[sr-dev] topoh issues

Klaus Darilion klaus.mailinglists at pernau.at
Mon Jan 4 23:39:09 CET 2010



On 04.01.2010 20:08, Daniel-Constantin Mierla wrote:
> Hi Klaus,
>
> On 1/4/10 7:53 PM, Klaus Darilion wrote:
>> Hi Daniel!
>>
>> Thanks for topoh, a great module.
>>
>> 1. topology hiding is skipped for REGISTER and PUBLISH - why? For
>> example I use Kamailio as an outbound proxy for our office as some
>> kind of firewall and want to add topology hiding (to hide the details
>> of our LAN). In this scenario it is also needed to mangle REGISTER and
>> PUBLISH too.
>>
>> Are there any issues from implementation point of view which prevents
>> mangling for REGISTER|PUBLISH?
> I thought these messages are intended to terminate in the sip server,
> not to be forwarded to insecure network. The plan is to make that filter
> a module paraemter, but no time so far. I see no problem topoh-ing them
> right now.

What about Contact URI encoding/decoding? Does topoh parse all Contact 
headers and looks for URIs to encode? (e.g. in 200 OK response).

regards
klaus

>
>>
>> I tried removing the method-check and it seems to work fine (at least
>> for REGISTER with single Contact headers)
>>
>> Of course this brings in another problem - at the upstream server the
>> registered Contact is now sip:10.1.1.2;line=sr-......
>>
>> It would be necessary to have the host part configurable, e.g. in my
>> setup I would set it to the public IP address of the outbound proxy.
>>
>> Thus,
>> str th_ip = {"10.1.1.2", 0};
>> should be the default and there should be a module paramter to
>> override it.
>
> I forgot to make it a parameter, it is intended to be one -- i will fix.
>
>>
>> 2. the module uses a default value for encryption. IMO this is
>> insecure. IMO, either the mask_key parameter should be mandatory or a
>> random one should be generated at startup.
>>
>
> Could be made mandatory -- randomization will create issues after restart.
>
> Thanks for feedback and testing,
> Daniel
>



More information about the sr-dev mailing list