Brett, The standard does not foresee including 'received' in the comparison. I guess it could help in case one is concerned about bogus sent-by values (ie host names / IP addresses), but adding special processing for clients that are not following the rules is IMHO a bad idea. Better to treat such a request as a retransmission, they're asking for it
Regards, Jeroen Brett Tate wrote: > Greetings, > > RFC3261 section 17.2.3 indicates that the Via sent-by is used as part > of the transaction matching when the magic cookie is present. The Via > sent-by usually reflects the meaning presented within Via's bnf. Does > the "sent-by" portion of the matching rules really just include Via's > "sent-by" or would it somehow also include Via's "received" > instead/also when present? > > The following "malicious" text from 17.2.3 is what always causes me a > little confusion since duplicating sent-by seems relatively easy if > someone is actually maliciously duplicating the branch. > > " The sent-by value is used as part of the matching process because > there could be accidental or malicious duplication of branch > parameters from different clients." > > > Thanks is advance for a response, > Brett > > _______________________________________________ > Sip-implementors mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
