| Summary: | ASTERISK-27477: Chan_pjsip does not support unauthenticated OPTIONS ping | ||||
| Reporter: | Ross Beer (rossbeer) | Labels: | patch | ||
| Date Opened: | 2017-12-11 14:03:55.000-0600 | Date Closed: | 2021-05-19 13:55:06 | ||
| Priority: | Major | Regression? | |||
| Status: | Closed/Complete | Components: | Channels/chan_pjsip | ||
| Versions: | 13.18.3 GIT 15.1.3 | Frequency of Occurrence | |||
| Related Issues: |
| ||||
| Environment: | Fedora 23 CentOS 7 | Attachments: | ( 0) 0001-res_pjsip.c-OPTIONS-processing-can-now-optionally-sk.patch | ||
| Description: | The chan_pjsip does not support replying to unauthenticated OPTIONS pings.
If an older version of Asterisk sends OPTIONS pings to the chan_pjsip channel diver, an auth request is sent instead of a 200 reply. Other endpoints that do not support authentication on OPTION pings also do not receive the expected response. | ||||
| Comments: | By: Asterisk Team (asteriskteam) 2017-12-11 14:03:56.677-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Sean Bright (seanbright) 2018-02-12 07:54:32.413-0600 I am not sure that this is something that we actually want to "fix." If {{chan_sip}} is replying with a 200 OK when authentication is required, that is a bug in {{chan_sip}}. Per [RFC 3261|https://tools.ietf.org/html/rfc3261] [Section 11.2 Processing of OPTIONS Request|https://tools.ietf.org/html/rfc3261#section-11.2]: {noformat} The response to an OPTIONS is constructed using the standard rules for a SIP response as discussed in Section 8.2.6. The response code chosen MUST be the same that would have been chosen had the request been an INVITE. That is, a 200 (OK) would be returned if the UAS is ready to accept a call, a 486 (Busy Here) would be returned if the UAS is busy, etc. This allows an OPTIONS request to be used to determine the basic state of a UAS, which can be an indication of whether the UAS will accept an INVITE request. {noformat} I'm all for feature parity with {{chan_sip}}, but I don't think we should be introducing a bug in {{chan_pjsip}} to accomplish that. By: Dan Popusoi (pumamd) 2018-08-14 07:54:49.319-0500 Maybe is possible to add option that will send to all SIP OPTIONS messages reply 200 OK. For example i have issues with native android SIP client SIP client send SIP OPTIONS as for keep-alive. After multiple received 401 replies, sip client decide to close connection and re-register to server after 5-10 seconds. This happen's with tcp transport. I think there is more sip clients with broken implementation also, asterisk as one of most popular sip server should have this option for such cases. By: Sean Bright (seanbright) 2021-04-23 12:38:53.134-0500 [~rossbeer], take the [attached patch|^0001-res_pjsip.c-OPTIONS-processing-can-now-optionally-sk.patch] for a spin. Should apply cleanly against Asterisk 16. Set {{allow_unauthenticated_options = yes}} on the relevant endpoint(s). By: Friendly Automation (friendly-automation) 2021-04-28 16:39:09.284-0500 Change 15831 merged by Friendly Automation: res_pjsip.c: OPTIONS processing can now optionally skip authentication [https://gerrit.asterisk.org/c/asterisk/+/15831|https://gerrit.asterisk.org/c/asterisk/+/15831] By: Friendly Automation (friendly-automation) 2021-04-29 07:44:44.146-0500 Change 15803 merged by George Joseph: res_pjsip.c: OPTIONS processing can now optionally skip authentication [https://gerrit.asterisk.org/c/asterisk/+/15803|https://gerrit.asterisk.org/c/asterisk/+/15803] By: Friendly Automation (friendly-automation) 2021-04-29 07:45:06.744-0500 Change 15830 merged by George Joseph: res_pjsip.c: OPTIONS processing can now optionally skip authentication [https://gerrit.asterisk.org/c/asterisk/+/15830|https://gerrit.asterisk.org/c/asterisk/+/15830] | ||||