Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • SIP Registration Process

    Încărcat de

    Asit Swain
    180 vizualizări2 pagini
    SIP

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    SIP

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    180 vizualizări2 pagini

    SIP Registration Process

    Încărcat de

    Asit Swain
    SIP

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 2

    Registration:

    Before we describe the flow of a typical SIP call, let's have a look at how SIP user agents
    register with a SIP registrar. The example below shows a situation where an SIP softphone
    (namely, the Ekiga client) registers with an Asterisk PBX. The Asterisk's IP address is
    10.10.1.99, while the client is at 10.10.1.13 and wants to register the telephone number
    13.
    In order to register, the SIP telephone needs the send the REGISTER request:

    The registrar server will immediately reply with the provisional response "100 Trying". This
    indicates that the request has been received (and thus the client does not need to
    retransmit it) and that it is being processed. While processing the request, the registrar
    discovers that the user agent needs to authenticate. It therefore responds with "401
    Unauthorized". For the user agent, this means that it has to send the REGISTER request
    once more, this time providing authentication.
    REGISTER sip: 10.10.1.99 SIP/2.0
    CSeq: 1 REGISTER
    Via: SIP/2.0/UDP 10.10.1.13:5060;
    branch=z9hG4bK78946131-99e1-de11-8845-080027608325;rport
    User-Agent: Ekiga/3.2.5
    From: <sip:13@10.10.1.99>
    ;tag=d60e6131-99e1-de11-8845-080027608325
    Call-ID: e4ec6031-99e1-de11-8845-080027608325@vvt-laptop
    To: <sip:13@10.10.1.99>
    Contact: <sip:13@10.10.1.13>;q=1
    Expires: 3600
    Content-Length: 0
    Max-Forwards: 70
    We probably do not need to show the "100 Trying" response. The text of the "401
    Unauthorized" message is as follows:
    SIP/2.0 401 Unauthorized
    Via: SIP/2.0/UDP 10.10.1.13:5060;
    branch=z9hG4bK78946131-99e1-de11-8845-080027608325;
    received=10.10.1.13;rport=5060
    From: <sip:13@10.10.1.99>;
    tag=d60e6131-99e1-de11-8845-080027608325

    To: <sip:13@10.10.1.99>;tag=as5489aead
    Call-ID: e4ec6031-99e1-de11-8845-080027608325@vvt-laptop
    CSeq: 1 REGISTER
    User-Agent: Asterisk PBX
    Supported: replaces
    WWW-Authenticate: Digest realm="atlanta.example.com", qop="auth",
    nonce="ea9c8e88df84f1cec4341ae6cbe5a359", opaque="", stale=FALSE,
    algorithm=MD5
    Content-Length: 0
    In the "401 Unauthorized" response, the important header is WWW-Authenticate:. It
    instructs the client to authenticate using the digest authentication (RFC2617). The nonce (a
    short for "number used once") parameter is a "challenge string". The client will combine the
    challenge string with the user's password and compute the MD5 hash of the resulting string.
    The server will compute its own hash using the same method and compare it with the MD5
    hash provided by the client. The digest authentication is the most frequently used method
    because the password is never sent over the network in plain text. The "basic"
    authentication has been deprecated in SIP 2.0 as it is insecure (sending a password in plain
    text is generally a bad idea).
    The realm parameter indicates the domain of the proxy server, so that the client knows
    which password to use. The qop (quality of protection) parameter indicates that the
    server supports integrity protection for either the request line alone (auth) or for both the
    request line and the message body (auth-int).
    Once the client computes the MD5 digest, it will re-send the REGISTER request. The
    message will look like this:
    REGISTER sip: 10.10.1.99 SIP/2.0
    CSeq: 2 REGISTER
    Via: SIP/2.0/UDP 10.10.1.13:5060;
    branch=z9hG4bK32366531-99e1-de11-8845-080027608325;rport
    User-Agent: Ekiga/3.2.5
    From: <sip:13@10.10.1.99>;
    tag=d60e6131-99e1-de11-8845-080027608325
    Call-ID: e4ec6031-99e1-de11-8845-080027608325@vvt-laptop
    To: <sip:13@10.10.1.99>
    Contact: <sip:13@10.10.1.13>;q=1
    Authorization: Digest username="bob", realm="atlanta.example.com"
    nonce="ea9c8e88df84f1cec4341ae6cbe5a359", opaque="",
    uri="sips: ss2.biloxi.example.com",
    response="dfe56131d1958046689d83306477ecc"
    Expires: 3600
    Content-Length: 0
    Max-Forwards: 70
    The registrar server will again first respond with "100 Trying" and then compare the two
    MD5 hashes (the one provided by the client with the one computed by the registrar itself).
    If they match, the registrar will respond with "200 OK" and insert the endpoint to the
    location database. The database is usually shared between the registrar and the proxy
    server so that the proxy can use it to contact users. The response "200 OK" contains one
    important parameter, Expires. It tells the client that the registration will expire after the
    given number of seconds and the client will be required to register again.

    S-ar putea să vă placă și