Hi Pasan, Thanks for this. I ran this command and found that we have quite a few entries for 5060.
So you suggest the notrack rules to be added in the firewall, correct? Any thoughts on the security or other issues due to adding notrack rule. Thanks, From: Pasan Meemaduma [mailto:[email protected]] Sent: Monday, May 07, 2018 9:55 AM To: Govindaraj, Rajesh <[email protected]> Subject: Re: RE: RE: RE: Re: [OpenSIPS-Users] udp send fail randomly I don't think its specific to sip. You can check active ones in cat /proc/net/nf_conntrack to turn off you can do following, *raw :PREROUTING ACCEPT [0:0] -A PREROUTING -j CT --notrack -m udp -p udp --sport 5060 -A PREROUTING -j CT --notrack -m udp -p udp --dport 5060 :OUTPUT ACCEPT [0:0] -A OUTPUT -j CT --notrack -m udp -p udp --sport 5060 -A OUTPUT -j CT --notrack -m udp -p udp --dport 5060 COMMIT On Monday, 7 May 2018, 6:59:53 PM GMT+5:30, Govindaraj, Rajesh <[email protected]<mailto:[email protected]>> wrote: Hi Pasan, Do you know the exact module name of connection tracking? Is it nf_ct_sip? Also how to you check if this is loaded in the system lsmod? Thanks, From: Pasan Meemaduma [mailto:[email protected]] Sent: Sunday, May 06, 2018 3:05 PM To: [email protected]<mailto:[email protected]>; Govindaraj, Rajesh <[email protected]<mailto:[email protected]>> Subject: Re: RE: RE: Re: [OpenSIPS-Users] udp send fail randomly Hi Rajesh, I was referring to the opensips.cfg code snippet that involve in this error. For me still appears iptables blocking the outgoing connection. did you check the ct setting that i asked you ? On Sunday, 6 May 2018, 5:31:03 PM GMT+5:30, Govindaraj, Rajesh <[email protected]<mailto:[email protected]>> wrote: Hi Pasan, Here is the log snippet as requested. Thanks for sparing time. 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:comp_scriptvar: str 20 : APACCITISGAP633.apac.nsroot.net 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:comp_scriptvar: str 29 : 169.178.164.139 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:pv_printf: final buffer length 42 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: Not Self URI, Routing the Outbound request 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:mk_proxy: doing DNS lookup... 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:sip_resolvehost: no port, no proto -> do NAPTR lookup! 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:get_record: lookup(APACCITISGAP633.apac.nsroot.net, 35) failed 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:sip_resolvehost: no valid NAPTR record found for APACCITISGAP633.apac.nsroot.net, trying direct SRV lookup... 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7556]: DBG:core:get_record: lookup(APACCITISGAP633.apac.nsroot.net, 35) failed 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7556]: DBG:core:sip_resolvehost: no valid NAPTR record found for APACCITISGAP633.apac.nsroot.net, trying direct SRV lookup... 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:get_record: lookup(APACCITISGAP633.apac.nsroot.net, 35) failed 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:sip_resolvehost: no valid NAPTR record found for APACCITISGAP633.apac.nsroot.net, trying direct SRV lookup... 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:get_record: lookup(_sip._udp.APACCITISGAP633.apac.nsroot.net, 33) failed 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:sip_resolvehost: no valid SRV record found for _sip._udp.APACCITISGAP633.apac.nsroot.net, trying A record lookup... 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:get_record: lookup(_sip._udp.APACCITISGAP633.apac.nsroot.net, 33) failed 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:sip_resolvehost: no valid SRV record found for _sip._udp.APACCITISGAP633.apac.nsroot.net, trying A record lookup... 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:check_ip_address: params 169.178.164.139, 169.178.164.139, 0 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:check_ip_address: params 169.178.164.139, 169.178.164.139, 0 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:forward_request: sending: UPDATE sip:[email protected] SIP/2.0^M To: <sip:[email protected]>;tag=70d57330-0-13c4-55015-128fe2-1a5f9bbc-128fe2^M Min-SE: 1800^M Via: SIP/2.0/UDP 169.178.164.139:5060;branch=z9hG4bKc6fef69f4ed2fb3bd0e91281d5c4020f^M Via: SIP/2.0/UDP 169.178.164.139:5059;wlsscid=6aa6b97cdedafbd6;branch=z9hG4bKc6fef69f4ed2fb3bd0e91281d5c4020f;wlsssid=sip-1rzjxdsgbytf2^M CSeq: 409 UPDATE^M Content-Length: 0^M Supported: timer^M Call-ID: 6b628520-0-13c4-55015-128fe2-191db136-128fe2^M Max-Forwards: 69^M From: <sip:[email protected]>;tag=dfe3def8^M Contact: <sip:[email protected]:5059;transport=udp;wlsscid=6aa6b97cdedafbd6;sipappsessionid=app-24d5358i5l6w>^M Session-Expires: 1800;refresher=uac^M ^M . 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:forward_request: sending: UPDATE sip:[email protected] SIP/2.0^M To: <sip:[email protected]>;tag=70d59118-0-13c4-55015-128fed-2a2859d4-128fed^M Min-SE: 1800^M Via: SIP/2.0/UDP 169.178.164.139:5060;branch=z9hG4bK150dc9d5e66cf821aa76beaef7018c02^M Via: SIP/2.0/UDP 169.178.164.139:5059;wlsscid=6aa6b97cdedafbd6;branch=z9hG4bK150dc9d5e66cf821aa76beaef7018c02;wlsssid=sip-nvozupkkym7b^M CSeq: 409 UPDATE^M Content-Length: 0^M Supported: timer^M Call-ID: 6b6291e0-0-13c4-55015-128fed-612714d6-128fed^M Max-Forwards: 69^M From: <sip:[email protected]>;tag=3a0cd8d6^M Contact: <sip:[email protected]:5059;transport=udp;wlsscid=6aa6b97cdedafbd6;sipappsessionid=app-6yjtry48v61h>^M Session-Expires: 1800;refresher=uac^M ^M . 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: DBG:core:forward_request: orig. len=682, new_len=735, proto=1 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:forward_request: orig. len=681, new_len=734, proto=1 2018-05-03T14:20:02.000+08:00 [local2] [err] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: ERROR:core:udp_send: sendto(sock,0x7f3d6312d058,735,0,0x7ffdc8e38770,16): Operation not permitted(1) 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:destroy_avp_list: destroying list (nil) 2018-05-03T14:20:02.000+08:00 [local2] [err] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7527]: ERROR:core:msg_send: udp_send failed 2018-05-03T14:20:02.000+08:00 [local2] [debug] msgct2-ccm-05a.apac.nsroot.net /usr/sbin/opensipsInternal[7544]: DBG:core:receive_msg: cleaning up From: Pasan Meemaduma [mailto:[email protected]] Sent: Sunday, May 06, 2018 4:55 AM To: [email protected]<mailto:[email protected]>; Govindaraj, Rajesh <[email protected]<mailto:[email protected]>> Subject: Re: RE: Re: [OpenSIPS-Users] udp send fail randomly Is this simultaneous sending the cause for the issue? Just thinking aloud. It is happening at only one installation and never in lab systems, which makes me think if it is a timing issue. I don't think it'll be a problem,but I can give more clues if u share the snippet involve with this error. Yes, connection tracking to be turned off. if ct is on and you running out of simulatneous connection counters for some reason, It could be the issue. DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail. E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems.
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
