Awesome
High performance STUN server
Introduction
- High-performance Shared-nothing Design - SeaStar: sharded, cooperative, non-blocking, micro-task scheduled design.
- Networking - Intel DPDK: user-space TCP/IP stack, provide low-latency, high-throughput. Enjoy zero-copy, zero-lock, and zero-context-switch performance.
- STUN server: implement RFC 8489, Prometheus metric reporting, long-term and short-term credential mechanisms, fingerprint mechanism, DNS discovery, IP rate limiting.
- STUN client.
- Tests: implement test vectors from RFC 5769, RFC 8489 and RFC Errata 8489.
TODO: write stuff here
License
MIT License.
Building STUN server
- (Optional) Install DPDK.
- Install SeaStar (set
Seastar_DPDK
flag to enable DPDK support). - Install OpenSSL package (libssl-dev on Ubuntu-based distros).
- Install uriparser.
- Configure HugePages.
- Tune aio-max-nr if using linux-aio reactor backend.
- Build ministun project with CMake.
Getting Started
Run STUN server
./stunserver --log-level <level> --config <path-to-config-file>
Log levels: "trace", "debug", "info", "warn" or "error".
To enable userspace network stack, add --network-stack native --dpdk-pmd --dhcp true
.
Run STUN client
./stunclient --local-ip <local-ip> --server <server-uri>
server URI can be
stun://<server-domain-name>:<server-port>
stun://<server-ip>:<server-port>
stuns
scheme is not supported.
Other options:
stunclient options:
-h [ --help ] show help message
--help-seastar show help message about seastar options
--help-loggers print a list of logger names and exit
--log-level arg (=info) either "trace", "debug", "info", "warn" or "error"
--family arg (=4) either "4" or "6" to specify the usage of INET or
INET6
--protocol arg (=udp) either "udp" or "tcp"
--mechanism arg either "ShortTerm" or "LongTerm"
--username arg username
--username arg password
--local-ip arg local IP
--local-port arg local port
--server arg server URI
Run tests:
The project supports CTest.
Sample config file
<?xml version="1.0" encoding="utf-8" ?>
<Config>
<!-- either "trace", "debug", "info", "warn" or "error", default: info -->
<LogLevel>info</LogLevel>
<MetricReporter>
<!-- default: false -->
<Enabled>false</Enabled>
<!-- default: empty (bind to all addresses on the local machine) -->
<Ip></Ip>
<!-- default: 9180 -->
<Port>9180</Port>
</MetricReporter>
<RateLimiter>
<!-- default: ModuloRateLimiter (use division hashing) -->
<Type>ModuloRateLimiter</Type>
<!-- default: false -->
<Enabled>false</Enabled>
<!-- if Type is "ModuloRateLimiter", this node will be checked -->
<ModuloRateLimiter>
<!-- permits per minute, default: 30 -->
<Rate>30</Rate>
<!-- default: 15 minutes -->
<BlockTimeout>15</BlockTimeout>
<!-- default: 20000 -->
<MaxTrackedAddresses>15</MaxTrackedAddresses>
</ModuloRateLimiter>
</RateLimiter>
<Authenticator>
<!-- either "StaticShortTermAuthenticator" or "StaticLongTermAuthenticator", default: StaticShortTermAuthenticator -->
<Type>StaticLongTermAuthenticator</Type>
<!-- default: false -->
<Enabled>false</Enabled>
<!-- if Type is "StaticLongTermAuthenticator", this node will be checked -->
<StaticLongTermAuthenticator>
<!-- used to validate nonce -->
<Key>P@ssword!</Key>
<!-- It is recommended that the Realm value be the domain name of the provider of the STUN server -->
<Realm>example.com</Realm>
<SecurityFeatures>
<!-- supported algorithm in preferential order: SHA256 -> MD5, default: true -->
<PasswordAlgorithms>true</PasswordAlgorithms>
<!-- default: true -->
<UsernameAnonymity>true</UsernameAnonymity>
</SecurityFeatures>
<!-- default: 3 minutes -->
<NonceTimeout>3</NonceTimeout>
</StaticLongTermAuthenticator>
<Users>
<User>
<Username>user1</Username>
<Password>123456789</Password>
</User>
</Users>
</Authenticator>
<Servers>
<Server>
<!-- either "4" or "6" to specify the usage of INET or INET6, default: 4 -->
<Family>4</Family>
<!-- either "udp" or "tcp", default: udp -->
<Protocol>udp</Protocol>
<!-- default: empty (bind to all INET/INET6 addresses on the local machine) -->
<Ip></Ip>
<!-- specify UDP/TCP port for STUN server to start on, default: 3478 -->
<Port>3478</Port>
</Server>
</Servers>
</Config>