Description

While testing to implement an IMS AS, I used the PUA_REGINFO module to receive details about the SIP registration. PUA_REGINFO module uses PUA and USRLOC modules.

However, a couple of issues was found including a crash:

  1. Crash when processing SIP Notify with registration terminated info.
  2. Randomly fails storing data to USRLOC, (entries already exists)
  3. Saves corrupt data to database use_domain is set in usrloc but domain not provided in Notify request

Troubleshooting

I am pretty new to Kamailio, but my findings are the following in notify.c

  1. PUA_REGINFO modules, deletes the record with "ul.delete_urecord(...)" and later down in the code calls "if (ul_record) ul.release_urecord(ul_record);". Crashes on the release_urecord call.
    My assumption without knowing to much about userloc is that release can not be called on a deleted record. Hence it should be enough to set ul_record = NULL after calling "ul.delete_urecord(...)" to not call release_urecord later on.

  2. It looks like there is an issue handling parallell request.
    Without knowing too much, it replacing sruid_next(..) with sruid_next_safe() resolves the issue.
    Also, the static variable of type ucontact_info_t should probably become local as well.

  3. Maybe incorrect to set use_domain to 1 when using the module, however I think it should be failsafe and not store garbage data in to database. Not looked into this issue.

Reproduction

Send Notify request with REGINFO body for registration and unregistration and forward it to the module according to the documentation of PUA_REGINFO.

Debugging Data

Attaching SIPp scenario.
Changing code according to 1) and 2) make the SIPp script runs and no critical issues seen.
(Have too less experience to ensure that no memleaks are introduced or still present in the module code)

NOTIFY sip:[remote_ip] SIP/2.0 Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch] From: <sip:[field0]@[field1]>;tag=[call_number] To: <sip:[field0]@[field1]> Call-ID: [call_id] CSeq: 1 NOTIFY Contact: sip:[field0]@[local_ip]:[local_port] Max-Forwards: 70 Expires: 1800 Event: reg User-Agent: SIPp/Linux Subscription-State: active;expires=6888 Content-Type: application/reginfo+xml Content-Length: [len] <?xml version="1.0"?> <reginfo xmlns="urn:ietf:params:xml:ns:reginfo" version="2" state="full"> <registration aor="sip:[field0]@mnc001.mcc001.3gppnetwork.org" id="0x7feff71118f8" state="active"> <contact id="0x7feff7126e58" state="active" event="registered" expires="595" q="0.500"> <uri>sip:[field0]@192.168.55.103:21061;ob;alias=192.168.55.103~21061~1</uri> <unknown-param name="+g.3gpp.smsip"></unknown-param> <unknown-param name="q">"0.5"</unknown-param> </contact> </registration> </reginfo> ]]> NOTIFY sip:[remote_ip] SIP/2.0 Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch] From: <sip:[field0]@[field1]>;tag=[call_number] To: <sip:[field0]@[field1]> Call-ID: [call_id] CSeq: 2 NOTIFY Contact: sip:[field0]@[local_ip]:[local_port] Max-Forwards: 70 Expires: 1800 User-Agent: SIPp/Linux Event: reg Subscription-State: active;expires=6888 Content-Type: application/reginfo+xml Content-Length: [len] <?xml version="1.0"?> <reginfo xmlns="urn:ietf:params:xml:ns:reginfo" version="3" state="full"> <registration aor="sip:[field0]@mnc001.mcc001.3gppnetwork.org" id="0x7feff71118f8" state="terminated"> <contact id="0x1" state="terminated" event="expired" expires="0" q="0.000"> <uri>sip:[field0]@192.168.55.103:21061;ob;alias=192.168.55.103~21061~1</uri> </contact> </registration> </reginfo> ]]>

Log Messages

SIP Traffic

Possible Solutions

See troubleshooting.

Additional Information

5.1.4

Debian 8.11


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.