Hi,
Can any explain as to why one may see a 401 response for a BYE, but not for
the corresponding INVITE ?
It is seen in this call-flow:
Proxy B2BUA
15:30:27.918 ------- INVITE ---------> (1)
15:30:27.942 <------ 100 TRYING ---------- (2)
15:30:28.980 <------ 180 RINGING ---------- (3)
15:30:29.370 <------ 200 OK ---------- (4)
15:30:29.372 ------- ACK ---------> (5)
15:45:29.275 <------ RE-INVITE ---------- (6)
( due to a bug in stack's session timer, a inconsistent re-invite is sent
)
...
15:45:29.285 <------ BYE ---------- (7)
15:45:29.286 ------- 401 Unauthorized -----> (10)
Assuming the following network topology:
[external-UA1]
\
\
[Proxy]-----[B2BUA]
/
/
[external-UA2]
Is the following explanation reasonable ?
I believe that the UA-1, UA-2 & Proxy are within a Trust-Domain, so when the
first INVITE comes in, it has the P-Asserted-Identity: of UA1, meaning that
the Proxy trusts it, but nothing in this INVITE says that the B2BUA, is
trusted by the Proxy. The original INVITE transaction completes
successfully, but then B2BUA tries to do the re-INVITE to refresh the
Session-Timer, and this is not considered a valid INVITE (due to the missing
Content-Type: header) by the Proxy. So even before checking it's credential
checking can be done, the validity of INVITE to be acceptable message fails,
leading to the 400 Bad Request. If the INVITE was otherwise okay, it should
have been challenged too, to authenticate itself. Finally, the Bad-Request
causes B2BUA to cleanup the call using a BYE, but BYE is valid &
well-formed, but without credentials, so it gets challenged by the Proxy.
regards,
banibrata dutta.
_______________________________________________
Sip-implementors mailing list
[email protected]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
