Session Initiation Protocol

Session Initiation Protocol

[Calum]

Hello all,

With SIP soon to be huge, especially with 3G phones, is there any work 
underway to make a sip_masq module, a la FTP, or IRC?

I work in a test lab where we deal with SIP, and would be willing to help out 
if testing were needed. (tcpdump captures, etc)

If iptables beat the other firewall solutions to it (I think CheckPoint NG 
supports it) , it would probably be contemplated for a lot of firewall 
installations. And that can only be a good thing :)

Here is the SIP RFC.
(I cursed them when I found out that it didn't work through NAT. Although, 
with IPv6, we might not need it as much)
http://www.ietf.org/rfc/rfc2543.txt


Keep up the good work anyway.

Calum

Re: Session Initiation Protocol

[Nils Ohlmeier]

Hello Calum,

i'm not speaking for the netfilter team but i'm also working in a lab which 
deals with SIP.

On Thursday 05 September 2002 16:25, Calum wrote:
> With SIP soon to be huge, especially with 3G phones, is there any work
> underway to make a sip_masq module, a la FTP, or IRC?

As far as i know: no. 
Search the mailinglist for previous discussions about this topic.
Maybe http://fcpd.berlios.de as an application level gateway approach is 
inetresting for you.

> I work in a test lab where we deal with SIP, and would be willing to help
> out if testing were needed. (tcpdump captures, etc)

If you work in a test lab, you should be aware of the problems: 
- domain names in the protocol
- encryption is possible and makes NAT impossible
- masquerading the initiation protocol is not enough, because you also have to 
masquerade the content protocols (which ever this will be; RTP in most 
cases).

> Here is the SIP RFC.
> (I cursed them when I found out that it didn't work through NAT. Although,
> with IPv6, we might not need it as much)
> http://www.ietf.org/rfc/rfc2543.txt

RFC3261 (http://www.ietf.org/rfc/rfc3261.txt?number=3261) makes RFS2543 
obsolete.

Regards
   Nils Ohlmeier

Re: Session Initiation Protocol

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1614 bytes --]

On Fri, Sep 06, 2002 at 03:54:00PM +0200, Nils Ohlmeier wrote:
> On Thursday 05 September 2002 16:25, Calum wrote:
> > With SIP soon to be huge, especially with 3G phones, is there any work
> > underway to make a sip_masq module, a la FTP, or IRC?
> 
> As far as i know: no. 

This is true.  I have this on my TODO list (there are people wanting to
sponsor me for implementing SIP/SDP conntrack+nat) - but I don't have the
time before november/december this year.

> Search the mailinglist for previous discussions about this topic.
> Maybe http://fcpd.berlios.de as an application level gateway approach is 
> inetresting for you.

the problem is that FCP never went beyound the ietf draft, since there is
now a MIDCOM working group trying to design a new protocol.

> If you work in a test lab, you should be aware of the problems: 
> - domain names in the protocol
> - encryption is possible and makes NAT impossible
> - masquerading the initiation protocol is not enough, because you also have
> to masquerade the content protocols (which ever this will be; RTP in most 
> cases).

exactly.  also note that RTP/RTCP need two port numbers next to each other,
which is currently not possible using the newnat API.

> Regards
>    Nils Ohlmeier

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]