Browse code

- added STUN keep-alive functionality in accordance with draft-ietf-behave-rfc3489bis-04.txt

Vladimir Marek authored on 13/10/2006 13:08:42
Showing 10 changed files
... ...
@@ -351,6 +351,8 @@ endif
351 351
 # -DPROFILING
352 352
 #		if enabled profiling will be enabled for child processes
353 353
 #		Don't forget to set PROFILE (see below)
354
+# -DUSE_STUN
355
+#		compiles in stun support
354 356
 
355 357
 # Sometimes is needes correct non-quoted $OS. HACK: gcc translates known OS to number ('linux'), so there is added underscore
356 358
 
... ...
@@ -394,6 +396,10 @@ ifneq ($(TLS),)
394 396
 	DEFS+= -DUSE_TLS
395 397
 endif
396 398
 
399
+ifneq ($(STUN),)
400
+	DEFS+= -DUSE_STUN
401
+endif
402
+
397 403
 ifeq ($(mode),)
398 404
 	mode = release
399 405
 endif
... ...
@@ -1388,6 +1394,11 @@ DEFS+= -I$(LOCALBASE)/ssl/include
1388 1394
 LIBS+= -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib -lssl  -lcrypto
1389 1395
 endif
1390 1396
 
1397
+ifneq ($(STUN),)
1398
+DEFS+= -I$(LOCALBASE)/ssl/include
1399
+LIBS+= -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib -lcrypto
1400
+endif
1401
+
1391 1402
 ifneq ($(found_lock_method), yes)
1392 1403
 $(warning	No locking method found so far, trying SYS V sems)
1393 1404
 		DEFS+= -DUSE_SYSV_SEM  # try sys v sems
... ...
@@ -60,8 +60,10 @@
60 60
  *              to_{ip,port} (andrei)
61 61
  *  2005-12-12  separated drop, exit, break, return, added RETCODE (andrei)
62 62
  *  2005-12-19  select framework (mma)
63
- * 2006-09-11  added dns cache (use, flags, ttls, mem ,gc) & dst blacklist
63
+ *  2006-09-11  added dns cache (use, flags, ttls, mem ,gc) & dst blacklist
64 64
  *              options (andrei)
65
+ *  2006-10-13  added STUN_ALLOW_STUN, STUN_ALLOW_FP, STUN_REFRESH_INTERVAL
66
+ *              (vlada)
65 67
  */
66 68
 
67 69
 
... ...
@@ -289,6 +291,11 @@ MCAST_LOOPBACK		"mcast_loopback"
289 291
 MCAST_TTL		"mcast_ttl"
290 292
 TOS			"tos"
291 293
 
294
+/* stun config variables */
295
+STUN_REFRESH_INTERVAL "stun_refresh_interval"
296
+STUN_ALLOW_STUN "stun_allow_stun"
297
+STUN_ALLOW_FP "stun_allow_fp"
298
+
292 299
 LOADMODULE	loadmodule
293 300
 MODPARAM        modparam
294 301
 
... ...
@@ -528,6 +535,10 @@ EAT_ABLE	[\ \t\b\r]
528 535
 <INITIAL>{LOADMODULE}	{ count(); yylval.strval=yytext; return LOADMODULE; }
529 536
 <INITIAL>{MODPARAM}     { count(); yylval.strval=yytext; return MODPARAM; }
530 537
 
538
+<INITIAL>{STUN_REFRESH_INTERVAL} { count(); yylval.strval=yytext; return STUN_REFRESH_INTERVAL;}
539
+<INITIAL>{STUN_ALLOW_STUN} { count(); yylval.strval=yytext; return STUN_ALLOW_STUN;}
540
+<INITIAL>{STUN_ALLOW_FP} { count(); yylval.strval=yytext; return STUN_ALLOW_FP;}
541
+
531 542
 <INITIAL>{EQUAL}	{ count(); return EQUAL; }
532 543
 <INITIAL>{ADDEQ}          { count(); return ADDEQ; }
533 544
 <INITIAL>{EQUAL_T}	{ count(); return EQUAL_T; }
... ...
@@ -74,6 +74,8 @@
74 74
  * 2006-05-30  avp flags (tma)
75 75
  * 2006-09-11  added dns cache (use, flags, ttls, mem ,gc) & dst blacklist
76 76
  *              options (andrei)
77
+ * 2006-10-13  added STUN_ALLOW_STUN, STUN_ALLOW_FP, STUN_REFRESH_INTERVAL
78
+ *              (vlada)
77 79
  */
78 80
 
79 81
 %{
... ...
@@ -335,6 +337,10 @@ static struct socket_id* mk_listen_id(char*, int, int);
335 337
 %token ATTR_GLOBAL
336 338
 %token ADDEQ
337 339
 
340
+%token STUN_REFRESH_INTERVAL
341
+%token STUN_ALLOW_STUN
342
+%token STUN_ALLOW_FP
343
+
338 344
 /* operators */
339 345
 %nonassoc EQUAL
340 346
 %nonassoc EQUAL_T
... ...
@@ -864,6 +870,25 @@ assign_stm:
864 870
 	| TOS EQUAL NUMBER { tos=$3; }
865 871
 	| TOS EQUAL error { yyerror("number expected"); }
866 872
 	| error EQUAL { yyerror("unknown config variable"); }
873
+	| STUN_REFRESH_INTERVAL EQUAL NUMBER { 
874
+		#ifdef USE_STUN
875
+			stun_refresh_interval=$3;
876
+		#endif
877
+		}
878
+	| STUN_REFRESH_INTERVAL EQUAL error{ yyerror("number expected"); }
879
+	| STUN_ALLOW_STUN EQUAL NUMBER { 
880
+		#ifdef USE_STUN
881
+			stun_allow_stun=$3;
882
+		#endif
883
+		}
884
+	| STUN_ALLOW_STUN EQUAL error{ yyerror("number expected"); }
885
+	| STUN_ALLOW_FP EQUAL NUMBER { 
886
+		#ifdef USE_STUN
887
+			stun_allow_fp=$3;
888
+		#endif
889
+		}
890
+	| STUN_ALLOW_FP EQUAL error{ yyerror("number expected"); }
891
+	| error EQUAL { yyerror("unknown config variable"); }
867 892
 	;
868 893
 module_stm:
869 894
 	LOADMODULE STRING {
... ...
@@ -114,6 +114,12 @@ extern int mcast_loopback;
114 114
 extern int mcast_ttl;
115 115
 #endif /* USE_MCAST */
116 116
 
117
+#ifdef USE_STUN
118
+extern unsigned int stun_refresh_interval;
119
+extern int stun_allow_stun;
120
+extern int stun_allow_fp;
121
+#endif
122
+
117 123
 extern int tos;
118 124
 
119 125
 /*
... ...
@@ -62,6 +62,8 @@
62 62
  *               of them might use it "unset" (andrei)
63 63
  *  2005-07-25  use sigaction for setting the signal handlers (andrei)
64 64
  *  2006-07-13  added dns cache/failover init. (andrei)
65
+ *  2006-10-13  added global variables stun_refresh_interval, stun_allow_stun
66
+ *              and stun_allow_fp (vlada)
65 67
  */
66 68
 
67 69
 
... ...
@@ -353,6 +355,15 @@ unsigned short port_no=0; /* default port*/
353 355
 unsigned short tls_port_no=0; /* default port */
354 356
 #endif
355 357
 
