24 #include "asterisk/res_pjsip.h"
25 #include "asterisk/res_pjsip_session.h"
26 #include "include/res_pjsip_private.h"
29 #define MOD_DATA_RESTRICTIONS "restrictions"
31 static pj_status_t filter_on_tx_message(pjsip_tx_data *tdata);
32 static pj_bool_t filter_on_rx_message(pjsip_rx_data *rdata);
40 static pjsip_module filter_module_transport = {
41 .name = {
"Message Filtering Transport", 27 },
43 .priority = PJSIP_MOD_PRIORITY_TRANSPORT_LAYER,
44 .on_rx_request = filter_on_rx_message,
47 static pjsip_module filter_module_tsx = {
48 .name = {
"Message Filtering TSX", 21 },
50 .priority = PJSIP_MOD_PRIORITY_TSX_LAYER - 1,
51 .on_tx_request = filter_on_tx_message,
52 .on_tx_response = filter_on_tx_message,
60 restrictions = ast_sip_mod_data_get(tdata->mod_data, filter_module_tsx.id, MOD_DATA_RESTRICTIONS);
66 ast_sip_mod_data_set(tdata->pool, tdata->mod_data, filter_module_tsx.id, MOD_DATA_RESTRICTIONS, restrictions);
81 .
priority = AST_SIP_SUPPLEMENT_PRIORITY_FIRST,
82 .outgoing_request = filter_outgoing_message,
83 .outgoing_response = filter_outgoing_message,
87 static void filter_session_outgoing_message(
struct ast_sip_session *session,
struct pjsip_tx_data *tdata)
97 .outgoing_request = filter_session_outgoing_message,
98 .outgoing_response = filter_session_outgoing_message,
102 static pjsip_transport *get_udp_transport(pj_str_t *address,
int port)
104 struct ao2_container *transport_states = ast_sip_get_transport_states();
107 pjsip_transport *sip_transport = NULL;
109 if (!transport_states) {
113 for (iter =
ao2_iterator_init(transport_states, 0); (transport_state = ao2_iterator_next(&iter));
ao2_ref(transport_state, -1)) {
114 if (!transport_state->
flow &&
115 transport_state->
type == AST_TRANSPORT_UDP &&
116 !pj_strcmp(&transport_state->
transport->local_name.host, address) &&
117 transport_state->
transport->local_name.port == port) {
118 sip_transport = transport_state->
transport;
127 return sip_transport;
131 static int is_bound_any(pjsip_transport *transport)
133 pj_uint32_t loop6[4] = {0, 0, 0, 0};
135 if ((transport->local_addr.addr.sa_family == pj_AF_INET() &&
136 transport->local_addr.ipv4.sin_addr.s_addr == PJ_INADDR_ANY) ||
137 (transport->local_addr.addr.sa_family == pj_AF_INET6() &&
138 !pj_memcmp(&transport->local_addr.ipv6.sin6_addr, loop6,
sizeof(loop6)))) {
146 static int multihomed_rewrite_sdp(
struct pjmedia_sdp_session *sdp)
153 if ((!pj_strcmp2(&sdp->conn->addr_type,
"IP4") && !pj_strcmp2(&sdp->conn->addr,
154 ast_sip_get_host_ip_string(pj_AF_INET()))) ||
155 (!pj_strcmp2(&sdp->conn->addr_type,
"IP6") && !pj_strcmp2(&sdp->conn->addr,
156 ast_sip_get_host_ip_string(pj_AF_INET6())))) {
163 #define is_sip_uri(uri) \
164 (PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri))
166 static void print_sanitize_debug(
char *msg, pjsip_uri_context_e context, pjsip_sip_uri *uri)
172 hdrbuf_len = pjsip_uri_print(context, uri, hdrbuf, 512);
173 hdrbuf[hdrbuf_len] =
'\0';
180 #define FUNC_ATTRS __attribute__ ((noinline))
185 static void FUNC_ATTRS sanitize_tdata(pjsip_tx_data *tdata)
187 static const pj_str_t x_name = { AST_SIP_X_AST_TXP, AST_SIP_X_AST_TXP_LEN };
188 pjsip_param *x_transport;
192 if (tdata->msg->type == PJSIP_REQUEST_MSG) {
193 if (ast_sip_is_uri_sip_sips(tdata->msg->line.req.uri)) {
194 uri = pjsip_uri_get_uri(tdata->msg->line.req.uri);
195 print_sanitize_debug(
"Sanitizing Request", PJSIP_URI_IN_REQ_URI, uri);
196 while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {
197 pj_list_erase(x_transport);
202 for (hdr = tdata->msg->hdr.next; hdr != &tdata->msg->hdr; hdr = hdr->next) {
203 if (hdr->type == PJSIP_H_TO || hdr->type == PJSIP_H_FROM) {
204 if (ast_sip_is_uri_sip_sips(((pjsip_fromto_hdr *) hdr)->uri)) {
205 uri = pjsip_uri_get_uri(((pjsip_fromto_hdr *) hdr)->uri);
206 print_sanitize_debug(
"Sanitizing From/To header", PJSIP_URI_IN_FROMTO_HDR, uri);
207 while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {
208 pj_list_erase(x_transport);
211 }
else if (hdr->type == PJSIP_H_CONTACT) {
212 if (!((pjsip_contact_hdr *) hdr)->star && ast_sip_is_uri_sip_sips(((pjsip_contact_hdr *) hdr)->uri)) {
213 uri = pjsip_uri_get_uri(((pjsip_contact_hdr *) hdr)->uri);
214 print_sanitize_debug(
"Sanitizing Contact header", PJSIP_URI_IN_CONTACT_HDR, uri);
215 while ((x_transport = pjsip_param_find(&uri->other_param, &x_name))) {
216 pj_list_erase(x_transport);
222 pjsip_tx_data_invalidate_msg(tdata);
225 static pj_status_t filter_on_tx_message(pjsip_tx_data *tdata)
228 ast_sip_mod_data_get(tdata->mod_data, filter_module_transport.id, MOD_DATA_RESTRICTIONS);
229 pjsip_tpmgr_fla2_param prm;
230 pjsip_cseq_hdr *cseq;
232 pjsip_fromto_hdr *from;
233 pjsip_tpselector sel;
234 pjsip_sdp_info *sdp_info;
235 pjmedia_sdp_session *sdp;
237 sanitize_tdata(tdata);
240 pjsip_tpmgr_fla2_param_default(&prm);
241 prm.tp_type = tdata->tp_info.transport->key.type;
242 pj_strset2(&prm.dst_host, tdata->tp_info.dst_name);
243 prm.local_if = PJ_TRUE;
245 if ((tdata->tp_info.transport->key.type != PJSIP_TRANSPORT_UDP) &&
246 (tdata->tp_info.transport->key.type != PJSIP_TRANSPORT_UDP6)) {
247 sel.type = PJSIP_TPSELECTOR_LISTENER;
248 sel.u.listener = tdata->tp_info.transport->factory;
253 if (pjsip_tpmgr_find_local_addr2(pjsip_endpt_get_tpmgr(ast_sip_get_pjsip_endpoint()), tdata->pool, &prm) != PJ_SUCCESS) {
258 if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP ||
259 tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) {
260 prm.ret_port = tdata->tp_info.transport->local_name.port;
264 if (pj_strcmp(&prm.ret_addr, &tdata->tp_info.transport->local_name.host)) {
267 if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP ||
268 tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) {
269 pjsip_transport *transport;
271 transport = get_udp_transport(&prm.ret_addr, prm.ret_port);
274 tdata->tp_info.transport = transport;
279 if (!is_bound_any(tdata->tp_info.transport)) {
280 pj_strassign(&prm.ret_addr, &tdata->tp_info.transport->local_name.host);
284 pj_strassign(&prm.ret_addr, &tdata->tp_info.transport->local_name.host);
288 if (tdata->msg->type == PJSIP_REQUEST_MSG || !(cseq = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_CSEQ, NULL)) ||
289 pj_strcmp2(&cseq->method.name,
"REGISTER")) {
290 pjsip_contact_hdr *contact = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_CONTACT, NULL);
291 if (contact && ast_sip_is_uri_sip_sips(contact->uri)
292 && !(tdata->msg->type == PJSIP_RESPONSE_MSG && tdata->msg->line.status.code / 100 == 3)) {
