Hello to all users,
I am very new to kamailio and just started using it. I have installed it and my phones are getting register successfully.
But sometimes i am seeing a scenario, which makes my phones unusable for sometime. please see the condition as below
| phone |--------------| Kamailio | | REGISTER-----------------> <----------------------401 | REGISTER-----------------> Tricky condition here
| timeout <--------------200 OK phone shows itself as unregistered | REGISTER----------------> <--------------------401
After several retries phone stops to retry till say next 20 seconds, during that time though there's an entry in location table in kamailio (i am using mysql) my phone shows itself as unregistered phone.
Due to load or any other conditions Server takes a bit time to send 200OK back to phone and During that time timer expires and phone sends REGISTER once again. now phone will keep sending REGISTER request with same nonse and other value, and kamailio is configured to not to entertained same credentials with nonce if it is authenticated once. So kamailio generates new 401 Message with new nonce value to which phone understands as the previous reply thet he send for previous 401 was rejected, and the most probable reason is wrong user credentials.....
Hope you guys have got my problem? i can not allow kamailio to let use the same credentials+ response with nonce if it has used it once for security reason. Then what could be the solution for this. I am very good in Programming, but just that i have just started to use kamailio and not very much aware about its architecture.
You have detected a potential problem with nonce_reuse disabled. That's why I always allow nonce_reuse. There might be other problems with REGISTER retransmissions too, e.g. if the retransmission arives to late, it will be rejected with "wrong CSeq" error.
A first workaround would be to send 100 trying back to the client, this should prevent retransmissions. You could also handle the REGISTER statefull (t_newtran()), but I think sending back "100 trying" should be sufficient.
regards klaus
Am 12.02.2010 06:02, schrieb Hemanshu Patel:
Hello to all users,
I am very new to kamailio and just started using it. I have installed it and my phones are getting register successfully.
But sometimes i am seeing a scenario, which makes my phones unusable for sometime. please see the condition as below
| phone |--------------| Kamailio | | REGISTER-----------------> <----------------------401 | REGISTER-----------------> Tricky condition here
| timeout<--------------200 OK phone shows itself as unregistered | REGISTER----------------> <--------------------401
After several retries phone stops to retry till say next 20 seconds, during that time though there's an entry in location table in kamailio (i am using mysql) my phone shows itself as unregistered phone.
Due to load or any other conditions Server takes a bit time to send 200OK back to phone and During that time timer expires and phone sends REGISTER once again. now phone will keep sending REGISTER request with same nonse and other value, and kamailio is configured to not to entertained same credentials with nonce if it is authenticated once. So kamailio generates new 401 Message with new nonce value to which phone understands as the previous reply thet he send for previous 401 was rejected, and the most probable reason is wrong user credentials.....
Hope you guys have got my problem? i can not allow kamailio to let use the same credentials+ response with nonce if it has used it once for security reason. Then what could be the solution for this. I am very good in Programming, but just that i have just started to use kamailio and not very much aware about its architecture.
What kamailio is doing is what normally any rfc 3261 should do. But in my case i dont want once used nonce and response to be reused.... i think i left with only one solution, and which is that i am not suppose to entertain retransmission of REGISTER request till say around 2 sec once i send 200 OK. This will give ample amount of time to client phone to receive 200OK and once phone will receive 200OK it wont send another REGISTER request, and from server end first REGISTER retransmission i am dropping.that servers my purpose.
Can anyone suggest me the easiest way to implement the same. Can i do it with already available flags or function or i need to hack a code a bit.
Am 12.02.2010 11:23, schrieb Hemanshu Patel:
What kamailio is doing is what normally any rfc 3261 should do. But in my case i dont want once used nonce and response to be reused.... i think i left with only one solution, and which is that i am not suppose to entertain retransmission of REGISTER request till say around 2 sec once i send 200 OK.
In this case you have handle the REGISTER stateful.
Daniel, haven't you extended save() to send the reply stateful if a transaction was created?
regards klaus
This will give ample amount of time to client phone to receive 200OK and once phone will receive 200OK it wont send another REGISTER request, and from server end first REGISTER retransmission i am dropping.that servers my purpose.
Can anyone suggest me the easiest way to implement the same. Can i do it with already available flags or function or i need to hack a code a bit.
Hello,
On 2/12/10 1:09 PM, Klaus Darilion wrote:
Am 12.02.2010 11:23, schrieb Hemanshu Patel:
What kamailio is doing is what normally any rfc 3261 should do. But in my case i dont want once used nonce and response to be reused.... i think i left with only one solution, and which is that i am not suppose to entertain retransmission of REGISTER request till say around 2 sec once i send 200 OK.
In this case you have handle the REGISTER stateful.
Daniel, haven't you extended save() to send the reply stateful if a transaction was created?
yes, the registrar sends stateful reply if transaction exists. Make sure sl module is loaded after tm so it can binds to tm api properly.
Cheers, Daniel
regards klaus
This will give ample amount of time to client phone to receive 200OK and once phone will receive 200OK it wont send another REGISTER request, and from server end first REGISTER retransmission i am dropping.that servers my purpose.
Can anyone suggest me the easiest way to implement the same. Can i do it with already available flags or function or i need to hack a code a bit.
Thanks everyone for the reply,
But my problem is i dont want my REGISTER request to be handled statefully....it increases CPU and memory utilization....and i am suppsoe to handle lot of users on this server.
Then it seems theres no solution via configuration parameters..... i think i need to add some codes somewhere to solve the problem.
the States are as below:
# registration is handled in stateless manner # every REGISTER request...even if it is retransmission is been seen as new transaction and as nonce_reuse is not allowed...it creates new credentials and sends back 401 to phone. # here i want something to stop.... i want to detect that this register request is mere retransmission and not a new REGISTER request... and drop it within some time frame...say cseq_delay time frame.....
Where should i starts roaming in code? can you guide me a bit about it.
-
Daniel-Constantin Mierla -
Hemanshu Patel -
Klaus Darilion