358
+#ifdef USE_STUN
359
+/* refresh interval in miliseconds */
360
+unsigned int stun_refresh_interval=0;
361
+/* stun can be switch off even if it is compiled */
362
+int stun_allow_stun=1;
363
+/* use or don't use fingerprint */
364
+int stun_allow_fp=1;
365
+#endif
366
+
356 367
 struct host_alias* aliases=0; /* name aliases list */
357 368
 
358 369
 /* Parameter to child_init */
359 370
new file mode 100644
... ...
@@ -0,0 +1,1080 @@
1
+/*
2
+ * $Id$
3
+ *
4
+ * Copyright (C) 2001-2003 FhG Fokus
5
+ *
6
+ * This file is part of ser, a free SIP server.
7
+ *
8
+ * ser is free software; you can redistribute it and/or modify
9
+ * it under the terms of the GNU General Public License as published by
10
+ * the Free Software Foundation; either version 2 of the License, or
11
+ * (at your option) any later version
12
+ *
13
+ * For a license to use the ser software under conditions
14
+ * other than those described here, or to purchase support for this
15
+ * software, please contact iptel.org by e-mail at the following addresses:
16
+ *    info@iptel.org
17
+ *
18
+ * ser is distributed in the hope that it will be useful,
19
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
20
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21
+ * GNU General Public License for more details.
22
+ *
23
+ * You should have received a copy of the GNU General Public License 
24
+ * along with this program; if not, write to the Free Software 
25
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26
+ *
27
+ * History
28
+ * --------
29
+ *  2006-10-13  created (vlada)
30
+ */
31
+
32
+#ifdef USE_STUN 
33
+ 
34
+#include <arpa/inet.h>
35
+#include "ser_stun.h"
36
+#include "forward.h"
37
+
38
+extern unsigned char* SHA1(const unsigned char* d, size_t m,unsigned char* md);
39
+
40
+/*
41
+ * ****************************************************************************
42
+ *                     Declaration of functions                               *
43
+ * ****************************************************************************
44
+ */
45
+int stun_parse_header(struct stun_msg* req, USHORT_T* error_code);
46
+int stun_parse_body(
47
+				struct stun_msg* req,
48
+				struct stun_unknown_att** unknown,
49
+				USHORT_T* error_code);
50
+void stun_delete_unknown_attrs(struct stun_unknown_att* unknown);
51
+struct stun_unknown_att* stun_alloc_unknown_attr(USHORT_T type);
52
+int stun_add_address_attr(struct stun_msg* res, 
53
+						UINT_T		af,
54
+						USHORT_T	port,
55
+						UINT_T*		ip_addr,
56
+						USHORT_T	type,
57
+						int do_xor);
58
+int add_unknown_attr(struct stun_msg* res, struct stun_unknown_att* unknown);
59
+int add_error_code(struct stun_msg* res, USHORT_T error_code);
60
+int add_fingerprint(struct stun_buffer* msg);
61
+int copy_str_to_buffer(struct stun_msg* res, const char* data, UINT_T pad);
62
+int validate_fingerprint(struct stun_msg* req, USHORT_T* error_code);
63
+int reallock_buffer(struct stun_buffer* buffer, UINT_T len);
64
+int buf_copy(struct stun_buffer* msg, void* source, UINT_T len);
65
+void clean_memory(struct stun_msg* req,
66
+				struct stun_msg* res,	struct stun_unknown_att* unknown);
67
+int stun_create_response(
68
+						struct stun_msg* req,
69
+						struct stun_msg* res,
70
+						struct receive_info* ri,
71
+						struct stun_unknown_att* unknown, 
72
+						UINT_T error_code);
73
+int stun_add_common_integer_attr(struct stun_msg* res, USHORT_T type, UINT_T value);
74
+int stun_add_common_text_attr(struct stun_msg* res, USHORT_T type, char* value, 
75
+							USHORT_T pad);
76
+
77
+
78
+/*
79
+ * ****************************************************************************
80
+ *                      Definition of functions                               *
81
+ * ****************************************************************************
82
+ */
83
+ 
84
+/* 
85
+ * stun_process_msg(): 
86
+ * 			buf - incoming message
87
+ * 			len - length of incoming message
88
+ * 			ri  - information about socket that received a message and 
89
+ *                also information about sender (its IP, port, protocol)
90
+ * 
91
+ * This function ensures processing of incoming message. It's common for both
92
+ * TCP and UDP protocol. There is no other function as an interface.
93
+ * 
94
+ * Return value:	0	if there is no environment error
95
+ * 					-1	if there is some enviroment error such as insufficiency
96
+ * 						of memory
97
+ * 
98
+ */
99
+int stun_process_msg(char* buf, unsigned len, struct receive_info* ri)
100
+{
101
+	struct stun_msg 			msg_req;
102
+	struct stun_msg 			msg_res;
103
+	struct dest_info			dst;
104
+	struct stun_unknown_att*	unknown;
105
+	USHORT_T					error_code;
106
+	int ii;
107
+	 
108
+	memset(&msg_req, 0, sizeof(msg_req));
109
+	memset(&msg_res, 0, sizeof(msg_res));
110
+	
111
+	msg_req.msg.buf.s = buf;
112
+	msg_req.msg.buf.len = len;	
113
+	unknown = NULL;
114
+	error_code = RESPONSE_OK;
115
+	
116
+	if (stun_parse_header(&msg_req, &error_code) != 0) {
117
+		goto error;
118
+	}
119
+	
120
+	if (error_code == RESPONSE_OK) {
121
+		if (stun_parse_body(&msg_req, &unknown, &error_code) != 0) {
122
+			goto error;
123
+		}
124
+	}
125
+	
126
+	if (stun_create_response(&msg_req, &msg_res, ri,  
127
+							unknown, error_code) != 0) {
128
+		goto error;
129
+	}
130
+	
131
+	init_dst_from_rcv(&dst, ri);
132
+
133
+#ifdef EXTRA_DEBUG	
134
+	struct ip_addr ip;
135
+	su2ip_addr(&ip, &dst.to);
136
+	char *ipp = ip_addr2a(&ip);
137
+	int porttt = su_getport(&dst.to);
138
+	LOG(L_DBG, "DEBUG: ser_stun: %s:%d):\n", ip_addr2a(&ip), 
139
+		su_getport(&dst.to));
140
+#endif
141
+	
142
+	/* send STUN response */
143
+	if (msg_send(&dst, msg_res.msg.buf.s, msg_res.msg.buf.len) != 0) {
144
+		goto error;
145
+	}
146
+	
147
+	clean_memory(&msg_req, &msg_res, unknown);
148
+	return 0;
149
+	
150
+error:
151
+	clean_memory(&msg_req, &msg_res, unknown);
152
+	return FATAL_ERROR;
153
+}
154
+
155
+/*
156
+ * stun_parse_header():
157
+ * 			- req: request from host that should be processed
158
+ * 			- error_code: indication of any protocol error
159
+ * 
160
+ * This function ensures parsing of incoming header.
161
+ * 
162
+ * Return value:	0	if there is no environment error
163
+ * 					-1	if there is some enviroment error such as insufficiency
164
+ * 						of memory
165
+ */
166
+
167
+int stun_parse_header(struct stun_msg* req, USHORT_T* error_code)
168
+{
169
+	
170
+	if (sizeof(req->hdr) > req->msg.buf.len) {
171
+		/* the received message does not contain whole header */
172
+		LOG(L_INFO, "INFO: incomplete header of STUN message\n");
173
+		/* Any better solution? IMHO it's not possible to send error response
174
+		 * because the transaction ID is not available.
175
+		 */
176
+		return FATAL_ERROR;
177
+	}
178
+	
179
+	memcpy(&req->hdr, req->msg.buf.s, sizeof(struct stun_hdr));
180
+	req->hdr.type = ntohs(req->hdr.type);
181
+	
182
+	/* the SER supports only Binding Request right now */ 
183
+	if (req->hdr.type != BINDING_REQUEST) {
184
+		LOG(L_INFO, "INFO: unsupported type of STUN message: %x\n", 
185
+					req->hdr.type);
186
+		/* resending of same message is not welcome */
187
+		*error_code = GLOBAL_FAILURE_ERR;
188
+	}
189
+	
190
+	req->hdr.len = ntohs(req->hdr.len);
191
+	
192
+	/* check if there is correct magic cookie */
193
+	req->old = (req->hdr.id.magic_cookie == htonl(MAGIC_COOKIE)) ? 0 : 1;
194
+
195
+	return 0;
196
+}
197
+
198
+/*
199
+ * stun_parse_body():
200
+ * 			- req: request from host that should be processed
201
+ * 			- unknown: this is a link list header of attributes 
202
+ * 					   that are unknown to SER; defaul value is NULL
203
+ * 			- error_code: indication of any protocol error
204
+ * 
205
+ * Return value:	0	if there is no environment error
206
+ * 					-1	if there is some enviroment error such as insufficiency
207
+ * 						of memory
208
+ */
209
+int stun_parse_body(
210
+				struct stun_msg* req,
211
+				struct stun_unknown_att** unknown,
212
+				USHORT_T* error_code)
213
+{
214
+	UINT_T not_parsed;
215
+	struct stun_attr attr;
216
+	USHORT_T attr_size;
217
+	UINT_T padded_len;
218
+	struct stun_unknown_att*	tmp_unknown;
219
+	struct stun_unknown_att*	body;
220
+	char*	buf;
221
+	int		fp_present;
222
+	
223
+	attr_size = sizeof(struct stun_attr);
224
+	buf = &req->msg.buf.s[sizeof(struct stun_hdr)];
225
+	fp_present = 0;
226
+	
227
+	/* 
228
+	 * the message length is different for rfc and rfc bis 
229
+	 * the bis version contains fingerprint that is not included in 
230
+	 * length of body which is listed in header of message
231
+	 */
232
+	not_parsed = req->msg.buf.len - sizeof(struct stun_hdr);
233
+	
234
+	if (req->old) {
235
+		if (not_parsed != req->hdr.len) {
236
+			*error_code = BAD_REQUEST_ERR;
237
+			return 0;
238
+		} 
239
+	}
240
+	else {
241
+		if (not_parsed != 
242
+		    req->hdr.len + SHA_DIGEST_LENGTH + sizeof(struct stun_attr)) {
243
+			*error_code = BAD_REQUEST_ERR;
244
+			return 0;
245
+		}
246
+	}
247
+	
248
+	tmp_unknown = *unknown;
249
+	body = NULL;
250
+	
251
+	while (not_parsed > 0 && *error_code == RESPONSE_OK) {
252
+		memset(&attr, 0, attr_size);
253
+		
254
+		/* check if there are 4 bytes for attribute type and its value */
255
+		if (not_parsed < 4) {
256
+			*error_code = BAD_REQUEST_ERR;
257
+			continue;
258
+		}
259
+		
260
+		memcpy(&attr, buf, attr_size);
261
+		
262
+		buf += attr_size;
263
+		not_parsed -= attr_size;
264
+		
265
+		/* check if there is enought unparsed space for attribute's value */
266
+		if (not_parsed < ntohs(attr.len)) {
267
+			*error_code = BAD_REQUEST_ERR;
268
+			continue;
269
+		}
270
+		
271
+		/* check if the attribute is known to the server */
272
+		switch (htons(attr.type)) {			
273
+			case REALM_ATTR:
274
+			case NONCE_ATTR:
275
+			case MAPPED_ADDRESS_ATTR:
276
+			case XOR_MAPPED_ADDRESS_ATTR:
277
+			case ALTERNATE_SERVER_ATTR:
278
+			case REFRESH_INTERVAL_ATTR:
279
+			case RESPONSE_ADDRESS_ATTR:
280
+			case SOURCE_ADDRESS_ATTR:
281
+			case REFLECTED_FROM_ATTR:		
282
+			case CHANGE_REQUEST_ATTR:
283
+			case CHANGED_ADDRESS_ATTR:
284
+				padded_len = ntohs(attr.len);
285
+				break;
286
+			
287
+			/* following attributes must be padded to 4 bytes */
288
+			case USERNAME_ATTR:
289
+			case PASSWORD_ATTR:
290
+			case ERROR_CODE_ATTR:
291
+			case UNKNOWN_ATTRIBUTES_ATTR:
292
+			case SERVER_ATTR:
293
+				padded_len = PADDED_TO_FOUR(ntohs(attr.len));
294
+				break;
295
+
296
+			/* MESSAGE_INTEGRITY must be padded to sixty four bytes*/
297
+			case MESSAGE_INTEGRITY_ATTR:
298
+				padded_len = PADDED_TO_SIXTYFOUR(ntohs(attr.len));
299
+				break;
300
+			
301
+			case FINGERPRINT_ATTR:
302
+				fp_present = 1;			
303
+				if (ntohs(attr.len) != SHA_DIGEST_LENGTH) {
304
+					LOG(L_WARN, 
305
+						"WARNING: STUN: Incorrect fingerprint of request.\n");
306
+					*error_code = BAD_REQUEST_ERR;
307
+					continue;
308
+				}
309
+
310
+				memcpy(req->fp, buf, SHA_DIGEST_LENGTH);
311
+				if(stun_allow_fp) {
312
+					if (validate_fingerprint(req, error_code) != 0) {
313
+						LOG(L_WARN, 
314
+							"WARNING: STUN: Incorrect fingerprint of request.\n");
315
+						*error_code = BAD_REQUEST_ERR;
316
+						continue;
317
+					}
318
+				} 
319
+
320
+				padded_len = SHA_DIGEST_LENGTH;
321
+				if (not_parsed > SHA_DIGEST_LENGTH) {
322
+					/* fingerprint must be last parameter in request */
323
+					*error_code = BAD_REQUEST_ERR;
324
+					continue;
325
+				}
326
+				break;
327
+			
328
+			default:
329
+				/* 
330
+				 * the attribute is uknnown to the server
331
+				 * let see if it's necessary to generate error response 
332
+				 */
333
+				if (attr.type <= htons(MANDATORY_ATTR)) {
334
+					tmp_unknown = stun_alloc_unknown_attr(attr.type);
335
+					if (tmp_unknown == NULL) {
336
+						return FATAL_ERROR;
337
+					}
338
+					if (*unknown == NULL) {
339
+						*unknown = body = tmp_unknown;
340
+					}
341
+					else { 
342
+						body->next = tmp_unknown;
343
+						body = body->next;
344
+					}
345
+				}
346
+				padded_len = ntohs(attr.len);
347
+				break;
348
+		}
349
+		buf += padded_len;
350
+		not_parsed -= padded_len;
351
+	}  /* while */
352
+	
353
+	/*
354
+	 * The unknown attribute error code must set after parsing of whole body
355
+	 * because it's necessary to obtain all of unknown attributes! 
356
+	 */
357
+	if (*error_code == RESPONSE_OK && *unknown != NULL) {
358
+		*error_code = UNKNOWN_ATTRIBUTE_ERR;
359
+	} 
360
+	
361
+	if (fp_present == 0 && req->old == 0) {
362
+		/* missing mandatory attribute fingerprint */
363
+		*error_code = BAD_REQUEST_ERR;
364
+	}
365
+	
366
+	return 0;
367
+}
368
+
369
+/*
370
+ * stun_create_response():
371
+ * 			- req: original request from host
372
+ * 			- res: this will represent response to host
373
+ * 			- ri: information about request, necessary because of IP 
374
+ * 				  address and port 
375
+ *			- unknown: link list of unknown attributes
376
+ * 			- error_code: indication of any protocol error
377
+ * 
378
+ * The function stun_create_response ensures creating response to a host.
379
+ * The type of response depends on value of error_code parameter.
380
+ * 
381
+ * Return value:	0	if there is no environment error
382
+ * 					-1	if there is some enviroment error such as insufficiency
383
+ * 						of memory  
384
+ */
385
+
386
+int stun_create_response(
387
+						struct stun_msg* req,
388
+						struct stun_msg* res,
389
+						struct receive_info* ri,
390
+						struct stun_unknown_att* unknown, 
391
+						UINT_T error_code)
392
+{
393
+	/*
394
+	 * Alloc some space for response.
395
+	 * Optimalization? - maybe it would be better to use biggish static array.
396
+	 */
397
+	res->msg.buf.s = (char *) pkg_malloc(sizeof(char)*STUN_MSG_LEN);
398
+	if (res->msg.buf.s == NULL) {
399
+		LOG(L_ERR, "ERROR: STUN: out of memory\n");
400
+		return FATAL_ERROR;
401
+	}
402
+	
403
+	memset(res->msg.buf.s, 0, sizeof(char)*STUN_MSG_LEN); 
404
+	res->msg.buf.len = 0;
405
+	res->msg.empty = STUN_MSG_LEN;
406
+	
407
+	/* use magic cookie and transaction ID from request */
408
+	memcpy(&res->hdr.id, &req->hdr.id, sizeof(struct transaction_id));
409
+	/* the correct body length will be added ASAP it will be known */ 
410
+	res->hdr.len = htons(0);
411
+	
412
+	if (error_code == RESPONSE_OK) {
413
+		res->hdr.type = htons(BINDING_RESPONSE);
414
+		
415
+		/* copy header into msg buffer */
416
+		if (buf_copy(&res->msg, (void *) &res->hdr, 
417
+					sizeof(struct stun_hdr)) != 0) {
418
+			return FATAL_ERROR;
419
+		}
420
+
421
+		/* 
422
+		 * If the SER received message in old format, then the body will 
423
+		 * contain MAPPED-ADDRESS attribute instead of XOR-MAPPED-ADDRESS
424
+		 * attribute.
425
+		 */		
426
+		if (req->old == 0) {
427
+			if (stun_add_address_attr(res, ri->src_ip.af, ri->src_port, 
428
+						  ri->src_ip.u.addr32, XOR_MAPPED_ADDRESS_ATTR, 
429
+						  XOR) != 0) {
430
+				return FATAL_ERROR;
431
+			}
432
+			
433
+			if (stun_add_common_integer_attr(res, REFRESH_INTERVAL_ATTR, 
434
+						stun_refresh_interval) != 0) {
435
+				return FATAL_ERROR;
436
+			}
437
+		}
438
+		else {
439
+			if (stun_add_address_attr(res, ri->src_ip.af, ri->src_port, 
440
+						ri->src_ip.u.addr32, MAPPED_ADDRESS_ATTR, !XOR) != 0) {
441
+				return FATAL_ERROR;
442
+			}
443
+		}
444
+	}
445
+	else {
446
+		res->hdr.type = htons(BINDING_ERROR_RESPONSE);
447
+		
448
+		if (buf_copy(&res->msg, (void *) &res->hdr, 
449
+								sizeof(struct stun_hdr)) != 0) {
450
+			return FATAL_ERROR;
451
+		}
452
+		
453
+		if (add_error_code(res, error_code) != 0) {
454
+			return FATAL_ERROR;
455
+		}
456
+		
457
+		if (unknown != NULL) {
458
+			if (add_unknown_attr(res, unknown) != 0) {
459
+				return FATAL_ERROR;
460
+			}
461
+		} 
462
+	}
463
+	
464
+	/* count length of body except header and fingerprint
465
+	 * and copy message length at the beginning of buffer
466
+	 */
467
+	res->hdr.len = htons(res->msg.buf.len - sizeof(struct stun_hdr));
468
+	memcpy(&res->msg.buf.s[sizeof(USHORT_T)], (void *) &res->hdr.len,
469
+		sizeof(USHORT_T));
470
+	
471
+	if (req->old == 0) {
472
+		/* add optional information about server */
473
+		if (stun_add_common_text_attr(res, SERVER_ATTR, SERVER_HDR, PAD4)!=0) {
474
+			return FATAL_ERROR;
475
+		}
476
+		
477
+		if (stun_allow_fp) {	
478
+			if (add_fingerprint(&res->msg) != 0) {
479
+				return FATAL_ERROR;
480
+			}
481
+		}
482
+	}
483
+	
484
+	return 0;
485
+}
486
+
487
+/*
488
+ * add_unknown_attr()
489
+ * 			- res: response representation
490
+ * 			- unknown: link list of unknown attributes
491
+ * 
492
+ * The function add_unknown_attr ensures copy of link list of unknown 
493
+ * attributes into response buffer.
494
+ * 
495
+ * Return value:	0	if there is no environment error
496
+ * 					-1	if there is some enviroment error such as insufficiency
497
+ * 						of memory
498
+ * 
499
+ */
500
+int add_unknown_attr(struct stun_msg* res, struct stun_unknown_att* unknown)
501
+{
502
+	struct stun_attr attr;
503
+	struct stun_unknown_att* tmp_unknown;
504
+	UINT_T		counter;
505
+	USHORT_T	orig_len;
506
+
507
+	counter = 0;
508
+	orig_len = res->msg.buf.len;
509
+	tmp_unknown = unknown;
510
+	
511
+	attr.type = htons(UNKNOWN_ATTRIBUTES_ATTR);
512
+	attr.len = htons(0);
513
+	
514
+	if (buf_copy(&res->msg, (void *) &attr, sizeof(struct stun_attr)) != 0) {
515
+		return FATAL_ERROR;
516
+	}
517
+	
518
+	while (tmp_unknown != NULL) {
519
+		if (buf_copy(&res->msg, (void *)&tmp_unknown->type, 
520
+								sizeof(USHORT_T)) != 0) {
521
+			return FATAL_ERROR;
522
+		}
523
+		tmp_unknown = tmp_unknown->next;
524
+		++counter;
525
+	}
526
+	
527
+	attr.len = htons(res->msg.buf.len - orig_len);
528
+	memcpy(&res->msg.buf.s[orig_len], (void *)&attr, sizeof(struct stun_attr));
529
+	
530
+	/* check if there is an odd number of unknown attributes and if yes, 
531
+	 * repeat one of them because of padding to 32
532
+	 */
533
+	if (counter/2 != 0 && unknown != NULL) {
534
+		if (buf_copy(&res->msg, (void *)&unknown->type, sizeof(USHORT_T))!=0) {
535
+			return FATAL_ERROR;
536
+		}
537
+	}	
538
+	
539
+	return 0;
540
+}
541
+
542
+/*
543
+ * add_error_code()
544
+ * 			- res: response representation
545
+ * 			- error_code: value of error type
546
+ * 
547
+ * The function add_error_code ensures copy of link list of unknown 
548
+ * attributes into response buffer.
549
+ * 
550
+ * Return value:	0	if there is no environment error
551
+ * 					-1	if there is some enviroment error such as insufficiency
552
+ * 						of memory
553
+ */
554
+int add_error_code(struct stun_msg* res, USHORT_T error_code)
555
+{
556
+	struct stun_attr attr;
557
+	USHORT_T	orig_len;
558
+	USHORT_T	two_bytes;
559
+	int			text_pad;
560
+	char		err[2];
561
+	
562
+	orig_len = res->msg.buf.len;
563
+	text_pad = 0;
564
+	
565
+	/* the type and length will be copy as last one because of unknown length*/
566
+	if (res->msg.buf.len < sizeof(struct stun_attr)) {
567
+		if (reallock_buffer(&res->msg, sizeof(struct stun_attr)) != 0) {
568
+			return FATAL_ERROR;
569
+		}
570
+	}
571
+	res->msg.buf.len += sizeof(struct stun_attr);
572
+	res->msg.empty -= sizeof(struct stun_attr);
573
+	
574
+	/* first two bytes are empty */
575
+	two_bytes = 0x0000;
576
+	
577
+	if (buf_copy(&res->msg, (void *) &two_bytes, sizeof(USHORT_T)) != 0) {
578
+		return FATAL_ERROR;
579
+	}
580
+	
581
+	err[0] = error_code / 100;
582
+	err[1] = error_code % 100;
583
+	if (buf_copy(&res->msg, (void *) err, sizeof(UCHAR_T)*2) != 0) {
584
+		return FATAL_ERROR;
585
+	}
586
+	
587
+	switch (error_code) {
588
+		case TRY_ALTERNATE_ERR:
589
+			text_pad = copy_str_to_buffer(res, TRY_ALTERNATE_TXT, PAD4); 
590
+			break;
591
+		case BAD_REQUEST_ERR:
592
+			text_pad = copy_str_to_buffer(res, BAD_REQUEST_TXT, PAD4); 
593
+			break;
594
+		case UNAUTHORIZED_ERR:
595
+			text_pad = copy_str_to_buffer(res, UNAUTHORIZED_TXT, PAD4); 
596
+			break;
597
+		case UNKNOWN_ATTRIBUTE_ERR:
598
+			text_pad = copy_str_to_buffer(res, UNKNOWN_ATTRIBUTE_TXT, PAD4);
599
+			break;
600
+		case STALE_CREDENTIALS_ERR:
601
+			text_pad = copy_str_to_buffer(res, STALE_CREDENTIALS_TXT, PAD4); 
602
+			break;
603
+		case INTEGRITY_CHECK_ERR:
604
+			text_pad = copy_str_to_buffer(res, INTEGRITY_CHECK_TXT, PAD4); 
605
+			break;
606
+		case MISSING_USERNAME_ERR:
607
+			text_pad = copy_str_to_buffer(res, MISSING_USERNAME_TXT, PAD4); 
608
+			break;
609
+		case USE_TLS_ERR:
610
+			text_pad = copy_str_to_buffer(res, USE_TLS_TXT, PAD4); 
611
+			break;
612
+		case MISSING_REALM_ERR:
613
+			text_pad = copy_str_to_buffer(res, MISSING_REALM_TXT, PAD4); 
614
+			break;
615
+		case MISSING_NONCE_ERR:
616
+			text_pad = copy_str_to_buffer(res, MISSING_NONCE_TXT, PAD4); 
617
+			break;
618
+		case UNKNOWN_USERNAME_ERR:
619
+			text_pad = copy_str_to_buffer(res, UNKNOWN_USERNAME_TXT, PAD4); 
620
+			break;
621
+		case STALE_NONCE_ERR:
622
+			text_pad = copy_str_to_buffer(res, STALE_NONCE_TXT, PAD4);
623
+			break;
624
+		case SERVER_ERROR_ERR:
625
+			text_pad = copy_str_to_buffer(res, SERVER_ERROR_TXT, PAD4); 
626
+			break;
627
+		case GLOBAL_FAILURE_ERR:
628
+			text_pad = copy_str_to_buffer(res, GLOBAL_FAILURE_TXT, PAD4); 
629
+			break;
630
+		default:
631
+			LOG(L_ERR, "ERROR: STUN: Unknown error code.\n");
632
+			break;
633
+	}
634
+	if (text_pad < 0) {
635
+		goto error;
636
+	}
637
+	attr.type = htons(ERROR_CODE_ATTR);
638
+	/* count length of "value" field -> without type and lehgth field */
639
+	attr.len = htons(res->msg.buf.len - orig_len - 
640
+					 text_pad - sizeof(struct stun_attr));
641
+	memcpy(&res->msg.buf.s[orig_len], (void *)&attr, sizeof(struct stun_attr));
642
+	
643
+	return 0;
644
+
645
+error:
646
+	return FATAL_ERROR;
647
+}
648
+
649
+/*
650
+ * copy_str_to_buffer()
651
+ * 			- res: response representation
652
+ * 			- data: text data, in our case almost text representation of error
653
+ * 			- pad: the size of pad (for how much bytes the string should be 
654
+ * 				   padded
655
+ * 
656
+ * The function copy_str_to_buffer ensures copy of text buffer into response
657
+ * buffer.
658
+ * 
659
+ * Return value:	0	if there is no environment error
660
+ * 					-1	if there is some enviroment error such as insufficiency
661
+ * 						of memory
662
+ */
663
+int copy_str_to_buffer(struct stun_msg* res, const char* data, UINT_T pad)
664
+{
665
+	USHORT_T	pad_len;
666
+	UINT_T		data_len;
667
+	UCHAR_T		empty[pad];
668
+	
669
+	data_len = strlen(data);
670
+	memset(&empty, 0, pad);
671
+	
672
+	pad_len = pad - data_len%pad;
673
+	
674
+	if (buf_copy(&res->msg, (void *) data, sizeof(UCHAR_T)*data_len) != 0) {
675
+		return FATAL_ERROR;
676
+	}
677
+	
678
+	if (pad_len != 0) {
679
+		if (buf_copy(&res->msg, &empty, pad_len) != 0) {
680
+			return FATAL_ERROR;
681
+		}	
682
+	}
683
+
684
+	return pad_len;	
685
+}
686
+
687
+/*
688
+ * stun_add_address_attr()
689
+ * 			- res: response representation
690
+ * 			- af: address family
691
+ * 			- port: port
692
+ * 			- ip_addr: represent both IPv4 and IPv6, the differences is in 
693
+ * 			length  
694
+ * 			- type: type of attribute
695
+ * 			- do_xor: if the port should be XOR-ed or not.
696
+ * 
697
+ * The function stun_add_address_attr ensures copy of any IP attribute into
698
+ * response buffer.
699
+ * 
700
+ * Return value:	0	if there is no environment error
701
+ * 					-1	if there is some enviroment error such as insufficiency
702
+ * 						of memory
703
+ */
704
+int stun_add_address_attr(struct stun_msg* res, 
705
+						UINT_T		af,
706
+						USHORT_T	port,
707
+						UINT_T*		ip_addr,
708
+						USHORT_T	type,
709
+						int do_xor)
710
+{
711
+	struct stun_attr attr;
712
+	UINT_T	 id[IP_ADDR];
713
+	int		 ip_struct_len;
714
+	int i;
715
+	
716
+	ip_struct_len = 0;
717
+	attr.type = htons(type);
718
+	res->ip_addr.port = (do_xor) ? htons(port) ^ MAGIC_COOKIE_2B : htons(port);
719
+	switch(af) {
720
+		case AF_INET:
721
+			ip_struct_len = sizeof(struct stun_ip_addr) - 3*sizeof(UINT_T);
722
+			res->ip_addr.family = htons(IPV4_FAMILY);
723
+			memcpy(res->ip_addr.ip, ip_addr, IPV4_LEN);
724
+			res->ip_addr.ip[0] = (do_xor) ? 
725
+					res->ip_addr.ip[0] ^ MAGIC_COOKIE : res->ip_addr.ip[0];		
726
+			break;
727
+#ifdef USE_IPV6
728
+		case AF_INET6:
729
+			ip_struct_len = sizeof(struct stun_ip_addr);
730
+			res->ip_addr.family = htons(IPV6_FAMILY);
731
+			memcpy(&res->ip_addr.ip, ip_addr, IPV6_LEN);
732
+			memcpy(id, &res->hdr.id, sizeof(struct transaction_id));
733
+			for (i=0; i<IP_ADDR; i++) {
734
+				res->ip_addr.ip[i] = (do_xor) ? 
735
+							res->ip_addr.ip[i] ^ id[i] : res->ip_addr.ip[i];
736
+			}
737
+			break;
738
+#endif /* USE_IPV6 */ 
739
+		default:
740
+			break;
741
+	}
742
+	
743
+	attr.len = htons(ip_struct_len);
744
+	
745
+	/* copy type and attribute's length */ 
746
+	if (buf_copy(&res->msg, (void *) &attr, sizeof(struct stun_attr)) != 0) {
747
+		return FATAL_ERROR;
748
+	}
749
+	
750
+	/* copy family, port and IP */
751
+	if (buf_copy(&res->msg, (void *) &res->ip_addr, ip_struct_len) != 0) {
752
+		return FATAL_ERROR;
753
+	}
754
+
755
+	return 0;
756
+}
757
+
758
+/*
759
+ * add_fingerprint()
760
+ * 			- msg: response buffer
761
+ * 
762
+ * The function add_fingerprint ensures adding fingerprint attribute into
763
+ * response buffer.
764
+ * 
765
+ * Return value:	0	if there is no environment error
766
+ * 					-1	if there is some enviroment error such as insufficiency
767
+ * 						of memory
768
+ */
769
+int add_fingerprint(struct stun_buffer* msg)
770
+{
771
+	struct stun_attr attr;
772
+	USHORT_T attr_type_size;
773
+	
774
+	attr_type_size = sizeof(struct stun_attr);
775
+	attr.type = htons(FINGERPRINT_ATTR);
776
+	attr.len = htons(SHA_DIGEST_LENGTH);
777
+	
778
+	if (msg->empty < (SHA_DIGEST_LENGTH + attr_type_size)) {
779
+		if (reallock_buffer(msg, SHA_DIGEST_LENGTH + attr_type_size) != 0) {
780
+			return FATAL_ERROR;
781
+		}
782
+	}
783
+	
784
+	memcpy(&msg->buf.s[msg->buf.len], (void *) &attr, attr_type_size);	
785
+	msg->buf.len += attr_type_size;
786
+	msg->empty -= attr_type_size;
787
+	
788
+	if (SHA1((UCHAR_T *)msg->buf.s, msg->buf.len-attr_type_size, 
789
+			 (UCHAR_T *) &msg->buf.s[msg->buf.len]) == 0) {
790
+		LOG(L_ERR, "ERROR: STUN: SHA-1 algorithm failed.\n");
791
+		return FATAL_ERROR;
792
+	}
793
+	
794
+	msg->buf.len += SHA_DIGEST_LENGTH;
795
+	msg->empty -= SHA_DIGEST_LENGTH;
796
+	
797
+	return 0;
798
+}
799
+
800
+/*
801
+ * stun_alloc_unknown_attr()
802
+ * 			- type: type of unknown attribute
803
+ * 
804
+ * The function stun_alloc_unknown_attr ensures allocationg new element for
805
+ * the link list of unknown attributes.
806
+ * 
807
+ * Return value: pointer to new element of link list in positive case
808
+ * 				 NULL if there is some enviroment error such as insufficiency
809
+ * 						of memory
810
+ */
811
+struct stun_unknown_att* stun_alloc_unknown_attr(USHORT_T type)
812
+{
813
+	struct stun_unknown_att* attr;
814
+
815
+	attr = (struct stun_unknown_att *) pkg_malloc(sizeof(struct stun_unknown_att));
816
+	if (attr == NULL) {
817
+		LOG(L_ERR, "ERROR: STUN: out of memory\n");
818
+		return NULL;
819
+	}
820
+	
821
+	attr->type = type;
822
+	attr->next = NULL;
823
+	
824
+	return attr;
825
+}
826
+
827
+/*
828
+ * stun_delete_unknown_attrs()
829
+ * 			- unknown: link list of unknown attributes
830
+ * 
831
+ * The function stun_delete_unknown_attrs ensures deleting of link list
832
+ * 
833
+ * Return value: none
834
+ */
835
+void stun_delete_unknown_attrs(struct stun_unknown_att* unknown)
836
+{
837
+	struct stun_unknown_att* tmp_unknown;
838
+	
839
+	if (unknown == NULL) {
840
+		return;
841
+	}
842
+	
843
+	while(unknown->next) {
844
+		tmp_unknown = unknown->next;
845
+		unknown->next = tmp_unknown->next;
846
+		pkg_free(tmp_unknown);		
847
+	}
848
+	pkg_free(unknown);
849
+}
850
+
851
+/*
852
+ * validate_fingerprint()
853
+ * 			- req: structure representing request message
854
+ * 			- error_code: indication of any protocol error
855
+ * 
856
+ * The function validate_fingerprint ensures validation of FINGERPRINT
857
+ * attribute.
858
+ * 
859
+ * Return value:	0	if there is no environment error
860
+ * 					-1	if there is some enviroment error such as insufficiency
861
+ * 						of memory
862
+ */
863
+int validate_fingerprint(struct stun_msg* req, USHORT_T* error_code)
864
+{
865
+	UCHAR_T	msg_digest[SHA_DIGEST_LENGTH];
866
+	UINT_T	buf_len; 
867
+	
868
+	buf_len = req->hdr.len+sizeof(struct stun_hdr);
869
+	
870
+	if (SHA1((UCHAR_T *) req->msg.buf.s, buf_len, msg_digest) == 0) {
871
+		LOG(L_ERR, "ERROR: STUN: SHA-1 algorithm failed.\n");
872
+		return FATAL_ERROR;
873
+	} 
874
+	
875
+	if (memcmp((void *)req->fp, (void *)&msg_digest, SHA_DIGEST_LENGTH) != 0) {
876
+		*error_code = BAD_REQUEST_ERR;
877
+	}
878
+	
879
+	return 0;	
880
+}
881
+
882
+/*
883
+ * buf_copy()
884
+ * 			- msg: buffer where the data will be copy to
885
+ * 			- source: source data buffer
886
