Hello,
I have a problem with Kamailio 5.4.6 and auth_ephemeral. I have the following in the Kamailio configuration
loadmodule "auth_ephemeral" modparam( "auth_ephemeral", "sha_algorithm", 3 ) modparam( "auth_ephemeral", "username_format", 0 ) modparam( "auth_ephemeral", "secret", 1234 )
as per
https://kamailio.org/docs/modules/4.1.x/modules/auth_ephemeral.html#auth_eph...
and registrations fail. In the logs we see:
Jan 2 18:21:10 enswitch43 /sbin/kamailio[37501]: DEBUG: {1 545 REGISTER rhaqgafd7boteg24jp5db0} sanity [sanity.c:777]: check_parse_uris(): looking up From header Jan 2 18:21:10 enswitch43 /sbin/kamailio[37501]: DEBUG: {1 545 REGISTER rhaqgafd7boteg24jp5db0} sanity [sanity.c:817]: check_parse_uris(): parsing From URI Jan 2 18:21:10 enswitch43 /sbin/kamailio[37501]: DEBUG: {1 545 REGISTER rhaqgafd7boteg24jp5db0} <core> [core/parser/parse_uri.c:1296]: parse_uri(): bad port in uri (error at char 5 in state 2) parsed: sip:3518929:16411(17) /sip:3518929:1641150726@192.168.2.99 (35) Jan 2 18:21:10 enswitch43 /sbin/kamailio[37501]: WARNING: {1 545 REGISTER rhaqgafd7boteg24jp5db0} sanity [sanity.c:820]: check_parse_uris(): failed to parse From uri
Apparently Kamailio is confused by the timestamp following the username separated by the : character. The REGISTER message is below:
REGISTER sip:192.168.2.99 SIP/2.0 Via: SIP/2.0/WSS 192.0.2.202;branch=z9hG4bK5452321 Max-Forwards: 70 To: "3518929" sip:3518929:1641148397@192.168.2.99 From: "3518929" sip:3518929:1641148397@192.168.2.99;tag=ht76o8b2b6 Call-ID: phkj9mi2n3s3ju7uu3qq2f CSeq: 274 REGISTER Contact: sip:edh7mmti@192.0.2.202;transport=wss;reg-id=1;+sip.instance="urn:uuid:ca5e9372-dfa1-459a-b6ba-4398d23bd896";expires=300 Allow: ACK,CANCEL,INVITE,MESSAGE,BYE,OPTIONS,INFO,NOTIFY,REFER Supported: path, gruu, outbound User-Agent: Raspberry Phone (SipJS - 0.11.6) Content-Length: 0
and Kamailio parses it as sip:<username>:<port> instead of sip:<username>:<timestamp>.
Is this a bug that should be reported or is there any setting that I am missing?
Hello,
have you already tried to use the default username format "1", the IETF format? This might be better for Kamailio.
If this solves the problem, the mode 0 should probably be removed then.
Cheers,
Henning
Hi Henning,
I just tried the default IETF format ("1") but I get the same error from Kamailio:
Jan 24 13:57:59 enswitch43 /sbin/kamailio[432531]: DEBUG: {1 988 REGISTER fm2l7am7uggc2gc7jslpfj} sanity [sanity.c:817]: check_parse_uris(): parsing From URI Jan 24 13:57:59 enswitch43 /sbin/kamailio[432531]: DEBUG: {1 988 REGISTER fm2l7am7uggc2gc7jslpfj} <core> [core/parser/parse_uri.c:1296]: parse_uri(): bad port in uri (error at char 2 in state 2) parsed: sip:1643036115:35189(20) /sip:1643036115:3518929@192.168.2.99 (35) Jan 24 13:57:59 enswitch43 /sbin/kamailio[432531]: WARNING: {1 988 REGISTER fm2l7am7uggc2gc7jslpfj} sanity [sanity.c:820]: check_parse_uris(): failed to parse From uri
In this case 35189 is the user and 1643036115 is the timestamp.
REGISTER sip:192.168.2.99 SIP/2.0 Via: SIP/2.0/WSS 192.0.2.155;branch=z9hG4bK4638021 Max-Forwards: 70 To: "3518929" sip:1643036115:3518929@192.168.2.99 From: "3518929" sip:1643036115:3518929@192.168.2.99;tag=puibbfcnui Call-ID: fm2l7am7uggc2gc7jslpfj CSeq: 988 REGISTER Contact: sip:o4j2rcer@192.0.2.155;transport=wss;reg-id=1;+sip.instance="urn:uuid:1058141a-a8eb-40c5-bd6b-50dd763a7b7e";expires=300 Allow: ACK,CANCEL,INVITE,MESSAGE,BYE,OPTIONS,INFO,NOTIFY,REFER Supported: path, gruu, outbound User-Agent: Raspberry Phone (SipJS - 0.11.6) Content-Length: 0
Kamailio still treats the number after : as the port.
On 3/1/2022 18:54, Henning Westerholt wrote:
Hello Vlad,
this sounds then like a bug/incompatibility in the Kamailio parser together with the module. I have not checked the RFC, but this can be done later.
Please open an issue on our tracker about it with the details from this e-mail, and also Kamailio version/cfg details from your earlier e-mail.
Cheers,
Henning
Hello,
as far as I remember, the format with "user:timestamp" is only for authentication username field, respectively the username attribute in Proxy-/Authorization header. The subscriber address is still user@domain, so that has to be used in From/To headers.
Cheers, Daniel
On 02.01.22 20:36, Vlasis Chatzistavrou wrote:
Hi Daniel,
Just an update, I tested this with username_format set to 1 and set the To: and From: headers to be the phone's username (ie without the timestamp). This worked without problems.
However, setting the username_format to 0 (the deprecated option) does not work even with the correct To: and From: headers. Since this option is already deprecated perhaps it could be removed in future versions to avoid confusion?
On 25/1/2022 11:38, Vlasis Chatzistavrou wrote:
Hello,
yes, if it is not working and also deprecated, if probably should be removed. You could open an issue for that or create (even better) a pull request.
Cheers,
Henning
Hello,
it should be reviewed properly if does not work before removing. The entire auth_ephemeral is deprecated from specs point of view, as the ietf draft never made it to rfc, but it is still useful to use at least for PoC. I don't have access to some old deployments using mode 0 to see if they were changed meanwhile.
Cheers, Daniel
On 24.02.22 10:39, Henning Westerholt wrote:
If auth_ephemeral gets deprecated, what would be a recommended approach to replace it?
On Thu, 24 Feb 2022 at 21:46, Daniel-Constantin Mierla miconda@gmail.com wrote:
-
Daniel-Constantin Mierla -
Henning Westerholt -
Patrick Wakano -
Vlasis Chatzistavrou