Summary:ASTERISK-05049: 4-port ATA fails to register because * doesn't track nonce-value per line
Reporter:Vidar Kroslid (sozo)Labels:
Date Opened:2005-09-10 23:31:05Date Closed:2011-06-07 14:10:17
Versions:Frequency of
Environment:Attachments:( 0) 4port_registration_sip_debug_1line_only.txt
( 1) 4port_registration_sip_debug.txt
( 2) sip.conf
( 3) sip.conf.TXT
( 4) sip-debug_pedandic_is_yes.TXT
Description:ATA: Micronet 5004/s

ATA first tries to register each line without authentication (in ascending order).
* responds for each line with a 401 containing a new nonce.
ATA immediately tries to register with authentication for each line.
For Line1 the ATA uses the nonce given to it in the first registration attempt. * compares this nonce with the nonce generated for Line4's first registration attempt! This fails, so a 401 with a new nonce is send to ATA.
ATA then tries to register Line2 with authentication using the nonce given to it in the first registration attempt of Line2. * compares this nonce to the nonce it just generated for the 401 in Line1's 2nd registration attempt.
This coninutes up to Line 4; * is generating a new nonce for each registratino attempt.


Attached is SIP debug with some additional output I added to show the nonce comparison values.
Comments:By: Vidar Kroslid (sozo) 2005-09-10 23:43:28

If i just have 1 line (peer) specified in sip.conf then a 404 response is generated when adapter tries to register lines 2, 3 and 4. 404 doesn't generate a nonce-value so now * remembers the value from line 1's first registration attempt when line 1 tries the 2nd time to register. This time it works. (see 4port_registration_sip_debug_1line_only.txt)

By: Tilghman Lesher (tilghman) 2005-09-11 00:21:28

Please set pedantic=yes in the [general] section of sip.conf, reload, and try again.

The problem is that the Call-ID is the same for all of your lines, which makes Asterisk think that it's the same device registering each time, even though you have multiple entries.  Pedantic mode makes the SIP implementation a little more strict, and should fix this for you.

By: Vidar Kroslid (sozo) 2005-09-11 00:57:18

Sorry. That's not it. Still got the same problem after setting pedantic=yes.

By: Michael Jerris (mikej) 2005-09-11 01:29:28

Can we see a sip.conf with pedantic turned on as well please.

By: Michael Jerris (mikej) 2005-09-11 01:34:26

It's late... how about we make that a sip debug not a sip.conf with pedantic turned on.

By: Vidar Kroslid (sozo) 2005-09-11 20:00:49

Latest debug done with CVS HEAD from today. Added some more debuging NOTICE/WARNINGS to track variables.

By: Vidar Kroslid (sozo) 2005-09-11 20:49:56

My debuging shows that the find_call function doesn't recognize the 2nd registration attempt to be an existing session, so it creates a new sip_pvt struct.

The tag from my ATA is different between the 1st and 2nd registration attempts.

By: Tilghman Lesher (tilghman) 2005-09-11 21:29:28

It shouldn't be seeing a new registration.  The way I read the code, it is seeing each subsequent register attempt by each line as exactly the same dialog, and it generates a new nonce for each attempt.  Unfortunately, Asterisk is basing its criteria solely on the Call-ID which does not change across all requests, rather than the combination From, To, Call-ID as specified in RFC 3261.  Pedantic SIP checking should be checking more than just the Call-ID when attempting to identify the uniqueness of a request.

By: Vidar Kroslid (sozo) 2005-09-11 21:52:40

With pedantic=yes, find_call function also checks the tag. Since my ATA sends a new tag id, it detects it as a new call now that I have pedantic=yes. In the beginning when I had pedantic=no I detected all registration attempts as one session.
This might be a bug in my ATA not reusing the tag when doing the 2nd registration?

From RFC3261:
     Dialog: A dialog is a peer-to-peer SIP relationship between two
        UAs that persists for some time.  A dialog is established by
        SIP messages, such as a 2xx response to an INVITE request.  A
        dialog is identified by a call identifier, local tag, and a
        remote tag.  A dialog was formerly known as a call leg in RFC

With pedantic=no * detects all 4 lines as being 1 dialog due to the Call ID being the same for each line.

With pedantic=yes * detects all registration attempts as being new calls due to the tag being created at the ATA each time. This causes the digest authentiation implementation to send 401 to the ATA each time.

By: Vidar Kroslid (sozo) 2005-09-13 07:35:27

Problems solved with new firmware for my ATA. New firmware uses different call ID per line-registration.