Support stand alone STUN server mode

errors.go

@@ -28,4 +28,5 @@ var (
 	errNonSTUNMessage                = errors.New("non-STUN message from STUN server")
 	errFailedToDecodeSTUN            = errors.New("failed to decode STUN message")
 	errUnexpectedSTUNRequestMessage  = errors.New("unexpected STUN request message")
+	errRelayAddressGeneratorNil      = errors.New("RelayAddressGenerator is nil")
 )

examples/stun-only-server/main.go

@@ -0,0 +1,56 @@
+// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
+// SPDX-License-Identifier: MIT
+
+// Package main implements a simple TURN server
+package main
+
+import (
+	"flag"
+	"log"
+	"net"
+	"os"
+	"os/signal"
+	"strconv"
+	"syscall"
+
+	"github.com/pion/turn/v3"
+)
+
+func main() {
+	publicIP := flag.String("public-ip", "", "IP Address that STUN can be contacted by.")
+	port := flag.Int("port", 3478, "Listening port.")
+	flag.Parse()
+
+	if len(*publicIP) == 0 {
+		log.Fatalf("'public-ip' is required")
+	}
+
+	// Create a UDP listener to pass into pion/turn
+	// pion/turn itself doesn't allocate any UDP sockets, but lets the user pass them in
+	// this allows us to add logging, storage or modify inbound/outbound traffic
+	udpListener, err := net.ListenPacket("udp4", "0.0.0.0:"+strconv.Itoa(*port))
+	if err != nil {
+		log.Panicf("Failed to create STUN server listener: %s", err)
+	}
+
+	s, err := turn.NewServer(turn.ServerConfig{
+		// PacketConnConfigs is a list of UDP Listeners and the configuration around them
+		PacketConnConfigs: []turn.PacketConnConfig{
+			{
+				PacketConn: udpListener,
+			},
+		},
+	})
+	if err != nil {
+		log.Panic(err)
+	}
+
+	// Block until user sends SIGINT or SIGTERM
+	sigs := make(chan os.Signal, 1)
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+	<-sigs
+
+	if err = s.Close(); err != nil {
+		log.Panic(err)
+	}
+}

internal/server/util.go

@@ -66,6 +66,13 @@ func authenticateRequest(r Request, m *stun.Message, callingMethod stun.Method)
 	realmAttr := &stun.Realm{}
 	badRequestMsg := buildMsg(m.TransactionID, stun.NewType(callingMethod, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeBadRequest})
 
+	// No Auth handler is set, server is running in STUN only mode
+	// Respond with 400 so clients don't retry
+	if r.AuthHandler == nil {
+		sendErr := buildAndSend(r.Conn, r.SrcAddr, badRequestMsg...)
+		return nil, false, sendErr
+	}
+
 	if err := nonceAttr.GetFrom(m); err != nil {
 		return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
 	}

server.go

@@ -167,10 +167,25 @@
 	}
 }
 
+type nilAddressGenerator struct{}
+
+func (n *nilAddressGenerator) Validate() error { return errRelayAddressGeneratorNil }
+
+func (n *nilAddressGenerator) AllocatePacketConn(string, int) (net.PacketConn, net.Addr, error) {
+	return nil, nil, errRelayAddressGeneratorNil
+}
+
+func (n *nilAddressGenerator) AllocateConn(string, int) (net.Conn, net.Addr, error) {
+	return nil, nil, errRelayAddressGeneratorNil
+}
+
 func (s *Server) createAllocationManager(addrGenerator RelayAddressGenerator, handler PermissionHandler) (*allocation.Manager, error) {
 	if handler == nil {
 		handler = DefaultPermissionHandler
 	}
+	if addrGenerator == nil {
+		addrGenerator = &nilAddressGenerator{}
+	}
 
 	am, err := allocation.NewManager(allocation.ManagerConfig{
 		AllocatePacketConn: addrGenerator.AllocatePacketConn,

server_config.go

@@ -57,11 +57,14 @@
 	if c.PacketConn == nil {
 		return errConnUnset
 	}
-	if c.RelayAddressGenerator == nil {
-		return errRelayAddressGeneratorUnset
+
+	if c.RelayAddressGenerator != nil {
+		if err := c.RelayAddressGenerator.Validate(); err != nil {
+			return err
+		}
 	}
 
-	return c.RelayAddressGenerator.Validate()
+	return nil
 }
 
 // ListenerConfig is a single net.Listener to accept connections on. This will be used for TCP, TLS and DTLS listeners

server_test.go

@@ -570,6 +570,52 @@ func TestConsumeSingleTURNFrame(t *testing.T) {
 	}
 }
 
+func TestSTUNOnly(t *testing.T) {
+	serverAddr, err := net.ResolveUDPAddr("udp4", "0.0.0.0:3478")
+	assert.NoError(t, err)
+
+	serverConn, err := net.ListenPacket(serverAddr.Network(), serverAddr.String())
+	assert.NoError(t, err)
+
+	defer serverConn.Close() //nolint:errcheck
+
+	server, err := NewServer(ServerConfig{
+		PacketConnConfigs: []PacketConnConfig{{
+			PacketConn: serverConn,
+		}},
+		Realm:         "pion.ly",
+		LoggerFactory: logging.NewDefaultLoggerFactory(),
+	})
+	assert.NoError(t, err)
+
+	defer server.Close() //nolint:errcheck
+
+	conn, err := net.ListenPacket("udp4", "0.0.0.0:0")
+	assert.NoError(t, err)
+
+	client, err := NewClient(&ClientConfig{
+		Conn:           conn,
+		STUNServerAddr: "127.0.0.1:3478",
+		TURNServerAddr: "127.0.0.1:3478",
+		Username:       "user",
+		Password:       "pass",
+		Realm:          "pion.ly",
+		LoggerFactory:  logging.NewDefaultLoggerFactory(),
+	})
+	assert.NoError(t, err)
+	assert.NoError(t, client.Listen())
+	defer client.Close()
+
+	reflAddr, err := client.SendBindingRequest()
+	assert.NoError(t, err)
+
+	_, ok := reflAddr.(*net.UDPAddr)
+	assert.True(t, ok)
+
+	_, err = client.Allocate()
+	assert.Equal(t, err.Error(), "Allocate error response (error 400: )")
+}
+
 func RunBenchmarkServer(b *testing.B, clientNum int) {
 	loggerFactory := logging.NewDefaultLoggerFactory()
 	credMap := map[string][]byte{