Needless to say the SIP work has suffered due to ADR.
I am trying to calm down and make progress. However, I have got it properly recording inbound SIP registrations which check the username and password correctly.
I do however have to work out ways to handle this for external connections. You will typically have a carrier connecting in, and that may or may not be authenticated. There may also be external registered SIP devices. The problem is that if I respond to REGISTER requests asking for Authorization details then people will sip-vicious the FireBrick.
We actually put this code on a brick last night and by morning it was under attack.
Obviously we make sure attacks don't work by blacklisting source IPs and so on. But that does not stop someone trying.
So we have to come up with a more cunning approach to handle this. I suspect we have to check the from/to details are sensible before returning a 401, and if not sensible then not reply to external requests.
Some pondering needed :-)
Anyway, next bit of code is outgoing registrations (i.e. to a carrier).
Once that is done - we get on to actually making calls, which is where it gets to be fun...