snet: implement STUN for NAT traversal

acceptance/stun/BUILD.bazel

@@ -0,0 +1,16 @@
+load("//:scion.bzl", "scion_go_binary")
+load("//acceptance/common:topogen.bzl", "topogen_test")
+
+topogen_test(
+    name = "test",
+    src = "test.py",
+    args = [
+        "--executable=test-client:$(location //acceptance/stun/test-client)",
+        "--executable=test-server:$(location //acceptance/stun/test-server)",
+    ],
+    data = [
+        "//acceptance/stun/test-client",
+        "//acceptance/stun/test-server",
+    ],
+    topo = "//topology:tiny.topo",
+)

acceptance/stun/test-client/BUILD.bazel

@@ -0,0 +1,19 @@
+load("@rules_go//go:def.bzl", "go_binary", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["main.go"],
+    importpath = "github.com/scionproto/scion/acceptance/stun/test-client",
+    visibility = ["//visibility:private"],
+    deps = [
+        "//pkg/daemon:go_default_library",
+        "//pkg/daemon/types:go_default_library",
+        "//pkg/snet:go_default_library",
+    ],
+)
+
+go_binary(
+    name = "test-client",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)

acceptance/stun/test-client/main.go

@@ -0,0 +1,103 @@
+// Copyright 2025 ETH Zurich
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"context"
+	"flag"
+	"log"
+	"os"
+
+	"github.com/scionproto/scion/pkg/daemon"
+	daemontypes "github.com/scionproto/scion/pkg/daemon/types"
+	"github.com/scionproto/scion/pkg/snet"
+)
+
+func main() {
+	log.SetOutput(os.Stdout)
+	log.Println("Client running")
+	var daemonAddr string
+	var localAddr snet.UDPAddr
+	var remoteAddr snet.UDPAddr
+	var data string
+	flag.StringVar(&daemonAddr, "daemon", "127.0.0.1:30255", "Daemon address")
+	flag.Var(&localAddr, "local", "Local address")
+	flag.Var(&remoteAddr, "remote", "Remote address")
+	flag.StringVar(&data, "data", "", "Data")
+	flag.Parse()
+
+	ctx := context.Background()
+
+	dc, err := daemon.NewService(daemonAddr).Connect(ctx)
+	if err != nil {
+		log.Fatalf("Failed to create SCION daemon connector: %v", err)
+	}
+
+	ps, err := dc.Paths(ctx, remoteAddr.IA, localAddr.IA, daemontypes.PathReqFlags{Refresh: true})
+	if err != nil {
+		log.Fatalf("Failed to lookup paths: %v", err)
+	}
+
+	if len(ps) == 0 {
+		log.Fatalf("No paths to %v available", remoteAddr.IA)
+	}
+
+	sp := ps[0]
+
+	log.Printf("Selected path to %v:", remoteAddr.IA)
+	log.Printf("\t%v", sp)
+
+	topology, err := daemon.LoadTopology(ctx, dc)
+	if err != nil {
+		log.Fatalf("Failed to load topology from daemon: %v", err)
+	}
+
+	scionNetwork := snet.SCIONNetwork{
+		Topology:    topology,
+		STUNEnabled: true,
+	}
+
+	remoteAddr.Path = sp.Dataplane()
+	remoteAddr.NextHop = sp.UnderlayNextHop()
+
+	conn, err := scionNetwork.Dial(ctx, "udp", localAddr.Host, &remoteAddr)
+	if err != nil {
+		log.Fatalf("Failed to dial SCION address: %v", err)
+	}
+
+	defer conn.Close()
+
+	log.Print("Successfully established SCION connection")
+
+	_, err = conn.Write([]byte(data))
+	if err != nil {
+		log.Fatalf("Failed to write to SCION connection: %v", err)
+	}
+
+	log.Printf("Successfully sent data to %v", remoteAddr.IA)
+
+	buf := make([]byte, 4096)
+	n, err := conn.Read(buf)
+	if err != nil {
+		log.Fatalf("Failed to read from SCION connection: %v", err)
+	}
+
+	response := string(buf[:n])
+	log.Printf("Received data: \"%s\"", response)
+	if response != data {
+		log.Fatalf("Assertion failed: response does not match sent data")
+	}
+	os.Exit(0)
+}

acceptance/stun/test-server/BUILD.bazel

@@ -0,0 +1,15 @@
+load("@rules_go//go:def.bzl", "go_binary", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["main.go"],
+    importpath = "github.com/scionproto/scion/acceptance/stun/test-server",
+    visibility = ["//visibility:private"],
+    deps = ["//pkg/snet:go_default_library"],
+)
+
+go_binary(
+    name = "test-server",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)

acceptance/stun/test-server/main.go

@@ -0,0 +1,102 @@
+// Copyright 2025 ETH Zurich
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"flag"
+	"log"
+	"net"
+	"os"
+
+	"github.com/scionproto/scion/pkg/snet"
+)
+
+func main() {
+	log.SetOutput(os.Stdout)
+	log.Print("Server running")
+
+	var localAddr snet.UDPAddr
+	flag.Var(&localAddr, "local", "Local address")
+	flag.Parse()
+
+	conn, err := net.ListenUDP("udp", localAddr.Host)
+	if err != nil {
+		log.Fatalf("Failed to listen on UDP connection: %v", err)
+	}
+	defer conn.Close()
+
+	for {
+		var pkt snet.Packet
+		pkt.Prepare()
+
+		n, lastHop, err := conn.ReadFrom(pkt.Bytes)
+		if err != nil {
+			log.Printf("Failed to read packet: %v", err)
+			continue
+		}
+		pkt.Bytes = pkt.Bytes[:n]
+
+		err = pkt.Decode()
+		if err != nil {
+			log.Printf("Failed to decode packet: %v", err)
+			continue
+		}
+
+		pld, ok := pkt.Payload.(snet.UDPPayload)
+		if !ok {
+			log.Printf("Failed to read packet payload")
+			continue
+		}
+
+		if int(pld.DstPort) != localAddr.Host.Port {
+			continue
+		}
+
+		log.Printf("Received data: %q from %v:%v", string(pld.Payload), pkt.Source, pld.SrcPort)
+
+		pkt.Destination, pkt.Source = pkt.Source, pkt.Destination
+
+		rp, ok := pkt.Path.(snet.RawPath)
+		if !ok {
+			log.Printf("Failed to reverse path, unexpected path type: %v", pkt.Path)
+			continue
+		}
+		replyPather := snet.DefaultReplyPather{}
+		replyPath, err := replyPather.ReplyPath(rp)
+		if err != nil {
+			log.Printf("Failed to reverse path: %v", err)
+			continue
+		}
+		pkt.Path = replyPath
+
+		pkt.Payload = snet.UDPPayload{
+			SrcPort: pld.DstPort,
+			DstPort: pld.SrcPort,
+			Payload: pld.Payload,
+		}
+
+		err = pkt.Serialize()
+		if err != nil {
+			log.Printf("Failed to serialize SCION packet: %v", err)
+			continue
+		}
+
+		_, err = conn.WriteTo(pkt.Bytes, lastHop)
+		if err != nil {
+			log.Printf("Failed to write packet: %v", err)
+			continue
+		}
+	}
+}