[reSIProcate] ACK relay question
Scott Godin
slgodin at icescape.com
Thu Feb 1 09:23:21 CST 2007
Hi Byron,
You made the following comment RequestContext:
// !bwc! Someone is using us to relay an ACK, but host in
// From isn't ours, host in request-uri isn't ours, and no
// Route headers. Refusing to do so.
I'm curious why we have this code in repro - is this supposed to protect
us from some sort of attack, or some security issues?
We have a case where we are modifying the From headers of requests sent
through repro, in order to get the display on end UA's the way we want
it. This chunk of code ends up dropping our ACKS if the domain in the
from is not "owned" by repro. Note: it is common for the request uri
to not match our domain, when routing using a mid-dialog request by
using the contact header - since it is quite common to contain the ip
address of the UA not the registered AOR.
I'm thinking of providing a command line option - something like
"forward all ACKs", in order to disable this checking. Any concerns?
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070201/5810343e/attachment.htm>
More information about the resiprocate-devel
mailing list