On Thursday 27 February 2014 18:06:13 Tony Turner wrote:
is it possible with Kamailio to have customers calls come in on a trusted IP and when they send calls we add a header with a [client id] which we can remove on the next ip switch upstream
So example
Call comes in from customer with IP: their trusted IP source xx.xx.xx.xx add header with their client ID
Offcourse this is possible. I do something similar to indicat to upstream sip servers the call is accounted for.
I store trusted IPs in the address table and check for INVITES from those IPs. If one matches I make a lookup in the usr_preferences table to figure out what client it is for:
route[AUTHENTICATE] { if(!is_method("REGISTER") && allow_address("3", "$si", "$sp") && $proto=="tcp") { if(!avp_db_query("select username from usr_preferences where attribute='ip_authentication' and (value='$si:$sp' or value like '$si:%') order by length(value) limit 1")) { sl_send_reply("403", "Not Allowed"); exit; }
$avp(au)=$avp(i:1); } else { #normal authentication ...
append_hf() to append a header. Be sure to remove the header from all incoming requests first (remove_hf()).
BTW this is insecure for udp traffic. If someone is able to spoof source adresses this might be abused, hence the tcp only condition.