/**
   * Tries to obtain a mapped/public address for the specified port (possibly by executing a STUN
   * query).
   *
   * @param dst the destination that we'd like to use this address with.
   * @param port the port whose mapping we are interested in.
   * @return a public address corresponding to the specified port or null if all attempts to
   *     retrieve such an address have failed.
   * @throws IOException if an error occurs while stun4j is using sockets.
   * @throws BindException if the port is already in use.
   */
  public InetSocketAddress getPublicAddressFor(InetAddress dst, int port)
      throws IOException, BindException {
    if (!useStun || (dst instanceof Inet6Address)) {
      logger.debug(
          "Stun is disabled for destination "
              + dst
              + ", skipping mapped address recovery (useStun="
              + useStun
              + ", IPv6@="
              + (dst instanceof Inet6Address)
              + ").");
      // we'll still try to bind though so that we could notify the caller
      // if the port has been taken already.
      DatagramSocket bindTestSocket = new DatagramSocket(port);
      bindTestSocket.close();

      // if we're here then the port was free.
      return new InetSocketAddress(getLocalHost(dst), port);
    }
    StunAddress mappedAddress = queryStunServer(port);
    InetSocketAddress result = null;
    if (mappedAddress != null) result = mappedAddress.getSocketAddress();
    else {
      // Apparently STUN failed. Let's try to temporarily disble it
      // and use algorithms in getLocalHost(). ... We should probably
      // eveng think about completely disabling stun, and not only
      // temporarily.
      // Bug report - John J. Barton - IBM
      InetAddress localHost = getLocalHost(dst);
      result = new InetSocketAddress(localHost, port);
    }
    if (logger.isDebugEnabled())
      logger.debug("Returning mapping for port:" + port + " as follows: " + result);
    return result;
  }
  /**
   * Initializes this network address manager service implementation and starts all
   * processes/threads associated with this address manager, such as a stun firewall/nat detector,
   * keep alive threads, binding lifetime discovery threads and etc. The method may also be used
   * after a call to stop() as a reinitialization technique.
   */
  public void start() {
    // init stun
    String stunAddressStr = null;
    int port = -1;
    stunAddressStr = NetaddrActivator.getConfigurationService().getString(PROP_STUN_SERVER_ADDRESS);
    String portStr = NetaddrActivator.getConfigurationService().getString(PROP_STUN_SERVER_PORT);

    this.localHostFinderSocket = initRandomPortSocket();

    if (stunAddressStr == null || portStr == null) {
      useStun = false;
      // we use the default stun server address only for chosing a public
      // route and not for stun queries.
      stunServerAddress = new StunAddress(DEFAULT_STUN_SERVER_ADDRESS, DEFAULT_STUN_SERVER_PORT);
      logger.info(
          "Stun server address("
              + stunAddressStr
              + ")/port("
              + portStr
              + ") not set (or invalid). Disabling STUN.");

    } else {
      try {
        port = Integer.valueOf(portStr).intValue();
      } catch (NumberFormatException ex) {
        logger.error(portStr + " is not a valid port number. " + "Defaulting to 3478", ex);
        port = 3478;
      }

      stunServerAddress = new StunAddress(stunAddressStr, port);
      detector = new SimpleAddressDetector(stunServerAddress);

      if (logger.isDebugEnabled()) {
        logger.debug(
            "Created a STUN Address detector for the following "
                + "STUN server: "
                + stunAddressStr
                + ":"
                + port);
      }
      detector.start();
      logger.debug("STUN server detector started;");

      // make sure that someone doesn't set invalid stun address and port
      NetaddrActivator.getConfigurationService()
          .addVetoableChangeListener(PROP_STUN_SERVER_ADDRESS, this);
      NetaddrActivator.getConfigurationService()
          .addVetoableChangeListener(PROP_STUN_SERVER_PORT, this);

      // now start a thread query to the stun server and only set the
      // useStun flag to true if it succeeds.
      launchStunServerTest();
    }
  }
  /**
   * Initializes and binds a socket that on a random port number. The method would try to bind on a
   * random port and retry 5 times until a free port is found.
   *
   * @return the socket that we have initialized on a randomport number.
   */
  private DatagramSocket initRandomPortSocket() {
    DatagramSocket resultSocket = null;
    String bindRetriesStr =
        NetaddrActivator.getConfigurationService().getString(BIND_RETRIES_PROPERTY_NAME);

    int bindRetries = 5;

    if (bindRetriesStr != null) {
      try {
        bindRetries = Integer.parseInt(bindRetriesStr);
      } catch (NumberFormatException ex) {
        logger.error(
            bindRetriesStr
                + " does not appear to be an integer. "
                + "Defaulting port bind retries to "
                + bindRetries,
            ex);
      }
    }

    int currentlyTriedPort = NetworkUtils.getRandomPortNumber();

    // we'll first try to bind to a random port. if this fails we'll try
    // again (bindRetries times in all) until we find a free local port.
    for (int i = 0; i < bindRetries; i++) {
      try {
        resultSocket = new DatagramSocket(currentlyTriedPort);
        // we succeeded - break so that we don't try to bind again
        break;
      } catch (SocketException exc) {
        if (exc.getMessage().indexOf("Address already in use") == -1) {
          logger.fatal(
              "An exception occurred while trying to create" + "a local host discovery socket.",
              exc);
          resultSocket = null;
          return null;
        }
        // port seems to be taken. try another one.
        logger.debug("Port " + currentlyTriedPort + " seems in use.");
        currentlyTriedPort = NetworkUtils.getRandomPortNumber();
        logger.debug("Retrying bind on port " + currentlyTriedPort);
      }
    }

    return resultSocket;
  }
 /**
  * The method queries a Stun server for a binding for the specified port.
  *
  * @param port the port to resolve (the stun message gets sent trhough that port)
  * @return StunAddress the address returned by the stun server or null if an error occurred or no
  *     address was returned
  * @throws IOException if an error occurs while stun4j is using sockets.
  * @throws BindException if the port is already in use.
  */
 private StunAddress queryStunServer(int port) throws IOException, BindException {
   StunAddress mappedAddress = null;
   if (detector != null && useStun) {
     mappedAddress = detector.getMappingFor(port);
     if (logger.isDebugEnabled())
       logger.debug(
           "For port:"
               + port
               + "a Stun server returned the "
               + "following mapping ["
               + mappedAddress);
   }
   return mappedAddress;
 }
  /**
   * Kills all threads/processes lauched by this thread and prepares it for shutdown. You may use
   * this method as a reinitialization technique ( you'll have to call start afterwards)
   */
  public void stop() {
    try {
      try {
        detector.shutDown();
      } catch (Exception ex) {
        logger.debug("Failed to properly shutdown a stun detector: " + ex.getMessage());
      }
      detector = null;
      useStun = false;

      // remove the listeners
      NetaddrActivator.getConfigurationService()
          .removeVetoableChangeListener(PROP_STUN_SERVER_ADDRESS, this);

      NetaddrActivator.getConfigurationService()
          .removeVetoableChangeListener(PROP_STUN_SERVER_PORT, this);

    } finally {
      logger.logExit();
    }
  }
예제 #6
0
  /** The diagnostics code itself. */
  public void run() {
    logger.debug("Started a diag kit for entry: " + addressEntry);

    // implements the algorithm from AssigningAddressPreferences.png

    setDiagnosticsStatus(this.DIAGNOSTICS_STATUS_DISOVERING_CONFIG);

    InetAddress address = addressEntry.getInetAddress();

    // is this an ipv6 address
    if (addressEntry.isIPv6()) {
      if (addressEntry.isLinkLocal()) {
        addressEntry.setAddressPreference(ADDR_PREF_LOCAL_IPV6);
        setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
        return;
      }

      if (addressEntry.is6to4()) {
        // right now we don't support these. we should though ... one day
        addressEntry.setAddressPreference(AddressPreference.MIN);
        setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
        return;
      }

      // if we get here then we are a globally routable ipv6 addr
      addressEntry.setAddressPreference(ADDR_PREF_GLOBAL_IPV6);
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_COMPLETED);
      // should do some connectivity testing here and proceed with firewall
      // discovery but since stun4j does not support ipv6 yet, this too
      // will happen another day.
      return;
    }

    // from now on we're only dealing with IPv4
    if (addressEntry.isIPv4LinkLocalAutoconf()) {
      // not sure whether these are used for anything.
      addressEntry.setAddressPreference(AddressPreference.MIN);
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      return;
    }

    // first try and see what we can infer from just looking at the
    // address
    if (addressEntry.isLinkLocalIPv4Address()) {
      addressEntry.setAddressPreference(ADDR_PREF_PRIVATE_IPV4);
    } else {
      // public address
      addressEntry.setAddressPreference(ADDR_PREF_GLOBAL_IPV4);
    }

    if (!useStun) {
      // if we're configured not to run stun - we're done.
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      return;
    }

