diff --git a/README.turnserver b/README.turnserver index 0394fdf5..28ffb894 100644 --- a/README.turnserver +++ b/README.turnserver @@ -257,11 +257,13 @@ Flags: -h Help. -Options with required values: +Options with values: ---stale-nonce[=] Use extra security with nonce value having limited lifetime (default 600 secs). +--stale-nonce[=] Use extra security with nonce value having limited lifetime, in seconds (default 600 secs). ---max-allocate-lifetime Set the maximum value for the allocation lifetime. Default to 3600 secs. +--max-allocate-lifetime Set the maximum value for the allocation lifetime. Default to 3600 secs. + +--channel-lifetime Set the lifetime for channel binding, default to 600 secs. This value MUST not be changed for production purposes. -d, --listening-device Listener interface device. (NOT RECOMMENDED. Optional functionality, Linux only). diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index a9749aa4..02d51b68 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -389,6 +389,12 @@ #max-allocate-lifetime=3600 +# Uncomment to set the lifetime for the channel. +# Default value is 600 secs (10 minutes). +# This value MUST not be changed for production purposes. +# +#channel-lifetime=600 + # Certificate file. # Use an absolute path or path relative to the # configuration file. diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index 7c36d93c..e57931b7 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -392,17 +392,21 @@ initially used by the session). Help. .TP .B -Options with required values: +Options with values: .TP .B \fB\-\-stale\-nonce\fP[=] -Use extra security with nonce value having limited lifetime (default 600 secs). +Use extra security with nonce value having limited lifetime, in seconds (default 600 secs). .TP .B -\fB\-\-max\-allocate\-lifetime\fP +\fB\-\-max\-allocate\-lifetime\fP Set the maximum value for the allocation lifetime. Default to 3600 secs. .TP .B +\fB\-\-channel\-lifetime\fP +Set the lifetime for channel binding, default to 600 secs. This value MUST not be changed for production purposes. +.TP +.B \fB\-d\fP, \fB\-\-listening\-device\fP Listener interface device. (NOT RECOMMENDED. Optional functionality, Linux only). diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 344b28b2..7638014d 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -124,7 +124,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"", /////////////// stop server //////////////// 0, /////////////// MISC PARAMS //////////////// -0,0,0,0,0,':',0,0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0, +0,0,0,0,0,':',0,0,0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0, ///////////// Users DB ////////////// { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} }, ///////////// CPUs ////////////////// @@ -549,6 +549,8 @@ static char Usage[] = "Usage: turnserver [options]\n" " This option can be used, for example, together with the logrotate tool.\n" " --stale-nonce[=] Use extra security with nonce value having limited lifetime (default 600 secs).\n" " --max-allocate-lifetime Set the maximum value for the allocation lifetime. Default to 3600 secs.\n" +" --channel-lifetime Set the lifetime for channel binding, default to 600 secs.\n" +" This value MUST not be changed for production purposes.\n" " -S, --stun-only Option to set standalone STUN operation only, all TURN requests will be ignored.\n" " --no-stun Option to suppress STUN functionality, only TURN requests will be processed.\n" " --alternate-server Set the TURN server to redirect the allocate requests (UDP and TCP services).\n" @@ -672,6 +674,7 @@ enum EXTRA_OPTS { MAX_PORT_OPT, STALE_NONCE_OPT, MAX_ALLOCATE_LIFETIME_OPT, + CHANNEL_LIFETIME_OPT, AUTH_SECRET_OPT, DEL_ALL_AUTH_SECRETS_OPT, STATIC_AUTH_SECRET_VAL_OPT, @@ -790,6 +793,7 @@ static const struct myoption long_options[] = { { "no-tcp-relay", optional_argument, NULL, NO_TCP_RELAY_OPT }, { "stale-nonce", optional_argument, NULL, STALE_NONCE_OPT }, { "max-allocate-lifetime", optional_argument, NULL, MAX_ALLOCATE_LIFETIME_OPT }, + { "channel-lifetime", optional_argument, NULL, CHANNEL_LIFETIME_OPT }, { "stun-only", optional_argument, NULL, 'S' }, { "no-stun", optional_argument, NULL, NO_STUN_OPT }, { "cert", required_argument, NULL, CERT_FILE_OPT }, @@ -1054,6 +1058,9 @@ static void set_option(int c, char *value) case MAX_ALLOCATE_LIFETIME_OPT: turn_params.max_allocate_lifetime = get_int_value(value, STUN_DEFAULT_MAX_ALLOCATE_LIFETIME); break; + case CHANNEL_LIFETIME_OPT: + turn_params.channel_lifetime = get_int_value(value, STUN_DEFAULT_CHANNEL_LIFETIME); + break; case MAX_ALLOCATE_TIMEOUT_OPT: TURN_MAX_ALLOCATE_TIMEOUT = atoi(value); TURN_MAX_ALLOCATE_TIMEOUT_STUN_ONLY = atoi(value); diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 01bed5da..5edce679 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -286,6 +286,7 @@ typedef struct _turn_params_ { char rest_api_separator; vint stale_nonce; vint max_allocate_lifetime; + vint channel_lifetime; vint mobility; turn_credential_type ct; int use_auth_secret_with_timestamp; diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c index fc7da47d..d2bcfd7a 100644 --- a/src/apps/relay/netengine.c +++ b/src/apps/relay/netengine.c @@ -1634,6 +1634,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int &turn_params.no_udp_relay, &turn_params.stale_nonce, &turn_params.max_allocate_lifetime, + &turn_params.channel_lifetime, &turn_params.stun_only, &turn_params.no_stun, &turn_params.alternate_servers_list, diff --git a/src/client/ns_turn_msg_defs.h b/src/client/ns_turn_msg_defs.h index 2960ab81..019c5098 100644 --- a/src/client/ns_turn_msg_defs.h +++ b/src/client/ns_turn_msg_defs.h @@ -63,7 +63,7 @@ #define STUN_DEFAULT_ALLOCATE_LIFETIME (600) #define STUN_MIN_ALLOCATE_LIFETIME STUN_DEFAULT_ALLOCATE_LIFETIME #define STUN_DEFAULT_MAX_ALLOCATE_LIFETIME (3600) -#define STUN_CHANNEL_LIFETIME (600) +#define STUN_DEFAULT_CHANNEL_LIFETIME (600) #define STUN_PERMISSION_LIFETIME (300) #define STUN_DEFAULT_NONCE_EXPIRATION_TIME (600) /**/ diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c index fbb335cc..2e371c17 100644 --- a/src/server/ns_turn_server.c +++ b/src/server/ns_turn_server.c @@ -883,13 +883,13 @@ static int update_channel_lifetime(ts_ur_super_session *ss, ch_info* chn) if (server) { - if (update_turn_permission_lifetime(ss, tinfo, STUN_CHANNEL_LIFETIME) < 0) + if (update_turn_permission_lifetime(ss, tinfo, *(server->channel_lifetime)) < 0) return -1; - chn->expiration_time = server->ctime + STUN_CHANNEL_LIFETIME; + chn->expiration_time = server->ctime + *(server->channel_lifetime); IOA_EVENT_DEL(chn->lifetime_ev); - chn->lifetime_ev = set_ioa_timer(server->e, STUN_CHANNEL_LIFETIME, 0, + chn->lifetime_ev = set_ioa_timer(server->e, *(server->channel_lifetime), 0, client_ss_channel_timeout_handler, chn, 0, "client_ss_channel_timeout_handler"); @@ -4797,6 +4797,7 @@ void init_turn_server(turn_turnserver* server, vintp no_udp_relay, vintp stale_nonce, vintp max_allocate_lifetime, + vintp channel_lifetime, vintp stun_only, vintp no_stun, turn_server_addrs_list_t *alternate_servers_list, @@ -4853,6 +4854,7 @@ void init_turn_server(turn_turnserver* server, server->stale_nonce = stale_nonce; server->max_allocate_lifetime = max_allocate_lifetime; + server->channel_lifetime = channel_lifetime; server->stun_only = stun_only; server->no_stun = no_stun; diff --git a/src/server/ns_turn_server.h b/src/server/ns_turn_server.h index 96153a50..3d86a24c 100644 --- a/src/server/ns_turn_server.h +++ b/src/server/ns_turn_server.h @@ -116,6 +116,7 @@ struct _turn_turnserver { vintp check_origin; vintp stale_nonce; vintp max_allocate_lifetime; + vintp channel_lifetime; vintp stun_only; vintp no_stun; vintp secure_stun; @@ -186,6 +187,7 @@ void init_turn_server(turn_turnserver* server, vintp no_udp_relay, vintp stale_nonce, vintp max_allocate_lifetime, + vintp channel_lifetime, vintp stun_only, vintp no_stun, turn_server_addrs_list_t *alternate_servers_list,