[sr-dev] topoh issues

Daniel-Constantin Mierla miconda at gmail.com
Mon Jan 4 20:08:25 CET 2010


Hi Klaus,

On 1/4/10 7:53 PM, Klaus Darilion wrote:
> Hi Daniel!
>
> Thanks for topoh, a great module.
>
> 1. topology hiding is skipped for REGISTER and PUBLISH - why? For 
> example I use Kamailio as an outbound proxy for our office as some 
> kind of firewall and want to add topology hiding (to hide the details 
> of our LAN). In this scenario it is also needed to mangle REGISTER and 
> PUBLISH too.
>
> Are there any issues from implementation point of view which prevents 
> mangling for REGISTER|PUBLISH?
I thought these messages are intended to terminate in the sip server, 
not to be forwarded to insecure network. The plan is to make that filter 
a module paraemter, but no time so far. I see no problem topoh-ing them 
right now.

>
> I tried removing the method-check and it seems to work fine (at least 
> for REGISTER with single Contact headers)
>
> Of course this brings in another problem - at the upstream server the 
> registered Contact is now sip:10.1.1.2;line=sr-......
>
> It would be necessary to have the host part configurable, e.g. in my 
> setup I would set it to the public IP address of the outbound proxy.
>
> Thus,
>    str th_ip = {"10.1.1.2", 0};
> should be the default and there should be a module paramter to 
> override it.

I forgot to make it a parameter, it is intended to be one -- i will fix.

>
> 2. the module uses a default value for encryption. IMO this is 
> insecure. IMO, either the mask_key parameter should be mandatory or a 
> random one should be generated at startup.
>

Could be made mandatory -- randomization will create issues after restart.

Thanks for feedback and testing,
Daniel

-- 
Daniel-Constantin Mierla
* http://www.asipto.com/




More information about the sr-dev mailing list