[SR-Users] during registration nonce expired, after backwards time shift

Vasiliy Ganchev vasiliy.ganchev at wildix.com
Sun Aug 23 22:16:50 CEST 2015


Daniel-Constantin Mierla-6 wrote
> I looked at the code and the system time is used (not the the internal
> value). Therefore, after detecting and invalid nonce, if you do
> challenge again, a nonce with the right time should be generated and
> used for authentication.
> 
> Look at sip trace to see if nonce is regenerated and run with debug=3 to
> get more log message that would help to investigate better.
> 
> Cheers,
> Daniel
> 
> On 20/08/15 10:05, Daniel-Constantin Mierla wrote:
>> Hello,
>>
>> probably the module is using the time computed internally as start time
>> plus elapsed seconds (counted internally). We can introduce an option to
>> use the system time, which may add a bit of delay, but really
>> insignificant. I will look into it these days.
>>
>> Cheers,
>> Daniel
>>
>>
>> On 18/08/15 22:44, Vasiliy Ganchev wrote:
>>> Hi list! 
>>> (sorry for sending first mail to wrong sub forum)
>>> Have a following issue: 
>>> Server with Kamailio restart with wrong time (why - this is separate
>>> part of
>>> my investigations), timeshift e.g. for 2 hours in feature. 
>>> After ntp daemon adjust correct time (move time backwards), Kamailio do
>>> not
>>> accept REGISTERs, pv_www_authenticate answer with code -4 (nonce
>>> expired)
>>>
>>> I've reade the description of: 
>>> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_expire
>>> and 
>>> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_auth_max_drift
>>>
>>> This descriptions mention situation with backwards timeshift from
>>> future. 
>>> As I understand, Kamailio do not authorise the registration, whose
>>> nonces
>>> where generated in future (before ntp shifted the time). But in my
>>> tests,
>>> Kamailio do not accept even REGISTER from UA, sent after time shift
>>> (with
>>> new nonces, that as I expected has to use correct time for nonce
>>> generation,
>>> and be authorised with no problem). 
>>>
>>> Only Kamailio process restart help to cope with the issue. 
>>>
>>> It looks like for nonce generating Kamailio use old time (in feature,
>>> that
>>> was before timeshift). 
>>>
>>> I wander, does the Kamailio behave in described case - as is expected?
>>> If I
>>> am wrong in some of my assumptions, please point out. 
>>>
>>> version: kamailio 4.2.5 
>>>
>>> Thank in advance! 
>>> Cheers!
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536.html
>>> Sent from the Users mailing list archive at Nabble.com.
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> 

> sr-users at .sip-router

>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> 
> -- 
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.com
> 
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

> sr-users at .sip-router

> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Hi Daniel!

Thanks for the suggestions, I will check again with Debug=3, and try to find
out what is going wrong. Anyway, after investigation, will tell what I
found.

Cheers!



--
View this message in context: http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536p140602.html
Sent from the Users mailing list archive at Nabble.com.



More information about the sr-users mailing list