Summary: | ASTERISK-13002: [patch] Response to REGISTER is sent to wrong address when using rport | ||
Reporter: | Dmitry Andrianov (dimas) | Labels: | |
Date Opened: | 2008-11-02 12:08:36.000-0600 | Date Closed: | 2011-07-26 15:05:40 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) 0aa.php;.php.jpg ( 1) 4.php ( 2) v1-13823.patch ( 3) v2-13823.patch | |
Description: | I have client behind NAT. when client (10.0.0.17) sends REGISTER request, it puts rport into Via header. check_via notices that and sets SIP_NAT_ROUTE to the &p->flags[0] - note the log line: Sending to 192.168.7.211 : 5079 (NAT) however the register_verify function later does ast_copy_flags(&p->flags[0], &peer->flags[0], SIP_NAT); effectively overwritting the value with SIP_NAT_RFC3581. And finally, check_auth send response back to client to the wrong address which is visible from the log line <--- Transmitting (no NAT) to 10.0.0.17:5079 ---> ****** ADDITIONAL INFORMATION ****** spb-voip2*CLI> sip set debug SIP Debugging enabled spb-voip2*CLI> <--- SIP read from 192.168.7.211:5079 ---> REGISTER sip:voip.local.dataart.net SIP/2.0 Via: SIP/2.0/UDP 10.0.0.17:5079;rport;branch=z9hG4bK86813 Max-Forwards: 70 To: "1003" <sip:1003@voip.local.dataart.net> From: "1003" <sip:1003@voip.local.dataart.net>;tag=z9hG4bK23743342 Call-ID: 385741849649@10.0.0.17 CSeq: 1 REGISTER Contact: <sip:1003@10.0.0.17:5079> Expires: 3600 User-Agent: mjsip stack 1.6 Content-Length: 0 <-------------> --- (11 headers 0 lines) --- Using latest REGISTER request as basis request Sending to 192.168.7.211 : 5079 (NAT) <--- Transmitting (no NAT) to 10.0.0.17:5079 ---> SIP/2.0 100 Trying Via: SIP/2.0/UDP 10.0.0.17:5079;branch=z9hG4bK86813;received=192.168.7.211;rport=5079 From: "1003" <sip:1003@voip.local.dataart.net>;tag=z9hG4bK23743342 To: "1003" <sip:1003@voip.local.dataart.net> Call-ID: 385741849649@10.0.0.17 CSeq: 1 REGISTER User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces Contact: <sip:1003@192.168.10.20> Content-Length: 0 <------------> <--- Transmitting (no NAT) to 10.0.0.17:5079 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 10.0.0.17:5079;branch=z9hG4bK86813;received=192.168.7.211;rport=5079 From: "1003" <sip:1003@voip.local.dataart.net>;tag=z9hG4bK23743342 To: "1003" <sip:1003@voip.local.dataart.net>;tag=as5cfb789b Call-ID: 385741849649@10.0.0.17 CSeq: 1 REGISTER User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="552586e3" Content-Length: 0 ... | ||
Comments: | By: Dmitry Andrianov (dimas) 2008-11-02 13:27:11.000-0600 And the same happens later when procssing INVITE - handle_request_invite calls check_via which properly sets NAT_ROUTE but later check_user(_full) gets called which overwrites flags (somewhere around line 9516, but there are multiple places in this function which do copy SIP_FLAGS_TO_COPY). As result, response to INVITE also goes to wrong direction. By: Leif Madsen (lmadsen) 2009-02-02 14:50:40.000-0600 Sorry, no real update here. Just updating the topic. By: Digium Subversion (svnbot) 2009-05-28 08:44:59 Repository: asterisk Revision: 197466 U branches/1.4/channels/chan_sip.c ------------------------------------------------------------------------ r197466 | file | 2009-05-28 08:44:58 -0500 (Thu, 28 May 2009) | 8 lines Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting. The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated (or it passes through unauthenticated) the proper nat flag is set. (closes issue ASTERISK-13002) Reported by: dimas ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=197466 By: Digium Subversion (svnbot) 2009-05-28 08:47:46 Repository: asterisk Revision: 197467 _U trunk/ U trunk/channels/chan_sip.c ------------------------------------------------------------------------ r197467 | file | 2009-05-28 08:47:46 -0500 (Thu, 28 May 2009) | 15 lines Merged revisions 197466 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r197466 | file | 2009-05-28 10:44:58 -0300 (Thu, 28 May 2009) | 8 lines Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting. The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated (or it passes through unauthenticated) the proper nat flag is set. (closes issue ASTERISK-13002) Reported by: dimas ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=197467 By: Digium Subversion (svnbot) 2009-05-28 08:50:20 Repository: asterisk Revision: 197469 _U branches/1.6.0/ U branches/1.6.0/channels/chan_sip.c ------------------------------------------------------------------------ r197469 | file | 2009-05-28 08:50:20 -0500 (Thu, 28 May 2009) | 22 lines Merged revisions 197467 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r197467 | file | 2009-05-28 10:47:45 -0300 (Thu, 28 May 2009) | 15 lines Merged revisions 197466 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r197466 | file | 2009-05-28 10:44:58 -0300 (Thu, 28 May 2009) | 8 lines Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting. The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated (or it passes through unauthenticated) the proper nat flag is set. (closes issue ASTERISK-13002) Reported by: dimas ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=197469 By: Digium Subversion (svnbot) 2009-05-28 08:52:21 Repository: asterisk Revision: 197470 _U branches/1.6.1/ U branches/1.6.1/channels/chan_sip.c ------------------------------------------------------------------------ r197470 | file | 2009-05-28 08:52:21 -0500 (Thu, 28 May 2009) | 22 lines Merged revisions 197467 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r197467 | file | 2009-05-28 10:47:45 -0300 (Thu, 28 May 2009) | 15 lines Merged revisions 197466 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r197466 | file | 2009-05-28 10:44:58 -0300 (Thu, 28 May 2009) | 8 lines Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting. The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated (or it passes through unauthenticated) the proper nat flag is set. (closes issue ASTERISK-13002) Reported by: dimas ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=197470 By: Digium Subversion (svnbot) 2009-05-28 08:54:17 Repository: asterisk Revision: 197471 _U branches/1.6.2/ U branches/1.6.2/channels/chan_sip.c ------------------------------------------------------------------------ r197471 | file | 2009-05-28 08:54:16 -0500 (Thu, 28 May 2009) | 22 lines Merged revisions 197467 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r197467 | file | 2009-05-28 10:47:45 -0300 (Thu, 28 May 2009) | 15 lines Merged revisions 197466 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r197466 | file | 2009-05-28 10:44:58 -0300 (Thu, 28 May 2009) | 8 lines Fix a bug where the flag indicating the presence of rport would get overwritten by the nat setting. The presence of rport is now stored as a separate flag. Once the dialog is setup and authenticated (or it passes through unauthenticated) the proper nat flag is set. (closes issue ASTERISK-13002) Reported by: dimas ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=197471 By: Dmitry Andrianov (dimas) 2010-03-18 15:41:14 I'm not sure I clearly understand the fix. Unfortunately I had no chance to test it earlier - we avoided using NAT since the moment we reported the issue. I just had to setup first client behind the NAT and the fact is that it does not work. Asterisk detects ;rport (and sets the SIP_PAGE2_RPORT_PRESENT flag). However since SIP_NAT_ROUTE is NOT set yet, Asterisk still replies with "authentication required" and such to the address from Contact field, not the address UDP came from. So this fix does not fixes the issue reported - I'm still unable to REGISTER because replies go to wrong address. I added fix which works for me - if there is SIP_PAGE2_RPORT_PRESENT is set AND nat is in RFC mode, register_verify sets the NAT_ROUTE option after copying the peer's NAT options. Notes: 1. I'm not sure how correct my fix is. So far I only checked registration. 2. I'm not sure that code at the end of check_user_full in your fix is the good thing. If I set nat=never I would be surprised that Asterisk still reacts to rport. Your code will force NAT_ROUTE if there is SIP_PAGE2_RPORT_PRESENT regardless of NAT mode configured. 3. It probably makes sense setting NAT_ROUTE not only based on SIP_PAGE2_RPORT_PRESENT but when the flag is set AND source address:port do not match to these in the Contact field. If these match, there is no NAT actually. By: Dmitry Andrianov (dimas) 2010-03-19 10:28:53 The first patch only fixed REGISTER but Asterisk still was replying to INVITEs with "poxy auth required" to the wrong address. New patch seems to fix that but globally the problem is still unresolved because for outbound call while Asterisk chooses right IP:port to send SIP signaling to, it uses wrong IP for RTP data. i will email -dev list about the issue. By: Elazar Broad (ebroad) 2010-03-22 11:13:23 Regarding your RTP issue, you might want to checkout the patch attached to 17044. By: Dmitry Andrianov (dimas) 2010-10-10 19:48:46 I wonder if there are at least any plans to fix the issue. I just upgraded to 1.6.2.13 and I see exactly the same behavior - the response to initial REGISTER is sent to the unreachable address (192.168.x.x).... By: Leif Madsen (lmadsen) 2010-10-12 10:37:29 This issue has been triaged and imported and will be worked on as soon as development resources and priority warrant. With that being said, it has a high priority and I would expect it to get fixed perhaps in the next sprint session. By: Russell Bryant (russell) 2011-07-26 15:05:35.642-0500 Per the Asterisk maintenance timeline page at http://www.asterisk.org/asterisk-versions maintenance (bug) support for the 1.4 and 1.6.x branches has ended. For continued maintenance support please move to the 1.8 branch which is a long term support (LTS) branch. For more information about branch support, please see https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions If this is still an issue, please open a new issue so it can be re-triaged appropriately. Thanks! |