draft-ietf-behave-rfc3489bis-03.txt   draft-ietf-behave-rfc3489bis-04.txt 
BEHAVE J. Rosenberg BEHAVE J. Rosenberg
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Expires: August 5, 2006 C. Huitema Expires: January 12, 2007 C. Huitema
Microsoft Microsoft
R. Mahy R. Mahy
Plantronics Plantronics
D. Wing D. Wing
Cisco Systems Cisco Systems
February 2006 July 11, 2006
Simple Traversal of UDP Through Network Address Translators (NAT) (STUN) Simple Traversal Underneath Network Address Translators (NAT) (STUN)
draft-ietf-behave-rfc3489bis-03 draft-ietf-behave-rfc3489bis-04
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 39 skipping to change at page 1, line 39
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 5, 2006. This Internet-Draft will expire on January 12, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
Simple Traversal of UDP Through NATs (STUN) is a lightweight protocol Simple Traversal Underneath NATs (STUN) is a lightweight protocol
that provides the ability for applications to determine the public IP that serves as a tool for application protocols in dealing with NAT
addresses and ports allocated to them by the NAT and to keep NAT traversal. It allows a client to determine the IP address and port
bindings open. These addresses and ports can be placed into protocol allocated to them by a NAT and to keep NAT bindings open. It can
payloads where a client needs to provide a publically routable IP also serve as a check for connectivity between a client and a server
address. STUN works with many existing NATs, and does not require in the presence of NAT, and for the client to detect failure of the
any special behavior from them. As a result, it allows a wide server. STUN works with many existing NATs, and does not require any
variety of applications to work through existing NAT infrastructure. special behavior from them. As a result, it allows a wide variety of
applications to work through existing NAT infrastructure.
Table of Contents Table of Contents
1. Applicability Statement . . . . . . . . . . . . . . . . . . . 5 1. Applicability Statement . . . . . . . . . . . . . . . . . . . 5
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Overview of Operation . . . . . . . . . . . . . . . . . . . . 7 5. Overview of Operation . . . . . . . . . . . . . . . . . . . . 7
6. STUN Message Structure . . . . . . . . . . . . . . . . . . . . 9 6. STUN Message Structure . . . . . . . . . . . . . . . . . . . . 11
7. STUN Transactions . . . . . . . . . . . . . . . . . . . . . . 11 7. STUN Transactions . . . . . . . . . . . . . . . . . . . . . . 14
7.1. Request Transaction Reliability . . . . . . . . . . . . . 11 7.1. Request/Response Transactions . . . . . . . . . . . . . . 14
8. General Client Behavior . . . . . . . . . . . . . . . . . . . 12 7.2. Indications . . . . . . . . . . . . . . . . . . . . . . . 15
8.1. Request Message Types . . . . . . . . . . . . . . . . . . 12 8. Client Behavior . . . . . . . . . . . . . . . . . . . . . . . 15
8.1.1. Discovery . . . . . . . . . . . . . . . . . . . . . . 12 8.1. Discovery . . . . . . . . . . . . . . . . . . . . . . . . 15
8.1.2. Obtaining a Shared Secret . . . . . . . . . . . . . . 13 8.2. Obtaining a Shared Secret . . . . . . . . . . . . . . . . 16
8.1.3. Formulating the Request Message . . . . . . . . . . . 14 8.3. Request/Response Transactions . . . . . . . . . . . . . . 17
8.1.4. Processing Responses . . . . . . . . . . . . . . . . . 14 8.3.1. Formulating the Request Message . . . . . . . . . . . 17
8.1.5. Using the Mapped Address . . . . . . . . . . . . . . . 15 8.3.2. Processing Responses . . . . . . . . . . . . . . . . . 18
8.2. Indication Message Types . . . . . . . . . . . . . . . . 17 8.4. Indication Transactions . . . . . . . . . . . . . . . . . 21
8.2.1. Formulating the Indication Message . . . . . . . . . . 17 9. Server Behavior . . . . . . . . . . . . . . . . . . . . . . . 22
9. General Server Behavior . . . . . . . . . . . . . . . . . . . 17 9.1. Request/Response Transactions . . . . . . . . . . . . . . 22
9.1. Request Message Types . . . . . . . . . . . . . . . . . . 17 9.1.1. Receive Request Message . . . . . . . . . . . . . . . 23
9.1.1. Receive Request Message . . . . . . . . . . . . . . . 17 9.1.2. Constructing the Response . . . . . . . . . . . . . . 25
9.1.2. Constructing the Response . . . . . . . . . . . . . . 19 9.1.3. Sending the Response . . . . . . . . . . . . . . . . . 26
9.1.3. Sending the Response . . . . . . . . . . . . . . . . . 19 9.2. Indication Transactions . . . . . . . . . . . . . . . . . 26
9.2. Indication Message Types . . . . . . . . . . . . . . . . 19 10. Demultiplexing of STUN and Application Traffic . . . . . . . . 27
10. Short-Term Passwords . . . . . . . . . . . . . . . . . . . . . 19 11. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 28
11. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 20 11.1. MAPPED-ADDRESS . . . . . . . . . . . . . . . . . . . . . 28
11.1. MAPPED-ADDRESS . . . . . . . . . . . . . . . . . . . . . 21 11.2. USERNAME . . . . . . . . . . . . . . . . . . . . . . . . 29
11.2. RESPONSE-ADDRESS . . . . . . . . . . . . . . . . . . . . 21 11.3. PASSWORD . . . . . . . . . . . . . . . . . . . . . . . . 29
11.3. CHANGED-ADDRESS . . . . . . . . . . . . . . . . . . . . . 22 11.4. MESSAGE-INTEGRITY . . . . . . . . . . . . . . . . . . . . 30
11.4. CHANGE-REQUEST . . . . . . . . . . . . . . . . . . . . . 22 11.5. FINGERPRINT . . . . . . . . . . . . . . . . . . . . . . . 30
11.5. SOURCE-ADDRESS . . . . . . . . . . . . . . . . . . . . . 23 11.6. ERROR-CODE . . . . . . . . . . . . . . . . . . . . . . . 30
11.6. USERNAME . . . . . . . . . . . . . . . . . . . . . . . . 23 11.7. REALM . . . . . . . . . . . . . . . . . . . . . . . . . . 32
11.7. PASSWORD . . . . . . . . . . . . . . . . . . . . . . . . 23 11.8. NONCE . . . . . . . . . . . . . . . . . . . . . . . . . . 32
11.8. MESSAGE-INTEGRITY . . . . . . . . . . . . . . . . . . . . 23 11.9. UNKNOWN-ATTRIBUTES . . . . . . . . . . . . . . . . . . . 32
11.9. ERROR-CODE . . . . . . . . . . . . . . . . . . . . . . . 24 11.10. XOR-MAPPED-ADDRESS . . . . . . . . . . . . . . . . . . . 33
11.10. REFLECTED-FROM . . . . . . . . . . . . . . . . . . . . . 26 11.11. SERVER . . . . . . . . . . . . . . . . . . . . . . . . . 34
11.11. ALTERNATE-SERVER . . . . . . . . . . . . . . . . . . . . 26 11.12. ALTERNATE-SERVER . . . . . . . . . . . . . . . . . . . . 34
11.12. REALM . . . . . . . . . . . . . . . . . . . . . . . . . . 26 11.13. REFRESH-INTERVAL . . . . . . . . . . . . . . . . . . . . 34
11.13. NONCE . . . . . . . . . . . . . . . . . . . . . . . . . . 26 12. STUN Usages . . . . . . . . . . . . . . . . . . . . . . . . . 34
11.14. UNKNOWN-ATTRIBUTES . . . . . . . . . . . . . . . . . . . 27 12.1. Binding Discovery . . . . . . . . . . . . . . . . . . . . 35
11.15. XOR-MAPPED-ADDRESS . . . . . . . . . . . . . . . . . . . 27 12.1.1. Applicability . . . . . . . . . . . . . . . . . . . . 35
11.16. SERVER . . . . . . . . . . . . . . . . . . . . . . . . . 28 12.1.2. Client Discovery of Server . . . . . . . . . . . . . . 36
11.17. ALTERNATE-SERVER . . . . . . . . . . . . . . . . . . . . 28 12.1.3. Server Determination of Usage . . . . . . . . . . . . 36
11.18. BINDING-LIFETIME . . . . . . . . . . . . . . . . . . . . 29 12.1.4. New Requests or Indications . . . . . . . . . . . . . 37
12. STUN Usages . . . . . . . . . . . . . . . . . . . . . . . . . 29 12.1.5. New Attributes . . . . . . . . . . . . . . . . . . . . 37
12.1. Defined STUN Usages . . . . . . . . . . . . . . . . . . . 29 12.1.6. New Error Response Codes . . . . . . . . . . . . . . . 37
12.2. Binding Discovery . . . . . . . . . . . . . . . . . . . . 29 12.1.7. Client Procedures . . . . . . . . . . . . . . . . . . 37
12.2.1. Applicability . . . . . . . . . . . . . . . . . . . . 29 12.1.8. Server Procedures . . . . . . . . . . . . . . . . . . 37
12.2.2. Client Discovery of Server . . . . . . . . . . . . . . 30 12.1.9. Security Considerations for Binding Discovery . . . . 37
12.2.3. Server Determination of Usage . . . . . . . . . . . . 30 12.2. Connectivity Check . . . . . . . . . . . . . . . . . . . 37
12.2.4. New Requests or Indications . . . . . . . . . . . . . 30 12.2.1. Applicability . . . . . . . . . . . . . . . . . . . . 37
12.2.5. New Attributes . . . . . . . . . . . . . . . . . . . . 30 12.2.2. Client Discovery of Server . . . . . . . . . . . . . . 38
12.2.6. New Error Response Codes . . . . . . . . . . . . . . . 30 12.2.3. Server Determination of Usage . . . . . . . . . . . . 38
12.2.7. Client Procedures . . . . . . . . . . . . . . . . . . 30 12.2.4. New Requests or Indications . . . . . . . . . . . . . 38
12.2.8. Server Procedures . . . . . . . . . . . . . . . . . . 30 12.2.5. New Attributes . . . . . . . . . . . . . . . . . . . . 39
12.2.9. Security Considerations for Binding Discovery . . . . 30 12.2.6. New Error Response Codes . . . . . . . . . . . . . . . 39
12.3. Connectivity Check . . . . . . . . . . . . . . . . . . . 31 12.2.7. Client Procedures . . . . . . . . . . . . . . . . . . 39
12.3.1. Applicability . . . . . . . . . . . . . . . . . . . . 31 12.2.8. Server Procedures . . . . . . . . . . . . . . . . . . 39
12.3.2. Client Discovery of Server . . . . . . . . . . . . . . 31 12.2.9. Security Considerations for Connectivity Check . . . . 39
12.3.3. Server Determination of Usage . . . . . . . . . . . . 31 12.3. NAT Keepalives . . . . . . . . . . . . . . . . . . . . . 39
12.3.4. New Requests or Indications . . . . . . . . . . . . . 31 12.3.1. Applicability . . . . . . . . . . . . . . . . . . . . 39
12.3.5. New Attributes . . . . . . . . . . . . . . . . . . . . 31 12.3.2. Client Discovery of Server . . . . . . . . . . . . . . 40
12.3.6. New Error Response Codes . . . . . . . . . . . . . . . 31 12.3.3. Server Determination of Usage . . . . . . . . . . . . 40
12.3.7. Client Procedures . . . . . . . . . . . . . . . . . . 31 12.3.4. New Requests or Indications . . . . . . . . . . . . . 40
12.3.8. Server Procedures . . . . . . . . . . . . . . . . . . 32 12.3.5. New Attributes . . . . . . . . . . . . . . . . . . . . 40
12.3.9. Security Considerations for Connectivity Check . . . . 32 12.3.6. New Error Response Codes . . . . . . . . . . . . . . . 40
12.4. NAT Keepalives . . . . . . . . . . . . . . . . . . . . . 32 12.3.7. Client Procedures . . . . . . . . . . . . . . . . . . 41
12.4.1. Applicability . . . . . . . . . . . . . . . . . . . . 32 12.3.8. Server Procedures . . . . . . . . . . . . . . . . . . 41
12.4.2. Client Discovery of Server . . . . . . . . . . . . . . 32 12.3.9. Security Considerations for NAT Keepalives . . . . . . 41
12.4.3. Server Determination of Usage . . . . . . . . . . . . 32 12.4. Short-Term Password . . . . . . . . . . . . . . . . . . . 41
12.4.4. New Requests or Indications . . . . . . . . . . . . . 33 12.4.1. Applicability . . . . . . . . . . . . . . . . . . . . 42
12.4.5. New Attributes . . . . . . . . . . . . . . . . . . . . 33 12.4.2. Client Discovery of Server . . . . . . . . . . . . . . 42
12.4.6. New Error Response Codes . . . . . . . . . . . . . . . 33 12.4.3. Server Determination of Usage . . . . . . . . . . . . 42
12.4.7. Client Procedures . . . . . . . . . . . . . . . . . . 33 12.4.4. New Requests or Indications . . . . . . . . . . . . . 42
12.4.8. Server Procedures . . . . . . . . . . . . . . . . . . 33 12.4.5. New Attributes . . . . . . . . . . . . . . . . . . . . 43
12.4.9. Security Considerations for NAT Keepalives . . . . . . 33 12.4.6. New Error Response Codes . . . . . . . . . . . . . . . 43
12.5. Short-Term Password . . . . . . . . . . . . . . . . . . . 33 12.4.7. Client Procedures . . . . . . . . . . . . . . . . . . 43
12.5.1. Applicability . . . . . . . . . . . . . . . . . . . . 33 12.4.8. Server Procedures . . . . . . . . . . . . . . . . . . 44
12.5.2. Client Discovery of Server . . . . . . . . . . . . . . 34 12.4.9. Security Considerations for Short-Term Password . . . 44
12.5.3. Server Determination of Usage . . . . . . . . . . . . 34 13. Security Considerations . . . . . . . . . . . . . . . . . . . 46
12.5.4. New Requests or Indications . . . . . . . . . . . . . 34 13.1. Attacks on STUN . . . . . . . . . . . . . . . . . . . . . 46
12.5.5. New Attributes . . . . . . . . . . . . . . . . . . . . 35 13.1.1. Attack I: DDoS Against a Target . . . . . . . . . . . 46
12.5.6. New Error Response Codes . . . . . . . . . . . . . . . 35 13.1.2. Attack II: Silencing a Client . . . . . . . . . . . . 47
12.5.7. Client Procedures . . . . . . . . . . . . . . . . . . 35 13.1.3. Attack III: Assuming the Identity of a Client . . . . 47
12.5.8. Server Procedures . . . . . . . . . . . . . . . . . . 35 13.1.4. Attack IV: Eavesdropping . . . . . . . . . . . . . . . 47
12.5.9. Security Considerations for Short-Term Password . . . 35 13.2. Launching the Attacks . . . . . . . . . . . . . . . . . . 47
13. Security Considerations . . . . . . . . . . . . . . . . . . . 36 13.2.1. Approach I: Compromise a Legitimate STUN Server . . . 48
13.1. Attacks on STUN . . . . . . . . . . . . . . . . . . . . . 36 13.2.2. Approach II: DNS Attacks . . . . . . . . . . . . . . . 48
13.1.1. Attack I: DDoS Against a Target . . . . . . . . . . . 36 13.2.3. Approach III: Rogue Router or NAT . . . . . . . . . . 48
13.1.2. Attack II: Silencing a Client . . . . . . . . . . . . 36 13.2.4. Approach IV: Man in the Middle . . . . . . . . . . . . 49
13.1.3. Attack III: Assuming the Identity of a Client . . . . 37 13.2.5. Approach V: Response Injection Plus DoS . . . . . . . 49
13.1.4. Attack IV: Eavesdropping . . . . . . . . . . . . . . . 37 13.2.6. Approach VI: Duplication . . . . . . . . . . . . . . . 50
13.2. Launching the Attacks . . . . . . . . . . . . . . . . . . 37 13.3. Countermeasures . . . . . . . . . . . . . . . . . . . . . 50
13.2.1. Approach I: Compromise a Legitimate STUN Server . . . 38 13.4. Residual Threats . . . . . . . . . . . . . . . . . . . . 52
13.2.2. Approach II: DNS Attacks . . . . . . . . . . . . . . . 38 14. IAB Considerations . . . . . . . . . . . . . . . . . . . . . . 52
13.2.3. Approach III: Rogue Router or NAT . . . . . . . . . . 38 14.1. Problem Definition . . . . . . . . . . . . . . . . . . . 52
13.2.4. Approach IV: Man in the Middle . . . . . . . . . . . . 39 14.2. Exit Strategy . . . . . . . . . . . . . . . . . . . . . . 52
13.2.5. Approach V: Response Injection Plus DoS . . . . . . . 39 14.3. Brittleness Introduced by STUN . . . . . . . . . . . . . 53
13.2.6. Approach VI: Duplication . . . . . . . . . . . . . . . 39 14.4. Requirements for a Long Term Solution . . . . . . . . . . 54
13.3. Countermeasures . . . . . . . . . . . . . . . . . . . . . 40 14.5. Issues with Existing NAPT Boxes . . . . . . . . . . . . . 55
13.4. Residual Threats . . . . . . . . . . . . . . . . . . . . 42 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 56
14. IAB Considerations . . . . . . . . . . . . . . . . . . . . . . 42 15.1. STUN Message Type Registry . . . . . . . . . . . . . . . 56
14.1. Problem Definition . . . . . . . . . . . . . . . . . . . 42 15.2. STUN Attribute Registry . . . . . . . . . . . . . . . . . 56
14.2. Exit Strategy . . . . . . . . . . . . . . . . . . . . . . 43 16. Changes Since RFC 3489 . . . . . . . . . . . . . . . . . . . . 57
14.3. Brittleness Introduced by STUN . . . . . . . . . . . . . 43 17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 58
14.4. Requirements for a Long Term Solution . . . . . . . . . . 45 18. References . . . . . . . . . . . . . . . . . . . . . . . . . . 58
14.5. Issues with Existing NAPT Boxes . . . . . . . . . . . . . 46 18.1. Normative References . . . . . . . . . . . . . . . . . . 58
14.6. In Closing . . . . . . . . . . . . . . . . . . . . . . . 46 18.2. Informational References . . . . . . . . . . . . . . . . 59
15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 47 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 61
15.1. STUN Message Type Registry . . . . . . . . . . . . . . . 47 Intellectual Property and Copyright Statements . . . . . . . . . . 62
15.2. STUN Attribute Registry . . . . . . . . . . . . . . . . . 47
16. Changes Since RFC 3489 . . . . . . . . . . . . . . . . . . . . 48
17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 49
18. References . . . . . . . . . . . . . . . . . . . . . . . . . . 49
18.1. Normative References . . . . . . . . . . . . . . . . . . 49
18.2. Informational References . . . . . . . . . . . . . . . . 50
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 52
Intellectual Property and Copyright Statements . . . . . . . . . . 53
1. Applicability Statement 1. Applicability Statement
This protocol is not a cure-all for the problems associated with NAT. This protocol is not a cure-all for the problems associated with NAT.
It does not enable incoming TCP connections through NAT. It allows It is a tool that is typically used in conjunction with other
incoming UDP packets through NAT, but only through a subset of protocols, such as Interactive Connectivity Establishment (ICE) [11]
existing NAT types. In particular, STUN does not enable incoming UDP for a more complete solution. The binding discovery usage, defined
packets through "symmetric NATs", which is by this specification, can be used by itself with numerous
application protocols as a solution for NAT traversal. However, when
a NAT where all requests from the same internal IP address and used in that way, STUN will not work with applications that require
port, to a specific destination IP address and port, are mapped to incoming TCP connections through NAT. It will allow incoming UDP
the same external IP address and port. If the same host sends a packets through NAT, but only through a subset of existing NAT types.
packet with the same source address and port, but to a different In particular, the STUN binding usage by itself does not enable
destination, a different mapping is used. Furthermore, only the incoming UDP packets through NATs whose mapping property is address
external host that receives a packet can send a UDP packet back to dependent or address and port dependent [12]. Furthermore, the
the internal host. binding usage, when used by itself, does not work when a client is
communicating with a peer which happens to be behind the same NAT.
Nor will it work when the STUN server is not in a common shared
address realm.
This type of NAT is common in large enterprises. STUN does not work The STUN relay usage, defined in [14], allows a client to obtain an
when it is used to obtain an address to communicate with a peer which IP address and port that actually reside on the STUN server. The
happens to be behind the same NAT. STUN does not work when the STUN STUN relay usage, when used by itself, eliminates all of the
server is not in a common shared address realm. limitations of using the binding usage by itself, as described above.
However, it requires a server to act as a relay for application
traffic, which can be expensive to provide, operate and manage.
In order to work with such a NAT, a media relay such as TURN [3] is For multimedia protocols based on the offer/answer model [20],
required. All other types of NATs work without a media relay. including the Session Initiation Protocol (SIP) [9], Interactive
Connectivity Establishment (ICE) uses both the binding usage and
relay usage, and furthermore makes use of the connectivity check
usage defined here to help decide which of those two mechanisms ought
to be used.
For a more complete discussion of the limitations of STUN, see Implementors should be aware of the specific deployment scenarios
Section 14. that are of interest, and of the specific protocol (whether its SIP
or something else) in order to determine whether STUN is suitable as
a tool to facilitate NAT traversal, and which usage should be used.
