Linux UDP套接字sendto:不允许进行操作 [英] Linux UDP Socket sendto: Operation not Permitted

问题描述

我正在尝试诊断 OpenSIPS (SIP代理)应用程序的问题.

I'm trying to diagnose a problem with the OpenSIPS ( a SIP proxy ) application.

当将两个不同的UDP数据包发送到同一IP和端口时，一个呼叫失败，代码为 -1 EPERM(不允许操作)，而另一个呼叫正常.

When sending two different UDP packets to the same IP and port, one call fails with -1 EPERM (Operation not permitted) whilst the other is fine.

这两个调用均来自同一进程(至少具有相同的PID).

Both of the calls are made from the same process ( at least the same PID ).

有问题的代码是在github上.

这是strace的输出:

Here's the strace output:

strace -e sendto
sendto(7, "SIP/2.0 100 Giving a try\r\nVia: S"..., 315, 0, {sa_family=AF_INET, sin_port=htons(5060), sin_addr=inet_addr("yyy.yyy.yyy.yyy")}, 16) = 315
sendto(7, "INVITE sip:myHomeDesktop@xxx"..., 1253, 0, {sa_family=AF_INET, sin_port=htons(5060), sin_addr=inet_addr("xxx.xxx.xxx.xxx")}, 16) = 1253
sendto(7, "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP"..., 707, 0, {sa_family=AF_INET, sin_port=htons(5060), sin_addr=inet_addr("yyy.yyy.yyy.yyy")}, 16) = -1 EPERM (Operation not permitted)

推荐答案

事实证明，内核conntrack模块正在丢弃数据包，导致syscall收到EPERM错误而不发送数据包.

It turns out that the kernel conntrack modules were dropping the packet, leading to the syscall getting the EPERM error and not sending the packets.

在查看系统日志并找到以下内容后，我发现了这一点:

I found this after looking at the syslog and finding:

May 26 10:59:45 localhost kernel: nf_ct_sip: dropping packet: cannot add expectation for voice

我完全不知道我在使用 sip conntrack 模块，而且它没有动态加载到我的系统上(lsmod 显示空白).

I was completely unaware that I was using the sip conntrack module, and it's not dynamically loaded on my system (lsmod shows blank).

我通过以下方式为我的SIP流量关闭了连接跟踪，从而避免了这个问题:

I circumvented the problem by turning off connection tracking for my SIP traffic with:

iptables -I OUTPUT -t raw -p udp --sport 5060 -j CT --notrack
iptables -I PREROUTING -t raw -p udp --dport 5060 -j CT --notrack

这篇关于Linux UDP套接字sendto:不允许进行操作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！