[Freeswitch-users] topology hiding leaking information in SDP data

Mon Aug 24 07:45:29 PDT 2009

carriers need topology hiding , its an important feature for both security and also to hide you business partners from each other 

freeSwitch talks about it and also does a good job in hiding the signalling topology 

there is however a hole in the SDP manipulation that I am trying to plug and would love to get some help , obviously once resolved I am also happy to add documentation for all to use 

I was thinking that the best way would be to build the SDP message from scratch based on the incoming info , and maybe in special cases have the SDP copied over from the original message. 

is there a way to have FS build a clean SDP message ?

see and example of Bria softphone making a call via freeswitch , note that the SDP to leg B contains original addresses and even internal ones 

incoming Invite message 
-------------------
INVITE sip:442078562101 at pbx.rilcomm.com SIP/2.0
Via: SIP/2.0/UDP 82.80.130.222:26762;branch=z9hG4bK-d8754z-8fba35a96b6d949f-1---d8754z-;rport
Max-Forwards: 70
Contact: <sip:44558678567378 at 82.80.130.222:26762>
To: <sip:442078562101 at pbx.rilcomm.com>
From: <sip:44558678567378 at pbx.rilcomm.com>;tag=47360c64
Call-ID: YTY4NjMwMjg4MWRmODY5NDlhOWQ4MDg5MWIwN2Y3MTY.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
Content-Type: application/sdp
User-Agent: Bria release 2.5.4 stamp 53956
Content-Length: 325

v=0
o=- 0 2 IN IP4 82.80.130.222
s=CounterPath Bria
c=IN IP4 82.80.130.222
t=0 0
m=audio 27848 RTP/AVP 18 101
a=sendrecv
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=alt:1 2 : XlhJjZhm LLmd1Kyz 192.168.1.50 24514
a=alt:2 1 : GOsgLipv VjRq6zYk 192.168.1.60 24514

-------------------

message to leg B see the original IP addresses in the SDP  ( anything that is not 81.89.136.231)

note 82.80.130.222 which is the original address being visible in the SDP fields

-------------------
INVITE sip:1001 at 82.80.130.222:20014 SIP/2.0
Via: SIP/2.0/UDP 81.89.136.231:5080;rport;branch=z9hG4bKBBgvK7Sap23tN
Max-Forwards: 67
From: "44558678567378" <sip:44558678567378 at 81.89.136.231>;tag=1FUrD0t1gF55a
To: <sip:1001 at 82.80.130.222:20014>
Call-ID: 8eed1cbc-9030-11de-87e7-27e3a7b5c9da
CSeq: 119414118 INVITE
Contact: <sip:mod_sofia at 81.89.136.231:5080>
User-Agent: FreeSWITCH-mod_sofia/1.0.4-hacked
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO, PUBLISH
Supported: timer, precondition, path, replaces
Allow-Events: talk, presence, dialog, call-info, sla, include-session-description, presence.winfo, message-summary, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 331
Remote-Party-ID: "44558678567378" <sip:44558678567378 at 81.89.136.231>;party=calling;screen=yes;privacy=off

v=0
o=- 2301954626585387485 2 IN IP4 82.80.130.222
s=CounterPath Bria
c=IN IP4 81.89.136.231
t=0 0
m=audio 25974 RTP/AVP 18 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=alt:1 2 : XlhJjZhm LLmd1Kyz 192.168.1.50 24514
a=alt:2 1 : GOsgLipv VjRq6zYk 192.168.1.60 24514

-------------------

thank you
Ori

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090824/20b57412/attachment-0002.html 