On Wednesday 07 January 2009, Iñaki Baz Castillo wrote: > 2009/1/7 Dan Pascu <[email protected]>: > > On Wednesday 07 January 2009, Iñaki Baz Castillo wrote: > >> 2009/1/7 Dan Pascu <[email protected]>: > >> > But then I can send one with the proper ruri, but a different > >> > route set that puts me in the front of the gateway, so when I > >> > receive the BYE, instead of forwarding it to the gateway as the > >> > route set requests, I reply myself with a 200 OK making it look > >> > like it came from the gateway. > >> > >> This could be avoiding by examinating the $dd value. If it's set it > >> means that a Route header exists, so we could reject the BYE. But > >> this would break a complex scenario with varios sequential proxies > >> doing loose-routing. > > > > You can't. I can build a reply that looks genuine. All I have to do > > is place myself between the proxy and the gateway in the route set > > and if the proxy doesn't disallow the modified route set it can't > > tell who gave the 200 OK to the BYE. > > But I mean that the proxy would reject the BYE if it contains a route > set after the proxy does loose-routing, so the only valid destination > is the RURI (and the proxy can check if the RURI is the gateway).
Why would I do that? I commonly have cases where between the UAC and the gateway I have more than 1 proxy in the path. Then again, as I said, if you go to check the route set, you're less a proxy and more a b2bua. A pure proxy should simply honor the route set and send to the next hop. -- Dan _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
