[asterisk-bugs] [JIRA] (ASTERISK-29241) pjsip / register: wrong port used in Contact and Via if multiple transports are defined.

Michael Maier (JIRA) noreply at issues.asterisk.org
Tue Jun 15 13:16:33 CDT 2021


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=255391#comment-255391 ] 

Michael Maier commented on ASTERISK-29241:
------------------------------------------

I tested now with listener enabled. The actual patch fixes the problem of "pjsip show transports" showing the correct port now - that's correct - but breaks at the same time the ports used in Via and Contact header.

Example:
{code}
[t-easybell]
type=transport
protocol=tls
bind=192.168.1.94:5063
ca_list_file=/etc/pki/tls/certs/ca-bundle.crt
method=tlsv1_2
verify_server=yes
{code}
{code}
localhost*CLI> pjsip show transports

Transport:  <TransportId........>  <Type>  <cos>  <tos>  <BindAddress....................>
==========================================================================================

Transport:  t-easybell                tls      3    184  192.168.1.94:5063
{code}

The registration to easybell opens the following static TCP connection:
{code}
[root at localhost ~]# netstat -tnup
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 192.168.1.94:33917      212.172.58.207:5061     ESTABLISHED 9001/asterisk
{code}

If you're now placing an outbound call via easybell, the existing connection via port 192.168.1.94:33917 -> 212.172.58.207:5061 is used. But in Via and Contact header, port 5063 is placed - which is wrong.
The original patch fixed both scenarios whereas the actual patch fixes just the presentation in pjsip show transports and breaks the SIP protocol.

> pjsip / register: wrong port used in Contact and Via if multiple transports are defined.
> ----------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-29241
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29241
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_outbound_registration
>    Affects Versions: 18.0.1
>         Environment: CentOS 7 x86_64
>            Reporter: Michael Maier
>
> Define some transports:
> CLI> pjsip show transports
> {code}
> Transport:  <TransportId........>  <Type>  <cos>  <tos>  <BindAddress....................>
> ==========================================================================================
> Transport:  0.0.0.0-tls               tls      3    184  0.0.0.0:5061
> Transport:  0.0.0.0-tls2              tls      3    184  0.0.0.0:5062
> Transport:  0.0.0.0-tls3              tls      3    184  0.0.0.0:5063
> Transport:  0.0.0.0-udp               udp      3    184  0.0.0.0:5060 
> {code}
> The 3 TLS transports are added to different trunk configuration. 2 examples:
> {code}
> CLI> pjsip show registration telekomPJSIP-001
>  <Registration/ServerURI..............................>  <Auth..........>  <Status.......>
> ==========================================================================================
>  telekomPJSIP-001/sip:tel.t-online.de                    telekomPJSIP-001  Registered
>  ParameterName            : ParameterValue
>  ============================================================
>  auth_rejection_permanent : true
>  client_uri               : sip:+49... at tel.t-online.de
>  contact_header_params    :
>  contact_user             : +49...
>  endpoint                 : telekomPJSIP-001
>  expiration               : 660
>  fatal_retry_interval     : 0
>  forbidden_retry_interval : 10
>  line                     : true
>  max_retries              : 10000
>  outbound_auth            : telekomPJSIP-001
>  outbound_proxy           :
>  retry_interval           : 60
>  server_uri               : sip:tel.t-online.de
>  support_mediasec         : true
>  support_outbound         : no
>  support_path             : false
>  transport                : 0.0.0.0-tls
> CLI> pjsip show registration telekomPJSIP-002
>  <Registration/ServerURI..............................>  <Auth..........>  <Status.......>
> ==========================================================================================
>  telekomPJSIP-002/sip:tel.t-online.de                    telekomPJSIP-002  Registered
>  ParameterName            : ParameterValue
>  =============================================================
>  auth_rejection_permanent : true
>  client_uri               : ...
>  contact_header_params    :
>  contact_user             : ...
>  endpoint                 : telekomPJSIP-002
>  expiration               : 660
>  fatal_retry_interval     : 0
>  forbidden_retry_interval : 10
>  line                     : true
>  max_retries              : 10000
>  outbound_auth            : telekomPJSIP-002
>  outbound_proxy           :
>  retry_interval           : 60
>  server_uri               : sip:tel.t-online.de
>  support_mediasec         : true
>  support_outbound         : no
>  support_path             : false
>  transport                : 0.0.0.0-tls2
> CLI> pjsip show endpoint telekomPJSIP-001
>  Endpoint:  telekomPJSIP-001                                     Not in use    0 of inf
>     OutAuth:  telekomPJSIP-001/+49...
>         Aor:  telekomPJSIP-001                                   0
>       Contact:  telekomPJSIP-001/sip:+49... at tel.t-o 88c72b9045 Avail        13.944
>   Transport:  0.0.0.0-tls               tls      3    184  0.0.0.0:5061
>    Identify:  telekomPJSIP-001/telekomPJSIP-001
>         Match: 127.0.0.10/32
> CLI> pjsip show endpoint telekomPJSIP-002
>  Endpoint:  telekomPJSIP-002                                     Not in use    0 of inf
>     OutAuth:  telekomPJSIP-002/+49...
>         Aor:  telekomPJSIP-002                                   0
>       Contact:  telekomPJSIP-002/sip:+49... at tel.t- 7f03d717f5 Avail        13.425
>   Transport:  0.0.0.0-tls2              tls      3    184  0.0.0.0:5062
>    Identify:  telekomPJSIP-002/telekomPJSIP-002
>         Match: 127.0.0.10/32
> [root at myfw ~]# netstat -n | grep 506
> tcp        0      0 3.2.1.5:53527       217.0.20.195:5061       ESTABLISHED
> tcp        0      0 3.2.1.5:49161       217.0.20.195:5061       ESTABLISHED
> tcp        0      0 3.2.1.5:56727       217.0.20.195:5061       ESTABLISHED
> I verified via tcpdump, that each Register now uses its own connection.
> Next, I checked the Register packets - to telekomPJSIP-001, e.g:
> Via: SIP/2.0/TLS 3.2.1.5:5062;rport;branch=...
>                          ^^^^
> Contact: <sip:+49... at 3.2.1.5:5062;transport=TLS;line=...>
>                              ^^^^ 
> {code}
> => this should be 5061 (because of transport 0.0.0.0-tls which refers to 5061) - not 5062 ...
> => It turns out, that *all* Registers of all trunks are using port 5062 now. Why that? 5061 and 5063 is ignored completely.
> Error can be seen in log and is printed by pjsip_message_filter.c:
> {code}
> static pj_status_t filter_on_tx_message(pjsip_tx_data *tdata)
> ...
> ast_debug(5, "Re-wrote Contact URI host/port to %.*s:%d (this may be re-written again later)\n",
>                                 (int)pj_strlen(&uri->host), pj_strbuf(&uri->host), uri->port);
> {code}
> I didn't test with 18.1.x - but I guess that it could behave the same way.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list