#if HAVE_CRT
#define _CRTDBG_MAP_ALLOC
#include <stdlib.h>
#include <crtdbg.h>
#endif //HAVE_CRT
/*
* Copyright (C) 2010-2011 Mamadou Diop.
*
* This file is part of Open Source Doubango Framework.
*
* DOUBANGO is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* DOUBANGO is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with DOUBANGO.
*
*/
/**@file tnet_nat.c
* @brief NAT Traversal helper functions using STUN, TURN and ICE.
*
*/
#include "tnet_nat.h"
#include "stun/tnet_stun_types.h"
#include "stun/tnet_stun_utils.h"
#include "stun/tnet_stun_pkt.h"
#include "stun/tnet_stun_attr.h"
#include "stun/tnet_stun_binding.h"
#include "tnet_endianness.h"
#include "tnet_socket.h"
#include "tsk_string.h"
#include "tsk_memory.h"
#include "tsk_debug.h"
/**@defgroup tnet_nat_group NAT Traversal API (STUN, TURN and ICE).
*/
typedef struct tnet_nat_ctx_s
{
TSK_DECLARE_OBJECT;
tnet_socket_type_t socket_type;
char* username; /**< The username to use to authenticate against the TURN/STUN server. */
char* password; /**< The password to use to authenticate against the TURN/STUN server. */
char* server_address; /**< TURN/STUN server address (could be FQDN or IP) */
tnet_port_t server_port; /**< TURN/STUN server port. */
uint16_t RTO; /**< Estimate of the round-trip time (RTT) in millisecond. */
uint16_t Rc; /**< Number of retransmissions for UDP in millisecond. */
unsigned use_dnsquery:1; /**< Indicates whether to use DNS SRV query to find the stun/turn ip address. */
tnet_stun_bindings_L_t *stun_bindings; /**< List of all STUN2 bindings associated to this context. */
}
tnet_nat_ctx_t;
/**@ingroup tnet_nat_group
* Creates new NAT context.
*/
struct tnet_nat_ctx_s* tnet_nat_context_create(tnet_socket_type_t socket_type, const char* pc_username, const char* pc_password)
{
extern const tsk_object_def_t *tnet_nat_context_def_t;
struct tnet_nat_ctx_s* p_ctx;
if (!(p_ctx = tsk_object_new(tnet_nat_context_def_t)) || !(p_ctx->stun_bindings = tsk_list_create())) {
TSK_OBJECT_SAFE_FREE(p_ctx);
TSK_DEBUG_ERROR("Failed to create NAT context");
return tsk_null;
}
p_ctx->socket_type = socket_type;
p_ctx->username = tsk_strdup(pc_username);
p_ctx->password = tsk_strdup(pc_password);
p_ctx->server_port = kStunPortDefaultTcpUdp;
/* 7.2.1. Sending over UDP
In fixed-line access links, a value of 500 ms is RECOMMENDED.
*/
p_ctx->RTO = kStunRTO;
/* 7.2.1. Sending over UDP
Rc SHOULD be configurable and SHOULD have a default of 7.
*/
p_ctx->Rc = kStunRC;
return p_ctx;
}
/** Predicate function to find stun binding by id.
*
* @param [in,out] item The current list item.
* @param [in,out] id A pointer to the binding identifier.
*
* @return Zero if current list item hold a binding with the same id and -1 otherwise.
**/
int __pred_find_stun_binding(const tsk_list_item_t* item, const void* id)
{
if(item) {
tnet_stun_binding_t *p_bind = item->data;
if (p_bind) {
tnet_stun_binding_id_t binding_id = *((tnet_stun_binding_id_t*)id);
return (p_bind->id == binding_id) ? 0 : -1;
}
}
return -1;
}
/**@ingroup tnet_nat_group
*
* Sets the address of the STUN/TURN server.
*
* @param [in,out] p_self The NAT context.
* @param [in,out] pc_server_address The address of server.
*
* @return Zero if succeed and non zero error code otherwise.
**/
int tnet_nat_set_server_address(struct tnet_nat_ctx_s* p_self, const char* pc_server_address)
{
if (!p_self) {
TSK_DEBUG_ERROR("Invalid parameter");
return -1;
}
tsk_strupdate(&(p_self->server_address), pc_server_address);
return 0;
}
/**@ingroup tnet_nat_group
*
* Sets the address and port of the STUN/TURN server.
*
* @param [in,out] p_self The NAT context.
* @param [in,out] pc_server_address The address of server.
* @param u_server_port The server port.
*
* @return Zero if succeed and non zero error code otherwise.
**/
int tnet_nat_set_server(struct tnet_nat_ctx_s* p_self, const char* pc_server_address, tnet_port_t u_server_port)
{
if (!p_self) {
TSK_DEBUG_ERROR("Invalid parameter");
return -1;
}
tsk_strupdate(&(p_self->server_address), pc_server_address);
p_self->server_port = u_server_port;
return 0;
}
/**@ingroup tnet_nat_group
*
* Creates and sends a STUN2 binding request to the STUN/TURN server in order to get the server reflexive
* address associated to this file descriptor (or socket). The caller should call @ref tnet_nat_stun_unbind to destroy the binding.
*
* @param [in,out] p_self The NAT context.
* @param localFD The local file descriptor (or socket) for which to get the reflexive server address.
*
* @return A valid binding id if succeed and @ref kStunBindingInvalidId otherwise. If the returned id is valid then
* the newly created binding will contain the server-reflexive address associated to the local file descriptor.
*
* @sa @ref tnet_nat_stun_unbind.
**/
tnet_stun_binding_id_t tnet_nat_stun_bind(const struct tnet_nat_ctx_s* p_self, const tnet_fd_t localFD)
{
tnet_stun_binding_id_t id = kStunBindingInvalidId;
tnet_stun_binding_t *p_binding = tsk_null;
int ret;
if (!p_self || localFD == TNET_INVALID_FD) {
TSK_DEBUG_ERROR("Invalid parameter");
goto bail;
}
if ((ret = tnet_stun_binding_create(localFD, p_self->socket_type, p_self->server_address, p_self->server_port, p_self->username, p_self->password, &p_binding))) {
goto bail;
}
if ((ret = tnet_nat_stun_send_bind(p_self, p_binding))) {
goto bail;
}
id = p_binding->id;
tsk_list_push_back_data(p_self->stun_bindings, (void**)&p_binding);
bail:
TSK_OBJECT_SAFE_FREE(p_binding);
return id;
}
/**@ingroup tnet_nat_group
* Internal function to send a STUN2 binding request over the network.
*
* @param [in,out] p_self The NAT context holding the user preferences.
* @param [in,out] p_binding The STUN binding object used to create the message to send.
*
* @return Zero if succeed and non-zero error code otherwise.
**/
int tnet_nat_stun_send_bind(const struct tnet_nat_ctx_s* pc_self, struct tnet_stun_binding_s *p_binding)
{
int ret = -1;
tnet_stun_pkt_resp_t *p_pkt_resp = tsk_null;
tnet_stun_pkt_req_t *p_pkt_req = tsk_null;
if (!pc_self || !p_binding) {
TSK_DEBUG_ERROR("Invalid parameter");
return -1;
}
if (!TNET_SOCKET_TYPE_IS_DGRAM(p_binding->socket_type)) {
TSK_DEBUG_ERROR("Only DGRAM could be used for STUN transport");
return -2;
}
if ((ret = tnet_stun_binding_create_req(p_binding, &p_pkt_req))) {
goto bail;
}
/* RFC 5389 - 10.2.1.1. First Request
If the client has not completed a successful request/response
transaction with the server (as identified by hostname, if the DNS
procedures of Section 9 are used, else IP address if not), it SHOULD
omit the USERNAME, MESSAGE-INTEGRITY, REALM, and NONCE attributes.
In other words, the very first request is sent as if there were no
authentication or message integrity applied.
*/
stun_phase0: {
if ((ret = tnet_stun_utils_send_unreliably(p_binding->localFD, pc_self->RTO, pc_self->Rc, p_pkt_req, (struct sockaddr*)&p_binding->addr_server, &p_pkt_resp))) {
goto bail;
}
if (p_pkt_resp) {
if (TNET_STUN_PKT_RESP_IS_ERROR(p_pkt_resp)) {
uint16_t u_code;
if ((ret = tnet_stun_pkt_get_errorcode(p_pkt_resp, &u_code))) {
goto bail;
}
if (u_code == kStunErrCodeUnauthorized || u_code == kStunErrCodeStaleNonce) {
if (u_code == kStunErrCodeUnauthorized) {
// Make sure this is not an authentication failure (#2 401)
// Do not send another req to avoid endless messages
if ((tnet_stun_pkt_attr_exists(p_pkt_req, tnet_stun_attr_type_message_integrity))) { // already has a MESSAGE-INTEGRITY?
