[asterisk-bugs] [JIRA] (ASTERISK-23997) Fix for ICE nat

Matt Jordan (JIRA) noreply at issues.asterisk.org
Mon Jul 7 09:34:56 CDT 2014 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-23997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Jordan updated ASTERISK-23997:
-----------------------------------

    Description: 
sipml5 does not work trougth NAT becouse it's can connect to second candidate port if ice is on. You have small logic bug. 
1. You have 2 candidates - port X and port Y.
2. Y = X+1. 
3. Also you have ICE in reply to client: X and Y + 1. Y already +1! 
Result: In ICE answer you have X and X+2.

Its wrong. Port before NAT and after NAT must be some!

before patch:
{code}
a=candidate:Had86137 1 UDP 2130706431 10.216.97.55 54982 typ host
a=candidate:S5bc2e2f0 1 UDP 1694498815 91.194.226.240 54982 typ srflx
a=candidate:Had86137 2 UDP 2130706430 10.216.97.55 54983 typ host
a=candidate:S5bc2e2f0 2 UDP 1694498814 91.194.226.240 54984 typ srflx
{code}

After:
{code}
a=candidate:Had86137 1 UDP 2130706431 10.216.97.55 54982 typ host
a=candidate:S5bc2e2f0 1 UDP 1694498815 91.194.226.240 54982 typ srflx
a=candidate:Had86137 2 UDP 2130706430 10.216.97.55 54983 typ host
a=candidate:S5bc2e2f0 2 UDP 1694498814 91.194.226.240 54983 typ srflx
{code}

Patch:
\[EDIT\]: mjordan

We cannot accept patches inline. Please attach the patch in unified diff format after signing a license agreement.

  was:
sipml5 does not work trougth NAT becouse it's can connect to second candidate port if ice is on. You have small logic bug. 
1. You have 2 candidates - port X and port Y.
2. Y = X+1. 
3. Also you have ICE in reply to client: X and Y + 1. Y already +1! 
Result: In ICE answer you have X and X+2.

Its wrong. Port before NAT and after NAT must be some!

before patch:
{code}
a=candidate:Had86137 1 UDP 2130706431 10.216.97.55 54982 typ host
a=candidate:S5bc2e2f0 1 UDP 1694498815 91.194.226.240 54982 typ srflx
a=candidate:Had86137 2 UDP 2130706430 10.216.97.55 54983 typ host
a=candidate:S5bc2e2f0 2 UDP 1694498814 91.194.226.240 54984 typ srflx
{code}

After:
{code}
a=candidate:Had86137 1 UDP 2130706431 10.216.97.55 54982 typ host
a=candidate:S5bc2e2f0 1 UDP 1694498815 91.194.226.240 54982 typ srflx
a=candidate:Had86137 2 UDP 2130706430 10.216.97.55 54983 typ host
a=candidate:S5bc2e2f0 2 UDP 1694498814 91.194.226.240 54983 typ srflx
{code}

Patch:

{code}
--- asterisk-11.10.0/channels/chan_sip.c        2014-05-13 21:40:00.000000000 +0400
+++ as
terisk-11.10.0-fixed/channels/chan_sip.c  2014-06-23 17:38:13.338896511 +0400
@@ -12653,7 +12653,7 @@

                if (candidate->type == AST_RTP_ICE_CANDIDATE_TYPE_SRFLX
                        && candidate->id == AST_RTP_ICE_COMPONENT_RTCP) {
-                       ast_str_append(a_buf, 0, "%d typ ", ast_sockaddr_port(&candidate->address) + 1);
+                       ast_str_append(a_buf, 0, "%d typ ", ast_sockaddr_port(&candidate->address) );
                } else {
                        ast_str_append(a_buf, 0, "%s typ ", ast_sockaddr_stringify_port(&candidate->address));
                }
{code}


> Fix for ICE nat
> ---------------
>
>                 Key: ASTERISK-23997
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23997
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/WebSocket
>    Affects Versions: 11.10.0
>            Reporter: Badalian Vyacheslav
>            Severity: Critical
>
> sipml5 does not work trougth NAT becouse it's can connect to second candidate port if ice is on. You have small logic bug. 
> 1. You have 2 candidates - port X and port Y.
> 2. Y = X+1. 
> 3. Also you have ICE in reply to client: X and Y + 1. Y already +1! 
> Result: In ICE answer you have X and X+2.
> Its wrong. Port before NAT and after NAT must be some!
> before patch:
> {code}
> a=candidate:Had86137 1 UDP 2130706431 10.216.97.55 54982 typ host
> a=candidate:S5bc2e2f0 1 UDP 1694498815 91.194.226.240 54982 typ srflx
> a=candidate:Had86137 2 UDP 2130706430 10.216.97.55 54983 typ host
> a=candidate:S5bc2e2f0 2 UDP 1694498814 91.194.226.240 54984 typ srflx
> {code}
> After:
> {code}
> a=candidate:Had86137 1 UDP 2130706431 10.216.97.55 54982 typ host
> a=candidate:S5bc2e2f0 1 UDP 1694498815 91.194.226.240 54982 typ srflx
> a=candidate:Had86137 2 UDP 2130706430 10.216.97.55 54983 typ host
> a=candidate:S5bc2e2f0 2 UDP 1694498814 91.194.226.240 54983 typ srflx
> {code}
> Patch:
> \[EDIT\]: mjordan
> We cannot accept patches inline. Please attach the patch in unified diff format after signing a license agreement.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list