diff --git a/README.turnserver b/README.turnserver index f666837d..df56d022 100644 --- a/README.turnserver +++ b/README.turnserver @@ -285,6 +285,10 @@ Flags: --prometheus Enable prometheus metrics. By default it is disabled. Would listen on port 9641 under the path /metrics also the path / on this port can be used as a health check + --prometheus-username-labels Enable labeling prometheus traffic + metrics with client usernames. Labeling with client usernames is + disabled by default, beacuse this may cause memory leaks when using + authentication with ephemeral usernames (e.g. TURN REST API). --prometheus-port Prometheus listener port (Default: 9641). diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index f29423da..f6199727 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -432,6 +432,13 @@ also the path / on this port can be used as a health check .B \fB\-\-prometheus\-port\fP Prometheus listener port (Default: 9641). +.TP +.B +\fB\-\-prometheus\-username\-labels\fP +Enable labeling prometheus traffic +metrics with client usernames. Labeling with client usernames is +disabled by default, because this may cause memory leaks when using +authentication with ephemeral usernames (e.g. TURN REST API). .RE .TP .B diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 35f1c666..d9368875 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -174,6 +174,7 @@ TURN_CREDENTIALS_NONE, /* ct */ #if !defined(TURN_NO_PROMETHEUS) 0, /* prometheus disabled by default */ DEFAULT_PROM_SERVER_PORT, /* prometheus port */ +0, /* prometheus username labelling disabled by default when prometheus is enabled */ #endif ///////////// Users DB ////////////// { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} }, @@ -561,6 +562,7 @@ static char Usage[] = "Usage: turnserver [options]\n" " --prometheus Enable prometheus metrics. It is disabled by default. If it is enabled it will listen on port 9641 under the path /metrics\n" " also the path / on this port can be used as a health check\n" " --prometheus-port Prometheus metrics port (Default: 9641).\n" +" --prometheus-username-labels When metrics are enabled, add labels with client usernames.\n" #endif " --use-auth-secret TURN REST API flag.\n" " Flag that sets a special authorization option that is based upon authentication secret\n" @@ -790,6 +792,7 @@ enum EXTRA_OPTS { PERMISSION_LIFETIME_OPT, PROMETHEUS_OPT, PROMETHEUS_PORT_OPT, + PROMETHEUS_ENABLE_USERNAMES_OPT, AUTH_SECRET_OPT, NO_AUTH_PINGS_OPT, NO_DYNAMIC_IP_LIST_OPT, @@ -906,6 +909,7 @@ static const struct myoption long_options[] = { #if !defined(TURN_NO_PROMETHEUS) { "prometheus", optional_argument, NULL, PROMETHEUS_OPT }, { "prometheus-port", optional_argument, NULL, PROMETHEUS_PORT_OPT }, + { "prometheus-username-labels", optional_argument, NULL, PROMETHEUS_ENABLE_USERNAMES_OPT }, #endif { "use-auth-secret", optional_argument, NULL, AUTH_SECRET_OPT }, { "static-auth-secret", required_argument, NULL, STATIC_AUTH_SECRET_VAL_OPT }, @@ -1541,6 +1545,9 @@ static void set_option(int c, char *value) case PROMETHEUS_PORT_OPT: turn_params.prometheus_port = atoi(value); break; + case PROMETHEUS_ENABLE_USERNAMES_OPT: + turn_params.prometheus_username_labels = 1; + break; #endif case AUTH_SECRET_OPT: turn_params.use_auth_secret_with_timestamp = 1; diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 32497182..9c8a28c3 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -320,6 +320,7 @@ typedef struct _turn_params_ { #if !defined(TURN_NO_PROMETHEUS) int prometheus; int prometheus_port; + int prometheus_username_labels; #endif diff --git a/src/apps/relay/prom_server.c b/src/apps/relay/prom_server.c index 9d77f0cc..883da46d 100644 --- a/src/apps/relay/prom_server.c +++ b/src/apps/relay/prom_server.c @@ -30,20 +30,26 @@ int start_prometheus_server(void){ return 1; } prom_collector_registry_default_init(); - - const char *label[] = {"realm", "user"}; + + const char *label[] = {"realm", NULL}; + size_t nlabels = 1; + + if (turn_params.prometheus_username_labels) { + label[1] = "user"; + nlabels++; + } // Create traffic counter metrics - turn_traffic_rcvp = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_rcvp", "Represents finished sessions received packets", 2, label)); - turn_traffic_rcvb = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_rcvb", "Represents finished sessions received bytes", 2, label)); - turn_traffic_sentp = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_sentp", "Represents finished sessions sent packets", 2, label)); - turn_traffic_sentb = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_sentb", "Represents finished sessions sent bytes", 2, label)); + turn_traffic_rcvp = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_rcvp", "Represents finished sessions received packets", nlabels, label)); + turn_traffic_rcvb = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_rcvb", "Represents finished sessions received bytes", nlabels, label)); + turn_traffic_sentp = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_sentp", "Represents finished sessions sent packets", nlabels, label)); + turn_traffic_sentb = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_sentb", "Represents finished sessions sent bytes", nlabels, label)); // Create finished sessions traffic for peers counter metrics - turn_traffic_peer_rcvp = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_peer_rcvp", "Represents finished sessions peer received packets", 2, label)); - turn_traffic_peer_rcvb = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_peer_rcvb", "Represents finished sessions peer received bytes", 2, label)); - turn_traffic_peer_sentp = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_peer_sentp", "Represents finished sessions peer sent packets", 2, label)); - turn_traffic_peer_sentb = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_peer_sentb", "Represents finished sessions peer sent bytes", 2, label)); + turn_traffic_peer_rcvp = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_peer_rcvp", "Represents finished sessions peer received packets", nlabels, label)); + turn_traffic_peer_rcvb = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_peer_rcvb", "Represents finished sessions peer received bytes", nlabels, label)); + turn_traffic_peer_sentp = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_peer_sentp", "Represents finished sessions peer sent packets", nlabels, label)); + turn_traffic_peer_sentb = prom_collector_registry_must_register_metric(prom_counter_new("turn_traffic_peer_sentb", "Represents finished sessions peer sent bytes", nlabels, label)); // Create total finished traffic counter metrics turn_total_traffic_rcvp = prom_collector_registry_must_register_metric(prom_counter_new("turn_total_traffic_rcvp", "Represents total finished sessions received packets", 0, NULL)); @@ -70,7 +76,10 @@ int start_prometheus_server(void){ void prom_set_finished_traffic(const char* realm, const char* user, unsigned long rsvp, unsigned long rsvb, unsigned long sentp, unsigned long sentb, bool peer){ if (turn_params.prometheus == 1){ - const char *label[] = {realm, user}; + const char *label[] = {realm, NULL}; + if (turn_params.prometheus_username_labels){ + label[1] = user; + } if (peer){ prom_counter_add(turn_traffic_peer_rcvp, rsvp, label);