[Serdev] STUN server in SER

Thu Jan 18 06:38:39 UTC 2007

Alfred,
thanks for comments and review! I will check it ASAP and let you know 
the result.

Regards,
   Vladimir

Alfred E. Heggestad wrote:
> Hi
>
> I have done some more testing of the embedded STUN server in SER 0.10 
> (from CVS).
> Here are some of my comments:
>
>
> * Calculation of the length field for 400 Bad Request ERROR responses 
> is wrong.
>
> * The calculation of mandatory attributes is wrong, the STUN Server 
> should accept
>   any optional attributes >= 0x8000 (see attached patch).
>
> * The variable req->old checks if the STUN request is a RFC3489 or 
> 3489bis request
>   (based on MAGIC_COOKIE) - but it seems that the meaning is reversed ?
>
> * The calculation of XOR_MAPPED_ADDRESS seems be wrong. Check the host 
> order vs.
>   network order of MAGIC_COOKIE, port number and IPv4 address. (see 
> attached patch)
>   Calculation of IPv6 address must also be checked
>
> * The error code reason phrases defined in ser_stun.h should be 
> changed to the
>   text in the brackets of rfc3489bis section 11.6 - e.g. instead of
>
>     300 The client should contact an alternate server for this request.
>
>   you should use:
>
>     300 Try Alternate
>
>
> Please see the attached patch for some fixes ..
>
>
> /alfred
> ------------------------------------------------------------------------
>
> Index: ser_stun.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/ser_stun.c,v
> retrieving revision 1.4
> diff -u -1 -r1.4 ser_stun.c
> --- ser_stun.c	14 Dec 2006 08:38:07 -0000	1.4
> +++ ser_stun.c	17 Jan 2007 18:35:48 -0000
> @@ -345,3 +345,3 @@
>  				/* 
> -				 * the attribute is uknnown to the server
> +				 * the attribute is uknown to the server
>  				 * let see if it's necessary to generate error response 
> @@ -349,5 +349,5 @@
>  #ifdef EXTRA_DEBUG
> -				LOG(L_DBG, "DEBUG: stun_parse_body: unknown attribute found\n");
> +				LOG(L_DBG, "DEBUG: stun_parse_body: unknown attribute found (type=0x%04x)\n", htons(attr.type));
>  #endif
> -				if (attr.type <= htons(MANDATORY_ATTR)) {
> +				if (htons(attr.type) <= MANDATORY_ATTR) {
>  					tmp_unknown = stun_alloc_unknown_attr(attr.type);
> @@ -379,3 +379,3 @@
>  	
> -	if (fp_present == 0 && req->old == 0) {
> +	if (fp_present == 0 && req->old == 0 && stun_allow_fp) {
>  #ifdef EXTRA_DEBUG
> @@ -807,3 +807,3 @@
>  	attr.type = htons(type);
> -	res->ip_addr.port = (do_xor) ? htons(port) ^ MAGIC_COOKIE_2B : htons(port);
> +	res->ip_addr.port = htons(do_xor ? (port ^ MAGIC_COOKIE_2B) : port);
>  	switch(af) {
> @@ -814,3 +814,3 @@
>  			res->ip_addr.ip[0] = (do_xor) ? 
> -					res->ip_addr.ip[0] ^ MAGIC_COOKIE : res->ip_addr.ip[0];		
> +					res->ip_addr.ip[0] ^ htonl(MAGIC_COOKIE) : res->ip_addr.ip[0];		
>  			break;
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serdev mailing list
> Serdev at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serdev
>   