18 Mar
2005
18 Mar
'05
11:36 a.m.
Andreas Granig wrote:
Hi all,
First of all two common anonymization questions:
Is it save for anonymization to alter the Contact-Header in SER if
record_route() is used to strip the username/IP? If not, how do you
accomplish this correctly?
This is bad as the callee doesn't know anymore where to send other
requests (e.g. BYE).
And is there a way to modify the SDP body to change the o-Field to
change/remove the IP of the owner/creator?
subst()
IMO you can't get real anonymity without a B2B UA.
if(is_user_in("From", "clir")) {
t_relay to asterisk box which strips IDs
}
regards,
klaus
Then an uac issue:
The uac module (backported to ser-0.9 with "MANUAL RESTORE" mode) works
well for me in this scenario:
The group "clir" indicates anonymization, and the config looks like this:
modparam("uac", "from_restore_mode", 2)
route {
# ...
if(is_user_in("From", "clir")) {
setflag(7);
uac_replace_from("Anonymous", "sip:anonymous@my.domain");
}
t_on_reply("1");
t_relay();
}
onreply_route[1] {
if(isflagset(7))
uac_restore_from();
}
When A calls B and A is in group "clir", the From-Header sent to B is
anonymized, and responses to A are restored correctly.
But when B hangs up, the UAC of B (Cisco-ATA186 or Mediatrix 2102)
changes From and To in the BYE message, so A receives the anonymized
From-Header as To-Header.
This is because uac_restore_from() only restores the From-Header (as the
name of the function says ;o) ), not the To-Header if there is a
vsf-Parameter available. This isn't correct behaviour, is it?
Also the Cisco-ATA strips off the vsf-Parameter in the BYE-Message so it
isn't available anyhow, but this seems to be a Cisco-Bug!?
Any Comments/Ideas?
Andy
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers