[OpenSIPS-Users] OpenSIPS Not Rewriting SDP Connection IP (c=)

Steven Platt steven at olli-ai.com
Thu Oct 11 11:27:43 EDT 2018


Hi Pasan,

I'm not sure im understanding correctly on how to check for NAT in the
relay route.
I add "if (nat_uac_test("1"))   fix_nated_contact();" at the top of the
relay route, but no luck.

I have added additional log statements as well to check what functions are
applied.
The log shows the client flagged for NAT on registration, and again on
reply_route as you say.

Below I have pasted the log prints and the full route config. Hopefully
this will give more information. On my test call, the contact field is
still not updated with the RTP Proxy address. Thanks again for your
response.

--------------------

Call: Desktop (origination) ---> (Corporate NAT) ---> OPENSIPS --->
(CARRIER NAT) ---> Android

ROUTE CONFIGURATION

####### Routing Logic ########

# main request routing logic

route{
    /* see declaration of tid in trace_id section */
    $var(trace_id) = "tid";
    $var(user) = "osip_user at opensips.org";

        force_rport();
        if (nat_uac_test("23")) {
                if (is_method("REGISTER")) {
                        fix_nated_register();
                        setbflag(NAT);
                        #sip_trace("$var(trace_id)", "d", "sip|xlog",
"$var(user)");
                        xlog("L_INFO", "registration has been flagged for
NAT");
                } else {
                        fix_nated_contact();
                        xlog("L_INFO", "contact has been fixed for NAT");
                        setflag(NAT);
                }
        }


        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                exit;
        }

        if (has_totag()) {
                # sequential request withing a dialog should
                # take the path determined by record-routing

                if (loose_route()) {

                        # validate the sequential request against dialog
                        if ( $DLG_status!=NULL && !validate_dialog() ) {
                                xlog("In-Dialog $rm from $si (callid=$ci)
is not valid according to dialog\n");
                                ## exit;
                        }

                        if (is_method("BYE")) {
                                # do accounting even if the transaction
fails
                                do_accounting("db","failed");

                        } else if (is_method("INVITE")) {

                                # even if in most of the cases is useless,
do RR for
                                # re-INVITEs alos, as some buggy clients do
change route set
                                # during the dialog.
                                rtpproxy_engage();
                                xlog("L_INFO", "rtpproxy has been engaged");
                                record_route();
                        }

                        if (check_route_param("nat=yes"))
                                setflag(NAT);

                        # route it out to whatever destination was set by
loose_route()
                        # in $du (destination URI).
                        route(relay);
                        xlog("L_INFO", "route has been sent to relay due to
nat=yes flag");
                } else {

                        if ( is_method("ACK") ) {
                                if ( t_check_trans() ) {
                                        # non loose-route, but stateful
ACK; must be an ACK after
                                        # a 487 or e.g. 404 from upstream
server
                                        t_relay();
                                        exit;
                                } else {
                                        # ACK without matching transaction
->
                                        # ignore and discard
                                        exit;
                                }
                        }
                        sl_send_reply("404","Not here");
                }
                exit;
        }

        # CANCEL processing
        if (is_method("CANCEL"))
        {
                if (t_check_trans())
                        t_relay();
                exit;
        }

        t_check_trans();

        if ( !(is_method("REGISTER")  ) ) {

                if (from_uri==myself)

                {

                        # authenticate if from local subscriber
                        # authenticate all initial non-REGISTER request
that pretend to be
                        # generated by local subscriber (domain from FROM
URI is local)
                        if (!proxy_authorize("", "subscriber")) {
                                proxy_challenge("", "0");
                                exit;
                        }
                        if (!db_check_from()) {
                                sl_send_reply("403","Forbidden auth ID");
                                exit;
                        }

                        consume_credentials();
                        # caller authenticated

                } else {
                        # if caller is not local, then called number must
be local

                        if (!uri==myself) {
                                send_reply("403","Rely forbidden");
                                exit;
                        }
                }

        }

        # preloaded route checking
        if (loose_route()) {
                xlog("L_ERR",
                "Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]");
                if (!is_method("ACK"))
                        sl_send_reply("403","Preload Route denied");
                exit;
        }

        # record routing
        if (!is_method("REGISTER|MESSAGE"))
                record_route();

        # account only INVITEs
        if (is_method("INVITE")) {

                # create dialog with timeout
                if ( !create_dialog("B") ) {
                        send_reply("500","Internal Server Error");
                        exit;
                }

                do_accounting("db");

