turn icon indicating copy to clipboard operation
turn copied to clipboard
verified publisher icon pion

BadFormat for message/cookie error (CLASSIC-STUN)

Open ispysoftware opened this issue 10 months ago • 4 comments

I know i'm missing something obvious here. The examples seem to demonstrate setting this up as STUN or TURN. TURN should also support STUN right?

When I run it as a TURN server and test it from stun client (on ubuntu) I get errors like

OnTurnServerOutput: turn ERROR: 2025/02/23 10:27:36 Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 1c0265f is invalid magic cookie (should be 2112a442) OnTurnServerOutput: turn ERROR: 2025/02/23 10:27:36 Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 203e909 is invalid magic cookie (should be 2112a442) OnTurnServerOutput: turn ERROR: 2025/02/23 10:27:36 Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 3c0a820 is invalid magic cookie (should be 2112a442) OnTurnServerOutput: turn ERROR: 2025/02/23 10:27:36 Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 19c1239 is invalid magic cookie (should be 2112a442)

Do I need to do anything special to support both? Is the AuthHandler being called for Binding requests?

 server, err := turn.NewServer(turn.ServerConfig{
     Realm: *realm,
     AuthHandler: func(username, realm string, srcAddr net.Addr) ([]byte, bool) {
         userSuffix, valid := validateUsername(username)
         if !valid {
             log.Println("Auth failed; invalid username:", username)
             return nil, false
         }
         expectedPassword := generateTURNPassword(username, realm, *staticAuthSecret)
         key := turn.GenerateAuthKey(username, realm, expectedPassword)
         log.Printf("Auth succeeded for user: %s (suffix=%s)", username, userSuffix)
         return key, true
     },
     PacketConnConfigs: packetConfigs,
     ListenerConfigs:   listenerConfigs,
 })

ispysoftware avatar Feb 23 '25 02:02 ispysoftware

It should work by default! The STUN packets are responded too automatically.

That error message is suggesting we aren't actually getting a STUN packet. Could you do wireshark/tcpdump and see if the TURN server is wrong?

Sean-Der avatar Feb 23 '25 03:02 Sean-Der

Thanks for responding. Wireshark is detecting this as CLASSIC-STUN. I'm wondering if pion supports that or not? When i try the ubuntu stun test client on googles stun servers it seems to work ok.

I'm getting the same error reports from deployed pion turn servers but they say "Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 0 is invalid magic cookie (should be 2112a442)"

I think some clients are probably using some older STUN version. Packet capture attached.

pcap.zip

edit: had a report that chrome on windows 10 is also causing this issue chrome on win 11 seems ok.

ispysoftware avatar Feb 23 '25 05:02 ispysoftware

OK it looks like i've run into

Compatability notes RFC 5389 obsoletes RFC 3489, so implementation was ignored by purpose, however, RFC 3489 can be easily implemented as separate package.

This is a bit of a show-stopper if windows 10 clients and linux clients are still using that RFC and it completely breaks the functionality of this library.

ispysoftware avatar Feb 24 '25 05:02 ispysoftware

Source of the reported issue here. Let me know if i can test something or provide with extra info.

I have been using win 10 on server side and chrome client on desktop and mobile and been getting these issues

hpmkruit avatar Feb 26 '25 06:02 hpmkruit