Summary: | ASTERISK-13161: 4XX Responses to a BYE request | ||
Reporter: | Jon Bonilla (manwe) | Labels: | |
Date Opened: | 2008-12-03 01:05:40.000-0600 | Date Closed: | 2008-12-11 14:11:42.000-0600 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | In the Changelog of asterisk 1.4.23RC2 it can be read: + /* RFC 3261 Section 15 specifies that if we receive a 408 or 481 + * in response to a BYE, then we should end the current dialog + * and session. There is no mention in the spec of other 4XX responses, + * but it is known that at least one phone manufacturer potentially + * will send a 404 in response to a BYE, so we'll be liberal in what + * we accept and end the dialog and session if we receive any 4XX + * response to a BYE. + */ And the code: + if (resp >= 400 && resp < 500 && sipmethod == SIP_BYE) { + ast_set_flag(&p->flags[0], SIP_NEEDDESTROY); + return; + } What about if Asterisk calls through a proxy? It's really possible (and common) that a proxy requires authentication for BYE, so it replies with 407 and the UAC (Asterisk) should re-generate the BYE with credentials. Note that RFC 3261 states that requiring authentication for a BYE is a good way to avoid calls ending by an attacker (spoofed BYE). It is also common to receive 483 (too many hops). I think that having only ip-phones in mind is not a good approach. Not every 4XX response should end the dialog. | ||
Comments: | By: Jon Bonilla (manwe) 2008-12-03 04:19:07.000-0600 It can be found also in Asterisk 1.6.1beta3 if (resp >= 400 && resp < 500 && sipmethod == SIP_BYE) { p->needdestroy = 1; return; } By: Iñaki Baz Castillo (ibc) 2008-12-03 06:34:39.000-0600 Also, if Asterisk is talking with a phone or PBX (not a proxy) this endpoint could require authentication when Asterisk sends BYE, so it would be a 401 response. If Asterisk sends BYE and reveices 401/407 it should re-send the same BYE with credentials (and CSeq + 1 of course). IMHO assuming that Asterisk just talks with simple SIP phones is wrong. SIP proxies and other SIP nodes do also exist. By: Olle Johansson (oej) 2008-12-03 10:13:28.000-0600 In fact, when we send BYE, the response is irrelevant, really, unless it's an auth request. Regardless of the response, the call is dead. I don't know what started this thread. Asterisk only sends BYE if dialplan action, the other call leg or something else issued a hangup. There's no way we can keep the call. So it's safe to say that any response to a bye other than auth, can be treated the same way. With auth, we have to find a way to keep the SIP dialog alive for a short time, but the bridge will propably already be down regardless. By: Iñaki Baz Castillo (ibc) 2008-12-03 11:11:24.000-0600 Yes, the only important point here is the ability of Asterisk to send a BYE with credentials if the proxy/endpoint replies 401/407. This could be important in the proxy side (correct accounting) so Asterisk should honor the 401/407. In case the second BYE (with credentials) also fails (again 401/407 or other 4XX) then Asterisk should, as you say, end this leg (first leg was already terminated before). By: Iñaki Baz Castillo (ibc) 2008-12-09 08:45:08.000-0600 Any comment from the author of the patch would be specially great. By: Mark Michelson (mmichelson) 2008-12-11 14:11:41.000-0600 I somehow missed this report being opened. This issue was brought up on the asterisk-dev mailing list recently and Tilghman Lesher committed fixes for this already on 3 December. Here are the relevant revisions: Asterisk branch 1.4: revision 160480 Asterisk trunk: revision 160481 Asterisk branch 1.6.0: revision 160482 Asterisk branch 1.6.1: revision 160483 I am closing this issue since this has been addressed. |