View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0016756||CentOS-7||sip||public||2019-11-20 13:46||2019-11-20 13:51|
|Target Version||Fixed in Version|
|Summary||0016756: nf_conntrack_sip cannot handle segmented SIP packets very well|
|Description||When module nf_conntrack_sip is loaded, TCP segmented SIP traffic fail under certain circumstances. |
We found segmented INVITEs ending in "CSeq: 1 " (notice the trailing space) when tracing using tcpdump, which means the next segment would be starting with "INVITE<CR><LF>" which trigger as an incoming INVITE but with incorrect syntax.
It seemed like the faulty segment was just dropped and the system call "send" was hanging indefinitely.
|Steps To Reproduce||We setup a SIPp instance calling to our B2BUA SIP application redirecting to another SIPp instance. When increasing call frequency we occasionally got the behaviour described above except it was for BYE, not INVITE.|
|Additional Information||The work-around is easy:|
Just skip the built-in sip service in firewalld, and define the ports manually in the filrewalld zone.
And rmmod nf_nat_sip + rmmod nf_conntrack_sip.
|CentOS is a rebuild of the sources used to create RHEL. We do not modify anything except to remove branding and logos. You will need to submit your request to Redhat via bugzilla.redhat.com and if/when RH accepts it and incorporates it into RHEL and releases a patched version, then CentOS will pick it up and rebuild it.|