18 Aug
2022
18 Aug
'22
7:33 a.m.
Alex Balashov <abalashov(a)evaristesys.com> writes:
In principle, that’s right. Practically, this depends on the behaviour
of various intermediaries. I have seen both behaviours. In the
scenarios I have troubleshot, receiving only the first fragment on the
other side of—for example—a NAT gateway is fairly common.
It is not surprising that a broken firewall or NAT causes only the first
fragment to show up at an OS. It might even be more likely than not
that a given firewall is broken :-(
It would surprise me if an OS delivered a UDP packet that contained the
bytes in the first fragment only, and if so that's an OS bug. So I
would expect 99.9% the symptom to be that the packets don't arrive.
(All of this is another reason to do TCP signalling, which is able to
negotiate MTU and not end up with IP fragmentation, but I get it that
people have to interoperate with what the peer will do.)
This should not prevent the INVITE from being parsed;
typically in
real-world scenarios with a 1500 byte MTU, the first fragment captures
all SIP headers, and fragmentation slices up the SDP
payload. Fragmentation won’t adulterate the Request Line (first line),
which contains the “INVITE” method verb. I suppose it is conceivable
that a fragmentation boundary could occur in the middle of a SIP
header and/or header value, causing the entire message to be
discarded.
I would expect that if there is say a 1500-byte fragment and a 700-byte
fragment (to make things up) and a firewall drops the 700-byte one, then
reassembly at the OS would fail and Kamailio would never see anything.