[Nice] Filtering out stun/non-application packets

Tom Kaminski ttkaminski at gmail.com
Tue Feb 9 06:53:23 PST 2010


On Mon, Feb 8, 2010 at 2:15 PM, Youness Alaoui
<youness.alaoui at collabora.co.uk> wrote:

>
> You can forget about the first option, libnice will never give you the
> STUN packets it receives, *unless* they are invalid STUN packets, that
> libnice wasn't able to parse.
> That could happen though, for example, a slow network could cause
> libnice to retransmit a STUN request (thinking the first one was lost),
> which causes two STUN responses to be received, but only one is handled
> by libnice, the second one being considered 'unmatched' (since it
> already processed the response for that particular STUN transaction ID).
> This could lead libnice into considering that STUN packet as invalid,
> which would throw it back to the application.
>
> But even then, like Olivier said, you can't guarantee what you receive..
> what if someone decides to spam all your ports with invalid data (UDP
> port scanner) ? You definitely need a way to validate your own
> application packets.

Thanks for the clarification!  I can now see why one would need to
validate UDP packets.


More information about the Nice mailing list