Details

    • Type: Improvement Improvement
    • Status: Open
    • Severity: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.8.11.0
    • Target Release Version/s: None
    • Security Level: None
    • Labels:
      None
    • Regression:
      No

      Description

      Asterisk 1.8 validates the host in the Contact URI of a REGISTER/INVITE. Such a URI host must be a valid IP address or a resolvable hostname (via DNS A/AAAA) for Asterisk to accept the request. This is not a real requirement in RFC 3261.

      This validation makes sense for the case in which such a URI will be used for routing requests to the peer, but it makes no sense at all (it's useless) when the peer is configured with nat=yes (so the Contact URI is ignored and instead the real source IP:port used for sending outgoing requests to the peer).

      The problem is that it avoids some cases in which the SIP client sets a non resolvable domain in its Contact URI (for example "sip:alice@idsukjdsf.invalid;transport=ws"), which is expected to occur in SIP over WebSocket access due to the fact that JavaScript running in web browsers doesn't know the source IP:port from which the WebSocket connection has been made. In these cases, using a .invalid domain (RFC 2606) seems much more ellegant than inventing a random IP or using a resolvable domain (google.com?).

        Issue Links

          Activity

          Hide
          Iñaki Baz Castillo added a comment -

          Hi, is there any update for this issue?

          Show
          Iñaki Baz Castillo added a comment - Hi, is there any update for this issue?
          Hide
          Walter Doekes added a comment - - edited

          I think I might have fixed this, at least for in-dialog requests (to the Contact):

          http://lists.digium.com/pipermail/asterisk-commits/2012-October/057327.html

          In trunk only though.

          There's another one: the Via sent-by header gets a resolve attempt too. Not necessary either.

          Are there other places where the contact gets resolved/verified?

          Show
          Walter Doekes added a comment - - edited I think I might have fixed this, at least for in-dialog requests (to the Contact): http://lists.digium.com/pipermail/asterisk-commits/2012-October/057327.html In trunk only though. There's another one: the Via sent-by header gets a resolve attempt too. Not necessary either. Are there other places where the contact gets resolved/verified?
          Hide
          Iñaki Baz Castillo added a comment -

          Sorry for the late response, I didn't get notified about your comment.

          Via sent-by should be 100% ignored always. If Via sent-by contains a domain or an IP different from the source addres, then Asterisk should add a ";received=REAL_SOURCE_IP" to the top Via in responses to that SIP request, that's all. The address in the sent-by set by the peer should be just used for sending responses in case of error when sending to the original IP (exotic RFC 3261 feature that nobody implements and that never works in the real world full of NAT).

          So I hope Asterisk does not resolve Via sent-by, never.

          Show
          Iñaki Baz Castillo added a comment - Sorry for the late response, I didn't get notified about your comment. Via sent-by should be 100% ignored always. If Via sent-by contains a domain or an IP different from the source addres, then Asterisk should add a ";received=REAL_SOURCE_IP" to the top Via in responses to that SIP request, that's all. The address in the sent-by set by the peer should be just used for sending responses in case of error when sending to the original IP (exotic RFC 3261 feature that nobody implements and that never works in the real world full of NAT). So I hope Asterisk does not resolve Via sent-by, never.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Development