Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Thank You Bogdan. This is the way i am going to follow. Maciej. > Maciej, > > skip auth challenge for the ACK requests as you cannot send replies for an > ACK > > So you have 2 options: > 1) if you do not want to auth ACK at all, simple skip them from auth > 2) if you want the auth ACK, if the ACK does not have an Authorize hdr > from beginning (as RFC sais) you cannot do much about it. > > Regards, > Bogdan > > Maciej Bylica wrote: >> >> Iñaki >> >> >> >>> >>> It's well explained in RFC 3261. >>> An ACK for a [3456]XX response must have same branch and same CSeq >>> number (but "ACK" method) as the INVITE of the transaction. >>> >> >> I meant some hints regarding script configuration, because as far as i >> understand i should double check my .cfg >> Okay i may proxy auth only INVITE methods - at this moment i do have >> if (!(method=="REGISTER") && from_uri==myself) /*no multidomain >> version*/ { >> if (!proxy_authorize("", "subscriber")) { >> xlog("L_INFO","proxy auth"); >> proxy_challenge("", "0"); >> exit; >> } >> so there wont be any problem to filter that out, but how to inspect >> branch, CSeq - isn't that functionality hardcoded? >> >> Thx, >> Maciej. >> >> ___ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> > > > -- > Bogdan-Andrei Iancu > OpenSIPS Bootcamp > 15 - 19 November 2010, Edison, New Jersey, USA > www.voice-system.ro > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Maciej, skip auth challenge for the ACK requests as you cannot send replies for an ACK So you have 2 options: 1) if you do not want to auth ACK at all, simple skip them from auth 2) if you want the auth ACK, if the ACK does not have an Authorize hdr from beginning (as RFC sais) you cannot do much about it. Regards, Bogdan Maciej Bylica wrote: Iñaki It's well explained in RFC 3261. An ACK for a [3456]XX response must have same branch and same CSeq number (but "ACK" method) as the INVITE of the transaction. I meant some hints regarding script configuration, because as far as i understand i should double check my .cfg Okay i may proxy auth only INVITE methods - at this moment i do have if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/ { if (!proxy_authorize("", "subscriber")) { xlog("L_INFO","proxy auth"); proxy_challenge("", "0"); exit; } so there wont be any problem to filter that out, but how to inspect branch, CSeq - isn't that functionality hardcoded? Thx, Maciej. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Bogdan-Andrei Iancu OpenSIPS Bootcamp 15 - 19 November 2010, Edison, New Jersey, USA www.voice-system.ro ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Iñaki > It's well explained in RFC 3261. > An ACK for a [3456]XX response must have same branch and same CSeq > number (but "ACK" method) as the INVITE of the transaction. I meant some hints regarding script configuration, because as far as i understand i should double check my .cfg Okay i may proxy auth only INVITE methods - at this moment i do have if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/ { if (!proxy_authorize("", "subscriber")) { xlog("L_INFO","proxy auth"); proxy_challenge("", "0"); exit; } so there wont be any problem to filter that out, but how to inspect branch, CSeq - isn't that functionality hardcoded? Thx, Maciej. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
2010/11/18 Maciej Bylica : > Iñaki, > > Thank You for clearing a few things up. > Yes You are absolutely right with all signalization aspect, but > transaction identifier inspection really makes me think and again i > see that there are a lot aspects i need to take care of. > Could you pls point me to some hints describing the proper way to > build transaction inspection? It's well explained in RFC 3261. An ACK for a [3456]XX response must have same branch and same CSeq number (but "ACK" method) as the INVITE of the transaction. -- Iñaki Baz Castillo ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Iñaki, Thank You for clearing a few things up. Yes You are absolutely right with all signalization aspect, but transaction identifier inspection really makes me think and again i see that there are a lot aspects i need to take care of. Could you pls point me to some hints describing the proper way to build transaction inspection? Thanks, Maciej. >> The call is generated by UA registered with Opensips, then t_relayed >> to OPERATOR_1 and his MGW to PSTN. >> UA-->OPENSIPS->OPERATOR_1_SIPPROXY>MGW >> >> The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY >> 1. (A)INVITE ->(B) >> 2. (A)<--180 RIGING--(B) >> 3. (A)CANCEL--->(B) >> 4. (A)<--OK(B) >> 5. (A)<-487 Request Terminated---(B) >> 6. (A)ACK->(B) >> and it looks the same, but: >> >> - CANCEL should be sent by (A) without To tag >> - OK should be sent by (B) with To tag >> - 487 with the same To tag > > Wrong. 200 OK for CANCEL is sent by the proxy (CANCEL is hop by hop). > However 487 is sent by the UAS (not by the proxy) and of course the > UAS doesn't know which To tag has chosen the proxy for the 200 > (CANCEL). Also, there could be multiple UAS's (parallel forking). > >> - ACK should be sent by (A) with exactly the same To tag. > > Just a final 487 will be delivered by the proxy to the UAC (even in > case there is parallel forking) so the ACK must contain the same Totag > than the 487 received. > > >> Unfortunately it is not my case :( >> - I am fine with CANCEL >> - I am receiving proper OK with To tag >> - and here is the source of my problem. 487 is sent by (B) without >> totag proposed in OK message previously sent. > > And that is correct. > > >> - ACK is obviously using the same totag as OK, > > That is wrong. It should be the same Totag as the UAC receives in the 487. > > >> so im my case no totag is incorporated into ACK method. > >> The after-effect is that ACK is asked for proxy auth. > > The proxy should not be dialog aware (Totag value aware). It should > inspect just the transaction identifier (Via's branch and CSeq). > > > -- > Iñaki Baz Castillo > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
2010/11/13 Maciej Bylica : > The call is generated by UA registered with Opensips, then t_relayed > to OPERATOR_1 and his MGW to PSTN. > UA-->OPENSIPS->OPERATOR_1_SIPPROXY>MGW > > The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY > 1. (A)INVITE ->(B) > 2. (A)<--180 RIGING--(B) > 3. (A)CANCEL--->(B) > 4. (A)<--OK(B) > 5. (A)<-487 Request Terminated---(B) > 6. (A)ACK->(B) > and it looks the same, but: > > - CANCEL should be sent by (A) without To tag > - OK should be sent by (B) with To tag > - 487 with the same To tag Wrong. 200 OK for CANCEL is sent by the proxy (CANCEL is hop by hop). However 487 is sent by the UAS (not by the proxy) and of course the UAS doesn't know which To tag has chosen the proxy for the 200 (CANCEL). Also, there could be multiple UAS's (parallel forking). > - ACK should be sent by (A) with exactly the same To tag. Just a final 487 will be delivered by the proxy to the UAC (even in case there is parallel forking) so the ACK must contain the same Totag than the 487 received. > Unfortunately it is not my case :( > - I am fine with CANCEL > - I am receiving proper OK with To tag > - and here is the source of my problem. 487 is sent by (B) without > totag proposed in OK message previously sent. And that is correct. > - ACK is obviously using the same totag as OK, That is wrong. It should be the same Totag as the UAC receives in the 487. > so im my case no totag is incorporated into ACK method. > The after-effect is that ACK is asked for proxy auth. The proxy should not be dialog aware (Totag value aware). It should inspect just the transaction identifier (Via's branch and CSeq). -- Iñaki Baz Castillo ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK
Guys So the only wayout is to request my SIP operator to be complied with the standards? Thanks Maciej > Dear ALL, > > During clearing my misconfigurations I found following errors in log file: > ERROR:uri:check_username: No authorized credentials found (error in scripts) > ERROR:uri:check_username: Call {www,proxy}_authorize before calling > check_* functions! > > After closer look it turnes out that it is generated due to lack of > totag in ACK method as a response to 487 Request Terminated. > ACK is omitting has_totag() part of configuration and then again is > asked for proxy auth. > > The call is generated by UA registered with Opensips, then t_relayed > to OPERATOR_1 and his MGW to PSTN. > UA-->OPENSIPS->OPERATOR_1_SIPPROXY>MGW > > The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY > 1. (A)INVITE ->(B) > 2. (A)<--180 RIGING--(B) > 3. (A)CANCEL--->(B) > 4. (A)<--OK(B) > 5. (A)<-487 Request Terminated---(B) > 6. (A)ACK->(B) > and it looks the same, but: > > - CANCEL should be sent by (A) without To tag > - OK should be sent by (B) with To tag > - 487 with the same To tag > - ACK should be sent by (A) with exactly the same To tag. > > Unfortunately it is not my case :( > - I am fine with CANCEL > - I am receiving proper OK with To tag > - and here is the source of my problem. 487 is sent by (B) without > totag proposed in OK message previously sent. > - ACK is obviously using the same totag as OK, so im my case no totag > is incorporated into ACK method. > The after-effect is that ACK is asked for proxy auth. > > I am asking you guys to tell me how to cope with the cases like above. > > > Thanks in advance, > Maciej > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] CANCELing the connection - no totag in ACK
Dear ALL, During clearing my misconfigurations I found following errors in log file: ERROR:uri:check_username: No authorized credentials found (error in scripts) ERROR:uri:check_username: Call {www,proxy}_authorize before calling check_* functions! After closer look it turnes out that it is generated due to lack of totag in ACK method as a response to 487 Request Terminated. ACK is omitting has_totag() part of configuration and then again is asked for proxy auth. The call is generated by UA registered with Opensips, then t_relayed to OPERATOR_1 and his MGW to PSTN. UA-->OPENSIPS->OPERATOR_1_SIPPROXY>MGW The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY 1. (A)INVITE ->(B) 2. (A)<--180 RIGING--(B) 3. (A)CANCEL--->(B) 4. (A)<--OK(B) 5. (A)<-487 Request Terminated---(B) 6. (A)ACK->(B) and it looks the same, but: - CANCEL should be sent by (A) without To tag - OK should be sent by (B) with To tag - 487 with the same To tag - ACK should be sent by (A) with exactly the same To tag. Unfortunately it is not my case :( - I am fine with CANCEL - I am receiving proper OK with To tag - and here is the source of my problem. 487 is sent by (B) without totag proposed in OK message previously sent. - ACK is obviously using the same totag as OK, so im my case no totag is incorporated into ACK method. The after-effect is that ACK is asked for proxy auth. I am asking you guys to tell me how to cope with the cases like above. Thanks in advance, Maciej ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users