Hello, normally the UA (callee) has to reject INVITE with To-tag if there is no active dialog for it, that's what 481 response is for.
Anyhow, if you track active calls with dialog module, there is a function that you can use to check if the re-INVITE is part of an active dialog. Or you can keep the relation between call-id and caller/callee in a hash table, which you can store at initial INVITE and check if it exists on re-INVITE. In that way you can make sure that the re-INVITE is after an initial invite. Further checks can be done on src/dst IPs, re-INVITE comes with contact address in the R-URI, so it should not be the generic subscriber AoR. Route header(s) has to be there, etc. ... Cheers, Daniel On 19.09.23 10:31, Benoit Panizzon wrote: > Hi List > > At the moment, we challenge every invite (and re-invite) to make sure > the customer is authenticated. > > Now we have one kind of PBX, which never does not authenticate when we > challenge a Re-Invite. > > According to the vendor of that PBX's RFC interpretation, answering a > challenge to a re-invite is optional. If that is ignored by the PBX, > then the existing established dialog shall not end. > > Unfortunately this causes the session timer to run out. > > I am therefore wondering, if there is a safe way not to challenge > re-invites. > > A Re-Invite contains a To-Tag. So I could bypass authentication on > presence of a to-Tag. But then, how do I prevent a customer to just set > a spoofed To-Tag to circumvent authentication? > > Is there a feasible way? > > Mit freundlichen Grüssen > > -Benoît Panizzon- > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > ______________________________________________________ > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy - Training Services -- asipto.com Kamailio World Conference - kamailioworld.com __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
