kamailio 作为强大的开源 sip服务器
根据环境需要配置 域隔离的配置 主要修改kamailio.cfg
#!define WITH_AUTH
#!define WITH_MULTIDOMAIN
#!ifdef WITH_MULTIDOMAIN
loadmodule "domain.so"
#!endif
定位到认证路由函数
# Authentication route route[AUTH] { #!ifdef WITH_AUTH #!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; } #!endif if (is_method("REGISTER") || from_uri==myself) { # authenticate requests if (!auth_check("$fd", "subscriber", "1")) { auth_challenge("$fd", "0"); exit; } # user authenticated - remove auth header if(!is_method("REGISTER|PUBLIS")) consume_credentials(); } if (is_method("INVITE") && ($td!=$fd)) { xlog("INVITE:-------------$td $fd------\n"); sl_send_reply("404","Not relaying"); exit; } # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (from_uri!=myself && uri!=myself) { sl_send_reply("403","Not relaying"); exit; } #!endif return; } |
从伪变量表中可以查到
$td - To URI Domain
$td - reference to domain in URI of 'To' header
$fd - From URI domain
$fd - reference to domain in URI of 'From' header
上面配置文件的意思是对于认证的invite包,如果报文中的toDomain和fromDomain不一样则认为是不在同一个域的用户间相互拔打电话,这时回404,这样就实现的简单的域隔离功能