From: Greg Alexander <greqcs@galexander.org>
To: netfilter-devel@vger.kernel.org
Subject: Re: Group consensus sought on nf_conntrack_sip behavior
Date: Tue, 19 Jan 2010 19:02:34 -0500 [thread overview]
Message-ID: <20100120000234.GJ11547@goonies.be> (raw)
In-Reply-To: <4B562BD0.8020306@trash.net>
First off, you are undoubtedly correct that I did not interpret what you
were saying correctly. But it is pointless to call me names. Everyone
here already knows that you know more about netfilter than I do, there is
no point in using inflamatory language to make clear what was already
known.
I see now that there are two pairs of expectations set up (I only noticed
one before), and the current option controls both. My intention was to
control only one of them, but that's not what the patch I suggested would
accomplish. I was thus wrong, ignorant, and incorrect. Surprised?
I'm not.
My intuition suggests that the ideal compromise is to split the
sip_direct_media option into two options, one controlling the incoming
media stream and the other controlling the outgoing media stream. This
could work well because it is very rare for the internal host to be a
pure SIP proxy (it is usually a client, no?) and it is very common for
the external host to be a pure SIP proxy (such as a telco). It provides
the possibility to allow arbitrary standard-conforming behavior by remote
peers without exposing any host on the internal network that doesn't
actually originate SIP packets.
I'm obviously going to have to learn more about how expectations are
converted into actual port forwarding assignments before I will be able to
make a more concrete recommendation.
Any comments are welcome as I embark on this quest. Expect a patch
in a couple days.
- Greg
p.s., "troll" indicates a specific intention that does not apply here.
Perhaps you meant "ignoramus"?
next prev parent reply other threads:[~2010-01-20 0:02 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-16 10:36 Two patches for nf_conntrack_sip Greg Alexander
2010-01-18 7:49 ` Patrick McHardy
2010-01-18 17:49 ` Greg Alexander
2010-01-18 18:13 ` Patrick McHardy
2010-01-18 19:36 ` Greg Alexander
2010-01-19 8:25 ` Patrick McHardy
2010-01-19 17:23 ` (PATCH) " Greg Alexander
2010-01-19 18:09 ` Patrick McHardy
2010-01-19 18:25 ` Group consensus sought on nf_conntrack_sip behavior Greg Alexander
2010-01-19 18:39 ` Patrick McHardy
2010-01-19 19:36 ` Greg Alexander
2010-01-19 22:01 ` Patrick McHardy
2010-01-20 0:02 ` Greg Alexander [this message]
2010-01-19 23:40 ` Florian Fuessl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100120000234.GJ11547@goonies.be \
--to=greqcs@galexander.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).