Hi Bradley, Another option is to set: modparam("auth", "disable_nonce_check", 1)
Opensips has two mechanisms for making a nonce stale: the time-based mechanism (nonce_expire) and a use-once mechanism ('disable_nonce_check"). The 2nd mechanism doesn't set the stale=1 flag. Not sure why, but I think maybe because authors assume that if this happened it was a malicious attack, not a retransmission. The first mechanism will set stale=1. So you can perform auth statelessly, and even if you get retransmissions on the "edge" of your timer, the stale=1 should make everything recover. That said, if auth is taking > 500ms, you really might want to handle things statefully via t_newtran(), because otherwise you're always going to get retransmissions. Speaking of retransmissions and REGISTRATION, if you handle them statelessly you might want to change usrloc.cseq_delay from the default 20sec to ~32sec. With default value, any retransmissions that occur after 20sec and before a standard UAC stops restransmitting (32sec) will trigger a 4xx response (bad cseq). Regards, Kennard 2010/10/29 Stanisław Pitucha <virap...@gmail.com> > On 29/10/10 06:06, Bradley Falzon wrote: > > This issue had been discussed before on this list, I don't have the > > exact conversation, however, the advise seemed to be "make the proxy > > stateful". > > You can either look for the stale=true solution (I don't know how to > implement that one, I'd like to know the solution), or go stateful with: > > if (is_method("REGISTER")) > t_newtran(); > > at the beginning of the script. You still have a very short window of > time when the problem can happen, but it's much safer already. > > Regards, > Stan > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users