classify request earlier

* sanity, antiflood, core will have way to differentiate requests
2600hz · Aug 18, 2023 · a020417 · a020417
1 parent a794f6c
commit a020417
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 12 deletions.
diff --git a/kamailio/antiflood-role.cfg b/kamailio/antiflood-role.cfg
@@ -34,10 +34,14 @@ route[ANTIFLOOD_RATE_LIMIT]
 
     if (has_totag()
         || isflagset(FLAG_TRUSTED_SOURCE)
+        || isflagset(FLAG_TRUSTED_PROXY)
+        || isflagset(FLAG_TRUSTED_PARTNER)
         || isflagset(FLAG_INTERNALLY_SOURCED)) {
         return;
     }
 
+    if (is_method("OPTIONS")) return;
+
     # use pike to control the rates
     if (!pike_check_req()) {
         if($sel(cfg_get.kazoo.antiflood_rate_drop) == 1) {
@@ -55,6 +59,8 @@ route[ANTIFLOOD_AUTH_LIMIT]
 
     if (has_totag()
         || isflagset(FLAG_TRUSTED_SOURCE)
+        || isflagset(FLAG_TRUSTED_PROXY)
+        || isflagset(FLAG_TRUSTED_PARTNER)
         || isflagset(FLAG_INTERNALLY_SOURCED)) {
         return;
     }

diff --git a/kamailio/default.cfg b/kamailio/default.cfg
@@ -193,6 +193,8 @@ route
 {
     route(LOCAL_REQUEST);
 
+    route(CLASSIFY_SOURCE);
+
     route(SANITY_CHECK);
 
     routes(CORE_INIT_ROUTE);
@@ -215,8 +217,6 @@ route
 
     route(LOG_REQUEST);
 
-    route(CLASSIFY_SOURCE);
-
     #!ifdef NAT_TRAVERSAL_ROLE
     route(NAT_DETECT);
     #!endif
@@ -304,6 +304,23 @@ route[LOG_REQUEST]
     routes(LOG_REQUEST);
 }
 
+route[LOG_REQUEST_CLASSIFIED_SOURCE]
+{
+    if (isflagset(FLAG_TRUSTED_PROXY)) {
+        xlog("$var(log_request_level)", "originated from proxy $sht(proxies=>$hdr(X-Proxy-Core-UUID))\n");
+    } else if (isflagset(FLAG_INTERNALLY_SOURCED)) {
+        xlog("$var(log_request_level)", "originated from internal sources\n");
+    } else if (isflagset(FLAG_TRUSTED_SOURCE)) {
+        xlog("$var(log_request_level)", "request from trusted IP\n");
+    } else if (!isflagset(FLAG_NETWORK_CLASSIFIED)) {
+        if (is_myself("$ou")) {
+            xlog("$var(log_request_level)", "original R-URI ($ou) is this proxy, treating as external sources\n");
+        } else {
+            xlog("$var(log_request_level)", "originated from external sources\n");
+        }
+    }
+}
+
 route[CHECK_RETRANS]
 {
     # handle retransmissions
@@ -319,18 +336,13 @@ route[CHECK_RETRANS]
 route[CLASSIFY_SOURCE]
 {
     if ($hdr(X-FS-Core-UUID) != $null && $sht(media=>$hdr(X-FS-Core-UUID)) != $null) {
-        xlog("$var(log_request_level)", "originated from internal sources\n");
         setflag(FLAG_INTERNALLY_SOURCED);
         routes(CLASSIFY_INTERNALLY_SOURCED);
         return;
     }
 
     routes(CLASSIFY_SOURCE);
 
-    if (!isflagset(FLAG_NETWORK_CLASSIFIED)) {
-        xlog("$var(log_request_level)", "originated from external sources\n");
-    }
-
 }
 
 route[HANDLE_OPTIONS]

diff --git a/kamailio/dispatcher-role-5.5.cfg b/kamailio/dispatcher-role-5.5.cfg
@@ -77,9 +77,7 @@ route[CLASSIFY_SOURCE_DISPATCHER]
     route_if_exists("DISPATCHER_CUSTOM_NETWORK_CLASSIFY");
 
     if (!isflagset(FLAG_NETWORK_CLASSIFIED)) {
-       if (is_myself("$ou")) {
-           xlog("$var(log_request_level)", "original R-URI ($ou) is this proxy, treating as external sources\n");
-       } else {
+       if (!is_myself("$ou")) {
            $var(classify_dispatcher_flag) = $(sel(cfg_get.kazoo.dispatcher_classify_flags){s.int});
            if (ds_is_from_list(KZ_DISPATCHER_PRIMARY_GROUP, "$var(classify_dispatcher_flag)") ||
                ds_is_from_list(KZ_DISPATCHER_SECONDARY_GROUP, "$var(classify_dispatcher_flag)") ||
@@ -93,7 +91,6 @@ route[CLASSIFY_SOURCE_DISPATCHER]
                ds_is_from_list(KZ_DISPATCHER_REGISTRAR_PRIMARY_GROUP, "$var(classify_dispatcher_flag)") ||
                ds_is_from_list(KZ_DISPATCHER_REGISTRAR_SECONDARY_GROUP, "$var(classify_dispatcher_flag)") ||
                ($hdr(X-FS-Core-UUID) != $null && $sht(media=>$hdr(X-FS-Core-UUID)) != $null)) {
-               xlog("$var(log_request_level)", "originated from internal sources\n");
                setflag(FLAG_INTERNALLY_SOURCED);
                setflag(FLAG_NETWORK_CLASSIFIED);
            }

diff --git a/kamailio/flags.cfg b/kamailio/flags.cfg
@@ -7,6 +7,7 @@ flags
     FLAG_ASSOCIATE_USER,
     FLAG_TRUSTED_SOURCE,
     FLAG_TRUSTED_PROXY,
+    FLAG_TRUSTED_PARTNER,
     FLAG_SESSION_PROGRESS,
     FLAG_SIP_TRACE,
     FLT_T38,

diff --git a/kamailio/trusted.cfg b/kamailio/trusted.cfg
@@ -143,7 +143,6 @@ route[CLASSIFY_SOURCE_TRUSTED]
     if (isflagset(FLAG_NETWORK_CLASSIFIED)) return;
 
     if (allow_source_address()) {
-        xlog("$var(log_request_level)", "request from trusted IP\n");
         setflag(FLAG_TRUSTED_SOURCE);
         setflag(FLAG_NETWORK_CLASSIFIED);
         routes(CLASSIFY_TRUSTED_SOURCE);