mirror of https://github.com/coturn/coturn
Tag:
Branch:
Tree:
master
copilot/fix-1649
debian/buster
debian/buster-backports
debian/master
debian/stretch
debian/stretch-backports
dh2066
fix-oauth
fix_msvc_analyzer
input-validation
libevent.rpm
macos_upgrade
master
move_to_verbose
pristine-tar
sparc64
sparc64-rebase
sparc64-rebase-slim
try-fix-docker
turnbis
upstream/latest
wferi/callback
4.10.0
4.11.0
4.12.0
4.13.0
4.13.1
4.14.0
4.4.5.3
4.4.5.4
4.5.0.1
4.5.0.2
4.5.0.3
4.5.0.4
4.5.0.5
4.5.0.6
4.5.0.7
4.5.0.8
4.5.1.0
4.5.1.1
4.5.1.2
4.5.1.3
4.5.2
4.6.0
4.6.1
4.6.2
4.6.3
4.7.0
4.8.0
4.9.0
debian/4.5.0.2-3
debian/4.5.0.2-3_bpo8+1
debian/4.5.0.3-1
debian/4.5.0.4-1
debian/4.5.0.4-4
debian/4.5.0.5-1
debian/4.5.0.5-1+deb9u1
debian/4.5.0.5-1+deb9u2
debian/4.5.0.5-1+deb9u3
debian/4.5.0.6-1
debian/4.5.0.7-1
debian/4.5.0.8-1
debian/4.5.1.0-1
debian/4.5.1.0-1_bpo9+1
debian/4.5.1.1-1
debian/4.5.1.1-1.1
debian/4.5.1.1-1.1+deb10u1
debian/4.5.1.1-1.1+deb10u2
debian/4.5.1.1-1.2
debian/4.5.1.3-1
debian/4.5.2-1
debian/4.5.2-1_bpo10+1
debian/4.5.2-2
debian/4.5.2-3
docker/4.10.0-r0
docker/4.10.0-r1
docker/4.11.0-r0
docker/4.12.0-r0
docker/4.13.0-r0
docker/4.13.1-r0
docker/4.14.0-r0
docker/4.5.2-r0
docker/4.5.2-r1
docker/4.5.2-r10
docker/4.5.2-r11
docker/4.5.2-r12
docker/4.5.2-r13
docker/4.5.2-r14
docker/4.5.2-r2
docker/4.5.2-r3
docker/4.5.2-r4
docker/4.5.2-r5
docker/4.5.2-r6
docker/4.5.2-r7
docker/4.5.2-r8
docker/4.5.2-r9
docker/4.6.0-r0
docker/4.6.0-r1
docker/4.6.1-r0
docker/4.6.1-r1
docker/4.6.1-r2
docker/4.6.1-r3
docker/4.6.2-r0
docker/4.6.2-r1
docker/4.6.2-r10
docker/4.6.2-r11
docker/4.6.2-r12
docker/4.6.2-r13
docker/4.6.2-r2
docker/4.6.2-r3
docker/4.6.2-r4
docker/4.6.2-r5
docker/4.6.2-r6
docker/4.6.2-r7
docker/4.6.2-r8
docker/4.6.2-r9
docker/4.6.3-r0
docker/4.6.3-r1
docker/4.6.3-r2
docker/4.6.3-r3
docker/4.7.0-r0
docker/4.7.0-r1
docker/4.7.0-r2
docker/4.7.0-r3
docker/4.7.0-r4
docker/4.8.0-r0
docker/4.8.0-r1
docker/4.9.0-r0
upstream/4.0.0.0
upstream/4.0.0.1
upstream/4.0.0.2
upstream/4.0.1.2
upstream/4.0.1.3
upstream/4.1.0.1
upstream/4.1.0.2
upstream/4.1.1.1
upstream/4.1.2.1
upstream/4.2.1.2
upstream/4.2.2.2
upstream/4.2.3.1
upstream/4.3.1.1
upstream/4.3.1.2
upstream/4.3.1.3
upstream/4.3.2.1
upstream/4.3.2.2
upstream/4.3.3.1
upstream/4.4.1.1
upstream/4.4.1.2
upstream/4.4.2.1
upstream/4.4.2.2
upstream/4.4.2.3
upstream/4.4.4.1
upstream/4.4.4.2
upstream/4.4.5.1
upstream/4.4.5.2
upstream/4.4.5.3
upstream/4.4.5.4
upstream/4.5.0.1
upstream/4.5.0.2
upstream/4.5.0.3
upstream/4.5.0.4
upstream/4.5.0.5
upstream/4.5.0.6
upstream/4.5.0.7
upstream/4.5.0.8
upstream/4.5.1.0
upstream/4.5.1.1
upstream/4.5.1.3
upstream/4.5.2
${ noResults }
19 Commits (master)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Pavel Punsky
|
47ce433cde
|
Add per-source rate-limiting of UDP 401 Unauthorized responses (#1957)
TURN/STUN long-term auth answers the first unauthenticated request with
a 401 Unauthorized carrying REALM/NONCE. On UDP, where source addresses
are spoofable and the 401 is larger than the request that triggers it,
the server becomes a reflection/amplification vector: an attacker forges
a victim's source IP and bounces amplified 401s at it.
This adds an opt-in mitigation that caps how many UDP 401 responses the
server emits toward any single source IP per second. Past the cap the
server stays silent, denying both the reflection and the amplification.
Authenticated relay traffic is untouched — only requests that reach the
401 branch spend budget.
Flags (off by default):
--unauthorized-ratelimit Enable the mitigation (UDP only).
--unauthorized-ratelimit-rps=<n> Max 401 responses per source IP per
second. Default 10.
Implementation:
- Lock-free, fixed 4096-bucket direct-mapped table (~80 KiB, no
malloc/free, no lock, no list scan on the hot path); the source IP
appears only as a 32-bit tag, never as a pointer. The port is stripped
from the key so an attacker cannot evade the limit by rotating the
source port. A fixed 1-second window backs the per-second limit.
- Colliding addresses share the live bucket budget instead of receiving
a fresh allowance, so hash collisions can never expand reflected output.
- Drop and collision diagnostics are each latched to one log line per
(bucket, window) to avoid log amplification.
- Portable 32-bit atomics over C11 <stdatomic.h> with an MSVC
Interlocked* fallback; the on/off flag and the per-second threshold are
pointers into turn_params so every relay thread sees live CLI values
without per-thread copies.
Observability (Prometheus):
- turn_unauthenticated_401_{requests,responses,dropped_responses}
- turn_ratelimit_{hash_collisions,occupied_buckets,total_buckets}
Tests & docs:
- Unity unit test (tests/test_ratelimit.c) covering live-bucket
collisions, occupancy tracking, and the collision counter.
- End-to-end positive/negative system test (run_tests_ratelimit_401.sh)
and a Prometheus counter test (run_tests_prom.sh).
- A 401-response-flood load harness under examples/loadtest/.
- docs/401-ratelimit.md design note, plus man page, README, Prometheus
docs, and the example/Docker turnserver.conf entries.
|
3 days ago |
|
Pavel Punsky
|
53f3ed9104
|
Prom https (#1956)
## Summary Adds an optional **HTTPS mode for the Prometheus `/metrics` endpoint**, and bundles three supporting improvements that surfaced while building and testing it: more reliable `libmicrohttpd` detection, a fix for slow `turnserver` startup on macOS, and expanded/robust Prometheus tests. ## Changes ### 1. Optional HTTPS for the Prometheus exporter The exporter previously served `/metrics` over plain HTTP only. It can now optionally serve over HTTPS via libmicrohttpd's TLS support. - `--prometheus-tls` — serve the metrics endpoint over HTTPS instead of HTTP. - `--prometheus-cert <file>` / `--prometheus-key <file>` — PEM cert/key for the endpoint; default to the server's own `--cert` / `--pkey` when unset. `start_prometheus_server()` loads the cert/key into memory, enables `MHD_USE_TLS`, and passes `MHD_OPTION_HTTPS_MEM_CERT/KEY`. If TLS is requested but no cert/key can be loaded (or libmicrohttpd lacks TLS support), it logs an error and does not start. The startup log now notes the `(http)`/`(https)` scheme. `docs/Prometheus.md` documents the new flags. *(`src/apps/relay/prom_server.c`, `mainrelay.c`, `mainrelay.h`, `docs/Prometheus.md`)* ### 2. Reliable `libmicrohttpd` detection in `configure` The autotools `configure` probed libmicrohttpd with a bare `cc -lmicrohttpd` link test (no include/lib paths), so it failed to find Homebrew-installed libmicrohttpd on macOS and silently disabled Prometheus — even though OpenSSL/libevent (also Homebrew) were found via pkg-config. `configure` now detects libmicrohttpd via `pkg-config` first (matching how libssl/libevent are already detected), falling back to the bare link probe on platforms without a `.pc` file. `./configure && make` now builds the exporter on macOS without manual `CFLAGS`/`LDFLAGS`. *(`configure`)* ### 3. Faster `turnserver` startup on macOS macOS lacks `pthread_barrier_*`, so the thread-startup rendezvous in `netengine.c` degraded to a flat `sleep(5)` — adding ~5s to every startup (and it was racy: threads proceeded even if setup took longer than the fixed sleep). Replaced the shim with a real portable barrier built on a mutex + condition variable, behind a unified macro API: **native `pthread_barrier` is still used on Linux**, the portable barrier is used only where it is unavailable. The previous racy `sched_yield()` spin-wait fallback is removed as well. *(`src/apps/relay/netengine.c`)* ### 4. Prometheus test coverage + robustness `examples/run_tests_prom.sh` now also covers the HTTPS endpoint (explicit cert/key, cert/key inherited from `--cert`/`--pkey`, and a negative test that an unreadable cert keeps the endpoint down, including a check that the TLS endpoint rejects plaintext HTTP). Readiness is now detected by polling the endpoint / server log instead of fixed `sleep` intervals, making the suite both faster (~70s → ~2s) and less flaky. *(`examples/run_tests_prom.sh`)* ## New flags | Flag | Description | |---|---| | `--prometheus-tls` | Serve `/metrics` over HTTPS. Requires libmicrohttpd built with TLS support. | | `--prometheus-cert <file>` | PEM certificate for the HTTPS endpoint (default: the server's `--cert`). | | `--prometheus-key <file>` | PEM private key for the HTTPS endpoint (default: the server's `--pkey`). | ## Validation - **macOS** (portable-barrier path): `clang-format` clean, 10/10 unit tests, and `run_tests.sh` / `run_tests_conf.sh` / `run_tests_multiplex_peer.sh` / `run_tests_prom.sh` all pass. Exporter now reachable at startup `t=0` (was `t=5`). - **Linux** (Docker, native-`pthread_barrier` path): clean build, 9/9 unit tests, and all four system-test suites pass (TCP/TLS/UDP/DTLS). --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
4 days ago |
|
Pavel Punsky
|
1ec81eff10
|
Build Prometheus exporter from vendored local sources (#1955)
## Summary The Prometheus exporter previously linked the [digitalocean/prometheus-client-c](https://github.com/digitalocean/prometheus-client-c) (`prom`) library, which is **no longer maintained**. This replaces it with a minimal, self-contained Prometheus client under `src/prometheus/` that is built straight from coturn's own sources and implements exactly the slice of the API coturn uses: counters, gauges, a single default registry, and the text-exposition serializer. The vendored client is **drop-in API-compatible**, so `prom_server.c` is unchanged. Histograms, summaries, custom registries and the upstream `promhttp` handler are intentionally omitted (coturn serves `/metrics` with its own libmicrohttpd handler). The exporter is now **always compiled in**; the runtime `--prometheus` flag still controls whether it starts. **libmicrohttpd** — actively maintained — is the only remaining external dependency and is now required by the build. ## Changes - **`src/prometheus/{prom.h,prom.c}`** — vendored client. Thread-safe (per-metric mutex on the increment path, read under lock in the bridge), label-aware, with proper Prometheus value/label escaping and clean integer formatting for counters. No deps beyond pthread/libc. - **CMake** — replace `find_package(Prometheus)` with required `find_package(MicroHTTPD)`; add `cmake/FindMicroHTTPD.cmake`; remove dead `cmake/FindPrometheus.cmake` and the `WITH_PROMETHEUS` option. - **`configure` / `Makefile.in`** — drop `-lprom`, compile the vendored source. - **Docker** (`debian`, `alpine`) and **CI** (`ubuntu-build-deps`, `mingw`) — remove the `prometheus-client-c` build/install steps; keep libmicrohttpd. - **`docs/Prometheus.md`** rewritten. - **`tests/test_prometheus.c`** — Unity tests for counter accumulation/monotonicity, gauge inc/dec, and label-value escaping. ## Validation - Full build green; all unit tests pass (incl. new `test_prometheus`); `clang-format-15` clean. - Live exporter scraped over HTTP — all `run_tests_prom.sh` scenarios (default / custom address / port / path, plus the negative case) pass. --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
4 days ago |
|
Pavel Punsky
|
273f2e8a0c
|
Add optional TLS transport for Redis connections (#1951)
