[OpenSIPS-Users] B2BUA, authenticated INVITEs with "ACK for a negative reply"

[Nathan Ward]

> On 29/11/2016, at 9:26 PM, Răzvan Crainea <razvan at opensips.org> wrote:
> 
> On 11/29/2016 04:09 AM, Nathan Ward wrote:
>>> On 29/11/2016, at 5:25 AM, Răzvan Crainea <razvan at opensips.org> wrote:
>>> 
>>> Hi, Nathan!
>>> 
>>> Have you tried calling b2b_init_request() with the "a" flag [1]?
>>> 
>>> [1] http://www.opensips.org/html/docs/modules/2.2.x/b2b_logic.html#id294010
>> Hi,
>> 
>> Yes I have. This passes through the authentication challenge headers in the 401/407, and then any subsequent response headers in the new INVITE.
>> 
>> b2b_logic/logic.c:1239 calls b2b_mark_todel, after forwarding the message - because it is marked to_del, the ACK that the originator of the INVITE sends in response to the 401/407 deletes the session.
>> 
>> I don’t understand how this flag is intended to be used, as there doesn’t seem to be anything in the code to avoid setting to_del if the response is a 401/407 (or anything >=300, actually) with auth challenge headers. All it does is pass through the headers, but as it deletes the session, a new Call-ID is issued by B2BUA when the authenticated invite is generated.
>> 
> Hi, Nathan!
> 
> Yes, you are right, the flag simply passes the auth headers between the two legs.
> So you were saying that you were only using b2b for topology hiding? If so, why not using directly the topology_hiding module[1]?

Sure that’s an option, however I would like to understand the B2BUA module better.
What is the use case for passing authentication headers if the B2BUA instance is shut down when a challenge (401/407) passes through?

--
Nathan Ward