New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for 192.0.0.0/24 as NATed source (follow-up) #2277
Comments
Thanks for the report. Just briefly looked into the RFC, is the net 192.0.0.0/29 not defined as: There is code in nathelper for this net: |
@henningw you're right, I incorrectly assumed 192.0.0.0/24 subnet. IP was 192.0.0.254 While on this topic, does it mean 192.0.0.0/24 isn't a private net to be included in NATed check? https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml |
This network is allocated to be used from IETF only. So I don't think it should be detected from a NAT check, it is not meant to be used as a source or destination.
|
@henningw - I am not sure how to deal correctly in this case. But I would rather consider it a natted source is if is reserved for special purposes, or, in other words, not allocated for direct IP routing over Internet.
Even such address it is supposed not be used, apparently it is because @ZeusCa got traffic with headers using an IP from the range. Could be a misconfigured router or network, but if the traffic is from residential users, it can be hard to ask them to fix it. Without treating it as nat, calls will fail to connect properly. Maybe an option is to add a modparam to control if one wants to match also against "reserved ranges of addresses", besides what is listed now in the array |
@mincona It is indeed a strange case. I could be of course added as as module parameter, e.g. by a pull request. I thought it is not a bug, therefore I closed this issue. |
Edited the title to reflect it is about |
- if set to 0, default private net addresses are checked by nat_uac_test() - if set to 1, other reserved net addresses are checked by nat_uac_test() - default 1 (reserved addresses are considered not routable) - related at GH #2277
It should be supported now in the master branch (related commit reference above). I set it on by default, because a reserved network address is not supposed to be directly routable currently. It can be changed by the new I am closing this issue, can be reopen should be something more to be addressed here. |
Thanks Daniel - fine with me to have it activated by default. But good to have it configurable if in the future it changes again. |
Thinking that this could be eligible to be backported, provided that @ZeusCa can test and confirm it works fine. Otherwise stable deployments might not get calls properly connected by not detecting this kind of a non-routable address. Personally I haven't faced such case, so I am fine either way. |
In a dev environment using master branch, Also tested with Looks good to me! kamailio -V Was able to test only in a 200 OK reply:
|
Description
Follow-up to previous closed PR #1488
Had a chance to catch a live call involving rfc7335 private IPs.
It seems like either nat_uac_test() or more likely fix_nated_sdp() doesn't catch the 192.0.0.0/29 subnet as private.
Troubleshooting
Reproduction
route[NATMANAGE] {
...
if (nat_uac_test("8"))
fix_nated_sdp("15");
...
}
Debugging Data
Log Messages
SIP Traffic
Possible Solutions
Additional Information
kamailio -v
The text was updated successfully, but these errors were encountered: