[OpenSIPS-Devel] New Transformations Available

Thomas Gelf thomas at gelf.net
Tue Aug 17 21:44:46 CEST 2010


Hey, that's great!

Please feel free to close my corrsponding feature request #3028431 ;-)
This should finally allow to check for example whether a Contact uri
points to a specific subnet (security checks!). The following example
shall deny REGISTER requests with Contacts pointing to your own network
(e.g. 192.0.2.128/25):

if ($ct{uri.host}{ip.isip}) {
  if (($ct{uri.host}{ip.pton} & "255.255.255.128"{ip.pton}) ==
"192.0.2.128"{ip.pton}) {
    xlog("L_ERR", "Rejecting REGISTER pointing to OURNET");
    send_reply("403", "Invalid Contact");
    exit;
  }
}

Please note that this is just a really simple example, a full check
would have to loop through ALL provided Contacts.

Vlad: I didn't test it yet, but I guess it should work that way,
shouldn't it?

Best regards,
Thomas Gelf

Am 17.08.2010 17:30, schrieb Vlad Paiu:
> The ip transformations add the possibility to store a string 
> representation of an IP into a binary format, and the other way round. 
> You can also check if a string is a valid IP address, get the family of 
> a binary IP representation ( INET or INET6 ) and resolve a domain name 
> to get its corresponding string IP address.
> ...
> For more extended examples of using the newly available transformations,
> visit http://www.opensips.org/Resources/DocsCoreTran .


-- 
 mail: thomas at gelf.net
  web: http://thomas.gelf.net/





More information about the Devel mailing list