static int ac_packetfilter_simple(ac_sip_t *asip, void *data) { osip_message_t* sip = asip->req->evt->sip; int code = osip_message_get_status_code(sip); LOG_DEBUG("Performing simple ac on %s->%s, remote: %d\n", asip->from, asip->to, asip->req->remote_msg); /* filter only inbound */ if (asip->req->remote_msg && !asip->req->internally_generated) { /* todo: we should check that the sip from == the aor associated with the connection (on remote calls) */ /* except that that would mess up the gateway things. */ //ASSERT_ZERO(sipp_get_sip_aors_simple(sip, &local_aor, &remote_aor, 1), end); /* if ((!MSG_IS_RESPONSE(asip->evt->sip) && (strcmp(asip->from, asip->remote) || strcmp(asip->to, asip->local))) || (MSG_IS_RESPONSE(asip->evt->sip) && (strcmp(asip->to, asip->remote) || strcmp(asip->from, asip->local)))) asip->verdict = AC_VERDICT_REJECT; else */ if (MSG_IS_RESPONSE(sip)) { /* reject 482 merges, as server loops aren't of any interest to us */ if (code == 482) { LOG_WARN("Skipping %d response\n", code); asip->verdict = AC_VERDICT_REJECT; } } else if (MSG_IS_ACK(sip) || MSG_IS_BYE(sip) || MSG_IS_CANCEL(sip) || MSG_IS_UPDATE(sip)) { /* this we should let through pretty much undisturbed */ } else if (MSG_IS_SUBSCRIBE(sip) || MSG_IS_PUBLISH(sip)) { /* if this is remotely got, just reject */ asip->verdict = AC_VERDICT_REJECT; } else if (MSG_IS_INVITE(sip) || MSG_IS_MESSAGE(sip)) { /* hm, nothing.. */ // } else if (MSG_IS_NOTIFY(sip)) { } else { /* todo: what about OPTIONS? */ LOG_WARN("Got unsupported request\n"); asip->verdict = AC_VERDICT_UNSUPP; } } else { /* allow *all* outgoing! */ asip->verdict = AC_VERDICT_ALLOW; } return 1; }
type_t evt_set_type_incoming_sipmessage (osip_message_t * sip) { if (MSG_IS_REQUEST (sip)) { if (MSG_IS_INVITE (sip)) return RCV_REQINVITE; else if (MSG_IS_ACK (sip)) return RCV_REQACK; return RCV_REQUEST; } else { if (MSG_IS_STATUS_1XX (sip)) return RCV_STATUS_1XX; else if (MSG_IS_STATUS_2XX (sip)) return RCV_STATUS_2XX; return RCV_STATUS_3456XX; } }
/* * PROXY_REQUEST * * RETURNS * STS_SUCCESS on success * STS_FAILURE on error * * RFC3261 * Section 16.3: Proxy Behavior - Request Validation * 1. Reasonable Syntax * 2. URI scheme * 3. Max-Forwards * 4. (Optional) Loop Detection * 5. Proxy-Require * 6. Proxy-Authorization * * Section 16.6: Proxy Behavior - Request Forwarding * 1. Make a copy of the received request * 2. Update the Request-URI * 3. Update the Max-Forwards header field * 4. Optionally add a Record-route header field value * 5. Optionally add additional header fields * 6. Postprocess routing information * 7. Determine the next-hop address, port, and transport * 8. Add a Via header field value * 9. Add a Content-Length header field if necessary * 10. Forward the new request * 11. Set timer C */ int proxy_request (sip_ticket_t *ticket) { int i; int sts; int type; struct in_addr sendto_addr; osip_uri_t *url; int port; char *buffer; int buflen; osip_message_t *request; struct sockaddr_in *from; DEBUGC(DBCLASS_PROXY,"proxy_request"); if (ticket==NULL) { ERROR("proxy_request: called with NULL ticket"); return STS_FAILURE; } request=ticket->sipmsg; from=&ticket->from; /* * RFC 3261, Section 16.4 * Proxy Behavior - Route Information Preprocessing * (process Route header) */ route_preprocess(ticket); /* * figure out whether this is an incoming or outgoing request * by doing a lookup in the registration table. */ #define _OLD_DIRECTION_EVALUATION 0 #if _OLD_DIRECTION_EVALUATION type = 0; for (i=0; i<URLMAP_SIZE; i++) { if (urlmap[i].active == 0) continue; /* incoming request ('to' == 'masq') || (('to' == 'reg') && !REGISTER)*/ if ((compare_url(request->to->url, urlmap[i].masq_url)==STS_SUCCESS) || (!MSG_IS_REGISTER(request) && (compare_url(request->to->url, urlmap[i].reg_url)==STS_SUCCESS))) { type=REQTYP_INCOMING; DEBUGC(DBCLASS_PROXY,"incoming request from %s@%s from outbound", request->from->url->username? request->from->url->username:"******", request->from->url->host? request->from->url->host: "*NULL*"); break; } /* outgoing request ('from' == 'reg') */ if (compare_url(request->from->url, urlmap[i].reg_url)==STS_SUCCESS) { type=REQTYP_OUTGOING; DEBUGC(DBCLASS_PROXY,"outgoing request from %s@%s from inbound", request->from->url->username? request->from->url->username:"******", request->from->url->host? request->from->url->host: "*NULL*"); break; } } #else type = 0; /* * did I receive the telegram from a REGISTERED host? * -> it must be an OUTGOING request */ for (i=0; i<URLMAP_SIZE; i++) { struct in_addr tmp_addr; if (urlmap[i].active == 0) continue; if (get_ip_by_host(urlmap[i].true_url->host, &tmp_addr) == STS_FAILURE) { DEBUGC(DBCLASS_PROXY, "proxy_request: cannot resolve host [%s]", urlmap[i].true_url); } else { DEBUGC(DBCLASS_PROXY, "proxy_request: reghost:%s ip:%s", urlmap[i].true_url->host, utils_inet_ntoa(from->sin_addr)); if (memcmp(&tmp_addr, &from->sin_addr, sizeof(tmp_addr)) == 0) { type=REQTYP_OUTGOING; break; } } } /* * is the telegram directed to an internally registered host? * -> it must be an INCOMING request */ if (type == 0) { for (i=0; i<URLMAP_SIZE; i++) { if (urlmap[i].active == 0) continue; /* RFC3261: * 'To' contains a display name (Bob) and a SIP or SIPS URI * (sip:[email protected]) towards which the request was originally * directed. Display names are described in RFC 2822 [3]. */ /* So this means, that we must check the SIP URI supplied with the * INVITE method, as this points to the real wanted target. * Q: does there exist a situation where the SIP URI itself does * point to "somewhere" but the To: points to the correct UA? * So for now, we just look at both of them (SIP URI and To: header) */ /* incoming request (SIP URI == 'masq') || ((SIP URI == 'reg') && !REGISTER)*/ if ((compare_url(request->req_uri, urlmap[i].masq_url)==STS_SUCCESS) || (!MSG_IS_REGISTER(request) && (compare_url(request->req_uri, urlmap[i].reg_url)==STS_SUCCESS))) { type=REQTYP_INCOMING; break; } /* incoming request ('to' == 'masq') || (('to' == 'reg') && !REGISTER)*/ if ((compare_url(request->to->url, urlmap[i].masq_url)==STS_SUCCESS) || (!MSG_IS_REGISTER(request) && (compare_url(request->to->url, urlmap[i].reg_url)==STS_SUCCESS))) { type=REQTYP_INCOMING; break; } } } #endif ticket->direction=type; /* * logging of passing calls */ if (configuration.log_calls) { osip_uri_t *cont_url = NULL; if (!osip_list_eol(request->contacts, 0)) cont_url = ((osip_contact_t*)(request->contacts->node->element))->url; /* INVITE */ if (MSG_IS_INVITE(request)) { if (cont_url) { INFO("%s Call from: %s@%s", (type==REQTYP_INCOMING) ? "Incoming":"Outgoing", cont_url->username ? cont_url->username:"******", cont_url->host ? cont_url->host : "*NULL*"); } else { INFO("%s Call (w/o contact header) from: %s@%s", (type==REQTYP_INCOMING) ? "Incoming":"Outgoing", request->from->url->username ? request->from->url->username:"******", request->from->url->host ? request->from->url->host : "*NULL*"); } /* BYE / CANCEL */ } else if (MSG_IS_BYE(request) || MSG_IS_CANCEL(request)) { if (cont_url) { INFO("Ending Call from: %s@%s", cont_url->username ? cont_url->username:"******", cont_url->host ? cont_url->host : "*NULL*"); } else { INFO("Ending Call (w/o contact header) from: %s@%s", request->from->url->username ? request->from->url->username:"******", request->from->url->host ? request->from->url->host : "*NULL*"); } } } /* log_calls */ /* * RFC 3261, Section 16.6 step 1 * Proxy Behavior - Request Forwarding - Make a copy */ /* nothing to do here, copy is ready in 'request'*/ /* get destination address */ url=osip_message_get_uri(request); switch (type) { /* * from an external host to the internal masqueraded host */ case REQTYP_INCOMING: DEBUGC(DBCLASS_PROXY,"incoming request from %s@%s from outbound", request->from->url->username? request->from->url->username:"******", request->from->url->host? request->from->url->host: "*NULL*"); /* * RFC 3261, Section 16.6 step 2 * Proxy Behavior - Request Forwarding - Request-URI * (rewrite request URI to point to the real host) */ /* 'i' still holds the valid index into the URLMAP table */ if (check_rewrite_rq_uri(request) == STS_TRUE) { proxy_rewrite_request_uri(request, i); } /* if this is CANCEL/BYE request, stop RTP proxying */ if (MSG_IS_BYE(request) || MSG_IS_CANCEL(request)) { /* stop the RTP proxying stream(s) */ rtp_stop_fwd(osip_message_get_call_id(request), DIR_INCOMING); rtp_stop_fwd(osip_message_get_call_id(request), DIR_OUTGOING); /* check for incoming request */ } else if (MSG_IS_INVITE(request)) { /* Rewrite the body */ sts = proxy_rewrite_invitation_body(request, DIR_INCOMING); } else if (MSG_IS_ACK(request)) { /* Rewrite the body */ sts = proxy_rewrite_invitation_body(request, DIR_INCOMING); } break; /* * from the internal masqueraded host to an external host */ case REQTYP_OUTGOING: DEBUGC(DBCLASS_PROXY,"outgoing request from %s@%s from inbound", request->from->url->username? request->from->url->username:"******", request->from->url->host? request->from->url->host: "*NULL*"); /* * RFC 3261, Section 16.6 step 2 * Proxy Behavior - Request Forwarding - Request-URI */ /* nothing to do for an outgoing request */ /* if it is addressed to myself, then it must be some request * method that I as a proxy do not support. Reject */ #if 0 /* careful - an internal UA might send an request to another internal UA. This would be caught here, so don't do this. This situation should be caught in the default part of the CASE statement below */ if (is_sipuri_local(ticket) == STS_TRUE) { WARN("unsupported request [%s] directed to proxy from %s@%s -> %s@%s", request->sip_method? request->sip_method:"*NULL*", request->from->url->username? request->from->url->username:"******", request->from->url->host? request->from->url->host : "*NULL*", url->username? url->username : "******", url->host? url->host : "*NULL*"); sip_gen_response(ticket, 403 /*forbidden*/); return STS_FAILURE; } #endif /* rewrite Contact header to represent the masqued address */ sip_rewrite_contact(ticket, DIR_OUTGOING); /* if an INVITE, rewrite body */ if (MSG_IS_INVITE(request)) { sts = proxy_rewrite_invitation_body(request, DIR_OUTGOING); } else if (MSG_IS_ACK(request)) { sts = proxy_rewrite_invitation_body(request, DIR_OUTGOING); } /* if this is CANCEL/BYE request, stop RTP proxying */ if (MSG_IS_BYE(request) || MSG_IS_CANCEL(request)) { /* stop the RTP proxying stream(s) */ rtp_stop_fwd(osip_message_get_call_id(request), DIR_INCOMING); rtp_stop_fwd(osip_message_get_call_id(request), DIR_OUTGOING); } break; default: DEBUGC(DBCLASS_PROXY, "request [%s] from/to unregistered UA " "(RQ: %s@%s -> %s@%s)", request->sip_method? request->sip_method:"*NULL*", request->from->url->username? request->from->url->username:"******", request->from->url->host? request->from->url->host : "*NULL*", url->username? url->username : "******", url->host? url->host : "*NULL*"); /* * we may end up here for two reasons: * 1) An incomming request (from outbound) that is directed to * an unknown (not registered) local UA * 2) an outgoing request from a local UA that is not registered. * * Case 1) we should probably answer with "404 Not Found", * case 2) more likely a "403 Forbidden" * * How about "408 Request Timeout" ? * */ sip_gen_response(ticket, 408 /* Request Timeout */); return STS_FAILURE; } /* * RFC 3261, Section 16.6 step 3 * Proxy Behavior - Request Forwarding - Max-Forwards * (if Max-Forwards header exists, decrement by one, if it does not * exist, add a new one with value SHOULD be 70) */ { osip_header_t *max_forwards; int forwards_count = DEFAULT_MAXFWD; char mfwd[8]; osip_message_get_max_forwards(request, 0, &max_forwards); if (max_forwards == NULL) { sprintf(mfwd, "%i", forwards_count); osip_message_set_max_forwards(request, mfwd); } else { if (max_forwards->hvalue) { forwards_count = atoi(max_forwards->hvalue); forwards_count -=1; osip_free (max_forwards->hvalue); } sprintf(mfwd, "%i", forwards_count); max_forwards->hvalue = osip_strdup(mfwd); } DEBUGC(DBCLASS_PROXY,"setting Max-Forwards=%s",mfwd); } /* * RFC 3261, Section 16.6 step 4 * Proxy Behavior - Request Forwarding - Add a Record-route header */ /* * for ALL incoming requests, include my Record-Route header. * The local UA will probably send its answer to the topmost * Route Header (8.1.2 of RFC3261) */ if (type == REQTYP_INCOMING) { DEBUGC(DBCLASS_PROXY,"Adding my Record-Route"); route_add_recordroute(ticket); } else { /* * outgoing packets must not have my record route header, as * this likely will contain a private IP address (my inbound). */ DEBUGC(DBCLASS_PROXY,"Purging Record-Routes (outgoing packet)"); route_purge_recordroute(ticket); } /* * RFC 3261, Section 16.6 step 5 * Proxy Behavior - Request Forwarding - Add Additional Header Fields */ /* NOT IMPLEMENTED (optional) */ /* * RFC 3261, Section 16.6 step 6 * Proxy Behavior - Request Forwarding - Postprocess routing information * * If the copy contains a Route header field, the proxy MUST * inspect the URI in its first value. If that URI does not * contain an lr parameter, the proxy MUST modify the copy as * follows: * * - The proxy MUST place the Request-URI into the Route header * field as the last value. * * - The proxy MUST then place the first Route header field value * into the Request-URI and remove that value from the Route * header field. */ #if 0 route_postprocess(ticket); #endif /* * RFC 3261, Section 16.6 step 7 * Proxy Behavior - Determine Next-Hop Address */ /*&&&& priority probably should be: * 1) Route header * 2) fixed outbound proxy * 3) SIP URI */ /* * fixed or domain outbound proxy defined ? */ if ((type == REQTYP_OUTGOING) && (sip_find_outbound_proxy(ticket, &sendto_addr, &port) == STS_SUCCESS)) { DEBUGC(DBCLASS_PROXY, "proxy_request: have outbound proxy %s:%i", utils_inet_ntoa(sendto_addr), port); /* * Route present? * If so, fetch address from topmost Route: header and remove it. */ } else if ((type == REQTYP_OUTGOING) && (request->routes && !osip_list_eol(request->routes, 0))) { sts=route_determine_nexthop(ticket, &sendto_addr, &port); if (sts == STS_FAILURE) { DEBUGC(DBCLASS_PROXY, "proxy_request: route_determine_nexthop failed"); return STS_FAILURE; } DEBUGC(DBCLASS_PROXY, "proxy_request: have Route header to %s:%i", utils_inet_ntoa(sendto_addr), port); /* * destination from SIP URI */ } else { /* get the destination from the SIP URI */ sts = get_ip_by_host(url->host, &sendto_addr); if (sts == STS_FAILURE) { DEBUGC(DBCLASS_PROXY, "proxy_request: cannot resolve URI [%s]", url->host); return STS_FAILURE; } if (url->port) { port=atoi(url->port); } else { port=SIP_PORT; } DEBUGC(DBCLASS_PROXY, "proxy_request: have SIP URI to %s:%i", url->host, port); } /* * RFC 3261, Section 16.6 step 8 * Proxy Behavior - Add a Via header field value */ /* add my Via header line (outbound interface)*/ if (type == REQTYP_INCOMING) { sts = sip_add_myvia(ticket, IF_INBOUND); if (sts == STS_FAILURE) { ERROR("adding my inbound via failed!"); } } else { sts = sip_add_myvia(ticket, IF_OUTBOUND); if (sts == STS_FAILURE) { ERROR("adding my outbound via failed!"); return STS_FAILURE; } } /* * RFC 3261, Section 16.6 step 9 * Proxy Behavior - Add a Content-Length header field if necessary */ /* not necessary, already in message and we do not support TCP */ /* * RFC 3261, Section 16.6 step 10 * Proxy Behavior - Forward the new request */ sts = sip_message_to_str(request, &buffer, &buflen); if (sts != 0) { ERROR("proxy_request: sip_message_to_str failed"); return STS_FAILURE; } sipsock_send(sendto_addr, port, ticket->protocol, buffer, buflen); osip_free (buffer); /* * RFC 3261, Section 16.6 step 11 * Proxy Behavior - Set timer C */ /* NOT IMPLEMENTED - does this really apply for stateless proxies? */ return STS_SUCCESS; }
PPL_DECLARE (int) psp_core_event_add_sip_message (osip_event_t * evt) { osip_transaction_t *transaction; osip_message_t *answer1xx; int i; if (MSG_IS_REQUEST (evt->sip)) { /* delete request where cseq method does not match the method in request-line */ if (evt->sip->cseq==NULL || evt->sip==NULL || evt->sip->cseq->method==NULL || evt->sip->sip_method==NULL) { osip_event_free (evt); return -1; } if (0 != strcmp (evt->sip->cseq->method, evt->sip->sip_method)) { OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_WARNING, NULL, "core module: Discard invalid message with method!=cseq!\n")); osip_event_free (evt); return -1; } } i = psp_core_find_osip_transaction_and_add_event (evt); if (i == 0) { psp_osip_wakeup (core->psp_osip); return 0; /*evt consumed */ } if (MSG_IS_REQUEST (evt->sip)) { if (MSG_IS_ACK (evt->sip)) { /* continue as it is a new transaction... */ osip_route_t *route; /* If a route header is present, then plugins will give the correct location. */ osip_message_get_route (evt->sip, 0, &route); if (route == NULL) { OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_INFO1, NULL, "core module: This is a late ACK to discard!\n")); /* It can be a ACK for 200 ok, but those ACK SHOULD never go through this proxy! (and should be sent to the contact header of the 200ok */ #ifdef SUPPORT_FOR_BROKEN_UA /* if this ACK has a request-uri that is not us, forward the message there. How should I modify this message?? */ if (evt!=NULL && evt->sip!=NULL && evt->sip!=NULL && evt->sip->req_uri!=NULL) { if (psp_core_is_responsible_for_this_domain(evt->sip->req_uri)!=0) { int port = 5060; if (evt->sip->req_uri->port != NULL) port = osip_atoi (evt->sip->req_uri->port); psp_core_cb_snd_message(NULL, evt->sip, evt->sip->req_uri->host, port, -1); } } #endif osip_event_free (evt); return 0; } OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_INFO1, NULL, "core module: This is a ACK for INVITE!\n")); psp_core_event_add_sfp_inc_ack (evt->sip); osip_free (evt); return 0; } /* we can create the transaction and send a 1xx */ transaction = osip_create_transaction (core->psp_osip->osip, evt); if (transaction == NULL) { OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_INFO3, NULL, "core module: Could not create a transaction for this request!\n")); osip_event_free (evt); return -1; } /* now, all retransmissions will be handled by oSIP. */ /* From rfc3261: (Section: 16.2) "Thus, a stateful proxy SHOULD NOT generate 100 (Trying) responses to non-INVITE requests." */ if (MSG_IS_INVITE (evt->sip)) { i = osip_msg_build_response (&answer1xx, 100, evt->sip); if (i != 0) { OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_ERROR, NULL, "sfp module: could not create a 100 Trying for this transaction. (discard it and let the transaction die itself)!\n")); osip_event_free (evt); return -1; } osip_transaction_add_event (transaction, evt); evt = osip_new_outgoing_sipmessage (answer1xx); evt->transactionid = transaction->transactionid; osip_transaction_add_event (transaction, evt); } else osip_transaction_add_event (transaction, evt); psp_osip_wakeup (core->psp_osip); return 0; } else { OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_INFO3, NULL, "sfp module: No module seems to be able to forward this response!\n")); /* this is probably a late answer? */ /* let's forward it! */ i = psp_core_handle_late_answer (evt->sip); if (i != 0) { osip_event_free (evt); return -1; } osip_event_free (evt); } return 0; }
/* code (entry point) */ static int plugin_regex_process(sip_ticket_t *ticket) { int sts=STS_SUCCESS; osip_uri_t *req_url; osip_uri_t *to_url; osip_generic_param_t *r=NULL; /* plugin loaded and not configured, return with success */ if (plugin_cfg.regex_pattern.used==0) return STS_SUCCESS; if (plugin_cfg.regex_replace.used==0) return STS_SUCCESS; DEBUGC(DBCLASS_PLUGIN,"plugin entered"); req_url=osip_message_get_uri(ticket->sipmsg); to_url=osip_to_get_url(ticket->sipmsg); /* only outgoing direction is handled */ sip_find_direction(ticket, NULL); if (ticket->direction != DIR_OUTGOING) return STS_SUCCESS; /* only INVITE and ACK are handled */ if (!MSG_IS_INVITE(ticket->sipmsg) && !MSG_IS_ACK(ticket->sipmsg)) return STS_SUCCESS; /* expire old cache entries */ expire_redirected_cache(&redirected_cache); /* REQ URI with username must exist, prefix string must exist */ if (!req_url || !req_url->username) return STS_SUCCESS; /* ignore */ /* Loop avoidance: * If this INVITE has already been redirected by a prior 302 * moved response a "REDIRECTED_TAG" parameter should be present in the * URI. * Hopefully all UAs (Clients) do honor RFC3261 and copy the * *full* URI form the contact header into the new request header * upon a 3xx response. */ if (req_url) { osip_uri_param_get_byname(&(req_url->url_params), REDIRECTED_TAG, &r); if (r && r->gvalue && strcmp(r->gvalue,REDIRECTED_VAL)== 0) { DEBUGC(DBCLASS_PLUGIN,"Packet has already been processed (ReqURI)"); return STS_SUCCESS; } } if (to_url) { osip_uri_param_get_byname(&(to_url->url_params), REDIRECTED_TAG, &r); if (r && r->gvalue && strcmp(r->gvalue,REDIRECTED_VAL)== 0) { DEBUGC(DBCLASS_PLUGIN,"Packet has already been processed (ToURI)"); return STS_SUCCESS; } } /* * The SIP message is to be processed */ /* outgoing INVITE request */ if (MSG_IS_INVITE(ticket->sipmsg)) { DEBUGC(DBCLASS_PLUGIN,"processing INVITE"); sts=plugin_regex_redirect(ticket); } /* outgoing ACK request: is result of a local 3xx answer (moved...) * * Only consume that particular ACK that belongs to a sent 302 answer, * nothing else. Otherwise the ACK from the redirected call will get * consumed as well and causes the call to be aborted (timeout). * We keep a cache with Call-Ids of such "302 moved" dialogs. * Only consume such ACKs that are part of such a dialog. */ else if (MSG_IS_ACK(ticket->sipmsg)) { if (is_in_redirected_cache(&redirected_cache, ticket) == STS_TRUE) { DEBUGC(DBCLASS_PLUGIN,"processing ACK (consume it)"); sts=STS_SIP_SENT; /* eat up the ACK that was directed to myself */ } } return sts; }