[asterisk-bugs] [JIRA] (ASTERISK-26922) chan_sip: tcpbind uses wrong source address
Ksenia (JIRA)
noreply at issues.asterisk.org
Thu Apr 13 03:46:57 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-26922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ksenia updated ASTERISK-26922:
------------------------------
Attachment: sip_debug_call.txt
extensions.conf.txt
extensions.conf_asterisk_gw1.txt
sip_conf_asterisk_gw1.txt
Also attached debugs with a call to extension 5000. As I understand, the peer says "Forbidden" as
{code}
host=192.168.0.177
{code}
and the request comes from 192.168.0.172. With UDP the calls work.
> chan_sip: tcpbind uses wrong source address
> -------------------------------------------
>
> Key: ASTERISK-26922
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26922
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: 13.1.0
> Environment: Ubuntu 16.04
> 4.4.0-72-generic
> Reporter: Ksenia
> Assignee: Unassigned
> Attachments: config_sip, extensions.conf_asterisk_gw1.txt, extensions.conf.txt, ip_a, sip_conf_asterisk_gw1.txt, sip_conf.txt, sip_debug_call.txt, sip_debug.txt
>
>
> I am running asterisk 13.1.0 on Ubuntu server 16.04. There are two IP addresses from the same subnet set on one interface, and bindaddr is set to the second on them in sip.conf and in iax.conf.
> Incoming connections work as expected. However, for outgoing connections it seems that asterisk tells the kernel to use the specific "bind" address only in case of UDP usage (both SIP and IAX work like that). In case of outgoing TCP connections (SIP TCP and TLS) the first IP address from the interface is used.
> In my understanding, normally 'bind' should not only tell on which address to listen, but also which source address to request for outgoing connections, but it works only for UDP connections for some reason.
> {code}
> netstat -nlp | egrep '506[01]'
> tcp 0 0 192.168.0.177:5061 0.0.0.0:* LISTEN 13255/asterisk
> udp 0 0 192.168.0.177:5060 0.0.0.0:* 13255/asterisk
> {code}
> Source IP is set to the first IP address of the interface only when TCP is used. As I understand, the application (chan_sip in this case) should request kernel to use the specific source IP address (used in bind directive) for outgoing packets, however it seems to be done only for UDP. For outgoing packets on TCP/5061 I see the following:
> {code}
> IP 192.168.0.172.47596 > <mydestip>.5061: Flags [S], seq 2529313754, win 29200, options [mss 1460,sackOK,TS val 82765588 ecr 0,nop,wscale 7], length 0
> And with UDP as transport:
> IP 192.168.0.177.5060 > <mydestip>.5060: SIP: OPTIONS ....
> {code}
> I have also tried with the latest Asterisk built from sources with Ubuntu and Centos 7 - same behavior. I have also asked the community - they suggest I should report an issue.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list