diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index 70da9586..a9749aa4 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -382,6 +382,13 @@ # #stale-nonce=600 +# Uncomment if you want to set the maximum allocation +# time before it has to be refreshed. +# Default is 3600s. +# +#max-allocate-lifetime=3600 + + # Certificate file. # Use an absolute path or path relative to the # configuration file. diff --git a/src/apps/common/stun_buffer.c b/src/apps/common/stun_buffer.c index c4ee5754..d0bc4504 100644 --- a/src/apps/common/stun_buffer.c +++ b/src/apps/common/stun_buffer.c @@ -160,12 +160,12 @@ int stun_set_allocate_request(stun_buffer* buf, u32bits lifetime, int af4, int a int stun_set_allocate_response(stun_buffer* buf, stun_tid* tid, const ioa_addr *relayed_addr1, const ioa_addr *relayed_addr2, const ioa_addr *reflexive_addr, - u32bits lifetime, int error_code, const u08bits *reason, + u32bits lifetime, u32bits max_lifetime, int error_code, const u08bits *reason, u64bits reservation_token, char *mobile_id) { return stun_set_allocate_response_str(buf->buf, (size_t*)(&(buf->len)), tid, relayed_addr1, relayed_addr2, reflexive_addr, - lifetime, error_code, reason, + lifetime, max_lifetime, error_code, reason, reservation_token, mobile_id); } diff --git a/src/apps/common/stun_buffer.h b/src/apps/common/stun_buffer.h index fe7dc256..943df0ce 100644 --- a/src/apps/common/stun_buffer.h +++ b/src/apps/common/stun_buffer.h @@ -105,7 +105,7 @@ int stun_set_allocate_request(stun_buffer* buf, u32bits lifetime, int af4, int a int stun_set_allocate_response(stun_buffer* buf, stun_tid* tid, const ioa_addr *relayed_addr1, const ioa_addr *relayed_addr2, const ioa_addr *reflexive_addr, - u32bits lifetime, + u32bits lifetime, u32bits max_lifetime, int error_code, const u08bits *reason, u64bits reservation_token, char *mobile_id); diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 28d3619d..82839507 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -124,7 +124,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"", /////////////// stop server //////////////// 0, /////////////// MISC PARAMS //////////////// -0,0,0,0,0,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0, +0,0,0,0,0,':',0,0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0, ///////////// Users DB ////////////// { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} }, ///////////// CPUs ////////////////// @@ -548,6 +548,7 @@ static char Usage[] = "Usage: turnserver [options]\n" " name will be constructed as-is, without PID and date appendage.\n" " This option can be used, for example, together with the logrotate tool.\n" " --stale-nonce[=600] Use extra security with nonce value having limited lifetime (default 600 secs).\n" +" --max-allocate-lifetime Set the maximum value for the allocation lifetime. Default to 3600 secs.\n" " -S, --stun-only Option to set standalone STUN operation only, all TURN requests will be ignored.\n" " --no-stun Option to suppress STUN functionality, only TURN requests will be processed.\n" " --alternate-server Set the TURN server to redirect the allocate requests (UDP and TCP services).\n" @@ -670,6 +671,7 @@ enum EXTRA_OPTS { MIN_PORT_OPT, MAX_PORT_OPT, STALE_NONCE_OPT, + MAX_ALLOCATE_LIFETIME_OPT, AUTH_SECRET_OPT, DEL_ALL_AUTH_SECRETS_OPT, STATIC_AUTH_SECRET_VAL_OPT, @@ -787,6 +789,7 @@ static const struct myoption long_options[] = { { "no-udp-relay", optional_argument, NULL, NO_UDP_RELAY_OPT }, { "no-tcp-relay", optional_argument, NULL, NO_TCP_RELAY_OPT }, { "stale-nonce", optional_argument, NULL, STALE_NONCE_OPT }, + { "max-allocate-lifetime", optional_argument, NULL, MAX_ALLOCATE_LIFETIME_OPT }, { "stun-only", optional_argument, NULL, 'S' }, { "no-stun", optional_argument, NULL, NO_STUN_OPT }, { "cert", required_argument, NULL, CERT_FILE_OPT }, @@ -1048,6 +1051,9 @@ static void set_option(int c, char *value) case STALE_NONCE_OPT: turn_params.stale_nonce = get_int_value(value, STUN_DEFAULT_NONCE_EXPIRATION_TIME); break; + case MAX_ALLOCATE_LIFETIME_OPT: + turn_params.max_allocate_lifetime = get_int_value(value, STUN_DEFAULT_MAX_ALLOCATE_LIFETIME); + break; case MAX_ALLOCATE_TIMEOUT_OPT: TURN_MAX_ALLOCATE_TIMEOUT = atoi(value); TURN_MAX_ALLOCATE_TIMEOUT_STUN_ONLY = atoi(value); diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 592a2db2..01bed5da 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -285,6 +285,7 @@ typedef struct _turn_params_ { int fingerprint; char rest_api_separator; vint stale_nonce; + vint max_allocate_lifetime; vint mobility; turn_credential_type ct; int use_auth_secret_with_timestamp; diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c index b1cbdc42..fc7da47d 100644 --- a/src/apps/relay/netengine.c +++ b/src/apps/relay/netengine.c @@ -1633,6 +1633,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int &turn_params.no_tcp_relay, &turn_params.no_udp_relay, &turn_params.stale_nonce, + &turn_params.max_allocate_lifetime, &turn_params.stun_only, &turn_params.no_stun, &turn_params.alternate_servers_list, diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c index dde54fba..7f66b4b4 100644 --- a/src/client/ns_turn_msg.c +++ b/src/client/ns_turn_msg.c @@ -1021,7 +1021,7 @@ int stun_set_allocate_request_str(u08bits* buf, size_t *len, u32bits lifetime, i int stun_set_allocate_response_str(u08bits* buf, size_t *len, stun_tid* tid, const ioa_addr *relayed_addr1, const ioa_addr *relayed_addr2, const ioa_addr *reflexive_addr, - u32bits lifetime, int error_code, const u08bits *reason, + u32bits lifetime, u32bits max_lifetime, int error_code, const u08bits *reason, u64bits reservation_token, char* mobile_id) { if(!error_code) { @@ -1047,7 +1047,7 @@ int stun_set_allocate_response_str(u08bits* buf, size_t *len, stun_tid* tid, { if(lifetime<1) lifetime=STUN_DEFAULT_ALLOCATE_LIFETIME; - else if(lifetime>STUN_MAX_ALLOCATE_LIFETIME) lifetime = STUN_MAX_ALLOCATE_LIFETIME; + else if(lifetime>max_lifetime) lifetime = max_lifetime; u32bits field=nswap32(lifetime); if(stun_attr_add_str(buf,len,STUN_ATTRIBUTE_LIFETIME,(u08bits*)(&field),sizeof(field))<0) return -1; @@ -1215,11 +1215,11 @@ void stun_tid_generate_in_message_str(u08bits* buf, stun_tid* id) { /////////////////// TIME //////////////////////////////////////////////////////// -turn_time_t stun_adjust_allocate_lifetime(turn_time_t lifetime, turn_time_t max_lifetime) { +turn_time_t stun_adjust_allocate_lifetime(turn_time_t lifetime, turn_time_t max_allowed_lifetime, turn_time_t max_lifetime) { if(!lifetime) lifetime = STUN_DEFAULT_ALLOCATE_LIFETIME; else if(lifetimeSTUN_MAX_ALLOCATE_LIFETIME) lifetime = STUN_MAX_ALLOCATE_LIFETIME; + else if(lifetime>max_allowed_lifetime) lifetime = max_allowed_lifetime; if(max_lifetime && (max_lifetime < lifetime)) { lifetime = max_lifetime; diff --git a/src/client/ns_turn_msg.h b/src/client/ns_turn_msg.h index 17d34851..1667fe06 100644 --- a/src/client/ns_turn_msg.h +++ b/src/client/ns_turn_msg.h @@ -86,7 +86,7 @@ u16bits stun_make_error_response(u16bits method); /////////////////////////////////////////////////////////////// -turn_time_t stun_adjust_allocate_lifetime(turn_time_t lifetime, turn_time_t max_lifetime); +turn_time_t stun_adjust_allocate_lifetime(turn_time_t lifetime, turn_time_t max_allowed_lifetime, turn_time_t max_lifetime); ///////////// STR //////////////////////////////////////////////// @@ -162,7 +162,7 @@ int stun_set_allocate_request_str(u08bits* buf, size_t *len, u32bits lifetime, i int stun_set_allocate_response_str(u08bits* buf, size_t *len, stun_tid* tid, const ioa_addr *relayed_addr1, const ioa_addr *relayed_addr2, const ioa_addr *reflexive_addr, - u32bits lifetime, int error_code, const u08bits *reason, + u32bits lifetime, u32bits max_lifetime, int error_code, const u08bits *reason, u64bits reservation_token, char *mobile_id); u16bits stun_set_channel_bind_request_str(u08bits* buf, size_t *len, diff --git a/src/client/ns_turn_msg_defs.h b/src/client/ns_turn_msg_defs.h index 3746602c..2960ab81 100644 --- a/src/client/ns_turn_msg_defs.h +++ b/src/client/ns_turn_msg_defs.h @@ -62,7 +62,7 @@ /* Lifetimes: */ #define STUN_DEFAULT_ALLOCATE_LIFETIME (600) #define STUN_MIN_ALLOCATE_LIFETIME STUN_DEFAULT_ALLOCATE_LIFETIME -#define STUN_MAX_ALLOCATE_LIFETIME (3600) +#define STUN_DEFAULT_MAX_ALLOCATE_LIFETIME (3600) #define STUN_CHANNEL_LIFETIME (600) #define STUN_PERMISSION_LIFETIME (300) #define STUN_DEFAULT_NONCE_EXPIRATION_TIME (600) diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c index 8a2eb988..fbb335cc 100644 --- a/src/server/ns_turn_server.c +++ b/src/server/ns_turn_server.c @@ -977,7 +977,7 @@ static int handle_turn_allocate(turn_turnserver *server, tid, pxor_relayed_addr1, pxor_relayed_addr2, get_remote_addr_from_ioa_socket(ss->client_socket), - lifetime, 0, NULL, 0, + lifetime,*(server->max_allocate_lifetime), 0, NULL, 0, ss->s_mobile_id); ioa_network_buffer_set_size(nbh,len); *resp_constructed = 1; @@ -1205,7 +1205,7 @@ static int handle_turn_allocate(turn_turnserver *server, } } - lifetime = stun_adjust_allocate_lifetime(lifetime, ss->max_session_time_auth); + lifetime = stun_adjust_allocate_lifetime(lifetime, *(server->max_allocate_lifetime), ss->max_session_time_auth); u64bits out_reservation_token = 0; if(inc_quota(ss, username)<0) { @@ -1373,7 +1373,7 @@ static int handle_turn_allocate(turn_turnserver *server, stun_set_allocate_response_str(ioa_network_buffer_data(nbh), &len, tid, pxor_relayed_addr1, pxor_relayed_addr2, get_remote_addr_from_ioa_socket(ss->client_socket), lifetime, - 0,NULL, + *(server->max_allocate_lifetime),0,NULL, out_reservation_token, ss->s_mobile_id); @@ -1398,7 +1398,7 @@ static int handle_turn_allocate(turn_turnserver *server, } size_t len = ioa_network_buffer_get_size(nbh); - stun_set_allocate_response_str(ioa_network_buffer_data(nbh), &len, tid, NULL, NULL, NULL, 0, *err_code, *reason, 0, ss->s_mobile_id); + stun_set_allocate_response_str(ioa_network_buffer_data(nbh), &len, tid, NULL, NULL, NULL, 0, *(server->max_allocate_lifetime), *err_code, *reason, 0, ss->s_mobile_id); ioa_network_buffer_set_size(nbh,len); *resp_constructed = 1; } @@ -1644,7 +1644,7 @@ static int handle_turn_refresh(turn_turnserver *server, if (to_delete) lifetime = 0; else { - lifetime = stun_adjust_allocate_lifetime(lifetime, ss->max_session_time_auth); + lifetime = stun_adjust_allocate_lifetime(lifetime, *(server->max_allocate_lifetime), ss->max_session_time_auth); } if (af4c && refresh_relay_connection(server, orig_ss, lifetime, 0, 0, 0, @@ -1757,7 +1757,7 @@ static int handle_turn_refresh(turn_turnserver *server, if (to_delete) lifetime = 0; else { - lifetime = stun_adjust_allocate_lifetime(lifetime, ss->max_session_time_auth); + lifetime = stun_adjust_allocate_lifetime(lifetime, *(server->max_allocate_lifetime), ss->max_session_time_auth); } if(!af4 && !af6) { @@ -4350,8 +4350,8 @@ static int create_relay_connection(turn_turnserver* server, if (lifetime<1) lifetime = STUN_DEFAULT_ALLOCATE_LIFETIME; - else if(lifetime>STUN_MAX_ALLOCATE_LIFETIME) - lifetime = STUN_MAX_ALLOCATE_LIFETIME; + else if(lifetime>(u32bits)*(server->max_allocate_lifetime)) + lifetime = (u32bits)*(server->max_allocate_lifetime); ioa_timer_handle ev = set_ioa_timer(server->e, lifetime, 0, client_ss_allocation_timeout_handler, newelem, 0, @@ -4796,6 +4796,7 @@ void init_turn_server(turn_turnserver* server, vintp no_tcp_relay, vintp no_udp_relay, vintp stale_nonce, + vintp max_allocate_lifetime, vintp stun_only, vintp no_stun, turn_server_addrs_list_t *alternate_servers_list, @@ -4851,6 +4852,7 @@ void init_turn_server(turn_turnserver* server, server->self_udp_balance = self_udp_balance; server->stale_nonce = stale_nonce; + server->max_allocate_lifetime = max_allocate_lifetime; server->stun_only = stun_only; server->no_stun = no_stun; diff --git a/src/server/ns_turn_server.h b/src/server/ns_turn_server.h index bdba4ea5..96153a50 100644 --- a/src/server/ns_turn_server.h +++ b/src/server/ns_turn_server.h @@ -115,6 +115,7 @@ struct _turn_turnserver { int rfc5780; vintp check_origin; vintp stale_nonce; + vintp max_allocate_lifetime; vintp stun_only; vintp no_stun; vintp secure_stun; @@ -184,6 +185,7 @@ void init_turn_server(turn_turnserver* server, vintp no_tcp_relay, vintp no_udp_relay, vintp stale_nonce, + vintp max_allocate_lifetime, vintp stun_only, vintp no_stun, turn_server_addrs_list_t *alternate_servers_list,