[OpenSIPS-Devel] SF.net SVN: opensips:[5933] branches/1.5
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Wed Aug 5 00:48:47 CEST 2009
Dan Pascu wrote:
> On Tuesday 04 August 2009, Bogdan-Andrei Iancu wrote:
>
>> I thought of this in the first thing, but (as documented), if the the
>> port or proto is missing, the grep function assumes ANY and not a
>> default value. And actually the function is used in other part with the
>> ANY behaviour.
>>
>
> Anyway, in the case of the nat_traversal module, the fix is only if one wants
> to be extremely cautious.
Correct - even if the data is generated and used by the modules, the
fact that is stored somewhere it can be changed (like DB, files, etc),
just justify a check - anyhow it is a very simple check.
> The values the nat_traversal reads are the ones that
> were written by itself at shutdown. The only way to read something invalid
> back is if the user modifies it, however the file has an explicit and strong
> warning against being modified. Finally, if one ignores the warning and still
> modifies the file, then I don't think that adding the default port would help
> in any way, as if the socket address may not be right (port may be different),
> NAT cannot be traversed back, so I think the original behavior or ignoring
> that entry because it doesn't match any entry in the socket list is better
> than trying to send from the wrong port, which would not work anyway.
>
assuming the data was altered, without the fix, a totally different
socket could be used (see the example with RR in the bug report). It is
not about not pinging, but pinging from the wrong socket.
Regards,
Bogdan
More information about the Devel
mailing list