<div dir="auto">pin</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 6 янв. 2021 г. в 1:02, Mark Murawski <<a href="mailto:markm-lists@intellasoft.net">markm-lists@intellasoft.net</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br>
<br>
I have the following situation here:<br>
<br>
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<br>
; WAN1 and traffic to PBX-A / PBX-B<br>
<br>
[transport-udp]<br>
type                       = transport<br>
symmetric_transport        = yes<br>
protocol                   = udp<br>
bind                       = <a href="http://10.13.13.38:5060" rel="noreferrer" target="_blank">10.13.13.38:5060</a><br>
external_media_address     = XX.94.171.40<br>
external_signaling_address = XX.94.171.40<br>
external_signaling_port    = 5060<br>
allow_reload               = yes<br>
tos                        = cs3<br>
cos                        = 3<br>
local_net                  = <a href="http://192.168.181.0/24" rel="noreferrer" target="_blank">192.168.181.0/24</a><br>
local_net                  = <a href="http://10.13.13.0/24" rel="noreferrer" target="_blank">10.13.13.0/24</a><br>
<br>
[transport-tcp]<br>
type                       = transport<br>
symmetric_transport        = yes<br>
protocol                   = tcp<br>
bind                       = <a href="http://10.13.13.38:5060" rel="noreferrer" target="_blank">10.13.13.38:5060</a><br>
external_media_address     = XX.94.171.40<br>
external_signaling_address = XX.94.171.40<br>
external_signaling_port    = 5060<br>
allow_reload               = yes<br>
tos                        = cs3<br>
cos                        = 3<br>
local_net                  = <a href="http://192.168.181.0/24" rel="noreferrer" target="_blank">192.168.181.0/24</a><br>
local_net                  = <a href="http://10.13.13.0/24" rel="noreferrer" target="_blank">10.13.13.0/24</a><br>
<br>
[transport-tcp-tls]<br>
type                       = transport<br>
symmetric_transport        = yes<br>
protocol                   = tls<br>
allow_reload               = yes<br>
bind                       = <a href="http://10.13.13.38:5061" rel="noreferrer" target="_blank">10.13.13.38:5061</a><br>
external_media_address     = XX.94.171.40<br>
external_signaling_address = XX.94.171.40<br>
external_signaling_port    = 5061<br>
tos                        = cs3<br>
cos                        = 3<br>
cert_file                  = /etc/asterisk/keys/asterisk.crt<br>
priv_key_file              = /etc/asterisk/keys/asterisk.key<br>
method                     = tlsv1_2<br>
local_net                  = <a href="http://192.168.181.0/24" rel="noreferrer" target="_blank">192.168.181.0/24</a><br>
local_net                  = <a href="http://10.13.13.0/24" rel="noreferrer" target="_blank">10.13.13.0/24</a><br>
<br>
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<br>
;;; WAN2<br>
;<br>
[transport-udp-wan2]<br>
type                       = transport<br>
symmetric_transport        = yes<br>
protocol                   = udp<br>
bind                       = <a href="http://10.13.13.39:5060" rel="noreferrer" target="_blank">10.13.13.39:5060</a><br>
external_media_address     = YY.9.5.40<br>
external_signaling_address = YY.9.5.40<br>
external_signaling_port    = 5060<br>
allow_reload               = yes<br>
tos                        = cs3<br>
cos                        = 3<br>
local_net                  = <a href="http://192.168.181.0/24" rel="noreferrer" target="_blank">192.168.181.0/24</a><br>
local_net                  = <a href="http://10.13.13.0/24" rel="noreferrer" target="_blank">10.13.13.0/24</a><br>
<br>
[transport-tcp-wan2]<br>
type                       = transport<br>
symmetric_transport        = yes<br>
protocol                   = tcp<br>
bind                       = <a href="http://10.13.13.39:5060" rel="noreferrer" target="_blank">10.13.13.39:5060</a><br>
external_media_address     = YY.9.5.40<br>
external_signaling_address = YY.9.5.40<br>
external_signaling_port    = 5060<br>
allow_reload               = yes<br>
tos                        = cs3<br>
cos                        = 3<br>
local_net                  = <a href="http://192.168.181.0/24" rel="noreferrer" target="_blank">192.168.181.0/24</a><br>
local_net                  = <a href="http://10.13.13.0/24" rel="noreferrer" target="_blank">10.13.13.0/24</a><br>
<br>
[transport-tcp-wan2-tls]<br>
type                       = transport<br>
symmetric_transport        = yes<br>
protocol                   = tls<br>
allow_reload               = yes<br>
bind                       = <a href="http://10.13.13.39:5061" rel="noreferrer" target="_blank">10.13.13.39:5061</a><br>
external_media_address     = YY.9.5.40<br>
external_signaling_address = YY.9.5.40<br>
external_signaling_port    = 5061<br>
tos                        = cs3<br>
cos                        = 3<br>
cert_file                  = /etc/asterisk/keys/asterisk.crt<br>
priv_key_file              = /etc/asterisk/keys/asterisk.key<br>
