[sr-dev] why new tcp connection?
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Nov 6 15:30:00 CET 2009
Juha Heinanen schrieb:
> Klaus Darilion writes:
>
> > 2. server
> > I use the pragmatic, and well working UDP approach. Just call
> > fix_nated_contact/register also for TCP clients. I never had any issues
> > with that.
>
> even when client is not behind nat like in the example of the
> discussion?
In this case it can work also with client receiving responses/in-dialog
requests at advertised port (as long as the client is really listening
on the advertised port).
But one of my favorites statement is: "Never trust the user". As the
contact and Via headers are user provided data I do not trust it. Thus I
always enforce symmetric signaling, regardless if client is behind NAT
or not and regardless of the used protocol.*
The only exception is if the client is known to be asymmetric (then I
have to screen the contact that at least the IP is the src_ip).
regards
Klaus
* I once used the somehow "academic" approach with hyper-intelligent NAT
detection methods, but I ended up with the "pragmatic" approach which is
easier, more secure and works IMO better.
More information about the sr-dev
mailing list