Hi, I would like to share some experience using LCR under Kamailio 3.X in which there is no longer OPTIONS-based gateways monitorization.
Now, the way to dissable a gateway is by calling defunct_gw() in a failure_route block (i.e. when there is no response for a request and fr_timer fires). So it's based on a single request processing. This is dangerous and I will put a real example:
An ugly client sends us a request with a malformed P-Asserted-Identity as follows:
P-Asserted-Identity(sip@domain.com
Note that it's an *invalid* header. But Kamailio "allows" it and the request arrives to the GW. But the GW drops the request due to the malformed header so it sends NO reply at all. Then timeout occurs in the client transaction and failure_route block is called in which I call to defunct_gw().
Conclusion: an attacker could dissable my gws just by sending a simple malformed request. I strongly miss the monitorization feature in the old LCR module. And ever worse, I could make my own monitorization client by sending OPTIONS to all the gateways, but LCR module does not include a simple MI command to enable/dissable a gw so, what should I do? re-populate all the LCR tables and invoke LCR reload() MI command every time I detect a gw is offline/online?
Regards.