Method and system for managing a SIP server
First Claim
1. A method of managing network communications to a Session Initiation Protocol (SIP) server capable of SIP processing using a SIP stack based on a received data packet, the method comprising:
- receiving, at an access control component programmatically located between an Internet Protocol (IP) processing component and network processing component, in an IP stack and below the SIP stack, a data packet from a network device, the data packet comprising data indicative of fragmentation information, transport protocol information and SIP data;
determining, at the access control component, from the data packet, whether the network device is a device recognized by the SIP server; and
responsive to a determination that the network device is a device that is not recognized by the SIP server and before SIP processing using the SIP stack;
determining, at the access control component, whether the data packet conforms to a permitted configuration, said permitted configuration comprising at least that said data indicative of fragmentation information and transport protocol information indicates an unfragmented User Datagram Protocol (UDP) packet and that at least a portion of data indicative of SIP data in the received data packet matches a parsing rule based on data indicative of a REGISTER request,discarding, at the access control component, the received data packet if it is determined that the data packet does not conform to the permitted configuration, andpassing, at the access control component, the received data packet for SIP processing by the SIP stack if it is determined that the data packet does conform to the permitted configuration.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and computer program product are described for managing network communications to a Session Initiation Protocol (SIP) server capable of SIP processing using a SIP stack. A data packet is received from a network device. It is determined, from the data packet, whether the network device is a device recognized by the SIP server. Responsive to this determination, and before SIP processing using the SIP stack, it is determined whether the data packet conforms to a permitted configuration. The permitted configuration includes that data of the data packet indicates an unfragmented User Datagram Protocol (UDP) packet and that data indicative of SIP data in the received data packet matches a parsing rule. If the data packet conforms to the permitted configuration, it is passed to the SIP stack, if not it is discarded.
-
Citations
13 Claims
-
1. A method of managing network communications to a Session Initiation Protocol (SIP) server capable of SIP processing using a SIP stack based on a received data packet, the method comprising:
-
receiving, at an access control component programmatically located between an Internet Protocol (IP) processing component and network processing component, in an IP stack and below the SIP stack, a data packet from a network device, the data packet comprising data indicative of fragmentation information, transport protocol information and SIP data; determining, at the access control component, from the data packet, whether the network device is a device recognized by the SIP server; and responsive to a determination that the network device is a device that is not recognized by the SIP server and before SIP processing using the SIP stack; determining, at the access control component, whether the data packet conforms to a permitted configuration, said permitted configuration comprising at least that said data indicative of fragmentation information and transport protocol information indicates an unfragmented User Datagram Protocol (UDP) packet and that at least a portion of data indicative of SIP data in the received data packet matches a parsing rule based on data indicative of a REGISTER request, discarding, at the access control component, the received data packet if it is determined that the data packet does not conform to the permitted configuration, and passing, at the access control component, the received data packet for SIP processing by the SIP stack if it is determined that the data packet does conform to the permitted configuration. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising
an access control component for managing network communications to a Session Initiation Protocol (SIP) server, the access control component being communicatively coupled to a SIP processing component capable of SIP processing based on a received data packet using a SIP stack, the access control component being arranged to: -
receive a data packet sent from a network device to the SIP server, the data packet comprising data indicative of fragmentation information, transport protocol information and SIP data; determine, from the data packet, whether the network device is recognized by the SIP server; and responsive to a determination that the network device is a device that is not recognized by the SIP server and before SIP processing using the SIP stack, determine whether the data packet conforms to a permitted configuration, said permitted configuration comprising at least that said data indicative of fragmentation information and transport protocol information indicates an unfragmented User Datagram Protocol (UDP) packet and that at least a portion of data indicative of SIP data in the received data packet matches a parsing rule based on data indicative of a REGISTER request, wherein the access control component is programmatically located between an Internet Protocol (IP) processing component and network processing component, in an IP stack and below the SIP stack, and wherein the access control component is arranged to discard the received data packet if it determines that the data packet does not conform to the permitted configuration and pass the received data packet to the SIP processing component if the data packet conforms to the permitted configuration. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of managing network communications to a Session Initiation Protocol (SIP) server capable of SIP processing using a SIP stack based on a received data packet, the method comprising:
-
receiving, at an access control component programmatically located between an Internet Protocol (IP) processing component and network processing component in an IP stack and below the SIP stack, a data packet from a network device, the data packet comprising data indicative of fragmentation information, transport protocol information and SIP data; determining, at the access control component, whether the network device is a device recognized by the SIP server; and responsive to a determination that the network device is a device that is not recognized by the SIP server and before SIP processing using the SIP stack; determining, at the access control component, whether the data packet conforms to a permitted configuration, said permitted configuration comprising at least that said data indicative of fragmentation information and transport protocol information indicates an unfragmented User Datagram Protocol (UDP) packet and that at least a portion of data indicative of SIP data in the received data packet matches a parsing rule based on data indicative of a REGISTER request; discarding, at the access control component, the received data packet if it is determined that the data packet does not conform to the permitted configuration; and passing, at the access control component, the received data packet for SIP processing by the SIP stack if it is determined that the data packet does conform to the permitted configuration.
-
Specification