Re: [SR-Users] during registration nonce expired, after backwards time shift
I merged the pull request. The commit message was close to the recommended format -- the first line should have been: auth: fixed issue when ... In the commit is the other one. Cheers, Daniel On 03/09/15 10:48, Vasiliy Ganchev wrote: > the pull request prepared, hope it is well formatted (did not have such > experience before) > > Daniel, thank you for spending time on this issue, and help in finding the > right way ) > > > > -- > View this message in context: > http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140979.html > Sent from the Users mailing list archive at Nabble.com. > > ___ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
the pull request prepared, hope it is well formatted (did not have such experience before) Daniel, thank you for spending time on this issue, and help in finding the right way ) -- View this message in context: http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140979.html Sent from the Users mailing list archive at Nabble.com. ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Hello, can you make a pull request on github with the last patch you tested? It will be easier to merge, avoiding extra tests here -- just be sure the commit message is formatted according to: * http://www.kamailio.org/wiki/devel/github-contributions Cheers, Daniel On 03/09/15 09:53, Vasiliy Ganchev wrote: > Hi! > > tested with: > + /* if current time is less than start time, reset the start > time > + (e.g., after start, the system clock was set in the past) */ > + t=time(0); > + if (t < up_since) > + up_since = t; > + if (since < t) > + return 4; > + } > > > there is no iteration with nonce expired. Is it OK? > > If yes, I think we can close this discussion (will you push the changes to > master branch?) > Many thanks ) > > > > -- > View this message in context: > http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140976.html > Sent from the Users mailing list archive at Nabble.com. > > ___ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Hi! tested with: + /* if current time is less than start time, reset the start time + (e.g., after start, the system clock was set in the past) */ + t=time(0); + if (t < up_since) + up_since = t; + if (since < t) + return 4; + } there is no iteration with nonce expired. Is it OK? If yes, I think we can close this discussion (will you push the changes to master branch?) Many thanks ) -- View this message in context: http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140976.html Sent from the Users mailing list archive at Nabble.com. ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Hello,
the rpc process doesn't have the up_since value updated, because it is
stored in a local variable per process, thus only the sip worker process
updated its value. Probably they need a fix as well in this case.
Regarding:
"""
Do not understand how (mostly even why) to use this:
/ since >= t and don't 'return 4' in that case. /
Such check is part of next step in the nonce.c
"""
If the test of since vs t is done next, then looks like "return 4" line
can be removed to avoid the one iteration with nonce expired.
Cheers,
Daniel
On 02/09/15 16:08, Vasiliy Ganchev wrote:
> Hi!
>
> Tested with this part:
> + /* if current time is less than start time, reset the start
> time
> + (e.g., after start, the system clock was set in the past) */
> + t=time(0);
> + if (t < up_since)
> + up_since = t;
> + return 4;
>
> Works as is expected (one iteration return nonce expired, and after start OK
> working).
>
> One more point:
> the output of /kamcmd core.uptime / always return time up_since in future.
>
> kamcmd core.uptime
> /{
> now: Wed Sep 2 16:04:18 2015
>
> up_since: Wed Sep 2 18:00:08 2015
>
> uptime: -6950
> }/
>
>
> Do not understand how (mostly even why) to use this:
> / since >= t and don't 'return 4' in that case. /
> Such check is part of next step in the nonce.c
>
> cheers
>
>
> Daniel-Constantin Mierla-6 wrote
>> Hello,
>>
>> good that you revived the thread, it got out of my sight being
>> distracted by other stuff.
>>
>> I think that check has to be kept there, because it covers some
>> situations that can appear after restart, so removing it completely
>> won't be safe.
>>
>> It can be a solution to reset up_since in this case, if time(0) is lower
>> than up_since, like:
>>
>> if (unlikely(since < up_since)) {
>> /* if valid_since time is time pointing before ser was started
>> * then we consider nonce as stalled.
