ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

Adding a few more checks before allowing a websocket

3.17
bitbashing 12 years ago
parent
2580fd2d45
commit
be61320650
1 changed files with 64 additions and 17 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +64
    -17
      kamailio/websockets-role.cfg

+ 64
- 17
kamailio/websockets-role.cfg View File

@ -1,12 +1,15 @@
######## Websocket module ########
tcp_accept_no_cl=yes
######## Generic Hash Table container in shared memory ########
modparam("htable", "htable", "websockets=>size=16;autoexpire=7200")
######## Basic HTTP request handling ########
loadmodule "xhttp.so"
######## Websocket module ########
loadmodule "websocket.so"
modparam("websocket", "keepalive_mechanism", 1)
modparam("websocket", "keepalive_mechanism", 0)
modparam("websocket", "keepalive_timeout", 30)
modparam("websocket", "keepalive_processes", 1)
modparam("websocket", "keepalive_interval", 1)
@ -48,30 +51,74 @@ route[NAT_WEBSOCKETS_CORRECT]
event_route[xhttp:request]
{
xlog("L_INFO", "HTTP Request Received\n");
set_reply_close();
set_reply_no_connect();
if ($hdr(Upgrade) =~ "websocket" && $hdr(Connection) =~ "Upgrade" && $rm =~ "GET") {
xlog("L_INFO", "websocket request from $si:$sp received\n");
if (!($rm =~ "GET")) {
xlog("L_INFO", "websocket|log|rejecting HTTP request $rm from $si:$sp\n");
xhttp_reply("405", "Method Not Allowed", "", "");
exit;
}
# Validate Host - make sure the client is using the correct
# alias for WebSockets
if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
xlog("L_WARN", "websocket request had bad host $hdr(Host)\n");
xhttp_reply("403", "Forbidden", "", "");
exit;
}
if (!($hdr(Connection) =~ "Upgrade")) {
xlog("L_INFO", "websocket|log|rejecting HTTP connection $hdr(Connection) request from $si:$sp\n");
xhttp_reply("400", "Bad Request", "", "");
exit;
}
# ws_handle_handshake() exits (no further configuration file
# processing of the request) when complete.
if (ws_handle_handshake()) {
exit;
}
if (!($hdr(Upgrade) =~ "websocket")) {
xlog("L_INFO", "websocket|log|rejecting HTTP upgrade $hdr(Upgrade) request from $si:$sp\n");
xhttp_reply("400", "Bad Request", "", "");
exit;
}
if (!($hdr(Sec-WebSocket-Protocol) =~ "sip")) {
xlog("L_INFO", "websocket|log|rejecting request for websocket protocol $hdr(Sec-WebSocket-Protocol) from $si:$sp\n");
xhttp_reply("400", "Bad Request", "", "");
exit;
}
# if (!($hdr(Origin) =~ "www.2600hz.com")) {
# xlog("L_INFO", "websocket|log|rejecting HTTP request with unknown origin $hdr(Origin) from $si:$sp\n");
# xhttp_reply("400", "Bad Request", "", "");
# exit;
# }
if($sht(websockets=>$si::count) == $null) {
$var(count) = 1;
} else {
$var(count) = $sht(websockets=>$si::count) + 1;
}
if($var(count) > 50) {
xlog("L_WARN", "websocket|log|$si:$sp is at the maximum allowable sockets per IP, rejecting request for another websocket\n");
xhttp_reply("403", "Forbidden", "", "");
exit;
}
if (ws_handle_handshake()) {
$sht(websockets=>$si::count) = $var(count);
xlog("L_INFO", "websocket|log|opened websocket $var(count) of 50 for $si:$sp\n");
exit;
}
xlog("L_INFO", "websocket|log|unhandled HTTP request $rm from $si:$sp\n");
xhttp_reply("404", "Not Found", "", "");
}
event_route[websocket:closed] {
xlog("L_INFO", "websocket connection from $si:$sp has closed\n");
if($sht(websockets=>$si::count) == $null) {
xlog("L_INFO", "websocket|log|closed websocket from $si:$sp\n");
exit();
}
$var(count) = $sht(websockets=>$si::count) - 1;
if ($var(count) < 1) {
xlog("L_INFO", "websocket|log|$si:$sp closed last websocket to that IP\n");
$sht(websockets=>$si::count) = $null;
} else {
$sht(websockets=>$si::count) = $var(count);
xlog("L_INFO", "websocket|log|closed websocket from $si:$sp, $var(count) remaining from that IP\n");
}
}

Write Preview
Loading…
Cancel
Save