[OpenSIPS-Users] Registrations, Retransmissions and Nonces

Kennard White kennard_white at logitech.com
Fri Oct 29 17:56:20 CEST 2010


Hi Bradley,

Another option is to set:
modparam("auth", "disable_nonce_check", 1)

Opensips has two mechanisms for making a nonce stale: the time-based
mechanism (nonce_expire) and a use-once mechanism ('disable_nonce_check").
The 2nd mechanism doesn't set the stale=1 flag. Not sure why, but I think
maybe because authors assume that if this happened it was a malicious
attack, not a retransmission. The first mechanism will set stale=1. So you
can perform auth statelessly, and even if you get retransmissions on the
"edge" of your timer, the stale=1 should make everything recover.

That said, if auth is taking > 500ms, you really might want to handle things
statefully via t_newtran(), because otherwise you're always going to get
retransmissions.

Speaking of retransmissions and REGISTRATION, if you handle them statelessly
you might want to change usrloc.cseq_delay from the default 20sec to ~32sec.
With default value, any retransmissions that occur after 20sec and before a
standard UAC stops restransmitting (32sec) will trigger a 4xx response (bad
cseq).

Regards,
Kennard

2010/10/29 Stanisław Pitucha <viraptor at gmail.com>

> On 29/10/10 06:06, Bradley Falzon wrote:
> > This issue had been discussed before on this list, I don't have the
> > exact conversation, however, the advise seemed to be "make the proxy
> > stateful".
>
> You can either look for the stale=true solution (I don't know how to
> implement that one, I'd like to know the solution), or go stateful with:
>
> if (is_method("REGISTER"))
>   t_newtran();
>
> at the beginning of the script. You still have a very short window of
> time when the problem can happen, but it's much safer already.
>
> Regards,
> Stan
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20101029/f3fa619c/attachment.htm 


More information about the Users mailing list