Hi All,
After reading default kamailio configuration i can't understand why does kamailio remove preloaded route headers from the incoming initial INVITE before calling record_route().
remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) record_route();
What will happen if an INVITE comes from another SIP proxy which wants to stay in the middle of the dialogue ?
For example, during Re-INVITE UA from our local site will construct in-dialog INVITE with R-URI taken from the remote contact and send it to our local proxy according to RR. Local proxy will process it in route[WITHNDLG] where loose_route() function will remove top most RR header because it points to us and since there is no more RR records forward the request to a destination from the R-URI. As i understand in that case remote proxy will not receive any in-dialog requests from us.
On 25.06.2012 14:44, Vitaliy Aleksandrov wrote:
Hi All,
After reading default kamailio configuration i can't understand why does kamailio remove preloaded route headers from the incoming initial INVITE before calling record_route().
remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) record_route();
Pre-loaded route sets can be used to abuse the proxy as an open relay. This is bad. If a request hits my proxy, then I want to define how the message is routed, and I do not want to route the message like somebody else wants it.
What will happen if an INVITE comes from another SIP proxy which wants to stay in the middle of the dialogue ?
Only "Route" headers are removed, not "Record-Route" headers which create the route-set.
For example, during Re-INVITE UA from our local site will construct in-dialog INVITE with R-URI taken from the remote contact and send it to our local proxy according to RR. Local proxy will process it in route[WITHNDLG] where loose_route() function will remove top most RR header because it points to us and since there is no more RR records forward the request to a destination from the R-URI. As i understand in that case remote proxy will not receive any in-dialog requests from us.
Sure it does. As only the pre-loaded route is remove, not the Record-Route headers. Thus, the in-dialog route set is not affected, only the out-of-dialog route set (pre-loaded) is manipulated.
regards Klaus
I have lost in Route and Record-Route headers. But now it's clear for me. Huge thanks.
On 25.06.2012 14:44, Vitaliy Aleksandrov wrote:
Hi All,
After reading default kamailio configuration i can't understand why does kamailio remove preloaded route headers from the incoming initial INVITE before calling record_route().
remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) record_route();
Pre-loaded route sets can be used to abuse the proxy as an open relay. This is bad. If a request hits my proxy, then I want to define how the message is routed, and I do not want to route the message like somebody else wants it.
What will happen if an INVITE comes from another SIP proxy which wants to stay in the middle of the dialogue ?
Only "Route" headers are removed, not "Record-Route" headers which create the route-set.
For example, during Re-INVITE UA from our local site will construct in-dialog INVITE with R-URI taken from the remote contact and send it to our local proxy according to RR. Local proxy will process it in route[WITHNDLG] where loose_route() function will remove top most RR header because it points to us and since there is no more RR records forward the request to a destination from the R-URI. As i understand in that case remote proxy will not receive any in-dialog requests from us.
Sure it does. As only the pre-loaded route is remove, not the Record-Route headers. Thus, the in-dialog route set is not affected, only the out-of-dialog route set (pre-loaded) is manipulated.
regards Klaus
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Record-Route is added by proxies to requests creating dialogs to require that the requests within the dialog will be sent through them. There Record-Route headers become Route in within dialog requests. In other words, Route forces next hop address and can be dangerous from security point of view if not trusted, Record-Route is just to carry some addresses for later usage, no immediate impact in routing of that request.
Cheers, Daniel
On 6/26/12 3:15 PM, Vitaliy Aleksandrov wrote:
I have lost in Route and Record-Route headers. But now it's clear for me. Huge thanks.
On 25.06.2012 14:44, Vitaliy Aleksandrov wrote:
Hi All,
After reading default kamailio configuration i can't understand why does kamailio remove preloaded route headers from the incoming initial INVITE before calling record_route().
remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) record_route();
Pre-loaded route sets can be used to abuse the proxy as an open relay. This is bad. If a request hits my proxy, then I want to define how the message is routed, and I do not want to route the message like somebody else wants it.
What will happen if an INVITE comes from another SIP proxy which wants to stay in the middle of the dialogue ?
Only "Route" headers are removed, not "Record-Route" headers which create the route-set.
For example, during Re-INVITE UA from our local site will construct in-dialog INVITE with R-URI taken from the remote contact and send it to our local proxy according to RR. Local proxy will process it in route[WITHNDLG] where loose_route() function will remove top most RR header because it points to us and since there is no more RR records forward the request to a destination from the R-URI. As i understand in that case remote proxy will not receive any in-dialog requests from us.
Sure it does. As only the pre-loaded route is remove, not the Record-Route headers. Thus, the in-dialog route set is not affected, only the out-of-dialog route set (pre-loaded) is manipulated.
regards Klaus
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Klaus Darilion -
Vitaliy Aleksandrov