The Redis driver previously connected only over plaintext TCP, so a Redis server configured for TLS-only (tls-port) was unreachable. Add an opt-in TLS transport built on the hiredis_ssl library, covering both the synchronous userdb path and the asynchronous statsdb path. Fixes #651 New connection-string keys (for --redis-userdb and --redis-statsdb): tls/ssl, ca/cacert, capath, cert, clientkey, sni/servername, verify (peer|none). Server-certificate verification is on by default. - Extract the connection-string parser into a dependency-free unit (dbd_redis_conninfo.c/.h) and unit-test it (tests/test_redis_conninfo.c). - hiredis_ssl is detected via pkg-config; without it tls=true is rejected with an explicit error and the build still compiles (hiredis-only). - The blocking sync handshake honors connect_timeout so a plaintext endpoint mistakenly addressed with tls=true cannot hang. - Document the options in docs/Redis.md, the man page, and example config. --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> |
4 days ago |
|
Pavel Punsky
|
8c7d8fcb86
|
Enable --udp-recvmmsg by default on Linux (#1930)
## Summary Flips the Linux default for `--udp-recvmmsg` from **off** to **on**. Operators opt out with `--udp-recvmmsg=false` (or `=0`). > **Stacked on #1929.** This depends on the recvmmsg-scoping change in #1929 and is based on that branch, so the diff shows only the default-on change. GitHub will auto-retarget the base to `master` once #1929 merges. Merge #1929 first. ## Why this is now safe The original objection to default-on (recorded in `docs/PerformanceIterationLog.md`) was the **per-session-relay-socket prealloc tax**: `--udp-recvmmsg` applied the 16-buffer batch path to every connected relay socket, which only ever carries one flow, so the churn ate the listener-side win. #1929 scoped recvmmsg to **shared fan-in sockets only** (`udp_recvmmsg_eligible`: the client listener, plus the per-thread shared relay socket under `--multiplex-peer`). Per-session relay sockets now stay on the single-recv path regardless of the flag, so that tax is gone. The one socket touched by default — the client listener — is a genuine fan-in point: - batches whenever client concurrency is non-trivial (measured `avg_batch ≈ 16` under load), and - costs little when idle (few packets ⇒ few prealloc cycles). ## What changed - `mainrelay.c`: `turn_params.udp_recvmmsg` default `false → true` (Linux only). - Removed the now-dead `--multiplex-peer` auto-enable block and the `udp_recvmmsg_set_explicitly` tracking it relied on; multiplex-peer gets its recvmmsg window from the default. The opt-out flows through the normal `get_bool_value` path. - Help text, `man/man1/turnserver.1`, `examples/etc/turnserver.conf`, `CLAUDE.md`, and `docs/PerformanceIterationLog.md` updated for the new default + opt-out. Per-session relay sockets and DTLS session sockets are unchanged. ## Validation - **Format:** clang-format 15.0.7 clean. - **macOS:** build + ctest 6/6 + `run_tests.sh` pass. - **Linux (Docker, clean build):** ctest 5/5; `run_tests.sh`, `run_tests_conf.sh`, `run_tests_multiplex_peer.sh` all pass (no FAIL). - **Runtime proof (loopback, `--udp-recvmmsg-log`):** - Default, no flag: recvmmsg active, `calls=13714 packets=219306 avg_batch=15.99`. - `--udp-recvmmsg=false`: zero recvmmsg activity — opt-out confirmed. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
4 weeks ago |
|
Pavel Punsky
|
b17f5c482f
|
Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching (#1927)
## Summary Adds a Linux-only `--udp-sendmmsg-log` flag (mirroring `--udp-recvmmsg-log`) that logs per-relay-thread **egress** batch statistics every 10 s: flush count, total datagrams, average batch occupancy, UDP-GSO engagement (`gso_flushes`/`gso_datagrams`/`gso_frac`), and a per-flush occupancy histogram. ## Motivation `--multiplex-peer` enables `sendmmsg`/UDP-GSO coalescing on the egress path, but there was no way to see whether it actually coalesces anything. While investigating this I confirmed a non-obvious property worth documenting: - Per-session UDP **client** sockets are children of the listener (`parent_s`), and `udp_send_fd()` returns the shared **listener fd** for all of them. Combined with the `recvmmsg`-driven batch window, relay→client **downlink** sends to *different clients* already coalesce into one `sendmmsg` on the listener fd — the listener fd is effectively a shared client-facing send socket. (In non-multiplex