<div dir="ltr"><div><div><div><div><div><div><div><div>Hey,<br></div><br></div>Thanks for the reply! Actually it's the entire logic that baffles me.<br><br></div>It is not uncommon for a UAC (say at 192.168.1.1) to send out an INVITE which is formed like this:<br></div>* R-URI: kamailio's URI<br></div>* From: <a href="mailto:username@192.168.1.1">username@192.168.1.1</a><br></div>* To: irrelevant<br></div><div><br></div>What I'm saying is that this SIP message will fail all conditional checks of the AUTH route, and will return to the main routing block. In other words, this INVITE will be processed without having been challenged.<br><br></div>Am I wrong in thinking that in any way?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 2 August 2017 at 21:41, Jurijs Ivolga <span dir="ltr"><<a href="mailto:jurijs.ivolga@gmail.com" target="_blank">jurijs.ivolga@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi George,<br><br></div>If you are asking about this part:<span class=""><br><br>if (from_uri!=myself && uri!=myself) {<br> sl_send_reply("403","Not relaying");<br> exit;<br> }<br><br></span></div>Then this mean that we do not want to deal with sip requests which not send to us or not by us. So any request which is not related to us we will not serve.<br><br></div><div>Keep in mind that "to" header by sip RFC can contain anything and we don't care in most cases what is there.<br><br><a href="https://tools.ietf.org/html/rfc3261#page-36" target="_blank">https://tools.ietf.org/html/<wbr>rfc3261#page-36</a><br></div><div><br></div>With kind regards,<br></div><div class="gmail_extra"><br clear="all"><div><div class="m_-1753560337998923907gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Jurijs<br></div></div></div>
<br><div class="gmail_quote"><div><div class="h5">On Wed, Aug 2, 2017 at 4:01 PM, George Diamantopoulos <span dir="ltr"><<a href="mailto:georgediam@gmail.com" target="_blank">georgediam@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div><div><div><div><div><div><div>Hello again,<br><br>Still getting familiar with kamailio, and I'm wondering about the AUTH route in the example configuration file. Here's a reducted-simplified version of it for reference (from git master, without IP AUTH and comments):<br><br>______________________________<wbr>________________<br>route[AUTH] {<br> if (is_method("REGISTER") || from_uri==myself) {<br> if (!auth_check("$fd", "subscriber", "1")) {<br> auth_challenge("$fd", "0");<br> exit;<br> }<br> if(!is_method("REGISTER|PUBLIS<wbr>H"))<br> consume_credentials();<br> }<br> if (from_uri!=myself && uri!=myself) {<br> sl_send_reply("403","Not relaying");<br> exit;<br> }<br> return;<br>}<br>______________________________<wbr>________________<br><br>So the way I see it, what happens is the following:<br><br>* All REGISTERs will be challenged<br>* All SIP messages with kamailio's aliases in the "From" header URI will be challenged<br>* All SIP messages with no reference to kamailio's aliases in both R-URI and "From" header URI will be dropped<br><br>The question is, what about messages that do not enter either of the two conditionals? For example, I expect the following to be very common:<br><br>* Method: INVITE<br>* R-URI: myself<br>* From: username@"UAC's local IP address" (not myself)<br>* To: myself<br><br></div>So in the example above, the auth route will return without either having challenged or dropped the request, am I correct? This is because:<br><br></div>* For the challenge: Method is not REGISTER and "From URI" is not one of kamailio host's aliases (c<span id="m_-1753560337998923907m_-1527416637510506381gmail-result_box" class="m_-1753560337998923907m_-1527416637510506381gmail-short_text" lang="en"><span class="m_-1753560337998923907m_-1527416637510506381gmail-">umulatively)</span></span></div></div>* For dropping after sending 403: "From URI" is not one of kamailio's host's aliases (which calculates to true) but R-URI is "myself"<br><br></div>So I'm guessing we're expecting the challenge to come from elsewhere in cases like the example above? Or is there something else I'm missing here? Thanks!<br><br></div>BR,<br></div>George<br></div>
<br></div></div>______________________________<wbr>_________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi<wbr>-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/<wbr>cgi-bin/mailman/listinfo/sr-<wbr>users</a><br>
<br></blockquote></div><br></div>