On Oct 15, 2010 at 04:31, Alex Balashov abalashov@evaristesys.com wrote:
On 10/15/2010 04:18 AM, Andrei Pelinescu-Onciul wrote:
Yes, it's a bug. It's just not something I've tested before, that's why I've asked. It should be fixed now.
Understandable, and thanks for the commit!
That's very strange. It should work. Could you send me a packet capture with re-challenged requests?
It has been sent to you privately.
Could you try with the auth_checks_* commented out?
It does indeed work, when I comment out:
#modparam("auth", "auth_checks_register", 15)
I wonder if not all of (1 | 2 | 4 | 8) that am trying to use there are actually appropriate for REGISTER.
Yes, that's the problem. You should not enable 4 (from_tag) for REGISTER, since that can change for the challenged request (confirmed by the dump you've sent me).
We probably should update the doc with some good examples and warnings.
I think the safest settings are: # r-uri, call-id and src_ip modparam("auth", "auth_checks_register", 11) # r-uri, src_ip (call-id and from might change) modparam("auth", "auth_checks_no_dlg", 9) # everything for in-dialog (r-uri, call-id, from_tag, src_ip) modparam("auth", "auth_checks_in_dlg", 15)
Could you also try only nonce_count and disabled one_time_nonce?
That does not work unless I disable the auth_register_checks above. That's clearly the issue.
Andrei