Permalink
Browse files

Sending an INVITE through the proxy with an explicit uri to port 5090…

… will spiral in sipXbridge and deplete media ports

When an itsp account could not be found for the current request a failsafe itsp account was created. An extra check was
added so that this failsafe account will not be created when the outbound ipaddress:port from the request are the same with
the sipxbridge's local or external ipaddress and port. A null itsp account will be returned.

Also added checks to respond with "482 Loop Detected" when an itsp account cannot be found at all.
  • Loading branch information...
1 parent a751be1 commit 3962de0209b5464f808544eecafa9b4871dad455 @dtacalau dtacalau committed Oct 29, 2012
View
60 sipXbridge/src/main/java/org/sipfoundry/sipxbridge/AccountManagerImpl.java
@@ -102,6 +102,22 @@ boolean checkSipxecsLineid(ArrayList<String> ids, SipURI uri) {
return false;
}
+ //Check if the SIP Uri points back to sipxbridge address:port.
+ boolean uriContainsBridgeAddress(SipURI sipUri)
+ {
+ int uriPort = sipUri.getPort();
+ String uriHost = sipUri.getHost();
+
+ //compare with both bridge addresses: local and external
+ boolean isBridgeAddress = bridgeConfiguration.getLocalAddress().equals(uriHost) ||
+ bridgeConfiguration.getExternalAddress().equals(uriHost);
+ //compare with both bridge ports: local and external
+ boolean isBridgePort = ((bridgeConfiguration.getLocalPort() == uriPort) ||
+ (bridgeConfiguration.getExternalPort() == uriPort));
+
+ return (isBridgeAddress && isBridgePort);
+ }
+
/**
* Get the outbound ITSP account for a specific outbund SipURI.
*/
@@ -177,25 +193,35 @@ ItspAccountInfo getAccount(Request request) {
}
}
- String userName = ((SipURI) ((FromHeader) request.getHeader(FromHeader.NAME)).getAddress().getURI())
- .getUser();
-
/*
- * If an account is not found return an account record with the domain set to the
- * outbound request domain. The INVITE will be forwarded. If the other side does not
- * like the INVITE it an complain about it. See issue XX-5623
+ * Check if the outbound request domain:ipaddress:port points back to sipxbridge
+ * address:port. This should not be allowed as it will lead to an INVITE looping
+ * in sipxbridge and overloading cpu.
*/
- accountFound = new ItspAccountInfo();
- accountFound.setProxyDomain(sipUri.getHost());
- accountFound.setUserName(userName);
- accountFound.setOutboundProxyPort(sipUri.getPort());
- accountFound.setOutboundTransport(sipUri.getTransportParam() == null ? "udp" : sipUri
- .getTransportParam());
- accountFound.setGlobalAddressingUsed(true);
- accountFound.setDummyAccount(true);
- accountFound.setRegisterOnInitialization(false);
- this.addItspAccount(accountFound);
- return accountFound;
+ if (uriContainsBridgeAddress(sipUri)) {
+ return null;
+ }
+ else {
+ String userName = ((SipURI) ((FromHeader) request.getHeader(FromHeader.NAME)).getAddress().getURI())
+ .getUser();
+
+ /*
+ * If an account is not found return an account record with the domain set to the
+ * outbound request domain. The INVITE will be forwarded. If the other side does not
+ * like the INVITE it an complain about it. See issue XX-5623
+ */
+ accountFound = new ItspAccountInfo();
+ accountFound.setProxyDomain(sipUri.getHost());
+ accountFound.setUserName(userName);
+ accountFound.setOutboundProxyPort(sipUri.getPort());
+ accountFound.setOutboundTransport(sipUri.getTransportParam() == null ? "udp" : sipUri
+ .getTransportParam());
+ accountFound.setGlobalAddressingUsed(true);
+ accountFound.setDummyAccount(true);
+ accountFound.setRegisterOnInitialization(false);
+ this.addItspAccount(accountFound);
+ return accountFound;
+ }
} finally {
if ( logger.isDebugEnabled() ) logger.debug("getItspAccount: returning " + accountFound);
}
View
12 sipXbridge/src/main/java/org/sipfoundry/sipxbridge/CallControlManager.java
@@ -519,6 +519,18 @@ private void processInvite(RequestEvent requestEvent) {
itspAccount = Gateway.getAccountManager().getItspAccount(inboundVias);
}
+ /**
+ * Do not allow processing request without a valid itsp account
+ */
+ if (null == itspAccount)
+ {
+ Response response = SipUtilities.createResponse(serverTransaction,
+ Response.LOOP_DETECTED);
+ serverTransaction.sendResponse(response);
+
+ return;
+ }
+
/*
* Look at the Dialog context. The B2BUA structure tracks the call and is pointed to
* by the dialog application data.
View
18 sipXbridge/src/main/java/org/sipfoundry/sipxbridge/SipListenerImpl.java
@@ -428,6 +428,22 @@ public void processRequest(RequestEvent requestEvent) {
itspAccount = Gateway.getAccountManager().getItspAccount(inboundVias);
}
+ /**
+ * Do not allow processing request without a valid itsp account
+ */
+ if (null == itspAccount)
+ {
+ ServerTransaction st = requestEvent.getServerTransaction();
+ if ( st == null ) {
+ st = provider.getNewServerTransaction(requestEvent.getRequest());
+ }
+
+ Response response = SipUtilities.createResponse(st, Response.LOOP_DETECTED);
+ st.sendResponse(response);
+
+ return;
+ }
+
if ( !request.getMethod().equals(Request.ACK) && itspAccount != null && ! itspAccount.isEnabled() ) {
ServerTransaction st = requestEvent.getServerTransaction();
if ( st == null ) {
@@ -438,7 +454,7 @@ public void processRequest(RequestEvent requestEvent) {
st.sendResponse(response);
return;
}
-
+
if (method.equals(Request.INVITE)
|| method.equals(Request.ACK)
|| method.equals(Request.CANCEL)

0 comments on commit 3962de0

Please sign in to comment.