Summary: | ASTERISK-02323: [not an asterisk bug] Malformed 401 Message from SER with bindaddr=0.0.0.0 and asterisk coneccted to two local networks | ||
Reporter: | Sergio Serrano (srsergio) | Labels: | |
Date Opened: | 2004-09-02 09:25:57 | Date Closed: | 2011-06-07 14:04:52 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | If you have asterisk connected to two local networks(192.168.20.0 and 172.28.240.12) and you put general parameter bindaddr to 0.0.0.0 you receives a malformed 401 Unauthorized message from SIP Provider. ****** ADDITIONAL INFORMATION ****** I have ADSL router in 192.168.20.0 network and If I put binaddr=192.168.20.10, I can't register SIP clients in 172.28.240.0 network, but I can register with SIP Provider. If I put bindaddr=0.0.0.0 I can register SIP clients in 172.28.240.0 network but I can't register asterisk in SIP Provider because I obtain next 401 Message: Session Initiation Protocol Status line: SIP/2.0 401 Unauthorized Message Header Via: SIP/2.0/UDP 192.168.20.10:5060;branch=z9hG4bK72806c74 From: <sip:3400001792@voztele.com>;tag=as4353d0cd To: <sip:3400001792@voztele.com>;tag=84448f3c7053227cca70775302748de3.3c5f Call-ID: 333ab105721da3172443a8582d1d5ae9@192.168.20.10eq: 102 REGISTER WWW-Authenticate: Digest realm="voztele.com", nonce="4135bac578da90c10dae8b2bc4dc3fb33baa15a0" Server: Sip EXpress router (0.8.12-tcp_nonb (i386/linux)) Content-Length: 0 when I put bindaddr=192.168.20.10 I obtain 401 Message: Session Initiation Protocol Status line: SIP/2.0 401 Unauthorized Message Header Via: SIP/2.0/UDP 192.168.20.10:5060;branch=z9hG4bK72806c74 From: <sip:3400001792@voztele.com>;tag=as4353d0cd To: <sip:3400001792@voztele.com>;tag=84448f3c7053227cca70775302748de3.3c5f Call-ID: 333ab105721da3172443a8582d1d5ae9@192.168.20.10 CSeq: 102 REGISTER WWW-Authenticate: Digest realm="voztele.com", nonce="4135bac578da90c10dae8b2bc4dc3fb33baa15a0" Server: Sip EXpress router (0.8.12-tcp_nonb (i386/linux)) Content-Length: 0 and then I resend a REGISTER command with authoritation parameters. The problem is when I put bindaddr=0.0.0.0 I received malformed packet. | ||
Comments: | By: Mark Spencer (markster) 2004-09-02 09:30:20 Can you explain to me how a malformed response from the other side constitutes an Asterisk bug? By: Sergio Serrano (srsergio) 2004-09-02 09:39:50 In the other side 401 Message is OK. And If I put bindaddr=192.168.20.10 Asterisk read an OK message , but If you change bindaddr to 0.0.0.0, then asterisk read malformed message. I think that problem is in asterisk. Don't think so? By: Mark Spencer (markster) 2004-09-02 10:04:31 Perhaps I'm misunderstanding what's going on. If you have Asterisk set to bindaddr=0.0.0.0, is the message itself (e.g. according to ethereal) invalid or is Asterisk reading the message and dropping the CSeq as appears to be the case in your above example? I'm finding it extremely hard to believe that Asterisk would drop one header out of the packet coming back... By: Sergio Serrano (srsergio) 2004-09-02 10:22:54 Sorry, with next configuration [general] port=5060 context=default bindaddr=192.168.20.10 srvlookup=yes pedantic=no tos=lowdelay maxexpirey=3600 realm=mediabit defaultexpirey=1200 notifymimetype=text disallow=all allow=alaw localnet=172.28.240.0/255.255.240.0 localnet=192.168.20.0/255.255.255.0 register=>3400001792:XXXXX@voztele.com [3400001792] type=peer username=3400001792 fromuser=3400001792 fromdomain=voztele.com host=voztele.com auth=plaintext secret=XXXXX nat=no canreinvite=no reinvite=no dtmfmode=rfc2833 context=default I obtain next 401 Message: Frame 44 (508 on wire, 508 captured) Arrival Time: Sep 2, 2004 17:13:50.417067000 Time delta from previous packet: 0.049320000 seconds Time relative to first packet: 3.054150000 seconds Frame Number: 44 Packet Length: 508 bytes Capture Length: 508 bytes Ethernet II Destination: 00:02:44:7f:d4:f0 (SURECOM_7f:d4:f0) Source: 00:a0:c5:6a:05:a6 (ZYXEL_6a:05:a6) Type: IP (0x0800) Internet Protocol, Src Addr: proxy.voztele.com (193.22.119.20), Dst Addr: CAC-Av7 (192.168.20.10) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 494 Identification: 0x0000 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 49 Protocol: UDP (0x11) Header checksum: 0x3b22 (correct) Source: proxy.voztele.com (193.22.119.20) Destination: CAC-Av7 (192.168.20.10) User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060) Source port: 5060 (5060) Destination port: 5060 (5060) Length: 474 Checksum: 0x991c (correct) Session Initiation Protocol Status line: SIP/2.0 401 Unauthorized Message Header Via: SIP/2.0/UDP 192.168.20.10:5060;branch=z9hG4bK51d23c6d From: <sip:3400001792@voztele.com>;tag=as59bb1ed7 To: <sip:3400001792@voztele.com>;tag=84448f3c7053227cca70775302748de3.a518 Call-ID: 17f6b4db2cffcd1f758028ab584b8501@192.168.20.10 CSeq: 102 REGISTER WWW-Authenticate: Digest realm="voztele.com", nonce="41373a0547e54f68f34ec59ff48344296391ee99" Server: Sip EXpress router (0.8.12-tcp_nonb (i386/linux)) Content-Length: 0 and with sip show registry I obtain: CAC-Av7*CLI> sip show registry Host Username Refresh State voztele.com:5060 3400001792 1185 Registered With next configuration: [general] port=5060 context=default bindaddr=0.0.0.0 srvlookup=yes pedantic=no tos=lowdelay maxexpirey=3600 realm=mediabit defaultexpirey=1200 notifymimetype=text disallow=all allow=alaw localnet=172.28.240.0/255.255.240.0 localnet=192.168.20.0/255.255.255.0 register=>3400001792:XXXXX@voztele.com [3400001792] type=peer username=3400001792 fromuser=3400001792 fromdomain=voztele.com host=voztele.com auth=plaintext secret=XXXXX nat=no canreinvite=no reinvite=no dtmfmode=rfc2833 context=default I obtain next 401 Message: Frame 23 (504 on wire, 504 captured) Arrival Time: Sep 2, 2004 17:18:51.614440000 Time delta from previous packet: 0.093153000 seconds Time relative to first packet: 4.284996000 seconds Frame Number: 23 Packet Length: 504 bytes Capture Length: 504 bytes Ethernet II Destination: 00:02:44:7f:d4:f0 (CAC-Av7) Source: 00:a0:c5:6a:05:a6 (ZYXEL_6a:05:a6) Type: IP (0x0800) Internet Protocol, Src Addr: proxy.voztele.com (193.22.119.20), Dst Addr: CAC-Av7 (192.168.20.10) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 490 Identification: 0x0000 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 49 Protocol: UDP (0x11) Header checksum: 0x3b26 (correct) Source: proxy.voztele.com (193.22.119.20) Destination: CAC-Av7 (192.168.20.10) User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060) Source port: 5060 (5060) Destination port: 5060 (5060) Length: 470 Checksum: 0xa881 (correct) Session Initiation Protocol Status line: SIP/2.0 401 Unauthorized Message Header Via: SIP/2.0/UDP 192.168.20.10:5060;branch=z9hG4bK209c11e3 From: <sip:3400001792@voztele.com>;tag=as1e6569a3 To: <sip:3400001792@voztele.com>;tag=84448f3c7053227cca70775302748de3.1995 Call-ID: 2614f7e161718881392cc0f81a391897@192.168.20.10eq: 102 REGISTER WWW-Authenticate: Digest realm="voztele.com", nonce="41373b32c046ec16e8c546f6aa976f1621a631f9" Server: Sip EXpress router (0.8.12-tcp_nonb (i386/linux)) Content-Length: 0 and sip show registry shows the next: CAC-Av7*CLI> sip show registry Host Username Refresh State voztele.com:5060 3400001792 1200 Request Sent and at last shows: Host Username Refresh State voztele.com:5060 3400001792 1200 Unregistered I hope this explain any more the problem. By: Mark Spencer (markster) 2004-09-02 14:43:56 Okay, so as I suspected, *on the wire* the answer is coming back without a CSeq and is thus invalid. Regardless of what we might be able to do with Asterisk to mitigate the problem, *clearly* this violates SIP spec, and the invalid message is definitely a result of the other end. By: Sergio Serrano (srsergio) 2004-09-02 18:14:10 Hi, if you see CSeq is in previous line Call-ID: 2614f7e161718881392cc0f81a391897@192.168.20.10eq: 102 REGISTER My question is why it is possible? What differences are between bindaddr=0.0.0.0 and bindaddr=192.168.20.10? I don't understand why all is OK with bindaddr=192.168.20.10 adn not with bindaddr=0.0.0.0 regards By: Mark Spencer (markster) 2004-09-02 18:50:04 The difference on the wire would likely be the source address (see bug ASTERISK-2322358) but that doesn't excuse the response coming back corrupted from the other end. Is it possible this is some sort of NAT issue? By: Mark Spencer (markster) 2004-09-03 20:28:24 I can't see any way in which this bug could be an Asterisk bug, however it is probably valuable to add a link to bug ASTERISK-2326 since presumably it would work around your problem. |