From 6ddf0e3afc438298f5067553ebebbbbffe050b8d Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Tue, 5 Mar 2013 11:05:10 -0500
Subject: [PATCH] add logging to stun code

---
 daemon/stun.c | 40 +++++++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/daemon/stun.c b/daemon/stun.c
index aff85abd0..a0028972e 100644
--- a/daemon/stun.c
+++ b/daemon/stun.c
@@ -8,6 +8,7 @@
 
 #include "str.h"
 #include "aux.h"
+#include "log.h"
 
 
 
@@ -156,6 +157,7 @@ static int stun_attributes(struct stun_attrs *out, str *s, u_int16_t *unknowns)
 				break;
 
 			default:
+				mylog(LOG_INFO, "Unknown STUN attribute: 0x%04x", type);
 				if ((type & 0x8000))
 					break;
 				unknowns[uc] = tlv->type;
@@ -398,31 +400,42 @@ static inline int u_int16_t_arr_len(u_int16_t *arr) {
 	return i;
 }
 
-/* XXX add error reporting */
+
+#define SLF " on port %hu from %s"
+#define SLP sr->fd.localport, addr
 int stun(str *b, struct streamrelay *sr, struct sockaddr_in6 *sin) {
 	struct header *req = (void *) b->s;
 	int msglen, method, class;
 	str attr_str;
 	struct stun_attrs attrs;
 	u_int16_t unknowns[UNKNOWNS_COUNT];
+	const char *err;
+	char addr[64];
+
+	smart_ntop_port(addr, sin, sizeof(addr));
 
 	msglen = ntohs(req->msg_len);
+	err = "message-length mismatch";
 	if (msglen + 20 > b->len || msglen < 0)
-		return -1;
+		goto ignore;
 
 	class = method = ntohs(req->msg_type);
 	class = ((class & 0x10) >> 4) | ((class & 0x100) >> 7);
 	method = (method & 0xf) | ((method & 0xe0) >> 1) | ((method & 0x3e00) >> 2);
+	err = "unknown STUN method";
 	if (method != STUN_METHOD_BINDING)
-		return -1;
+		goto ignore;
 	if (class == STUN_CLASS_INDICATION)
 		return 0;
 
 	attr_str.s = &b->s[20];
 	attr_str.len = b->len - 20;
 	if (stun_attributes(&attrs, &attr_str, unknowns)) {
+		err = "failed to parse attributes";
 		if (unknowns[0] == 0xffff)
-			return -1;
+			goto ignore;
+		mylog(LOG_WARNING, "STUN packet contained unknown "
+				"\"comprehension required\" attribute(s)" SLF, SLP);
 		stun_error_attrs(sr->fd.fd, sin, req, 420, "Unknown attribute",
 				STUN_UNKNOWN_ATTRIBUTES, unknowns,
 				u_int16_t_arr_len(unknowns) * 2);
@@ -432,23 +445,36 @@ int stun(str *b, struct streamrelay *sr, struct sockaddr_in6 *sin) {
 	if (class != STUN_CLASS_REQUEST)
 		return -1;
 
-	/* request */
-	if (!attrs.username.s || !attrs.msg_integrity.s || !attrs.fingerprint_attr)
+	err = "FINGERPRINT attribute missing";
+	if (!attrs.fingerprint_attr)
+		goto ignore;
+	err = "USERNAME attribute missing";
+	if (!attrs.username.s)
+		goto bad_req;
+	err = "MESSAGE_INTEGRITY attribute missing";
+	if (!attrs.msg_integrity.s)
 		goto bad_req;
 
+	err = "FINGERPRINT mismatch";
 	if (check_fingerprint(b, &attrs))
-		return -1;
+		goto ignore;
 	if (check_auth(b, &attrs, sr->up))
 		goto unauth;
 
+	mylog(LOG_NOTICE, "Successful STUN binding request" SLF, SLP);
 	stun_binding_success(sr->fd.fd, req, &attrs, sin, sr->up);
 
 	return 0;
 
 bad_req:
+	mylog(LOG_INFO, "Received invalid STUN packet" SLF ": %s", SLP, err);
 	stun_error(sr->fd.fd, sin, req, 400, "Bad request");
 	return 0;
 unauth:
+	mylog(LOG_INFO, "STUN authentication mismatch" SLF, SLP);
 	stun_error(sr->fd.fd, sin, req, 401, "Unauthorized");
 	return 0;
+ignore:
+	mylog(LOG_INFO, "Not handling potential STUN packet" SLF ": %s", SLP, err);
+	return -1;
 }