[Serusers] What is the status of this open relay issue that Jan, Maxim, and Juha discuessed on 2003-10-23?
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Jun 30 11:11:32 CEST 2005
Zeus Ng wrote:
> See inline.
>
>
>>
>>Hello there
>>
>>Zeus Ng wrote:
>>
>>>Yes, you just replace that one. Alternatively, if you don't want to
>>>load the domain module, you can try from_uri.
>>>
>>> if (!uri == myself) {
>>> if (from_uri == myself) {
>>> t_relay();
>>> break;
>>> } else {
>>> sl_send_reply("403", "Relaying not allowed");
>>
>>please forgive my ignorance but shouldn't a "break" be included here?
>
>
>
> Yes, you are right.
>
>
>>> }
>>> }
>>
>>another related doubt: shouldn't one protect the statements
>>bellow, too?
>>
>> # loose-route processing
>> if (loose_route()) {
>> # mark routing logic in request
>> append_hf("P-hint: rr-enforced\r\n");
>> t_relay();
>> break;
>> };
>
>
> Logically, you should protect it as well. However, the way loose route was
> constructed make it difficult to check uri. The best way is only allow in
> dialogue INVITE with to tag.
for example: A calls B. B forwards the call to C. If C sends the BYE,
this will be loose route, but the From: header contains domain B, the
To: header contains domain A, and the domin in the request URI contains
the IP address of A. Thus, if you will check for domain C it will fail.
>
> if (loose_route()) {
> if (method == "INVITE") {
> if (!has_totag()) { # can't remember the syntax
> sl_send_reply("403", "Cannot use this proxy as outbound
> proxy!");
> break;
> };
> }
> t_relay();
> break;
> };
>
> You can do checking on other requests (MESSAGE, INFO, OPTIONS ...) here as
> well.
I check all loose_route messages if they have a to-tag:
if (loose_route()) {
if (!has_totag()) { # can't remember the syntax
sl_send_reply("403", "Cannot use this proxy as outbound proxy!");
break;
};
t_relay();
break;
};
regards,
klaus
More information about the sr-users
mailing list