Stun协议RFC5389_rfc793资源-CSDN文库

4星 · 超过85%的资源需积分: 10 150 浏览量 2012-07-28 10:32:29 上传评论收藏 80KB PDF 举报

资源推荐

资源详情

资源评论

Network Working Group J. Rosenberg

Request for Comments: 5389 Cisco

Obsoletes: 3489 R. Mahy

Category: Standards Track P. Matthews

Unaffiliated

D. Wing

Cisco

October 2008

Session Traversal Utilities for NAT (STUN)

Status of This Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Abstract

Session Traversal Utilities for NAT (STUN) is a protocol that serves

as a tool for other protocols in dealing with Network Address

Translator (NAT) traversal. It can be used by an endpoint to

determine the IP address and port allocated to it by a NAT. It can

also be used to check connectivity between two endpoints, and as a

keep-alive protocol to maintain NAT bindings. STUN works with many

existing NATs, and does not require any special behavior from them.

STUN is not a NAT traversal solution by itself. Rather, it is a tool

to be used in the context of a NAT traversal solution. This is an

important change from the previous version of this specification (RFC

3489), which presented STUN as a complete solution.

This document obsoletes RFC 3489.

Table of Contents

1. Introduction ....................................................4

2. Evolution from RFC 3489 .........................................4

3. Overview of Operation ...........................................5

4. Terminology .....................................................8

5. Definitions .....................................................8

6. STUN Message Structure .........................................10

7. Base Protocol Procedures .......................................12

7.1. Forming a Request or an Indication ........................12

7.2. Sending the Request or Indication .........................13

Rosenberg, et al. Standards Track [Page 1]

RFC 5389 STUN October 2008

7.2.1. Sending over UDP ...................................13

7.2.2. Sending over TCP or TLS-over-TCP ...................14

7.3. Receiving a STUN Message ..................................16

7.3.1. Processing a Request ...............................17

7.3.1.1. Forming a Success or Error Response .......18

7.3.1.2. Sending the Success or Error Response .....19

7.3.2. Processing an Indication ...........................19

7.3.3. Processing a Success Response ......................19

7.3.4. Processing an Error Response .......................20

8. FINGERPRINT Mechanism ..........................................20

9. DNS Discovery of a Server ......................................21

10. Authentication and Message-Integrity Mechanisms ...............22

10.1. Short-Term Credential Mechanism ..........................22

10.1.1. Forming a Request or Indication ...................23

10.1.2. Receiving a Request or Indication .................23

10.1.3. Receiving a Response ..............................24

10.2. Long-Term Credential Mechanism ...........................24

10.2.1. Forming a Request .................................25

10.2.1.1. First Request ............................25

10.2.1.2. Subsequent Requests ......................26

10.2.2. Receiving a Request ...............................26

10.2.3. Receiving a Response ..............................27

11. ALTERNATE-SERVER Mechanism ....................................28

12. Backwards Compatibility with RFC 3489 .........................28

12.1. Changes to Client Processing .............................29

12.2. Changes to Server Processing .............................29

13. Basic Server Behavior .........................................30

14. STUN Usages ...................................................30

15. STUN Attributes ...............................................31

15.1. MAPPED-ADDRESS ...........................................32

15.2. XOR-MAPPED-ADDRESS .......................................33

15.3. USERNAME .................................................34

15.4. MESSAGE-INTEGRITY ........................................34

15.5. FINGERPRINT ..............................................36

15.6. ERROR-CODE ...............................................36

15.7. REALM ....................................................38

15.8. NONCE ....................................................38

15.9. UNKNOWN-ATTRIBUTES .......................................38

15.10. SOFTWARE ................................................39

15.11. ALTERNATE-SERVER ........................................39

16. Security Considerations .......................................39

16.1. Attacks against the Protocol .............................39

16.1.1. Outside Attacks ...................................39

16.1.2. Inside Attacks ....................................40

16.2. Attacks Affecting the Usage ..............................40

16.2.1. Attack I: Distributed DoS (DDoS) against a

Target ............................................41

16.2.2. Attack II: Silencing a Client .....................41

Rosenberg, et al. Standards Track [Page 2]

RFC 5389 STUN October 2008

1. Introduction

The protocol defined in this specification, Session Traversal

Utilities for NAT, provides a tool for dealing with NATs. It

provides a means for an endpoint to determine the IP address and port

allocated by a NAT that corresponds to its private IP address and

port. It also provides a way for an endpoint to keep a NAT binding

alive. With some extensions, the protocol can be used to do

connectivity checks between two endpoints [MMUSIC-ICE], or to relay

packets between two endpoints [BEHAVE-TURN].

In keeping with its tool nature, this specification defines an

extensible packet format, defines operation over several transport

protocols, and provides for two forms of authentication.

STUN is intended to be used in context of one or more NAT traversal

solutions. These solutions are known as STUN usages. Each usage

describes how STUN is utilized to achieve the NAT traversal solution.

