i would like to return to rtpengine trust-address flag. README says:
trust-address - flags that IP address in SDP should be trusted. Without this flag, the RTP proxy ignores address in the SDP and uses source address of the SIP message as media address which is passed to the RTP proxy.
the first part makes sense, i.e., if the flag is present, then ip address in the sdp is trusted.
the second part does not make sense to me and neither does "received from" key of request passed to rtpengine.
rtpengine doc tells about "received from":
Contains a list of exactly two elements. The first element denotes the address family and the second element is the SIP message's source address itself. The address family can be one of IP4 or IP6. Used if neither the trust address flag nor the media address key is present.
there is at least two reasons why it does not make sense to pass source ip address of sip request to rtpengine:
1) the proxy that is calling rtpengine_offer() may not be the first hop proxy of the sip ua.
2) even when sip proxy is the first hop, sip ua may not use the same ip address for sip signaling and rtp media
so what is the reason for the existence of "received from" key? is there anything lost if the key is removed? if not, then lets get rid of it in order to simplify things and to avoid confusion.
-- juha
On 09/09/14 04:05, Juha Heinanen wrote: ...
so what is the reason for the existence of "received from" key? is there anything lost if the key is removed? if not, then lets get rid of it in order to simplify things and to avoid confusion.
The reason is that this is what the original rtpproxy module does (see 'r' flag): http://kamailio.org/docs/modules/4.0.x/modules/rtpproxy.html#idp15365280
I agree with your objections in that trusting the SDP address should probably be the default, but I see no reason to remove functionality that some people may find useful. There's at least one case where trusting the SDP address can be problematic (packet forwarding loops). The best way of action would probably be to create a new flag with the opposite effect and then transition over to that one.
cheers
Richard Fuchs writes:
I agree with your objections in that trusting the SDP address should probably be the default, but I see no reason to remove functionality that some people may find useful. There's at least one case where trusting the SDP address can be problematic (packet forwarding loops). The best way of action would probably be to create a new flag with the opposite effect and then transition over to that one.
It is OK to have trust-address flag. What I doubt is what is the point in sending source IP address of SIP request to rtpengine if trust-address is not present, because that address may have nothing to do with rtp media.
-- Juha
On 09/09/14 08:47, Juha Heinanen wrote:
Richard Fuchs writes:
I agree with your objections in that trusting the SDP address should probably be the default, but I see no reason to remove functionality that some people may find useful. There's at least one case where trusting the SDP address can be problematic (packet forwarding loops). The best way of action would probably be to create a new flag with the opposite effect and then transition over to that one.
It is OK to have trust-address flag. What I doubt is what is the point in sending source IP address of SIP request to rtpengine if trust-address is not present, because that address may have nothing to do with rtp media.
Same as the address in the SDP may have nothing to do with the RTP media. It gives people an option. Nothing wrong with that.
cheers
Richard Fuchs writes:
It is OK to have trust-address flag. What I doubt is what is the point in sending source IP address of SIP request to rtpengine if trust-address is not present, because that address may have nothing to do with rtp media.
Same as the address in the SDP may have nothing to do with the RTP media. It gives people an option. Nothing wrong with that.
What I'm afraid is that rtpengine somehow relies on source IP address passed to it for its operation, because there is no way for me to prohibit that address to be passed to rtpengine if I have not used trust-address flag.
What is it that rtpengine does with received from address when trust-address is not used?
-- Juha
On 09/09/14 09:04, Juha Heinanen wrote:
Richard Fuchs writes:
It is OK to have trust-address flag. What I doubt is what is the point in sending source IP address of SIP request to rtpengine if trust-address is not present, because that address may have nothing to do with rtp media.
Same as the address in the SDP may have nothing to do with the RTP media. It gives people an option. Nothing wrong with that.
What I'm afraid is that rtpengine somehow relies on source IP address passed to it for its operation, because there is no way for me to prohibit that address to be passed to rtpengine if I have not used trust-address flag.
What is it that rtpengine does with received from address when trust-address is not used?
Nothing at all.
cheers
-
Juha Heinanen -
Richard Fuchs