Ok, it may be small hole, but GnuGK must not accept RTP packets from third address. For example: IP1,IP1,IP1,IP2,IP1,IP2,IP1,IP2,IP1,IP2 OK IP1,IP2,IP1,IP2,IP2,IP3,IP2,IP3,IP2,IP3 OK (may be dynamic routing) but IP1,IP2,IP1,IP2,IP3,IP1,IP2,IP3,IP1,IP2,IP3 - intrusion, we must ignore packets from IP3. Case, when IP3 sends first packet before IP2, have too low probability. IP3 must permanently (and before session start) send packets to specific port, and it can be detected.
This is what is natively does now so it can get the port from the NAT box however it will only recognize the address it has for the Endpoint and will not accept any other. Having looked closely at the code, I cannot easily see how to make this change work. If you cannot match the IP address with the socket address, how would you know which socket (forward or reverse) to set. If you set the wrong address to the wrong socket it would cause a whole lot more problems. I think the fix your asking for would be very difficult to implement properly....Sorry but either Jan or Michal would need to look at this.
Simon ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
