Re: [Sip] Interesting problem with PRACK and resent INVITEs

Paul Kyzivat <pkyzivat@cisco.com> Fri, 18 January 2008 01:20 UTC

Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JFfuE-0004Yc-Uh; Thu, 17 Jan 2008 20:20:26 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1JFfuD-0004YS-AU for sip-confirm+ok@megatron.ietf.org; Thu, 17 Jan 2008 20:20:25 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JFfuC-0004YK-Sg for sip@ietf.org; Thu, 17 Jan 2008 20:20:24 -0500
Received: from rtp-iport-2.cisco.com ([64.102.122.149]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JFfuC-0002pd-Aw for sip@ietf.org; Thu, 17 Jan 2008 20:20:24 -0500
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-2.cisco.com with ESMTP; 17 Jan 2008 20:20:24 -0500
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m0I1KOCV015538; Thu, 17 Jan 2008 20:20:24 -0500
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id m0I1KOuc029093; Fri, 18 Jan 2008 01:20:27 GMT
Received: from xfe-rtp-201.amer.cisco.com ([64.102.31.38]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 17 Jan 2008 20:20:21 -0500
Received: from [161.44.174.133] ([161.44.174.133]) by xfe-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 17 Jan 2008 20:20:21 -0500
Message-ID: <478FFED9.7080307@cisco.com>
Date: Thu, 17 Jan 2008 20:20:25 -0500
From: Paul Kyzivat <pkyzivat@cisco.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Dale.Worley@comcast.net
Subject: Re: [Sip] Interesting problem with PRACK and resent INVITEs
References: <200801172023.m0HKNRNa008780@dragon.ariadne.com>
In-Reply-To: <200801172023.m0HKNRNa008780@dragon.ariadne.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 18 Jan 2008 01:20:21.0657 (UTC) FILETIME=[4B6AF890:01C85970]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4675; t=1200619224; x=1201483224; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=pkyzivat@cisco.com; z=From:=20Paul=20Kyzivat=20<pkyzivat@cisco.com> |Subject:=20Re=3A=20[Sip]=20Interesting=20problem=20with=20 PRACK=20and=20resent=20INVITEs |Sender:=20 |To:=20Dale.Worley@comcast.net; bh=N8LsM5+OUxFLbpnAQMRABawj83w1lEs7E0VERrctoHU=; b=R4vBEpXQ4oe7ZKWcSaLm4mWNNwJjZdix/OvVBX97MqcL9WSGbDYh+5WfFK hgcRqcm07ZGKy0Rq3zBs65+74QQ4cavIkrgIJC/Hd/CSFD3fNerJ6pi8Bmks 5AsXAdwBgX;
Authentication-Results: rtp-dkim-1; header.From=pkyzivat@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 10ba05e7e8a9aa6adb025f426bef3a30
Cc: sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org

Interesting. But I'm not certain I buy it. CSeqs only make sense within 
a dialog. F13 doesn't contain the To-tag abc, so it ought not be 
expected to use a valid CSeq for that dialog.

A different issue here is that that F13 ought not go to UAS1 at all. But 
we treat it as a new transaction, and don't expect the proxy to maintain 
any history across transactions, so we don't have a way to prevent that.

There ought to be something in F11 that causes the request to go only to 
  (in this case) UA2. (In general to whichever node generated the 
challenge, which might have been a proxy rather than a UA.)

	Paul

Dale.Worley@comcast.net wrote:
> I was looking at a problem were were having with a phone and
> discovered the following interesting situation with PRACK and INVITEs
> that have to be resent with authentication.
> 
> Consider an INVITE that gets serially forked to two destinations, the
> first one doesn't answer and the second one demands authentication:
> 
>     UAC             Proxy           UAS 1           UAS 2
> 
>      |                |               |               |
> F1   | INVITE CSeq 1  |               |               |
>      |--------------->|               |               |
> F2   |                | INVITE CSeq 1 |               |
>      |                |-------------->|               |
> F3   |                | 180 CSeq 1    |               |
>      |                | to-tag abc    |               |
>      |                |<--------------|               |
> F4   | 180 CSeq 1     |               |               |
>      | to-tag abc     |               |               |
>      |<---------------|               |               |
> F5   | PRACK CSeq 2   |               |               |
>      | to-tag abc     |               |               |
>      |------------------------------->|               |
> F6   |                | 200 CSeq 2    |               |
>      |                | to-tag abc    |               |
>      |<-------------------------------|               |
>      |                |               |               |
>     ---------------------- delay ------------------------
>      |                |               |               |
> F7   |                | CANCEL CSq 1  |               |
>      |                |-------------->|               |
> F8   |                | 200 CANCEL    |               |
>      |                |<--------------|               |
> F9   |                | 487 CSeq 1    |               |
>      |                | to-tag abc    |               |
>      |                |<--------------|               |
> F10  |                | INVITE CSeq 1 |               |
>      |                |------------------------------>|
> F11  |                |               | 407 CSeq 1    |
>      |                |               | to-tag def    |
>      |                |<------------------------------|
> F12  | 407 CSeq 1     |               |               |
>      | to-tag def     |               |               |
>      |<---------------|               |               |
> F13  | INVITE CSeq 2  |               |               |
>      |--------------->|               |               |
> F14  |                | INVITE CSeq 2 |               |
>      |                |-------------->|               |
> F15  |                | 500 CSeq 2    |               |
>      |                | to-tag pqr    |               |
>      |                |<--------------|               |
> F16  | 500 CSeq 2     |               |               |
>      | to-tag pqr     |               |               |
>      |<---------------|               |               |
>      |                |               |               |
> 
> Since the PRACK F5 is sent within a forked dialog, we don't think of
> it as using up CSeq number space in the space of out-of-dialog
> requests.  So when it comes time to re-send the INVITE F13, it's easy
> to think that you can just use a CSeq one higher than the original
> INVITE F1.  But transaction processing at UAS 1 is likely to notice
> that it's already seen CSeq 2 with that Call-Id.  It looks like one
> must make sure that the re-sent INVITE has a CSeq higher than has been
> used in any derived dialog of the original INVITE.
> 
> Dale
> 
> 
> _______________________________________________
> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip
> 


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip