[Serusers] nat + multiple RTP proxy - sr-users

12 Dec 2003

      Hello List,
I am trying to get SER + nathelper working with multiple RTP proxies on the route (please read the mail appended below on the problem I am trying to solve and how am trying to solve it). I spent sometime understanding the internals of SER - but it will be great if anyone can help me with the following problem -
My test settings is -
UA1 ---- NAT ---- SER/RTP1 ----- SER/RTP2 ------- UA2
I am forcing rtpproxy on SER2 also.
In file nathelper.c, I added a test case in force_rtp_proxy_f(..) to check if the SIP/SDP packet was sent by a device behind NAT. I use the SER received_test(msg) to do this check (which is basically a msg->via1->host == msg->rcv.src_ip test). I try setting up a call from UA1 to UA2. When SER1 receives the SIP/SDP packet from UA1, the received_test correctly detects that  UA1 is behind NAT. But when UA2 sends back an OK with its SDP data (which SER2 modifies before sending it to SER1), a received_test (in SER1) on this SIP/SDP message returns positive (isn't via1 added by SER2? and via2 the one added by UA1?).
I will appreciate any help on this. Is there any better way to do this? I am not doing a check on contact header since fix_nated_contact may have already been called (save reason for not checking the SDP contact information).
Sorry I am unable to add any debugging information - as I am writing from home.
Regards,
Dhiraj
Network Security Specialist,
BT Exact
...
-----Original Message-----
From: dhiraj.2.bhuyan@bt.com [mailto:dhiraj.2.bhuyan@bt.com] 
Sent: Friday, December 12, 2003 6:39 PM
To: jiri@iptel.org; sobomax@portaone.com
Cc: serusers@lists.iptel.org
Subject: [Serusers] nat + multiple RTP proxy
Greetings list,
I spent some time looking into the rtpproxy and nathelper 
code. Currently, nathelper + rtpproxy will work ONLY if there 
is "one" RTP proxy on the path. In a scenario like -
UA1 ---- NAT ---- SER/RTP1 ----- SER/RTP2 ---- NAT --- UA2
where UA1 and UA2 are subscribed to two different SERs and 
are also behind NAT, RTP proxy 1 never forwards the RTP 
traffic from UA1 to RTP proxy 2 (because of the way it is 
designed) since RTP1 is waiting for at least one RTP packet 
from RTP proxy 2 and vice versa - hence the deadlock.
This can be fixed if the RTP proxy waits for one UDP packet 
from the device behind NAT, but does not wait for any packets 
from the device it thinks is not behind NAT before forwarding 
it the RTP traffic (coming from the other end). Thus in the 
above scenario, RTP 1 waits for at least one packet from UA1

but does not wait for any packet from RTP2.

I am writing a patch for nathelper and rtpproxy to add this 
functionality (should be available by next week). Anyone - 
any thoughts on this?
Dhiraj Bhuyan
Network Security Specialist,
BT Exact Business Assurance Solutions
Tel:   +44 1473 643932
Mob:   +44 7962 012145
Email: dhiraj.2.bhuyan@bt.com

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers