Branch: refs/heads/1.11 Home: https://github.com/OpenSIPS/opensips Commit: d188b1418068cb48884075ccb853cc06e9f7d875 https://github.com/OpenSIPS/opensips/commit/d188b1418068cb48884075ccb853cc06e9f7d875 Author: Liviu Chircu <li...@opensips.org> Date: 2016-05-24 (Tue, 24 May 2016)
Changed paths: M receive.c M tcp_main.c Log Message: ----------- Revert "Accept TCP aliases by default" This reverts commit d62bc967b0d6784d2baced88b895da57f3f4ab9a. Firstly, TCP connection reusage (RFC 5923) should only be employed between TLS endpoints - only TLS allows the endpoints to authenticate each other during connection setup, preventing unauthorized connection hijacking. Secondly, aside from any security considerations, RFC 5923 must not be employed fanatically (Proxy-Proxy, Edge-UA, UA-Proxy) on any TCP connection (especially disregarding the ";alias" Via parameter!), but rather only between adjacent SIP entities who can both initiate a connection towards each other, and also support the RFC. In the real world, we're basically only talking about the Proxy-Proxy usage case, as any SIP UA scenario will most likely involve some form of NAT and a Proxy that cannot open connections backwards, towards the UA. In these cases, TCP connection reusage is _completely_ out of the question, as a single UA might end up receiving all calls of all users behind their public IP. Thanks to Jonas Borjesson for reporting the problem in the first place. (cherry picked from commit 715339fdd25bc74797e6f978d164eb0c4d5669ce) Conflicts: net/net_tcp.c receive.c
_______________________________________________ Devel mailing list Devel@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel