[asterisk-dev] Fwd: Asterisk Sip Registration Hooks

Kevin P. Fleming kpfleming at digium.com
Wed Aug 10 16:41:17 CDT 2011


On 08/10/2011 04:34 PM, Mike Myhre wrote:
>
>> By the way... a colleague here reminded me of this thread yesterday,
>> and I wanted to correct a previous statement I made: if you produce a
>> patch for Asterisk 10 that adds security event reporting for the
>> various REGISTER-related events you want to report and submit it
>> through the normal process, there's still time to get it into Asterisk
>> 10. It's still in beta, and such a patch would have very low risk of
>> regressions or performance issues... plus it's something the community
>> has wanted for a long time.
>
> I looked at the code for both 1.8.X and V10 in chan_sip.c and both
> appear identical. The simplest patch is the single line I added below
> that gives my res module access to the Failed peer registration command:
>
> /* handle_request_register function */
> if ((res = register_verify(p, sin, req, e)) < 0) {
> const char *reason;
>
> switch (res) {
> case AUTH_SECRET_FAILED:
> reason = "Wrong password";
> break;
> case AUTH_USERNAME_MISMATCH:
> reason = "Username/auth name mismatch";
> break;
> case AUTH_NOT_FOUND:
> reason = "No matching peer found";
> break;
> case AUTH_UNKNOWN_DOMAIN:
> reason = "Not a local domain";
> break;
> case AUTH_PEER_NOT_DYNAMIC:
> reason = "Peer is not supposed to register";
> break;
> case AUTH_ACL_FAILED:
> reason = "Device does not match ACL";
> break;
> case AUTH_BAD_TRANSPORT:
> reason = "Device not configured to use this transport type";
> break;
> default:
> reason = "Unknown failure";
> break;
> }
> ast_log(LOG_NOTICE, "Registration from '%s' failed for '%s' - %s\n",
> get_header(req, "To"), ast_inet_ntoa(sin->sin_addr),
> reason);
> append_history(p, "RegRequest", "Failed : Account %s : %s",
> get_header(req, "To"), reason);
>
> /* START OF PATCH LINE */
> ast_verbose(VERBOSE_PREFIX_3 "SIP Registry Error: \'%s\' from \'%s\' -
> %s\n",
> get_header(req,"To"),ast_inet_ntoa (sin->sin_addr),reason);
> /* END OF PATCH LINE */
> } else
> append_history(p, "RegRequest", "Succeeded : Account %s",
> get_header(req, "To"));
>
> if (res < 1) {
> /* Destroy the session, but keep us around for just a bit in case they
> don't
> get our 200 OK */
> sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
> }
>
> This could be used in all versions 1.4.X - V10. I am not sure what the
> "normal process" to submit this would be, or if you wanted to add the
> line, but it is pretty simple.

Like I said before, we're not going to add it to any version except 
Asterisk 10, and in Asterisk 10 it would need to be generated as a 
security event, not a verbose log message.

If you want to provide a patch for that, you'll need to use 
https://issues.asterisk.org/jira.

I also wouldn't classify it as a 'registry error'; there's nothing wrong 
with the 'registry'. It's a 'registration failure'.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-dev mailing list