Home Explore Help
Sign In
Kamailio
/
kamailio
mirror of https://github.com/kamailio/kamailio.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

private IP in Contacts now allowed if RR present

Jiri Kuthan 23 years ago
parent
ac022ef618
commit
44e8239ad3
1 changed files with 20 additions and 12 deletions
Split View Show Diff Stats
  1. 20 12
      etc/iptel.cfg

+ 20 - 12
etc/iptel.cfg
View File 

@@ -32,7 +32,7 @@ fifo="/tmp/ser_fifo"
 
 # ------------------ module loading ----------------------------------
 
 
 loadmodule "../new_ser/modules/sl/sl.so"
 
-#loadmodule "../new_ser/modules/tm/tm.so"
 
+loadmodule "../new_ser/modules/tm/tm.so"
 
 loadmodule "../new_ser/modules/acc/acc.so"
 
 loadmodule "../new_ser/modules/rr/rr.so"
 
 loadmodule "../new_ser/modules/maxfwd/maxfwd.so"
 
@@ -53,6 +53,8 @@ modparam("usrloc", "db_url","sql://ser:heslo@dbhost/ser")
 
 
 # -- auth params --
 
 
+#modparam("auth", "calculate_ha1", yes)
 
+
 
 modparam("auth", "db_url","sql://ser:heslo@dbhost/ser")
 
 modparam("auth", "user_column",   "user_id")
 
 # nonce generation secret; particularly useful if multiple servers
 
@@ -111,17 +113,14 @@ route{
 
 	# from private IP space (RFC1918) in Contact HF
 
 	# (note: does not match with folded lines)
 
 	if (search("^(Contact|m): .*@(192\.168\.|10\.|172\.16)")) {
 
-		log("LOG: Someone trying to register from private IP again\n");
 
-		sl_send_reply("479", "We dont accept private IP contacts" );
 
-		break;
 
-	};
 
-
 
-	# Make sure that user's dont register infinite loops
 
-	# (note: does not match with folded lines)
 
-	if (search("^(Contact|m): .*@(195\.37\.77\.101|iptel\.org)")) {
 
-		log(1, "LOG: alert: someone trying to set aor==contact\n");
 
-		sl_send_reply("476", "No Server Address in Contacts Allowed" );
 
-		break;
 
+		# allow RR-ed requests, as these may indicate that
 
+		# a NAT-enabled proxy takes care of it; unless it is
 
+		# a REGISTER
 
+		if (method=="REGISTER" || ! search("^Record-Route:")) {
 
+			log("LOG: Someone trying to register from private IP again\n");
 
+			sl_send_reply("479", "We dont accept private IP contacts" );
 
+			break;
 
+		};
 
 	};
 
 
 	/* ********* RR ********************************** */
 
@@ -208,6 +207,15 @@ route{
 
 	# registers always MUST be authenticated to
 
 	# avoid stealing incoming calls	
 	if (method=="REGISTER") {
 
+
 
+		# Make sure that user's dont register infinite loops
 
+		# (note: does not match with folded lines)
 
+		if (search("^(Contact|m): .*@(195\.37\.77\.101|iptel\.org)")) {
 
+			log(1, "LOG: alert: someone trying to set aor==contact\n");
 
+			sl_send_reply("476", "No Server Address in Contacts Allowed" );
 
+			break;
 
+		};
 
+
 
 		# prohibit attempts to grab someone else's To address 
 		# using  valid credentials; the only exception is the user
 
 		# 'replciator' permitted to generate 3-rd party registrations