TSK_DEBUG_ERROR("STUN authentication failed");
goto bail;
}
}
if ((ret = tnet_stun_pkt_auth_prepare_2(p_pkt_req, p_binding->p_username, p_binding->p_password, p_pkt_resp))) {
goto bail;
}
// Try to send again now that authinfo is up2date
goto stun_phase0;
}
else if (u_code == kStunErrCodeUnknownAttributes) {
if((ret = tnet_stun_pkt_process_err420(p_pkt_req, p_pkt_resp))) {
goto bail;
}
// Try to send again now that authinfo is up2date
goto stun_phase0;
}
ret = -3;
}
else {
const tnet_stun_attr_address_t* pc_addr;
if ((ret = tnet_stun_pkt_attr_find_first(p_pkt_resp, tnet_stun_attr_type_xor_mapped_address, (const tnet_stun_attr_t**)&pc_addr)) == 0 && pc_addr) {
TSK_OBJECT_SAFE_FREE(p_binding->p_xmaddr);
p_binding->p_xmaddr = tsk_object_ref(TSK_OBJECT(pc_addr));
}
if ((ret = tnet_stun_pkt_attr_find_first(p_pkt_resp, tnet_stun_attr_type_mapped_address, (const tnet_stun_attr_t**)&pc_addr)) == 0 && pc_addr) {
TSK_OBJECT_SAFE_FREE(p_binding->p_maddr);
p_binding->p_maddr = tsk_object_ref(TSK_OBJECT(pc_addr));
}
}
}
}
/* END OF stun_phase0 */
bail:
TSK_OBJECT_SAFE_FREE(p_pkt_resp);
TSK_OBJECT_SAFE_FREE(p_pkt_req);
return ret;
}
/**@ingroup tnet_nat_group
* Gets the server reflexive address associated to this STUN2 binding.
*
*
* @param [in,out] p_self The NAT context.
* @param id The id of the STUN2 binding conetxt (obtained using @ref tnet_nat_stun_bind) holding the server-reflexive address.
* @param [in,out] pp_ip The reflexive IP address. It is up the the caller to free the returned string
* @param [in,out] pu_port The reflexive port.
*
* @return Zero if succeed and non zero error code otherwise.
**/
int tnet_nat_stun_get_reflexive_address(const struct tnet_nat_ctx_s* p_self, tnet_stun_binding_id_t id, char** pp_ip, tnet_port_t *pu_port)
{
const tsk_list_item_t* item;
if (!p_self) {
TSK_DEBUG_ERROR("Invalid parameter");
return -1;
}
if (!pp_ip && !pu_port) {
return 0;
}
if ((item = tsk_list_find_item_by_pred(p_self->stun_bindings, __pred_find_stun_binding, &id)) && item->data) {
const tnet_stun_binding_t *pc_bind = (const tnet_stun_binding_t *)item->data;
const struct tnet_stun_attr_address_s *pc_addr = pc_bind->p_xmaddr ? pc_bind->p_xmaddr : pc_bind->p_maddr;
if (pc_addr) {
tnet_ip_t ip;
int ret;
if ((ret = tnet_stun_utils_inet_ntop((pc_addr->e_family == tnet_stun_address_family_ipv6), &pc_addr->address, &ip))) {
return ret;
}
if (pp_ip) {
tsk_strupdate(pp_ip, ip);
}
if (pu_port) {
*pu_port = pc_addr->u_port;
}
return 0;
}
}
return -2;
}
/**@ingroup tnet_nat_group
*
* Removes a STUN2 binding from the NAT context.
*
* @param [in,out] p_self The NAT context from which to remove the STUN2 binding.
* @param id The id of the STUN2 binding to remove.
*
* @return Zero if succeed and non zero error code otherwise.
*
*
* @sa @ref tnet_nat_stun_bind.
**/
int tnet_nat_stun_unbind(const struct tnet_nat_ctx_s* p_self, tnet_stun_binding_id_t id)
{
if (!p_self) {
TSK_DEBUG_ERROR("Invalid parameter");
return -1;
}
tsk_list_remove_item_by_pred(p_self->stun_bindings, __pred_find_stun_binding, &id);
return 0;
}
//=================================================================================================
// NAT CONTEXT object definition
//
static tsk_object_t* tnet_nat_context_ctor(tsk_object_t * self, va_list * app)
{
tnet_nat_ctx_t *p_ctx = (tnet_nat_ctx_t*)self;
if (p_ctx) {
}
return self;
}
static tsk_object_t* tnet_nat_context_dtor(tsk_object_t * self)
{
tnet_nat_ctx_t *p_ctx = (tnet_nat_ctx_t*)self;
if (p_ctx) {
TSK_FREE(p_ctx->username);
TSK_FREE(p_ctx->password);
TSK_FREE(p_ctx->server_address);
TSK_OBJECT_SAFE_FREE(p_ctx->stun_bindings);
TSK_DEBUG_INFO("*** NAT context destroyed ***");
}
return self;
}
static const tsk_object_def_t tnet_nat_context_def_s =
{
sizeof(tnet_nat_ctx_t),
tnet_nat_context_ctor,
tnet_nat_context_dtor,
tsk_null,
};
const tsk_object_def_t *tnet_nat_context_def_t = &tnet_nat_context_def_s;