Hi guys,
hardware device. I'm using www_authorize in my
ser.cfg on every call forward (pstn) to prevent
other sip proxies to forwad traffic to me:
if
(uri=~"^sip:00") {
log(0,
"\n\n************ B2BUA ***********\n");
if((!src_ip=="12.34.56.78")||(!src_ip=="1.2.3.4")){
#
if (!proxy_authorize("12.34.56.78", "subscriber"))
{
#
proxy_challenge("12.34.56.78",
"1");
#
};
if (!www_authorize("12.34.56.78", "subscriber"))
{
www_challenge("12.34.56.78",
"1");
break;
};
};
strip(0);
rewritehostport("1.2.3.4:11234");
append_branch("1.2.3.4");
t_relay();
t_relay_to_udp("1.2.3.4",
"11234");
append_hf("P-hint:
VoipSwitch GATEWAY\r\n");
log(0,
"********************************************\n\n\n");
break;
};
When I try to call 00xxxxxx the DUV device
doesn't authorize to the ser and the call fails. The same happens when
proxy_authorize is used.
Here is the sniffer log:
#
U 34.56.87.12:5060 ->
12.34.56.78:5060
INVITE sip:00359123456@12.34.56.78 SIP/2.0.
Via:
SIP/2.0/UDP 34.56.87.12:5060.
From: 6789
<sip:6789@12.34.56.78>;tag=10311.
To:
sip:00359123456@12.34.56.78.
Call-ID: 20495@34.56.87.12.
Contact:
sip:6789@34.56.87.12:5060.
CSeq: 8112 INVITE.
Max-Forwards:
70.
Content-Length: 119.
User-Agent: DUV1000
(dlk2.62)6789.
Content-Type: application/sdp.
.
v=0.
o=dlink 4526
9013 IN IP4 34.56.87.12.
s=Session SDP.
c=IN IP4 34.56.87.12.
t=0
0.
m=audio 6868 RTP/AVP 4 4 4.
.
#
U 12.34.56.78:5060 ->
34.56.87.12:5060
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP
34.56.87.12:5060.
From: 6789 <sip:6789@12.34.56.78>;tag=10311.
To:
sip:00359123456@12.34.56.78;tag=89fc68a3caf42d7e2d6038f5511e0f83.d0d2.
Call-ID:
20495@34.56.87.12.
CSeq:
8112 INVITE.
WWW-Authenticate: Digest realm="12.34.56.78",
nonce="423ab89f16ace6d2361b2f280fbcc0a1e55f06e1", qop="auth".
Server: Sip
EXpress router (0.9.0 (i386/linux)).
Content-Length: 0.
Warning: 392
12.34.56.78:5060 "Noisy feedback tells: pid=29694 req_src_ip=34.56.87.12
req_src_port=5060 in_uri=sip:00359123456@12.34.56.78
out_uri=sip:00359123456@12.34.56.78 via_cnt==1".
.
#
U 34.56.87.12:5060 ->
12.34.56.78:5060
ACK sip:00359123456@12.34.56.78 SIP/2.0.
Via: SIP/2.0/UDP
34.56.87.12:5060.
From: 6789 <sip:6789@12.34.56.78>;tag=10311.
To:
sip:00359123456@12.34.56.78.
Call-ID: 20495@34.56.87.12.
Contact:
sip:6789@34.56.87.12:5060.
CSeq: 8112 ACK.
Max-Forwards:
70.
Content-Length: 0.
User-Agent: DUV1000
(dlk2.62)6789.
.
#
U 34.56.87.12:5060 ->
12.34.56.78:5060
INVITE sip:00359123456@12.34.56.78 SIP/2.0.
Via:
SIP/2.0/UDP 34.56.87.12:5060.
From: 6789
<sip:6789@12.34.56.78>;tag=17031.
To:
sip:00359123456@12.34.56.78.
Call-ID: 30054@34.56.87.12.
Contact:
sip:6789@34.56.87.12:5060.
CSeq: 8288 INVITE.
Max-Forwards:
70.
Content-Length: 119.
Authorization: Digest
username="6789",realm="12.34.56.78",nonce="423ab89f16ace6d2361b2f280fbcc0a1e55f06e1",uri="sip:00359123456@12.34.56.78",algorithm=MD5,qop="auth",nc=00000006,cnonce="11367",response="ef6972dc5229d88060a952c10bdb2789".
User-Agent:
DUV1000 (dlk2.62)6789.
Content-Type: application/sdp.
.
v=0.
o=dlink
4526 9013 IN IP4 34.56.87.12.
s=Session SDP.
c=IN IP4 34.56.87.12.
t=0
0.
m=audio 7044 RTP/AVP 4 4 4.
It seems that DUV sends authorization
information ... but not correct maybe. Without www_autorize and proxy_authorize
the device is able to place calls.
Thanks in advance,
Pavel