Zeus Ng wrote:
See inline.
Hello there
Zeus Ng wrote:
Yes, you just replace that one. Alternatively, if you don't want to load the domain module, you can try from_uri.
if (!uri == myself) { if (from_uri == myself) { t_relay(); break; } else { sl_send_reply("403", "Relaying not allowed");
please forgive my ignorance but shouldn't a "break" be included here?
Yes, you are right.
} }
another related doubt: shouldn't one protect the statements bellow, too?
# loose-route processing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); t_relay(); break; };
Logically, you should protect it as well. However, the way loose route was constructed make it difficult to check uri. The best way is only allow in dialogue INVITE with to tag.
for example: A calls B. B forwards the call to C. If C sends the BYE, this will be loose route, but the From: header contains domain B, the To: header contains domain A, and the domin in the request URI contains the IP address of A. Thus, if you will check for domain C it will fail.
if (loose_route()) { if (method == "INVITE") { if (!has_totag()) { # can't remember the syntax sl_send_reply("403", "Cannot use this proxy as outbound proxy!"); break; }; } t_relay(); break; };
You can do checking on other requests (MESSAGE, INFO, OPTIONS ...) here as well.
I check all loose_route messages if they have a to-tag: if (loose_route()) { if (!has_totag()) { # can't remember the syntax sl_send_reply("403", "Cannot use this proxy as outbound proxy!"); break; }; t_relay(); break; };
regards, klaus