[asterisk-dev] [Code Review] 2590: chan_pjsip: Security Events

Joshua Colp reviewboard at asterisk.org
Tue Jun 4 12:21:02 CDT 2013 


> On June 4, 2013, 5:18 p.m., Michael Young wrote:
> > /team/group/pimp_my_sip/res/res_sip/security_events.c, lines 153-155
> > <https://reviewboard.asterisk.org/r/2590/diff/1/?file=39086#file39086line153>
> >
> >     Curious about this... besides the fact that the red blob stood out.
> >     
> >     To match chan_sip events, should we put the challenge (nonce) that we sent in here so that we can compare it to the challenge received (nonce) from the endpoint?  That might help a consumer of the logs to determine if a stale nonce is being used or not by the endpoint.
> >     
> >     Just a thought I wanted to throw out there.

It's not possible with the design, a challenge is not tied to a specific dialog/call-id (it's not supposed to be, and doing so can actually cause interop problems).


- Joshua


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2590/#review8789
-----------------------------------------------------------


On June 4, 2013, 3:55 p.m., Joshua Colp wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2590/
> -----------------------------------------------------------
> 
> (Updated June 4, 2013, 3:55 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> This change causes chan_pjsip to emit security events during various scenarios.
> 
> 
> Diffs
> -----
> 
>   /team/group/pimp_my_sip/res/res_sip/security_events.c PRE-CREATION 
>   /team/group/pimp_my_sip/res/res_sip.exports.in 390396 
>   /team/group/pimp_my_sip/include/asterisk/res_sip.h 390396 
>   /team/group/pimp_my_sip/res/res_sip/sip_distributor.c 390396 
>   /team/group/pimp_my_sip/res/res_sip_registrar.c 390396 
> 
> Diff: https://reviewboard.asterisk.org/r/2590/diff/
> 
> 
> Testing
> -------
> 
> Ran into the various situations (by purposely modifying the code or actually doing it) and confirmed the security event framework was getting called with proper information.
> 
> 
> Thanks,
> 
> Joshua Colp
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130604/8efd4f0c/attachment.htm>

More information about the asterisk-dev mailing list