[asterisk-bugs] [Asterisk 0008855]: nat=no is not RFC 3261 compliant regarding sending responses

noreply at bugs.digium.com noreply at bugs.digium.com
Wed Jul 23 03:39:25 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=8855 
====================================================================== 
Reported By:                mikma
Assigned To:                kpfleming
====================================================================== 
Project:                    Asterisk
Issue ID:                   8855
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!): 51305 
Disclaimer on File?:        Yes 
Request Review:              
====================================================================== 
Date Submitted:             01-19-2007 14:32 CST
Last Modified:              07-23-2008 03:39 CDT
====================================================================== 
Summary:                    nat=no is not RFC 3261 compliant regarding sending
responses
Description: 
A note should be added to sip.conf.sample that using nat=no makes Asterisk
send responses to the address in the "sent-by" value instead of using the
source address of the request. This doesn't comply with RFC 3261 section
18.2.1 and 18.2.2.


   RFC 3261 section 18.2.1 Receiving Requests

   If the host portion of the "sent-by" parameter
   contains a domain name, or if it contains an IP address that differs
   from the packet source address, the server MUST add a "received"
   parameter to that Via header field value.  This parameter MUST
   contain the source address from which the packet was received.  This
   is to assist the server transport layer in sending the response,
   since it must be sent to the source IP address from which the request
   came.


   RFC 3261 section 18.2.2 Sending Responses.

         Otherwise (for unreliable unicast transports), if the top Via
         has a "received" parameter, the response MUST be sent to the
         address in the "received" parameter

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
has duplicate       0012577 Asterisk MUST add VIA "received&qu...
has duplicate       0013008 [patch] chan_sip ignores rport and does...
====================================================================== 

---------------------------------------------------------------------- 
 ibc - 07-23-08 03:39  
---------------------------------------------------------------------- 
Replies to question of Kpflemming:


> 1) Is there ever a case where we will send our response for a SIP
request to
> an address/port *OTHER* than the one we received it from?

* In UDP:
Yes, the case in which a client is behind NAT (so received port is
different than the indicated in "Via") and the peer is not configured with
"nat=force_rport/rfc3581" or "nat=yes". In this case the response would be
sent to received IP address and port in original "Via" (so it will fail).

* In TCP:
No, in TCP a response MUST be *always* sent using the same connection. In
fact, AFAIK using "received" and/or "rport" in TCP is competely useless
(but mandatory). If the response can't be sent using the same connection
then RFC 3261 should be performed for the "sent-by" host indicated in the
original "Via" (I think this is competely useless and IMHO I wouldn't
implement replies failover at all).


 
> 2) Is RFC3581 *PURELY* informational? If so, it should be broken out
into a
> separate configuration option or made clearer that that is the case.
Based
> on comments in the code, the only reason it was added was to help some
buggy
> phone firmware in the distant past that broke if it received an 'rport'
tag
> in our Via header.

"rport" is mandatory if the client includes it in its request. We can also
force (add) it ot the request and it shouldn't generate problems in the
client (that MUST ignore "Via" parameters that doesn't understand).


> 3) Is there any real need to *DISABLE* NAT mode, and if so, what exactly
are
> we disabling?

I don't think so. You could use more complex options as:
- force_rport=yes/no
- use_comedia_mode=yes/no
but I think they are more doifficult to understand. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-23-08 03:39  ibc            Note Added: 0090598                          
======================================================================

More information about the asterisk-bugs mailing list