[pjsip] STUN changes in pjsip 1.4
klaus.mailinglists at pernau.at
Fri Aug 28 04:43:28 EDT 2009
Hi Alain, Benny!
Alain Totouom schrieb:
> Hi Klaus,
> Klaus Darilion wrote:
>> There was no firewall or ALG active - I suspect a bug in pjsip that it
>> closed the port before getting the resonse -> thus ICMP error.
> Did check your pcap again and some messages are missing, specially
> ALL traces where the RTP port 6666 is used.
6666 is the local SIP port.
> The "Destination Unreachable" message is NOT a bug.
Of course it is not a bug. It is an indication by the OS that there is
no application listening on this socket. Thus, the socket was already
closed by pjsip.
> PJNATH, by the
> way the hottest OSS NAT traversal library out there, after the
until 1.4 was release ;-)
> successful NAT discovery just shutdown the used socket since it's no
> more needed.
The debug more and found 2 different bugs:
(The retransmissions are caused as the RTT to stun.pjsip.org is ~160ms
and pjsip retransmits STUN every 100ms)
local port: 57596
7 (8 retransmission) "STUN2" Request
13 Response to 7
19 Response to 8 (retrans), socket already closed -> ICMP (thus, nothing
to worry about this ICMP packet)
local port: 45897
14 (18 retrans) STUN Request 6DD...
17 (22 retrans) STUN Request 431...
21 (24 retrans) STUN Request 7AE...
23 Response to 14
25 Response to 17
26 Response to 18 (retrans)
27 Response to 21
28 Response to 22 (retrans), socket already closed -> ICMP
30 Response to 24 (retrans), socket already closed -> ICMP
(thus, nothing to worry about these ICMP packet)
local port 6666:
15 (32,34,40 retrans) STUN request ....000 (no attributes)
16 (33,35,41 retrans) STUN request ....001 (no attributes)
Thus, the STUN requests from port 6666 are not answered by
stun.pjsip.org. As next thing I tested using another STUN server and
everything worked fine. I found out that STUN resolution fails with
stun.pjsip.org if my local SIP port is 6666 or 6667. Thus, I suspect a
broken firewall configuration at stun.pjsip.org (or somewhere inbetween).
Further, this strange behavior (STUN works from arbitrary ports but not
from SIP port) confuses pjsip - because it stops with error message
Error contacting STUN server: Received no response from STUN server
although stun_ignore_failure is not disabled. (pjsua)
Conclusion: 2 problems
1. some strange FW problems at stun.pjsip.org as STUN requests from port
6666 and 6667 are not answered
2. bug: pjsip stops because of STUN prolems although stun_ignore_failure
is not disabled
More information about the pjsip