sr-dev June 2014

sr-dev@lists.kamailio.org

21 participants
152 discussions

git:4.0: uac: print new and old uri in log message in case of error
by Daniel-Constantin Mierla 30 Jun '14

30 Jun '14

Module: sip-router Branch: 4.0 Commit: 2afb43f88eb60ac72887b1c6d79cbd6f17b464d2 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=2afb43f… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Mon Jun 30 11:06:41 2014 +0200 uac: print new and old uri in log message in case of error (cherry picked from commit 6feeb886b58f4cd1cefeef132245c009bf8ca07f) --- modules/uac/replace.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/uac/replace.c b/modules/uac/replace.c index 7f1f92c..65185f2 100644 --- a/modules/uac/replace.c +++ b/modules/uac/replace.c @@ -588,7 +588,8 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp, int check /* get new uri */ if ( new_uri.len<old_uri.len ) { - LM_ERR("new URI shorter than old URI\n"); + LM_ERR("new URI [%.*s] shorter than old URI [%.*s]\n", + new_uri.len, new_uri.s, old_uri.len, old_uri.s); goto failed; } for( i=0 ; i<old_uri.len ; i++ ) {

1 0

git:master: uac: print new and old uri in log message in case of error
by Daniel-Constantin Mierla 30 Jun '14

30 Jun '14

Module: sip-router Branch: master Commit: 6feeb886b58f4cd1cefeef132245c009bf8ca07f URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6feeb88… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Mon Jun 30 11:06:41 2014 +0200 uac: print new and old uri in log message in case of error --- modules/uac/replace.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/uac/replace.c b/modules/uac/replace.c index 3c78abe..f8285c6 100644 --- a/modules/uac/replace.c +++ b/modules/uac/replace.c @@ -587,7 +587,8 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp, int check /* get new uri */ if ( new_uri.len<old_uri.len ) { - LM_ERR("new URI shorter than old URI\n"); + LM_ERR("new URI [%.*s] shorter than old URI [%.*s]\n", + new_uri.len, new_uri.s, old_uri.len, old_uri.s); goto failed; } for( i=0 ; i<old_uri.len ; i++ ) {

1 0

git:master: modules/cdp: prevent possible seg fault if no MSCC AVP present in CCA response to update GSU timers
by Jason Penton 26 Jun '14

26 Jun '14

Module: sip-router Branch: master Commit: 269220f9a657ca10085ae8889312d052b65b12f8 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=269220f… Author: Jason Penton <jason.penton(a)gmail.com> Committer: Jason Penton <jason.penton(a)gmail.com> Date: Thu Jun 26 09:46:16 2014 +0200 modules/cdp: prevent possible seg fault if no MSCC AVP present in CCA response to update GSU timers --- modules/cdp/acctstatemachine.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/modules/cdp/acctstatemachine.c b/modules/cdp/acctstatemachine.c index 8537d0d..d4e524d 100644 --- a/modules/cdp/acctstatemachine.c +++ b/modules/cdp/acctstatemachine.c @@ -31,6 +31,10 @@ inline void update_gsu_response_timers(cdp_cc_acc_session_t* session, AAAMessage AAA_AVP *z; avp = AAAFindMatchingAVP(msg, 0, AVP_Multiple_Services_Credit_Control, 0, 0); + if (!avp) { + LM_WARN("Trying to update GSU timers but there is no MSCC AVP in the CCA response\n"); + return; + } mscc_avp_list = AAAUngroupAVPS(avp->data); AAA_AVP *mscc_avp = mscc_avp_list.head;

1 0

git:4.0: auth_db: auth_check() to get the auth header from the used api
by Daniel-Constantin Mierla 25 Jun '14

25 Jun '14

Module: sip-router Branch: 4.0 Commit: d58f973b3d701a8db41cf6b3884e322ea531e5f7 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d58f973… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Mon May 26 14:47:37 2014 +0200 auth_db: auth_check() to get the auth header from the used api - this avoids using a different auth header that might be in the request before checking usernames in from/to headers against auth user (cherry picked from commit 4992519eed88d94847d742c52e882082b1b41264) (cherry picked from commit 9a697d04e7bb041e1ec6748727a418866dc0ba54) --- modules/auth_db/authorize.c | 28 +++++++++++++++++++--------- 1 files changed, 19 insertions(+), 9 deletions(-) diff --git a/modules/auth_db/authorize.c b/modules/auth_db/authorize.c index cf97a8f..e2b0f4f 100644 --- a/modules/auth_db/authorize.c +++ b/modules/auth_db/authorize.c @@ -223,10 +223,10 @@ static int generate_avps(struct sip_msg* msg, db1_res_t* db_res) /* - * Authorize digest credentials + * Authorize digest credentials and set the pointer to used hdr */ -static int digest_authenticate(struct sip_msg* msg, str *realm, - str *table, hdr_types_t hftype, str *method) +static int digest_authenticate_hdr(sip_msg_t* msg, str *realm, + str *table, hdr_types_t hftype, str *method, hdr_field_t **ahdr) { char ha1[256]; int res; @@ -277,6 +277,7 @@ static int digest_authenticate(struct sip_msg* msg, str *realm, } cred = (auth_body_t*)h->parsed; + if(ahdr!=NULL) *ahdr = h; res = get_ha1(&cred->digest.username, realm, table, ha1, &result); if (res < 0) { @@ -315,6 +316,15 @@ end: return ret; } +/* + * Authorize digest credentials + */ +static int digest_authenticate(sip_msg_t* msg, str *realm, + str *table, hdr_types_t hftype, str *method) +{ + return digest_authenticate_hdr(msg, realm, table, hftype, method, NULL); +} + /* * Authenticate using Proxy-Authorize header field @@ -475,15 +485,15 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags) LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm.len, srealm.s, stable.len, stable.s, iflags); + hdr = NULL; if(_m->REQ_METHOD==METHOD_REGISTER) - ret = digest_authenticate(_m, &srealm, &stable, HDR_AUTHORIZATION_T, - &_m->first_line.u.request.method); + ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_AUTHORIZATION_T, + &_m->first_line.u.request.method, &hdr); else - ret = digest_authenticate(_m, &srealm, &stable, HDR_PROXYAUTH_T, - &_m->first_line.u.request.method); + ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_PROXYAUTH_T, + &_m->first_line.u.request.method, &hdr); - if(ret==AUTH_OK && (iflags&AUTH_CHECK_ID_F)) { - hdr = (_m->proxy_auth==0)?_m->authorization:_m->proxy_auth; + if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) { srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user; if((furi=parse_from_uri(_m))==NULL)

1 0

[tracker] Task opened: modules/tmx: t_is_failure_route() code or documentation is wrong
by sip-router 25 Jun '14

25 Jun '14

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A new Flyspray task has been opened. Details are below. User who did this - Andrew Pogrebennyk (marduk) Attached to Project - sip-router Summary - modules/tmx: t_is_failure_route() code or documentation is wrong Task Type - Bug Report Category - Module Status - Unconfirmed Assigned To - Operating System - All Severity - Low Priority - Normal Reported Version - 4.1 Due in Version - Undecided Due Date - Undecided Details - Hello, I'm using kamailio 4.1.4. There is a problem with t_is_failure_route() function. While the documentation says it can be used in any route: http://www.kamailio.org/docs/modules/4.1.x/modules/tmx.html#idp27024 3.5. t_is_failure_route() Returns true if the top-executed route block is failure_route. This function can be used from ANY_ROUTE . in fact I'm getting an error if I call that function from the branch_route: Jun 25 11:44:20 sp1 proxy[11942]: ERROR: tmx [t_var.c:500]: pv_get_tm_reply_code(): unsupported route_type 8 (the call flow is simple: after failure_route fires, I call a request route and set a new destination and then the branch route gets called). Please fix either the code (would be nice indeed) or the documentation. Thanks! More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=445 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

1 0

ims_usrloc_scscf - doc update required
by Daniel Ciprus 25 Jun '14

25 Jun '14

All, Just FYI: there is a missing piece in documentation which allows sort of proper handling of reg entries in S-CSCF. Here are parameters which I used to limit number of entries in registrar along with proper removal of old, not valid entries. modparam("ims_usrloc_scscf", "maxcontact", 2) modparam("ims_usrloc_scscf", "maxcontact_behaviour", 2) /*!< max contact behaviour - 0-disabled(default),1-reject,2-overwrite*/ This happens to be found on latest 4.1.4 branch. @Jason: could you please update doc so people won't go through this pain again ? ;-) thanks -- Daniel Ciprus Integration engineer http://www.acision.com 9954 Mayland Dr Suite 3100 Richmond, VA 23233 USA T: +1 804 762 5601 E: daniel.ciprus(a)acision.com<mailto:daniel.ciprus@acision.com> ________________________________ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.

2 1

Diameter: 5012 "Unable to comply" and Re-Routing...
by Carsten Bock 18 Jun '14

18 Jun '14

Hi, Before i spend hours reading specs, a question to Diameter-Experts... Last night our hosting provider had an outage in our datacenter and had to restart one of our servers. After restarting, all servers came back up except our database, which failed to start due to replication issues. Except from our HSS, all components use a redundant database link, so everything was fine. The HSS started, but failed to connect to the database and as a result, it responded to all Diameter-Requests with "5012 Diameter unable to comply", which is correct (i believe) for Diameter for unspecified error-reasons: RFC 3588 (page 87): DIAMETER_UNABLE_TO_COMPLY 5012 This error is returned when a request is rejected for unspecified reasons. However, ims_auth sends a "403 HSS unable to comply" response back to the I-CSCF, which will not trigger a re-routing on the I-CSCF as it's "Forbidden" and not exactly an error (e.g. like "User unknown"). Questions: - is it correct to the standards, to send a "403" in this case? Shouldn't it be some reply, which allows re-routing the requests? - i assume, it would be desirable, to re-route Diameter requests to another peer in such cases, right? I've noticed, that MSG_480_HSS_ERROR is actually also sent as a "403" and not as a "480" (which would trigger a re-routing), as the DEFINE message would imply.... Thanks, Carsten P.S.: Next step for me: Add the redundant database link to the HSS/OCS, was on my Todo-List too long... ;-) -- Carsten Bock CEO (Geschäftsführer) ng-voice GmbH Schomburgstr. 80 D-22767 Hamburg / Germany http://www.ng-voice.com mailto:carsten@ng-voice.com Office +49 40 34927219 Fax +49 40 34927220 Sitz der Gesellschaft: Hamburg Registergericht: Amtsgericht Hamburg, HRB 120189 Geschäftsführer: Carsten Bock Ust-ID: DE279344284 Hier finden Sie unsere handelsrechtlichen Pflichtangaben: http://www.ng-voice.com/imprint/

1 0

git:4.1: auth: README regenerated
by Ovidiu Sas 17 Jun '14

17 Jun '14

Module: sip-router Branch: 4.1 Commit: 33d91eafaba5066ead247a61c76b18747a08da57 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=33d91ea… Author: Ovidiu Sas <osas(a)voipembedded.com> Committer: Ovidiu Sas <osas(a)voipembedded.com> Date: Tue Jun 17 13:08:02 2014 -0400 auth: README regenerated --- modules/auth/README | 210 ++++++++++++++++++--------------------------------- 1 files changed, 74 insertions(+), 136 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=33d…

1 0

git:master: auth: README regenerated
by Ovidiu Sas 17 Jun '14

17 Jun '14

Module: sip-router Branch: master Commit: 71ecad37d231f6fda652892550ff8b9a8d193f59 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=71ecad3… Author: Ovidiu Sas <osas(a)voipembedded.com> Committer: Ovidiu Sas <osas(a)voipembedded.com> Date: Tue Jun 17 13:06:20 2014 -0400 auth: README regenerated --- modules/auth/README | 210 ++++++++++++++++++--------------------------------- 1 files changed, 74 insertions(+), 136 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=71e…

1 0

git:master: auth: document '-8' return code for pv_www_authenticate
by Ovidiu Sas 17 Jun '14

17 Jun '14

Module: sip-router Branch: master Commit: c9c8f8d71fdad33caebaea07922901618bcd7825 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c9c8f8d… Author: Ovidiu Sas <osas(a)voipembedded.com> Committer: Ovidiu Sas <osas(a)voipembedded.com> Date: Tue Jun 17 11:47:50 2014 -0400 auth: document '-8' return code for pv_www_authenticate --- modules/auth/doc/auth_functions.xml | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) diff --git a/modules/auth/doc/auth_functions.xml b/modules/auth/doc/auth_functions.xml index 0ab616a..ec33324 100644 --- a/modules/auth/doc/auth_functions.xml +++ b/modules/auth/doc/auth_functions.xml @@ -198,26 +198,30 @@ if (!auth_check("$fd", "subscriber", "1")) { <itemizedlist> <listitem><para> <emphasis>-1 (generic error)</emphasis> - some generic error - occurred and no reply was sent out; + occurred and no reply was sent out </para></listitem> <listitem><para> - <emphasis>-2 (invalid password)</emphasis> - wrong password; + <emphasis>-2 (invalid password)</emphasis> - wrong password </para></listitem> <listitem><para> <emphasis>-3 (invalid user)</emphasis> - authentication user does - not exist. + not exist </para></listitem> <listitem><para> <emphasis>-4 (nonce expired)</emphasis> - the nonce has expired </para></listitem> <listitem><para> <emphasis>-5 (no credentials)</emphasis> - request does not contain - an Authorization header with the correct realm. + an Authorization header with the correct realm </para></listitem> <listitem><para> <emphasis>-6 (nonce reused)</emphasis> - the nonce has already been used to authenticate a previous request </para></listitem> + <listitem><para> + <emphasis>-8 (auth user mismatch)</emphasis> - the auth user is different + then the From/To user + </para></listitem> </itemizedlist> <para>Meaning of the parameters is as follows:</para> <itemizedlist>

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev June 2014