[Bug 760] New: nf_ct_sip dropping SIP messages larger then MTU

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Wed Oct 26 06:44:41 CEST 2011 

http://bugzilla.netfilter.org/show_bug.cgi?id=760

           Summary: nf_ct_sip dropping SIP messages larger then MTU
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: i386
        OS/Version: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ip_conntrack
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: thomas.berger+netfilter at videxio.com
   Estimated Hours: 0.0


I have a system which receives large SIP message ( > 1500 bytes).

After upgrading to latest Ubuntu 11.04 release (Linux kernel 3.0.4), SIP calls
to my router stops working.  

Packets seems to be dropped by netfilter:

Oct 26 04:19:14 localhost kernel: nf_ct_sip: dropping packetIN=eth0 OUT=
MAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51078 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A11649009FFFCE724) 
Oct 26 04:19:21 localhost kernel: nf_ct_sip: dropping packetIN=eth0 OUT=
MAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51079 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A116492AAFFFCE724) 
Oct 26 04:19:34 localhost kernel: nf_ct_sip: dropping packetIN=eth0 OUT=
MAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51080 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A116497ECFFFCE724) 
Oct 26 04:20:01 localhost kernel: nf_ct_sip: dropping packetIN=eth0 OUT=
MAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51081 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A1164A270FFFCE724) 
Oct 26 04:20:55 localhost kernel: nf_ct_sip: dropping packetIN=eth0 OUT=
MAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51082 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A1164B780FFFCE724) 


I suspect the following change to be the culprint:

http://lkml.indiana.edu/hypermail/linux/kernel/1106.0/00275.html

If the patch above is using data length on the TCP fragment and not the the
complete sip packet, the code is wrong.  Note that SIP RFC 3261 explicitly
tells you to use TCP when sending messages over MTU (1500 bytes).

Kinds regards,
 Thomas M. Berger


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list