Juha Heinanen wrote:
Klaus Darilion writes:
What would be a normal (out-of-dialog) check?
the same checks you do for initial requests that don't have Route header, i.e., check if domain of request uri is local, authenticate caller if local, etc.
I do not check them, as this always caused problems in forwarding sceanrios. Consider the following example.
A: sip:a@a.com B: sip:klaus@iptel.org C: sip:klaus@enum.at
I made a permanent location entry in proxy B (iptel.org) to forward all my calls to my primary SIP account (klaus@enum.at).
A calls B and C will pick up the call. Now, C puts the call on hold. The reINVITE will be loose_route processed from C, B, and A.
The INVITE looks like: INVITE ... From: sip:klaus@iptel.org To: sip:a@a.com
Thus, although the client is registered to C, C can not authenticate the INVITE as the domain enum.at does not appear in From: or To:
Proxy B (iptel.org) may request authentication from my client (as From: conatins iptel.org). But my stupid SIP phone can not authenticate against iptel while registered to enum.at
Thus, I do not authenticate loose_route requests. I just check if it is in-dialog. Thus, bad requests can handled by the other SIP client. I don't like my setup, but I'm not aware how to overcome the presented problem. Any hints?
regards, klaus
-- juha