I'm trying to understand how WebRTC works and am having trouble understanding the role of STUN.
From what I understand in reading about STUN on various web-pages, such as rfc5389, or watching Google's 2013 presentation on WebRTC, the only thing STUN seems to do is tell the client what it's public IP address/port is.
However, looking at how one might implement a STUN server suggests they're a lot more involved, and seems to include things like fail-back support for UDP, TCP, and TLS-TCP, and handshaking where the client and server report what they expect their IP address to be and verify it against what the other side says their IP address is. For example, anecdotally, the jselbi's stunserver project has over 50 C++ files.
- So STUN must be doing more than just reporting the public IP address/port?
Additionally, it doesn't make sense to me why a WebRTC client would even need to know its own public IP address. In Google's presentation video (at time 19:46) shows two peers that want to talk to each other from behind a NAT, and each peer is also communicating with a signalling server. This diagram suggests each signalling server doesn't know the peer's public IP address/port. But this diagram must be wrong: it shows the peer talking directly to the signalling server, but talking indirectly to the STUN server through the NAT. In reality, the peer would be talking to the signalling server through the NAT also, and therefore, the signalling server would already know the peer's public IP address/port.
From this, the things I am having trouble with are:
Any request from the client to the signalling server is going to include that client's public IP address/port in the IP header of the request. The same is true when the client talks to the STUN server, which is why the STUN server can respond with the public IP address/port... Is this right?
It seems to me that the way the two peers can then talk to each other is to hijack the open connection between the peer and STUN server: The peer opens a connection to the STUN server. The STUN server replies by stating what IP address/port has been set up for this request. And then that IP address/port is then forwarded on to the remote peer, where the remote peer starts sending messages on the connection that was originally opened for the STUN server... Is this correct?
...or have I completely misunderstood what's going on?