MODSOFIA-41 , fail2ban support in mod_sofia thanks jay binks.

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@15654 d0543943-73ff-0310-b7d9-9358b9ac24b2
2009-11-24 16:11:56 +00:00 · 2009-11-24 16:11:56 +00:00 · 383541f3d0
parent 28056dda18
commit 383541f3d0
4 changed files with 23 additions and 3 deletions
--- a/conf/sip_profiles/internal.xml
+++ b/conf/sip_profiles/internal.xml
@ -40,6 +40,7 @@
    <!-- <param name="user-agent-string" value="FreeSWITCH Rocks!"/> -->
    <param name="debug" value="0"/>
    <param name="sip-trace" value="no"/>
+    <param name="log-auth-failures" value="true"/>
    <param name="context" value="public"/>
    <param name="rfc2833-pt" value="101"/>
    <!-- port to bind to for sip traffic -->
--- a/src/mod/endpoints/mod_sofia/mod_sofia.h
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.h
@ -517,6 +517,7 @@ struct sofia_profile {
 	uint32_t timer_t4;
 	char *contact_user;
 	char *local_network;
+	int log_auth_failures;
 };

 struct private_object {
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@ -1845,7 +1845,7 @@ switch_status_t reconfig_sofia(sofia_profile_t *profile)
 			profile->ib_calls = 0;
 			profile->ob_calls = 0;
 			profile->ib_failed_calls = 0;
-			profile->ob_failed_calls = 0;
+			profile->ob_failed_calls = 0;		

 			if (xprofiledomain) {
 				profile->domain_name = switch_core_strdup(profile->pool, xprofiledomain);
@ -1887,6 +1887,8 @@ switch_status_t reconfig_sofia(sofia_profile_t *profile)
 						profile->user_agent = switch_core_strdup(profile->pool, val);
 					} else if (!strcasecmp(var, "auto-restart")) {
 						profile->auto_restart = switch_true(val);
+					} else if (!strcasecmp(var, "log-auth-failures")) {
+						profile->log_auth_failures = switch_true(val); 
 					} else if (!strcasecmp(var, "dtmf-type")) {
 						if (!strcasecmp(val, "rfc2833")) {
 							profile->dtmf_type = DTMF_2833;
@ -2415,6 +2417,7 @@ switch_status_t config_sofia(int reload, char *profile_name)
 				sofia_set_pflag(profile, PFLAG_PASS_CALLEE_ID);
 				sofia_set_pflag(profile, PFLAG_MESSAGE_QUERY_ON_FIRST_REGISTER);
 				sofia_set_pflag(profile, PFLAG_SQL_IN_TRANS);
+				profile->log_auth_failures = 0;

 				for (param = switch_xml_child(settings, "param"); param; param = param->next) {
 					char *var = (char *) switch_xml_attr_soft(param, "name");
@ -2442,6 +2445,8 @@ switch_status_t config_sofia(int reload, char *profile_name)
 						profile->user_agent = switch_core_strdup(profile->pool, val);
 					} else if (!strcasecmp(var, "auto-restart")) {
 						profile->auto_restart = switch_true(val);
+					} else if (!strcasecmp(var, "log-auth-failures")) {
+						profile->log_auth_failures = switch_true(val); 						
 					} else if (!strcasecmp(var, "dtmf-type")) {
 						if (!strcasecmp(val, "rfc2833")) {
 							profile->dtmf_type = DTMF_2833;
--- a/src/mod/endpoints/mod_sofia/sofia_reg.c
+++ b/src/mod/endpoints/mod_sofia/sofia_reg.c
@ -446,10 +446,13 @@ void sofia_reg_send_reboot(sofia_profile_t *profile, const char *user, const cha
 		event = "check-sync;reboot=true";
 	} else if (switch_stristr("linksys", user_agent)) {
 		event = "reboot_now";
+	} else if (switch_stristr("aastra", user_agent)) {
+		event = "aastra-check-cfg";
+	} else if (switch_stristr("polycom", user_agent)) {
+		event = "polycom-reboot";
 	}

 	sofia_glue_send_notify(profile, user, host, event, contenttype, body, contact, network_ip);
-
 }

 int sofia_sla_dialog_del_callback(void *pArg, int argc, char **argv, char **columnNames)
@ -928,7 +931,6 @@ uint8_t sofia_reg_handle_register(nua_t *nua, sofia_profile_t *profile, nua_hand
 					if (*received_data && sofia_test_pflag(profile, PFLAG_RECIEVED_IN_NAT_REG_CONTACT)) {
 						switch_snprintf(received_data, sizeof(received_data), ";received=%s:%d", url_ip, network_port);
 					}
-
 	
 					if (!strcasecmp(v_contact_str, "nat-connectile-dysfunction") ||
 						!strcasecmp(v_contact_str, "NDLB-connectile-dysfunction") || !strcasecmp(v_contact_str, "NDLB-tls-connectile-dysfunction")) {
@ -972,6 +974,17 @@ uint8_t sofia_reg_handle_register(nua_t *nua, sofia_profile_t *profile, nua_hand
 			}
 			if (auth_res == AUTH_FORBIDDEN) {
 				nua_respond(nh, SIP_403_FORBIDDEN, NUTAG_WITH_THIS(nua), TAG_END());
+				
+				/* Log line added to support Fail2Ban */
+				if ( profile->log_auth_failures ) {
+					if (regtype == REG_REGISTER) {
+						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "SIP auth failure (REGISTER) on sofia profile '%s' "
+										  "for [%s@%s] from ip %s\n", profile->name, to_user, to_host, network_ip);
+					} else if (regtype == REG_INVITE) {
+						switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "SIP auth failure (INVITE) on sofia profile '%s' "
+										  "for [%s@%s] from ip %s\n", profile->name, to_user, to_host, network_ip);
+					}									  
+				}
 			} else {
 				nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS(nua), TAG_END());
 			}