Description
Using sCSCF sample found here, after calling ims_www_challenge in REGISTER route block and sending a Diameter MAR request, the control is never passed to REG_MAR_REPLY route block and debug messages within REG_MAR_REPLY are not logged. This is not the case with REG_SAR_REPLY and PRE_REG_SAR_REPLY, those blocks are executed as expected.
######################################################################
# Route for handling Registrations:
######################################################################
route[REGISTER] {
xlog("ALGORITHM IS [$aa] and User-Agent is [$ua]\n");
$var(alg) = $aa;
if ($aa == $null) {
$var(alg) = "MD5"; #force to MD5 for zoiper.... non-ims
}
#!ifdef WITH_AUTH
if (!ims_www_authenticate("$td")) {
#!else
if (($var(alg) == "MD5") && (!ims_www_authenticate("$td"))) {
#!endif
if ($? == -2) {
send_reply("403", "Authentication Failed");
exit;
} else if ($? == -3) {
send_reply("400", "Bad Request");
exit;
} else if ($? == -9) {
xlog("L_DBG", "Authentication re-sync requested\n");
ims_www_resync_auth("REG_RESYNC_REPLY", "$td");
exit;
} else {
#user has not been authenticated. Lets send a challenge via 401 Unauthorized
xlog("L_DBG", "About to challenge! auth_ims\n");
ims_www_challenge("REG_MAR_REPLY", "$td", "$var(alg)");
exit;
}
} else {
xlog("L_DBG", "Auth succeeded\n");
# We need to check if this user is registered or not
if (!impu_registered("location")) {
xlog("L_ERR", "Not REGISTERED\n");
save("PRE_REG_SAR_REPLY", "location");
exit;
} else {
isc_match_filter_reg("1", "location");
save("REG_SAR_REPLY", "location");
exit;
}
}
}
route[REG_MAR_REPLY]
{
#this is async so to know status we have to check the reply avp
xlog("L_DBG", "maa_return code is $avp(s:maa_return_code)\n");
switch ($avp(s:maa_return_code)){
case 1: #success
xlog("L_DBG", "MAR success - 401/407 response sent from module\n");
break;
case -1: #failure
xlog("L_ERR", "MAR failure - error response sent from module\n");
break;
case -2: #error
xlog("L_ERR", "MAR error - sending error response now\n");
send_reply("500", "MAR failed");
break;
default:
xlog("L_ERR", "Unknown return code from MAR, value is [$avp(s:maa_return_code)]\n");
send_reply("500", "Unknown response code from MAR");
break;
}
exit;
}
Troubleshooting
Reproduction
Debugging Data
(paste your debugging data here)
Log Messages
ERROR: *** cfgtrace:request_route=[REGISTER] c=[/usr/local/etc/kamailio/kamailio.cfg] l=712 a=27 n=ims_www_challenge
DEBUG: ims_auth [authorize.c:290]: challenge(): Looking for route block [REG_MAR_REPLY]
INFO: ims_auth [cxdx_mar.c:76]: create_return_code(): created AVP successfully : [maa_return_code] - [-2]
DEBUG: ims_auth [authorize.c:314]: challenge(): Need to challenge for realm [ims.mnc072.mcc432.3gppnetwork.org]
DEBUG: ims_auth [authorize.c:321]: challenge(): Checking if REGISTER is authorized for realm [ims.mnc072.mcc432.3gppnetwork.org]...
DEBUG: ims_auth [authorize.c:1446]: get_auth_userdata(): Searching auth_userdata for IMPU sip:bob@ims.mnc072.mcc432.3gppnetwork.org (Hash 295)
DEBUG: ims_auth [authorize.c:1455]: get_auth_userdata(): Found auth_userdata
DEBUG: ims_auth [authorize.c:1061]: get_auth_vector(): looping through AV status is 3 and were looking for 0
DEBUG: tm [t_lookup.c:1343]: t_newtran(): msg (0x7f8d3f410cb0) id=1/11 global id=1/11 T start=(nil)
DEBUG: tm [t_lookup.c:498]: t_lookup_request(): start searching: hash=21555, isACK=0
DEBUG: tm [t_lookup.c:456]: matching_3261(): RFC3261 transaction matching failed - via branch [z9hG4bK3345.d6f2aff0d9192c2647aca3baea62cf94.1]
DEBUG: tm [t_lookup.c:681]: t_lookup_request(): no transaction found
DEBUG: tm [t_hooks.c:337]: run_reqin_callbacks_internal(): trans=0x7f8d2bff4520, callback type 1, id 0 entered
DEBUG: ims_auth [authorize.c:457]: challenge(): Suspending SIP TM transaction
DEBUG: ims_auth [authorize.c:1526]: multimedia_auth_request(): Sending MAR
DEBUG: ims_auth [cxdx_mar.c:572]: cxdx_send_mar(): Successfully sent async diameter
DEBUG: tm [t_lookup.c:1628]: t_lookup_ident_filter(): transaction found
INFO: ims_auth [cxdx_avp.c:134]: cxdx_get_avp(): cxdx_get_experimental_result_code: Failed finding avp (avp_code = 297, vendor_id = 0)
DEBUG: ims_auth [authorize.c:1557]: pack_challenge(): setting QOP str used is [, qop="auth"]
DEBUG: ims_auth [authorize.c:1559]: pack_challenge(): QOP str used is [, qop="auth"]
DEBUG: tm [t_reply.c:1660]: cleanup_uac_timers(): RETR/FR timers reset
DEBUG: tm [t_reply.c:595]: _reply_light(): reply sent out. buf=0x7f8d3f4120b8: SIP/2.0 401 Unauthor..., shmem=0x7f8d2bff9288: SIP/2.0 401 Unauthor
DEBUG: tm [t_reply.c:606]: _reply_light(): finished
DEBUG: ims_auth [authorize.c:1446]: get_auth_userdata(): Searching auth_userdata for IMPU sip:bob@ims.mnc072.mcc432.3gppnetwork.org (Hash 295)
DEBUG: ims_auth [authorize.c:1455]: get_auth_userdata(): Found auth_userdata
DEBUG: ims_auth [authorize.c:1679]: add_auth_vector(): Adding auth_vector (status 1) for IMPU sip:bob@ims.mnc072.mcc432.3gppnetwork.org / IMPI bob@ims.mnc072.mcc432.3gppnetwork.org (Hash 295)
DEBUG: ims_auth [cxdx_mar.c:483]: async_cdp_callback(): DBG:UAR Async CDP callback: ... Done resuming transaction
INFO: ims_auth [cxdx_mar.c:76]: create_return_code(): created AVP successfully : [maa_return_code] - [1]
DEBUG: ims_auth [cxdx_mar.c:495]: async_cdp_callback(): Destroying current transaction prevented!
DEBUG: tm [t_lookup.c:1620]: t_lookup_ident_filter(): transaction in terminated phase - skipping
ERROR: tm [t_suspend.c:196]: t_continue_helper(): active transaction not found
DEBUG: ims_auth [cxdx_mar.c:84]: free_saved_transaction_data(): Freeing saved transaction data: async
SIP Traffic
(paste your sip traffic here)
Possible Solutions
The issue is related to ims_auth module, in cxdx_mar.c . within async_cdp_callback function, if I replace:
tmb.t_continue(data->tindex, data->tlabel, data->act);
with the following:
tmb.t_continue_skip_timer(data->tindex, data->tlabel, data->act);
the issue will be fixed and the control will be passed to REG_MAR_REPLY route block. In fact, in ims_registrar_scscf module, in cxdx_sar.c file, the t_continue_skip_timer is called instead of t_continue, if I replace it with t_continue the same issue happens for SAR callbacks.
Additional Information
- Kamailio Version - output of
kamailio -v
version: kamailio 6.1.0-dev0 (x86_64/linux) c858ce-dirty
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: c858ce -dirty
compiled on 10:33:37 Apr 5 2025 with gcc 11.4.0
- Operating System:
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
Linux kuber-worker 5.15.0-133-generic #144-Ubuntu SMP Fri Feb 7 20:47:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
amnapa created an issue