[asterisk-dev] bug or feature (use From: instead of Digest username to match INVITE) ?

Luigi Rizzo rizzo at icir.org
Mon Oct 9 14:48:51 MST 2006 

Hi,
i am experiencing the following and i am not sure if it is caused
by a local misconfiguration, a fundamental problem with SIP, or
a problem in the way asterisk matches INVITEs against directly
connected SIP devices.

I have asterisk connected to a SIP provider, and to some SIP phones
(type=friend). If the number in the From: line in an INVITE request
coming from the provider matches the "username" of one of the phones,
asterisk will try to match the provider's authentication info
in the INVITE against the phone's entry.

This may look as a contrived example, however i just hit that
in a configuration where a call from a local phone (username=551) goes
to extension 27533 on the provider, which in turn forwards it back to
the original asterisk at extension 21611, which in turn is redirected
through the dialplan to another local phone (username=552):

        [1] 551 -> asterisk (10.0.9.236)
        dialplan forwards the call to SIP/27533 at provider

        [2] asterisk -> provider (10.0.21.38)
        dialplan on the provider forwards to SIP/21611 at asterisk
        [3] provider -> asterisk
        xx problem here - in principle, should match the provider's
           entry, but the INVITE has From: 551 so it matches
           the wrong entry.

        [4] asterisk -> 552   
        in theory, dialplan forwards 21611 to 522   

The relevant INVITE that fails for step 3 is this:

        INVITE sip:21611 at 10.0.9.236 SIP/2.0  
        Via: SIP/2.0/UDP 10.0.21.38:5060;branch=z9hG4bK21f9eb4d;rport  
        From: "551" <sip:551 at 10.0.21.38>;tag=as350877d9  
        To: <sip:21611 at 10.0.9.236>  
        Contact: <sip:551 at 10.0.21.38>  
        Call-ID: 3a6f0ee02c7696107d629c6c7bb2c9ea at 10.0.21.38  
        CSeq: 103 INVITE  
        User-Agent: Asterisk PBX  
        Max-Forwards: 70  
        Proxy-Authorization: Digest username="21611", realm="asterisk", 
                algorithm=MD5, uri="sip:21611 at 10.0.9.236", 
                nonce="340341e4",
                response="8f54583026d317102db35a69a9266ac5", opaque=""
        Date: Mon, 09 Oct 2006 21:08:55 GMT
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
        Content-Type: application/sdp
        Content-Length: 240

        ...

I am not sure how to handle this. Maybe i miss that, but what's wrong
in using the "username" entry in the Proxy-Authorization: line
to lookup the matching entry in the users list ?

	cheers
	luigi

More information about the asterisk-dev mailing list