13 Mar
2006
13 Mar
'06
1:12 p.m.
Hi,
I just wonder if this is according to RFC.
I have a UA (ekiga) which adds a Route:<OBP>;lr in INVITE
Is this "legal"?
At least in default scripts, it's being loose routed, and not following
normal message processing...
br hw,
--
Helge Waastad
Senior Konsulent
Smartnet
13 Mar
13 Mar
1:35 p.m.
Helge Waastad wrote:
Hi,
I just wonder if this is according to RFC.
I have a UA (ekiga) which adds a Route:<OBP>;lr in INVITE
Is this "legal"?
No "lr" should be an url param and not a route (rr) param. For example:
Route: <sip:proxy;lr>
It's called a pre-existing route set if the request is sent outside of a
dialog. And using a pre-existing route set it the RECOMMENDED way of
specifying an outbound proxy. Refer to RFC 3261 section 8.1.1.1.
/Mikael
At least in default scripts, it's being loose
routed, and not following
normal message processing...
br hw,
1:40 p.m.
Helge Waastad wrote:
Hi,
I just wonder if this is according to RFC.
I have a UA (ekiga) which adds a Route:<OBP>;lr in INVITE
Is this "legal"?
At least in default scripts, it's being loose routed, and not following
normal message processing...
Yes, this is fine. This is a "pre-loaded" route. They work fine in my
setup as long as:
- the client uses loose routing (this is the case in your scenario)
- the proxy known that it is responsible for the host/IP in the Route
header (by default these are the IP addresses openser is listening on.
For domains they must be specified by alias=....)
e.g. this is not processed in the loose_route block (openser 1.0.0):
INVITE sip:klaus@enum.at SIP/2.0
Via: SIP/2.0/UDP 10.10.0.50:5088;rport;branch=z9hG4bK662862690
Route: <sip:83.136.32.160;lr>
From: <sip:klaus@enum.at>;tag=3909918647
To: <sip:klaus@enum.at>
regards
klaus
3:24 p.m.
Klaus Darilion writes:
- the proxy known that it is responsible for the
host/IP in the Route
header (by default these are the IP addresses openser is listening
on.
klaus,
how do you test that there is only one route in the predefined route
set? if there is more, they could be used to bypass your security
checks for the initial request.
-- juha
4:14 p.m.
Juha Heinanen wrote:
Klaus Darilion writes:
I do test for totag in the loose_route section.
regards
klaus
- the proxy known that it is responsible for the
host/IP in the Route
header (by default these are the IP addresses openser is listening
on.
klaus,
how do you test that there is only one route in the predefined route
set? if there is more, they could be used to bypass your security
checks for the initial request.
4:27 p.m.
Juha Heinanen wrote:
Klaus Darilion writes:
Until now I only had the case with exosip (e.g. my SIPTAPI) which puts
in the outbound proxy as pre loaded route (enum.at is hosted by ...160
but exosip does not support SRV thus I have to use a pre loaded route
with .160 as next hop, although this is main proxy):
INVITE sip:klaus@enum.at SIP/2.0
Via: SIP/2.0/UDP 10.10.0.50:5088;rport;branch=z9hG4bK662862690
Route: <sip:83.136.32.160;lr>
From: <sip:klaus@enum.at>;tag=3909918647
To: <sip:klaus@enum.at>
So, there is only 1 route header, without totag.
If this message is processed by loose_route, loose_route recognizes that
.160 is itself and thus the loose_route block is not entered but the
message is processed like any other request without route header
(openser 1.0.0)
regards
klaus
I do test for totag in the loose_route section.
and what do you do if there is no to-tag like in the case of preloaded
route set by nokia phones?
3:20 p.m.
Helge Waastad writes:
I have a UA (ekiga) which adds a Route:<OBP>;lr
in INVITE
Is this "legal"?
i'm pretty sure that rfc3261 allows so called pre-loaded route sets in
initial requests, but for security reasons, many proxy configurations
deny them. i too found recently that nokia phones, when configured to use
sip, add by default a route header pointing to the outbound proxy.
rather that simply rejecting initial requests with pre-loaded route
sets, it might be possible to configure the proxy to allow them, but
only if there is a single route entry that points to the proxy itself.
i haven't had time to think how this could be tested in openser.cfg.
-- juha
3:50 p.m.
Hi,
I did modify my (a little-bit confused) loose route to loose route only
INVITES/ACK with totags (has_totag). The rest should be going through
the normal ACL procedures.
But, could not a request relayed through other proxies also have a to
tag aswell? (and then again bypass security?)
br hw
man, 13,.03.2006 kl. 16.20 +0200, skrev Juha Heinanen:
Helge Waastad writes:
--
Helge Waastad
Senior Konsulent
Smartnet
I have a UA (ekiga) which adds a
Route:<OBP>;lr in INVITE
Is this "legal"?
i'm pretty sure that rfc3261 allows so called pre-loaded route sets in
initial requests, but for security reasons, many proxy configurations
deny them. i too found recently that nokia phones, when configured to use
sip, add by default a route header pointing to the outbound proxy.
rather that simply rejecting initial requests with pre-loaded route
sets, it might be possible to configure the proxy to allow them, but
only if there is a single route entry that points to the proxy itself.
i haven't had time to think how this could be tested in openser.cfg.
-- juha
3:57 p.m.
Helge Waastad writes:
I did modify my (a little-bit confused) loose route to
loose route only
INVITES/ACK with totags (has_totag). The rest should be going through
the normal ACL procedures.
that won't help you with phones line nokia, which add Route header to
INITIAL request (which never have To tags).
-- juha
4:35 p.m.
by default, loose_route() function detects the pre-loaded route: if
there is only one Route hdr pointing to the server, it will be consumed
and loose_route() will return false. If more than one Route hdr is
present, the routing will be done as usual - function will consume the
Route and set the destination to the next Route - true is returned.
regards,
bogdan
Juha Heinanen wrote:
Helge Waastad writes:
I did modify my (a little-bit confused) loose
route to loose route only
INVITES/ACK with totags (has_totag). The rest should be going through
the normal ACL procedures.
that won't help you with phones line nokia, which add Route header to
INITIAL request (which never have To tags).
-- juha
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
5:04 p.m.
Hi,
excellent.
Now I at least understood my problem.
I will have a loose_route problem in a "dispatcher/OBP scenario" since
the route header will not be the proxy it self, but the OBP/Dispatcher
address, hence a routing loop will occure...
(Probably Loose routing should be done at OBP layer...I just have to
figure it out.)
Thanks,
br hw
man, 13,.03.2006 kl. 17.35 +0200, skrev Bogdan-Andrei Iancu:
by default, loose_route() function detects the
pre-loaded route: if
there is only one Route hdr pointing to the server, it will be consumed
and loose_route() will return false. If more than one Route hdr is
present, the routing will be done as usual - function will consume the
Route and set the destination to the next Route - true is returned.
regards,
bogdan
Juha Heinanen wrote:
--
Helge Waastad
Senior Konsulent
Smartnet
Helge Waastad writes:
I did modify my (a little-bit confused) loose
route to loose route only
INVITES/ACK with totags (has_totag). The rest should be going through
the normal ACL procedures.
that won't help you with phones line nokia, which add Route header to
INITIAL request (which never have To tags).
-- juha
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
5:17 p.m.
Helge Waastad wrote:
Hi,
excellent.
Now I at least understood my problem.
I will have a loose_route problem in a "dispatcher/OBP scenario" since
the route header will not be the proxy it self, but the OBP/Dispatcher
address, hence a routing loop will occure...
(Probably Loose routing should be done at OBP layer...I just have to
figure it out.)
The the OBP is addressed using a pre-loaded route, it should remove the
Route header and forward it to the main proxy. Maybe the problem is the
route header:
Route:<OBP>;lr
Is the OBP really inside <> or is this just your formatting?
klaus
Thanks,
br hw
man, 13,.03.2006 kl. 17.35 +0200, skrev Bogdan-Andrei Iancu:
> by default, loose_route() function detects the pre-loaded route: if
> there is only one Route hdr pointing to the server, it will be consumed
> and loose_route() will return false. If more than one Route hdr is
> present, the routing will be done as usual - function will consume the
> Route and set the destination to the next Route - true is returned.
>
> regards,
> bogdan
>
> Juha Heinanen wrote:
>
>> Helge Waastad writes:
>>
>>> I did modify my (a little-bit confused) loose route to loose route only
>>> INVITES/ACK with totags (has_totag). The rest should be going through
>>> the normal ACL procedures.
>> that won't help you with phones line nokia, which add Route header to
>> INITIAL request (which never have To tags).
>>
>> -- juha
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
5:36 p.m.
Hi,
sorry about that:
(I know I'm not always RFC compliant myself ;-) )
Route: <sip:xxx.xxx.xxx.xxx:5060;lr>
man, 13,.03.2006 kl. 17.17 +0100, skrev Klaus Darilion:
Helge Waastad wrote:
--
Helge Waastad
Senior Konsulent
Smartnet
Hi,
excellent.
Now I at least understood my problem.
I will have a loose_route problem in a "dispatcher/OBP scenario" since
the route header will not be the proxy it self, but the OBP/Dispatcher
address, hence a routing loop will occure...
(Probably Loose routing should be done at OBP layer...I just have to
figure it out.)
The the OBP is addressed using a pre-loaded route, it should remove the
Route header and forward it to the main proxy. Maybe the problem is the
route header:
Route:<OBP>;lr
Is the OBP really inside <> or is this just your formatting?
klaus
Thanks,
br hw
man, 13,.03.2006 kl. 17.35 +0200, skrev Bogdan-Andrei Iancu:
> by default, loose_route() function detects the pre-loaded route: if
> there is only one Route hdr pointing to the server, it will be consumed
> and loose_route() will return false. If more than one Route hdr is
> present, the routing will be done as usual - function will consume the
> Route and set the destination to the next Route - true is returned.
>
> regards,
> bogdan
>
> Juha Heinanen wrote:
>
>> Helge Waastad writes:
>>
>>> I did modify my (a little-bit confused) loose route to loose route only
>>> INVITES/ACK with totags (has_totag). The rest should be going through
>>> the normal ACL procedures.
>> that won't help you with phones line nokia, which add Route header to
>> INITIAL request (which never have To tags).
>>
>> -- juha
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
14 Mar
14 Mar
8:22 a.m.
Bogdan-Andrei Iancu writes:
by default, loose_route() function detects the
pre-loaded route: if
there is only one Route hdr pointing to the server, it will be consumed
and loose_route() will return false. If more than one Route hdr is
present, the routing will be done as usual - function will consume the
Route and set the destination to the next Route - true is returned.
great and thanks for the explanation. currently, rel_1_0_0 README only
says:
The function performs loose routing as defined in RFC3261. See
the RFC3261 for more details.
This function can be used from REQUEST_ROUTE.
Example 1-6. loose_route usage
...
loose_route();
i.e., it doesn't explain what loose_route() returns and when.
-- juha
6835
days inactive
6836
days old
14 comments
5 participants
participants (5)
-
Bogdan-Andrei Iancu -
Helge Waastad -
Juha Heinanen -
Klaus Darilion -
Mikael Magnusson