[Devel] Processing REGISTER requests
Dan Pascu
dan at ag-projects.com
Thu Oct 6 17:45:04 CEST 2005
On Thursday 06 October 2005 15:24, Daniel-Constantin Mierla wrote:
> >1. take one sip account joe at domain.com and configure 2 phones in 2
> >different networks with that account and assign the same private IP to
> >both phones. They will overwrite each ones registration.
>
> With same private ip, the risk to have same call-id increases.
First I'd like to see some evidence of this. If you or someone else was
able to find such duplicate call-ids then please post your findings. Type
of UA that generates them, how often do they happen, etc. I hate to speak
on hypotheses, but so far this is what we did. I watched over my contact
database and I haven't yet spotted a duplicate call-id, except when
coming from the same phone and ser decided to add the contact because the
IP/port changed. But this is not a duplicated call-id.
Next, that's the whole point. With this method you only have some risk,
with the current method is certain.
> Agree, it is what I want to avoid, better have multiple contact
> addresses rather that overwrite other's contact. Lowering the expire
It's not better by any measure. I look in the contacts database and I see
I have 3 registered phones, while I only have 1 (your users will make
some conclusions about how reliable you are if you can't even keep track
correctly of them being online).
Then it opens you to security issues and identity theft.
I wouldn't say it's better, only that the problems it raises are more
bearable.
And overwrite vs duplicate it's not your choice. If you use
fix_nated_register() you will suffer from overwrites, if you use
fix_contact() you suffer from duplicates.
--
Dan
More information about the Devel
mailing list