[OpenSIPS-Users] mediaproxy 2.4.2

Dan Pascu dan at ag-projects.com
Mon Dec 6 09:26:40 CET 2010 

On 2 Dec 2010, at 20:04, Richard Revels wrote:

> Here is the m line from an INVITE/200 after the messages were  
> modified by use_media_proxy in each direction.  The call happened to  
> be mine and although it did not stay up long enough for me to be  
> 100% sure, I think the person on the other end of the line was  
> someone other than the person who called me.

That is very unlikely. When you call use_media_proxy and the relay  
allocates a port pair for an endpoint, it is not possible that that  
port is substituted in another INVITE/reply from a different dialog.  
Of course someone can watch the SIP traffic and see your port and  
initiate a RTP connection to that port before the actual endpoint who  
was supposed to connect there does, but a doubt that was the case  
here. Plus that is not a software bug, but an exploit which is  
actively pursued by someone based on the fact that SIP traffic is not  
encrypted.

> I have only seen the port be offset by two when using the  
> mediaproxy.  Is that not the expected behavior always?
>
> m=audio 52352 RTP/AVP 0 97 18 101.
> m=audio 58676 RTP/AVP 0 101.

While normally ports are +2 apart, that is not always true. the relay  
will keep track of ports which cannot be used because they are already  
in use on the system and remove them from the list, which creates  
gaps. Also, later the relay will put those unavailable ports back in  
the available ports pool in order to be tried again, if their number  
exceeds the available ports number. When this is done, they are not  
placed in their original ordered positions, but added to the end of  
the list, making the ports list fragmented.

There are other details about how ports are organized internally which  
will influence this even under normal usage when all ports are  
available, but I will not dwell into them. Suffice to say that your  
ports will be +2 apart only after you start the relay and before all  
ports in the port range were used once and the port allocation will  
roll over and start from the beginning.

--
Dan

More information about the Users mailing list