I think what we’re seeing here isnt Valve messing up but rather the middle east conflict expanded to cyberspace and spilling over to impact civilians. Look at the timing and affected countries. China isnt also exactly known for free internet.
WebRTC works as fallback. WebRTC is encrypted and cant be used for much else.
STUN in the otherhand is unencrypted and the protocol itself can be used for DDoS reflection/amplification. I would not be surprised if this is somehow weaponized and/or blocked/analyzed in real time that then breaks the connectivity.
STUN/TURN is basically icanhazip for WebRTC. STUN gives you your public IP:port. TURN is the same, but the returned IP:port is the one that had been dynamically allocated to you at time of querying, rather than the actual ones.
WebRTC clients take that STUN/TURN response and send to peers through out-of-band, through e.g. a lobby server chat mechanism, to set up the connection. This allows NAT table entries to be created as if they are outbound connection at both ends.
You can't make P2P connection with STUN/TURN alone. STUN/TURN is just a tool required for WebRTC.
> TURN is the same, but the returned IP:port is the one that had been dynamically allocated to you at time of querying, rather than the actual ones.
I don't know you mean by this, but I think you're confused. I have implemented STUN, so I know how it works. AFAIK, TURN doesn't reveal an address/port any different from that revealed by STUN, and cannot, because its discovery feature is STUN. (Also, a typical home user has only one internet-facing address, not a dynamic one plus another one.)
Rather, TURN provides a STUN address/port discovery service and a data relay service. The relay is for cases where two peers wishing to connect are both behind difficult NAT, meaning there is no quick and reliable way for them to directly connect even when they have their STUN results. So instead of connecting directly, they communicate through the relay.
TURN is the last resort and isn't just signaling. It carries the traffic as well.
If you can make all the STUN servers fail from the perspective of the clients, you could hypothetically force them to use TURN servers that are more centralized and easier to spy on. STUN negotiates pipes n:n. TURN is closer to n:1.
> force them to use TURN servers that are more centralized and easier to spy on
Webrtc traffic is encrypted as it travels through the TURN servers, isn't it? Sure, you get some which-ip-contacted-which-using-what-service metadata, but any active middleman able to mess with STUN traffic already has that.
It could just be that someone's fucked up a setting somewhere. I mean, the reason WebRTC has loads of options for 'interactive connectivity establishment' is because it's common to see users behind NAT, users whose NAT cant be traversed with STUN, IPv6 being broken, UDP getting blocked, TCP ports other than port 443 getting blocked, etc etc.
If a country's ISPs use CGNAT to avoid giving users precious IPv4 addresses, and world events made the ISPs turn the security settings up to 11, STUN just stops working.
The traffic is encrypted, but this makes it a lot easier to acquire if you have some way to break it.
And metadata plus encrypted traffic fingerprinting is enough to provide huge signal to an intelligence agency.
I think you have that backwards, WebRTC doesn't work, and STUN does.
I think you have it sideways. STUN [1] is the NAT traversal / "NAT hole punching" process that allows peers to discover their public IP addresses and establish direct P2P bidirectional UDP communication. WebRTC depends on STUN to establish P2P communication. You may be thinking of TURN [2] which amounts to routing traffic through an intermediary node that is visible to the two peers.
[1] https://en.wikipedia.org/wiki/STUN
[2] https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_...
We do P2P in our networking software and this is why we do it all in band instead of using STUN, TURN, or other common methods. Those get blocked and they’re also often insecure.
STUN has mitigations now against being weaponized but it’s still a shit protocol. The fact that neither STUN nor TURN contain any way whatsoever to accomplish any kind of rendezvous without yet another signaling path boggles my mind given how easy it would have been.
> The fact that neither STUN nor TURN contain any way whatsoever to accomplish any kind of rendezvous without yet another signaling path boggles my mind
Interesting. Can you expound on this a bit? How does ZeroTier do it?
ZeroTier has "roots," which are nodes that relay packets and also tell you what your IP info is. Everyone in the world connects to a pool of these.
Other than relaying and STUN-like IP info reflection, they're dumb and do very little. They can't see your traffic or other information or even what virtual networks you're on.
Once both sides learn their external info, they communicate via the root to arrange P2P rendezvous. If both have IPv6 they use that, but still do a hole punch due to stateful firewalls. But with V6 it works almost 100% of the time. If one or both have V4, they do more cumbersome V4 hole punch maneuvers.
Our next-gen product, which is still in pre-release and has been shown only to some enterprise customers, is called ZeroTier Quantum. It's called that cause it's built on PQC (pqNoise to be exact) but it's also a full-scale reengineering of the whole system. But it still uses very similar techniques. Everything is in-band. No STUN, TURN, or even DNS dependencies.
IPv6 and minimal assembly-written network code going without niche and complex features.
[flagged]
Regular people here are as opposed to military servicemen. The people who did not sign up for going to war.
These are dudes, likely some of them teenagers, playing Street Fighter and Tekken.
Who signed up for what?
The network shenanigans that apparently affect the p2p gaming is allegedly by the militaries of many countries, related to the Iran war. Much like GPS disturbancs in Northern and Eastern Europe are due to the war in Ukraine. Dudes delivering pizza have to suffer them, even though they never signed up to take part in the war.
> Who
These dudes and dudettes playing video games
> what?
Military service
https://en.wikipedia.org/wiki/Conscription_in_Iran
FWIW I don't agree with the comment chain's source, I read "regular people" as "civilians" and don't think there was any nasty connotation meant.
[dead]
Civilians have died by the tens of thousands in these wars, starting long before random gamers far from the killing and dying started having connection issues
Fair enough. Edited for clarity.
That's not what I meant. Civilians have died by the tens of thousands in these wars, starting long before random gamers far from the frontlines started having connection issues
> impact regular people
aka civilians
[flagged]
Calm down, he meant civilians. No need to stir up drama.
Civilians have died by the tens of thousands in these wars, starting long before random gamers far from the killing and dying started having connection issues
That has NOTHING to do what's being discussed here. Stop trying to escalate the topic.
[flagged]
That has NOTHING to do what's being discussed here. Stop trying to escalate the topic.
[dead]
>China isnt also exactly known for free internet.
Be careful, HN is a crazy china and leftie and MENA glaze site now.