[SR-Users] secfilter usage

Aymeric Moizard amoizard at gmail.com
Tue Dec 3 17:57:09 CET 2019


Hi,

Tks a lot for the answer.

I'm surprised if that would fix the issue. The missing 200 ok was for an
invite with a via containing a public IP and no port.

I would expect sl_send_reply to send something, even if to the wrong port?

Regards
Aymeric


Le mar. 3 déc. 2019 à 16:40, Pepelux <pepeluxx at gmail.com> a écrit :

> Sorry ... Try to use force_rport() *before* sl_send_reply
>
> On Tue, 3 Dec 2019 at 16:37, Pepelux <pepeluxx at gmail.com> wrote:
>
>> Hi Aymeric
>>
>> Try to use force_rport() after sl_send_reply:
>>
>> secf_check_ua();
>> if ($? == -2) {
>>   force_rport();
>>   sl_send_reply("200", "OK");
>>   exit;
>> }
>>
>> For secf_check_sqli_all() the module drops the packet if a sqli is
>> detected in any header but for other functions as secf_check_sqli_ua() it
>> returns a negative code for detection and you choose if you want to drop
>> the packet or not
>>
>> Regards
>>
>>
>> On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard <amoizard at gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> I'm testing and moving my kamailio script to use the newer secfilter
>>> module.
>>>
>>> In the past, I was replying "200 Ok" to "friendly scanners"...
>>>
>>> With the newer secfilter module, it looks like I can't send a reply with
>>> "sl_send_reply("200", "OK")"
>>>
>>> secf_check_ua();
>>> if ($? == -2) {
>>>   sl_send_reply("200", "OK");
>>>   exit;
>>> }
>>>
>>>
>>> I have read the code of the secfilter, but I was not able to see any
>>> specific code to silently discard the SIP request.
>>>
>>> I can see in the documentation about "secf_check_sqli_all", that the SIP
>>> message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0
>>> on detection and w_check_ua returns -2 upon detection.
>>>
>>> Are the message discarded because a negative value was returned?
>>>
>>> Would it be doable, using the secfilter, to still reply 200 Ok?
>>> Regards
>>> Aymeric
>>>
>>> --
>>> Antisip - http://www.antisip.com
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191203/03ce46f3/attachment.html>


More information about the sr-users mailing list