[Nice] Filtering out stun/non-application packets

[Olivier Crête]

On Mon, 2010-02-08 at 10:54 -0600, Tom Kaminski wrote: 
> I'm using the libnice-0.0.10 library and after a stream component is
> connected, I get some packets on the recv callback that I assume are
> STUN packets.  Obviously I do not want to pass these to my application
> so I need a good way to filter them out.  What is the recommended way
> to do this?  Here are some options:
> 
> 1. Identify the UDP packet as a stun packet, let everything else
> through.  I tried to do this, but for some reason the packet I'm
> receiving doesn't match the signature of a STUN packet.  I'm getting a
> 32 byte packet, but it doesn't contain the magic cookie field of
> 0x2112A442 according to the RFC.  Not sure what kind of packet this
> is.
> 
> 2. Identify the UDP packet as a application data packet, only let
> these through.  This would require a magic cookie field to be added to
> my application packets.  I'd rather not do this, but I could if
> necessary.
> 
> 3. A combination of both 1 & 2.
> 
> In the unit tests, it looks for a specific signature in the expected
> payload to determine if it is a application data packet (method 2).
> Is this the recommended approach?

The right answer is 2. On the public Internet, there is no way to
guarantee that the packet you are getting is what you are expecting. So
your application should already validate packets.

The easy way to do that is by having a signature or some kind of
checksum (if it doesn't pass, drop the packet). But you can do some
heuristics like is done with RTP/RTCP.

-- 
Olivier Crête
olivier.crete at collabora.co.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.freedesktop.org/archives/nice/attachments/20100208/88cab689/attachment.pgp