main.c File Reference

🖥️ Server main entry point: multi-client connection manager with per-client rendering threads (60fps video + 172fps audio) More...

Go to the source code of this file.

Macros
#define	KEYBOARD_QUEUE_SIZE   256
	Thread-safe keyboard queue (lock-free SPSC ring buffer)

Functions
int	server_main (void)
	Server mode entry point for unified binary.

Variables
atomic_bool	g_server_should_exit = false
	Global atomic shutdown flag shared across all threads.
mixer_t *volatile	g_audio_mixer = NULL
	Global audio mixer instance for multi-client audio processing.
static_cond_t	g_shutdown_cond = STATIC_COND_INIT
	Global shutdown condition variable for waking blocked threads.
rate_limiter_t *	g_rate_limiter = NULL
	Global rate limiter for connection attempts and packet processing.
bool	g_server_encryption_enabled = false
	Global flag indicating if server encryption is enabled.
private_key_t	g_server_private_key = {0}
	Global server private key (first identity key, for backward compatibility)
private_key_t	g_server_identity_keys [MAX_IDENTITY_KEYS] = {0}
	Global server identity keys array (multi-key support)
size_t	g_num_server_identity_keys = 0
	Number of loaded server identity keys.
public_key_t	g_client_whitelist [MAX_CLIENTS] = {0}
	Global client public key whitelist.
size_t	g_num_whitelisted_clients = 0
	Number of whitelisted clients.

Detailed Description

🖥️ Server main entry point: multi-client connection manager with per-client rendering threads (60fps video + 172fps audio)

MODULAR COMPONENTS:

• main.c (this file): Server initialization, signal handling, connection management
• client.c: Per-client lifecycle, threading, and state management
• protocol.c: Network packet processing and protocol implementation
• stream.c: Video mixing, ASCII frame generation, and caching
• render.c: Per-client rendering threads with rate limiting
• stats.c: Performance monitoring and resource tracking

CONCURRENCY MODEL:

The server creates multiple thread types per client:

1. Receive thread: Handles incoming packets from client (protocol.c functions)
2. Send thread: Manages outgoing packet delivery (client.c)
3. Video render thread: Generates ASCII frames at 60fps (render.c)
4. Audio render thread: Mixes audio streams at 172fps (render.c)
5. Stats logger thread: Periodic performance reporting (stats.c)

Thread Safety:

• Lock ordering: Always acquire g_client_manager_rwlock BEFORE per-client mutexes
• Snapshot pattern: Copy client state under mutex, then process without locks
• Signal-safe shutdown: SIGINT handler only sets flags and closes sockets
• Deterministic cleanup: Main thread waits for all worker threads before exit

WHY THE REFACTORING:

The original server.c became unmaintainable at 2408+ lines, making it:

• Too large for LLM context windows (limited AI-assisted development)
• Difficult for humans to navigate and understand
• Slow to compile and modify
• Hard to isolate bugs and add new features

The modular design enables:

• Faster development cycles (smaller compilation units)
• Better IDE support (jump-to-definition, IntelliSense)
• Easier testing and debugging (isolated components)
• Future extensibility (new protocols, renderers, optimizations)

Author

Zachary Fogg me@zf.nosp@m.o.gg

Date

September 2025

Version

2.0 (Post-Modularization)

Definition in file server/main.c.

Macro Definition Documentation

KEYBOARD_QUEUE_SIZE

#define KEYBOARD_QUEUE_SIZE   256

Thread-safe keyboard queue (lock-free SPSC ring buffer)

Definition at line 269 of file server/main.c.

Function Documentation

server_main()

int server_main

(

void

)

Server mode entry point for unified binary.

This function implements the complete server lifecycle including:

• Server-specific initialization (crypto, shutdown callback)
• Network socket setup and binding
• Main connection accept loop
• Client lifecycle management
• Graceful shutdown and cleanup

Options are already parsed by the main dispatcher before this function is called, so they are available via global opt_* variables.

Returns

0 on success, non-zero error code on failure

Example

# Invoked by dispatcher after options are parsed:
ascii-chat server --port 8080
# Options parsed in main.c, then server_main() called

Definition at line 1731 of file server/main.c.

                      {
  // Common initialization (options, logging, lock debugging) now happens in main.c before dispatch
  // This function focuses on server-specific initialization
 
  // Register shutdown check callback for library code
  shutdown_register_callback(check_shutdown);
 
  // Initialize status screen log buffer if enabled AND terminal is interactive
  // In non-interactive mode (piped output), logs go directly to stdout/stderr
  if (GET_OPTION(status_screen) && terminal_is_interactive()) {
    server_status_log_init();
 
    // Initialize interactive grep for status screen
    interactive_grep_init();
  }
 
  // Initialize crypto after logging is ready
  log_debug("Initializing crypto...");
  if (init_server_crypto() != 0) {
    // Print detailed error context if available
    LOG_ERRNO_IF_SET("Crypto initialization failed");
    FATAL(ERROR_CRYPTO, "Crypto initialization failed");
  }
  log_debug("Crypto initialized successfully");
 
  // Handle keepawake: check for mutual exclusivity and apply mode default
  // Server default: keepawake DISABLED (use --keepawake to enable)
  if (GET_OPTION(enable_keepawake) && GET_OPTION(disable_keepawake)) {
    FATAL(ERROR_INVALID_PARAM, "--keepawake and --no-keepawake are mutually exclusive");
  }
  if (GET_OPTION(enable_keepawake)) {
    (void)platform_enable_keepawake();
  }
 
  log_info("ascii-chat server starting...");
 
  // log_info("SERVER: Options initialized, using log file: %s", log_filename);
  int port = GET_OPTION(port);
  if (port < 1 || port > 65535) {
    log_error("Invalid port configuration: %d", port);
    FATAL(ERROR_CONFIG, "Invalid port configuration: %d", port);
  }
 
  ascii_simd_init();
  precalc_rgb_palettes(weight_red, weight_green, weight_blue);
 
  // Simple signal handling (temporarily disable complex threading signal handling)
  log_debug("Setting up simple signal handlers...");
 
  // Handle Ctrl+C for cleanup
  platform_signal(SIGINT, server_handle_sigint);
  // Handle termination signal (SIGTERM is defined with limited support on Windows)
  platform_signal(SIGTERM, server_handle_sigterm);
#ifndef _WIN32
  // SIGPIPE not supported on Windows
  platform_signal(SIGPIPE, SIG_IGN);
  // Note: SIGUSR1 is registered in src/main.c for all modes
#endif
 
#ifndef NDEBUG
  // Lock debug thread is now started in src/main.c (all modes)
  // Initialize statistics system
  if (stats_init() != 0) {
    FATAL(ERROR_THREAD, "Statistics system initialization failed");
  }
#endif
 
  // Create background worker thread pool for server operations
  g_server_worker_pool = thread_pool_create("server_workers");
  if (!g_server_worker_pool) {
    LOG_ERRNO_IF_SET("Failed to create server worker thread pool");
    FATAL(ERROR_MEMORY, "Failed to create server worker thread pool");
  }
 
  // Spawn statistics logging thread in worker pool
  if (thread_pool_spawn(g_server_worker_pool, stats_logger_thread, NULL, 0, "stats_logger") != ASCIICHAT_OK) {
    LOG_ERRNO_IF_SET("Statistics logger thread creation failed");
  } else {
    log_debug("Statistics logger thread started");
  }
 
  // Network setup - Use tcp_server abstraction for dual-stack IPv4/IPv6 binding
  log_debug("Config check: GET_OPTION(address)='%s', GET_OPTION(address6)='%s'", GET_OPTION(address),
            GET_OPTION(address6));
 
  bool ipv4_has_value = (strlen(GET_OPTION(address)) > 0);
  bool ipv6_has_value = (strlen(GET_OPTION(address6)) > 0);
  // Check if address is localhost (any loopback address, not just exact default)
  bool ipv4_is_default = is_localhost_ipv4(GET_OPTION(address));
  bool ipv6_is_default = is_localhost_ipv6(GET_OPTION(address6));
 
  log_debug("Binding decision: ipv4_has_value=%d, ipv6_has_value=%d, ipv4_is_default=%d, ipv6_is_default=%d",
            ipv4_has_value, ipv6_has_value, ipv4_is_default, ipv6_is_default);
 
  // Determine bind configuration
  bool bind_ipv4 = false;
  bool bind_ipv6 = false;
  const char *ipv4_address = NULL;
  const char *ipv6_address = NULL;
 
  if (ipv4_has_value && ipv6_has_value && ipv4_is_default && ipv6_is_default) {
    // Both are defaults: dual-stack with default localhost addresses
    bind_ipv4 = true;
    bind_ipv6 = true;
    ipv4_address = "127.0.0.1";
    ipv6_address = "::1";
    log_info("Default dual-stack: binding to 127.0.0.1 (IPv4) and ::1 (IPv6)");
  } else if (ipv4_has_value && !ipv4_is_default && (!ipv6_has_value || ipv6_is_default)) {
    // IPv4 explicitly set, IPv6 is default or empty: bind only IPv4
    bind_ipv4 = true;
    bind_ipv6 = false;
    ipv4_address = GET_OPTION(address);
    log_info("Binding only to IPv4 address: %s", ipv4_address);
  } else if (ipv6_has_value && !ipv6_is_default && (ipv4_is_default || !ipv4_has_value)) {
    // IPv6 explicitly set, IPv4 is default or empty: bind only IPv6
    bind_ipv4 = false;
    bind_ipv6 = true;
    ipv6_address = GET_OPTION(address6);
    log_info("Binding only to IPv6 address: %s", ipv6_address);
  } else {
    // Both explicitly set or one explicit + one default: dual-stack
    bind_ipv4 = true;
    bind_ipv6 = true;
    ipv4_address = ipv4_has_value ? GET_OPTION(address) : "127.0.0.1";
    ipv6_address = ipv6_has_value ? GET_OPTION(address6) : "::1";
    log_info("Dual-stack binding: IPv4=%s, IPv6=%s", ipv4_address, ipv6_address);
  }
 
  // Create server context - encapsulates all server state for passing to client handlers
  // This reduces global state and improves modularity by using tcp_server.user_data
  server_context_t server_ctx = {
      .tcp_server = &g_tcp_server,
      .rate_limiter = g_rate_limiter,
      .client_manager = &g_client_manager,
      .client_manager_rwlock = &g_client_manager_rwlock,
      .server_should_exit = &g_server_should_exit,
      .audio_mixer = g_audio_mixer,
      .stats = &g_stats,
      .stats_mutex = &g_stats_mutex,
      .encryption_enabled = g_server_encryption_enabled,
      .server_private_key = &g_server_private_key,
      .client_whitelist = g_client_whitelist,
      .num_whitelisted_clients = g_num_whitelisted_clients,
      .session_host = NULL, // Will be created after TCP server init
  };
 
  // Configure TCP server
  tcp_server_config_t tcp_config = {
      .port = port,
      .ipv4_address = ipv4_address,
      .ipv6_address = ipv6_address,
      .bind_ipv4 = bind_ipv4,
      .bind_ipv6 = bind_ipv6,
      .accept_timeout_sec = ACCEPT_TIMEOUT,
      .client_handler = ascii_chat_client_handler,
      .user_data = &server_ctx, // Pass server context to client handlers
      .status_update_fn = NULL, // Status screen runs in its own thread
      .status_update_data = NULL,
  };
 
  // Initialize TCP server (creates and binds sockets)
  memset(&g_tcp_server, 0, sizeof(g_tcp_server));
  asciichat_error_t tcp_init_result = tcp_server_init(&g_tcp_server, &tcp_config);
  if (tcp_init_result != ASCIICHAT_OK) {
    FATAL(ERROR_NETWORK, "Failed to initialize TCP server");
  }
 
  // Initialize WebSocket server (for browser clients)
  websocket_server_config_t ws_config = {
      .port = GET_OPTION(websocket_port),
      .client_handler = websocket_client_handler,
      .user_data = &server_ctx,
  };
 
  memset(&g_websocket_server, 0, sizeof(g_websocket_server));
  asciichat_error_t ws_init_result = websocket_server_init(&g_websocket_server, &ws_config);
  if (ws_init_result != ASCIICHAT_OK) {
    log_warn("Failed to initialize WebSocket server - browser clients will not be supported");
  } else {
    log_info("WebSocket server initialized on port %d", GET_OPTION(websocket_port));
  }
 
  // =========================================================================
  // UPnP Port Mapping (Quick Win for Direct TCP)
  // =========================================================================
  // Track UPnP success for ACDS session type decision
  // If UPnP fails, we need to create a WebRTC session to enable client connectivity
  bool upnp_succeeded = false;
 
  // Try to open port via UPnP so direct TCP works for ~70% of home users.
  // If this fails, clients fall back to WebRTC automatically - not fatal.
  //
  // Strategy:
  //   1. UPnP (works on ~90% of home routers)
  //   2. NAT-PMP fallback (Apple routers)
  //   3. If both fail: use ACDS + WebRTC (reliable, but slightly higher latency)
  if (GET_OPTION(enable_upnp)) {
    asciichat_error_t upnp_result = nat_upnp_open(port, "ascii-chat Server", &g_upnp_ctx);
 
    if (upnp_result == ASCIICHAT_OK && g_upnp_ctx) {
      char public_addr[22];
      if (nat_upnp_get_address(g_upnp_ctx, public_addr, sizeof(public_addr)) == ASCIICHAT_OK) {
        char msg[256];
        safe_snprintf(msg, sizeof(msg), "🌐 Public endpoint: %s (direct TCP)", public_addr);
        log_console(LOG_INFO, msg);
        log_info("UPnP: Port mapping successful, public endpoint: %s", public_addr);
        upnp_succeeded = true;
      }
    } else {
      log_info("UPnP: Port mapping unavailable or failed - will use WebRTC fallback");
      log_console(LOG_INFO, "📡 Clients behind strict NATs will use WebRTC fallback");
    }
  } else {
    log_debug("UPnP: Disabled (use --upnp to enable automatic port mapping)");
  }
 
  // Initialize synchronization primitives
  if (rwlock_init(&g_client_manager_rwlock) != 0) {
    FATAL(ERROR_THREAD, "Failed to initialize client manager rwlock");
  }
 
  // Lock debug system already initialized earlier in main()
 
  // Check if SIGINT/SIGTERM was received during initialization
  // If so, skip the accept loop entirely and go to cleanup
  if (atomic_load(&g_server_should_exit)) {
    log_info("Shutdown signal received during initialization, skipping server startup");
    goto cleanup;
  }
 
  // Lock debug thread already started earlier in main()
 
  // NOTE: g_client_manager is already zero-initialized in client.c with = {0}
  // We only need to initialize the mutex
  mutex_init(&g_client_manager.mutex);
 
  // Initialize uthash head pointer for O(1) lookup (uthash requires NULL initialization)
  g_client_manager.clients_by_id = NULL;
 
  // Initialize connection rate limiter (prevents DoS attacks)
  if (!atomic_load(&g_server_should_exit)) {
    log_debug("Initializing connection rate limiter...");
    g_rate_limiter = rate_limiter_create_memory();
    if (!g_rate_limiter) {
      LOG_ERRNO_IF_SET("Failed to initialize rate limiter");
      if (!atomic_load(&g_server_should_exit)) {
        FATAL(ERROR_MEMORY, "Failed to create connection rate limiter");
      }
    } else {
      log_info("Connection rate limiter initialized (50 connections/min per IP)");
    }
  }
 
  // Initialize audio mixer (always enabled on server)
  if (!atomic_load(&g_server_should_exit)) {
    log_debug("Initializing audio mixer for per-client audio rendering...");
    g_audio_mixer = mixer_create(MAX_CLIENTS, AUDIO_SAMPLE_RATE);
    if (!g_audio_mixer) {
      LOG_ERRNO_IF_SET("Failed to initialize audio mixer");
      if (!atomic_load(&g_server_should_exit)) {
        FATAL(ERROR_AUDIO, "Failed to initialize audio mixer");
      }
    } else {
      if (!atomic_load(&g_server_should_exit)) {
        log_debug("Audio mixer initialized successfully for per-client audio rendering");
      }
    }
  }
 
  // Initialize mDNS context for LAN service discovery (optional)
  // mDNS allows clients on the LAN to discover this server without knowing its IP
  // Can be disabled with --no-mdns-advertise
  // Note: Actual advertisement is deferred until after ACDS session creation (if --acds is enabled)
  if (!atomic_load(&g_server_should_exit) && !GET_OPTION(no_mdns_advertise)) {
    log_debug("Initializing mDNS for LAN service discovery...");
    g_mdns_ctx = asciichat_mdns_init();
    if (!g_mdns_ctx) {
      LOG_ERRNO_IF_SET("Failed to initialize mDNS (non-fatal, LAN discovery disabled)");
      log_warn("mDNS disabled - LAN service discovery will not be available");
      g_mdns_ctx = NULL;
    } else {
      log_debug("mDNS context initialized, advertisement deferred until session string is ready");
    }
  } else if (GET_OPTION(no_mdns_advertise)) {
    log_info("mDNS service advertisement disabled via --no-mdns-advertise");
  }
 
  // ========================================================================
  // Session Host Creation (for discovery mode support)
  // ========================================================================
  // Create session_host to track clients in a transport-agnostic way.
  // This enables future discovery mode where participants can become hosts.
  if (!atomic_load(&g_server_should_exit)) {
    session_host_config_t host_config = {
        .port = port,
        .ipv4_address = ipv4_address,
        .ipv6_address = ipv6_address,
        .max_clients = GET_OPTION(max_clients),
        .encryption_enabled = g_server_encryption_enabled,
        .key_path = GET_OPTION(encrypt_key),
        .password = GET_OPTION(password),
        .callbacks = {0}, // No callbacks for now
        .user_data = NULL,
    };
 
    server_ctx.session_host = session_host_create(&host_config);
    if (!server_ctx.session_host) {
      // Non-fatal: session_host is optional, server can work without it
      log_warn("Failed to create session_host (discovery mode support disabled)");
    } else {
      log_debug("Session host created for discovery mode support");
    }
  }
 
  // ========================================================================
  // MAIN CONNECTION LOOP - Delegated to tcp_server
  // ========================================================================
  //
  // The tcp_server module handles:
  // 1. Dual-stack IPv4/IPv6 accept loop with select() timeout
  // 2. Spawning client_handler threads for each connection
  // 3. Responsive shutdown when g_tcp_server.running is set to false
  //
  // Client lifecycle is managed by ascii_chat_client_handler() which:
  // - Performs rate limiting
  // - Calls add_client() to initialize structures and spawn workers
  // - Blocks until client disconnects
  // - Calls remove_client() to cleanup and stop worker threads
 
  // ACDS Session Creation: Register this server with discovery service
  // This also determines the session string for mDNS (if --acds is enabled)
  char session_string[64] = {0};
  bool session_is_mdns_only = false;
 
  // ACDS Registration (conditional on --discovery flag)
  if (GET_OPTION(discovery)) {
    // Security Requirement Check (Issue #239):
    // Server IP must be protected by password, identity verification, or explicit opt-in
 
    // Auto-detection: Check if password or identity verification is configured
    const char *password = GET_OPTION(password);
    bool has_password = password && strlen(password) > 0;
    const char *encrypt_key = GET_OPTION(encrypt_key);
    bool has_identity = encrypt_key && strlen(encrypt_key) > 0;
    bool explicit_expose = GET_OPTION(discovery_expose_ip) != 0;
 
    // Validate security configuration BEFORE attempting ACDS connection
    bool acds_expose_ip_flag = false;
 
    if (has_password || has_identity) {
      // Auto-enable privacy: IP revealed only after verification
      acds_expose_ip_flag = false;
      log_plain("🔒 ACDS privacy enabled: IP disclosed only after %s verification",
                has_password ? "password" : "identity");
    } else if (explicit_expose) {
      // Explicit opt-in to public IP disclosure
      // Only prompt if running interactively (can prompt user)
      // When non-interactive (automated/scripted), treat explicit flag as confirmation
      bool is_interactive = terminal_can_prompt_user();
 
      if (is_interactive) {
        log_plain_stderr("");
        log_plain_stderr("⚠️  WARNING: You are about to allow PUBLIC IP disclosure!");
        log_plain_stderr("⚠️  Anyone with the session string will be able to see your IP address.");
        log_plain_stderr("⚠️  This is NOT RECOMMENDED unless you understand the privacy implications.");
        log_plain_stderr("");
 
        if (!platform_prompt_yes_no("Do you want to proceed with public IP disclosure", false)) {
          log_plain_stderr("");
          log_plain_stderr("❌ IP disclosure not confirmed. Server will run WITHOUT discovery service.");
          goto skip_acds_session;
        }
      }
 
      // User confirmed (or running non-interactively with explicit flag) - proceed with public IP disclosure
      acds_expose_ip_flag = true;
      log_plain_stderr("");
      log_plain_stderr("⚠️  Public IP disclosure CONFIRMED");
      log_plain_stderr("⚠️  Your IP address will be visible to anyone with the session string");
    } else {
      // Security violation: No password, no identity, no explicit opt-in
      log_plain_stderr("❌ Cannot create ACDS session: No security configured!");
      log_plain_stderr("   You must either:");
      log_plain_stderr("   1. Set a password: --password \"your-secret\"");
      log_plain_stderr("   2. Use identity key: --key ~/.ssh/id_ed25519");
      log_plain_stderr("   3. Explicitly allow public IP: --acds-expose-ip (NOT RECOMMENDED)");
      log_plain_stderr("");
      log_plain_stderr("Server will run WITHOUT discovery service.");
      goto skip_acds_session;
    }
 
    // Security is configured, proceed with ACDS connection
    const char *acds_server = GET_OPTION(discovery_server);
    uint16_t acds_port = (uint16_t)GET_OPTION(discovery_port);
 
    log_info("Attempting to create session on ACDS server at %s:%d...", acds_server, acds_port);
 
    acds_client_config_t acds_config;
    acds_client_config_init_defaults(&acds_config);
    SAFE_STRNCPY(acds_config.server_address, acds_server, sizeof(acds_config.server_address));
    acds_config.server_port = acds_port;
    acds_config.timeout_ms = 5 * MS_PER_SEC_INT;
 
    // Allocate ACDS client on heap for server lifecycle
    g_acds_client = SAFE_MALLOC(sizeof(acds_client_t), acds_client_t *);
    if (!g_acds_client) {
      log_error("Failed to allocate ACDS client");
      goto skip_acds_session;
    }
 
    asciichat_error_t acds_connect_result = acds_client_connect(g_acds_client, &acds_config);
    if (acds_connect_result != ASCIICHAT_OK) {
      log_error("Failed to connect to ACDS server at %s:%d: %s", acds_server, acds_port,
                asciichat_error_string(acds_connect_result));
      goto skip_acds_session;
    }
    if (acds_connect_result == ASCIICHAT_OK) {
      // Prepare session creation parameters
      acds_session_create_params_t create_params;
      memset(&create_params, 0, sizeof(create_params));
 
      // Use server's Ed25519 identity public key if available
      if (g_server_encryption_enabled && has_identity) {
        memcpy(create_params.identity_pubkey, g_server_private_key.public_key, 32);
        log_debug("Using server identity key for ACDS session");
      } else {
        // No identity key available - use zero key
        // ACDS will accept this if identity verification is not required
        memset(create_params.identity_pubkey, 0, 32);
        log_debug("No server identity key - using zero key for ACDS session");
      }
 
      create_params.capabilities = 0x03; // Video + Audio
      create_params.max_participants = GET_OPTION(max_clients);
      log_debug("ACDS: max_clients option value = %d", GET_OPTION(max_clients));
 
      // Set password if configured
      create_params.has_password = has_password;
      if (has_password) {
        // TODO: Hash password with Argon2id
        SAFE_STRNCPY(create_params.password, password, sizeof(create_params.password));
      }
 
      // Set IP disclosure policy (determined above)
      create_params.acds_expose_ip = acds_expose_ip_flag;
      log_info("DEBUG: Server setting acds_expose_ip=%d (explicit_expose=%d, has_password=%d, has_identity=%d)",
               create_params.acds_expose_ip, explicit_expose, has_password, has_identity);
 
      // Set session type (Direct TCP or WebRTC)
      // Auto-detect: Use WebRTC if UPnP failed OR if explicitly requested via --webrtc
      // Exception: If bind address is 0.0.0.0, server is on public IP - use Direct TCP
      const char *bind_addr = GET_OPTION(address);
      bool bind_all_interfaces = (strcmp(bind_addr, "0.0.0.0") == 0);
 
      // Determine session type: prefer WebRTC by default (unless explicitly disabled)
      // Priority: explicit --webrtc flag > connection type detection > UPnP > default
      if (GET_OPTION(webrtc)) {
        // Explicit WebRTC request
        create_params.session_type = SESSION_TYPE_WEBRTC;
        log_info("ACDS session type: WebRTC (explicitly requested via --webrtc)");
      } else if (bind_all_interfaces) {
        // Bind to 0.0.0.0: use WebRTC as default (better NAT compatibility)
        create_params.session_type = SESSION_TYPE_WEBRTC;
        log_info("ACDS session type: WebRTC (default for 0.0.0.0 binding, provides NAT-agnostic connections)");
      } else if (upnp_succeeded) {
        // UPnP port mapping worked - can use direct TCP
        create_params.session_type = SESSION_TYPE_DIRECT_TCP;
        log_info("ACDS session type: Direct TCP (UPnP succeeded, server is publicly accessible)");
      } else {
        // UPnP failed and not on public IP - use WebRTC for NAT traversal
        create_params.session_type = SESSION_TYPE_WEBRTC;
        log_info("ACDS session type: WebRTC (UPnP failed, server behind NAT)");
      }
 
      // Server connection information (where clients should connect)
      // If bind address is 0.0.0.0, leave server_address empty for ACDS to auto-detect public IP
      if (bind_all_interfaces) {
        create_params.server_address[0] = '\0'; // Empty - ACDS will use connection source IP
        log_debug("Bind address is 0.0.0.0, ACDS will auto-detect public IP from connection");
      } else {
        SAFE_STRNCPY(create_params.server_address, bind_addr, sizeof(create_params.server_address));
      }
      create_params.server_port = port;
 
      // DEBUG: Log what we're sending to ACDS
      log_info("DEBUG: Before SESSION_CREATE - expose_ip_publicly=%d, server_address='%s' port=%u, session_type=%u",
               create_params.acds_expose_ip, create_params.server_address, create_params.server_port,
               create_params.session_type);
 
      // Create session
      acds_session_create_result_t create_result;
      asciichat_error_t create_err = acds_session_create(g_acds_client, &create_params, &create_result);
 
      if (create_err == ASCIICHAT_OK) {
        SAFE_STRNCPY(session_string, create_result.session_string, sizeof(session_string));
        SAFE_STRNCPY(g_session_string, create_result.session_string, sizeof(g_session_string));
        session_is_mdns_only = false; // Session is now registered with ACDS (globally discoverable)
        log_info("Session created: %s", session_string);
 
        // Server must join its own session so ACDS can route signaling messages
        log_debug("Server joining session as first participant for WebRTC signaling...");
        acds_session_join_params_t join_params = {0};
        join_params.session_string = session_string;
 
        // Use same identity key as session creation
        memcpy(join_params.identity_pubkey, create_params.identity_pubkey, 32);
 
        // Include password if session is password-protected
        if (has_password) {
          join_params.has_password = true;
          SAFE_STRNCPY(join_params.password, password, sizeof(join_params.password));
        }
 
        acds_session_join_result_t join_result = {0};
        asciichat_error_t join_err = acds_session_join(g_acds_client, &join_params, &join_result);
        if (join_err != ASCIICHAT_OK || !join_result.success) {
          log_error("Failed to join own session: %s (error: %s)", asciichat_error_string(join_err),
                    join_result.error_message[0] ? join_result.error_message : "unknown");
          // Continue anyway - this is not fatal for Direct TCP sessions
        } else {
          log_debug("Server joined session successfully (participant_id: %02x%02x...)", join_result.participant_id[0],
                    join_result.participant_id[1]);
          // Store participant ID for WebRTC signaling (needed to identify server in SDP/ICE messages)
          memcpy(g_server_participant_id, join_result.participant_id, 16);
          log_debug("Stored server participant_id for signaling: %02x%02x...", g_server_participant_id[0],
                    g_server_participant_id[1]);
          memcpy(create_result.session_id, join_result.session_id, 16);
        }
 
        // Keep ACDS connection alive for WebRTC signaling relay
        log_debug("Server staying connected to ACDS for signaling relay");
 
        // Create ACDS transport wrapper for sending signaling packets
        g_acds_transport = acip_tcp_transport_create(g_acds_client->socket, NULL);
        if (!g_acds_transport) {
          log_error("Failed to create ACDS transport wrapper");
        } else {
          log_debug("ACDS transport wrapper created for signaling");
 
          // Start ACDS ping thread to keep connection alive (for ALL session types)
          int ping_thread_result = asciichat_thread_create(&g_acds_ping_thread, acds_ping_thread, NULL);
          if (ping_thread_result != 0) {
            log_error("Failed to create ACDS ping thread: %d", ping_thread_result);
          } else {
            log_debug("ACDS ping thread started to keep connection alive");
            g_acds_ping_thread_started = true;
          }
        }
 
        // Initialize WebRTC peer_manager if session type is WebRTC
        if (create_params.session_type == SESSION_TYPE_WEBRTC) {
          log_debug("Initializing WebRTC library and peer manager for session (role=CREATOR)...");
 
          // Initialize WebRTC library (libdatachannel)
          asciichat_error_t webrtc_init_result = webrtc_init();
          if (webrtc_init_result != ASCIICHAT_OK) {
            log_error("Failed to initialize WebRTC library: %s", asciichat_error_string(webrtc_init_result));
            g_webrtc_peer_manager = NULL;
          } else {
            log_debug("WebRTC library initialized successfully");
 
            // Configure STUN servers for ICE gathering (static to persist for peer_manager lifetime)
            static stun_server_t stun_servers[4] = {0};
            static unsigned int g_stun_init_refcount = 0;
            static static_mutex_t g_stun_init_mutex = STATIC_MUTEX_INIT;
            static int stun_count = 0; // Store actual count separately
 
            static_mutex_lock(&g_stun_init_mutex);
            if (g_stun_init_refcount == 0) {
              log_debug("Parsing STUN servers from options: '%s'", GET_OPTION(stun_servers));
              int count =
                  stun_servers_parse(GET_OPTION(stun_servers), OPT_ENDPOINT_STUN_SERVERS_DEFAULT, stun_servers, 4);
              if (count > 0) {
                stun_count = count;
                log_debug("Parsed %d STUN servers", count);
                for (int i = 0; i < count; i++) {
                  log_debug("  STUN[%d]: '%s' (len=%d)", i, stun_servers[i].host, stun_servers[i].host_len);
                }
              } else {
                log_warn("Failed to parse STUN servers, using defaults");
                stun_count = stun_servers_parse(OPT_ENDPOINT_STUN_SERVERS_DEFAULT, OPT_ENDPOINT_STUN_SERVERS_DEFAULT,
                                                stun_servers, 4);
                log_debug("Using default STUN servers, count=%d", stun_count);
                for (int i = 0; i < stun_count; i++) {
                  log_debug("  STUN[%d]: '%s' (len=%d)", i, stun_servers[i].host, stun_servers[i].host_len);
                }
              }
              g_stun_init_refcount = 1;
            }
            static_mutex_unlock(&g_stun_init_mutex);
 
            // Configure peer_manager
            webrtc_peer_manager_config_t pm_config = {
                .role = WEBRTC_ROLE_CREATOR, // Server accepts offers, generates answers
                .stun_servers = stun_servers,
                .stun_count = stun_count,
                .turn_servers = NULL, // No TURN for server (clients should have public IP or use TURN)
                .turn_count = 0,
                .on_transport_ready = on_webrtc_transport_ready,
                .user_data = &server_ctx,
                .crypto_ctx = NULL // WebRTC handles crypto internally
            };
 
            // Configure signaling callbacks for relaying SDP/ICE via ACDS
            webrtc_signaling_callbacks_t signaling_callbacks = {
                .send_sdp = server_send_sdp, .send_ice = server_send_ice, .user_data = NULL};
 
            // Create peer_manager
            asciichat_error_t pm_result =
                webrtc_peer_manager_create(&pm_config, &signaling_callbacks, &g_webrtc_peer_manager);
            if (pm_result != ASCIICHAT_OK) {
              log_error("Failed to create WebRTC peer_manager: %s", asciichat_error_string(pm_result));
              g_webrtc_peer_manager = NULL;
            } else {
              log_debug("WebRTC peer_manager initialized successfully");
 
              // Start ACDS receive thread for WebRTC signaling relay
              int thread_result = asciichat_thread_create(&g_acds_receive_thread, acds_receive_thread, NULL);
              if (thread_result != 0) {
                log_error("Failed to create ACDS receive thread: %d", thread_result);
                // Cleanup peer_manager since signaling won't work
                webrtc_peer_manager_destroy(g_webrtc_peer_manager);
                g_webrtc_peer_manager = NULL;
              } else {
                log_debug("ACDS receive thread started for WebRTC signaling relay");
                g_acds_receive_thread_started = true;
              }
            }
          } // Close else block from webrtc_init() success
        } else {
          log_debug("Session type is DIRECT_TCP, skipping WebRTC peer_manager initialization");
        }
 
        // Advertise mDNS with ACDS session string
        // This ensures both mDNS and ACDS discovery return the same session string
        advertise_mdns_with_session(session_string, (uint16_t)port);
      } else {
        log_warn("Failed to create session on ACDS server (server will run without discovery)");
        // Clean up failed ACDS client
        if (g_acds_client) {
          acds_client_disconnect(g_acds_client);
          SAFE_FREE(g_acds_client);
          g_acds_client = NULL;
        }
      }
    } else {
      log_warn("Could not connect to ACDS server at %s:%d (server will run without discovery)", acds_server, acds_port);
    }
  } else {
    log_info("ACDS registration disabled (use --acds to enable)");
  }
 
skip_acds_session:
  // Fallback: If no session string was set by ACDS (either disabled or failed),
  // generate a random session string for mDNS discovery only
  if (session_string[0] == '\0' && g_mdns_ctx) {
    log_debug("No ACDS session string available, generating random session for mDNS");
 
    // Use the proper session string generation from discovery module
    // This generates adjective-noun-noun format using the full wordlists
    if (acds_string_generate(session_string, sizeof(session_string)) != ASCIICHAT_OK) {
      log_error("Failed to generate session string for mDNS");
      return 1;
    }
 
    log_debug("Generated random session string for mDNS: '%s'", session_string);
 
    // Mark that this session is mDNS-only (not globally discoverable via ACDS)
    session_is_mdns_only = true;
 
    // Advertise mDNS with random session string
    advertise_mdns_with_session(session_string, (uint16_t)port);
  }
 
  // ====================================================================
  // Display session string prominently as the FINAL startup message
  // This ensures users see the connection info clearly without logs
  // wiping it away
  // ====================================================================
  if (session_string[0] != '\0') {
    if (session_is_mdns_only) {
      log_plain("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n📋 Session String: %s (LAN only via "
                "mDNS)\n🔗 Share with others on your LAN to join:\n   ascii-chat "
                "%s\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━",
                session_string, session_string);
    } else {
      log_plain("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n📋 Session String: %s\n🔗 Share this "
                "globally to join:\n   ascii-chat %s\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━",
                session_string, session_string);
    }
  }
 
  // Copy session info to globals for status screen display
  SAFE_STRNCPY(g_session_string, session_string, sizeof(g_session_string));
  g_session_is_mdns_only = session_is_mdns_only;
 
  log_debug("Server entering accept loop (port %d)...", port);
 
  // Initialize status screen
  g_server_start_time = time(NULL);
  g_last_status_update = platform_get_monotonic_time_us();
 
  // Clear status screen log buffer to discard initialization logs
  // This ensures only NEW logs (generated after status screen starts) are displayed
  if (GET_OPTION(status_screen)) {
    extern void server_status_log_clear(void);
    server_status_log_clear();
  }
 
  // Start status screen thread if enabled
  // Runs independently at target FPS (default 60 Hz), decoupled from network accept loop
  if (GET_OPTION(status_screen)) {
    if (asciichat_thread_create(&g_status_screen_thread, status_screen_thread, NULL) != 0) {
      log_error("Failed to create status screen thread");
      goto cleanup;
    }
    log_debug("Status screen thread started");
  }
 
  // Start WebSocket server thread if initialized
  if (g_websocket_server.context != NULL) {
    if (asciichat_thread_create(&g_websocket_server_thread, websocket_server_thread_wrapper, &g_websocket_server) !=
        0) {
      log_error("Failed to create WebSocket server thread");
    } else {
      g_websocket_server_thread_started = true;
      log_info("WebSocket server thread started");
    }
  }
 
  // Run TCP server (blocks until shutdown signal received)
  // tcp_server_run() handles:
  // - select() on IPv4/IPv6 sockets with timeout
  // - accept() new connections
  // - Spawn ascii_chat_client_handler() thread for each connection
  // - Responsive shutdown when atomic_store(&g_tcp_server.running, false)
  asciichat_error_t run_result = tcp_server_run(&g_tcp_server);
  if (run_result != ASCIICHAT_OK) {
    log_error("TCP server exited with error");
  }
 
  log_debug("Server accept loop exited");
 
cleanup:
  // Signal status screen thread to exit
  atomic_store(&g_server_should_exit, true);
 
  // Wait for status screen thread to finish if it was started
  if (GET_OPTION(status_screen)) {
    log_debug("Waiting for status screen thread to exit...");
    int join_result = asciichat_thread_join_timeout(&g_status_screen_thread, NULL, NS_PER_SEC_INT); // 1 second
    if (join_result != 0) {
      log_warn("Status screen thread did not exit cleanly (timeout)");
    } else {
      log_debug("Status screen thread exited");
    }
  }
 
  // Cleanup status screen log capture
  server_status_log_destroy();
 
  // Cleanup
  log_debug("Server shutting down...");
  memset(g_session_string, 0, sizeof(g_session_string)); // Clear session string for status screen
 
  // Wake up any threads that might be blocked on condition variables
  // (like packet queues) to ensure responsive shutdown
  // This must happen BEFORE client cleanup to wake up any blocked threads
  static_cond_broadcast(&g_shutdown_cond);
  // NOTE: Do NOT call cond_destroy() on statically-initialized condition variables
  // g_shutdown_cond uses STATIC_COND_INIT which doesn't allocate resources that need cleanup
  // Calling cond_destroy() on a static cond is undefined behavior on some platforms
 
  // Close all client sockets immediately to unblock receive threads.
  // The signal handler only closed the listening socket, but client receive threads
  // are still blocked in recv_with_timeout(). We need to close their sockets to unblock them.
  log_debug("Closing all client sockets to unblock receive threads...");
 
  // Use write lock since we're modifying client->socket
  rwlock_wrlock(&g_client_manager_rwlock);
  for (int i = 0; i < MAX_CLIENTS; i++) {
    client_info_t *client = &g_client_manager.clients[i];
    if (atomic_load(&client->client_id) != 0 && client->socket != INVALID_SOCKET_VALUE) {
      socket_close(client->socket);
      client->socket = INVALID_SOCKET_VALUE;
    }
  }
  rwlock_wrunlock(&g_client_manager_rwlock);
 
  log_debug("Signaling all clients to stop (sockets closed, g_server_should_exit set)...");
 
  // Stop and destroy server worker thread pool (stats logger, etc.)
  if (g_server_worker_pool) {
    thread_pool_destroy(g_server_worker_pool);
    g_server_worker_pool = NULL;
    log_debug("Server worker thread pool stopped");
  }
 
  // Destroy rate limiter
  if (g_rate_limiter) {
    rate_limiter_destroy(g_rate_limiter);
    g_rate_limiter = NULL;
  }
 
  // Shutdown WebSocket server BEFORE removing clients.
  // The LWS event thread runs callbacks that access transport data (impl_data).
  // If we destroy transports via remove_client while LWS is still running,
  // callbacks access freed memory (heap-use-after-free).
  // lws_context_destroy fires LWS_CALLBACK_CLOSED for all connections, which
  // closes transports and NULLs the per-session conn_data->transport pointer.
  // After this, remove_client can safely destroy the transport objects.
  if (g_websocket_server.context != NULL) {
    log_debug("Shutting down WebSocket server before client cleanup");
    atomic_store(&g_websocket_server.running, false);
    // Wake the LWS event loop immediately instead of waiting for the 50ms
    // lws_service timeout. This is safe because the event loop thread can't
    // destroy the context until after it exits its loop (which requires
    // seeing running=false, which we just set).
    websocket_server_cancel_service(&g_websocket_server);
 
    // Join with 2-second timeout only if thread was successfully created.
    // lws_context_destroy() can take 5+ seconds if called from a different thread
    // (waiting for close handshake), but we're destroying from the event loop thread
    // so it's fast. 2s accounts for any slow lws_service() calls or LWS cleanup.
    if (g_websocket_server_thread_started) {
      int join_result =
          asciichat_thread_join_timeout(&g_websocket_server_thread, NULL, 2 * NS_PER_SEC_INT); // 2 seconds in ns
      if (join_result != 0) {
        log_warn("WebSocket thread did not exit cleanly (timeout), forcing cleanup");
      }
      g_websocket_server_thread_started = false;
    }
 
    // Context is destroyed by websocket_server_run from the event loop thread.
    // websocket_server_destroy handles the case where it's already NULL or context already destroyed.
    websocket_server_destroy(&g_websocket_server);
    log_debug("WebSocket server shut down");
  }
 
  // Clean up all connected clients
  log_debug("Cleaning up connected clients...");
  // FIXED: Simplified to collect client IDs first, then remove them without holding locks
  uint32_t clients_to_remove[MAX_CLIENTS];
  int client_count = 0;
 
  rwlock_rdlock(&g_client_manager_rwlock);
  for (int i = 0; i < MAX_CLIENTS; i++) {
    client_info_t *client = &g_client_manager.clients[i];
 
    // Only attempt to clean up clients that were actually connected
    // (client_id is 0 for uninitialized clients, starts from 1 for connected clients)
    // FIXED: Only access mutex for initialized clients to avoid accessing uninitialized mutex
    if (atomic_load(&client->client_id) == 0) {
      continue; // Skip uninitialized clients
    }
 
    // Use snapshot pattern to avoid holding both locks simultaneously
    // This prevents deadlock by not acquiring client_state_mutex while holding rwlock
    uint32_t client_id_snapshot = atomic_load(&client->client_id); // Atomic read is safe under rwlock
 
    // Clean up ANY client that was allocated, whether active or not
    // (disconnected clients may not be active but still have resources)
    clients_to_remove[client_count++] = client_id_snapshot;
  }
  rwlock_rdunlock(&g_client_manager_rwlock);
 
  // Remove all clients without holding any locks
  for (int i = 0; i < client_count; i++) {
    if (remove_client(&server_ctx, clients_to_remove[i]) != 0) {
      log_error("Failed to remove client %u during shutdown", clients_to_remove[i]);
    }
  }
 
  // Clean up hash table
  // Clean up uthash table (uthash handles deletion when the last item is removed,
  // but we should clear it here just in case there are stragglers)
  if (g_client_manager.clients_by_id) {
    client_info_t *current_client, *tmp;
    HASH_ITER(hh, g_client_manager.clients_by_id, current_client, tmp) {
      HASH_DELETE(hh, g_client_manager.clients_by_id, current_client);
      // Note: We don't free current_client here because it's part of the clients[] array
    }
    g_client_manager.clients_by_id = NULL;
  }
 
  // Clean up audio mixer
  if (g_audio_mixer) {
    // Set to NULL first before destroying.
    // Client handler threads may still be running and checking g_audio_mixer.
    // Setting it to NULL first prevents use-after-free race condition.
    // volatile ensures this write is visible to other threads immediately
    mixer_t *mixer_to_destroy = g_audio_mixer;
    g_audio_mixer = NULL;
    mixer_destroy(mixer_to_destroy);
  }
 
  // Clean up mDNS context
  if (g_mdns_ctx) {
    asciichat_mdns_destroy(g_mdns_ctx);
    g_mdns_ctx = NULL;
    log_debug("mDNS context shut down");
  }
 
  // Clean up synchronization primitives
  rwlock_destroy(&g_client_manager_rwlock);
  mutex_destroy(&g_client_manager.mutex);
 
#ifdef NDEBUG
  // Clean up statistics system
  stats_cleanup();
#endif
 
#ifndef NDEBUG
  // Clean up lock debugging system (always, regardless of build type)
  // Lock debug records are allocated in debug builds too, so they must be cleaned up
  lock_debug_destroy();
#endif
 
  // Destroy session host (before TCP server shutdown)
  if (server_ctx.session_host) {
    log_debug("Destroying session host");
    session_host_destroy(server_ctx.session_host);
    server_ctx.session_host = NULL;
  }
 
  // Shutdown TCP server (closes listen sockets and cleans up)
  tcp_server_destroy(&g_tcp_server);
 
  // WebSocket server already shut down before client cleanup (above).
 
  // Join ACDS threads (if started)
  // NOTE: Must be done BEFORE destroying transport to ensure clean shutdown
  if (g_acds_ping_thread_started) {
    log_debug("Joining ACDS ping thread");
    asciichat_thread_join(&g_acds_ping_thread, NULL);
    g_acds_ping_thread_started = false;
    log_debug("ACDS ping thread joined");
  }
 
  if (g_acds_receive_thread_started) {
    log_debug("Joining ACDS receive thread");
    asciichat_thread_join(&g_acds_receive_thread, NULL);
    g_acds_receive_thread_started = false;
    log_debug("ACDS receive thread joined");
  }
 
  // Clean up WebRTC peer manager (if initialized for ACDS signaling relay)
  if (g_webrtc_peer_manager) {
    log_debug("Destroying WebRTC peer manager");
    webrtc_peer_manager_destroy(g_webrtc_peer_manager);
    g_webrtc_peer_manager = NULL;
  }
 
  // Clean up ACDS transport wrapper (if created)
  if (g_acds_transport) {
    log_debug("Destroying ACDS transport wrapper");
    acip_transport_destroy(g_acds_transport);
    g_acds_transport = NULL;
  }
 
  // Disconnect from ACDS server (if connected for WebRTC signaling relay)
  if (g_acds_client) {
    log_debug("Disconnecting from ACDS server");
    acds_client_disconnect(g_acds_client);
    SAFE_FREE(g_acds_client);
    g_acds_client = NULL;
  }
 
  // Clean up SIMD caches
  simd_caches_destroy_all();
 
