uac_registrant module and TCP

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

uac_registrant module and TCP

Peter Baines (lists)
Hello,

I am trying to use the uac_registrant module (2.2) to register via TCP but when it recieves the 401 it is not adding the Authorization header.

It does work with UDP so I get:

REGISTER -> 401 (with WWW-Authenticate) -> REGISTER (with Authorization) -> 200 OK

However when I tell it to use TCP it doesn't add the Authorization header:

UPDATE registrant SET forced_socket = 'tcp:1.2.3.4:5060';

REGISTER -> 401 (with WWW-Authenticate) -> REGISTER (no Authorization) -> 403 Forbidden

I've included the debug log for the failing TCP REGSITER attempt: https://pastebin.com/gigJkWZX

Regards,
Peter

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: uac_registrant module and TCP

Bogdan Andrei IANCU
Hi Pete,

Looking to the logs, I see only one line :

Apr 21 09:58:56 dev01 /usr/local/opensips_2.2/sbin/opensips[4766]: DBG:uac_registrant:reg_tm_cback: tm [0x7f2ceb70b2f0] notification cb for FAKED_REPLY [408] reply at [1492761536]

The "r
eg_tm_cback" is the TM callback used to report back to the uac_registrant module the reply code for the sent REGISTER. And I see there a 408 timeout :-/ .....

Even more, the "run_reg_tm_cback" function (that triggers the build of the auth hdr) does not show up logging anything (and there are some debug over there).

So, are you sure that the 401 is actually received ? maybe the second REGISTER is actually a retransmission of the first one ?

Best regards,
Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com

OpenSIPS Summit May 2017 Amsterdam
  http://www.opensips.org/events/Summit-2017Amsterdam.html
On 04/21/2017 11:14 AM, Peter Baines (lists) wrote:
Hello,

I am trying to use the uac_registrant module (2.2) to register via TCP but when it recieves the 401 it is not adding the Authorization header.

It does work with UDP so I get:

REGISTER -> 401 (with WWW-Authenticate) -> REGISTER (with Authorization) -> 200 OK

However when I tell it to use TCP it doesn't add the Authorization header:

UPDATE registrant SET forced_socket = 'tcp:1.2.3.4:5060';

REGISTER -> 401 (with WWW-Authenticate) -> REGISTER (no Authorization) -> 403 Forbidden

I've included the debug log for the failing TCP REGSITER attempt: https://pastebin.com/gigJkWZX

Regards,
Peter


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: uac_registrant module and TCP

Peter Baines (lists)
Hi Bogdan,

Yes you are correct, it is a retransmission.

I've specifed port 5060 as the forced_socket in the registrant table but opensips (1.2.3.4 below) doesn't use it. Is there a way to force uac_registrant to use 5060, or alternatively make the uac_registrant module listen for replies on whatever port it decides to open ?

T 2017/04/21 11:05:26.960562 1.2.3.4:52945 -> 4.3.2.1:5060 [AP]
REGISTER sip:imsreg.example.com SIP/2.0.

T 2017/04/21 11:05:27.381976 4.3.2.1:5060 -> 1.2.3.4:52945 [AP]
SIP/2.0 401 Unauthorized.


mysql> SELECT * FROM registrant \G
*************************** 1. row ***************************
                    id: 1
             registrar: sip:imsreg.example.com
                 proxy: NULL
                   aor: [hidden email]
third_party_registrant: NULL
              username: +[hidden email]
              password: 123
           binding_URI: [hidden email]
        binding_params: NULL
                expiry: NULL
         forced_socket: tcp:1.2.3.4:5060
1 row in set (0.00 sec)


Thank you,
Peter

On 21 April 2017 at 09:53, Bogdan-Andrei Iancu <[hidden email]> wrote:
Hi Pete,

Looking to the logs, I see only one line :

Apr 21 09:58:56 dev01 /usr/local/opensips_2.2/sbin/opensips[4766]: DBG:uac_registrant:reg_tm_cback: tm [0x7f2ceb70b2f0] notification cb for FAKED_REPLY [408] reply at [1492761536]

The "r
eg_tm_cback" is the TM callback used to report back to the uac_registrant module the reply code for the sent REGISTER. And I see there a 408 timeout :-/ .....

Even more, the "run_reg_tm_cback" function (that triggers the build of the auth hdr) does not show up logging anything (and there are some debug over there).

So, are you sure that the 401 is actually received ? maybe the second REGISTER is actually a retransmission of the first one ?

Best regards,
Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com

OpenSIPS Summit May 2017 Amsterdam
  http://www.opensips.org/events/Summit-2017Amsterdam.html
On 04/21/2017 11:14 AM, Peter Baines (lists) wrote:
Hello,

I am trying to use the uac_registrant module (2.2) to register via TCP but when it recieves the 401 it is not adding the Authorization header.

It does work with UDP so I get:

REGISTER -> 401 (with WWW-Authenticate) -> REGISTER (with Authorization) -> 200 OK

However when I tell it to use TCP it doesn't add the Authorization header:

UPDATE registrant SET forced_socket = 'tcp:1.2.3.4:5060';

REGISTER -> 401 (with WWW-Authenticate) -> REGISTER (no Authorization) -> 403 Forbidden

I've included the debug log for the failing TCP REGSITER attempt: https://pastebin.com/gigJkWZX

Regards,
Peter


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: uac_registrant module and TCP

Bogdan Andrei IANCU
Hi Peter,

In TCP, you cannot control the port used to fire a new TCP connection - this is selected by the kernel.  Still, the UAS side will reply back to the originating port (as the trace shows). The fact the uac_registrant does not see the 401 is not necessarily because of the TCP connection, but rather because of some SIP transactional issue - the reply does not match the requests, so the TM  module does not deliver the reply to
uac_registrant.

Do you see any logs from OpenSIPS about the incoming 401 reply ?

Best regards,
Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com

OpenSIPS Summit May 2017 Amsterdam
  http://www.opensips.org/events/Summit-2017Amsterdam.html
On 04/21/2017 12:21 PM, Peter Baines (lists) wrote:
Hi Bogdan,

Yes you are correct, it is a retransmission.

I've specifed port 5060 as the forced_socket in the registrant table but opensips (1.2.3.4 below) doesn't use it. Is there a way to force uac_registrant to use 5060, or alternatively make the uac_registrant module listen for replies on whatever port it decides to open ?

T 2017/04/21 11:05:26.960562 1.2.3.4:52945 -> 4.3.2.1:5060 [AP]
REGISTER sip:imsreg.example.com SIP/2.0.

T 2017/04/21 11:05:27.381976 4.3.2.1:5060 -> 1.2.3.4:52945 [AP]
SIP/2.0 401 Unauthorized.


mysql> SELECT * FROM registrant \G
*************************** 1. row ***************************
                    id: 1
             registrar: sip:imsreg.example.com
                 proxy: NULL
                   aor: [hidden email]
third_party_registrant: NULL
              username: +[hidden email]
              password: 123
           binding_URI: [hidden email]
        binding_params: NULL
                expiry: NULL
         forced_socket: tcp:1.2.3.4:5060
1 row in set (0.00 sec)


Thank you,
Peter

On 21 April 2017 at 09:53, Bogdan-Andrei Iancu <[hidden email]> wrote:
Hi Pete,

Looking to the logs, I see only one line :

Apr 21 09:58:56 dev01 /usr/local/opensips_2.2/sbin/opensips[4766]: DBG:uac_registrant:reg_tm_cback: tm [0x7f2ceb70b2f0] notification cb for FAKED_REPLY [408] reply at [1492761536]

The "r
eg_tm_cback" is the TM callback used to report back to the uac_registrant module the reply code for the sent REGISTER. And I see there a 408 timeout :-/ .....

Even more, the "run_reg_tm_cback" function (that triggers the build of the auth hdr) does not show up logging anything (and there are some debug over there).

So, are you sure that the 401 is actually received ? maybe the second REGISTER is actually a retransmission of the first one ?

Best regards,
Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com

OpenSIPS Summit May 2017 Amsterdam
  http://www.opensips.org/events/Summit-2017Amsterdam.html
On 04/21/2017 11:14 AM, Peter Baines (lists) wrote:
Hello,
I am trying to use the uac_registrant module (2.2) to register via TCP but when it recieves the 401 it is not adding the Authorization header.
It does work with UDP so I get:
REGISTER -> 401 (with WWW-Authenticate) -> REGISTER (with Authorization) -> 200 OK
However when I tell it to use TCP it doesn't add the Authorization header: UPDATE registrant SET forced_socket = 'tcp:1.2.3.4:5060';
REGISTER -> 401 (with WWW-Authenticate) -> REGISTER (no Authorization) -> 403 Forbidden
I've included the debug log for the failing TCP REGSITER attempt: https://pastebin.com/gigJkWZX
Regards,
Peter
_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users