[sr-dev] Proxy protocol issue

Federico Cabiddu federico.cabiddu at gmail.com
Fri Oct 15 11:42:54 CEST 2021


Hi all,
I've been recently testing kamailio support for proxy protocol which was
introduced by https://github.com/kamailio/kamailio/issues/1757. As reported
by others, even if kamailio is able to decode the proxy protocol and get
the client's original IP address, it is unable to send SIP messages to the
client which initiated the connection through the HA load balancer (nginx
in my case). After investigation I've found that there is no alias added to
the tcp connection aliases list for the tuple
CLIENT_IP:CLIENT_PORT/LOCAL_KAMAILIO_IP:KAMAILIO_PORT. This means that when
trying to forward a message to the originating client kamailio won't use
the existing connection with the load balancer/proxy but will try to
establish a new connection. The fact is that the function which parses the
proxy header overwrites the dst ip/port of the connection with the
"Destination IP" and "Destination Port" fields of the proxy header (
https://github.com/kamailio/kamailio/blob/f677dea597db6ceaa66a2755dd6e9e738855dc35/src/core/tcp_main.c#L989
for v2,
https://github.com/kamailio/kamailio/blob/f677dea597db6ceaa66a2755dd6e9e738855dc35/src/core/tcp_main.c#L1071
for v1). This fields contain the IP/port of the Load Balancer, not the
kamailio IP/Port, and kamailio will fail to find a tcp connection toward
the client's src IP since the Load Balancer IP is not a kamailio's local
socket.
I think that the destination IP of the connection shouldn't be rewritten
with the load balancer IP, unless I'm missing something.
Hopefully I've been clear enough explaining the issue :)
If you agree with the analysis I can prepare a PR for it.

Have you all a great weekend,

Federico Cabiddu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20211015/d90f0ab2/attachment.htm>


More information about the sr-dev mailing list