[Home]

Summary:ASTERISK-20572: Realtime Peers behind NAT are Set to RFC1918 private address after sip reload
Reporter:JoshE (n8ideas)Labels:
Date Opened:2012-10-17 00:21:11Date Closed:2012-11-01 09:06:58
Priority:CriticalRegression?
Status:Closed/CompleteComponents:Channels/chan_sip/General PBX/pbx_realtime
Versions:10.9.0 Frequency of
Occurrence		Constant
Related
Issues:
is related toASTERISK-18203 Problems with NAT on realtime peers (and maybe static ones)
is related toASTERISK-20904 RFC1918 NAT Issue On Prune
Environment:Attachments:( 0) fix_nat_realtime.diff
Description:Repro steps:

Realtime peer behind RFC1918 NAT.
Register the peer and verify public IP address shows up under 'sip show peers'.
Issue a SIP reload.
Perform any dial action that will cause the peer reload process to happen.
Check 'sip show peers'.

The private IP address will be listed.  If that peer is qualified, it will immediately go offline and remain so until it re-registers.

Traced problem back to dynamic host detection nulling out the ast_sockaddr if it is in !found state.
Comments:By: JoshE (n8ideas) 2012-10-17 00:47:41.169-0500

Here's a sketch of a fix for this, patched against Asterisk 10.9.  Not positive this is the best approach, but it does seem to solve the issue I am currently having.
By: Mark Michelson (mmichelson) 2012-10-29 15:40:01.201-0500

The patch looks correct by me. The purpose of the if statement you modified is to only reset the address if the peer is not previously known or if it is previously known but did not previously have {{host=dynamic}} set. The real issue is that {{!found}} will always be true for realtime peers. As such, {{found}} is not something we should be generally checking unless {{realtime}} is not set.

I'm going to slightly rearrange the order of the if statement in the patch so that the relationship between {{found}} and {{realtime}} is made clear.

Thanks for the submission!
By: JoshE (n8ideas) 2012-10-31 18:20:04.469-0500

As an additional note, since 11 just went gold, the same issue (and fix) apply to 11 as well.
By: Mark Michelson (mmichelson) 2012-11-01 09:06:49.268-0500

You are correct. As a matter of fact, I actually already committed the fix to 1.8, 10, 11, and trunk. Unfortunately, the hook that's supposed to automatically close the issue when a commit is made appears to be broken. I'll close this manually.
By: Paul Mathews (baijupaul) 2014-02-13 03:53:40.546-0600

I have 1.8.20.1 and have the same problem. Here is the problem I am facing:

I have a realtime peer behind NAT. Things work perfectly. I then did an asterisk reload, which caused the peer cache to be cleared, I then attempted to reach the peer. The private IP address from the Reg. Contact was copied over to the IP address, which caused the peer to be unreachable.

Here is the sip show peer 10116 before reload
ip-10-0-0-94*CLI> sip show peer 10116


 * Name       : 10116
 Realtime peer: Yes, cached
 Secret       : <Set>
 MD5Secret    : <Not set>
 Remote Secret: <Not set>
 Context      : from-internal
 Subscr.Cont. : <Not set>
 Language     :
 AMA flags    : Unknown
 Transfer mode: open
 CallingPres  : Presentation Allowed, Not Screened
 Callgroup    :
 Pickupgroup  :
 MOH Suggest  :
 Mailbox      :
 VM Extension : *97
 LastMsgsSent : 32767/65535
 Call limit   : 0
 Max forwards : 0
 Dynamic      : Yes
 Callerid     : "" <>
 MaxCallBR    : 384 kbps
 Expire       : 191
 Insecure     : no
 Force rport  : Yes
 ACL          : No
 DirectMedACL : No
 T.38 support : No
 T.38 EC mode : Unknown
 T.38 MaxDtgrm: -1
 DirectMedia  : Yes
 PromiscRedir : No
 User=Phone   : No
 Video Support: No
 Text Support : No
 Ign SDP ver  : No
 Trust RPID   : No
 Send RPID    : No
 Subscriptions: Yes
 Overlap dial : Yes
 DTMFmode     : rfc2833
 Timer T1     : 500
 Timer B      : 32000
 ToHost       :
 Addr->IP     : 27.122.12.75:50427
 Defaddr->IP  : (null)
 Prim.Transp. : TCP
 Allowed.Trsp : TCP,UDP
 Def. Username: 10116
 SIP Options  : (none)
 Codecs       : 0x50e (gsm|ulaw|alaw|g729|ilbc)
 Codec Order  : (g729:20,ilbc:30,gsm:20,ulaw:20,alaw:20)
 Auto-Framing :  No
 Status       : OK (471 ms)
 Useragent    : MicroSIP/3.3.31
 Reg. Contact : sip:10116@10.185.1.6:5060;transport=TCP;ob
 Qualify Freq : 60000 ms
 Sess-Timers  : Accept
 Sess-Refresh : uas
 Sess-Expires : 1800 secs
 Min-Sess     : 90 secs
 RTP Engine   : asterisk
 Parkinglot   :
 Use Reason   : No
 Encryption   : No


Here is the sip show peer after reload

ip-10-0-0-94*CLI> sip show peer 10116


 * Name       : 10116
 Realtime peer: Yes, cached
 Secret       : <Set>
 MD5Secret    : <Not set>
 Remote Secret: <Not set>
 Context      : from-internal
 Subscr.Cont. : <Not set>
 Language     :
 AMA flags    : Unknown
 Transfer mode: open
 CallingPres  : Presentation Allowed, Not Screened
 Callgroup    :
 Pickupgroup  :
 MOH Suggest  :
 Mailbox      :
 VM Extension : *97
 LastMsgsSent : 32767/65535
 Call limit   : 0
 Max forwards : 0
 Dynamic      : Yes
 Callerid     : "" <>
 MaxCallBR    : 384 kbps
 Expire       : -1
 Insecure     : no
 Force rport  : Yes
 ACL          : No
 DirectMedACL : No
 T.38 support : No
 T.38 EC mode : Unknown
 T.38 MaxDtgrm: -1
 DirectMedia  : Yes
 PromiscRedir : No
 User=Phone   : No
 Video Support: No
 Text Support : No
 Ign SDP ver  : No
 Trust RPID   : No
 Send RPID    : No
 Subscriptions: Yes
 Overlap dial : Yes
 DTMFmode     : rfc2833
 Timer T1     : 500
 Timer B      : 32000
 ToHost       :
 Addr->IP     : 10.185.1.6:50427
 Defaddr->IP  : (null)
 Prim.Transp. : TCP
 Allowed.Trsp : TCP,UDP
 Def. Username: 10116
 SIP Options  : (none)
 Codecs       : 0x50e (gsm|ulaw|alaw|g729|ilbc)
 Codec Order  : (g729:20,ilbc:30,gsm:20,ulaw:20,alaw:20)
 Auto-Framing :  No
 Status       : UNREACHABLE
 Useragent    : MicroSIP/3.3.31
 Reg. Contact : sip:10116@10.185.1.6:5060;transport=TCP;ob
 Qualify Freq : 60000 ms
 Sess-Timers  : Accept
 Sess-Refresh : uas
 Sess-Expires : 1800 secs
 Min-Sess     : 90 secs
 RTP Engine   : asterisk
 Parkinglot   :
 Use Reason   : No
 Encryption   : No



By: Olivier Thibeault (othibeault) 2015-06-02 07:29:55.338-0500

Stil broken in asterisk 11

Here the patch for asterisk 11.16
------------------------------------------------------------
chan_sip.c, Line : 30899

} else if (!strcasecmp(v->name, "host")) {
                               if (!strcasecmp(v->value, "dynamic")) {
                                       /* They'll register with us */
-                                       if ((!found && !ast_test_flag(&global_flags[1], SIP_PAGE2_RTCACHEFRIENDS)) || !peer->host_dynamic) {
+                                       if (((!found && !ast_test_flag(&global_flags[1], SIP_PAGE2_RTCACHEFRIENDS)) || !peer->host_dynamic)   && !realtime    ) {
                                               /* Initialize stuff if this is a new peer, or if it used to
                                                * not be dynamic before the reload. */
                                               ast_sockaddr_setnull(&peer->addr);
                                       }
                                       peer->host_dynamic = TRUE;