Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Thank You Bogdan.
This is the way i am going to follow.
Maciej.
Maciej,
skip auth challenge for the ACK requests as you cannot send replies for an
ACK
So you have 2 options:
1) if you do not want to auth ACK at all, simple skip them from auth
2) if you want the auth ACK, if the ACK does not have an Authorize hdr
from beginning (as RFC sais) you cannot do much about it.
Regards,
Bogdan
Maciej Bylica wrote:
Iñaki
It's well explained in RFC 3261.
An ACK for a [3456]XX response must have same branch and same CSeq
number (but ACK method) as the INVITE of the transaction.
I meant some hints regarding script configuration, because as far as i
understand i should double check my .cfg
Okay i may proxy auth only INVITE methods - at this moment i do have
if (!(method==REGISTER) from_uri==myself) /*no multidomain
version*/ {
if (!proxy_authorize(, subscriber)) {
xlog(L_INFO,proxy auth);
proxy_challenge(, 0);
exit;
}
so there wont be any problem to filter that out, but how to inspect
branch, CSeq - isn't that functionality hardcoded?
Thx,
Maciej.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Bogdan-Andrei Iancu
OpenSIPS Bootcamp
15 - 19 November 2010, Edison, New Jersey, USA
www.voice-system.ro
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Maciej,
skip auth challenge for the ACK requests as you cannot send replies for
an ACK
So you have 2 options:
1) if you do not want to auth ACK at all, simple skip them from auth
2) if you want the auth ACK, if the ACK does not have an Authorize
hdr from beginning (as RFC sais) you cannot do much about it.
Regards,
Bogdan
Maciej Bylica wrote:
Iñaki
It's well explained in RFC 3261.
An ACK for a [3456]XX response must have same branch and same CSeq
number (but ACK method) as the INVITE of the transaction.
I meant some hints regarding script configuration, because as far as i
understand i should double check my .cfg
Okay i may proxy auth only INVITE methods - at this moment i do have
if (!(method==REGISTER) from_uri==myself) /*no multidomain
version*/ {
if (!proxy_authorize(, subscriber)) {
xlog(L_INFO,proxy auth);
proxy_challenge(, 0);
exit;
}
so there wont be any problem to filter that out, but how to inspect
branch, CSeq - isn't that functionality hardcoded?
Thx,
Maciej.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Bogdan-Andrei Iancu
OpenSIPS Bootcamp
15 - 19 November 2010, Edison, New Jersey, USA
www.voice-system.ro
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Guys
So the only wayout is to request my SIP operator to be complied with
the standards?
Thanks
Maciej
Dear ALL,
During clearing my misconfigurations I found following errors in log file:
ERROR:uri:check_username: No authorized credentials found (error in scripts)
ERROR:uri:check_username: Call {www,proxy}_authorize before calling
check_* functions!
After closer look it turnes out that it is generated due to lack of
totag in ACK method as a response to 487 Request Terminated.
ACK is omitting has_totag() part of configuration and then again is
asked for proxy auth.
The call is generated by UA registered with Opensips, then t_relayed
to OPERATOR_1 and his MGW to PSTN.
UA--OPENSIPS-OPERATOR_1_SIPPROXYMGW
The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY
1. (A)INVITE -(B)
2. (A)--180 RIGING--(B)
3. (A)CANCEL---(B)
4. (A)--OK(B)
5. (A)-487 Request Terminated---(B)
6. (A)ACK-(B)
and it looks the same, but:
- CANCEL should be sent by (A) without To tag
- OK should be sent by (B) with To tag
- 487 with the same To tag
- ACK should be sent by (A) with exactly the same To tag.
Unfortunately it is not my case :(
- I am fine with CANCEL
- I am receiving proper OK with To tag
- and here is the source of my problem. 487 is sent by (B) without
totag proposed in OK message previously sent.
- ACK is obviously using the same totag as OK, so im my case no totag
is incorporated into ACK method.
The after-effect is that ACK is asked for proxy auth.
I am asking you guys to tell me how to cope with the cases like above.
