[sr-dev] topoh issues
Daniel-Constantin Mierla
miconda at gmail.com
Mon Jan 4 20:08:25 CET 2010
Hi Klaus,
On 1/4/10 7:53 PM, Klaus Darilion wrote:
> Hi Daniel!
>
> Thanks for topoh, a great module.
>
> 1. topology hiding is skipped for REGISTER and PUBLISH - why? For
> example I use Kamailio as an outbound proxy for our office as some
> kind of firewall and want to add topology hiding (to hide the details
> of our LAN). In this scenario it is also needed to mangle REGISTER and
> PUBLISH too.
>
> Are there any issues from implementation point of view which prevents
> mangling for REGISTER|PUBLISH?
I thought these messages are intended to terminate in the sip server,
not to be forwarded to insecure network. The plan is to make that filter
a module paraemter, but no time so far. I see no problem topoh-ing them
right now.
>
> I tried removing the method-check and it seems to work fine (at least
> for REGISTER with single Contact headers)
>
> Of course this brings in another problem - at the upstream server the
> registered Contact is now sip:10.1.1.2;line=sr-......
>
> It would be necessary to have the host part configurable, e.g. in my
> setup I would set it to the public IP address of the outbound proxy.
>
> Thus,
> str th_ip = {"10.1.1.2", 0};
> should be the default and there should be a module paramter to
> override it.
I forgot to make it a parameter, it is intended to be one -- i will fix.
>
> 2. the module uses a default value for encryption. IMO this is
> insecure. IMO, either the mask_key parameter should be mandatory or a
> random one should be generated at startup.
>
Could be made mandatory -- randomization will create issues after restart.
Thanks for feedback and testing,
Daniel
--
Daniel-Constantin Mierla
* http://www.asipto.com/
More information about the sr-dev
mailing list