[OpenSIPS-Users] OpenSIPS Not Rewriting SDP Connection IP (c=)

Pasan Meemaduma pasandev at ymail.com
Thu Oct 11 12:04:41 EDT 2018


 Hi Steven, My understanding is that your nat_uac_test function never return true for your outgoing INVITEs due to the value you have used (23). I think you need to add 8 as well resulting 31 as the value to nat_uac_test function.
      - if (nat_uac_test("23")) {    
      +if (nat_uac_test("31")) {
8 - SDP is searched for occurrence of RFC1918 / RFC6598 addresses 

because by looking at your given INVITE packet sdp section holds the private ip which you are not testing, if your nat test success you should see following lines in your logs. But atm I don't see them in provided one.
xlog("L_INFO", "contact has been fixed for NAT"); xlog("L_INFO", "rtpproxy_offer has been executed");

    On Thursday, 11 October 2018, 8:57:58 PM GMT+5:30, Steven Platt <steven at olli-ai.com> wrote:  
 
 Hi Pasan, 
I'm not sure im understanding correctly on how to check for NAT in the relay route. I add "if (nat_uac_test("1"))   fix_nated_contact();" at the top of the relay route, but no luck. 
I have added additional log statements as well to check what functions are applied. The log shows the client flagged for NAT on registration, and again on reply_route as you say. 
Below I have pasted the log prints and the full route config. Hopefully this will give more information. On my test call, the contact field is still not updated with the RTP Proxy address. Thanks again for your response. 
--------------------
Call: Desktop (origination) ---> (Corporate NAT) ---> OPENSIPS ---> (CARRIER NAT) ---> Android
ROUTE CONFIGURATION
####### Routing Logic ########
# main request routing logic
route{    /* see declaration of tid in trace_id section */    $var(trace_id) = "tid";    $var(user) = "osip_user at opensips.org";
        force_rport();        if (nat_uac_test("23")) {                if (is_method("REGISTER")) {                        fix_nated_register();                        setbflag(NAT);                        #sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");                        xlog("L_INFO", "registration has been flagged for NAT");                } else {                        fix_nated_contact();                        xlog("L_INFO", "contact has been fixed for NAT");                        setflag(NAT);                }        }

        if (!mf_process_maxfwd_header("10")) {                sl_send_reply("483","Too Many Hops");                exit;        }
        if (has_totag()) {                # sequential request withing a dialog should                # take the path determined by record-routing
                if (loose_route()) {
                        # validate the sequential request against dialog                        if ( $DLG_status!=NULL && !validate_dialog() ) {                                xlog("In-Dialog $rm from $si (callid=$ci) is not valid according to dialog\n");                                ## exit;                        }
                        if (is_method("BYE")) {                                # do accounting even if the transaction fails                                do_accounting("db","failed");
                        } else if (is_method("INVITE")) {
                                # even if in most of the cases is useless, do RR for                                # re-INVITEs alos, as some buggy clients do change route set                                # during the dialog.                                rtpproxy_engage();                                xlog("L_INFO", "rtpproxy has been engaged");                                record_route();                        }
                        if (check_route_param("nat=yes"))                                setflag(NAT);
                        # route it out to whatever destination was set by loose_route()                        # in $du (destination URI).                        route(relay);                        xlog("L_INFO", "route has been sent to relay due to nat=yes flag");                } else {
                        if ( is_method("ACK") ) {                                if ( t_check_trans() ) {                                        # non loose-route, but stateful ACK; must be an ACK after                                        # a 487 or e.g. 404 from upstream server                                        t_relay();                                        exit;                                } else {                                        # ACK without matching transaction ->                                        # ignore and discard                                        exit;                                }                        }                        sl_send_reply("404","Not here");                }                exit;        }
        # CANCEL processing        if (is_method("CANCEL"))        {                if (t_check_trans())                        t_relay();                exit;        }
        t_check_trans();
        if ( !(is_method("REGISTER")  ) ) {
                if (from_uri==myself)
                {
                        # authenticate if from local subscriber                        # authenticate all initial non-REGISTER request that pretend to be                        # generated by local subscriber (domain from FROM URI is local)                        if (!proxy_authorize("", "subscriber")) {                                proxy_challenge("", "0");                                exit;                        }                        if (!db_check_from()) {                                sl_send_reply("403","Forbidden auth ID");                                exit;                        }
                        consume_credentials();                        # caller authenticated
                } else {                        # if caller is not local, then called number must be local
                        if (!uri==myself) {                                send_reply("403","Rely forbidden");                                exit;                        }                }
        }
        # preloaded route checking        if (loose_route()) {                xlog("L_ERR",                "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");                if (!is_method("ACK"))                        sl_send_reply("403","Preload Route denied");                exit;        }
        # record routing        if (!is_method("REGISTER|MESSAGE"))                record_route();
        # account only INVITEs        if (is_method("INVITE")) {
                # create dialog with timeout                if ( !create_dialog("B") ) {                        send_reply("500","Internal Server Error");                        exit;                }
                do_accounting("db");
        }

