[Serusers] nat + multiple RTP proxy

dhiraj.2.bhuyan at bt.com dhiraj.2.bhuyan at bt.com
Fri Dec 12 20:49:01 CET 2003 

Hello List,
I am trying to get SER + nathelper working with multiple RTP proxies on the route (please read the mail appended below on the problem I am trying to solve and how am trying to solve it). I spent sometime understanding the internals of SER - but it will be great if anyone can help me with the following problem -

My test settings is -

UA1 ---- NAT ---- SER/RTP1 ----- SER/RTP2 ------- UA2

I am forcing rtpproxy on SER2 also.

In file nathelper.c, I added a test case in force_rtp_proxy_f(..) to check if the SIP/SDP packet was sent by a device behind NAT. I use the SER received_test(msg) to do this check (which is basically a msg->via1->host == msg->rcv.src_ip test). I try setting up a call from UA1 to UA2. When SER1 receives the SIP/SDP packet from UA1, the received_test correctly detects that  UA1 is behind NAT. But when UA2 sends back an OK with its SDP data (which SER2 modifies before sending it to SER1), a received_test (in SER1) on this SIP/SDP message returns positive (isn't via1 added by SER2? and via2 the one added by UA1?).

I will appreciate any help on this. Is there any better way to do this? I am not doing a check on contact header since fix_nated_contact may have already been called (save reason for not checking the SDP contact information).

Sorry I am unable to add any debugging information - as I am writing from home.

Regards,

Dhiraj

Network Security Specialist,
BT Exact
> -----Original Message-----
> From: dhiraj.2.bhuyan at bt.com [mailto:dhiraj.2.bhuyan at bt.com] 
> Sent: Friday, December 12, 2003 6:39 PM
> To: jiri at iptel.org; sobomax at portaone.com
> Cc: serusers at lists.iptel.org
> Subject: [Serusers] nat + multiple RTP proxy
> 
> 
> Greetings list,
> I spent some time looking into the rtpproxy and nathelper 
> code. Currently, nathelper + rtpproxy will work ONLY if there 
> is "one" RTP proxy on the path. In a scenario like -
> 
> UA1 ---- NAT ---- SER/RTP1 ----- SER/RTP2 ---- NAT --- UA2
> 
> where UA1 and UA2 are subscribed to two different SERs and 
> are also behind NAT, RTP proxy 1 never forwards the RTP 
> traffic from UA1 to RTP proxy 2 (because of the way it is 
> designed) since RTP1 is waiting for at least one RTP packet 
> from RTP proxy 2 and vice versa - hence the deadlock.
> 
> This can be fixed if the RTP proxy waits for one UDP packet 
> from the device behind NAT, but does not wait for any packets 
> from the device it thinks is not behind NAT before forwarding 
> it the RTP traffic (coming from the other end). Thus in the 
> above scenario, RTP 1 waits for at least one packet from UA1 
> - but does not wait for any packet from RTP2.
> 
> I am writing a patch for nathelper and rtpproxy to add this 
> functionality (should be available by next week). Anyone - 
> any thoughts on this?
> 
> Dhiraj Bhuyan
> Network Security Specialist,
> BT Exact Business Assurance Solutions
> 
> Tel:   +44 1473 643932
> Mob:   +44 7962 012145
> Email: dhiraj.2.bhuyan at bt.com 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list