Hi Pablo,
On Fri, Feb 15, 2019 at 1:02 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> Hi Alin,
>
> On Mon, Dec 24, 2018 at 08:15:19AM +0100, Alin Nastac wrote:
> > When enabled, the sip_external_media logic will leave SDP
> > payload untouched when it detects that interface towards INVITEd
> > party is the same with the one towards media endpoint.
> >
> > The typical scenario for this logic is when a LAN SIP agent has more
> > than one IP address (uses a different address for media streams than
> > the one used on signalling stream) and it also forwards calls to a
> > voice mailbox located on the WAN side. In such case sip_direct_media
> > must be disabled (so normal calls could be handled by the SIP
> > helper), but media streams that are not traversing this router must
> > also be excluded from address translation (e.g. call forwards).
>
> This patch got stuck in my queue right before holidays. I'm very sorry
> about that.
>
> Still one more question: Now that we have explicit helper assignment
> via rule, and assuming automatic helper assignment is deprecated
> (actually, disabled by default these days since it is unsecure [1]).
>
> Would it be possible to skip this via explicit ruleset policy?
Parameters such as sip_direct_signalling and sip_external_media
(latter being implemented in this patch) are global switches. I guess
we can implement them as sip helper parameters configurable through
the rule that enables the helper, but I haven't found yet a helper
that has such parameters ("-j CT --helper xxx" rules don't allow
passing any additional helper parameters). Probably their values will
have to be stored in nf_ct_sip_master struct associated with the
master conntrack.
For instance, ftp helper use such global switch called loose. How
would you propose to pass the value of this parameter in a helper
assignment rule?
