res_pjsip_sdp_rtp: Use auto-selected transport bind address for RTP by arcivanov · Pull Request #1848 · asterisk/asterisk

arcivanov · 2026-04-01T00:20:11Z

When a PJSIP endpoint does not explicitly set transport, the RTP
socket binds to [::] (or 0.0.0.0) instead of the transport's bind
address. This is because create_rtp() only resolves the transport
via a sorcery lookup on session->endpoint->transport, which is empty
when the transport is auto-selected.

On a multi-homed host or NAT gateway whose transport binds to a
specific interface, the wildcard-bound RTP socket causes the kernel to
select a source IP that may conflict with conntrack DNAT entries for
inbound RTP, causing MASQUERADE to silently remap the RTP source port.
The remote end receives RTP from an unexpected port and drops it,
resulting in one-way audio with no errors logged by Asterisk.

When no explicit transport is configured and ICE is not in use,
determine the transport type from the dialog's target URI and acquire
the transport via pjsip_tpmgr_acquire_transport(). If the
transport's bind address is a specific (non-wildcard) address, use it
for RTP. When the transport binds to a wildcard address (0.0.0.0 or
[::]), the RTP socket is left on the wildcard as well, matching the
behaviour of the explicit-transport code path and preserving
dual-stack operation.

When ICE is enabled the wildcard bind is left as-is since ICE needs
to discover candidates on all interfaces.

Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com

UserNote: When a PJSIP endpoint does not have an explicit transport
configured, ICE is disabled, and the auto-selected transport binds to
a specific (non-wildcard) address, the RTP socket now binds to that
address instead of the wildcard. This fixes one-way audio on
multi-homed hosts and NAT gateways where the wildcard bind caused the
kernel to select an incorrect source address for outbound RTP.

Fixes: #1847

github-actions

Pull Request Checklist Complete

github-actions · 2026-04-01T00:44:47Z

Workflow Check completed successfully

github-actions · 2026-04-01T01:13:06Z

Workflow Check completed successfully

github-actions · 2026-04-01T01:57:13Z

Workflow Check failed
22-local_iax2_mgr: FAILED TEST: channels/local/local_optimize_away
22-pjs2: FAILED TEST: channels/pjsip/dtmf_info_fallback
22-pjs2: FAILED TEST: channels/pjsip/dtmf_sdp/dtmf_sdp_recognition

arcivanov · 2026-04-01T02:16:51Z

This has been verified to work with the patch on top of 22.8.2.

github-actions · 2026-04-01T03:13:52Z

Workflow Check failed
22-ari1: FAILED TEST: rest_api/external_interaction/blind_transfer/stasis_bridge_to_non_stasis_app
22-local_iax2_mgr: FAILED TEST: channels/local/local_optimize_away
22-pjs2: FAILED TEST: channels/pjsip/dtmf_info_fallback
22-pjs2: FAILED TEST: channels/pjsip/dtmf_sdp/dtmf_sdp_recognition

arcivanov · 2026-04-09T21:00:49Z

will do

arcivanov · 2026-04-09T21:02:54Z

@gtjoseph why would IAX2 fail with SIP changes is beyond me

gtjoseph · 2026-04-09T21:16:59Z

@gtjoseph why would IAX2 fail with SIP changes is beyond me

local_iax2_mgr is just the name of the group of tests. In this case, it contains tests for channels/local, channels/iax2 and manager.

When a PJSIP endpoint does not explicitly set `transport`, the RTP socket binds to `[::]` (or `0.0.0.0`) instead of the transport's bind address. This is because `create_rtp()` only resolves the transport via a sorcery lookup on `session->endpoint->transport`, which is empty when the transport is auto-selected. On a multi-homed host or NAT gateway whose transport binds to a specific interface, the wildcard-bound RTP socket causes the kernel to select a source IP that may conflict with conntrack DNAT entries for inbound RTP, causing MASQUERADE to silently remap the RTP source port. The remote end receives RTP from an unexpected port and drops it, resulting in one-way audio with no errors logged by Asterisk. When no explicit transport is configured and ICE is not in use, determine the transport type from the dialog's target URI and acquire the transport via `pjsip_tpmgr_acquire_transport()`. If the transport's bind address is a specific (non-wildcard) address, use it for RTP. When the transport binds to a wildcard address (0.0.0.0 or [::]), the RTP socket is left on the wildcard as well, matching the behaviour of the explicit-transport code path and preserving dual-stack operation. When ICE is enabled the wildcard bind is left as-is since ICE needs to discover candidates on all interfaces. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> UserNote: When a PJSIP endpoint does not have an explicit `transport` configured, ICE is disabled, and the auto-selected transport binds to a specific (non-wildcard) address, the RTP socket now binds to that address instead of the wildcard. This fixes one-way audio on multi-homed hosts and NAT gateways where the wildcard bind caused the kernel to select an incorrect source address for outbound RTP. Fixes: asterisk#1847

github-actions

Pull Request Checklist Complete

github-actions · 2026-04-09T22:50:44Z

Workflow Check completed successfully

arcivanov · 2026-04-09T23:45:07Z

Reconfirmed working on top of LTS 22.2.8.

Pull Request Checklist Complete

Test now passing

github-actions · 2026-04-10T01:04:08Z

Workflow CPCheck failed
20-ari1: FAILED TEST: rest_api/external_interaction/attended_transfer/stasis_bridge_to_stasis_app
23-ari1: FAILED TEST: rest_api/external_interaction/blind_transfer/stasis_bridge_to_non_stasis_app
master-ari1: FAILED TEST: rest_api/external_interaction/attended_transfer/stasis_bridge_to_non_stasis_app

github-actions · 2026-04-10T12:23:22Z

Workflow CPCheck failed
20-ari1: FAILED TEST: rest_api/external_interaction/attended_transfer/stasis_bridge_to_stasis_app
23-ari1: FAILED TEST: rest_api/external_interaction/blind_transfer/stasis_bridge_to_non_stasis_app

github-actions · 2026-04-10T12:43:54Z

Workflow CPCheck completed successfully

Significant changes since last approval.

arcivanov · 2026-04-12T18:50:11Z

FYI: Tested the patch with 22.9.0, no problems, no one-way audio: https://copr.fedorainfracloud.org/coprs/karellen/asterisk/

jcolp · 2026-04-14T08:34:22Z

+			pjsip_sip_uri *sip_uri;
+			pjsip_transport_type_e type;
+
+			sip_uri = pjsip_uri_get_uri(session->inv_session->dlg->target);


Has the case been tested with this where a SIP INVITE is sent to a hostname that does SRV/NAPTR and resolves down to multiple targets, and then goes from IPv6 to IPv4 as a result of failure/failover? Would that result in the SDP containing IPv6 despite being an IPv4 target? Or worse - do we update the SDP elsewhere under the assumption that it is wildcard, but it's not so audio would fail?

I definitely didn't test that scenario. Let me see what I can do.

github-actions Bot added pr-submit-testing-in-progress pr-submit-tests-passed and removed pr-submit-testing-in-progress labels Apr 1, 2026

github-actions Bot previously requested changes Apr 1, 2026

View reviewed changes

github-actions Bot added the has-pr-checklist A PR Checklist is present on the PR label Apr 1, 2026

arcivanov force-pushed the issue_1847 branch from c5005ee to 6c892d4 Compare April 1, 2026 00:48

github-actions Bot added pr-submit-testing-in-progress pr-submit-tests-passed and removed pr-submit-tests-passed pr-submit-testing-in-progress labels Apr 1, 2026

arcivanov force-pushed the issue_1847 branch from 6c892d4 to 9c4a88a Compare April 1, 2026 01:32

github-actions Bot added pr-submit-testing-in-progress pr-submit-tests-failed and removed pr-submit-tests-passed pr-submit-testing-in-progress labels Apr 1, 2026

arcivanov force-pushed the issue_1847 branch from 9c4a88a to 847ac41 Compare April 1, 2026 02:49

github-actions Bot added pr-submit-testing-in-progress pr-submit-tests-failed and removed pr-submit-tests-failed pr-submit-testing-in-progress labels Apr 1, 2026

jcolp requested changes Apr 1, 2026

View reviewed changes

Comment thread res/res_pjsip_sdp_rtp.c Outdated

arcivanov force-pushed the issue_1847 branch from 847ac41 to c3f54ae Compare April 1, 2026 23:27

github-actions Bot added pr-submit-testing-in-progress pr-submit-tests-failed and removed pr-submit-tests-failed labels Apr 1, 2026

arcivanov force-pushed the issue_1847 branch from 815c2b5 to cadae33 Compare April 9, 2026 22:25

github-actions Bot added pr-submit-testing-in-progress pr-submit-tests-passed and removed pr-submit-tests-failed pr-submit-testing-in-progress labels Apr 9, 2026

github-actions Bot previously requested changes Apr 9, 2026

View reviewed changes

github-actions Bot added the has-pr-checklist A PR Checklist is present on the PR label Apr 9, 2026

arcivanov requested a review from gtjoseph April 9, 2026 23:45

gtjoseph added cherry-pick-test Trigger dry run of cherry-picks and removed has-pr-checklist A PR Checklist is present on the PR labels Apr 10, 2026

github-actions Bot added cherry-pick-testing-in-progress Cherry-Pick tests in progress and removed cherry-pick-test Trigger dry run of cherry-picks labels Apr 10, 2026

github-actions Bot added cherry-pick-checks-failed Cherry-Pick checks failed and removed cherry-pick-testing-in-progress Cherry-Pick tests in progress labels Apr 10, 2026

gtjoseph requested a review from jcolp April 10, 2026 12:35

github-actions Bot added the cherry-pick-checks-passed Cherry-Pick checks passed label Apr 10, 2026

jcolp reviewed Apr 14, 2026

View reviewed changes

Conversation

arcivanov commented Apr 1, 2026 • edited by gtjoseph Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot left a comment • edited by gtjoseph Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

github-actions Bot commented Apr 1, 2026

Uh oh!

github-actions Bot commented Apr 1, 2026

Uh oh!

github-actions Bot commented Apr 1, 2026

Uh oh!

arcivanov commented Apr 1, 2026

Uh oh!

github-actions Bot commented Apr 1, 2026

Uh oh!

Uh oh!

arcivanov commented Apr 9, 2026

Uh oh!

arcivanov commented Apr 9, 2026

Uh oh!

gtjoseph commented Apr 9, 2026

Uh oh!

github-actions Bot left a comment • edited by gtjoseph Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

github-actions Bot commented Apr 9, 2026

Uh oh!

arcivanov commented Apr 9, 2026

Uh oh!

github-actions Bot commented Apr 10, 2026

Uh oh!

github-actions Bot commented Apr 10, 2026

Uh oh!

github-actions Bot commented Apr 10, 2026

Uh oh!

arcivanov commented Apr 12, 2026

Uh oh!

jcolp Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

arcivanov Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

arcivanov commented Apr 1, 2026 •

edited by gtjoseph

Loading

github-actions Bot left a comment •

edited by gtjoseph

Loading

github-actions Bot left a comment •

edited by gtjoseph

Loading