IƱaki Baz Castillo wrote:
Hi, I want to mantain independent domains in OpenSer.
In my case I've a
OpenSer with a single DNS A record and various CNAME (I still don't want to
play with SRV and so).
so:
DNS A =
openser.domain.org
CNAME =
sip1.domain.org
CNAME =
sip2.domain.org
And I want users of
sip1.domain.org and
sip2.domain.org, as independent
groups.
I just want to avoid SIP interdomain messages, so 200(a)sip1.domain.org CAN'T
invite 300(a)sip2.domain.org even if he does authentication.
I've loaded "domain" module and use "is_uri_host_local()"
and "is_from_local()" functions, but for now I only used one domain.
My question is very general: for implement (or avoid) interdomain
comunication, do I need to use the "domainpolicy" [1] module?
no
I've read its
doc and know it's based in 3 drafts [2][3][4], but all of them seems to be
based in the complex NAPTR record and so. Is it the way?
if you only want to prevent calls from sip1 to sip2 just compare the
from domain with the domain in the ruri
if ( $rd != $fd) {
sl_send_reply("403","forbidden");
exit;
}
I think I could just compare the FROM domain with the TO domain in order to
avoid interdomain communication, but of course I'd like in the future the
possiblity of allowing some domains to contact some other domains. Is
then "domainpolicy" the solution I should learn?
no. it would be easier to just put all the allowed domains into a table:
A | B
---------------
sip1 | sip2
sip1 | sip3
sip5 | sip6
the code would be somehow like this (from the logic . I do not know the
exact syntax by heart):
if ( $rd != $fd) {
# lookup table with raw_query from avp_ops module:
... SELECT count(*) from table WHERE ($rd=A and $fd=B) OR ($rd=B and
$fd=A);
if count == 0 {
sl_send_reply("403","forbidden");
exit;
}
}
regards
klaus