mode each allocation has its own relay socket, so a `recvmmsg` drain spans only one session and the downlink batch is a singleton — cross-client batching genuinely requires `--multiplex-peer`.) - UDP-GSO only engages when destination **and** segment size match across a batch, so at low per-flow packet rates (VoIP-style, tens of pps per flow) it rarely fires. This flag makes both effects measurable instead of assumed. ## Example Captured under a `--multiplex-peer --udp-gso` load: ``` udp-sendmmsg stats: flushes=21 datagrams=27 avg_batch=1.29 gso_flushes=0 \ gso_datagrams=0 gso_frac=0.000 hist_1=17 hist_2=2 hist_3_4=2 hist_5_8=0 hist_9_16=0 hist_17_32=0 ``` - `avg_batch` — mean datagrams per flush (1.0 = no coalescing) - `gso_frac` — fraction of datagrams sent via UDP-GSO (~0 = GSO not earning its keep) - `hist_*` — per-flush occupancy histogram Both rise with aggregate pps and sit near the floor on lightly loaded servers. ## Implementation - Counters on `ioa_engine` (behind `#if defined(__linux__)`), bumped once per flush in `udp_sendmmsg_flush()` and once per `recvmmsg` call — no per-datagram cost. - New `--udp-sendmmsg-log` CLI flag + 10 s periodic logger in the engine timer, mirroring the existing recvmmsg stats path. - Docs: a new "Egress Batching (sendmmsg / UDP-GSO) and Observability" section in `docs/multiplex-peer.md`. ## Testing - macOS: build + `ctest` (6/6) + `run_tests.sh` pass (instrumentation is `#if __linux__`, validating flag plumbing + the non-Linux stub path). - Linux (clean Ubuntu 24.04 Docker): build + `ctest` (4/4) + `run_tests.sh` / `run_tests_conf.sh` / `run_tests_multiplex_peer.sh` pass, and a `--multiplex-peer --udp-gso --udp-sendmmsg-log` load run emitted the stats line above. |
4 weeks ago |
|
Pavel Punsky
|
e0c37a3aa0
|
Multiplexpeer (#1916)
## Summary Adds **`--multiplex-peer`**, a non-standard relay mode that replaces the per-allocation peer-side port bind with **one shared IPv4+IPv6 UDP socket pair per relay thread**. Sessions are demultiplexed by exact peer IP:port in a per-thread `mp_table`. This lifts the ~16 k allocation cap that the default 49152-65535 relay port range imposes, and dramatically reduces kernel-level UDP receive-buffer drops under high pps. Design and trade-offs: [docs/multiplex-peer.md](docs/multiplex-peer.md). ## What changes ### Server (turnserver) - **`--multiplex-peer`** (cross-platform) — enable the shared per-thread relay sockets. Replaces the per-session port bind. Implies sendmmsg batching on Linux and default-enables `--udp-recvmmsg` (override with `--udp-recvmmsg=0`). Incompatible with EVEN-PORT — those Allocates are rejected with 400. - **`--multiplex-peer-port <port>`** (cross-platform, default 3480) — base port; thread `i` binds `<base>+2i` (IPv4) and `<base>+2i+1` (IPv6). A 4-thread server consumes 8 ports. - **`--udp-gso`** (Linux-only CLI) — UDP-GSO (`UDP_SEGMENT` cmsg) on the relay send path. Requires `--multiplex-peer` (which is what enables the sendmmsg batching GSO piggybacks on); passing `--udp-gso` alone is a silent no-op. - **CLI surface tightened**: `--udp-recvmmsg`, `--udp-recvmmsg-log`, `--udp-gso` and their fields are now `#if defined(__linux__)` — absent from `--help`, rejected with `unrecognized option`, and the code paths compile out on macOS/Windows. - **Windows portability**: `SO_REUSEPORT` in `mp_open_socket` wrapped in `#ifdef` (MSVC's Winsock doesn't define it; REUSEPORT was defensive anyway because the per-thread port layout is unique by construction). - **`--sock-buf-size` honoured at startup**: the shared multiplex-peer relay socket now calls `set_ioa_socket_buf_size` in `mp_open_socket` so the configured rcvbuf is in effect from the moment the socket exists, not deferred to the first Allocate. ### turnutils_uclient (loadgen) - **`--no-even-port`** — force `ep = -1` on Allocate. The default path randomly attaches EVEN-PORT (with no-R bit) even under `-c`, which `--multiplex-peer` strictly rejects with 400; this flag makes alloc-flood runs against multiplex-peer deterministic. - **Legacy `timer_handler` now wraps the per-tick send batch with `uclient_send_batch_begin/_end`** — without this, runs with `--sender-threads 0` (the default for `-m < 4`) silently fell through every send to plain `send(2)`. strace A/B: 205 k `sendto` → 61 k `sendmsg` (GSO) + 4 k `sendmmsg` + small `sendto` residual for control. ## Measured impact (3-droplet DigitalOcean, c-4 / 4 vCPU, 8 concurrent UDP streams, 45 s) | | baseline | `--udp-recvmmsg` | `--multiplex-peer` | `--multiplex-peer --udp-gso` | |---|---:|---:|---:|---:| | Server NIC rx pps (UDP relay both legs) | 350 k | 334 k | 326 k | 294 k | | Server `UdpInDatagrams` pps | 279 k | 292 k | 300 k | 294 k | | **Server `UdpRcvbufErrors` pps** | **71 k** | 42 k | 26 k | **0.3 k (−99.6 %)** | | **`turnserver` process CPU** | **387 %** | 205 % | 283 % | **133 % (−65 %)** | | Server host idle | 22 % | 49 % | 41 % | **68 %** | Same loadgen-side packet rate (~2 M pps reported by uclient `send_pps` after the legacy-path batching fix). Iteration log: [docs/PerformanceIterationLog.md](docs/PerformanceIterationLog.md). ## Test plan - [x] `ctest --test-dir build` — 3/3 pass (test_ioaddr, test_stun_msg, test_http_server) on macOS + Linux. - [x] `examples/run_tests.sh` — 4 protocols + 4 threaded + load-gen smoke on Linux; 4 protocols on macOS. - [x] `examples/run_tests_conf.sh` — same coverage, conf-driven. - [x] `examples/run_tests_multiplex_peer.sh` — UDP/TCP/TLS/DTLS via `--multiplex-peer --multiplex-peer-port=35000` on macOS + Linux. - [x] Flag matrix smoke on macOS: `--multiplex-peer`, `--multiplex-peer-port=42000`, `--multiplex-peer --udp-gso` (no-op), `uclient --no-even-port`, `uclient --listener-threads N --sender-threads M` — all pass; `--udp-recvmmsg` / `--udp-gso` correctly rejected with `unrecognized option`. - [x] Flag matrix smoke on Linux (Docker): same + `--udp-recvmmsg` accepted, `--multiplex-peer` auto-enables `--udp-recvmmsg`, `--udp-recvmmsg=0` overrides the auto-enable. - [x] Windows compile fix verified — `SO_REUSEPORT` no longer referenced unconditionally. - [x] 3-droplet perf matrix completed; per-hop UDP counters captured. ## Docs updated - New: [docs/multiplex-peer.md](docs/multiplex-peer.md) - [README.turnserver](README.turnserver): full entries for `--multiplex-peer`, `--multiplex-peer-port`, `--udp-gso`; clarified `--udp-recvmmsg` auto-enable semantics. - [README.turnutils](README.turnutils): added `--no-even-port`, plus previously-undocumented `--listener-threads` / `--sender-threads` loadgen pool flags. - [examples/etc/turnserver.conf](examples/etc/turnserver.conf): commented `udp-recvmmsg`, `udp-recvmmsg-log`, `udp-gso`, `multiplex-peer`, `multiplex-peer-port` keys with one-paragraph descriptions and pointer to `docs/multiplex-peer.md`. - Man pages regenerated via `./make-man.sh`. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
1 month ago |
|
Pavel Punsky
|
5959ecfb13
|
Add UDP-GSO send path (--udp-gso) (#1907)
## Summary - New `--udp-gso` flag (Linux, requires `--udp-sendmmsg`) collapses same-destination, same-size sendmmsg batches into a single `sendmsg` with a `UDP_SEGMENT` cmsg, so the kernel allocates one super-skb that traverses the network stack once and is segmented at egress instead of running `udp_sendmsg → ip_finish_output → __dev_queue_xmit` per datagram. - Also wraps the relay-side `recvmmsg` callback loop in `udp_sendmmsg_batch_begin/end` so peer→client sends triggered inside a recv batch can also coalesce — without that wrapping the relay path issues one `sendto` per delivered datagram. - Sticky-disable on `EINVAL/ENOPROTOOPT` for older kernels/NICs that lack UDP-GSO; one warning logged, then transparent fallback to the existing `sendmmsg` and `udp_send` paths. ## Why The `--udp-recvmmsg` and `--udp-sendmmsg` follow-ups confirmed (see [docs/PerformanceIterationLog.md](docs/PerformanceIterationLog.md)) that on the relay flood workload the dominant cost is the per-datagram kernel TX path. mmsg-style batching reduces only the syscall entry/exit, not the per-skb stack traversal — UDP-GSO collapses both. ## Result DigitalOcean nyc1 c-4, 30 s alternating A/B, `-Y packet -m 1`, eth1 TX as the authoritative server forwarding metric: | Variant | eth1 RX | eth1 TX | sys CPU | idle CPU | |---|---:|---:|---:|---:| | baseline (no flags) | 322,091 | 127,445 | 22.9 % | 67.5 % | | `--udp-recvmmsg --udp-sendmmsg --udp-gso` | 266,068 | **257,996** | 15.0 % | 78.7 % | | baseline (no flags) | 309,475 | 125,573 | 20.9 % | 70.7 % | | `--udp-recvmmsg --udp-sendmmsg --udp-gso` | 275,992 | **225,366** | 14.9 % | 74.3 % | Mean server forwarding rate: **126.5 k → 241.7 k pps (+91 %, 1.91×)**, mean system CPU **21.9 % → 14.9 %** — about **2.8× CPU efficiency** (TX pps per system-CPU-%). Full perf-children comparison and methodology in the new section of [docs/PerformanceIterationLog.md](docs/PerformanceIterationLog.md). ## Notes for reviewers - `--udp-gso` is opt-in and requires `--udp-sendmmsg` (the help text states the dependency). Without `--udp-sendmmsg` the batch state never accumulates and GSO has nothing to flush. - GSO eligibility resets on every `_begin/_end`. Mixed-destination, mixed-size, or oversize batches transparently fall back through `sendmmsg` / `udp_send`. - Rebased onto current `master`; the recvmmsg dependency is already merged via #1906. ## Test plan - [x] `cmake --build build --target turnserver` (RelWithDebInfo + ASan local builds clean) - [x] `ctest --test-dir build --output-on-failure` — 3/3 unit tests pass - [x] `examples/run_tests.sh` — TCP/TLS/UDP pass; DTLS pre-existing failure on macOS environment, unrelated to this change - [x] DigitalOcean A/B perf validation captured above - [ ] Reviewer to confirm CI green on Linux build/test/CodeQL --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
2 months ago |
|
Pavel Punsky
|
a5005c4193
|
Relay recvmmsg (#1906)
## Summary Extends the existing Linux-only `--udp-recvmmsg` flag from the UDP listener socket to also cover **connected per-session UDP relay sockets**, so steady-state client→relay and peer→relay traffic on plain UDP is read in batches of up to 16 datagrams per `recvmmsg(2)` instead of one `recvmsg` per packet. DTLS sessions still go through the SSL read path and are unchanged. The flag stays **opt-in**: receive-side batching works correctly, but on the current `m=1` / `m=100` benchmarks throughput is flat to slightly negative — the bottleneck has moved past receive (see results below). ## What's in the change - **Shared receive helpers** (`src/apps/relay/ns_ioalib_engine_impl.c`, `src/apps/relay/ns_ioalib_impl.h`): - `ioa_parse_udp_recvmsg_cmsg()` — single TTL/TOS/`IP_RECVERR` cmsg parser used by both `udp_recvfrom()` and the new batch path. Replaces the duplicated parser previously inlined in `dtls_listener.c` and `udp_recvfrom()`. - `ioa_init_recvmmsg_hdr()` — single initializer for `mmsghdr`/`iovec`/cmsg/source-address fields, also used by the listener. - New `IOA_UDP_RECVMMSG_MAX_BATCH = 16` constant; both listener and relay paths now share it. - **Connected relay batch read** (`socket_udp_read_batch_recvmmsg` in `ns_ioalib_engine_impl.c`): called from `socket_input_worker` for non-SSL UDP sockets when `--udp-recvmmsg` is on. Allocates per-message `stun_buffer_list_elem`s, calls `recvmmsg(MSG_DONTWAIT)`, dispatches each datagram through the existing `read_cb` path, and falls back cleanly on `ENOSYS`/`EINVAL`/`EOPNOTSUPP` (auto-disables the flag) and on `EAGAIN`/short-batch (releases unused buffers). - **Per-engine scratch state**: the `mmsghdr[16]` / `iovec[16]` / cmsg / src-addr arrays live on `ioa_engine`, not on every socket — keeps memory flat at thousands of allocations. - **TTL/TOS-sized cmsg buffers** in the listener: the listener previously over-allocated `64 KiB` per slot; it now uses the same TTL+TOS sizing as the relay path. - **Opt-in occupancy stats** behind a new `--udp-recvmmsg-log` flag: every 10 s the relay logs `udp-recvmmsg stats: calls=… packets=… avg_batch=… wouldblock=… unavailable=… no_buffer=… hist_1=… hist_2=… hist_3_4=… hist_5_8=… hist_9_16=…`. Counters are always tracked (cheap); the periodic log is gated by the new flag so default operation is silent. - **CLI plumbing**: `--udp-recvmmsg-log` long option in `mainrelay.c`/`mainrelay.h`, `cli_print_flag` entry in `turn_admin_server.c`, doc updates in `README.turnserver`. - **Docs**: `docs/PerformanceIterationLog.md` records the iteration steps, validation, and two rounds of DigitalOcean A/B numbers. `CLAUDE.md` load-test instructions updated to mention the new flag and the `tot_recv_msgs` / `tot_recv_bytes` workaround. |
2 months ago |
