From ba74d33ba5ad81b51118e6554d80ca1b5bc585ef Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Sun, 16 Oct 2022 12:18:08 -0400
Subject: [PATCH] SSU2: Add note about relaying to charlie when he is behind a
 symmetric NAT

---
 i2p2www/spec/proposals/159-ssu2.rst | 7 ++++++-
 i2p2www/spec/ssu2.rst               | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/i2p2www/spec/proposals/159-ssu2.rst b/i2p2www/spec/proposals/159-ssu2.rst
index 5cdf8d615..fad78b895 100644
--- a/i2p2www/spec/proposals/159-ssu2.rst
+++ b/i2p2www/spec/proposals/159-ssu2.rst
@@ -5,7 +5,7 @@ SSU2
     :author: eyedeekay, orignal, zlatinb, zzz
     :created: 2021-09-12
     :thread: http://zzz.i2p/topics/2612
-    :lastupdated: 2022-10-12
+    :lastupdated: 2022-10-16
     :status: Open
     :target: 0.9.56
 
@@ -7845,6 +7845,11 @@ there are several options to validate the signature:
   to that in the Relay Response, if already received
 - Don't validate the signature at all
 
+If Charlie is behind a symmetric NAT, his reported port in the Relay Response and Hole Punch
+may not be accurate. Therefore, Alice should check the UDP source port of the Hole Punch
+message, and use that if it is different than the reported port.
+
+
 
 Tag Requests by Bob
 ------------------------
diff --git a/i2p2www/spec/ssu2.rst b/i2p2www/spec/ssu2.rst
index f6d94d125..e3329d020 100644
--- a/i2p2www/spec/ssu2.rst
+++ b/i2p2www/spec/ssu2.rst
@@ -5455,6 +5455,10 @@ there are several options to validate the signature:
   to that in the Relay Response, if already received
 - Don't validate the signature at all
 
+If Charlie is behind a symmetric NAT, his reported port in the Relay Response and Hole Punch
+may not be accurate. Therefore, Alice should check the UDP source port of the Hole Punch
+message, and use that if it is different than the reported port.
+
 
 Tag Requests by Bob
 ------------------------
-- 
GitLab