From cf1c8b19dabe63dc9fd64d654ad1cf1c822b52bd Mon Sep 17 00:00:00 2001
From: karl anderson <karl@2600hz.com>
Date: Sun, 8 Sep 2013 12:42:54 -0700
Subject: [PATCH] allow trusted IPs to bypass all checks

---
 kamailio/default.cfg            |  9 ++++++---
 kamailio/dispatcher-role.cfg    | 18 +-----------------
 kamailio/kamailio.cfg           |  2 +-
 kamailio/local.cfg              |  2 +-
 kamailio/nat-traversal-role.cfg |  2 +-
 kamailio/presence-role.cfg      |  2 +-
 kamailio/registrar-role.cfg     | 12 ++++++++++++
 7 files changed, 23 insertions(+), 24 deletions(-)

diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index 166b58e..1af7aef 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -22,7 +22,8 @@ flags
     FLAG_INTERNALLY_SOURCED:  1,
     FLAG_ASSOCIATE_SERVER:    2,
     FLAG_SKIP_NAT_CORRECTION: 3,
-    FLAG_ASSOCIATE_USER:      4;
+    FLAG_ASSOCIATE_USER:      4,
+    FLAG_TRUSTED_SOURCE:      5;
 
 #!define FLB_NATB 1
 #!define FLB_NATSIPPING 2
@@ -274,7 +275,8 @@ route[HANDLE_OPTIONS]
     if (is_method("OPTIONS")) {
         if (isflagset(FLAG_INTERNALLY_SOURCED)) {
             route(INTERNAL_TO_EXTERNAL_RELAY);
-        } else if ($rd =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}") {
+        } else if (!isflagset(FLAG_TRUSTED_SOURCE)
+            && $rd =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}") {
             xlog("L_WARN", "$ci|end|dropping OPTIONS request with IP domain");
         } else {
             sl_send_reply("200", "Rawr!!");
@@ -408,7 +410,8 @@ route[DOS_PREVENTION]
 {
     # allow request from internal network or from whitelist
     if (isflagset(FLAG_INTERNALLY_SOURCED) || allow_source_address(TRUSTED_ADR_GROUP)) {
-        xlog("L_DBG", "$ci|log|request from trusted IP");
+        xlog("L_INFO", "$ci|log|request from trusted IP");
+        setflag(FLAG_TRUSTED_SOURCE);
         return;
     }
 
diff --git a/kamailio/dispatcher-role.cfg b/kamailio/dispatcher-role.cfg
index 59eec7c..1f4ae47 100644
--- a/kamailio/dispatcher-role.cfg
+++ b/kamailio/dispatcher-role.cfg
@@ -78,23 +78,7 @@ route[DISPATCHER_FIND_ROUTES]
             sl_send_reply("480", "All servers busy");
             exit;
         }
-    } else {
-
-        # if we selected from group 1 and there are less than 3 available servers, choose from group 2
-        if ($var(ds_group) == 1 && $var(ds_cnt)< 3) {
-
-            # clear $avp(ds_dst) and search in group 2
-            $(avp(ds_dst)[*]) = $null;
-
-            if (!ds_select_dst("2", "0")) {
-                xlog("L_ERR", "$ci|end|no servers avaliable in group 2");
-                sl_send_reply("480", "All servers busy");
-                exit;
-            }
-
-        }
-
-    }
+    } 
 
     $var(contact_uri) = $(ct{tobody.user}) + "@" + $(ct{tobody.host});
     $var(from_uri) = @from.uri.user + "@" + @from.uri.host;
diff --git a/kamailio/kamailio.cfg b/kamailio/kamailio.cfg
index 7dffb54..3ce78f2 100644
--- a/kamailio/kamailio.cfg
+++ b/kamailio/kamailio.cfg
@@ -9,4 +9,4 @@ include_file "default.cfg"
 ####### Local Configuration ########
 include_file "local.cfg"
 
-## vim:set tabstop=4 softtabstop=4 shiftwidth=4 expandtab
+# vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab
diff --git a/kamailio/local.cfg b/kamailio/local.cfg
index 1b68c0b..243c07c 100644
--- a/kamailio/local.cfg
+++ b/kamailio/local.cfg
@@ -47,4 +47,4 @@ modparam("auth_db|usrloc", "db_url", "kazoo://guest:guest@127.0.0.1:5672/callmgr
 modparam("presence", "db_url", "kazoo://guest:guest@127.0.0.1:5672/dialoginfo")
 #!endif
 
-## vim:set tabstop=4 softtabstop=4 shiftwidth=4 expandtab
+# vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab
diff --git a/kamailio/nat-traversal-role.cfg b/kamailio/nat-traversal-role.cfg
index e65fcfe..d5fe155 100644
--- a/kamailio/nat-traversal-role.cfg
+++ b/kamailio/nat-traversal-role.cfg
@@ -34,4 +34,4 @@ route[NAT_TEST_AND_CORRECT]
     }
 }
 
-## vim:set tabstop=4 softtabstop=4 shiftwidth=4 expandtab
+# vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab
diff --git a/kamailio/presence-role.cfg b/kamailio/presence-role.cfg
index 10f54dc..7ef6e1a 100644
--- a/kamailio/presence-role.cfg
+++ b/kamailio/presence-role.cfg
@@ -45,4 +45,4 @@ route[HANDLE_PUBLISH]
     }
 }
 
-## vim:set tabstop=4 softtabstop=4 shiftwidth=4 expandtab
+# vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab
diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg
index 3633be4..7755080 100644
--- a/kamailio/registrar-role.cfg
+++ b/kamailio/registrar-role.cfg
@@ -91,6 +91,10 @@ route[HANDLE_REGISTER]
 # AUTH: check to see if user if present in failed_auth_hash
 route[PREVENT_BRUTEFORCE]
 {
+    if (isflagset(FLAG_TRUSTED_SOURCE)) {
+        return(1);
+    }
+
     if($sht(failed_auth_hash=>$Au::count) >= 2) {
         $var(exp) = $Ts - 120;
         if($sht(failed_auth_hash=>$Au::last) > $var(exp)){
@@ -106,6 +110,10 @@ route[PREVENT_BRUTEFORCE]
 #AUTH: add to failed_auth_hash in case of authentication password error
 route[FAILED_AUTH_COUNT]
 {
+    if (isflagset(FLAG_TRUSTED_SOURCE)) {
+        return;
+    }
+
     if ($rc == -2) {
         if($sht(failed_auth_hash=>$Au::count) == $null) {
             $sht(failed_auth_hash=>$Au::count) = 0;
@@ -117,6 +125,10 @@ route[FAILED_AUTH_COUNT]
 
 route[DOMAIN_FORMAT_CHECK]
 {
+    if (isflagset(FLAG_TRUSTED_SOURCE)) {
+        return;
+    }
+
     if ($rd =~ "([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})" ||
         $td =~ "([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})" ) {
         xlog("L_WARN", "$ci|end|denying request with IP domain in From or To header");