[OpenSIPS-Users] is_ip_registered in invite
Serge Yuriev
me at nevian.org
Wed Dec 21 00:34:02 EST 2016
Hello,
Also you can use REDIS or HASH to mark IP as allowed on register.
On 12 Dec 2016, at 19:27, Schneur Rosenberg <rosenberg11219 at gmail.com> wrote:
> Thanks Razvan, I had no choice and I did it the non lazy way, we have lots of carriers for incoming DID's, until now I did not want to have the headache of constantly updating my carriers IP's used for incoming traffic, so I allowed unauthenticated DID calls to come in from any IP address, but it was really not smart, I needed to do extra database queries, and my database even crashed once when someone brute forced my server and by the time the firewall script kicked in to block him my database has crashed because it was doing a MYSQL query for each invite.
>
> So now I use the permission module to load all did providers IP addresses and therefore I don't need to do extra tests and queries on every single INVITE and all my problems have been solved :-)
>
> On Mon, Dec 5, 2016 at 11:03 AM, Răzvan Crainea <razvan at opensips.org> wrote:
> Hi, Schneur!
>
> The second parameter of the is_ip_registered() function[1] should be the AOR of the caller, in the sip:SIP_USER at SIP_DOMAIN format. The source IP is only checked against the contacts of that specific subscriber.
> However, if I understand correctly, your problem is determining what is the correct AOR to use, because the From username and domain might be different between REGISTER and INVITE, right? If that's the case, you don't have that many choices: either you search through all registered IPs (but there is no OpenSIPS function to do that, so you'll need someting external as you've already done), or you create some sort of mappings between the REGISTER and INVITE users/formats. Or you impose your customers to comply with a specific format, that can help you figure out the mapping.
>
> [1] http://www.opensips.org/html/docs/modules/2.2.x/registrar.html#id294953
>
> Best regards,
> Răzvan Crainea
> OpenSIPS Solutions
> www.opensips-solutions.com
> On 12/04/2016 01:20 PM, Schneur Rosenberg wrote:
>> Hi, I would like to check during the initial invite if the request comes from a IP that is registered (I don't care about the user credentials at this time), I use it to know if the invite is from a registered user or if it is from a unauthenticated source (DID's or hacking attempt) I can't use is_contact_registered() because not all clients send the user name in the initial invite, and they only send it in the authentication username which is absent in the initial invite, therefore I want to use is_ip_registered() but I'm having issues and I don't understand exactly what the second parameter is for, I want to check for the ip in the $si variable if it is registered (either in the contact field or in the received field).
>>
>> When leaving blank the AOR field, some devices work well but some don't.
>>
>> Due to NAT some devices register the IP in the contact field, and some in the received field, I want to try to match to either one, and it should parse the contact field that it should ignore the username from the contact field.
>>
>> I was doing a avp_db_query() until now, but it had 2 major issues.
>>
>> 1) It runs a MYSQL query on each REQUEST which reduces performance, I couldn't use memcache because IP's are dynamic in nature.
>> 2) I use db_mode 2 on usrloc and it takes about a minute for the registration to appear in the DB and the user can't call out during that minute, and even worse if he tries multiple times and it gets rejected my iptables will block his IP.
>>
>> thank you
>> S. Rosenberg
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Serge S. Yuriev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20161221/2ceb5693/attachment-0001.html>
More information about the Users
mailing list