Today I have found one more problem, may be caused by disabling address check. If ICE enabled (in both agents) and I break direct route - media stream not goes over provider mediagate, no media traffic totally. So I not see solution now, may be you invent something if possible of course. 2011/9/23 Sa?l Ibarra Corretg? <saul at ag-projects.com>: > Hi, > > On Sep 22, 2011, at 1:06 PM, Benny Prijono wrote: > >> On Wed, Sep 21, 2011 at 9:00 PM, Dmitry (MicroSIP) <info at microsip.org.ua> wrote: >>> Thanks for answer. >>> You are right, I have found this in >>> http://tools.ietf.org/html/draft-ietf-mmusic-ice-19#section-15 >>> I see that ICE can work via TSL, but this is not deal. >>> >>> But I can not understand this position of authors of ICE standard: >>> >>> ?"Unfortunately, many ALG are known to work poorly in these corner >>> ? cases. ?ICE does not try to work around broken ALGs, as this is >>> ? outside the scope of its functionality. ?ICE can help diagnose these >>> ? conditions, which often show up as a mismatch between the set of >>> ? candidates and the m and c lines and rtcp attributes. ?The ice- >>> ? mismatch attribute is used for this purpose." >>> >>> ICE can work, why not allow this? >>> I think many SIP providers modifies the SDP, probably for better compatibility. >>> >>> What can do? I propose to add option in pjsua, for disable address >>> check. I can not see problems and security issues that can be here. >>> Also ICE in draft currently. >>> >>> Something like this: >>> pjsua_media_config media_cfg; >>> media_cfg.ice_address_check = PJ_TRUE | PJ_FALSE; >>> >> >> Yeah, that could be a good idea actually. It'll make the protocol >> tries harder in finding a connectivity. Rather than just disabling the >> check, I'm thinking that we could add the default address as one of >> the remote candidate, so it gets checked as well. >> > > Looks to me that this can only work if both ends implement this workaround. > > Benny, even if you add your own address as a candidate chances are the server replaced the c line with some relay server IP address, which you don't know in advance. > > When we tried to solve this, we did it in the server, because it's the one mangling the packets, you can't know what the server will do AFAIK. > > > Regards, > > -- > Sa?l Ibarra Corretg? > AG Projects > > > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >
