Hi Inaki,
Why would you leave out the "4" flag test in nat_uac_test() for the replies? Of course if I leave out the "2" test then my example works (I have tested it) but I am afraid that this will break some other NATed senario. And if leave out the "2" test, should I also leave out the "16" test?
Best regards
George
Message: 4 Date: Wed, 8 Aug 2007 11:53:46 +0200 From: I?aki Baz Castillo ibc@in.ilimit.es Subject: Re: [OpenSER-Users] NAT question To: users@openser.org Message-ID: 200708081153.46621.ibc@in.ilimit.es Content-Type: text/plain; charset="iso-8859-1"
El Wednesday 08 August 2007 10:30:54 Papadopoulos Georgios escribiσ:
Hi Bogdan,
I understand that 200 OK should not be fixed by proxyA. Maybe what I don't understand is what nat_uac_test("2") does and when to use it.
Following is an example where clientA = demo1@altecnet.gr clientB = sip_test_1@i-call.gr proxyA = 213.5.43.4 proxyB = 213.5.43.134
When proxyA goes in the onreply_route for the 200 OK,
nat_uac_test("23")
returns true (I guess because of the "2" flag) and proxyA fixes the contact again which is wrong. So, would it be safe to use nat_uac_test("23") for the requests and nat_uac_test("21") for the replies? I am afraid this would break the simple case with 2 NATed clients and only one proxy: clientA ------> proxyA ------> clientC
Good point. As I think, the correct NAT test for replies is: nat_uac_test("1") so we just check if Contact: header does contain an RFC1918 IP address (private IP address).
In your case it will work since the <Contact> modified by proxyB will contain a non private IP so the NAT check (nat_uac_test("1")) in proxyA wont detect the repliy as behind NAT.
Maybe others test could be done, but I think they should no valid test that just compare the received IP with the IP of the contact since both could be public IP but different, in which case shouldn't be applied "fix_nat_contact".
Regards.
-- Iρaki Baz Castillo ibc@in.ilimit.es
Disclaimer The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
El Wednesday 08 August 2007 16:40:32 Papadopoulos Georgios escribió:
Hi Inaki,
Why would you leave out the "4" flag test in nat_uac_test() for the replies?
Yes, sorry, 4 is valid.
Of course if I leave out the "2" test then my example works (I have tested it) but I am afraid that this will break some other NATed senario. And if leave out the "2" test, should I also leave out the "16" test?
In my notes I have:
" 16) Is received port (source port of the packet) different from the port specified in the top-most Via header? (this can be used to detect some broken STUN implementations)"
Maybe test 16 is just for these broken STUN cases?
-
Iñaki Baz Castillo -
Papadopoulos Georgios