ASTERISK-27324: [patch] Dual-Stack server cannot be used as IPv4 client via TCP/TLS

[Home]

Summary: ASTERISK-27324: [patch] Dual-Stack server cannot be used as IPv4 client via TCP/TLS

Reporter: Alexander Traud (traud) Labels: patch

Date Opened: 2017-10-08 01:23:05 Date Closed: 2017-10-10 09:41:11

Priority: Major Regression?

Status: Closed/Complete Components: Channels/chan_sip/TCP-TLS

Versions: 13.7.2 14.6.2 15.0.0 Frequency of
Occurrence

Related
Issues:
is related to ASTERISK-26922 chan_sip: tcpbind uses wrong source address

Environment: Attachments: ( 0) tcp_ip_dual_stack_server_ipv4_client.patch

Description: Asterisk can be used as SIP server and client at the same time. Furthermore, Asterisk can be ran as IPv4-only, IPv6-only, or dual stack server. On default, Asterisk is an IPv4-only server and the {{bindaddr}} is null. Because I added {{bindaddr=::}} to the configuration file {{sip.conf}}, my Asterisk listens on the IPv4 and IPv6 wildcards. In that case, the {{bindaddr}} is not null but unspecified ({{INADDR_ANY}}). Similar for UDP, TCP, and TLS: On default, Asterisk is using just UDP. Therefore, I added {{tlsenable=yes}} to my {{sip.conf}}.

Since 13.16, my Asterisk is unable to connect to other IPv4-only SIP services via TLS, with the error message:
bq. ast_tcptls_client_create: Unable to bind SIP socket to \[::\]:0: Address family not supported by protocol
For example here in Germany, I use the VoIP/SIP provider dus.net via _secure.dus.net_ to call (traditional) phone numbers. However, IPv6 services like _securev6.dus.net_ and services based on UDP like _proxy.dus.net_ are of no issue.

Consequently, this issue affects only those chan_sip which were
* enabled for dual-stack {{bindaddr=::}}, and
* enabled for TCP {{tcpenable=yes}} and/or TLS {{tlsenable=yes}}, and
* tried to register and/or invite a IPv4-only service,
* via TCP or TLS.

The resolution of ASTERISK-26922 revealed this bug, which was present since day one of the IPv6 support in Asterisk seven years ago. Attached is a patch to check not only for ‘is null’ but also whether the current bind address ‘is any’.

Comments: By: Friendly Automation (friendly-automation) 2017-10-10 07:42:22.082-0500

Change 6681 merged by Jenkins2:
tcptls: Do not re-bind to wildcard on client creation.

[https://gerrit.asterisk.org/6681|https://gerrit.asterisk.org/6681]
By: Friendly Automation (friendly-automation) 2017-10-10 07:51:08.522-0500

Change 6683 merged by Jenkins2:
tcptls: Do not re-bind to wildcard on client creation.

[https://gerrit.asterisk.org/6683|https://gerrit.asterisk.org/6683]
By: Friendly Automation (friendly-automation) 2017-10-10 07:53:44.452-0500

Change 6680 merged by Joshua Colp:
tcptls: Do not re-bind to wildcard on client creation.

[https://gerrit.asterisk.org/6680|https://gerrit.asterisk.org/6680]
By: Friendly Automation (friendly-automation) 2017-10-10 08:07:59.205-0500

Change 6682 merged by Jenkins2:
tcptls: Do not re-bind to wildcard on client creation.

[https://gerrit.asterisk.org/6682|https://gerrit.asterisk.org/6682]