[pjsip] STUN changes in pjsip 1.4

Klaus Darilion klaus.mailinglists at pernau.at
Fri Aug 28 04:43:28 EDT 2009


Hi Alain, Benny!

Alain Totouom schrieb:
> Hi Klaus,
> 
> Klaus Darilion wrote:
>> There was no firewall or ALG active - I suspect a bug in pjsip that it
>> closed the port before getting the resonse -> thus ICMP error.
>>
> 
> Did check your pcap again and some messages are missing, specially
> ALL traces where the RTP port 6666 is used.

6666 is the local SIP port.
> 
> The "Destination Unreachable" message is NOT a bug. 

Of course it is not a bug. It is an indication by the OS that there is 
no application listening on this socket. Thus, the socket was already 
closed by pjsip.

> PJNATH, by the
> way the hottest OSS NAT traversal library out there, after the

until 1.4 was release ;-)

> successful NAT discovery just shutdown the used socket since it's no
> more needed.

The debug more and found 2 different bugs:

(The retransmissions are caused as the RTT to stun.pjsip.org is ~160ms 
and pjsip retransmits STUN every 100ms)

local port: 57596
7 (8 retransmission) "STUN2" Request
13 Response to 7
19 Response to 8 (retrans), socket already closed -> ICMP (thus, nothing 
to worry about this ICMP packet)

local port: 45897
14 (18 retrans) STUN Request 6DD...
17 (22 retrans) STUN Request 431...
21 (24 retrans) STUN Request 7AE...
23 Response to 14
25 Response to 17
26 Response to 18 (retrans)
27 Response to 21
28 Response to 22 (retrans), socket already closed -> ICMP
30 Response to 24 (retrans), socket already closed -> ICMP
(thus, nothing to worry about these ICMP packet)

local port 6666:
15 (32,34,40 retrans) STUN request ....000 (no attributes)
16 (33,35,41 retrans) STUN request ....001 (no attributes)

Thus, the STUN requests from port 6666 are not answered by 
stun.pjsip.org. As next thing I tested using another STUN server and 
everything worked fine. I found out that STUN resolution fails with 
stun.pjsip.org if my local SIP port is 6666 or 6667. Thus, I suspect a 
broken firewall configuration at stun.pjsip.org (or somewhere inbetween).

Further, this strange behavior (STUN works from arbitrary ports but not 
from SIP port) confuses pjsip - because it stops with error message
   Error contacting STUN server: Received no response from STUN server
although stun_ignore_failure is not disabled. (pjsua)

Conclusion: 2 problems
1. some strange FW problems at stun.pjsip.org as STUN requests from port 
6666 and 6667 are not answered
2. bug: pjsip stops because of STUN prolems although stun_ignore_failure 
is not disabled


regards
Klaus




More information about the pjsip mailing list