[asterisk-dev] [Code Review] 3948: Asterisk does not respect outbound proxy when sending qualify requests
Damian Ivereigh
reviewboard at asterisk.org
Fri Aug 29 18:04:34 CDT 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3948/#review13207
-----------------------------------------------------------
Thanks for all that info Matt. In answer to the question "how should outboundproxy behave", perhaps it might be useful to detail my setup. I have a number of Asterisk servers on an internal network with a kamailio server and a media proxy facing the internet. My goal was to harden the kamailio server and allow the asterisk servers to be less secure and allow each asterisk to define it's own peers. I want as close as possible for each Asterisk server to appear to the outside world as if they are externally connected (no NAT stuff), yet actually put everything through kamailio and the media proxy.
So the obvious solution was to use outboundproxy to get asterisk to send its outgoing invites and registrations through the kamailio server which would mangle them so that everything appeared to come from the external server. However things fell apart when asterisk tried to send qualify requests direct (which the firewall blocked). Hence this fix. I really cannot see a situation where one would use an outboundproxy and then want to send the qualify requests directly.
- Damian Ivereigh
On Aug. 25, 2014, 10:04 p.m., Damian Ivereigh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/3948/
> -----------------------------------------------------------
>
> (Updated Aug. 25, 2014, 10:04 p.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: ASTERISK-24063
> https://issues.asterisk.org/jira/browse/ASTERISK-24063
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> The outboundproxy setting is ignored when sending the qualify packets (OPTIONS). This means that if an asterisk server is unable to send the packet directly to a peer, it is unable to qualify any non inbound registered peer (e.g. a peer SIP Trunk). This problem is found on asterisk-11.6-cert4 (and many others)
>
> It has been pointed out (thanks Walter Doekes), that the p->outboundproxy may not be freed at the end which would create a memory leak.
>
>
> Diffs
> -----
>
> certified/tags/11.6-cert4/channels/chan_sip.c 422052
>
> Diff: https://reviewboard.asterisk.org/r/3948/diff/
>
>
> Testing
> -------
>
> Have run this change in production for many months, however the possible memory leak issue needs to be verified.
>
>
> Thanks,
>
> Damian Ivereigh
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20140829/641339ea/attachment-0001.html>
More information about the asterisk-dev
mailing list