| Summary: | ASTERISK-30257: res_pjsip: IP addresses get butchered | ||
| Reporter: | N A (InterLinked) | Labels: | |
| Date Opened: | 2022-10-02 09:56:36 | Date Closed: | 2022-10-02 11:59:13 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_pjsip |
| Versions: | 18.14.0 | Frequency of Occurrence | Occasional |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | This happened a few times today:
Note how the 2nd octet gets butchered into nonsense, causing an ACL failure. {noformat} [2022-10-02 14:50:43] ERROR[13793]: pjproject: <?>: sip_transport.c Error processing 100 bytes packet from UDP 173.56.227.13:18599 : PJSIP syntax error exception when parsing 'Request Line' header on line 1 col 1: [2022-10-02 14:50:43] > ▒ [2022-10-02 14:50:43] ERROR[12886]: netsock2.c:303 ast_sockaddr_resolve: getaddrinfo("173.566.227.13", "(null)", ...): Name or service not known {noformat} | ||
| Comments: | By: Asterisk Team (asteriskteam) 2022-10-02 09:56:40.480-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur. Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/]. By: Joshua C. Colp (jcolp) 2022-10-02 11:16:26.914-0500 I'm not really sure what you're expecting to be done with this report. The PJSIP parser failed validation on an incoming packet and it was dropped at the PJSIP level. It never reached the Asterisk code, 'nor would it have gotten caught by any ACL. Afterwards the ast_sockaddr_resolve message occurred from a different thread, so a different SIP message could have come in, but none are in this issue report so I don't know. You also mention an ACL, but don't explain how you came to that conclusion. I can't do anything with this report as it is. It needs much more information, including the SIP requests that caused it. By: Joshua C. Colp (jcolp) 2022-10-02 11:17:31.874-0500 I should also add - how did you come to the conclusion that the second octet "got butchered". Is it purely because of the log message you see? Is this traffic legitimate traffic? Is it actually someone trying to crash or exploit the system? The only use of ast_sockaddr_resolve in ACLs is for the Contact header, which is provided by the remote side unless you have rewrite_contact enabled which hasn't been stated. By: N A (InterLinked) 2022-10-02 11:42:01.885-0500 I wasn't really expecting anything, just reporting it here in case there has been or will be a similar issue with more info. The initial log messages about the bad packet have "56" and later on it is 556 so at some point somewhere, an extra 6 got added to that octet. Unfortunately, this happened for a few minutes and then not again, but the packets in questions were from a SIP provider which is what had surprised me. By: Joshua C. Colp (jcolp) 2022-10-02 11:59:08.288-0500 Unless the Contact in the SIP message contained the extra 6. Without seeing actual traffic there's nothing really to be done here. | ||