[SR-Users] kamailio as UAC and NAPTR / sendsocket question

Karsten Horsmann khorsmann at gmail.com
Wed Jul 3 18:38:28 CEST 2019


Hi List,
Hi Daniel,

any one here that can imagine why force sendsocket generates an udp packet
if the target accept only tcp? And without fs it generates an tcp packet.
For uac registrations outbound?


In my lab it's working without force send socket, cos the Paket is
generated with the first private ip that the linux server had configured
(and where the default route is reachable).

Network setup is like that :

Firewall (routes public ip to Kamailio via an privat IP of Kamailio box) -
- > Kamailio server (in DMZ).

And back of course.

All other szencarios (sip traffic proxy acting) works like a charm.

Thanks

Kind regards

Karsten Horsmann <khorsmann at gmail.com> schrieb am Mi., 26. Juni 2019, 14:50:

> Hello Daniel
>
>
> i verifed that can send tcp with that public ip (used nc for that).
> Hopefully the linux-networking is not the problem.
>
> I tried method $fs="212.xx.xx.xx"; and force_send_socket("212.xx.xx.xx");
> Both versions (with and without transport=tcp param) but kamailio sends
> out via UDP.
>
> Any ideas?
>
> event_route[tm:local-request] {
>   if(!is_method("OPTIONS")) {
>         xlog("L_INFO", "[tm:local-request] request rm:[$rm] from fu:[$fu]
> to ru:[$ru] rP:[$rP] sut:[$sut] du:[$du] dP:[$dP] sas:[$sas]\n");
>   }
>   if(is_method("REGISTER")) {
>         xlog("its [$rm] [$ru] sas:[$sas]\n");
>
>         #$fs="$sas";
>         add_uri_param("transport=tcp");
>         # First try
>         # $fs="212.xx.xx.xx";
>         # Second try
>         # force_send_socket("212.xx.xx.xx");
>   }
> }
>
> tcpdump to see TCP or UDP outgoing:
>
>     212.xx.xx.xx.sip > 217.0.15.67.sip: [bad udp cksum 0xe921 -> 0x39df!]
> SIP, length: 459
>         REGISTER sip:sip-trunk.telekom.de;transport=tcp SIP/2.0
>         Via: SIP/2.0/UDP
> 212.xx.xx.xx;branch=z9hG4bKa4e7.2adf59a7000000000000000000000000.0;i=0
>         To: <sip:+49xxxxxx0 at sip-trunk.telekom.de>
>         From: <sip:+49xxxxxx at sip-trunk.telekom.de
> >;tag=4f1676d5afd8e4fcf22b77a7b449c44f-8d04
>         CSeq: 10 REGISTER
>         Call-ID: 17110ff874fd4810-19875 at 212.xx.xx.xx
>         Max-Forwards: 70
>         Content-Length: 0
>         User-Agent: SBC-OS
>         Contact: <sip:49xxxxxx at xx.xx.xx.xx>
>         Expires: 360
>
> <script>: [tm:local-request] request rm:[REGISTER] from fu:[
> sip:+49xxxxxx at sip-trunk.telekom.de] to ru:[sip:sip-trunk.telekom.de]
> rP:[UDP] sut:[sip:212.xx.xx.xx:5060;transport=tcp] du:[sip:
> reg.sip-trunk.telekom.de] dP:[UDP] sas:[tcp:212.xx.xx.xx:5060]
> <script>: its [REGISTER] [sip:sip-trunk.telekom.de]
> sas:[tcp:212.xx.xx.xx:5060]
>
>
> Cheers
> Karsten
>
> Am Mi., 26. Juni 2019 um 10:15 Uhr schrieb Daniel-Constantin Mierla <
> miconda at gmail.com>:
>
>> Hello,
>>
>> does it happen for both UDP and TCP? Or only for TCP is the private
>> interface used? Normally should work no matter the transport, try to force
>> only ip with force_send_sock("x.y.z.w").
>>
>> I assume that the IP routing rules allow traffic from private IP to
>> public addresses.
>>
>> Cheers,
>> Daniel
>>
>> On Fri, Jun 21, 2019 at 5:49 PM Karsten Horsmann <khorsmann at gmail.com>
>> wrote:
>>
>>> Hi List,
>>>
>>> after reading the corebook in the wiki and some issue reports (1), I
>>> think it's not possible to force the outgoing ip for uac.so registration.
>>>
>>> I saw traffic with
>>> 172.20.120.53:45689 - - - > reg.sip-trunk.telekom.de
>>>
>>> So that's random highport generated traffic tcp traffic on the first
>>> interface ip.
>>>
>>> AFAIK this behavior could not change, right?
>>>
>>> (1)
>>> https://github.com/kamailio/kamailio/issues/1532
>>>
>>>
>>> Karsten Horsmann <khorsmann at gmail.com> schrieb am Fr., 21. Juni 2019,
>>> 11:44:
>>>
>>>> Hi List,
>>>>
>>>>
>>>> I try to register to Deutsche Telekom and there product Deutschland Lan
>>>> siptrunk.
>>>>
>>>> Thats works find but i see an intressting behaviour on selecting the
>>>> right outgoing interface.
>>>> Kamailio is sending out with tcp the REQUEST via first private ip
>>>> configured on that server (172.20.120.53).
>>>> There is no listen directive for that.
>>>>
