<div dir="ltr">Hello all!<div><br></div><div>I'm using Kamailio 5.1.0 on my testing machine. Configuration includes slightly modified AUTH route from <a href="http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb">http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb</a></div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div>route[AUTH] {</div></div><div><div> xlog("L_DBG", "== TRACE. AUTH\n");</div></div><div><div><br></div></div><div><div> # if caller is not local subscriber, then check if it calls</div></div><div><div> # a local destination, otherwise deny, not an open relay here</div></div><div><div> if (from_uri!=myself && uri!=myself) {</div></div><div><div> xlog("L_DBG", "== TRACE. AUTH. Not relaying. Exiting.\n");</div></div><div><div> sl_send_reply("403","Not relaying");</div></div><div><div> exit;</div></div><div><div> }</div></div><div><div><br></div></div><div><div> if(isflagset(TRUSTEDIP)) {</div></div><div><div> xlog("== TRACE. AUTH. TRUSTEDIP. Returning.\n");</div></div><div><div> return;</div></div><div><div> }</div></div><div><div><br></div></div><div><div> if (is_method("REGISTER") || from_uri==myself) {</div></div><div><div> xlog("L_DBG", "== TRACE. AUTH. Method REGISTER\n");</div></div><div><div> # authenticate requests</div></div><div><div> if (!auth_check("$fd", "sipusers", "1")) {</div></div><div><div> auth_challenge("$fd", "0");</div></div><div><div> xlog("L_DBG", "== TRACE. AUTH. Exiting.\n");</div></div><div><div> exit;</div></div><div><div> }</div></div><div><div> # user authenticated - remove auth header</div></div><div><div> if(!is_method("REGISTER|PUBLISH")) {</div></div><div><div> xlog("L_DBG", "== TRACE. AUTH. Method is not REGISTER|PUBLISH\n");</div></div><div><div> consume_credentials();</div></div><div><div> }</div></div><div><div> }</div></div><div><div><br></div></div><div><div> xlog("L_DBG", "== TRACE. AUTH. Returning.\n");</div></div><div><div> return;</div></div><div><div>}</div></div><div><br></div></blockquote>I opened port UDP/5060 to everyone today and started receiving some SIP requests. Most INVITEs were stopped by <span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><b>auth_challenge</b> but then I received this one:</span><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><span style="text-align:start;text-indent:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><div>2018/04/11 16:32:44.385689 <a href="http://38.91.106.211:5069">38.91.106.211:5069</a> ->
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">172.16.30.205</span>:5060</div></span></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><span style="text-align:start;text-indent:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><div>INVITE sip:100@<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">MY_PUB_IP_ADDRESS</span>
SIP/2.0</div><div>v: SIP/2.0/UDP 38.91.106.211:5060;branch=z9hG4bK-929181129;rport</div><div>Content-Length: 0</div><div>f: "pbx"<<a href="mailto:sip%3A100@1.1.1.1">sip:100@1.1.1.1</a>>;tag=3535306165633930313363340131373533363938373235</div><div>i: 757925348661465531074812</div><div>m: <a href="http://sip:100@38.91.106.211:5069">sip:100@38.91.106.211:5069</a></div><div>Accept: application/sdp</div><div>CSeq: 1 INVITE</div><div>t: "pbx"<<a href="mailto:sip%3A100@1.1.1.1">sip:100@1.1.1.1</a>></div><div>Max-Forwards: 70</div><div><br></div></span></div></blockquote>... and it came through AUTH route. Below are two fragments of Kamailio log:<div><br></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: == TRACE. INVITE From: <a href="mailto:sip%3A100@1.1.1.1">sip:100@1.1.1.1</a> (IP:<a href="http://38.91.106.211:5069">38.91.106.211:5069</a>)</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: == TRACE. To: <a href="mailto:sip%3A100@1.1.1.1">sip:100@1.1.1.1</a></div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: pv [pv_core.c:1286]: pv_get_dsturi(): no destination URI</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: == TRACE. Destination URI : <null></div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: == TRACE. SIP Request header : sip:100@<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">MY_PUB_IP_ADDRESS</span>
</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/parser/msg_parser.c:89]: get_hdr_field(): found end of header</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: pv [pv_core.c:966]: pv_get_useragent(): no User-Agent header</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: == TRACE. User Agent header : <null></div></div><div>****************************************************************************************************</div><div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: == TRACE. request_route ==> AUTH</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: == TRACE. AUTH</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 && [1.1.1.1] == [127.0.0.1]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 5060 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==13 && [1.1.1.1] == [172.16.30.205]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 5060 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 && [1.1.1.1] == [127.0.0.1]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 8088 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/forward.c:412]: check_self(): host != me</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 && [1.1.1.1] == [127.0.0.1]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 5060 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==13 && [1.1.1.1] == [172.16.30.205]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 5060 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 && [1.1.1.1] == [127.0.0.1]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 8088 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/forward.c:412]: check_self(): host != me</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==9 && [
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">MY_PUB_IP_ADDRESS</span>
] == [127.0.0.1]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 5060 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==13 && [
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">MY_PUB_IP_ADDRESS</span>
] == [172.16.30.205]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 5060 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==9 && [
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">MY_PUB_IP_ADDRESS</span>
] == [127.0.0.1]</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core> [core/socket_info.c:567]: grep_sock_info(): checking if port 8088 (advertise 0) matches port 5060</div><div>Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: == TRACE. AUTH. Returning.</div></div><div><br></div></blockquote>As you can see all tests failed to catch this INVITE request and Kamailio continued processing it. And I'm now wondering what would be the best way to identify such packet.</div><div><br></div><div>Thanks.</div></div>