Hello,
normally the UA (callee) has to reject INVITE with To-tag if there is no active dialog for it, that's what 481 response is for.
Anyhow, if you track active calls with dialog module, there is a function that you can use to check if the re-INVITE is part of an active dialog. Or you can keep the relation between call-id and caller/callee in a hash table, which you can store at initial INVITE and check if it exists on re-INVITE. In that way you can make sure that the re-INVITE is after an initial invite.
Further checks can be done on src/dst IPs, re-INVITE comes with contact address in the R-URI, so it should not be the generic subscriber AoR. Route header(s) has to be there, etc. ...
Cheers, Daniel
On 19.09.23 10:31, Benoit Panizzon wrote:
Hi List
At the moment, we challenge every invite (and re-invite) to make sure the customer is authenticated.
Now we have one kind of PBX, which never does not authenticate when we challenge a Re-Invite.
According to the vendor of that PBX's RFC interpretation, answering a challenge to a re-invite is optional. If that is ignored by the PBX, then the existing established dialog shall not end.
Unfortunately this causes the session timer to run out.
I am therefore wondering, if there is a safe way not to challenge re-invites.
A Re-Invite contains a To-Tag. So I could bypass authentication on presence of a to-Tag. But then, how do I prevent a customer to just set a spoofed To-Tag to circumvent authentication?
Is there a feasible way?
Mit freundlichen Grüssen
-Benoît Panizzon-
I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: