On Tue, Jun 24, 2008 at 5:20 PM, Ruud Klaver <ruud at ag-projects.com> wrote: >> Ruud, can you explain again exactly what kind of behavior that the >> proxy doesn't like about Route header? > > To be honest I don't have any personal experience with this, but I > understand that proxies are generally wary of the Route header, since > apparently they can open possibilities for relaying attacks. A relay > that does not do a check to see that the SIP URI in the Route header > is pointing to itself may simply discard the packet. > I think that should be the other way around. A proxy that worries about unauthorized relaying should check that the top-most Route contains its URI and discard the request if the request doesn't have this. And I think this is what I've experienced, hence the commented code in pjsip_process_route_set() in sip_uril.c. > In any case, I would prefer not to use the Route header and I was just > wondering if there was another way. If there isn't then please don't > worry about it. :) > Cool. But just fyi, that is against the recommendation in RFC 3261 section 8.1.1.1: In some special circumstances, the presence of a pre-existing route set can affect the Request-URI of the message. A pre-existing route set is an ordered set of URIs that identify a chain of servers, to which a UAC will send outgoing requests that are outside of a dialog. Commonly, they are configured on the UA by a user or service provider manually, or through some other non-SIP mechanism. When a provider wishes to configure a UA with an outbound proxy, it is RECOMMENDED that this be done by providing it with a pre-existing route set with a single URI, that of the outbound proxy. Cheers Benny > Ruud Klaver > AG Projects > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >
