Topology Hiding - ACK not going through

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Topology Hiding - ACK not going through

OpenSIPS - Users mailing list
Hi,

I'm having some problems when using topology hiding. In my scenario an INVITE comes in to the opensips (SBC) instance from another opensips instance (Proxy). It is routed to a callee which eventually answers with a 200OK. The 200 OK is routed through the SBC to the Proxy which answers back with an ACK. This ACK is absorbed by the SBC which (by looking at the logs) attempts to send this ACK to the private IP of the callee instead of the the NAT IP which was originally used for the incoming INVITE.

From the logs I see that right before I attempt to do 'topology_hiding_match()' the 'ruri=public_IP' and after the method is called the ruri switches to 'ruri=private_IP'.

Attached is a trace. Below is a partial opensips.cfg file I am using with opensips 2.1:


# ----- NATHELPER -----
loadmodule "nathelper.so"
modparam("nathelper", "received_avp", "$avp(42)")

# ----- DIALOG -----
loadmodule "dialog.so"
modparam("dialog", "db_mode", 0)
modparam("dialog", "dlg_match_mode", 1)
modparam("dialog", "profiles_no_value", "inboundcalls")


# ----- TOPOLOGY_HIDING -----
loadmodule "topology_hiding.so"
modparam("topology_hiding", "force_dialog", 1)
modparam("topology_hiding", "th_callid_passwd", "*********")
modparam("topology_hiding", "th_contact_encode_passwd", "*****")
modparam("topology_hiding", "th_callid_prefix", "****")

route {
  route(nat_checks);
  route(topology_check);
  .
  .
  .

  create_dialog();

  record_route();

  if (!has_totag() && is_method("INVITE")) {
    topology_hiding("U");
  }

  .
  .
  .
}


route[topology_check] {

  force_rport();
  xlog("L_INFO", "[REQUEST $ci] current  ruri: $ruri");
  if (has_totag()) {
    if (topology_hiding_match()) {
        xlog("L_INFO", "[REQUEST $ci] $rm topology_check successful match reinvite TH_callee_callid: $TH_callee_callid ruri: $ruri");
        route(relay);
    } else {
      xlog("L_INFO", "[REQUEST $ci] $rm topology_check Did not match this request to a topology hiding dialog.");
      if ( is_method("ACK") ) {
        if ( t_check_trans() ) {
          xlog("L_INFO", "[REQUEST $ci] $rm within a transaction relaying");
          route(relay);
        } else {
          xlog("L_INFO", "[REQUEST $ci] $rm not within a transaction exiting");
          exit;
        }
      }
      xlog("L_INFO", "[REQUEST $ci] $rm sending 404 Not Found");
      send_reply("404","Not Found");
      exit;
    }
  }

}

route[nat_checks] {

  if (nat_uac_test("1")) {
    xlog("L_INFO", "[REQUEST $ci] $rm fix_nated_contact()");
    fix_nated_contact();
  }
}
.
.
.

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

cap.pcap.zip (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Topology Hiding - ACK not going through

Razvan Crainea-3
Hi, Royee!

Can you make sure that fix_nated_contact() is called before create_dialog()?
Also, if you run through MI the dlg_list_ctx command, what is the contact header stored in the dialog?

Best regards,
Răzvan
Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com
On 06/06/2017 11:02 AM, Royee Tichauer via Users wrote:
Hi,

I'm having some problems when using topology hiding. In my scenario an INVITE comes in to the opensips (SBC) instance from another opensips instance (Proxy). It is routed to a callee which eventually answers with a 200OK. The 200 OK is routed through the SBC to the Proxy which answers back with an ACK. This ACK is absorbed by the SBC which (by looking at the logs) attempts to send this ACK to the private IP of the callee instead of the the NAT IP which was originally used for the incoming INVITE.

From the logs I see that right before I attempt to do 'topology_hiding_match()' the 'ruri=public_IP' and after the method is called the ruri switches to 'ruri=private_IP'.

Attached is a trace. Below is a partial opensips.cfg file I am using with opensips 2.1:


# ----- NATHELPER -----
loadmodule "nathelper.so"
modparam("nathelper", "received_avp", "$avp(42)")

# ----- DIALOG -----
loadmodule "dialog.so"
modparam("dialog", "db_mode", 0)
modparam("dialog", "dlg_match_mode", 1)
modparam("dialog", "profiles_no_value", "inboundcalls")


# ----- TOPOLOGY_HIDING -----
loadmodule "topology_hiding.so"
modparam("topology_hiding", "force_dialog", 1)
modparam("topology_hiding", "th_callid_passwd", "*********")
modparam("topology_hiding", "th_contact_encode_passwd", "*****")
modparam("topology_hiding", "th_callid_prefix", "****")

route {
  route(nat_checks);
  route(topology_check);
  .
  .
  .

