STUN协议解释[通俗易懂]

STUN协议解释[通俗易懂]最近工作中要用到stun,故学习了一下stun协议的知识。中文的文档没找到讲的比较好的,所以只能自己翻译了,官方文档太长就找了个谷歌排名第一的文章翻译一下。机翻+人翻,原文地址如下,在学习过程中还发现了原文作者的一个错误。。。应该是他错了。https://www.3cx.com/blog/voip-howto/stun-details/https://www.ietf.org/rfc/rf…

大家好,又见面了,我是你们的朋友全栈君。

最近工作中要用到stun,故学习了一下stun协议的知识。中文的文档没找到讲的比较好的,所以只能自己翻译了,官方文档太长就找了个谷歌排名第一的文章翻译一下。机翻+人翻,原文地址如下,在学习过程中还发现了原文作者的一个错误。。。应该是他错了。

https://www.3cx.com/blog/voip-howto/stun-details/

https://www.ietf.org/rfc/rfc3489.txt

The STUN Protocol

STUN is a client-server protocol. A STUN client (typically embedded in VoIP software, such as an IP PBX or IP Phone) sends a request to a STUN server to discover its public IP and port(s), and the STUN server returns a response. There are two types of requests; Binding Requests which are typically sent over UDP, and Shared Secret Requests, which are sent over TLS (secure communication) over TCP. Shared Secret Requests ask the server to return a temporary set of credentials which are then used in a Binding Request and Binding Response exchange, for the purposes of authentication and message integrity.

Binding requests sent from the STUN client to the STUN server are used to determine the IP and port(s) bindings allocated by NAT’s. The STUN client sends a Binding Request to the STUN server, over UDP; the server examines the source IP address and port of the binding request, and copies them into a binding response that is sent back to the client. There are also Attributes (explained in more detail later in this article) in the request that allow the client to ask that the response be sent elsewhere; to a different IP address and port(s).

 

stun是个客户端对服务端的协议。一个stun客户端(基本都是嵌入在啊voip软件内的,例如ip话机或者ip pbx)会发送一个请求给stun服务器用来发现客户端的公网ip以及端口,并且stun服务器会返回一个响应。

通过UDP发送的请求叫做binging requests;通过tcp或tls发送的请求叫做shared secret requests。(该请求要求服务器返回一个临时的凭证集,然后在绑定请求和绑定响应交换中使用,以便身份验证和消息完整性。

 

从客户端发给服务器的binding requests用于确定由NAT分配的IP和端口绑定。服务器会验证binding requests发送来源ip和端口,并且会复制该ip和端口进binding response返给client

 

在请求中也有一些属性(在本文后面的详细解释)中,允许客户机请求将响应发送到其他地方;到一个不同的IP地址和端口(s)。

 

STUN Messages

STUN messages are TLV (type-length-value) encoded using big endian (network ordered) binary. All STUN messages start with a STUN header, followed by a STUN payload. The payload is a series of STUN attributes (explained in more detail later in this article), the set of which depends on the message type. The STUN header contains:

stun消息由stun头和一段stun有效负载(stun payload)组成,stun payload是一系列的STUN属性。

stun头通常是下面的某个:

  • 0x0001 : Binding Request
  • 0x0101 : Binding Response
  • 0x0111 : Binding Error Response
  • 0x0002 : Shared Secret Request
  • 0x0102 : Shared Secret Response
  • 0x0112 : Shared Secret Error Response

 

  • Message length – Indicates the total length of the STUN payload in bytes but does not include the 20 bytes header.
  • 消息长度:表示stun payload的总长度,以字节为单位,不包括20字节的头
  • Transaction id –Is used to correlate requests and responses.
  • 事务id:用于关联请求和响应。
  •  

STUN Protocol Attributes present in STUN requests and responses

present in 存在于

stun协议属性存在于requests和responses

Both STUN server requests and responses contain message attributes. As we will see below, some of the attributes are not mandatory, some can be found in both binding requests and binding responses, some of them can be present only in binding requests only and some other can be present in binding responses only. Below is a list of STUN attributes and a short explanation of each:

stun服务器的requests和responses都包含消息属性,我们将在下面看到,一些属性不是墙纸的,一些能够在binding requests和binding responses中一起被找到。一些只存在与binding requests,bingding responses同理。下面是一个stun属性的列表并附带一个简要说明

  • 0x0001: MAPPED-ADDRESS – This attribute contains an IP address and port. It is always placed in the Binding Response, and it indicates the source IP address and port the server saw in the Binding Request sent from the client, i.e.; the STUN client’s public IP address and port where it can be reached from the internet.
  • 这个属性包含一个ip地址和端口。总是存在与binding responses。 他表明服务器接收到从客户端发来的binding request中发现源ip和端口
  • 0x0002: RESPONSE-ADDRESS – This attribute contains an IP address and port and is an optional attribute, typically in the Binding Request (sent from the STUN client to the STUN server). It indicates where the Binding Response (sent from the STUN server to the STUN client) is to be sent. If this attribute is not present in the Binding Request, the Binding Response is sent to the source IP address and port of the Binding Request which is attribute 0x0001: MAPPED-ADDRESS.
  • 该属性包含一个IP地址和端口,是一个可选属性,通常在bingding request中(从STUN客户机发送到STUN服务器)。它指示要发送的binding responses往哪发(从STUN服务器发送到STUN客户机)。如果该属性在绑定请求中不存在,则绑定响应被发送到绑定请求的源IP地址和端口,这是属性0x0001: MAPPED-ADDRESS。
  • 0x0003: CHANGE-REQUEST – This attribute, which is only allowed in the Binding Request and optional, contains two flags; to control the IP address and port used to send the response. These flags are called “change IP” and “change Port” flags. The “change IP” and “change Port” flags are useful for determining whether the client is behind a restricted cone NAT or restricted port cone NAT. They instruct the server to send the Binding Responses from a different source IP address and port.
  • 此属性仅允许在bingding request中允许且是可选的,包含两个标记;用于控制发送响应的IP地址和端口。这些标志被称为“更改IP”和“更改端口”标志。“更改IP”和“更改端口”标志用于确定客户端是否位于受限的锥体NAT或受限的端口锥体NAT后面,它们指示服务器从不同的源IP地址和端口发送绑定响应。
  • 0x0004: SOURCE-ADDRESS – This attribute is usually present in Binding Responses; it indicates the source IP address and port where the response was sent from, i.e. the IP address of the machine the client is running on (typically an internal private IP address). It is very useful as from this attribute the STUN server can detect twice NAT configurations.
  • 这个属性通常出现在binding responses 中;它表明响应是从哪里被发出的的源IP地址和端口(这段和上下文连不起来,我认为应该是服务器端机器的地址),即客户端运行的机器的IP地址(通常是一个内部私有IP地址)。它非常有用,因为从这个属性中,STUN服务器可以检测到两次NAT配置。
  • ——————————-好吧,我特地去翻了ietf官方文档,解释如下———————
  • The fifth attribute is the SOURCE-ADDRESS attribute. It is only present in Binding Responses. It indicates the source IP address and port where the response was sent from. It is useful for detecting twice NAT configurations.
  • The SOURCE-ADDRESS attribute is present in Binding Responses. It indicates the source IP address and port that the server is sending the response from. Its syntax is identical to that of MAPPED- ADDRESS.

 

那就是服务器的ip地址和端口号了

————————————————————————————————–

  • 0x0005: CHANGED-ADDRESS – This attribute is usually present in Binding Responses; it informs the client of the source IP address and port that would be used if the client requested the “change IP” and “change port” behaviour.
  • 这个属性通常出现在绑定响应中;它通知客户端IP地址和端口,如果客户机请求“更改IP”和“更改端口”行为则将使用该ip地址和端口。
  • 0x0006: USERNAME – This attribute is optional and is present in a Shared Secret Response with the PASSWORD attribute. It serves as a means to identify the shared secret used in the message integrity check.
  • 这个属性是可选的,并且出现在一个带有password属性的shared secret responses中。它作为一种方法识别shared secret的消息完整性。
  • 0x0007: PASSWORD – This attribute is optional and only present in Shared Secret Response along with the USERNAME attribute. The value of the PASSWORD attribute is of variable length and used as a shared secret between the STUN server and the STUN client.
  • 同上
  • 0x0008: MESSAGE-INTEGRITY – This attribute must be the last attribute in a STUN message and can be present in both Binding Request and Binding Response. It contains HMAC-SHA1 of the STUN message.
  • 此属性必须是STUN消息中的最后一个属性,并且可以在绑定请求和绑定响应中出现。它包含STUN消息的hmc – sha1。
  • 0x0009: ERROR-CODE – This attribute is present in the Binding Error Response and Shared Secret Error Response only. It indicates that an error has occurred and indicates also the type of error which has occurred. It contains a numerical value in the range of 100 to 699; which is the error code and also a textual reason phrase encoded in UTF-8 describing the error code, which is meant for the client.
  • 此属性仅存在于绑定错误响应中,且仅存在于Shared Secret Error Response。它表示发生了一个错误,并指出了发生的错误类型。它的数值范围在100到699之间;这是错误代码,也是UTF-8编码的文本原因短语,描述错误代码,这是为客户端编写的。
  • 0x000a: UNKNOWN-ATTRIBUTES – This attribute is present in the Binding Error Response or Shared Secret Error response when the error code is 420; some attributes sent from the client in the Request are unknown and the server does not understand them.
  • 当错误代码为420时,该属性存在于绑定错误响应或 Shared Secret Error response中;在请求中从客户端发送的一些属性是未知的,服务器不理解它们。
  • 0x000b: REFLECTED-FROM – This attribute is present only in Binding Response and its use is to provide traceability so the STUN server cannot be used as part of a denial of service attack. It contains the IP address of the source from where the request came from, i.e. the IP address of the STUN client.
  • 此属性仅存在于绑定响应中,其使用是提供可跟踪性,因此STUN服务器不能用作拒绝服务攻击的一部分。它包含来自请求来自何处的源的IP地址,即STUN客户机的IP地址。

Common STUN Server error codes

普通的stun服务器错误代码

Like many other protocols, the STUN protocol has a list of error codes. STUN protocol error codes are similar to those of HTTP or SIP. Below is a list of most common error codes encountered when using the STUN protocol. For a complete list of STUN protocol error codes refer to the STUN RFC 3489.

与许多其他协议一样,STUN协议有一个错误代码列表。STUN协议错误代码类似于HTTP或SIP。下面是使用STUN协议时遇到的最常见错误代码的列表。对于STUN协议错误代码的完整列表,请参考STUN RFC 3489。

 

  • Error Code 400 – Bad request; the request was malformed. Client must modify request and try sending it again.
  • 坏的请求;请求是畸形的。客户端必须修改请求并再次发送。
  • Error Code 420 – Unknown attribute; the server did not understand an attribute in the request.
  • 未知的属性;服务器不理解请求中的属性。
  • Error Code 430 – Stale credentials; the shared secret sent in the request is expired; the client should obtain a new shared secret.
  • 陈旧的凭证;在请求中发送的共享密钥已过期;客户端应该获得一个新的共享密钥。
  • Error Code 432 – Missing username; the username attribute is not present in the request.
  • 丢失的用户名;请求中不存在用户名属性。
  • Error Code 500 – Server error; temporary error and the client should try to send the request again.
  • 服务器错误;临时错误和客户端应该尝试再次发送请求。

 

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/160534.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

  • 乱码问题分析

    乱码问题分析字符乱码的事,估计大家都遇到过,很烦,什么utf-8、GBK、GB2312转来转去,不知道什么时候才能转正常。我们做个试验,如果你是windows系统,打开记事本,新建一个文件,输入”联通”两个字之后,保存,关闭,然后再次打开,出现了什么现象?乱码!那你赶紧去找IT吧,你中招了!开玩笑的,这是著名的“windows联通之谜事件”。继续往下看,后面会有谜底的解释。那么我们就讨论下字符编码哪些事吧,首

  • ap调试教程_超声波发生器说明书

    ap调试教程_超声波发生器说明书前言:在传统APA自动泊车系统中,通常使用超声波雷达进行车辆前后辈避障以及侧向车位探测。目前市场上大多数带有自动泊车功能的车辆均配有12个超声波雷达,本文从硬件安装及超声波雷达调试标定两方面对自动泊车超声波雷达的安装调试进行说明1硬件安装自动泊车配置的超声波雷达一般为两组12个雷达探头。单组6个雷达探头串联,其中第1和第6号雷达为长距LRU雷达,2-4号为短距SRU避障雷达。超声探头均…

  • pycharm怎么装第三方库jieba_pycharm找不到第三方库

    pycharm怎么装第三方库jieba_pycharm找不到第三方库第一种想要安装什么库,就直接cmd打开pipinstall库,这种方法可以的,不过速度会有点慢不过,有时候失败就难受。第二种直接在pycharm中安装如图,不过安装失败的情况比较多(可能是我电脑问题)第三种下载了Anaconda的小伙伴,虽然conda里面含有很多库了,但是还有需要下载的就可以直接打开AnacondaNavigator,在里面进行操作,如图四、上面三种都不行有安装Anaconda的话,直接上网搜索库名加pypi..

  • leetcode-26删除有序数组中的重复项(双指针)「建议收藏」

    leetcode-26删除有序数组中的重复项(双指针)「建议收藏」原题链接给你一个有序数组 nums ,请你 原地 删除重复出现的元素,使每个元素 只出现一次 ,返回删除后数组的新长度。不要使用额外的数组空间,你必须在 原地 修改输入数组 并在使用 O(1) 额外空间的条件下完成。说明:为什么返回数值是整数,但输出的答案是数组呢?请注意,输入数组是以「引用」方式传递的,这意味着在函数里修改输入数组对于调用者是可见的。你可以想象内部操作如下:// nums 是以“引用”方式传递的。也就是说,不对实参做任何拷贝int len = removeDuplicate

  • java基础——java.util.ConcurrentModificationException

    在编写代码的时候,有时候会遇到List里有符合条件的的对象,就移除改对象! 但是这中操作如:使用了 List 的remove,会导致一些很严重的问题!

  • [Cqoi2014]数三角形——组合数

    [Cqoi2014]数三角形——组合数[Cqoi2014]数三角形——组合数

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号