From c2a1b07de1499c44e4d9a47ca4ff8d0a98fa7888 Mon Sep 17 00:00:00 2001
From: lazedo <luis.azedo@factorlusitano.com>
Date: Thu, 10 Jan 2019 11:21:29 +0000
Subject: [PATCH] rework nat

---
 kamailio/default.cfg            | 53 ++++++++++++++++-----------
 kamailio/nat-traversal-role.cfg | 63 ++++++++++++++++++++++-----------
 kamailio/websockets-role.cfg    | 24 +++----------
 3 files changed, 80 insertions(+), 60 deletions(-)

diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index 0d46897..4e0e33b 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -345,7 +345,7 @@ route
     #!endif
 
     #!ifdef NAT_TRAVERSAL_ROLE
-    route(NAT_INITIAL_TEST);
+    route(NAT_DETECT);
     #!endif
 
     route(HANDLE_OPTIONS);
@@ -548,11 +548,20 @@ route[HANDLE_IN_DIALOG_REQUESTS]
     
     if (is_method("INVITE")) {
        setflag(FLAG_SESSION_PROGRESS);
-#       record_route();
     }
 
     if (loose_route()) {
 
+        #!ifdef NAT_TRAVERSAL_ROLE
+        if(!isdsturiset()) {
+            handle_ruri_alias();
+        }
+        if ( is_method("ACK") ) {
+            # ACK is forwarded statelessly
+            route(NAT_MANAGE);
+        }
+        #!endif
+        
         #!ifdef ACCOUNTING_ROLE
         if (is_method("BYE")) {
             setflag(FLAG_ACC);
@@ -560,12 +569,6 @@ route[HANDLE_IN_DIALOG_REQUESTS]
         }
         #!endif
 
-        #!ifdef NAT_TRAVERSAL_ROLE
-        if(!isdsturiset()) {
-            handle_ruri_alias();
-        }
-        #!endif
-
         xlog("L_INFO", "$ci|log|loose_route in-dialog message\n");
         # Called on in-dialog requests
         # If the request in an Invite for on hold from external to internal,
@@ -576,10 +579,10 @@ route[HANDLE_IN_DIALOG_REQUESTS]
         }
 
         # If the request in an Invite for t38 from internal,
-        # mark the request with FLAG_T38
+        # mark the request with FLT_T38
         if (is_method("INVITE") && isflagset(FLAG_INTERNALLY_SOURCED) && sdp_with_media("image")) {
             xlog("L_DEBUG", "$ci|log|T38 RE-INVITE\n");
-            setflag(FLAG_T38);
+            setflag(FLT_T38);
         }
 
         if ( is_method("NOTIFY") ) {
@@ -646,12 +649,24 @@ route[PREPARE_INITIAL_REQUESTS]
     record_route();
 }
 
+# Manage outgoing branches
+branch_route[MANAGE_BRANCH] {
+    xlog("L_DEBUG", "$ci|branch|new branch [$T_branch_idx] to $ru\n");
+    #!ifdef NAT_TRAVERSAL_ROLE
+    route(NAT_MANAGE);
+    #!endif
+}
+
 route[RELAY]
 {
     #!ifdef SIP_TRACE_ROLE
     route(SEND_SIP_TRACE);
     #!endif
-
+    
+    if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
+        if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
+    }
+    
     if (isflagset(FLAG_INTERNALLY_SOURCED)) {
         route(INTERNAL_TO_EXTERNAL_RELAY);
     #!ifdef MESSAGE_ROLE
@@ -717,12 +732,10 @@ onreply_route[EXTERNAL_REPLY]
 {
     xlog("L_INFO", "$ci|log|external reply $T_reply_code\n");
 
-    #!ifdef WEBSOCKETS_ROLE
-    route(NAT_WEBSOCKETS_CORRECT);
-    #!endif
-
     #!ifdef NAT_TRAVERSAL_ROLE
-    route(NAT_REPLY_TEST);
+    if(status=~"[12][0-9][0-9]") {
+        route(NAT_MANAGE);
+    }
     #!endif
 
     #!ifdef ACL_ROLE
@@ -748,12 +761,10 @@ onreply_route[INTERNAL_REPLY]
     xlog("L_INFO", "$ci|start|received internal reply $T_reply_code $T_reply_reason\n");
     xlog("L_INFO", "$ci|log|source $si:$sp\n");
 
-    #!ifdef WEBSOCKETS_ROLE
-    route(NAT_WEBSOCKETS_CORRECT);
-    #!endif
-
     #!ifdef NAT_TRAVERSAL_ROLE
-    route(NAT_REPLY_TEST);
+    if(status=~"[12][0-9][0-9]") {
+        route(NAT_MANAGE);
+    }
     #!endif
 
     #!ifdef ACL_ROLE
diff --git a/kamailio/nat-traversal-role.cfg b/kamailio/nat-traversal-role.cfg
index 33e9c9b..210d7bc 100644
--- a/kamailio/nat-traversal-role.cfg
+++ b/kamailio/nat-traversal-role.cfg
@@ -6,17 +6,27 @@ loadmodule "nathelper.so"
 modparam("nathelper", "received_avp", "$avp(AVP_RECV_PARAM)")
 modparam("nathelper", "sipping_from", "sip:sipcheck@MY_HOSTNAME")
 