        if (!uri==myself) {                append_hf("P-hint: outbound\r\n");
                route(relay);        }
        # requests for my domain
        if (is_method("PUBLISH|SUBSCRIBE"))        {                sl_send_reply("503", "Service Unavailable");                exit;        }
        if (is_method("REGISTER"))        {
                # authenticate the REGISTER requests                if (!www_authorize("", "subscriber"))                {                        www_challenge("", "0");                        exit;                }
                if (!db_check_to())                {                        sl_send_reply("403","Forbidden auth ID");                        exit;                }
                if ( proto==TCP ||  0 ) setflag(TCP_PERSISTENT);
                if (isflagset(NAT)) {                        setbflag(SIP_PING_FLAG);                        xlog("L_INFO", "SIP_PING_FLAG set");                }
                if (!save("location"))                        sl_reply_error();
                exit;        }
        if ($rU==NULL) {                # request with no Username in RURI                sl_send_reply("484","Address Incomplete");                exit;        }

        # apply DB based aliases        alias_db_lookup("dbaliases");

        # apply transformations from dialplan table        dp_translate("0","$rU/$rU");


        # do lookup with method filtering        if (!lookup("location","m")) {                if (!db_does_uri_exist()) {                        send_reply("420","Bad Extension");                        exit;                }
                t_newtran();                t_reply("404", "Not Found");                exit;        }
        if (isbflagset(NAT)) setflag(NAT);
        # when routing via usrloc, log the missed calls also        do_accounting("db","missed");
        route(relay);}

route[relay] {
        if (nat_uac_test("1"))                xlog("L_INFO", "NAT contact fixed on relay route");                fix_nated_contact();
        # for INVITEs enable some additional helper routes        if (is_method("INVITE")) {
        sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");
                if ( isflagset(NAT) ) {                        rtpproxy_offer("of", "[OPENSIPS IP]");                        xlog("L_INFO", "rtpproxy_offer has been executed");                }
                t_on_branch("per_branch_ops");                t_on_reply("handle_nat");                t_on_failure("missed_call");        }
        if (isflagset(NAT)) {                add_rr_param(";nat=yes");                }
        if (!t_relay()) {                send_reply("500","Internal Error");        };        exit;}

branch_route[per_branch_ops] {        xlog("new branch at $ru\n");}

onreply_route[handle_nat] {
   #sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");
        if (nat_uac_test("1"))                fix_nated_contact();        if ( isflagset(NAT))                rtpproxy_answer("of", "[OPENSIPS IP]");                xlog("L_INFO", "rtpproxy_answer has been executed");        xlog("incoming reply\n");}

failure_route[missed_call] {        if (t_was_cancelled()) {                exit;        }
        # uncomment the following lines if you want to block client        # redirect based on 3xx replies.        ##if (t_check_status("3[0-9][0-9]")) {        ##t_reply("404","Not found");        ##      exit;        ##}

}


local_route {        if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
                acc_db_request("200 Dialog Timeout", "acc");
        }}

LOG OUTPUT
Oct 11 15:06:33 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: registration has been flagged for NATOct 11 15:06:33 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: registration has been flagged for NATOct 11 15:06:34 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: registration has been flagged for NATOct 11 15:06:34 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: registration has been flagged for NATOct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23681]: INFO:core:probe_max_sock_buff: using snd buffer of 416 kbOct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23681]: INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 88Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: registration has been flagged for NATOct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: registration has been flagged for NATOct 11 15:06:41 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: registration has been flagged for NATOct 11 15:06:41 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: registration has been flagged for NATOct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: new branch at sip:1001@[CORPORATE NAT IP]:44876;transport=TCP;rinstance=890c499f01f2952dOct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: new branch at sip:1001@[CARRIER NAT IP]:64261;transport=TCP;rinstance=08e5da8067b3e532Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: new branch at sip:1001@[CARRIER NAT IP]:42804;transport=TCP;rinstance=e880e7c4509fbf0bOct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: INFO:core:probe_max_sock_buff: using snd buffer of 416 kbOct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 80Oct 11 15:06:48 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: rtpproxy_answer has been executedOct 11 15:06:48 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: incoming replyOct 11 15:06:49 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: rtpproxy_answer has been executedOct 11 15:06:49 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: incoming replyOct 11 15:06:50 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: rtpproxy_answer has been executedOct 11 15:06:50 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: incoming replyOct 11 15:06:51 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: rtpproxy_answer has been executedOct 11 15:06:51 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: incoming reply
On Wed, Oct 10, 2018 at 4:55 AM Pasan Meemaduma via Users <users at lists.opensips.org> wrote:

 Hi Steven,
looking at your config it doesn't seems you are testing for nat in your main route. only on reply route your have nat_uac_test function called.you need to do the same in main route and set the NAT flag otherwise your condition "if ( isflagset(NAT) ) {rtpproxy_offer("of", "OPENSIPS IP");}" to use rtpproxy won't work. you can verfiy it by adding an xlog statement inside that condition. As per the given config it shouldn't print anything in log.

