### Description
Event routes that are executed without a real SIP message available use the default "fake SIP message". The fake message has a source IPv4 address of 1.0.0.127 which belongs to CloudFlare (1.0.0.0/24).. and this led us to believe that traffic is coming from CF but could not find the messages on tcpdumps or HEP exports. Had a bit of a wild goose chase there trying to find the source. I believe the original intention has been to use 127.0.0.1 loopback address but the bytes are reversed at:
https://github.com/kamailio/kamailio/blob/master/src/core/fmsg.c#L78
It would be best to change this address to well ANYTHING that doesn't imply CloudFlare is pinging you 😂
Thanks for the report. Yes, it should be probably changed to e.g. 127.0.0.1 or another address from this range.
It looks like reversed order, what is the operating system and the compiler used?
Closed #3817 as completed.
This should be fixed by parsing the loopback ip instead of direct filling of ip addr fields. It will be backported. Reopen if still an issue.