24 Mar
2020
24 Mar
'20
4:46 p.m.
Yes, tcp is typically using ephemeral source port, in the way that is
allocated by the tcp stack/kernel, not easy to be specified by the
client app. But the client app can get the local (ephemeral) port after
connect() using getsockname() and use it to build the SIP message that
is going to be sent through the connection. I expect this is the way how
(most of the) sip phone apps do it when the port in SIP headers is
matching the source port of the connection.
Cheers,
Daniel
On 24.03.20 15:15, Ben Kaufman wrote:
Shouldn't *TCP* use an ephemeral source port, and
expect replies to be to the source port?
Ben Kaufman
-----Original Message-----
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of Daniel-Constantin
Mierla
Sent: Tuesday, March 24, 2020 9:01 AM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>; Juha
Heinanen <jh(a)tutpro.com>
Subject: Re: [SR-Users] about kamailio.cfg NAT test
Hello,
this is the test to detect devices behind NAT that use STUN, so they discover properly
the public IP of the NAT router, but the port allocation is different for STUN and SIP
traffic.
If you have an asymmetric signalling client, then this test is not useful -- actually nat
traversal cannot be done for asymmetric signalling (when client sends from one address
(ip+port) and expects traffic back to another address). You haven't included the
contact address, but anyhow probably the reply is not expected on port 44717 as it is
indicated in Via. The phone expects some natted environment, as it requested
"rport" handling (send back the reply to the port from where the request was
received). If it wanted asymmetric signalling, then rport is not needed. If it knew it
sends and receives to the same port, also rport would not be needed.
Maybe this is just baresip approach not to detect local port of the tcp connection,
putting a random value in Via and setting rport parameter.
You can tune the test for your specific environment/client apps, but for the vast
majority of the cases I encountered over the years, this test is the best one to detect
clients behind nat that are using stun.
Cheers,
Daniel
On 24.03.20 13:01, Juha Heinanen wrote:
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
In kamailio/etc/kamailio.cfg NAT test is based on
nat_uac_test("19").
19 includes test 16:
16 - Test if the source port is different from the port in the “Via”
header. If the “Via” header contains no port, it uses the default SIP
port 5060
Based on a couple of tests using baresip, looks like that results in
false positive when UA connects to SIP proxy via TCP.
An example:
T 2020/03/24 13:57:12.685441 192.26.134.10:38940 -> 192.26.134.1:5060
[AP] #127 REGISTER sip:test.tutpro.com SIP/2.0.
Via: SIP/2.0/TCP 192.26.134.10:44717;branch=z9hG4bK5b6aa423104ef942;rport.
Does someone know why test 16 is included?
-- Juha
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda --
www.linkedin.com/in/miconda
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
STATEMENT OF CONFIDENTIALITY:
The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain confidential or privileged information. If you are not
the intended recipient, or the person responsible for delivering the
e-mail to the intended recipient, be advised you have received this
message in error and that any use, dissemination, forwarding, printing,
or copying is strictly prohibited. Please notify AltiGen Communications
immediately at either (888)258-4436 or via email to
administrator(a)altigen.com, and destroy all copies of this message and any
attachments.