len;
u16bits offset;
u08bits coffset;
} stun_buffer;
//////////////////////////////////////////////////////////////
int stun_init_buffer(stun_buffer *buf);
int stun_get_size(const stun_buffer *buf);
//////////////////////////////////////////////////////////////
void stun_tid_generate_in_message(stun_buffer* buf, stun_tid* id);
void stun_tid_from_message(const stun_buffer *buf, stun_tid* id);
///////////////////////////////////////////////////////////////
int stun_is_command_message(const stun_buffer* buf);
int stun_is_request(const stun_buffer* buf);
int stun_is_response(const stun_buffer* buf);
int stun_is_success_response(const stun_buffer* buf);
int stun_is_error_response(const stun_buffer* buf, int *err_code, u08bits *err_msg, size_t err_msg_size);
int stun_is_indication(const stun_buffer* buf);
u16bits stun_get_method(const stun_buffer* buf);
u16bits stun_get_msg_type(const stun_buffer* buf);
///////////////////////////////////////////////////////////////
void stun_init_request(u16bits method, stun_buffer* buf);
void stun_init_indication(u16bits method, stun_buffer* buf);
void stun_init_success_response(u16bits method, stun_buffer* buf, stun_tid* id);
void stun_init_error_response(u16bits method, stun_buffer* buf, u16bits error_code, const u08bits *reason, stun_tid* id);
///////////////////////////////////////////////////////////////
int stun_attr_add(stun_buffer* buf, u16bits attr, const s08bits* avalue, int alen);
int stun_attr_add_channel_number(stun_buffer* buf, u16bits chnumber);
int stun_attr_add_addr(stun_buffer *buf,u16bits attr_type, const ioa_addr* ca);
stun_attr_ref stun_attr_get_first(const stun_buffer* buf);
stun_attr_ref stun_attr_get_first_by_type(const stun_buffer* buf, u16bits attr_type);
stun_attr_ref stun_attr_get_next(const stun_buffer* buf, stun_attr_ref prev);
int stun_attr_get_addr(const stun_buffer *buf, stun_attr_ref attr, ioa_addr* ca, const ioa_addr *default_addr);
int stun_attr_add_even_port(stun_buffer* buf, uint8_t value);
int stun_attr_get_first_addr(const stun_buffer *buf, u16bits attr_type, ioa_addr* ca, const ioa_addr *default_addr);
u16bits stun_attr_get_first_channel_number(const stun_buffer *buf);
///////////////////////////////////////////////////////////////
int stun_get_command_message_len(const stun_buffer* buf);
///////////////////////////////////////////////////////////////
int stun_init_channel_message(u16bits chnumber, stun_buffer* buf, int length, int do_padding);
int stun_is_channel_message(stun_buffer* buf, u16bits* chnumber, int is_padding_madatory);
///////////////////////////////////////////////////////////////
int stun_set_allocate_request(stun_buffer* buf, u32bits lifetime, int af4, int af6, u08bits transport, int mobile, const char* rt, int ep);
int stun_set_allocate_response(stun_buffer* buf, stun_tid* tid,
const ioa_addr *relayed_addr1, const ioa_addr *relayed_addr2,
const ioa_addr *reflexive_addr,
u32bits lifetime,
int error_code, const u08bits *reason,
u64bits reservation_token, char *mobile_id);
///////////////////////////////////////////////////////////////
void stun_set_binding_request(stun_buffer* buf);
int stun_set_binding_response(stun_buffer* buf, stun_tid* tid,
const ioa_addr *reflexive_addr, int error_code, const u08bits *reason);
void stun_prepare_binding_request(stun_buffer* buf);
int stun_is_binding_response(const stun_buffer* buf);
///////////////////////////////////////////////////////////////
u16bits stun_set_channel_bind_request(stun_buffer* buf, const ioa_addr* peer_addr, u16bits channel_number);
void stun_set_channel_bind_response(stun_buffer* buf, stun_tid* tid, int error_code, const u08bits *reason);
///////////////////////////////////////////////////////////////
#ifdef __cplusplus
}
#endif
#endif //__TURN_STUN_BUF__

102
src/apps/peer/mainudpserver.c
View File

@ -1,102 +0,0 @@
/*
* Copyright (C) 2011, 2012, 2013 Citrix Systems
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ns_turn_utils.h"
#include "udpserver.h"
#include "apputils.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
//////////////// local definitions /////////////////
static char Usage[] =
"Usage: server [options]\n"
"Options:\n"
" -p Listening UDP port (Default: 3480)\n"
" -d Listening interface device (optional)\n"
" -L Listening address\n"
" -v verbose\n";
//////////////////////////////////////////////////
int main(int argc, char **argv)
{
int port = PEER_DEFAULT_PORT;
char **local_addr_list=NULL;
size_t las = 0;
int verbose = TURN_VERBOSE_NONE;
int c;
char ifname[1025] = "\0";
IS_TURN_SERVER = 1;
set_logfile("stdout");
set_system_parameters(0);
while ((c = getopt(argc, argv, "d:p:L:v")) != -1)
switch (c){
case 'd':
STRCPY(ifname, optarg);
break;
case 'p':
port = atoi(optarg);
break;
case 'L':
local_addr_list = (char**)realloc(local_addr_list,++las*sizeof(char*));
local_addr_list[las-1]=strdup(optarg);
break;
case 'v':
verbose = TURN_VERBOSE_NORMAL;
break;
default:
fprintf(stderr, "%s\n", Usage);
exit(1);
}
if(las<1) {
local_addr_list = (char**)realloc(local_addr_list,++las*sizeof(char*));
local_addr_list[las-1]=strdup("0.0.0.0");
local_addr_list = (char**)realloc(local_addr_list,++las*sizeof(char*));
local_addr_list[las-1]=strdup("::");
}
server_type* server = start_udp_server(verbose, ifname, local_addr_list, las, port);
run_udp_server(server);
clean_udp_server(server);
return 0;
}

Some files were not shown because too many files have changed in this diff Show More