Hello,
normally the UA (callee) has to reject INVITE with To-tag if there is no
active dialog for it, that's what 481 response is for.
Anyhow, if you track active calls with dialog module, there is a
function that you can use to check if the re-INVITE is part of an active
dialog.
Or you can keep the relation between call-id and caller/callee in a hash
table, which you can store at initial INVITE and check if it exists on
re-INVITE. In that way you can make sure that the re-INVITE is after an
initial invite.
Further checks can be done on src/dst IPs, re-INVITE comes with contact
address in the R-URI, so it should not be the generic subscriber AoR.
Route header(s) has to be there, etc. ...
Cheers,
Daniel
On 19.09.23 10:31, Benoit Panizzon wrote:
Hi List
At the moment, we challenge every invite (and re-invite) to make sure
the customer is authenticated.
Now we have one kind of PBX, which never does not authenticate when we
challenge a Re-Invite.
According to the vendor of that PBX's RFC interpretation, answering a
challenge to a re-invite is optional. If that is ignored by the PBX,
then the existing established dialog shall not end.
Unfortunately this causes the session timer to run out.
I am therefore wondering, if there is a safe way not to challenge
re-invites.
A Re-Invite contains a To-Tag. So I could bypass authentication on
presence of a to-Tag. But then, how do I prevent a customer to just set
a spoofed To-Tag to circumvent authentication?
Is there a feasible way?
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web
http://www.imp.ch
______________________________________________________
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Daniel-Constantin Mierla (@
asipto.com)
twitter.com/miconda --
linkedin.com/in/miconda
Kamailio Consultancy - Training Services --
asipto.com
Kamailio World Conference -
kamailioworld.com