Commit a04fa4d4 authored by Committed by Olivier CrêteBrowse files
discovery: use different port numbers for every local host candidates
This constraint is added to handle the situation where the agent runs on a box doing SNAT on one of its outgoing network interface. The NAT does usually its best to ensure that source port number is preserved on the external NAT address and port. This is called "port preservation" in RFC 4787. When two local host candidates are allowed to have the same source port number, we increase the risk that a first local host candidate *is* the NAT mapping address and port of a second local host candidate, because of the "port preservation" effect. When it happens, a server reflexive candidate and a host candidate will have the same address and port. For that situation to happen, a stun request must be emitted from the internal address first, the NAT mapping doing the port preservation will be created for the internal address, and when a stun request is sent from the external address thereafter, a new NAT mapping will be created, but without port preservation, because the previous mapping already took that reservation. The problem will occur on the remote agent, when receiving a stun request from this address and port, that has no way to know wheather it comes from the host or the server reflexive candidate, if both have been advertised remotely, resulting in pair type mislabelling. This case may happen more easily when a source port range is reduced.
Showing with 41 additions and 5 deletions