[asterisk-dev] bug or feature (use From: instead of Digest username
to match INVITE) ?
Luigi Rizzo
rizzo at icir.org
Mon Oct 9 14:48:51 MST 2006
Hi,
i am experiencing the following and i am not sure if it is caused
by a local misconfiguration, a fundamental problem with SIP, or
a problem in the way asterisk matches INVITEs against directly
connected SIP devices.
I have asterisk connected to a SIP provider, and to some SIP phones
(type=friend). If the number in the From: line in an INVITE request
coming from the provider matches the "username" of one of the phones,
asterisk will try to match the provider's authentication info
in the INVITE against the phone's entry.
This may look as a contrived example, however i just hit that
in a configuration where a call from a local phone (username=551) goes
to extension 27533 on the provider, which in turn forwards it back to
the original asterisk at extension 21611, which in turn is redirected
through the dialplan to another local phone (username=552):
[1] 551 -> asterisk (10.0.9.236)
dialplan forwards the call to SIP/27533 at provider
[2] asterisk -> provider (10.0.21.38)
dialplan on the provider forwards to SIP/21611 at asterisk
[3] provider -> asterisk
xx problem here - in principle, should match the provider's
entry, but the INVITE has From: 551 so it matches
the wrong entry.
[4] asterisk -> 552
in theory, dialplan forwards 21611 to 522
The relevant INVITE that fails for step 3 is this:
INVITE sip:21611 at 10.0.9.236 SIP/2.0
Via: SIP/2.0/UDP 10.0.21.38:5060;branch=z9hG4bK21f9eb4d;rport
From: "551" <sip:551 at 10.0.21.38>;tag=as350877d9
To: <sip:21611 at 10.0.9.236>
Contact: <sip:551 at 10.0.21.38>
Call-ID: 3a6f0ee02c7696107d629c6c7bb2c9ea at 10.0.21.38
CSeq: 103 INVITE
User-Agent: Asterisk PBX
Max-Forwards: 70
Proxy-Authorization: Digest username="21611", realm="asterisk",
algorithm=MD5, uri="sip:21611 at 10.0.9.236",
nonce="340341e4",
response="8f54583026d317102db35a69a9266ac5", opaque=""
Date: Mon, 09 Oct 2006 21:08:55 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Content-Type: application/sdp
Content-Length: 240
...
I am not sure how to handle this. Maybe i miss that, but what's wrong
in using the "username" entry in the Proxy-Authorization: line
to lookup the matching entry in the users list ?
cheers
luigi
More information about the asterisk-dev
mailing list