[Asterisk-Dev] defect in sip_chan.c?

Luigi Rizzo rizzo at icir.org
Wed Dec 14 09:56:52 MST 2005 

been there, done that :)

i cannot comment whether asterisk does a sensible matching or not.

Anyways, in order to avoid surprises you need to make sure
that the names of your 'user' sections (typically phones, i would say)
never match fields in the 'From:' header. Using short numbers,
or strings with non-numeric chars, should help there.

After that, incoming calls will be matched based on the IP address
of the sender in the 'peer' section, so you will likely need to put
'insecure=very' in these sections, which is fine as long as you
don't expect to charge the sender for handling the call
(you won't be able to do that because the sender will not
authenticate).

The above works for me so far.

	cheers
	luigi

On Wed, Dec 14, 2005 at 08:52:28AM -0700, Steve Murphy wrote:
> Hello--
> 
> I am having a problem with matching contexts from sip.conf with the
> callerid info coming in from a SIP provider.
> 
> My sip provider passes the callerID info to Asterisk via the From:
> header in the INVITE packet.
> 
> Asterisk dutifully pulls the callerid num and name from the From:
> header, and then, searches sip.conf for a user context that has the same
> name as the callerid number....
> 
> Isn't this brain dead? Or is there some method to the madness? Why on
> earth would I ever want to have an entry in sip.conf for every possible
> person who would call me via the phone number provided me by the vendor?
> 
> Wouldn't it make more sense instead to find a user entry for the exten
> instead? I looked at chan_sip.c, and in check_user_full(), at the time
> the find_user() func is called, the variable p->exten contains the
> extension number (my account number with the Provider).
> 
> Now, I could ask the Provider not to include actual callerID info in the
> INVITE (we started out that way), and I might end up with the exten in
> the callerID number field that way, but I'd never see who was calling
> me!
> 
> The rub is, I need to NOT authenticate incoming calls, just the outgoing
> calls. To do this, I'd like to have two entries in sip.conf, one for the
> "user", and the other for the "peer", where the "user" doesn't
> authenticate (no md5secret, no realm, etc), and the "peer" does
> authenticate.
> 
> What if check_user_full() adds a call to find_user with p->exten AFTER
> it does the existing call to find_user with the cid num? Or am I daft
> because the rest of the world does it differently? It looks like (I
> haven't searched the code yet...) the p->exten seems to be filled in
> from the "To:" header.
> 
> So, would it harm anyone, if the sip driver, on receiving a call, first
> checked for a user context matching the "From:" header, then checked for
> a user context matching the "To:" header, THEN went for a peer with a
> matching IP?
> 
> I inserted the two lines to do this, and now I get the behavior I need.
> Is this a worthwhile thing to do for anyone else?
> 
> murf
> 
> -- 
> Steve Murphy <murf at e-tools.com>
> Electronic Tools Company
> 
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> Asterisk-Dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list