Description

Have two 4G UE's registered (over Open5GS CN / Amarisoft eNB): UE1 (OnePlus) connects to P-CSCF over UDP, UE2 (Huawei) connects using IPSec SA.
Immediately after registration, VoLTE calls work from UE1 to UE2 and vice-versa; but after some time, only from UE2 to UE1. Calls initiated from UE1 fail with a "network error" message.

Following Kamailio logfile extract shows periodic OPTIONS processing failing (cause unknown to me) leading to de-registration:

Sep 14 00:56:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via sip:10.46.0.11:5060;transport=tcp...
Sep 14 00:56:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 00:57:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via sip:10.46.0.11:5060;transport=tcp...
Sep 14 00:57:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 00:58:01 corsa03 p-cscf[8124]: INFO: cdp [authstatemachine.c:270]: auth_client_statefull_sm_process(): after callback of event 1
Sep 14 00:58:01 corsa03 p-cscf[8134]: INFO: cdp [authstatemachine.c:270]: auth_client_statefull_sm_process(): after callback of event 17
Sep 14 00:58:01 corsa03 p-cscf[8134]: INFO: cdp [authstatemachine.c:425]: auth_client_statefull_sm_process(): state machine: AUTH_EV_RECV_STA about to clean up
Sep 14 00:58:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via sip:10.46.0.11:5060;transport=tcp...
Sep 14 00:58:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 00:58:37 corsa03 p-cscf[8124]: NOTICE: <script>:   request sent to sip:001010000051194@10.46.0.6:31907: Fail Counter is 1
Sep 14 00:59:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via sip:10.46.0.11:5060;transport=tcp...
Sep 14 00:59:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 00:59:37 corsa03 p-cscf[8124]: NOTICE: <script>:   request sent to sip:001010000051194@10.46.0.6:31907: Fail Counter is 2
Sep 14 01:00:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via sip:10.46.0.11:5060;transport=tcp...
Sep 14 01:00:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 01:00:37 corsa03 p-cscf[8124]: NOTICE: <script>:   request sent to sip:001010000051194@10.46.0.6:31907: Fail Counter is 3
Sep 14 01:01:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via sip:10.46.0.11:5060;transport=tcp...
Sep 14 01:01:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 01:01:37 corsa03 p-cscf[8124]: NOTICE: <script>:   request sent to sip:001010000051194@10.46.0.6:31907: Fail Counter is 4
Sep 14 01:01:37 corsa03 p-cscf[8124]: NOTICE: <script>:   Unregistering sip:001010000051194@10.46.0.6:31907;alias=10.46.0.6~31907~2

But now the dummy AOR: sip:you@kamailio.org is used by ipsec_destroy(), instead of UE2's AOR: sip:001010000051194@10.46.0.6:31907:

Sep 14 01:01:37 corsa03 p-cscf[8124]: NOTICE: <script>:   Unregistering sip:001010000051194@10.46.0.6:31907;alias=10.46.0.6~31907~2
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_ipsec_pcscf [cmd.c:198]: fill_contact(): using original uri for contact filling: sip:you@kamailio.org
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: <core> [core/mem/q_malloc.c:373]: qm_malloc(): qm_malloc(0x7f73e298e010, 50) called from ims_ipsec_pcscf: cmd.c: fill_contact(282)
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: <core> [core/mem/q_malloc.c:416]: qm_malloc(): qm_malloc(0x7f73e298e010, 56) returns address 0x7f73e2c5a0f8 frag. 0x7f73e2c5a0c0 (size=56) on 1 -th hit
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_ipsec_pcscf [cmd.c:333]: fill_contact(): SIP REQUEST fill contact with AOR [sip:you@kamailio.org], VIA [0://kamailio.org:5060], received_host [1://1.0.0.127:5060]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [usrloc.c:157]: get_aor_hash(): Returning hash: [4128780523]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [usrloc.c:148]: get_hash_slot(): Returning hash slot: [235]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:459]: get_pcontact_from_cache(): Searching for contact with AOR [sip:you@kamailio.org] in P-CSCF usrloc based on VIA [0://kamailio.org:5060] Received [1://1.0.0.127:5060], Search flag is 0, reverse_search 0
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:469]: get_pcontact_from_cache(): Have an AOR to search for
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:474]: get_pcontact_from_cache(): checking for rinstance
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [usrloc.c:157]: get_aor_hash(): Returning hash: [4128780523]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:509]: get_pcontact_from_cache(): get_pcontact slot is [235]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:642]: get_pcontact_from_cache(): contact not found in memory
Sep 14 01:01:37 corsa03 p-cscf[8124]: ERROR: ims_ipsec_pcscf [cmd.c:1062]: ipsec_destroy(): Contact doesn't exist

I assume that ipsec_destroy() determines that the contact doesn't exist, so no change can be made to any SA.
The ipsec_destroy() function call in pcscf/kamailio.cfg is used as follows:

event_route[uac:reply] {
#!ifdef WITH_DEBUG
        xnotice("request sent to $uac_req(ruri) completed with code: $uac_req(evcode), Type $uac_req(evtype)\n");
#!endif
        if (($uac_req(evtype) != 1) || ($uac_req(evcode) != 200)) {
                if ($sht(natpingfail=>$uac_req(ouri)) == $null) {
                        $sht(natpingfail=>$uac_req(ouri)) = 1;
                } else {
                        $sht(natpingfail=>$uac_req(ouri)) = $sht(natpingfail=>$uac_req(ouri)) + 1;
                }
                xnotice("  request sent to $uac_req(ruri): Fail Counter is $sht(natpingfail=>$uac_req(ouri))\n");
                if ($sht(natpingfail=>$uac_req(ouri)) > 3) {
                        if ($(uac_req(ouri){uri.transport}) == "tcp") {
                                $var(alias) = "alias="+$(uac_req(ouri){uri.host})+"~"+$(uac_req(ouri){uri.port})+"~2";
                        } else if ($(uac_req(ouri){uri.transport}) == "tls") {
                                $var(alias) = "alias="+$(uac_req(ouri){uri.host})+"~"+$(uac_req(ouri){uri.port})+"~3";
                        } else {
                                $var(alias) = "alias="+$(uac_req(ouri){uri.host})+"~"+$(uac_req(ouri){uri.port})+"~1";
                        }
                        xnotice("  Unregistering $uac_req(ruri);$var(alias)\n");
                        setdebug("9");
                        ipsec_destroy("location");
                        pcscf_unregister("location", "$uac_req(ruri);$var(alias)", "$(uac_req(ouri){uri.host})", "$(uac_req(ouri){uri.port})");
                        resetdebug();
                        sht_lock("natping=>natpinglock");
                        $sht(natping=>$uac_req(ouri)) = $null;
                        sht_unlock("natping=>natpinglock");

                        sht_lock("natpingfrom=>natpingfromlock");
                        $sht(natpingfrom=>$uac_req(ouri)) = $null;
                        sht_unlock("natpingfrom=>natpingfromlock");

                        $sht(natpingfail=>$uac_req(ouri)) = $null;
                }
        } else {
                $sht(natpingfail=>$uac_req(ouri)) = $null;
        }
}

How do I ensure that ipsec_destroy() receives a real AOR, and not the dummy (default?) value sip:you@kamailio.org?

Additional Information

version: kamailio 5.7.1 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled on 17:01:00 Aug 12 2023 with x86_64-pc-linux-gnu-gcc 13.2.0

Linux corsa03 6.5.2-gentoo-x86_64 #2 SMP PREEMPT_DYNAMIC Thu Sep  7 15:16:58 CEST 2023 x86_64 AMD EPYC 7513 32-Core Processor AuthenticAMD GNU/Linux


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <kamailio/kamailio/issues/3570@github.com>