[Devel] [Users] nathelper/rtpproxy when both SIP UA are behind same NAT

Klaus Darilion klaus.mailinglists at pernau.at
Tue Dec 6 09:29:28 CET 2005 

Norman Brandinger wrote:
> Yes,  you pretty much ended up at the same place I did.
> 
> It appears that the value from the "received" column is what is needed.
> 
> I guess the question is: "after a lookup(), is the "received" column 
> saved in a pseudo variable ?

$du, $dd, $d....

klaus

> 
> Norm
> 
> 
> Tavis P wrote:
> 
>> Sorry my logic was bad, again
>>
>> It seems that its not really feasable to do media path optimization for
>> clients that are behind the same nat currently (at least not with the
>> approaches i've taken)
>>
>> The primary issue is that i can find no reliable way to access the
>> external IP address of the callee ( maybe "received" information stored
>> in Location Database?) when both clients are behind a NAT, if this was
>> made available then it should be easy.  Somthing like:
>>
>>
>>         # If both clients are behind nat we can check to see if they are
>> behind the same
>>         # external IP and optimize the media path to go directly between
>> them
>>         else if ( isflagset(2) and isflagset(3) )
>>         {
>>             log(1, "Both Clients are behind the same NAT");
>>
>>             avp_printf("i:450", "RECEIVED Header Field of Callee");
>>             avp_subst("i:450", "/need to/extract only the IP from text
>> string/");
>>                    if ( avp_check("i:450", "eq/$src_ip/g") )
>>             {
>>                 log(1, "Both clients seem to be behind the same NAT,
>> disabled mediaproxy use");
>>                            # Do not use mediaproxy as the clients are 
>> behind the
>> same NAT
>>                 resetflag(2);
>>                 resetflag(3);
>>             }          
>> Tavis P wrote:
>>
>>  
>>
>>> The one i posted before was for clients using STUN who are behind a NAT
>>> that does not support hairpinning (data directed from the internal ip
>>> address of one client to the external ip address of the nat does not map
>>> to other internal clients) but the logic is similar for media
>>> optimization of nat clients in the same network environment.
>>>
>>> I'm working on a little bit of script that i think could do it, the
>>> first thing that you should check for is that the external IP address is
>>> the same (not using the script below as you've shown) and then check of
>>> the internal ip address is the same using avp_printf and then avp_subst
>>> to subtract the information from the SIP headers where it resides
>>>
>>> I'll post it later on today if i get some time
>>>
>>> Norman Brandinger wrote:
>>>
>>>  
>>>
>>>    
>>>
>>>> Hi Tavis,
>>>>
>>>> I tried your suggestion.
>>>>
>>>> First, thanks for the information about using avp_printf() to save a
>>>> pseudo variable to an AVP.  Either I overlooked the doc in regard to
>>>> this or there isn't any doc.  Do you know if it's documented ?  Seem
>>>> to recall a comment about this on the mailing list a while ago...??
>>>>
>>>> It in my testing, $si = public IP address of the NAT Router which is
>>>> what was expected.  However, $rd = the private IP of the callee. 
>>>> Unfortunately the private ip isn't useful.  A quick look at the
>>>> location table shows that the private IP stored in the "contact"
>>>> column.  It appears that the value from the "received" column is what
>>>> is needed.  I guess the question is: "after a lookup(), is the
>>>> "received" column saved in a pseudo variable ?
>>>>
>>>> Regards,
>>>> Norm
>>>>
>>>>
>>>> Tavis P wrote:
>>>>
>>>>   
>>>>      
>>>>
>>>>> actually, this would be better
>>>>>
>>>>>        avp_printf("i:401", "$rd");
>>>>>               if ( avp_check("i:401", "eq/$src_ip/g") )
>>>>>        {
>>>>>            xlog("L_INFO", "\"$si\" == \"$rd\"  ");
>>>>>        }
>>>>>
>>>>> Tavis P wrote:
>>>>>
>>>>>
>>>>>
>>>>>     
>>>>>        
>>>>>
>>>>>> Opps i made a mistake, instead of "avp_write" you need to use
>>>>>> "avp_printf" to store the pseudo variable into an AVP
>>>>>> and when you are doing the comparison with avp_check you need an 
>>>>>> alias
>>>>>> defined for the second AVP otherwise you might end up comparing 
>>>>>> the AVP
>>>>>> with a literal value
>>>>>>
>>>>>>
>>>>>>       modparam( "avpops", "avp_aliases", "dest_ip=i:401" )
>>>>>>
>>>>>>       avp_printf("i:400", "$si");
>>>>>>       avp_printf("i:401", "$rd");
>>>>>>
>>>>>>       if ( avp_check("i:400", "eq/$dest_ip/g") )
>>>>>>       {
>>>>>>           xlog("L_INFO", "\"$si\" == \"$rd\"  ");
>>>>>>       }
>>>>>>
>>>>>>
>>>>>> Norman Brandinger wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>  
>>>>>>       
>>>>>>          
>>>>>>
>>>>>>> I agree that the solution that was presented is BAD for the reasons
>>>>>>> stated by both of us and probably more :)
>>>>>>>
>>>>>>> Perhaps using $Ri after the successful lookup() and comparing it to
>>>>>>> the $src_ip AVP would work.
>>>>>>>
>>>>>>> The problem was trying to compare a pseudo variable with an AVP.
>>>>>>>
>>>>>>>
>>>>>>> The doc <snipped below> does not state that pseudo variables can be
>>>>>>> used by avp_write().
>>>>>>>
>>>>>>> Pseudo-variables can be used with following modules of OpenSER:
>>>>>>>
>>>>>>> * avpops - function “avp_printf()”
>>>>>>> * xlog - functions “xlog()” and “xdbg()”
>>>>>>>
>>>>>>> I did try to use avp_write() to save a pseudo variable to an AVP but
>>>>>>> was unsuccessful.
>>>>>>>
>>>>>>> Do you have an example of writing a pseudo variable to an AVP ?
>>>>>>>
>>>>>>> Regards,
>>>>>>> Norm
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Tavis P wrote:
>>>>>>>
>>>>>>>  
>>>>>>>    
>>>>>>>         
>>>>>>>            
>>>>>>>
>>>>>>>> Another, more lightweight solution, is:
>>>>>>>>
>>>>>>>> After a successful lookup(location) you can compare the received IP
>>>>>>>> address ($si) with the destination domain/ip address returned from
>>>>>>>> the
>>>>>>>> "lookup" function call ($rd), i think these two pieces of 
>>>>>>>> information
>>>>>>>> are reliable for this purpose
>>>>>>>>
>>>>>>>> This way you don't have to make extra database calls to determine
>>>>>>>> locality
>>>>>>>>
>>>>>>>> Also if you want to compare pseudo variables you can first write
>>>>>>>> them to
>>>>>>>> an AVP using "avp_write" and then you can make use of "avp_check"
>>>>>>>> with
>>>>>>>> data sourced from a pseudo variable
>>>>>>>>
>>>>>>>> Norman Brandinger wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>         
>>>>>>>>           
>>>>>>>>              
>>>>>>>>
>>>>>>>>> I have looked into the problem related to saving saving 
>>>>>>>>> resources by
>>>>>>>>> not calling rtpproxy or mediaproxy when both the caller and
>>>>>>>>> callee are
>>>>>>>>> behind the same NAT.
>>>>>>>>>
>>>>>>>>> This topic has been discussed many times however, there have 
>>>>>>>>> been no
>>>>>>>>> "working" examples, or even partial examples posted (that I'm 
>>>>>>>>> aware
>>>>>>>>> of).
>>>>>>>>>
>>>>>>>>> Below is a solution to the problem, but is a BAD hack at best.
>>>>>>>>>
>>>>>>>>> This solution is BAD because AVP's are added to the 
>>>>>>>>> usr_preferences
>>>>>>>>> table during the registration process, but there is no 
>>>>>>>>> notification
>>>>>>>>> that a registration has expired and is no longer valid.  A cron 
>>>>>>>>> job
>>>>>>>>> could be run periodically to delete all received_ip AVP's with no
>>>>>>>>> matching entry in the location table, but this is another hack to
>>>>>>>>> fix
>>>>>>>>> the first hack.
>>>>>>>>>
>>>>>>>>> The solution is BAD because a database calls must be made to save
>>>>>>>>> the
>>>>>>>>> received_ip address into an AVP, then another database call 
>>>>>>>>> must be
>>>>>>>>> made to reload the value just so that it can be tested against the
>>>>>>>>> caller's $src_ip.  A pseudo variable $Ri already exists that
>>>>>>>>> contains
>>>>>>>>> the value we use in received_ip, but I have not been able to 
>>>>>>>>> find a
>>>>>>>>> way for avp_check() to use $Ri.
>>>>>>>>>
>>>>>>>>> The solution is BAD because it will fail when the SIP device(s) 
>>>>>>>>> are
>>>>>>>>> behind more than a single NAT router.  I believe this is not an
>>>>>>>>> issue
>>>>>>>>> for 95% of the users and 99% of the small office or home users.
>>>>>>>>>
>>>>>>>>> I think that a better solution would be to enhance avp_check() to
>>>>>>>>> accept pseudo variables for the "value" parameter.  This would
>>>>>>>>> remove
>>>>>>>>> the need for any database calls.
>>>>>>>>>
>>>>>>>>> I'm cross-posting this response to the developers list to bring 
>>>>>>>>> this
>>>>>>>>> to their attention and ask for suggestions (it's possible that 
>>>>>>>>> I've
>>>>>>>>> totally missed something).  If a decision is made to open the 
>>>>>>>>> avpops
>>>>>>>>> module to pseudo variables (other than just avp_print()), I would
>>>>>>>>> suggest the following be looked at:
>>>>>>>>>
>>>>>>>>> avp_check() the value parm should accept pseudo variables
>>>>>>>>> avp_write() the value parm should accept pseudo variables
>>>>>>>>> avp_pushto() the name parameter should accept pseudo variables
>>>>>>>>> avp_op() the value parameter should accept pseudo variables
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Norm
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 1) During REGISTER processing, place the following code.  I would
>>>>>>>>> suggest that you put the code "after" all authentication checks 
>>>>>>>>> and
>>>>>>>>> "after" the save("location") statement.
>>>>>>>>>
>>>>>>>>> # Delete any previously saved IP addressess from the user.
>>>>>>>>> avp_db_delete("$from/username","s:received_ip");
>>>>>>>>>
>>>>>>>>> # Save the source IP address of the user into an AVP called
>>>>>>>>> received_ip.
>>>>>>>>> # The saved IP address should be the public address of the NAT
>>>>>>>>> router.
>>>>>>>>> avp_write("$src_ip", "s:received_ip");
>>>>>>>>>
>>>>>>>>> # Save the AVP received_ip into the usr_preferences tables
>>>>>>>>> associated
>>>>>>>>> with the user that just registered
>>>>>>>>> avp_db_store("$from/username","s:received_ip");
>>>>>>>>>
>>>>>>>>> 2) During INVITE processing (or wherever you make the decision to
>>>>>>>>> use
>>>>>>>>> or not use rtpproxy / mediaproxy) , place the following code.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> #--------------------------------------------------------------------------- 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> # Are the caller and callee behind the same NAT ?
>>>>>>>>>
>>>>>>>>> #--------------------------------------------------------------------------- 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> avp_db_load("$to/username", "s:received_ip");
>>>>>>>>> if (avp_check("s:received_ip", "eq/$src_ip")) {
>>>>>>>>>  setflag(CALLER_AND_CALLEE_ ARE_BEHIND_THE_SAME_NAT);
>>>>>>>>> };
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Devel mailing list
>>>>>>>>> Devel at openser.org
>>>>>>>>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                              
>>>>>>>>>                 
>>>>>>>>
>>>>>>>>                     
>>>>>>>>               
>>>>>>>
>>>>>>>  
>>>>>>>              
>>>>>>>             
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at openser.org
>>>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>          
>>>>>>           
>>>>>
>>>>>  
>>>>>     
>>>>>         
>>>>
>>>>   
>>>>       
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>  
>>>
>>>     
>>
>>
>>
>>
>>   
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
> 
>

More information about the Users mailing list