Back to Site
Loading...
Searching...
No Matches
stun.h
Go to the documentation of this file.
1#pragma once
2
11#include "socket.h"
12#include <array>
13#include <vector>
14#include <string>
15#include <optional>
16#include <cstdint>
17#include <memory>
18#include <chrono>
19#include <random>
20
21namespace librats {
22
23// ============================================================================
24// STUN Constants (RFC 5389)
25// ============================================================================
26
28constexpr uint32_t STUN_MAGIC_COOKIE = 0x2112A442;
29
31constexpr size_t STUN_HEADER_SIZE = 20;
32
34constexpr size_t STUN_TRANSACTION_ID_SIZE = 12;
35
37constexpr uint16_t STUN_DEFAULT_PORT = 3478;
38
40constexpr uint16_t STUNS_DEFAULT_PORT = 5349;
41
43constexpr size_t STUN_MAX_MESSAGE_SIZE = 1500;
44
46constexpr int STUN_DEFAULT_RTO_MS = 500;
47
49constexpr int STUN_MAX_RETRANSMISSIONS = 7;
50
51// ============================================================================
52// STUN Message Types (RFC 5389 Section 6)
53// ============================================================================
54
58enum class StunMessageClass : uint8_t {
59 Request = 0x00,
60 Indication = 0x01,
61 SuccessResponse = 0x02,
62 ErrorResponse = 0x03
63};
64
68enum class StunMethod : uint16_t {
69 Binding = 0x001,
70 // TURN methods (RFC 5766)
71 Allocate = 0x003,
72 Refresh = 0x004,
73 Send = 0x006,
74 Data = 0x007,
75 CreatePermission = 0x008,
76 ChannelBind = 0x009
77};
78
82enum class StunMessageType : uint16_t {
83 // Binding
84 BindingRequest = 0x0001,
85 BindingIndication = 0x0011,
86 BindingSuccessResponse = 0x0101,
87 BindingErrorResponse = 0x0111,
88
89 // TURN Allocate
90 AllocateRequest = 0x0003,
91 AllocateSuccessResponse = 0x0103,
92 AllocateErrorResponse = 0x0113,
93
94 // TURN Refresh
95 RefreshRequest = 0x0004,
96 RefreshSuccessResponse = 0x0104,
97 RefreshErrorResponse = 0x0114,
98
99 // TURN Send/Data
100 SendIndication = 0x0016,
101 DataIndication = 0x0017,
102
103 // TURN CreatePermission
104 CreatePermissionRequest = 0x0008,
105 CreatePermissionSuccessResponse = 0x0108,
106 CreatePermissionErrorResponse = 0x0118,
107
108 // TURN ChannelBind
109 ChannelBindRequest = 0x0009,
110 ChannelBindSuccessResponse = 0x0109,
111 ChannelBindErrorResponse = 0x0119
112};
113
114// ============================================================================
115// STUN Attribute Types (RFC 5389 Section 15)
116// ============================================================================
117
118enum class StunAttributeType : uint16_t {
119 // Comprehension-required (0x0000-0x7FFF)
120 MappedAddress = 0x0001,
121 Username = 0x0006,
122 MessageIntegrity = 0x0008,
123 ErrorCode = 0x0009,
124 UnknownAttributes = 0x000A,
125 Realm = 0x0014,
126 Nonce = 0x0015,
127 XorMappedAddress = 0x0020,
128
129 // TURN attributes (RFC 5766)
130 ChannelNumber = 0x000C,
131 Lifetime = 0x000D,
132 XorPeerAddress = 0x0012,
133 Data = 0x0013,
134 XorRelayedAddress = 0x0016,
135 RequestedTransport = 0x0019,
136 DontFragment = 0x001A,
137
138 // Comprehension-optional (0x8000-0xFFFF)
139 Software = 0x8022,
140 AlternateServer = 0x8023,
141 Fingerprint = 0x8028
142};
143
144// ============================================================================
145// STUN Address Family
146// ============================================================================
147
148enum class StunAddressFamily : uint8_t {
149 IPv4 = 0x01,
150 IPv6 = 0x02
151};
152
153// ============================================================================
154// STUN Error Codes (RFC 5389 Section 15.6)
155// ============================================================================
156
157enum class StunErrorCode : uint16_t {
158 TryAlternate = 300,
159 BadRequest = 400,
160 Unauthorized = 401,
161 Forbidden = 403,
162 UnknownAttribute = 420,
163 StaleNonce = 438,
164 ServerError = 500,
165
166 // TURN error codes (RFC 5766)
167 AllocationMismatch = 437,
168 WrongCredentials = 441,
169 UnsupportedTransportProtocol = 442,
170 AllocationQuotaReached = 486,
171 InsufficientCapacity = 508
172};
173
174// ============================================================================
175// STUN Data Structures
176// ============================================================================
