[asterisk-dev] [Code Review] 3948: Asterisk does not respect outbound proxy when sending qualify requests
Matt Jordan
reviewboard at asterisk.org
Tue Oct 14 09:48:30 CDT 2014
> On Aug. 29, 2014, 6:04 p.m., Damian Ivereigh wrote:
> > Thanks for all that info Matt. In answer to the question "how should outboundproxy behave", perhaps it might be useful to detail my setup. I have a number of Asterisk servers on an internal network with a kamailio server and a media proxy facing the internet. My goal was to harden the kamailio server and allow the asterisk servers to be less secure and allow each asterisk to define it's own peers. I want as close as possible for each Asterisk server to appear to the outside world as if they are externally connected (no NAT stuff), yet actually put everything through kamailio and the media proxy.
> >
> > So the obvious solution was to use outboundproxy to get asterisk to send its outgoing invites and registrations through the kamailio server which would mangle them so that everything appeared to come from the external server. However things fell apart when asterisk tried to send qualify requests direct (which the firewall blocked). Hence this fix. I really cannot see a situation where one would use an outboundproxy and then want to send the qualify requests directly.
>
> wdoekes wrote:
> Re: mem leak: https://reviewboard.asterisk.org/r/4016/
>
> As for the "how should the outboundproxy behave". I agree that this
> addition makes sense. But I'd like to hear someone else who uses
> obproxy to chime in too before giving this the go-ahead.
So, I haven't been able to drum up any feedback from those who use outboundproxy.
In the absence of any feedback, the only suggestion I have is that we apply the patch and hope for the best. I'd ask that Damian be willing to help respond to any outbound proxy issues that may arise as a result of this patch (which I would say has minimal risk, given the confidence that the current behavior is broken).
- Matt
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3948/#review13207
-----------------------------------------------------------
On Aug. 25, 2014, 5:04 p.m., Damian Ivereigh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/3948/
> -----------------------------------------------------------
>
> (Updated Aug. 25, 2014, 5:04 p.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: ASTERISK-24063
> https://issues.asterisk.org/jira/browse/ASTERISK-24063
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> The outboundproxy setting is ignored when sending the qualify packets (OPTIONS). This means that if an asterisk server is unable to send the packet directly to a peer, it is unable to qualify any non inbound registered peer (e.g. a peer SIP Trunk). This problem is found on asterisk-11.6-cert4 (and many others)
>
> It has been pointed out (thanks Walter Doekes), that the p->outboundproxy may not be freed at the end which would create a memory leak.
>
>
> Diffs
> -----
>
> certified/tags/11.6-cert4/channels/chan_sip.c 422052
>
> Diff: https://reviewboard.asterisk.org/r/3948/diff/
>
>
> Testing
> -------
>
> Have run this change in production for many months, however the possible memory leak issue needs to be verified.
>
>
> Thanks,
>
> Damian Ivereigh
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141014/14c85917/attachment.html>
More information about the asterisk-dev
mailing list