[OpenSIPS-Users] Contents of ACK in up-to-date RFC 3261
Robert Borz
robert.borz at web.de
Thu Jan 22 12:33:08 CET 2009
Hi Bogdan,
thanks a lot for your response!
So... you're exactly saying where I run into. ;)
Did you read my last mails with the subject "consume_credentials doesn't work with auth_radius module"?
Maybe you can help me just by telling me what's the way people do in production.
So... concerning my current configuration, I think I have the clue right now, what the problem is.
If an unauthorized INVITE comes in, my SER does radius_proxy_authorize() - no problem here. But, to the 200 OK (Call answered), the ACK of my client also contains the proxy authorization credentials, which is loose-routed. And now, the is_present_hf("Proxy-Authorization") function returns true (which is correct if the UAC includes the credentials in the ACK), but consume_credentials() returns an error, because it doesn't know that it has verified (and marked) the credentials before.
How to proceed in this case....
-----Original Message-----
From: bogdan at voice-system.ro [mailto:bogdan at voice-system.ro]
Sent: Thursday, January 22, 2009 8:41 AM
To: Robert Borz
Cc: users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] Contents of ACK in up-to-date RFC 3261
Hi Robert,
Robert Borz wrote:
> Just had a look at RFC 3261... 269 pages... well, looks for a hard work for one day... but it isn't written to understand and answer my dumb questions within one or two hours. ;)
>
indeed, the RFC3261 is like a novel :).....
> So, just want to know which contents in an ACK message are allowed in which case...
>
> Especially, I'm interested in which contents in an ACK are allowed in a response to a 200 OK (after INVITE)... is the Proxy-Authorization header field allowed in an ACK as response to a 200 OK of an INVITE?
>
yes, it is optional - see the RFC3261, section 20.1 , page 163 - Table 3
> Maybe someone read my previous two mails, I'm a little confused right now...
>
> I detected different behaviour between different UACs, which is nothing unusual for me (I'm just a developer, too).
>
> X-Lite for example includes the digest-credentials in an ACK packet in the Proxy-Authorization header field, whereas the snom-softphone does not.
> The Ekige softphone for windows also includes the Proxy-Authorization header field.
>
> So, which behaviour is standard? It would be great to get any help from you... just to spare the time reading the whole RFC... :-(
>
well, all are correct, as the header presence in the ACK request is
optional....
My understanding on the RFC (on the auth matter) is that if the INVITE
has an "Proxy-Authorization" headers, the ACK should also contain
one...but it is not a must, it is a recommendation. The idea is, if the
proxy asked for auth for INVITE, it might ask for the ACK also....but as
you cannot challenge the ACK, the client should pre-fill the auth in ACK.
Regards,
Bogdan
> <lying>But, I don’t mind reading it...</lying> ;-P
>
>
> Robert.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list