    // start stunning
    for (int i = 0; i < bindRetries; i++) {
      StunAddress localStunAddress = new StunAddress(address, 1024 + (int) (Math.random() * 64512));
      try {

        stunClient = new StunClient(localStunAddress);
        stunClient.start();
        logger.debug("Successfully started StunClient for  " + localStunAddress + ".");
        break;
      } catch (StunException ex) {
        if (ex.getCause() instanceof SocketException && i < bindRetries) {
          logger.debug("Failed to bind to " + localStunAddress + ". Retrying ...");
          logger.debug("Exception was ", ex);
          continue;
        }
        logger.error(
            "Failed to start a stun client for address entry ["
                + addressEntry.toString()
                + "]:"
                + localStunAddress.getPort()
                + ". Ceasing attempts",
            ex);
        setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
        return;
      }
    }
    // De Stun Test I
    StunMessageEvent event = null;
    try {
      event = stunClient.doStunTestI(primaryStunServerAddress);
    } catch (StunException ex) {
      logger.error("Failed to perform STUN Test I for address entry" + addressEntry.toString(), ex);
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      return;
    }

    if (event == null) {
      // didn't get a response - we either don't have connectivity or the
      // server is down
      /** @todo if possible try another stun server here. we should support multiple stun servers */
      logger.debug("There seems to be no inet connectivity for " + addressEntry);
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      logger.debug("stun test 1 failed");
      return;
    }

    // the moment of the truth - are we behind a NAT?
    boolean isPublic;
    Message stunResponse = event.getMessage();

    Attribute mappedAttr = stunResponse.getAttribute(Attribute.MAPPED_ADDRESS);

    StunAddress mappedAddrFromTestI = ((MappedAddressAttribute) mappedAttr).getAddress();
    Attribute changedAddressAttributeFromTestI =
        stunResponse.getAttribute(Attribute.CHANGED_ADDRESS);
    StunAddress secondaryStunServerAddress =
        ((ChangedAddressAttribute) changedAddressAttributeFromTestI).getAddress();

    /**
     * @todo verify whether the stun server returned the same address for the primary and secondary
     *     server and act accordingly
     */
    if (mappedAddrFromTestI == null) {
      logger.error(
          "Stun Server did not return a mapped address for entry " + addressEntry.toString());
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      return;
    }

    if (mappedAddrFromTestI.equals(event.getSourceAccessPoint().getAddress())) {
      isPublic = true;
    } else {
      isPublic = false;
    }

    // do STUN Test II
    try {
      event = stunClient.doStunTestII(primaryStunServerAddress);
    } catch (StunException ex) {
      logger.error(
          "Failed to perform STUN Test II for address entry" + addressEntry.toString(), ex);
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      logger.debug("stun test 2 failed");
      return;
    }

    if (event != null) {
      logger.error("Secondary STUN server is down" + addressEntry.toString());
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      return;
    }

    // might mean that either the secondary stun server is down
    // or that we are behind a restrictive firewall. Let's find out
    // which.
    try {
      event = stunClient.doStunTestI(secondaryStunServerAddress);
      logger.debug("stun test 1 succeeded with s server 2");
    } catch (StunException ex) {
      logger.error("Failed to perform STUN Test I for address entry" + addressEntry.toString(), ex);
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      return;
    }

    if (event == null) {
      // secondary stun server is down
      logger.error("Secondary STUN server is down" + addressEntry.toString());
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      return;
    }

    // we are at least behind a port restricted nat

    stunResponse = event.getMessage();
    mappedAttr = stunResponse.getAttribute(Attribute.MAPPED_ADDRESS);
    StunAddress mappedAddrFromSecServer = ((MappedAddressAttribute) mappedAttr).getAddress();

    if (!mappedAddrFromTestI.equals(mappedAddrFromSecServer)) {
      // secondary stun server is down
      logger.debug("We are behind a symmetric nat" + addressEntry.toString());
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      return;
    }

    // now let's run test III so that we could guess whether or not we're
    // behind a port restricted nat/fw or simply a restricted one.
    try {
      event = stunClient.doStunTestIII(primaryStunServerAddress);
      logger.debug("stun test 3 succeeded with s server 1");
    } catch (StunException ex) {
      logger.error(
          "Failed to perform STUN Test III for address entry" + addressEntry.toString(), ex);
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      return;
    }

    if (event == null) {
      logger.debug("We are behind a port restricted NAT or fw" + addressEntry.toString());
      setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
      stunClient.shutDown();
      return;
    }

    logger.debug("We are behind a restricted NAT or fw" + addressEntry.toString());
    setDiagnosticsStatus(DIAGNOSTICS_STATUS_TERMINATED);
    stunClient.shutDown();
  }