<div dir="ltr"><div>Hi,</div><div><br></div>Here is some more information about my problem.<br>I think that topos impacts challenge computing.<br>Do you have the same behaviour I observed? Do you need more information?<br><br>My tests were done with kamailio 5.4.3 on Centos7<br><br>Without topos activated (note that with topoh activated I have the same good behaviour):<br>CPE - INVITE -> SBC<br>CPE <- 407 ---- SBC<br>CPE - INVITE ->SBC (with proxy-authorization header) -- INVITE --> PROXY (So in this case challenge is validated and INVITE is forwarded)<br><br>With topos activated:<br>CPE - INVITE -> SBC<br>CPE <- 407 ---- SBC<br>CPE - INVITE ->SBC (with proxy-authorization header)<br>CPE <-407 -----SBC<br><br>topos configuration:<div>loadmodule "ndb_redis.so"<br>loadmodule "topos.so"<br>loadmodule "topos_redis.so"<br><br># ----- topos params -----<br>modparam("topos", "storage", "redis")<br>modparam("topos", "dialog_expire", 15000)<br><br>Code used:<br># IP authorization and user authentication<br>route[AUTH] {<br> xlog("L_DBG", "route[AUTH]\n");<br>#!ifdef WITH_IPAUTH<br> if((!is_method("REGISTER")) && allow_source_address()) {<br> # source IP allowed<br> return;<br> }<br>#!endif<br><br>#!ifdef WITH_AUTH<br> if ((is_method("REGISTER")) || ($avp(need_auth) == "1")) { ####need_auth is equal to 1 in this case<br> # authenticate requests<br> $var(key)=$fU + "@" + $fd;<br> if($sht(auth_cache=>$var(key))!=$null) {<br> if (!pv_auth_check("$fd", "$sht(auth_cache=>$var(key))", "0", "1")) {<br> auth_challenge("$fd", “1”); #################### we always go here with INVITE with proxy-authorization header and the return code is always -5 (AUTH_NO_CREDENTIALS)<br> exit;<br> }<br> }<br> else<br> {<br> if (!auth_check("$fd", "subscriber", "1")) {<br> if ($rc == -1)<br> {<br> append_to_reply("Retry-After: 10\r\n");<br> send_reply("503", "Authentication server error");<br> exit;<br> }<br> auth_challenge("$fd", "0");<br> exit;<br> }<br> $sht(auth_cache=>$var(key)) = $avp(password);<br> }<br> # user authenticated - remove auth header<br> consume_credentials(); ######## without topos we go here with INVITE with proxy-authorization header
<br> }<br>#!endif<br> return;<br>}<br><br>Note that in this case (with topos) the return code of function pv_auth_check is always -5 (AUTH_NO_CREDENTIALS)<br><br><br>CASE OK:<br>Frame 3279: 545 bytes on wire (4360 bits), 545 bytes captured (4360 bits)<br>Linux cooked capture<br>Internet Protocol Version 4, Src: 192.168.1.102, Dst: 192.168.1.11<br>Transmission Control Protocol, Src Port: 5060, Dst Port: 60796, Seq: 1, Ack: 953, Len: 477<br>Session Initiation Protocol (407)<br> Status-Line: SIP/2.0 407 Proxy Authentication Required<br> Message Header<br> Via: SIP/2.0/TCP 192.168.1.33;branch=z9hG4bK2df8e195D1847B94;rport=60796;received=192.168.1.11<br> From: "6200" <<a href="mailto:sip%3A6200@entreprise-108.fr">sip:6200@entreprise-108.fr</a>>;tag=B583B663-FBFBFCAA<br> To: <<a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone>;tag=83518db21d5b2e9b777975024049f5a3.8f270000<br> CSeq: 1 INVITE<br> Call-ID: 