diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.c b/src/mod/endpoints/mod_sofia/mod_sofia.c index afc3fbf739..c574077d64 100644 --- a/src/mod/endpoints/mod_sofia/mod_sofia.c +++ b/src/mod/endpoints/mod_sofia/mod_sofia.c @@ -985,12 +985,22 @@ static switch_status_t sofia_receive_message(switch_core_session_t *session, swi if (code == 407 && !msg->numeric_arg) { const char *to_uri = switch_channel_get_variable(channel, "sip_to_uri"); const char *to_host = reason; - + const char *val; + const char *sticky = NULL; + + if (switch_test_flag(tech_pvt, TFLAG_NAT) || + (val = switch_channel_get_variable(channel, "sip-force-contact")) || + ((val = switch_channel_get_variable(channel, "sip_sticky_contact")) && switch_true(val))) { + sticky = tech_pvt->record_route; + switch_channel_set_variable(channel, "sip_nat_detected", "true"); + } + + if (switch_strlen_zero(to_host)) { to_host = switch_channel_get_variable(channel, "sip_to_host"); } switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Challenging call %s\n", to_uri); - sofia_reg_auth_challange(NULL, tech_pvt->profile, tech_pvt->nh, REG_INVITE, to_host, 0); + sofia_reg_auth_challange(NULL, tech_pvt->profile, tech_pvt->nh, REG_INVITE, to_host, 0, sticky); switch_channel_hangup(channel, SWITCH_CAUSE_USER_CHALLENGE); } else if (code == 484 && msg->numeric_arg) { const char *to = switch_channel_get_variable(channel, "sip_to_uri"); diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.h b/src/mod/endpoints/mod_sofia/mod_sofia.h index f8e005a968..76ccc0d608 100644 --- a/src/mod/endpoints/mod_sofia/mod_sofia.h +++ b/src/mod/endpoints/mod_sofia/mod_sofia.h @@ -518,7 +518,7 @@ void sofia_presence_event_handler(switch_event_t *event); void sofia_presence_mwi_event_handler(switch_event_t *event); void sofia_presence_cancel(void); switch_status_t config_sofia(int reload, char *profile_name); -void sofia_reg_auth_challange(nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, sofia_regtype_t regtype, const char *realm, int stale); +void sofia_reg_auth_challange(nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, sofia_regtype_t regtype, const char *realm, int stale, const char *sticky); auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, sip_t const *sip, const char *regstr, char *np, size_t nplen, char *ip, switch_event_t **v_event, long exptime, sofia_regtype_t regtype, const char *to_user); @@ -555,7 +555,7 @@ int sofia_glue_get_user_host(char *in, char **user, char **host); switch_call_cause_t sofia_glue_sip_cause_to_freeswitch(int status); void sofia_glue_do_xfer_invite(switch_core_session_t *session); uint8_t sofia_reg_handle_register(nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, sip_t const *sip, - sofia_regtype_t regtype, char *key, uint32_t keylen, switch_event_t **v_event); + sofia_regtype_t regtype, char *key, uint32_t keylen, switch_event_t **v_event, const char *sticky); extern switch_endpoint_interface_t *sofia_endpoint_interface; void sofia_presence_set_chat_hash(private_object_t *tech_pvt, sip_t const *sip); switch_status_t sofia_on_hangup(switch_core_session_t *session); diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index 1eb87f1708..009df26ed6 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -2647,6 +2647,7 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_ int is_auth = 0, calling_myself = 0; su_addrinfo_t *my_addrinfo = msg_addrinfo(nua_current_request(nua)); int network_port = 0; + char *sticky = NULL, *is_nat = NULL; if (sess_count >= sess_max || !(profile->pflags & PFLAG_RUNNING)) { nua_respond(nh, 503, "Maximum Calls In Progress", SIPTAG_RETRY_AFTER_STR("300"), TAG_END()); @@ -2662,6 +2663,31 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_ get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) my_addrinfo->ai_addr)->sin_addr); network_port = ntohs(((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_port); + + if (profile->nat_acl_count) { + uint32_t x = 0; + int ok = 1; + char *last_acl = NULL; + const char *contact_host = NULL; + + if (sip && sip->sip_contact && sip->sip_contact->m_url) { + contact_host = sip->sip_contact->m_url->url_host; + } + + if (!switch_strlen_zero(contact_host)) { + for (x = 0 ; x < profile->nat_acl_count; x++) { + last_acl = profile->nat_acl[x]; + if (!