24 May
2018
24 May
'18
5:13 p.m.
Hi there,
I've added a simple black list that rejects incoming requests (REGISTER and
INVITE) containing certain text in the message body. Source IP addresses of
the rejected requests are going to be banned and added to the ban list:
route
{
...
$var(ban_list_key) = $si + ":" + $sp;
if ($sht(ip_ban_list=>$var(ban_list_key)) != $null) {
xlog("L_INFO", "$var(log_fmt_tag) The incoming $rm request
from: $fU, si: $si, sp: $sp was rejected. The source host is temporarily
banned.");
sl_send_reply("400", "Bad request");
exit;
}
...
if (method=="REGISTER" || method=="INVITE") {
sht_iterator_start("i1", "black_list");
while(sht_iterator_next("i1")) {
$var(term_is_in_wl) = 0;
$var(collision_idx) = 0;
while($sht(white_list=>$fU[$var(collision_idx)]) != $null
) {
if($shtitval(i1) ==
$sht(white_list=>$fU[$var(collision_idx)])) {
$var(term_is_in_wl) = 1;
break;
}
$var(collision_idx) = $var(collision_idx) + 1;
}
if ($var(term_is_in_wl) == 0) {
if ( $mb =~ $shtitval(i1) ) {
# found a term from the black list. access denied.
xlog("L_INFO", "$var(log_fmt_tag) The incoming
$rm
request from: $fU, si: $si, sp: $sp was rejected. SIP message body contains
a term from the black list - $shtitval(i1)");
# add device to banlist
$var(ban_info) = "" + $Ts + "_" +
$shtitval(i1);
$sht(ip_ban_list=>$var(ban_list_key)) =
$var(ban_info);
xlog("L_INFO", "$var(log_fmt_tag) The source host
$si:$sp was banned for 1 hour.");
sht_iterator_end("i1");
sl_send_reply("400", "Bad request");
exit;
}
}
}
sht_iterator_end("i1");
}
...
}
All works fine with UPD, but using TCP, kamailio ceases to accept any
requests. Please take a look, what do I wrong.
Thanks,
Andrey
25 May
25 May
5:27 p.m.
Am Donnerstag, 24. Mai 2018, 16:13:50 CEST schrieb Andrey Deykunov:
I've added a simple black list that rejects
incoming requests (REGISTER and
INVITE) containing certain text in the message body. Source IP addresses of
the rejected requests are going to be banned and added to the ban list:
[..]
All works fine with UPD, but using TCP, kamailio ceases to accept any
requests. Please take a look, what do I wrong.
Hello Andrey,
before going into your cfg, lets have a look to some easier to verify topics:
Are the TCP SIP messages actually received from Kamailio? You can verify this e.g. by
looking to the network traffic with tcpdump and friends. Or you can enable debug logging
in the cfg and will see the packet processing in the core and parser.
With the enabled debug logging you should also get more hints about the actual flow in the
configuration, maybe this gives you some hints about the error.
Best regards,
Henning
2377
days inactive
2378
days old
1 comments
2 participants
participants (2)
-
Andrey Deykunov -
Henning Westerholt