[sr-dev] LCR: defunct_gw() is dangerous

Juha Heinanen jh at tutpro.com
Wed Dec 28 15:05:29 CET 2011


Iñaki Baz Castillo writes:

> An ugly client sends us a request with a malformed P-Asserted-Identity
> as follows:
> 
>   P-Asserted-Identity(sip at domain.com
> 
> Note that it's an *invalid* header. But Kamailio "allows" it and the
> request arrives to the GW. But the GW drops the request due to the
> malformed header so it sends NO reply at all. Then timeout occurs in
> the client transaction and failure_route block is called in which I
> call to defunct_gw().

check the headers you are forwarding to your gws.  also, you can count
the number of failures yourself by using htable, for example, and not
defunct your gw based on the first failure.  further, you could define a
timed route, and based on the htable, ping your gws.

> Conclusion: an attacker could dissable my gws just by sending a simple
> malformed request. I strongly miss the monitorization feature in the
> old LCR module.

my conclusion is as it was before:  keep lcr module simple and do
monitoring separately.  it might be possible to include a mi command to
manage defunct time of a gw, but i'm not sure about it, because
currently the tables may not include enough info to pinpoint a
particular gw.

-- juha



More information about the sr-dev mailing list