[OpenSIPS-Users] OpenSIPS Not Rewriting SDP Connection IP (c=)
Steven Platt
steven at olli-ai.com
Thu Oct 11 19:30:34 EDT 2018
Pasan,
Thanks for the recommendation. I have updated the UAC test to use the "31"
argument, but get the same result.
I will do more testing with the other arguments and report back.
On Thu, Oct 11, 2018 at 6:04 PM Pasan Meemaduma <pasandev at ymail.com> wrote:
> Hi Steven,
> My understanding is that your nat_uac_test function never return true for
> your outgoing INVITEs due to the value you have used (23). I think you need
> to add 8 as well resulting 31 as the value to nat_uac_test function.
> - if (nat_uac_test("23")) {
> +if (nat_uac_test("31")) {
>
> *8* - SDP is searched for occurrence of RFC1918 / RFC6598 addresses
>
> because by looking at your given INVITE packet sdp section holds the
> private ip which you are not testing, if your nat test success you should
> see following lines in your logs. But atm I don't see them in provided one.
>
> xlog("L_INFO", "contact has been fixed for NAT");
> xlog("L_INFO", "rtpproxy_offer has been executed");
>
> On Thursday, 11 October 2018, 8:57:58 PM GMT+5:30, Steven Platt <
> steven at olli-ai.com> wrote:
>
>
> Hi Pasan,
>
> I'm not sure im understanding correctly on how to check for NAT in the
> relay route.
> I add "if (nat_uac_test("1")) fix_nated_contact();" at the top of the
> relay route, but no luck.
>
> I have added additional log statements as well to check what functions are
> applied.
> The log shows the client flagged for NAT on registration, and again on
> reply_route as you say.
>
> Below I have pasted the log prints and the full route config. Hopefully
> this will give more information. On my test call, the contact field is
> still not updated with the RTP Proxy address. Thanks again for your
> response.
>
> --------------------
>
> Call: Desktop (origination) ---> (Corporate NAT) ---> OPENSIPS --->
> (CARRIER NAT) ---> Android
>
> ROUTE CONFIGURATION
>
> ####### Routing Logic ########
>
> # main request routing logic
>
> route{
> /* see declaration of tid in trace_id section */
> $var(trace_id) = "tid";
> $var(user) = "osip_user at opensips.org";
>
> force_rport();
> if (nat_uac_test("23")) {
> if (is_method("REGISTER")) {
> fix_nated_register();
> setbflag(NAT);
> #sip_trace("$var(trace_id)", "d", "sip|xlog",
> "$var(user)");
> xlog("L_INFO", "registration has been flagged for
> NAT");
> } else {
> fix_nated_contact();
> xlog("L_INFO", "contact has been fixed for NAT");
> setflag(NAT);
> }
> }
>
>
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> }
>
> if (has_totag()) {
> # sequential request withing a dialog should
> # take the path determined by record-routing
>
> if (loose_route()) {
>
> # validate the sequential request against dialog
> if ( $DLG_status!=NULL && !validate_dialog() ) {
> xlog("In-Dialog $rm from $si (callid=$ci)
> is not valid according to dialog\n");
> ## exit;
> }
>
> if (is_method("BYE")) {
> # do accounting even if the transaction
> fails
> do_accounting("db","failed");
>
> } else if (is_method("INVITE")) {
>
> # even if in most of the cases is useless,
> do RR for
> # re-INVITEs alos, as some buggy clients
> do change route set
> # during the dialog.
> rtpproxy_engage();
> xlog("L_INFO", "rtpproxy has been
> engaged");
> record_route();
> }
>
> if (check_route_param("nat=yes"))
> setflag(NAT);
>
> # route it out to whatever destination was set by
> loose_route()
> # in $du (destination URI).
