On Thursday 27 February 2014 18:06:13 Tony Turner wrote:
> is it possible with Kamailio to have customers calls come in on a trusted
> IP and when they send calls we add a header with a [client id] which we
> can remove on the next ip switch upstream
>
> So example
>
> Call comes in from customer with IP:
> their trusted IP source xx.xx.xx.xx
> add header with their client ID
Offcourse this is possible. I do something similar to indicat to upstream sip
servers the call is accounted for.
I store trusted IPs in the address table and check for INVITES from those IPs.
If one matches I make a lookup in the usr_preferences table to figure out what
client it is for:
route[AUTHENTICATE]
{
if(!is_method("REGISTER") && allow_address("3", "$si", "$sp") &&
$proto=="tcp")
{
if(!avp_db_query("select username from usr_preferences where
attribute='ip_authentication' and (value='$si:$sp' or value like '$si:%')
order by length(value) limit 1"))
{
sl_send_reply("403", "Not Allowed");
exit;
}
$avp(au)=$avp(i:1);
}
else
{
#normal authentication
...
append_hf() to append a header. Be sure to remove the header from all incoming
requests first (remove_hf()).
BTW this is insecure for udp traffic. If someone is able to spoof source
adresses this might be abused, hence the tcp only condition.
--
POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/ - http://www.sipo.nl/
K.v.K. Eindhoven 17097024
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