|
Pavel Punsky
|
69bc0e7351
|
Load generator mode in turnutils_uclient (#1894)
## Summary Adds load-generator modes to `turnutils_uclient` for repeatable TURN server performance testing: - Adds `-Y packet|alloc|invalid` load modes. - Supports packet flood, allocation flood, and invalid-packet flood workflows. - Adds unique local client ports for allocation flood mode. - Removes default packet pacing in load-generator modes unless explicitly set. - Adds helper scripts under `examples/loadtest/`. - Documents load-test usage in `README.turnutils`, `man/man1/turnutils.1`, `CLAUDE.md`, and `docs/PerformanceIterationLog.md`. The performance log captures DigitalOcean benchmark methodology, A/B lessons, hot-path findings, and future optimization candidates. |
2 months ago |
|
Pavel Punsky
|
69aa0e4401
|
Keep only NEV_UDP_SOCKET_PER_THREAD network engine (#1849)
Remove the two engine implementations (NEV_UDP_SOCKET_PER_SESSION and NEV_UDP_SOCKET_PER_ENDPOINT) and all the dispatch/selection logic around them. NEV_UDP_SOCKET_PER_THREAD is now the sole, unconditional implementation. - mainrelay.h: removed _NET_ENG_VERSION enum, typedef, and net_engine_version / net_engine_version_txt struct fields - mainrelay.c: removed NE_TYPE_OPT CLI option, set_network_engine(), per-endpoint branch in print_features(), and all remaining net_engine_version references - netengine.c: removed run_udp_listener_thread(), setup_socket_per_endpoint_udp_listener_servers() (~190 lines), setup_socket_per_session_udp_listener_servers() (~90 lines); simplified setup_barriers(), setup_relay_server(), run_general_relay_thread(), setup_general_relay_servers(), and setup_server() by eliminating all engine-type conditionals - turn_admin_server.c: replaced dynamic engine version lookups with hardcoded values (3 / "UDP thread per CPU core") in CLI and HTTPS status handlers --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
3 months ago |
|
Captain Picarl
|
a6028ddd8a
|
Improve PostgreSQL.md Clarity (#1833)
A rewrite and reformat of the PostgreSQL.md file: - Applies some minor formatting to the document. - Applies consistency between the 'turn' user and 'coturn' database names. - Adds some warnings about issues I encountered during my own installation process (public schema error) - Adds a minor example of restarting a service with SystemD |
3 months ago |
|
Gustavo Garcia
|
ce56a78a7a
|
Add modules diagram to developer doc (#1685)
Add basic diagram with modules of coturn inside Developer.md. I also wanted to move the existing Flow chart to mermaid so that our doc doesn't depend on external tools but i couldn't find the time to do it properly (horizontal arrows are hard to represent with mermaid) so i postponed that part. This is the result of the mermaid diagram:  |
1 year ago |
|
dominiquefournier
|
460cfa38af
|
Update SQLite.md (#1429)
Markdown is now proper |
2 years ago |
|
Kang Lin
|
d33112f84a
|
Update FlowChart (#1377)
|
2 years ago |
|
Kang Lin
|
05900adb2e
|
Doc: add flowchart (#1328)
The flowchart will be kept updated: - Use [drawio](https://app.diagrams.net/) to edit. 1. Open [drawio](https://app.diagrams.net/) in brower 2. Menu → File → Open from ... → Device: Select [FlowChart.html](FlowChart.html) 3. Edit flow chart 4. Export to svg: Menu → File → Export as... → SVG... |
2 years ago |
|
vuittont60
|
da6bc6b0c4
|
Fix typos (#1345)
|
2 years ago |
|
Kang Lin
|
294f897ccd
|
CMake: find prometheus(fix #1304) (#1315)
fix #1304 |
3 years ago |
|
Pavel Punsky
|
85c11b69e3
|
Move and split documentation files (#1096)
This is not a long term documentation works - this is a temp proposal to modernize existing documentation - Create docs folder - Move existing documentation files into docs - Split one massive INSTALL files into smaller files (no text editing was done except small markdown header formatting) - Rename files to be markdowns for nicer rendering - Bad md rendering is expected in many places |
4 years ago |