robertsdotpm
commented
2 months ago I've been using a fork of this code for years and only just now discovered this huge issue. I am face palming hard. It means that the vast majority of servers aren't going to respond to the stun request because the request will be malformed. Yet here is your issue right here. Posted 8 years ago... You were definitely right. The fact that anyone has success with this library is actually a bug according to the standard. I only learned this by chasing packet logs. It seems the upstream library that forks this (pystun3) has no issues enabled but this is a good place to collect them. I think this is the biggest issue and very easily fixed:
My fix was to set transaction ID to 12 bytes (so its the expected size for the payload) and then prepend the magic cookie hex string where the payload is built. My fix looks like this:
str_data = ''.join([BindRequestMsg, str_len, "2112A442", tran_info_hex, extra_data]) ...
I'm not bothering with a pull here because the project isn't maintained and the networking code here is very basic.
Stun Packet Magic Cookie Must Be
0x2112A442.