Merge b2c0c7a522 into 15cecc97a2

2 weeks ago · 45f85db2f9
parent 15cecc97a2 b2c0c7a522
commit 45f85db2f9
5 changed files with 98 additions and 12 deletions
--- a/src/apps/relay/dtls_listener.c
+++ b/src/apps/relay/dtls_listener.c
@ -39,6 +39,7 @@
 #include "ns_ioalib_impl.h"

 #include "ns_turn_openssl.h"
+#include "prom_server.h"

 #include <pthread.h>

@ -62,6 +63,8 @@ typedef uint16_t in_port_t;

 #define MAX_SINGLE_UDP_BATCH (16)

+static int packetcounter = 1;
+
 struct dtls_listener_relay_server_info {
  char ifname[1025];
  ioa_addr addr;
@ -130,6 +133,33 @@ int get_dtls_version(const unsigned char *buf, int len) {
  return 0;
 }

+static size_t print_packet_txt2pcap(uint64_t now, uint8_t *payload, size_t payload_length, uint8_t *txt2pcap,
+                                    size_t txt2pcap_length) {
+
+  size_t index = 0;
+  int64_t remaining = now % (24 * 60 * 60 * 1000);
+  int hours = remaining / (60 * 60 * 1000);
+  remaining = remaining % (60 * 60 * 1000);
+  int minutes = remaining / (60 * 1000);
+  remaining = remaining % (60 * 1000);
+  int seconds = remaining / 1000;
+  int ms = remaining % 1000;
+
+  snprintf((char *)(txt2pcap + index), txt2pcap_length - index, "%02d:%02d:%02d.%03d", hours, minutes, seconds, ms);
+
+  index += sizeof("00:00:00.000") - 1;
+  snprintf((char *)(txt2pcap + index), txt2pcap_length - index, " 0000");
+  index += sizeof(" 0000") - 1;
+
+  for (size_t i = 0; i < payload_length; i++) {
+    snprintf((char *)(txt2pcap + index), txt2pcap_length - index, " %02x", payload[i]);
+    index += 3;
+  }
+  snprintf((char *)(txt2pcap + index), txt2pcap_length - index, " # STUN_PACKET ");
+  index += sizeof(" # STUN_PACKET ");
+  return index;
+}
+
 ///////////// utils /////////////////////

 #if DTLS_SUPPORTED
@ -695,6 +725,7 @@ start_udp_cycle:
    }
    ioa_network_buffer_delete(server->e, server->sm.m.sm.nd.nbh);
    server->sm.m.sm.nd.nbh = NULL;
+    prom_inc_packet_dropped();
    FUNCEND;
    return;
  }
@ -704,21 +735,44 @@ start_udp_cycle:
    int rc = 0;
    ioa_network_buffer_set_size(elem, (size_t)bsize);

-    if (server->connect_cb) {
+    // Do minimal validation on the received UDP packet
+    // stun_is_channel_message_str and stun_is_command_message_str
+    size_t blen = bsize;
+    uint16_t chnum = 0;
+    uint8_t *data = ioa_network_buffer_data(elem);

-      rc = create_new_connected_udp_socket(server, s);
-      if (rc < 0) {
-        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot handle UDP packet, size %d\n", (int)bsize);
+    if ((turn_params.drop_invalid_packets && !stun_is_channel_message_str(data, &blen, &chnum, false) &&
+         !stun_is_command_message_str(data, blen))
+#if DTLS_SUPPORTED
+        || (!turn_params.no_dtls && !is_dtls_message(data, blen))
+#endif
+    ) {
+      packetcounter++;
+      if (packetcounter % 1000 == 0) {
+        uint8_t txt2pcap[1000]; // 1000 is enough to print ~300B packet (3 chars per byte) with extras
+        print_packet_txt2pcap(packetcounter, data, blen, txt2pcap, sizeof(txt2pcap));
+        TURN_LOG_FUNC(TURN_LOG_LEVEL_DEBUG, "TXT2PCAP: %s\n", txt2pcap);
      }
-
+      prom_inc_packet_dropped();
    } else {
-      server->sm.m.sm.s = s;
-      rc = handle_udp_packet(server, &(server->sm), server->e, server->ts);
-    }
+      prom_inc_packet_processed();

-    if (rc < 0) {
-      if (eve(server->e->verbose)) {
-        TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot handle UDP event\n");
+      if (server->connect_cb) {
+
+        rc = create_new_connected_udp_socket(server, s);
+        if (rc < 0) {
+          TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot handle UDP packet, size %d\n", (int)bsize);
+        }
+
+      } else {
+        server->sm.m.sm.s = s;
+        rc = handle_udp_packet(server, &(server->sm), server->e, server->ts);
+      }
+
+      if (rc < 0) {
+        if (eve(server->e->verbose)) {
+          TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot handle UDP event\n");
+        }
      }
    }
  }
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@ -238,7 +238,8 @@ turn_params_t turn_params = {

    false, /* log_binding */
    false, /* stun_backward_compatibility */
-    false  /* respond_http_unsupported */
+    false, /* respond_http_unsupported */
+    false  /* drop_invalid_packets */
 };

 //////////////// OpenSSL Init //////////////////////
@ -1355,6 +1356,7 @@ static char Usage[] =
    "connections made to ports not\n"
    "						supporting HTTP. The default behaviour is to immediately "
    "close the connection.\n"
+    " --drop-invalid-packets			   Drop invalid packets early. The default behaviour is to accept all packets.\n"
    " --version					Print version (and exit).\n"
    " -h						Help\n"
    "\n";
--- a/src/apps/relay/mainrelay.h
+++ b/src/apps/relay/mainrelay.h
@ -347,6 +347,7 @@ typedef struct _turn_params_ {
  bool log_binding;
  bool stun_backward_compatibility;
  bool respond_http_unsupported;
+  bool drop_invalid_packets;
 } turn_params_t;

 extern turn_params_t turn_params;
--- a/src/apps/relay/prom_server.c
+++ b/src/apps/relay/prom_server.c
@ -43,6 +43,9 @@

 #if !defined(TURN_NO_PROMETHEUS)

+prom_counter_t *packet_processed;
+prom_counter_t *packet_dropped;
+
 prom_counter_t *stun_binding_request;
 prom_counter_t *stun_binding_response;
 prom_counter_t *stun_binding_error;
@ -178,6 +181,11 @@ void start_prometheus_server(void) {
  const char *typeLabel[] = {"type"};
  turn_total_allocations = prom_collector_registry_must_register_metric(
      prom_gauge_new("turn_total_allocations", "Represents current allocations number", 1, typeLabel));
+  // Packet counters
+  packet_processed = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_packet_processed", "Incoming packet processed", 0, NULL));
+  packet_dropped = prom_collector_registry_must_register_metric(
+      prom_counter_new("turn_packet_dropped", "Incoming packet dropped", 0, NULL));

  // some flags appeared first in microhttpd v0.9.53
  unsigned int flags = 0;
@ -283,6 +291,18 @@ void prom_dec_allocation(SOCKET_TYPE type) {
  }
 }

+void prom_inc_packet_processed(void) {
+  if (turn_params.prometheus == 1) {
+    prom_counter_add(packet_processed, 1, NULL);
+  }
+}
+
+void prom_inc_packet_dropped(void) {
+  if (turn_params.prometheus == 1) {
+    prom_counter_add(packet_dropped, 1, NULL);
+  }
+}
+
 void prom_inc_stun_binding_request(void) {
  if (turn_params.prometheus) {
    prom_counter_add(stun_binding_request, 1, NULL);
@ -339,4 +359,8 @@ void prom_inc_allocation(SOCKET_TYPE type) { UNUSED_ARG(type); }

 void prom_dec_allocation(SOCKET_TYPE type) { UNUSED_ARG(type); }

+void prom_inc_packet_processed(void) {}
+
+void prom_inc_packet_dropped(void) {}
+
 #endif /* TURN_NO_PROMETHEUS */
--- a/src/apps/relay/prom_server.h
+++ b/src/apps/relay/prom_server.h
@ -59,6 +59,9 @@ extern "C" {
 }
 #endif /* __clplusplus */

+extern prom_counter_t *packet_processed;
+extern prom_counter_t *packet_dropped;
+
 extern prom_counter_t *stun_binding_request;
 extern prom_counter_t *stun_binding_response;
 extern prom_counter_t *stun_binding_error;
@ -104,5 +107,7 @@ void prom_set_finished_traffic(const char *realm, const char *user, unsigned lon

 void prom_inc_allocation(SOCKET_TYPE type);
 void prom_dec_allocation(SOCKET_TYPE type);
+void prom_inc_packet_processed(void);
+void prom_inc_packet_dropped(void);

 #endif /* __PROM_SERVER_H__ */