[sr-dev] [kamailio/kamailio] ims_ipsec_pcscf: dummy AOR sip:you@kamailio.org prevents ipsec_destroy() from finding contact (Issue #3570)

[jbipre2]

### Description
Have two 4G UE's registered (over Open5GS CN / Amarisoft eNB): UE1 (OnePlus) 
connects to P-CSCF over UDP, UE2 (Huawei) connects using IPSec SA.
Immediately after registration, VoLTE calls work from UE1 to UE2 and 
vice-versa; but after some time, only from UE2 to UE1. Calls initiated from UE1 
fail with a "network error" message.

Following Kamailio logfile extract shows periodic OPTIONS processing failing 
(cause unknown to me) leading to de-registration:
```
Sep 14 00:56:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via 
sip:10.46.0.11:5060;transport=tcp...
Sep 14 00:56:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 00:57:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via 
sip:10.46.0.11:5060;transport=tcp...
Sep 14 00:57:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 00:58:01 corsa03 p-cscf[8124]: INFO: cdp [authstatemachine.c:270]: 
auth_client_statefull_sm_process(): after callback of event 1
Sep 14 00:58:01 corsa03 p-cscf[8134]: INFO: cdp [authstatemachine.c:270]: 
auth_client_statefull_sm_process(): after callback of event 17
Sep 14 00:58:01 corsa03 p-cscf[8134]: INFO: cdp [authstatemachine.c:425]: 
auth_client_statefull_sm_process(): state machine: AUTH_EV_RECV_STA about to 
clean up
Sep 14 00:58:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via 
sip:10.46.0.11:5060;transport=tcp...
Sep 14 00:58:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 00:58:37 corsa03 p-cscf[8124]: NOTICE: <script>:   request sent to 
sip:001010000051194@10.46.0.6:31907: Fail Counter is 1
Sep 14 00:59:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via 
sip:10.46.0.11:5060;transport=tcp...
Sep 14 00:59:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 00:59:37 corsa03 p-cscf[8124]: NOTICE: <script>:   request sent to 
sip:001010000051194@10.46.0.6:31907: Fail Counter is 2
Sep 14 01:00:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via 
sip:10.46.0.11:5060;transport=tcp...
Sep 14 01:00:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 01:00:37 corsa03 p-cscf[8124]: NOTICE: <script>:   request sent to 
sip:001010000051194@10.46.0.6:31907: Fail Counter is 3
Sep 14 01:01:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:67435055-f201-4c46-a31f-10b7f30c9574@10.46.0.11:5060 via 
sip:10.46.0.11:5060;transport=tcp...
Sep 14 01:01:07 corsa03 p-cscf[8138]: INFO: <script>: OPTIONS to 
sip:001010000051194@10.46.0.6:31907 via sip:10.46.0.6:31907;transport=tcp...
Sep 14 01:01:37 corsa03 p-cscf[8124]: NOTICE: <script>:   request sent to 
sip:001010000051194@10.46.0.6:31907: Fail Counter is 4
Sep 14 01:01:37 corsa03 p-cscf[8124]: NOTICE: <script>:   Unregistering 
sip:001010000051194@10.46.0.6:31907;alias=10.46.0.6~31907~2

```
But now the dummy AOR: sip:y...@kamailio.org is used by ipsec_destroy(),  
instead of UE2's AOR: sip:001010000051194@10.46.0.6:31907:

```
Sep 14 01:01:37 corsa03 p-cscf[8124]: NOTICE: <script>:   Unregistering 
sip:001010000051194@10.46.0.6:31907;alias=10.46.0.6~31907~2
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_ipsec_pcscf [cmd.c:198]: 
fill_contact(): using original uri for contact filling: sip:y...@kamailio.org
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: <core> [core/mem/q_malloc.c:373]: 
qm_malloc(): qm_malloc(0x7f73e298e010, 50) called from ims_ipsec_pcscf: cmd.c: 
fill_contact(282)
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: <core> [core/mem/q_malloc.c:416]: 
qm_malloc(): qm_malloc(0x7f73e298e010, 56) returns address 0x7f73e2c5a0f8 frag. 
0x7f73e2c5a0c0 (size=56) on 1 -th hit
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_ipsec_pcscf [cmd.c:333]: 
fill_contact(): SIP REQUEST fill contact with AOR [sip:y...@kamailio.org], VIA 
[0://kamailio.org:5060], received_host [1://1.0.0.127:5060]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [usrloc.c:157]: 
get_aor_hash(): Returning hash: [4128780523]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [usrloc.c:148]: 
get_hash_slot(): Returning hash slot: [235]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:459]: 
get_pcontact_from_cache(): Searching for contact with AOR 
[sip:y...@kamailio.org] in P-CSCF usrloc based on VIA [0://kamailio.org:5060] 
Received [1://1.0.0.127:5060], Search flag is 0, reverse_search 0
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:469]: 
get_pcontact_from_cache(): Have an AOR to search for
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:474]: 
get_pcontact_from_cache(): checking for rinstance
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [usrloc.c:157]: 
get_aor_hash(): Returning hash: [4128780523]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:509]: 
get_pcontact_from_cache(): get_pcontact slot is [235]
Sep 14 01:01:37 corsa03 p-cscf[8124]: DEBUG: ims_usrloc_pcscf [udomain.c:642]: 
get_pcontact_from_cache(): contact not found in memory
Sep 14 01:01:37 corsa03 p-cscf[8124]: ERROR: ims_ipsec_pcscf [cmd.c:1062]: 
ipsec_destroy(): Contact doesn't exist
```
I assume that ipsec_destroy() determines that the contact doesn't exist, so no 
change can be made to any SA.
The ipsec_destroy() function call in pcscf/kamailio.cfg is used as follows:
```
event_route[uac:reply] {
#!ifdef WITH_DEBUG
        xnotice("request sent to $uac_req(ruri) completed with code: 
$uac_req(evcode), Type $uac_req(evtype)\n");
#!endif
        if (($uac_req(evtype) != 1) || ($uac_req(evcode) != 200)) {
                if ($sht(natpingfail=>$uac_req(ouri)) == $null) {
                        $sht(natpingfail=>$uac_req(ouri)) = 1;
                } else {
                        $sht(natpingfail=>$uac_req(ouri)) = 
$sht(natpingfail=>$uac_req(ouri)) + 1;
                }
                xnotice("  request sent to $uac_req(ruri): Fail Counter is 
$sht(natpingfail=>$uac_req(ouri))\n");
                if ($sht(natpingfail=>$uac_req(ouri)) > 3) {
                        if ($(uac_req(ouri){uri.transport}) == "tcp") {
                                $var(alias) = 
"alias="+$(uac_req(ouri){uri.host})+"~"+$(uac_req(ouri){uri.port})+"~2";
                        } else if ($(uac_req(ouri){uri.transport}) == "tls") {
                                $var(alias) = 
"alias="+$(uac_req(ouri){uri.host})+"~"+$(uac_req(ouri){uri.port})+"~3";
                        } else {
                                $var(alias) = 
"alias="+$(uac_req(ouri){uri.host})+"~"+$(uac_req(ouri){uri.port})+"~1";
                        }
                        xnotice("  Unregistering $uac_req(ruri);$var(alias)\n");
                        setdebug("9");
                        ipsec_destroy("location");
                        pcscf_unregister("location", 
"$uac_req(ruri);$var(alias)", "$(uac_req(ouri){uri.host})", 
"$(uac_req(ouri){uri.port})");
                        resetdebug();
                        sht_lock("natping=>natpinglock");
                        $sht(natping=>$uac_req(ouri)) = $null;
                        sht_unlock("natping=>natpinglock");

                        sht_lock("natpingfrom=>natpingfromlock");
                        $sht(natpingfrom=>$uac_req(ouri)) = $null;
                        sht_unlock("natpingfrom=>natpingfromlock");

                        $sht(natpingfail=>$uac_req(ouri)) = $null;
                }
        } else {
                $sht(natpingfail=>$uac_req(ouri)) = $null;
        }
}
```
How do I ensure that ipsec_destroy() receives a real AOR, and not the dummy 
(default?) value sip:y...@kamailio.org?

### Additional Information
```
version: kamailio 5.7.1 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, 
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, 
F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, 
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, 
TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, 
BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled on 17:01:00 Aug 12 2023 with x86_64-pc-linux-gnu-gcc 13.2.0
```

* **Operating System**:
```
Linux corsa03 6.5.2-gentoo-x86_64 #2 SMP PREEMPT_DYNAMIC Thu Sep  7 15:16:58 
CEST 2023 x86_64 AMD EPYC 7513 32-Core Processor AuthenticAMD GNU/Linux
```


-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3570
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/issues/3...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org