loadmodule "ndb_redis.so"
loadmodule "topos.so"
loadmodule "topos_redis.so"
# ----- topos params -----
modparam("topos", "storage", "redis")
modparam("topos", "dialog_expire", 15000)
Code used:
# IP authorization and user authentication
route[AUTH] {
xlog("L_DBG", "route[AUTH]\n");
#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address()) {
# source IP allowed
return;
}
#!endif
#!ifdef WITH_AUTH
if ((is_method("REGISTER")) || ($avp(need_auth) == "1")) { ####need_auth is equal to 1 in this case
# authenticate requests
$var(key)=$fU + "@" + $fd;
if($sht(auth_cache=>$var(key))!=$null) {
if (!pv_auth_check("$fd", "$sht(auth_cache=>$var(key))", "0", "1")) {
auth_challenge("$fd", “1”); #################### we always go here with INVITE with proxy-authorization header and the return code is always -5 (AUTH_NO_CREDENTIALS)
exit;
}
}
else
{
if (!auth_check("$fd", "subscriber", "1")) {
if ($rc == -1)
{
append_to_reply("Retry-After: 10\r\n");
send_reply("503", "Authentication server error");
exit;
}
auth_challenge("$fd", "0");
exit;
}
$sht(auth_cache=>$var(key)) = $avp(password);
}
# user authenticated - remove auth header
consume_credentials(); ######## without topos we go here with INVITE with proxy-authorization header
}
#!endif
return;
}
Note that in this case (with topos) the return code of function pv_auth_check is always -5 (AUTH_NO_CREDENTIALS)
CASE OK:
Frame 3279: 545 bytes on wire (4360 bits), 545 bytes captured (4360 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.102, Dst: 192.168.1.11
Transmission Control Protocol, Src Port: 5060, Dst Port: 60796, Seq: 1, Ack: 953, Len: 477
Session Initiation Protocol (407)
Status-Line: SIP/2.0 407 Proxy Authentication Required
Message Header
Via: SIP/2.0/TCP 192.168.1.33;branch=z9hG4bK2df8e195D1847B94;rport=60796;received=192.168.1.11
From: "6200" <
sip:6200@entreprise-108.fr>;tag=B583B663-FBFBFCAA
To: <
sip:0900000000@entreprise-108.fr;user=phone>;tag=83518db21d5b2e9b777975024049f5a3.8f270000
CSeq: 1 INVITE
Call-ID: 9378ee27e6b7aea384a881c938de8138
[Generated Call-ID: 9378ee27e6b7aea384a881c938de8138]
Proxy-Authenticate: Digest realm="
entreprise-108.fr", nonce="YCPgXmAj3zLDB3+utLVpmc+Y917i5qZO"
Authentication Scheme: Digest
Realm: "
entreprise-108.fr"
Nonce Value: "YCPgXmAj3zLDB3+utLVpmc+Y917i5qZO"
Content-Length: 0
Frame 3285: 1259 bytes on wire (10072 bits), 1259 bytes captured (10072 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.11, Dst: 192.168.1.102
Transmission Control Protocol, Src Port: 60796, Dst Port: 5060, Seq: 1578, Ack: 478, Len: 1191
Session Initiation Protocol (INVITE)
Request-Line: INVITE
sip:0900000000@entreprise-108.fr;user=phone;transport=tcp SIP/2.0
Message Header
Via: SIP/2.0/TCP 192.168.1.33;branch=z9hG4bK827c83577BAADACE
From: "6200" <
sip:6200@entreprise-108.fr>;tag=B583B663-FBFBFCAA
SIP Display info: "6200"
SIP from address:
sip:6200@entreprise-108.fr SIP from tag: B583B663-FBFBFCAA
To: <
sip:0900000000@entreprise-108.fr;user=phone>
SIP to address:
sip:0900000000@entreprise-108.fr;user=phone
CSeq: 2 INVITE
Call-ID: 9378ee27e6b7aea384a881c938de8138
[Generated Call-ID: 9378ee27e6b7aea384a881c938de8138]
Contact: <
sip:6200@192.168.1.33;transport=tcp>
Contact URI:
sip:6200@192.168.1.33;transport=tcp
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
User-Agent: PolycomVVX-VVX_500-UA/5.7.0.14430
Accept-Language: fr-fr,fr;q=0.9,en;q=0.8
Supported: replaces,100rel
Allow-Events: conference,talk,hold
Proxy-Authorization: Digest username="6200", realm="
entreprise-108.fr", nonce="YCPgXmAj3zLDB3+utLVpmc+Y917i5qZO", uri="
sip:0900000000@entreprise-108.fr;user=phone;transport=tcp", response="3e0013cc3dc3855602ce1939af7e6f40", algorithm=MD5
Authentication Scheme: Digest
Username: "6200"
Realm: "
entreprise-108.fr"
Nonce Value: "YCPgXmAj3zLDB3+utLVpmc+Y917i5qZO"
Authentication URI: "
sip:0900000000@entreprise-108.fr;user=phone;transport=tcp"
Digest Authentication Response: "3e0013cc3dc3855602ce1939af7e6f40"
Algorithm: MD5
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 270
Message Body
Bad case (with topos activated):
Frame 9071: 545 bytes on wire (4360 bits), 545 bytes captured (4360 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.102, Dst: 192.168.1.11
Transmission Control Protocol, Src Port: 5060, Dst Port: 43608, Seq: 1, Ack: 953, Len: 477
Session Initiation Protocol (407)
Status-Line: SIP/2.0 407 Proxy Authentication Required
Message Header
Via: SIP/2.0/TCP 192.168.1.33;branch=z9hG4bK5c0a58f3707458FA;rport=43608;received=192.168.1.11
From: "6200" <
sip:6200@entreprise-108.fr>;tag=59191351-FD3B2D60
To: <
sip:0900000000@entreprise-108.fr;user=phone>;tag=83518db21d5b2e9b777975024049f5a3.8f270000
CSeq: 1 INVITE
Call-ID: 727c871081e29672abcb8bd05dde8138
[Generated Call-ID: 727c871081e29672abcb8bd05dde8138]
Proxy-Authenticate: Digest realm="
entreprise-108.fr", nonce="YCPlfGAj5FCsPHbzhSK1i2Oqt9APc1+/"
Authentication Scheme: Digest
Realm: "
entreprise-108.fr"
Nonce Value: "YCPlfGAj5FCsPHbzhSK1i2Oqt9APc1+/"
Content-Length: 0
Frame 9078: 1259 bytes on wire (10072 bits), 1259 bytes captured (10072 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.11, Dst: 192.168.1.102
Transmission Control Protocol, Src Port: 43608, Dst Port: 5060, Seq: 1578, Ack: 478, Len: 1191
Session Initiation Protocol (INVITE)
Request-Line: INVITE
sip:0900000000@entreprise-108.fr;user=phone;transport=tcp SIP/2.0
Message Header
Via: SIP/2.0/TCP 192.168.1.33;branch=z9hG4bKbca400a5DCDB8264
From: "6200" <
sip:6200@entreprise-108.fr>;tag=59191351-FD3B2D60
SIP Display info: "6200"
SIP from address:
sip:6200@entreprise-108.fr SIP from tag: 59191351-FD3B2D60
To: <
sip:0900000000@entreprise-108.fr;user=phone>
SIP to address:
sip:0900000000@entreprise-108.fr;user=phone
CSeq: 2 INVITE
Call-ID: 727c871081e29672abcb8bd05dde8138
[Generated Call-ID: 727c871081e29672abcb8bd05dde8138]
Contact: <
sip:6200@192.168.1.33;transport=tcp>
Contact URI:
sip:6200@192.168.1.33;transport=tcp
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
User-Agent: PolycomVVX-VVX_500-UA/5.7.0.14430
Accept-Language: fr-fr,fr;q=0.9,en;q=0.8
Supported: replaces,100rel
Allow-Events: conference,talk,hold
Proxy-Authorization: Digest username="6200", realm="
entreprise-108.fr", nonce="YCPlfGAj5FCsPHbzhSK1i2Oqt9APc1+/", uri="
sip:0900000000@entreprise-108.fr;user=phone;transport=tcp", response="281d775e7166a96d5efe2e100df3df9a", algorithm=MD5
Authentication Scheme: Digest
Username: "6200"
Realm: "
entreprise-108.fr"
Nonce Value: "YCPlfGAj5FCsPHbzhSK1i2Oqt9APc1+/"
Authentication URI: "
sip:0900000000@entreprise-108.fr;user=phone;transport=tcp"
Digest Authentication Response: "281d775e7166a96d5efe2e100df3df9a"
Algorithm: MD5
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 270
Message Body
Regards,
Frederic