[Serusers] What is the status of this open relay issue that Jan, Maxim, and Juha discuessed on 2003-10-23?

Zeus Ng zeus.ng at isquare.com.au
Thu Jun 30 08:25:54 CEST 2005


See inline.

> 
> 
> Hello there
> 
> Zeus Ng wrote:
> > Yes, you just replace that one. Alternatively, if you don't want to 
> > load the domain module, you can try from_uri.
> > 
> >  if (!uri == myself) {
> >     if (from_uri == myself) {
> >         t_relay();
> >         break;
> >     } else {
> >         sl_send_reply("403", "Relaying not allowed");
> 
> please forgive my ignorance but shouldn't a "break" be included here?


Yes, you are right.

> 
> >     }
> >   }
> 
> another related doubt: shouldn't one protect the statements 
> bellow, too?
> 
>    # loose-route processing
>    if (loose_route()) {
>      # mark routing logic in request
>      append_hf("P-hint: rr-enforced\r\n");
>      t_relay();
>      break;
>    };

Logically, you should protect it as well. However, the way loose route was
constructed make it difficult to check uri. The best way is only allow in
dialogue INVITE with to tag.

   if (loose_route())  {
       if (method == "INVITE") {
          if (!has_totag()) {   # can't remember the syntax
            sl_send_reply("403", "Cannot use this proxy as outbound
proxy!");
            break;
          };
        }
        t_relay();
        break;
    };

You can do checking on other requests (MESSAGE, INFO, OPTIONS ...) here as
well.





More information about the sr-users mailing list