New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v5.0.4: nathelper: force_socket not being honoured #1298
Comments
Can you try setting core parameter:
|
Hi, I just set udp4_raw=0 on all 3 registrars and remove udpping_from_path from the settings, but the same behaviour persists. registrar that processed the request (ping is successfull)
1st registrar replicated to (tries to ping, but wrong interface)
2nd registrar replicated to (tries to ping, but wrong interface)
|
Just thinking about this issue and #1297 a little and I have a question, when the registrar modules has "use_path" enabled, as we do here, is nathelper aware of this? If it is not, then, I'm guessing it will try to resolve the best interface to send over based on the "received" parameter, which, in our case, the OS will tell it to use the interface which has the default gateway, however, if nathelper is aware that we need to use the Path uri as the next hop, then nat helper does not need to decide which interface to use for the recieved parameter, it just needs to decide which interface to use for the destination in the Path uri. Could this be what is happening in #1297? |
Afaik, when sending SIP OPTIONS keepalive, nathelper is always using Path if it is set in the usrloc record. The use_path for registrar is only for lookup("location"). |
Ok, thanks for the clarification, however, if the Path header does exist in the userloc record, why does nathelper need to resolve the best interface to use based on the received parameter? Should it not need to resolve the interface to be used based on the first hop in the Path header as this is where it will be sending to directly, it is the next hop that then needs to decide where best to route the message? |
I think I was taken by this once by surprise as well. Can you try and just put the IP address in the force_socket modparam? Without the port number. See https://github.com/kamailio/kamailio/blob/master/src/modules/nathelper/nathelper.c#L445 |
…_port nathelper: allow port to be specified in force_socket, fixes #1298
…pect_port nathelper: allow port to be specified in force_socket, fixes #1298
Description
The force_socket parameter is not always used when set. If I understand the module documentation correctly, when setting the force_socket parameter, then all nathelper udp traffic will be forced to use this socket definition.
The issue here is a result of another issue first described here in 2015 but is still present in current stable kamailio v5.0.4.
We have 3 registrars running in "memory only" mode, using dmq_usrloc to replicate registrations to the remaining two nodes. On the remaining two nodes there is no socket parameter set for the AOR, but nathelper still wants to ping these AOR's (See issue #1299). It is on these two systems where this issue exhibits itself.
Each registrar has two interfaces, one is our "admin" lan, the other is our "voice" lan. The default route is set on these hosts and is a gateway on our "admin" lan. See issue #1297
When the registrars that are replicated to receive the AOR, they attempt to ping the endpoint (ideally they should not ping them). nathelper seems to think that the best interface to send them over is the "admin" lan even though force_socket is defined.
I would have expected that the message should have been sent via the socket defined in the "force_socket" parameter.
Troubleshooting
Module definitions
registrar
usrloc
nathelper
Kamailio is listening on the same socket that is defined for the "force_socket" parameter above
dmq
dmq_usrloc
Reproduction
Using the above settings register a user and once they are replicated to the registrar that did not service the request, the options pings on the nodes that were replicated to will exhibit this issue.
Example AOR where the registration was serviced (options pings should come from this host, and do, and flow as expected)
example AOR of the above registration on a registrar that was replicated to by dmq/dmq_usrloc, ideally these AOR's should not be pinged at all, but, currently they do, but, in this case, when they do get ping'd, they do not use the socket as defined in the "force_socket" parameter.
Log Messages
There are no apparent error messages in the logs relating to this that I can see.
SIP Traffic
Here you can clearly see that the OPTIONS message is being sent over the "10.6.0.189" interface when the modules "force_socket" parameter is set to "10.7.0.189:5060"
Possible Solutions
A possible work-around is to enable server_id_filtering in the nathelper module which should ensure that nat ping messages will only be sent by the registrar that services the request, as described in #1299.
Additional Information
kamailio -v
The text was updated successfully, but these errors were encountered: