From 419bed5d83b8f7442d900678755b84361cfb961b Mon Sep 17 00:00:00 2001 From: lazedo Date: Thu, 10 Jan 2019 06:06:12 +0000 Subject: [PATCH] rework nat with set_contact_alias/handle_ruri_alias --- kamailio/default.cfg | 28 +++------ kamailio/nat-traversal-role.cfg | 102 +++++++++++++++++++------------- kamailio/presence-notify.cfg | 6 ++ kamailio/presence-role.cfg | 7 +-- kamailio/registrar-role.cfg | 30 ++++------ kamailio/websockets-role.cfg | 13 ++-- 6 files changed, 99 insertions(+), 87 deletions(-) diff --git a/kamailio/default.cfg b/kamailio/default.cfg index ade6840..66e4548 100644 --- a/kamailio/default.cfg +++ b/kamailio/default.cfg @@ -344,6 +344,10 @@ route route(HANDLE_WEBSOCKETS); #!endif + #!ifdef NAT_TRAVERSAL_ROLE + route(NAT_INITIAL_TEST); + #!endif + route(HANDLE_OPTIONS); route(HANDLE_NOTIFY); @@ -452,10 +456,6 @@ route[HANDLE_OPTIONS] } #!endif - #!ifdef NAT_TRAVERSAL_ROLE - route(NAT_TEST_AND_CORRECT); - #!endif - sl_send_reply("200", "Rawr!!"); } exit; @@ -487,14 +487,6 @@ route[HANDLE_NOTIFY] } #!endif - #!ifdef WEBSOCKETS_ROLE - route(NAT_WEBSOCKETS_CORRECT); - #!endif - - #!ifdef NAT_TRAVERSAL_ROLE - route(NAT_TEST_AND_CORRECT); - #!endif - if($hdr(Event) == "keep-alive") { xlog("L_INFO", "$ci|stop|replying to keep alive\n"); sl_send_reply("405", "Stay Alive / Method Not Allowed"); @@ -704,12 +696,6 @@ route[EXTERNAL_TO_INTERNAL_RELAY] } #!endif - #!ifdef NAT_TRAVERSAL_ROLE - if (!isflagset(FLAG_INTERNALLY_SOURCED)) { - route(NAT_TEST_AND_CORRECT); - } - #!endif - remove_hf_re("^X-.*"); append_hf("X-AUTH-IP: $si\r\n"); @@ -736,7 +722,7 @@ onreply_route[EXTERNAL_REPLY] #!endif #!ifdef NAT_TRAVERSAL_ROLE - route(NAT_TEST_AND_CORRECT); + route(NAT_REPLY_TEST); #!endif #!ifdef ACL_ROLE @@ -766,6 +752,10 @@ onreply_route[INTERNAL_REPLY] route(NAT_WEBSOCKETS_CORRECT); #!endif + #!ifdef NAT_TRAVERSAL_ROLE + route(NAT_REPLY_TEST); + #!endif + #!ifdef ACL_ROLE setflag(FLAG_IS_REPLY); route(ACL_CHECK); diff --git a/kamailio/nat-traversal-role.cfg b/kamailio/nat-traversal-role.cfg index 8e66e98..33e9c9b 100644 --- a/kamailio/nat-traversal-role.cfg +++ b/kamailio/nat-traversal-role.cfg @@ -6,50 +6,70 @@ loadmodule "nathelper.so" modparam("nathelper", "received_avp", "$avp(AVP_RECV_PARAM)") modparam("nathelper", "sipping_from", "sip:sipcheck@MY_HOSTNAME") -#!trydef KZ_NAT_CONTACT_DETECT "1" -#!trydef KZ_NAT_PORT_DETECT "2" +#!trydef KZ_NAT_DETECT "19" ####### NAT Traversal Logic ######## -route[NAT_TEST_AND_CORRECT] +route[NAT_INITIAL_TEST] { - if (is_present_hf("Record-Route")) { - $var(i) = 0; - $var(rr_count) = $rr_count; - while($var(i) < $var(rr_count)) { - $var(rr_base) = $(hdr(Record-Route)[$var(i)]); - $var(rr_idx) = 0; - $var(rr) = $(var(rr_base){s.select,$var(rr_idx),,}); - while($var(rr) != $null && $var(rr) != "") { - $var(i) = $var(i) + 1; - if (!is_myself("$(var(rr){nameaddr.uri})")) { - setflag(FLAG_SKIP_NAT_CORRECTION); - xlog("L_DEBUG", "$ci|log|skipping nat correction on record-route $(var(rr){nameaddr.uri})\n"); - } - $var(rr_idx) = $var(rr_idx) + 1; - $var(rr) = $(var(rr_base){s.select,$var(rr_idx),,}); - } - } - } else if ($Rp == "5080") { - setflag(FLAG_SKIP_NAT_CORRECTION); - } - - if (isflagset(FLAG_SKIP_NAT_CORRECTION)) { - return(); - } - - if (nat_uac_test(KZ_NAT_PORT_DETECT)) { - xlog("L_DEBUG", "$ci|nat|forcing rport\n"); - force_rport(); - } - - if (nat_uac_test(KZ_NAT_CONTACT_DETECT)) { - xlog("L_DEBUG", "$ci|nat|contact correction\n"); - fix_nated_contact(); - } - - if (has_body("application/sdp") && nat_uac_test("8")) { - fix_nated_sdp("10"); - } + if(nat_uac_test(64)) return(); + + if(!is_method("INVITE|REGISTER|SUBSCRIBE")) return(); + + if ($Rp == "5080") { + setflag(FLAG_SKIP_NAT_CORRECTION); + } else { + if (is_present_hf("Record-Route")) { + $var(i) = 0; + $var(rr_count) = $rr_count; + while($var(i) < $var(rr_count)) { + $var(rr_base) = $(hdr(Record-Route)[$var(i)]); + $var(rr_idx) = 0; + $var(rr) = $(var(rr_base){s.select,$var(rr_idx),,}); + while($var(rr) != $null && $var(rr) != "") { + $var(i) = $var(i) + 1; + if (!is_myself("$(var(rr){nameaddr.uri})")) { + setflag(FLAG_SKIP_NAT_CORRECTION); + xlog("L_DEBUG", "$ci|log|skipping nat correction on record-route $(var(rr){nameaddr.uri})\n"); + } + $var(rr_idx) = $var(rr_idx) + 1; + $var(rr) = $(var(rr_base){s.select,$var(rr_idx),,}); + } + } + } + } + + if (isflagset(FLAG_SKIP_NAT_CORRECTION)) { + return(); + } + + if(nat_uac_test(KZ_NAT_DETECT)) { + force_rport(); + setflag(FLAG_NAT); + if (!is_method("REGISTER")) { + if(is_first_hop()) set_contact_alias(); + } + } + + if (has_body("application/sdp") && nat_uac_test("8")) { + fix_nated_sdp("10"); + } + +} + +route[NAT_REPLY_TEST] +{ + if(nat_uac_test(64)) return(); + + if(nat_uac_test(KZ_NAT_DETECT)) { + setflag(FLAG_NAT); + force_rport(); + set_contact_alias(); + } + + if (has_body("application/sdp") && nat_uac_test("8")) { + fix_nated_sdp("10"); + } + } # vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab diff --git a/kamailio/presence-notify.cfg b/kamailio/presence-notify.cfg index 437c43c..51e961d 100644 --- a/kamailio/presence-notify.cfg +++ b/kamailio/presence-notify.cfg @@ -32,6 +32,12 @@ route[PRESENCE_LOCAL_NOTIFY] record_route(); } + #!ifdef NAT_TRAVERSAL_ROLE + if(!isdsturiset()) { + handle_ruri_alias(); + } + #!endif + #!ifdef SIP_TRACE_ROLE route(SEND_SIP_TRACE); #!endif diff --git a/kamailio/presence-role.cfg b/kamailio/presence-role.cfg index f86720c..dbb4b0f 100644 --- a/kamailio/presence-role.cfg +++ b/kamailio/presence-role.cfg @@ -80,12 +80,9 @@ kazoo.presence_max_call_per_presentity = KZ_PRESENCE_MAX_CALL_PER_PRESENTITY des #!ifdef NAT_TRAVERSAL_ROLE route[PRESENCE_NAT] { - force_rport(); - if (client_nat_test("3")) { - if(is_first_hop()) - set_contact_alias(); + if (isflagset(FLAG_NAT)) { + nat_keepalive(); } - nat_keepalive(); } #!endif diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg index 978dc3f..adbf71e 100644 --- a/kamailio/registrar-role.cfg +++ b/kamailio/registrar-role.cfg @@ -95,24 +95,20 @@ route[HANDLE_REGISTER] resetbflag(FLB_NATB); resetbflag(FLB_NATSIPPING); - #!ifdef NAT_TRAVERSAL_ROLE - if (nat_uac_test("3")) { - xlog("L_INFO", "$ci|log|correcting NATed contact in registration\n"); - force_rport(); - } - fix_nated_register(); - - ## KAZOO-1846: Cisco SPA8000 freaks out on options pings - if (!($ua =~ "Linksys/SPA8000" - || $ua =~ "SIPp" - || (af==INET6) - )) { - setbflag(FLB_NATB); - setbflag(FLB_NATSIPPING); + if (isflagset(FLAG_NAT)) { + fix_nated_register(); + + ## KAZOO-1846: Cisco SPA8000 freaks out on options pings + if (!($ua =~ "Linksys/SPA8000" + || $ua =~ "SIPp" + || (af==INET6) + )) { + setbflag(FLB_NATB); + setbflag(FLB_NATSIPPING); + } + } else { + $avp(AVP_RECV_PARAM) = $su; } - #!else - $avp(AVP_RECV_PARAM) = $su; - #!endif route(ATTEMPT_AUTHORIZATION); diff --git a/kamailio/websockets-role.cfg b/kamailio/websockets-role.cfg index 3d28127..d17d8d0 100644 --- a/kamailio/websockets-role.cfg +++ b/kamailio/websockets-role.cfg @@ -33,13 +33,15 @@ route[HANDLE_WEBSOCKETS] # connection - even if it is not behind a NAT! # This won't be needed in the future if Kamailio and the # WebSocket client support Outbound and Path. + + if(!is_method("INVITE|REGISTER|PUBLISH|SUBSCRIBE")) return(); + if (nat_uac_test(64)) { + setflag(FLAG_NAT); xlog("L_INFO", "$ci|log|this is a websocket request\n"); force_rport(); - if (is_method("REGISTER")) { - fix_nated_register(); - } else { - if (!add_contact_alias()) { + if (!is_method("REGISTER")) { + if (is_first_hop() && !set_contact_alias()) { xlog("L_INFO", "$ci|stop|error aliasing contact <$ct>\n"); sl_send_reply("400", "Bad Request"); exit; @@ -56,7 +58,8 @@ route[NAT_WEBSOCKETS_CORRECT] # WebSocket client support Outbound and Path. if (nat_uac_test(64)) { xlog("L_INFO", "$ci|log|this is a websocket request\n"); - add_contact_alias(); + setflag(FLAG_NAT); + set_contact_alias(); } }