  // Clean up symbol cache
  // This must be called BEFORE log_destroy() as symbol_cache_destroy() uses log_debug()
  // Safe to call even if atexit() runs - it's idempotent (checks g_symbol_cache_initialized)
  // Also called via platform_destroy() atexit handler, but explicit call ensures proper ordering
  symbol_cache_destroy();
 
  // Clean up global buffer pool (explicitly, as atexit may not run on Ctrl-C)
  // Note: This is also registered with atexit(), but calling it explicitly is safe (idempotent)
  // Safe to call even if atexit() runs - it checks g_global_buffer_pool and sets it to NULL
  buffer_pool_cleanup_global();
 
  // Disable keepawake mode (re-allow OS to sleep)
  platform_disable_keepawake();
 
  // Clean up binary path cache explicitly
  // Note: This is also called by platform_destroy() via atexit(), but it's idempotent
  // (checks g_cache_initialized and sets it to false, sets g_bin_path_cache to NULL)
  // Safe to call even if atexit() runs later
  platform_cleanup_binary_path_cache();
 
  // Clean up errno context (allocated strings, backtrace symbols)
  asciichat_errno_destroy();
 
  // Clean up RCU-based options state
  options_state_destroy();
 
  // Clean up platform-specific resources (Windows: Winsock cleanup, timer restoration)
  // POSIX: minimal cleanup (symbol cache already handled above on Windows)
  socket_cleanup();
  platform_restore_timer_resolution(); // Restore timer resolution (no-op on POSIX)
 
#ifndef NDEBUG
  // Join the lock debug thread as one of the very last things before exit
  lock_debug_cleanup_thread();
#endif
 
  log_info("Server shutdown complete");
 
  asciichat_error_stats_print();
  log_destroy();
 
  // Use exit() to allow atexit() handlers to run
  // Cleanup functions are idempotent (check if initialized first)
  exit(0);
}

References acds_client_config_init_defaults(), acds_client_connect(), acds_client_disconnect(), acds_session_create(), acds_session_join(), acds_string_generate(), acip_tcp_transport_create(), acip_transport_destroy(), ascii_simd_init(), asciichat_errno_destroy(), asciichat_error_stats_print(), asciichat_mdns_destroy(), asciichat_mdns_init(), asciichat_thread_create(), asciichat_thread_join(), buffer_pool_cleanup_global(), client_manager_t::clients, client_manager_t::clients_by_id, g_audio_mixer, g_client_manager, g_client_manager_rwlock, g_client_whitelist, g_num_whitelisted_clients, g_rate_limiter, g_server_encryption_enabled, g_server_private_key, g_server_should_exit, g_shutdown_cond, g_stats, g_stats_mutex, interactive_grep_init(), is_localhost_ipv4(), is_localhost_ipv6(), lock_debug_cleanup_thread(), lock_debug_destroy(), log_destroy(), mixer_create(), mixer_destroy(), client_manager_t::mutex, mutex_destroy(), mutex_init(), nat_upnp_get_address(), nat_upnp_open(), options_state_destroy(), platform_cleanup_binary_path_cache(), platform_disable_keepawake(), platform_enable_keepawake(), platform_get_monotonic_time_us(), platform_prompt_yes_no(), precalc_rgb_palettes(), rate_limiter_create_memory(), rate_limiter_destroy(), remove_client(), rwlock_init(), safe_snprintf(), server_status_log_clear(), server_status_log_destroy(), server_status_log_init(), server_context_t::session_host, session_host_create(), session_host_destroy(), simd_caches_destroy_all(), stats_cleanup(), stats_init(), stats_logger_thread(), stun_servers_parse(), symbol_cache_destroy(), server_context_t::tcp_server, tcp_server_destroy(), tcp_server_init(), tcp_server_run(), terminal_can_prompt_user(), terminal_is_interactive(), thread_pool_create(), thread_pool_destroy(), thread_pool_spawn(), webrtc_init(), webrtc_peer_manager_create(), webrtc_peer_manager_destroy(), websocket_server_cancel_service(), websocket_server_destroy(), websocket_server_init(), weight_blue, weight_green, and weight_red.

Variable Documentation

g_audio_mixer

mixer_t* volatile g_audio_mixer = NULL

Global audio mixer instance for multi-client audio processing.

Global audio mixer.

The mixer combines audio streams from multiple clients, excluding each client's own audio from their outbound stream (preventing echo). Created once during server initialization and shared by all audio render threads.

THREAD SAFETY: The mixer itself is thread-safe and can be used concurrently by multiple render.c audio threads without external synchronization. During shutdown, set to NULL before destroying to prevent use-after-free.

Definition at line 167 of file server/main.c.

Referenced by add_client(), add_webrtc_client(), client_audio_render_thread(), remove_client(), and server_main().

g_rate_limiter

rate_limiter_t* g_rate_limiter = NULL

Global rate limiter for connection attempts and packet processing.

Global connection rate limiter.

In-memory rate limiter to prevent connection flooding and DoS attacks. Tracks connection attempts and packet rates per IP address with configurable limits.

Default limits (from rate_limit.c):

• RATE_EVENT_CONNECTION: 50 connections per 60 seconds
• RATE_EVENT_IMAGE_FRAME: 144 FPS (8640 frames/min)
• RATE_EVENT_AUDIO: 172 FPS (10320 packets/min)
• RATE_EVENT_PING: 2 Hz (120 pings/min)
• RATE_EVENT_CLIENT_JOIN: 10 joins per 60 seconds
• RATE_EVENT_CONTROL: 100 control packets per 60 seconds

THREAD SAFETY: The rate limiter is thread-safe and can be used concurrently from the main accept loop and packet handlers without external synchronization.

See also

main.h for extern declaration

Definition at line 197 of file server/main.c.

Referenced by process_decrypted_packet(), and server_main().

g_server_should_exit

atomic_bool g_server_should_exit = false

Global atomic shutdown flag shared across all threads.

Server shutdown flag.

This flag is the primary coordination mechanism for clean server shutdown. It's atomic to ensure thread-safe access without mutexes, as it's checked frequently in tight loops across all worker threads.

USAGE PATTERN:

• Set to true by signal handlers (SIGINT/SIGTERM) or main loop on error
• Checked by all worker threads to know when to exit gracefully
• Must be atomic to prevent race conditions during shutdown cascade

Definition at line 143 of file server/main.c.

Referenced by client_audio_render_thread(), client_dispatch_thread(), client_receive_thread(), client_send_thread_func(), client_video_render_thread(), handle_image_frame_packet(), server_main(), stats_logger_thread(), and stop_client_render_threads().

g_shutdown_cond

static_cond_t g_shutdown_cond = STATIC_COND_INIT

Global shutdown condition variable for waking blocked threads.

Used to wake up threads that might be blocked on condition variables (like packet queues) during shutdown. This ensures responsive shutdown even when threads are waiting on blocking operations.

Definition at line 176 of file server/main.c.

Referenced by server_main().