> route(relay);
> xlog("L_INFO", "route has been sent to relay due
> to nat=yes flag");
> } else {
>
> if ( is_method("ACK") ) {
> if ( t_check_trans() ) {
> # non loose-route, but stateful
> ACK; must be an ACK after
> # a 487 or e.g. 404 from upstream
> server
> t_relay();
> exit;
> } else {
> # ACK without matching transaction
> ->
> # ignore and discard
> exit;
> }
> }
> sl_send_reply("404","Not here");
> }
> exit;
> }
>
> # CANCEL processing
> if (is_method("CANCEL"))
> {
> if (t_check_trans())
> t_relay();
> exit;
> }
>
> t_check_trans();
>
> if ( !(is_method("REGISTER") ) ) {
>
> if (from_uri==myself)
>
> {
>
> # authenticate if from local subscriber
> # authenticate all initial non-REGISTER request
> that pretend to be
> # generated by local subscriber (domain from FROM
> URI is local)
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> if (!db_check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
> # caller authenticated
>
> } else {
> # if caller is not local, then called number must
> be local
>
> if (!uri==myself) {
> send_reply("403","Rely forbidden");
> exit;
> }
> }
>
> }
>
> # preloaded route checking
> if (loose_route()) {
> xlog("L_ERR",
> "Attempt to route with preloaded Route's
> [$fu/$tu/$ru/$ci]");
> if (!is_method("ACK"))
> sl_send_reply("403","Preload Route denied");
> exit;
> }
>
> # record routing
> if (!is_method("REGISTER|MESSAGE"))
> record_route();
>
> # account only INVITEs
> if (is_method("INVITE")) {
>
> # create dialog with timeout
> if ( !create_dialog("B") ) {
> send_reply("500","Internal Server Error");
> exit;
> }
>
> do_accounting("db");
>
> }
>
>
> if (!uri==myself) {
> append_hf("P-hint: outbound\r\n");
>
> route(relay);
> }
>
> # requests for my domain
>
> if (is_method("PUBLISH|SUBSCRIBE"))
> {
> sl_send_reply("503", "Service Unavailable");
> exit;
> }
>
> if (is_method("REGISTER"))
> {
>
> # authenticate the REGISTER requests
> if (!www_authorize("", "subscriber"))
> {
> www_challenge("", "0");
> exit;
> }
>
> if (!db_check_to())
> {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> if ( proto==TCP || 0 ) setflag(TCP_PERSISTENT);
>
> if (isflagset(NAT)) {
> setbflag(SIP_PING_FLAG);
> xlog("L_INFO", "SIP_PING_FLAG set");
> }
>
> if (!save("location"))
> sl_reply_error();
>
> exit;
> }
>
> if ($rU==NULL) {
> # request with no Username in RURI
> sl_send_reply("484","Address Incomplete");
> exit;
> }
>
>
> # apply DB based aliases
> alias_db_lookup("dbaliases");
>
>
> # apply transformations from dialplan table
> dp_translate("0","$rU/$rU");
>
>
>
> # do lookup with method filtering
> if (!lookup("location","m")) {
> if (!db_does_uri_exist()) {
> send_reply("420","Bad Extension");
> exit;
> }
>
> t_newtran();
> t_reply("404", "Not Found");
> exit;
> }
>
> if (isbflagset(NAT)) setflag(NAT);
>
> # when routing via usrloc, log the missed calls also
> do_accounting("db","missed");
>
> route(relay);
> }
>
>
> route[relay] {
>
> if (nat_uac_test("1"))
> xlog("L_INFO", "NAT contact fixed on relay route");
> fix_nated_contact();
>
> # for INVITEs enable some additional helper routes
> if (is_method("INVITE")) {
>
> sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");
>
> if ( isflagset(NAT) ) {
> rtpproxy_offer("of", "[OPENSIPS IP]");
> xlog("L_INFO", "rtpproxy_offer has been executed");
> }
>
> t_on_branch("per_branch_ops");
> t_on_reply("handle_nat");
> t_on_failure("missed_call");
> }
>
> if (isflagset(NAT)) {
> add_rr_param(";nat=yes");
> }
>
> if (!t_relay()) {
> send_reply("500","Internal Error");
> };
> exit;
> }
>
>
> branch_route[per_branch_ops] {
> xlog("new branch at $ru\n");
> }
>
>
> onreply_route[handle_nat] {
>
> #sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");
>
> if (nat_uac_test("1"))
> fix_nated_contact();
> if ( isflagset(NAT))
> rtpproxy_answer("of", "[OPENSIPS IP]");
> xlog("L_INFO", "rtpproxy_answer has been executed");
> xlog("incoming reply\n");
> }
>
>
> failure_route[missed_call] {
> if (t_was_cancelled()) {
> exit;
> }
>
> # uncomment the following lines if you want to block client
> # redirect based on 3xx replies.
> ##if (t_check_status("3[0-9][0-9]")) {
> ##t_reply("404","Not found");
> ## exit;
> ##}
>
>
> }
>
>
>
> local_route {
> if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
>
> acc_db_request("200 Dialog Timeout", "acc");
>
> }
> }
>
>
> LOG OUTPUT
>
> Oct 11 15:06:33 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> registration has been flagged for NAT
> Oct 11 15:06:33 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> registration has been flagged for NAT
> Oct 11 15:06:34 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> registration has been flagged for NAT
> Oct 11 15:06:34 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> registration has been flagged for NAT
> Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23681]:
> INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
> Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23681]:
> INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 88
> Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> registration has been flagged for NAT
> Oct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> registration has been flagged for NAT
> Oct 11 15:06:41 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> registration has been flagged for NAT
> Oct 11 15:06:41 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> registration has been flagged for NAT
> Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> new branch at sip:1001@[CORPORATE NAT
> IP]:44876;transport=TCP;rinstance=890c499f01f2952d
> Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> new branch at sip:1001@[CARRIER NAT
> IP]:64261;transport=TCP;rinstance=08e5da8067b3e532
> Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> new branch at sip:1001@[CARRIER NAT
> IP]:42804;transport=TCP;rinstance=e880e7c4509fbf0b
> Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
> Oct 11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
> INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 80
> Oct 11 15:06:48 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> rtpproxy_answer has been executed
> Oct 11 15:06:48 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> incoming reply
> Oct 11 15:06:49 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> rtpproxy_answer has been executed
> Oct 11 15:06:49 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> incoming reply
> Oct 11 15:06:50 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> rtpproxy_answer has been executed
> Oct 11 15:06:50 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> incoming reply
> Oct 11 15:06:51 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> rtpproxy_answer has been executed
> Oct 11 15:06:51 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
> incoming reply
>
> On Wed, Oct 10, 2018 at 4:55 AM Pasan Meemaduma via Users <
> users at lists.opensips.org> wrote:
>
> Hi Steven,
>
> looking at your config it doesn't seems you are testing for nat in your
> main route. only on reply route your have nat_uac_test function called.
> you need to do the same in main route and set the NAT flag otherwise your
> condition "if ( isflagset(NAT) ) {rtpproxy_offer("of", "OPENSIPS IP");}"
> to use rtpproxy won't work. you can verfiy it by adding an xlog statement
> inside that condition. As per the given config it shouldn't print anything
> in log.
>
> On Tuesday, 9 October 2018, 10:55:02 PM GMT+5:30, Steven Platt <
> steven at olli-ai.com> wrote:
>
>
> Good morning,
>
> I have an installation of OpenSIPS 2.3.5, with RTPProxy running on a
> single server.
> RTP Proxy is running as normal, and logs show support for it enabled
> during initial connection leg.
>
> My error is that Opensips does not update the connection IP (c=) of the
> SDP to force media to be proxied with RTPProxy. Instead, it keep the
> endpoint IP, which is behind a NAT, because of this - I have no audio.
>
> Is there something I miss in the configuration to enforce the update of
> the connection IP in the SDP? (so that media goes through opensips/rtpproxy)
>
> ----------------------------
>
> My flow:
>
> desktop client (zoiper) <--> corporate NAT <--> OPENSIPS <--> carrier NAT
> <--> android (zoiper)
>
> *Invite SDP Sent from Desktop Zoiper Client: *
>
> Via: SIP/2.0/TCP [CORPORATE
> NAT]:59401;branch=z9hG4bK-524287-1---fecce2d50d9d5c20;rport
> Max-Forwards: 70
> Contact: <sip:1000@[CORPORATE NAT]:59401;transport=TCP>
> To: <sip:1001@[OPENSIPS]:5060;transport=TCP>
> From: <sip:1000@[OPENSIPS]:5060;transport=TCP>;tag=b27a0843
> Call-ID: QMoyxf6JGTFYvxS5X8NsnA..
> CSeq: 2 INVITE
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO,
> SUBSCRIBE
> Content-Type: application/sdp
> Proxy-Authorization: Digest username="1000",realm="[OPENSIPS
> IP]",nonce="5bbcdde1000000172b9f0086711cd36194c50f208fa420de",uri="sip:1001@[OPENSIPS
> IP]:5060;transport=TCP",response="a609cb9d82930d2d32668d8d51d64cb4",algorithm=MD5
> User-Agent: Z 5.2.19 rv2.8.99
> Allow-Events: presence, kpml, talk
> Content-Length: 161
>
> v=0
> o=Z 0 0 IN IP4 [DESKTOP IP]
> s=Z
> c=IN IP4 [DESKTOP IP]
> t=0 0
> m=audio 8000 RTP/AVP 0 101 8
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=sendrecv
>
> *The 200OK sent by Opensips to the calling device: *
>
> Via: SIP/2.0/TCP [CORPORATE NAT] :59401;received=[CARRIER
> IP];branch=z9hG4bK-524287-1---fecce2d50d9d5c20;rport=59401
> Record-Route: <sip:[OPENSIPS IP];transport=tcp;lr;did=081.1ad6d9>
> Contact: <sip:1001@[CORPORATE NAT]:50758;transport=TCP>
> To: <sip:1001@[OPENSIPS IP]:5060;transport=TCP>;tag=07be6967
> From: <sip:1000@[OPENSIPS IP]:5060;transport=TCP>;tag=b27a0843
> Call-ID: QMoyxf6JGTFYvxS5X8NsnA..
> CSeq: 2 INVITE
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO,
> SUBSCRIBE
> Content-Type: application/sdp
> User-Agent: Zoiper rv2.8.105
> Allow-Events: presence, kpml, talk
> Content-Length: 245
>
> v=0
> o=Zoiper 0 1 IN IP4 [ANDROID IP]
> s=Zoiper
> c=IN IP4 [ANDROID IP]
> t=0 0
> m=audio 42032 RTP/AVP 0 3 8 101
> a=rtpmap:0 PCMU/8000
> a=rtpmap:3 GSM/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=sendrecv
>
> ---------------------------------------------------
>
> *OpenSIPS Config*
>
>
> *route[relay]* {
> if (is_method("INVITE")) {
>
> if ( isflagset(NAT) ) {
> rtpproxy_offer("of", "OPENSIPS IP");
> }
>
> t_on_branch("per_branch_ops");
> t_on_reply("handle_nat");
> t_on_failure("missed_call");
> }
>
> if (isflagset(NAT)) {
> add_rr_param(";nat=yes");
> }
>
> if (!t_relay()) {
> send_reply("500","Internal Error");
> };
> exit;
> }
>
>
> *onreply_route[handle_nat]* {
>
> if (nat_uac_test("1"))
> fix_nated_contact();
> if ( isflagset(NAT) )
> rtpproxy_answer("of", "OPENSIPS IP");
> xlog("incoming reply\n");
> }
>
> ----------------------------------------------
>
> I also do not see the (";nat=yes") being added in the SDP.
> Do I understand correct that the script is not catching this call and
> flagging it correct as NAT?
>
> At this time, all signaling works as normal - only media is not being
> pinned to the opensips IP in the 200 OK response.
>
> Thanks in advance for any guidance on this one.
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20181012/94e2ec45/attachment-0001.html>
More information about the Users
mailing list