Hello again,
Still getting familiar with kamailio, and I'm wondering about the AUTH
route in the example configuration file. Here's a reducted-simplified
version of it for reference (from git master, without IP AUTH and comments):
______________________________________________
route[AUTH] {
if (is_method("REGISTER") || from_uri==myself) {
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "0");
exit;
}
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
}
if (from_uri!=myself && uri!=myself) {
sl_send_reply("403","Not relaying");
exit;
}
return;
}
______________________________________________
So the way I see it, what happens is the following:
* All REGISTERs will be challenged
* All SIP messages with kamailio's aliases in the "From" header URI will be
challenged
* All SIP messages with no reference to kamailio's aliases in both R-URI
and "From" header URI will be dropped
The question is, what about messages that do not enter either of the two
conditionals? For example, I expect the following to be very common:
* Method: INVITE
* R-URI: myself
* From: username@"UAC's local IP address" (not myself)
* To: myself
So in the example above, the auth route will return without either having
challenged or dropped the request, am I correct? This is because:
* For the challenge: Method is not REGISTER and "From URI" is not one of
kamailio host's aliases (cumulatively)
* For dropping after sending 403: "From URI" is not one of kamailio's
host's aliases (which calculates to true) but R-URI is "myself"
So I'm guessing we're expecting the challenge to come from elsewhere in
cases like the example above? Or is there something else I'm missing here?
Thanks!
BR,
George