2010/3/17 Klaus Darilion klaus.mailinglists@pernau.at:
But that is not a spoofed reply, instead it's just a 100% valid reply with a different To-tag. It could occur if the called is a proxy which performs serial forking (so after some seconds our proxy receives responses with a new To-tag, i.e. the remote voicemail server).
Let's call it a malicious reply. I was talking about a false from-tag, not to-tag. Thus, tm will accept the 200 ok and terminate the transaction (if it is implemented RFC conform). If dialog module checks from-tag it probably will ignore the reply.
You are rigth, sorry, I understood "To-tag". Well, from the proxy point of view the transaction must end (even if
From tag doesn't match the dialog data), as the transaction layer is
not dialog aware.
But of course the dialog module would ignore the response as From-tag doesn't match, and that's the expected behavior (the UAC wouuld also ignore such response).
Anyway, I guess dialog module is only good as helper module but shouldn't be used as a reliable module (e.g. for security, accounting ...)
That's the question. Theorically dialog module is just a helper, but looking at OpenSIPS there are several modules offering functionality based on dialog module... so... It's like "it's not a secure/robust module but I don't care".