[Serusers] Authentication of ReInvite
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Feb 21 13:04:59 CET 2006
Pat wang wrote:
> Morning everyone,
>
> Has anyone tried authentication of Re-INVITE on SER? When I add the
> proxy_challenge to the ReInvite in the SER configure file, the ACK for
> 407 from the client is porxied by SER to the other side. The signalling
> looks like:
>
> caller----------------------SER---------------------Callee
> ------------------ normal call setup--------------------
> --------------------------blha blha-----------------------
> -------------------------------------------------------------
> ---call hold Re-Invite--->
> <--- 407 challenge------
> --------ACK----------------->
> -------------ACK---------> *** This is
> not to be proxied!
> ----ReInvite--------------->
> ----------------------etc etc............
>
> Anyone seen this while doing similar thing on SER? How can I stop SER
> proxing this ACK just like the way SER treat the original Invite with
> authentiacion?
>
> Here is the authentication part in the loose route block of my SER
> config file:
>
> if (method=="INVITE") {
> if (!proxy_authorize("test.com", "subscriber")) {
> proxy_challenge( "test.com", "0");
> break;
> };
> };
AFAIK, proxy challenge sends a stateless reply. ACK to stateless replies
should be absorbed by ser immediately without entering the ser.cfg
routing script. Thus, probably ser can't detect this ACK as stateless.
Please watch syslog (debug=4 and "tail -f /var/log/syslog|grep -v qm_")
and verify why ser does nto detect a "stateless" ACK.
Also verifiy the ACK if all the tags are correctly copied from 40x to
the ACK. Maybe this is cause by the branch=0 bug?
regards
klaus
More information about the sr-users
mailing list