[OpenSIPS-Devel] New Transformations Available
Thomas Gelf
thomas at gelf.net
Tue Aug 17 21:44:46 CEST 2010
Hey, that's great!
Please feel free to close my corrsponding feature request #3028431 ;-)
This should finally allow to check for example whether a Contact uri
points to a specific subnet (security checks!). The following example
shall deny REGISTER requests with Contacts pointing to your own network
(e.g. 192.0.2.128/25):
if ($ct{uri.host}{ip.isip}) {
if (($ct{uri.host}{ip.pton} & "255.255.255.128"{ip.pton}) ==
"192.0.2.128"{ip.pton}) {
xlog("L_ERR", "Rejecting REGISTER pointing to OURNET");
send_reply("403", "Invalid Contact");
exit;
}
}
Please note that this is just a really simple example, a full check
would have to loop through ALL provided Contacts.
Vlad: I didn't test it yet, but I guess it should work that way,
shouldn't it?
Best regards,
Thomas Gelf
Am 17.08.2010 17:30, schrieb Vlad Paiu:
> The ip transformations add the possibility to store a string
> representation of an IP into a binary format, and the other way round.
> You can also check if a string is a valid IP address, get the family of
> a binary IP representation ( INET or INET6 ) and resolve a domain name
> to get its corresponding string IP address.
> ...
> For more extended examples of using the newly available transformations,
> visit http://www.opensips.org/Resources/DocsCoreTran .
--
mail: thomas at gelf.net
web: http://thomas.gelf.net/
More information about the Devel
mailing list