-#!trydef KZ_NAT_DETECT    "19"
+#!ifdef WEBSOCKETS_ROLE
+#!trydef KZ_NAT_DETECT 83
+#!else
+#!trydef KZ_NAT_DETECT 19
+#!endif
 
-####### NAT Traversal Logic ########
-route[NAT_INITIAL_TEST]
-{
-   if(nat_uac_test(64)) return();
+#!trydef KZ_NAT_FIX_SDP_REQUEST 1
+#!trydef KZ_NAT_FIX_SDP_REPLY 1
+#!trydef KZ_NAT_SDP_TEST 8
+#!trydef KZ_NAT_SDP_FIX 10
 
-   if(!is_method("INVITE|REGISTER|SUBSCRIBE")) return();
 
+kazoo.nat_fix_sdp_request = KZ_NAT_FIX_SDP_REQUEST descr "performs request sdp replacement of private addresses"
+kazoo.nat_fix_sdp_reply = KZ_NAT_FIX_SDP_REPLY descr "performs reply sdp replacement of private addresses"
+
+####### NAT Traversal Logic ########
+route[NAT_DETECT]
+{
    if ($Rp == "5080") {
        setflag(FLAG_SKIP_NAT_CORRECTION);
+       xlog("L_DEBUG", "$ci|log|skipping nat correction on PORT 5080\n");
    } else {
        if (is_present_hf("Record-Route")) {
            $var(i) = 0;
@@ -42,34 +52,47 @@ route[NAT_INITIAL_TEST]
        return();
    }
 
+   force_rport();
+
    if(nat_uac_test(KZ_NAT_DETECT)) {
-      force_rport();
-      setflag(FLAG_NAT);
+      setflag(FLT_NATS);
       if (!is_method("REGISTER")) {
           if(is_first_hop()) set_contact_alias();
       }
    }
    
-   if (has_body("application/sdp") && nat_uac_test("8")) {
-       fix_nated_sdp("10");
+   if($sel(cfg_get.kazoo.nat_fix_sdp_request) == 1) {
+       if (has_body("application/sdp") && nat_uac_test(KZ_NAT_SDP_TEST)) {
+           fix_nated_sdp(KZ_NAT_SDP_FIX);
+       }
    }
    
 }
 
-route[NAT_REPLY_TEST] 
+route[NAT_MANAGE] 
 {
-   if(nat_uac_test(64)) return();
+   if ( is_request() && isflagset(FLAG_INTERNALLY_SOURCED) && isflagset(FLT_AOR)) {
+        setbflag(FLB_NATB);
+   }
 
-   if(nat_uac_test(KZ_NAT_DETECT)) {
-      setflag(FLAG_NAT);
-      force_rport();
-      set_contact_alias();
+   if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) {
+        return;
    }
-   
-   if (has_body("application/sdp") && nat_uac_test("8")) {
-       fix_nated_sdp("10");
+
+   if (is_reply()) {
+       if(isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
+           if(is_first_hop()) {
+               set_contact_alias();
+           }
+       }
    }
-   
+
+   if($sel(cfg_get.kazoo.nat_fix_sdp_reply) == 1) {
+       if (has_body("application/sdp") && nat_uac_test(KZ_NAT_SDP_TEST)) {
+           fix_nated_sdp(KZ_NAT_SDP_FIX);
+       }
+   }
+
 }
 
 # vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab
diff --git a/kamailio/websockets-role.cfg b/kamailio/websockets-role.cfg
index d17d8d0..7bdaf1c 100644
--- a/kamailio/websockets-role.cfg
+++ b/kamailio/websockets-role.cfg
@@ -33,21 +33,9 @@ route[HANDLE_WEBSOCKETS]
     # connection - even if it is not behind a NAT!
     # This won't be needed in the future if Kamailio and the
     # WebSocket client support Outbound and Path.
+    
+    return();
 
-    if(!is_method("INVITE|REGISTER|PUBLISH|SUBSCRIBE")) return();
-
-    if (nat_uac_test(64)) {
-        setflag(FLAG_NAT);
-        xlog("L_INFO", "$ci|log|this is a websocket request\n");
-        force_rport();
-        if (!is_method("REGISTER")) {
-            if (is_first_hop() && !set_contact_alias()) {
-                xlog("L_INFO", "$ci|stop|error aliasing contact <$ct>\n");
-                sl_send_reply("400", "Bad Request");
-                exit;
-            }
-        }
-    }
 }
 
 route[NAT_WEBSOCKETS_CORRECT]
@@ -56,11 +44,9 @@ route[NAT_WEBSOCKETS_CORRECT]
     # - even if it is not behind a NAT!
     # This won't be needed in the future if Kamailio and the
     # WebSocket client support Outbound and Path.
-    if (nat_uac_test(64)) {
-        xlog("L_INFO", "$ci|log|this is a websocket request\n");
-        setflag(FLAG_NAT);
-        set_contact_alias();
-    }
+
+    return();
+
 }
 
 event_route[xhttp:request]