16 Oct
2007
16 Oct
'07
11:33 a.m.
Iñaki Baz Castillo wrote:
El Monday 15 October 2007 22:35:34 Klaus Darilion
escribió:
Usually, if a client wants to dial a phone number, the client will add
its own domain as RURI domain. E.g.
sip:client@mydomain.com calls PSTN 12345: RURI=sip:12345@mydomain.com ->
forward to PSTN gateway
sip:client@mydomain.com calls sip:12345@otherdomain.com --> forward
request to otherdomain. Regardless if otherdomain.com is hosted in the
same openser or any others SIP proxy, at otherdomain.com this is an
incoming SIP call from an external SIP client which MUST NOT be routed
to the PSTN.
Thus, I would add both checks.
regards
klaus
Iñaki Baz Castillo wrote:
It's a great idea!
Of course I need to test it. For example:
What about if the "Refer-to" header just contains "sip:001234234234"
with no
@domain? maybe there are "broken" SIP devices which auto-complete this URI
with their domain?
El Monday 15 October 2007 12:12:44 Klaus Darilion
escribió:
just an
idea: check if $fd of REFER is identical to domain in REFER to
header - if not -> reject it. What exactly do you want to achieve? Do you want
to allow REFER only
intradomain?
Exactly.
- Imagine you admin a OpenSer that gives service to 2 independent
companies (domain_A and domain_B).
- Imagine a user_A of domain_A calls to a user_B of domain_B.
- During the call user_A does REFER.
- OpenSer requires auth por REFER, so user_A sends auth (it can since
it's a local user).
- So finally user_B is transferred by an external user. Of course this is
not tolerable.
So I need to allow a REFER just if the caller and called are in the same
domain, but REFER is in-dialog so there is not domain name in the URI. Further, if B's phone send out the new
INVITE, if $rd != $fd then do not
send the call to the gateway.
Humm, it can't be, because in case of a forwarding (implemented in OpenSer) I
do allow calls from others domain to PSTN gateway.