177
181struct StunMappedAddress {
182 StunAddressFamily family;
183 std::string address;
184 uint16_t port;
185
186 StunMappedAddress() : family(StunAddressFamily::IPv4), port(0) {}
187 StunMappedAddress(StunAddressFamily f, const std::string& addr, uint16_t p)
188 : family(f), address(addr), port(p) {}
189
190 bool is_valid() const { return !address.empty() && port > 0; }
191
192 std::string to_string() const {
193 if (family == StunAddressFamily::IPv6) {
194 return "[" + address + "]:" + std::to_string(port);
195 }
196 return address + ":" + std::to_string(port);
197 }
198};
199
203struct StunError {
204 StunErrorCode code;
205 std::string reason;
206
207 StunError() : code(StunErrorCode::ServerError) {}
208 StunError(StunErrorCode c, const std::string& r = "") : code(c), reason(r) {}
209};
210
214struct StunAttribute {
215 StunAttributeType type;
216 std::vector<uint8_t> value;
217
218 StunAttribute() : type(StunAttributeType::MappedAddress) {}
219 StunAttribute(StunAttributeType t, const std::vector<uint8_t>& v) : type(t), value(v) {}
220
221 size_t padded_length() const {
222 // STUN attributes are padded to 4-byte boundary
223 return (value.size() + 3) & ~3;
224 }
225};
226
230struct StunMessage {
231 StunMessageType type;
232 std::array<uint8_t, STUN_TRANSACTION_ID_SIZE> transaction_id;
233 std::vector<StunAttribute> attributes;
234
238
242
244 void generate_transaction_id();
245
247 StunMessageClass get_class() const;
248
250 StunMethod get_method() const;
251
253 bool is_request() const { return get_class() == StunMessageClass::Request; }
254
256 bool is_success_response() const { return get_class() == StunMessageClass::SuccessResponse; }
257
259 bool is_error_response() const { return get_class() == StunMessageClass::ErrorResponse; }
260
262 const StunAttribute* find_attribute(StunAttributeType attr_type) const;
263
265 void add_attribute(StunAttributeType attr_type, const std::vector<uint8_t>& value);
266
268 void add_xor_mapped_address(const StunMappedAddress& addr);
269
271 void add_xor_relayed_address(const StunMappedAddress& addr);
272
274 void add_error_code(StunErrorCode code, const std::string& reason = "");
275
277 void add_username(const std::string& username);
278
280 void add_realm(const std::string& realm);
281
283 void add_nonce(const std::string& nonce);
284
286 void add_software(const std::string& software);
287
289 void add_lifetime(uint32_t seconds);
290
292 void add_requested_transport(uint8_t protocol);
293
295 void add_xor_peer_address(const StunMappedAddress& addr);
296
298 void add_data(const std::vector<uint8_t>& data);
299
301 void add_channel_number(uint16_t channel);
302
304 std::optional<StunMappedAddress> get_xor_mapped_address() const;
305
307 std::optional<StunMappedAddress> get_mapped_address() const;
308
310 std::optional<StunMappedAddress> get_xor_relayed_address() const;
311
313 std::optional<StunMappedAddress> get_xor_peer_address() const;
314
316 std::optional<StunError> get_error() const;
317
319 std::optional<uint32_t> get_lifetime() const;
320
322 std::optional<std::vector<uint8_t>> get_data() const;
323
325 std::optional<std::string> get_realm() const;
326
328 std::optional<std::string> get_nonce() const;
329
331 std::vector<uint8_t> serialize() const;
332
334 std::vector<uint8_t> serialize_with_integrity(const std::string& key) const;
335
337 static std::optional<StunMessage> deserialize(const std::vector<uint8_t>& data);
338
340 static bool is_stun_message(const std::vector<uint8_t>& data);
341};
342
343// ============================================================================
344// STUN Client
345// ============================================================================
346
350struct StunClientConfig {
351 int rto_ms = STUN_DEFAULT_RTO_MS; // Initial retransmission timeout
352 int max_retransmissions = STUN_MAX_RETRANSMISSIONS;
353 int total_timeout_ms = 39500; // Total timeout (RFC 5389: 39.5 seconds)
354 std::string software = "librats"; // Software attribute value
355
356 StunClientConfig() = default;
357};
358
362struct StunResult {
363 bool success;
364 std::optional<StunMappedAddress> mapped_address;
365 std::optional<StunError> error;
366 int rtt_ms; // Round-trip time in milliseconds
367
368 StunResult() : success(false), rtt_ms(0) {}
369};
370
383class StunClient {
384public:
385 StunClient();
386 explicit StunClient(const StunClientConfig& config);
387 ~StunClient();
388
389 // Non-copyable, movable
390 StunClient(const StunClient&) = delete;
391 StunClient& operator=(const StunClient&) = delete;
392 StunClient(StunClient&&) noexcept;
393 StunClient& operator=(StunClient&&) noexcept;
394
402 StunResult binding_request(const std::string& server,
403 uint16_t port = STUN_DEFAULT_PORT,
404 int timeout_ms = 0);
405
415 StunResult binding_request_with_socket(socket_t socket,
416 const std::string& server,
417 uint16_t port,
418 int timeout_ms = 0);
419
429 std::optional<StunMessage> send_request(socket_t socket,
430 const StunMessage& request,
431 const std::string& server,
432 uint16_t port,
433 int timeout_ms);
434
438 const StunClientConfig& config() const { return config_; }
439
443 void set_config(const StunClientConfig& config) { config_ = config; }
444
445private:
446 StunClientConfig config_;
447 std::mt19937 rng_;
448};
449
450// ============================================================================
451// STUN Utility Functions
452// ============================================================================
453
458uint32_t stun_crc32(const uint8_t* data, size_t length);
459
466std::array<uint8_t, 20> stun_hmac_sha1(const std::vector<uint8_t>& key,
467 const std::vector<uint8_t>& data);
468
472std::vector<uint8_t> stun_compute_long_term_key(const std::string& username,
473 const std::string& realm,
474 const std::string& password);
475
480StunMappedAddress stun_xor_address(const StunMappedAddress& addr,
481 const std::array<uint8_t, STUN_TRANSACTION_ID_SIZE>& transaction_id);
482
486std::vector<std::pair<std::string, uint16_t>> get_public_stun_servers();
487
488} // namespace librats
librats::StunClient
STUN Client for NAT traversal.
Definition stun.h:383
librats::StunClient::StunClient
StunClient(const StunClient &)=delete
librats::StunClient::set_config
void set_config(const StunClientConfig &config)
Set configuration.
Definition stun.h:443
librats::StunClient::StunClient
StunClient(const StunClientConfig &config)
librats::StunClient::StunClient
StunClient(StunClient &&) noexcept
librats::StunClient::config
const StunClientConfig & config() const
Get the configuration.
Definition stun.h:438
librats::StunClient::operator=
StunClient & operator=(const StunClient &)=delete
librats::StunClient::send_request
std::optional< StunMessage > send_request(socket_t socket, const StunMessage &request, const std::string &server, uint16_t port, int timeout_ms)
Send a raw STUN message and wait for response.
librats::StunClient::binding_request_with_socket
StunResult binding_request_with_socket(socket_t socket, const std::string &server, uint16_t port, int timeout_ms=0)
Send STUN Binding Request using existing socket Useful when you need to discover the mapped address f...
librats::StunClient::binding_request
StunResult binding_request(const std::string &server, uint16_t port=STUN_DEFAULT_PORT, int timeout_ms=0)
Send STUN Binding Request to discover public address.
librats::STUN_HEADER_SIZE
constexpr size_t STUN_HEADER_SIZE
STUN header size in bytes.
Definition stun.h:31
librats::STUN_MAX_RETRANSMISSIONS
constexpr int STUN_MAX_RETRANSMISSIONS
Maximum retransmissions.
Definition stun.h:49
librats::StunAddressFamily
StunAddressFamily
Definition stun.h:148
librats::StunMethod
StunMethod
STUN method (12 bits, only Binding is defined in RFC 5389)
Definition stun.h:68
librats::STUN_MAX_MESSAGE_SIZE
constexpr size_t STUN_MAX_MESSAGE_SIZE
Maximum STUN message size (RFC 5389 recommends path MTU, typically ~1500)
Definition stun.h:43
librats::STUN_MAGIC_COOKIE
constexpr uint32_t STUN_MAGIC_COOKIE
STUN Magic Cookie (fixed value per RFC 5389)
Definition stun.h:28
librats::STUN_DEFAULT_RTO_MS
constexpr int STUN_DEFAULT_RTO_MS
Default retransmission timeout (ms)
Definition stun.h:46
librats::get_public_stun_servers
std::vector< std::pair< std::string, uint16_t > > get_public_stun_servers()
Get a list of well-known public STUN servers.
librats::StunMessageType
StunMessageType
Combined STUN message type (method + class)
Definition stun.h:82
librats::STUN_TRANSACTION_ID_SIZE
constexpr size_t STUN_TRANSACTION_ID_SIZE
STUN transaction ID size in bytes.