>>It may be the nonce generated by previous ser instance having
>>different length (for example because of different auth.
>>checks).. Therefore we force credentials to be rebuilt by UAC
>>without prompting for password */
>>
>> /* if current time is less than start time, reset the start time
>> (e.g., after start, the system clock was set in the past) */
>> t=time(0);
>> if(t>
>> return 4;
>> }
>>
>> Can you test with this change and see if it works as expected for you?
>>
>> There will be a failed iteration, but then it should recover for that
>> process. it may actually be even better to test if since >= t and don't
>> 'return 4' in that case.
>>
>> Cheers,
>> Daniel
>> On 01/09/15 16:49, Vasiliy Ganchev wrote:
>>> Hi Daniel!
>>>
>>> Any comments/idea about my last answer?
>>>
>>> cheers
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140945.html
>>> Sent from the Users mailing list archive at Nabble.com.
>>>
>>> ___
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>
>> sr-users@.sip-router
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>> --
>> Daniel-Constantin Mierla
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Book: SIP Routing With Kamailio - http://www.asipto.com
>>
>>
>> ___
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users@.sip-router
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
>
> --
> View this message in context:
> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140969.html
> Sent from the Users mailing list archive at Nabble.com.
>
> ___
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Hi!
Tested with this part:
+ /* if current time is less than start time, reset the start
time
+ (e.g., after start, the system clock was set in the past) */
+ t=time(0);
+ if (t < up_since)
+ up_since = t;
+ return 4;
Works as is expected (one iteration return nonce expired, and after start OK
working).
One more point:
the output of /kamcmd core.uptime / always return time up_since in future.
kamcmd core.uptime
/{
now: Wed Sep 2 16:04:18 2015
up_since: Wed Sep 2 18:00:08 2015
uptime: -6950
}/
Do not understand how (mostly even why) to use this:
/ since >= t and don't 'return 4' in that case. /
Such check is part of next step in the nonce.c
cheers
Daniel-Constantin Mierla-6 wrote
> Hello,
>
> good that you revived the thread, it got out of my sight being
> distracted by other stuff.
>
> I think that check has to be kept there, because it covers some
> situations that can appear after restart, so removing it completely
> won't be safe.
>
> It can be a solution to reset up_since in this case, if time(0) is lower
> than up_since, like:
>
> if (unlikely(since < up_since)) {
> /* if valid_since time is time pointing before ser was started
> * then we consider nonce as stalled.
>It may be the nonce generated by previous ser instance having
>different length (for example because of different auth.
>checks).. Therefore we force credentials to be rebuilt by UAC
>without prompting for password */
>
> /* if current time is less than start time, reset the start time
> (e.g., after start, the system clock was set in the past) */
> t=time(0);
> if(t
> return 4;
> }
>
> Can you test with this change and see if it works as expected for you?
>
> There will be a failed iteration, but then it should recover for that
> process. it may actually be even better to test if since >= t and don't
> 'return 4' in that case.
>
> Cheers,
> Daniel
> On 01/09/15 16:49, Vasiliy Ganchev wrote:
>> Hi Daniel!
>>
>> Any comments/idea about my last answer?
>>
>> cheers
>>
>>
>>
>> --
>> View this message in context:
>> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140945.html
>> Sent from the Users mailing list archive at Nabble.com.
>>
>> ___
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>
> sr-users@.sip-router
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.com
>
>
> ___
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@.sip-router
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
View this message in context:
http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140969.html
Sent from the Users mailing list archive at Nabble.com.
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Hello,
good that you revived the thread, it got out of my sight being
distracted by other stuff.
I think that check has to be kept there, because it covers some
situations that can appear after restart, so removing it completely
won't be safe.
It can be a solution to reset up_since in this case, if time(0) is lower
than up_since, like:
if (unlikely(since < up_since)) {
/* if valid_since time is time pointing before ser was started
* then we consider nonce as stalled.
