Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Fixed In:
17.1.0, 16.1.4, 15.1.9
Opened: Oct 07, 2022 Severity: 3-Major
On an inbound call on the ephemeral listener, if the INVITE message TO header is not registered, and From header is registered, then INVITE is sent out on the ephemeral listener which might cause a loop issue, if the server sends back the INVITE to BIG-IP again.
It could lead to performance issue if the loop continues.
It occurs with inbound calls.
Step 1 or 2 can be used as a workaround based on the use case. 1)If the From and To headers are the same, 400 bad response is given. Also, the packets are dropped in case the destination address is not translated. ltm rule sip_in_rule { when SIP_REQUEST_SEND { if {[SIP::method] == "INVITE" && [IP::addr [IP::remote_addr] equals $localAddr]} { SIP::discard } } when SIP_REQUEST { set localAddr [IP::local_addr] set from [substr [SIP::header from] 0 ";"] set to [substr [SIP::header to] 0 ";"] if {[SIP::method] == "INVITE" && $from equals $to} { SIP::respond 400 "Bad Request" } } (tmos)# modify ltm virtual vs_alg_sip_private { rules { sip_in_rule } } 2)below Irule would drop all inbound calls. ltm rule sip_drop_rule { when MR_INGRESS { if { [MR::transport] contains "_$" } { MR::message drop } } (tmos)# modify ltm virtual vs_alg_sip_private { rules { sip_drop_rule } }
BIG-IP will drop the messages in the following cases. a)If From and To headers are the same in the sip INVITE message. b)If the SIP INVITE message To header is not registered and From is registered.