Hello,

On 10/25/12 1:40 PM, Peter Dunkley wrote:
Hi,

I am doing some work on this module right now myself.

I did think of putting a bit of code into the auth module that, where the method is selected, checks to see if the request is an MSRP one and, if it is, selects the method using the same mechanism as for $msrp(method).
I would avoid to put lot of dependent code in auth -- maybe in the future we need to refactor how msrp packets are presented or to auth some other protocol. It should be easier to maintain just to pass the relevant tokens from outside.


I am also looking at the handling of the To-Path: header as I am not sure that is correct.  If I have two MSRP clients connected to the same relay my To-Path: header in a SEND will be:
	To-Path: msrps://relay_address:relay_port/foo \			<-- From the Use-Path: in response to _MY_ AUTH
			msrps://relay_address:relay_port/bar \		<-- From the Use-Path: in response to peers AUTH
			msrps://client_address:client_port/wibble	<-- Peer

This is based on RFC 4967 section 5.1 paragraph three:
	... To form the To-Path header for outgoing
	requests, the client takes the list of URIs in the Use-Path header
	after the outermost authentication and appends the list of URIs
	provided in the path attribute in the peer's session description. ...

The example event_route[] in the MSRP README contains the following logic for SEND handling:
		if($msrp(nexthops)>1)
		{
			msrp_reply("200", "Received");
			msrp_relay();
			exit;
		}
		$var(sessid) = $msrp(sessid);
		if($sht(msrp=>$var(sessid)::srcaddr) == $null)
		{
			# one more hop, but we don't have address in htable
			msrp_reply("481", "No Such Session");
			exit;
		}
		msrp_relay_flags("1");
		msrp_set_dst("$sht(msrp=>$var(sessid)::srcaddr)",
				"$sht(msrp=>$var(sessid)::srcsock)");
		msrp_relay();
		exit;
	}

But I seem to have problems with this as the msrp_relay() when $msrp(nexthops) > 1 fails (this could be related to my changes for WS support as it is a problem finding/creating a TCP connection to the next relay).  However, ideally the MSRP relay should spot that the first two URIs on the To-Path: are itself and eat them both - setting $msrp(...) appropriately - rather than looping MSRP requests back to itself.
Indeed, it would be good to skip all local paths, but even not, opening connection to itself should work. If you have troubles, then maybe something else got broken.


Also, I think the same handling should be performed for routing REPORT requests too - so the overall logic of the MSRP event_route[] should be:

if (msrp_is_reply())
	msrp_relay();
else if ($msrp(method) == "AUTH") {
	...
} else if ($msrp(method) == "SEND" || $msrp(method) == "REPORT") {
	...
} else
	msrp_reply("501", "Request-method-not-understood");
Is REPORT end to end?

Cheers,
Daniel


      

Regards,

Peter


On Thu, 2012-10-25 at 13:16 +0200, Daniel-Constantin Mierla wrote:
Hello,

just remembered about this one ...

hmm, I would say now that the right method would be AUTH, not MSRP, but as you pointed, in SIP and HTTP the method is the first token in request. I guess you had no chance to test with some client or look at specs to see if they clarify somehow.

In both cases, the method seems to be static anyhow, either AUTH or MSRP (iirc, the authentication is done only for AUTH). Both have the same length, so a quick hack would be to replace internally MSRP with AUTH for this case. But probably the safest is to extend the auth api with a function that takes the method as parameter, which is eventually used from inside msrp module.

Probably before the next release I will put some efforts in this module, as the interest on it seems to increase, one of the goals being to add an internal hash table to track the connections - it should bring some performance improvement versus using htable in config...

Cheers,
Daniel

On 10/19/12 3:58 PM, Peter Dunkley wrote:

Hi,

MSRP AUTH requests must be authenticated using HTTP Digest authentication.  Part of the concatenated data when doing this authentication is the method name.  Because of the way MSRP requests are formatted, the part of the request-line that would contain the method name in HTTP or SIP requests is always MSRP.  The MSRP method name (AUTH in this case) is at the end of the request-line.  When Kamailio converts an MSRP request to SIP it has a method name of MSRP.

This means that when Kamailio authenticates an MSRP request it uses "MSRP" as the method name, not the actual MSRP method name (AUTH).

Is this correct?

Should MSRP requests be authenticated with a method name of "MSRP" (which kind-of makes sense as this is the string at the start of the MSRP request line - which is where the method names are in HTTP and SIP) or should the MSRP method name of "AUTH" be used?

If it is the later, does anyone know of an easy way to add this to Kamailio?

Regards,

Peter

-- 
Peter Dunkley
Technical Director
Crocodile RCS Ltd


_______________________________________________
sr-dev mailing list
sr-dev@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - http://asipto.com/u/katu

-- 
Peter Dunkley
Technical Director
Crocodile RCS Ltd

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - http://asipto.com/u/katu