[asterisk-bugs] [Asterisk 0012005]: [patch] SIP INVITES authorization from multiple IP addresses

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Jul 3 11:25:13 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12005 
====================================================================== 
Reported By:                fkasumovic
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12005
Category:                   Channels/chan_sip/Registration
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 103307 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             02-15-2008 10:23 CST
Last Modified:              07-03-2008 11:25 CDT
====================================================================== 
Summary:                    [patch] SIP INVITES authorization from multiple IP
addresses
Description: 
In current implementation, SIP INVITES are authorized either per username
or per single IP address. Many providers send SIP INVITEs from multiple C
classes and therefore it is very hard (if not impossible) to configure that
via SIP peers.

The only workaround is combination of [general] context and iptables.

Here is a patch that provides such functionality. SIP peer has to be
configured as type=peer, insecure=invite (or insecure=very) with defined
permit/deny rules:

[provider]
type=peer
insecure=very
deny=0.0.0.0/0.0.0.0
permit=10.2.1.0/255.255.255.0
permit=192.168.0.0/255.255.0.0

This is almost identical as to how permit/deny rules work for SIP REGISTER
packets.
====================================================================== 

---------------------------------------------------------------------- 
 oej - 07-03-08 11:25  
---------------------------------------------------------------------- 
Ok, so we agree that you have pinpointed a problem we need to solve, but
that we don't use your patch. We'll add it to our todo-list. If you would
like to work on this with the help of us, please find us in the IRC channel
or by e-mail.

Thank you for contributing to Asterisk! 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-03-08 11:25  oej            Note Added: 0089687                          
======================================================================

More information about the asterisk-bugs mailing list