[OpenSER-Users] Multidomain support

Iñaki Baz Castillo ibc at in.ilimit.es
Mon Jul 23 18:44:08 CEST 2007


El Monday 23 July 2007 17:50:58 Klaus Darilion escribió:
> Iñaki Baz Castillo wrote:
> > Hi, I want to mantain independent domains in OpenSer. In my case I've a
> > OpenSer with a single DNS A record and various CNAME (I still don't want
> > to play with SRV and so).
> >
> > so:
> >
> >   DNS A = openser.domain.org
> >   CNAME = sip1.domain.org
> >   CNAME = sip2.domain.org
> >
> >
> > And I want users of sip1.domain.org and sip2.domain.org, as independent
> > groups.
> >
> > I just want to avoid SIP interdomain messages, so 200 at sip1.domain.org
> > CAN'T invite 300 at sip2.domain.org even if he does authentication.
> >
> > I've loaded "domain" module and use "is_uri_host_local()"
> > and "is_from_local()" functions, but for now I only used one domain.
> >
> > My question is very general: for implement (or avoid) interdomain
> > comunication, do I need to use the "domainpolicy" [1] module?
>
> no
>
>  > I've read its
> >
> > doc and know it's based in 3 drafts [2][3][4], but all of them seems to
> > be based in the complex NAPTR record and so. Is it the way?
>
> if you only want to prevent calls from sip1 to sip2 just compare the
> from domain with the domain in the ruri
>
> if ( $rd != $fd) {
>    sl_send_reply("403","forbidden");
>    exit;
> }
>
> > I think I could just compare the FROM domain with the TO domain in order
> > to avoid interdomain communication, but of course I'd like in the future
> > the possiblity of allowing some domains to contact some other domains. Is
> > then "domainpolicy" the solution I should learn?
>
> no. it would be easier to just put all the allowed domains into a table:
>
> A     |    B
> ---------------
> sip1  |  sip2
> sip1  |  sip3
> sip5  |  sip6
>
>
> the code would be somehow like this (from the logic . I do not know the
> exact syntax by heart):
>
> if ( $rd != $fd) {
>    # lookup table with raw_query from avp_ops module:
>    ... SELECT count(*) from table WHERE ($rd=A and $fd=B) OR ($rd=B and
> $fd=A);
>
>    if count == 0 {
>      sl_send_reply("403","forbidden");
>      exit;
>    }
> }


Ok, very clear. Thanks a lot.

Regards.




-- 
Iñaki Baz Castillo
ibc at in.ilimit.es




More information about the sr-users mailing list