    On Tuesday, 9 October 2018, 10:55:02 PM GMT+5:30, Steven Platt <steven at olli-ai.com> wrote:  
 
 Good morning, 
I have an installation of OpenSIPS 2.3.5, with RTPProxy running on a single server. RTP Proxy is running as normal, and logs show support for it enabled during initial connection leg. 
My error is that Opensips does not update the connection IP (c=) of the SDP to force media to be proxied with RTPProxy. Instead, it keep the endpoint IP, which is behind a NAT, because of this - I have no audio.
Is there something I miss in the configuration to enforce the update of the connection IP in the SDP? (so that media goes through opensips/rtpproxy)
----------------------------
My flow: 
desktop client (zoiper) <--> corporate NAT <--> OPENSIPS <--> carrier NAT <--> android (zoiper)
Invite SDP Sent from Desktop Zoiper Client: 
Via: SIP/2.0/TCP [CORPORATE NAT]:59401;branch=z9hG4bK-524287-1---fecce2d50d9d5c20;rportMax-Forwards: 70Contact: <sip:1000@[CORPORATE NAT]:59401;transport=TCP>To: <sip:1001@[OPENSIPS]:5060;transport=TCP>From: <sip:1000@[OPENSIPS]:5060;transport=TCP>;tag=b27a0843Call-ID: QMoyxf6JGTFYvxS5X8NsnA..CSeq: 2 INVITEAllow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBEContent-Type: application/sdpProxy-Authorization: Digest username="1000",realm="[OPENSIPS IP]",nonce="5bbcdde1000000172b9f0086711cd36194c50f208fa420de",uri="sip:1001@[OPENSIPS IP]:5060;transport=TCP",response="a609cb9d82930d2d32668d8d51d64cb4",algorithm=MD5User-Agent: Z 5.2.19 rv2.8.99Allow-Events: presence, kpml, talkContent-Length: 161
v=0o=Z 0 0 IN IP4 [DESKTOP IP]s=Zc=IN IP4 [DESKTOP IP]t=0 0m=audio 8000 RTP/AVP 0 101 8a=rtpmap:101 telephone-event/8000a=fmtp:101 0-16a=sendrecv
The 200OK sent by Opensips to the calling device: 
Via: SIP/2.0/TCP [CORPORATE NAT] :59401;received=[CARRIER IP];branch=z9hG4bK-524287-1---fecce2d50d9d5c20;rport=59401Record-Route: <sip:[OPENSIPS IP];transport=tcp;lr;did=081.1ad6d9>Contact: <sip:1001@[CORPORATE NAT]:50758;transport=TCP>To: <sip:1001@[OPENSIPS IP]:5060;transport=TCP>;tag=07be6967From: <sip:1000@[OPENSIPS IP]:5060;transport=TCP>;tag=b27a0843Call-ID: QMoyxf6JGTFYvxS5X8NsnA..CSeq: 2 INVITEAllow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBEContent-Type: application/sdpUser-Agent: Zoiper rv2.8.105Allow-Events: presence, kpml, talkContent-Length: 245
v=0o=Zoiper 0 1 IN IP4 [ANDROID IP]s=Zoiperc=IN IP4 [ANDROID IP]t=0 0m=audio 42032 RTP/AVP 0 3 8 101a=rtpmap:0 PCMU/8000a=rtpmap:3 GSM/8000a=rtpmap:8 PCMA/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-16a=sendrecv
---------------------------------------------------
OpenSIPS Config

route[relay] {        if (is_method("INVITE")) {
                if ( isflagset(NAT) ) {                        rtpproxy_offer("of", "OPENSIPS IP");                }
                t_on_branch("per_branch_ops");                t_on_reply("handle_nat");                t_on_failure("missed_call");        }
        if (isflagset(NAT)) {                add_rr_param(";nat=yes");                }
        if (!t_relay()) {                send_reply("500","Internal Error");        };        exit;}

onreply_route[handle_nat] {
        if (nat_uac_test("1"))
                fix_nated_contact();        if ( isflagset(NAT) )                rtpproxy_answer("of", "OPENSIPS IP");        xlog("incoming reply\n");}
----------------------------------------------
I also do not see the (";nat=yes") being added in the SDP. Do I understand correct that the script is not catching this call and flagging it correct as NAT?
At this time, all signaling works as normal - only media is not being pinned to the opensips IP in the 200 OK response. 
Thanks in advance for any guidance on this one. 
_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
  _______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20181011/e3d524e6/attachment-0001.html>


More information about the Users mailing list