So a little more digging with wireshark. I'm focusing currently on the
small amount of leaky packets from every call right now.
From the log;
2010/02/01 19:57:27.039 4 ProxyChannel.cxx(5734) H245
Response: openLogicalChannelAck
2010/02/01 19:57:27.039 5 ProxyChannel.cxx(4826) RTCP H46019
v:1 s:0 fwd rev
2010/02/01 19:57:27.039 5 ProxyChannel.cxx(4840) RTCP Reverse
192.168.128.60:2349 to 10.10.1.88:2389
2010/02/01 19:57:27.039 5 ProxyChannel.cxx(4826) RTP H46019
v:1 s:0 fwd rev
2010/02/01 19:57:27.039 5 ProxyChannel.cxx(4840) RTP Reverse
192.168.128.60:2348 to 10.10.1.88:2388
2010/02/01 19:57:27.039 5 ProxyChannel.cxx(6536) ProxyRTP(1)
total sockets 2
2010/02/01 19:57:27.039 5 ProxyChannel.cxx(1368) H245 To send:
response openLogicalChannelAck {
forwardLogicalChannelNumber = 3
forwardMultiplexAckParameters = h2250LogicalChannelAckParameters {
sessionID = 3
mediaChannel = unicastAddress iPAddress {
network = 4 octets {
26 75 48 87 &uH.
}
tsapIdentifier = 50010
}
mediaControlChannel = unicastAddress iPAddress {
network = 4 octets {
26 75 48 87 &uH.
}
tsapIdentifier = 50011
}
flowControlToZero = false
}
}
----------------------------------------------------------------------------------------------
From Wireshark, packet from the H.460 Endpoint performing an
openlogicalchannelack, note that the INSIDE IP is in the packet, not the
external IP (not sure who is responsible here for changing this
appropriately, the endpoint, or the GNUGK)
Frame 221 (114 bytes on wire, 114 bytes captured)
Ethernet II, Src: 00:0f:a3:e9:8e:98 (00:0f:a3:e9:8e:98), Dst:
00:0c:29:f9:89:35 (00:0c:29:f9:89:35)
Internet Protocol, Src: 216.235.8.8 (216.235.8.8), Dst: 38.0.0.135
(38.0.0.135)
Transmission Control Protocol, Src Port: 12646 (12646), Dst Port: 30002
(30002), Seq: 734, Ack: 775, Len: 48
TPKT, Version: 3, Length: 48
Version: 3
Reserved: 0
Length: 48
H.245
PDU Type: response (1)
response: openLogicalChannelAck (5)
openLogicalChannelAck
forwardLogicalChannelNumber: 6
forwardMultiplexAckParameters:
h2250LogicalChannelAckParameters (0)
h2250LogicalChannelAckParameters
sessionID: 3
mediaChannel: unicastAddress (0)
unicastAddress: iPAddress (0)
iPAddress
network: 192.168.128.60 (192.168.128.60)
tsapIdentifier: 2348
mediaControlChannel: unicastAddress (0)
unicastAddress: iPAddress (0)
iPAddress
network: 192.168.128.60 (192.168.128.60)
tsapIdentifier: 2349
0... .... flowControlToZero: False
genericInformation: 1 item
Item 0
GenericInformation
messageIdentifier: standard (0)
standard: 0.0.8.460.19.0.1
(itu-t.0.8.460.19.0.1)
messageContent: 1 item
Item 0
messageContent item
parameterIdentifier: standard (0)
standard: 1
parameterValue: octetString (6)
octetString: 2 octets
----------------------------------------------------------------------------------------------
From Wireshark, here is one of the packets from the above logical
channel. They appear to be FECC packets as I can generate one every
time when I use the far end camera controls.
Frame 11891 (71 bytes on wire, 71 bytes captured)
Ethernet II, Src: 00:0c:29:f9:89:35 (00:0c:29:f9:89:35), Dst:
00:0f:a3:e9:8e:98 (00:0f:a3:e9:8e:98)
Internet Protocol, Src: 38.0.0.135 (38.0.0.135), Dst: 192.168.128.60
(192.168.128.60)
User Datagram Protocol, Src Port: 50010 (50010), Dst Port: 2348 (2348)
Real-Time Transport Protocol
[Stream setup by H245 (frame 221)]
[Setup frame: 221]
[Setup Method: H245]
10.. .... = Version: RFC 1889 Version (2)
..0. .... = Padding: False
...0 .... = Extension: False
.... 0000 = Contributing source identifiers count: 0
0... .... = Marker: False
Payload type: DynamicRTP-Type-100 (100)
Sequence number: 8651
[Extended sequence number: 74187]
Timestamp: 2197082917
Synchronization Source identifier: 0xe8ed54b6 (3907867830)
RFC 2833 RTP Event
Event ID: Unknown (249)
1... .... = End of Event: True
.1.. .... = Reserved: True
..11 1000 = Volume: 56
Event Duration: 571
----------------------------------------------------------------------------------------------
This is the packet that sets up the G.722 channel, note it still uses
the inside IP address,
guess it is GNUGK's job to track inside versus outside.
Frame 51 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:0f:a3:e9:8e:98 (00:0f:a3:e9:8e:98), Dst:
00:0c:29:f9:89:35 (00:0c:29:f9:89:35)
Internet Protocol, Src: 216.0.0.8 (216.0.0.8), Dst: 38.0.0.135 (38.0.0.135)
Transmission Control Protocol, Src Port: 12646 (12646), Dst Port: 30002
(30002), Seq: 411, Ack: 416, Len: 72
TPKT, Version: 3, Length: 36
Version: 3
Reserved: 0
Length: 36
H.245
PDU Type: indication (3)
indication: userInput (13)
userInput: nonStandard (0)
nonStandard
nonStandardIdentifier: h221NonStandard (1)
h221NonStandard
t35CountryCode: Norway (130)
t35Extension: 1
manufacturerCode: 256
H.245 Manufacturer: Unknown (0x82010100)
data:
0006204C352E312E312C204E6F74206170706C696361626C...
Data (25 bytes)
0000 00 06 20 4c 35 2e 31 2e 31 2c 20 4e 6f 74 20 61 .. L5.1.1, Not a
0010 70 70 6c 69 63 61 62 6c 65 pplicable
Data:
0006204C352E312E312C204E6F74206170706C696361626C...
[Length: 25]
TPKT, Version: 3, Length: 7
Version: 3
Reserved: 0
Length: 7
H.245
PDU Type: request (0)
request: roundTripDelayRequest (9)
roundTripDelayRequest
sequenceNumber: 1
TPKT, Version: 3, Length: 29
Version: 3
Reserved: 0
Length: 29
H.245
PDU Type: request (0)
request: openLogicalChannel (3)
openLogicalChannel
forwardLogicalChannelNumber: 1
forwardLogicalChannelParameters
dataType: audioData (3)
audioData: g722-64k (5)
g722-64k: 40
multiplexParameters: h2250LogicalChannelParameters (3)
h2250LogicalChannelParameters
sessionID: 1
mediaControlChannel: unicastAddress (0)
unicastAddress: iPAddress (0)
iPAddress
network: 192.168.128.60
(192.168.128.60)
tsapIdentifier: 2343
transportCapability
mediaChannelCapabilities: 1 item
Item 0
MediaChannelCapability
mediaTransport: ip-UDP (0)
ip-UDP: NULL
----------------------------------------------------------------------------------------------
Here's an RTP packet (G.722) with the correct destination IP;
Frame 255 (214 bytes on wire, 214 bytes captured)
Ethernet II, Src: 00:0c:29:f9:89:35 (00:0c:29:f9:89:35), Dst:
00:0f:a3:e9:8e:98 (00:0f:a3:e9:8e:98)
Internet Protocol, Src: 38.0.0.135 (38.0.0.135), Dst: 216.0.0.8 (216.0.0.8)
User Datagram Protocol, Src Port: 50006 (50006), Dst Port: 53345 (53345)
Real-Time Transport Protocol
[Stream setup by H245 (frame 78)]
[Setup frame: 78]
[Setup Method: H245]
10.. .... = Version: RFC 1889 Version (2)
..0. .... = Padding: False
...0 .... = Extension: False
.... 0000 = Contributing source identifiers count: 0
0... .... = Marker: False
Payload type: ITU-T G.722 (9)
Sequence number: 62180
[Extended sequence number: 62180]
Timestamp: 3065874550
Synchronization Source identifier: 0xda8b0706 (3666544390)
Payload: FBF6F6F6FBDAF9DFF6F4F4F9DDDFFBFBF6F4F6DFFBDDFBFB...
----------------------------------------------------------------------------------------------
So with all this, it looks like GNU/GK's H.460 code might not be
tracking all the logical channels, specifically the FECC in this case.
Perhaps someone with more knowledge on the H.460 code might be able to
add something here?
I have a -ttttt log of the call (with lots of detail that I'd rather not
end up on a public mailing list) available if anyone wants me to send it
to them.
Thanks for any additional information and assistance.
Andrew
Andrew Herdman wrote:
> Simon Horne wrote:
>
> Simon;
>
> I haven't tried your fix yet, but I'm not sure it's applicable to me,
> you see my H.460 GNUGK is not behind NAT, but the H.460 endpoint is.
>
> Would perhaps leaving the Home and Bind alone, and adding ExternalIP
> help? I'll probably give it a shot anyway.
>
> Thanks for your help
> Andrew
>> Remove
>> [Gatekeeper::Main]
>> Home=
>> Bind=
>>
>> [Proxy]
>> InternalNetworks=
>>
>> Add
>> [Gatekeeper::Main]
>> ExternalIP={external IP of NAT box}
>>
>> This should create an appropriate route table inside GnuGk for your
>> configuration.
>>
>> Simon
>>
>>
>> -----Original Message-----
>> From: Andrew Herdman [mailto:andrew@xxxxxxxxx]
>> Sent: Saturday, 30 January 2010 5:58 AM
>> To: GNU Gatekeeper Users
>> Subject: H.460.18 occasionally exposes/tries to
>> useEndpoints Internal Address
>>
>> So, further to my H.460 testing, I saw (via tcpdump) the GNUGK which is the
>> H.460 registrar trying to communicate with the H.460 endpoint on it's
>> Internal address on the firewall, and not the WAN IP I see under the
>> registration.
>>
>> Most of the time, almost all the traffic goes to the right IP address, but
>> the occasional packet of a different channel (It's UDP, H.245?
>> RAS?) leaks out and tries to go to the endpoints internal pre-NAT IP
>> address.
>>
>> Then, very occasionally, but I can repeat after several tries, all the media
>> from the GNU/GK tries to go to the Internal pre-NAT IP address of the
>> endpoint.
>>
>> I'm not entirely sure what's going on, as the registration information is
>> intact with the right outside IP, H.460.18 is indicated in the registration,
>> and most calls just work.
>>
>> I'm using a slightly smarter firewall (ASA5500) than the average home user,
>> but all the h323 inspections are turned off, so I don't think thats it.
>>
>> All the packets are sourced from port 50xxx and are destined to the right
>> port on the Endpoint (Tandberg 150MXP), just the wrong IP.
>>
>> Has anyone else run into this? Did I simply miss something in my
>> configuration? (Attached below).
>>
>> Thanks and Best Regards
>> Andrew
>>
>> [Gatekeeper::Main]
>> Fortytwo=42
>> Name=GNUGK003
>> Home=127.0.0.1,10.10.10.10
>> Bind=127.0.0.1,10.10.10.10
>> TimeToLive=600
>> StatusPort=7000
>> StatusTraceLevel=1
>> UseBroadcastListener=0
>> CompareAliasType=1
>> CompareAliasCase=0
>> TimestampFormat=MySQL
>> TimeToLive=600
>>
>> [LogFile]
>> Rotate=daily
>> RotateTime=00:00
>>
>>
>> [RoutedMode]
>> GKRouted=1
>> H245Routed=1
>> CallSignalPort=1720
>> CallSignalHandlerNumber=10
>> RtpHandlerNumber=4
>> AcceptNeighborsCalls=1
>> AcceptUnregisteredCalls=1
>> RemoveH245AddressOnTunneling=1
>> RemoveCallOnDRQ=0
>> DropCallsByReleaseComplete=1
>> SendReleaseCompleteOnDRQ=1
>> SupportNATedEndpoints=1
>> SupportCallingNATedEndpoints=0
>> TreatUnregisteredNAT=0
>> ForwardOnFacility=1
>> ShowForwarderNumber=0
>> Q931PortRange=20000-20999
>> H245PortRange=30000-30999
>> SetupTimeout=8000
>> SignalTimeout=30000
>> AlertingTimeout=60000
>> TcpKeepAlive=1
>> TranslateFacility=1
>> SocketCleanupTimeout=5000
>> EnableH46018=1
>> H46018NoNat=1
>>
>>
>> [Proxy]
>> Enable=1
>> ProxyAlways=0
>> InternalNetwork=10.0.0.0/8,66.0.0.0/20,127.0.0.0/8,65.0.0.0/24
>> T120PortRange=40000-49999
>> RTPPortRange=50000-59999
>> ProxyForNAT=1
>> ProxyForSameNAT=1
>> DisableH460Call=0
>> DisableRTPQueuing=1
>> EnableRTPMute=0
>>
>> [RasSrv::LRQFeatures]
>> NeighborTimeout=2
>> SendRetries=2
>> ForwardHopCount=2
>> AcceptForwardedLRQ=1
>> ForwardResponse=1
>> ForwardLRQ=depends
>> AcceptNonNeighborLRQ=1
>> AcceptNonNeighborLCF=1
>>
>>
>> [RasSrv::RRQFeatures]
>> OverwriteEPOnSameAddress=1
>>
>>
>> [RoutingPolicy]
>> default=explicit,internal,neighbor,srv,dns
>>
>>
>> [RoutingPolicy::OnARQ]
>> default=explicit,internal,neighbor,srv,dns
>>
>> [RoutingPolicy::OnLRQ]
>> default=explicit,internal,neighbor,srv,dns
>>
>>
>> [RoutingPolicy::OnSetup]
>> default=explicit,vqueue,internal,srv,dns
>>
>> [GkStatus::Auth]
>> rule=allow
>>
>> [RasSrv::RewriteE164]
>>
>> [RasSrv::Neighbors]
>> GKLAB=Gnugk
>>
>> [Neighbor::GKLAB]
>> Host=66.0.0.211
>> Dynamic=0
>> SendPrefixes=*
>> AcceptPrefixes=1999
>> ForwardHopCount=5
>> AcceptForwardedLRQ=1
>> ForwardResponse=1
>> ForwardLRQ=Depends
>>
>>
>> ----------------------------------------------------------------------------
>> --
>> The Planet: dedicated and managed hosting, cloud storage, colocation Stay
>> online with enterprise data centers and the best network in the business
>> Choose flexible plans and management services without long-term contracts
>> Personal 24x7 support from experience hosting pros just a phone call away.
>> http://p.sf.net/sfu/theplanet-com
>> _______________________________________________________
>>
>> Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
>> Archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
>> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
>> Homepage: http://www.gnugk.org/
>>
>>
>> ------------------------------------------------------------------------------
>> The Planet: dedicated and managed hosting, cloud storage, colocation
>> Stay online with enterprise data centers and the best network in the business
>> Choose flexible plans and management services without long-term contracts
>> Personal 24x7 support from experience hosting pros just a phone call away.
>> http://p.sf.net/sfu/theplanet-com
>> _______________________________________________________
>>
>> Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
>> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
>> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
>> Homepage: http://www.gnugk.org/
>>
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________________
>
> Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