293 pjsip_sip_uri *uri = pjsip_uri_get_uri(contact->uri);
296 pj_strassign(&uri->host, &prm.ret_addr);
297 uri->port = prm.ret_port;
298 ast_debug(5,
"Re-wrote Contact URI host/port to %.*s:%d (this may be re-written again later)\n",
299 (
int)pj_strlen(&uri->host), pj_strbuf(&uri->host), uri->port);
301 if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP ||
302 tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) {
303 uri->transport_param.slen = 0;
305 pj_strdup2(tdata->pool, &uri->transport_param, pjsip_transport_get_type_name(tdata->tp_info.transport->key.type));
308 pjsip_tx_data_invalidate_msg(tdata);
312 if (tdata->msg->type == PJSIP_REQUEST_MSG && (via = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_VIA, NULL))) {
313 pj_strassign(&via->sent_by.host, &prm.ret_addr);
314 via->sent_by.port = prm.ret_port;
316 pjsip_tx_data_invalidate_msg(tdata);
319 if (tdata->msg->type == PJSIP_REQUEST_MSG && (from = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_FROM, NULL)) &&
321 pjsip_name_addr *id_name_addr = (pjsip_name_addr *)from->uri;
322 pjsip_sip_uri *uri = pjsip_uri_get_uri(id_name_addr);
325 if (pj_strcmp2(&uri->host,
"localhost") && pj_sockaddr_parse(pj_AF_UNSPEC(), 0, &uri->host, &ip) == PJ_SUCCESS) {
326 pj_strassign(&uri->host, &prm.ret_addr);
327 pjsip_tx_data_invalidate_msg(tdata);
332 if (!tdata->msg->body) {
340 sdp_info = pjsip_get_sdp_info(tdata->pool, tdata->msg->body, NULL, &pjsip_media_type_application_sdp);
341 if (sdp_info->sdp_err != PJ_SUCCESS || !sdp_info->sdp) {
347 if (multihomed_rewrite_sdp(sdp)) {
348 static const pj_str_t STR_IP4 = {
"IP4", 3 };
349 static const pj_str_t STR_IP6 = {
"IP6", 3 };
353 STR_IP = tdata->tp_info.transport->key.type & PJSIP_TRANSPORT_IPV6 ? STR_IP6 : STR_IP4;
355 pj_strassign(&sdp->origin.addr, &prm.ret_addr);
356 sdp->origin.addr_type = STR_IP;
357 pj_strassign(&sdp->conn->addr, &prm.ret_addr);
358 sdp->conn->addr_type = STR_IP;
360 for (stream = 0; stream < sdp->media_count; ++stream) {
361 if (sdp->media[stream]->conn) {
362 pj_strassign(&sdp->media[stream]->conn->addr, &prm.ret_addr);
363 sdp->media[stream]->conn->addr_type = STR_IP;
367 pjsip_tx_data_invalidate_msg(tdata);
374 URI_TYPE_REQUEST = -1,
375 URI_TYPE_TO = PJSIP_H_TO,
376 URI_TYPE_FROM = PJSIP_H_FROM,
377 URI_TYPE_CONTACT = PJSIP_H_CONTACT,
380 static void print_uri_debug(
enum uri_type ut, pjsip_rx_data *rdata, pjsip_hdr *hdr)
383 pjsip_uri *local_uri = NULL;
387 pjsip_uri_context_e context = PJSIP_URI_IN_OTHER;
388 char header_name[32];
391 case(URI_TYPE_REQUEST):
392 context = PJSIP_URI_IN_REQ_URI;
393 strcpy(header_name,
"Request");
394 local_uri = rdata->msg_info.msg->line.req.uri;
397 strcpy(header_name,
"From");
398 context = PJSIP_URI_IN_FROMTO_HDR;
399 local_uri = pjsip_uri_get_uri(((pjsip_from_hdr *)hdr)->uri);
402 strcpy(header_name,
"To");
403 context = PJSIP_URI_IN_FROMTO_HDR;
404 local_uri = pjsip_uri_get_uri(((pjsip_to_hdr *)hdr)->uri);
406 case(PJSIP_H_CONTACT):
407 strcpy(header_name,
"Contact");
408 context = PJSIP_URI_IN_CONTACT_HDR;
409 local_uri = pjsip_uri_get_uri(((pjsip_contact_hdr *)hdr)->uri);
413 hdrbuf_len = pjsip_uri_print(PJSIP_URI_IN_REQ_URI, rdata->msg_info.msg->line.req.uri, hdrbuf, 512);
414 hdrbuf[hdrbuf_len] =
