Summary:ASTERISK-13380: [regression] Authentication seems to be broken again for SIP NOTIFY requests
Reporter:Bryant Zimmerman (zktech)Labels:
Date Opened:2009-01-15 17:15:18.000-0600Date Closed:2010-08-02 16:14:21
Versions:Frequency of
Environment:Attachments:( 0) debug14.txt
( 1) sip_notify_debug.txt
Description:This issue is the same as 9896? I am running release version and the sip notify sends out and I get 401 Unauthorized back This happens with both Grandstream and Audiocodes devices. I had things working in 1.4 with the 9896 patch and it was working in the 1.6.0 beta at one point but now it is back to the pre fix behavior? Any help would be apperciated as I can't reboot or force config updates without this working.

1695.086809 -> SIP Request: NOTIFY sip:6164581832-10@;transport=udp
1695.114263 -> SIP Status: 401 Unauthorized
1697.138730 -> SIP Request: REGISTER sip:
1697.138889 -> SIP Status: 401 Unauthorized    (0 bindings)
1697.262276 -> SIP Request: REGISTER sip:
1697.264920 -> SIP Status: 200 OK    (1 bindings)
Comments:By: Leif Madsen (lmadsen) 2009-01-20 13:49:06.000-0600

Could you provide the sip debug from the asterisk console, and the sip history as well as an attachment to this bug?


By: Bryant Zimmerman (zktech) 2009-01-22 12:26:32.000-0600

I am working on this. I will provide examples from asterisk 1.4.17 running the patch 9896 as well as from the asterisk version.  

What option do I enable in the logger.conf to get teh sip debug messages to write to a log file? Right now I am just trying to cut and past them and it is not working well.

Will wireshark traces give you the sip history you are asking for?

By: Leif Madsen (lmadsen) 2009-01-22 15:11:29.000-0600

Try piping the output of your asterisk console to tee like this:

asterisk -cvvvgn | tee /tmp/my_log_file.txt

This is to start a new asterisk process in the foreground without console colouring (it'll make the txt file a lot easier to read without the ANSI colour codes).

Just enable sipdebug and siphistory in sip.conf, then turn on debugging on the console with 'core set debug 4' and 'core set verbose 4'.

I think that should give us all the info if I'm not forgetting anything :)

By: Leif Madsen (lmadsen) 2009-02-02 13:41:57.000-0600


Any update here with the requested information?

By: Bryant Zimmerman (zktech) 2009-02-03 08:15:27.000-0600

I have attached the debugs and history from 1.4.17 This one works and causes the phone to reboot. I am working on getting the same from our Production Server. I plan on doing it in our maintance window tonight. Please look at what I have posted from the 1.4.17 box and let me know if it has every thing you need? If not I we may need to augment before my test window with tonight.


By: Bryant Zimmerman (zktech) 2009-02-03 08:30:19.000-0600

This is the section from the sip notify for the gs-reboot. This is what was given to me by Grandstream to issue a reboot.


By: Leif Madsen (lmadsen) 2009-02-03 08:33:30.000-0600

The attached file does not contain the appropriate information. You need to capture the dialog that is failing between the end-points by enabling 'sipdebug=yes' and 'recordhistory=yes' and 'dumphistory=yes'.

Then stop Asterisk, and start it with the 'tee' line I mention in an earlier post. Before you upload, make sure there is information in the file. Also, remove all the inappropriate stuff at the top (as when you start asterisk it will show output of all the modules loading -- we don't need to see that).

By: Leif Madsen (lmadsen) 2009-02-13 13:30:09.000-0600

Suspended due to lack of activity. Please request a bug marshal in #asterisk-bugs on the IRC network irc.freenode.net to reopen the issue should you have the additional information requested.

Further information can be found at http://www.asterisk.org/developers/bug-guidelines

By: Michiel van Baak (mvanbaak) 2009-11-25 15:28:46.000-0600

re-opened on request by OwenL on #asterisk-bugs

By: owenl (owenl) 2009-11-25 15:38:29.000-0600

More information - the NOTIFY goes out and receives a 401 back asking for authorization. The packet is received in handle_response in chan_sip.c but is dropped when __sip_ack sets ack_res false.

It appears the packet is never looked at thus the authorization code is never reached.

This was the case the 1.6.1 and 1.6.2 versions.

SIP debug, Call history, and debug logs are attached in a single file

I'm new to the code so am not sure what the proper solution is. It would be very useful for the Linksys phones we are using.


By: Bryant Zimmerman (zktech) 2010-01-05 13:18:46.000-0600

I am having the same issue as well. I had it working with the patch at one point and then it quit again. I would like to see a longterm supported fix. What do we need to figure this out.


By: Rafael Prado Rocchi (prado) 2010-06-21 22:06:03

I fixed it and it is working fine again.
It's tested with 1.4 branch.

I'll build the patches and post here tomorrow.
For 1.4 and 1.6


By: Jeff Peeler (jpeeler) 2010-07-22 16:13:21

prado: Can you post that patch?

By: Bryant Zimmerman (zktech) 2010-07-22 16:20:12

I have yet to see a working for for this for the 1.6.x builds. I would love to see this fixed and a patch for the 1.6.x and put into 1.8

By: Digium Subversion (svnbot) 2010-08-02 16:14:19

Repository: asterisk
Revision: 280669

U   branches/1.6.2/channels/chan_sip.c

r280669 | jpeeler | 2010-08-02 16:14:19 -0500 (Mon, 02 Aug 2010) | 10 lines

Change SIP NOTIFY requests to expect a response so authentication will work.

This changes the request to be sent with the transmit type XMIT_RELIABLE so that
sip_ack doesn't return false and cause the 401 to be ignored in cases where
authentication is required.

(closes issue ASTERISK-13380)
Reported by: zktech