[Devel] Parse Errors, error_route and fixing common NAT ALG bugs
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Mar 12 08:52:12 CET 2007
Aron Rosenberg wrote:
> This is a discussion question mostly, but part bug report. Our
> application targets general consumers and as such we see a huge amount
> of "broken" SIP message traffic come to our servers. These are packets
> where "friendly" NATs/routers try to fixup the SIP traffic to undo the
> NAT behavior. While most of these routers do the right thing, we have
> noticed several that have bugs in their implementations. These bugs
> manifest themselves as a mangling of the SIP headers in one or another.
>
Yes - many ALGs sucks. A workaround is to put your SIP proxy to another
port - not 5060. Then, many ALGs do not detect the SIP traffic anymore.
This is why my opensers are listening on port 5050 to.
> The major issue that we see in consumer routers is that the Via: header
> has been reconstructed incorrectly. The OpenSER bug that we see here is
> that an incorrect Via header does NOT result in error_route being
> invoked, nor does it result in a 400 error packet being sent to the
> originator either.
>
>
>
> The discussion point is should OpenSER try to "fix" these broken routers
> so that the traffic can be used correctly. Two of the most common errors
> that our servers see are below
>
>
>
> Issue 1. The via header has a port that is totally out of range. This
> error comes from the default DSL modem that Embarq / Sprint.net ships to
> their customers.
>
>
>
> Via: SIP/2.0/UDP
> 1.1.1.1:13088001;branch=z9hG4bK-d87543-0865e7125c508513-1--d87543-;rport
IMO, this should be forwarded to the routing-script as the rport allows
correct routing.
> Issue 2. The via header originally had a rport param from our client,
> but the router stripped it off incorrectly, notice how it ends in just a
> ; We believe this error is caused by Linksys WRT54G routers that don't
> have recent firmware.
>
> Via: SIP/2.0/UDP
> 1.1.1.1:56261;branch=z9hG4bK-d87543-9b572d31e0515e44-1--d87543-;
I have seen this many times too. The Via parser detects an error and the
message will be discarded before entering the routing script. IMO it
also makes sense to allow a ";" at the end - maybe turned on with a
parameter: "relaxed_via_checking=yes"
regards
klaus
>
> In both of these cases the NAT / router is changing the existing VIA
> header rather than adding a new VIA line
>
>
>
>
>
> The question is should OpenSER allows these errors to proceed to the
> script layer? Right now it just swallows the packet.
>
>
>
> Issue 1, if allowed to reach the script layer would be fixed by our call
> to nat_uac_test("23") and fix_nated_contact().
>
>
>
> Issue 2, I am not so sure what the behavior would be if it reached the
> script layer.
>
>
>
> Thoughts?
>
>
>
> -Aron Rosenberg
>
> SightSpeed Inc.
>
> http://www.sightspeed.com <http://www.sightspeed.com/>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
--
Klaus Darilion
nic.at
More information about the Devel
mailing list