[asterisk-bugs] [JIRA] (ASTERISK-14800) [patch][regression] 1.4.26.2 upgrade from 1.4.18 broke NOTIFY keep-alive reponse and stale nonce handling to Linksys SPA962

Joshua Colp (JIRA) noreply at issues.asterisk.org
Fri Mar 13 21:08:35 CDT 2015 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-14800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp closed ASTERISK-14800.
----------------------------------

    Resolution: Suspended

> [patch][regression] 1.4.26.2 upgrade from 1.4.18 broke NOTIFY keep-alive reponse and stale nonce handling to Linksys SPA962
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-14800
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-14800
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Channels/chan_sip/Interoperability
>            Reporter: Jeff LaCoursiere
>            Severity: Minor
>         Attachments: chan_sip.c.patch, full.post-patch.snip.gz, full.pre-patch.snip.gz
>
>
> Site has ~300 remote Linksys SPA962 phones registering from behind many different NAT routers.  Common config and firmware (6.1.3a) includes sending keep-alive as SIP NOTIFY messages.  After performing a source upgrade from 1.4.18 to 1.4.26.2 the normal 489 INVALID response was no longer being received by the phones, which would try six or seven times then assume the registration was lost, and resend it.  This triggered another (probably Linksys) bug where the re-registration was sent with a stale nonce, and some subset of the phones refused to honor the 401 response and try again with a new nonce, thus would fall offline completely.  Several hours of debugging uncovered that the 489 INVALID was indeed being sent, but to the internal address of the phone rather than its public NAT address, which is new behavior from 1.4.18.
> ****** ADDITIONAL INFORMATION ******
> The attached patch is not intended as a submission for inclusion - in fact I am certain that I am doing things incorrectly!  The two changes solved the problems for us for now until someone can help us determine the correct solution.  The first change was to allow a stale nonce with correct auth info to pass authentication immediately, rather than return the 401.  When this patch was applied the phones that had previously fallen offline every five to twenty minutes stopped doing so.  We realize that this patch makes us vulnerable to "bad things", and hope to find a better method.  The second change was to force __sip_xmit to use p->recv as dst ALWAYS instead of calling sip_real_dst().  I *think* this means that we won't be able to support peers with NAT turned off.  In our case this doesn't matter.  Obviously this patch won't work for everyone.  We hope to better understand why this version of asterisk set dst to the internal IP of the phone and fix THAT.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list