To be clear, the two t_newtran() calls in the main request_route were naturally a typo. :-) Only the first one was intended.
On Dec 12, 2022, at 3:45 PM, Alex Balashov abalashov@evaristesys.com wrote:
Hi,
Is there any good solution for the scenario of an auth_challenge() with two separate transaction suspensions?
To clarify (simplified):
request_route { ... t_newtran(); if(!is_present_hf("Authorization") && !is_present_hf("Proxy-Authorization")) { auth_challenge("$fd", "1"); exit; } # TM suspend/continue t_newtran(); async credentials query("RESUME_AUTH"); } route[RESUME_AUTH] { # Credentials received into PVs. if(!pv_auth_check("...")) { auth_challenge("$fd", "1"); exit; } # Create transaction shell if not exists already from auth query. if(!t_lookup_request()) t_newtran(); # TM suspend/continue async route query("RESUME_ROUTING"); } route[RESUME_ROUTING] { # Unmarshal etc. t_relay(); # etc. }What happens here is that the first auth_challenge() results in a retransmission of its 407 challenge without absorbing the negative ACK. This is despite the ostensibly stateful behaviour of auth_challenge() without "force_stateless_reply" enabled.
In this case, it eclipses the second, unrelated 407 challenge from the subsequent routing query (407 challenge with +1 CSeq):
<Screenshot 2022-12-12 at 3.44.15 PM.jpeg> -- Alex
-- Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/