Renamed files, updated header comments
[transsip-mirror.git] / src / stun.c
blob06f97f06135e0f4842febe3ad1bdfe935767aab0
1 /*
2 * transsip - the telephony network
3 * By Daniel Borkmann <daniel@transsip.org>
4 * Copyright 2011 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,
5 * Swiss federal institute of technology (ETH Zurich)
6 * Subject to the GPL, version 2.
7 */
9 #include <stdio.h>
10 #include <stdlib.h>
11 #include <stdint.h>
12 #include <string.h>
13 #include <time.h>
14 #include <unistd.h>
15 #include <netdb.h>
16 #include <netinet/in.h>
17 #include <sys/socket.h>
18 #include <netinet/in.h>
19 #include <arpa/inet.h>
20 #include <sys/select.h>
22 #include "die.h"
23 #include "xmalloc.h"
24 #include "stun.h"
25 #include "timespec.h"
27 /* Discovery type result */
28 #define RESULT_NONE 0
29 #define RESULT_OPEN_INTERNET 1
30 #define RESULT_FIREWALL_BLOCKS_UDP 2
31 #define RESULT_SYMMETRIC_UDP_FIREWALL 3
32 #define RESULT_FULL_CONE_NAT 4
33 #define RESULT_SYMMETRIC_NAT 5
34 #define RESULT_RESTRICTED_CONE_NAT 6
35 #define RESULT_PORT_RESTR_CONE_NAT 7
37 /* Message types */
38 #define BINDING_REQUEST 0x0001
39 #define BINDING_RESPONSE 0x0101
40 #define BINDING_ERROR_RESPONSE 0x0111
41 #define SHARED_SECRET_REQUEST 0x0002
42 #define SHARED_SECRET_RESPONSE 0x0102
43 #define SHARED_SECRET_ERROR_RESPONSE 0x0112
45 /* Attribute types */
46 #define MAPPED_ADDRESS 0x0001
47 #define RESPONSE_ADDRESS 0x0002
48 #define CHANGE_REQUEST 0x0003
49 #define SOURCE_ADDRESS 0x0004
50 #define CHANGED_ADDRESS 0x0005
51 #define USERNAME 0x0006
52 #define PASSWORD 0x0007
53 #define MESSAGE_INTEGRITY 0x0008
54 #define ERROR_CODE 0x0009
55 #define UNKNOWN_ATTRIBUTES 0x000a
56 #define REFLECTED_FROM 0x000b
58 /* Error response codes */
59 #define ERROR_BAD_REQUEST 400
60 #define ERROR_UNAUTHORIZED 401
61 #define ERROR_UNKNOWN_ATTRIBUTE 420
62 #define ERROR_STALE_CREDENTIALS 430
63 #define ERROR_INTEGRITY_CHECK_FAIL 431
64 #define ERROR_MISSING_USERNAME 432
65 #define ERROR_USE_TLS 433
66 #define ERROR_SERVER_ERROR 500
67 #define ERROR_GLOBAL_FAILURE 600
69 #define TIMEOUT 1000
70 #define REQUEST_LEN 20
72 #define ID_COOKIE_FIELD htonl(((int) 'a' << 24) + \
73 ((int) 'c' << 16) + \
74 ((int) 'd' << 8) + \
75 (int) 'c')
77 struct stun_header {
78 uint16_t type;
80 * Message length is the count, in bytes, of the size of the
81 * message, not including the 20 byte header. (RFC-3489)
83 uint16_t len;
85 * transid also serves as salt to randomize the request and the
86 * response. All responses carry the same identifier as
87 * the request they correspond to.
89 /* For the new RFC this would be 0x2112A442 in network Byte order. */
90 uint32_t magic_cookie;
91 uint32_t transid[3];
94 struct stun_attrib {
95 uint16_t type;
96 uint16_t len;
97 uint8_t *value;
100 struct stun_mapped_addr {
101 uint8_t none;
102 uint8_t family;
103 uint16_t port;
104 uint32_t ip;
107 static int stun_test(const char *server_ip, uint16_t server_port,
108 uint16_t tun_port)
110 int ret, sock, set = 1;
111 uint8_t pkt[256];
112 uint8_t rpkt[256];
113 size_t len, off, max;
114 struct in_addr in;
115 struct timeval timeout;
116 struct stun_header *hdr, *rhdr;
117 struct stun_attrib *attr;
118 struct stun_mapped_addr *addr;
119 struct sockaddr_in saddr, daddr;
120 fd_set fdset;
122 if (!server_ip)
123 return -EINVAL;
125 sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
126 if (sock < 0)
127 panic("Cannot obtain socket!\n");
129 ret = setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &set, sizeof(set));
130 if (ret)
131 panic("Cannot set socket option!\n");
133 saddr.sin_family = PF_INET;
134 saddr.sin_port = htons(tun_port);
135 saddr.sin_addr.s_addr = INADDR_ANY;
137 ret = bind(sock, (struct sockaddr *) &saddr, sizeof(saddr));
138 if (ret)
139 panic("Cannot bind udp socket!\n");
141 len = REQUEST_LEN;
142 hdr = (struct stun_header *) pkt;
143 hdr->type = htons(BINDING_REQUEST);
144 hdr->len = 0;
145 hdr->magic_cookie = ID_COOKIE_FIELD;
146 hdr->transid[0] = htonl(rand());
147 hdr->transid[1] = htonl(rand());
148 hdr->transid[2] = htonl(rand());
150 daddr.sin_family = PF_INET;
151 daddr.sin_port = htons(server_port);
152 daddr.sin_addr.s_addr = inet_addr(server_ip);
154 ret = sendto(sock, pkt, len, 0, (struct sockaddr *) &daddr,
155 sizeof(daddr));
156 if (ret != len) {
157 whine("Error sending request (%s)!\n", strerror(errno));
158 return -EIO;
161 set_timeout(&timeout, TIMEOUT);
163 FD_ZERO(&fdset);
164 FD_SET(sock, &fdset);
166 ret = select(sock + 1, &fdset, NULL, NULL, &timeout);
167 if (ret <= 0) {
168 whine("STUN server timeout!\n");
169 return -EIO;
172 memset(rpkt, 0, sizeof(rpkt));
173 len = read(sock, rpkt, sizeof(rpkt));
175 close(sock);
177 if (len < REQUEST_LEN) {
178 whine("Bad STUN response (%s)!\n", strerror(errno));
179 return -EIO;
182 rhdr = (struct stun_header *) rpkt;
183 if (ntohs(rhdr->type) != BINDING_RESPONSE) {
184 whine("Wrong STUN response type!\n");
185 return -EIO;
188 if (rhdr->len == 0) {
189 whine("No attributes in STUN response!\n");
190 return -EIO;
193 if (rhdr->magic_cookie != hdr->magic_cookie ||
194 rhdr->transid[0] != hdr->transid[0] ||
195 rhdr->transid[1] != hdr->transid[1] ||
196 rhdr->transid[2] != hdr->transid[2]) {
197 whine("Got wrong STUN transaction id!\n");
198 return -EIO;
201 off = REQUEST_LEN;
202 max = ntohs(rhdr->len) + REQUEST_LEN;
204 while (off + 8 < max) {
205 attr = (struct stun_attrib *) (rpkt + off);
206 if (ntohs(attr->type) != MAPPED_ADDRESS)
207 goto next;
209 addr = (struct stun_mapped_addr *) (rpkt + off + 4);
210 if (addr->family != 0x1)
211 break;
213 in.s_addr = addr->ip;
214 info("Public mapping %s:%u!\n", inet_ntoa(in), ntohs(addr->port));
215 break;
216 next:
217 off += 4;
218 off += ntohs(attr->len);
221 return 0;
224 void print_stun_probe(char *server, uint16_t sport, uint16_t tunport)
226 char *address;
227 struct hostent *hp;
229 printf("STUN on %s:%u\n", server, sport);
230 srand(time(NULL));
231 hp = gethostbyname(server);
232 if (!hp)
233 return;
234 address = inet_ntoa(*(struct in_addr *) hp->h_addr_list[0]);
235 stun_test(address, sport, tunport);