On Monday 30 October 2006 13:02, Klaus Darilion wrote: > Dan Pascu wrote: > > Commit Log: > > - Added ability to specify the NAT IP address of the signaling via > > and AVP If this AVP is set, it should contain an IP address that will > > be used as the address of the NAT from where the SIP signaling > > originated, else src_ip > > Hi Dan! > > Is this only for sending RTP or also for signing-in into the mediaproxy > session.
This is for signing in. It needs to know the NAT IP address from where the signaling originated to be able to estimate the probable RTP media originating address. This is used for both identifying the caller/called parties as well as to provide a protection against someone trying to steal the media session and impersonate one endpoint of the call. It also offers protection against DOS attacks which could otherwise disrupt the media sessions. > > What about an option to allow joining a session from every IP address? Putting aside the security reasons shown above, because mediaproxy uses only 1 socket per media stream it needs to correctly identify the caller and called parties. If signing in would be allowed from any IP address, then after you signed in IP1 as the caller, when IP2 comes in how do you know if it is the called party or the caller has just changed the IP address (some SBC's do this and is really annoying). Where would you sign in this new IP, as the caller or the called? Even more, after both have signed in, if a new IP address comes, how do you know if it is the caller or the called who have changed the media IP and where would this new IP be signed in? -- Dan _______________________________________________ Devel mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/devel
