[SR-Users] Issue Bug in SEMS (transparent SBC profile)

Henning Westerholt hw at gilawa.com
Sat Dec 18 16:17:23 CET 2021 

Hello,

I think in this particular case (SIP authentication) this is not correct  (RFC 3261, 22.2):

"When a UAC resubmits a request with its credentials after receiving a
   401 (Unauthorized) or 407 (Proxy Authentication Required) response,
   it MUST increment the CSeq header field value as it would normally
   when sending an updated request."

Refer also e.g. to RFC 3665, where it clearly shows the incremented CSEQ for the 401/407 challenges.

Cheers,

Henning

-- 
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://gilawa.com

-----Original Message-----
From: sr-users <sr-users-bounces at lists.kamailio.org> On Behalf Of Juha Heinanen
Sent: Saturday, December 18, 2021 3:27 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] Issue Bug in SEMS (transparent SBC profile)

Mojtaba writes:

> Let' me describe the scenario:
> <UE>---------><SEMS>-----------><ASTERISK>
> The UE tries to make calls, The first INVITE message is without an 
> Authentication header. The Asterisk server returns 401 Unauthorized.
> The UE sends again INVITE messages to the asterisk server. The second 
> INVITE message has an Authentication header. Because both INVITE 
> messages have the same CSeq, the asterisk server thinks this is a LOOP 
> message and sends 401 Unautirozed messages again.
> In both cases, the Sems set "CSeq: 10 INVITE" header, while the second 
> the INVITE message is not re-invite message and the CSeq should be set 
> incremental.

As I already quoted, RFC 3261 specifies:

  8.1.1.5 CSeq

  For non-REGISTER requests outside of a dialog, the sequence number
  value is arbitrary.

Section 12.1 tells how dialogs are created:

   Dialogs are created through the generation of non-failure responses
   to requests with specific methods.  Within this specification, only
   2xx and 101-199 responses with a To tag, where the request was
   INVITE, will establish a dialog.

401 is a failure response.  Thus no dialog is created and in the second INVITE sems is allowed to use whatever CSeq value.

If Asterisk does not allow that, complain Asterisk about it.

-- Juha

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users at lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

More information about the sr-users mailing list