Ok, so .. I have a session border controller device that is a contact point for my SIP
domain (SRV record in DNS set to its IP). All the trafic goes through it and it does
things like topology hiding etc.. The device forwards the INVITE messages to Kamailio,
because of the routing.
The loose_route was working strangely, because it did not behave as described in the
documentation.
Here is the sip message that it was suppose to pass:
ACK sip:acc1@domain.ch:5060 SIP/2.0
Via: SIP/2.0/UDP domain.ch;branch=z9hG4bKac386033013
Max-Forwards: 70
From: "acc2" ;tag=1c1749458918
To: ;tag=1c1892801634
Call-ID: 17494024742382012111116@
CSeq: 2 ACK
Contact:
Route:
Supported: em,timer,replaces,path,resource-priority
Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE
User-Agent: SBC_DEVICE
Content-Length: 0
As you can see, there is a Route header and a To_tag .. so the loose_route function should
return true. But instead, it returned false, then t_check_trans() also returned false and
the routing logic exited (exit;).
This happens when the value of alias is not enclosed in double quotes.
PS.: There is a "-" symbol in the domain name. Can't that be a problem
causing the need for the double quotes?
PS2: Should there be only a domain name in the alias? or also the hostname part? ... for
example: domain.ch:5060 or server.domain.ch:5060
Martin
______________________________________________________________
Od: "Daniel-Constantin Mierla"
Komu: "SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) - Users Mailing
List"
Dátum: 23.08.2012 12:21
Predmet: Re: [SR-Users] Possible bug in authentication
Hello,
On 8/23/12 11:54 AM, martian(a)centrum.sk wrote:Hello to everybody.
I am currently working with Kamailio 3.3.1 on RedHat.
The "loose_route" function was not working correctly and I observed some very
strange behaviour (not as one described in the documentation of the function).
I have found that there needs to be a port included in the "alias" variable for
the loose_route function to work correctly.
However, upon adding the port to alias, the INVITE messages were no longer authenticated
(Kamailio just accepted them and didn't send proxy-auth header in 407 message).
My alias:
alias="domain.ch:5060"
Examining default routing logic, I found the problem here:
if (is_method("REGISTER") || from_uri==myself)
{
# authenticate requests
...
}
The "from_uri==myself" was no longer evaluated as true, because there was a port
at the end of the alias.
The FROM Header of the INVITE messages looks like:
From: "acc1" ;tag=12345
..so .. no port number there.
Btw, I have fixed this with replacing the "myself" list with my own defined
variable MY_DOMAIN.
#!define MY_DOMAIN ".*(a)domain.ch"
So now the condition looks like this:
if (is_method("REGISTER") || from_uri=~MY_DOMAIN)
{
...
}
I am not sure if this is a bug that needs to be fixed or not. I am just pointing my finger
at it and I hope it will contribute to the development.
Also, a valid description of this behavior (when using port in alias) would be
appreciated.
if you enclose the value of the alias parameter in double quotes, then it is taken as
string value. If you want to set it to a host:port, then remove the double quotes:
alias=domain.ch:5060
Why do you say the loose_route() was working strangely? Do you add the hostname as
record-route, not the IP address? Detail more about what you think is wrong with record
routing/loose routing.
Cheers,
Daniel
-- Daniel-Constantin Mierla -
http://www.asipto.comhttp://twitter.com/#!/miconda -
http://www.linkedin.com/in/micondaKamailio Advanced Training, Berlin, Nov 5-8, 2012 -
http://asipto.com/u/kat