|STUN, Simple Traversal of UDP Through NAT|
|Protocol type:||Application layer protocol.|
|Port:||3478 (TCP, UDP).|
|Working groups:||behave, Behavior Engineering for Hindrance Avoidance.|
STUN is a lightweight protocol that allows applications to discover the presence and types of NATs and firewalls between them and the public Internet. It also provides the ability for applications to determine the public IP addresses allocated to them by the NAT. STUN works with many existing NATs, and does not require any special behavior from them. As a result, it allows a wide variety of applications to work through existing NAT infrastructure.
|MAC header||IP header||TCP | UDP header||STUN header||Data :::|
|0x0002||Shared Secret Request.|
|0x0102||Shared Secret Response.|
|0x0111||Binding Error Response.|
|0x0112||Shared Secret Error Response.|
The size of the message in bytes not including the STUN header.
Always set to 0x2112A442.
Transaction ID. 16 bits.
Data. Variable length.
The STUN term for a Type-Length-Value (TLV) object that can be added to a STUN message. Attributes are divided into two types: comprehension-required and comprehension-optional. STUN agents can safely ignore comprehension-optional attributes they don't understand, but cannot successfully process a message if it contains comprehension-required attributes that are not understood.
A username and associated password that represent a shared secret between client and server. Long-term credentials are generally granted to the client when a subscriber enrolls in a service and persist until the subscriber leaves the service or explicitly changes the credential.
The password from a long-term credential.
Same meaning as reflexive address. This term is retained only for historic reasons and due to the naming of the MAPPED-ADDRESS and XOR-MAPPED-ADDRESS attributes.
Reflexive Transport Address.
A transport address learned by a client that identifies that client as seen by another host on an IP network, typically a STUN server. When there is an intervening NAT between the client and the other host, the reflexive transport address represents the mapped address allocated to the client on the public side of the NAT. Reflexive transport addresses are learned from the mapped address attribute (MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) in STUN responses.
RTO, Retransmission TimeOut.
The initial period of time between transmission of a request and the first retransmit of that request.
A temporary username and associated password that represent a shared secret between client and server. Short-term credentials are obtained through some kind of protocol mechanism between the client and server, preceding the STUN exchange. A short-term credential has an explicit temporal scope, which may be based on a specific amount of time (such as 5 minutes) or on an event (such as termination of a SIP dialog). The specific scope of a short-term credential is defined by the application usage.
The password component of a short-term credential.
An entity that implements the STUN protocol. The entity can be either a STUN client or a STUN server.
An entity that sends STUN requests and receives STUN responses. A STUN client can also send indications. In this specification, the terms STUN client and client are synonymous.
A STUN message that does not receive a response.
An entity that receives STUN requests and sends STUN responses. A STUN server can also send indications. In this specification, the terms STUN server and server are synonymous.
The combination of an IP address and port number (such as a UDP or TCP port number).
[RFC 5389] Session Traversal Utilities for NAT (STUN).
[RFC 3489] STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs).