diff --git a/doc/siproxd.conf.example b/doc/siproxd.conf.example index f52ccd2..068dea9 100644 --- a/doc/siproxd.conf.example +++ b/doc/siproxd.conf.example @@ -393,7 +393,7 @@ plugin_fix_bogus_via_networks = 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 # responses, causing the received SIP response to be discarded by # any SIP client that properly checks the Via chain. # DTAG_networks: Network where DTAG messages are received from. -plugin_fix_DTAG_networks = 217.0.23.100/24 +plugin_fix_DTAG_networks = 217.0.23.100/32 ###################################################################### # Plugin_stun diff --git a/src/accessctl.c b/src/accessctl.c index 9c31188..bd7128b 100644 --- a/src/accessctl.c +++ b/src/accessctl.c @@ -168,8 +168,12 @@ int process_aclist (char *aclist, struct sockaddr_in from) { (long)ntohl(from.sin_addr.s_addr) & bitmask); if ( (ntohl(inaddr.s_addr) & bitmask) == - (ntohl(from.sin_addr.s_addr) & bitmask) ) return STS_SUCCESS; + (ntohl(from.sin_addr.s_addr) & bitmask) ) { + DEBUGC(DBCLASS_ACCESS, "process_aclist: MATCH"); + return STS_SUCCESS; + } } + DEBUGC(DBCLASS_ACCESS, "process_aclist: no match"); return STS_FAILURE; } diff --git a/src/plugin_fix_DTAG.c b/src/plugin_fix_DTAG.c index a6fdc2e..4cc278a 100644 --- a/src/plugin_fix_DTAG.c +++ b/src/plugin_fix_DTAG.c @@ -56,7 +56,7 @@ static cfgopts_t plugin_cfg_opts[] = { }; /* Prototypes */ -static int sip_patch_topvia(sip_ticket_t *ticket); +static int sip_fix_topvia(sip_ticket_t *ticket); /* @@ -101,28 +101,34 @@ int PLUGIN_PROCESS(int stage, sip_ticket_t *ticket){ type = ticket->direction; - /* Incoming SIP response? */ DEBUGC(DBCLASS_PLUGIN, "plugin_fix_DTAG: type=%i", type); - if (type == RESTYP_INCOMING) { + /* Incoming SIP response? */ + if (type == RESTYP_INCOMING) { + /* a Via header needs to be present in response */ if((via = osip_list_get(&(ticket->sipmsg->vias), 0)) == NULL) { WARN("no Via header found in incoming SIP message"); return STS_SUCCESS; } - get_ip_by_host(via->host, &(from.sin_addr)); - /* check for Via IP in configured range */ + get_ip_by_host(via->host, &(from.sin_addr)); if ((plugin_cfg.networks != NULL) && (strcmp(plugin_cfg.networks, "") !=0) && + (process_aclist(plugin_cfg.networks, ticket->from) == STS_SUCCESS) && (process_aclist(plugin_cfg.networks, from) == STS_SUCCESS)) { - /* is in list, patch Via header */ + + /* VIA & Sender IP are in list, fix Via header */ DEBUGC(DBCLASS_PLUGIN, "plugin_fix_DTAG: replacing a bogus via"); - if (sip_patch_topvia(ticket) == STS_FAILURE) { + + if (sip_fix_topvia(ticket) == STS_FAILURE) { ERROR("patching inbound Via failed!"); } + } else { + DEBUGC(DBCLASS_PLUGIN, "plugin_fix_DTAG: not match, returning."); } - } + DEBUGC(DBCLASS_PLUGIN, "plugin_fix_DTAG: done"); + } return STS_SUCCESS; } @@ -138,29 +144,30 @@ int PLUGIN_END(plugin_def_t *plugin_def){ } /*--------------------------------------------------------------------*/ -static int sip_patch_topvia(sip_ticket_t *ticket) { +static int sip_fix_topvia(sip_ticket_t *ticket) { osip_via_t *via; int sts; if((via = osip_list_get(&(ticket->sipmsg->vias), 0)) != NULL) { - // 1) check that via header matches criteria (is not local) - if (! is_via_local(via)) { - // 2) remove broken via header - sts = osip_list_remove(&(ticket->sipmsg->vias), 0); - osip_via_free (via); - via = NULL; + /* 1) IP of Via has been checked beforehand. */ - // 3) add my via header - if (ticket->direction == RESTYP_INCOMING) { - sts = sip_add_myvia(ticket, IF_OUTBOUND); - if (sts == STS_FAILURE) { - ERROR("adding my outbound via failed!"); - } - } else { - sts = sip_add_myvia(ticket, IF_INBOUND); - if (sts == STS_FAILURE) { - ERROR("adding my inbound via failed!"); - } + /* 2) remove broken via header */ + DEBUGC(DBCLASS_PLUGIN, "plugin_fix_DTAG: removing topmost via"); + sts = osip_list_remove(&(ticket->sipmsg->vias), 0); + osip_via_free (via); + via = NULL; + + /* 3) add my via header */ + DEBUGC(DBCLASS_PLUGIN, "plugin_fix_DTAG: adding new via"); + if (ticket->direction == RESTYP_INCOMING) { + sts = sip_add_myvia(ticket, IF_OUTBOUND); + if (sts == STS_FAILURE) { + ERROR("adding my outbound via failed!"); + } + } else { + sts = sip_add_myvia(ticket, IF_INBOUND); + if (sts == STS_FAILURE) { + ERROR("adding my inbound via failed!"); } } } diff --git a/src/proxy.c b/src/proxy.c index b793f44..614e3fe 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -485,6 +485,16 @@ int proxy_response (sip_ticket_t *ticket) { response=ticket->sipmsg; + /* + * figure out if this is an request coming from the outside + * world to one of our registered clients + */ + sip_find_direction(ticket, NULL); + type = ticket->direction; + + /* Call Plugins for stage: PLUGIN_PRE_PROXY */ + sts = call_plugins(PLUGIN_PRE_PROXY, ticket); + /* * RFC 3261, Section 16.7 step 3 * Proxy Behavior - Response Processing - Remove my Via header field value @@ -496,16 +506,6 @@ int proxy_response (sip_ticket_t *ticket) { return STS_FAILURE; } - /* - * figure out if this is an request coming from the outside - * world to one of our registered clients - */ - sip_find_direction(ticket, NULL); - type = ticket->direction; - - /* Call Plugins for stage: PLUGIN_PRE_PROXY */ - sts = call_plugins(PLUGIN_PRE_PROXY, ticket); - /* * ok, we got a response that we are allowed to process. */