[SR-Users] Selective rport behaviour

Daniel Tryba d.tryba at pocos.nl
Thu Sep 22 16:55:04 CEST 2016 

On Thu, Sep 22, 2016 at 09:58:33AM -0400, Alex Balashov wrote:
> Normally, we just force_rport() on all incoming requests so that we reply to
> the real source port of the request, since most endpoints on this
> installation are NAT'd.
> 
> However, occasionally we run into a scenario where an ALG or misconfigured
> client incorrectly inserts an rport attribute into its topmost Via, and
> really expects to receive a response at the address/port indicated in the
> Via (i.e. 5060).

You can never trust "client" headers/devices IMHO. And I never had
problems with force_rport, so logically force_rport overrides anything
the "client" sends.
 
> Does Kamailio offer a means of dealing with these on a selective basis?
> Would refraining from calling force_rport() be enough? Or would it be
> necessary to set reply_to_via=1 as well, thus breaking symmetrical behaviour
> for the vast majority of the NAT'd endpoints?
> 
> In other words, I'm not 100% clear on the following:
> 
> 1) What impact does force_rport() have if an 'rport' attribute is sent by
> the client?
> 
> In this case, there should be nothing to "force"; I assume that if the
> 'rport' attribute is placed by the client, then the proxy will return
> replies to the source port of the request even if force_rport() is not
> called, because that's the RFC 3581-compatible thing to do. Right?

force_rport sets the flag FL_FORCE_RPORT, and the helpful comments say the following:
 * - if the original via contains rport / rport=something or msg->msg_flags
 *   FL_FORCE_RPORT is set (e.g. script force_rport() cmd) rport=src_port
 *   is added (over previous rport / as first via param or after received
 *   if no received was present and received is added too)

and 
        /* check if rport needs to be updated:
         *  - if FL_FORCE_RPORT is set add it (and del. any previous version)
         *  - if via already contains an rport add it and overwrite the previous
         *  rport value if present (if you don't want to overwrite the previous
         *  version remove the comments) */


> 2) Does reply_to_via=1 override the behaviour hypothesised in #1?
> 3) Does reply_to_via=1 override force_rport()?

force_rport seems to override any rport available in via, so reply_to_via
has no additional effects.

More information about the sr-users mailing list