bugzilla-daemon at bugzilla.netfilter.org
2011-Oct-26 04:44 UTC
[Bug 760] New: nf_ct_sip dropping SIP messages larger then MTU
http://bugzilla.netfilter.org/show_bug.cgi?id=760
Summary: nf_ct_sip dropping SIP messages larger then MTU
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: ip_conntrack
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: thomas.berger+netfilter at videxio.com
Estimated Hours: 0.0
I have a system which receives large SIP message ( > 1500 bytes).
After upgrading to latest Ubuntu 11.04 release (Linux kernel 3.0.4), SIP calls
to my router stops working.
Packets seems to be dropped by netfilter:
Oct 26 04:19:14 localhost kernel: nf_ct_sip: dropping packetIN=eth0
OUTMAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51078 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A11649009FFFCE724)
Oct 26 04:19:21 localhost kernel: nf_ct_sip: dropping packetIN=eth0
OUTMAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51079 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A116492AAFFFCE724)
Oct 26 04:19:34 localhost kernel: nf_ct_sip: dropping packetIN=eth0
OUTMAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51080 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A116497ECFFFCE724)
Oct 26 04:20:01 localhost kernel: nf_ct_sip: dropping packetIN=eth0
OUTMAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51081 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A1164A270FFFCE724)
Oct 26 04:20:55 localhost kernel: nf_ct_sip: dropping packetIN=eth0
OUTMAC=f2:3c:91:df:ab:d8:88:43:e1:a3:fa:7f:08:00 SRC=85.17.179.184
DST=178.79.185.163 LEN=1500 TOS=0x00 PREC=0x00 TTL=53 ID=51082 DF PROTO=TCP
SPT=49812 DPT=5060 SEQ=3132246529 ACK=1040
110379 WINDOW=229 RES=0x00 ACK URGP=0 OPT (0101080A1164B780FFFCE724)
I suspect the following change to be the culprint:
http://lkml.indiana.edu/hypermail/linux/kernel/1106.0/00275.html
If the patch above is using data length on the TCP fragment and not the the
complete sip packet, the code is wrong. Note that SIP RFC 3261 explicitly
tells you to use TCP when sending messages over MTU (1500 bytes).
Kinds regards,
Thomas M. Berger
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2013-Feb-04 08:51 UTC
[Bug 760] nf_ct_sip dropping SIP messages larger then MTU
http://bugzilla.netfilter.org/show_bug.cgi?id=760
Frans Gifford <frans.gifford at renesasmobile.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |frans.gifford at renesasmobile
| |.com
Component|ip_conntrack |nf_conntrack
Platform|i386 |All
OS/Version|Ubuntu |All
--- Comment #1 from Frans Gifford <frans.gifford at renesasmobile.com>
2013-02-04 09:51:19 CET ---
Moving to nf_conntrack, which is where I think this belongs. Also changing
platform/distribution to all, since it's a general kernel problem.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.