[OpenSIPS-Devel] SF.net SVN: opensips:[5933] branches/1.5

[Bogdan-Andrei Iancu]

Dan Pascu wrote:
> On Tuesday 04 August 2009, Bogdan-Andrei Iancu wrote:
>   
>> I thought of this in the first thing, but (as documented), if the the 
>> port or proto is missing, the grep function assumes ANY and not a 
>> default value. And actually the function is used in other part with the 
>> ANY behaviour.
>>     
>
> Anyway, in the case of the nat_traversal module, the fix is only if one wants 
> to be extremely cautious. 
Correct - even if the data is generated and used by the modules, the 
fact that is stored somewhere it can be changed (like DB, files, etc), 
just justify a check - anyhow it is a very simple check.
> The values the nat_traversal reads are the ones that 
> were written by itself at shutdown. The only way to read something invalid 
> back is if the user modifies it, however the file has an explicit and strong 
> warning against being modified. Finally, if one ignores the warning and still 
> modifies the file, then I don't think that adding the default port would help 
> in any way, as if the socket address may not be right (port may be different), 
> NAT cannot be traversed back, so I think the original behavior or ignoring 
> that entry because it doesn't match any entry in the socket list is better 
> than trying to send from the wrong port, which would not work anyway.
>   
assuming the data was altered, without the fix, a totally different 
socket could be used (see the example with RR in the bug report). It is 
not about not pinging, but pinging from the wrong socket.

Regards,
Bogdan