El Martes, 2 de Marzo de 2010, Andrei Pelinescu-Onciul escribió:
> tm: Reason header copy for received CANCELs
>
> When canceling branches due to a received CANCEL, use the Reason
> headers in the received CANCEL (all the Reason headers from the
> received CANCEL will be copied in the generated CANCELs, see
> RFC3326 for more details).
Hi Andrei, great addition. However there could be a minor security issue:
Perhaps it wouldn't be safe to propagate any Reason header coming in a CANCEL
from any sender (imagine you receive a malicius call at 5 o'clock in the night
and the hacker added "Reason" header to the CANCEL so you don't find that call
in the missed calls list of the phone).
- This local policy could be implemented as follows:
a) Enabling a flag in t_relay() that only makes sense for CANCEL rather than
INVITE, so:
if (is_method("CANCEL")) {
if ($si == MY_APPLICATION_SERVER_IP)
# Allow propagating "Reason" header.
t_relay(0x12);
else
t_relay();
}
or using an explicit flag:
if (is_method("CANCEL")) {
if ($si == MY_APPLICATION_SERVER_IP)
setflag(FLAG_ALLOW_CANCEL_REASON);
t_relay();
}
Opinions? Thanks a lot.
--
Iñaki Baz Castillo <[email protected]>
_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