9378ee27e6b7aea384a881c938de8138<br> [Generated Call-ID: 9378ee27e6b7aea384a881c938de8138]<br> Proxy-Authenticate: Digest realm="<a href="http://entreprise-108.fr">entreprise-108.fr</a>", nonce="YCPgXmAj3zLDB3+utLVpmc+Y917i5qZO"<br> Authentication Scheme: Digest<br> Realm: "<a href="http://entreprise-108.fr">entreprise-108.fr</a>"<br> Nonce Value: "YCPgXmAj3zLDB3+utLVpmc+Y917i5qZO"<br> Content-Length: 0<br><br>Frame 3285: 1259 bytes on wire (10072 bits), 1259 bytes captured (10072 bits)<br>Linux cooked capture<br>Internet Protocol Version 4, Src: 192.168.1.11, Dst: 192.168.1.102<br>Transmission Control Protocol, Src Port: 60796, Dst Port: 5060, Seq: 1578, Ack: 478, Len: 1191<br>Session Initiation Protocol (INVITE)<br> Request-Line: INVITE <a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone;transport=tcp SIP/2.0<br> Message Header<br> Via: SIP/2.0/TCP 192.168.1.33;branch=z9hG4bK827c83577BAADACE<br> From: "6200" <<a href="mailto:sip%3A6200@entreprise-108.fr">sip:6200@entreprise-108.fr</a>>;tag=B583B663-FBFBFCAA<br> SIP Display info: "6200"<br> SIP from address: <a href="mailto:sip%3A6200@entreprise-108.fr">sip:6200@entreprise-108.fr</a><br> SIP from tag: B583B663-FBFBFCAA<br> To: <<a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone><br> SIP to address: <a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone<br> CSeq: 2 INVITE<br> Call-ID: 9378ee27e6b7aea384a881c938de8138<br> [Generated Call-ID: 9378ee27e6b7aea384a881c938de8138]<br> Contact: <<a href="mailto:sip%3A6200@192.168.1.33">sip:6200@192.168.1.33</a>;transport=tcp><br> Contact URI: <a href="mailto:sip%3A6200@192.168.1.33">sip:6200@192.168.1.33</a>;transport=tcp<br> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER<br> User-Agent: PolycomVVX-VVX_500-UA/5.7.0.14430<br> Accept-Language: fr-fr,fr;q=0.9,en;q=0.8<br> Supported: replaces,100rel<br> Allow-Events: conference,talk,hold<br> Proxy-Authorization: Digest username="6200", realm="<a href="http://entreprise-108.fr">entreprise-108.fr</a>", nonce="YCPgXmAj3zLDB3+utLVpmc+Y917i5qZO", uri="<a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone;transport=tcp", response="3e0013cc3dc3855602ce1939af7e6f40", algorithm=MD5<br> Authentication Scheme: Digest<br> Username: "6200"<br> Realm: "<a href="http://entreprise-108.fr">entreprise-108.fr</a>"<br> Nonce Value: "YCPgXmAj3zLDB3+utLVpmc+Y917i5qZO"<br> Authentication URI: "<a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone;transport=tcp"<br> Digest Authentication Response: "3e0013cc3dc3855602ce1939af7e6f40"<br> Algorithm: MD5<br> Max-Forwards: 70<br> Content-Type: application/sdp<br> Content-Length: 270<br> Message Body<br> <br>Bad case (with topos activated):<br>Frame 9071: 545 bytes on wire (4360 bits), 545 bytes captured (4360 bits)<br>Linux cooked capture<br>Internet Protocol Version 4, Src: 192.168.1.102, Dst: 192.168.1.11<br>Transmission Control Protocol, Src Port: 5060, Dst Port: 43608, Seq: 1, Ack: 953, Len: 477<br>Session Initiation Protocol (407)<br> Status-Line: SIP/2.0 407 Proxy Authentication Required<br> Message Header<br> Via: SIP/2.0/TCP 192.168.1.33;branch=z9hG4bK5c0a58f3707458FA;rport=43608;received=192.168.1.11<br> From: "6200" <<a href="mailto:sip%3A6200@entreprise-108.fr">sip:6200@entreprise-108.fr</a>>;tag=59191351-FD3B2D60<br> To: <<a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone>;tag=83518db21d5b2e9b777975024049f5a3.8f270000<br> CSeq: 1 INVITE<br> Call-ID: 727c871081e29672abcb8bd05dde8138<br> [Generated Call-ID: 727c871081e29672abcb8bd05dde8138]<br> Proxy-Authenticate: Digest realm="<a href="http://entreprise-108.fr">entreprise-108.fr</a>", nonce="YCPlfGAj5FCsPHbzhSK1i2Oqt9APc1+/"<br> Authentication Scheme: Digest<br> Realm: "<a href="http://entreprise-108.fr">entreprise-108.fr</a>"<br> Nonce Value: "YCPlfGAj5FCsPHbzhSK1i2Oqt9APc1+/"<br> Content-Length: 0<br><br>Frame 9078: 1259 bytes on wire (10072 bits), 1259 bytes captured (10072 bits)<br>Linux cooked capture<br>Internet Protocol Version 4, Src: 192.168.1.11, Dst: 192.168.1.102<br>Transmission Control Protocol, Src Port: 43608, Dst Port: 5060, Seq: 1578, Ack: 478, Len: 1191<br>Session Initiation Protocol (INVITE)<br> Request-Line: INVITE <a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone;transport=tcp SIP/2.0<br> Message Header<br> Via: SIP/2.0/TCP 192.168.1.33;branch=z9hG4bKbca400a5DCDB8264<br> From: "6200" <<a href="mailto:sip%3A6200@entreprise-108.fr">sip:6200@entreprise-108.fr</a>>;tag=59191351-FD3B2D60<br> SIP Display info: "6200"<br> SIP from address: <a href="mailto:sip%3A6200@entreprise-108.fr">sip:6200@entreprise-108.fr</a><br> SIP from tag: 59191351-FD3B2D60<br> To: <<a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone><br> SIP to address: <a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone<br> CSeq: 2 INVITE<br> Call-ID: 727c871081e29672abcb8bd05dde8138<br> [Generated Call-ID: 727c871081e29672abcb8bd05dde8138]<br> Contact: <<a href="mailto:sip%3A6200@192.168.1.33">sip:6200@192.168.1.33</a>;transport=tcp><br> Contact URI: <a href="mailto:sip%3A6200@192.168.1.33">sip:6200@192.168.1.33</a>;transport=tcp<br> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER<br> User-Agent: PolycomVVX-VVX_500-UA/5.7.0.14430<br> Accept-Language: fr-fr,fr;q=0.9,en;q=0.8<br> Supported: replaces,100rel<br> Allow-Events: conference,talk,hold<br> Proxy-Authorization: Digest username="6200", realm="<a href="http://entreprise-108.fr">entreprise-108.fr</a>", nonce="YCPlfGAj5FCsPHbzhSK1i2Oqt9APc1+/", uri="<a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone;transport=tcp", response="281d775e7166a96d5efe2e100df3df9a", algorithm=MD5<br> Authentication Scheme: Digest<br> Username: "6200"<br> Realm: "<a href="http://entreprise-108.fr">entreprise-108.fr</a>"<br> Nonce Value: "YCPlfGAj5FCsPHbzhSK1i2Oqt9APc1+/"<br> Authentication URI: "<a href="mailto:sip%3A0900000000@entreprise-108.fr">sip:0900000000@entreprise-108.fr</a>;user=phone;transport=tcp"<br> Digest Authentication Response: "281d775e7166a96d5efe2e100df3df9a"<br> Algorithm: MD5<br> Max-Forwards: 70<br> Content-Type: application/sdp<br> Content-Length: 270<br> Message Body<br> <br>Regards,<br><br>Frederic<br></div></div>