Thanks in advance,
Maciej
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
2010/11/13 Maciej Bylica mb...@gazeta.pl: The call is generated by UA registered with Opensips, then t_relayed to OPERATOR_1 and his MGW to PSTN. UA--OPENSIPS-OPERATOR_1_SIPPROXYMGW The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY 1. (A)INVITE -(B) 2. (A)--180 RIGING--(B) 3. (A)CANCEL---(B) 4. (A)--OK(B) 5. (A)-487 Request Terminated---(B) 6. (A)ACK-(B) and it looks the same, but: - CANCEL should be sent by (A) without To tag - OK should be sent by (B) with To tag - 487 with the same To tag Wrong. 200 OK for CANCEL is sent by the proxy (CANCEL is hop by hop). However 487 is sent by the UAS (not by the proxy) and of course the UAS doesn't know which To tag has chosen the proxy for the 200 (CANCEL). Also, there could be multiple UAS's (parallel forking). - ACK should be sent by (A) with exactly the same To tag. Just a final 487 will be delivered by the proxy to the UAC (even in case there is parallel forking) so the ACK must contain the same Totag than the 487 received. Unfortunately it is not my case :( - I am fine with CANCEL - I am receiving proper OK with To tag - and here is the source of my problem. 487 is sent by (B) without totag proposed in OK message previously sent. And that is correct. - ACK is obviously using the same totag as OK, That is wrong. It should be the same Totag as the UAC receives in the 487. so im my case no totag is incorporated into ACK method. The after-effect is that ACK is asked for proxy auth. The proxy should not be dialog aware (Totag value aware). It should inspect just the transaction identifier (Via's branch and CSeq). -- Iñaki Baz Castillo i...@aliax.net ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Iñaki, Thank You for clearing a few things up. Yes You are absolutely right with all signalization aspect, but transaction identifier inspection really makes me think and again i see that there are a lot aspects i need to take care of. Could you pls point me to some hints describing the proper way to build transaction inspection? Thanks, Maciej. The call is generated by UA registered with Opensips, then t_relayed to OPERATOR_1 and his MGW to PSTN. UA--OPENSIPS-OPERATOR_1_SIPPROXYMGW The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY 1. (A)INVITE -(B) 2. (A)--180 RIGING--(B) 3. (A)CANCEL---(B) 4. (A)--OK(B) 5. (A)-487 Request Terminated---(B) 6. (A)ACK-(B) and it looks the same, but: - CANCEL should be sent by (A) without To tag - OK should be sent by (B) with To tag - 487 with the same To tag Wrong. 200 OK for CANCEL is sent by the proxy (CANCEL is hop by hop). However 487 is sent by the UAS (not by the proxy) and of course the UAS doesn't know which To tag has chosen the proxy for the 200 (CANCEL). Also, there could be multiple UAS's (parallel forking). - ACK should be sent by (A) with exactly the same To tag. Just a final 487 will be delivered by the proxy to the UAC (even in case there is parallel forking) so the ACK must contain the same Totag than the 487 received. Unfortunately it is not my case :( - I am fine with CANCEL - I am receiving proper OK with To tag - and here is the source of my problem. 487 is sent by (B) without totag proposed in OK message previously sent. And that is correct. - ACK is obviously using the same totag as OK, That is wrong. It should be the same Totag as the UAC receives in the 487. so im my case no totag is incorporated into ACK method. The after-effect is that ACK is asked for proxy auth. The proxy should not be dialog aware (Totag value aware). It should inspect just the transaction identifier (Via's branch and CSeq). -- Iñaki Baz Castillo i...@aliax.net ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
2010/11/18 Maciej Bylica mb...@gazeta.pl: Iñaki, Thank You for clearing a few things up. Yes You are absolutely right with all signalization aspect, but transaction identifier inspection really makes me think and again i see that there are a lot aspects i need to take care of. Could you pls point me to some hints describing the proper way to build transaction inspection? It's well explained in RFC 3261. An ACK for a [3456]XX response must have same branch and same CSeq number (but ACK method) as the INVITE of the transaction. -- Iñaki Baz Castillo i...@aliax.net ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Iñaki
It's well explained in RFC 3261.
An ACK for a [3456]XX response must have same branch and same CSeq
number (but ACK method) as the INVITE of the transaction.
I meant some hints regarding script configuration, because as far as i
understand i should double check my .cfg
Okay i may proxy auth only INVITE methods - at this moment i do have
if (!(method==REGISTER) from_uri==myself) /*no multidomain
version*/ {
if (!proxy_authorize(, subscriber)) {
xlog(L_INFO,proxy auth);
proxy_challenge(, 0);
exit;
}
so there wont be any problem to filter that out, but how to inspect
branch, CSeq - isn't that functionality hardcoded?
Thx,
Maciej.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
