diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index b5742fb..5211cf6 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -381,6 +381,13 @@ # #stale-nonce +# Uncomment to set the permission lifetime. +# Default to 300 secs (5 minutes). +# In production this value MUST not be changed, +# however it can be useful for test purposes. +# +#permission-lifetime=300 + # Certificate file. # Use an absolute path or path relative to the # configuration file. diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 35ded18..7182688 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -124,7 +124,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"", /////////////// stop server //////////////// 0, /////////////// MISC PARAMS //////////////// -0,0,0,0,0,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0, +0,0,0,0,0,':',0,0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0, ///////////// Users DB ////////////// { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} }, ///////////// CPUs ////////////////// @@ -548,6 +548,8 @@ static char Usage[] = "Usage: turnserver [options]\n" " name will be constructed as-is, without PID and date appendage.\n" " This option can be used, for example, together with the logrotate tool.\n" " --stale-nonce Use extra security with nonce value having limited lifetime (600 secs).\n" +" --permission-lifetime Set the value for the lifetime of the permission. Default to 300 secs.\n" +" This MUST not be changed for production purposes\n" " -S, --stun-only Option to set standalone STUN operation only, all TURN requests will be ignored.\n" " --no-stun Option to suppress STUN functionality, only TURN requests will be processed.\n" " --alternate-server Set the TURN server to redirect the allocate requests (UDP and TCP services).\n" @@ -670,6 +672,7 @@ enum EXTRA_OPTS { MIN_PORT_OPT, MAX_PORT_OPT, STALE_NONCE_OPT, + PERMISSION_LIFETIME_OPT, AUTH_SECRET_OPT, DEL_ALL_AUTH_SECRETS_OPT, STATIC_AUTH_SECRET_VAL_OPT, @@ -787,6 +790,7 @@ static const struct myoption long_options[] = { { "no-udp-relay", optional_argument, NULL, NO_UDP_RELAY_OPT }, { "no-tcp-relay", optional_argument, NULL, NO_TCP_RELAY_OPT }, { "stale-nonce", optional_argument, NULL, STALE_NONCE_OPT }, + { "permission-lifetime", optional_argument, NULL, PERMISSION_LIFETIME_OPT }, { "stun-only", optional_argument, NULL, 'S' }, { "no-stun", optional_argument, NULL, NO_STUN_OPT }, { "cert", required_argument, NULL, CERT_FILE_OPT }, @@ -1048,6 +1052,9 @@ static void set_option(int c, char *value) case STALE_NONCE_OPT: turn_params.stale_nonce = get_bool_value(value); break; + case PERMISSION_LIFETIME_OPT: + turn_params.permission_lifetime = get_int_value(value, STUN_DEFAULT_PERMISSION_LIFETIME); + break; case MAX_ALLOCATE_TIMEOUT_OPT: TURN_MAX_ALLOCATE_TIMEOUT = atoi(value); TURN_MAX_ALLOCATE_TIMEOUT_STUN_ONLY = atoi(value); diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 592a2db..9b6d423 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -285,6 +285,7 @@ typedef struct _turn_params_ { int fingerprint; char rest_api_separator; vint stale_nonce; + vint permission_lifetime; vint mobility; turn_credential_type ct; int use_auth_secret_with_timestamp; diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c index b1cbdc4..de791c2 100644 --- a/src/apps/relay/netengine.c +++ b/src/apps/relay/netengine.c @@ -1633,6 +1633,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int &turn_params.no_tcp_relay, &turn_params.no_udp_relay, &turn_params.stale_nonce, + &turn_params.permission_lifetime, &turn_params.stun_only, &turn_params.no_stun, &turn_params.alternate_servers_list, diff --git a/src/client/ns_turn_msg_defs.h b/src/client/ns_turn_msg_defs.h index da86d34..12f29d8 100644 --- a/src/client/ns_turn_msg_defs.h +++ b/src/client/ns_turn_msg_defs.h @@ -64,7 +64,7 @@ #define STUN_MIN_ALLOCATE_LIFETIME STUN_DEFAULT_ALLOCATE_LIFETIME #define STUN_MAX_ALLOCATE_LIFETIME (3600) #define STUN_CHANNEL_LIFETIME (600) -#define STUN_PERMISSION_LIFETIME (300) +#define STUN_DEFAULT_PERMISSION_LIFETIME (300) #define STUN_NONCE_EXPIRATION_TIME (600) /**/ diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c index 7e2c6f7..a7b6430 100644 --- a/src/server/ns_turn_server.c +++ b/src/server/ns_turn_server.c @@ -848,7 +848,7 @@ static int update_turn_permission_lifetime(ts_ur_super_session *ss, turn_permiss if (server) { - if(!time_delta) time_delta = STUN_PERMISSION_LIFETIME; + if(!time_delta) time_delta = *(server->permission_lifetime); tinfo->expiration_time = server->ctime + time_delta; IOA_EVENT_DEL(tinfo->lifetime_ev); @@ -4796,6 +4796,7 @@ void init_turn_server(turn_turnserver* server, vintp no_tcp_relay, vintp no_udp_relay, vintp stale_nonce, + vintp permission_lifetime, vintp stun_only, vintp no_stun, turn_server_addrs_list_t *alternate_servers_list, @@ -4851,6 +4852,7 @@ void init_turn_server(turn_turnserver* server, server->self_udp_balance = self_udp_balance; server->stale_nonce = stale_nonce; + server->permission_lifetime = permission_lifetime; server->stun_only = stun_only; server->no_stun = no_stun; diff --git a/src/server/ns_turn_server.h b/src/server/ns_turn_server.h index bdba4ea..0df1d90 100644 --- a/src/server/ns_turn_server.h +++ b/src/server/ns_turn_server.h @@ -115,6 +115,7 @@ struct _turn_turnserver { int rfc5780; vintp check_origin; vintp stale_nonce; + vintp permission_lifetime; vintp stun_only; vintp no_stun; vintp secure_stun; @@ -184,6 +185,7 @@ void init_turn_server(turn_turnserver* server, vintp no_tcp_relay, vintp no_udp_relay, vintp stale_nonce, + vintp permission_lifetime, vintp stun_only, vintp no_stun, turn_server_addrs_list_t *alternate_servers_list,