[asterisk-bugs] [Asterisk 0013296]: "From" shouldn't be matched against "users" if INVITE arrives from a "peer" IP
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Aug 13 04:35:20 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=13296
======================================================================
Reported By: ibc
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 13296
Category: Channels/chan_sip/General
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: new
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-08-13 04:30 CDT
Last Modified: 2008-08-13 04:35 CDT
======================================================================
Summary: "From" shouldn't be matched against "users" if
INVITE arrives from a "peer" IP
Description:
Hi, I've realized that Asterisk matches "From" header even if the call
arrives via a defined "peer" IP, so Asterisk asks it for authentication
(that is not possible coming from a provider).
Example:
sip.conf:
----------
[200]
type=friend
host=dynamic
secret=*****
[provider]
type=peer
host=1.2.3.4
----------
If the following INVITE arrives from IP 1.2.3.4 then Asterisk will reject
it with "403 Forbidden" since it matches the "From:
sip:200 at sip_provider.com" against user 200:
---------------
INVITE sip:999888777 at asterisk_ip.org SIP/2.0
From: <sip:200 at sip_provider.com>
---------------
IMHO Asterisk must not try to match a user ("From") if the INVITE arrives
from a peer IP.
The only way to solve it is by ensuring that any INVITE arriving from the
peer has a "From" different than any Asterisk user, that is impossible
(imagine the case in which Asterisk receives a call from an external SIP
provider with peering relation with "sip_provider.com", something like:
---------------
INVITE sip:999888777 at asterisk_ip.org SIP/2.0
From: <sip:200 at sip_provider.com>
P-Asserted-Identity: <sip:999888777 at sip_provider.com>
---------------
PD: I know Asterisk doesn't handle PAI header, imagine then it's RPID.
======================================================================
----------------------------------------------------------------------
(0091358) oej (manager) - 2008-08-13 04:35
http://bugs.digium.com/view.php?id=13296#c91358
----------------------------------------------------------------------
This is an effect of the architecture, not a bug. This is how it works. We
always first match users on From user name, then look for peers on incoming
calls. It's well documented in books and trainings, as well as in several
mails on asterisk-users mailing list.
Issue History
Date Modified Username Field Change
======================================================================
2008-08-13 04:35 oej Note Added: 0091358
======================================================================
More information about the asterisk-bugs
mailing list