2011/7/6 Benny Prijono <bennylp at teluu.com>:
> I have not tried this myself, but I'm pretty sure that we don't like
> the "transport=tcp" in "<sips:host;transport=tcp>" URI, as we would
> think that as insecure transport.
>
> I don't know why plain sips URI without transport parameter doesn't
> work. But I'm pretty sure the log will tell you, that's why you should
> look at that first.
I come with PJSIP logs. The scenario is the following:
- PJSIP configured to use an outbound proxy with TLS.
- PJSIP makes a call.
- The proxy routes via UDP to a media server which replies 200.
- So the 200 arriving to PJSIP contains two Record-Route headers:
Record-Route: <sip:IP_PROXY:9090;transport=udp>
Record-Route: <sips:IP_PROXY:9091;transport=tcp>
- Then PJSIP makes its route set and tries to send the ACK to
sips:IP_PROXY:9091;transport=tcp, but it fails because it determines
TCP transport rather than TLS over TCP (as sips mandates).
The logs:
-------------------------------------------
inv0x7f70601df: UAC invite session created for dialog dlg0x7f70601df888
endpoint: Request msg INVITE/cseq=10801 (tdta0x7f70601ce450) created.
inv0x7f70601df: Sending Request msg INVITE/cseq=10801 (tdta0x7f70601ce450)
dlg0x7f70601df: Sending Request msg INVITE/cseq=10801 (tdta0x7f70601ce450)
tsx0x7f7060209: Transaction created for Request msg INVITE/cseq=10800
(tdta0x7f70601ce450)
tsx0x7f7060209: Sending Request msg INVITE/cseq=10800
(tdta0x7f70601ce450) in state Null
sip_resolve.c: Target 'PROXY_IP:9091' type=TLS resolved to
'PROXY_IP:9091' type=TLS (TLS transport)
tsx0x7f7060209: State changed from Null to Calling, event=TX_MSG
dlg0x7f70601df: Transaction tsx0x7f7060209fd8 state changed to Calling
sip_endpoint.c: Processing incoming message: Response msg
100/INVITE/cseq=10800 (rdata0x7f70601a1748)
tsx0x7f7060209: Incoming Response msg 100/INVITE/cseq=10800
(rdata0x7f70601a1748) in state Calling
tsx0x7f7060209: State changed from Calling to Proceeding, event=RX_MSG
dlg0x7f70601df: Received Response msg 100/INVITE/cseq=10800
(rdata0x7f70601a1748)
dlg0x7f70601df: Route-set updated
dlg0x7f70601df: Transaction tsx0x7f7060209fd8 state changed to Proceeding
sip_endpoint.c: Processing incoming message: Response msg
200/INVITE/cseq=10800 (rdata0x7f70601a1748)
tsx0x7f7060209: Incoming Response msg 200/INVITE/cseq=10800
(rdata0x7f70601a1748) in state Proceeding
tsx0x7f7060209: State changed from Proceeding to Terminated, event=RX_MSG
dlg0x7f70601df: Received Response msg 200/INVITE/cseq=10800
(rdata0x7f70601a1748)
dlg0x7f70601df: Route-set updated
dlg0x7f70601df: Route-set frozen
dlg0x7f70601df: Transaction tsx0x7f7060209fd8 state changed to Terminated
inv0x7f70601df: Got SDP answer in Response msg 200/INVITE/cseq=10800
(rdata0x7f70601a1748)
inv0x7f70601df: SDP negotiation done, status=0
inv0x7f70601df: Received Response msg 200/INVITE/cseq=10800
(rdata0x7f70601a1748), sending ACK
endpoint: Request msg ACK/cseq=10800 (tdta0x7f70602cefc0) created.
dlg0x7f70601df: Sending Request msg ACK/cseq=10800 (tdta0x7f70602cefc0)
sip_resolve.c: Target 'PROXY_IP:9091' type=TCP resolved to
'PROXY_IP:9091' type=TCP (TCP transport)
tcpc0x7f70602d: TCP client transport created
tcpc0x7f70602d: TCP transport 192.168.1.16:49036 is connecting to
PROXY_IP:9091...
tsx0x7f7060209: Timeout timer event
tsx0x7f7060209: State changed from Terminated to Destroyed, event=TIMER
tdta0x7f70601c: Destroying txdata Request msg INVITE/cseq=10800
(tdta0x7f70601ce450)
tsx0x7f7060209: Transaction destroyed!
-------------------------------------------
NOTE: In case the proxy adds "Record-Route: <sips:PROXY_IP:9091>",
this is without ;transport=tcp, the result works, but maybe it's
because I'm forcing "outbound proxy always" (is an option in Blink
softphone). In this case the log says:
-------------------
dlg0x7f70601e1: Sending Request msg ACK/cseq=5089 (tdta0x7f7060290520)
sip_resolve.c: Target PROXY_IP:9091' type=Unspecified resolved to
'91.121.79.216:9091' type=TLS (TLS transport)
-------------------
So, the bug is that in case of generating a request with "Route:
<sips:IP;transport=tcp>" then PJSIP assumes it must use TCP while RFC
3261 states that it must use TLS over TCP (due to the sips schema).
Hope it's useful, if not please ask me for more data.
Thanks a lot.
--
I?aki Baz Castillo
<ibc at aliax.net>
