[OpenSIPS-Users] Reject INVITEs with invalid (unable to be parsed) headers

Tyler Merritt tyler at fonality.com
Tue Feb 15 14:05:07 CET 2011


Thinking a bit about your case - do you know what all "good" traffic should
look like?  If so - could you possibly create one REGEX statement that would
say "if it doesn't look like this - discard" ?

I don't think $fu can be NULL unless it's actually not in the packet.  as
far as I can tell - OS looks for the sip: and grabs everything behind it to
the > or ; or whatever is the next delimiter.

There's always inserting each valid domain into the db and using db lookups
for verification - dunno how many different domains you serve, but it's one
way...

On Mon, Feb 14, 2011 at 11:47 PM, thrillerbee <thrillerbee at gmail.com> wrote:

> I'm really trying to find methods of combating memory leaks that I now
> believe must be caused by some specific traffic pattern. As a result, I'm
> trying to "filter" as much "bad" traffic as possible before it gets into the
> core of my network.
>
> I *have* seen parse errors on the from header as I use uac_replace_from to
> normalize traffic to determine jurisdiction, etc. I'd like to know how to
> identify that traffic, so, would $fu be NULL in this scenario? Is there a
> better method?
>
> Thanks.
>
>
> On Sun, Feb 13, 2011 at 7:13 AM, Tyler Merritt <tyler at fonality.com> wrote:
>
>> I'm relatively new to OpenSIPs myself - but in my various experiments -
>> the idea that OS cannot parse a header is a bit foreign.  As a SIP proxy -
>> it's job is more to use the routing logic in order to transmit packets from
>> A through to C via B (OS itself).
>>
>> I have sent packets with bogus From and To headers and they transmit to
>> the end destination just fine.  I don't believe that your answer will be
>> found in the format of the headers.  Rather, the best way to detect invalid
>> headers (I think) would be to use TextOps modules and REGEX to act on the
>> headers themselves and detect formats that you say are valid.
>>
>> OS is flexible enough to do this - plenty of logic in the IF, THEN, ELSE
>> statements within routing blocks in order to check these headers against
>> rules that you assert are "valid".
>>
>>
>>
>> On Sat, Feb 12, 2011 at 7:57 AM, thrillerbee <thrillerbee at gmail.com>wrote:
>>
>>> What is the easiest way to identify traffic with invalid headers?
>>> Specifically, the from and to URIs.
>>> For example, if OpenSIPS is unable to parse a from URI, would $fu be
>>> NULL?
>>>
>>> Thanks.
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110215/6d186050/attachment.htm>


More information about the Users mailing list