[SR-Users] secfilter usage
Pepelux
pepeluxx at gmail.com
Tue Dec 3 18:37:29 CET 2019
Hi
Without the force_rport() the reply goes to an incorrect port
Regards
On Tue, 3 Dec 2019 at 17:58, Aymeric Moizard <amoizard at gmail.com> wrote:
> Hi,
>
> Tks a lot for the answer.
>
> I'm surprised if that would fix the issue. The missing 200 ok was for an
> invite with a via containing a public IP and no port.
>
> I would expect sl_send_reply to send something, even if to the wrong port?
>
> Regards
> Aymeric
>
>
> Le mar. 3 déc. 2019 à 16:40, Pepelux <pepeluxx at gmail.com> a écrit :
>
>> Sorry ... Try to use force_rport() *before* sl_send_reply
>>
>> On Tue, 3 Dec 2019 at 16:37, Pepelux <pepeluxx at gmail.com> wrote:
>>
>>> Hi Aymeric
>>>
>>> Try to use force_rport() after sl_send_reply:
>>>
>>> secf_check_ua();
>>> if ($? == -2) {
>>> force_rport();
>>> sl_send_reply("200", "OK");
>>> exit;
>>> }
>>>
>>> For secf_check_sqli_all() the module drops the packet if a sqli is
>>> detected in any header but for other functions as secf_check_sqli_ua() it
>>> returns a negative code for detection and you choose if you want to drop
>>> the packet or not
>>>
>>> Regards
>>>
>>>
>>> On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard <amoizard at gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'm testing and moving my kamailio script to use the newer secfilter
>>>> module.
>>>>
>>>> In the past, I was replying "200 Ok" to "friendly scanners"...
>>>>
>>>> With the newer secfilter module, it looks like I can't send a reply
>>>> with "sl_send_reply("200", "OK")"
>>>>
>>>> secf_check_ua();
>>>> if ($? == -2) {
>>>> sl_send_reply("200", "OK");
>>>> exit;
>>>> }
>>>>
>>>>
>>>> I have read the code of the secfilter, but I was not able to see any
>>>> specific code to silently discard the SIP request.
>>>>
>>>> I can see in the documentation about "secf_check_sqli_all", that the
>>>> SIP message is supposed to be "dropped". I can see "w_check_sqli_all"
>>>> returns 0 on detection and w_check_ua returns -2 upon detection.
>>>>
>>>> Are the message discarded because a negative value was returned?
>>>>
>>>> Would it be doable, using the secfilter, to still reply 200 Ok?
>>>> Regards
>>>> Aymeric
>>>>
>>>> --
>>>> Antisip - http://www.antisip.com
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191203/f61e91f8/attachment.html>
More information about the sr-users
mailing list