A bizarre problem on this host running Asterisk. I don't actually think
this is Asterisk's problem, but I don't know who to ask, so if this is OT,
please redirect me.
CentOS 5.2 64-bit Xen domU running Asterisk 1.4.22 32-bit with a number of
SIP phones and a few SIP<->PSTN gateways.
When asterisk tries to send a packet over UDP 5060 to one (and only one)
of the gateways, the syscall returns "EPERM (Operation not permitted)".
Strangely, sending to UDP 5060 on the other gateway on the same network or
any of the SIP phones works just fine, sent from the same socket, only
difference is the IP address and the packet contents.
Following is an strace of Asterisk starting up with only the syscalls
relevant to the SIP socket. Also, some network information showing that
there's nothing funny about the routes and no firewall rules to get in the
way. No packets are actually sent out the wire to that gateway, though
the gateway is pingable, and I can get a response from the same asterisk
host using sipsak.
Also, oddly, SIP sessions initiated from the gateway to asterisk succeed.
There is very little information about EPERM errors in reference to
SOCK_DGRAM type sockets on google, so hopefully there's someone here who
can point me the right direction (even if it's to another, more
appropriate list).
John
[r...@pbx0 ~]# strace -f /usr/sbin/asterisk -U asterisk -G asterisk \
-C /etc/asterisk/asterisk.conf -g -p -T
[...]
[Initial socket setup]
[pid 5006] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 9
[pid 5006] setsockopt(9, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 5006] setsockopt(9, SOL_IP, IP_MTU_DISCOVER, [0], 4) = 0
[pid 5006] bind(9, {sa_family=AF_INET, sin_port=htons(5060), \
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[pid 5006] setsockopt(9, SOL_IP, IP_TOS, [96], 4) = 0
[...]
[This is the gateway, same network, that asterisk successfully connects to]
[pid 5015] sendto(9, "OPTIONS sip:192.168.3.21 SIP/2.0"..., 485, 0, \
{sa_family=AF_INET, sin_port=htons(5060), \
sin_addr=inet_addr("192.168.3.21")}, 16) = 485
[...]
[The response from that gateway]
[pid 5015] recvfrom(9, "SIP/2.0 200 OK\r\nTo: <sip:1...@192"..., 4095, 0, \
{sa_family=AF_INET, sin_port=htons(5060), \
sin_addr=inet_addr("192.168.3.51")}, [16]) = 319
[...]
[An example failed sendto syscall to the affected gateway]
[pid 5015] sendto(9, "OPTIONS sip:192.168.3.20 SIP/2.0"..., 485, 0, \
{sa_family=AF_INET, sin_port=htons(5060), \
sin_addr=inet_addr("192.168.3.20")}, 16) = -1 EPERM (Operation not \
permitted)
[r...@pbx0 asterisk]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.3.1 0.0.0.0 UG 0 0 0 eth0
[r...@pbx0 asterisk]# iptables -L -v
Chain INPUT (policy ACCEPT 7974 packets, 1803K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7950 packets, 2369K bytes)
pkts bytes target prot opt in out source destination
[r...@pbx0 asterisk]# tcpdump -nn host 192.168.3.20& sleep 1; \
> sipsak -T -s sip:f...@192.168.3.20; kill %
[1] 5223
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
warning: IP extract from warning activated to be more informational
17:04:44.511831 IP 192.168.3.19.42231 > 192.168.3.20.5060: SIP, length: 361
17:04:44.523252 IP 192.168.3.20.5060 > 192.168.3.19.42231: SIP, length: 381
0: ?? (11.231 ms) SIP/2.0 200 OK
without Contact header
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
