Hi Juha!
Out of curiosity, how do you handle out-of dialog requests with a pre-set route? If I would allow them, I would handle it this way:
if (loose_route) { if to-tag { # in-dialog, faked messages must # be handled by next hop t_relay break; }
# out-of dialog request if method==CANCEL { # that's fine t_relay() break; }
# check if it is a local user if is_from_local { if proxy_authorize { t_relay } else { proxy_challenge } break; }
# don't use my proxy to relay sl_send_reply("403","Relaying not allowed") break; }
Juha Heinanen wrote:
Klaus Darilion writes:
Thus, although the client is registered to C, C can not authenticate the INVITE as the domain enum.at does not appear in From: or To:
Proxy B (iptel.org) may request authentication from my client (as From: conatins iptel.org). But my stupid SIP phone can not authenticate against iptel while registered to enum.at
klaus,
i guess you misunderstood me. my original question was this:
If there is not tog-tag, I will reject the request.
what is the benefit of rejecting the request instead of calling loose_route() and then doing your normal (out-of-dialog) checks to the request?
i never suggested that you should try to authenticate in-dialog requests (which do have to-tag). what i questioned is why you would reject an INITIAL request, just because it includes a Route header, and you still haven't answered THAT question.
-- juha