Checking inbound calls against trusted/gw tables

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Checking inbound calls against trusted/gw tables

Gordon Ross
(I'm slowly getting my head round OpenSIPS. Slowly....)

Where/how are inbound calls checked against the trusted & gw tables ?

I've not put anything into my config to check against these tables (e.g. No
allow_trusted() or from_gw() function calls), yet OpenSIPS is being helpful
and allowing calls from sources that are listed in the trusted or gw tables.
If I remove sources from these tables, then OpenSIPS rejects the calls, so
they are being referenced....

Thanks,

GTG


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Checking inbound calls against trusted/gw tables

Gordon Ross
On 13/07/2009 11:04, "Gordon Ross" <[hidden email]> wrote:

> (I'm slowly getting my head round OpenSIPS. Slowly....)
>
> Where/how are inbound calls checked against the trusted & gw tables ?
>
> I've not put anything into my config to check against these tables (e.g. No
> allow_trusted() or from_gw() function calls), yet OpenSIPS is being helpful
> and allowing calls from sources that are listed in the trusted or gw tables.
> If I remove sources from these tables, then OpenSIPS rejects the calls, so
> they are being referenced....

PS I should have mentioned that I suspect it's the check_from() function
call that does the work. Yet the docs for this function say that it only
checks the URI DB table, not the gw or trusted tables.

GTG


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Checking inbound calls against trusted/gw tables

Bogdan-Andrei Iancu
In reply to this post by Gordon Ross
Hi Gordon,

If you want to do ip-based authentication, use the permisssion module,
the allow_trusted() function (see:
http://www.opensips.org/html/docs/modules/1.5.x/permissions.html#id272182)

The allow_trusted() function use the "trusted" table and you can use
OpenSIPS Control Panel for provisioning the content of the table
(http://opensips-cp.sourceforge.net/htmldoc/permissions.html).

The gw table is used by lcr module for doing routing based on prefixes
(outbound traffic).

Regards,
Bogdan

Gordon Ross wrote:

> (I'm slowly getting my head round OpenSIPS. Slowly....)
>
> Where/how are inbound calls checked against the trusted & gw tables ?
>
> I've not put anything into my config to check against these tables (e.g. No
> allow_trusted() or from_gw() function calls), yet OpenSIPS is being helpful
> and allowing calls from sources that are listed in the trusted or gw tables.
> If I remove sources from these tables, then OpenSIPS rejects the calls, so
> they are being referenced....
>
> Thanks,
>
> GTG
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>  


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Checking inbound calls against trusted/gw tables

Bogdan-Andrei Iancu
In reply to this post by Gordon Ross
Gordon Ross wrote:

> On 13/07/2009 11:04, "Gordon Ross" <[hidden email]> wrote:
>
>  
>> (I'm slowly getting my head round OpenSIPS. Slowly....)
>>
>> Where/how are inbound calls checked against the trusted & gw tables ?
>>
>> I've not put anything into my config to check against these tables (e.g. No
>> allow_trusted() or from_gw() function calls), yet OpenSIPS is being helpful
>> and allowing calls from sources that are listed in the trusted or gw tables.
>> If I remove sources from these tables, then OpenSIPS rejects the calls, so
>> they are being referenced....
>>    
>
> PS I should have mentioned that I suspect it's the check_from() function
> call that does the work. Yet the docs for this function say that it only
> checks the URI DB table, not the gw or trusted tables.
>  
check_from() is for checking the auth id (from the Authorized SIP
header) against the uri table or the FROM hdr.  It has nothing to do
with IP authentication.

Regards,
Bogdan

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users