Comments (17)
[deleted comment]
from rfc5766-turn-server.
when disconnet, the client has disconnet complete, and socket file descriptor
has release of client. But socket file descriptor has not release of turnserver.
Original comment by [email protected]
on 18 Jul 2013 at 6:10
from rfc5766-turn-server.
Sorry, I indeed have difficulty understanding what you mean. Do you mean that
the socket file descriptors are not released, sometimes ? I've never seen that
problem. I'll double-check it. What kind of test configuration are you running ?
Original comment by [email protected]
on 18 Jul 2013 at 3:18
from rfc5766-turn-server.
I'll try to play with my DOS tests to reproduce the problem.
Original comment by [email protected]
on 18 Jul 2013 at 3:59
from rfc5766-turn-server.
I managed to reproduce a rare minor sockets leak in an intensive DOS attack
test. I am working on it.
Original comment by [email protected]
on 18 Jul 2013 at 7:24
- Changed state: Started
from rfc5766-turn-server.
Original comment by [email protected]
on 18 Jul 2013 at 11:28
- Changed title: Sockets leak and DOS attack prevention
from rfc5766-turn-server.
This will be fixed in 2.1.1.1
Original comment by [email protected]
on 18 Jul 2013 at 11:30
from rfc5766-turn-server.
Thank you for your help.
The attach file is my turnserver.conf, and the mysql DB config file is default
config file.
I use this command to add the database data:
turnadmin -a --mysql-userdb="host=localhost dbname=*** user=*** password=***
connect_timeout=30" -u test –r reTurn -p 1234
And all other operations is the default.
Sorry, my english is not good.
Original comment by [email protected]
on 19 Jul 2013 at 1:27
Attachments:
from rfc5766-turn-server.
Thanks.
I found a small sockets leak and I am fixing it.
Unfortunately, even if the TURN server does everything correctly then still it
is possible to reach the "too many open sockets" state. If you are quickly
opening new sessions, and especially if you set longer lifetime on the sessions
(like 1800 or 3600) then eventually there will be more sockets than you system
allow. UDP sessions do not have explicit "close" procedure - they are getting
closed on timeout, by default it is 10 minutes.
You can set user quotes to prevent single user from opening too many sessions.
Other than that, not much can be done. After the socket limit exhaustion, the
server stops accepting the new connections; but it is pretty much alive and it
will eventually recover when the unused sessions will be cleaned out. Then the
server will be available again.
You can also start the TURN server from the root account, then on some systems
it will have higher limit of sockets number.
Original comment by [email protected]
on 19 Jul 2013 at 1:39
from rfc5766-turn-server.
Yes, Sometimes,the socket file are not released. This occur at client connect
and disconnect fast speed. the not release socket file is create by
create_unbound_ioa_socket func. My client connect will produce 24 socket file
descriptor one time. Beauese one time has UAC and UAS client.
Original comment by [email protected]
on 19 Jul 2013 at 1:41
from rfc5766-turn-server.
As I said, the UDP sessions do not have "disconnect" procedure - they are
getting closed on timeout. You can make that cleanup quick if you set short
allocation session lifetime. So, if you are using default lifetime (600
seconds) and you are connection 100 sessions per second, then in 1 minutes you
will have 6000 sessions, and so on. The TURN server will start releasing
sessions only after 10 minutes, unless you explicitly use short LIFETIME
attribute in the session allocation. After 2 minutes you will see messages like
"too many open sockets" and between 2nd and 10th minutes the TURN server will
reject any new connection. After 10th minute, it will start accepting them
again.
Original comment by [email protected]
on 19 Jul 2013 at 1:48
from rfc5766-turn-server.
Thanks a lot!
I know what you mean. I has a question, When client connect to turnserver, it
will registered refresh_client_ss_allocation_timeout_hander event, but
sometimes the client_ss_allocation_timeout_handler callback has not run, so at
this time the unbount ioa socket will leak.This situation can improve by way of
what you said ?
Original comment by [email protected]
on 19 Jul 2013 at 4:35
from rfc5766-turn-server.
I say disconnect is close the client proecss. so at this time, the
client_ss_allocation_timeout event will run, but sometimes it has not run
Original comment by [email protected]
on 19 Jul 2013 at 4:38
from rfc5766-turn-server.
I changed the code, it will always run, with an interval. I changed the meaning
of that callback. It was a one-time callback, now it will be a "persistent"
event - a sort of garbage collector. You can take the latest code from SVN as a
preview.
Original comment by [email protected]
on 19 Jul 2013 at 4:40
from rfc5766-turn-server.
Thanks a lot!
I run the new version of TURN Server from SVN, Now, It run ok. It has not
produce the problem.I will do a pressure testing again .
Original comment by [email protected]
on 19 Jul 2013 at 5:09
from rfc5766-turn-server.
I put 2.1.1.1 tarball into the downloads.
Original comment by [email protected]
on 19 Jul 2013 at 5:15
- Changed state: Fixed
from rfc5766-turn-server.
I produced a new build, 2.1.2.0, that is specially optimized for Linux. Its
main focus is DOS attacks defense in Linux environment.
Original comment by [email protected]
on 20 Jul 2013 at 11:23
from rfc5766-turn-server.
Related Issues (20)
- Where is the programming guide? HOT 2
- Install rfc5766 turn server fails on 64-bit Debian Wheezy (running on Google Compute Engine) HOT 3
- ephemeral credentials of the REST API are incorrectly expiring with RFC 6062 connections HOT 1
- the updated password is getting rejected in the ongoing session HOT 2
- SigFault in TCP RFC 6062 operations HOT 1
- [Log] Redis DB connection success even if it fails HOT 3
- "Allocation mismatch" error 437 condition is not handled 100% correctly by the server HOT 3
- When "external IP" option is used, the server still returns "OTHER ADDRESS" attribute, incorrectly HOT 2
- Install docs obsolete? HOT 2
- Want a guide to setup a real p2p testing envrionment HOT 1
- update implementation accordingly to the new mobility draft version HOT 1
- authentication with TLS followed by unencrypted relaying data HOT 5
- Turnserver resource exhaustion via a TLS/SSL client-side renogiation attack. HOT 4
- FreeBSD port is not staged and treated as broken HOT 5
- how to uninstall turnserver-1.8.2.0 HOT 1
- mysqldb connection problem: runtime error HOT 1
- couldn't get TURN REST API to work properly HOT 3
- Turn Server Crashing on executing the Clone function - Performance issue HOT 15
- Limit lifetime of logs in AWS image HOT 7
- turnutils_client can't connect to server with plain user password with redis HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rfc5766-turn-server.