On Thursday 27 February 2014 18:06:13 Tony Turner wrote:
is it possible with Kamailio to have customers calls
come in on a trusted
IP and when they send calls we add a header with a [client id] which we
can remove on the next ip switch upstream
So example
Call comes in from customer with IP:
their trusted IP source xx.xx.xx.xx
add header with their client ID
Offcourse this is possible. I do something similar to indicat to upstream sip
servers the call is accounted for.
I store trusted IPs in the address table and check for INVITES from those IPs.
If one matches I make a lookup in the usr_preferences table to figure out what
client it is for:
route[AUTHENTICATE]
{
if(!is_method("REGISTER") && allow_address("3",
"$si", "$sp") &&
$proto=="tcp")
{
if(!avp_db_query("select username from usr_preferences where
attribute='ip_authentication' and (value='$si:$sp' or value like
'$si:%')
order by length(value) limit 1"))
{
sl_send_reply("403", "Not Allowed");
exit;
}
$avp(au)=$avp(i:1);
}
else
{
#normal authentication
...
append_hf() to append a header. Be sure to remove the header from all incoming
requests first (remove_hf()).
BTW this is insecure for udp traffic. If someone is able to spoof source
adresses this might be abused, hence the tcp only condition.
--
POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/ -
http://www.sipo.nl/
K.v.K. Eindhoven 17097024