3.3.5.1 Receiving Allocate Request Messages

  • Article

This section follows the product behavior as described in product behavior note<38>.

Upon receipt of an Allocate request message, the TURN server does processing as specified in [IETFDRAFT-TURN-08] section 7.2, with the following exceptions:

  • The TURN server MUST do basic message verification as specified in section 3.1.10.

  • If the request does not include a Message Integrity attribute, the TURN server MUST respond with an Allocate error response message with an error response value of 401 Unauthorized. The message MUST be formed as follows:

    • The response MUST be formed as specified in section 3.1.8.

    • The response MUST include an Error Code attribute with the appropriate error response code.

    • The response MUST include a Realm attribute, as specified in section 2.2.2.14.

    • The response MUST include a Nonce attribute, as specified in section 2.2.2.13.

    • The response SHOULD include the Alternate Server attribute, as specified in section 2.2.2.7.

    • The response SHOULD include the MS-Version attribute, as specified in section 2.2.2.17.<39>

    • The response MUST NOT include the Message Integrity attribute.

  • If the request does include a Message Integrity attribute, it MUST be processed as follows:

  • The request MUST include the Username attribute, as specified in section 2.2.2.2.

    • If the request does not include a Username attribute, the TURN server MUST respond with an Allocate error response, as specified in Step 2, with an error response code of 432 Missing Username.

    • If the request includes a Username attribute, but the value of the attribute was not understood by the TURN server, the TURN server MUST respond with an Allocate error response, as specified in Step 2, with an error response code of 436 Unknown User.

  • The request MUST include the Realm attribute, as specified in section 2.2.2.14.

    • If the request does not include a Realm attribute, the TURN server MUST respond with an Allocate error response, as specified in Step 2, with an error response code of 434 Missing Realm.

  • The request MUST include the Nonce attribute, as specified in section 2.2.2.13.

    • If the request does not include a Nonce attribute, the TURN server MUST respond with an Allocate error response, as specified in Step 2, with an error response code of 435 Missing Nonce.

    • If the request includes a Nonce attribute, but the value was not valid, the TURN server MUST respond with an Allocate error response, as specified in Step 2, with an error response code of 438 Stale Nonce.

  • The request SHOULD include the MS-Version attribute, as specified in section 2.2.2.17.

  • If all of the required attributes are present and valid, the TURN server MUST authenticate the Allocate request message as specified in section 3.1.11.

  • If authentication fails, the TURN server MUST respond with an Allocate error response, as specified in step 2, with an error response value of 431 Integrity Check Failure.

  • If authentication succeeds, the TURN server MUST attempt to allocate public transport addresses on behalf of the protocol client. The type of transport addresses allocated by the TURN server depend on the values of the MS-Version attribute, specified in section 2.2.2.17, and the Requested Address Family attribute, specified in section 2.2.2.15, in the request.

  • If the request did not include the MS-Version attribute or if it did include the MS-Version attribute with a value equal to or less than "0x03" (3) the TURN server MUST allocate an IPv4 public transport address.

  • If the request did include the MS-Version attribute with a value equal to or greater than "0x04" (4):

    • If the request included the Requested Address Family attribute with the Family value set to "0x01" (1), the TURN server MUST allocate an IPv4 public transport address.

    •  If the request included the Requested Address Family attribute with the Family value set to "0x02" (2), the TURN server MUST allocate an IPv6 public transport address.

    • If the associated Allocate request message did not include the Requested Address Family attribute:

      • If the TURN server was configured to support allocation of IPv4 addresses the TURN server MUST allocate an IPv4 public transport address.

      • If the TURN server was configured to support allocation of IPv6 addresses the TURN server MUST allocate an IPv6 public transport address.

    • If the MS-Version attribute value was equal to or greater than "0x05" (5) and the TURN client is connected to the TURN server over UDP, the response MUST allocate a unique Multiplexed TURN Session ID attribute as specified in section 2.2.2.24. In this case the allocated transport address SHOULD be a single port used by the TURN server to multiplex traffic for all allocated TURN clients.

    • If the MS-Version attribute value was equal to or greater than "0x06" (6) and the TURN client is connected to the TURN server over TCP, the response MUST allocate a unique Multiplexed TURN Session ID attribute as specified in section 2.2.2.24. In this case the allocated transport address SHOULD be a single port used by the TURN server to multiplex traffic for all allocated TURN clients.

  • If allocation of a transport address fails for any reason, the TURN server MUST respond with an Allocate error response, as specified in step 2, with an error response code of either 300 Try Alternate or 500 Server Error. The TURN server SHOULD use an error response code of Alternate Server if it is configured in a way that it knows about other servers (2) in the deployment that implement this protocol. Otherwise, the TURN server MUST use an error response code of Server Error.

  • If the allocation of the public transport address is successful, the TURN server MUST respond with an Allocate response.

  • The response MUST be formed as specified in section 3.1.8.

  • The response SHOULD include the MS-Version attribute, as specified in section 2.2.2.17.

  • If the allocation request was for either an IPv4 or an IPv6 address:

    • The response MUST include the Mapped Address attribute, as specified in section 2.2.2.1.The value of the attribute MUST be that of either the IPv4 or IPv6 transport address allocated by the TURN server.

  • If the allocation request was for both an IPv4 and an IPv6 address:

    • The response MUST include the Mapped Address attribute, as specified in section 2.2.2.1.The value of the attribute MUST be that of the IPv4 transport address allocated by the TURN server.

    • The response MUST include the MS-Alternate Mapped Address attribute, as specified in section 2.2.2.23.The value of the attribute MUST be that of the IPv6 transport address allocated by the TURN server.

  • The response MUST include the XOR Mapped Address attribute, as specified in section 2.2.2.16.

  • The response SHOULD include the MS-Sequence Number attribute, as specified in section 2.2.2.21.

  • The response MUST be authenticated as specified in section 3.1.11.