Summary:ASTERISK-13161: 4XX Responses to a BYE request
Reporter:Jon Bonilla (manwe)Labels:
Date Opened:2008-12-03 01:05:40.000-0600Date Closed:2008-12-11 14:11:42.000-0600
Versions:Frequency of
Description:In the Changelog of asterisk 1.4.23RC2 it can be read:

+ /* RFC 3261 Section 15 specifies that if we receive a 408 or 481
+ * in response to a BYE, then we should end the current dialog
+ * and session. There is no mention in the spec of other 4XX responses,
+ * but it is known that at least one phone manufacturer potentially
+ * will send a 404 in response to a BYE, so we'll be liberal in what
+ * we accept and end the dialog and session if we receive any 4XX
+ * response to a BYE.
+ */

And the code:

+ if (resp >= 400 && resp < 500 && sipmethod == SIP_BYE) {
+ ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);
+ return;
+ }

What about if Asterisk calls through a proxy? It's really possible (and
common) that a proxy requires authentication for BYE, so it replies with 407
and the UAC (Asterisk) should re-generate the BYE with credentials.
Note that RFC 3261 states that requiring authentication for a BYE is a good
way to avoid calls ending by an attacker (spoofed BYE).

It is also common to receive 483 (too many hops).

I think that having only ip-phones in mind is not a good approach. Not every 4XX response should end the dialog.
Comments:By: Jon Bonilla (manwe) 2008-12-03 04:19:07.000-0600

It can be found also in Asterisk 1.6.1beta3

       if (resp >= 400 && resp < 500 && sipmethod == SIP_BYE) {
               p->needdestroy = 1;

By: Iñaki Baz Castillo (ibc) 2008-12-03 06:34:39.000-0600

Also, if Asterisk is talking with a phone or PBX (not a proxy) this endpoint could require authentication when Asterisk sends BYE, so it would be a 401 response.

If Asterisk sends BYE and reveices 401/407 it should re-send the same BYE with credentials (and CSeq + 1 of course).

IMHO assuming that Asterisk just talks with simple SIP phones is wrong. SIP proxies and other SIP nodes do also exist.

By: Olle Johansson (oej) 2008-12-03 10:13:28.000-0600

In fact, when we send BYE, the response is irrelevant, really, unless it's an auth request. Regardless of the response, the call is dead. I don't know what started this thread.

Asterisk only sends BYE if dialplan action, the other call leg or something else issued a hangup. There's no way we can keep the call. So it's safe to say that any response to a bye other than auth, can be treated the same way. With auth, we have to find a way to keep the SIP dialog alive for a short time, but the bridge will propably already be down regardless.

By: Iñaki Baz Castillo (ibc) 2008-12-03 11:11:24.000-0600

Yes, the only important point here is the ability of Asterisk to send a BYE with credentials if the proxy/endpoint replies 401/407. This could be important in the proxy side (correct accounting) so Asterisk should honor the 401/407.

In case the second BYE (with credentials) also fails (again 401/407 or other 4XX) then Asterisk should, as you say, end this leg (first leg was already terminated before).

By: Iñaki Baz Castillo (ibc) 2008-12-09 08:45:08.000-0600

Any comment from the author of the patch would be specially great.

By: Mark Michelson (mmichelson) 2008-12-11 14:11:41.000-0600

I somehow missed this report being opened. This issue was brought up on the asterisk-dev mailing list recently and Tilghman Lesher committed fixes for this already on 3 December. Here are the relevant revisions:

Asterisk branch 1.4: revision 160480
Asterisk trunk: revision 160481
Asterisk branch 1.6.0: revision 160482
Asterisk branch 1.6.1: revision 160483

I am closing this issue since this has been addressed.