[SR-Users] Default AUTH route potential issue?

Володимир Іванець volodyaivanets at gmail.com
Wed Apr 11 17:15:54 CEST 2018 

Hello all!

I'm using Kamailio 5.1.0 on my testing machine. Configuration includes
slightly modified AUTH route from
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb

route[AUTH] {
  xlog("L_DBG", "== TRACE. AUTH\n");

  # if caller is not local subscriber, then check if it calls
  # a local destination, otherwise deny, not an open relay here
  if (from_uri!=myself && uri!=myself) {
    xlog("L_DBG", "== TRACE. AUTH. Not relaying. Exiting.\n");
    sl_send_reply("403","Not relaying");
    exit;
  }

  if(isflagset(TRUSTEDIP)) {
    xlog("== TRACE. AUTH. TRUSTEDIP. Returning.\n");
    return;
  }

  if (is_method("REGISTER") || from_uri==myself) {
    xlog("L_DBG", "== TRACE. AUTH. Method REGISTER\n");
    # authenticate requests
    if (!auth_check("$fd", "sipusers", "1")) {
      auth_challenge("$fd", "0");
      xlog("L_DBG", "== TRACE. AUTH. Exiting.\n");
      exit;
    }
    # user authenticated - remove auth header
    if(!is_method("REGISTER|PUBLISH")) {
      xlog("L_DBG", "== TRACE. AUTH. Method is not REGISTER|PUBLISH\n");
      consume_credentials();
    }
  }

  xlog("L_DBG", "== TRACE. AUTH. Returning.\n");
  return;
}

I opened port UDP/5060 to everyone today and started receiving some SIP
requests. Most INVITEs were stopped by *auth_challenge* but then I received
this one:

2018/04/11 16:32:44.385689 38.91.106.211:5069 -> 172.16.30.205:5060

INVITE sip:100 at MY_PUB_IP_ADDRESS SIP/2.0
v: SIP/2.0/UDP 38.91.106.211:5060;branch=z9hG4bK-929181129;rport
Content-Length: 0
f: "pbx"<sip:100 at 1.1.1.1>;tag=3535306165633930313363340131373533363938373235
i: 757925348661465531074812
m: sip:100 at 38.91.106.211:5069
Accept: application/sdp
CSeq: 1 INVITE
t: "pbx"<sip:100 at 1.1.1.1>
Max-Forwards: 70

... and it came through AUTH route. Below are two fragments of Kamailio log:

Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. INVITE From: sip:100 at 1.1.1.1 (IP:38.91.106.211:5069)
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE.       To: sip:100 at 1.1.1.1
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: pv
[pv_core.c:1286]: pv_get_dsturi(): no destination URI
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE.    Destination URI : <null>
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. SIP Request header : sip:100 at MY_PUB_IP_ADDRESS
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/parser/msg_parser.c:89]: get_hdr_field(): found end of header
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: pv
[pv_core.c:966]: pv_get_useragent(): no User-Agent header
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE.  User Agent header : <null>
****************************************************************************************************
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. request_route ==> AUTH
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. AUTH
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 &&
[1.1.1.1] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==13 &&
[1.1.1.1] == [172.16.30.205]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 &&
[1.1.1.1] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 8088
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/forward.c:412]: check_self(): host != me
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 &&
[1.1.1.1] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==13 &&
[1.1.1.1] == [172.16.30.205]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 &&
[1.1.1.1] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 8088
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/forward.c:412]: check_self(): host != me
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==9 &&
[ MY_PUB_IP_ADDRESS ] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==13 &&
[ MY_PUB_IP_ADDRESS ] == [172.16.30.205]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==9 &&
[ MY_PUB_IP_ADDRESS ] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 8088
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. AUTH. Returning.

As you can see all tests failed to catch this INVITE request and Kamailio
continued processing it. And I'm now wondering what would be the best way
to identify such packet.

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180411/ea535ddc/attachment.html>

More information about the sr-users mailing list