403 on invites from registered Firebrick devices

Luke_ · Post by **Luke_** » Fri May 14, 2021 8:29 am

1. Brekeke Product Name and Version: 3.10.5.6/517-11. We do have an older Brekeke in the network which is live but for this issue we spun up the latest evul version

2. Java version:
VM name OpenJDK 64-Bit Server VM
Version 11.0.11

3. OS type and the version:
Ubuntu 20.04.2 LTS / Tomcat 8.5.66

4. UA (phone), gateway or other hardware/software involved:
FireBrick/1.56.000 - going to be honest I don't know much about these

5. Your problem:
3rd party using the FireBrick is registering against our Brekeke. This bit works, no issues. However when an invite is sent to the brekeke it is always 403s it with an auth error. Looking at the logs I can see there is a java null point exception every time we try and put a call in

auth: Exception: 05/14/21 14:55:42.962
java.lang.NullPointerException: (depth=4)
com.brekeke.net.sip.auth.Authorization.authorization (null:-1)
com.brekeke.net.sip.auth.Authorization.authorization (null:-1)
com.brekeke.net.sip.sv.Dispatcher.authorization (null:-1)
com.brekeke.net.sip.sv.Dispatcher.run (null:-1)

auth: Exception: 05/14/21 15:00:37.992
java.lang.NullPointerException: (depth=4)
com.brekeke.net.sip.auth.Authorization.authorization (null:-1)
com.brekeke.net.sip.auth.Authorization.authorization (null:-1)
com.brekeke.net.sip.sv.Dispatcher.authorization (null:-1)
com.brekeke.net.sip.sv.Dispatcher.run (null:-1)

auth: Exception: 05/14/21 15:00:49.665
java.lang.NullPointerException: (depth=4)
com.brekeke.net.sip.auth.Authorization.authorization (null:-1)
com.brekeke.net.sip.auth.Authorization.authorization (null:-1)
com.brekeke.net.sip.sv.Dispatcher.authorization (null:-1)
com.brekeke.net.sip.sv.Dispatcher.run (null:-1)

So what i am thinking is that the firebrick is 'missing' a field or nulling it and Brekeke is not happy about that.

here is a wireshark dump of an invite, I have removed IPs and dialled numbers as they were real world numbers, but i cannot see what the issue is.

INVITE sip:<tonumber>@<to IP> SIP/2.0
Via: SIP/2.0/UDP <from IP>;branch=z9hG4bK2021051415553400015-1;rport
CSeq: 1 INVITE
Max-Forwards: 68
User-Agent: FireBrick/1.56.000
Authorization: Digest username="**********"
Call-ID: 2021051415553400015@2900-0601-0284-36
From: <sip:<sipUsername>@<from IP>>;tag=2021051415553400015
To: <sip:**********@<to IP>>
Contact: <sip:2021051415553400015@81.187.30.112>
Content-Type: application/sdp
Content-Length: 188

v=0
o=- 21902 0 IN IP4 <media IP>
s=call
c=IN IP4 <media IP>
t=0 0
m=audio 21902 RTP/AVP 8 101
a=rtpmap:8 pcma/8000
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv

Anyone able to provide an insight? I think the problem most likely resides with the Firebrick but I have no control over those devices and wondering if there is anything on brekekes side I might be able to do.

I have only one rule in my dial plan right now and I have set $auth=false but still getting auth errors

Anyone able to assist or provide a work around?

snuyzm · Post by **snuyzm** » Fri May 14, 2021 1:06 pm

Does Authorization: header have "realm" ?

Luke_ · Post by **Luke_** » Thu May 20, 2021 1:02 am

Morning Snuyzm

Sorry for the delay in coming back to you I have not been in the office this week

In answer to your question: No, there is no Realm, I only have Authentication Scheme: Digest
Username: <username>

snuyzm · Post by **snuyzm** » Thu May 20, 2021 8:03 pm

"realm" is required.

Since the device is registered in the SIP Server, so you can disable the Auth for INVITE with the following DialPlan rule.

[Matching Patterns]
$request = ^INVITE
$registeredSender = true

[Deploy Patterns]
$auth = false
$continue = true