/*
* Processing.
*
*/
int PLUGIN_PROCESS(int stage, sip_ticket_t *ticket){
/* stage contains the PLUGIN_* value - the stage of SIP processing. */
int type;
osip_via_t *via;
struct sockaddr_in from;
type = ticket->direction;
/* Incoming SIP message? */
DEBUGC(DBCLASS_PLUGIN, "plugin_fix_bogus_via: type=%i", type);
if (type == REQTYP_INCOMING) {
if((via = osip_list_get(&(ticket->sipmsg->vias), 0)) == NULL) {
WARN("no Via header found in incoming SIP message");
return STS_SUCCESS;
}
get_ip_by_host(via->host, &(from.sin_addr));
/* check for Via IP in configured range */
if ((plugin_cfg.networks != NULL) &&
(strcmp(plugin_cfg.networks, "") !=0) &&
(process_aclist(plugin_cfg.networks, from) == STS_SUCCESS)) {
/* is in list, patch Via header with received from IP */
DEBUGC(DBCLASS_PLUGIN, "plugin_fix_bogus_via: replacing a bogus via");
if (sip_patch_topvia(ticket) == STS_FAILURE) {
ERROR("patching inbound Via failed!");
}
}
}
return STS_SUCCESS;
}
/*
* SIP_GEN_RESPONSE
*
* send an proxy generated response back to the client.
* Only errors are reported from the proxy itself.
* code = SIP result code to deliver
*
* RETURNS
* STS_SUCCESS on success
* STS_FAILURE on error
*/
int sip_gen_response(sip_ticket_t *ticket, int code) {
osip_message_t *response;
int sts;
osip_via_t *via;
int port;
char *buffer;
size_t buflen;
struct in_addr addr;
/* create the response template */
if ((response=msg_make_template_reply(ticket, code))==NULL) {
ERROR("sip_gen_response: error in msg_make_template_reply");
return STS_FAILURE;
}
/* we must check if first via has x.x.x.x address. If not, we must resolve it */
osip_message_get_via (response, 0, &via);
if (via == NULL)
{
ERROR("sip_gen_response: Cannot send response - no via field");
return STS_FAILURE;
}
/* name resolution */
if (utils_inet_aton(via->host, &addr) == 0)
{
/* need name resolution */
DEBUGC(DBCLASS_DNS,"resolving name:%s",via->host);
sts = get_ip_by_host(via->host, &addr);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "sip_gen_response: cannot resolve via [%s]",
via->host);
return STS_FAILURE;
}
}
sts = sip_message_to_str(response, &buffer, &buflen);
if (sts != 0) {
ERROR("sip_gen_response: msg_2char failed");
return STS_FAILURE;
}
if (via->port) {
port=atoi(via->port);
} else {
port=SIP_PORT;
}
/* send to destination */
sipsock_send(addr, port, ticket->protocol, buffer, buflen);
/* free the resources */
osip_message_free(response);
osip_free(buffer);
return STS_SUCCESS;
}
/*
* Secure enviroment:
* If running as root, put myself into a chroot jail and
* change UID/GID to user as requested in config file
*/
void secure_enviroment (void) {
int sts;
struct passwd *passwd=NULL;
DEBUGC(DBCLASS_CONFIG,"running w/uid=%i, euid=%i, gid=%i, egid=%i",
(int)getuid(), (int)geteuid(), (int)getgid(), (int)getegid());
if ((getuid()==0) || (geteuid()==0)) {
/*
* preparation - after chrooting there will be NOTHING more around
*/
if (configuration.user) passwd=getpwnam(configuration.user);
/*
* change root directory into chroot jail
*/
if (configuration.chrootjail) {
/* !!!
* Before chrooting I must at least once trigger the resolver
* as it loads some dynamic libraries. Once chrootet
* these libraries will *not* be found and gethostbyname()
* calls will simply fail (return NULL pointer and h_errno=0).
* Also (at least for FreeBSD) syslog() needs to be called
* before chroot()ing - this is done in main() by an INFO().
* Took me a while to figure THIS one out
*/
struct in_addr dummy;
get_ip_by_host("localhost", &dummy);
DEBUGC(DBCLASS_CONFIG,"chrooting to %s",
configuration.chrootjail);
sts = chroot(configuration.chrootjail);
if (sts != 0) DEBUGC(DBCLASS_CONFIG,"chroot(%s) failed: %s",
configuration.chrootjail, strerror(errno));
sts=chdir("/");
}
/*
* change user ID and group ID
*/
if (passwd) {
DEBUGC(DBCLASS_CONFIG,"changing uid/gid to %s",
configuration.user);
sts = setgid(passwd->pw_gid);
DEBUGC(DBCLASS_CONFIG,"changed gid to %i - %s",
(int)passwd->pw_gid, (sts==0)?"Ok":"Failed");
sts = setegid(passwd->pw_gid);
DEBUGC(DBCLASS_CONFIG,"changed egid to %i - %s",
(int)passwd->pw_gid, (sts==0)?"Ok":"Failed");
sts = seteuid(passwd->pw_uid);
DEBUGC(DBCLASS_CONFIG,"changed euid to %i - %s",
(int)passwd->pw_uid, (sts==0)?"Ok":"Failed");
}
}
}
/*
* check if a given request is addressed to local. I.e. it is addressed
* to the proxy itself (IP of my inbound or outbound interface, same port)
*
* RETURNS
* STS_TRUE if the request is addressed local
* STS_FALSE otherwise
*/
int is_sipuri_local (sip_ticket_t *ticket) {
osip_message_t *sip=ticket->sipmsg;
int found;
struct in_addr addr_uri, addr_myself;
int port;
int i;
if (sip==NULL) {
ERROR("called is_sipuri_local with NULL sip");
return STS_FALSE;
}
if (!sip || !sip->req_uri) {
ERROR("is_sipuri_local: no request URI present");
return STS_FALSE;
}
DEBUGC(DBCLASS_DNS,"check for local SIP URI %s:%s",
sip->req_uri->host? sip->req_uri->host : "*NULL*",
sip->req_uri->port? sip->req_uri->port : "*NULL*");
if (utils_inet_aton(sip->req_uri->host, &addr_uri) == 0) {
/* need name resolution */
get_ip_by_host(sip->req_uri->host, &addr_uri);
}
found=0;
for (i=0; i<2; i++) {
/*
* search my in/outbound interfaces
*/
DEBUGC(DBCLASS_BABBLE,"resolving IP of interface %s",
(i==IF_INBOUND)? "inbound":"outbound");
if (get_interface_ip(i, &addr_myself) != STS_SUCCESS) {
continue;
}
/* check the extracted HOST against my own host addresses */
if (sip->req_uri->port) {
port=atoi(sip->req_uri->port);
} else {
port=SIP_PORT;
}
if ( (memcmp(&addr_myself, &addr_uri, sizeof(addr_myself))==0) &&
(port == configuration.sip_listen_port) ) {
DEBUG("address match [%s]", utils_inet_ntoa(addr_uri));
found=1;
break;
}
}
DEBUGC(DBCLASS_DNS, "SIP URI is %slocal", found? "":"not ");
return (found)? STS_TRUE : STS_FALSE;
}
/*
* check if a given osip_via_t is local. I.e. its address is owned
* by my inbound or outbound interface
*
* RETURNS
* STS_TRUE if the given VIA is one of my interfaces
* STS_FALSE otherwise
*/
int is_via_local (osip_via_t *via) {
int sts, found;
struct in_addr addr_via, addr_myself;
int port;
int i;
if (via==NULL) {
ERROR("called is_via_local with NULL via");
return STS_FALSE;
}
DEBUGC(DBCLASS_BABBLE,"via name %s",via->host);
if (utils_inet_aton(via->host,&addr_via) == 0) {
/* need name resolution */
sts=get_ip_by_host(via->host, &addr_via);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_DNS, "is_via_local: cannot resolve VIA [%s]",
via->host);
return STS_FAILURE;
}
}
found=0;
for (i=0; i<2; i++) {
/*
* search my in/outbound interfaces
*/
DEBUGC(DBCLASS_BABBLE,"resolving IP of interface %s",
(i==IF_INBOUND)? "inbound":"outbound");
if (get_interface_ip(i, &addr_myself) != STS_SUCCESS) {
continue;
}
/* check the extracted VIA against my own host addresses */
if (via->port) port=atoi(via->port);
else port=SIP_PORT;
if ( (memcmp(&addr_myself, &addr_via, sizeof(addr_myself))==0) &&
(port == configuration.sip_listen_port) ) {
DEBUG("got address match [%s]", utils_inet_ntoa(addr_via));
found=1;
break;
}
}
return (found)? STS_TRUE : STS_FALSE;
}
/*
* get_interface_ip:
* fetches own IP address by interface INBOUND/OUTBOUND
* takes into account a possible outbound_host setting.
*
* STS_SUCCESS on returning a valid IP and interface is UP
* STS_FAILURE if interface is DOWN or other problem
*/
int get_interface_ip(int interface, struct in_addr *retaddr) {
int sts=STS_FAILURE;
if ((interface == IF_OUTBOUND) &&
(configuration.outbound_host) &&
(strcmp(configuration.outbound_host, "")!=0)) {
DEBUGC(DBCLASS_DNS, "fetching outbound IP by HOSTNAME");
if (retaddr) {
sts = get_ip_by_host(configuration.outbound_host, retaddr);
} else {
sts = STS_SUCCESS;
}
} else {
sts = get_interface_real_ip(interface, retaddr);
}
return sts;
}
static int stun_send_request(char *tid){
struct in_addr addr;
int sts;
char stun_rq[28]; /*&&& testing */
size_t size=28;
/* name resolution */
if (utils_inet_aton(plugin_cfg.server, &addr) == 0)
{
/* need name resolution */
DEBUGC(DBCLASS_DNS,"resolving name:%s", plugin_cfg.server);
sts = get_ip_by_host(plugin_cfg.server, &addr);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_DNS, "stun_send_request: cannot resolve STUN server [%s]",
plugin_cfg.server);
return STS_FAILURE;
}
}
/* compose STUN BIND request - poor mans way */
stun_rq[0]=0x00; // type
stun_rq[1]=0x01;
stun_rq[2]=0x00; // length
stun_rq[3]=0x08;
memcpy (&stun_rq[4], tid, STUN_TID_SIZE);
stun_rq[20]=0x00; // ATTR change request
stun_rq[21]=0x03;
stun_rq[22]=0x00; // ATTR len 4
stun_rq[23]=0x04;
stun_rq[24]=0x00; // Change IP not set, Change port not set
stun_rq[25]=0x00;
stun_rq[26]=0x00;
stun_rq[27]=0x00;
/* and send via the SIP UDP port */
sts = sipsock_send(addr, plugin_cfg.port, PROTO_UDP, stun_rq, size);
return STS_SUCCESS;
}
int main (int argc, char *argv[])
{
int sts;
int i;
int buflen;
int access;
char buff [BUFFER_SIZE];
sip_ticket_t ticket;
extern char *optarg; /* Defined in libc getopt and unistd.h */
int ch1;
char configfile[64]="siproxd"; /* basename of configfile */
int config_search=1; /* search the config file */
int cmdline_debuglevel=0;
char *pidfilename=NULL;
struct sigaction act;
log_set_stderr(1);
/*
* setup signal handlers
*/
act.sa_handler=sighandler;
sigemptyset(&act.sa_mask);
act.sa_flags=SA_RESTART;
if (sigaction(SIGTERM, &act, NULL)) {
ERROR("Failed to install SIGTERM handler");
}
if (sigaction(SIGINT, &act, NULL)) {
ERROR("Failed to install SIGINT handler");
}
if (sigaction(SIGUSR2, &act, NULL)) {
ERROR("Failed to install SIGUSR2 handler");
}
/*
* prepare default configuration
*/
make_default_config();
log_set_pattern(configuration.debuglevel);
/*
* parse command line
*/
{
#ifdef HAVE_GETOPT_LONG
int option_index = 0;
static struct option long_options[] = {
{"help", no_argument, NULL, 'h'},
{"config", required_argument, NULL, 'c'},
{"debug", required_argument, NULL, 'd'},
{"pid-file", required_argument, NULL,'p'},
{0,0,0,0}
};
while ((ch1 = getopt_long(argc, argv, "hc:d:p:",
long_options, &option_index)) != -1) {
#else /* ! HAVE_GETOPT_LONG */
while ((ch1 = getopt(argc, argv, "hc:d:p:")) != -1) {
#endif
switch (ch1) {
case 'h': /* help */
DEBUGC(DBCLASS_CONFIG,"option: help");
fprintf(stderr,str_helpmsg);
exit(0);
break;
case 'c': /* load config file */
DEBUGC(DBCLASS_CONFIG,"option: config file=%s",optarg);
i=sizeof(configfile)-1;
strncpy(configfile,optarg,i-1);
configfile[i]='\0';
config_search=0;
break;
case 'd': /* set debug level */
DEBUGC(DBCLASS_CONFIG,"option: set debug level: %s",optarg);
cmdline_debuglevel=atoi(optarg);
log_set_pattern(cmdline_debuglevel);
break;
case 'p':
pidfilename = optarg;
break;
default:
DEBUGC(DBCLASS_CONFIG,"no command line options");
break;
}
}
}
/*
* Init stuff
*/
INFO(PACKAGE"-"VERSION"-"BUILDSTR" "UNAME" starting up");
/* read the config file */
if (read_config(configfile, config_search) == STS_FAILURE) exit(1);
/* if a debug level > 0 has been given on the commandline use its
value and not what is in the config file */
if (cmdline_debuglevel != 0) {
configuration.debuglevel=cmdline_debuglevel;
}
/*
* open a the pwfile instance, so we still have access after
* we possibly have chroot()ed to somewhere.
*/
if (configuration.proxy_auth_pwfile) {
siproxd_passwordfile = fopen(configuration.proxy_auth_pwfile, "r");
} else {
siproxd_passwordfile = NULL;
}
/* set debug level as desired */
log_set_pattern(configuration.debuglevel);
log_set_listen_port(configuration.debugport);
/* change user and group IDs */
secure_enviroment();
/* daemonize if requested to */
if (configuration.daemonize) {
DEBUGC(DBCLASS_CONFIG,"daemonizing");
if (fork()!=0) exit(0);
setsid();
if (fork()!=0) exit(0);
log_set_stderr(0);
INFO("daemonized, pid=%i", getpid());
}
/* write PID file of main thread */
if (pidfilename == NULL) pidfilename = configuration.pid_file;
if (pidfilename) {
FILE *pidfile;
DEBUGC(DBCLASS_CONFIG,"creating PID file [%s]", pidfilename);
sts=unlink(configuration.pid_file);
if ((sts==0) ||(errno == ENOENT)) {
if ((pidfile=fopen(pidfilename, "w"))) {
fprintf(pidfile,"%i\n",(int)getpid());
fclose(pidfile);
} else {
WARN("couldn't create new PID file: %s", strerror(errno));
}
} else {
WARN("couldn't delete old PID file: %s", strerror(errno));
}
}
/* initialize the RTP proxy */
sts=rtpproxy_init();
if (sts != STS_SUCCESS) {
ERROR("unable to initialize RTP proxy - aborting");
exit(1);
}
/* init the oSIP parser */
parser_init();
/* listen for incoming messages */
sts=sipsock_listen();
if (sts == STS_FAILURE) {
/* failure to allocate SIP socket... */
ERROR("unable to bind to SIP listening socket - aborting");
exit(1);
}
/* initialize the registration facility */
register_init();
/*
* silence the log - if so required...
*/
log_set_silence(configuration.silence_log);
INFO(PACKAGE"-"VERSION"-"BUILDSTR" "UNAME" started");
/*****************************
* Main loop
*****************************/
while (!exit_program) {
DEBUGC(DBCLASS_BABBLE,"going into sipsock_wait\n");
while (sipsock_wait()<=0) {
/* got no input, here by timeout. do aging */
register_agemap();
/* TCP log: check for a connection */
log_tcp_connect();
/* dump memory stats if requested to do so */
if (dmalloc_dump) {
dmalloc_dump=0;
#ifdef DMALLOC
INFO("SIGUSR2 - DMALLOC statistics is dumped");
dmalloc_log_stats();
dmalloc_log_unfreed();
#else
INFO("SIGUSR2 - DMALLOC support is not compiled in");
#endif
}
if (exit_program) goto exit_prg;
}
/*
* got input, process
*/
DEBUGC(DBCLASS_BABBLE,"back from sipsock_wait");
ticket.direction=0;
buflen=sipsock_read(&buff, sizeof(buff)-1, &ticket.from,
&ticket.protocol);
buff[buflen]='\0';
/*
* evaluate the access lists (IP based filter)
*/
access=accesslist_check(ticket.from);
if (access == 0) {
DEBUGC(DBCLASS_ACCESS,"access for this packet was denied");
continue; /* there are no resources to free */
}
/*
* integrity checks
*/
sts=security_check_raw(buff, buflen);
if (sts != STS_SUCCESS) {
DEBUGC(DBCLASS_SIP,"security check (raw) failed");
continue; /* there are no resources to free */
}
/*
* init sip_msg
*/
sts=osip_message_init(&ticket.sipmsg);
ticket.sipmsg->message=NULL;
if (sts != 0) {
ERROR("osip_message_init() failed... this is not good");
continue; /* skip, there are no resources to free */
}
/*
* RFC 3261, Section 16.3 step 1
* Proxy Behavior - Request Validation - Reasonable Syntax
* (parse the received message)
*/
sts=sip_message_parse(ticket.sipmsg, buff, buflen);
if (sts != 0) {
ERROR("sip_message_parse() failed... this is not good");
DUMP_BUFFER(-1, buff, buflen);
goto end_loop; /* skip and free resources */
}
/*
* integrity checks - parsed buffer
*/
sts=security_check_sip(&ticket);
if (sts != STS_SUCCESS) {
ERROR("security_check_sip() failed... this is not good");
DUMP_BUFFER(-1, buff, buflen);
goto end_loop; /* skip and free resources */
}
/*
* RFC 3261, Section 16.3 step 2
* Proxy Behavior - Request Validation - URI scheme
* (check request URI and refuse with 416 if not understood)
*/
/* NOT IMPLEMENTED */
/*
* RFC 3261, Section 16.3 step 3
* Proxy Behavior - Request Validation - Max-Forwards check
* (check Max-Forwards header and refuse with 483 if too many hops)
*/
{
osip_header_t *max_forwards;
int forwards_count = DEFAULT_MAXFWD;
osip_message_get_max_forwards(ticket.sipmsg, 0, &max_forwards);
if (max_forwards && max_forwards->hvalue) {
forwards_count = atoi(max_forwards->hvalue);
}
DEBUGC(DBCLASS_PROXY,"checking Max-Forwards (=%i)",forwards_count);
if (forwards_count <= 0) {
DEBUGC(DBCLASS_SIP, "Forward count reached 0 -> 483 response");
sip_gen_response(&ticket, 483 /*Too many hops*/);
goto end_loop; /* skip and free resources */
}
}
/*
* RFC 3261, Section 16.3 step 4
* Proxy Behavior - Request Validation - Loop Detection check
* (check for loop and return 482 if a loop is detected)
*/
if (check_vialoop(&ticket) == STS_TRUE) {
/* make sure we don't end up in endless loop when detecting
* an loop in an "loop detected" message - brrr */
if (MSG_IS_RESPONSE(ticket.sipmsg) &&
MSG_TEST_CODE(ticket.sipmsg, 482)) {
DEBUGC(DBCLASS_SIP,"loop in loop-response detected, ignoring");
} else {
DEBUGC(DBCLASS_SIP,"via loop detected, ignoring request");
sip_gen_response(&ticket, 482 /*Loop detected*/);
}
goto end_loop; /* skip and free resources */
}
/*
* RFC 3261, Section 16.3 step 5
* Proxy Behavior - Request Validation - Proxy-Require check
* (check Proxy-Require header and return 420 if unsupported option)
*/
/* NOT IMPLEMENTED */
/*
* RFC 3261, Section 16.5
* Proxy Behavior - Determining Request Targets
*/
/* NOT IMPLEMENTED */
DEBUGC(DBCLASS_SIP,"received SIP type %s:%s",
(MSG_IS_REQUEST(ticket.sipmsg))? "REQ" : "RES",
(MSG_IS_REQUEST(ticket.sipmsg) ?
((ticket.sipmsg->sip_method)?
ticket.sipmsg->sip_method : "NULL") :
((ticket.sipmsg->reason_phrase) ?
ticket.sipmsg->reason_phrase : "NULL")));
/*********************************
* The message did pass all the
* tests above and is now ready
* to be proxied.
* Before we do so, we apply some
* additional preprocessing
*********************************/
/* Dial shortcuts */
if (configuration.pi_shortdial) {
sts = plugin_shortdial(&ticket);
if (sts == STS_SIP_SENT) goto end_loop;
}
/*********************************
* finally proxy the message.
* This includes the masquerading
* of the local UA and starting/
* stopping the RTP proxy for this
* call
*********************************/
/*
* if a REQ REGISTER, check if it is directed to myself,
* or am I just the outbound proxy but no registrar.
* - If I'm the registrar, register & generate answer
* - If I'm just the outbound proxy, register, rewrite & forward
*/
if (MSG_IS_REGISTER(ticket.sipmsg) &&
MSG_IS_REQUEST(ticket.sipmsg)) {
if (access & ACCESSCTL_REG) {
osip_uri_t *url;
struct in_addr addr1, addr2, addr3;
int dest_port;
url = osip_message_get_uri(ticket.sipmsg);
dest_port= (url->port)?atoi(url->port):SIP_PORT;
if ( (get_ip_by_host(url->host, &addr1) == STS_SUCCESS) &&
(get_interface_ip(IF_INBOUND,&addr2) == STS_SUCCESS) &&
(get_interface_ip(IF_OUTBOUND,&addr3) == STS_SUCCESS)) {
if ((configuration.sip_listen_port == dest_port) &&
((memcmp(&addr1, &addr2, sizeof(addr1)) == 0) ||
(memcmp(&addr1, &addr3, sizeof(addr1)) == 0))) {
/* I'm the registrar, send response myself */
sts = register_client(&ticket, 0);
sts = register_response(&ticket, sts);
} else {
/* I'm just the outbound proxy */
DEBUGC(DBCLASS_SIP,"proxying REGISTER request to:%s",
url->host);
sts = register_client(&ticket, 1);
if (sts == STS_SUCCESS) {
sts = proxy_request(&ticket);
}
}
} else {
sip_gen_response(&ticket, 408 /*request timeout*/);
}
} else {
WARN("non-authorized registration attempt from %s",
utils_inet_ntoa(ticket.from.sin_addr));
}
/*
* check if outbound interface is UP.
* If not, send back error to UA and
* skip any proxying attempt
*/
} else if (get_interface_ip(IF_OUTBOUND,NULL) !=
STS_SUCCESS) {
DEBUGC(DBCLASS_SIP, "got a %s to proxy, but outbound interface "
"is down", (MSG_IS_REQUEST(ticket.sipmsg))? "REQ" : "RES");
if (MSG_IS_REQUEST(ticket.sipmsg))
sip_gen_response(&ticket, 408 /*request timeout*/);
/*
* MSG is a request, add current via entry,
* do a lookup in the URLMAP table and
* send to the final destination
*/
} else if (MSG_IS_REQUEST(ticket.sipmsg)) {
if (access & ACCESSCTL_SIP) {
sts = proxy_request(&ticket);
} else {
INFO("non-authorized request received from %s",
utils_inet_ntoa(ticket.from.sin_addr));
}
/*
* MSG is a response, remove current via and
* send to the next VIA in chain
*/
} else if (MSG_IS_RESPONSE(ticket.sipmsg)) {
if (access & ACCESSCTL_SIP) {
sts = proxy_response(&ticket);
} else {
INFO("non-authorized response received from %s",
utils_inet_ntoa(ticket.from.sin_addr));
}
/*
* unsupported message
*/
} else {
ERROR("received unsupported SIP type %s %s",
(MSG_IS_REQUEST(ticket.sipmsg))? "REQ" : "RES",
ticket.sipmsg->sip_method);
}
/*********************************
* Done with proxying. Message
* has been sent to its destination.
*********************************/
/*
* free the SIP message buffers
*/
end_loop:
osip_message_free(ticket.sipmsg);
} /* while TRUE */
exit_prg:
/* save current known SIP registrations */
register_save();
INFO("properly terminating siproxd");
/* remove PID file */
if (pidfilename) {
DEBUGC(DBCLASS_CONFIG,"deleting PID file [%s]", pidfilename);
sts=unlink(pidfilename);
if (sts != 0) {
WARN("couldn't delete old PID file: %s", strerror(errno));
}
}
/* END */
return 0;
} /* main */
/*
* Signal handler
*
* this one is called asynchronously whevener a registered
* signal is applied. Just set a flag and don't do any funny
* things here.
*/
static void sighandler(int sig) {
if (sig==SIGTERM) exit_program=1;
if (sig==SIGINT) exit_program=1;
if (sig==SIGUSR2) dmalloc_dump=1;
return;
}
/*
* SIP_IS_OUTGOING
*
* Figures out if this is an outgoing or incoming request/response.
* The direction is stored in the ticket->direction property.
*
* RETURNS
* STS_SUCCESS on success
* STS_FAILURE if unable to determine
*/
int sip_find_direction(sip_ticket_t *ticket, int *urlidx) {
int type;
int i, sts;
struct sockaddr_in *from;
osip_message_t *request;
osip_message_t *response;
from=&ticket->from;
request=ticket->sipmsg;
response=ticket->sipmsg;
type = 0;
ticket->direction = 0;
/*
* did I receive the telegram from a REGISTERED host?
* -> it must be an OUTGOING request
*/
for (i=0; i<URLMAP_SIZE; i++) {
struct in_addr tmp_addr;
if (urlmap[i].active == 0) continue;
if (get_ip_by_host(urlmap[i].true_url->host, &tmp_addr) == STS_FAILURE) {
DEBUGC(DBCLASS_SIP, "sip_find_direction: cannot resolve host [%s]",
urlmap[i].true_url->host);
} else {
DEBUGC(DBCLASS_SIP, "sip_find_direction: reghost:%s ip:%s",
urlmap[i].true_url->host, utils_inet_ntoa(from->sin_addr));
if (memcmp(&tmp_addr, &from->sin_addr, sizeof(tmp_addr)) == 0) {
if (MSG_IS_REQUEST(ticket->sipmsg)) {
type=REQTYP_OUTGOING;
} else {
type=RESTYP_OUTGOING;
}
break;
}
}
}
/*
* is the telegram directed to an internally registered host?
* -> it must be an INCOMING request
*/
if (type == 0) {
for (i=0; i<URLMAP_SIZE; i++) {
if (urlmap[i].active == 0) continue;
/* RFC3261:
* 'To' contains a display name (Bob) and a SIP or SIPS URI
* (sip:[email protected]) towards which the request was originally
* directed. Display names are described in RFC 2822 [3].
*/
/* So this means, that we must check the SIP URI supplied with the
* INVITE method, as this points to the real wanted target.
* Q: does there exist a situation where the SIP URI itself does
* point to "somewhere" but the To: points to the correct UA?
* So for now, we just look at both of them (SIP URI and To: header)
*/
if (MSG_IS_REQUEST(ticket->sipmsg)) {
/* REQUEST */
/* incoming request (SIP URI == 'masq') || ((SIP URI == 'reg') && !REGISTER)*/
if ((compare_url(request->req_uri, urlmap[i].masq_url)==STS_SUCCESS) ||
(!MSG_IS_REGISTER(request) &&
(compare_url(request->req_uri, urlmap[i].reg_url)==STS_SUCCESS))) {
type=REQTYP_INCOMING;
break;
}
/* incoming request ('to' == 'masq') || (('to' == 'reg') && !REGISTER)*/
if ((compare_url(request->to->url, urlmap[i].masq_url)==STS_SUCCESS) ||
(!MSG_IS_REGISTER(request) &&
(compare_url(request->to->url, urlmap[i].reg_url)==STS_SUCCESS))) {
type=REQTYP_INCOMING;
break;
}
} else {
/* RESPONSE */
/* incoming response ('from' == 'masq') || ('from' == 'reg') */
if ((compare_url(response->from->url, urlmap[i].reg_url)==STS_SUCCESS) ||
(compare_url(response->from->url, urlmap[i].masq_url)==STS_SUCCESS)) {
type=RESTYP_INCOMING;
break;
}
} /* is request */
} /* for i */
} /* if type == 0 */
if (MSG_IS_RESPONSE(ticket->sipmsg)) {
/* &&&& Open Issue &&&&
it has been seen with cross-provider calls that the FROM may be 'garbled'
(e.g [email protected] for calls made sipphone -> FWD)
How can we deal with this? Should I take into consideration the 'Via'
headers? This is the only clue I have, pointing to the *real* UA.
Maybe I should put in a 'siproxd' ftag value to recognize it as a header
inserted by myself
*/
if ((type == 0) && (!osip_list_eol(response->vias, 0))) {
osip_via_t *via;
struct in_addr addr_via, addr_myself;
int port_via, port_ua;
/* get the via address */
via = (osip_via_t *) osip_list_get (response->vias, 0);
DEBUGC(DBCLASS_SIP, "sip_find_direction: check via [%s] for "
"registered UA",via->host);
sts=get_ip_by_host(via->host, &addr_via);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_SIP, "sip_find_direction: cannot resolve VIA [%s]",
via->host);
} else {
for (i=0; i<URLMAP_SIZE; i++) {
if (urlmap[i].active == 0) continue;
/* incoming response (1st via in list points to a registered UA) */
sts=get_ip_by_host(urlmap[i].true_url->host, &addr_myself);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_SIP, "sip_find_direction: cannot resolve "
"true_url [%s]", via->host);
continue;
}
port_via=0;
if (via->port) port_via=atoi(via->port);
if (port_via <= 0) port_via=SIP_PORT;
port_ua=0;
if (urlmap[i].true_url->port)
port_ua=atoi(urlmap[i].true_url->port);
if (port_ua <= 0) port_ua=SIP_PORT;
DEBUGC(DBCLASS_SIP, "sip_find_direction: checking for registered "
"host [%s:%i] <-> [%s:%i]",
urlmap[i].true_url->host, port_ua,
via->host, port_via);
if ((memcmp(&addr_myself, &addr_via, sizeof(addr_myself))==0) &&
(port_via == port_ua)) {
type=RESTYP_INCOMING;
break;
}
} /* for i */
}
} /* if type == 0 */
} /* is response */
if (type == 0) {
DEBUGC(DBCLASS_SIP, "sip_find_direction: unable to determine "
"direction of SIP packet");
return STS_FAILURE;
}
ticket->direction=type;
if (urlidx) *urlidx=i;
return STS_SUCCESS;
}
/*
* send answer to a registration request.
* flag = STS_SUCCESS -> positive answer (200)
* flag = STS_FAILURE -> negative answer (503)
* flag = STS_NEED_AUTH -> proxy authentication needed (407)
*
* RETURNS
* STS_SUCCESS on success
* STS_FAILURE on error
*/
int register_response(sip_ticket_t *ticket, int flag) {
osip_message_t *response;
int code;
int sts;
osip_via_t *via;
int port;
char *buffer;
size_t buflen;
struct in_addr addr;
osip_header_t *expires_hdr;
/* ok -> 200, fail -> 503 */
switch (flag) {
case STS_SUCCESS:
code = 200; /* OK */
break;
case STS_FAILURE:
code = 503; /* failed */
break;
case STS_NEED_AUTH:
code = 407; /* proxy authentication needed */
break;
default:
code = 503; /* failed */
break;
}
/* create the response template */
if ((response=msg_make_template_reply(ticket, code))==NULL) {
ERROR("register_response: error in msg_make_template_reply");
return STS_FAILURE;
}
/* insert the expiration header */
osip_message_get_expires(ticket->sipmsg, 0, &expires_hdr);
if (expires_hdr) {
osip_message_set_expires(response, expires_hdr->hvalue);
}
/* if we send back an proxy authentication needed,
include the Proxy-Authenticate field */
if (code == 407) {
auth_include_authrq(response);
}
/* get the IP address from existing VIA header */
osip_message_get_via (response, 0, &via);
if (via == NULL) {
ERROR("register_response: Cannot send response - no via field");
return STS_FAILURE;
}
/* name resolution needed? */
if (utils_inet_aton(via->host,&addr) == 0) {
/* yes, get IP address */
sts = get_ip_by_host(via->host, &addr);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_REG, "register_response: cannot resolve VIA [%s]",
via->host);
return STS_FAILURE;
}
}
sts = sip_message_to_str(response, &buffer, &buflen);
if (sts != 0) {
ERROR("register_response: msg_2char failed");
return STS_FAILURE;
}
/* send answer back */
if (via->port) {
port=atoi(via->port);
if ((port<=0) || (port>65535)) port=SIP_PORT;
} else {
port=configuration.sip_listen_port;
}
sipsock_send(addr, port, ticket->protocol, buffer, buflen);
/* free the resources */
osip_message_free(response);
free(buffer);
return STS_SUCCESS;
}
/*
* PROXY_REWRITE_INVITATION_BODY
*
* rewrites the outgoing INVITATION request or response packet
*
* RETURNS
* STS_SUCCESS on success
* STS_FAILURE on error
*/
int proxy_rewrite_invitation_body(osip_message_t *mymsg, int direction){
osip_body_t *body;
sdp_message_t *sdp;
struct in_addr map_addr, addr_sess, addr_media, outside_addr, inside_addr;
int sts;
char *bodybuff;
int bodybuflen;
char clen[8]; /* content length: probably never more than 7 digits !*/
int map_port, msg_port;
int media_stream_no;
sdp_connection_t *sdp_conn;
sdp_media_t *sdp_med;
int rtp_direction=0;
int have_c_media=0;
if (configuration.rtp_proxy_enable == 0) return STS_SUCCESS;
/*
* get SDP structure
*/
sts = osip_message_get_body(mymsg, 0, &body);
if (sts != 0) {
#if 0
if ((MSG_IS_RESPONSE_FOR(mymsg,"INVITE")) &&
(MSG_IS_STATUS_1XX(mymsg))) {
/* 1xx responses *MAY* contain SDP data */
DEBUGC(DBCLASS_PROXY, "rewrite_invitation_body: "
"no body found in message");
return STS_SUCCESS;
} else {
/* INVITE request and 200 response *MUST* contain SDP data */
ERROR("rewrite_invitation_body: no body found in message");
return STS_FAILURE;
}
#else
DEBUGC(DBCLASS_PROXY, "rewrite_invitation_body: "
"no body found in message");
return STS_SUCCESS;
#endif
}
sts = sip_body_to_str(body, &bodybuff, &bodybuflen);
if (sts != 0) {
ERROR("rewrite_invitation_body: unable to sip_body_to_str");
}
sts = sdp_message_init(&sdp);
sts = sdp_message_parse (sdp, bodybuff);
if (sts != 0) {
ERROR("rewrite_invitation_body: unable to sdp_message_parse body");
DUMP_BUFFER(-1, bodybuff, bodybuflen);
osip_free(bodybuff);
sdp_message_free(sdp);
return STS_FAILURE;
}
osip_free(bodybuff);
if (configuration.debuglevel)
{ /* just dump the buffer */
char *tmp, *tmp2;
int tmplen;
sts = osip_message_get_body(mymsg, 0, &body);
sts = sip_body_to_str(body, &tmp, &tmplen);
osip_content_length_to_str(mymsg->content_length, &tmp2);
DEBUG("Body before rewrite (clen=%s, strlen=%i):\n%s\n----",
tmp2, tmplen, tmp);
osip_free(tmp);
osip_free(tmp2);
}
/*
* RTP proxy: get ready and start forwarding
* start forwarding for each media stream ('m=' item in SIP message)
*/
/* get outbound address */
if (get_interface_ip(IF_OUTBOUND, &outside_addr) != STS_SUCCESS) {
sdp_message_free(sdp);
return STS_FAILURE;
}
/* get inbound address */
if (get_interface_ip(IF_INBOUND, &inside_addr) != STS_SUCCESS) {
sdp_message_free(sdp);
return STS_FAILURE;
}
/* figure out what address to use for RTP masquerading */
if (MSG_IS_REQUEST(mymsg)) {
if (direction == DIR_INCOMING) {
memcpy(&map_addr, &inside_addr, sizeof (map_addr));
rtp_direction = DIR_OUTGOING;
} else {
memcpy(&map_addr, &outside_addr, sizeof (map_addr));
rtp_direction = DIR_INCOMING;
}
} else /* MSG_IS_REPONSE(mymsg) */ {
if (direction == DIR_INCOMING) {
memcpy(&map_addr, &inside_addr, sizeof (map_addr));
rtp_direction = DIR_OUTGOING;
} else {
memcpy(&map_addr, &outside_addr, sizeof (map_addr));
rtp_direction = DIR_INCOMING;
}
}
DEBUGC(DBCLASS_PROXY, "proxy_rewrite_invitation_body: SIP[%s %s] RTP[%s %s]",
MSG_IS_REQUEST(mymsg)? "RQ" : "RS",
(direction==DIR_INCOMING)? "IN" : "OUT",
(rtp_direction==DIR_INCOMING)? "IN" : "OUT",
utils_inet_ntoa(map_addr));
/*
* first, check presence of a 'c=' item on session level
*/
if (sdp->c_connection==NULL || sdp->c_connection->c_addr==NULL) {
/*
* No 'c=' on session level, search on media level now
*
* According to RFC2327, ALL media description must
* include a 'c=' item now:
*/
media_stream_no=0;
while (!sdp_message_endof_media(sdp, media_stream_no)) {
/* check if n'th media stream is present */
if (sdp_message_c_addr_get(sdp, media_stream_no, 0) == NULL) {
ERROR("SDP: have no 'c=' on session level and neither "
"on media level (media=%i)",media_stream_no);
sdp_message_free(sdp);
return STS_FAILURE;
}
media_stream_no++;
} /* while */
}
/* Required 'c=' items ARE present */
/*
* rewrite 'c=' item on session level if present and not yet done.
* remember the original address in addr_sess
*/
memset(&addr_sess, 0, sizeof(addr_sess));
if (sdp->c_connection && sdp->c_connection->c_addr) {
sts = get_ip_by_host(sdp->c_connection->c_addr, &addr_sess);
if (sts == STS_FAILURE) {
ERROR("SDP: cannot resolve session 'c=' host [%s]",
sdp->c_connection->c_addr);
sdp_message_free(sdp);
return STS_FAILURE;
}
/*
* Rewrite
* an IP address of 0.0.0.0 means *MUTE*, don't rewrite such
*/
if (strcmp(sdp->c_connection->c_addr, "0.0.0.0") != 0) {
osip_free(sdp->c_connection->c_addr);
sdp->c_connection->c_addr=osip_malloc(HOSTNAME_SIZE);
sprintf(sdp->c_connection->c_addr, "%s", utils_inet_ntoa(map_addr));
} else {
/* 0.0.0.0 - don't rewrite */
DEBUGC(DBCLASS_PROXY, "proxy_rewrite_invitation_body: "
"got a MUTE c= record (on session level - legal?)");
}
}
/*
* rewrite 'o=' item (originator) on session level if present.
*/
if (sdp->o_addrtype && sdp->o_addr) {
if (strcmp(sdp->o_addrtype, "IP4") != 0) {
ERROR("got IP6 in SDP originator - not yet suported by siproxd");
sdp_message_free(sdp);
return STS_FAILURE;
}
osip_free(sdp->o_addr);
sdp->o_addr=osip_malloc(HOSTNAME_SIZE);
sprintf(sdp->o_addr, "%s", utils_inet_ntoa(map_addr));
}
/*
* loop through all media descritions,
* start RTP proxy and rewrite them
*/
for (media_stream_no=0;;media_stream_no++) {
/* check if n'th media stream is present */
if (sdp_message_m_port_get(sdp, media_stream_no) == NULL) break;
/*
* check if a 'c=' item is present in this media description,
* if so -> rewrite it
*/
memset(&addr_media, 0, sizeof(addr_media));
have_c_media=0;
sdp_conn=sdp_message_connection_get(sdp, media_stream_no, 0);
if (sdp_conn && sdp_conn->c_addr) {
if (strcmp(sdp_conn->c_addr, "0.0.0.0") != 0) {
sts = get_ip_by_host(sdp_conn->c_addr, &addr_media);
have_c_media=1;
/* have a valid address */
osip_free(sdp_conn->c_addr);
sdp_conn->c_addr=osip_malloc(HOSTNAME_SIZE);
sprintf(sdp_conn->c_addr, "%s", utils_inet_ntoa(map_addr));
} else {
/* 0.0.0.0 - don't rewrite */
DEBUGC(DBCLASS_PROXY, "proxy_rewrite_invitation_body: got a "
"MUTE c= record (media level)");
}
}
/* start an RTP proxying stream */
if (sdp_message_m_port_get(sdp, media_stream_no)) {
msg_port=atoi(sdp_message_m_port_get(sdp, media_stream_no));
if (msg_port > 0) {
osip_uri_t *cont_url = NULL;
char *client_id=NULL;
/* try to get some additional UA specific unique ID.
* Try:
* 1) User part of Contact header
* 2) Host part of Contact header (will be different
* between internal UA and external UA)
*/
if (!osip_list_eol(mymsg->contacts, 0))
cont_url = ((osip_contact_t*)(mymsg->contacts->node->element))->url;
if (cont_url) {
client_id=cont_url->username;
if (client_id == NULL) client_id=cont_url->host;
}
/*
* do we have a 'c=' item on media level?
* if not, use the same as on session level
*/
if (have_c_media == 0) {
memcpy(&addr_media, &addr_sess, sizeof(addr_sess));
}
/*
* Am I running in front of the routing device? Then I cannot
* use the external IP to bind a listen socket to, so force
* the use of my inbound IP for listening.
*/
if ((rtp_direction == DIR_INCOMING) &&
(configuration.outbound_host) &&
(strcmp(configuration.outbound_host, "")!=0)) {
DEBUGC(DBCLASS_PROXY, "proxy_rewrite_invitation_body: "
"in-front-of-NAT-Router");
memcpy(&map_addr, &inside_addr, sizeof (map_addr));
}
sts = rtp_start_fwd(osip_message_get_call_id(mymsg),
client_id,
rtp_direction,
media_stream_no,
map_addr, &map_port,
addr_media, msg_port);
if (sts == STS_SUCCESS) {
/* and rewrite the port */
sdp_med=osip_list_get(sdp->m_medias, media_stream_no);
if (sdp_med && sdp_med->m_port) {
osip_free(sdp_med->m_port);
sdp_med->m_port=osip_malloc(8); /* 5 digits, \0 + align */
sprintf(sdp_med->m_port, "%i", map_port);
DEBUGC(DBCLASS_PROXY, "proxy_rewrite_invitation_body: "
"m= rewrote port to [%i]",map_port);
} else {
ERROR("rewriting port in m= failed sdp_med=%p, "
"m_number_of_port=%p", sdp_med, sdp_med->m_port);
}
} /* sts == success */
} /* if msg_port > 0 */
} else {
/* no port defined - skip entry */
WARN("no port defined in m=(media) stream_no=%i", media_stream_no);
continue;
}
} /* for media_stream_no */
/* remove old body */
sts = osip_list_remove(mymsg->bodies, 0);
osip_body_free(body);
/* dump new body */
sdp_message_to_str(sdp, &bodybuff);
bodybuflen=strlen(bodybuff);
/* free sdp structure */
sdp_message_free(sdp);
/* include new body */
sip_message_set_body(mymsg, bodybuff, bodybuflen);
if (sts != 0) {
ERROR("rewrite_invitation_body: unable to sip_message_set_body body");
}
/* free content length resource and include new one*/
osip_content_length_free(mymsg->content_length);
mymsg->content_length=NULL;
sprintf(clen,"%i",bodybuflen);
sts = osip_message_set_content_length(mymsg, clen);
/* free old body */
osip_free(bodybuff);
if (configuration.debuglevel)
{ /* just dump the buffer */
char *tmp, *tmp2;
int tmplen;
sts = osip_message_get_body(mymsg, 0, &body);
sts = sip_body_to_str(body, &tmp, &tmplen);
osip_content_length_to_str(mymsg->content_length, &tmp2);
DEBUG("Body after rewrite (clen=%s, strlen=%i):\n%s\n----",
tmp2, tmplen, tmp);
osip_free(tmp);
osip_free(tmp2);
}
return STS_SUCCESS;
}
/*
* PROXY_REQUEST
*
* RETURNS
* STS_SUCCESS on success
* STS_FAILURE on error
*
* RFC3261
* Section 16.3: Proxy Behavior - Request Validation
* 1. Reasonable Syntax
* 2. URI scheme
* 3. Max-Forwards
* 4. (Optional) Loop Detection
* 5. Proxy-Require
* 6. Proxy-Authorization
*
* Section 16.6: Proxy Behavior - Request Forwarding
* 1. Make a copy of the received request
* 2. Update the Request-URI
* 3. Update the Max-Forwards header field
* 4. Optionally add a Record-route header field value
* 5. Optionally add additional header fields
* 6. Postprocess routing information
* 7. Determine the next-hop address, port, and transport
* 8. Add a Via header field value
* 9. Add a Content-Length header field if necessary
* 10. Forward the new request
* 11. Set timer C
*/
int proxy_request (sip_ticket_t *ticket) {
int i;
int sts;
int type;
struct in_addr sendto_addr;
osip_uri_t *url;
int port;
char *buffer;
int buflen;
osip_message_t *request;
struct sockaddr_in *from;
DEBUGC(DBCLASS_PROXY,"proxy_request");
if (ticket==NULL) {
ERROR("proxy_request: called with NULL ticket");
return STS_FAILURE;
}
request=ticket->sipmsg;
from=&ticket->from;
/*
* RFC 3261, Section 16.4
* Proxy Behavior - Route Information Preprocessing
* (process Route header)
*/
route_preprocess(ticket);
/*
* figure out whether this is an incoming or outgoing request
* by doing a lookup in the registration table.
*/
#define _OLD_DIRECTION_EVALUATION 0
#if _OLD_DIRECTION_EVALUATION
type = 0;
for (i=0; i<URLMAP_SIZE; i++) {
if (urlmap[i].active == 0) continue;
/* incoming request ('to' == 'masq') || (('to' == 'reg') && !REGISTER)*/
if ((compare_url(request->to->url, urlmap[i].masq_url)==STS_SUCCESS) ||
(!MSG_IS_REGISTER(request) &&
(compare_url(request->to->url, urlmap[i].reg_url)==STS_SUCCESS))) {
type=REQTYP_INCOMING;
DEBUGC(DBCLASS_PROXY,"incoming request from %s@%s from outbound",
request->from->url->username? request->from->url->username:"******",
request->from->url->host? request->from->url->host: "*NULL*");
break;
}
/* outgoing request ('from' == 'reg') */
if (compare_url(request->from->url, urlmap[i].reg_url)==STS_SUCCESS) {
type=REQTYP_OUTGOING;
DEBUGC(DBCLASS_PROXY,"outgoing request from %s@%s from inbound",
request->from->url->username? request->from->url->username:"******",
request->from->url->host? request->from->url->host: "*NULL*");
break;
}
}
#else
type = 0;
/*
* did I receive the telegram from a REGISTERED host?
* -> it must be an OUTGOING request
*/
for (i=0; i<URLMAP_SIZE; i++) {
struct in_addr tmp_addr;
if (urlmap[i].active == 0) continue;
if (get_ip_by_host(urlmap[i].true_url->host, &tmp_addr) == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "proxy_request: cannot resolve host [%s]",
urlmap[i].true_url);
} else {
DEBUGC(DBCLASS_PROXY, "proxy_request: reghost:%s ip:%s",
urlmap[i].true_url->host, utils_inet_ntoa(from->sin_addr));
if (memcmp(&tmp_addr, &from->sin_addr, sizeof(tmp_addr)) == 0) {
type=REQTYP_OUTGOING;
break;
}
}
}
/*
* is the telegram directed to an internally registered host?
* -> it must be an INCOMING request
*/
if (type == 0) {
for (i=0; i<URLMAP_SIZE; i++) {
if (urlmap[i].active == 0) continue;
/* RFC3261:
* 'To' contains a display name (Bob) and a SIP or SIPS URI
* (sip:[email protected]) towards which the request was originally
* directed. Display names are described in RFC 2822 [3].
*/
/* So this means, that we must check the SIP URI supplied with the
* INVITE method, as this points to the real wanted target.
* Q: does there exist a situation where the SIP URI itself does
* point to "somewhere" but the To: points to the correct UA?
* So for now, we just look at both of them (SIP URI and To: header)
*/
/* incoming request (SIP URI == 'masq') || ((SIP URI == 'reg') && !REGISTER)*/
if ((compare_url(request->req_uri, urlmap[i].masq_url)==STS_SUCCESS) ||
(!MSG_IS_REGISTER(request) &&
(compare_url(request->req_uri, urlmap[i].reg_url)==STS_SUCCESS))) {
type=REQTYP_INCOMING;
break;
}
/* incoming request ('to' == 'masq') || (('to' == 'reg') && !REGISTER)*/
if ((compare_url(request->to->url, urlmap[i].masq_url)==STS_SUCCESS) ||
(!MSG_IS_REGISTER(request) &&
(compare_url(request->to->url, urlmap[i].reg_url)==STS_SUCCESS))) {
type=REQTYP_INCOMING;
break;
}
}
}
#endif
ticket->direction=type;
/*
* logging of passing calls
*/
if (configuration.log_calls) {
osip_uri_t *cont_url = NULL;
if (!osip_list_eol(request->contacts, 0))
cont_url = ((osip_contact_t*)(request->contacts->node->element))->url;
/* INVITE */
if (MSG_IS_INVITE(request)) {
if (cont_url) {
INFO("%s Call from: %s@%s",
(type==REQTYP_INCOMING) ? "Incoming":"Outgoing",
cont_url->username ? cont_url->username:"******",
cont_url->host ? cont_url->host : "*NULL*");
} else {
INFO("%s Call (w/o contact header) from: %s@%s",
(type==REQTYP_INCOMING) ? "Incoming":"Outgoing",
request->from->url->username ?
request->from->url->username:"******",
request->from->url->host ?
request->from->url->host : "*NULL*");
}
/* BYE / CANCEL */
} else if (MSG_IS_BYE(request) || MSG_IS_CANCEL(request)) {
if (cont_url) {
INFO("Ending Call from: %s@%s",
cont_url->username ? cont_url->username:"******",
cont_url->host ? cont_url->host : "*NULL*");
} else {
INFO("Ending Call (w/o contact header) from: %s@%s",
request->from->url->username ?
request->from->url->username:"******",
request->from->url->host ?
request->from->url->host : "*NULL*");
}
}
} /* log_calls */
/*
* RFC 3261, Section 16.6 step 1
* Proxy Behavior - Request Forwarding - Make a copy
*/
/* nothing to do here, copy is ready in 'request'*/
/* get destination address */
url=osip_message_get_uri(request);
switch (type) {
/*
* from an external host to the internal masqueraded host
*/
case REQTYP_INCOMING:
DEBUGC(DBCLASS_PROXY,"incoming request from %s@%s from outbound",
request->from->url->username? request->from->url->username:"******",
request->from->url->host? request->from->url->host: "*NULL*");
/*
* RFC 3261, Section 16.6 step 2
* Proxy Behavior - Request Forwarding - Request-URI
* (rewrite request URI to point to the real host)
*/
/* 'i' still holds the valid index into the URLMAP table */
if (check_rewrite_rq_uri(request) == STS_TRUE) {
proxy_rewrite_request_uri(request, i);
}
/* if this is CANCEL/BYE request, stop RTP proxying */
if (MSG_IS_BYE(request) || MSG_IS_CANCEL(request)) {
/* stop the RTP proxying stream(s) */
rtp_stop_fwd(osip_message_get_call_id(request), DIR_INCOMING);
rtp_stop_fwd(osip_message_get_call_id(request), DIR_OUTGOING);
/* check for incoming request */
} else if (MSG_IS_INVITE(request)) {
/* Rewrite the body */
sts = proxy_rewrite_invitation_body(request, DIR_INCOMING);
} else if (MSG_IS_ACK(request)) {
/* Rewrite the body */
sts = proxy_rewrite_invitation_body(request, DIR_INCOMING);
}
break;
/*
* from the internal masqueraded host to an external host
*/
case REQTYP_OUTGOING:
DEBUGC(DBCLASS_PROXY,"outgoing request from %s@%s from inbound",
request->from->url->username? request->from->url->username:"******",
request->from->url->host? request->from->url->host: "*NULL*");
/*
* RFC 3261, Section 16.6 step 2
* Proxy Behavior - Request Forwarding - Request-URI
*/
/* nothing to do for an outgoing request */
/* if it is addressed to myself, then it must be some request
* method that I as a proxy do not support. Reject */
#if 0
/* careful - an internal UA might send an request to another internal UA.
This would be caught here, so don't do this. This situation should be
caught in the default part of the CASE statement below */
if (is_sipuri_local(ticket) == STS_TRUE) {
WARN("unsupported request [%s] directed to proxy from %s@%s -> %s@%s",
request->sip_method? request->sip_method:"*NULL*",
request->from->url->username? request->from->url->username:"******",
request->from->url->host? request->from->url->host : "*NULL*",
url->username? url->username : "******",
url->host? url->host : "*NULL*");
sip_gen_response(ticket, 403 /*forbidden*/);
return STS_FAILURE;
}
#endif
/* rewrite Contact header to represent the masqued address */
sip_rewrite_contact(ticket, DIR_OUTGOING);
/* if an INVITE, rewrite body */
if (MSG_IS_INVITE(request)) {
sts = proxy_rewrite_invitation_body(request, DIR_OUTGOING);
} else if (MSG_IS_ACK(request)) {
sts = proxy_rewrite_invitation_body(request, DIR_OUTGOING);
}
/* if this is CANCEL/BYE request, stop RTP proxying */
if (MSG_IS_BYE(request) || MSG_IS_CANCEL(request)) {
/* stop the RTP proxying stream(s) */
rtp_stop_fwd(osip_message_get_call_id(request), DIR_INCOMING);
rtp_stop_fwd(osip_message_get_call_id(request), DIR_OUTGOING);
}
break;
default:
DEBUGC(DBCLASS_PROXY, "request [%s] from/to unregistered UA "
"(RQ: %s@%s -> %s@%s)",
request->sip_method? request->sip_method:"*NULL*",
request->from->url->username? request->from->url->username:"******",
request->from->url->host? request->from->url->host : "*NULL*",
url->username? url->username : "******",
url->host? url->host : "*NULL*");
/*
* we may end up here for two reasons:
* 1) An incomming request (from outbound) that is directed to
* an unknown (not registered) local UA
* 2) an outgoing request from a local UA that is not registered.
*
* Case 1) we should probably answer with "404 Not Found",
* case 2) more likely a "403 Forbidden"
*
* How about "408 Request Timeout" ?
*
*/
sip_gen_response(ticket, 408 /* Request Timeout */);
return STS_FAILURE;
}
/*
* RFC 3261, Section 16.6 step 3
* Proxy Behavior - Request Forwarding - Max-Forwards
* (if Max-Forwards header exists, decrement by one, if it does not
* exist, add a new one with value SHOULD be 70)
*/
{
osip_header_t *max_forwards;
int forwards_count = DEFAULT_MAXFWD;
char mfwd[8];
osip_message_get_max_forwards(request, 0, &max_forwards);
if (max_forwards == NULL) {
sprintf(mfwd, "%i", forwards_count);
osip_message_set_max_forwards(request, mfwd);
} else {
if (max_forwards->hvalue) {
forwards_count = atoi(max_forwards->hvalue);
forwards_count -=1;
osip_free (max_forwards->hvalue);
}
sprintf(mfwd, "%i", forwards_count);
max_forwards->hvalue = osip_strdup(mfwd);
}
DEBUGC(DBCLASS_PROXY,"setting Max-Forwards=%s",mfwd);
}
/*
* RFC 3261, Section 16.6 step 4
* Proxy Behavior - Request Forwarding - Add a Record-route header
*/
/*
* for ALL incoming requests, include my Record-Route header.
* The local UA will probably send its answer to the topmost
* Route Header (8.1.2 of RFC3261)
*/
if (type == REQTYP_INCOMING) {
DEBUGC(DBCLASS_PROXY,"Adding my Record-Route");
route_add_recordroute(ticket);
} else {
/*
* outgoing packets must not have my record route header, as
* this likely will contain a private IP address (my inbound).
*/
DEBUGC(DBCLASS_PROXY,"Purging Record-Routes (outgoing packet)");
route_purge_recordroute(ticket);
}
/*
* RFC 3261, Section 16.6 step 5
* Proxy Behavior - Request Forwarding - Add Additional Header Fields
*/
/* NOT IMPLEMENTED (optional) */
/*
* RFC 3261, Section 16.6 step 6
* Proxy Behavior - Request Forwarding - Postprocess routing information
*
* If the copy contains a Route header field, the proxy MUST
* inspect the URI in its first value. If that URI does not
* contain an lr parameter, the proxy MUST modify the copy as
* follows:
*
* - The proxy MUST place the Request-URI into the Route header
* field as the last value.
*
* - The proxy MUST then place the first Route header field value
* into the Request-URI and remove that value from the Route
* header field.
*/
#if 0
route_postprocess(ticket);
#endif
/*
* RFC 3261, Section 16.6 step 7
* Proxy Behavior - Determine Next-Hop Address
*/
/*&&&& priority probably should be:
* 1) Route header
* 2) fixed outbound proxy
* 3) SIP URI
*/
/*
* fixed or domain outbound proxy defined ?
*/
if ((type == REQTYP_OUTGOING) &&
(sip_find_outbound_proxy(ticket, &sendto_addr, &port) == STS_SUCCESS)) {
DEBUGC(DBCLASS_PROXY, "proxy_request: have outbound proxy %s:%i",
utils_inet_ntoa(sendto_addr), port);
/*
* Route present?
* If so, fetch address from topmost Route: header and remove it.
*/
} else if ((type == REQTYP_OUTGOING) &&
(request->routes && !osip_list_eol(request->routes, 0))) {
sts=route_determine_nexthop(ticket, &sendto_addr, &port);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "proxy_request: route_determine_nexthop failed");
return STS_FAILURE;
}
DEBUGC(DBCLASS_PROXY, "proxy_request: have Route header to %s:%i",
utils_inet_ntoa(sendto_addr), port);
/*
* destination from SIP URI
*/
} else {
/* get the destination from the SIP URI */
sts = get_ip_by_host(url->host, &sendto_addr);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "proxy_request: cannot resolve URI [%s]",
url->host);
return STS_FAILURE;
}
if (url->port) {
port=atoi(url->port);
} else {
port=SIP_PORT;
}
DEBUGC(DBCLASS_PROXY, "proxy_request: have SIP URI to %s:%i",
url->host, port);
}
/*
* RFC 3261, Section 16.6 step 8
* Proxy Behavior - Add a Via header field value
*/
/* add my Via header line (outbound interface)*/
if (type == REQTYP_INCOMING) {
sts = sip_add_myvia(ticket, IF_INBOUND);
if (sts == STS_FAILURE) {
ERROR("adding my inbound via failed!");
}
} else {
sts = sip_add_myvia(ticket, IF_OUTBOUND);
if (sts == STS_FAILURE) {
ERROR("adding my outbound via failed!");
return STS_FAILURE;
}
}
/*
* RFC 3261, Section 16.6 step 9
* Proxy Behavior - Add a Content-Length header field if necessary
*/
/* not necessary, already in message and we do not support TCP */
/*
* RFC 3261, Section 16.6 step 10
* Proxy Behavior - Forward the new request
*/
sts = sip_message_to_str(request, &buffer, &buflen);
if (sts != 0) {
ERROR("proxy_request: sip_message_to_str failed");
return STS_FAILURE;
}
sipsock_send(sendto_addr, port, ticket->protocol,
buffer, buflen);
osip_free (buffer);
/*
* RFC 3261, Section 16.6 step 11
* Proxy Behavior - Set timer C
*/
/* NOT IMPLEMENTED - does this really apply for stateless proxies? */
return STS_SUCCESS;
}
/*
* PROXY_RESPONSE
*
* RETURNS
* STS_SUCCESS on success
* STS_FAILURE on error
* RFC3261
* Section 16.7: Proxy Behavior - Response Processing
* 1. Find the appropriate response context
* 2. Update timer C for provisional responses
* 3. Remove the topmost Via
* 4. Add the response to the response context
* 5. Check to see if this response should be forwarded immediately
* 6. When necessary, choose the best final response from the
* response context
* 7. Aggregate authorization header field values if necessary
* 8. Optionally rewrite Record-Route header field values
* 9. Forward the response
* 10. Generate any necessary CANCEL requests
*
*/
int proxy_response (sip_ticket_t *ticket) {
int i;
int sts;
int type;
struct in_addr sendto_addr;
osip_via_t *via;
int port;
char *buffer;
int buflen;
osip_message_t *response;
struct sockaddr_in *from;
DEBUGC(DBCLASS_PROXY,"proxy_response");
if (ticket==NULL) {
ERROR("proxy_response: called with NULL ticket");
return STS_FAILURE;
}
response=ticket->sipmsg;
from=&ticket->from;
/*
* RFC 3261, Section 16.7 step 3
* Proxy Behavior - Response Processing - Remove my Via header field value
*/
/* remove my Via header line */
sts = sip_del_myvia(ticket);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY,"not addressed to my VIA, ignoring response");
return STS_FAILURE;
}
/*
* figure out if this is an request coming from the outside
* world to one of our registered clients
*/
/* Ahhrghh...... a response seems to have NO contact information...
* so let's take FROM instead...
* the TO and FROM headers are EQUAL to the request - that means
* they are swapped in their meaning for a response...
*/
#if _OLD_DIRECTION_EVALUATION
type = 0;
for (i=0; i<URLMAP_SIZE; i++) {
if (urlmap[i].active == 0) continue;
/* incoming response ('from' == 'masq') || ('from' == 'reg') */
if ((compare_url(response->from->url, urlmap[i].reg_url)==STS_SUCCESS) ||
(compare_url(response->from->url, urlmap[i].masq_url)==STS_SUCCESS)) {
type=RESTYP_INCOMING;
DEBUGC(DBCLASS_PROXY,"incoming response for %s@%s from outbound",
response->from->url->username? response->from->url->username:"******",
response->from->url->host? response->from->url->host : "*NULL*");
break;
}
/* outgoing response ('to' == 'reg') || ('to' == 'masq' ) */
if ((compare_url(response->to->url, urlmap[i].masq_url)==STS_SUCCESS) ||
(compare_url(response->to->url, urlmap[i].reg_url)==STS_SUCCESS)){
type=RESTYP_OUTGOING;
DEBUGC(DBCLASS_PROXY,"outgoing response for %s@%s from inbound",
response->from->url->username ?
response->from->url->username : "******",
response->from->url->host ?
response->from->url->host : "*NULL*");
break;
}
}
#else
type = 0;
/*
* did I receive the telegram from a REGISTERED host?
* -> it must be an OUTGOING response
*/
for (i=0; i<URLMAP_SIZE; i++) {
struct in_addr tmp_addr;
if (urlmap[i].active == 0) continue;
if (get_ip_by_host(urlmap[i].true_url->host, &tmp_addr) == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "proxy_response: cannot resolve host [%s]",
urlmap[i].true_url);
} else {
DEBUGC(DBCLASS_PROXY, "proxy_response: reghost:%s ip:%s",
urlmap[i].true_url->host, utils_inet_ntoa(from->sin_addr));
if (memcmp(&tmp_addr, &from->sin_addr, sizeof(tmp_addr)) == 0) {
type=RESTYP_OUTGOING;
break;
}
}
}
/*
* is the telegram directed to an internal registered host?
* -> it must be an INCOMING response
*/
if (type == 0) {
for (i=0; i<URLMAP_SIZE; i++) {
if (urlmap[i].active == 0) continue;
/* incoming response ('from' == 'masq') || ('from' == 'reg') */
if ((compare_url(response->from->url, urlmap[i].reg_url)==STS_SUCCESS) ||
(compare_url(response->from->url, urlmap[i].masq_url)==STS_SUCCESS)) {
type=RESTYP_INCOMING;
break;
}
}
}
/* &&&& Open Issue &&&&
it has been seen with cross-provider calls that the FROM may be 'garbled'
(e.g [email protected] for calls made sipphone -> FWD)
How can we deal with this? Should I take into consideration the 'Via'
headers? This is the only clue I have, pointing to the *real* UA.
Maybe I should put in a 'siproxd' ftag value to recognize it as a header
inserted by myself
*/
if ((type == 0) && (!osip_list_eol(response->vias, 0))) {
osip_via_t *via;
struct in_addr addr_via, addr_myself;
int port_via, port_ua;
/* get the via address */
via = (osip_via_t *) osip_list_get (response->vias, 0);
DEBUGC(DBCLASS_PROXY, "proxy_response: check via [%s] for "
"registered UA",via->host);
sts=get_ip_by_host(via->host, &addr_via);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_DNS, "proxy_response: cannot resolve VIA [%s]",
via->host);
} else {
for (i=0; i<URLMAP_SIZE; i++) {
if (urlmap[i].active == 0) continue;
/* incoming response (1st via in list points to a registered UA) */
sts=get_ip_by_host(urlmap[i].true_url->host, &addr_myself);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_DNS, "proxy_response: cannot resolve "
"true_url [%s]", via->host);
continue;
}
port_via=0;
if (via->port) port_via=atoi(via->port);
if (port_via <= 0) port_via=SIP_PORT;
port_ua=0;
if (urlmap[i].true_url->port)
port_ua=atoi(urlmap[i].true_url->port);
if (port_ua <= 0) port_ua=SIP_PORT;
DEBUGC(DBCLASS_BABBLE, "proxy_response: checking for registered "
"host [%s:%i] <-> [%s:%i]",
urlmap[i].true_url->host, port_ua,
via->host, port_via);
if ((memcmp(&addr_myself, &addr_via, sizeof(addr_myself))==0) &&
(port_via == port_ua)) {
type=RESTYP_INCOMING;
break;
}
}
}
}
#endif
ticket->direction=type;
/*
* ok, we got a response that we are allowed to process.
*/
switch (type) {
/*
* from an external host to the internal masqueraded host
*/
case RESTYP_INCOMING:
DEBUGC(DBCLASS_PROXY,"incoming response for %s@%s from outbound",
response->from->url->username? response->from->url->username:"******",
response->from->url->host? response->from->url->host : "*NULL*");
/*
* Response for INVITE - deal with RTP data in body and
* start RTP proxy stream(s). In case
* of a negative answer, stop RTP stream
*/
if (MSG_IS_RESPONSE_FOR(response,"INVITE")) {
/* positive response, start RTP stream */
if ((MSG_IS_STATUS_1XX(response)) ||
(MSG_IS_STATUS_2XX(response))) {
if (configuration.rtp_proxy_enable == 1) {
sts = proxy_rewrite_invitation_body(response, DIR_INCOMING);
}
/* negative - stop a possibly started RTP stream */
} else if ((MSG_IS_STATUS_4XX(response)) ||
(MSG_IS_STATUS_5XX(response)) ||
(MSG_IS_STATUS_6XX(response))) {
rtp_stop_fwd(osip_message_get_call_id(response), DIR_INCOMING);
rtp_stop_fwd(osip_message_get_call_id(response), DIR_OUTGOING);
}
} /* if INVITE */
/*
* Response for REGISTER - special handling of Contact header
*/
if (MSG_IS_RESPONSE_FOR(response,"REGISTER")) {
/*
* REGISTER returns *my* Contact header information.
* Rewrite Contact header back to represent the true address.
* Other responses do return the Contact header of the sender.
*/
sip_rewrite_contact(ticket, DIR_INCOMING);
}
/*
* Response for SUBSCRIBE
*
* HACK for Grandstream SIP phones (with newer firmware like 1.0.4.40):
* They send a SUBSCRIBE request to the registration server. In
* case of beeing registering directly to siproxd, this request of
* course will eventually be forwarded back to the same UA.
* Grandstream then does reply with an '202' response (A 202
* response merely indicates that the subscription has been
* understood, and that authorization may or may not have been
* granted), which then of course is forwarded back to the phone.
* Ans it seems that the Grandstream can *not* *handle* this
* response, as it immediately sends another SUBSCRIBE request.
* And this games goes on and on and on...
*
* As a workaround we will transform any 202 response to a
* '404 unknown destination'
*
*/
{
osip_header_t *ua_hdr=NULL;
osip_message_get_user_agent(response, 0, &ua_hdr);
if (ua_hdr && ua_hdr->hvalue &&
(osip_strncasecmp(ua_hdr->hvalue,"grandstream", 11)==0) &&
(MSG_IS_RESPONSE_FOR(response,"SUBSCRIBE")) &&
(MSG_TEST_CODE(response, 202))) {
DEBUGC(DBCLASS_PROXY, "proxy_response: Grandstream hack 202->404");
response->status_code=404;
}
}
break;
/*
* from the internal masqueraded host to an external host
*/
case RESTYP_OUTGOING:
DEBUGC(DBCLASS_PROXY,"outgoing response for %s@%s from inbound",
response->from->url->username ?
response->from->url->username : "******",
response->from->url->host ?
response->from->url->host : "*NULL*");
/* rewrite Contact header to represent the masqued address */
sip_rewrite_contact(ticket, DIR_OUTGOING);
/*
* If an 2xx OK or 1xx response, answer to an INVITE request,
* rewrite body
*
* In case of a negative answer, stop RTP stream
*/
if (MSG_IS_RESPONSE_FOR(response,"INVITE")) {
/* positive response, start RTP stream */
if ((MSG_IS_STATUS_1XX(response)) ||
(MSG_IS_STATUS_2XX(response))) {
/* This is an outgoing response, therefore an outgoing stream */
sts = proxy_rewrite_invitation_body(response, DIR_OUTGOING);
/* megative - stop a possibly started RTP stream */
} else if ((MSG_IS_STATUS_4XX(response)) ||
(MSG_IS_STATUS_5XX(response)) ||
(MSG_IS_STATUS_6XX(response))) {
rtp_stop_fwd(osip_message_get_call_id(response), DIR_INCOMING);
rtp_stop_fwd(osip_message_get_call_id(response), DIR_OUTGOING);
}
} /* if INVITE */
break;
default:
DEBUGC(DBCLASS_PROXY, "response from/to unregistered UA (%s@%s)",
response->from->url->username? response->from->url->username:"******",
response->from->url->host? response->from->url->host : "*NULL*");
return STS_FAILURE;
}
/*
* for ALL incoming response include my Record-Route header.
* The local UA will probably send its answer to the topmost
* Route Header (8.1.2 of RFC3261)
*/
if (type == RESTYP_INCOMING) {
DEBUGC(DBCLASS_PROXY,"Adding my Record-Route");
route_add_recordroute(ticket);
} else {
/*
* outgoing packets must not have my record route header, as
* this likely will contain a private IP address (my inbound).
*/
DEBUGC(DBCLASS_PROXY,"Purging Record-Routes (outgoing packet)");
route_purge_recordroute(ticket);
}
/*
* Determine Next-Hop Address
*/
/*&&&& priority probably should be:
* 1) Route header
* 2) fixed outbound proxy
* 3) SIP URI
*/
/*
* check if we need to send to an outbound proxy
*/
if ((type == RESTYP_OUTGOING) &&
(sip_find_outbound_proxy(ticket, &sendto_addr, &port) == STS_SUCCESS)) {
DEBUGC(DBCLASS_PROXY, "proxy_response: have outbound proxy %s:%i",
utils_inet_ntoa(sendto_addr), port);
/*
* Route present?
* If so, fetch address from topmost Route: header and remove it.
*/
} else if ((type == RESTYP_OUTGOING) &&
(response->routes && !osip_list_eol(response->routes, 0))) {
sts=route_determine_nexthop(ticket, &sendto_addr, &port);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "proxy_response: route_determine_nexthop failed");
return STS_FAILURE;
}
DEBUGC(DBCLASS_PROXY, "proxy_response: have Route header to %s:%i",
utils_inet_ntoa(sendto_addr), port);
} else {
/* get target address and port from VIA header */
via = (osip_via_t *) osip_list_get (response->vias, 0);
if (via == NULL) {
ERROR("proxy_response: list_get via failed");
return STS_FAILURE;
}
sts = get_ip_by_host(via->host, &sendto_addr);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "proxy_response: cannot resolve VIA [%s]",
via->host);
return STS_FAILURE;
}
if (via->port) {
port=atoi(via->port);
} else {
port=SIP_PORT;
}
}
sts = sip_message_to_str(response, &buffer, &buflen);
if (sts != 0) {
ERROR("proxy_response: sip_message_to_str failed");
return STS_FAILURE;
}
sipsock_send(sendto_addr, port, ticket->protocol,
buffer, buflen);
osip_free (buffer);
return STS_SUCCESS;
}
/*
* checks for a match of the 'from' address with the supplied
* access list.
*
* RETURNS
* STS_SUCCESS for a match
* STS_FAILURE for no match
*/
int process_aclist (char *aclist, struct sockaddr_in from) {
int i, sts;
int lastentry;
char *p1, *p2;
char address[32]; /* dotted decimal IP - max 15 chars*/
char mask[8]; /* mask - max 2 digits */
struct in_addr inaddr;
unsigned int bitmask;
for (i=0, p1=aclist, lastentry=0;
!lastentry; i++) {
/*
* extract one entry from the access list
*/
/* address */
p2=strchr(p1,'/');
if (!p2) {
ERROR("CONFIG: accesslist [%s]- no mask separator found", aclist);
return STS_FAILURE;
}
memset(address,0,sizeof(address));
memcpy(address,p1,p2-p1);
/* mask */
p1=strchr(p2,',');
p1=p2+1;
p2=strchr(p1,',');
if (!p2) { /* then this must be the last entry in the list */
p2=strchr(p1,'\0');
lastentry=1;
}
memset(mask,0,sizeof(mask));
memcpy(mask,p1,p2-p1);
p1=p2+1;
DEBUGC(DBCLASS_ACCESS,"[%i] extracted address=%s", i, address);
DEBUGC(DBCLASS_ACCESS,"[%i] extracted mask =%s", i, mask);
/*
* check for a match
*/
sts=get_ip_by_host(address, &inaddr);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_ACCESS, "process_aclist: cannot resolve address [%s]",
address);
return STS_FAILURE;
}
bitmask=~(0xffffffff>>atoi(mask));
DEBUGC(DBCLASS_ACCESS,"[%i] (%p) <-> (%p)", i,
ntohl(inaddr.s_addr) & bitmask,
ntohl(from.sin_addr.s_addr) & bitmask);
if ( (ntohl(inaddr.s_addr) & bitmask) ==
(ntohl(from.sin_addr.s_addr) & bitmask) ) return STS_SUCCESS;
}
return STS_FAILURE;
}
/*
* check if a given osip_via_t is local. I.e. its address is owned
* by my inbound or outbound interface
*
* RETURNS
* STS_TRUE if the given VIA is one of my interfaces
* STS_FALSE otherwise
*/
int is_via_local (osip_via_t *via, struct in_addr *local_ip) {
int sts, found;
struct in_addr addr_via, addr_myself;
char *my_interfaces[]=
{ configuration.inbound_if, configuration.outbound_if, (char*)-1 };
int port;
int i;
char *ptr;
if (via==NULL) {
ERROR("called is_via_local with NULL via");
return STS_FALSE;
}
DEBUGC(DBCLASS_BABBLE,"via name %s",via->host);
if (utils_inet_aton(via->host,&addr_via) == 0) {
/* need name resolution */
sts=get_ip_by_host(via->host, &addr_via);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_DNS, "is_via_local: cannot resolve VIA [%s]",
via->host);
return STS_FAILURE;
}
}
/* check the extracted VIA against my own host addresses */
if (via->port) port=atoi(via->port);
else port=SIP_PORT;
/* Check local_ip if defined */
if (local_ip) {
if ( (memcmp(&addr_via, local_ip, sizeof(addr_via))==0) &&
(port == configuration.sip_listen_port) ) {
DEBUGC(DBCLASS_BABBLE,"via is local due to local_ip");
return STS_TRUE;
}
}
found=0;
for (i=0; ; i++) {
/*
* try to search by interface name first
*/
ptr=my_interfaces[i];
if (ptr==(char*)-1) break; /* end of list mark */
if (ptr) {
DEBUGC(DBCLASS_BABBLE,"resolving IP of interface %s",ptr);
if (get_ip_by_ifname(ptr, &addr_myself) != STS_SUCCESS) {
ERROR("can't find interface %s - configuration error?", ptr);
continue;
}
}
if ( (memcmp(&addr_myself, &addr_via, sizeof(addr_myself))==0) &&
(port == configuration.sip_listen_port) ) {
DEBUG("got address match [%s]", utils_inet_ntoa(addr_via));
found=1;
break;
}
}
return (found)? STS_TRUE : STS_FALSE;
}
/*
* SIP_FIND_OUTBOUND_PROXY
*
* performs the lookup for an apropriate outbound proxy
*
* RETURNS
* STS_SUCCESS on successful lookup
* STS_FAILURE if no outbound proxy to be used
*/
int sip_find_outbound_proxy(sip_ticket_t *ticket, struct in_addr *addr,
int *port) {
int i, sts;
char *domain=NULL;
osip_message_t *sipmsg;
sipmsg=ticket->sipmsg;
if (!addr ||!port) {
ERROR("sip_find_outbound_proxy called with NULL addr or port");
return STS_FAILURE;
}
if (sipmsg && sipmsg->from && sipmsg->from->url) {
domain=sipmsg->from->url->host;
}
if (domain == NULL) {
WARN("sip_find_outbound_proxy called with NULL from->url->host");
return STS_FAILURE;
}
/*
* check consistency of configuration:
* outbound_domain_name, outbound_domain_host, outbound_domain_port
* must match up
*/
if ((configuration.outbound_proxy_domain_name.used !=
configuration.outbound_proxy_domain_host.used) ||
(configuration.outbound_proxy_domain_name.used !=
configuration.outbound_proxy_domain_port.used)) {
ERROR("configuration of outbound_domain_ inconsistent, check config");
} else {
/*
* perform the lookup for domain specific proxies
* first match wins
*/
for (i=0; i<configuration.outbound_proxy_domain_name.used; i++) {
if (strcmp(configuration.outbound_proxy_domain_name.string[i],
domain)==0) {
sts = get_ip_by_host(configuration.outbound_proxy_domain_host.string[i],
addr);
if (sts == STS_FAILURE) {
ERROR("sip_find_outbound_proxy: cannot resolve "
"outbound proxy host [%s], check config",
configuration.outbound_proxy_domain_host.string[i]);
return STS_FAILURE;
}
*port=atoi(configuration.outbound_proxy_domain_port.string[i]);
if (*port == 0) *port = SIP_PORT;
return STS_SUCCESS;
} /* strcmp */
} /* for i */
}
/*
* now check for a global outbound proxy
*/
if (configuration.outbound_proxy_host) {
/* I have a global outbound proxy configured */
sts = get_ip_by_host(configuration.outbound_proxy_host, addr);
if (sts == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "proxy_request: cannot resolve outbound "
" proxy host [%s]", configuration.outbound_proxy_host);
return STS_FAILURE;
}
if (configuration.outbound_proxy_port) {
*port=configuration.outbound_proxy_port;
} else {
*port = SIP_PORT;
}
DEBUGC(DBCLASS_PROXY, "proxy_request: have outbound proxy %s:%i",
configuration.outbound_proxy_host, *port);
return STS_SUCCESS;
}
return STS_FAILURE; /* no proxy */
}
/*
* check if a given request is addressed to local. I.e. it is addressed
* to the proxy itself (IP of my inbound or outbound interface, same port)
*
* RETURNS
* STS_TRUE if the request is addressed local
* STS_FALSE otherwise
*/
int is_sipuri_local (sip_ticket_t *ticket) {
osip_message_t *sip=ticket->sipmsg;
int found;
struct in_addr addr_uri, addr_myself;
char *my_interfaces[]=
{ configuration.inbound_if, configuration.outbound_if, (char*)-1 };
int port;
int i;
char *ptr;
if (sip==NULL) {
ERROR("called is_sipuri_local with NULL sip");
return STS_FALSE;
}
if (!sip || !sip->req_uri) {
ERROR("is_sipuri_local: no request URI present");
return STS_FALSE;
}
DEBUGC(DBCLASS_DNS,"check for local SIP URI %s:%s",
sip->req_uri->host? sip->req_uri->host : "*NULL*",
sip->req_uri->port? sip->req_uri->port : "*NULL*");
if (utils_inet_aton(sip->req_uri->host, &addr_uri) == 0) {
/* need name resolution */
get_ip_by_host(sip->req_uri->host, &addr_uri);
}
found=0;
for (i=0; ; i++) {
/*
* try to search by interface name first
*/
ptr=my_interfaces[i];
if (ptr==(char*)-1) break; /* end of list mark */
if (ptr) {
DEBUGC(DBCLASS_BABBLE,"resolving IP of interface %s",ptr);
if (get_ip_by_ifname(ptr, &addr_myself) != STS_SUCCESS) {
ERROR("can't find interface %s - configuration error?", ptr);
continue;
}
}
/* check the extracted HOST against my own host addresses */
if (sip->req_uri->port) {
port=atoi(sip->req_uri->port);
} else {
port=SIP_PORT;
}
if ( (memcmp(&addr_myself, &addr_uri, sizeof(addr_myself))==0) &&
(port == configuration.sip_listen_port) ) {
DEBUG("address match [%s]", utils_inet_ntoa(addr_uri));
found=1;
break;
}
}
DEBUGC(DBCLASS_DNS, "SIP URI is %slocal", found? "":"not ");
return (found)? STS_TRUE : STS_FALSE;
}
/*
* compares two URLs
* (by now, only scheme, hostname and username are compared)
*
* RETURNS
* STS_SUCCESS if equal
* STS_FAILURE if non equal or error
*/
int compare_url(osip_uri_t *url1, osip_uri_t *url2) {
int sts1, sts2;
struct in_addr addr1, addr2;
/* sanity checks */
if ((url1 == NULL) || (url2 == NULL)) {
ERROR("compare_url: NULL ptr: url1=0x%p, url2=0x%p",url1, url2);
return STS_FAILURE;
}
/* sanity checks: host part is a MUST */
if ((url1->host == NULL) || (url2->host == NULL)) {
ERROR("compare_url: NULL ptr: url1->host=0x%p, url2->host=0x%p",
url1->host, url2->host);
return STS_FAILURE;
}
DEBUGC(DBCLASS_PROXY, "comparing urls: %s:%s@%s -> %s:%s@%s",
(url1->scheme) ? url1->scheme : "(null)",
(url1->username) ? url1->username : "******",
(url1->host) ? url1->host : "(null)",
(url2->scheme) ? url2->scheme : "(null)",
(url2->username) ? url2->username : "******",
(url2->host) ? url2->host : "(null)");
/* compare SCHEME (if present) case INsensitive */
if (url1->scheme && url2->scheme) {
if (osip_strcasecmp(url1->scheme, url2->scheme) != 0) {
DEBUGC(DBCLASS_PROXY, "compare_url: scheme mismatch");
return STS_FAILURE;
}
} else {
WARN("compare_url: NULL scheme - ignoring");
}
/* compare username (if present) case sensitive */
if (url1->username && url2->username) {
if (strcmp(url1->username, url2->username) != 0) {
DEBUGC(DBCLASS_PROXY, "compare_url: username mismatch");
return STS_FAILURE;
}
} else {
DEBUGC(DBCLASS_PROXY, "compare_url: NULL username - ignoring");
}
/*
* now, try to resolve the host. If resolveable, compare
* IP addresses - if not resolveable, compare the host names
* itselfes
*/
/* get the IP addresses from the (possible) hostnames */
sts1=get_ip_by_host(url1->host, &addr1);
if (sts1 == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "compare_url: cannot resolve host [%s]",
url1->host);
}
sts2=get_ip_by_host(url2->host, &addr2);
if (sts2 == STS_FAILURE) {
DEBUGC(DBCLASS_PROXY, "compare_url: cannot resolve host [%s]",
url2->host);
}
if ((sts1 == STS_SUCCESS) && (sts2 == STS_SUCCESS)) {
/* compare IP addresses */
if (memcmp(&addr1, &addr2, sizeof(addr1))!=0) {
DEBUGC(DBCLASS_PROXY, "compare_url: IP mismatch");
return STS_FAILURE;
}
} else {
/* compare hostname strings case INsensitive */
if (osip_strcasecmp(url1->host, url2->host) != 0) {
DEBUGC(DBCLASS_PROXY, "compare_url: host name mismatch");
return STS_FAILURE;
}
}
/* the two URLs did pass all tests successfully - MATCH */
return STS_SUCCESS;
}
