Compatibility of Cirpack's trunks with TOPOS in Kamailio

[Stell0]

Cirpack enforces a security mechanism where outbound INVITE requests must be pre-registered and conform to specific parameters. If these conditions are not met, the system does not respond with an "Auth Required" but instead outright rejects the call.

Current Setup
TOPOS Module Usage:

We utilize the TOPOS module in Kamailio to handle packet compaction (avoiding potential MTU issues) and for security purposes (hiding the network topology).
Per the documentation, REGISTER and PUBLISH requests are bypassed by TOPOS and are expected to terminate on a local SIP server.
Observed Behavior:

The REGISTER request correctly includes two VIA headers, as there are two hops, revealing the backend topology behind Kamailio.
The INVITE request, however, undergoes "topossification," hiding the network topology as intended.
Problem
If we attempt to mask the VIA headers in the REGISTER request for consistency with INVITE, it is unclear whether Kamailio will still be able to handle:

Incoming Calls via Trunk: If the REGISTER request lacks sufficient information, the system might fail to process incoming calls correctly.
Replies Routing: Without accurate state tracking, Kamailio might not route the responses to their intended destinations.
Potential Solutions
State Preservation with Key-Value Store:

Save critical data (e.g., VIA headers) from the REGISTER request in a key-value store like $shv.
Before processing a reply, restore the saved headers using msg_apply to enable proper routing.
This approach requires thorough testing to validate its effectiveness and ensure it handles edge cases (e.g., retries, network disruptions).
Custom SIP Header in Asterisk:

Implement a custom SIP header in Asterisk to instruct Kamailio not to activate TOPOS for specific trunks.
This solution has been used successfully in the past and could provide a quicker workaround if compatible with the current scenario.

[Stell0]

We choose to implement the 2nd solution:

• add an hook to trunks module to add custom "topos=0" sip header
• with the occasion, also the "isTrunk=1" header should be exposed in trunk page as well
• default for those two header should be added to nethvoice certified trunks
• hook to intrface could be added in nethcti3 freepbx module

[Stell0]

Test case:
1.

• update a nethvoice with trunk that has a trunk that uses proxy and have srtp disabled
• make a call and verify that isTrunk=1 header is sent in invite from asterisk to kamailio

• from wizard, create a trunk that has srtp disabled by default
• check that isTrunk=1 header is sent

• check that topos=0 and isTrunk=1 headers can be enabled/disabled from freepbx -> connectivity -> trunks -> pjsip settins -> advanced

• check that topos=0 and isTrunk=1 headers, if enabled for a trunk, are sent to first invite when the outgoing call start, but not in the invite of call transfer

• make an outgoing call using a trunk that requires isTrunk=1 or topos=0 headers
• transfer the call to a physical phone that requires srtp
• check audio works