chan_sip: Add security event for calls to invalid extension.

Log a message to security events when an INVITE is received to an invalid extension. ASTERISK-25869 #close Change-Id: I0da40cd7c2206c825c2f0d4e172275df331fcc8f
author: Corey Farrell <git@cfware.com> 2016-10-06 02:29:21 -0400
committer: Corey Farrell <git@cfware.com> 2017-12-15 10:32:04 -0500
commit: fc43371c0eb01c340f8020767c48f8a1cf71752d (patch)
tree: b8ea3f1e26e501581e8d71b9bc95996d23e82204
parent: 76deae295f9d2d3a317eee3c4596fdcc5af794f8 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 8a7fb3198..7cfdedeac 100644
--- a/CHANGES
+++ b/CHANGES
@@ -21,6 +21,11 @@ Core
    Asterisk is compiled with the LOW_MEMORY compile time option enabled because
    the cache code does not exist.
 
+chan_sip
+------------------
+ * Calls to invalid extensions are now reported as an ACL failure security event
+   "no_extension_match".
+
 res_rtp_asterisk
 ------------------
  * The X.509 certificate used for DTLS negotation can now be automatically
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 4bae39da0..b0573002b 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -26460,6 +26460,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, str
 					ast_log(LOG_NOTICE, "Call from '%s' (%s) to extension"
 						" '%s' rejected because extension not found in context '%s'.\n",
 						S_OR(p->username, p->peername), ast_sockaddr_stringify(&p->recv), decoded_exten, p->context);
+					sip_report_failed_acl(p, "no_extension_match");
 				}
 				break;
 			case SIP_GET_DEST_REFUSED:
author	Corey Farrell <git@cfware.com>	2016-10-06 02:29:21 -0400
committer	Corey Farrell <git@cfware.com>	2017-12-15 10:32:04 -0500
commit	fc43371c0eb01c340f8020767c48f8a1cf71752d (patch)
tree	b8ea3f1e26e501581e8d71b9bc95996d23e82204
parent	76deae295f9d2d3a317eee3c4596fdcc5af794f8 (diff)