(ok = switch_check_network_list_ip(contact_host, last_acl))) { + break; + } + } + + if (ok) { + is_nat = last_acl; + } + } + } + if (profile->acl_count) { uint32_t x = 0; @@ -2699,12 +2725,18 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_ if (!strcmp(network_ip, profile->sipip) && network_port == profile->sip_port) { calling_myself++; } else { - if (sofia_reg_handle_register(nua, profile, nh, sip, REG_INVITE, key, sizeof(key), &v_event)) { + if (is_nat) { + sticky = switch_mprintf("sip:%s@%s:%d", sip->sip_contact->m_url->url_user, network_ip, network_port); + } + + if (sofia_reg_handle_register(nua, profile, nh, sip, REG_INVITE, key, sizeof(key), &v_event, sticky)) { if (v_event) { switch_event_destroy(&v_event); } + switch_safe_free(sticky); return; } + switch_safe_free(sticky); } is_auth++; } @@ -3159,27 +3191,12 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_ sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE); } - - if (profile->nat_acl_count) { - uint32_t x = 0; - int ok = 1; - char *last_acl = NULL; - - if (!switch_strlen_zero(contact_host)) { - for (x = 0 ; x < profile->nat_acl_count; x++) { - last_acl = profile->nat_acl[x]; - if (!(ok = switch_check_network_list_ip(contact_host, last_acl))) { - break; - } - } - - if (ok) { - switch_set_flag(tech_pvt, TFLAG_NAT); - switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Setting NAT mode based on acl %s\n", last_acl); - switch_channel_set_variable(channel, "sip_nat_detected", "true"); - } - } + if (is_nat) { + switch_set_flag(tech_pvt, TFLAG_NAT); + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Setting NAT mode based on acl %s\n", is_nat); + switch_channel_set_variable(channel, "sip_nat_detected", "true"); } + return; } diff --git a/src/mod/endpoints/mod_sofia/sofia_reg.c b/src/mod/endpoints/mod_sofia/sofia_reg.c index 7a4fdaa9ca..0e5fdcbb25 100644 --- a/src/mod/endpoints/mod_sofia/sofia_reg.c +++ b/src/mod/endpoints/mod_sofia/sofia_reg.c @@ -381,7 +381,7 @@ char *sofia_reg_find_reg_url(sofia_profile_t *profile, const char *user, const c } -void sofia_reg_auth_challange(nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, sofia_regtype_t regtype, const char *realm, int stale) +void sofia_reg_auth_challange(nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, sofia_regtype_t regtype, const char *realm, int stale, const char *sticky) { switch_uuid_t uuid; char uuid_str[SWITCH_UUID_FORMATTED_LENGTH + 1]; @@ -401,16 +401,22 @@ void sofia_reg_auth_challange(nua_t *nua, sofia_profile_t *profile, nua_handle_t switch_mprintf("Digest realm=\"%q\", nonce=\"%q\",%s algorithm=MD5, qop=\"auth\"", realm, uuid_str, stale ? " stale=\"true\"," : ""); if (regtype == REG_REGISTER) { - nua_respond(nh, SIP_401_UNAUTHORIZED, TAG_IF(nua, NUTAG_WITH_THIS(nua)), SIPTAG_WWW_AUTHENTICATE_STR(auth_str), TAG_END()); + nua_respond(nh, + SIP_401_UNAUTHORIZED, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + TAG_IF(nua, NUTAG_WITH_THIS(nua)), SIPTAG_WWW_AUTHENTICATE_STR(auth_str), TAG_END()); } else if (regtype == REG_INVITE) { - nua_respond(nh, SIP_407_PROXY_AUTH_REQUIRED, TAG_IF(nua, NUTAG_WITH_THIS(nua)), SIPTAG_PROXY_AUTHENTICATE_STR(auth_str), TAG_END()); + nua_respond(nh, + SIP_407_PROXY_AUTH_REQUIRED, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + TAG_IF(nua, NUTAG_WITH_THIS(nua)), SIPTAG_PROXY_AUTHENTICATE_STR(auth_str), TAG_END()); } switch_safe_free(auth_str); } uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_handle_t * nh, sip_t const *sip, sofia_regtype_t regtype, char *key, - uint32_t keylen, switch_event_t **v_event) + uint32_t keylen, switch_event_t **v_event, const char *sticky) { sip_to_t const *to = NULL; sip_expires_t const *expires = NULL; @@ -557,16 +563,22 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han if (auth_res != AUTH_OK && !stale) { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "send %s for [%s@%s]\n", forbidden ? "forbidden" : "challange", to_user, to_host); if (auth_res == AUTH_FORBIDDEN) { - nua_respond(nh, SIP_403_FORBIDDEN, NUTAG_WITH_THIS(nua), TAG_END()); + nua_respond(nh, + SIP_403_FORBIDDEN, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + NUTAG_WITH_THIS(nua), TAG_END()); } else { - nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), TAG_END()); + nua_respond(nh, + SIP_401_UNAUTHORIZED, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + NUTAG_WITH_THIS(nua), TAG_END()); } return 1; } } if (!authorization || stale) { - sofia_reg_auth_challange(nua, profile, nh, regtype, to_host, stale); + sofia_reg_auth_challange(nua, profile, nh, regtype, to_host, stale, sticky); if (regtype == REG_REGISTER && profile->debug) { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Requesting Registration from: [%s@%s]\n", to_user, to_host); } @@ -691,7 +703,10 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han if (exptime) { new_contact = switch_mprintf("%s;expires=%ld", contact_str, (long)exptime); - nua_respond(nh, SIP_200_OK, SIPTAG_CONTACT_STR(new_contact), NUTAG_WITH_THIS(nua), TAG_END()); + nua_respond(nh, + SIP_200_OK, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + SIPTAG_CONTACT_STR(new_contact), NUTAG_WITH_THIS(nua), TAG_END()); switch_safe_free(new_contact); if (switch_event_create(&event, SWITCH_EVENT_MESSAGE_QUERY) == SWITCH_STATUS_SUCCESS) { switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Message-Account", "sip:%s@%s", to_user, to_host); @@ -699,7 +714,10 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han switch_event_fire(&event); } } else { - nua_respond(nh, SIP_200_OK, SIPTAG_CONTACT(contact), NUTAG_WITH_THIS(nua), TAG_END()); + nua_respond(nh, + SIP_200_OK, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + SIPTAG_CONTACT(contact), NUTAG_WITH_THIS(nua), TAG_END()); if (switch_event_create_subclass(&s_event, SWITCH_EVENT_CUSTOM, MY_EVENT_UNREGISTER) == SWITCH_STATUS_SUCCESS) { switch_event_add_header(s_event, SWITCH_STACK_BOTTOM, "profile-name", "%s", profile->name); @@ -728,14 +746,58 @@ void sofia_reg_handle_sip_i_register(nua_t * nua, sofia_profile_t *profile, nua_ char network_ip[80]; su_addrinfo_t *my_addrinfo = msg_addrinfo(nua_current_request(nua)); sofia_regtype_t type = REG_REGISTER; + char *sticky = NULL; + int network_port = 0; + + get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) my_addrinfo->ai_addr)->sin_addr); + network_port = ntohs(((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_port); + + + if (!(sip->sip_contact && sip->sip_contact->m_url)) { + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "NO CONTACT!\n"); + nua_respond(nh, 400, "Missing Contact Header", TAG_END()); + goto end; + } + + if (profile->nat_acl_count) { + uint32_t x = 0; + int ok = 1; + char *last_acl = NULL; + const char *contact_host = NULL; + + if (sip && sip->sip_contact && sip->sip_contact->m_url) { + contact_host = sip->sip_contact->m_url->url_host; + } + + if (!switch_strlen_zero(contact_host)) { + for (x = 0 ; x < profile->nat_acl_count; x++) { + last_acl = profile->nat_acl[x]; + if (!(ok = switch_check_network_list_ip(contact_host, last_acl))) { + break; + } + } + + if (ok) { + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Setting NAT mode based on acl %s\n", last_acl); + sticky = switch_mprintf("sip:%s@%s:%d", sip->sip_contact->m_url->url_user, network_ip, network_port); + } + } + } + + + if (!(profile->mflags & MFLAG_REGISTER)) { + nua_respond(nh, + SIP_403_FORBIDDEN, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + NUTAG_WITH_THIS(nua), TAG_END()); + goto end; + } if (profile->reg_acl_count) { uint32_t x = 0; int ok = 1; char *last_acl = NULL; - get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) my_addrinfo->ai_addr)->sin_addr); - for (x = 0 ; x < profile->reg_acl_count; x++) { last_acl = profile->reg_acl[x]; if (!(ok = switch_check_network_list_ip(network_ip, last_acl))) { @@ -747,30 +809,24 @@ void sofia_reg_handle_sip_i_register(nua_t * nua, sofia_profile_t *profile, nua_ type = REG_AUTO_REGISTER; } else if (!ok) { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "IP %s Rejected by acl %s\n", network_ip, profile->reg_acl[x]); - nua_respond(nh, SIP_403_FORBIDDEN, NUTAG_WITH_THIS(nua), TAG_END()); + nua_respond(nh, + SIP_403_FORBIDDEN, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + NUTAG_WITH_THIS(nua), TAG_END()); goto end; } } - - - if (!(profile->mflags & MFLAG_REGISTER)) { - nua_respond(nh, SIP_403_FORBIDDEN, NUTAG_WITH_THIS(nua), TAG_END()); - goto end; - } if (!sip || !sip->sip_request || !sip->sip_request->rq_method_name) { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Received an invalid packet!\n"); - nua_respond(nh, SIP_500_INTERNAL_SERVER_ERROR, TAG_END()); + nua_respond(nh, + SIP_500_INTERNAL_SERVER_ERROR, + TAG_IF(sticky, NUTAG_PROXY(sticky)), + TAG_END()); goto end; } - if (!(sip->sip_contact && sip->sip_contact->m_url)) { - switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "NO CONTACT!\n"); - nua_respond(nh, 400, "Missing Contact Header", TAG_END()); - goto end; - } - - sofia_reg_handle_register(nua, profile, nh, sip, type, key, sizeof(key), &v_event); + sofia_reg_handle_register(nua, profile, nh, sip, type, key, sizeof(key), &v_event, sticky); if (v_event) { switch_event_fire(&v_event); @@ -778,6 +834,7 @@ void sofia_reg_handle_sip_i_register(nua_t * nua, sofia_profile_t *profile, nua_ end: + switch_safe_free(sticky); nua_handle_destroy(nh); }