Comment #5 on issue 1389 by [email protected]: ServerTransaction does
not timeout
http://code.google.com/p/mobicents/issues/detail?id=1389
Suppose I have a Server that only responds to SUBSCRIBEs, PUBLISHs and
OPTIONS.
If some client starts sending INFO requests to it within a SUBSCRIBE
dialog, the JAIN SIP
Provider will automatically create a transaction for it, and the Server
will never respond to it
(as no SBB is listening for a SIP INFO).
This will eventually lead to a memory leak at the application even though
it never had any bugs.
Going strictly by the spec, there is no timer defined in the "trying" state
for non-INVITE
server transactions..nor in the "proceeding" state.
However, this is a gaping hole in the spec, which can be easily exploited
to hijack a SIP
Server.
The reason for this gap is that Server transactions are supposed to absorb
retransmissions and
not generate them. Hence a timer is not required to audit responses sent on
STs.
In the non-INVITE client transactions, we have a timer in every state for
implementing
retransmissions. A natural side-effect being, that transactions are audited
and removed in case
of timeouts.
