2011/4/17 Juha Heinanen <j...@tutpro.com>: > if refer does not contain referred-by header, then there is no other > choice than to refuse it. otherwise (unless you keep call state) you > don't have any chance to know who sent the refer and what rights the > sender might have.
Keeping call state within a proxy is not reliable, even using dialog module. The proxy doesn't check that the RURI of an in-dialog Request matches the remote target of the existing dialog, neither matches the Route values in the in-dialog request. Anyhow I don't think the proxy should do all this stuf. Depending on our topology we can just ask for authentication for every in-dialog request (unless it comes from a trusted node as a PSTN gw) but without trying to check the identity of the in-dialog request originator. Well, the identity is asserted by the proxy after authentication success. During an in-dialog request it doesn't matter the From/To URI value (this is not true in an initial INVITE in which From is usually used for accounting and CLI. -- Iñaki Baz Castillo <i...@aliax.net> _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