It may be the nonce generated by previous ser instance having
different length (for example because of different auth.
checks).. Therefore we force credentials to be rebuilt by UAC
without prompting for password */
/* if current time is less than start time, reset the start time
(e.g., after start, the system clock was set in the past) */
t=time(0);
if(t= t and don't
'return 4' in that case.
Cheers,
Daniel
On 01/09/15 16:49, Vasiliy Ganchev wrote:
> Hi Daniel!
>
> Any comments/idea about my last answer?
>
> cheers
>
>
>
> --
> View this message in context:
> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140945.html
> Sent from the Users mailing list archive at Nabble.com.
>
> ___
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Hi Daniel! Any comments/idea about my last answer? cheers -- View this message in context: http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140945.html Sent from the Users mailing list archive at Nabble.com. ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Daniel-Constantin Mierla-6 wrote
> I looked at the code and the system time is used (not the the internal
> value). Therefore, after detecting and invalid nonce, if you do
> challenge again, a nonce with the right time should be generated and
> used for authentication.
>
> Look at sip trace to see if nonce is regenerated and run with debug=3 to
> get more log message that would help to investigate better.
>
> Cheers,
> Daniel
>
> On 20/08/15 10:05, Daniel-Constantin Mierla wrote:
>> Hello,
>>
>> probably the module is using the time computed internally as start time
>> plus elapsed seconds (counted internally). We can introduce an option to
>> use the system time, which may add a bit of delay, but really
>> insignificant. I will look into it these days.
>>
>> Cheers,
>> Daniel
>>
>>
>> On 18/08/15 22:44, Vasiliy Ganchev wrote:
>>> Hi list!
>>> (sorry for sending first mail to wrong sub forum)
>>> Have a following issue:
>>> Server with Kamailio restart with wrong time (why - this is separate
>>> part of
>>> my investigations), timeshift e.g. for 2 hours in feature.
>>> After ntp daemon adjust correct time (move time backwards), Kamailio do
>>> not
>>> accept REGISTERs, pv_www_authenticate answer with code -4 (nonce
>>> expired)
>>>
>>> I've reade the description of:
>>> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_expire
>>> and
>>> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_auth_max_drift
>>>
>>> This descriptions mention situation with backwards timeshift from
>>> future.
>>> As I understand, Kamailio do not authorise the registration, whose
>>> nonces
>>> where generated in future (before ntp shifted the time). But in my
>>> tests,
>>> Kamailio do not accept even REGISTER from UA, sent after time shift
>>> (with
>>> new nonces, that as I expected has to use correct time for nonce
>>> generation,
>>> and be authorised with no problem).
>>>
>>> Only Kamailio process restart help to cope with the issue.
>>>
>>> It looks like for nonce generating Kamailio use old time (in feature,
>>> that
>>> was before timeshift).
>>>
>>> I wander, does the Kamailio behave in described case - as is expected?
>>> If I
>>> am wrong in some of my assumptions, please point out.
>>>
>>> version: kamailio 4.2.5
>>>
>>> Thank in advance!
>>> Cheers!
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536.html
>>> Sent from the Users mailing list archive at Nabble.com.
>>>
>>> ___
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>
> sr-users@.sip-router
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.com
>
>
> ___
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@.sip-router
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi Daniel!
I dig into sources and found one interesting point:
https://github.com/kamailio/kamailio/blob/4.2/modules/auth/nonce.c#L370
Here Kamailio has a check:
/ if (unlikely(since < up_since)) {
/* if valid_since time is time pointing before ser was started
* then we consider nonce as stalled.
It may be the nonce generated by previous ser instance having
different length (for example because of different auth.
checks).. Therefore we force credentials to be rebuilt by
UAC
without prompting for password */
return 4;
}/
And in my case:
- up_since -> time in future (2 hours later)
- since -> current time (correct)
The check /if (unlikely(since < up_since))/ will /return 4/ as a result.
This is exactly what I have.
As a workaround I exclude this check. Tested registrations/calls (when the
big backward time shift happened) - work.
But, I wander, if there is a theoretically better way how to solve the
problem.
(may be some periodical check, that will compare current time and up_since
time and if backward shift - pull up_since to the current time, or something
different).
Anyway thanks for suggestions!
Cheers!
--
View this message in context:
http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140667.html
Sent from the Users mailing list archive at Nabble.com.
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Daniel-Constantin Mierla-6 wrote > I looked at the code and the system time is used (not the the internal > value). Therefore, after detecting and invalid nonce, if you do > challenge again, a nonce with the right time should be generated and > used for authentication. > > Look at sip trace to see if nonce is regenerated and run with debug=3 to > get more log message that would help to investigate better. > > Cheers, > Daniel > > On 20/08/15 10:05, Daniel-Constantin Mierla wrote: >> Hello, >> >> probably the module is using the time computed internally as start time >> plus elapsed seconds (counted internally). We can introduce an option to >> use the system time, which may add a bit of delay, but really >> insignificant. I will look into it these days. >> >> Cheers, >> Daniel >> >> >> On 18/08/15 22:44, Vasiliy Ganchev wrote: >>> Hi list! >>> (sorry for sending first mail to wrong sub forum) >>> Have a following issue: >>> Server with Kamailio restart with wrong time (why - this is separate >>> part of >>> my investigations), timeshift e.g. for 2 hours in feature. >>> After ntp daemon adjust correct time (move time backwards), Kamailio do >>> not >>> accept REGISTERs, pv_www_authenticate answer with code -4 (nonce >>> expired) >>> >>> I've reade the description of: >>> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_expire >>> and >>> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_auth_max_drift >>> >>> This descriptions mention situation with backwards timeshift from >>> future. >>> As I understand, Kamailio do not authorise the registration, whose >>> nonces >>> where generated in future (before ntp shifted the time). But in my >>> tests, >>> Kamailio do not accept even REGISTER from UA, sent after time shift >>> (with >>> new nonces, that as I expected has to use correct time for nonce >>> generation, >>> and be authorised with no problem). >>> >>> Only Kamailio process restart help to cope with the issue. >>> >>> It looks like for nonce generating Kamailio use old time (in feature, >>> that >>> was before timeshift). >>> >>> I wander, does the Kamailio behave in described case - as is expected? >>> If I >>> am wrong in some of my assumptions, please point out. >>> >>> version: kamailio 4.2.5 >>> >>> Thank in advance! >>> Cheers! >>> >>> >>> >>> >>> -- >>> View this message in context: >>> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536.html >>> Sent from the Users mailing list archive at Nabble.com. >>> >>> ___ >>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>> > sr-users@.sip-router >>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla > http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda > Book: SIP Routing With Kamailio - http://www.asipto.com > > > ___ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@.sip-router > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users Hi Daniel! Thanks for the suggestions, I will check again with Debug=3, and try to find out what is going wrong. Anyway, after investigation, will tell what I found. Cheers! -- View this message in context: http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140602.html Sent from the Users mailing list archive at Nabble.com. ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
I looked at the code and the system time is used (not the the internal value). Therefore, after detecting and invalid nonce, if you do challenge again, a nonce with the right time should be generated and used for authentication. Look at sip trace to see if nonce is regenerated and run with debug=3 to get more log message that would help to investigate better. Cheers, Daniel On 20/08/15 10:05, Daniel-Constantin Mierla wrote: > Hello, > > probably the module is using the time computed internally as start time > plus elapsed seconds (counted internally). We can introduce an option to > use the system time, which may add a bit of delay, but really > insignificant. I will look into it these days. > > Cheers, > Daniel > > > On 18/08/15 22:44, Vasiliy Ganchev wrote: >> Hi list! >> (sorry for sending first mail to wrong sub forum) >> Have a following issue: >> Server with Kamailio restart with wrong time (why - this is separate part of >> my investigations), timeshift e.g. for 2 hours in feature. >> After ntp daemon adjust correct time (move time