'\0';
416 hdrbuf_len = pjsip_uri_print(context, local_uri, hdrbuf, 512);
417 hdrbuf[hdrbuf_len] =
'\0';
419 ast_debug(2,
"There was a non sip(s) URI scheme in %s URI '%s' for request '%*.*s %s'\n",
421 (
int)rdata->msg_info.msg->line.req.method.name.slen,
422 (
int)rdata->msg_info.msg->line.req.method.name.slen,
423 rdata->msg_info.msg->line.req.method.name.ptr, request_uri);
435 static void remove_x_ast_params(pjsip_uri *header_uri){
443 if (PJSIP_URI_SCHEME_IS_TEL(header_uri)) {
447 uri = pjsip_uri_get_uri(header_uri);
452 param = uri->other_param.next;
454 while (param != &uri->other_param) {
456 pjsip_param *next = param->next;
458 if (pj_strncmp2(¶m->name,
"x-ast-", 6) == 0) {
459 pj_list_erase(param);
466 static int is_allowed_tel_uri_request(pjsip_rx_data *rdata)
468 struct pjsip_request_line req = rdata->msg_info.msg->line.req;
469 const pjsip_method method = (
const pjsip_method)req.method;
471 if (pjsip_method_cmp(&method, pjsip_get_invite_method())) {
473 }
else if (pjsip_method_cmp(&method, pjsip_get_ack_method())) {
475 }
else if (pjsip_method_cmp(&method, pjsip_get_bye_method())) {
477 }
else if (pjsip_method_cmp(&method, pjsip_get_cancel_method())) {
484 static pj_bool_t on_rx_process_uris(pjsip_rx_data *rdata)
486 pjsip_contact_hdr *contact = NULL;
488 if (rdata->msg_info.msg->type != PJSIP_REQUEST_MSG) {
492 if (PJSIP_URI_SCHEME_IS_TEL(rdata->msg_info.msg->line.req.uri)
493 && !is_allowed_tel_uri_request(rdata)) {
494 print_uri_debug(URI_TYPE_REQUEST, rdata, NULL);
495 pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata,
496 PJSIP_SC_UNSUPPORTED_URI_SCHEME, NULL, NULL, NULL);
499 remove_x_ast_params(rdata->msg_info.msg->line.req.uri);
501 if (!ast_sip_is_allowed_uri(rdata->msg_info.from->uri)) {
502 print_uri_debug(URI_TYPE_FROM, rdata, (pjsip_hdr *)rdata->msg_info.from);
503 pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata,
504 PJSIP_SC_UNSUPPORTED_URI_SCHEME, NULL, NULL, NULL);
507 remove_x_ast_params(rdata->msg_info.from->uri);
509 if (!ast_sip_is_allowed_uri(rdata->msg_info.to->uri)) {
510 print_uri_debug(URI_TYPE_TO, rdata, (pjsip_hdr *)rdata->msg_info.to);
511 pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata,
512 PJSIP_SC_UNSUPPORTED_URI_SCHEME, NULL, NULL, NULL);
515 remove_x_ast_params(rdata->msg_info.to->uri);
517 contact = (pjsip_contact_hdr *) pjsip_msg_find_hdr(
518 rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
520 if (!contact && pjsip_method_creates_dialog(&rdata->msg_info.msg->line.req.method)) {
522 static const pj_str_t missing_contact = {
"Missing Contact header", 22 };
523 pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 400,
524 &missing_contact, NULL, NULL);
529 if (!contact->star && !is_sip_uri(contact->uri)) {
530 print_uri_debug(URI_TYPE_CONTACT, rdata, (pjsip_hdr *)contact);
531 pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata,
532 PJSIP_SC_UNSUPPORTED_URI_SCHEME, NULL, NULL, NULL);
535 remove_x_ast_params(contact->uri);
537 contact = (pjsip_contact_hdr *) pjsip_msg_find_hdr(
538 rdata->msg_info.msg, PJSIP_H_CONTACT, contact->next);
544 static pj_bool_t on_rx_process_symmetric_transport(pjsip_rx_data *rdata)
546 pjsip_contact_hdr *contact;
548 const char *transport_id;
550 pjsip_param *x_transport;
552 if (rdata->msg_info.msg->type != PJSIP_REQUEST_MSG) {
556 contact = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
557 if (!(contact && contact->uri
558 &&
ast_begins_with(rdata->tp_info.transport->info, AST_SIP_X_AST_TXP
":"))) {
562 uri = pjsip_uri_get_uri(contact->uri);
564 transport_id = rdata->tp_info.transport->info + AST_SIP_X_AST_TXP_LEN + 1;
568 ao2_cleanup(transport);
571 ao2_cleanup(transport);
573 x_transport = PJ_POOL_ALLOC_T(rdata->tp_info.pool, pjsip_param);
574 x_transport->name = pj_strdup3(rdata->tp_info.pool, AST_SIP_X_AST_TXP);
575 x_transport->value = pj_strdup3(rdata->tp_info.pool, transport_id);
577 pj_list_insert_before(&uri->other_param, x_transport);
579 ast_debug(1,
"Set transport '%s' on %.*s from %.*s:%d\n", transport_id,
580 (
int)rdata->msg_info.msg->line.req.method.name.slen,
581 rdata->msg_info.msg->line.req.method.name.ptr,
582 (
int)uri->host.slen, uri->host.ptr, uri->port);
587 static pj_bool_t filter_on_rx_message(pjsip_rx_data *rdata)
591 rc = on_rx_process_uris(rdata);
596 rc = on_rx_process_symmetric_transport(rdata);
604 void ast_res_pjsip_cleanup_message_filter(
void)
606 ast_sip_unregister_service(&filter_module_tsx);
607 ast_sip_unregister_service(&filter_module_transport);
608 ast_sip_unregister_supplement(&filter_supplement);
609 ast_sip_session_unregister_supplement(&filter_session_supplement);
612 int ast_res_pjsip_init_message_filter(
void)
614 ast_sip_session_register_supplement(&filter_session_supplement);
615 ast_sip_register_supplement(&filter_supplement);
617 if (ast_sip_register_service(&filter_module_transport)) {
618 ast_log(LOG_ERROR,
"Could not register message filter module for incoming and outgoing requests\n");
619 ast_res_pjsip_cleanup_message_filter();
623 if (ast_sip_register_service(&filter_module_tsx)) {
624 ast_log(LOG_ERROR,
"Could not register message filter module for incoming and outgoing requests\n");
625 ast_res_pjsip_cleanup_message_filter();
struct ast_sip_endpoint * endpoint
Asterisk main include file. File version handling, generic pbx functions.
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
A structure describing a SIP session.
void * ast_sorcery_retrieve_by_id(const struct ast_sorcery *sorcery, const char *type, const char *id)
Retrieve an object using its unique identifier.
Structure for SIP transport information.
struct pjsip_transport * transport
Transport itself.
#define ast_strdupa(s)
duplicate a string in memory from the stack
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
#define ast_debug(level,...)
Log a DEBUG message.
An entity with which Asterisk communicates.
enum ast_sip_supplement_priority priority
unsigned int disallow_from_domain_modification
Disallow modification of the From domain.
A supplement to SIP message processing.
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
A supplement to SIP message processing.
static int force_inline attribute_pure ast_begins_with(const char *str, const char *prefix)
Checks whether a string begins with another.
Asterisk module definitions.
Outgoing message modification restrictions.
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
const ast_string_field fromdomain
enum ast_sip_supplement_priority priority