Skip to content
Snippets Groups Projects
Commit 480f4128 authored by Terry Wilson's avatar Terry Wilson
Browse files

Make contactdeny apply to src ip when nat=yes 

chan_sip's "contactdeny" feature screens the "to be registered contact".
In case of nat=yes it should not use the address information from the
Contact header (which is not used at all for routing), but the source
IP address of the request.

Thus, if nat=yes and a client sends a request from a denied IP address
(e.g. by spoofing the src-IP address) it can bypass the screening.

This commit makes contactdeny apply to the src ip when nat=yes instead.

(closes issue #17276)
Reported by: klaus3000
Patches: 
      patch-asterisk-trunk-contactdeny.txt uploaded by klaus3000 (license 65)
Tested by: klaus3000


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@270658 65c4cc65-6c06-0410-ace0-fbb531ad65f3
parent 7037dd66
Hide whitespace changes
Inline Side-by-side
Showing
with 22 additions and 21 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment