[OpenSIPS-Users] is_ip_registered in invite

Schneur Rosenberg rosenberg11219 at gmail.com
Mon Dec 12 11:27:01 EST 2016


Thanks Razvan, I had no choice and I did it the non lazy way, we have lots
of carriers for incoming DID's, until now I did not want to have the
headache of constantly updating my carriers IP's used for incoming traffic,
so I allowed unauthenticated DID calls to come in from any IP address, but
it was really not smart, I needed to do extra database queries, and my
database even crashed once when someone brute forced my server and by the
time the firewall script kicked in to block him my database has crashed
because it was doing a MYSQL query for each invite.

So now I use the permission module to load all did providers IP addresses
and therefore I don't need to do extra tests and queries on every single
INVITE and all my problems have been solved :-)

On Mon, Dec 5, 2016 at 11:03 AM, Răzvan Crainea <razvan at opensips.org> wrote:

> Hi, Schneur!
>
> The second parameter of the is_ip_registered() function[1] should be the
> AOR of the caller, in the sip:SIP_USER at SIP_DOMAIN format. The source IP
> is only checked against the contacts of that specific subscriber.
> However, if I understand correctly, your problem is determining what is
> the correct AOR to use, because the From username and domain might be
> different between REGISTER and INVITE, right? If that's the case, you
> don't have that many choices: either you search through all registered IPs
> (but there is no OpenSIPS function to do that, so you'll need someting
> external as you've already done), or you create some sort of mappings
> between the REGISTER and INVITE users/formats. Or you impose your customers
> to comply with a specific format, that can help you figure out the mapping.
>
> [1] http://www.opensips.org/html/docs/modules/2.2.x/registrar.
> html#id294953
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Solutionswww.opensips-solutions.com
>
> On 12/04/2016 01:20 PM, Schneur Rosenberg wrote:
>
> Hi, I would like to check during the initial  invite if the request comes
> from a IP that is registered (I don't care about the user credentials at
> this time), I use it to know if the invite is from a registered user or if
> it is from a unauthenticated source (DID's or hacking attempt) I can't use
>  is_contact_registered()  because not all clients send the user name in the
> initial invite, and they only send it in the authentication username which
> is absent in the initial invite, therefore I want to use is_ip_registered()
> but I'm having issues and I don't understand exactly what the second
> parameter is for, I want to check for the ip in the $si variable if it is
> registered (either in the contact field or in the received field).
>
> When leaving blank the AOR field, some devices work well but some don't.
>
> Due to NAT some devices register the IP in the contact field, and some in
> the received field, I want to try to match to either one, and it should
> parse the contact field that it should ignore the username from the contact
> field.
>
> I was doing a avp_db_query() until now, but it had 2 major issues.
>
> 1) It runs a MYSQL query on each REQUEST which reduces performance, I
> couldn't use memcache because IP's are dynamic in nature.
> 2)  I use db_mode 2 on usrloc and it takes about a minute for the
> registration to appear in the DB and the user can't call out during that
> minute, and even worse if he tries multiple times and it gets rejected my
> iptables will block his IP.
>
> thank you
> S. Rosenberg
>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20161212/79116198/attachment.htm>


More information about the Users mailing list