[asterisk-bugs] [JIRA] (ASTERISK-29938) PJSIP Rewritng headers along with protocol

Asterisk Team (JIRA) noreply at issues.asterisk.org
Fri Feb 25 08:00:07 CST 2022


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=258204#comment-258204 ] 

Asterisk Team commented on ASTERISK-29938:
------------------------------------------

The severity of this issue has been automatically downgraded from "Blocker" to "Major". The "Blocker" severity is reserved for issues which have been determined to block the next release of Asterisk. This severity can only be set by privileged users. If this issue is deemed to block the next release it will be updated accordingly during the triage process.

> PJSIP Rewritng headers along with protocol
> ------------------------------------------
>
>                 Key: ASTERISK-29938
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29938
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip
>    Affects Versions: 16.20.0
>         Environment: Asterisk 16.20.0
> Centos 7.9
>            Reporter: Vijo Jose
>            Severity: Major
>
> Am using SIP with TLS for my SIP User registration Also I have a SIP Proxy configured for user registration request forwarding towards my asterisk box.
> Users who are registering in the Local network.
> SIP Proxy have public Internet
> And Asterisk Box also have Public Internet
> From the USer machine, we have the connectivity to Proxy and From proxy to Asterisk as well. And my sip user will register with a softphone using UDP to Asterisk domain with the proxy address and my proxy send to asterisk with TLS. Here I have everything work perfectly with Chan_sip
> Now I need to change that need chan_pjsip and try for registration - But the registration working and the calls are failing. But in SIP it was working fine.
> I have a user config for a sip. conf
> [123123]
> username=123123
> type=friend
> secret=Asterisk at 123123 note that this is NOT a secure password
> host=dynamic
> qualify=yes
> context=from-pstn
> dtmfmode=rfc2833
> disallow=all
> allow=alaw
> transport=tls
> encryption=yes
> And the same user converts to pjsip and below is pjsip.conf
> [123123]
> username=123123
> [123123]
> type=aor
> max_contacts=1
> maximum_expiration=3600
> default_expiration=120
> [123123]
> type=auth
> username=123123
> password=Asterisk at 123123
> [123123]
> type=endpoint
> context=from-pstn
> dtmf_mode=rfc4733
> disallow=all
> allow=alaw
> rtp_symmetric=yes
> force_rport=yes
> rewrite_contact=yes
> rtp_timeout=60
> direct_media=no
> trust_id_inbound=no
> send_rpid=yes
> media_encryption=sdes
> inband_progress=no
> language=en
> auth=123123
> outbound_auth=123123
> aors=123123
> Here when my user registers with UDP and Proxy forward to Asterisk TLS.
>     When using pjsip with rewrite contact the IP is updated with Proxy IP instead of local and calls forwarding to Proxy but doing the forward it also rewrites context header protocol from UDP to TLS. Hence my calls start fail.
> I need to rewrite the Contaxt here IP only instead of IP and protocol
> Below is the sample log for pjsip which not working fine
> <— Received SIP request (684 bytes) from TLS:10.10.10.15:45906 —>
> REGISTER sip:10.10.10.10;transport=UDP SIP/2.0
> Via: SIP/2.0/TLS 10.10.10.15:5061;branch=z9hG4bKe855.a0e258ca3de5139adf1781ce919e86a7.0
> Via: SIP/2.0/UDP 10.4.6.119:63731;rport=63731;branch=z9hG4bK-524287-1—a6f797de0f863346
> Max-Forwards: 69
> To: sip:658906 at 10.10.10.10;transport=UDP
> From: sip:658906 at 10.10.10.10;transport=UDP;tag=9d10e428
> Call-ID: k4sHrL9AjlELoQ_U6d3mIQ…
> CSeq: 1 REGISTER
> Expires: 60
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE
> User-Agent: Z 5.5.9 v2.10.17.3
> Allow-Events: presence, kpml, talk
> Content-Length: 0
> P-Hint: outbound
> <— Transmitting SIP response (613 bytes) to TLS:10.10.10.15:45906 —>
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TLS 10.10.10.15:5061;rport=45906;received=10.10.10.15;branch=z9hG4bKe855.a0e258ca3de5139adf1781ce919e86a7.0
> Via: SIP/2.0/UDP 10.4.6.119:63731;rport=63731;branch=z9hG4bK-524287-1—a6f797de0f863346
> Call-ID: k4sHrL9AjlELoQ_U6d3mIQ…
> From: sip:658906 at 10.10.10.10;tag=9d10e428
> To: sip:658906 at 10.10.10.10;tag=z9hG4bKe855.a0e258ca3de5139adf1781ce919e86a7.0
> CSeq: 1 REGISTER
> WWW-Authenticate: Digest realm=“asterisk”,nonce=“1645773968/5a1e2515a15ae40c7f982d2cc372f1f1”,opaque=“73421f31588505a4”,algorithm=md5,qop=“auth”
> Server: asterisk Telephony
> Content-Length: 0
> <— Received SIP request (976 bytes) from TLS:10.10.10.15:45906 —>
> REGISTER sip:10.10.10.10;transport=UDP SIP/2.0
> Via: SIP/2.0/TLS 10.10.10.15:5061;branch=z9hG4bKb855.dc9dc6093e30fd984f39801c2d2208ac.0
> Via: SIP/2.0/UDP 10.4.6.119:63731;rport=63731;branch=z9hG4bK-524287-1—d77008763cf147af
> Max-Forwards: 69
> Contact: sip:658906 at 10.4.6.119:63731;rinstance=d0aef387ddba6ff0;transport=UDP
> To: sip:658906 at 10.10.10.10;transport=UDP
> From: sip:658906 at 10.10.10.10;transport=UDP;tag=9d10e428
> Call-ID: k4sHrL9AjlELoQ_U6d3mIQ…
> CSeq: 2 REGISTER
> Expires: 60
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE
> User-Agent: Z 5.5.9 v2.10.17.3
> Authorization: Digest username=“658906”,realm=“asterisk”,nonce=“1645773968/5a1e2515a15ae40c7f982d2cc372f1f1”,uri=“sip:10.10.10.10;transport=UDP”,response=“74ae03622bd7f37b16f1d39da0dd1b75”,cnonce=“f4b85192b0b3d5a91c7f0960f1d1d3a6”,nc=00000001,qop=auth,algorithm=md5,opaque=“73421f31588505a4”
> Allow-Events: presence, kpml, talk
> Content-Length: 0
> P-Hint: outbound
> -- Added contact 'sip:658906 at 10.10.10.15:45906;transport=TLS;rinstance=d0aef387ddba6ff0;x-ast-orig-host=10.4.6.119:63731' to AOR '658906' with expiration of 60 seconds
> <— Transmitting SIP response (599 bytes) to TLS:10.10.10.15:45906 —>
> SIP/2.0 200 OK
> Via: SIP/2.0/TLS 10.10.10.15:5061;rport=45906;received=10.10.10.15;branch=z9hG4bKb855.dc9dc6093e30fd984f39801c2d2208ac.0
> Via: SIP/2.0/UDP 10.4.6.119:63731;rport=63731;branch=z9hG4bK-524287-1—d77008763cf147af
> Call-ID: k4sHrL9AjlELoQ_U6d3mIQ…
> From: sip:658906 at 10.10.10.10;tag=9d10e428
> To: sip:658906 at 10.10.10.10;tag=z9hG4bKb855.dc9dc6093e30fd984f39801c2d2208ac.0
> CSeq: 2 REGISTER
> Date: Fri, 25 Feb 2022 07:26:08 GMT
> Contact: sip:658906 at 10.4.6.119:63731**;transport=TLS**;rinstance=d0aef387ddba6ff0;expires=59
> Expires: 60
> Server: asterisk Telephony
> Content-Length: 0
> Sample log for SIP using - which is working
> <— SIP read from TLS:10.10.10.15:47536 —>
> REGISTER sip:10.10.10.10;transport=UDP SIP/2.0
> Via: SIP/2.0/TLS 10.10.10.15:5061;branch=z9hG4bK78fe.05d270ab59ab920ff7f0a87c0190f69e.0
> Via: SIP/2.0/UDP 10.4.6.119:63731;rport=63731;branch=z9hG4bK-524287-1—6161c8385bf65a62
> Max-Forwards: 69
> Contact: sip:658906 at 10.4.6.119:63731;rinstance=1dce818979687c41;transport=UDP
> To: sip:658906 at 10.10.10.10;transport=UDP
> From: sip:658906 at 10.10.10.10;transport=UDP;tag=fb43864c
> Call-ID: 3R4eHBbQdwxlJV_3gdJI5A…
> CSeq: 1 REGISTER
> Expires: 60
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE
> User-Agent: Z 5.5.9 v2.10.17.3
> Allow-Events: presence, kpml, talk
> Content-Length: 0
> P-Hint: outbound
> <------------->
> — (15 headers 0 lines) —
> Sending to 10.10.10.15:47536 (NAT)
> Sending to 10.10.10.15:47536 (NAT)
> <— Transmitting (NAT) to 10.10.10.15:47536 —>
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TLS 10.10.10.15:5061;branch=z9hG4bK78fe.05d270ab59ab920ff7f0a87c0190f69e.0;received=10.10.10.15;rport=47536
> Via: SIP/2.0/UDP 10.4.6.119:63731;rport=63731;branch=z9hG4bK-524287-1—6161c8385bf65a62
> From: sip:658906 at 10.10.10.10;transport=UDP;tag=fb43864c
> To: sip:658906 at 10.10.10.10;transport=UDP;tag=as11404aa6
> Call-ID: 3R4eHBbQdwxlJV_3gdJI5A…
> CSeq: 1 REGISTER
> Server: Phonon Telephony
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
> Supported: replaces, timer
> WWW-Authenticate: Digest algorithm=MD5, realm=“AWSPOC-1”, nonce=“03f0f566”
> Content-Length: 0
> <------------>
> Scheduling destruction of SIP dialog ‘3R4eHBbQdwxlJV_3gdJI5A…’ in 32000 ms (Method: REGISTER)
> <— SIP read from TLS:10.10.10.15:47536 —>
> REGISTER sip:10.10.10.10;transport=UDP SIP/2.0
> Via: SIP/2.0/TLS 10.10.10.15:5061;branch=z9hG4bK48fe.6b5f9894323411723b4bb16791edbb82.0
> Via: SIP/2.0/UDP 10.4.6.119:63731;rport=63731;branch=z9hG4bK-524287-1—4216ee0f07b01a37
> Max-Forwards: 69
> Contact: sip:658906 at 10.4.6.119:63731;rinstance=1dce818979687c41;transport=UDP
> To: sip:658906 at 10.10.10.10;transport=UDP
> From: sip:658906 at 10.10.10.10;transport=UDP;tag=fb43864c
> Call-ID: 3R4eHBbQdwxlJV_3gdJI5A…
> CSeq: 2 REGISTER
> Expires: 60
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE
> User-Agent: Z 5.5.9 v2.10.17.3
> Authorization: Digest username=“658906”,realm=“AWSPOC-1”,nonce=“03f0f566”,uri=“sip:10.10.10.10;transport=UDP”,response=“f2f86257be9d891528d93784e913b68e”,algorithm=MD5
> Allow-Events: presence, kpml, talk
> Content-Length: 0
> P-Hint: outbound
> <------------->
> — (16 headers 0 lines) —
> Sending to 10.10.10.15:47536 (NAT)
> – Registered SIP ‘658906’ at 10.10.10.15:47536
> <— Transmitting (NAT) to 10.10.10.15:47536 —>
> SIP/2.0 200 OK
> Via: SIP/2.0/TLS 10.10.10.15:5061;branch=z9hG4bK48fe.6b5f9894323411723b4bb16791edbb82.0;received=10.10.10.15;rport=47536
> Via: SIP/2.0/UDP 10.4.6.119:63731;rport=63731;branch=z9hG4bK-524287-1—4216ee0f07b01a37
> From: sip:658906 at 10.10.10.10;transport=UDP;tag=fb43864c
> To: sip:658906 at 10.10.10.10;transport=UDP;tag=as11404aa6
> Call-ID: 3R4eHBbQdwxlJV_3gdJI5A…
> CSeq: 2 REGISTER
> Server: Phonon Telephony
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
> Supported: replaces, timer
> Expires: 60
> Contact: sip:658906 at 10.4.6.119:63731;rinstance=1dce818979687c41;transport=UDP;expires=60
> Date: Fri, 25 Feb 2022 07:34:14 GMT
> Content-Length: 0
> <------------>
> Scheduling destruction of SIP dialog ‘3R4eHBbQdwxlJV_3gdJI5A…’ in 32000 ms (Method: REGISTER)
> is there an option where we can register pjsip with the contact header of public IP without rewriting the protocol?



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list