2. Introduction 2. Introduction
Network Address Translators (NATs), while providing many benefits, Network Address Translators (NATs), while providing many benefits,
also come with many drawbacks. The most troublesome of those also come with many drawbacks. The most troublesome of those
drawbacks is the fact that they break many existing IP applications, drawbacks is the fact that they break many existing IP applications,
and make it difficult to deploy new ones. Guidelines have been and make it difficult to deploy new ones. Guidelines have been
developed [17] that describe how to build "NAT friendly" protocols, developed [18] that describe how to build "NAT friendly" protocols,
but many protocols simply cannot be constructed according to those but many protocols simply cannot be constructed according to those
guidelines. Examples of such protocols include almost all peer-to- guidelines. Examples of such protocols include almost all peer-to-
peer protocols, such as multimedia communications, file sharing and peer protocols, such as multimedia communications, file sharing and
games. games.
To combat this problem, Application Layer Gateways (ALGs) have been To combat this problem, Application Layer Gateways (ALGs) have been
embedded in NATs. ALGs perform the application layer functions embedded in NATs. ALGs perform the application layer functions
required for a particular protocol to traverse a NAT. Typically, required for a particular protocol to traverse a NAT. Typically,
this involves rewriting application layer messages to contain this involves rewriting application layer messages to contain
translated addresses, rather than the ones inserted by the sender of translated addresses, rather than the ones inserted by the sender of
the message. ALGs have serious limitations, including scalability, the message. ALGs have serious limitations, including scalability,
reliability, and speed of deploying new applications. reliability, and speed of deploying new applications.
Many existing proprietary protocols, such as those for online games Many existing proprietary protocols, such as those for online games
(such as the games described in RFC3027 [18]) and Voice over IP, have (such as the games described in RFC3027 [19]) and Voice over IP, have
developed tricks that allow them to operate through NATs without developed tricks that allow them to operate through NATs without
changing those NATs and without relying on ALG behavior in the NATs. changing those NATs and without relying on ALG behavior in the NATs.
This document takes some of those ideas and codifies them into an This document takes some of those ideas and codifies them into an
interoperable protocol that can meet the needs of many applications. interoperable protocol that can meet the needs of many applications.
The protocol described here, Simple Traversal of UDP Through NAT The protocol described here, Simple Traversal Underneath NAT (STUN),
(STUN), provides a toolkit of functions. These functions allow provides a toolkit of functions. These functions allow entities
entities behind a NAT to learn the address bindings allocated by the behind a NAT to learn the address bindings allocated by the NAT, to
NAT, to keep those bindings open, and communicate with other STUN- keep those bindings open, and communicate with other STUN-aware
aware to validate connecivity. STUN requires no changes to NATs, and entities to validate connectivity and liveness. STUN requires no
works with an arbitrary number of NATs in tandem between the changes to NATs, and works with an arbitrary number of NATs in tandem
application entity and the public Internet. between the application entity and the public Internet.
3. Terminology 3. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED", In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119
[1] and indicate requirement levels for compliant STUN [1] and indicate requirement levels for compliant STUN
implementations. implementations.
4. Definitions 4. Definitions
STUN Client STUN Client: A STUN client (also just referred to as a client) is an
A STUN client (also just referred to as a client) is an entity entity that generates STUN requests and receives STUN responses.
that generates STUN requests. Clients can also generate STUN indications.
STUN Server STUN Server: A STUN Server (also just referred to as a server) is an
A STUN Server (also just referred to as a server) is an entity entity that receives STUN requests, and sends STUN responses.
that receives STUN requests, and sends STUN responses. Servers also send STUN indications.
Transport Address Transport Address: The combination of an IP address and (UDP or TCP)
The combination of an IP address and (UDP or TCP) port. port.
Reflexive Transport Address Reflexive Transport Address: A transport address learned by a client
A transport address learned by a client which identifies that which identifies that client as seen by another host on an IP
client as seen by another host on an IP network, typically a STUN network, typically a STUN server. When there is an intervening
server. When there is an intervening NAT between the client and NAT between the client and the other host, the reflexive transport
the other host, the reflexive address represents the binding address represents the binding allocated to the client on the
allocated to the client on the public side of the NAT. Reflexive public side of the NAT. Reflexive transport addresses are learned
transport addresses are learned from the mapped address attribute from the mapped address attribute (MAPPED-ADDRESS or XOR-MAPPED-
(MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) in STUN responses. ADDRESS) in STUN responses.
Mapped Address Mapped Address: The source IP address and port of the STUN Binding
The source IP address and port of the STUN Binding Request packet Request packet received by the STUN server and inserted into the
received by the STUN server and inserted into the mapped address mapped address attribute (MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) of
attribute (MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) of the Binding the Binding Response message.
Response message.
Long Term Credential: A username and associated password which
represent a shared secret between client and server. Long term
credentials are generally granted to the client when a subscriber
enrolles in a service and persists until the subscriber leaves the
service or explicitly changes the credential.
Long Term Password: The password from a long term credential.
Short Term Credential: A temporary username and associated password
which represent a shared secret between client and server. A
short term credential has an explicit temporal scope, which may be
based on a specific amount of time (such as 5 minutes) or on an
event (such as termination of a SIP dialog). The specific scope
of a short term credential is defined by the application usage. A
short term credential can be obtained from a Shared Secret
request, though other mechanisms are possible.
Short Term Password: The password component of a short term
credential.
5. Overview of Operation 5. Overview of Operation
This section is descriptive only. Normative behavior is described in This section is descriptive only. Normative behavior is described in
Section 8 and Section . Section 8 and Section 9
/-----\
/----\
// STUN \\ // STUN \\
| Server | | Server |
\\ // \\ //
\----/ \-----/
+--------------+ Public Internet +--------------+ Public Internet
................| NAT 2 |....................... ................| NAT 2 |.......................
+--------------+ +--------------+
+--------------+ Private NET 2 +--------------+ Private NET 2
................| NAT 1 |....................... ................| NAT 1 |.......................
+--------------+ +--------------+
/----\ /-----\
// STUN \\ // STUN \\
| Client | | Client |
\\ // Private NET 1 \\ // Private NET 1
\----/ \-----/
Figure 1: Typical STUN Server Configuration Figure 1: Typical STUN Server Configuration
The typical STUN configuration is shown in Figure 1. A STUN client The typical STUN configuration is shown in Figure 1. A STUN client
is connected to private network 1. This network connects to private is connected to private network 1. This network connects to private
network 2 through NAT 1. Private network 2 connects to the public network 2 through NAT 1. Private network 2 connects to the public
Internet through NAT 2. The STUN server resides on the public Internet through NAT 2. The STUN server resides on the public
Internet. Internet.
STUN is a simple client-server protocol. Two types of messages are STUN is a simple client-server protocol. It supports two types of
available -- request/response in which client sends a request to a transactions. One is a request/response transaction in which client
server, and the server returns a response; and indications which can sends a request to a server, and the server returns a response. The
be initiated by the client or by the server and which do not elicit a second are indications which are initiated by the server or the
response. There are two types of requests defined in this client and do not elicit a response. There are two types of requests
specification - Binding Requests, sent over UDP, and Shared Secret defined in this specification - Binding Requests and Shared Secret
Requests, sent over TLS [6] over TCP. Shared Secret Requests ask the Requests. There are no indications defined by this specification.
server to return a temporary username and password. This username
and password are used in a subsequent Binding Request and Binding
Response, for the purposes of authentication and message integrity.
Binding requests are used to determine the bindings allocated by Binding Requests are sent from the client towards the server. When
NATs. The client sends a Binding Request to the server, over UDP. the Binding Request arrives at the STUN server, it may have passed
The server examines the source IP address and port of the request, through one or more NATs between the STUN client and the STUN server
and copies them into a response that is sent back to the client -- (in Figure 1, there were two such NATs). As a result, the source
this is the 'mapped address'. There are attributes for providing transport address of the request received by the server will be the
message integrity and authentication. mapped address created by the NAT closest to the server. The STUN
server copies that source IP address and port into a STUN Binding
Response, and sends it back to the source IP address and port of the
STUN request. Every type of NAT will route that response so that it
arrives at the STUN client. From this response, the client knows its
IP address and port allocated by the outermost NAT towards the STUN
server.
The STUN client is typically embedded in an application which needs STUN provides several mechanisms for authentication and message
to obtain a public IP address and port that can be used to receive integrity. The client and server can share a pre-provisioned shared
data. For example, it might need to obtain an IP address and port to secret, which is used for a digest challenge/response authentication
receive Real Time Transport Protocol (RTP [14]) traffic. When the operation. This is known as a long-term credential or long-term
application starts, the STUN client within the application sends a shared secret.
STUN Shared Secret Request to its server, obtains a username and
password, and then sends it a Binding Request. STUN servers can be
discovered through DNS SRV records [4], and it is generally assumed
that the client is configured with the domain to use to find the STUN
server. Generally, this will be the domain of the provider of the
service the application is using (such a provider is incented to
deploy STUN servers in order to allow its customers to use its
application through NAT). Of course, a client can determine the
address or domain name of a STUN server through other means. A STUN
server can even be embedded within an end system.
The STUN Binding Request is used to discover the public IP address Alternatively, if the shared secret is obtained by some out-of-bands
and port mappings generated by the NAT. Binding Requests are sent to means and has a lifetime that is temporally scoped, a simple HMAC is
the STUN server using UDP. When a Binding Request arrives at the provided, without a challenge operation. This is known as a short
STUN server, it may have passed through one or more NATs between the term credential or short term password. Short-term passwords are
STUN client and the STUN server. As a result, the source address of useful when there is no long-term relationship with a STUN server and
the request received by the server will be the mapped address created thus no long-term password is shared between the STUN client and STUN
by the NAT closest to the server. The STUN server copies that source server. Even if there is a long-term password, the issuance of a
IP address and port into a STUN Binding Response, and sends it back short-term password is useful to prevent dictionary attacks.
to the source IP address and port of the STUN request. Every type of
NAT will route that response so that it arrives at the STUN client.
When the STUN client receives the STUN Binding Response, it compares STUN itself provides a mechanism for obtaining such short term
the IP address and port in the packet with the local IP address and credentials, using the Shared Secret Request. Shared Secret requests
port it bound to when the request was sent. If these do not match, are sent over TLS [5] over TCP. Shared Secret Requests ask the
the STUN client knows is behind one or more NATs. If the STUN server server to return a temporary username and password that can be used
is publicly routable the IP address and port in the STUN Binding in subsequent STUN requests.
Response are also publicly routable, and can be used by any host on
the public Internet to send packets to the application that sent the
STUN request. An application need only listen on the IP address and
port from which the STUN request was sent. Packets sent by a host on
the public Internet to the public address and port learned by STUN
will be received by the application, so long as conditions permit.
The conditions in which these packets will not be received by the There are many ways in which these basic mechanisms can be used to
client are described in Section 1. accomplish a specific task. As a result, STUN has the notion of a
usage. A usage is a specific use case for the STUN protocol. The
usage will define what it is that the client does with the mapped
address it receives, defines when the client would send Binding
requests and why, and would constrain the set of authentication
mechanisms or attributes that get used in that usage. STUN usages
can also define new attributes and message types, if needed. This
specification defines four STUN usages - binding discovery,
connectivity check, NAT keepalives, and short-term password.
It should be noted that the configuration in Figure 1 is not the only The binding discovery usage is sometimes referred to as 'classic
permissible configuration. The STUN server can be located anywhere, STUN', since it is the usage originally envisioned in RFC 3489 [13],
including within another client. The only requirement is that the the predecessor to this specification. The purpose of the binding
STUN server is reachable by the client, and if the client is trying discovery usage is for the client to obtain an IP address and port at
to obtain a publicly routable address, that the server reside on the which it is reachable, that it can include in application layer
public Internet. signaling messages, such as the Session Description Protocol (SDP)
[17] body of a SIP message, utilized to receive Real Time Transport
Protocol (RTP [15]) traffic. In this usage, the STUN server is
typically located on the public Internet and run by the service
provider offering the application service (such as a SIP provider),
though this need not be the case. The client would utilize the STUN
request just prior to sending a protocol message (such as a SIP
INVITE request or 200 OK response) which requires the client to embed
its IP address in it.
In the connectivity check usage, two hosts on the Internet have used
a protocol such as SIP to rendezvous, and have used it to exchange IP
addresses and ports at which they might be reachable. However, each
host does not know whether it can actually connect to the other host
using that IP address and port, and whether that remote host can
reach it. To figure this out, each host will send a STUN Binding
Request to the other host, and if a reply is received, it knows that
the remote host was reachable. Furthermore, the mapped address
returned in the response tells the host the address and port at which
it can be reached by the remote host. The connectivity check usage
is used by ICE [11], for example.
In the binding keepalive usage, a client sends an application
protocol message (such as a SIP REGISTER message) to a server. The
server notes the source IP address and port of the request, and
remembers it. Later on, if it needs to reach the client, it sends a
message to that IP address and port. However, this message will only
be received by the client if the binding in the NAT is still alive.
Since bindings allocated by NAT expire unless refreshed, the client
must generate keepalive messages towards the server to refresh the
binding. Rather than use expensive application layer messages, a
STUN binding request is sent by the client to the server, and is sent
to the exact same IP address and port used by the server for the
application protocol. In the case of SIP, this would typically mean
port 5060 or 5061. This has the effect of keeping the bindings in
the NAT alive. The STUN binding responses also inform the client
that the server is still responsive, and also inform the client if
its IP address and port towards the server have changed, in which
case it may need application layer protocol messaging to update its
IP address and port as seen by the server. The binding keepalive
usage is used by the SIP outbound mechanism, for example [16].
These three usages all utilize the same Binding Request message, and
all require the same basic processing on the server. They differ
only in where the server is (embedded in a peer host, a standalone
server in the network, or embedded in an application layer server),
when the Binding Request is used, and what the client does with the
mapped address that is returned.
The short-term password usage makes use of the Shared Secret request
and response, and allows a client to obtain a temporary set of
credentials to authenticate itself with the STUN server. The
credentials obtained from this usage can be used in requests for any
other usage.
Many of the usages (such as the binding keepalive and connectivity
check usages) require STUN messages to be sent on the same IP address
and port as some application protocol, such as RTP or SIP. To
facilitate the demultiplexing of the two, STUN defines a special
field in the message called the magic cookie, which is a fixed 32 bit
value that identifies STUN traffic. STUN requests also contain a
fingerprint, which is a cryptographic hash of the message, that allow
for validation that the message was a STUN request and not a data
packet that happened to have the same 32 bit value in the right place
in the message.
STUN servers can be discovered through DNS, though this is not
necessary in all usages. For those usages where it is needed, STUN
makes use of SRV records [3] to facilitate discovery. This discovery
allows for different IP addresses and ports to be found for different
usages.
6. STUN Message Structure 6. STUN Message Structure
STUN messages are TLV (type-length-value) encoded using big endian STUN messages are TLV (type-length-value) encoded using big endian
(network ordered) binary. STUN messages are encoded using binary (network ordered) binary. STUN messages are encoded using binary
fields. All integer fields are carried in network byte order, that fields. All integer fields are carried in network byte order, that
is, most significant byte (octet) first. This byte order is commonly is, most significant byte (octet) first. This byte order is commonly
known as big-endian. The transmission order is described in detail known as big-endian. The transmission order is described in detail
in Appendix B of RFC791 [2]. Unless otherwise noted, numeric in Appendix B of RFC791 [2]. Unless otherwise noted, numeric
constants are in decimal (base 10). All STUN messages start with a constants are in decimal (base 10). All STUN messages start with a
single STUN header followed by a STUN payload. The payload is a single STUN header followed by a STUN payload. The payload is a
series of STUN attributes, the set of which depends on the message series of STUN attributes, the set of which depends on the message
type. The STUN header contains a STUN message type, transaction ID, type. The STUN header contains a STUN message type, transaction ID,
and length. The length indicates the total length of the STUN and length. The length indicates the total length of the STUN
payload, not including the 20-byte header. payload, not including the 20-byte header.
There are two categories of STUN message types: Requests and There are two types of transactions in STUN - request/response
Indications. transactions, which utilize a request message and a response message,
and an indication transaction, which utilizes a single indication
message. Furthermore, responses are broken into two types - success
responses and error responses. The specific message (for example,
that it is a Binding Response or a Shared Secret Request) is encoded
into the message type field of the STUN header. For a particular
request message, its success response has a type that is always 0x100
higher than its own type, and its error response has a type that is
0x110 higher than its own type. Extensions defining new requests,
responses and error responses MUST use message type values 0x100 and
0x110 higher for their success and error responses, respectively.
Upon receiving a STUN request, a STUN server will send a STUN success STUN Requests are sent reliably. STUN can run over UDP or TCP. When
response or a STUN error response. All STUN success responses MUST run over UDP, STUN requests are retransmitted in order to achieve
have a type whose value is 0x100 higher than their associated reliability. The transaction ID is used to correlate requests and
request, and all STUN error responses MUST have a type whose value is responses.
0x110 higher than their associated request. Any newly defined STUN
message types MUST use message type values 0x100 and 0x110 higher for
their success and error responses, respectively. STUN Requests are
sent reliably (Section 7.1). The transaction ID is used to correlate
requests and responses.
An indication message can be sent from the client to the server, or An indication message can be sent from the client to the server, or
from the server to the client. Indication messages are not sent from the server to the client. Indication messages can be sent over
reliably do not have an associated success response message type or TCP or UDP. STUN itself does not provide reliability for these
associated error response message type. Indication messages can be messages, though they will be delivered reliably when sent over TCP.
sent by the STUN client to the server, or from the STUN server to the Indication messages do not have an associated success response
client. The transaction ID is used to distinguish indication message type or associated error response message type. Indication
messages can be sent from the server to the client or client to
server. The transaction ID is used to distinguish indication
messages. messages.
All STUN messages consist of a 20 byte header: All STUN messages consist of a 20 byte header:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0| STUN Message Type | Message Length | |0 0| STUN Message Type | Message Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Magic Cookie | | Magic Cookie |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Transaction ID Transaction ID
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Format of STUN Message Header Figure 2: Format of STUN Message Header
The most significant two bits of every STUN message are 0b00. This, The most significant two bits of every STUN message are both zeroes.
combined with the magic cookie, aids in differentiating STUN packets This, combined with the magic cookie and the fingerprint attribute,
from other protocols when STUN is multiplexed with other protocols on aid in differentiating STUN packets from other protocols when STUN is
the same port. multiplexed with other protocols on the same port.
The STUN message types Binding Request, Response, and Error Response The STUN message types Binding Request, Response, and Error Response
are defined in Section 8 and Section 9.1. The Shared Secret Request, are defined in Section 8 and Section 9.1. The Shared Secret Request,
Response, and Error Response are described in Section 12.5. Their Response, and Error Response are described in Section 12.4. Their
values are enumerated in Section 15. values are enumerated in Section 15.
The message length is the size, in bytes, of the message not The message length is the size, in bytes, of the message not
including the 20 byte STUN header. including the 20 byte STUN header.
The magic cookie is a fixed value, 0x2112A442. In the previous The magic cookie is a fixed value, 0x2112A442. In the previous
version of this specification [13] this field was part of the version of this specification [13] this field was part of the
transaction ID. This fixed value affords easy identification of a transaction ID. This fixed value is used as part of the
STUN message when STUN is multiplexed with other protocols on the identification of a STUN message when STUN is multiplexed with other
same port, as is done for example in [12] and [15]. The magic cookie protocols on the same port, as is done for example in [11] and [16].
additionally indicates the STUN client is compliant with this The magic cookie additionally indicates the STUN client is compliant
specification. The magic cookie is present in all STUN messages -- with this specification. The magic cookie is present in all STUN
requests, success responses and error responses. messages -- requests, success responses, error responses and
indications.
The transaction ID is a 96 bit identifier. STUN transactions are The transaction ID is a 96 bit identifier. STUN transactions are
identified by their unique 96-bit transaction ID. This transaction identified by their unique 96-bit transaction ID. For request/
ID is chosen by the STUN client and MUST be unique for each new STUN response transactions, the transaction ID is chosen by the STUN
transaction by that STUN client. Any two requests that are not bit- client and MUST be unique for each new STUN transaction generated by
wise identical, and not sent to the same server from the same IP that STUN client. Any two requests that are not bit-wise identical,
address and port, MUST have a different transaction ID. The and not sent to the same server from the same IP address and port,
MUST have a different transaction ID. The transaction ID MUST be
uniformly and randomly distributed between 0 and 2**96 - 1. The
large range is needed because the transaction ID serves as a form of
randomization, helping to prevent replays of previously signed
responses from the server. A reponse to the STUN request, whether it
be a success or error response, carries the same transaction ID as
the request. Indications are also identified by their transaction
ID. The value is chosen by the server an MUST be unique for each
unique indication generated by the server. Any two requests that are
not bit-wise identical, and not sent to the same server from the same
IP address and port, MUST have a different transaction ID. The
transaction ID MUST be uniformly and randomly distributed between 0 transaction ID MUST be uniformly and randomly distributed between 0
and 2**96 - 1. The large range is needed because the transaction ID and 2**96 - 1.
serves as a form of randomization, helping to prevent replays of
previously signed responses from the server.
After the STUN header are zero or more attributes. Each attribute is After the STUN header are zero or more attributes. Each attribute is
TLV encoded, with a 16 bit type, 16 bit length, and variable value: TLV encoded, with a 16 bit type, 16 bit length, and variable value.
Each STUN attribute ends on a 32 bit boundary:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value .... | | Value .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Format of STUN Attributes Figure 3: Format of STUN Attributes
The Length refers to the length of the actual useful content of the
Value portion of the attribute, measured in bytes. Since STUN aligns
attributes on 32 bit boundaries, attributes whose content is not a
multiple of 4 bytes are padded with 1, 2 or 3 bytes of padding so
that they are a multiple of 4 btyes. Such padding is only needed
with attributes that take freeform strings, such as USERNAME and
PASSWORD. For attributes that contain more structured data, the
attributes are constructed to align on 32 bit boundaries. The value
in the Length field refers to the length of the Value part of the
attribute prior to padding - i.e., the useful content. Consequently,
when parsing messages, implementations will need to round up the
Length field to the nearest multiple of four in order to find the
start of the next attribute.
The attribute types defined in this specification are in Section 11 . The attribute types defined in this specification are in Section 11 .
7. STUN Transactions 7. STUN Transactions
STUN defines two types of transactions - request/response
transactions and indication transactions.
7.1. Request/Response Transactions
STUN clients are allowed to pipeline STUN requests. That is, a STUN STUN clients are allowed to pipeline STUN requests. That is, a STUN
client MAY have multiple outstanding STUN requests with different client MAY have multiple outstanding STUN requests with different
transaction IDs and not wait for completion of a STUN request/ transaction IDs and not wait for completion of a STUN request/
response exchange before sending another STUN request. response exchange before sending another STUN request.
7.1. Request Transaction Reliability
When running STUN over UDP it is possible that the STUN request or When running STUN over UDP it is possible that the STUN request or
its response might be dropped by the network. Reliability of STUN its response might be dropped by the network. Reliability of STUN
request message types is is accomplished through client request message types is is accomplished through client
retransmissions. Clients SHOULD retransmit the request starting with retransmissions. Clients SHOULD retransmit the request starting with
an interval of 100ms, doubling every retransmit until the interval an interval of 100ms, doubling every retransmit until the interval
reaches 1.6 seconds. Retransmissions continue with intervals of 1.6 reaches 1.6 seconds. Retransmissions continue with intervals of 1.6
seconds until a response is received, or a total of 9 requests have seconds until a response is received, or a total of 9 requests have
been sent. If no response is received by 1.6 seconds after the last been sent. If no response is received by 1.6 seconds after the last
request has been sent, the client SHOULD consider the transaction to request has been sent, the client SHOULD consider the transaction to
have failed. In other words, requests would be sent at times 0ms, have failed. In other words, requests would be sent at times 0ms,
100ms, 300ms, 700ms, 1500ms, 3100ms, 4700ms, 6300ms, and 7900ms. At 100ms, 300ms, 700ms, 1500ms, 3100ms, 4700ms, 6300ms, and 7900ms. At
9500ms, the client considers the transaction to have failed if no 9500ms, the client considers the transaction to have failed if no
response has been received. response has been received. A STUN transaction over UDP is also
considered failed if there has been a transport failure of some sort,
such as a fatal ICMP error.
When running STUN over TCP, TCP is responsible for ensuring delivery. When running STUN over TCP, TCP is responsible for ensuring delivery.
The STUN application SHOULD NOT retransmit STUN requests when running The STUN application SHOULD NOT retransmit STUN requests when running
over TCP. over TCP. If the client has not received a response after 9500ms, it
considers the transaction to have failed.
For STUN requests, failure occurs if there is a transport failure of Regardless of whether TCP or UDP was used for the transaction, if a
some sort (generally, due to fatal ICMP errors in UDP or connection failure occurs and the client has other servers it can reach (as a
failures in TCP) or if retransmissions of the same STUN Request consequence of an SRV query which provides a multiplicity of STUN
doesn't elicit a Response. If a failure occurs and the SRV query servers Section 8.1, for example), the client SHOULD create a new
indicated other STUN servers are available, the client SHOULD create request, which is identical to the previous, but has a different
a new request, which is identical to the previous, but has a transaction ID (and consequently a different MESSAGE INTEGRITY and
different transaction ID and MESSAGE INTEGRITY attribute (the HMAC FINGERPRINT attribute).
will change because the transaction ID has changed). That request is
sent to the next element in the list as specified by RFC2782.
The Indication message types are not sent reliably. 7.2. Indications
8. General Client Behavior Indications are sent from the client to the server, or from the
server to the client. Though no indications are used by this
specification, they are used by the STUN relay usage [14]. When sent
over UDP, there are no retransmissions, and reliability is not
provided. When sent over TCP, reliability is provided by TCP.
There are two classes of client behavior -- one for the request If a data indication solicits a fatal ICMP error, or causes a TCP
message types and another for the indication message types. error, the transaction is considered to have failed. In such a case,
the client SHOULD create a new transaction, which is identical to the
previous, but has a different transaction ID (and consequently a
different MESSAGE INTEGRITY and FINGERPRINT attribute). That request
is sent to the next element in the list as specified by RFC2782.
8.1. Request Message Types 8. Client Behavior
This section applies to client behavior for the Request message types Client behavior can be broken down into several steps. The first is
-- Binding Request and Shared Secret Request. For Request message discovery of the STUN server. The next is obtaining a shared secret.
types, the client must discover the STUN server's address and port, For request/response transactions, the next steps are formulating the
obtain a shared secret, formulate the Request, transmit the request request and processing the response. For indication transactions,
reliability, process the Binding Response, and use the information in the next step is formulating the indication.
the Response.
8.1.1. Discovery 8.1. Discovery
Unless stated otherwise by a STUN usage, DNS is used to discover the Unless stated otherwise by a STUN usage, DNS is used to discover the
STUN server following these procedures. STUN server following these procedures.
The client will be configured with a domain name of the provider of The client will be configured with a domain name of the provider of
the STUN servers. This domain name is resolved to an IP address and the STUN servers. This domain name is resolved to an IP address and
port using the SRV procedures specified in RFC2782 [4]. The port using the SRV procedures specified in RFC2782 [3]. The
mechanism for configuring the STUN client with the domain name to mechanism for configuring the STUN client with the domain name to
look up is not in scope of this document. look up is not in scope of this document.
The DNS SRV service name is "stun". The protocol is "udp" for The DNS SRV service name depends on the application usage. For the
sending Binding Requests, or "tcp" for sending Shared Secret binding usage, the service name is "stun". The protocol can be "udp"
Requests. The procedures of RFC 2782 are followed to determine the for UDP, "tcp" for TCP and "tls" for TLS over TCP. For the short
server to contact. RFC 2782 spells out the details of how a set of term password application usage, the service name is "stun-pass".
SRV records are sorted and then tried. However, RFC2782 only states The protocol is always "tls" for TLS over TCP. The binding keepalive
that the client should "try to connect to the (protocol, address, and connectivity check usages always start with an IP address, so no
service)" without giving any details on what happens in the event of DNS SRV service names are defined for them. New STUN usages MAY
failure; those details for STUN are described in Section 8.1.3. define additional DNS SRV service names. These SHOULD start with
"stun".
The procedures of RFC 2782 are followed to determine the server to
contact. RFC 2782 spells out the details of how a set of SRV records
are sorted and then tried. However, RFC2782 only states that the
client should "try to connect to the (protocol, address, service)"
without giving any details on what happens in the event of failure;
those details for STUN are described in Section 8.3.1.
A STUN server supporting multiple usages (such as the short term
password and binding discovery usage) MAY use the same ports for
different usages, as long as ports are not needed to differentiate
the usages. Different ports are not needed to differentiate the
usages defined in this specification. Different ports SHOULD be used
for TCP and TCP/TLS, so that the server can determine whether the
first message it will receive after the TCP connection is set up is a
STUN message or a TLS message.
The default port for STUN requests is 3478, for both TCP and UDP. The default port for STUN requests is 3478, for both TCP and UDP.
Administrators SHOULD use this port in their SRV records, but MAY use There is no default port for STUN over TLS. Administrators SHOULD
use this port in their SRV records for UDP and TCP, but MAY use
others. If no SRV records were found, the client performs an A or others. If no SRV records were found, the client performs an A or
AAAA record lookup of the domain name. The result will be a list of AAAA record lookup of the domain name. The result will be a list of
IP addresses, each of which can be contacted at the default port. IP addresses, each of which can be contacted at the default port
using UDP or TCP, independent of the STUN usage. For usages that
require TLS, such as the short term password usage, lack of SRV
records is equivalent to a failure of the transaction, since the
request or indication MUST NOT be sent unless SRV records provided an
address and port specifically for TLS.
8.1.2. Obtaining a Shared Secret 8.2. Obtaining a Shared Secret
As discussed in Section 13, there are several attacks possible on As discussed in Section 13, there are several attacks possible on
STUN systems. Many of these attacks are prevented through integrity STUN systems. Many of these attacks are prevented through integrity
protection of requests and responses. To provide that integrity, protection of requests and responses. To provide that integrity,
STUN makes use of a shared secret between client and server which is STUN makes use of a shared secret between client and server which is
used as the keying material for the MESSAGE-INTEGRITY attribute in used as the keying material for the MESSAGE-INTEGRITY attribute in
STUN messages. STUN allows for the shared secret to be obtained in STUN messages. STUN allows for the shared secret to be obtained in
any way (for example Kerberos [16] or ICE [12]). The shared secret any way. The application usage defines the mechanism and required
MUST have at least 128 bits of randomness. implementation strength for shared secrets.
When a client is needs to send a Request or an Indication, it can do
one of three things:
1. send the message without MESSAGE-INTEGRITY, if permitted by the Some usages, such as the connectivity check usage, assume that out of
STUN usage. band protocols, such as ICE, are used to obtain the necessary
credentials. Other usages, such as binding keepalives, don't use
authentication, as it is not required. Others, such as the binding
discovery, allows for authentication using either a long term shared
secret or a short term shared secret. The latter can be obtained by
using the short term password usage to obtain a short term shared
secret.
2. use a short term credential, as determined by the STUN usage. In Consequently, the STUN usages define rules for obtaining shared
this case, the STUN Request or STUN Indication would contain the secrets prior to sending a request.
USERNAME and MESSAGE-INTEGRITY attributes. The message would not
contain the NONCE attribute. The key for MESSAGE-INTEGRITY is
the password.
3. use long term credential, as determined by STUN usage. In this 8.3. Request/Response Transactions
case, the STUN request contains the USERNAME, REALM, and MESSAGE-
INTEGRITY attributes. The request does not contain the NONCE
attribute. The key for MESSAGE-INTEGRITY is MD5(unq(USERNAME-
value) ":" unq(REALM-value) ":" password).
Based on the STUN usage, the server does one of four things: 8.3.1. Formulating the Request Message
1. The server processes the request and generates a response. If The client follows the syntax rules defined in Section 6 and the
the request included the MESSAGE-INTEGRITY attribute, the server transmission rules of Section 7. The message type of the MUST be a
would also include MESSAGE-INTEGRITY in its response. request type; "Binding Request" or "Shared Secret Request" are the
two defined by this document.
2. The server generates an error response indicating that MESSAGE- The client creates a STUN message following the STUN message
INTEGRITY with short-term or with long-term credentials are structure described in Section 6. The client SHOULD add a MESSAGE-
required (error 401). To indicate that short-term credentials INTEGRITY and USERNAME attribute to the Request message if the usage
are required, the REALM attribute MUST NOT be present in the employs authentication. The specific credentials to use are
error response. To indicate short-term credentials are required, described by the STUN usage, which can specify no credentials, a
the REALM attribute MOST be present in the error response. short term credential, or a long term credential. The procedures for
each are:
3. The server generates an error response indicating that a NONCE 1. If the STUN usage specifies that no credentials are used, the
attribute is required (error 435) or that the supplied NONCE message is sent without MESSAGE-INTEGRITY
attribute's value is stale (error 437).
4. The server generates an error response indicating that the short- 2. If a short term credential is to be used, the STUN Request or
term credentials are no longer valid (error 430). The client STUN Indication would contain the USERNAME and MESSAGE-INTEGRITY
will have to obtain new short-term credentials appropriate to its attributes. The message would not contain the NONCE attribute.
STUN usage. The key for MESSAGE-INTEGRITY is the password.
In all of the above error responses, the NONCE attribute MAY 3. If a long term credential is to be used, the STUN request
optionally be included in the error response, in which case the contains the USERNAME, REALM, and MESSAGE-INTEGRITY attributes.
client MUST include that NONCE in the subsequent STUN transaction. The 16-byte key for MESSAGE-INTEGRITY HMAC is formed by taking
The NONCE value is not stored by the STUN client; it is only valid the MD5 hash of the result of concatenating the following five
for the subsequent STUN transaction and that transactions fields: (1) The username, with any quotes and trailing nulls
retransmissions. removed, (2) A single colon, (3) The realm, with any quotes and
trailing nulls removed, (4) A single colon, and (5) The password,
with any trailing nulls removed. For example, if the USERNAME
field were 'user', the REALM field were '"realm"', and the
PASSWORD field were 'pass', then the 16-byte HMAC key would be
the result of performing an MD5 hash on the string 'user:realm:
pass', or 0x8493fbc53ba582fb4c044c456bdc40eb.
STUN messages generated in order to obtain the shared secret are This format for the key was chosen so as to enable a common
formulated like other messages by following Section 8.1.3. authentication database for SIP, which uses digest authentication
as defined in RFC 2617 [7] and STUN, as it is expected that
credentials are usually stored in their hashed forms.
8.1.3. Formulating the Request Message The NONCE is included in the request only if a short or long term
credential is being used, and only if the STUN request is a retry as
a consequence of a previous error response which provided the client
with a NONCE.
The client follows the syntax rules defined in Section 6 and the For TCP and TLS-over-TCP, the client opens a TCP connection to the
transmission rules of Section 7. The message type of the MUST be a server. The TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite MUST be
request type; "Binding Request" or "Shared Secret Request" are the supported at a minimum by implementers when TLS is used with STUN.
two defined by this document. Implementers MAY also support any other ciphersuite. When it
receives the TLS Certificate message, the client SHOULD verify the
certificate and inspect the site identified by the certificate. If
the certificate is invalid, revoked, or if it does not identify the
appropriate party, the client MUST NOT send the STUN message or
otherwise proceed with the STUN transaction. The client MUST verify
the identity of the server. To do that, it follows the
identification procedures defined in Section 3.1 of RFC 2818 [4].
Those procedures assume the client is dereferencing a URI. For
purposes of usage with this specification, the client treats the
domain name or IP address used in Section 8.1as the host portion of
the URI that has been dereferenced. If DNS was not used, the client
MUST be configured with a set of authorized domains whose
certificates will be accepted.
The client creates a STUN message following the STUN message The client MUST include a FINGERPRINT attribute as the last
structure described in Section 6. The client SHOULD add a MESSAGE- attribute.
INTEGRITY and USERNAME attribute to the Request message.
Once formulated, the client sends the Binding Request. Reliability Next, the client sends the request. For UDP-based requests,
is accomplished through client retransmissions, following the reliability is accomplished through client retransmissions, following
procedure in Section 7.1. the procedure in Section 7.1. For TCP (including TLS over TCP),
there are no retransmissions.
The client MAY send multiple requests on the connection, and it may For TCP and TLS over TCP, the client MAY send multiple requests on
pipeline requests (that is, it can have multiple requests outstanding the connection, and it MAY pipeline requests (that is, it can have
at the same time). When using TCP the client SHOULD close the multiple requests outstanding at the same time). When using TCP or
connection as soon as it has received the STUN Response. TLS over TCP, the client SHOULD close the connection as soon as it
has received the STUN Response, if it has no plans to send further
requests.
8.1.4. Processing Responses 8.3.2. Processing Responses
All responses, whether success responses or error responses, MUST All responses, whether success responses or error responses, MUST
first be authenticated by the client. Authentication is performed by first be authenticated by the client. Authentication is performed by
first comparing the Transaction ID of the response to an oustanding first comparing the Transaction ID of the response to an oustanding
request. If there is no match, the client MUST discard the response. request. If there is no match, the client MUST discard the response.
Then the client SHOULD check the response for a MESSAGE-INTEGRITY Then the client SHOULD check the response for a MESSAGE-INTEGRITY
attribute. If not present, and the client placed a MESSAGE-INTEGRITY attribute. If not present, and the client placed a MESSAGE-INTEGRITY
attribute into the associated request, it MUST discard the response. attribute into the associated request, it MUST discard the response.
If MESSAGE-INTEGRITY is present, the client computes the HMAC over If MESSAGE-INTEGRITY is present, the client computes the HMAC over
the response as described in Section 11.8. The key to use depends on the response as described in Section 11.4. The key that is used MUST
the shared secret mechanism. If the STUN Shared Secret Request was be same as used to compute the MESSAGE-INTEGRITY attribute in the
used, the key MUST be same as used to compute the MESSAGE-INTEGRITY request.
attribute in the request.
If the computed HMAC matches the one from the response, processing If the computed HMAC matches the one from the response, processing
continues. The response can either be a Binding Response or Binding continues.
Error Response.
If the response is an Error Response, the client checks the response If the response is an Error Response, the client checks the response
code from the ERROR-CODE attribute of the response. For a 400 code from the ERROR-CODE attribute of the response. For a 400
response code, the client SHOULD display the reason phrase to the response code, the client SHOULD display the reason phrase to the
user. For a 420 response code, the client SHOULD retry the request, user. For a 420 response code, the client SHOULD retry the request,
this time omitting any attributes listed in the UNKNOWN-ATTRIBUTES this time omitting any attributes listed in the UNKNOWN-ATTRIBUTES
attribute of the response. For a 430 response code, the client attribute of the response.
SHOULD obtain a new one-time username and password, and retry the
Allocate Request with a new transaction. For 401 and 432 response If the client receives a 401 response and had not included a MESSAGE-
codes, if the client had omitted the USERNAME or MESSAGE-INTEGRITY INTEGRITY attribute in the request, it is an indication from the
attribute as indicated by the error, it SHOULD try again with those server that credentials are required. If the REALM attribute was
attributes. A new one-time username and password is needed in that present in the response, it is a signal to the client to use a long
case. For a 431 response code, the client SHOULD alert the user, and term shared secret and retry the request. The client SHOULD retry
MAY try the request again after obtaining a new username and the request, using the username and password associated with the
password. For a 300 response code, the client SHOULD attempt a new REALM. If the server had provided a nonce in the 401 response, the
transaction to the server indicated in the ALTERNATE-SERVER client SHOULD include the same nonce in the retry. If the REALM
attribute. For a 500 response code, the client MAY wait several attribute was absent in the resposne, it is a signal to the client to
seconds and then retry the request with a new username and password. use a short term shared secret and retry the request. If the client
For a 600 response code, client MUST NOT retry the request and SHOULD doesn't have a short term shared secret, it SHOULD use the Shared
display the reason phrase to the user. Unknown response codes Secret request to obtain one, and then retry the request with the
username and password obtained as a result. If the 401 response had
contained a NONCE attribute, that same nonce is included in the
retry.
If the client receives a 401 response but had included a MESSAGE-
INTEGRITY attribute in the request, there has been an unrecoverable
error. This shouldn't ever happen, but if it does, the client SHOULD
NOT retry the request.
If the client receives a 432 response, and the client had omitted the
USERNAME from the request but included a MESSAGE-INTEGRITY, the
client SHOULD retry the request and include both MESSAGE-INTEGRITY
and USERNAME. If the 432 response had contained a NONCE attribute,
that same nonce is included in the retry. If the client receives a
432 but had included both MESSAGE-INTEGRITY and USERNAME in the
request, there has been an unrecoverable error. This shouldn't ever
happen, but if it does, the client SHOULD NOT retry the request.
If the client receives a 435 response, but had included a NONCE in
the request, an unrecoverable error has occurred and the client
SHOULD NOT retry. However, if it had omitted the NONCE in the
request and received a 435, or it had included the NONCE but received
a 438, it is a request from the server to retry using the same
credential, but with a different nonce. The client SHOULD retry the
request, using the nonce provided in the NONCE attribute of the 435
or 438 response.
If the client receives a 430 response, it means that the client used
a short term credential which has expired. If the client had
submitted the request using a short term credential obtained from a
Shared Secret request, the client SHOULD generate a new Shared Secret
request to obtain a new short term credential, and then retry the
request with that credential. Note that the Shared Secret request
may or may not go to the same server which generated the 430
response; the server that receives the Shared Secret request is
determined by the DNS procedures defined above. If a 430 response
was received and the client had used a short term credential provided
through some other means, the client SHOULD obtain a new short term
credential using that mechanism. If the client had not used a short
term credential in the request, the 430 error is unrecoverable and
the request SHOULD NOT be retried. If the 430 response had contained
a NONCE attribute, that same nonce is included in the retry.
For a 431 response code, the client SHOULD alert the user, and if a
short term credential obtained from a Shared Secret request had been
used previously, the client MAY try the request again after obtaining
a new short term username and password. If the 431 response had
contained a NONCE attribute, that same nonce is included in the
retry.
If the client receives a 433 response, and the request was a Shared
Secret request which was not sent over TLS, the client SHOULD retry
the request, and MUST send it using TLS. If this response is
received to any other request except for a Shared Secret request, or
if the client had sent the Shared Secret request over TLS, it is an
unrecoverable error and the client SHOULD NOT retry. As with other
error responses, the 433 can contain a NONCE, and if present, that
nonce is used in the request retry.
If the client receives a 434 response, and had omitted the REALM in
the request, but had included MESSAGE-INTEGRITY, it is an indication
that, though a short-term credential was used for the request, the
server desires the client to use a long term credential. The client
SHOULD retry the request using the username and password associated
with the REALM. As with other error responses, the 434 can contain a
NONCE, and if present, that nonce is used in the request retry. If
the 434 was received but the request had contained a REALM, and the
REALM in the response differs from the REALM in the request, the
client SHOULD retry using the username and password associated with
the REALM in the response. If the REALMS were equal, this is an
unrecoverable error and the client SHOULD NOT retry.
It the client receives a 436 response, it means that the username it
provided in the request is unknown. For usages where the username
was collectedd from the user, the client SHOULD alert the user. The
client SHOULD NOT retry with the same username.
For error responses which can contain a NONCE, the client includes
the NONCE in a subsequent retry as discussed above. Furthermore, the
client SHOULD cache the nonce, and continue using it in subsequent
requests sent to the same server, identified by IP address and port.
For a 300 response code, the client SHOULD attempt a new transaction
to the server indicated in the ALTERNATE-SERVER attribute. This is
useful for load balancing requests across a STUN server cluster, when
those requests require some amount of resources to process. Though
this specification allows the 300 response to be applied to Binding
Requests, it is generally not useful to do so, since the work of
redirecting a Binding Request is equal to, if not more than, the work
of just processing the Binding Request. Consequently, the 300
response code is targeted for other usages of STUN, such as the relay
usage [14].
For a 500 response code, the client MAY wait several seconds and then
retry the request on the same server. Or, if the server was learned
through DNS SRV records, the client MAY try the request on a
different server. The same username and password MAY be used. For a
600 response code, client MUST NOT retry the request on this server,
or if the server was learned through DNS, any other server found
through the DNS resolution procedures. Unknown response codes
between 400 and 499 are treated like a 400, unknown response codes between 400 and 499 are treated like a 400, unknown response codes
between 500 and 599 are treated like a 500, and unknown response between 500 and 599 are treated like a 500, and unknown response
codes between 600 and 699 are treated like a 600. Any response codes between 600 and 699 are treated like a 600. Any response
between 100 and 299 MUST result in the cessation of request between 100 and 299 MUST result in the cessation of request
retransmissions, but otherwise is discarded. retransmissions, but otherwise is discarded.
Binding Responses containing unknown optional attributes (greater Responses containing unknown optional attributes (greater than
than 0x7FFF) MUST be ignored by the STUN client. Binding Responses 0x7FFF) MUST be ignored by the STUN client. Responses containing
containing unknown mandatory attributions (less than or equal to unknown mandatory attributions (less than or equal to 0x7FFF) MUST be
0x7FFF) MUST be discarded and considered immediately as a failed discarded and considered immediately as a failed transaction.
transaction.
It is also possible for an IPv4 host to receive a XOR-MAPPED-ADDRESS It is also possible for an IPv4 host to receive a XOR-MAPPED-ADDRESS
or MAPPED-ADDRESS containing an IPv6 address, or for an IPv6 host to or MAPPED-ADDRESS containing an IPv6 address, or for an IPv6 host to
receive a XOR-MAPPED-ADDRESS or MAPPED-ADDRESS containing an IPv4 receive a XOR-MAPPED-ADDRESS or MAPPED-ADDRESS containing an IPv4
address. Clients MUST be prepared for this case. address. Clients MUST be prepared for this case.
8.1.5. Using the Mapped Address The processing of other attributes in the response, such as the
mapped address (present in the XOR-MAPPED-ADDRESS attribute or
This section applies to the Binding Response message type. The MAPPED-ADDRESS attribute) depends on the STUN usage.
Binding Response message type always includes either the MAPPED-
ADDRESS attribute or the XOR-MAPPED-ADDRESS attribute, depending on
the presence of the magic cookie in the corresponding Binding
Request.
The mapped address present in the binding response can be used by
clients to facilitate traversal of NATs for many applications. NAT
traversal is problematic for applications which require a client to
insert an IP address and port into a message, to which subsequent
messages will be delivered by other entities in a network. Normally,
the client would insert the IP address and port from a local
interface into the message. However, if the client is behind a NAT,
this local interface will be a private address. Clients within other
address realms will not be able to send messages to that address.
An example of a such an application is SIP, which requires a client
to include IP address and port information in several places,
including the Session Description Protocol (SDP [19]) body carried by
SIP. The IP address and port present in the SDP is used for receipt
of media.
To use STUN as a technique for traversal of SIP and other protocols,
when the client wishes to send a protocol message, it figures out the
places in the protocol data unit where it is supposed to insert its
own IP address along with a port. Instead of directly using a port
allocated from a local interface, the client allocates a port from
the local interface, and from that port, initiates the STUN
procedures described above. The mapped address in the Binding
Response (XOR-MAPPED-ADDRESS or MAPPED- ADDRESS) provides the client
with an alternative IP address and port which it can then include in
the protocol payload. This IP address and port may be within a
different address family than the local interfaces used by the
client. This is not an error condition. In such a case, the client
would use the learned IP address and port as if the client was a host
with an interface within that address family.
In the case of SIP, to populate the SDP appropriately, a client would 8.4. Indication Transactions
generate two STUN Binding Request messages at the time a call is
initiated or answered. One is used to obtain the IP address and port
for RTP, and the other, for the Real Time Control Protocol
(RTCP)[14]. The client might also need to use STUN to obtain IP
addresses and ports for usage in other parts of the SIP message. The
detailed usage of STUN to facilitate SIP NAT traversal is outside the
scope of this specification.
As discussed above, the addresses learned by STUN may not be usable This section applies to client and server behavior for sending an
with all entities with whom a client might wish to communicate. The Indication message.
way in which this problem is handled depends on the application
protocol. The ideal solution is for a protocol to allow a client to
include a multiplicity of addresses and ports in the PDU. One of
those can be the address and port determined from STUN, and the
others can include addresses and ports learned from other techniques.
The application protocol would then provide a means for dynamically
detecting which one works. An example of such an an approach is
Interactive Connectivity Establishment (ICE [12]).
8.2. Indication Message Types The client or server follows the syntax rules defined in Section 6
and the transmission rules of Section 7. The message type MUST be
one of the Indication message types; none are defined by this
document.
This section applies to client behavior for the Indication message Indication messages cannot be challenged or rejected. Consequently,
types. they cannot be authenticated using long term credentials. If a STUN
usage specifies that authentication is needed for an indication
message, it can only be done using a short term credential. In that
case, the client or server MUST add a MESSAGE-INTEGRITY and USERNAME
attribute to the Request message. The key for MESSAGE-INTEGRITY is
the password.
8.2.1. Formulating the Indication Message The client or server MUST include a FINGERPRINT attribute as the last
attribute of any Indication message.
The client follows the syntax rules defined in Section 6 and the Typically, indication messages are sent to the same IP address and
transmission rules of Section 7. The message type MUST be one of the port, or over the same TCP connections as a previous request message.
Indication message types; none are defined by this document. However, a usage can specify that indication messages are sent based
on a DNS query, in which case the discovery procedures in Section 8.1
are followed, along with the TCP/TLS connection establishment
procedures defined in Section 8.3.1.
The client creates a STUN message following the STUN message Indication message types are not sent reliably, do not elicit a
structure described in Section 6. The client SHOULD add a MESSAGE- response from the server, and are not retransmitted.
INTEGRITY and USERNAME attribute to the Request message.
Once formulated, the client sends the Indication message. Indication For TCP and TLS over TCP, the client or server MAY send multiple
message types are not sent reliably, do not elicit a response from indications on the connection. By definition, since indications to
the server, and are not retransmitted. not generate a response, they can be pipelined on the connection.
For clients, the connection is closed once it determines it has no
further messages to send to the server. Servers do not normally
close TCP connections.
The client MAY send multiple indications on the connection, and it 9. Server Behavior
may pipeline indication messages. When using TCP the client SHOULD
close the TCP connection as soon as it has transmitted the indication
message.
9. General Server Behavior As with clients, server behavior depends on whether it is a request/
response transaction or indication.
9.1. Request Message Types 9.1. Request/Response Transactions
The server behavior for receiving request message types is described The server behavior for receiving request message types is described
in this section. in this section.
9.1.1. Receive Request Message 9.1.1. Receive Request Message
A STUN server MUST be prepared to receive Request and Indication A STUN server MUST be prepared to receive request messages on the IP
messages on the IP address and UDP or TCP port that will be address and UDP or TCP port that will be discovered by the STUN
discovered by the STUN client when the STUN client follows its client when the STUN client follows its discovery procedures
discovery procedures described in Section 8.1.1. Depending on the described in Section 8.1. Depending on the usage, the STUN server
usage, the STUN server will listen for incoming UDP STUN messages, will listen for incoming UDP STUN messages, incoming TCP STUN
incoming TCP STUN messages, or incoming TLS exchanges followed by TCP messages, or incoming TLS exchanges followed by TCP STUN messages.
STUN messages. The usages describe how the STUN server determines
the usage.
The server checks the request for a MESSAGE-INTEGRITY attribute. If When a STUN request is received, the server determines the usage.
not present, the server generates an error response with an ERROR- The usages describe how the STUN server makes this determination.
CODE attribute and a response code of 401. That error response MUST
include a NONCE attribute, containing a nonce that the server wishes Based on the usage, the server determines whether the request
the client to reflect back in a subsequent request (and therefore requires any authentication and message integrity checks. It can
include in the message integrity computation). The error response require none, short-term credential based authentication, or long-
MUST include a REALM attribute, containing a realm from which the term credential authentication.
username and password are scoped [8].
If authentication is required, the server checks for the presence of
the MESSAGE-INTEGRITY attribute. If not present, the server
generates an error response with an ERROR-CODE attribute and a
response code of 401. If the server wishes the client to use a short
term credential, the REALM is omitted from the response. If the
server wishes the client to use a long term credential, the REALM is
included in the response containing a realm from which the username
and password are scoped [7]. When the REALM is present in the
response, the server MUST include a NONCE attribute in the response.
The nonce includes a random value that the server wishes the client
to reflect back in a subsequent request (and therefore include in the
message integrity computation). When the REALM is absent in the
response, the server MAY include a NONCE in the response if it wishes
to use nonces along with short-term shared secrets. However, there
is little reason to do so, since the short-term password is, by
definition, short-term, and thus additional temporal scoping through
the nonce is not needed.
If the MESSAGE-INTEGRITY attribute was present, the server checks for If the MESSAGE-INTEGRITY attribute was present, the server checks for
the existence of the REALM attribute. If the attribute is not the existence of the USERNAME attribute. If it was not present, the
present, the server MUST generate an error response. That error server MUST generate an error response. The error response MUST
response MUST include an ERROR-CODE attribute with response code of include an ERROR-CODE attribute with a response code of 432. If the
434. That error response MUST also include a NONCE and a REALM server is using a long term credential for authentication, the
attribute. response MUST include a REALM and a NONCE. If the server is using a
short-term credential, it MUST NOT include a REALM in the response
and MAY include a NONCE.
If the REALM attribute was present, the server checks for the If the server is using long term credentials for authentication, and
the request contained the MESSAGE-INTEGRITY and USERNAME attributes,
the server checks for the existence of the REALM attribute. If the
attribute is not present, the server MUST generate an error response.
That error response MUST include an ERROR-CODE attribute with
response code of 434. That error response MUST also include a NONCE
and a REALM attribute.
If the REALM attribute was present and the server is using a long
term credential for authentication, the server checks for the
existence of the NONCE attribute. If the NONCE attribute is not existence of the NONCE attribute. If the NONCE attribute is not
present, the server MUST generate an error response. That error present, the server MUST generate an error response. That error
response MUST include an ERROR-CODE attribute with a response code of response MUST include an ERROR-CODE attribute with a response code of
435. That error response MUST include a NONCE attribute and a REALM 435. That error response MUST include a NONCE attribute and a REALM
attribute. attribute. If the NONCE was absent and the server is authenticating
with short term credentials, the server MAY generate an error
response with an ERROR-CODE attribute with a response code of 435.
This response MUST included a NONCE. If the NONCE was present in the
request, but the server has determined it is stale, the server MUST
generate an error response with an ERROR-CODE attribute with a
response code of 438.
If the NONCE attribute was present, the server checks for the Next, if the server is authenticating the request, it checks for the
existence of the USERNAME attribute. If it was not present, the presence of the USERNAME attribute. If absent, the server generates
server MUST generate an error response. The error response MUST an error response with an ERROR-CDE attribute with a response code of
include an ERROR-CODE attribute with a response code of 432. It MUST 432. If the server is authenticating using long term credentials, it
include a NONCE attribute and a REALM attribute. MUST include a REALM and NONCE in the response. If the server is
authenticating with short term credentials, it MUST NOT include a
REALM and MAY include a NONCE.
If the USERNAME attribute was present, the server computes the HMAC If the server is authenticating the request with a short term
over the request as described in Section 11.8. The key is computed credential, it checks the value of the USERNAME field. If the
as MD5(unq(USERNAME-value) ":" unq(REALM-value) ":" password), where USERNAME was previously valid but has expired, the server generates
the password is the password associated with the username and realm an error response with an ERROR-CODE attribute with a response code
provided in the request. If the server does not have a record for of 430. This error response MAY include a NONCE. If the server is
that username within that realm, the server generates an error authenticating with either short or long term credentials, it
response. That error response MUST include an ERROR-CODE attribute determines whether the USERNAME contains a known entity, and in the
with a response code of 436. That error response MUST include a case of a long-term credential, known within the realm of the REALM
NONCE attribute and a REALM attribute. attribute of the request. If the USERNAME is unknown, the server
generates an error response with an ERROR-CODE attribute with a
response code of 436. For authentication using long-term
credentials, that error response MUST include a NONCE attribute and a
REALM attribute. For authentication using short-term credentials, it
MAY include a NONCE but MUST NOT include a REALM.
This format for the key was chosen so as to enable a common At this point, if the server is doing authentication, the request
authentication database for SIP and STUN, as it is expected that contains everything needed for that purpose. The server computes the
credentials are usually stored in their hashed forms. HMAC over the request as described in Section 11.4. The key depends
on the credential. For short-term credentials, it equals the
password associated with the username. For long term credentials, it
is computed as described in Section 8.3.1.
If the computed HMAC differs from the one from the MESSAGE-INTEGRITY If the computed HMAC differs from the one from the MESSAGE-INTEGRITY
attribute in the request, the server MUST generate an error response attribute in the request, the server MUST generate an error response
with an ERROR-CODE attribute with a response code of 431. This with an ERROR-CODE attribute with a response code of 431. If long
response MUST include a NONCE attribute and a REALM attribute. term credentials are being used for authentication, this response
MUST include a NONCE attribute and a REALM attribute. If short term
credentials are being used, it MAY include a NONCE and MUST NOT
include a REALM.
If the computed HMAC doesn't differ from the one in the request, but At this point, the request has been authentication checked and
the nonce is stale, the server MUST generate an error response. That integrity verified.
error response MUST include an ERROR-CODE attribute with response
code 430. That error response MUST include a NONCE attribute and a
REALM attribute.
The server MUST check for any mantadory attributes in the request Next, the server MUST check for any mantadory attributes in the
(values less than or equal to 0x7fff) which it does not understand. request (values less than or equal to 0x7fff) which it does not
If it encounters any, the server MUST generate a Binding Error understand. If it encounters any, the server MUST generate an error
Response, and it MUST include an ERROR-CODE attribute with a 420 response, and it MUST include an ERROR-CODE attribute with a 420
response code. Any attributes that are known, but are not supposed response code. Any attributes that are known, but are not supposed
to be present in a message (MAPPED-ADDRESS in a request, for example) to be present in a message (MAPPED-ADDRESS in a request, for example)
MUST be ignored. MUST be ignored.
9.1.2. Constructing the Response 9.1.2. Constructing the Response
To construct the STUN Response the STUN server follows the message To construct the STUN Response the STUN server follows the message
structure described in Section 6. The server then copies the structure described in Section 6. The server then copies the
Transaction ID from the Request to the Response. If the STUN Transaction ID from the Request to the Response. If the STUN
response is a success response, the STUN server adds 0x100 to the response is a success response, the STUN server adds 0x100 to the
Message Type; if a failure response the STUN server adds 0x110 to the Message Type of the request. If the STUN response is a success
Message Type. response, the STUN server adds 0x110 to the Message Type of the
request.
Depending in the Request message type and the message attributes of The attributes that get added to the response depend on the type of
the request, the response is constructed; see Figure 4. response. See Figure 4 for a summary.
If the response is a type which can carry either MAPPED-ADDRESS or
XOR-MAPPED-ADDRESS (the Binding Response as defined in this
specification meets that criteria), the server examines the magic
cookie in the STUN header. If it has the value 0x2112A442, it
indicates that the client supports this version of the specification.
The server MUST insert a XOR-MAPPED-ADDRESS into the response,
carrying the exclusive-or of the source IP address and port from the
request. If the magic cookie did not have this value, it indicates
that the client supports the previous version of this specification.
The server MUST insert a MAPPED-ADDRESS attribute into the response,
carrying the souce IP address and port from the request. Insertion
of either XOR-MAPPED-ADDRESS or MAPPED-ADDRESS happens regardless of
the transport protocol used for the request.
XOR-MAPPED-ADDRESS and MAPPED-ADDRESS differ only in their encoding
of the IP address and port. The former, as implied by the name,
encodes the IP address and port by exclusive-or'ing them with the
magic cookie. The latter encodes them directly in binary. RFC 3489
originally specified only MAPPED-ADDRESS. However, deployment
experience found that some NATs rewrite the 32-bit binary payloads
containing the NAT's public IP address, such as STUN's MAPPED-ADDRESS
attribute, in the well-meaning but misguided attempt at providing a
generic ALG function. Such behavior interferes with the operation of
STUN and also causes failure of STUN's message integrity checking.
The server SHOULD include a SERVER attribute in all responses,
indicating the identity of the server generating the response. This
is useful for diagnostic purposes.
The server MUST include a FINGERPRINT attribute as the last attribute
of any Indication message.
In cases where the server cannot handle the request, due to
exhaustion of resources, the server MAY generate a 300 response with
an ALTERNATE-SERVER attribute. This attribute identifies an
alternate server which can service the requests. It is not expected
that 300 responses or this attribute would be used by the requests
defined in this specification.
9.1.3. Sending the Response 9.1.3. Sending the Response
All Response messages are sent to the IP address and port the All UDP response messages are sent to the IP address and port the
associated Binding Request came from, and sent from the IP address associated Binding Request came from, and sent from the IP address
and port the Binding Request was sent to. and port the Binding Request was sent to. All TCP or TLS over TCP
responses messages are sent on the TCP connections that the request
arrived on.
9.2. Indication Message Types 9.2. Indication Transactions
Indication messages cause the server to change its state. Indication Indication messages cause the server to change its state. Indication
message types to not cause the server to send a response message. message types to not cause the server to send a response message.
Indication message types are defined in other documents, for example A STUN server MUST be prepared to receive indication messages on the
in [3]. IP address and UDP or TCP port that will be discovered by the STUN
client when the STUN client follows its discovery procedures
described in Section 8.1. Depending on the usage, the STUN server
will listen for incoming UDP STUN messages, incoming TCP STUN
messages, or incoming TLS exchanges followed by TCP STUN messages.
10. Short-Term Passwords When a STUN indication is received, the server determines the usage.
The usages describe how the STUN server makes this determination.
Short-term passwords are useful to provide authentication and Based on the usage, the server determines whether the indication
integrity protection to STUN Request and STUN Response messages. requires any authentication and message integrity checks. It can
Short-term passwords are useful when there is no long-term require none or short-term credential based authentication. If
relationship with a STUN server and thus no long-term password is short-term credentials are utilized, the server follows the same
shared between the STUN client and STUN server. Even if there is a procedures as defined in Section 9.1.1, but if those procedures
long-term password, the issuance of a short-term password is useful require transmission of an error response, the server MUST instead
to prevent dictionary attacks. silently discard the indication.
Short-term passwords can be used multiple times for as long as a Once authenticated (if authentication was in use), the processing of
usage allows the same short-term password to be used. The duration the indication message depends on the message type. This
of validity is determined by usage. specification doesn't define any indication messages.
10. Demultiplexing of STUN and Application Traffic
In both the connectivity check and binding refresh usages, STUN
traffic is multiplexed on the same IP address and port as application
traffic, such as RTP. In order to apply the processing described in
this specification, STUN messages must first be separated from the
application packets. This disambiguation is done identically for
requests and responses of all types.
First, all STUN messages start with two bits equal to zero. If STUN
is being multiplexed with application traffic where it is known that
the topmost two bits are never zeroes, the presence of these two
zeroes signals STUN traffic.
If this mechanism doesn't suffice, the magic cookie can be used. All
STUN messages have the value 0x2112A442 as the second 32 bit word.
If the application traffic can not have this value as the second 32
bit word, then any packets with this value are STUN packets. Even if
the application packet can have this value (for example, in cases
where the application packets contain random binary data), there is
only a one in 2^32 chance that an application packet will have a
value of 0x2112A442 in its second 32 bit word. If this probability
is deemed sufficiently small for the application at hand (for
example, it is considered adequate for Voice over IP applications),
then any packet with this value in its second 32 bit word is
processed as a STUN packet.
However, a mis-classification of 1 in 2^32 may still be too high for
some usages of STUN. Consequently, all STUN messages contain a
FINGERPRINT attribute. This is a cryptographic hash over the
message, covering everything prior to the attribute. This attribute
is different from MESSAGE-INTEGRITY. The latter uses a keyed HMAC,
and thus requires a shared secret. FINGERPRINT does not use a
password, and can be computed just by examining the STUN message.
Thus, if a packet appears to be a STUN message because it has a value
of 0x2112A442 in its second 32 bit word, a client or server then
assumes the message is a STUN message, and computes the value for the
fingerprint. It then looks for the FINGERPRINT attribute in the
message, and if the value equals the computed value, the message is
considered to be a STUN message. If not, it is considered to be an
application packet
11. STUN Attributes 11. STUN Attributes
To allow future revisions of this specification to add new attributes To allow future revisions of this specification to add new attributes
if needed, the attribute space is divided into optional and mandatory if needed, the attribute space is divided into optional and mandatory
ones. Attributes with values greater than 0x7fff are optional, which ones. Attributes with values greater than 0x7fff are optional, which
means that the message can be processed by the client or server even means that the message can be processed by the client or server even
though the attribute is not understood. Attributes with values less though the attribute is not understood. Attributes with values less
than or equal to 0x7fff are mandatory to understand, which means that than or equal to 0x7fff are mandatory to understand, which means that
the client or server cannot successfully process the message unless the client or server cannot successfully process the message unless
it understands the attribute. it understands the attribute.
In order to align attributes on word boundaries, the length of the
all message attributes values MUST be 0 or a multiple of 4 bytes.
Extensions to this specification MUST also follow this requirement.
The values of the message attributes are enumerated in Section 15. The values of the message attributes are enumerated in Section 15.
The following figure indicates which attributes are present in which The following figure indicates which attributes are present in which
messages. An M indicates that inclusion of the attribute in the messages. An M indicates that inclusion of the attribute in the
message is mandatory, O means its optional, C means it's conditional message is mandatory, O means its optional, C means it's conditional
based on some other aspect of the message, and - means that the based on some other aspect of the message, and - means that the
attribute is not applicable to that message type. attribute is not applicable to that message type.
Error Error
Attribute Request Response Response Attribute Request Response Response Indication
______________________________________________ _______________________________________________________
MAPPED-ADDRESS - C - MAPPED-ADDRESS - C - -
USERNAME O - - USERNAME O - - O
PASSWORD - - - PASSWORD - C - -
MESSAGE-INTEGRITY O O O MESSAGE-INTEGRITY O O O O
ERROR-CODE - - M ERROR-CODE - - M -
ALTERNATE-SERVER - - C ALTERNATE-SERVER - - C -
REALM C C C REALM C - C -
NONCE C - C NONCE C - C -
UNKNOWN-ATTRIBUTES - - C UNKNOWN-ATTRIBUTES - - C -
XOR-MAPPED-ADDRESS - M - XOR-MAPPED-ADDRESS - C - -
XOR-ONLY O - - SERVER - O O O
SERVER - O O REFRESH-INTERVAL - O - -
BINDING-LIFETIME - O - FINGERPRINT M M M M
Figure 4: Mandatory Attributes and Message Types Figure 4: Mandatory Attributes and Message Types
11.1. MAPPED-ADDRESS 11.1. MAPPED-ADDRESS
The MAPPED-ADDRESS attribute indicates the mapped IP address and The MAPPED-ADDRESS attribute indicates the mapped IP address and
port. It consists of an eight bit address family, and a sixteen bit port. It consists of an eight bit address family, and a sixteen bit
port, followed by a fixed length value representing the IP address. port, followed by a fixed length value representing the IP address.
If the address family is IPv4, the address is 32 bits. If the If the address family is IPv4, the address is 32 bits. If the
address family is IPv6, the address is 128 bits. address family is IPv6, the address is 128 bits.
For backwards compatibility with RFC3489-compliant STUN clients, if
the magic cookie was not present in the associated Binding Request,
this attribute MUST be present in the associated response.
Discussion: Some NATs rewrite the 32-bit binary payloads
containing the NAT's public IP address, such as STUN's MAPPED-
ADDRESS attribute. Such behavior interferes with the operation of
STUN and also causes failure of STUN's message integrity checking.
Presence of the magic cookie in the STUN Request indicates the
client is compatible with this specification and is capable of
processing XOR-MAPPED-ADDRESS.
The format of the MAPPED-ADDRESS attribute is: The format of the MAPPED-ADDRESS attribute is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|x x x x x x x x| Family | Port | |x x x x x x x x| Family | Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address (variable) | Address (variable)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 21, line 40 skipping to change at page 29, line 21
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|x x x x x x x x| Family | Port | |x x x x x x x x| Family | Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address (variable) | Address (variable)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: Format of MAPPED-ADDRESS attribute Figure 5: Format of MAPPED-ADDRESS attribute
The address family can take on the following values: The address family can take on the following values:
0x01: IPv4 0x01: IPv4
0x02: IPv6 0x02: IPv6
The port is a network byte ordered representation of the port the The port is a network byte ordered representation of the port the
Binding Request arrived from. request arrived from.
The first 8 bits of the MAPPED-ADDRESS are ignored for the purposes The first 8 bits of the MAPPED-ADDRESS are ignored for the purposes
of aligning parameters on natural boundaries. of aligning parameters on natural 32 bit boundaries.
11.2. RESPONSE-ADDRESS
The RESPONSE-ADDRESS attribute indicates where the response to a
Binding Request should be sent. Its syntax is identical to MAPPED-
ADDRESS.
This attribute is not used by any STUN usages defined in this
document except for backwards compatibility with RFC3489 clients when
using the Binding Discovery usage (Section 12.2). Section 12.2.8
describes when this attribute must be included in a binding response.
Issue: should this attribute be made specific to Binding
Discovery or moved to another document entirely.
11.3. CHANGED-ADDRESS
The CHANGED-ADDRESS attribute indicates the IP address and port where
responses would have been sent from if the "change IP" and "change
port" flags had been set in the CHANGE-REQUEST attribute of the
Binding Request. Its syntax is identical to MAPPED-ADDRESS.
This attribute is not used by any STUN usages defined in this
document except for backwards compatibility with RFC3489 clients when
using the Binding Discovery usage (Section 12.2). Section 12.2.8
describes when this attribute must be included in a binding response.
Issue: should this attribute be made specific to Binding
Discovery or moved to another document entirely.
11.4. CHANGE-REQUEST
The CHANGE-REQUEST attribute is used by the client to request that
the server use a different address and/or port when sending the
response. The attribute is 32 bits long, although only two bits (A
and B) are used:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 A B 0|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The meaning of the flags are:
A: This is the "change IP" flag. If true, it requests the server to
send the Binding Response with a different IP address than the one
the Binding Request was received on.
B: This is the "change port" flag. If true, it requests the server
to send the Binding Response with a different port than the one
the Binding Request was received on.
This attribute is not used by any STUN usages defined in this
document.
Issue: should this attribute be made specific to Binding
Discovery or moved to another document entirely.
11.5. SOURCE-ADDRESS
The SOURCE-ADDRESS attribute is present in Binding Responses. It
indicates the source IP address and port that the server is sending
the response from. Its syntax is identical to that of MAPPED-
ADDRESS.
This attribute is not used by any STUN usages defined in this
document except for backwards compatibility with RFC3489 clients when
using the Binding Discovery usage (Section 12.2). Section 12.2.8
describes when this attribute must be included in a binding response.
Issue: should this attribute be made specific to Binding
Discovery or moved to another document entirely.
11.6. USERNAME 11.2. USERNAME
The USERNAME attribute is used for message integrity. It identifies The USERNAME attribute is used for message integrity. It identifies
the shared secret used in the message integrity check. The USERNAME the shared secret used in the message integrity check. Consequently,
is always present in a Shared Secret Response, along with the the USERNAME MUST be included in any request that contains the
PASSWORD. When message integrity is used with Binding Request MESSAGE-INTEGRITY attribute.
messages, the USERNAME attribute MUST be included.
The value of USERNAME is a variable length opaque value. The USERNAME is also always present in a Shared Secret Response,
along with the PASSWORD, which informs a client of a short term
password.
11.7. PASSWORD The value of USERNAME is a variable length opaque value. Note that,
as described above, if the USERNAME is not a multiple of four bytes
it is padded for encoding into the STUN message, in which case the
attribute length represents the length of the USERNAME prior to
padding.
11.3. PASSWORD
If the message type is Shared Secret Response it MUST include the If the message type is Shared Secret Response it MUST include the
PASSWORD attribute. PASSWORD attribute.
The value of PASSWORD is a variable length opaque value. The The value of PASSWORD is a variable length opaque value. The
password returned in the Shared Secret Response is used as the HMAC password returned in the Shared Secret Response is used as the HMAC
in the MESSAGE-INTEGRITY attribute of a subsequent STUN transaction. in the MESSAGE-INTEGRITY attribute of a subsequent STUN transaction.
Note that, as described above, if the USERNAME is not a multiple of
four bytes it is padded for encoding into the STUN message, in which
case the attribute length represents the length of the USERNAME prior
to padding.
11.8. MESSAGE-INTEGRITY 11.4. MESSAGE-INTEGRITY
The MESSAGE-INTEGRITY attribute contains an HMAC-SHA1 [9] of the STUN The MESSAGE-INTEGRITY attribute contains an HMAC-SHA1 [8] of the STUN
message. The MESSAGE-INTEGRITY attribute can be present in any STUN message. The MESSAGE-INTEGRITY attribute can be present in any STUN
message type. Since it uses the SHA1 hash, the HMAC will be 20 message type. Since it uses the SHA1 hash, the HMAC will be 20
bytes. The text used as input to HMAC is the STUN message, including bytes. The text used as input to HMAC is the STUN message, including
the header, up to and including the attribute preceding the MESSAGE- the header, up to and including the attribute preceding the MESSAGE-
INTEGRITY attribute. That text is then padded with zeroes so as to INTEGRITY attribute. That text is then padded with zeroes so as to
be a multiple of 64 bytes. As a result, the MESSAGE-INTEGRITY be a multiple of 64 bytes. As a result, the MESSAGE-INTEGRITY
attribute is the last attribute in any STUN message. However, STUN attribute is generally the next to last attribute in any STUN
clients MUST be able to successfully parse and process STUN messages message. With the exception of the FINGERPRINT attribute, which
which have additional attributes after the MESSAGE-INTEGRITY appears after MESSAGE-INTEGRITY, elements MUST ignore all other
attribute. STUN clients that are compliant with this specification attributes which follow MESSAGE-INTEGRITY.
SHOULD ignore attributes that are after the MESSAGE-INTEGRITY
attribute.
The key used as input to HMAC depends on the STUN usage and the The key used as input to HMAC depends on the STUN usage and the
shared secret mechanism. shared secret mechanism.
11.9. ERROR-CODE 11.5. FINGERPRINT
The FINGERPRINT attribute is present in all STUN messages. It is
computed as a SHA1 hash of the STUN message up to (but excluding) the
FINGERPRINT attribute itself. The value of the attribute is the
actual binary output of the SHA-1 function. The FINGERPRINT
attribute MUST be the last attribute in the message.
11.6. ERROR-CODE
The ERROR-CODE attribute is present in the Binding Error Response and The ERROR-CODE attribute is present in the Binding Error Response and
Shared Secret Error Response. It is a numeric value in the range of Shared Secret Error Response. It is a numeric value in the range of
100 to 699 plus a textual reason phrase encoded in UTF-8, and is 100 to 699 plus a textual reason phrase encoded in UTF-8, and is
consistent in its code assignments and semantics with SIP [10] and consistent in its code assignments and semantics with SIP [9] and
HTTP [11]. The reason phrase is meant for user consumption, and can HTTP [10]. The reason phrase is meant for user consumption, and can
be anything appropriate for the response code. The length of the be anything appropriate for the response code. Recommended reason
reason phrase MUST be a multiple of 4 (measured in bytes), phrases for the defined response codes are presented below.
accomplished by added spaces to the end of the text, if necessary.
Recommended reason phrases for the defined response codes are
presented below.
To facilitate processing, the class of the error code (the hundreds To facilitate processing, the class of the error code (the hundreds
digit) is encoded separately from the rest of the code. digit) is encoded separately from the rest of the code.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0 |Class| Number | | 0 |Class| Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reason Phrase (variable) .. | Reason Phrase (variable) ..
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The class represents the hundreds digit of the response code. The The class represents the hundreds digit of the response code. The
value MUST be between 1 and 6. The number represents the response value MUST be between 1 and 6. The number represents the response
code modulo 100, and its value MUST be between 0 and 99. code modulo 100, and its value MUST be between 0 and 99.
If the reason phrase has a length that is not a multiple of four
bytes, it is padded for encoding into the STUN message, in which case
the attribute length represents the length of the entire ERROR-CODE
attribute (including the reason phrase) prior to padding.
The following response codes, along with their recommended reason The following response codes, along with their recommended reason
phrases (in brackets) are defined at this time: phrases (in brackets) are defined at this time:
300 (Try Alternate): The client should contact an alternate server 300 (Try Alternate): The client should contact an alternate server
for this request. for this request.
400 (Bad Request): The request was malformed. The client should 400 (Bad Request): The request was malformed. The client should not
not retry the request without modification from the previous retry the request without modification from the previous
attempt. attempt.
401 (Unauthorized): The Binding Request did not contain a MESSAGE- 401 (Unauthorized): The request did not contain a MESSAGE-INTEGRITY
INTEGRITY attribute. attribute.
420 (Unknown Attribute): The server did not understand a mandatory 420 (Unknown Attribute): The server did not understand a mandatory
attribute in the request. attribute in the request.
430 (Stale Credentials): The Binding Request did contain a MESSAGE- 430 (Stale Credentials): The request did contain a MESSAGE-INTEGRITY
INTEGRITY attribute, but it used a shared secret that has attribute, but it used a shared secret that has expired. The
expired. The client should obtain a new shared secret and try client should obtain a new shared secret and try again.
again.
431 (Integrity Check Failure): The Binding Request contained a 431 (Integrity Check Failure): The request contained a MESSAGE-
MESSAGE-INTEGRITY attribute, but the HMAC failed verification. INTEGRITY attribute, but the HMAC failed verification. This
This could be a sign of a potential attack, or client could be a sign of a potential attack, or client implementation
implementation error. error.
432 (Missing Username): The Binding Request contained a MESSAGE- 432 (Missing Username): The request contained a MESSAGE-INTEGRITY
INTEGRITY attribute, but not a USERNAME attribute. Both attribute, but not a USERNAME attribute. Both USERNAME and
USERNAME and MESSAGE-INTEGRITY must be present for integrity MESSAGE-INTEGRITY must be present for integrity checks.
checks.
433 (Use TLS): The Shared Secret request has to be sent over TLS, 433 (Use TLS): The Shared Secret request has to be sent over TLS,
but was not received over TLS. but was not received over TLS.
434 (Missing Realm): The REALM attribute was not present in the 434 (Missing Realm): The REALM attribute was not present in the
request. request.
435 (Missing Nonce): The NONCE attribute was not present in the 435 (Missing Nonce): The NONCE attribute was not present in the
request. request.
436 (Unknown Username): The USERNAME supplied in the Request is not 436 (Unknown Username): The USERNAME supplied in the request is not
known or is not known in the given REALM. known or is not known to the server.
437 (Stale Nonce): The NONCE attribute was present in the request 438 (Stale Nonce): The NONCE attribute was present in the request
but wasn't valid. but wasn't valid.
500 (Server Error): The server has suffered a temporary error. The 500 (Server Error): The server has suffered a temporary error. The
client should try again. client should try again.
600 (Global Failure): The server is refusing to fulfill the 600 (Global Failure): The server is refusing to fulfill the request.
request. The client should not retry. The client should not retry.
Issue: Do 300/500/600 mean that other STUN servers returned in
the same SRV lookup should be retried / not retried? With same
SRV Priority?
11.10. REFLECTED-FROM
The REFLECTED-FROM attribute is present only in Binding Responses,
when the Binding Request contained a RESPONSE-ADDRESS attribute. The
attribute contains the identity (in terms of IP address) of the
source where the request came from. Its purpose is to provide
traceability, so that a STUN server cannot be used as a reflector for
denial-of-service attacks. Its syntax is identical to the MAPPED-
ADDRESS attribute.
This attribute is not used by any STUN usages defined in this
document.
Issue: should this attribute be made specific to Binding
Discovery or moved to another document entirely.
11.11. ALTERNATE-SERVER
The alternate server represents an alternate IP address and port for
a different TURN server to try. It is encoded in the same way as
MAPPED-ADDRESS.
11.12. REALM 11.7. REALM
The REALM attribute is present in Requests and Responses. It The REALM attribute is present in requests and responses. It
contains text which meets the grammar for "realm" as described in contains text which meets the grammar for "realm" as described in RFC
RFC3261 [10], and will thus contain a quoted string (including the 3261 [9], and will thus contain a quoted string (including the
quotes). quotes).
Presence of the REALM attribute indicates that long-term credentials Presence of the REALM attribute in a request indicates that long-term
are used for the values of the USERNAME, PASSWORD, and MESSAGE- credentials are being used for authentication. Presence in certain
INTEGRITY attributes. error responses indicates that the server wishes the client to use a
long-term credential for authentication.
11.13. NONCE 11.8. NONCE
The NONCE attribute is present in Requests and in Error responses. The NONCE attribute is present in requests and in error responses.
It contains a sequence of qdtext or quoted-pair, which are defined in It contains a sequence of qdtext or quoted-pair, which are defined in
RFC3261 [10]. RFC 3261 [9]. See RFC 2617 [7] for guidance on selection of nonce
values in a server.
11.14. UNKNOWN-ATTRIBUTES 11.9. UNKNOWN-ATTRIBUTES
The UNKNOWN-ATTRIBUTES attribute is present only in a Binding Error The UNKNOWN-ATTRIBUTES attribute is present only in an error response
Response or Shared Secret Error Response when the response code in when the response code in the ERROR-CODE attribute is 420.
the ERROR-CODE attribute is 420.
The attribute contains a list of 16 bit values, each of which The attribute contains a list of 16 bit values, each of which
represents an attribute type that was not understood by the server. represents an attribute type that was not understood by the server.
If the number of unknown attributes is an odd number, one of the If the number of unknown attributes is an odd number, one of the
attributes MUST be repeated in the list, so that the total length of attributes MUST be repeated in the list, so that the total length of
the list is a multiple of 4 bytes. the list is a multiple of 4 bytes.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute 1 Type | Attribute 2 Type | | Attribute 1 Type | Attribute 2 Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute 3 Type | Attribute 4 Type ... | Attribute 3 Type | Attribute 4 Type ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 9: Format of UNKNOWN-ATTRIBUTES attribute Figure 8: Format of UNKNOWN-ATTRIBUTES attribute
11.15. XOR-MAPPED-ADDRESS 11.10. XOR-MAPPED-ADDRESS
The XOR-MAPPED-ADDRESS attribute is only present in Binding The XOR-MAPPED-ADDRESS attribute is present in responses. It
Responses. It provides the same information that would present in provides the same information that would present in the MAPPED-
the MAPPED-ADDRESS attribute but because the NAT's public IP address ADDRESS attribute but because the NAT's public IP address is
is obfuscated through the XOR function, STUN messages are able to obfuscated through the XOR function, STUN messages are able to pass
pass through NATs which would otherwise interfere with STUN. See the through NATs which would otherwise interfere with STUN.
discussion in Section 11.1.
This attribute MUST always be present in a Binding Response. This attribute MUST always be present in a Binding Response and may
be used in other responses as well. Usages defining new requests and
responses should specify if XOR-MAPPED-ADDRESS is applicable to their
responses.
Note: Version -02 of this Internet Draft used 0x8020 for this
attribute, which was in the Optional range of attributes. This
attribute has been moved back to 0x0020 as a Mandatory attribute.
[This paragraph should be removed prior to publication as an RFC.]
The format of the XOR-MAPPED-ADDRESS is: The format of the XOR-MAPPED-ADDRESS is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|x x x x x x x x| Family | X-Port | |x x x x x x x x| Family | X-Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| X-Address (Variable) | X-Address (Variable)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 10: Format of XOR-MAPPED-ADDRESS Attribute Figure 9: Format of XOR-MAPPED-ADDRESS Attribute
The Family represents the IP address family, and is encoded The Family represents the IP address family, and is encoded
identically to the Family in MAPPED-ADDRESS. identically to the Family in MAPPED-ADDRESS.
X-Port is the mapped port, exclusive or'd with most significant 16 X-Port is the mapped port, exclusive or'd with most significant 16
bits of the magic cookie. If the IP address family is IPv4, bits of the magic cookie. If the IP address family is IPv4,
X-Address is mapped IP address exclusive or'd with the magic cookie. X-Address is the mapped IP address exclusive or'd with the magic
If the IP address family is IPv6, the X-Address is the mapped IP cookie. If the IP address family is IPv6, the X-Address is the
address exclusively or'ed with the magic cookie and the 96-bit mapped IP address exclusively or'ed with the magic cookie and the 96-
transaction ID. bit transaction ID.
Issue: The motivation for XORing the IP address is clear. Is
there a motivation for XORing the port?
For example, using the "^" character to indicate exclusive or, if the For example, using the "^" character to indicate exclusive or, if the
IP address is 192.168.1.1 (0xc0a80101) and the port is 5555 (0x15B3), IP address is 192.168.1.1 (0xc0a80101) and the port is 5555 (0x15B3),
the X-Port would be 0x15B3 ^ 0x2112 = 0x34A1, and the X-Address would the X-Port would be 0x15B3 ^ 0x2112 = 0x34A1, and the X-Address would
be 0xc0a80101 ^ 0x2112A442 = 0xe1baa543. be 0xc0a80101 ^ 0x2112A442 = 0xe1baa543.
11.16. SERVER 11.11. SERVER
The server attribute contains a textual description of the software The server attribute contains a textual description of the software
being used by the server, including manufacturer and version number. being used by the server, including manufacturer and version number.
The attribute has no impact on operation of the protocol, and serves The attribute has no impact on operation of the protocol, and serves
only as a tool for diagnostic and debugging purposes. The length of only as a tool for diagnostic and debugging purposes. The value of
the server attribute MUST be a multiple of 4 (measured in bytes), SERVER is variable length. If the value of SERVER is not a multiple
accomplished by added spaces to the end of the text, if necessary. of four bytes, it is padded for encoding into the STUN message, in
The value of SERVER is variable length. which case the attribute length represents the length of the USERNAME
prior to padding.
11.17. ALTERNATE-SERVER 11.12. ALTERNATE-SERVER
The alternate server represents an alternate IP address and port for The alternate server represents an alternate IP address and port for
a different STUN server to try. It is encoded in the same way as a different STUN server to try. It is encoded in the same way as
MAPPED-ADDRESS. MAPPED-ADDRESS.
This attribute is MUST only appear in an Error Response. This This attribute is MUST only appear in an error response.
attribute MUST only appear when using the TURN usage.
11.18. BINDING-LIFETIME 11.13. REFRESH-INTERVAL
The binding lifetime indicates the number of seconds the NAT binding The REFRESH-INTERVAL indicates the number of milliseconds that the
will be valid. This attribute MUST only be present in Response server suggests the client should use between refreshes of the NAT
messages. This attribute MUST NOT be present unless the STUN server bindings between the client and server. Even though the server may
is aware of the minimum binding lifetime of all NATs on the path not know the binding lifetimes in intervening NATs, this attribute
between the STUN client and the STUN server. serves as a useful configuration mechanism for suggesting a value for
use by the client. Furthermore, when the NAT Keepalive usage is
being used, the server may become overloaded with Binding Requests
that are being used for keepalives. The REFRESH-INTERVAL provies a
mechanism for the server to gradually reduce the load on itself by
pushing back on the client.
12. STUN Usages REFRESH-INTERVAL is specified as an unsigned 32 bit integer, and
represents an interval measured in millseconds. It can be present in
Binding Responses.
12. STUN Usages
STUN is a simple request/response protocol that provides a useful STUN is a simple request/response protocol that provides a useful
capability in several situations. In this section, different usages capability in several situations. In this section, different usages
of STUN are described. Each usages may differ in how STUN servers of STUN are described. Each usage may differ in how STUN servers are
are discovered, the message types, and the message attributes that discovered, when the STUN requests are sent, what message types are
are supported. used, what message attributes are used, and how authentication is
performed.
This specification defines the STUN usages for binding discovery This specification defines the STUN usages for binding discovery
(Section 12.2), connectivity check (Section 12.3), NAT keepalives (Section 12.1), connectivity check (Section 12.2), NAT keepalives
(Section 12.4) and short-term password (Section 12.5). (Section 12.3) and short-term password (Section 12.4).
New STUN usages may be defined by other standards-track documents. New STUN usages may be defined by other standards-track documents.
New STUN usages MUST describe their applicability, client discovery New STUN usages MUST describe their applicability, client discovery
of the STUN server, how the server determines the usage, new message of the STUN server, how the server determines the usage, new message
types (requests or indications), new message attributes, new error types (requests or indications), new message attributes, new error
response codes, and new client and server procedures. response codes, and new client and server procedures.
12.1. Defined STUN Usages 12.1. Binding Discovery
12.2. Binding Discovery
The previous version of this specification, RFC3489 [13], described The previous version of this specification, RFC3489 [13], described
only this binding discovery usage. only this binding discovery usage.
12.2.1. Applicability 12.1.1. Applicability
Binding discovery is useful to learn reflexive addresses from servers Binding discovery is used to learn reflexive addresses from servers
on the network. That is, it is used to determine your dynamically- on the network, generally the public Internet. That is, it is used
bound 'public' IP address and UDP port that is assigned by a NAT by a client to determine its dynamically-bound 'public' IP address
between a STUN client and a STUN server. This usage is used with ICE and UDP port that is assigned by a NAT between a STUN client and a
[12]. STUN server. This address and port will be present in the mapped
address of the STUN Binding Response.
When short-term passwords are used with binding discovery, the The mapped address present in the binding response can be used by
username and password are valid for subsequent transactions for nine clients to facilitate traversal of NATs for many applications. NAT
(9) minutes. traversal is problematic for applications which require a client to
insert an IP address and port into a message, to which subsequent
messages will be delivered by other entities in a network. Normally,
the client would insert the IP address and port from a local
interface into the message. However, if the client is behind a NAT,
this local interface will be a private address. Clients within other
address realms will not be able to send messages to that address.
12.2.2. Client Discovery of Server An example of a such an application is SIP, which requires a client
to include IP address and port information in several places,
including the Session Description Protocol (SDP [17]) body carried by
SIP. The IP address and port present in the SDP is used for receipt
of media.
The general client discovery of server behavior is sufficient for To use STUN as a technique for traversal of SIP and other protocols,
this usage. when the client wishes to send a protocol message, it figures out the
places in the protocol data unit where it is supposed to insert its
own IP address along with a port. Instead of directly using a port
allocated from a local interface, the client allocates a port from
the local interface, and from that port, generates a STUN Binding
Request. The mapped address in the Binding Response (XOR-MAPPED-
ADDRESS or MAPPED-ADDRESS) provides the client with an alternative IP
address and port which it can then include in the protocol payload.
This IP address and port may be within a different address family
than the local interfaces used by the client. This is not an error
condition. In such a case, the client would use the learned IP
address and port as if the client was a host with an interface within
that address family.
12.2.3. Server Determination of Usage In the case of SIP, to populate the SDP appropriately, a client would
generate two STUN Binding Request messages at the time a call is
initiated or answered. One is used to obtain the IP address and port
for RTP, and the other, for the Real Time Control Protocol
(RTCP)[15]. The client might also need to use STUN to obtain IP
addresses and ports for usage in other parts of the SIP message. The
detailed usage of STUN to facilitate SIP NAT traversal is outside the
scope of this specification.
The general binding server behavior is sufficient for this usage. As discussed above, the addresses learned by STUN may not be usable
with all entities with whom a client might wish to communicate. The
way in which this problem is handled depends on the application
protocol. The ideal solution is for a protocol to allow a client to
include a multiplicity of addresses and ports in the PDU. One of
those can be the address and port determined from STUN, and the
others can include addresses and ports learned from other techniques.
The application protocol would then provide a means for dynamically
detecting which one works. An example of such an an approach is
Interactive Connectivity Establishment (ICE [11]).
12.2.4. New Requests or Indications 12.1.2. Client Discovery of Server
Clients SHOULD be configured with a domain name for a STUN server to
use. In cases where the client has no explicit configuration
mechanism for STUN, but knows the domain of its service provider, the
client SHOULD use that domain (in the case of SIP, this would be the
domain from their Address-of-Record). The discovery mechanisms
defined in Section 8.1 are then applied to that domain name.
12.1.3. Server Determination of Usage
It is anticipated that servers would advertise a specific port in the
DNS for the Binding Discovery usage. Thus, when a request arrives at
that particular port, the server knows that the binding usage is in
use. This fact is only needed for purposes of determining the
authentication and message integrity mechanism to apply.
12.1.4. New Requests or Indications
This usage does not define any new message types. This usage does not define any new message types.
12.2.5. New Attributes 12.1.5. New Attributes
This usage does not define any new message attributes. This usage does not define any new message attributes.
12.2.6. New Error Response Codes 12.1.6. New Error Response Codes
This usage does not define any new error response codes. This usage does not define any new error response codes.
12.2.7. Client Procedures 12.1.7. Client Procedures
This usage does not define any new client procedures. The binding discovery is utilized by a client just prior to
generating an application PDU that requires the client to include its
IP address and port. The client MAY first obtain a short term
credential using the short term password STUN usage. The credential
that is obtained is then using in Binding Request messages. A
Binding Request message is generated for each distinct IP address and
port that the client requires to formulate the application PDU.
12.2.8. Server Procedures 12.1.8. Server Procedures
In this usage, the short-term password is valid for 30 seconds after It is RECOMMENDED that servers utilize short term credentials,
its initial assignment. obtained by the client from a Shared Secret request, for
authentication and message integrity. Consequently, if a Binding
Request is generated without a short term credential, the server
SHOULD challenge for one.
For backwards compatibility with RFC3489-compliant STUN servers, if 12.1.9. Security Considerations for Binding Discovery
the STUN server receives a Binding request without the magic cookie,
the STUN server MUST include the following attributes in the Binding
response; otherwise these attribute MUST NOT be included:
MAPPED-ADDRESS
SOURCE-ADDRESS
Likewise if the STUN server receives a Binding Request containing the There are no security considerations for this usage beyond those
CHANGE-REQUEST attribute without the magic cookie, the STUN server described in Section 13.
MUST include the CHANGED-ADDRESS attribute in its Binding Response.
12.2.9. Security Considerations for Binding Discovery 12.2. Connectivity Check
Issue: Currently, the security considerations applies to all the 12.2.1. Applicability
various usages. Split it up to talk about each one? Create
subsections talking about each usage?
12.3. Connectivity Check This STUN usage primarily provides a connectivity check to a peer
discovered through rendezvous protocols. The usage presumes that
some other mechanism, such as ICE [11] has been used allow two peer
agents to exchange IP addresses and ports. The agents would like to
initiate direct communications with each other, using those IP
addresses and ports. However, it is not known which IP addresses and
ports will actually work for direct exchange of communications, due
to NAT, firewall and other network connectivity issues.
Consequently, each agent uses a STUN Binding Request from each of
their transport addresses to each of the transport addresses of their
peers. This check serves numerous purposes. Firstly, if a response
is received to a Binding Request, an agent knows that that particular
5-tuple (the transport address that the Binding Request was sent to,
along with the one it was sent from) are viable for direct
communciations. Secondly, the mapped address from the Binding
Response tells the agent its reflexive address towards its peer,
which may be another candidate for receipt of communications.
Finally, the connectivity checks can keep NAT bindings in intervening
NATs active.
12.3.1. Applicability It is fundamental to this STUN usage that the addresses and ports
used for direct communications are the same ones used for the Binding
Requests and responses. Consequently, it will be necessary to
demultiplex STUN traffic from whatever the application data traffic
is. This demultiplexing is done using the magic cookie along with
the FINGERPRINT attribute.
This STUN usage primarily provides a connectivity check to a peer Because the connectivity check usage is always used in conjunction
discovered through rendezvous protocols and additionally allows with some kind of rendezvous protocol, it is assumed that the
learning reflexive address discovery to the peer. rendezvous protocol provides the exchange of a short term credential.
This credential is then used for authentication and message integrity
of the STUN Binding Requests and Responses.
The username and password exchanged in the rendezvous protocol is The username and password exchanged in the rendezvous protocol is
valid for the duration of the connection being checked. valid for the duration of the connection being checked.
12.3.2. Client Discovery of Server 12.2.2. Client Discovery of Server
The client does not follow the general procedure in Section 8.1.1. The client does not follow the general procedure in Section 8.1.
Instead, the client discovers the STUN server's IP address and port Instead, the client discovers the STUN server's IP address and port
through a rendezvous protocol such as Session Description Protocol through a rendezvous protocol. Note that the STUN server is a
(SDP [19]). An example of such a discovery technique is ICE [12]. logical entity in this usage, and it will be running on the exact
same IP address and port as is used for actual communications.
12.3.3. Server Determination of Usage 12.2.3. Server Determination of Usage
The server is aware of this usage because it signalsed this port The server is aware of this usage because it signalsed this port
through the rendezvous protocol. through the rendezvous protocol. Any STUN packets received on this
port will be for the connectivity check usage.
When operating in this usage, the STUN server is listening on an
ephemeral port rather than the IANA-assigned STUN port. The server
is typically multiplexing two protocols on this port, one protocol is
STUN and the other protocol is the peer-to-peer protocol using that
same port. When used with ICE, the two protocols multiplexed on the
same port are STUN and RTP [14].
12.3.4. New Requests or Indications 12.2.4. New Requests or Indications
This usage does not define any new message types. This usage does not define any new message types.
12.3.5. New Attributes 12.2.5. New Attributes
This usage does not define any new message attributes. This usage does not define any new message attributes.
12.3.6. New Error Response Codes 12.2.6. New Error Response Codes
This usage does not define any new error response codes. This usage does not define any new error response codes.
12.3.7. Client Procedures 12.2.7. Client Procedures
This usage does not define any new client procedures. A client will generate a connectivity check based on the procedures
defined in the rendezvous protocol that uses this usage. Generally
this will be done after an exchange of IP addresses and ports has
occurred between the two clients, at which point connectivity checks
will begin.
12.3.8. Server Procedures Clients MUST include the FINGERPRINT attribute, to aid in
disambiguation of STUN and application traffic. Clients MUST used a
short term credential obtained through the rendezvous protocol. The
specific structure and format of the username and password are
defined by the rendezvous protocol. Receipt of any non-recoverable
STUN error is an indication that there is no connectivity to that IP
address and port.
12.2.8. Server Procedures
In this usage, the short-term password is valid as long as the UDP In this usage, the short-term password is valid as long as the UDP
port is listening for STUN packets. For example when used with ICE, port is listening for STUN packets. For example when used with ICE,
the short-term password would be valid as long as the RTP session the short-term password would be valid as long as the RTP session
(which multiplexes STUN and RTP) is active. (which multiplexes STUN and RTP) is active.
12.3.9. Security Considerations for Connectivity Check 12.2.9. Security Considerations for Connectivity Check
The username and password, which are used for STUN's message The username and password, which are used for STUN's message
integrity, are exchanged in the rendezvous protocol. Failure to integrity, are exchanged in the rendezvous protocol. Failure to
encrypt and integrity protect the rendezvous protocol is equivalent encrypt and integrity protect the rendezvous protocol is equivalent
in risk to using STUN without message integrity. in risk to using STUN without message integrity.
12.4. NAT Keepalives 12.3. NAT Keepalives
12.4.1. Applicability
This usage is useful in two cases: keeping a NAT binding open in a
client connection to a server and detecting server failure and NAT
reboots.
The username and password used for STUN integrity can be used for 24 12.3.1. Applicability
hours.
Issue: do we need message integrity for keepalives when doing In this STUN usage, a client is connected to a server for a
STUN and SIP on the same port? Do we need message integrity for particular application protocol (for example, a SIP proxy server).
keepalives when doing STUN and RTP on the same port (recvonly, The connection is long-lived, allowing for asynchronous messaging
inactive) from the server to the client. The client is connected to the server
either using TCP, in which case there is a long-lived TCP connection
from the client to the server, or using UDP, in which case the server
stores the source IP address and port of a message from a client
(such as SIP REGISTER), and sends messages to the client using that
IP address and port.
If yes, do we continue using same STUN username/password forever Since the connection between the client and server is very-long
(days?) lived, the bindings established by that connection need to be
maintained in any intervening NATs. Rather than implement expensive
application-layer keepalives, the keepalives can be accomplished
using STUN Binding Requests. The client will periodically sending a
Binding Request to the server, using the same IP address and ports
used for the application protocol. These Binding Requests are
demultiplexed at the server using the magic cookie and possibly
FINGERPRINT. The response from the server informs the client that
the server is still alive. The STUN message also keeps the binding
active in intervening NATs. The client can also examine the mapped
address in the Binding Response. If it has changed, the client can
re-initiate application layer procedures to inform the server of its
new IP address and port.
12.4.2. Client Discovery of Server 12.3.2. Client Discovery of Server
In this usage, the STUN server and the application protocol are using In this usage, the STUN server and the application protocol are using
the same fixed port. While the multiplexing of two applications on the same fixed port. While the multiplexing of two applications on
the same port is similar to the connectivity check (Section 12.3) the same port is similar to the connectivity check (Section 12.2)
usage, this usage is differs as the server's port is fixed and the usage, this usage is differs as the server's port is fixed and the
server's port isn't communicated using a rendezvous protocol. server's port isn't communicated using a rendezvous protocol.
12.4.3. Server Determination of Usage 12.3.3. Server Determination of Usage
The server multiplexes both STUN and its application protocol on the The server multiplexes both STUN and its application protocol on the
same port. The server knows it is has this usage because the URI same port. The server knows it is has this usage because the URI
that gets resolved to this port indicates the server supports this that gets resolved to this port indicates the server supports this
multiplexing. multiplexing.
12.4.4. New Requests or Indications 12.3.4. New Requests or Indications
This usage does not define any new message types. This usage does not define any new message types.
12.4.5. New Attributes 12.3.5. New Attributes
This usage does not define any new message attributes. This usage does not define any new message attributes.
12.4.6. New Error Response Codes 12.3.6. New Error Response Codes
This usage does not define any new error response codes. This usage does not define any new error response codes.
12.4.7. Client Procedures 12.3.7. Client Procedures
If the STUN Response indicates the client's mapped address has If the STUN Response indicates the client's mapped address has
changed from the client's expected mapped address, the client SHOULD changed from the client's expected mapped address, the client SHOULD
inform other applications of its new mapped address. For example, a inform other applications of its new mapped address. For example, a
SIP client should send a new registration message indicating the new SIP client should send a new registration message indicating the new
mapped address. mapped address.
12.4.8. Server Procedures The client SHOULD NOT include a MESSAGE-INTEGRITY attribute, since
authentication is not used with this STUN usage.
In this usage no authentication is used so there is no duration of 12.3.8. Server Procedures
the short-term password.
12.4.9. Security Considerations for NAT Keepalives The server MUST NOT authenticate the client or look for a MESSAGE-
INTEGRITY attribute. Authentication is not used with this STUN
usage.
Issue: Currently, the security considerations applies to all the 12.3.9. Security Considerations for NAT Keepalives
various usages. Split it up to talk about each one? Create
subsections talking about each usage?
12.5. Short-Term Password This STUN usage does not employ message integrity or authentication
of any sort. This is because the client never actually uses the
mapped address from the STUN response. It merely treats a change in
that address as a hint that the client should re-apply application
layer procedures for connection establishment and registration.
An attacker could attempt to inject faked responses, or modify
responses in transit. Such an attack would require the attacker to
be on-path in order to determine the transaction ID. In the worse
case, the attack would cause the client to see a change in IP address
or port, and then perform an application layer re-registration. Such
a re-registration would not use the IP address and port obtained from
the Binding Response. Thus, the worst that the attacker can do is
cause the client to re-register every half minute or so, when it
otherwise wouldn't need to. Given the difficulty in launching this
attack (it requires the attacker to be on-path and to disrupt the
actual response from the server) compared to the benefit, there is
little motivation for authentication or integrity mechanisms.
12.4. Short-Term Password
In order to ensure interoperability, this usage describes a TLS-based In order to ensure interoperability, this usage describes a TLS-based
mechanism to obtain a short-term username and short-term password. mechanism to obtain a short-term credential. The usage makes use of
the Shared Secret Request and Response messages. It is defined as a
separate usage in order to allow it to run on a separate port, and to
allow it to be more easily separated from the different STUN usages,
only some of which require this mechanism.
12.5.1. Applicability 12.4.1. Applicability
To thwart some on-path attacks described in Section 13, it is To thwart some on-path attacks described in Section 13, it is
necessary for the STUN client and STUN server to integrity protect necessary for the STUN client and STUN server to integrity protect
the information they exchange over UDP. In the absence of a long- the information they exchange over UDP. In the absence of a long-
term secret (password) that is shared between them, a short-term term secret (password) that is shared between them, a short-term
password can be obtained using the usage described in this section. password can be obtained using the usage described in this section.
The username and password returned in the STUN Shared Secret Response The username and password returned in the STUN Shared Secret Response
are valid for use in subsequent STUN transactions for nine (9) are valid for use in subsequent STUN transactions for nine (9)
minutes with any hosts that have the same SRV Priority value as minutes with any hosts that have the same SRV Priority value as
discovered via Section 12.5.2. The username and password obtained discovered via Section 12.4.2. The username and password obtained
with this usage are used as the USERNAME and as the HMAC for the with this usage are used as the USERNAME and in the HMAC for the
MESSAGE-ID in a subsequent STUN message, respectively. MESSAGE-INTEGRITY in a subsequent STUN message, respectively.
The duration of validity of the username and password obtained via
this usage depends on the usage of the subsequent STUN messages that
are protected with that username and password.
12.5.2. Client Discovery of Server 12.4.2. Client Discovery of Server
The client follows the procedures in Section 8.1.1, except the SRV The client follows the procedures in Section 8.1. The SRV protocol
protocol is TCP rather than UDP and the service name "stun-tls". is "tls" and the service name "stun-pass".
For example a client would look up "_stun-tls._tcp.example.com" in For example a client would look up "_stun-pass._tls.example.com" in
DNS. DNS.
12.5.3. Server Determination of Usage 12.4.3. Server Determination of Usage
The server advertises this port in the DNS as capable of receiving The server advertises this port in the DNS as capable of receiving
TLS-protected STUN messages for this usage. The server MAY also TLS over TCP connections, along with the Shared Secret messages that
advertise this same port in DNS for other TCP usages if the server is run over it. The server MAY also advertise this same port in DNS for
capable of multiplexing those different usages. For example, the other TLS over TCP usages if the server is capable of multiplexing
server could advertise those different usages. For example, the server could advertise the
short-term password and binding discovery usages on the same TLS/TCP
port.
12.5.4. New Requests or Indications 12.4.4. New Requests or Indications
The message type Shared Secret Request and its associated Shared The message type Shared Secret Request and its associated Shared
Secret Response and Shared Secret Error Response are defined in this Secret Response and Shared Secret Error Response are defined in this
section. Their values are enumerated in Section 15. section. Their values are enumerated in Section 15.
The following figure indicates which attributes are present in the The following figure indicates which attributes are present in the
Shared Secret Request, Response, and Error Response. An M indicates Shared Secret Request, Response, and Error Response. An M indicates
that inclusion of the attribute in the message is mandatory, O means that inclusion of the attribute in the message is mandatory, O means
its optional, C means it's conditional based on some other aspect of its optional, C means it's conditional based on some other aspect of
the message, and N/A means that the attribute is not applicable to the message, and - means that the attribute is not applicable to that
that message type. Attributes not listed are not applicable to message type. Attributes not listed are not applicable to Shared
Shared Secret Request, Response, or Error Response. Secret Request, Response, or Error Response.
Shared Shared Shared Shared Shared Shared
Secret Secret Secret Secret Secret Secret
Attribute Request Response Error Attribute Request Response Error
Response Response
____________________________________________________________________ ____________________________________________________________________
USERNAME - M - USERNAME O M -
PASSWORD - M - PASSWORD - M -
MESSAGE-INTEGRITY O O O
ERROR-CODE - - M ERROR-CODE - - M
ALTERNATE-SERVER - - C
UNKNOWN-ATTRIBUTES - - C UNKNOWN-ATTRIBUTES - - C
SERVER - O O SERVER - O O
REALM C - C REALM C - C
Note: As this usage requires running over TLS, MESSAGE-INTEGRITY NONCE C - C
isn't necessary.
12.5.5. New Attributes The Shared Secret requests, like other STUN requests, can be
authenticated. However, since its purpose is to obtain a short-term
credential, the Shared Secret request itself cannot be authenticated
with a short-term credential. However, it can be authenticated with
a long-term credential.
12.4.5. New Attributes
No new attributes are defined by this usage. No new attributes are defined by this usage.
12.5.6. New Error Response Codes 12.4.6. New Error Response Codes
This usage does not define any new error response codes. This usage defines the 433 error response. Only the MESSAGE-
INTEGRITY, ERROR-CODE and SERVER attributes are applicable to this
response.
12.5.7. Client Procedures 12.4.7. Client Procedures
The client opens up the connection to that address and port, and Shared Secret requests are formed like other STUN requests, with the
immediately begins TLS negotiation[6]. The client MUST verify the following additions. Clients MUST NOT use a short-term credential
identity of the server. To do that, it follows the identification with a Shared Secret request. They SHOULD send the request with no
procedures defined in Section 3.1 of RFC2818 [5]. Those procedures credentials (omitting MESSAGE-INTEGRITY and USERNAME).
assume the client is dereferencing a URI. For purposes of usage with
this specification, the client treats the domain name or IP address
used in Section 9.1 as the host portion of the URI that has been
dereferenced. Once the connection is opened, the client sends a
Shared Secret request. This request has no attributes, just the
header. The transaction ID in the header MUST meet the requirements
outlined for the transaction ID in a binding request, described in
Section 9.3 below.
If the response was a Shared Secret Error Response, the client checks Processing of the Shared Secret response follows that of any other
the response code in the ERROR-CODE attribute. If the response was a STUN response. Note that clients MUST be prepared to be challenged
Shared Secret Response, it will contain a short lived username and for a long-term credential.
password, encoded in the USERNAME and PASSWORD attributes,
respectively.
12.5.8. Server Procedures If the response was a Shared Secret Response, the it will contain a
short lived username and password, encoded in the USERNAME and
PASSWORD attributes, respectively. A client SHOULD use these
credentials whenever short term credentials are needed for any server
discovered using the same domain name as was used to discover the one
which returned those credentials. For example, if a client used a
domain name of example.com, it would have looked up _stun-
pass._tls.example.com in DNS, found a server, and sent a Shared
Secret request that provided a credential to the client. The client
would use this credential with a server discovered by looking up
_stun._udp.example.com in the DNS.
After a client has established a TLS session, the server should If the response was a Shared Secret Error Response, and ERROR-CODE
expect a STUN message containing a Shared Secret Request. The server attribute was present with a response code of 433, and the client had
will generates a response, which can either be a Shared Secret not sent the request over TLS, the client SHOULD establish a TLS
Response or a Shared Secret Error Response. connection to the server and retry the request over that connection.
If the client had used TLS, this error response is unrecoverable and
the client SHOULD NOT retry.
12.5.9. Security Considerations for Short-Term Password 12.4.8. Server Procedures
Issue: Currently, the security considerations applies to all the The procedures for general processing of STUN requests apply to
various usages. Split it up to talk about each one? Create Shared Secret requests. Servers MAY challenge the client for a long-
subsections talking about each usage? term credential if one was not provided in a request. However, they
MUST NOT challenge the request for a short-term credential.
If the Shared Secret Request did not arrive over a TLS connection,
the server MUST generate a Shared Secret Error response with an
ERROR-CODE attribute that has a response code of 433.
If the request is valid and authenticated (assuming the server is
performing authentication), the server MUST create a short term
credential for the user. This credential consists of a username and
password. The credentials MUST be valid for a duration of at least
nine minutes, and SHOULD NOT be valid for a duration of longer than
thirty minutes. The username MUST be distinct, with extremely high
probabilities, from all usernames that have been handed out across
all servers that are returned from DNS SRV queries for the same
domain name. Extremely high probability means that the likelihood of
collision SHOULD be better than 1 in 2**64. The password for each
username MUST be cryptographically random with at least 128 bits of
entropy.
12.4.9. Security Considerations for Short-Term Password
The security considerations in Section 13 do not apply to the Shared
Secret request and response, since these messages do not make use of
mapped addresses, which is the primary source of security
consideration discussed there. Rather, shared secret requests are
used to obtain short term credentials that are used in the
authentication of other messages.
Because the Shared Secret response itself carries a credential, in
the form of a username and password, it must be sent encrypted. For
this reason, STUN servers MUST reject any Shared Secret request that
has not arrived over a TLS connection.
Malicious clients could generate a multiplicity of Shared Secret
requests, each of which causes the server to allocate shared secrets,
each of which might consume memory and processing resources. If
shared secret requests are not being authenticated, this leads to a
possible denial-of-service attack. Indeed, even if the requestor is
authenticated, attacks are still possible.
To prevent being swamped with traffic, a STUN server SHOULD limit the
number of simultaneous TLS connections it will hold open by dropping
an existing connection when a new connection request arrives (based
on an Least Recently Used (LRU) policy, for example).
Similarly, servers SHOULD allocate only a small number of shared
secrets to a host with a particular source IP address and port.
Requests from the same IP address and port which exceed this limit
SHOULD be rejected with a 600 response. Servers SHOULD also limit
the total number of shared secrets they will provide at a time across
all clients, based on the number of users and expected loads during
normal peak usage. If a Shared Secret request arrives and the server
has exceeded its limit, it SHOULD reject the request with a 500
response.
Furthermore, for servers which are not authenticating shared secret
requests, it is RECOMMENDED that short-term credentials be
constructed in a way such that they do not require memory or disk to
store.
This can be done by intelligently computing the username and
password. One approach is to construct the USERNAME as:
USERNAME = <prefix,rounded-time,clientIP,hmac>
Where prefix is some random text string (different for each shared
secret request), rounded-time is the current time modulo 20 minutes,
clientIP is the source IP address where the Shared Secret Request
came from, and hmac is an HMAC [13] over the prefix, rounded-time,
and client IP, using a server private key.
The password is then computed as:
password = <hmac(USERNAME,anotherprivatekey)>
With this structure, the username itself, which will be present in
the Binding Request, contains the source IP address where the Shared
Secret Request came from. That allows the server to meet the
requirements specified in Section 8.1 for constructing the REFLECTED-
FROM attribute. The server can verify that the username was not
tampered with, using the hmac present in the username.
13. Security Considerations 13. Security Considerations
Issue: This section has not been revised to properly consider the Attacks on STUN systems vary depending on the usage. The short term
attacks on each of STUN's different usages. This needs to be done. password usage is quite different from the other usages defined here,
and its security considerations are unique to it and discussed as
part of the usage definition. However, all of the other usages are
very similar, and share a similar set of security considerations as a
consequence of their usage of the mapped address from STUN Binding
Responses. Consequently, these security considerations apply to
usage of the mapped address.
13.1. Attacks on STUN 13.1. Attacks on STUN
Generally speaking, attacks on STUN can be classified into denial of Generally speaking, attacks on STUN can be classified into denial of
service attacks and eavesdropping attacks. Denial of service attacks service attacks and eavesdropping attacks. Denial of service attacks
can be launched against a STUN server itself, or against other can be launched against a STUN server itself, or against other
elements using the STUN protocol. STUN servers create state through elements using the STUN protocol. The attacks of greater interest
the Shared Secret Request mechanism. To prevent being swamped with are those in which the STUN server and client are used to launch
traffic, a STUN server SHOULD limit the number of simultaneous TLS denial of service (DoS) attacks against other entities, including the
connections it will hold open by dropping an existing connection when client itself. Many of the attacks require the attacker to generate
a new connection request arrives (based on an Least Recently Used a response to a legitimate STUN request, in order to provide the
(LRU) policy, for example). Similarly, if the server is storing client with a faked mapped address. The attacks that can be launched
short-term passwords it SHOULD limit the number of shared secrets it using such a technique include:
will store. The attacks of greater interest are those in which the
STUN server and client are used to launch denial of service (DoS)
attacks against other entities, including the client itself. Many of
the attacks require the attacker to generate a response to a
legitimate STUN request, in order to provide the client with a faked
XOR-MAPPED-ADDRESS or MAPPED-ADDRESS. In the sections below, we
refer to either the XOR-MAPPED-ADDRESS or MAPPED-ADDRESS as just the
mapped address (note the lower case). The attacks that can be
launched using such a technique include:
13.1.1. Attack I: DDoS Against a Target 13.1.1. Attack I: DDoS Against a Target
In this case, the attacker provides a large number of clients with In this case, the attacker provides a large number of clients with
the same faked mapped address that points to the intended target. the same faked mapped address that points to the intended target.
This will trick all the STUN clients into thinking that their This will trick all the STUN clients into thinking that their
addresses are equal to that of the target. The clients then hand out addresses are equal to that of the target. The clients then hand out
that address in order to receive traffic on it (for example, in SIP that address in order to receive traffic on it (for example, in SIP
or H.323 messages). However, all of that traffic becomes focused at or H.323 messages). However, all of that traffic becomes focused at
the intended target. The attack can provide substantial the intended target. The attack can provide substantial
skipping to change at page 38, line 23 skipping to change at page 48, line 31
traversed NAT is a full cone NAT). Discovering open ports is already traversed NAT is a full cone NAT). Discovering open ports is already
fairly trivial using port probing, so this does not represent a major fairly trivial using port probing, so this does not represent a major
threat. threat.
13.2.2. Approach II: DNS Attacks 13.2.2. Approach II: DNS Attacks
STUN servers are discovered using DNS SRV records. If an attacker STUN servers are discovered using DNS SRV records. If an attacker
can compromise the DNS, it can inject fake records which map a domain can compromise the DNS, it can inject fake records which map a domain
name to the IP address of a STUN server run by the attacker. This name to the IP address of a STUN server run by the attacker. This
will allow it to inject fake responses to launch any of the attacks will allow it to inject fake responses to launch any of the attacks
above. above. Clearly, this attack is only applicable for usages which
discover servers through DNS.
13.2.3. Approach III: Rogue Router or NAT 13.2.3. Approach III: Rogue Router or NAT
Rather than compromise the STUN server, an attacker can cause a STUN Rather than compromise the STUN server, an attacker can cause a STUN
server to generate responses with the wrong mapped address by server to generate responses with the wrong mapped address by
compromising a router or NAT on the path from the client to the STUN compromising a router or NAT on the path from the client to the STUN
server. When the STUN request passes through the rogue router or server. When the STUN request passes through the rogue router or
NAT, it rewrites the source address of the packet to be that of the NAT, it rewrites the source address of the packet to be that of the
desired mapped address. This address cannot be arbitrary. If the desired mapped address. This address cannot be arbitrary. If the
attacker is on the public Internet (that is, there are no NATs attacker is on the public Internet (that is, there are no NATs
between it and the STUN server), and the attacker doesn't modify the between it and the STUN server), and the attacker doesn't modify the
STUN request, the address has to have the property that packets sent STUN request, the address has to have the property that packets sent
from the STUN server to that address would route through the from the STUN server to that address would route through the
compromised router. This is because the STUN server will send the compromised router. This is because the STUN server will send the
responses back to the source address of the request. With a modified responses back to the source address of the request. With a modified
source address, the only way they can reach the client is if the source address, the only way they can reach the client is if the
compromised router directs them there. If the attacker is on the compromised router directs them there.
public Internet, but they can modify the STUN request, they can
insert a RESPONSE-ADDRESS attribute into the request, containing the
actual source address of the STUN request. This will cause the
server to send the response to the client, independent of the source
address the STUN server sees. This gives the attacker the ability to
forge an arbitrary source address when it forwards the STUN request.
Todo: RESPONSE-ADDRESS has been removed from this version of the
specification. Reword or remove above paragraph accordingly.
If the attacker is on a private network (that is, there are NATs If the attacker is on a private network (that is, there are NATs
between it and the STUN server), the attacker will not be able to between it and the STUN server), the attacker will not be able to
force the server to generate arbitrary mapped addresses in responses. force the server to generate arbitrary mapped addresses in responses.
They will only be able force the STUN server to generate mapped They will only be able force the STUN server to generate mapped
addresses which route to the private network. This is because the addresses which route to the private network. This is because the
NAT between the attacker and the STUN server will rewrite the source NAT between the attacker and the STUN server will rewrite the source
address of the STUN request, mapping it to a public address that address of the STUN request, mapping it to a public address that
routes to the private network. Because of this, the attacker can routes to the private network. Because of this, the attacker can
only force the server to generate faked mapped addresses that route only force the server to generate faked mapped addresses that route
skipping to change at page 40, line 50 skipping to change at page 51, line 6
Fortunately, this approach is subject to the same limitations Fortunately, this approach is subject to the same limitations
documented in Approach III (Section 13.2.3), which limit the range of documented in Approach III (Section 13.2.3), which limit the range of
mapped addresses the attacker can cause the STUN server to generate. mapped addresses the attacker can cause the STUN server to generate.
13.3. Countermeasures 13.3. Countermeasures
STUN provides mechanisms to counter the approaches described above, STUN provides mechanisms to counter the approaches described above,
and additional, non-STUN techniques can be used as well. and additional, non-STUN techniques can be used as well.
First off, it is RECOMMENDED that networks with STUN clients First off, it is RECOMMENDED that networks with STUN clients
implement ingress source filtering [7]. This is particularly implement ingress source filtering [6]. This is particularly
important for the NATs themselves. As Section 13.2.3 explains, NATs important for the NATs themselves. As Section 13.2.3 explains, NATs
which do not perform this check can be used as "reflectors" in DDoS which do not perform this check can be used as "reflectors" in DDoS
attacks. Most NATs do perform this check as a default mode of attacks. Most NATs do perform this check as a default mode of
operation. We strongly advise people that purchase NATs to ensure operation. We strongly advise people that purchase NATs to ensure
that this capability is present and enabled. that this capability is present and enabled.
Secondly, it is RECOMMENDED that STUN servers be run on hosts Secondly, for usages where the STUN server is not co-located with
dedicated to STUN, with all UDP and TCP ports disabled except for the some kind of application (such as the binding discovery usage), it is
STUN ports. This is to prevent viruses and Trojan horses from RECOMMENDED that STUN servers be run on hosts dedicated to STUN, with
infecting STUN servers, in order to prevent their compromise. This all UDP and TCP ports disabled except for the STUN ports. This is to
helps mitigate Approach I (Section 13.2.1). prevent viruses and Trojan horses from infecting STUN servers, in
order to prevent their compromise. This helps mitigate Approach I
(Section 13.2.1).
Thirdly, to prevent the DNS attack of Section 13.2.2, Section 8.1.2 Thirdly, to prevent the DNS attack of Section 13.2.2, Section 8.2
recommends that the client verify the credentials provided by the recommends that the client verify the credentials provided by the
server with the name used in the DNS lookup. server with the name used in the DNS lookup.
Finally, all of the attacks above rely on the client taking the Finally, all of the attacks above rely on the client taking the
mapped address it learned from STUN, and using it in application mapped address it learned from STUN, and using it in application
layer protocols. If encryption and message integrity are provided layer protocols. If encryption and message integrity are provided
within those protocols, the eavesdropping and identity assumption within those protocols, the eavesdropping and identity assumption
attacks can be prevented. As such, applications that make use of attacks can be prevented. As such, applications that make use of
STUN addresses in application protocols SHOULD use integrity and STUN addresses in application protocols SHOULD use integrity and
encryption, even if a SHOULD level strength is not specified for that encryption, even if a SHOULD level strength is not specified for that
protocol. For example, multimedia applications using STUN addresses protocol. For example, multimedia applications using STUN addresses
to receive RTP traffic would use secure RTP [20]. to receive RTP traffic would use secure RTP [21].
The above three techniques are non-STUN mechanisms. STUN itself The above three techniques are non-STUN mechanisms. STUN itself
provides several countermeasures. provides several countermeasures.
Approaches IV (Section 13.2.4), when generating the response locally, Approaches IV (Section 13.2.4), when generating the response locally,
and V (Section 13.2.5) require an attacker to generate a faked and V (Section 13.2.5) require an attacker to generate a faked
response. A faked response must match the 96-bit transaction ID of response. A faked response must match the 96-bit transaction ID of
the request. The attack further prevented by using the message the request. The attack further prevented by using the message
integrity mechanism provided in STUN, described in Section 11.8. integrity mechanism provided in STUN, described in Section 11.4.
Approaches III (Section 13.2.3), IV (Section 13.2.4), when using the Approaches III (Section 13.2.3), IV (Section 13.2.4), when using the
relaying technique, and VI (Section 13.2.6), however, are not relaying technique, and VI (Section 13.2.6), however, are not
preventable through server signatures. All three approaches are most preventable through server signatures. These three approaches are
potent when the attacker can modify the request, inserting a
RESPONSE-ADDRESS that routes to the client. Fortunately, such
modifications are preventable using the message integrity techniques
described in Section 11.8. However, these three approaches are still
functional when the attacker modifies nothing but the source address functional when the attacker modifies nothing but the source address
of the STUN request. Sadly, this is the one thing that cannot be of the STUN request. Sadly, this is the one thing that cannot be
protected through cryptographic means, as this is the change that protected through cryptographic means, as this is the change that
STUN itself is seeking to detect and report. It is therefore an STUN itself is seeking to detect and report. It is therefore an
inherent weakness in NAT, and not fixable in STUN. inherent weakness in NAT, and not fixable in STUN.
13.4. Residual Threats 13.4. Residual Threats
None of the countermeasures listed above can prevent the attacks None of the countermeasures listed above can prevent the attacks
described in Section 13.2.3 if the attacker is in the appropriate described in Section 13.2.3 if the attacker is in the appropriate
skipping to change at page 42, line 23 skipping to change at page 52, line 23
so that it can forward the response to C. Furthermore, if there is a so that it can forward the response to C. Furthermore, if there is a
NAT between the attacker and the server, V must also be behind the NAT between the attacker and the server, V must also be behind the
same NAT. In such a situation, the attacker can either gain access same NAT. In such a situation, the attacker can either gain access
to all the application-layer traffic or mount the DDOS attack to all the application-layer traffic or mount the DDOS attack
described in Section 13.1.1. Note that any host which exists in the described in Section 13.1.1. Note that any host which exists in the
correct topological relationship can be DDOSed. It need not be using correct topological relationship can be DDOSed. It need not be using
STUN. STUN.
14. IAB Considerations 14. IAB Considerations
Todo: The diagnostic usages have been removed from this document,
which reduces the brittleness of STUN. This section should be
updated accordingly.
The IAB has studied the problem of "Unilateral Self Address Fixing" The IAB has studied the problem of "Unilateral Self Address Fixing"
(UNSAF), which is the general process by which a client attempts to (UNSAF), which is the general process by which a client attempts to
determine its address in another realm on the other side of a NAT determine its address in another realm on the other side of a NAT
through a collaborative protocol reflection mechanism (RFC3424 [21]). through a collaborative protocol reflection mechanism (RFC3424 [22]).
STUN is an example of a protocol that performs this type of function. STUN is an example of a protocol that performs this type of function
The IAB has mandated that any protocols developed for this purpose for the binding discovery and connectivity check usages. The IAB has
document a specific set of considerations. This section meets those mandated that any protocols developed for this purpose document a
requirements. specific set of considerations. This section meets those
requirements for those two usages.
14.1. Problem Definition 14.1. Problem Definition
From RFC3424 [21], any UNSAF proposal must provide: From RFC3424 [22], any UNSAF proposal must provide:
Precise definition of a specific, limited-scope problem that is to Precise definition of a specific, limited-scope problem that is to
be solved with the UNSAF proposal. A short term fix should not be be solved with the UNSAF proposal. A short term fix should not be
generalized to solve other problems; this is why "short term fixes generalized to solve other problems; this is why "short term fixes
usually aren't". usually aren't".
The specific problem being solved by STUN is to provide a means for a The specific problem being solved by STUN is to provide a means for a
client to obtain an address on the public Internet from a non- client to obtain a mapped address which can be used for the receipt
symmetric NAT, for the express purpose of receiving incoming UDP of incoming application packets.
traffic from another host, targeted to that address. STUN does not
address traversal of NATs using TCP, either incoming or outgoing, and
does not address outgoing UDP communications.
14.2. Exit Strategy 14.2. Exit Strategy
From RFC3424 [21], any UNSAF proposal must provide: From RFC3424 [22], any UNSAF proposal must provide:
Description of an exit strategy/transition plan. The better short Description of an exit strategy/transition plan. The better short
term fixes are the ones that will naturally see less and less use term fixes are the ones that will naturally see less and less use
as the appropriate technology is deployed. as the appropriate technology is deployed.
STUN by itself does not provide an exit strategy. This is provided STUN by itself does not provide an exit strategy. This is provided
by techniques, such as Interactive Connectivity Establishment (ICE by techniques, such as Interactive Connectivity Establishment (ICE
[12]), which allow a client to determine whether addresses learned [11]), which allow a client to determine whether addresses learned
from STUN are needed, or whether other addresses, such as the one on from STUN are needed, or whether other addresses, such as the one on
the local interface, will work when communicating with another host. the local interface, will work when communicating with another host.
With such a detection technique, as a client finds that the addresses With such a detection technique, as a client finds that the addresses
provided by STUN are never used, STUN queries can cease to be made, provided by STUN are never used, STUN queries can cease to be made,
thus allowing them to phase out. thus allowing them to phase out.
STUN can also help facilitate the introduction of other NAT traversal
techniques such as MIDCOM [22]. As midcom-capable NATs are deployed,
applications will, instead of using STUN (which also resides at the
application layer), first allocate an address binding using midcom.
However, it is a well-known limitation of MIDCOM that it only works
when the agent knows the middleboxes through which its traffic will
flow. Once bindings have been allocated from those middleboxes, a
STUN detection procedure can validate that there are no additional
middleboxes on the path from the public Internet to the client. If
this is the case, the application can continue operation using the
address bindings allocated from MIDCOM. If it is not the case, STUN
provides a mechanism for self-address fixing through the remaining
MIDCOM-unaware middleboxes. Thus, STUN provides a way to help
transition to full MIDCOM-aware networks.
14.3. Brittleness Introduced by STUN 14.3. Brittleness Introduced by STUN
From RFC3424 [21], any UNSAF proposal must provide: From RFC3424 [22], any UNSAF proposal must provide:
Discussion of specific issues that may render systems more Discussion of specific issues that may render systems more
"brittle". For example, approaches that involve using data at "brittle". For example, approaches that involve using data at
multiple network layers create more dependencies, increase multiple network layers create more dependencies, increase
debugging challenges, and make it harder to transition. debugging challenges, and make it harder to transition.
STUN introduces brittleness into the system in several ways: STUN introduces brittleness into the system in several ways:
o The binding acquisition usage is dependant on NAT's behavior when o Transport addresses discovered by STUN in the Binding Discovery
forwarding UDP packets from arbitrary hosts on the public side of usage will only be useful for receiving packets from a peer if the
the NAT. Application specific processing will generally be NAT does not have address or address and port dependent mapping
needed. For symmetric NATs, the binding acquisition will not properties. When this usage is used in isolation, this makes STUN
yield a usable address. The tight dependency on the specific type brittle, since its effectiveness depends on the type of NAT. This
of NAT makes the protocol brittle. brittleness is eliminated when the Binding Discovery usage is used
in concert with mechanisms which can verify the transport address
and use others if it doesn't work. ICE is an example of such a
mechanism.
o STUN assumes that the server exists on the public Internet. If o Transport addresses discovered by STUN in the Binding Discovery
the server is located in another private address realm, the user usage will only be useful for receive packets from a peer if the
may or may not be able to use its discovered address to STUN server subtends the address realm of the peer. For example,
communicate with other users. There is no way to detect such a consider client A and B, both of which have residential NAT
condition. devices. Both devices connect them to their cable operators, but
both clients have different providers. Each provider has a NAT in
front of their entire network, connecting it to the public
Internet. If the STUN server used by A is in A's cable operator's
network, an address obtained by it will not be usable by B. The
STUN server must be in the network which is a common ancestor to
both - in this case, the public Internet. When this usage is used
in isolation, this makes STUN brittle, since its effectiveness
depends on the topological placement of the STUN server. This
brittleness is eliminated when the Binding Discovery usage is used
in concert with mechanisms which can verify the transport address
and use others if it doesn't work. ICE is an example of such a
mechanism.
o The bindings allocated from the NAT need to be continuously o The bindings allocated from the NAT need to be continuously
refreshed. Since the timeouts for these bindings is very refreshed. Since the timeouts for these bindings is very
implementation specific, the refresh interval cannot easily be implementation specific, the refresh interval cannot easily be
determined. When the binding is not being actively used to determined. When the binding is not being actively used to
receive traffic, but to wait for an incoming message, the binding receive traffic, but to wait for an incoming message, the binding
refresh will needlessly consume network bandwidth. refresh will needlessly consume network bandwidth.
o The use of the STUN server as an additional network element o The use of the STUN server in the Binding Discovery usage as an
introduces another point of potential security attack. These additional network element introduces another point of potential
attacks are largely prevented by the security measures provided by security attack. These attacks are largely prevented by the
STUN, but not entirely. security measures provided by STUN, but not entirely.
o The use of the STUN server as an additional network element o The use of the STUN server as an additional network element
introduces another point of failure. If the client cannot locate introduces another point of failure. If the client cannot locate
a STUN server, or if the server should be unavailable due to a STUN server, or if the server should be unavailable due to
failure, the application cannot function. failure, the application cannot function.
o The use of STUN to discover address bindings will result in an o The use of STUN to discover address bindings may result in an
increase in latency for applications. For example, a Voice over increase in latency for applications.
IP application will see an increase of call setup delays equal to
at least one RTT to the STUN server.
o STUN imposes some restrictions on the network topologies for
proper operation. If client A obtains an address from STUN server
X, and sends it to client B, B may not be able to send to A using
that IP address. The address will not work if any of the
following is true:
* The STUN server is not in an address realm that is a common
ancestor (topologically) of both clients A and B. For example,
consider client A and B, both of which have residential NAT
devices. Both devices connect them to their cable operators,
but both clients have different providers. Each provider has a
NAT in front of their entire network, connecting it to the
public Internet. If the STUN server used by A is in A's cable
operator's network, an address obtained by it will not be
usable by B. The STUN server must be in the network which is a
common ancestor to both - in this case, the public Internet.
* The STUN server is in an address realm that is a common o Transport addresses discovered by STUN in the Binding Discovery
ancestor to both clients, but both clients are behind the same usage will only be useful for receive packets from a peer behind
NAT connecting to that address realm. For example, if the two the same NAT if the STUN server supports hairpinning [12]. When
clients in the previous example had the same cable operator, this usage is used in isolation, this makes STUN brittle, since
that cable operator had a single NAT connecting their network its effectiveness depends on the topological placement of the STUN
to the public Internet, and the STUN server was on the public server. This brittleness is eliminated when the Binding Discovery
Internet, the address obtained by A would not be usable by B. usage is used in concert with mechanisms which can verify the
That is because some NATs will not accept an internal packet transport address and use others if it doesn't work. ICE is an
sent to a public IP address which is mapped back to an internal example of such a mechanism.
address. To deal with this, additional protocol mechanisms or
configuration parameters need to be introduced which detect
this case.
o Most significantly, STUN introduces potential security threats o Most significantly, STUN introduces potential security threats
which cannot be eliminated. This specification describes which cannot be eliminated through cryptographic means. These
heuristics that can be used to mitigate the problem, but it is security problems are described fully in Section 13.
provably unsolvable given what STUN is trying to accomplish.
These security problems are described fully in Section 13.
14.4. Requirements for a Long Term Solution 14.4. Requirements for a Long Term Solution
From RFC3424 [21], any UNSAF proposal must provide: From RFC3424 [22], any UNSAF proposal must provide:
Identify requirements for longer term, sound technical solutions Identify requirements for longer term, sound technical solutions
-- contribute to the process of finding the right longer term -- contribute to the process of finding the right longer term
solution. solution.
Our experience with STUN has led to the following requirements for a Our experience with STUN has led to the following requirements for a
long term solution to the NAT problem: long term solution to the NAT problem:
o Requests for bindings and control of other resources in a NAT need o Requests for bindings and control of other resources in a NAT need
to be explicit. Much of the brittleness in STUN derives from its to be explicit. Much of the brittleness in STUN derives from its
guessing at the parameters of the NAT, rather than telling the NAT guessing at the parameters of the NAT, rather than telling the NAT
what parameters to use. what parameters to use, or knowing what parameters the NAT will
use.
o Control needs to be in-band. There are far too many scenarios in o Control needs to be in-band. There are far too many scenarios in
which the client will not know about the location of middleboxes which the client will not know about the location of middleboxes
ahead of time. Instead, control of such boxes needs to occur in- ahead of time. Instead, control of such boxes needs to occur in-
band, traveling along the same path as the data will itself band, traveling along the same path as the data will itself
travel. This guarantees that the right set of middleboxes are travel. This guarantees that the right set of middleboxes are
controlled. This is only true for first-party controls; third- controlled.
party controls are best handled using the MIDCOM framework.
o Control needs to be limited. Users will need to communicate o Control needs to be limited. Users will need to communicate
through NATs which are outside of their administrative control. through NATs which are outside of their administrative control.
In order for providers to be willing to deploy NATs which can be In order for providers to be willing to deploy NATs which can be
controlled by users in different domains, the scope of such controlled by users in different domains, the scope of such
controls needs to be extremely limited - typically, allocating a controls needs to be extremely limited - typically, allocating a
binding to reach the address where the control packets are coming binding to reach the address where the control packets are coming
from. from.
o Simplicity is Paramount. The control protocol will need to be o Simplicity is Paramount. The control protocol will need to be
implement in very simple clients. The servers will need to implement in very simple clients. The servers will need to
support extremely high loads. The protocol will need to be support extremely high loads. The protocol will need to be
extremely robust, being the precursor to a host of application extremely robust, being the precursor to a host of application
protocols. As such, simplicity is key. protocols. As such, simplicity is key.
14.5. Issues with Existing NAPT Boxes 14.5. Issues with Existing NAPT Boxes
From RFC3424 [21], any UNSAF proposal must provide: From RFC3424 [22], any UNSAF proposal must provide:
Discussion of the impact of the noted practical issues with Discussion of the impact of the noted practical issues with
existing, deployed NA[P]Ts and experience reports. existing, deployed NA[P]Ts and experience reports.
Several of the practical issues with STUN involve future proofing - Originally, RFC 3489 was developed as a standalone solution for NAT
breaking the protocol when new NAT types get deployed. Fortunately, traversal for several types of applications, including VoIP.
this is not an issue at the current time, since most of the deployed However, practical experience found that the limitations of its usage
NATs are of the types assumed by STUN. The primary usage STUN has in isolation made it impractical as a complete solution. There were
found is in the area of VoIP, to facilitate allocation of addresses too many NATs which didn't support hairpinning or which had address
for receiving RTP [14] traffic. In that application, the periodic and port dependent mapping properties.
keepalives are usually (but not always) provided by the RTP traffic
itself. However, several practical problems arise for RTP. First,
in the absence of [23], RTP assumes that RTCP traffic is on a port
one higher than the RTP traffic. This pairing property cannot be
guaranteed through NATs that are not directly controllable. As a
result, RTCP traffic may not be properly received. [23] mitigates
this by allowing the client to signal a different port for RTCP but
there will be interoperability problems for some time.
For VoIP, silence suppression can cause a gap in the transmission of
RTP packets. If that silence period exceeds the NAT binding timeout,
this could result in the loss of a NAT binding in the middle of a
call. This can be mitigated by sending occasional packets to keep
the binding alive. However, the result is additional brittleness.
14.6. In Closing
The problems with STUN are not design flaws in STUN. The problems in Consequently, STUN was revised to produce this specification, which
STUN have to do with the lack of standardized behaviors and controls turns STUN into a tool that is used as part of a broader solution.
in NATs. The result of this lack of standardization has been a For multimedia communciations protocols, this broader solution is
proliferation of devices whose behavior is highly unpredictable, ICE. ICE uses the binding discovery and connectivity check usages
extremely variable, and uncontrollable. STUN does the best it can in together. When done this way, ICE eliminates almost all of the
such a hostile environment. Ultimately, the solution is to make the brittleness and issues found with RFC 3489 alone.
environment less hostile, and to introduce controls and standardized
behaviors into NAT. However, until such time as that happens, STUN
provides a good short term solution given the terrible conditions
under which it is forced to operate.
15. IANA Considerations 15. IANA Considerations
IANA is hereby requsted to create two new registries STUN Message IANA is hereby requsted to create two new registries STUN Message
Types and STUN Attributes. IANA must assign the following values to Types and STUN Attributes. IANA must assign the following values to
both registeries before publication of this document as an RFC. New both registeries before publication of this document as an RFC. New
values for both STUN Message Type and STUN Attributes are assigned values for both STUN Message Type and STUN Attributes are assigned
through the IETF consensus process via RFCs approved by the IESG. through the IETF consensus process via RFCs approved by the IESG
[23].
15.1. STUN Message Type Registry 15.1. STUN Message Type Registry
For STUN Message Types that are request message types, they MUST be For STUN Message Types that are request message types, they must be
registered including associated Response message types and Error registered including associated Response message types and Error
Response message types, and those responses must have values that are Response message types, and those responses must have values that are
0x100 and 0x110 higher than their respective Request values. 0x100 and 0x110 higher than their respective Request values.
For STUN Message Types that are Indication message types, no For STUN Message Types that are Indication message types, no
associated restriction applies. As the message type field is only 14 associated restriction applies. As the message type field is only 14
bits the range of valid values is 0x001 through 0x3FFF. bits the range of valid values is 0x001 through 0x3FFF.
The initial STUN Message Types are: The initial STUN Message Types are:
0x0001 : Binding Request 0x0001 : Binding Request
0x0101 : Binding Response 0x0101 : Binding Response
0x0111 : Binding Error Response 0x0111 : Binding Error Response
0x0002 : Shared Secret Request 0x0002 : Shared Secret Request
0x0102 : Shared Secret Response 0x0102 : Shared Secret Response
0x0112 : Shared Secret Error Response 0x0112 : Shared Secret Error Response
0x0002 : Shared Secret Request
0x0102 : Shared Secret Responsed
0x0112 : Shared Secret Error Response
15.2. STUN Attribute Registry 15.2. STUN Attribute Registry
STUN attributes values above 0x7FFF are considered optional STUN attributes values above 0x7FFF are considered optional
attributes; attributes equal to 0x7FFF or below are considered attributes; attributes equal to 0x7FFF or below are considered
mandatory attributes. The STUN client and STUN server process mandatory attributes. The STUN client and STUN server process
optional and mandatory attributes differently. IANA should assign optional and mandatory attributes differently. IANA should assign
values based on the RFC consensus process. values based on the RFC consensus process.
The initial STUN Attributes are: The initial STUN Attributes are:
0x0001: MAPPED-ADDRESS 0x0001: MAPPED-ADDRESS
0x0002: RESPONSE-ADDRESS
0x0003: CHANGE-REQUEST
0x0004: SOURCE-ADDRESS
0X0005: CHANGED-ADDRESS
0x0006: USERNAME 0x0006: USERNAME
0x0007: PASSWORD 0x0007: PASSWORD
0x0008: MESSAGE-INTEGRITY 0x0008: MESSAGE-INTEGRITY
0x0009: ERROR-CODE 0x0009: ERROR-CODE
0x000A: UNKNOWN-ATTRIBUTES 0x000A: UNKNOWN-ATTRIBUTES
0x000B: REFLECTED-FROM
0x000E: ALTERNATE-SERVER
0x0014: REALM 0x0014: REALM
0x0015: NONCE 0x0015: NONCE
0x0020: XOR-MAPPED-ADDRESS 0x0020: XOR-MAPPED-ADDRESS
0x0023: FINGERPRINT
0x8022: SERVER 0x8022: SERVER
0x8023: ALTERNATE-SERVER 0x8023: ALTERNATE-SERVER
0x8024: BINDING-LIFETIME 0x8024: REFRESH-INTERVAL
16. Changes Since RFC 3489 16. Changes Since RFC 3489
This specification updates RFC3489 [13]. This specification differs This specification updates RFC3489 [13]. This specification differs
from RFC3489 in the following ways: from RFC3489 in the following ways:
o Removed the usage of STUN for NAT type detection and binding o Removed the usage of STUN for NAT type detection and binding
lifetime discovery. These techniques have proven overly brittle lifetime discovery. These techniques have proven overly brittle
due to wider variations in the types of NAT devices than described due to wider variations in the types of NAT devices than described
in this document. Removed the RESPONSE-ADDRESS, CHANGED-ADDRESS, in this document. Removed the RESPONSE-ADDRESS, CHANGED-ADDRESS,
skipping to change at page 49, line 12 skipping to change at page 58, line 8
Response includes MAPPED-ADDRESS). See discussion in XOR-MAPPED- Response includes MAPPED-ADDRESS). See discussion in XOR-MAPPED-
ADDRESS regarding this change. ADDRESS regarding this change.
o Explicitly point out that the most significant two bits of STUN o Explicitly point out that the most significant two bits of STUN
are 0b00, allowing easy differentiation with RTP packets when used are 0b00, allowing easy differentiation with RTP packets when used
with ICE. with ICE.
o Added support for IPv6. Made it clear that an IPv4 client could o Added support for IPv6. Made it clear that an IPv4 client could
get a v6 mapped address, and vice-a-versa. get a v6 mapped address, and vice-a-versa.
o Added long-term credential-based authentication.
o Added the SERVER, REALM, NONCE, and ALTERNATE-SERVER attributes. o Added the SERVER, REALM, NONCE, and ALTERNATE-SERVER attributes.
o Removed recommendation to continue listening for STUN Responses o Removed recommendation to continue listening for STUN Responses
for 10 seconds in an attempt to recognize an attack. for 10 seconds in an attempt to recognize an attack.
o Introduced the concept of STUN usages and defined four usages -
Binding Discovery, Connectivity Check, NAT Keepalive, and Short
term password.
17. Acknowledgements 17. Acknowledgements
The authors would like to thank Cedric Aoun, Pete Cordell, Cullen The authors would like to thank Cedric Aoun, Pete Cordell, Cullen
Jennings, Bob Penfield and Chris Sullivan for their comments, and Jennings, Bob Penfield and Chris Sullivan for their comments, and
Baruch Sterman and Alan Hawrylyshen for initial implementations. Baruch Sterman and Alan Hawrylyshen for initial implementations.
Thanks for Leslie Daigle, Allison Mankin, Eric Rescorla, and Henning Thanks for Leslie Daigle, Allison Mankin, Eric Rescorla, and Henning
Schulzrinne for IESG and IAB input on this work. Schulzrinne for IESG and IAB input on this work.
18. References 18. References
18.1. Normative References 18.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[2] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. [2] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.
[3] Rosenberg, J., "Traversal Using Relay NAT (TURN)", [3] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
draft-rosenberg-midcom-turn-08 (work in progress),
September 2005.
[4] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782, specifying the location of services (DNS SRV)", RFC 2782,
February 2000. February 2000.
[5] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [4] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[6] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", [5] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999. RFC 2246, January 1999.
[7] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating [6] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating
Denial of Service Attacks which employ IP Source Address Denial of Service Attacks which employ IP Source Address
Spoofing", BCP 38, RFC 2827, May 2000. Spoofing", BCP 38, RFC 2827, May 2000.
[8] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., [7] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication:
Basic and Digest Access Authentication", RFC 2617, June 1999. Basic and Digest Access Authentication", RFC 2617, June 1999.
18.2. Informational References 18.2. Informational References
[9] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing [8] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997. for Message Authentication", RFC 2104, February 1997.
[10] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., [9] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002. Session Initiation Protocol", RFC 3261, June 2002.
[11] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., [10] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999. HTTP/1.1", RFC 2616, June 1999.
[12] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A [11] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A
Methodology for Network Address Translator (NAT) Traversal for Methodology for Network Address Translator (NAT) Traversal for
Offer/Answer Protocols", draft-ietf-mmusic-ice-06 (work in Offer/Answer Protocols", draft-ietf-mmusic-ice-08 (work in
progress), October 2005. progress), March 2006.
[12] Audet, F. and C. Jennings, "NAT Behavioral Requirements for
Unicast UDP", draft-ietf-behave-nat-udp-07 (work in progress),
June 2006.
[13] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN [13] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN
- Simple Traversal of User Datagram Protocol (UDP) Through - Simple Traversal of User Datagram Protocol (UDP) Through
Network Address Translators (NATs)", RFC 3489, March 2003. Network Address Translators (NATs)", RFC 3489, March 2003.
[14] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, [14] Rosenberg, J., "Obtaining Relay Addresses from Simple Traversal
"RTP: A Transport Protocol for Real-Time Applications", STD 64, of UDP Through NAT (STUN)", draft-ietf-behave-turn-00 (work in
progress), March 2006.
[15] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson,
"RTP: A Transport Protocol for Real-Time Applications",
RFC 3550, July 2003. RFC 3550, July 2003.
[15] Jennings, C. and R. Mahy, "Managing Client Initiated [16] Jennings, C. and R. Mahy, "Managing Client Initiated
Connections in the Session Initiation Protocol (SIP)", Connections in the Session Initiation Protocol (SIP)",
draft-ietf-sip-outbound-01 (work in progress), October 2005. draft-ietf-sip-outbound-03 (work in progress), March 2006.
[16] Kohl, J. and B. Neuman, "The Kerberos Network Authentication [17] Handley, M., "SDP: Session Description Protocol",
Service (V5)", RFC 1510, September 1993. draft-ietf-mmusic-sdp-new-26 (work in progress), January 2006.
[17] Senie, D., "Network Address Translator (NAT)-Friendly [18] Senie, D., "Network Address Translator (NAT)-Friendly
Application Design Guidelines", RFC 3235, January 2002. Application Design Guidelines", RFC 3235, January 2002.
[18] Holdrege, M. and P. Srisuresh, "Protocol Complications with the [19] Holdrege, M. and P. Srisuresh, "Protocol Complications with the
IP Network Address Translator", RFC 3027, January 2001. IP Network Address Translator", RFC 3027, January 2001.
[19] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with [20] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with
Session Description Protocol (SDP)", RFC 3264, June 2002. Session Description Protocol (SDP)", RFC 3264, June 2002.
[20] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. [21] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)", Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004. RFC 3711, March 2004.
[21] Daigle, L. and IAB, "IAB Considerations for UNilateral Self- [22] Daigle, L. and IAB, "IAB Considerations for UNilateral Self-
Address Fixing (UNSAF) Across Network Address Translation", Address Fixing (UNSAF) Across Network Address Translation",
RFC 3424, November 2002. RFC 3424, November 2002.
[22] Srisuresh, P., Kuthan, J., Rosenberg, J., Molitor, A., and A. [23] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Rayhan, "Middlebox communication architecture and framework", Considerations Section in RFCs", BCP 26, RFC 2434,
RFC 3303, August 2002. October 1998.
[23] Huitema, C., "Real Time Control Protocol (RTCP) attribute in
Session Description Protocol (SDP)", RFC 3605, October 2003.
Authors' Addresses Authors' Addresses
Jonathan Rosenberg Jonathan Rosenberg
Cisco Systems Cisco Systems
600 Lanidex Plaza 600 Lanidex Plaza
Parsippany, NJ 07054 Parsippany, NJ 07054
US US
Phone: +1 973 952-5000 Phone: +1 973 952-5000
 End of changes. 292 change blocks. 
1132 lines changed or deleted 1553 lines changed or added

This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/