[SR-Users] Best approach for TCP/TLS connection re-use for nated Contacts

Giacomo Vacca Giacomo.Vacca at truphone.com
Mon Mar 19 13:29:02 CET 2012 

Thanks for your answers.
I thought I could make an example with your suggestions, for documentation (I see others are interested at the moment).

Using add_contact_alias, when the 200 OK for an INVITE is received, e.g. from 10.0.9.49:61756:

SIP/2.0 200 OK
[...]
Contact: <sip:giacomo at 10.0.9.49:61750;transport=tcp>

add_contact_alias detects that received ip:port is different than the one in the Contact, so it appends an alias before relaying the 200 OK:

SIP/2.0 200 OK
[...]
Contact: <sip:giacomo at 10.0.9.49:61750;alias=10.0.9.49~61756~2;transport=tcp>

This will then be used when generating the ACK:

ACK sip:giacomo at 10.0.9.49:61750;alias=10.0.9.49~61756~2;transport=tcp SIP/2.0
[...]

which Kamailio will change with handle_uri_alias(), removing the alias and setting the received ip:port as destination:

ACK sip:giacomo at 10.0.9.49:61750;transport=tcp SIP/2.0

sent correctly to 10.0.9.49:61756.

With fix_nated_contact, same scenario, Kamailio would modify the Contact before relaying the 200 OK:
SIP/2.0 200 OK
[...]
Contact: <sip:giacomo at 10.0.9.49:61756;transport=tcp>

Which will then be used as R-URI for the ACK:

ACK sip:giacomo at 10.0.9.49:61756;transport=tcp SIP/2.0
[...]

And sent without modifications to 10.0.9.49:61756.

As stated in other references, the difference is that with the add_contact_alias approach the invited client sees its published Contact in the ACK's R-URI.

I hope this is useful.
Regards,
Giacomo


From: Klaus Darilion [mailto:klaus.mailinglists at pernau.at]
Sent: 11 March 2012 13:10
To: SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) - Users Mailing List
Cc: Giacomo Vacca
Subject: Re: [SR-Users] Best approach for TCP/TLS connection re-use for nated Contacts


Am 09.03.2012 20:56, schrieb Giacomo Vacca:
One of the solutions I've found is using always add_contact_alias() in onreply_route when handling the 200 OK, and then use handle_ruri_alias() when defining the destination for the ACK.

Yes, that the pragmatic approach I always use. IMO it is also a bit of security. I do not like to blindly trust user provided data (e.g. contact header), thus I always use the IP:port from where the message was received.

regards
Klaus
Truphone Limited is a limited liability company registered in England & Wales, registered office: 4 Royal Mint Court, London, EC3N 4HJ. Registered No. 04187081. VAT No. GB 851 5278 19.
Tru is a brand name of Truphone and is a Truphone Communications Service. Truphone is a trading name for a number of distinct legal entities that operate in combination. www.truphone.com<http://www.truphone.com>.

This e-mail, and any attachment(s), may contain information which is confidential and/or privileged, and is intended for the addressee only. If you are not the intended recipient, you may not use, disclose, copy or distribute this information in any manner whatsoever. If you have received this e-mail in error, please contact the sender immediately and delete it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120319/2feabadc/attachment.htm>

More information about the sr-users mailing list