[sr-dev] Crash - auth
Andrei Pelinescu-Onciul
andrei at iptel.org
Fri Oct 15 10:52:25 CEST 2010
On Oct 15, 2010 at 04:31, Alex Balashov <abalashov at evaristesys.com> wrote:
> On 10/15/2010 04:18 AM, Andrei Pelinescu-Onciul wrote:
>
> >Yes, it's a bug. It's just not something I've tested before,
> >that's why I've asked. It should be fixed now.
>
> Understandable, and thanks for the commit!
>
> >That's very strange. It should work.
> >Could you send me a packet capture with re-challenged requests?
>
> It has been sent to you privately.
>
> >Could you try with the auth_checks_* commented out?
>
> It does indeed work, when I comment out:
>
> #modparam("auth", "auth_checks_register", 15)
>
> I wonder if not all of (1 | 2 | 4 | 8) that am trying to use there
> are actually appropriate for REGISTER.
Yes, that's the problem. You should not enable 4 (from_tag) for
REGISTER, since that can change for the challenged request (confirmed by
the dump you've sent me).
We probably should update the doc with some good examples and warnings.
I think the safest settings are:
# r-uri, call-id and src_ip
modparam("auth", "auth_checks_register", 11)
# r-uri, src_ip (call-id and from might change)
modparam("auth", "auth_checks_no_dlg", 9)
# everything for in-dialog (r-uri, call-id, from_tag, src_ip)
modparam("auth", "auth_checks_in_dlg", 15)
>
> >Could you also try only nonce_count and disabled one_time_nonce?
>
> That does not work unless I disable the auth_register_checks above.
> That's clearly the issue.
Andrei
More information about the sr-dev
mailing list