Re: [OpenSIPStack] domain rewriting question
Brought to you by:
joegenbaclor
Menu
▾
▴
Re: [OpenSIPStack] domain rewriting question
|
From: Andre M. <an...@ma...> - 2008-10-18 17:04:43
|
Hello Joegen, did you find some time to back-track the changes ? An update on that would be highly appreciated. Regards, Andre Joegen E. Baclor schrieb: > Andre > > I will try to back-track the changes. That revision was checked in by > another developer. I need to confer with him before I conuld confirm > what really changed since then. > > Joegen > > André Mamitzsch wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello Joegen, >> >> the rewrite of the domain in the from field seems to work until >> 1.1.5-10. After that, and I compiled almost everything what I could get >> from CVS, it is not working anymore. >> >> I tried to have a look at the differences in order to find out why it >> changed and what was changed. I could identify that in Version 1.28 of >> the Router.cxx the Feature: >> >> Router.cxx: * Added feature to rewrite the FROM domain to a specific >> domain in the B2BUA routes >> >> was added. >> >> At the moment I' m unable to find a good starting point - if you could >> give me a small hint please... >> >> Andre >> >> >> Andre Mamitzsch schrieb: >> >>> Hello Joegen, >>> >>> thanks for your reply. I'm with you regarding the 50/50 - I checked the >>> RFC3261 this morning. >>> >>> > Never the less, I'll find time to make the domain rewrite for from >>> > configurable via B2BUA Route as well. >>> >>> Please wait. I found something confusing today which I cannot explain >>> yet. I disabled the "Rewrite-Request-URI" and "Rewrite-TO-URI" and >>> things start working. The from field value ist replaced with the target >>> domain (abc.net) while the to: field remains unchanged and contains the >>> local domain value (xyz.net). >>> >>> I' m totally confused now - I need to overthink that and come back to >>> you as soon as I verified the scenario. >>> >>> Regards, >>> >>> Andre >>> >>> >>> jo...@op... schrieb: >>> >>>> Andre, >>>> >>>> I am 50/50 on this one. Half of the argument is as you have already >>>> stated in this post. The other half is, this is the first time I have >>>> encountered a GW that filters INVITE based on the from header. From is >>>> a very weak form of identity assertion since it can be forged very >>>> easily using any softphone. This is not mentioning that RFC 3261 not >>>> only allows From to be forged easily but also allows it to be >>>> anonymized. For example sip:ano...@an...valid to indicate >>>> that you want your identity to be private is aperfectly valid from >>>> header. Thus, an implementation that relies on From to assert identity >>>> is tantamount to a multitude of interoperability issues. >>>> >>>> Never the less, I'll find time to make the domain rewrite for from >>>> configurable via B2BUA Route as well. I guess these sorts of issues is >>>> the main reason why SBC's are invented anyway. >>>> >>>> Joegen >>>> >>>> Andre Mamitzsch wrote: >>>> >>>>> Hi, >>>>> >>>>> I just need some clarification regarding the domain rewriting concept of >>>>> the OpenSBC. >>>>> >>>>> We are using the SBC in upper registration mode. The upper registration >>>>> works fine, all register messages are "hijacked" and domain rewriting is >>>>> performed. So, everything is fine here. >>>>> >>>>> >>>>> If I try to place a call, I receive the message "forbidden AOR" since no >>>>> rewriting in the From: field is performed while the domain in the To: >>>>> is replaced as expected. >>>>> >>>>> In my opinion, the local domain (xyz.net) should be replaced by the >>>>> target domain (abc.net) in the From: as well. Or am I wrong here ? >>>>> >>>>> Regards, >>>>> >>>>> Andre >>>>> >>>>> Our setup: >>>>> >>>>> >>>>> +--------+ +-------+ +---------+ >>>>> + SIP UA +------------------+ oSBC +-------------------+ SIP Net + >>>>> +--------+ +-------+ +---------+ >>>>> 192.168.10.3 10.70.3.200 10.70.5.85 >>>>> 12...@si... sip.abc.net >>>>> >>>>> >>>>> 2008/10/01 22:35:05.384 DTL: [CID=0x0e3e] ICT(3121173204) >>>>> Event(SIPMessage) - SIP/2.0 403 Forbidden AOR >>>>> >>>>> 2008/10/01 22:35:05.384 DBG: [CID=0x0e3e] TRANSACTION: (ICT) SIP/2.0 403 >>>>> Forbidden AOR State: 3 >>>>> >>>>> 2008/10/01 22:35:05.385 INF: [CID=0x0e3e] >>> ACK sip:78...@si... >>>>> SIP/2.0 DST: 10.70.5.85:5060:UDP SRC: 10.70.3.200:5060 enc=0 bytes=656 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] ACK sip:78...@si... SIP/2.0 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] From: "123456" >>>>> <sip:12...@si...>;tag=ed94ab1c >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] To: "789123" >>>>> <sip:78...@si...>;tag=1_1146_t160890_14h5 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Via: SIP/2.0/UDP >>>>> 10.70.3.200:5060;iid=22771;branch=z9hG4bK4ec38706668edd119c5bdb9c33a35a27;uas-addr=10.70.5.85;rport >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] CSeq: 1 ACK >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Call-ID: >>>>> ZTMzZjllOTQ1M2UwZGI0YWY2OGRlNjJjNTE2MGZmOTc.-0x0004 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Contact: >>>>> <sip:123456@10.70.3.200:5060> >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] User-Agent: OpenSBC v1.1.5-13 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Max-Forwards: 70 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Allow: INVITE, ACK, CANCEL, >>>>> OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Supported: timer >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Session-Expires: 1800 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Min-SE: 90 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] Content-Length: 0 >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] >>>>> >>>>> 2008/10/01 22:35:05.385 DBG: [CID=0x0e3e] >>>>> >>>>> ------------------------------------------------------------------------- >>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >>>>> Build the coolest Linux based applications with Moblin SDK & win great prizes >>>>> Grand prize is a trip for two to an Open Source event anywhere in the world >>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>> _______________________________________________ >>>>> opensipstack-devel mailing list >>>>> ope...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/opensipstack-devel >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> No virus found in this incoming message. >>>>> Checked by AVG - http://www.avg.com >>>>> Version: 8.0.173 / Virus Database: 270.7.5/1702 - Release Date: 10/1/2008 9:05 AM >>>>> >>>>> >>>>> >>>> ------------------------------------------------------------------------- >>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >>>> Build the coolest Linux based applications with Moblin SDK & win great prizes >>>> Grand prize is a trip for two to an Open Source event anywhere in the world >>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>> _______________________________________________ >>>> opensipstack-devel mailing list >>>> ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/opensipstack-devel >>>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >>> Build the coolest Linux based applications with Moblin SDK & win great prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> opensipstack-devel mailing list >>> ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opensipstack-devel >>> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFI61SIQKZIuVrbkWoRAmYkAJ499q3C8J94fe6kOO3nM0fVr46IiwCfcnW+ >> cRvR/59pqaqnzhqiilg0B84= >> =WEQ/ >> -----END PGP SIGNATURE----- >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> opensipstack-devel mailing list >> ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensipstack-devel >> ------------------------------------------------------------------------ >> >> >> No virus found in this incoming message. >> Checked by AVG - http://www.avg.com >> Version: 8.0.173 / Virus Database: 270.7.6/1711 - Release Date: 10/6/2008 5:37 PM >> >> > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > opensipstack-devel mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensipstack-devel |
