diff --git a/ChangeLog b/ChangeLog index 5669869a..ea7d4d43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,7 @@ Version 4.5.0.8 'dan Eider': list all phony targets - fix typo PR#253 (by Orsiris de Jong) - Fix WebRTC client IPv6 stuck connection. (issue #217) - THX toq damencho, vol4iniche + THX to damencho, vol4iniche - Spelling fixes. - Add a warning if --lt-cred-mech and --use-auth-secret both presents. - Revert "Add the realm parameter in the example config file (by Domenico)" @@ -23,6 +23,8 @@ Version 4.5.0.8 'dan Eider': - Add a Warning if lines in config file ends with semicolon (by heyheyjc) - Fix --prod pointer bug - Fix auth server thread detach race (by weishuyin) + - New Feature: Add -K --keep-address-family + Be aware if you enable it, then it breaks rfc6156 section-4.2 (default IPv4 family) 12/10/2017 Oleg Moskalenko Version 4.5.0.7 'dan Eider': diff --git a/README.turnserver b/README.turnserver index dbcd3db2..3d6a28d9 100644 --- a/README.turnserver +++ b/README.turnserver @@ -532,7 +532,11 @@ Options with values: --proc-group Group name to run the process. After the initialization, the turnserver process will make an attempt to change the current group ID to that group. - + +-K, --keep-address-family TURN server allocates address family according TURN + Client <=> Server communication address family. + !! It breaks RFC6156 section-4.2 (violates default IPv4) !! + --cli-ip Local system IP address to be used for CLI management interface. The turnserver process can be accessed for management with telnet, at this IP address and on the CLI port (see the next parameter). diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index 1623adde..8835d4af 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -612,6 +612,15 @@ # #mobility +# Allocate Address Family according +# If enabled then TURN server allocates address family according the TURN +# Client <=> Server communication address family. +# (By default coTURN works according RFC 6156.) +# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!! +# +#keep-address-family + + # User name to run the process. After the initialization, the turnserver process # will make an attempt to change the current user ID to that user. # diff --git a/man/man1/turnadmin.1 b/man/man1/turnadmin.1 index 3a0148d5..9bba5666 100644 --- a/man/man1/turnadmin.1 +++ b/man/man1/turnadmin.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "15 August 2018" "" "" +.TH TURN 1 "06 September 2018" "" "" .SH GENERAL INFORMATION \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index 35c1bed7..69a6b833 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "15 August 2018" "" "" +.TH TURN 1 "06 September 2018" "" "" .SH GENERAL INFORMATION The \fBTURN Server\fP project contains the source code of a TURN server and TURN client @@ -768,6 +768,12 @@ Group name to run the process. After the initialization, the \fIturnserver\fP pr will make an attempt to change the current group ID to that group. .TP .B +\fB\-K\fP, \fB\-\-keep\-address\-family\fP +TURN server allocates address family according TURN +Client <=> Server communication address family. +!! It breaks RFC6156 section\-4.2 (violates default IPv4) !! +.TP +.B \fB\-\-cli\-ip\fP Local system IP address to be used for CLI management interface. The \fIturnserver\fP process can be accessed for management with telnet, diff --git a/man/man1/turnutils.1 b/man/man1/turnutils.1 index 7d7f1ff8..cc59beb9 100644 --- a/man/man1/turnutils.1 +++ b/man/man1/turnutils.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "15 August 2018" "" "" +.TH TURN 1 "06 September 2018" "" "" .SH GENERAL INFORMATION A set of turnutils_* programs provides some utility functionality to be used diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index b00b8b37..fa14814b 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -155,7 +155,8 @@ DEFAULT_CPUS_NUMBER, ///////// Encryption ///////// "", /* secret_key_file */ "", /* secret_key */ -0 /* allow_encoding */ +0, /* allow_encoding */ +0 /* keep_address_family */ }; //////////////// OpenSSL Init ////////////////////// @@ -616,6 +617,9 @@ static char Usage[] = "Usage: turnserver [options]\n" " will make an attempt to change the current group ID to that group.\n" " --mobility Mobility with ICE (MICE) specs support.\n" " --no-http Turn OFF the HTTP-Admin-Interface. By default it is always ON.\n" +" -K, --keep-address-family TURN server allocates address family according TURN\n" +" Client <=> Server communication address family. \n" +" !! It breaks RFC6156 section-4.2 (violates default IPv4) !!\n" " --no-cli Turn OFF the CLI support. By default it is always ON.\n" " --cli-ip= Local system IP address to be used for CLI server endpoint. Default value\n" " is 127.0.0.1.\n" @@ -696,7 +700,7 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n" " Setting to zero value means removal of the option.\n" " -h, --help Help\n"; -#define OPTIONS "c:d:p:L:E:X:i:m:l:r:u:b:B:e:M:J:N:O:q:Q:s:C:vVofhznaAS" +#define OPTIONS "c:d:p:L:E:X:i:m:l:r:u:b:B:e:M:J:N:O:q:Q:s:C:K:vVofhznaAS" #define ADMIN_OPTIONS "PEgGORIHKYlLkaADSdb:e:M:J:N:u:r:p:s:X:o:h:x:v:f:" @@ -889,6 +893,7 @@ static const struct myoption long_options[] = { { "no-tlsv1_2", optional_argument, NULL, NO_TLSV1_2_OPT }, { "secret-key-file", required_argument, NULL, SECRET_KEY_OPT }, { "allow-encoding-with-aes", required_argument, NULL, ALLOW_ENCODING_OPT}, + { "keep-address-family", optional_argument, NULL, 'K' }, { NULL, no_argument, NULL, 0 } }; @@ -1104,6 +1109,9 @@ static void set_option(int c, char *value) } switch (c) { + case 'K': + turn_params.keep_address_family = get_bool_value(value); + break; case SERVER_NAME_OPT: STRCPY(turn_params.oauth_server_name,value); break; diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 406bea89..0a23e232 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -318,6 +318,7 @@ typedef struct _turn_params_ { char secret_key_file[1025]; unsigned char secret_key[1025]; int allow_encoding; + int keep_address_family; } turn_params_t; diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c index fb83292a..bf0eecf8 100644 --- a/src/apps/relay/netengine.c +++ b/src/apps/relay/netengine.c @@ -1667,7 +1667,10 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int send_turn_session_info, send_https_socket, allocate_bps, - turn_params.oauth, turn_params.oauth_server_name, use_http); + turn_params.oauth, + turn_params.oauth_server_name, + use_http, + turn_params.keep_address_family); if(to_set_rfc5780) { set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client); diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c index d7b3bac1..008a5e40 100644 --- a/src/server/ns_turn_server.c +++ b/src/server/ns_turn_server.c @@ -1260,13 +1260,25 @@ static int handle_turn_allocate(turn_turnserver *server, if(!(*err_code)) { if(!af4 && !af6) { int a_family = STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_DEFAULT; - if(get_ioa_socket_address_family(ss->client_socket) == AF_INET6) - a_family = STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV6; + if (server->keep_address_family) { + switch(get_ioa_socket_address_family(ss->client_socket)) { + case AF_INET6 : + a_family = STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV6; + break; + case AF_INET : + a_family = STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV4; + break; + } + if(get_ioa_socket_address_family(ss->client_socket) == AF_INET6) + a_family = STUN_ATTRIBUTE_REQUESTED_ADDRESS_FAMILY_VALUE_IPV6; + } + int res = create_relay_connection(server, ss, lifetime, - a_family, transport, - even_port, in_reservation_token, &out_reservation_token, - err_code, reason, - tcp_peer_accept_connection); + a_family, transport, + even_port, in_reservation_token, &out_reservation_token, + err_code, reason, + tcp_peer_accept_connection); + if(res<0) { set_relay_session_failure(alloc,AF_INET); if(!(*err_code)) { @@ -4839,7 +4851,10 @@ void init_turn_server(turn_turnserver* server, send_turn_session_info_cb send_turn_session_info, send_https_socket_cb send_https_socket, allocate_bps_cb allocate_bps_func, - int oauth, const char* oauth_server_name, int use_http) { + int oauth, + const char* oauth_server_name, + int use_http, + int keep_address_family) { if (!server) return; @@ -4908,6 +4923,8 @@ void init_turn_server(turn_turnserver* server, server->use_http = use_http; + server->keep_address_family = keep_address_family; + set_ioa_timer(server->e, 1, 0, timer_timeout_handler, server, 1, "timer_timeout_handler"); } diff --git a/src/server/ns_turn_server.h b/src/server/ns_turn_server.h index 4c419421..1f21d3f6 100644 --- a/src/server/ns_turn_server.h +++ b/src/server/ns_turn_server.h @@ -172,6 +172,9 @@ struct _turn_turnserver { /* HTTP-Admin-Server: */ int use_http; + + /* Keep Address Family */ + int keep_address_family; }; const char * get_version(turn_turnserver *server); @@ -216,7 +219,8 @@ void init_turn_server(turn_turnserver* server, allocate_bps_cb allocate_bps_func, int oauth, const char* oauth_server_name, - int use_http); + int use_http, + int keep_address_family); ioa_engine_handle turn_server_get_engine(turn_turnserver *s);