Hi list: Working with TLS (with client certificate validation) in Version 1.11.5 I started to see in the log those messages:
ERROR:core:tcpconn_add_alias: possible port hijack attempt ERROR:core:tcpconn_add_alias: alias already present and points to another connection (199 : 5062 and 219 : 5062) ERROR:core:receive_msg: tcp alias failed Those mesages appear after an non-existent users tries to register in the proxy. I've some UACs (that I can not control) after the same public IP trying to register with an invalid user but with a valid TLS client certificate each 10 seconds. As far I can see after two of the UACs tries to register, this message start to appear after each try. In the messages I see the number 199 and 219 changes but 5062 is persistent. The contact header of one of the UACs is sips:[email protected]:5062;transport=tls but it is received from PUBLIC_CLIENT_IP:24609 The contact header of the other UAC is sips:[email protected]:16577;transport=tls and is received from PUBLIC_CLIENT_IP:40993 Listing tcp connections 199 and 219 exists look right: Connection:: ID=199 Type=tls State=0 Source=PUBLIC_CLIENT_IP:42081 Destination=MY_IP:5061 Timeout=2015-07-30 09:24:54 Pending lifetime=0 Connection:: ID=219 Type=tls State=0 Source=PUBLIC_CLIENT_IP:24609 Destination=MY_IP:5061 Timeout=2015-07-30 09:47:44 Pending lifetime=0 I'm not using TCP async mode, not using force_tcp_alias() and tcp_persistent_flag is not set beacuse auth was not succcesful. Maybe is an error in my NAT detection route? in TCP/TLS cases I'm always using nat_traversal module and doing: modparam("registrar", "received_avp", "$avp(received_uri)") modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT") setbflag(NAT); force_rport(); $avp(received_uri) = $source_uri; Any hints? Thanks and regards, Carlos Oliva _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
