Re: conntrack_sip bug

["Andrew O. Zhukov" <andre@telegroup.com.ua>]

Patrick McHardy пишет:
> Andrew O. Zhukov wrote:
>> No answers from netfilter list.
>>
>> I can exactly show the point where how this bug appeared include dumps 
>> from all points.
>>
>>
>> Andrew O. Zhukov пишет:
>>> Кernel 2.6.25.14-69.fc8
>>> iptables-1.4.1.1-1.fc8.x86_64.rpm
>>>
>>> followed trouble:
>>>
>>> SIP gw                  Fedora               SipProxy      Аsterisk
>>> 192.168.2.24   192.168.2.1 666.666.34.46  555.555.184.13  555.555.184.13
>>>
>>> Sip proxy without RTP proxy for not nat cusomers. It considetate SIP 
>>> GW as 666.666.34.46 and do not switch on RTP proxy.
>>>
>>> call from SIP GW to Asterisk. Dump from Fedorа:
>>>
>>> U 2009/03/05 21:00:11.899191 555.555.184.13:5060 -> 192.168.2.24:5060
>>>   SIP/2.0 183 Session Progress..Via: SIP/2.0/UDP 
>>> 555.555.184.13:5060;branch=z9hG4bK878912355;rport=1025..From: 
>>> "212ua1" <sip
>>>   :101563@xxx.com>;tag=66346232..To: 
>>> <sip:2292694@xxx.com>;tag=as41f52f95..Call-ID: 
>>> 1295544592-5060-4@192.168.2.24..
>>> .....
>>> ..Contact: <sip:2292694@555.555.184.2>..Content-Type: 
>>> application/sdp..Content-Length: 263....v=0..o=root 277
>>>   97 27797 IN IP4 ___555.555.184.2_____..s=session..c=IN IP4 ___555.555.184.2_____..t=0

It's the real address of rtp stream

>>>
>>> ---
>>> 180 Ringing without sdp
>>> ---
>>>
>>> U 2009/03/05 21:00:20.753646 555.555.184.13:5060 -> 192.168.2.24:5060
>>>   SIP/2.0 200 OK..Via: SIP/2.0/UDP 
>>> 555.555.184.13:5060;branch=z9hG4bK878912355;rport=1025..Record-Route: 
>>> <sip:555.555.184.13;
>>>   lr=on;ftag=66346232>..From: "212ua1" 
>>> <sip:101563@xxx.com>;tag=66346232..To: 
>>> <sip:2292694@xxx.com>;tag=as41f52f95..C
>>>   all-ID: 1295544592-5060-4@192.168.2.24..CSeq: 31 
>>> INVITE..User-Agent: Telegroup Ukraine..Allow: INVITE, ACK, CANCEL, OPTIO
>>>   NS, BYE, REFER, SUBSCRIBE, NOTIFY..Supported: replaces..Contact: 
>>> <sip:2292694@555.555.184.2>..Content-Type: application/sd
>>>   p..Content-Length: 265....v=0..o=root 27797 27798 IN IP4 
>>> ______555.555.184.13___________..s=session..c=IN IP4 ___________555.555.184.13_________..t=0 0..m=audio

Here !!! You try to fix this packet. As the result inside GW send RTP to
555.555.184.13 instead  555.555.184.2

>>>    29444 RTP/AVP 18 101..a=rtpmap:18 G729/8000..a=fmtp:18 
>>> annexb=no..a=rtpmap:101 telephone-event/8000..a=fmtp:101 0-16..a=
>>>   silenceSupp:off - - - -..a=ptime:20..a=sendrecv..
>>>
>>> in the "OK" message Аsterisk ip addresses in SDP changed to the ip 
>>> addresses of SipProxy by sip_conntrack. I can provide DUMP from the 
>>> SipProxy and the complete set of dumps for developers.
>>>
>>> Thanks in advance.
> 
> There's a lot of addresses in there :) Could you please point to the
> exact header which got rewritten incorrectly?

I even find it in sources several minutes before send this post.

Look at nf_conntrack_sip.c
after comments
/* RTP info only in some SDP pkts */

You change SDP in outgoing and incoming packets. However, you have to do 
it only for outgoing. Otherwise, like in this example You'll have a 
trouble with RTP in connecttion over SIP Proxy without RTP Proxy.


> 
> Also, please post the module parameters you're using when loading the
> SIP conntrack/NAT modules.

Actually I do not load this module. It's default Fedora 8 package.
Even if I unload module using rmod , modprobe -r etc.. it continue
break packets... :(

> -- 
> To unsubscribe from this list: send the line "unsubscribe 
> netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 


-- 
Andrew O. Zhukov
Telegroup Ukraine
Technical director.
Phone 380-44-2308228
Cell 380-67-4017256
Fax 380-44-2386027
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html