[asterisk-bugs] [Asterisk 0013296]: "From" shouldn't be matched against "users" if INVITE arrives from a "peer" IP
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Aug 13 07:43:03 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=13296
======================================================================
Reported By: ibc
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 13296
Category: Channels/chan_sip/General
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: new
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-08-13 04:30 CDT
Last Modified: 2008-08-13 07:43 CDT
======================================================================
Summary: "From" shouldn't be matched against "users" if
INVITE arrives from a "peer" IP
Description:
Hi, I've realized that Asterisk matches "From" header even if the call
arrives via a defined "peer" IP, so Asterisk asks it for authentication
(that is not possible coming from a provider).
Example:
sip.conf:
----------
[200]
type=friend
host=dynamic
secret=*****
[provider]
type=peer
host=1.2.3.4
----------
If the following INVITE arrives from IP 1.2.3.4 then Asterisk will reject
it with "403 Forbidden" since it matches the "From:
sip:200 at sip_provider.com" against user 200:
---------------
INVITE sip:999888777 at asterisk_ip.org SIP/2.0
From: <sip:200 at sip_provider.com>
---------------
IMHO Asterisk must not try to match a user ("From") if the INVITE arrives
from a peer IP.
The only way to solve it is by ensuring that any INVITE arriving from the
peer has a "From" different than any Asterisk user, that is impossible
(imagine the case in which Asterisk receives a call from an external SIP
provider with peering relation with "sip_provider.com", something like:
---------------
INVITE sip:999888777 at asterisk_ip.org SIP/2.0
From: <sip:200 at sip_provider.com>
P-Asserted-Identity: <sip:999888777 at sip_provider.com>
---------------
PD: I know Asterisk doesn't handle PAI header, imagine then it's RPID.
======================================================================
----------------------------------------------------------------------
(0091360) ibc (reporter) - 2008-08-13 07:43
http://bugs.digium.com/view.php?id=13296#c91360
----------------------------------------------------------------------
Yep, I already know this is the "expected" behaviour. But what I wonder is
if it's should be.
Note the example above in which Asterisk receives, via a peer, a call with
a "From" matching a user (but it's just casuality, also the domains are
differents).
Do you mean that this can't be handled in chan_sip and involves
architecture changes?
Issue History
Date Modified Username Field Change
======================================================================
2008-08-13 07:43 ibc Note Added: 0091360
======================================================================
More information about the asterisk-bugs
mailing list