<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Nick,<br>
<br>
yes, it is true -> use $si and $sp to see the source IP and
port (see <a class="moz-txt-link-freetext" href="http://www.opensips.org/Resources/DocsCoreVar19#toc80">http://www.opensips.org/Resources/DocsCoreVar19#toc80</a>) .<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<br>
On 04/09/2013 09:19 PM, Nick Khamis wrote:
<blockquote
cite="mid:CAGWRaZaq9WJJNjGhz2XuRr2Oc+4ye+T7KzyqmiFem_N_MGfTbA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>On Tue, Apr 9, 2013 at 1:28 PM, Bogdan-Andrei Iancu <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:bogdan@opensips.org" target="_blank">bogdan@opensips.org</a>></span>
wrote:<br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin: 0px 0px 0px
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000"> <tt>Hello Nick,<br>
<br>
You can say that the IP level info may be trusted (as
it is provided by IP layer which is out of users
control, so pretty safe).<br>
<br>
About the content of the SIP package, without
authentication, nothing is to be trusted. Doing digest
authentication for SIP requests, you can trust the
username+realm of the caller (username in auth hdr
which usually matches the SIP FROM hdr). So that's the
only information that you can say for 100% it is sure.<br>
<br>
If you want to have more authenticated, take a look at
SIP Identity support (<a moz-do-not-send="true"
href="http://www.opensips.org/html/docs/modules/1.9.x/identity.html"
target="_blank">http://www.opensips.org/html/docs/modules/1.9.x/identity.html</a>),
but you also need that support in the clients too.<br>
<br>
Regards,<br>
</tt>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre>
<div>
<div class="h5"> <br>
On 04/09/2013 06:43 PM, Nick Khamis wrote: </div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div>Hello Everyone,</div>
<div><br>
</div>
<div>When performing certain security tasks
using script and database queries, we would
like</div>
<div>to make sure that we are processing the
more secure parts of the SIP packet. As you
know</div>
<div>fu, fd, tu, and td can be manually set by
any user, as we do here in the SIP proxy
world:</div>
<div><br>
</div>
<div>
<div>From: "Mike Peer" <<a
moz-do-not-send="true"
href="mailto:sip%3A5148390676@10.147.23.144"
target="_blank">sip:5148390676@10.147.23.144</a>>;tag=as15bc6a70.</div>
<div>To: <<a moz-do-not-send="true"
href="mailto:sip%3A1000@sip.example.com"
target="_blank">sip:1000@sip.example.com</a>>.</div>
<div>Contact: <<a moz-do-not-send="true"
href="mailto:sip%3A5148392007@10.147.23.144"
target="_blank">sip:5148392007@10.147.23.144</a>>.</div>
<div><br>
</div>
<div> And therefore not the most secure place
to look when performing security critical
tasks.</div>
<div>(i.e., who is attempting to make/place a
call)</div>
<div><br>
</div>
<div>Not sure what this part of the SIP packet
is called:</div>
<div><br>
</div>
<div>U 2013/04/09 11:27:33.449280 <a
moz-do-not-send="true"
href="http://69.147.236.82:5060"
target="_blank">69.147.236.82:5060</a>
-> <a moz-do-not-send="true"
href="http://192.168.2.5:5060"
target="_blank">192.168.2.5:5060</a><br>
</div>
<div><br>
</div>
<div> But it seems like a safe place to look
since it looks like it's generated on our
side. If so, what OpenSIPS variables return </div>
<div><br>
</div>
<div>Source: <a moz-do-not-send="true"
href="http://10.147.23.144:5060"
target="_blank">10.147.23.144:5060</a> and
Destination: <a moz-do-not-send="true"
href="http://192.168.2.5:5060"
target="_blank">192.168.2.5:5060</a></div>
<div><br>
</div>
<div>Would src_ip and dst_ip be the best place
to start? As for dst_ip it will always be
the address</div>
<div>of the interface that receives the
traffic however, what about interfaces that
are behind a nat (i.e., public/private ips).</div>
<div><br>
</div>
<div>Maybe the Via info is safer to process in
cases where the caller/callee is going
through</div>
<div>a sexy little proxy like OpenSIPS? ;)</div>
<div><br>
</div>
</div>
<div>Via:
SIP/2.0/UDP 10.147.23.144:5060;branch=z9hG4bK5027614e;rport.<br>
</div>
<div><br>
</div>
<div>Your Insights are greatly appreciated,</div>
<div><br>
</div>
<div>Nick</div>
</div>
</div>
</div>
<pre><fieldset></fieldset>
_______________________________________________
Users mailing list
<a moz-do-not-send="true" href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a moz-do-not-send="true" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</div>
</blockquote>
</div>
<br>
</div>
<div class="gmail_extra">Hello Bogdan,<br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">I hope all is well, and thank you for
your response :). We are interested in the <span
style="font-family: monospace;">IP level info. I am assuming
that info is this stuff here:</span><br>
</div>
<div class="gmail_extra"><span style="color: rgb(80, 0, 80);"><br>
</span></div>
<div class="gmail_extra"><span style="color: rgb(80, 0, 80);">U
2013/04/09 11:27:33.449280 </span><a moz-do-not-send="true"
href="http://69.147.236.82:5060/" target="_blank">69.147.236.82:5060</a><span
style="color: rgb(80, 0, 80);"> </span><span style="color:
rgb(80, 0, 80);">-></span><span style="color: rgb(80, 0,
80);"> </span><a moz-do-not-send="true"
href="http://192.168.2.5:5060/" target="_blank">192.168.2.5:5060</a></div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra" style="">If so, what variables (avp...)
do we have at our disposal for this info. Is it src_ip and
dst_ip? Is there anything else?</div>
<div class="gmail_extra" style="">
<br>
</div>
<div class="gmail_extra" style="">N.</div>
<div class="gmail_extra"><span style="font-family: monospace;"><br>
</span></div>
</div>
</blockquote>
</body>
</html>