[asterisk-bugs] [JIRA] (ASTERISK-20644) Don't always use the existing TCP connection for in-dialog requests

Iñaki Baz Castillo (JIRA) noreply at issues.asterisk.org
Mon Nov 5 06:34:21 CST 2012


    [ https://issues.asterisk.org/jira/browse/ASTERISK-20644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=199217#comment-199217 ] 

Iñaki Baz Castillo commented on ASTERISK-20644:
-----------------------------------------------

Reusing an existing connection initiated by the peer for sending request to it is not allowed as per RFC 3261. There are two specifications that allow it:

* RFC 5626 (Outbound): In which final endpoints (phones) connect to a proxy or server and the proxy/server reuses the same connection for sending requests to the peer. This is what Asterisk does all the time. The problem is that RFC 5626 is just for *endpoints* (phones directly connected to the proxy/registrar), and it should never occur when the peer is a proxy (what I report in this issue).

* RFC 5923 (Connection Reuse): This spec is similar but between servers or proxies. It is really complex and *just* allows reusing a connection when using TLS and the proxy/server initiating the connection presented a valid TLS certificate... So we can forget it.

Said that, IMHO the mechanism to improve this behaviour in Asterisk shoud be:

If the connection is initiated by a proxy (so we get Record-Route) and Asterisk must send an in-dialog request, then:

* Reuse the same connection just in case "nat" parameter has some specific value (always, nat or some new value combination...).
* Otherwise and, by default, DON'T reuse the same connection and instead open a new one to the host:port in the top Route of the in-dialog request to send.
                
> Don't always use the existing TCP connection for in-dialog requests
> -------------------------------------------------------------------
>
>                 Key: ASTERISK-20644
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20644
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/Interoperability, Channels/chan_sip/TCP-TLS
>    Affects Versions: 11.0.0
>            Reporter: Iñaki Baz Castillo
>
> If Asterisk receives an INVITE via TCP comming from a SIP proxy, answers the call and later Asterisk sends a re-INVITE or BYE for that dialog, Asterisk sends such an in-dialog request over the existing TCP connection previously opened by the SIP proxy. This is incorrect. Asterisk should open a NEW TCP connection to the address given in the top Record-Route header.
> So for example, Asterisk receives the following INVITE from TCP 1.2.3.4 port 8888:
> {code}
> # TCP 1.2.3.4:8888 => ASTERISK:5060
> INVITE sip:test at domain.com SIP/2.0
> Record-Route: <sip:1.2.3.4:5060;transport=tcp>
> {code}
> When Asterisk sends a BYE or a re-INVITE in this leg, it MUST respect the address in the top Route of the BYE or re-INVITE, which is: TCP 1.2.3.4 port 5060. So it should send the BYE to:
> {code}
> # TCP ASTERISK:5060 => 1.2.3.4:5060
> BYE sip:abc at 9.8.7.6 SIP/2.0
> Route: <sip:1.2.3.4:5060;transport=tcp>
> {code}
> This is something really basic in RFC 3261 and mandatory. Asterisk could use the existing TCP connection just in case nat=yes (or some other new values I don't fully know in the latest version), but by default, if "nat" parameter is not set for the Proxy peer, please DON'T reuse the existing TCP connection because that is a violation of RFC 3261.
> In fact, it's perfectly legal for a SIP proxy or SIP server to refuse/reject SIP requests coming from a TCP connection that the proxy/server itself opened against a remote proxy/server. These are RFC 3261 rules, really.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list