[asterisk-dev] [Code Review] Add a SIP nat=auto setting

Kevin P. Fleming kpfleming at digium.com
Fri Jan 27 10:11:43 CST 2012 

On 01/27/2012 10:05 AM, Luke Hamburg wrote:
> This is a really useful patch!

I'm curious as to what this patch resolves for you; do you have 
endpoints that do not operate properly with 'nat=yes' (or 'force_rport' 
or 'comedia' separately)? If so, what are they, and do you know why this 
is the case?

>
> One question:
>
> Would nat=auto be valid for the [general] context of sip.conf as well?
> Or should this always be explicitly yes/no.  I ask because after the
> recent vulnerability related to having disparate nat= settings for peers
> I haven't been setting the nat= value per-peer, and instead set it once
> at [general].
>
> Luke
>
> *From:*asterisk-dev-bounces at lists.digium.com
> [mailto:asterisk-dev-bounces at lists.digium.com] *On Behalf Of *Simon
> Perreault
> *Sent:* Friday, January 27, 2012 8:55 AM
> *To:* Simon Perreault; Terry Wilson; Asterisk Developers
> *Subject:* Re: [asterisk-dev] [Code Review] Add a SIP nat=auto setting
>
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1698/
>
> Ship it!
>
> Looks good.
>
>
>
> It is similar to what Cisco SBC does:
>
> http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/sbc_nat.html#wp1000953
>
>
>
> Could nat=auto become the new default?
>
> */trunk/channels/chan_sip.c
> <https://reviewboard.asterisk.org/r/1698/diff/2/?file=23678#file23678line16228>
> *(Diff revision 2) **
>
> static void check_via(struct sip_pvt *p, struct sip_request *req)
>
> 		
>
> *16228***
>
> 	
>
>                                     ast_debug(3,  "Global nat=auto, so force nat=yes so we reply to non-peers like we would peers.\n");
>
> The use of the term"peer"  is confusing me. I have no idea what the sentence means.
>
> - Simon
>
> On January 26th, 2012, 8:28 p.m., Terry Wilson wrote:
>
> Review request for Asterisk Developers.
>
> By Terry Wilson.
>
> /Updated Jan. 26, 2012, 8:28 p.m./
>
>
>   Description
>
> First, this patch as originally posted is from JIRA user pedro-garcia. It has been in JIRA for a long while, and has finally come up to be considered. There were some changes that I wanted to made to the original patch, so I tried contacting the author to get them to put the patch on reviewboard, but after a week I got no response. So, I'm putting the original patch up, then will immediately add a review with my changes. Many thanks to pedro-garcia for his contribution.
>
>
>
>  From the JIRA issue:
>
>
>
> I have some devices in the following scenario:
>
>
>
> Asterisk server with public IP address
>
> Mobile devices (clients):
>
>
>
> When in internal network, no NAT between the client and the server
>
> When in"roaming"  (i.e. a Hotel with WiFi), the client is behing a NAT
>
> When in 3G, operator transparent sip proxy so it looks as no NAT, but does not support symmetric RTP.
>
> Sometime, the device gets a public IP with no NAT at all.
>
> No NAT setting available in asterisk works for all these scenarios at the same time, and I can not request the user to activate different accounts depending on its location.
>
>
>
> I have added a new NAT setting (nat=auto) to the current ones. When set, chan_sip auto detects from the Via header, the recv sockaddr, and the rport setting if the client is behind a NAT.
>
>
>
> It also adds to cli interface results (sip show peer/s) info on this (so now you could see"N"  for NAT and nothing for no NAT as before,"a"  for auto detect no NAT, and"A"  for autodetect NAT.
>
>
>   Testing
>
> Lots of reloads with changing values, and registry natted and un-natted phones. I also set the nat_supertest in testsuite to run with nat=auto to make sure that it responded the same with existing and non-existing peers.
>
> *Bugs: *ASTERISK-17860
> <https://issues.asterisk.org/jira/browse/ASTERISK-17860>
>
>
>   Diffs
>
>   * /trunk/channels/chan_sip.c (352610)
>   * /trunk/channels/sip/include/sip.h (352610)
>   * /trunk/configs/sip.conf.sample (352610)
>
> View Diff <https://reviewboard.asterisk.org/r/1698/diff/>
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>     http://lists.digium.com/mailman/listinfo/asterisk-dev


-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

More information about the asterisk-dev mailing list