From: Christophe Leroy <christophe.leroy@c-s.fr>
To: Patrick McHardy <kaber@trash.net>
Cc: "David S. Miller" <davem@davemloft.net>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Netfilter Development Mailing list
<netfilter-devel@vger.kernel.org>,
netfilter@vger.kernel.org,
TIXADOU Jean-Yves <jean-yves.tixadou@c-s.fr>,
PERRONNY Olivier <olivier.perronny@c-s.fr>
Subject: Re: SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead
Date: Thu, 24 Sep 2015 13:49:48 +0200 [thread overview]
Message-ID: <5603E35C.4040500@c-s.fr> (raw)
In-Reply-To: <20150924111908.GA32673@macbook.localdomain>
Le 24/09/2015 13:19, Patrick McHardy a écrit :
> On 24.09, Christophe Leroy wrote:
>> I have an issue with the SIP conntrack:
>>
>> In commit 30f33e6dee [NETFILTER]: nf_conntrack_sip: support method specific
>> request/response handling
>> Modified by b20ab9cc63 netfilter: nf_ct_helper: better logging for dropped
>> packets
>>
>> SIP requests with no CSeq header are dropped by kernel before reaching the
>> user app.
>>
>> According to RFC4475 "Session Initiation Protocol (SIP) Torture Test
>> Messages", requests with invalid CSeq should be responded with 400 Bad
>> Request, and that's what my app does, but it can only do it if it receives
>> the request.
> I don't see anything about missing CSeq-headers in that RFC, could you point
> me to the correct chapter?
>
RFC4475 gives no exemple explicitly about missing CSeq-headers, but it
has some exemples for bad CSeq-headers in §3.1.2.4, §3.1.2.17 and §3.3.8
where it expects 400 Bad request response.
In addition, §3.3.1 "Missing Required Header Fields" shows that 400 Bad
Request is also expected in the case of missing Call-ID, From, or To
mandatory headers. Taking into account RFC3261 §8.1.1, CSeq is also a
mandatory header in the same way as Call-ID, From, or To, so the same
answer should be expected.
RFC3261 §21.4.1 shows that 400 Bad request is to be used for missing
headers.
Christophe
prev parent reply other threads:[~2015-09-24 11:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-24 8:54 SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead Christophe Leroy
2015-09-24 11:19 ` Patrick McHardy
2015-09-24 11:49 ` Christophe Leroy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5603E35C.4040500@c-s.fr \
--to=christophe.leroy@c-s.fr \
--cc=davem@davemloft.net \
--cc=jean-yves.tixadou@c-s.fr \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
--cc=olivier.perronny@c-s.fr \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).