Re: SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Le 24/09/2015 13:19, Patrick McHardy a écrit :
On 24.09, Christophe Leroy wrote:
I have an issue with the SIP conntrack:

In commit 30f33e6dee [NETFILTER]: nf_conntrack_sip: support method specific
request/response handling
Modified by b20ab9cc63 netfilter: nf_ct_helper: better logging for dropped
packets

SIP requests with no CSeq header are dropped by kernel before reaching the
user app.

According to RFC4475 "Session Initiation Protocol (SIP) Torture Test
Messages", requests with invalid CSeq should be responded with 400 Bad
Request, and that's what my app does, but it can only do it if it receives
the request.
I don't see anything about missing CSeq-headers in that RFC, could you point
me to the correct chapter?

RFC4475 gives no exemple explicitly about missing CSeq-headers, but it has some exemples for bad CSeq-headers in §3.1.2.4, §3.1.2.17 and §3.3.8 where it expects 400 Bad request response.

In addition, §3.3.1 "Missing Required Header Fields" shows that 400 Bad Request is also expected in the case of missing Call-ID, From, or To mandatory headers. Taking into account RFC3261 §8.1.1, CSeq is also a mandatory header in the same way as Call-ID, From, or To, so the same answer should be expected.

RFC3261 §21.4.1 shows that 400 Bad request is to be used for missing headers.

Christophe
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux