[OpenSIPS-Users] udp send fail randomly

Govindaraj, Rajesh Rajesh.Govindaraj at ipc.com
Mon May 7 11:56:02 EDT 2018


Hi Pasan,

Thanks for this. I ran this command and found that we have quite a few entries for 5060.

So you suggest the notrack rules to be added in the firewall, correct?

Any thoughts on the security or other issues due to adding notrack rule.

Thanks,

From: Pasan Meemaduma [mailto:pasandev at ymail.com]
Sent: Monday, May 07, 2018 9:55 AM
To: Govindaraj, Rajesh <Rajesh.Govindaraj at ipc.com>
Subject: Re: RE: RE: RE: Re: [OpenSIPS-Users] udp send fail randomly

I don't think its specific to sip. You can check active ones in cat /proc/net/nf_conntrack

to turn off you can do following,
*raw
:PREROUTING ACCEPT [0:0]
-A PREROUTING -j CT --notrack -m udp -p udp --sport 5060
-A PREROUTING -j CT --notrack -m udp -p udp --dport 5060
:OUTPUT ACCEPT [0:0]
-A OUTPUT -j CT --notrack -m udp -p udp --sport 5060
-A OUTPUT -j CT --notrack -m udp -p udp --dport 5060
COMMIT



On Monday, 7 May 2018, 6:59:53 PM GMT+5:30, Govindaraj, Rajesh <Rajesh.Govindaraj at ipc.com<mailto:Rajesh.Govindaraj at ipc.com>> wrote:



Hi Pasan,



Do you know the exact module name of connection tracking? Is it nf_ct_sip?



Also how to you check if this is loaded in the system lsmod?



Thanks,



From: Pasan Meemaduma [mailto:pasandev at ymail.com]
Sent: Sunday, May 06, 2018 3:05 PM
To: users at lists.opensips.org<mailto:users at lists.opensips.org>; Govindaraj, Rajesh <Rajesh.Govindaraj at ipc.com<mailto:Rajesh.Govindaraj at ipc.com>>
Subject: Re: RE: RE: Re: [OpenSIPS-Users] udp send fail randomly



Hi Rajesh,

I was referring to the opensips.cfg code snippet that involve in this error. For me still appears iptables blocking the outgoing connection. did you check the ct setting that i asked you  ?





On Sunday, 6 May 2018, 5:31:03 PM GMT+5:30, Govindaraj, Rajesh <Rajesh.Govindaraj at ipc.com<mailto:Rajesh.Govindaraj at ipc.com>> wrote:





Hi Pasan,



Here is the log snippet as requested. Thanks for sparing time.



2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:comp_scriptvar: str 20 : APACCITISGAP633.apac.nsroot.net

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:comp_scriptvar: str 29 : 169.178.164.139

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:pv_printf: final buffer length 42

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: Not Self URI, Routing the Outbound request

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:mk_proxy: doing DNS lookup...

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:sip_resolvehost: no port, no proto -> do NAPTR lookup!

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:get_record: lookup(APACCITISGAP633.apac.nsroot.net, 35) failed

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:sip_resolvehost: no valid NAPTR record found for APACCITISGAP633.apac.nsroot.net, trying direct SRV lookup...

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7556]: DBG:core:get_record: lookup(APACCITISGAP633.apac.nsroot.net, 35) failed

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7556]: DBG:core:sip_resolvehost: no valid NAPTR record found for APACCITISGAP633.apac.nsroot.net, trying direct SRV lookup...

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:get_record: lookup(APACCITISGAP633.apac.nsroot.net, 35) failed

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:sip_resolvehost: no valid NAPTR record found for APACCITISGAP633.apac.nsroot.net, trying direct SRV lookup...

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:get_record: lookup(_sip._udp.APACCITISGAP633.apac.nsroot.net, 33) failed

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:sip_resolvehost: no valid SRV record found for _sip._udp.APACCITISGAP633.apac.nsroot.net, trying A record lookup...

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:get_record: lookup(_sip._udp.APACCITISGAP633.apac.nsroot.net, 33) failed

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:sip_resolvehost: no valid SRV record found for _sip._udp.APACCITISGAP633.apac.nsroot.net, trying A record lookup...

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:check_ip_address: params 169.178.164.139, 169.178.164.139, 0

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:check_ip_address: params 169.178.164.139, 169.178.164.139, 0

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:forward_request: sending:

UPDATE sip:Capture at APACCITISGAP633.apac.nsroot.net SIP/2.0^M

To: <sip:Capture at APACCITISGAP633.apac.nsroot.net>;tag=70d57330-0-13c4-55015-128fe2-1a5f9bbc-128fe2^M

Min-SE: 1800^M

Via: SIP/2.0/UDP 169.178.164.139:5060;branch=z9hG4bKc6fef69f4ed2fb3bd0e91281d5c4020f^M

Via: SIP/2.0/UDP 169.178.164.139:5059;wlsscid=6aa6b97cdedafbd6;branch=z9hG4bKc6fef69f4ed2fb3bd0e91281d5c4020f;wlsssid=sip-1rzjxdsgbytf2^M

CSeq: 409 UPDATE^M

Content-Length: 0^M

Supported: timer^M

Call-ID: 6b628520-0-13c4-55015-128fe2-191db136-128fe2^M

Max-Forwards: 69^M

From: <sip:6566579864 at 169.178.164.139>;tag=dfe3def8^M

Contact: <sip:wlssuser at 169.178.164.139:5059;transport=udp;wlsscid=6aa6b97cdedafbd6;sipappsessionid=app-24d5358i5l6w>^M

Session-Expires: 1800;refresher=uac^M

^M

.

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:forward_request: sending:

UPDATE sip:Capture at APACCITISGAP633.apac.nsroot.net SIP/2.0^M

To: <sip:Capture at APACCITISGAP633.apac.nsroot.net>;tag=70d59118-0-13c4-55015-128fed-2a2859d4-128fed^M

Min-SE: 1800^M

Via: SIP/2.0/UDP 169.178.164.139:5060;branch=z9hG4bK150dc9d5e66cf821aa76beaef7018c02^M

Via: SIP/2.0/UDP 169.178.164.139:5059;wlsscid=6aa6b97cdedafbd6;branch=z9hG4bK150dc9d5e66cf821aa76beaef7018c02;wlsssid=sip-nvozupkkym7b^M

CSeq: 409 UPDATE^M

Content-Length: 0^M

Supported: timer^M

Call-ID: 6b6291e0-0-13c4-55015-128fed-612714d6-128fed^M

Max-Forwards: 69^M

From: <sip:6566579820 at 169.178.164.139>;tag=3a0cd8d6^M

Contact: <sip:wlssuser at 169.178.164.139:5059;transport=udp;wlsscid=6aa6b97cdedafbd6;sipappsessionid=app-6yjtry48v61h>^M

Session-Expires: 1800;refresher=uac^M

^M

.

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:forward_request: orig. len=682, new_len=735, proto=1

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:forward_request: orig. len=681, new_len=734, proto=1

2018-05-03T14:20:02.000+08:00 [local2] [err] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: ERROR:core:udp_send: sendto(sock,0x7f3d6312d058,735,0,0x7ffdc8e38770,16): Operation not permitted(1)

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:destroy_avp_list: destroying list (nil)

2018-05-03T14:20:02.000+08:00 [local2] [err] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: ERROR:core:msg_send: udp_send failed

2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:receive_msg: cleaning up



From: Pasan Meemaduma [mailto:pasandev at ymail.com]
Sent: Sunday, May 06, 2018 4:55 AM
To: users at lists.opensips.org<mailto:users at lists.opensips.org>; Govindaraj, Rajesh <Rajesh.Govindaraj at ipc.com<mailto:Rajesh.Govindaraj at ipc.com>>
Subject: Re: RE: Re: [OpenSIPS-Users] udp send fail randomly



Is this simultaneous sending the cause for the issue? Just thinking aloud. It is happening at only one installation and never in lab systems, which makes me think if it is a timing issue.


I don't think it'll be a problem,but I can give more clues if u share the snippet involve with this error.





Yes, connection tracking to be turned off. if ct is on and you running out of simulatneous connection counters for some reason, It could be the issue.



DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail. E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20180507/9eb164f5/attachment-0001.html>


More information about the Users mailing list