[plug] Skype
Craig Ringer
craig at postnewspapers.com.au
Sat Nov 13 01:38:19 WST 2004
On Sat, 2004-11-13 at 01:18, Alan Graham wrote:
> I use skype, and I didn't make any changes to my firewall setup. It's a
> very interesting question...
>
> I'm running bastille on debian as a firewall, and have skype running on
> my Mandrake desktop, a win2k machine for the kids, and on my wife's
> powerbook (Mac os x). Skype, as promised, "just works".
>
> The technical faq says that all skype needs for incoming calls is port
> 80. However, on my firewall, port 80 is dropped. The faq also says you
> can open a TCP or UDP port defined in the Skype options (chosen randomly
> on installation, but modifiable), which port you choose to use is up to
> you. This just confuses things more, as how can an incoming port be
> random? Yet, I receive calls quite happily.
The random port can be explained if the program connects to some sort of
central or distributed registration database to tell clients where to
connect to.
In fact, the same thing can be used to punch through NAT without
firewall changes. The trick is to maintain a connection from the skype
client behind NAT to a directly accessible host. Potential callers
contact that host, which sends a message to your client through the
connection it is keeping open to say "please contact <blah> to receive a
call". It's a bit like a reverse charges call with an operator putting
the call through.
Of course, I haven't read up on Skype, but that's generally how such
mechanisms work. It's also one of the many reasons why relying on NAT
for a firewall is rather stupid.
> The technical faq also says that Skype uses p2p technology (now there's
> a nice bit of technobabble). I assume that this means that there's a
> presence packet sent to other skype users. Presumably this means that
> an incoming call is routed through Skype clients to find you, and is
> piggybacked onto a reply to a presence packet that you initiated?
Sounds vaguely likely.
> The
> presence packets would therefore be TCP, switching to UDP for the
> coversation? Maybe? As it's a closed source, proprietary protocol,
> we'll have to wait for someone to reverse engineer it... :)
Why? SIP is a pretty good, open protocol that's already widely
implemented. I'd just use that rather than reverse-engineer a protocol
that's tied to one company's business plan that they can change at their
whim.
--
Craig Ringer
More information about the plug
mailing list