Bug 1713947 - Sip protocol fails for private IPv6 addresses on peer to peer
Summary: Sip protocol fails for private IPv6 addresses on peer to peer
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: linphone
Version: 30
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: nucleo
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-26 00:56 UTC by Stuart D Gathman
Modified: 2019-08-03 19:26 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Stuart D Gathman 2019-05-26 00:56:42 UTC
Description of problem: calls terminate after a little over 32 secs


Version-Release number of selected component (if applicable):
linphone-3.6.1-32.fc30.x86_64

How reproducible:
always

Steps to Reproduce:
1. Make peer to peer call between private IPv6 addresses
2. 
3.

Actual results:
Call works normally for 30+ seconds, then disconnects with timeout for CALL ack error in debugging log.

Expected results:
Normal call

Additional info:
This broke early this year, with no change to linphone itself.  My debugging points to eXosip library.  The problem is that the CALL Ack gets sent to a public IPv6 if one is available.  If IPv6 is completely disabled on both machines except for the VPN interface (using IPv4 for VPN packets), then it still works normally.  The SIP handling really, really, hates to use private IPs.

Upstream says they no longer support eXosip - and please use a newer version.  Any chance of packaging a newer version?  (Does it break something else?)  Should I file a separate "New Release Available" bug?

Comment 1 Stuart D Gathman 2019-05-26 01:04:49 UTC
The workaround for now is to echo 1 > /proc/sys/net/ipv6/conf/<yournetif>/disable_ipv6
Your VPN should not depend on IPv6 and the private IPs will still be available on the tunX interface for the VPN.  

To restore normal IPv6 connectivity, echo 0 to disable_ipv6 for the wifi/ethernet.

Note: a peer to peer IPv6 sip URL looks like this:
sip:username@[fc00:f1b5:5a17:e108:2b69:0614:f4e3:d9a8]

Linphone addressbook handles that just fine.

Also, upstream claims to have simplified and improved peer to peer operation.

Comment 2 Stuart D Gathman 2019-05-26 01:07:45 UTC
Note: a peer to peer call over public IPv6 also works fine.

Comment 3 Stuart D Gathman 2019-05-27 18:57:11 UTC
I tried just plugging in linphone-3.12.0 - and a required dependency is bctoolbox, which isn't in Fedora.  So updating is not trivial.  bctoolbox has a GPL2 license, so could be packaged for Fedora.  Or maybe it should be embedded?

Comment 4 nucleo 2019-05-27 19:07:12 UTC
Also mediastreamer is not included in new linphone sources.
If you can suggest changes in linphone.spec to build all of them in one package (or submit for review separate packages containing required dependencies) then maybe will be possible to build linphone update.
Building of belle-sip is also not trivial.

Comment 5 Stuart D Gathman 2019-05-27 19:24:04 UTC
Tried 3.6.99 (which has a fix that might address my problem), and it requires:
 configure: error: Package requirements (belle-sip >= 1.2.0) were not met

I'm guessing they stopped using libeXosip2 at that point?

Comment 6 Stuart D Gathman 2019-05-27 19:26:08 UTC
I had no problem dropping in mediastreamer2 as an embedded source.  It should probably be it's own package in Fedora, but just trying to find a target I can get working atm.

Comment 7 nucleo 2019-05-27 19:30:02 UTC
Looks like belle-sip is new sip stack used for new linphone versions.
It was packaged but currently FTBFS https://src.fedoraproject.org/rpms/belle-sip
belle-sip will be removed if FTBFS will be not fixed (I have no time to work on fix).

Comment 8 Stuart D Gathman 2019-05-27 21:10:01 UTC
I'm going through belle-sip build errors on f29 - they are all compiler warnings.  Some are real potential overwrite bugs, so I'm patching them all.  Got 4 done.

Comment 9 Stuart D Gathman 2019-05-28 00:04:34 UTC
Got belle-sip-1.4.2 built for f29 and f30.

Comment 10 Stuart D Gathman 2019-05-28 00:20:53 UTC
Now I can drop the other sip libs as BR and add bell-sip.  Building linphone-3.6.99 now fails at:

config.status: creating m4/Makefile
BUILDSTDERR: config.status: error: cannot find input file: `po/Makefile.in.in'

There is indeed no po/Makefile* in the source.

Comment 11 Stuart D Gathman 2019-05-28 00:36:59 UTC
Copied po/Makefile.in.in to SOURCE2 for building 3.6.99 (missing in 3.12.0 also).  Now configure for mediastream2 can't fine ortp:

checking for ORTP... no
BUILDSTDERR: configure: error: Couldn't find ortp library
BUILDSTDERR: configure: error: ./configure failed for mediastreamer2

Comment 12 nucleo 2019-05-28 16:19:40 UTC
Maybe also ortp needs to be updated.
I added sdgathman in acl for ortp, belle-sip, linphone.

Comment 13 Stuart D Gathman 2019-05-29 02:14:10 UTC
Yes, mediastreamer2 requires ortp >= 0.24.0

Comment 14 Stuart D Gathman 2019-06-01 15:12:47 UTC
ortp 0.24.0 drops built-in srtp.  Instead of disabling srtp, I think it's time to make the bctoolbox package, and see if we can get all the way up to date.

Comment 15 Stuart D Gathman 2019-08-03 19:26:03 UTC
I did a test with IPv4 VPN on linphone-3.6.1, it does the same thing.  The two ends connect at private IPs, the call lasts for 30 secs, packet trace shows that the SIP stack replaces the private IP specified as "gateway" with an arbitrary public IP - despite the devices not being able to reach each other on public IP (behind NAT).  As mentioned before, this broken behavior is new for 2019. I'll try to get back to updating, but I have two packages failing to build in rawhide...


Note You need to log in before you can comment on or make changes to this bug.