| Summary: | ASTERISK-21460: New SIP Channel Driver - create a SIP Security Event module suitable for consumption in the new SIP stack | ||||
| Reporter: | Matt Jordan (mjordan) | Labels: | Asterisk12 NewSIP | ||
| Date Opened: | 2013-04-16 14:20:54 | Date Closed: | 2013-06-10 07:00:42 | ||
| Priority: | Major | Regression? | No | ||
| Status: | Closed/Complete | Components: | Channels/chan_pjsip | ||
| Versions: | Frequency of Occurrence | ||||
| Related Issues: |
| ||||
| Environment: | Attachments: | ||||
| Description: | Currently, the SIP Security Event Framework exists in a separate file from {{chan_sip}} (yay!) and provides function calls that raise security events when something goes suspiciously. While it may seem like the best approach is to refactor this out as a separate module, there's a few reasons to not do so:
# Most of the SIP security framework exists as a very thin wrapper over the more generic Asterisk Security Event Framework. As such, there's limited benefit in making this code itself a separate resource module # The non-generic portion of the code is specific to how {{chan_sip}} performs authentication, which is less than ideal Instead, we should provide a new resource module that does two things: # During authentication, inspects requests/responses and raises the appropriate events # Provides facilities that other modules can use to raise security events At a minimum, the following should be covered: * An invalid endpoint was requested * An ACL was violated * An invalid password was provided * An authentication occurred successfully * A session limit violation occurred * A challenge response failed * A challenge response was sent | ||||
| Comments: | |||||