Hi, A cleaner solution might make use of this, when processing in-dialog requests where the Record-Route would have been turned into a Route set:
https://www.kamailio.org/wiki/cookbooks/5.0.x/pseudovariables#route_uri_-_uri_in_first_route_header You could set a dialog-persistent variable indicating the original source address of the caller and callee next-hops: https://www.kamailio.org/wiki/cookbooks/5.0.x/pseudovariables#dlg_var_key And then check in the onsend_route if the next-hop address, https://www.kamailio.org/wiki/cookbooks/5.0.x/pseudovariables#next_hop_addressa compares to one of those endpoints. However, I would ask why you are so concerned about this particular spoof attack. Putting a third-party address in Record-Route only affects in-dialog requests (end-to-end ACK, BYE, re-INVITE, etc.), which, if they cannot be matched to an existing dialog known by that destination, will simply be discarded. I would be more concerned about Contact spoofing in the registrar, if you are using it. -- Alex -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ _______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
