Linux UDP套接字sendto:不允许进行操作 [英] Linux UDP Socket sendto: Operation not Permitted
问题描述
我正在尝试诊断 OpenSIPS (SIP代理)应用程序的问题.
I'm trying to diagnose a problem with the OpenSIPS ( a SIP proxy ) application.
当将两个不同的UDP数据包发送到同一IP和端口时,一个呼叫失败,代码为 -1 EPERM(不允许操作)
,而另一个呼叫正常.
When sending two different UDP packets to the same IP and port, one call fails with -1 EPERM (Operation not permitted)
whilst the other is fine.
这两个调用均来自同一进程(至少具有相同的PID).
Both of the calls are made from the same process ( at least the same PID ).
有问题的代码是在github上.
这是strace的输出:
Here's the strace output:
strace -e sendto
sendto(7, "SIP/2.0 100 Giving a try\r\nVia: S"..., 315, 0, {sa_family=AF_INET, sin_port=htons(5060), sin_addr=inet_addr("yyy.yyy.yyy.yyy")}, 16) = 315
sendto(7, "INVITE sip:myHomeDesktop@xxx"..., 1253, 0, {sa_family=AF_INET, sin_port=htons(5060), sin_addr=inet_addr("xxx.xxx.xxx.xxx")}, 16) = 1253
sendto(7, "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP"..., 707, 0, {sa_family=AF_INET, sin_port=htons(5060), sin_addr=inet_addr("yyy.yyy.yyy.yyy")}, 16) = -1 EPERM (Operation not permitted)
推荐答案
事实证明,内核conntrack模块正在丢弃数据包,导致syscall收到EPERM错误而不发送数据包.
It turns out that the kernel conntrack modules were dropping the packet, leading to the syscall getting the EPERM error and not sending the packets.
在查看系统日志并找到以下内容后,我发现了这一点:
I found this after looking at the syslog and finding:
May 26 10:59:45 localhost kernel: nf_ct_sip: dropping packet: cannot add expectation for voice
我完全不知道我在使用 sip conntrack 模块,而且它没有动态加载到我的系统上(lsmod
显示空白).
I was completely unaware that I was using the sip conntrack module, and it's not dynamically loaded on my system (lsmod
shows blank).
我通过以下方式为我的SIP流量关闭了连接跟踪,从而避免了这个问题:
I circumvented the problem by turning off connection tracking for my SIP traffic with:
iptables -I OUTPUT -t raw -p udp --sport 5060 -j CT --notrack
iptables -I PREROUTING -t raw -p udp --dport 5060 -j CT --notrack
这篇关于Linux UDP套接字sendto:不允许进行操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!