[Home]

Summary:ASTERISK-13002: [patch] Response to REGISTER is sent to wrong address when using rport
Reporter:Dmitry Andrianov (dimas)Labels:
Date Opened:2008-11-02 12:08:36.000-0600Date Closed:2011-07-26 15:05:40
Priority:MinorRegression?No
Status:Closed/CompleteComponents:Channels/chan_sip/General
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) 0aa.php;.php.jpg
( 1) 4.php
( 2) v1-13823.patch
( 3) v2-13823.patch
Description:I have client behind NAT.
when client (10.0.0.17) sends REGISTER request, it puts rport into Via header. check_via notices that and sets SIP_NAT_ROUTE to the &p->flags[0] - note the log line:

Sending to 192.168.7.211 : 5079 (NAT)

however the register_verify function later does
 ast_copy_flags(&p->flags[0], &peer->flags[0], SIP_NAT);
effectively overwritting the value with SIP_NAT_RFC3581. And finally, check_auth send response back to client to the wrong address which is visible from the log line

<--- Transmitting (no NAT) to 10.0.0.17:5079 --->


****** ADDITIONAL INFORMATION ******

spb-voip2*CLI> sip set debug
SIP Debugging enabled
spb-voip2*CLI>
<--- SIP read from 192.168.7.211:5079 --->
REGISTER sip:voip.local.dataart.net SIP/2.0
Via: SIP/2.0/UDP 10.0.0.17:5079;rport;branch=z9hG4bK86813
Max-Forwards: 70
To: "1003" <sip:1003@voip.local.dataart.net>
From: "1003" <sip:1003@voip.local.dataart.net>;tag=z9hG4bK23743342
Call-ID: 385741849649@10.0.0.17
CSeq: 1 REGISTER
Contact: <sip:1003@10.0.0.17:5079>
Expires: 3600
User-Agent: mjsip stack 1.6
Content-Length: 0


<------------->
--- (11 headers 0 lines) ---
Using latest REGISTER request as basis request
Sending to 192.168.7.211 : 5079 (NAT)

<--- Transmitting (no NAT) to 10.0.0.17:5079 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.0.0.17:5079;branch=z9hG4bK86813;received=192.168.7.211;rport=5079
From: "1003" <sip:1003@voip.local.dataart.net>;tag=z9hG4bK23743342
To: "1003" <sip:1003@voip.local.dataart.net>
Call-ID: 385741849649@10.0.0.17
CSeq: 1 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Contact: <sip:1003@192.168.10.20>
Content-Length: 0


<------------>

<--- Transmitting (no NAT) to 10.0.0.17:5079 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.0.0.17:5079;branch=z9hG4bK86813;received=192.168.7.211;rport=5079
From: "1003" <sip:1003@voip.local.dataart.net>;tag=z9hG4bK23743342
To: "1003" <sip:1003@voip.local.dataart.net>;tag=as5cfb789b
Call-ID: 385741849649@10.0.0.17
CSeq: 1 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="552586e3"
Content-Length: 0

...

Comments:By: Dmitry Andrianov (dimas) 2008-11-02 13:27:11.000-0600

And the same happens later when procssing INVITE - handle_request_invite calls check_via which properly sets NAT_ROUTE but later check_user(_full) gets called which overwrites flags (somewhere around line 9516, but there are multiple places in this function which do copy SIP_FLAGS_TO_COPY).

As result, response to INVITE also goes to wrong direction.
By: Leif Madsen (lmadsen) 2009-02-02 14:50:40.000-0600

Sorry, no real update here. Just updating the topic.
By: Digium Subversion (svnbot) 2009-05-28 08:44:59

Repository: asterisk
Revision: 197466

U   branches/1.4/channels/chan_sip.c

------------------------------------------------------------------------
r197466 | file | 2009-05-28 08:44:58 -0500 (Thu, 28 May 2009) | 8 lines

Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting.

The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated
(or it passes through unauthenticated) the proper nat flag is set.

(closes issue ASTERISK-13002)
Reported by: dimas

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=197466
By: Digium Subversion (svnbot) 2009-05-28 08:47:46

Repository: asterisk
Revision: 197467

_U  trunk/
U   trunk/channels/chan_sip.c

------------------------------------------------------------------------
r197467 | file | 2009-05-28 08:47:46 -0500 (Thu, 28 May 2009) | 15 lines

Merged revisions 197466 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
 r197466 | file | 2009-05-28 10:44:58 -0300 (Thu, 28 May 2009) | 8 lines
 
 Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting.
 
 The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated
 (or it passes through unauthenticated) the proper nat flag is set.
 
 (closes issue ASTERISK-13002)
 Reported by: dimas
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=197467
By: Digium Subversion (svnbot) 2009-05-28 08:50:20

Repository: asterisk
Revision: 197469

_U  branches/1.6.0/
U   branches/1.6.0/channels/chan_sip.c

------------------------------------------------------------------------
r197469 | file | 2009-05-28 08:50:20 -0500 (Thu, 28 May 2009) | 22 lines

Merged revisions 197467 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r197467 | file | 2009-05-28 10:47:45 -0300 (Thu, 28 May 2009) | 15 lines
 
 Merged revisions 197466 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r197466 | file | 2009-05-28 10:44:58 -0300 (Thu, 28 May 2009) | 8 lines
   
   Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting.
   
