[OpenSIPS-Users] Wrong TCP socket being used on TLS registrations

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Sep 19 09:30:48 UTC 2023 

Hi Ray,

Do you use any TCP aliasing options in your cfg ?

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
   https://www.siphub.com

On 9/2/23 3:17 AM, Ray Jackson wrote:
>
> Hi all,
>
> I'm facing a weird issue which I think is related to broken TCP socket 
> reuse logic where the wrong client is receiving incoming calls due to 
> the wrong socket being used for the incoming INVITE.
>
> The scenario is when I have 2 clients registering using TLS behind NAT 
> at the same Public IPv4 address and both clients are using the same 
> private port number.  So client 1 registers and the Via and contact 
> header looks like:
>
> Via: SIP/2.0/TLS 
> 192.168.42.162:5062;branch=z9hG4bK1409895926;rport;alias Contact: 
> <sip:201 at 192.168.42.162:5062;transport=tls>;reg-id=2;+sip.instance="<urn:uuid:00000000-0000-1000-8000-C074AD928AC4>"
>
> Client 2 registers from behind the same Public IPv4 address and the 
> Via and contact header looks like:
>
> Via: SIP/2.0/TLS 192.168.42.186:5062;branch=z9hG4bK-aff1f3b3 Contact: 
> <sip:202 at 192.168.42.186:5062;transport=tls>;expires=300
>
> The location table shows Client 1 received field of 103.212.1.2:5062 
> and Client 103.212.1.2:23456
>
> When a call comes in for Client 1 the location lookup seems to return 
> the correct 'received' address and port (e.g. 103.212.1.2:5062) and 
> all the logs indicate that this is where the SIP INVITE *should* be 
> going to (in the $du field).  However when you check the SIP traffic 
> it selects Client 2's socket and the traffic goes to port 23456 
> instead of 5062.
>
> I think this is related somehow to the TCP port reuse logic inside 
> Opensips.  My suspicion is that Opensips is looking at the Contact or 
> Via port number (which is the same for both client 1 and 2) and then 
> somehow mapping this to the wrong TCP received socket.
>
> Does anybody have any suggestions here?  Should I be fixing the NAT in 
> the Contact header (using fix_nated_contact).  I read somewhere that 
> you shouldn't rewrite the Contact header to avoid problems with 
> sending a different Contact URI to the client on calls.  Or is this 
> issue more related to the Via header and the TCP port reuse logic 
> looking at this port instead of the actual received port when choosing 
> the outgoing socket?
>
> FYI: I am using both force_rport() and fix_nated_register() for 
> incoming registrations from these clients and matching_mode of 0 in 
> usrloc.  However, I am not using fix_nated_contact() for registrations.
>
> Thanks,
>
> Ray
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230919/f7dbbdaf/attachment-0001.html>

More information about the Users mailing list