The re-INVITE is a new transaction on an existing dialog Kamailio acts as a proxy so in general it doesn't care about the dialog state ( even if you involve the dialog module - it still doesn't care ) Mostly re-INVITE should contain all information to how to reach the endpoint ( in Route headers) ( if topology hiding isn't involved, but if it is involved then the server knows about the dialog anyway )
So, if you receive a re-INVITE with Route set where your proxy is involved - you may consider this request belongs existing dialog and avoid authentication as it contains to and from tags, as well as the same Call-ID, which fully describes a particular session, into which your proxy is involved. Even according https://www.rfc-editor.org/rfc/rfc3261.html#section-12.2 re-INVITEs MAY contain Record-Route headers, it would not affect the initial Routes set.
вт, 19 сент. 2023 г. в 11:00, Benoit Panizzon benoit.panizzon@imp.ch:
Hi List
At the moment, we challenge every invite (and re-invite) to make sure the customer is authenticated.
Now we have one kind of PBX, which never does not authenticate when we challenge a Re-Invite.
According to the vendor of that PBX's RFC interpretation, answering a challenge to a re-invite is optional. If that is ignored by the PBX, then the existing established dialog shall not end.
Unfortunately this causes the session timer to run out.
I am therefore wondering, if there is a safe way not to challenge re-invites.
A Re-Invite contains a To-Tag. So I could bypass authentication on presence of a to-Tag. But then, how do I prevent a customer to just set a spoofed To-Tag to circumvent authentication?
Is there a feasible way?
Mit freundlichen Grüssen
-Benoît Panizzon-
I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: