Description

I received a wireshark trace from a team member showing that a tel: uri was translated to a sip: uri in a very strange (invalid) way:

INVITE tel:491234567891;phone-context=ims.mnc001.mcc001.3gppnetwork.org

Was translated to:

INVITE sip:491234567891;phone-context=ims.mnc001.mcc001.3gppnetwork.org@ims.mnc001.mcc001.3gppnetwork.org;user=phone

Troubleshooting

I first thought this was definitely an error, and only the phone number should be copied to the sip: uri. But, on further reading of the specification, (https://www.ietf.org/rfc/rfc3261.txt), I see that it is in fact legal to leave all parameters in. Though, when the phone-context parameter is simply a domain, it would at least seem the cleanest thing would be to remove it when the exact same domain is also inserted after the @ in the sip message.

So, looking to find where the message is translated, I saw in the scscf.cfg configuration file that there is a translation specified.

I found that "tel2sip" is mapped to the C function of the same name tel2sip()

In this function, the translation will do exactly what I found in the trace, in other words, it will leave in all parameters separated by semi-colon, inserted before the @ symbol.

But, reading the spec, I see that the spec is not being followed in any case. The spec states that all parameters included when translating, must be switched to alphabetic order, with the exception that
isdn-subaddress and post-dial, must occur first and in that order. There is no code in tel2sip() to perform that sorting.

Also, the parser removes '(', ')', '.', and '-' in the phone number, as specified, but, these same characters could be scattered anywhere in invalid places, and they are just silently removed, '+' can scattered anywhere and it is just left alone, Other characters can be scattered anywhere and they will just be left as-is, no error. So, I feel there should be some minimal checking of the phone number, trying to follow the spec (if we could just execute the BNF from the spec!).

Reproduction

This can be reproduced by sending a tel: uri with parameters inserted separated by semicolon.

Debugging Data

(none)

Log Messages

(none)

SIP Traffic

See attached file

Possible Solutions

The solution would be to modify tel2sip(), adding the sorting of parameters, putting the two exceptions first if they exist, before inserting back into the string.

We should also throw errors on obvious bad formatting and ilegal characters, etc, in the input tel: uri

Should we remove the "phone-context" if it is a domain and also exactly the same as the domain inserted after the @?

Additional Information

• Kamailio Version - output of kamailio -v

version: kamailio 5.0.0-dev5 (x86_64/linux) da4ef4-dirty
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: da4ef4 -dirty
compiled on 10:37:40 May 12 2017 with gcc 5.4.0

SIP spec:
https://www.ietf.org/rfc/rfc3261.txtWireshark output:

In RFC 3966, Tel URI format:
 
   The "tel" URI has the following syntax:
 
   telephone-uri        = "tel:" telephone-subscriber
   telephone-subscriber = global-number / local-number
   global-number        = global-number-digits *par
   local-number         = local-number-digits *par context *par
   par                  = parameter / extension / isdn-subaddress
   isdn-subaddress      = ";isub=" 1*uric
   extension            = ";ext=" 1*phonedigit
   context              = ";phone-context=" descriptor
   descriptor           = domainname / global-number-digits
   global-number-digits = "+" *phonedigit DIGIT *phonedigit
   local-number-digits  =
      *phonedigit-hex (HEXDIG / "*" / "#")*phonedigit-hex
   domainname           = *( domainlabel "." ) toplabel [ "." ]
   domainlabel          = alphanum
                          / alphanum *( alphanum / "-" ) alphanum
   toplabel             = ALPHA / ALPHA *( alphanum / "-" ) alphanum
   parameter            = ";" pname ["=" pvalue ]
   pname                = 1*( alphanum / "-" )
   pvalue               = 1*paramchar
   paramchar            = param-unreserved / unreserved / pct-encoded
   unreserved           = alphanum / mark
   mark                 = "-" / "_" / "." / "!" / "~" / "*" /
                          "'" / "(" / ")"
   pct-encoded          = "%" HEXDIG HEXDIG
   param-unreserved     = "[" / "]" / "/" / ":" / "&" / "+" / "$"
   phonedigit           = DIGIT / [ visual-separator ]
   phonedigit-hex       = HEXDIG / "*" / "#" / [ visual-separator ]
   visual-separator     = "-" / "." / "(" / ")"
   alphanum             = ALPHA / DIGIT
   reserved             = ";" / "/" / "?" / ":" / "@" / "&" /
                          "=" / "+" / "$" / ","
   uric                 = reserved / unreserved / pct-encoded

• Operating System:

# uname -a
Linux epc-enablers 4.4.0-51-generic #72-Ubuntu SMP Thu Nov 24 18:29:54 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.