[asterisk-bugs] [JIRA] (ASTERISK-29276) stun: Implementation causes delay and does not work in all network topologies.

Chris (JIRA) noreply at issues.asterisk.org
Wed Feb 3 08:38:59 CST 2021 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=253697#comment-253697 ] 

Chris commented on ASTERISK-29276:
----------------------------------

Okay thanks for the update.

I also would like to mention that, if 'icesupport' is enabled in rtp.conf the delay above *blocks* the processing of the dialplan in extensions.conf until the STUN server is resolved or it times out. 
So it's not specifically the SIP channel that is delayed, it's the complete dialplan that blocks.

> stun: Implementation causes delay and does not work in all network topologies.
> ------------------------------------------------------------------------------
>
>                 Key: ASTERISK-29276
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29276
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 16.16.0
>            Reporter: Chris
>            Severity: Major
>
> Despite of the documentation here https://wiki.asterisk.org/wiki/display/~jcolp/ICE,+STUN,+and+TURN+Support Asterisk does *not* implement this RFC rfc5389. Id rather implements RFC https://tools.ietf.org/html/rfc3489 which is known for it's design flaws.
> {quote}
> However, experience since the publication
>    of RFC 3489 has found that classic STUN simply does not work
>    sufficiently well to be a deployable solution.  The address and port
>    learned through classic STUN are sometimes usable for communications
>    with a peer, and sometimes not.  Classic STUN provided no way to
>    discover whether it would, in fact, work or not, and it provided no
>    remedy in cases where it did not.  Furthermore, classic STUN's
>    algorithm for classification of NAT types was found to be faulty, as
>    many NATs did not fit cleanly into the types defined there.
> {quote}
> The current rfc3489 implementation in stun.c also has serious flaws. E.g. it always waits for 3 seconds before doing a retry. 
> This means, if the UDP packet is dropped, you immediately have a delay of 3 seconds before the call starts.
> {quote}
> 	/* Wait for response. */
> 		{
> 			struct pollfd pfds = { .fd = s, .events = POLLIN };
> 			int ms;
> 			//** Reduce to < 200MS
> 			ms = ast_remaining_ms(start, 3000);
> 			if (ms <= 0) {
> 				/* No response, timeout */
> 				res = 1;
> 				continue;
> 			}
> 			res = ast_poll(&pfds, 1, ms);
> 			if (res < 0) {
> 				/* Error */
> 				continue;
> 			}
> 			if (!res) {
> 				/* No response, timeout */
> 				res = 1;
> 				continue;
> 			}
> 		}
> {quote}
> What should be improved :
> - Implement RFC rfc5389 or use 3rd party STUN library (pjsip ?)
> - Improve wait-loop in stun.c 
> - Update the docs reflecting correct RFC



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list