Definition stun.h:34
librats::stun_crc32
uint32_t stun_crc32(const uint8_t *data, size_t length)
Compute CRC32 for STUN FINGERPRINT attribute Uses CRC-32 as defined in RFC 5389 (ISO 3309)
librats::StunAttributeType
StunAttributeType
Definition stun.h:118
librats::stun_compute_long_term_key
std::vector< uint8_t > stun_compute_long_term_key(const std::string &username, const std::string &realm, const std::string &password)
Compute long-term credential key: MD5(username:realm:password)
librats::stun_xor_address
StunMappedAddress stun_xor_address(const StunMappedAddress &addr, const std::array< uint8_t, STUN_TRANSACTION_ID_SIZE > &transaction_id)
XOR an address with the magic cookie and transaction ID Used for XOR-MAPPED-ADDRESS encoding/decoding...
librats::stun_hmac_sha1
std::array< uint8_t, 20 > stun_hmac_sha1(const std::vector< uint8_t > &key, const std::vector< uint8_t > &data)
Compute HMAC-SHA1 for MESSAGE-INTEGRITY attribute.
librats::StunErrorCode
StunErrorCode
Definition stun.h:157
librats::STUNS_DEFAULT_PORT
constexpr uint16_t STUNS_DEFAULT_PORT
STUN over TLS default port.
Definition stun.h:40
librats::STUN_DEFAULT_PORT
constexpr uint16_t STUN_DEFAULT_PORT
Default STUN port.
Definition stun.h:37
librats::StunMessageClass
StunMessageClass
STUN message class (2 bits)
Definition stun.h:58
std
STL namespace.
socket_t
int socket_t
Definition socket.h:22
librats::StunAttribute
STUN attribute base class.
Definition stun.h:214
librats::StunAttribute::type
StunAttributeType type
Definition stun.h:215
librats::StunAttribute::value
std::vector< uint8_t > value
Definition stun.h:216
librats::StunAttribute::padded_length
size_t padded_length() const
Definition stun.h:221
librats::StunAttribute::StunAttribute
StunAttribute(StunAttributeType t, const std::vector< uint8_t > &v)
Definition stun.h:219
librats::StunClientConfig
STUN client configuration.
Definition stun.h:350
librats::StunClientConfig::software
std::string software
Definition stun.h:354
librats::StunError
STUN error information.
Definition stun.h:203
librats::StunError::StunError
StunError(StunErrorCode c, const std::string &r="")
Definition stun.h:208
librats::StunError::reason
std::string reason
Definition stun.h:205
librats::StunError::code
StunErrorCode code
Definition stun.h:204
librats::StunMappedAddress
STUN mapped address (result of binding request)
Definition stun.h:181
librats::StunMappedAddress::is_valid
bool is_valid() const
Definition stun.h:190
librats::StunMappedAddress::StunMappedAddress
StunMappedAddress(StunAddressFamily f, const std::string &addr, uint16_t p)
Definition stun.h:187
librats::StunMappedAddress::address
std::string address
Definition stun.h:183
librats::StunMappedAddress::family
StunAddressFamily family
Definition stun.h:182
librats::StunMappedAddress::to_string
std::string to_string() const
Definition stun.h:192
librats::StunMessage
STUN message structure.