Typically, a usage indicates when STUN messages get sent, which

optional attributes to include, what server is used, and what

authentication mechanism is to be used. Interactive Connectivity

Establishment (ICE) [MMUSIC-ICE] is one usage of STUN. SIP Outbound

[SIP-OUTBOUND] is another usage of STUN. In some cases, a usage will

require extensions to STUN. A STUN extension can be in the form of

new methods, attributes, or error response codes. More information

on STUN usages can be found in Section 14.

2. Evolution from RFC 3489

STUN was originally defined in RFC 3489 [RFC3489]. That

specification, sometimes referred to as "classic STUN", represented

itself as a complete solution to the NAT traversal problem. In that

solution, a client would discover whether it was behind a NAT,

determine its NAT type, discover its IP address and port on the

public side of the outermost NAT, and then utilize that IP address

and port within the body of protocols, such as the Session Initiation

Protocol (SIP) [RFC3261]. However, experience since the publication

of RFC 3489 has found that classic STUN simply does not work

sufficiently well to be a deployable solution. The address and port

learned through classic STUN are sometimes usable for communications

with a peer, and sometimes not. Classic STUN provided no way to

discover whether it would, in fact, work or not, and it provided no

remedy in cases where it did not. Furthermore, classic STUN’s

algorithm for classification of NAT types was found to be faulty, as

many NATs did not fit cleanly into the types defined there.

Rosenberg, et al. Standards Track [Page 4]

RFC 5389 STUN October 2008

Classic STUN also had a security vulnerability -- attackers could

provide the client with incorrect mapped addresses under certain

topologies and constraints, and this was fundamentally not solvable

through any cryptographic means. Though this problem remains with

this specification, those attacks are now mitigated through the use

of more complete solutions that make use of STUN.

For these reasons, this specification obsoletes RFC 3489, and instead

describes STUN as a tool that is utilized as part of a complete NAT

traversal solution. ICE [MMUSIC-ICE] is a complete NAT traversal

solution for protocols based on the offer/answer [RFC3264]

methodology, such as SIP. SIP Outbound [SIP-OUTBOUND] is a complete

solution for traversal of SIP signaling, and it uses STUN in a very

different way. Though it is possible that a protocol may be able to

use STUN by itself (classic STUN) as a traversal solution, such usage

is not described here and is strongly discouraged for the reasons

described above.

The on-the-wire protocol described here is changed only slightly from

classic STUN. The protocol now runs over TCP in addition to UDP.

Extensibility was added to the protocol in a more structured way. A

magic cookie mechanism for demultiplexing STUN with application

protocols was added by stealing 32 bits from the 128-bit transaction

ID defined in RFC 3489, allowing the change to be backwards

compatible. Mapped addresses are encoded using a new exclusive-or

format. There are other, more minor changes. See Section 19 for a

more complete listing.

Due to the change in scope, STUN has also been renamed from "Simple

Traversal of UDP through NAT" to "Session Traversal Utilities for

NAT". The acronym remains STUN, which is all anyone ever remembers

anyway.

3. Overview of Operation

This section is descriptive only.

Rosenberg, et al. Standards Track [Page 5]

剩余51页未读，继续阅读

评论收藏

内容反馈

weseliu

2012-12-13

还是挺有价值的
sherrypan

2013-10-07

文档挺好的！
iloveyouysr

2014-11-11

还不错，可惜是英文版，要慢慢看

dontsaymiss

粉丝: 9
资源: 9

Stun协议RFC5389

STUN协议RFC5389.pdf

StunSuite：本项目包含一套使用Stun的服务器与客户端，用于查询内部网络的类型。使用的Stun协议版本为rfc5389。项目采用Java实现，所用jdk版本为jdk1.8.0_181。

stun_RFC5389_中文

RFC5389文档

stun:快速的RFC 5389 STUN实现

RFC5389 中文版

RFC5389_CN

rfc5389详细内容

RFC5389中文版

STUN-RFC5389中英文合集.zip

STUN 协议RFC3489中文版 只要5积分

go-stun, STUN客户端的go实现( RFC 3489和 RFC 5389 ).zip

STUN(RFC3489)协议支持库Stun-Lib.zip

STUN 协议实现源码

STUN穿透协议

stun协议深入解剖

STUN协议的java实现，stun4j

简析STUN协议-好东西分享

BCM5389技术手册

STUN-RFC3489中英文合集.zip

go-stun:STUN客户端的go实现（RFC 3489和RFC 5389）

rfc3489(STUN).txt

高性能的STUN服务器STUNMAN.zip

stun-client:基于[RFC8489]（https）的C＃编写的非常基本的STUN客户端

webrtc研究及其P2P相关RFC协议文档集

解决Win 10与不兼容VirtualBox操作过程文档+（附带软件）.zip

计算机网络知识点总结(谢希仁第八版).pdf

Xshell软件(配色方案&amp;高亮关键字/突出显示集)的相关文件

湖南科技大学《计算机网络》配套课件（PDF版）

最新资源

STUN 协议RFC3489中文版只要5积分

Xshell软件(配色方案&高亮关键字/突出显示集)的相关文件