[Serusers] rport processing bug
Jan Janak
jan at iptel.org
Sun Oct 17 17:37:09 CEST 2004
Here is a snippet of the configuration file:
# Special handling for NATed clients; first, NAT test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding is used); also,
# the received test should, if completed, should check all
# vias for rpesence of received
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart enough to be symmetric. In some phones it takes a configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is
# called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
The snippet applies fix_nated_contact only if nat_uac_test returns true.
The parameter 3 tells nat_uac_test to do both -- RFC198 and via!=src IP
tests.
Jan.
On 17-10 16:34, Jan Janak wrote:
> On 17-10 16:27, Jakob Schlyter wrote:
> > On Sun, 17 Oct 2004, Jan Janak wrote:
> >
> > >This is necessary for phones behind NAT. They often put IP and port
> > >which is not accessible from the public internet -- the phone is
> > >typically reachable only through the NAT-binding that was created during
> > >the registration process, that's the reason why SER rewrites the contact
> > >with the IP and port assigned by the NAT device.
> >
> > according to rfc 3581, rport is specified per transaction. I understand
> > that this magic might be useful sometimes, but in this case it actually
> > breaks stuff since the phone doesn't receive a response on this port after
> > the transacation has ended.
>
> Do you know any other way how to get INVITE messages to the phones
> behind NAT without port forwarding or similar magic ? If so please
> share it with me.
>
> > >You can fine-tune this behaviour in the configuration file. SER will
> > >rewrite the Contact header field only if it detects that the phone is
> > >behind NAT (either src IP and IP in via do not match or there is a
> > >RFC1918-style IP address).
> >
> > so why did it rewrite the contact header? the via and the contact was the
> > same and no addresses used was rfc1918. can this feature be turned off?
>
> Then you probably have an error in your configuration file.
> fix_nated_contact should be only called when one of the conditions
> above is true.
>
> > when reading the docs, one might get the impression that this is what
> > fix_contact() is used for but it seems (from your description above) it is
> > performed anyway.
>
> No, this is what fix_nated_contact does. Contact will not be rewritten
> unless you call that function.
>
> Jan.
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list