<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Ray,<br>
<br>
The "tcp_accept_aliases" should be harmless if there is no "alias"
param received in the incoming requests. If no such parameter is
pushed by the end-devices, there is 0 impact.<br>
<br>
And indeed, this has a really ugly side effect for the (CG)NAT'd
devices. But let's give it a try, disable this option and try the
testing again, to see if the right conn is selected.<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
<a class="moz-txt-link-freetext" href="https://www.siphub.com">https://www.siphub.com</a></pre>
<div class="moz-cite-prefix">On 9/22/23 5:03 AM, Ray Jackson wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d1ee08b6-5545-1dbb-6423-a8241a07d100@hero.co.nz">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi Bogdan,</p>
<p>Yes, we have the following enabled in our config:<br>
</p>
<p>tcp_accept_aliases=1</p>
<p>I assume this is the culprit then and we are inadvertently
sending calls down the wrong TCP socket here to the wrong user
due to this being enabled? This is quite a nasty setting to
have enabled when we are dealing with CGNAT'd customers who are
sharing public IP addresses but are completely unrelated users!</p>
<p>I will disable this setting and see if that clears up the issue
for us. We have in fact had another case just today of the same
issue happening (User A is receiving User B's incoming calls!)<br>
</p>
<p>Thanks for highlighting this and let me know if there is
anything else I should look at in our config.</p>
<p>Thanks,</p>
Ray<br>
<p>On 19/09/23 9:30 pm, Bogdan-Andrei Iancu wrote:</p>
<blockquote type="cite"
cite="mid:1e279a15-ff97-019a-3e62-55d7eab5009b@opensips.org">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<font face="monospace">Hi Ray,<br>
<br>
Do you use any TCP aliasing options in your cfg ?<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
<a class="moz-txt-link-freetext" href="https://www.siphub.com" moz-do-not-send="true">https://www.siphub.com</a></pre>
<div class="moz-cite-prefix">On 9/2/23 3:17 AM, Ray Jackson
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:864e2852-950a-9cff-f38e-9910e344b417@hero.co.nz">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<p>Hi all,</p>
<p>I'm facing a weird issue which I think is related to broken
TCP socket reuse logic where the wrong client is receiving
incoming calls due to the wrong socket being used for the
incoming INVITE.<br>
</p>
<p>The scenario is when I have 2 clients registering using TLS
behind NAT at the same Public IPv4 address and both clients
are using the same private port number. So client 1
registers and the Via and contact header looks like:<br>
</p>
<p><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">Via: </span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"> SIP/2.0/TLS 192.168.42.162:5062;</span><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">branch=</span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">z9hG4bK1409895926;rport;alias
</span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">
</span><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">Contact: </span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"> <<a class="moz-txt-link-freetext" href="sip:201@192.168.42.162:5062" moz-do-not-send="true">sip:201@192.168.42.162:5062</a>;</span><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">transport=</span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">tls>;</span><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">reg-id=</span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">2;+sip.instance="<a class="moz-txt-link-rfc2396E" href="urn:uuid:00000000-0000-1000-8000-C074AD928AC4" moz-do-not-send="true"><urn:uuid:00000000-0000-1000-8000-C074AD928AC4></a>"</span></p>
<p>Client 2 registers from behind the same Public IPv4 address
and the Via and contact header looks like:</p>
<p><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">Via: </span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"> SIP/2.0/TLS 192.168.42.186:5062;</span><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">branch=</span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">z9hG4bK-aff1f3b3
</span><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">Contact: </span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"> <<a class="moz-txt-link-freetext" href="sip:202@192.168.42.186:5062" moz-do-not-send="true">sip:202@192.168.42.186:5062</a>;</span><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">transport=</span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">tls>;expire</span><span style="box-sizing: border-box; color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; font-weight: bold;">s=</span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">300</span></p>
<p>The location table shows Client 1 received field of
103.212.1.2:5062 and Client 103.212.1.2:23456 <br>
</p>
<p>When a call comes in for Client 1 the location lookup seems
to return the correct 'received' address and port (e.g.
103.212.1.2:5062) and all the logs indicate that this is
where the SIP INVITE *should* be going to (in the $du
field). However when you check the SIP traffic it selects
Client 2's socket and the traffic goes to port 23456 instead
of 5062.</p>
<p>I think this is related somehow to the TCP port reuse logic
inside Opensips. My suspicion is that Opensips is looking
at the Contact or Via port number (which is the same for
both client 1 and 2) and then somehow mapping this to the
wrong TCP received socket.</p>
<p>Does anybody have any suggestions here? Should I be fixing
the NAT in the Contact header (using fix_nated_contact). I
read somewhere that you shouldn't rewrite the Contact header
to avoid problems with sending a different Contact URI to
the client on calls. Or is this issue more related to the
Via header and the TCP port reuse logic looking at this port
instead of the actual received port when choosing the
outgoing socket?</p>
<p>FYI: I am using both force_rport() and fix_nated_register()
for incoming registrations from these clients and
matching_mode of 0 in usrloc. However, I am not using
fix_nated_contact() for registrations.</p>
<p>Thanks,</p>
<p>Ray<br>
</p>
<p><br>
<span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"></span><span style="color: rgb(80, 80, 80); font-family: Roboto, "Helvetica Neue", sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-wrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"></span></p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Users@lists.opensips.org" moz-do-not-send="true">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</blockquote>
</blockquote>
<br>
</body>
</html>