|
|
976fdf53a5
|
Add SIP message validation feature
Implements RFC 3261 compliance checking and security validation:
- Three validation modes: permissive (default), strict, paranoid
- Critical checks: null bytes, binary injection (immediate ban)
- RFC compliance: required headers (Via, From, To, Call-ID, CSeq, Max-Forwards)
- Format validation: CSeq range, Content-Length, Via branch format
- Paranoid mode: SQL injection patterns, excessive headers, long values
- Compact header form support (v, f, t, i, l, etc.)
Caddyfile configuration:
validation {
enabled true
mode permissive
max_message_size 65535
ban_on_null_bytes true
ban_on_binary_injection true
disabled_rules via_invalid_branch
}
New Prometheus metrics:
- sip_guardian_validation_violations_total{rule}
- sip_guardian_validation_results_total{result}
- sip_guardian_message_size_bytes (histogram)
Includes comprehensive unit tests covering all validation scenarios.
|
2025-12-07 15:57:26 -07:00 |
|
