17 Mar
2010
17 Mar
'10
1:18 p.m.
2010/3/17 Klaus Darilion <klaus.mailinglists(a)pernau.at>at>:
You are rigth, sorry, I understood "To-tag".
Well, from the proxy point of view the transaction must end (even if
But that is
not a spoofed reply, instead it's just a 100% valid reply
with a different To-tag. It could occur if the called is a proxy which
performs serial forking (so after some seconds our proxy receives
responses with a new To-tag, i.e. the remote voicemail server).
Let's call it a malicious reply. I was talking about a false from-tag, not
to-tag. Thus, tm will accept the 200 ok and terminate the transaction (if it
is implemented RFC conform). If dialog module checks from-tag it probably
will ignore the reply. From tag doesn't match the dialog data), as the
transaction layer is
not dialog aware.
But of course the dialog module would ignore the response as From-tag
doesn't match, and that's the expected behavior (the UAC wouuld also
ignore such response).
Anyway, I guess dialog module is only good as helper
module but shouldn't be
used as a reliable module (e.g. for security, accounting ...)
That's the question. Theorically dialog module is just a helper, but
looking at OpenSIPS there are several modules offering functionality
based on dialog module... so... It's like "it's not a secure/robust
module but I don't care".
--
Iñaki Baz Castillo
<ibc(a)aliax.net>