method                     = tlsv1_2<br>
local_net                  = <a href="http://192.168.181.0/24" rel="noreferrer" target="_blank">192.168.181.0/24</a><br>
local_net                  = <a href="http://10.13.13.0/24" rel="noreferrer" target="_blank">10.13.13.0/24</a><br>
<br>
I then have the following call<br>
<br>
INVITE<br>
(Call is attached)<br>
<br>
Packet from: ZZ.75.184.42<br>
Packet To: -> YY.9.5.40  (Ie: WAN2), Then firewall DNATs to<br>
   <a href="http://10.13.13.39:5061" rel="noreferrer" target="_blank">10.13.13.39:5061</a>, and asterisk gets the call<br>
<br>
Use Case:<br>
Now... in order for this dual-wan to operate correctly... say WAN1 is <br>
down.  Asterisk needs to be able to send RTP traffic (not just SIP <br>
Signalling) using the correct rtp bind, associated to the correct return <br>
transport and external_media_address<br>
<br>
My expectation here is that since Asterisk knows it's using <br>
transport-tcp-wan2-tls, and it has set the correct media source in the <br>
SDP to YY.9.5.40, that the RDP engine would then send media from <br>
10.13.13.39.  But it does not....<br>
<br>
During the above call, the outgoing RTP looks like this from tcpdump:<br>
08:52:13.234702 IP 10.13.13.38.16384 > ZZ.75.184.42.7078: UDP, length 182<br>
<br>
The closest thing I've found so far in digging deeper to resolve this <br>
is: res_pjsip_sdp_rtp.c<br>
<br>
static int create_rtp(struct ast_sip_session *session, struct <br>
ast_sip_session_media *session_media,<br>
         const pjmedia_sdp_session *sdp)<br>
{<br>
....snip....<br>
             transport = <br>
ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "transport",<br>
                         session->endpoint->transport);<br>
                 if (transport) {<br>
                         struct ast_sip_transport_state *trans_state;<br>
<br>
                         trans_state = <br>
ast_sip_get_transport_state(ast_sorcery_object_get_id(transport));<br>
                         if (trans_state) {<br>
                                 char hoststr[PJ_INET6_ADDRSTRLEN];<br>
<br>
                                 pj_sockaddr_print(&trans_state->host, <br>
hoststr, sizeof(hoststr), 0);<br>
                                 if <br>
(ast_sockaddr_parse(&temp_media_address, hoststr, 0)) {<br>
                                         ast_debug_rtp(1, "Transport %s <br>
bound to %s: Using it for RTP media.\n",<br>
<br>
session->endpoint->transport, hoststr);<br>
                                         media_address = <br>
&temp_media_address;<br>
                                 } else {<br>
                                         ast_debug_rtp(1, "Transport %s <br>
bound to %s: Invalid for RTP media.\n",<br>
<br>
session->endpoint->transport, hoststr);<br>
                                 }<br>
                                 ao2_ref(trans_state, -1);<br>
                         }<br>
                         ao2_ref(transport, -1);<br>
                 }<br>
<br>
<br>
Here we check if the transport is explicitly bound, and if so, we use <br>
it.... now if I do explicitly set the transport to <br>
transport-tcp-wan2-tls instead of leaving it unset, then RTP is sourced <br>
from the correct address.<br>
<br>
But this is a dynamic contact which could be talking to asterisk either <br>
on the 'WAN1' transports or the 'WAN2' transports.<br>
<br>
Given that SIP OPTIONS and such will go back to the correct transport, <br>
given the transport configuration above, it seems logical we should also <br>
be able to send RTP using the associated transport settings as well.<br>
<br>
So the issue here is that in res_pjsip_sdp_rtp.c, create_rtp().  I don't <br>
see a way to find the associated endpoint/contact... it's all pointing <br>
to null at this time.<br>
<br>
Am I in the right place?  Is there a further down the line place to <br>
handle rtp source, or is there a way to pull up the dynamically stored <br>
AST_SIP_X_AST_TXP here?<br>
<br>
Also... speaking of AST_SIP_X_AST_TXP, it doesn't appear to be set in <br>
all situations either.  Looking at core debug, logging and hits to <br>
'res_pjsip/pjsip_message_filter.c: Set transport', result in absolutely <br>
no usage of any of the -tls transports when OPTIONS come in from this <br>
peer, or any peer using tls.<br>
<br>
Examples:<br>
[2021-01-04 23:57:41.328] DEBUG[16309] res_pjsip/pjsip_message_filter.c: <br>
Set transport 'transport-udp' on OPTIONS from <a href="http://192.168.181.5:5060" rel="noreferrer" target="_blank">192.168.181.5:5060</a><br>
[2021-01-04 23:57:41.927] DEBUG[16309] res_pjsip/pjsip_message_filter.c: <br>
Set transport 'transport-udp' on OPTIONS from <a href="http://192.168.181.5:5060" rel="noreferrer" target="_blank">192.168.181.5:5060</a><br>
<br>
But, that's it... when getting OPTIONS over TLS, this is not tracked.<br>
-- <br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
   <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a></blockquote></div></div>