8 Aug
2007
8 Aug
'07
5:40 p.m.
Hi Inaki,
Why would you leave out the "4" flag test in nat_uac_test() for the replies?
Of course if I leave out the "2" test then my example works (I have tested it)
but I am afraid that this will break some other NATed senario. And if leave out the
"2" test, should I also leave out the "16" test?
Best regards
George
------------------------------
Message: 4
Date: Wed, 8 Aug 2007 11:53:46 +0200
From: I?aki Baz Castillo <ibc(a)in.ilimit.es>
Subject: Re: [OpenSER-Users] NAT question
To: users(a)openser.org
Message-ID: <200708081153.46621.ibc(a)in.ilimit.es>
Content-Type: text/plain; charset="iso-8859-1"
El Wednesday 08 August 2007 10:30:54 Papadopoulos Georgios escribiσ:
Disclaimer
The information in this e-mail and any attachments is confidential. It is intended solely
for the attention and use of the named addressee(s). If you are not the intended
recipient, or person responsible for delivering this information to the intended
recipient, please notify the sender immediately. Unless you are the intended recipient or
his/her representative you are not authorized to, and must not, read, copy, distribute,
use or retain this message or any part of it. E-mail transmission cannot be guaranteed to
be secure or error-free as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses.
Hi Bogdan,
I understand that 200 OK should not be fixed by proxyA. Maybe what I
don't understand is what nat_uac_test("2") does and when to use it.
Following is an example where
clientA = demo1(a)altecnet.gr
clientB = sip_test_1(a)i-call.gr
proxyA = 213.5.43.4
proxyB = 213.5.43.134
When proxyA goes in the onreply_route for the 200 OK,
nat_uac_test("23")
returns true (I guess because of the
"2" flag) and proxyA fixes the
contact again which is wrong. So, would it be safe to use
nat_uac_test("23") for the requests and nat_uac_test("21") for the
replies? I am afraid this would break the simple case with 2 NATed
clients and only one proxy:
clientA ------> proxyA ------> clientC
Good point. As I think, the correct NAT test for replies is:
nat_uac_test("1")
so we just check if <Contact:> header does contain an RFC1918
IP address
(private IP address).
In your case it will work since the <Contact> modified by
proxyB will contain
a non private IP so the NAT check (nat_uac_test("1")) in
proxyA wont detect
the repliy as behind NAT.
Maybe others test could be done, but I think they should no
valid test that
just compare the received IP with the IP of the contact since
both could be
public IP but different, in which case shouldn't be
applied "fix_nat_contact".
Regards.
--
Iρaki Baz Castillo
ibc(a)in.ilimit.es
8 Aug
8 Aug
5:47 p.m.
El Wednesday 08 August 2007 16:40:32 Papadopoulos Georgios escribió:
Hi Inaki,
Why would you leave out the "4" flag test in nat_uac_test() for the
replies?
Yes, sorry, 4 is valid.
Of course if I leave out the "2" test then
my example works (I
have tested it) but I am afraid that this will break some other NATed
senario. And if leave out the "2" test, should I also leave out the
"16"
test?
In my notes I have:
" 16) Is received port (source port of the packet) different from the port
specified in the top-most Via header? (this can be used to detect some broken
STUN implementations)"
Maybe test 16 is just for these broken STUN cases?
--
Iñaki Baz Castillo
ibc(a)in.ilimit.es
6316
days inactive
6316
days old
1 comments
2 participants
participants (2)
-
Iñaki Baz Castillo -
Papadopoulos Georgios