        }


        if (!uri==myself) {
                append_hf("P-hint: outbound\r\n");

                route(relay);
        }

        # requests for my domain

        if (is_method("PUBLISH|SUBSCRIBE"))
        {
                sl_send_reply("503", "Service Unavailable");
                exit;
        }

        if (is_method("REGISTER"))
        {

                # authenticate the REGISTER requests
                if (!www_authorize("", "subscriber"))
                {
                        www_challenge("", "0");
                        exit;
                }

                if (!db_check_to())
                {
                        sl_send_reply("403","Forbidden auth ID");
                        exit;
                }

                if ( proto==TCP ||  0 ) setflag(TCP_PERSISTENT);

                if (isflagset(NAT)) {
                        setbflag(SIP_PING_FLAG);
                        xlog("L_INFO", "SIP_PING_FLAG set");
                }

                if (!save("location"))
                        sl_reply_error();

                exit;
        }

        if ($rU==NULL) {
                # request with no Username in RURI
                sl_send_reply("484","Address Incomplete");
                exit;
        }


        # apply DB based aliases
        alias_db_lookup("dbaliases");


        # apply transformations from dialplan table
        dp_translate("0","$rU/$rU");



        # do lookup with method filtering
        if (!lookup("location","m")) {
                if (!db_does_uri_exist()) {
                        send_reply("420","Bad Extension");
                        exit;
                }

                t_newtran();
                t_reply("404", "Not Found");
                exit;
        }

        if (isbflagset(NAT)) setflag(NAT);

        # when routing via usrloc, log the missed calls also
        do_accounting("db","missed");

        route(relay);
}


route[relay] {

        if (nat_uac_test("1"))
                xlog("L_INFO", "NAT contact fixed on relay route");
                fix_nated_contact();

        # for INVITEs enable some additional helper routes
        if (is_method("INVITE")) {

        sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");

                if ( isflagset(NAT) ) {
                        rtpproxy_offer("of", "[OPENSIPS IP]");
                        xlog("L_INFO", "rtpproxy_offer has been executed");
                }

                t_on_branch("per_branch_ops");
                t_on_reply("handle_nat");
                t_on_failure("missed_call");
        }

        if (isflagset(NAT)) {
                add_rr_param(";nat=yes");
                }

        if (!t_relay()) {
                send_reply("500","Internal Error");
        };
        exit;
}


branch_route[per_branch_ops] {
        xlog("new branch at $ru\n");
}


onreply_route[handle_nat] {

   #sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");

        if (nat_uac_test("1"))
                fix_nated_contact();
        if ( isflagset(NAT))
                rtpproxy_answer("of", "[OPENSIPS IP]");
                xlog("L_INFO", "rtpproxy_answer has been executed");
        xlog("incoming reply\n");
}


failure_route[missed_call] {
        if (t_was_cancelled()) {
                exit;
        }

        # uncomment the following lines if you want to block client
        # redirect based on 3xx replies.
        ##if (t_check_status("3[0-9][0-9]")) {
        ##t_reply("404","Not found");
        ##      exit;
        ##}


}



local_route {
        if (is_method("BYE") && $DLG_dir=="UPSTREAM") {

                acc_db_request("200 Dialog Timeout", "acc");

        }
}


LOG OUTPUT

Oct 11 15:06:33 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
registration has been flagged for NAT
Oct 11 15:06:33 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
registration has been flagged for NAT
Oct 11 15:06:34 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
registration has been flagged for NAT
Oct 11 15:06:34 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
registration has been flagged for NAT
Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23681]:
INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23681]:
INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 88
Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
registration has been flagged for NAT
Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
registration has been flagged for NAT
Oct 11 15:06:41 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
registration has been flagged for NAT
Oct 11 15:06:41 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
registration has been flagged for NAT
Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
new branch at sip:1001@[CORPORATE NAT
IP]:44876;transport=TCP;rinstance=890c499f01f2952d
Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
new branch at sip:1001@[CARRIER NAT
IP]:64261;transport=TCP;rinstance=08e5da8067b3e532
Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
new branch at sip:1001@[CARRIER NAT
IP]:42804;transport=TCP;rinstance=e880e7c4509fbf0b
Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 80
Oct 11 15:06:48 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
rtpproxy_answer has been executed
Oct 11 15:06:48 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
incoming reply
Oct 11 15:06:49 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
rtpproxy_answer has been executed
Oct 11 15:06:49 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
incoming reply
Oct 11 15:06:50 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
rtpproxy_answer has been executed
Oct 11 15:06:50 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
incoming reply
Oct 11 15:06:51 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
rtpproxy_answer has been executed
Oct 11 15:06:51 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
incoming reply

On Wed, Oct 10, 2018 at 4:55 AM Pasan Meemaduma via Users <
users at lists.opensips.org> wrote:

> Hi Steven,
>
> looking at your config it doesn't seems you are testing for nat in your
> main route. only on reply route your have nat_uac_test function called.
> you need to do the same in main route and set the NAT flag otherwise your
> condition "if ( isflagset(NAT) ) {rtpproxy_offer("of", "OPENSIPS IP");}"
> to use rtpproxy won't work. you can verfiy it by adding an xlog statement
> inside that condition. As per the given config it shouldn't print anything
> in log.
>
> On Tuesday, 9 October 2018, 10:55:02 PM GMT+5:30, Steven Platt <
> steven at olli-ai.com> wrote:
>
>
> Good morning,
>
> I have an installation of OpenSIPS 2.3.5, with RTPProxy running on a
> single server.
> RTP Proxy is running as normal, and logs show support for it enabled
> during initial connection leg.
>
> My error is that Opensips does not update the connection IP (c=) of the
> SDP to force media to be proxied with RTPProxy. Instead, it keep the
> endpoint IP, which is behind a NAT, because of this - I have no audio.
>
> Is there something I miss in the configuration to enforce the update of
> the connection IP in the SDP? (so that media goes through opensips/rtpproxy)
>
> ----------------------------
>
> My flow:
>
> desktop client (zoiper) <--> corporate NAT <--> OPENSIPS <--> carrier NAT
> <--> android (zoiper)
>
> *Invite SDP Sent from Desktop Zoiper Client: *
>
> Via: SIP/2.0/TCP [CORPORATE
> NAT]:59401;branch=z9hG4bK-524287-1---fecce2d50d9d5c20;rport
> Max-Forwards: 70
> Contact: <sip:1000@[CORPORATE NAT]:59401;transport=TCP>
> To: <sip:1001@[OPENSIPS]:5060;transport=TCP>
> From: <sip:1000@[OPENSIPS]:5060;transport=TCP>;tag=b27a0843
> Call-ID: QMoyxf6JGTFYvxS5X8NsnA..
> CSeq: 2 INVITE
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO,
> SUBSCRIBE
> Content-Type: application/sdp
> Proxy-Authorization: Digest username="1000",realm="[OPENSIPS
> IP]",nonce="5bbcdde1000000172b9f0086711cd36194c50f208fa420de",uri="sip:1001@[OPENSIPS
> IP]:5060;transport=TCP",response="a609cb9d82930d2d32668d8d51d64cb4",algorithm=MD5
> User-Agent: Z 5.2.19 rv2.8.99
> Allow-Events: presence, kpml, talk
> Content-Length: 161
>
> v=0
> o=Z 0 0 IN IP4 [DESKTOP IP]
> s=Z
> c=IN IP4 [DESKTOP IP]
> t=0 0
> m=audio 8000 RTP/AVP 0 101 8
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=sendrecv
>
> *The 200OK sent by Opensips to the calling device: *
>
> Via: SIP/2.0/TCP [CORPORATE NAT] :59401;received=[CARRIER
> IP];branch=z9hG4bK-524287-1---fecce2d50d9d5c20;rport=59401
> Record-Route: <sip:[OPENSIPS IP];transport=tcp;lr;did=081.1ad6d9>
> Contact: <sip:1001@[CORPORATE NAT]:50758;transport=TCP>
> To: <sip:1001@[OPENSIPS IP]:5060;transport=TCP>;tag=07be6967
> From: <sip:1000@[OPENSIPS IP]:5060;transport=TCP>;tag=b27a0843
> Call-ID: QMoyxf6JGTFYvxS5X8NsnA..
> CSeq: 2 INVITE
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO,
> SUBSCRIBE
> Content-Type: application/sdp
> User-Agent: Zoiper rv2.8.105
> Allow-Events: presence, kpml, talk
> Content-Length: 245
>
> v=0
> o=Zoiper 0 1 IN IP4 [ANDROID IP]
> s=Zoiper
> c=IN IP4 [ANDROID IP]
> t=0 0
> m=audio 42032 RTP/AVP 0 3 8 101
> a=rtpmap:0 PCMU/8000
> a=rtpmap:3 GSM/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=sendrecv
>
> ---------------------------------------------------
>
> *OpenSIPS Config*
>
>
> *route[relay]* {
>         if (is_method("INVITE")) {
>
>                 if ( isflagset(NAT) ) {
>                         rtpproxy_offer("of", "OPENSIPS IP");
>                 }
>
>                 t_on_branch("per_branch_ops");
>                 t_on_reply("handle_nat");
>                 t_on_failure("missed_call");
>         }
>
>         if (isflagset(NAT)) {
>                 add_rr_param(";nat=yes");
>                 }
>
>         if (!t_relay()) {
>                 send_reply("500","Internal Error");
>         };
>         exit;
> }
>
>
> *onreply_route[handle_nat]* {
>
>         if (nat_uac_test("1"))
>                 fix_nated_contact();
>         if ( isflagset(NAT) )
>                 rtpproxy_answer("of", "OPENSIPS IP");
>         xlog("incoming reply\n");
> }
>
> ----------------------------------------------
>
> I also do not see the (";nat=yes") being added in the SDP.
> Do I understand correct that the script is not catching this call and
> flagging it correct as NAT?
>
> At this time, all signaling works as normal - only media is not being
> pinned to the opensips IP in the 200 OK response.
>
> Thanks in advance for any guidance on this one.
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20181011/3a20a919/attachment-0001.html>


More information about the Users mailing list