>>>> I forced NAPTR to use tcp or udp and i assume that kamailio got the
>>>> right dns answers.
>>>>
>>>> On the list i read also that i can use force_send_socket to force the
>>>> outgoing request.
>>>>
>>>> Now my idea - hey i use the $rP for the outgoing to select the right
>>>> outgoing listen directive.
>>>> $rP - reference to transport protocol of R-URI
>>>> But to my surprise the logfile told me thats "UDP" - it sends out via
>>>> TCP (thats okay).
>>>>
>>>> Whats an good transport selector variable from kamailio that works?
>>>>
>>>>
>>>> event_route[tm:local-request] {
>>>>   if(!is_method("OPTIONS")) {
>>>>         xlog("L_INFO", "[tm:local-request] request [$rm] from [$fu] to
>>>> [$ru] [$rP]\n");
>>>>   }
>>>> }
>>>>
>>>> INFO: <script>: [tm:local-request] request [REGISTER] from [
>>>> sip:+49XXXXXXXX at sip-trunk.telekom.de] to [sip:sip-trunk.telekom.de]
>>>> [UDP]
>>>>
>>>>
>>>> listen=tcp:2xx.xx.xx.xx:5060
>>>> listen=udp:2xx.xx.xx.xx:5060
>>>> listen=tls:2xx.xx.xx.xx:5061 advertise CFG_EXT_NAME:5061
>>>>
>>>>
>>>> listen=udp:172.20.120.55:5060
>>>> listen=udp:172.20.120.56:5060
>>>> listen=udp:172.20.120.57:5060
>>>> listen=udp:172.20.120.58:5060
>>>> listen=tcp:172.20.120.58:5060
>>>>
>>>>
>>>> use_dns_cache=on # use internal DNS cache
>>>> use_dns_failover=on # depends on internal DNS cache
>>>> dns_srv_loadbalancing=on
>>>> dns_try_naptr=on
>>>> dns_retr_time=1 # seconds before retrying a DNS request
>>>> dns_retr_no=3 # number of DNS retransmissions
>>>> dns_naptr_ignore_rfc=yes # ignore target NAPTR priority
>>>> dns_tcp_pref=30 # TCP has second-highest priority
>>>> dns_udp_pref=10 # use UDP with least priority
>>>> tcp_connection_lifetime=3605 # set higher than registration expires
>>>>
>>>> #dont' restore
>>>> modparam("uac","restore_mode","none")
>>>> modparam("uac","restore_dlg",0)
>>>>
>>>> ## UAC REGISTER
>>>> #!ifdef WITH_UAC_REGISTER
>>>> modparam("uac", "reg_contact_addr", "CFG_PROD_IP")
>>>> modparam("uac", "reg_timer_interval", 10)
>>>> modparam("uac", "reg_retry_interval", 10)
>>>> modparam("uac", "reg_db_url", DBURL)
>>>> modparam("uac", "restore_mode", "none")
>>>> modparam("uac", "auth_username_avp", "$avp(AVP_AUTH_USERNAME)")
>>>> modparam("uac", "auth_password_avp", "$avp(AVP_AUTH_PASSWORD)")
>>>> modparam("uac", "auth_realm_avp", "$avp(AVP_AUTH_REALM)")
>>>> #!endif
>>>>
>>>>
>>>>
>>>> ip a l
>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>>>> group default qlen 1000
>>>>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>>>     inet 127.0.0.1/8 scope host lo
>>>>        valid_lft forever preferred_lft forever
>>>>     inet6 ::1/128 scope host
>>>>        valid_lft forever preferred_lft forever
>>>> 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>>> state UP group default qlen 1000
>>>>     link/ether 00:50:56:b5:c1:48 brd ff:ff:ff:ff:ff:ff
>>>>     inet 172.20.120.53/24 brd 172.20.120.255 scope global ens192
>>>>        valid_lft forever preferred_lft forever
>>>>     inet 2xx.xx.xx.xx/29 scope global ens192
>>>>        valid_lft forever preferred_lft forever
>>>>     inet 172.20.120.56/24 scope global secondary ens192
>>>>        valid_lft forever preferred_lft forever
>>>>     inet 172.20.120.57/24 scope global secondary ens192
>>>>        valid_lft forever preferred_lft forever
>>>>     inet 172.20.120.58/24 scope global secondary ens192
>>>>        valid_lft forever preferred_lft forever
>>>>     inet 172.20.120.55/24 brd 172.20.120.255 scope global secondary
>>>> ens192
>>>>        valid_lft forever preferred_lft forever
>>>>     inet6 fe80::250:56ff:feb5:c148/64 scope link
>>>>        valid_lft forever preferred_lft forever
>>>>
>>>> default via 172.20.120.253 dev ens192
>>>> 172.20.120.0/24 dev ens192 proto kernel scope link src 172.20.120.53
>>>> 2xx.xx.xx.xx/29 dev ens192 proto kernel scope link src 2xx.xx.xx.xx
>>>>
>>>>
>>>> --
>>>> Kind Regards
>>>> Mit freundlichen Grüßen
>>>> *Karsten Horsmann*
>>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>>
>> --
>> Daniel-Constantin Mierla - http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
>
> --
> Mit freundlichen Grüßen
> *Karsten Horsmann*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190703/8fb809a5/attachment.html>


More information about the sr-users mailing list