12 Dec
2022
12 Dec
'22
11:53 p.m.
To be clear, the two t_newtran() calls in the main request_route were naturally a typo.
:-) Only the first one was intended.
On Dec 12, 2022, at 3:45 PM, Alex Balashov
<abalashov(a)evaristesys.com> wrote:
Hi,
Is there any good solution for the scenario of an auth_challenge() with two separate
transaction suspensions?
To clarify (simplified):
request_route {
...
t_newtran();
if(!is_present_hf("Authorization") &&
!is_present_hf("Proxy-Authorization")) {
auth_challenge("$fd", "1");
exit;
}
# TM suspend/continue
t_newtran();
async credentials query("RESUME_AUTH");
}
route[RESUME_AUTH] {
# Credentials received into PVs.
if(!pv_auth_check("...")) {
auth_challenge("$fd", "1");
exit;
}
# Create transaction shell if not exists already from auth query.
if(!t_lookup_request())
t_newtran();
# TM suspend/continue
async route query("RESUME_ROUTING");
}
route[RESUME_ROUTING] {
# Unmarshal etc.
t_relay(); # etc.
}
What happens here is that the first auth_challenge() results in a retransmission of its
407 challenge without absorbing the negative ACK. This is despite the ostensibly stateful
behaviour of auth_challenge() without "force_stateless_reply" enabled.
In this case, it eclipses the second, unrelated 407 challenge from the subsequent routing
query (407 challenge with +1 CSeq):
<Screenshot 2022-12-12 at 3.44.15 PM.jpeg>
-- Alex
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/