Ole,
I was reading your latest issue of IPJ (Volume 7, No. 3, September 2004)
and I could be wrong but I think you mis-typed an explanation about the STUN protocol. On page 12, 3rd paragraph, last sentence, it
reads: "A received response indicates the presence of a port-restricted cone, and the lack of a response indicates the presence of
a restricted cone."
According to the definitions you gave about "restricted cone" and "port-restricted cone" on pages 10 and 11. Shouldn't this
sentence instead read: "A received response indicates the presence of a restricted cone, and the lack of a response indicates the
presence of a port-restricted cone."
The author responds:
Ryan is correct, there is an error here in the text.
The flow control of the sequence of STUN tests is detailed in Figure 9 of the article. The test referred to here is to determine if
the NAT is a restricted cone NAT, or a port-restricted cone NAT.
The restricted cone NAT, in Figure 7, is one where the NAT binding is accessible using any source port number on the external host
when responding to a UDP packet from the internal sending host.
The port-restricted cone NAT, in Figure 8, is one where the NAT binding is accessible using the same port number as originally used
by the internal lost host, and this binding is accessible from any external IP address.
The test referenced in this section, as per Figure 9, is one where the local host requests the external agent to respond using the
same port number, but an altered source address. The text should read "This fourth request includes a control flag to direct the
STUN server to respond using the alternate IP address, but with the same port value," in which case the interpretation of the
response—that a response indicates the presence of a port-restricted cone NAT and the lack of response indicates the presence
of a restricted cone NAT—would be correct.
Ryan is also correct in that if the test is performed the other way, requesting the agent to use the same IP address, but with the
alternate port value, then the opposite interpretation would hold, namely that a response indicates the presence of a restricted
cone NAT, and the lack of a response would indicate the presence of a port-restricted cone NAT, as Ryan points out.
Thanks to Ryan for following through this rather complex explanation of the STUN algorithm and spotting this error.
Regards,