[Devel] CVS commitlog: sip-server/modules/mediaproxy README
mediaproxy.c sip-server/modules/mediaproxy/doc mediaproxy_user.sgml
Dan Pascu
dan at ag-projects.com
Mon Oct 30 12:57:37 CET 2006
On Monday 30 October 2006 13:02, Klaus Darilion wrote:
> Dan Pascu wrote:
> > Commit Log:
> > - Added ability to specify the NAT IP address of the signaling via
> > and AVP If this AVP is set, it should contain an IP address that will
> > be used as the address of the NAT from where the SIP signaling
> > originated, else src_ip
>
> Hi Dan!
>
> Is this only for sending RTP or also for signing-in into the mediaproxy
> session.
This is for signing in. It needs to know the NAT IP address from where the
signaling originated to be able to estimate the probable RTP media
originating address. This is used for both identifying the caller/called
parties as well as to provide a protection against someone trying to
steal the media session and impersonate one endpoint of the call.
It also offers protection against DOS attacks which could otherwise
disrupt the media sessions.
>
> What about an option to allow joining a session from every IP address?
Putting aside the security reasons shown above, because mediaproxy uses
only 1 socket per media stream it needs to correctly identify the caller
and called parties. If signing in would be allowed from any IP address,
then after you signed in IP1 as the caller, when IP2 comes in how do you
know if it is the called party or the caller has just changed the IP
address (some SBC's do this and is really annoying). Where would you sign
in this new IP, as the caller or the called? Even more, after both have
signed in, if a new IP address comes, how do you know if it is the caller
or the called who have changed the media IP and where would this new IP
be signed in?
--
Dan
More information about the Devel
mailing list