Hello all!

I'm using Kamailio 5.1.0 on my testing machine. Configuration includes
slightly modified AUTH route from
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb

route[AUTH] {
  xlog("L_DBG", "== TRACE. AUTH\n");

  # if caller is not local subscriber, then check if it calls
  # a local destination, otherwise deny, not an open relay here
  if (from_uri!=myself && uri!=myself) {
    xlog("L_DBG", "== TRACE. AUTH. Not relaying. Exiting.\n");
    sl_send_reply("403","Not relaying");
    exit;
  }

  if(isflagset(TRUSTEDIP)) {
    xlog("== TRACE. AUTH. TRUSTEDIP. Returning.\n");
    return;
  }

  if (is_method("REGISTER") || from_uri==myself) {
    xlog("L_DBG", "== TRACE. AUTH. Method REGISTER\n");
    # authenticate requests
    if (!auth_check("$fd", "sipusers", "1")) {
      auth_challenge("$fd", "0");
      xlog("L_DBG", "== TRACE. AUTH. Exiting.\n");
      exit;
    }
    # user authenticated - remove auth header
    if(!is_method("REGISTER|PUBLISH")) {
      xlog("L_DBG", "== TRACE. AUTH. Method is not REGISTER|PUBLISH\n");
      consume_credentials();
    }
  }

  xlog("L_DBG", "== TRACE. AUTH. Returning.\n");
  return;
}

I opened port UDP/5060 to everyone today and started receiving some SIP
requests. Most INVITEs were stopped by *auth_challenge* but then I received
this one:

2018/04/11 16:32:44.385689 38.91.106.211:5069 -> 172.16.30.205:5060

INVITE sip:100@MY_PUB_IP_ADDRESS SIP/2.0
v: SIP/2.0/UDP 38.91.106.211:5060;branch=z9hG4bK-929181129;rport
Content-Length: 0
f: "pbx"<sip:100@1.1.1.1>;tag=3535306165633930313363340131373533363938373235
i: 757925348661465531074812
m: sip:100@38.91.106.211:5069
Accept: application/sdp
CSeq: 1 INVITE
t: "pbx"<sip:100@1.1.1.1>
Max-Forwards: 70

... and it came through AUTH route. Below are two fragments of Kamailio log:

Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. INVITE From: sip:100@1.1.1.1 (IP:38.91.106.211:5069)
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE.       To: sip:100@1.1.1.1
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: pv
[pv_core.c:1286]: pv_get_dsturi(): no destination URI
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE.    Destination URI : <null>
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. SIP Request header : sip:100@MY_PUB_IP_ADDRESS
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/parser/msg_parser.c:89]: get_hdr_field(): found end of header
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: pv
[pv_core.c:966]: pv_get_useragent(): no User-Agent header
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE.  User Agent header : <null>
****************************************************************************************************
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. request_route ==> AUTH
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. AUTH
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 &&
[1.1.1.1] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==13 &&
[1.1.1.1] == [172.16.30.205]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 &&
[1.1.1.1] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 8088
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/forward.c:412]: check_self(): host != me
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 &&
[1.1.1.1] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==13 &&
[1.1.1.1] == [172.16.30.205]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 7==9 &&
[1.1.1.1] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 8088
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/forward.c:412]: check_self(): host != me
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==9 &&
[ MY_PUB_IP_ADDRESS ] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==13 &&
[ MY_PUB_IP_ADDRESS ] == [172.16.30.205]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 5060
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:564]: grep_sock_info(): checking if host==us: 13==9 &&
[ MY_PUB_IP_ADDRESS ] == [127.0.0.1]
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <core>
[core/socket_info.c:567]: grep_sock_info(): checking if port 8088
(advertise 0) matches port 5060
Apr 11 16:32:44 kamailio-dev /usr/sbin/kamailio[31373]: DEBUG: <script>: ==
TRACE. AUTH. Returning.

As you can see all tests failed to catch this INVITE request and Kamailio
continued processing it. And I'm now wondering what would be the best way
to identify such packet.

Thanks.
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to