Re: [OpenSIPStack] domain rewriting question
Brought to you by:
joegenbaclor
Menu
▾
▴
Re: [OpenSIPStack] domain rewriting question
|
From: Andre M. <an...@ma...> - 2008-10-02 13:12:58
|
Hello Joegen, thanks for your reply. I'm with you regarding the 50/50 - I checked the RFC3261 this morning. > Never the less, I'll find time to make the domain rewrite for from > configurable via B2BUA Route as well. Please wait. I found something confusing today which I cannot explain yet. I disabled the "Rewrite-Request-URI" and "Rewrite-TO-URI" and things start working. The from field value ist replaced with the target domain (abc.net) while the to: field remains unchanged and contains the local domain value (xyz.net). I' m totally confused now - I need to overthink that and come back to you as soon as I verified the scenario. Regards, Andre jo...@op... schrieb: > Andre, > > I am 50/50 on this one. Half of the argument is as you have already > stated in this post. The other half is, this is the first time I have > encountered a GW that filters INVITE based on the from header. From is > a very weak form of identity assertion since it can be forged very > easily using any softphone. This is not mentioning that RFC 3261 not > only allows From to be forged easily but also allows it to be > anonymized. For example sip:ano...@an...valid to indicate > that you want your identity to be private is aperfectly valid from > header. Thus, an implementation that relies on From to assert identity > is tantamount to a multitude of interoperability issues. > > Never the less, I'll find time to make the domain rewrite for from > configurable via B2BUA Route as well. I guess these sorts of issues is > the main reason why SBC's are invented anyway. > > Joegen > > Andre Mamitzsch wrote: >> Hi, >> >> I just need some clarification regarding the domain rewriting concept of >> the OpenSBC. >> >> We are using the SBC in upper registration mode. The upper registration >> works fine, all register messages are "hijacked" and domain rewriting is >> performed. So, everything is fine here. >> >> >> If I try to place a call, I receive the message "forbidden AOR" since no >> rewriting in the From: field is performed while the domain in the To: >> is replaced as expected. >> >> In my opinion, the local domain (xyz.net) should be replaced by the >> target domain (abc.net) in the From: as well. Or am I wrong here ? >> >> Regards, >> >> Andre >> >> Our setup: >> >> >> +--------+ +-------+ +---------+ >> + SIP UA +------------------+ oSBC +-------------------+ SIP Net + >> +--------+ +-------+ +---------+ >> 192.168.10.3 10.70.3.200 10.70.5.85 >> 12...@si... sip.abc.net >> >> >> 2008/10/01 22:35:05.384 DTL: [CID=0x0e3e] ICT(3121173204) >> Event(SIPMessage) - SIP/2.0 403 Forbidden AOR >> >> 2008/10/01 22:35:05.384 DBG: [CID=0x0e3e] TRANSACTION: (ICT) SIP/2.0 403 >> Forbidden AOR State: 3 >> >> 2008/10/01 22:35:05.385 INF: [CID=0x0e3e] >>> ACK sip:78...@si... >> SIP/2.0 DST: 10.70.5.85:5060:UDP SRC: 10.70.3.200:5060 enc=0 bytes=656 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] ACK sip:78...@si... SIP/2.0 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] From: "123456" >> <sip:12...@si...>;tag=ed94ab1c >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] To: "789123" >> <sip:78...@si...>;tag=1_1146_t160890_14h5 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Via: SIP/2.0/UDP >> 10.70.3.200:5060;iid=22771;branch=z9hG4bK4ec38706668edd119c5bdb9c33a35a27;uas-addr=10.70.5.85;rport >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] CSeq: 1 ACK >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Call-ID: >> ZTMzZjllOTQ1M2UwZGI0YWY2OGRlNjJjNTE2MGZmOTc.-0x0004 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Contact: >> <sip:123456@10.70.3.200:5060> >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] User-Agent: OpenSBC v1.1.5-13 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Max-Forwards: 70 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Allow: INVITE, ACK, CANCEL, >> OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Supported: timer >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Session-Expires: 1800 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Min-SE: 90 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Content-Length: 0 >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] >> >> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> opensipstack-devel mailing list >> ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensipstack-devel >> >> ------------------------------------------------------------------------ >> >> >> No virus found in this incoming message. >> Checked by AVG - http://www.avg.com >> Version: 8.0.173 / Virus Database: 270.7.5/1702 - Release Date: 10/1/2008 9:05 AM >> >> > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > opensipstack-devel mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensipstack-devel |
