Description
Kamailio's topoh and topos modules currently hide/strip certain SIP headers but do not mask IP addresses in the From, To, and Request-URI headers. This feature request proposes extending these modules to hide or replace IP addresses for improved privacy and security.
Expected behavior
When enabled, Kamailio should replace IPs in:
From header
To header
Request-URI
This should work without breaking SIP message integrity or routing.
Actual observed behavior
Currently, IP addresses in these headers remain visible, exposing topology information(172.16.100.88 in this example).
Request-Line: INVITE sip:9121001111@172.16.100.88 SIP/2.0
Message Header
Record-Route: <sip:10.14.17.83:5060;r2=on;lr;did=24f.c2e1>
Record-Route: <sip:127.0.0.8;line=sr-erOb.UMbIUMBIUMZIUpA.Z1TwVXL.rlT.rHP8mBTyxnLnAjOaG**>
Record-Route: <sip:127.0.0.8;line=sr-erOb.UMbIUMBIUMZIUpB.UNbyUuEeU1X7r5E741E8xODwd1B8Y5TyUN*>
Record-Route: <sip:127.0.0.8;line=sr-erOb.UMbIUMBIUMZIUpB.Z1TwVXL.rlT.rHP8mBTyxnLaUn3>
Record-Route: <sip:127.0.0.8;line=sr-erOb.UMbIUMBIUMZIUpT.UNbyUuEeU1X7r5E741E8xODwd1B8YfUaAul>
Record-Route: <sip:127.0.0.8;line=sr-erOb.UMbIUMBIUMZIUpT.UNbyUMEo4jt7Cyb7ZjBw-HceA9TaU3s7U9ceU9DhVGXaUHRIRaAamM*>
Record-Route: <sip:127.0.0.8;line=sr-erOb.UMbIUMBIUMZIUp5.UNbyUMEo4jt7Cyb7ZjBw-HceA9TaU3s7U9ceU9DhVGXaUHRIUyU8UM*>
Record-Route: <sip:127.0.0.8;line=sr-erOb.UMZaY5lyY5lamuL.mpEeU1X7r5E741E8xODwd1B8Y5Anrnl>
Via: SIP/2.0/UDP 10.14.17.83:5060;branch=z9hG4bKa514.f0b2dd496995e05c455b7c66f29e298a.0
Via: SIP/2.0/UDP 127.0.0.8;branch=z9hG4bKsr-NBOGIA1LaFXkHKupaduLadGLadeL.mGvyduram9TexXTomB3amnb.3H1wVHPoU9YeRKLnrpXzUO2HAHYSrM3adGLamyDaADZaUKt8m8UyAKUyUN5amGB8UKOarKDaAnBamnLau**
Via: SIP/2.0/UDP 127.0.0.8;branch=z9hG4bKsr-NBOGIA1LaFXkHKupaduLadGLadeL.m1vyduram9TexXTomB3amnb.rjTnVfUhm3v.Vt4yxjIndNlyFfY8mpfnUnT8daf8VjYaU6D.xkO8m6R8der8dyUaAnZaS5b.rDXab**
Via: SIP/2.0/UDP 127.0.0.8;branch=z9hG4bKsr-NBOGIA1LaFXNdKapaduLadGLadeL.mpvydurad9TexXTomBram1Z.m9YeRKLnrpXzUO2HAHYSrM3adGL8x8OyUeb.mD58mMZ8mjtnVNZax8R8dyU8dpByRNryVNLau**
Via: SIP/2.0/UDP 127.0.0.8;branch=z9hG4bKsr-NBOGIA1LaFXkHKupadDTIUMr.F5TaF55ym2raUMB.d9T8VyOh-8O8mBl.d1Ladn5IU1bIUpB.Zjb7ZjBwdnTadGf.rjTnVfUhm3v.Vt4yxjINxPUad6OydaTnrNryrNBadyD.mabyrHtameZaVNbnAjYab**
Max-Forwards: 66
From: <sip:9122001003@172.16.100.88>;tag=973f3044c163413fb5e7075113f96a7b
To: <sip:9121001111@172.16.100.88>
Contact: <sip:127.0.0.8;line=sr-erOb.UDlaU1bamMbamyuadDTIUMr.F5TaF55ym2raUMB.d9snp**>
Call-ID: !!:yrnlaAtYadHOnRyRymjOydpT.d1faVKUymkRamalnAu*
CSeq: 9661 INVITE
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Supported: replaces, 100rel, timer, norefersub
Session-Expires: 1800
Min-SE: 90
User-Agent: MicroSIP/3.21.5
Content-Type: application/sdp
Content-Length: 338
Message Body
Debugging Data
(paste your debugging data here)
Log Messages
(paste your log messages here)
SIP Traffic
(paste your sip traffic here)
Possible Solutions
- Introduce a new configuration parameter in topoh and topos that enables masking or encoding of IP addresses in From, To, and Request-URI.
- Ensure proper handling of subsequent SIP messages like ACK, BYE, and re-INVITE to maintain end-to-end communication.
Additional Information
- Kamailio Version - output of
kamailio -v
kamailio 6.0.0
- Operating System:
uname ubuntu:22.04
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Fr-Soltanzadeh created an issue