11 Dec
2013
11 Dec
'13
9:29 p.m.
Le Mon, 9 Dec 2013 23:30:44 +0100,
Carsten Bock <carsten(a)ng-voice.com> a écrit :
Hi Camille,
i've changed it in GIT master to the following behaviour:
1) Lookup based on Contact
1a) compare Received-Info (IP, Port, Proto), if Contact was found
2) Fallback to the old behaviour (directly looking for IP, Port,
Proto) otherwise.
Hi Carsten,
this looks nice, thanks. As Hugh Waite pointed, getContactP() always
fails (no fallback) when no Contact header is present, and would
prevent from using pcscf_is_registered() and pcscf_assert_identity() to
be used on Contact-less requests. For my use, this is not a problem,
and I see the fallback method as a potential way to make DoS attacks on
a P-CSCF, when a lot of contacts are registered, since id does a
sequential search, so I would rather not use it at all.
Maybe this fallback behavior should be made optional by configuration.
I'll add this when possible.
Cheers
--
Camille