[sr-dev] git:master: Fix: We trust the IP in the media for calls from the network to the user
admin at sip-router.org
admin at sip-router.org
Wed Jan 30 12:18:38 CET 2013
Module: sip-router
Branch: master
Commit: 147430e2f5849996fcfff4933795ef212fdfb83a
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=147430e2f5849996fcfff4933795ef212fdfb83a
Author: Carsten Bock <carsten at ng-voice.com>
Committer: Carsten Bock <carsten at ng-voice.com>
Date: Wed Jan 30 12:17:50 2013 +0100
Fix: We trust the IP in the media for calls from the network to the user
Fix: Rx-Configuration updates
---
examples/pcscf/kamailio.cfg | 161 ++++++++++++++++++++++++++++++-------------
1 files changed, 113 insertions(+), 48 deletions(-)
diff --git a/examples/pcscf/kamailio.cfg b/examples/pcscf/kamailio.cfg
index f573733..8daf8b1 100644
--- a/examples/pcscf/kamailio.cfg
+++ b/examples/pcscf/kamailio.cfg
@@ -234,7 +234,7 @@ modparam("ims_usrloc_pcscf", "enable_debug_file", 0)
# -- CDP params --
modparam("cdp","config_file","/etc/kamailio/pcscf.xml")
# -- diameter_rx params --
-modparam("ims_qos", "rx_dest_realm", NETWORKNAME)
+modparam("ims_qos", "rx_dest_realm", "NETWORKNAME")
#!endif
# -- dialog_ng params --
@@ -261,8 +261,7 @@ modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
# ----------------- Settings for Dispatcher ---------------
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
# Actively query the gateways:
-modparam("dispatcher", "ds_probing_mode", 0)
-
+modparam("dispatcher", "ds_probing_mode", 1)
#!endif
#!ifdef WITH_XMLRPC
@@ -537,22 +536,43 @@ route[RTPPROXY_ORIG] {
# I = IPv4
# E = IPv6
if(isflagset(FLT_IPV4)) {
- if (is_request())
- rtpproxy_manage("1FOX");
- else
- rtpproxy_manage("2FOX");
+ if (is_request()) {
+ if (is_direction("downstream"))
+ rtpproxy_manage("1FOX");
+ else
+ rtpproxy_manage("1FOXR");
+ } else {
+ if (is_direction("downstream"))
+ rtpproxy_manage("2FOXR");
+ else
+ rtpproxy_manage("2FOX");
+ }
} else {
- if (is_request())
- rtpproxy_manage("1FOEE");
- else
- rtpproxy_manage("2FOEE");
+ if (is_request()) {
+ if (is_direction("downstream"))
+ rtpproxy_manage("1FOEE");
+ else
+ rtpproxy_manage("1FOEER");
+ } else {
+ if (is_direction("downstream"))
+ rtpproxy_manage("2FOEER");
+ else
+ rtpproxy_manage("2FOEE");
+ }
}
#!else
# No Bridging
- if (is_request())
- rtpproxy_manage("1FOII");
- else
- rtpproxy_manage("2FOII");
+ if (is_request()) {
+ if (is_direction("downstream"))
+ rtpproxy_manage("1FOII");
+ else
+ rtpproxy_manage("1FOIIR");
+ } else {
+ if (is_direction("downstream"))
+ rtpproxy_manage("2FOIIR");
+ else
+ rtpproxy_manage("2FOII");
+ }
#!endif
#!ifndef FORCE_RTPRELAY
@@ -566,7 +586,7 @@ route[RTPPROXY_ORIG] {
}
}
#!endif
-#!ifdef WITH MOH
+#!ifdef WITH_MOH
if (is_request()) {
if (is_method("INVITE")) {
if (search_body("^a=sendonly")) {
@@ -616,22 +636,43 @@ route[RTPPROXY_TERM] {
# E = IPv6
if(isflagset(FLT_IPV4)) {
# xlog("L_ERR", "IPv6-to-4 Bridge\n");
- if (is_request())
- rtpproxy_manage("1FOX");
- else
- rtpproxy_manage("2FOX");
+ if (is_request()) {
+ if (is_direction("downstream"))
+ rtpproxy_manage("1FOXR");
+ else
+ rtpproxy_manage("1FOX");
+ } else {
+ if (is_direction("downstream"))
+ rtpproxy_manage("2FOX");
+ else
+ rtpproxy_manage("2FOXR");
+ }
} else {
- if (is_request())
- rtpproxy_manage("1FOEE");
- else
- rtpproxy_manage("2FOEE");
+ if (is_request()) {
+ if (is_direction("downstream"))
+ rtpproxy_manage("1FOEER");
+ else
+ rtpproxy_manage("1FOEE");
+ } else {
+ if (is_direction("downstream"))
+ rtpproxy_manage("2FOEE");
+ else
+ rtpproxy_manage("2FOEER");
+ }
}
#!else
# No Bridging
- if (is_request())
- rtpproxy_manage("1FOII");
- else
- rtpproxy_manage("2FORII");
+ if (is_request()) {
+ if (is_direction("downstream"))
+ rtpproxy_manage("1FOIIR");
+ else
+ rtpproxy_manage("1FOII");
+ } else {
+ if (is_direction("downstream"))
+ rtpproxy_manage("2FORII");
+ else
+ rtpproxy_manage("2FORIIR");
+ }
#!endif
#!ifndef FORCE_RTPRELAY
@@ -645,7 +686,7 @@ route[RTPPROXY_TERM] {
}
}
#!endif
-#!ifdef WITH MOH
+#!ifdef WITH_MOH
if (is_request()) {
if (is_method("INVITE")) {
if (search_body("^a=sendonly")) {
@@ -659,7 +700,7 @@ route[RTPPROXY_TERM] {
if (is_reply()) {
fix_contact();
-#!ifdef WITH MOH
+#!ifdef WITH_MOH
if (status=="200") {
if (search_body("^a=sendonly")) {
rtpproxy_stream2uac("/etc/kamailio/moh/moh.sln16", "-1");
@@ -677,6 +718,19 @@ route[RTPPROXY_TERM] {
# Route for handling Registrations:
######################################################################
route[REGISTER] {
+#!ifdef WITH_RX
+ xlog("L_DBG","Subscribing to signalling bearer status\n");
+ Rx_AAR_Register("location");
+ switch ($avp(s:aar_return_code)) {
+ case 1:
+ xlog("L_DBG", "Diameter: AAR success on subscription to signalling\n");
+ break;
+ default:
+ xlog("L_ERR", "Diameter: AAR failed on subscription to signalling\n");
+ send_reply("403", "Can't register to QoS for signalling");
+ exit;
+ }
+#!endif
#!ifdef WITH_NAT
if (isflagset(FLT_NAT) || isflagset(FLT_IPV4)) {
if (isflagset(FLT_IPV4))
@@ -717,14 +771,6 @@ route[REGISTER] {
onreply_route[REGISTER_reply]
{
if (t_check_status("200")) {
-#!ifdef WITH_RX
- xlog("L_DBG","Subscribing to signalling bearer status\n");
- if (!Rx_AAR_Register("location")) {
- xlog("L_ERR", "Diameter: AAR failed on subscription to signalling\n");
- } else {
- xlog("L_DBG", "Diameter: AAR success on subscription to signalling\n");
- }
-#!endif
xlog("L_DBG","Saving location\n");
pcscf_save("location");
}
@@ -762,6 +808,16 @@ route[Orig_Initial]
pcscf_force_service_routes("location");
}
+#!ifdef WITH_RX
+ xlog("L_DBG","Diameter: Orig authorizing media via Rx\n");
+ Rx_AAR("location");
+ if ($avp(s:aar_return_code) != 1) {
+ xlog("L_ERR", "Diameter: AAR failed\n");
+ send_reply("403", "QoS not authorized");
+ exit;
+ }
+#!endif
+
#prepend mo as user for record route
$avp(RR_CUSTOM_USER_AVP)="mo";
record_route();
@@ -795,26 +851,25 @@ route[Orig_Initial]
onreply_route[Orig_Initial_reply]
{
xlog("L_DBG", "route(RTPIMS: INSIDE ORIG_INITIAL_REPLY\n");
- if (t_check_status("183")){
#!ifdef WITH_RX
+ if (t_check_status("180|183|200")){
xlog("L_DBG","Diameter: Orig authorizing media via Rx\n");
- if (!Rx_AAR("orig")) {
+ Rx_AAR("orig");
+ if ($avp(s:aar_return_code) != 1) {
xlog("L_ERR", "IMS: AAR failed Orig\n");
dlg_terminate("all", "Sorry no QoS available");
} else {
xlog("L_DBG", "Diameter: Orig AAR success on media authorization\n");
}
-#!endif
xlog("L_DBG", "IMS: Received 183/200 inside orig_initial_reply\n");
}
+#!endif
# Note: We only do the RTP-Update for the successful case,
# the others simply time-out (if we would do otherwise, RTP-Relaying
# would fail for forked requests)
- # if (t_check_status("180|183|200") && has_body("application/sdp")) {
- #if (t_check_status("180|183|200")) {
- # Do RTP-Relaying, if necessary:
- route(RTPPROXY_ORIG);
- #}
+
+ # Do RTP-Relaying, if necessary:
+ route(RTPPROXY_ORIG);
}
######################################################################
@@ -942,6 +997,16 @@ route[Term_Initial]
t_on_reply("Term_Initial_reply");
t_on_failure("Term_Initial_failure");
+
+#!ifdef WITH_RX
+ xlog("L_DBG","Diameter: Orig authorizing media via Rx\n");
+ Rx_AAR("location");
+ if ($avp(s:aar_return_code) != 1) {
+ xlog("L_ERR", "Diameter: AAR failed\n");
+ send_reply("403", "QoS not authorized");
+ exit;
+ }
+#!endif
# Do RTP-Relaying, if necessary:
route(RTPPROXY_TERM);
@@ -958,8 +1023,8 @@ route[Term_Initial]
######################################################################
onreply_route[Term_Initial_reply]
{
- if (t_check_status("183")){
#!ifdef WITH_RX
+ if (t_check_status("180|183|200")){
xlog("L_DBG","Diameter Term authorizing media via Rx\n");
if (!Rx_AAR("term")) {
xlog("L_ERR", "IMS: AAR failed Term\n");
@@ -967,9 +1032,9 @@ onreply_route[Term_Initial_reply]
} else {
xlog("L_DBG", "Diameter: Term AAR success on media authorization\n");
}
-#!endif
xlog("L_DBG", "IMS: SENDING EARLY BYE\n");
}
+#!endif
# Do RTP-Relaying, if necessary:
route(RTPPROXY_TERM);
More information about the sr-dev
mailing list