search

OpenSIPS / opensips

OpenSIPS is a GPL implementation of a multi-functionality SIP Server that targets to deliver a high-level technical solution (performance, security and quality) to be used in professional SIP server platforms.
https://opensips.org
Other
1.27k stars 578 forks source link

[Feature] wildcard support for SIP domains #1466

Open palmtown opened 6 years ago

palmtown commented 6 years ago

If Record-Route is set to a hostname that DNS resolves to an IP that OpenSIPs is configured to listen on, and that hostname is not listed as an alias, loose_route will route the transaction to itself causing the call to fail as the is_myself("$si") will return true when checking for loops in addition to other problems.

My issue is that I am using dynamic hostnames which are merely sub-domains pointing to my OpenSIPs server. As a work around, I tried to set alias=*.mydomain.com, but OpenSIPs will fail to start.

Next, I tried to use set_advertised_address and specify the $td, but my call still fails as it does not have the same affect as specifying the hostname in alias. If I set the hostname in alias on startup, everything works fine.

If there a function that I can set alias dynamically as a work around? A solution would be to allow alias values to be wildcards.

bogdan-iancu commented 6 years ago

Hi @palmtown , the is_mysql is not doing any dynamic DNS lookup - it is checking against listeners, aliases and domain (via domain module). So, if you want something dynamic, try to use the domain module to push the dynamic list of domains

palmtown commented 6 years ago

Hi @bogdan-iancu ,

Thanks for the update, however, note the following:

  1. My issue is specifically not being able to add a wildcard in OpenSIPs for example (alias =*.mydomain.com). This results, in part, that OpenSIPs is routing back to itself among other routing issues because it is not able to determine that a subdomain (e.g. customer1.mydomain.com) is myself and/or in other hard coded checks in which OpenSIPs uses the alias or domain table to determine if a given host is myself.
  2. I tried using domains, however, it does not work in this case and is not feasible for many reasons but here is are a few:
    • Every time a domain is added, OpenSIPs needs to be restarted. As these domains are dynamic, I am having many domain changes per day--not fesible.
    • I am unable to insert a wildcard domain in the domains table (e.g. *.mydomain.com) as OpenSIPs will not recognize customer1.mydomain.com as itself.
    • If a user has many OpenSIPs servers there are geographically disbursed, syncing and/or managing a centralized domain table becomes even more problematic.

Having stated that, I believe that users should be able to add wildcard aliases in OpenSIPs because SIP in general allows for wildcard certificates and subdomains are becoming more prevalent. Because the lack of support for wildcard domains, OpenSIPs is not allowing users to configure it to adhere to this industry standard of using wildcard certificates. Even more, the current solution for using the domains table is not feasible as OpenSIPs has to be reloaded.

This can be solved in a variety of very simple ways:

  1. Allow the alias variable in OpenSIPs to accept wildcard domains (e.g. alias=*.mydomain.com).
  2. Allow the domains table to use wildcards
  3. Allow the user to add domains to alias on the fly like (e.g. add_alias("customer1.mydomain.com")) that are cached in memory.
  4. Add an option in OpenSIPs (e.g. check_hostnames) and when is myself is checked, if the value of check_hostnames is 1 or yes, and the value passed to myself is a hostname, then it will perform a DNS lookup to determine if the hostname passed as a parameter resolves to one of the IPs OpenSIPs is listening on. This solution will only work if alias or domains table is only used in the is myself checks. If alias or domains table is used in any other way, this might not work.

Any one of the above will work, and only one is needed. Because of my urgency, I am willing to pitch in $200 if you offer this as it is causing me problems that I have yet to resolve.

jpyle490 commented 1 year ago

2023 update... wildcard support for domains is relevant for support multi-tenant Direct Routing (and possibly Operator Connect) with Microsoft Teams.

davidtrihy-genesys commented 1 month ago

@bogdan-iancu I have a PR that I think solves on our fork, would you have time to discuss the implementation?

I made the change with a flag on the alias, the alias would be sas such

alias=tcp:my.sub.domain.com:5060 wildcard_match

Though I'm thinking of changing the wildcard_match to subdomain_match or something like that

The behaviour this way would be that sip.my.sub.domain.com and company.sip.my.sub.domain.com would match it and even matching the subdomain strictly like my.sub.domain.com would match it too

Thoughts? If you're happy I can open a PR