  create_dialog();

  record_route();

  if (!has_totag() && is_method("INVITE")) {
    topology_hiding("U");
  }

  .
  .
  .
}


route[topology_check] {

  force_rport();
  xlog("L_INFO", "[REQUEST $ci] current  ruri: $ruri");
  if (has_totag()) {
    if (topology_hiding_match()) {
        xlog("L_INFO", "[REQUEST $ci] $rm topology_check successful match reinvite TH_callee_callid: $TH_callee_callid ruri: $ruri");
        route(relay);
    } else {
      xlog("L_INFO", "[REQUEST $ci] $rm topology_check Did not match this request to a topology hiding dialog.");
      if ( is_method("ACK") ) {
        if ( t_check_trans() ) {
          xlog("L_INFO", "[REQUEST $ci] $rm within a transaction relaying");
          route(relay);
        } else {
          xlog("L_INFO", "[REQUEST $ci] $rm not within a transaction exiting");
          exit;
        }
      }
      xlog("L_INFO", "[REQUEST $ci] $rm sending 404 Not Found");
      send_reply("404","Not Found");
      exit;
    }
  }

}

route[nat_checks] {

  if (nat_uac_test("1")) {
    xlog("L_INFO", "[REQUEST $ci] $rm fix_nated_contact()");
    fix_nated_contact();
  }
}
.
.
.


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Topology Hiding - ACK not going through

OpenSIPS - Users mailing list
Razvan,

Thanks for the help! 

fix_nated_contact is called before create_dialog as you can also see from the configuration file I added in the previous email.

When using the MI command I see:

callee_contact:: sip:USERNAME@PRIVATE_IP:PORT;transport=TCP

So it seems like the dialog is created with a private IP. Any suggestions?

Thanks,

Royee




On Tue, Jun 6, 2017 at 11:06 AM Răzvan Crainea <[hidden email]> wrote:
Hi, Royee!

Can you make sure that fix_nated_contact() is called before create_dialog()?
Also, if you run through MI the dlg_list_ctx command, what is the contact header stored in the dialog?

Best regards,
Răzvan
Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com
On 06/06/2017 11:02 AM, Royee Tichauer via Users wrote:
Hi,

I'm having some problems when using topology hiding. In my scenario an INVITE comes in to the opensips (SBC) instance from another opensips instance (Proxy). It is routed to a callee which eventually answers with a 200OK. The 200 OK is routed through the SBC to the Proxy which answers back with an ACK. This ACK is absorbed by the SBC which (by looking at the logs) attempts to send this ACK to the private IP of the callee instead of the the NAT IP which was originally used for the incoming INVITE.

From the logs I see that right before I attempt to do 'topology_hiding_match()' the 'ruri=public_IP' and after the method is called the ruri switches to 'ruri=private_IP'.

Attached is a trace. Below is a partial opensips.cfg file I am using with opensips 2.1:


# ----- NATHELPER -----
loadmodule "nathelper.so"
modparam("nathelper", "received_avp", "$avp(42)")

# ----- DIALOG -----
loadmodule "dialog.so"
modparam("dialog", "db_mode", 0)
modparam("dialog", "dlg_match_mode", 1)
modparam("dialog", "profiles_no_value", "inboundcalls")


# ----- TOPOLOGY_HIDING -----
loadmodule "topology_hiding.so"
modparam("topology_hiding", "force_dialog", 1)
modparam("topology_hiding", "th_callid_passwd", "*********")
modparam("topology_hiding", "th_contact_encode_passwd", "*****")
modparam("topology_hiding", "th_callid_prefix", "****")

route {
  route(nat_checks);
  route(topology_check);
  .
  .
  .

  create_dialog();

  record_route();

  if (!has_totag() && is_method("INVITE")) {
    topology_hiding("U");
  }

  .
  .
  .
}


route[topology_check] {

  force_rport();
  xlog("L_INFO", "[REQUEST $ci] current  ruri: $ruri");
  if (has_totag()) {
    if (topology_hiding_match()) {
        xlog("L_INFO", "[REQUEST $ci] $rm topology_check successful match reinvite TH_callee_callid: $TH_callee_callid ruri: $ruri");
        route(relay);
    } else {
      xlog("L_INFO", "[REQUEST $ci] $rm topology_check Did not match this request to a topology hiding dialog.");
      if ( is_method("ACK") ) {
        if ( t_check_trans() ) {
          xlog("L_INFO", "[REQUEST $ci] $rm within a transaction relaying");
          route(relay);
        } else {
          xlog("L_INFO", "[REQUEST $ci] $rm not within a transaction exiting");
          exit;
        }
      }
      xlog("L_INFO", "[REQUEST $ci] $rm sending 404 Not Found");
      send_reply("404","Not Found");
      exit;
    }
  }

}

route[nat_checks] {

  if (nat_uac_test("1")) {
    xlog("L_INFO", "[REQUEST $ci] $rm fix_nated_contact()");
    fix_nated_contact();
  }
}
.
.
.


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Topology Hiding - ACK not going through

Razvan Crainea-3
Hi, Royee!

Can you turn on debugging for this call and send the logs (in private if privacy is an issue)?
My assumption is that the dialog is created before fix_nated_contact() is called, perhaps due to a siptrace() call or something, and the wrong contact ends up in the dialog. Or perhaps fix_nated_contact() is not called for some reason, although the nat test seems all right. Can you add some debugging between the fix_nated_contact() block, so we can make sure it is called?

Best regards,
Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com
On 06/06/2017 12:15 PM, Royee Tichauer via Users wrote:
Razvan,

Thanks for the help! 

fix_nated_contact is called before create_dialog as you can also see from the configuration file I added in the previous email.

When using the MI command I see:

callee_contact:: sip:USERNAME@PRIVATE_IP:PORT;transport=TCP

So it seems like the dialog is created with a private IP. Any suggestions?

Thanks,

Royee




On Tue, Jun 6, 2017 at 11:06 AM Răzvan Crainea <[hidden email]> wrote:
Hi, Royee!

Can you make sure that fix_nated_contact() is called before create_dialog()?
Also, if you run through MI the dlg_list_ctx command, what is the contact header stored in the dialog?

Best regards,
Răzvan
Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com
On 06/06/2017 11:02 AM, Royee Tichauer via Users wrote:
Hi,

I'm having some problems when using topology hiding. In my scenario an INVITE comes in to the opensips (SBC) instance from another opensips instance (Proxy). It is routed to a callee which eventually answers with a 200OK. The 200 OK is routed through the SBC to the Proxy which answers back with an ACK. This ACK is absorbed by the SBC which (by looking at the logs) attempts to send this ACK to the private IP of the callee instead of the the NAT IP which was originally used for the incoming INVITE.

From the logs I see that right before I attempt to do 'topology_hiding_match()' the 'ruri=public_IP' and after the method is called the ruri switches to 'ruri=private_IP'.

Attached is a trace. Below is a partial opensips.cfg file I am using with opensips 2.1:


# ----- NATHELPER -----
loadmodule "nathelper.so"
modparam("nathelper", "received_avp", "$avp(42)")

# ----- DIALOG -----
loadmodule "dialog.so"
modparam("dialog", "db_mode", 0)
modparam("dialog", "dlg_match_mode", 1)
modparam("dialog", "profiles_no_value", "inboundcalls")


# ----- TOPOLOGY_HIDING -----
loadmodule "topology_hiding.so"
modparam("topology_hiding", "force_dialog", 1)
modparam("topology_hiding", "th_callid_passwd", "*********")
modparam("topology_hiding", "th_contact_encode_passwd", "*****")
modparam("topology_hiding", "th_callid_prefix", "****")

route {
  route(nat_checks);
  route(topology_check);
  .
  .
  .

  create_dialog();

  record_route();

  if (!has_totag() && is_method("INVITE")) {
    topology_hiding("U");
  }

  .
  .
  .
}


route[topology_check] {

  force_rport();
  xlog("L_INFO", "[REQUEST $ci] current  ruri: $ruri");
  if (has_totag()) {
    if (topology_hiding_match()) {
        xlog("L_INFO", "[REQUEST $ci] $rm topology_check successful match reinvite TH_callee_callid: $TH_callee_callid ruri: $ruri");
        route(relay);
    } else {
      xlog("L_INFO", "[REQUEST $ci] $rm topology_check Did not match this request to a topology hiding dialog.");
      if ( is_method("ACK") ) {
        if ( t_check_trans() ) {
          xlog("L_INFO", "[REQUEST $ci] $rm within a transaction relaying");
          route(relay);
        } else {
          xlog("L_INFO", "[REQUEST $ci] $rm not within a transaction exiting");
          exit;
        }
      }
      xlog("L_INFO", "[REQUEST $ci] $rm sending 404 Not Found");
      send_reply("404","Not Found");
      exit;
    }
  }

}

route[nat_checks] {

  if (nat_uac_test("1")) {
    xlog("L_INFO", "[REQUEST $ci] $rm fix_nated_contact()");
    fix_nated_contact();
  }
}
.
.
.


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Loading...