### Compile STUN Server from Source Source: https://context7.com/jselbie/stunserver/llms.txt Instructions for installing dependencies on Linux distributions and building the project using make. Includes steps for running unit tests and installing binaries. ```bash sudo apt-get update && sudo apt-get install g++ make libboost-dev libssl-dev git clone https://github.com/jselbie/stunserver cd stunserver make ./stuntestcode sudo cp stunclient /usr/bin/stunclient sudo cp stunserver /usr/bin/stunserver ``` -------------------------------- ### Start Basic STUN Server via CLI Source: https://context7.com/jselbie/stunserver/llms.txt Commands to initiate the STUN server in basic mode. These commands cover standard port usage, protocol selection, and logging verbosity. ```bash stunserver stunserver --verbosity 2 stunserver --primaryport 5000 stunserver --protocol tcp stunserver --family 6 stunserver --protocol tcp --maxconn 500 ``` -------------------------------- ### Start Full Mode STUN Server via CLI Source: https://context7.com/jselbie/stunserver/llms.txt Commands to initiate the STUN server in full mode, which requires two network interfaces for NAT behavior and filtering detection. ```bash stunserver --mode full --primaryinterface 192.168.1.10 --altinterface 192.168.1.11 stunserver --mode full --primaryinterface eth0 --altinterface eth1 stunserver --mode full --primaryinterface 192.168.1.10 --altinterface 192.168.1.11 --primaryport 3478 --altport 3479 stunserver --mode full --family 6 --primaryinterface 2001:db8::1 --altinterface 2001:db8::2 ``` -------------------------------- ### Integrate STUN Client Logic in C++ Source: https://context7.com/jselbie/stunserver/llms.txt Example of using the CStunClientLogic class to programmatically perform STUN requests. This demonstrates initializing the client, processing responses, and interpreting NAT behavior results. ```cpp #include "stuncore.h" StunClientLogicConfig config; config.addrServer = CSocketAddress::Parse("stun.example.com", 3478); config.fBehaviorTest = true; CStunClientLogic client; client.Initialize(config); CRefCountedBuffer spMsg; CSocketAddress addrDest; client.GetNextMessage(spMsg, &addrDest, GetMillisecondCounter()); CSocketAddress addrRemote, addrLocal; client.ProcessResponse(spMsg, addrRemote, addrLocal); StunClientResults results; client.GetResults(&results); ``` -------------------------------- ### Custom Authentication Provider Source: https://context7.com/jselbie/stunserver/llms.txt Implement the IStunAuth interface to add custom authentication to your STUN server deployment. This example shows how to check username validity, look up passwords, and validate message integrity. ```APIDOC ## Custom Authentication Provider ### Description Implement the `IStunAuth` interface to add custom authentication to your STUN server deployment. This example demonstrates how to handle authentication checks, including username validation, password lookup, and response generation. ### Method `virtual HRESULT DoAuthCheck(AuthAttributes* pAuth, AuthResponse* pResponse)` ### Parameters #### Request Body (Implicit via `AuthAttributes`) - **pAuth** (`AuthAttributes*`) - Pointer to a structure containing authentication attributes. - **szUser** (`char*`) - The username provided for authentication. #### Response Body (Implicit via `AuthResponse`) - **pResponse** (`AuthResponse*`) - Pointer to a structure to populate with authentication response details. - **responseType** (`AuthResponseType`) - The type of response (e.g., `Allow`, `Unauthorized`, `AllowConditional`). - **szRealm** (`char*`) - The realm for authentication (e.g., "mystunserver.com"). - **szNonce** (`char*`) - A nonce value generated for authentication challenges. - **authCredMech** (`AuthCredentialMech`) - The credential mechanism used (e.g., `AuthLongTerm`). - **szPassword** (`char*`) - The password for long-term credential authentication. ### Code Example (C++) ```cpp #include "stunauth.h" class CMyAuthProvider : public CBasicRefCount, public IStunAuth { public: virtual HRESULT DoAuthCheck(AuthAttributes* pAuth, AuthResponse* pResponse) { // Check if username is valid in your system if (strlen(pAuth->szUser) == 0) { // No credentials provided - allow anonymous or reject pResponse->responseType = Allow; return S_OK; } // Lookup password for user (from database, etc.) std::string password = LookupPassword(pAuth->szUser); if (password.empty()) { // Unknown user pResponse->responseType = Unauthorized; strcpy(pResponse->szRealm, "mystunserver.com"); GenerateNonce(pResponse->szNonce); return S_OK; } // Validate message integrity pResponse->responseType = AllowConditional; pResponse->authCredMech = AuthLongTerm; strcpy(pResponse->szPassword, password.c_str()); strcpy(pResponse->szRealm, "mystunserver.com"); return S_OK; } ADDREF_AND_RELEASE_IMPL(); }; ``` ### Notes - The `LookupPassword` function is a placeholder and should be implemented to retrieve passwords from your specific data store. - `GenerateNonce` is a utility function to create a unique nonce for authentication challenges. ``` -------------------------------- ### Deploy STUN Server with Docker Source: https://context7.com/jselbie/stunserver/llms.txt Commands to build and run the STUN server within a Docker container. Includes configurations for standard port exposure and advanced host networking for multi-interface support. ```bash docker image build -t stun-server-image . docker container run -d -p 3478:3478/tcp -p 3478:3478/udp --name stun-container stun-server-image docker container run -d --network host --name stun-full stun-server-image --mode full --primaryinterface eth0 --altinterface eth1 docker container inspect stun-container | grep -A5 Health docker container logs stun-container ``` -------------------------------- ### Manage STUN Server via JSON Configuration Source: https://context7.com/jselbie/stunserver/llms.txt Using a JSON configuration file to define multiple listeners and protocols in a single server process. ```bash stunserver --configfile /etc/stun.conf --verbosity 1 ``` ```json { "configurations": [ { "mode": "full", "primaryinterface": "192.168.1.10", "altinterface": "192.168.1.11", "primaryport": 3478, "altport": 3479, "protocol": "udp", "family": 4 }, { "mode": "basic", "primaryinterface": "192.168.1.10", "primaryport": 3478, "protocol": "tcp", "family": 4 }, { "mode": "basic", "primaryinterface": "::0", "primaryport": 3478, "protocol": "udp", "family": 6 } ] } ``` -------------------------------- ### Debian Init Script for STUNT-MAN Source: https://github.com/jselbie/stunserver/wiki/Debian-RC-sctipt.rdoc This shell script provides a standard init.d interface to control the STUNT-MAN STUN server. It automatically detects IP addresses from specified network adapters and handles process execution and termination. ```shell #!/bin/sh ### BEGIN INIT INFO # Provides: stun # Required-Start: $syslog # Required-Stop: $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: STUNT-MAN Stun server Debian RC script # Description: Provides Start/Stop scripts for STUNT-MAN STUN server ### END INIT INFO STUN_USER=root STUN_HOME="/usr/sbin" STUN_PROG="stunserver" ADAPTER1=eth0 ADAPTER2=eth0:1 IPBIND1=$(ifconfig $ADAPTER1 | awk '/inet addr/ {split ($2,A,":"); print A[2]}') IPBIND2=$(ifconfig $ADAPTER2 | awk '/inet addr/ {split ($2,A,":"); print A[2]}') test -x "$STUN_HOME/$STUN_PROG" || exit 5 case "$1" in start) echo -n "Starting STUN Server" cd $STUN_HOME su -s /bin/bash -c "$STUN_HOME/$STUN_PROG --mode full --primaryinterface $IPBIND1 --altinterface $IPBIND2 --verbosity 2&" $STUN_USER ;; stop) echo -n "Shutting down STUN Server" su -s /bin/bash -c "killall -q $STUN_USER $STUN_PROG" $STUN_USER ;; restart) $0 stop $0 start ;; esac ``` -------------------------------- ### Implement IStunAuth Interface in C++ Source: https://context7.com/jselbie/stunserver/llms.txt This snippet demonstrates how to create a custom authentication provider class by inheriting from IStunAuth. It shows how to validate usernames, handle unknown users, and provide credentials for long-term authentication. ```cpp #include "stunauth.h" class CMyAuthProvider : public CBasicRefCount, public IStunAuth { public: virtual HRESULT DoAuthCheck(AuthAttributes* pAuth, AuthResponse* pResponse) { if (strlen(pAuth->szUser) == 0) { pResponse->responseType = Allow; return S_OK; } std::string password = LookupPassword(pAuth->szUser); if (password.empty()) { pResponse->responseType = Unauthorized; strcpy(pResponse->szRealm, "mystunserver.com"); GenerateNonce(pResponse->szNonce); return S_OK; } pResponse->responseType = AllowConditional; pResponse->authCredMech = AuthLongTerm; strcpy(pResponse->szPassword, password.c_str()); strcpy(pResponse->szRealm, "mystunserver.com"); return S_OK; } ADDREF_AND_RELEASE_IMPL(); }; ``` -------------------------------- ### Configure STUN Server for Amazon EC2 Source: https://context7.com/jselbie/stunserver/llms.txt Configuring the server to correctly report public elastic IPs when running behind NAT on AWS EC2 instances. ```bash stunserver --mode full --primaryinterface 10.0.0.20 --altinterface 10.0.0.21 --primaryadvertised 54.1.2.3 --altadvertised 54.1.2.4 ``` -------------------------------- ### Perform STUN Client Binding and Behavior Tests Source: https://context7.com/jselbie/stunserver/llms.txt Commands for the stunclient to perform binding requests and detect NAT behavior patterns. ```bash stunclient stunserver.org stunclient stunserver.org 3478 stunclient --localaddr eth0 stunserver.org stunclient --localport 9999 stunserver.org stunclient --protocol tcp stun.example.com stunclient --family 6 stun6.example.com stunclient --verbosity 2 stunserver.org stunclient --mode behavior stunserver.org ``` -------------------------------- ### Enable DDoS Protection Source: https://context7.com/jselbie/stunserver/llms.txt Commands to enable built-in rate-limiting to protect the STUN server from distributed denial of service attacks. ```bash stunserver --ddp stunserver --mode full --primaryinterface eth0 --altinterface eth1 --ddp --verbosity 1 ``` -------------------------------- ### Push local branch to remote repository Source: https://github.com/jselbie/stunserver/wiki/git-command-cheat-sheet This command pushes a local branch to the remote origin. It is the standard way to initialize a new branch on a remote server like GitHub. ```bash git push origin branch_name ``` -------------------------------- ### CStunClientLogic C++ Class Source: https://context7.com/jselbie/stunserver/llms.txt The CStunClientLogic class provides a programmatic interface for embedding STUN client functionality into C++ applications. ```APIDOC ## CLASS CStunClientLogic ### Description Provides methods to initialize, send, and process STUN messages for NAT traversal. ### Methods - **Initialize(StunClientLogicConfig)**: Configures the client with server address and test parameters. - **GetNextMessage(buffer, dest, time)**: Generates the next STUN message to be sent over the network. - **ProcessResponse(buffer, remote, local)**: Processes incoming STUN responses from the network. - **GetResults(StunClientResults)**: Retrieves the final binding, behavior, and filtering test results. ### Request Example StunClientLogicConfig config; config.addrServer = CSocketAddress::Parse("stun.example.com", 3478); CStunClientLogic client; client.Initialize(config); ``` -------------------------------- ### Perform NAT Behavior and Filtering Tests Source: https://context7.com/jselbie/stunserver/llms.txt Use the stunclient CLI to diagnose NAT behavior and filtering policies. These commands help identify NAT types like Symmetric or Full Cone by testing mapping and packet filtering rules. ```bash stunclient --mode behavior --localport 5000 12.34.56.78 stunclient --mode filtering stunserver.org stunclient --mode filtering --localport 9999 12.34.56.78 ``` -------------------------------- ### NAT Behavior Detection API Source: https://context7.com/jselbie/stunserver/llms.txt The behavior mode detects how a NAT device maps internal addresses to external ones, which is critical for P2P connectivity. ```APIDOC ## GET /stunclient/behavior ### Description Performs a STUN behavior test to determine the NAT mapping type (e.g., Endpoint Independent, Symmetric). ### Method CLI Execution ### Endpoint `stunclient --mode behavior [server_address]` ### Parameters #### Query Parameters - **--localport** (int) - Optional - Specifies the local port to bind for the test. ### Response - **Nat behavior** (string) - The detected NAT mapping type (e.g., Address and Port Dependent Mapping). ``` -------------------------------- ### NAT Filtering Detection API Source: https://context7.com/jselbie/stunserver/llms.txt The filtering mode determines the restrictions placed by a NAT device on incoming packets from external hosts. ```APIDOC ## GET /stunclient/filtering ### Description Performs a STUN filtering test to determine which external hosts can send packets to a mapped address. ### Method CLI Execution ### Endpoint `stunclient --mode filtering [server_address]` ### Parameters #### Query Parameters - **--localport** (int) - Optional - Specifies the local port to bind for the test. ### Response - **Nat filtering** (string) - The detected NAT filtering type (e.g., Address and Port Dependent Filtering). ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.