backwards), Kamailio do not >> accept REGISTERs, pv_www_authenticate answer with code -4 (nonce expired) >> >> I've reade the description of: >> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_expire >> and >> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_auth_max_drift >> >> This descriptions mention situation with backwards timeshift from future. >> As I understand, Kamailio do not authorise the registration, whose nonces >> where generated in future (before ntp shifted the time). But in my tests, >> Kamailio do not accept even REGISTER from UA, sent after time shift (with >> new nonces, that as I expected has to use correct time for nonce generation, >> and be authorised with no problem). >> >> Only Kamailio process restart help to cope with the issue. >> >> It looks like for nonce generating Kamailio use old time (in feature, that >> was before timeshift). >> >> I wander, does the Kamailio behave in described case - as is expected? If I >> am wrong in some of my assumptions, please point out. >> >> version: kamailio 4.2.5 >> >> Thank in advance! >> Cheers! >> >> >> >> >> -- >> View this message in context: >> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536.html >> Sent from the Users mailing list archive at Nabble.com. >> >> ___ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users@lists.sip-router.org >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] during registration nonce expired, after backwards time shift
Hello, probably the module is using the time computed internally as start time plus elapsed seconds (counted internally). We can introduce an option to use the system time, which may add a bit of delay, but really insignificant. I will look into it these days. Cheers, Daniel On 18/08/15 22:44, Vasiliy Ganchev wrote: > Hi list! > (sorry for sending first mail to wrong sub forum) > Have a following issue: > Server with Kamailio restart with wrong time (why - this is separate part of > my investigations), timeshift e.g. for 2 hours in feature. > After ntp daemon adjust correct time (move time backwards), Kamailio do not > accept REGISTERs, pv_www_authenticate answer with code -4 (nonce expired) > > I've reade the description of: > http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_expire > and > http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_auth_max_drift > > This descriptions mention situation with backwards timeshift from future. > As I understand, Kamailio do not authorise the registration, whose nonces > where generated in future (before ntp shifted the time). But in my tests, > Kamailio do not accept even REGISTER from UA, sent after time shift (with > new nonces, that as I expected has to use correct time for nonce generation, > and be authorised with no problem). > > Only Kamailio process restart help to cope with the issue. > > It looks like for nonce generating Kamailio use old time (in feature, that > was before timeshift). > > I wander, does the Kamailio behave in described case - as is expected? If I > am wrong in some of my assumptions, please point out. > > version: kamailio 4.2.5 > > Thank in advance! > Cheers! > > > > > -- > View this message in context: > http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536.html > Sent from the Users mailing list archive at Nabble.com. > > ___ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] during registration nonce expired, after backwards time shift
Hi list! (sorry for sending first mail to wrong sub forum) Have a following issue: Server with Kamailio restart with wrong time (why - this is separate part of my investigations), timeshift e.g. for 2 hours in feature. After ntp daemon adjust correct time (move time backwards), Kamailio do not accept REGISTERs, pv_www_authenticate answer with code -4 (nonce expired) I've reade the description of: http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_expire and http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_auth_max_drift This descriptions mention situation with backwards timeshift from future. As I understand, Kamailio do not authorise the registration, whose nonces where generated in future (before ntp shifted the time). But in my tests, Kamailio do not accept even REGISTER from UA, sent after time shift (with new nonces, that as I expected has to use correct time for nonce generation, and be authorised with no problem). Only Kamailio process restart help to cope with the issue. It looks like for nonce generating Kamailio use old time (in feature, that was before timeshift). I wander, does the Kamailio behave in described case - as is expected? If I am wrong in some of my assumptions, please point out. version: kamailio 4.2.5 Thank in advance! Cheers! -- View this message in context: http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536.html Sent from the Users mailing list archive at Nabble.com. ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