+ * 			- len: number of bytes that should be copied
887
+ * 
888
+ * The function buf_copy copies "len" bytes from source into msg buffer
889
+ * 
890
+ * Return value:	0	if there is no environment error
891
+ * 					-1	if there is some enviroment error such as insufficiency
892
+ * 						of memory
893
+ */
894
+int buf_copy(struct stun_buffer* msg, void* source, UINT_T len)
895
+{
896
+	if (msg->empty < len) {
897
+		if (reallock_buffer(msg, len) != 0) {
898
+			return FATAL_ERROR;
899
+		}
900
+	}
901
+	
902
+	memcpy(&msg->buf.s[msg->buf.len], source, len);
903
+	msg->buf.len += len;
904
+	msg->empty -= len;
905
+	
906
+	return 0;
907
+}
908
+
909
+/*
910
+ * reallock_buffer()
911
+ * 			- buffer: original buffer
912
+ * 			- len: represents minimum of bytes that must be available after 
913
+ * 					reallocation
914
+ * 
915
+ * The function reallock_buffer reallocks buffer. New buffer's length will be 
916
+ * original length plus bigger from len and STUN_MSG_LEN constant.
917
+ * 
918
+ * Return value:	0	if there is no environment error
919
+ * 					-1	if there is some enviroment error such as insufficiency
920
+ * 						of memory
921
+ */
922
+int reallock_buffer(struct stun_buffer* buffer, UINT_T len)
923
+{
924
+	char*	tmp_buf;
925
+	UINT_T	new_len;
926
+	
927
+	new_len = (STUN_MSG_LEN < len) ? STUN_MSG_LEN+len : STUN_MSG_LEN;
928
+	
929
+	tmp_buf = (char *) pkg_realloc(buffer->buf.s, 
930
+								   buffer->buf.len + buffer->empty + new_len);
931
+	if (tmp_buf == 0) {
932
+		LOG(L_ERR, "ERROR: STUN: out of memory\n");
933
+		return FATAL_ERROR;
934
+	}
935
+	
936
+	buffer->buf.s = tmp_buf;
937
+	buffer->empty += new_len;
938
+
939
+	return 0;
940
+}
941
+
942
+/*
943
+ * clean_memory()
944
+ * 			- res: structure representing response message
945
+ * 			- unknown: link list of unknown attributes
946
+ * 
947
+ * The function clean_memory should free dynamic allocated memory.
948
+ * 
949
+ * Return value: none
950
+ */
951
+void clean_memory(struct stun_msg* req,
952
+				struct stun_msg* res,	struct stun_unknown_att* unknown)
953
+{
954
+#ifdef DYN_BUF
955
+	pkg_free(req->msg.buf.s);
956
+#endif
957
+
958
+	if (res->msg.buf.s != NULL) {
959
+		pkg_free(res->msg.buf.s);
960
+	}
961
+	stun_delete_unknown_attrs(unknown);
962
+}
963
+
964
+/*
965
+ * stun_add_common_integer_attr()
966
+ * 			- res: structure representing response
967
+ * 			- type: type of attribute
968
+ * 			- value: attribute's value
969
+ * 
970
+ * The function stun_add_common_integer_attr copy attribute with integer value 
971
+ * into response buffer.
972
+ * 
973
+ * Return value:	0	if there is no environment error
974
+ * 					-1	if there is some enviroment error such as insufficiency
975
+ * 						of memory
976
+ */
977
+int stun_add_common_integer_attr(struct stun_msg* res, 
978
+								 USHORT_T type, 
979
+								 UINT_T value)
980
+{
981
+	struct stun_attr attr;
982
+	
983
+	attr.type = htons(type);
984
+	attr.len = htons(sizeof(UINT_T));
985
+	
986
+	if (buf_copy(&res->msg, (void *) &attr, sizeof(struct stun_attr)) != 0) {
987
+		return FATAL_ERROR;
988
+	}
989
+	
990
+	value = htonl(value);
991
+	if (buf_copy(&res->msg, (void *) &value, sizeof(UINT_T)) != 0) {
992
+		return FATAL_ERROR;
993
+	}
994
+	
995
+	return 0;
996
+}
997
+
998
+/*
999
+ * stun_add_common_text_attr()
1000
+ * 			- res: structure representing response
1001
+ * 			- type: type of attribute
1002
+ * 			- value: attribute's value
1003
+ * 			- pad: size of pad
1004
+ * 
1005
+ * The function stun_add_common_text_attr copy attribute with string value 
1006
+ * into response buffer.
1007
+ * 
1008
+ * Return value:	0	if there is no environment error
1009
+ * 					-1	if there is some enviroment error such as insufficiency
1010
+ * 						of memory
1011
+ */
1012
+int stun_add_common_text_attr(struct stun_msg* res, 
1013
+							  USHORT_T type, 
1014
+							  char* value, 
1015
+							  USHORT_T pad)
1016
+{
1017
+	struct stun_attr attr;
1018
+	
1019
+	if (value == NULL) {
1020
+		LOG(L_INFO, "INFO: stun_add_common_text_attr: value is NULL\n");
1021
+		return 0;
1022
+	}
1023
+	
1024
+	attr.type = htons(type);
1025
+	attr.len = htons(strlen(value));
1026
+	
1027
+	if (buf_copy(&res->msg, (void *) &attr, sizeof(struct stun_attr)) != 0) {
1028
+		return FATAL_ERROR;
1029
+	}
1030
+	
1031
+	if (copy_str_to_buffer(res, value, pad) < 0) {
1032
+		return FATAL_ERROR;
1033
+	}
1034
+	
1035
+	return 0;
1036
+	
1037
+}
1038
+
1039
+#endif  /* USE_STUN */
1040
+
1041
+
1042
+
1043
+
1044
+
1045
+
1046
+
1047
+
1048
+
1049
+
1050
+
1051
+
1052
+
1053
+
1054
+
1055
+
1056
+
1057
+
1058
+
1059
+
1060
+
1061
+
1062
+
1063
+
1064
+
1065
+
1066
+
1067
+
1068
+
1069
+
1070
+
1071
+
1072
+
1073
+
1074
+
1075
+
1076
+
1077
+
1078
+
1079
+
1080
+
0 1081
new file mode 100644
... ...
@@ -0,0 +1,184 @@
1
+/*
2
+ * $Id$
3
+ *
4
+ * Copyright (C) 2001-2003 FhG Fokus
5
+ *
6
+ * This file is part of ser, a free SIP server.
7
+ *
8
+ * ser is free software; you can redistribute it and/or modify
9
+ * it under the terms of the GNU General Public License as published by
10
+ * the Free Software Foundation; either version 2 of the License, or
11
+ * (at your option) any later version
12
+ *
13
+ * For a license to use the ser software under conditions
14
+ * other than those described here, or to purchase support for this
15
+ * software, please contact iptel.org by e-mail at the following addresses:
16
+ *    info@iptel.org
17
+ *
18
+ * ser is distributed in the hope that it will be useful,
19
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
20
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21
+ * GNU General Public License for more details.
22
+ *
23
+ * You should have received a copy of the GNU General Public License
24
+ * along with this program; if not, write to the Free Software
