On 05/31/2012 07:37 AM, Benoit Panizzon wrote:
Hi MattIt's not a bug - decrementing the CSeq header field value is directly in violation of RFC 3261. From section 22.2: When a UAC resubmits a request with its credentials after receiving a 401 (Unauthorized) or 407 (Proxy Authentication Required) response, it MUST increment the CSeq header field value as it would normally when sending an updated request.I sent this to the developers of the C3 Softswitch. They answered by quoting this part from RFC 3261, 8.1.3.5 Processing 4xx Responses: If a 401 (Unauthorized) or 407 (Proxy Authentication Required) response is received, the UAC SHOULD follow the authorization procedures of Section 22.2 and Section 22.3 to retry the request with credentials. [...] In all of the above cases, the request is retried by creating a new request with the appropriate modifications. This new request constitutes a new transaction and SHOULD have the same value of the Call-ID, To, and From of the previous request, but the CSeq should contain a new sequence number that is one higher than the previous. Here it says it should, so a lower CSEQ is allowed and asterisk is wrong they say. Well I'll quote them the _MUST_ part of section 22.2
... and this is why many members of the IETF community now refuse to allow SHOULD and SHOULD NOT to appear in new RFCs. They have a very clear meaning, and yet implementors choose to provide their own 'meaning'.
In this case, as in all RFCs, the SHOULD here means that the implementation should choose this option, because if it does not, interoperability (or even basic operation) is likely to suffer. I'll look to see if there has been errata filed for this lowercase 'should' in RFC 3261.
-- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: [email protected] | SIP: [email protected] | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
