[Serusers] Anonymization/uac-module questions

Klaus Darilion klaus.mailinglists at pernau.at
Fri Mar 18 10:36:10 CET 2005 

Andreas Granig wrote:

> Hi all,
> 
> First of all two common anonymization questions:
> 
> Is it save for anonymization to alter the Contact-Header in SER if 
> record_route() is used to strip the username/IP? If not, how do you 
> accomplish this correctly?

This is bad as the callee doesn't know anymore where to send other 
requests (e.g. BYE).
> 
> And is there a way to modify the SDP body to change the o-Field to 
> change/remove the IP of the owner/creator?

subst()

IMO you can't get real anonymity without a B2B UA.
   if(is_user_in("From", "clir")) {
	t_relay to asterisk box which strips IDs
   }

regards,
klaus

> Then an uac issue:
> 
> The uac module (backported to ser-0.9 with "MANUAL RESTORE" mode) works 
> well for me in this scenario:
> 
> The group "clir" indicates anonymization, and the config looks like this:
> 
> modparam("uac", "from_restore_mode", 2)
> route {
>   # ...
>   if(is_user_in("From", "clir")) {
>     setflag(7);
>     uac_replace_from("Anonymous", "sip:anonymous at my.domain");
>   }
>   t_on_reply("1");
>   t_relay();
> }
> 
> onreply_route[1] {
>   if(isflagset(7))
>     uac_restore_from();
> }
> 
> When A calls B and A is in group "clir", the From-Header sent to B is 
> anonymized, and responses to A are restored correctly.
> 
> But when B hangs up, the UAC of B (Cisco-ATA186 or Mediatrix 2102) 
> changes From and To in the BYE message, so A receives the anonymized 
> From-Header as To-Header.
> 
> This is because uac_restore_from() only restores the From-Header (as the 
> name of the function says ;o) ), not the To-Header if there is a 
> vsf-Parameter available. This isn't correct behaviour, is it?
> 
> Also the Cisco-ATA strips off the vsf-Parameter in the BYE-Message so it 
> isn't available anyhow, but this seems to be a Cisco-Bug!?
> 
> 
> Any Comments/Ideas?
> 
> Andy
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list