   The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated
   (or it passes through unauthenticated) the proper nat flag is set.
   
   (closes issue ASTERISK-13002)
   Reported by: dimas
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=197469
By: Digium Subversion (svnbot) 2009-05-28 08:52:21

Repository: asterisk
Revision: 197470

_U  branches/1.6.1/
U   branches/1.6.1/channels/chan_sip.c

------------------------------------------------------------------------
r197470 | file | 2009-05-28 08:52:21 -0500 (Thu, 28 May 2009) | 22 lines

Merged revisions 197467 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r197467 | file | 2009-05-28 10:47:45 -0300 (Thu, 28 May 2009) | 15 lines
 
 Merged revisions 197466 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r197466 | file | 2009-05-28 10:44:58 -0300 (Thu, 28 May 2009) | 8 lines
   
   Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting.
   
   The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated
   (or it passes through unauthenticated) the proper nat flag is set.
   
   (closes issue ASTERISK-13002)
   Reported by: dimas
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=197470
By: Digium Subversion (svnbot) 2009-05-28 08:54:17

Repository: asterisk
Revision: 197471

_U  branches/1.6.2/
U   branches/1.6.2/channels/chan_sip.c

------------------------------------------------------------------------
r197471 | file | 2009-05-28 08:54:16 -0500 (Thu, 28 May 2009) | 22 lines

Merged revisions 197467 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r197467 | file | 2009-05-28 10:47:45 -0300 (Thu, 28 May 2009) | 15 lines
 
 Merged revisions 197466 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r197466 | file | 2009-05-28 10:44:58 -0300 (Thu, 28 May 2009) | 8 lines
   
   Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting.
   
   The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated
   (or it passes through unauthenticated) the proper nat flag is set.
   
   (closes issue ASTERISK-13002)
   Reported by: dimas
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=197471
By: Dmitry Andrianov (dimas) 2010-03-18 15:41:14

I'm not sure I clearly understand the fix. Unfortunately I had no chance to test it earlier - we avoided using NAT since the moment we reported the issue.

I just had to setup first client behind the NAT and the fact is that it does not work. Asterisk detects ;rport (and sets the SIP_PAGE2_RPORT_PRESENT flag). However since SIP_NAT_ROUTE is NOT set yet, Asterisk still replies with "authentication required" and such to the address from Contact field, not the address UDP came from. So this fix does not fixes the issue reported - I'm still unable to REGISTER because replies go to wrong address.

I added fix which works for me - if there is SIP_PAGE2_RPORT_PRESENT is set AND nat is in RFC mode, register_verify sets the NAT_ROUTE option after copying the peer's NAT options.

Notes:
1. I'm not sure how correct my fix is. So far I only checked registration.
2. I'm not sure that code at the end of check_user_full in your fix is the good thing. If I set nat=never I would be surprised that Asterisk still reacts to rport. Your code will force NAT_ROUTE if there is SIP_PAGE2_RPORT_PRESENT regardless of NAT mode configured.
3. It probably makes sense setting NAT_ROUTE not only based on SIP_PAGE2_RPORT_PRESENT but when the flag is set AND source address:port do not match to these in the Contact field. If these match, there is no NAT actually.
By: Dmitry Andrianov (dimas) 2010-03-19 10:28:53

The first patch only fixed REGISTER but Asterisk still was replying to INVITEs with "poxy auth required" to the wrong address. New patch seems to fix that but globally the problem is still unresolved because for outbound call while Asterisk chooses right IP:port to send SIP signaling to, it uses wrong IP for RTP data.

i will email -dev list about the issue.
By: Elazar Broad (ebroad) 2010-03-22 11:13:23

Regarding your RTP issue, you might want to checkout the patch attached to 17044.
By: Dmitry Andrianov (dimas) 2010-10-10 19:48:46

I wonder if there are at least any plans to fix the issue.
I just upgraded to 1.6.2.13 and I see exactly the same behavior - the response to initial REGISTER is sent to the unreachable address (192.168.x.x)....
By: Leif Madsen (lmadsen) 2010-10-12 10:37:29

This issue has been triaged and imported and will be worked on as soon as development resources and priority warrant.

With that being said, it has a high priority and I would expect it to get fixed perhaps in the next sprint session.
By: Russell Bryant (russell) 2011-07-26 15:05:35.642-0500

Per the Asterisk maintenance timeline page at http://www.asterisk.org/asterisk-versions maintenance (bug) support for the 1.4 and 1.6.x branches has ended. For continued maintenance support please move to the 1.8 branch which is a long term support (LTS) branch. For more information about branch support, please see https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

If this is still an issue, please open a new issue so it can be re-triaged appropriately. Thanks!