25
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26
+ *
27
+ *
28
+ * History:
29
+ * --------
30
+ *  2006-10-13  created (vlada)
31
+ */
32
+
33
+
34
+#ifndef _ser_stun_h
35
+#define _ser_stun_h
36
+
37
+#ifdef USE_STUN
38
+
39
+#include <openssl/sha.h>
40
+
41
+#include "str.h"
42
+#include "tcp_conn.h"
43
+#include "ip_addr.h"
44
+
45
+/* type redefinition */
46
+typedef unsigned char	UCHAR_T;
47
+typedef unsigned short USHORT_T;
48
+typedef unsigned int	UINT_T;
49
+typedef unsigned long	ULONG_T;
50
+
51
+/* STUN message types supported by SER */
52
+#define BINDING_REQUEST			0x0001
53
+#define BINDING_RESPONSE		0x0101
54
+#define BINDING_ERROR_RESPONSE	0x0111
55
+
56
+/* common STUN attributes */
57
+#define MAPPED_ADDRESS_ATTR		0x0001
58
+#define USERNAME_ATTR			0x0006
59
+#define PASSWORD_ATTR			0x0007
60
+#define MESSAGE_INTEGRITY_ATTR	0x0008
61
+#define ERROR_CODE_ATTR			0x0009
62
+#define UNKNOWN_ATTRIBUTES_ATTR	0x000A
63
+
64
+/* STUN attributes defined by rfc3489bis */
65
+#define REALM_ATTR				0x0014
66
+#define NONCE_ATTR				0x0015
67
+#define XOR_MAPPED_ADDRESS_ATTR	0x0020 
68
+#define FINGERPRINT_ATTR		0x0023
69
+#define SERVER_ATTR				0x8022
70
+#define ALTERNATE_SERVER_ATTR	0x8023
71
+#define REFRESH_INTERVAL_ATTR	0x8024
72
+
73
+/* STUN attributes defined by rfc3489 */
74
+#define RESPONSE_ADDRESS_ATTR	0x0002
75
+#define CHANGE_REQUEST_ATTR		0x0003
76
+#define SOURCE_ADDRESS_ATTR		0x0004
77
+#define CHANGED_ADDRESS_ATTR	0x0005
78
+#define REFLECTED_FROM_ATTR		0x000b
79
+
80
+/* STUN error codes supported by SER */
81
+#define RESPONSE_OK				200
82
+#define TRY_ALTERNATE_ERR		300
83
+#define BAD_REQUEST_ERR			400
84
+#define UNAUTHORIZED_ERR		401
85
+#define UNKNOWN_ATTRIBUTE_ERR	420
86
+#define STALE_CREDENTIALS_ERR	430
87
+#define INTEGRITY_CHECK_ERR		431
88
+#define MISSING_USERNAME_ERR	432
89
+#define USE_TLS_ERR				433
90
+#define MISSING_REALM_ERR		434
91
+#define MISSING_NONCE_ERR		435
92
+#define UNKNOWN_USERNAME_ERR	436
93
+#define STALE_NONCE_ERR			438
94
+#define SERVER_ERROR_ERR		500
95
+#define GLOBAL_FAILURE_ERR		600
96
+
97
+#define TRY_ALTERNATE_TXT 		"The client should contact an alternate server for this request."
98
+#define BAD_REQUEST_TXT			"The request was malformed. The client should not retry the request without modification from the previous attempt."
99
+#define UNAUTHORIZED_TXT		"The request did not contain a MESSAGE-INTEGRITY attribute."
100
+#define UNKNOWN_ATTRIBUTE_TXT	"The server did not understand a mandatory attribute in the request."
101
+#define STALE_CREDENTIALS_TXT	"The request did contain a MESSAGE-INTEGRITY attribute, but it used a shared secret that has expired. The client should obtain a new shared secret and try again."
102
+#define INTEGRITY_CHECK_TXT		"The request contained a MESSAGE-INTEGRITY attribute, but the HMAC failed verification. This could be a sign of a potential attack, or client implementation error."
103
+#define MISSING_USERNAME_TXT	"The request contained a MESSAGE-INTEGRITY attribute, but not a USERNAME attribute.  Both USERNAME and MESSAGE-INTEGRITY must be present for integrity checks."
104
+#define USE_TLS_TXT				"The Shared Secret request has to be sent over TLS, but was not received over TLS."
105
+#define MISSING_REALM_TXT		"The REALM attribute was not present in the request."
106
+#define MISSING_NONCE_TXT		"The NONCE attribute was not present in the request."
107
+#define UNKNOWN_USERNAME_TXT	"The USERNAME supplied in the request is not known or is not known to the server."
108
+#define STALE_NONCE_TXT			"The NONCE attribute was present in the request but wasn't valid."
109
+#define SERVER_ERROR_TXT		"The server has suffered a temporary error. The client should try again."
110
+#define GLOBAL_FAILURE_TXT		"The server is refusing to fulfill the request. The client should not retry."
111
+
112
+
113
+/* other stuff */
114
+#define MAGIC_COOKIE	0x2112A442
115
+#define MAGIC_COOKIE_2B 0x2112	/* because of XOR for port */
116
+#define MANDATORY_ATTR	0x7fff
117
+#define PAD4			4
118
+#define PAD64			64
119
+#define STUN_MSG_LEN	516
120
+#define IPV4_LEN		4
121
+#define IPV6_LEN		16
122
+#define IPV4_FAMILY		0x0001
123
+#define IPV6_FAMILY		0x0002
124
+#define	FATAL_ERROR		-1
125
+#define IP_ADDR			4
126
+#define XOR				1
127
+#define TRANSACTION_ID	12
128
+
129
+#define PADDED_TO_FOUR(len) (len == 0) ? 0 : len + (PAD4 - len%PAD4)
130
+#define PADDED_TO_SIXTYFOUR(len) (len == 0) ? 0 : len + (PAD64 - len%PAD64)
131
+
132
+struct transaction_id {
133
+	UINT_T	magic_cookie;
134
+	UCHAR_T	id[TRANSACTION_ID];
135
+};
136
+
137
+struct stun_hdr {
138
+	USHORT_T				type;
139
+	USHORT_T				len;
140
+	struct transaction_id	id;
141
+};
142
+
143
+struct stun_ip_addr {
144
+	USHORT_T	family; /* 0x01: IPv4; 0x02: IPv6 */
145
+	USHORT_T	port;
146
+	UINT_T		ip[IP_ADDR];
147
+};
148
+
149
+struct stun_buffer {
150
+	str			buf;
151
+	USHORT_T	empty;	/* number of free bytes in buf before 
152
+						 * it'll be necessary to realloc the buf 
153
+						 */
154
+};
155
+
156
+struct stun_unknown_att {
157
+	USHORT_T					type;
158
+	struct stun_unknown_att*	next;
159
+};
160
+
161
+struct stun_attr {
162
+	USHORT_T	type;
163
+	USHORT_T	len;
164
+};
165
+
166
+struct stun_msg {
167
+	struct stun_hdr			hdr;
168
+	struct stun_ip_addr		ip_addr;		/* XOR values for rfc3489bis, 
169
+											normal values for rfc3489 */
170
+	char					fp[SHA_DIGEST_LENGTH];		/* fingerprint value */
171
+	struct stun_buffer		msg;
172
+	UCHAR_T					old;		/* true: the format of message is in 
173
+										accordance with rfc3489 */ 
174
+};
175
+
176
+
177
+/*
178
+ * stun functions called from ser
179
+ */
180
+int stun_process_msg(char* buf, unsigned len, struct receive_info* ri);
181
+
182
+#endif /* USE_STUN */
183