Definition stun.h:230
librats::StunMessage::is_stun_message
static bool is_stun_message(const std::vector< uint8_t > &data)
Check if data looks like a STUN message.
librats::StunMessage::get_xor_peer_address
std::optional< StunMappedAddress > get_xor_peer_address() const
Parse XOR-PEER-ADDRESS from attributes (TURN)
librats::StunMessage::add_xor_peer_address
void add_xor_peer_address(const StunMappedAddress &addr)
Add XOR-PEER-ADDRESS attribute (TURN)
librats::StunMessage::deserialize
static std::optional< StunMessage > deserialize(const std::vector< uint8_t > &data)
Deserialize message from bytes.
librats::StunMessage::add_error_code
void add_error_code(StunErrorCode code, const std::string &reason="")
Add ERROR-CODE attribute.
librats::StunMessage::add_channel_number
void add_channel_number(uint16_t channel)
Add CHANNEL-NUMBER attribute (TURN)
librats::StunMessage::attributes
std::vector< StunAttribute > attributes
Definition stun.h:233
librats::StunMessage::add_lifetime
void add_lifetime(uint32_t seconds)
Add LIFETIME attribute (TURN)
librats::StunMessage::get_realm
std::optional< std::string > get_realm() const
Parse REALM from attributes.
librats::StunMessage::add_realm
void add_realm(const std::string &realm)
Add REALM attribute.
librats::StunMessage::add_attribute
void add_attribute(StunAttributeType attr_type, const std::vector< uint8_t > &value)
Add an attribute.
librats::StunMessage::add_xor_relayed_address
void add_xor_relayed_address(const StunMappedAddress &addr)
Add XOR-RELAYED-ADDRESS attribute (TURN)
librats::StunMessage::add_requested_transport
void add_requested_transport(uint8_t protocol)
Add REQUESTED-TRANSPORT attribute (TURN)
librats::StunMessage::is_error_response
bool is_error_response() const
Check if this is an error response.
Definition stun.h:259
librats::StunMessage::get_data
std::optional< std::vector< uint8_t > > get_data() const
Parse DATA from attributes (TURN)
librats::StunMessage::get_lifetime
std::optional< uint32_t > get_lifetime() const
Parse LIFETIME from attributes (TURN)
librats::StunMessage::add_data
void add_data(const std::vector< uint8_t > &data)
Add DATA attribute (TURN)
librats::StunMessage::get_error
std::optional< StunError > get_error() const
Parse ERROR-CODE from attributes.
librats::StunMessage::get_method
StunMethod get_method() const
Get method from type.
librats::StunMessage::transaction_id
std::array< uint8_t, STUN_TRANSACTION_ID_SIZE > transaction_id
Definition stun.h:232
librats::StunMessage::add_nonce
void add_nonce(const std::string &nonce)
Add NONCE attribute.
librats::StunMessage::add_xor_mapped_address
void add_xor_mapped_address(const StunMappedAddress &addr)
Add XOR-MAPPED-ADDRESS attribute.
librats::StunMessage::type
StunMessageType type
Definition stun.h:231
librats::StunMessage::find_attribute
const StunAttribute * find_attribute(StunAttributeType attr_type) const
Find attribute by type.
librats::StunMessage::get_class
StunMessageClass get_class() const
Get message class from type.
librats::StunMessage::get_mapped_address
std::optional< StunMappedAddress > get_mapped_address() const
Parse MAPPED-ADDRESS from attributes (legacy)
librats::StunMessage::serialize
std::vector< uint8_t > serialize() const
Serialize message to bytes.
librats::StunMessage::generate_transaction_id
void generate_transaction_id()
Generate random transaction ID.
librats::StunMessage::get_nonce
std::optional< std::string > get_nonce() const
Parse NONCE from attributes.
librats::StunMessage::StunMessage
StunMessage(StunMessageType t)
Definition stun.h:239
librats::StunMessage::add_username
void add_username(const std::string &username)
Add USERNAME attribute.
librats::StunMessage::get_xor_mapped_address
std::optional< StunMappedAddress > get_xor_mapped_address() const
Parse XOR-MAPPED-ADDRESS from attributes.
librats::StunMessage::get_xor_relayed_address
std::optional< StunMappedAddress > get_xor_relayed_address() const
Parse XOR-RELAYED-ADDRESS from attributes (TURN)
librats::StunMessage::serialize_with_integrity
std::vector< uint8_t > serialize_with_integrity(const std::string &key) const
Serialize message with MESSAGE-INTEGRITY and FINGERPRINT.
librats::StunMessage::is_request
bool is_request() const
Check if this is a request.
Definition stun.h:253
librats::StunMessage::add_software
void add_software(const std::string &software)
Add SOFTWARE attribute.
librats::StunMessage::is_success_response
bool is_success_response() const
Check if this is a success response.
Definition stun.h:256
librats::StunResult
STUN transaction result.
Definition stun.h:362
librats::StunResult::error
std::optional< StunError > error
Definition stun.h:365
librats::StunResult::mapped_address
std::optional< StunMappedAddress > mapped_address
Definition stun.h:364