SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead
@ 2015-09-24  8:54 Christophe Leroy
  2015-09-24 11:19 ` Patrick McHardy
  0 siblings, 1 reply; 3+ messages in thread
From: Christophe Leroy @ 2015-09-24  8:54 UTC (permalink / raw)
  To: Patrick McHardy, David S. Miller, Pablo Neira Ayuso
  Cc: Netfilter Development Mailing list, netfilter, TIXADOU Jean-Yves,
	PERRONNY Olivier

Hi,

I have an issue with the SIP conntrack:

In commit 30f33e6dee [NETFILTER]: nf_conntrack_sip: support method 
specific request/response handling
Modified by b20ab9cc63 netfilter: nf_ct_helper: better logging for 
dropped packets

SIP requests with no CSeq header are dropped by kernel before reaching 
the user app.

According to RFC4475 "Session Initiation Protocol (SIP) Torture Test 
Messages", requests with invalid CSeq should be responded with 400 Bad 
Request, and that's what my app does, but it can only do it if it 
receives the request.

How can we solve that ?

Christophe

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead
  2015-09-24  8:54 SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead Christophe Leroy
@ 2015-09-24 11:19 ` Patrick McHardy
  2015-09-24 11:49   ` Christophe Leroy
  0 siblings, 1 reply; 3+ messages in thread
From: Patrick McHardy @ 2015-09-24 11:19 UTC (permalink / raw)
  To: Christophe Leroy
  Cc: David S. Miller, Pablo Neira Ayuso,
	Netfilter Development Mailing list, netfilter, TIXADOU Jean-Yves,
	PERRONNY Olivier

On 24.09, Christophe Leroy wrote:
> I have an issue with the SIP conntrack:
> 
> In commit 30f33e6dee [NETFILTER]: nf_conntrack_sip: support method specific
> request/response handling
> Modified by b20ab9cc63 netfilter: nf_ct_helper: better logging for dropped
> packets
> 
> SIP requests with no CSeq header are dropped by kernel before reaching the
> user app.
> 
> According to RFC4475 "Session Initiation Protocol (SIP) Torture Test
> Messages", requests with invalid CSeq should be responded with 400 Bad
> Request, and that's what my app does, but it can only do it if it receives
> the request.

I don't see anything about missing CSeq-headers in that RFC, could you point
me to the correct chapter?

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead
  2015-09-24 11:19 ` Patrick McHardy
@ 2015-09-24 11:49   ` Christophe Leroy
  0 siblings, 0 replies; 3+ messages in thread
From: Christophe Leroy @ 2015-09-24 11:49 UTC (permalink / raw)
  To: Patrick McHardy
  Cc: David S. Miller, Pablo Neira Ayuso,
	Netfilter Development Mailing list, netfilter, TIXADOU Jean-Yves,
	PERRONNY Olivier



Le 24/09/2015 13:19, Patrick McHardy a écrit :
> On 24.09, Christophe Leroy wrote:
>> I have an issue with the SIP conntrack:
>>
>> In commit 30f33e6dee [NETFILTER]: nf_conntrack_sip: support method specific
>> request/response handling
>> Modified by b20ab9cc63 netfilter: nf_ct_helper: better logging for dropped
>> packets
>>
>> SIP requests with no CSeq header are dropped by kernel before reaching the
>> user app.
>>
>> According to RFC4475 "Session Initiation Protocol (SIP) Torture Test
>> Messages", requests with invalid CSeq should be responded with 400 Bad
>> Request, and that's what my app does, but it can only do it if it receives
>> the request.
> I don't see anything about missing CSeq-headers in that RFC, could you point
> me to the correct chapter?
>
RFC4475 gives no exemple explicitly about missing CSeq-headers, but it 
has some exemples for bad CSeq-headers in §3.1.2.4, §3.1.2.17 and §3.3.8 
where it expects 400 Bad request response.

In addition, §3.3.1 "Missing Required Header Fields" shows that 400 Bad 
Request is also expected in the case of missing Call-ID, From, or To 
mandatory headers. Taking into account RFC3261 §8.1.1, CSeq is also a 
mandatory header in the same way as Call-ID, From, or To, so the same 
answer should be expected.

RFC3261 §21.4.1 shows that 400 Bad request is to be used for missing 
headers.

Christophe

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-09-24 11:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-24  8:54 SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead Christophe Leroy
2015-09-24 11:19 ` Patrick McHardy
2015-09-24 11:49   ` Christophe Leroy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).