What, if anything, should the SER server do with a
OPTIONS method?
I am receiving this method, from a phone, right after the
phone makes a conversation. That is, the final ACK is
sent from the phone and a call is in progress when the phone decides
to send an OPTIONS message. I thought OPTIONS was a pre-call
sort of thing, not for the current call.
Anyway, I thought I could just capture the OPTIONS method and send
a 486 busy reply with sl_send_reply(). Didn't work.
---greg
Hello all
I am using SER as a proxy server.
Please let's consider the following scenario
1/ Step 1
A UAC registers to SER
---------
| SER |
---------
^
| REGISTER for 'service(a)logical-element.domain' contact
'service@host'
|
|
---------
| UAC |
---------
2/ Step 2
Another UAC tries to reach the previously registered user BUT WITH
PRIVATE PARAMETERS in request URI
----------
| UAC |
----------
|
|
INVITE service(a)logical-element.domain;param1=value1;param2=value2
v
---------
| SER |
---------
|
| INVITE service@host (sol 1)
| or INVITE service@host;param1=value1;param2=value2 (sol 2)
v
---------
| UAC |
---------
The translation from service(a)logical-element.domain to service@host is
done in SER using 'lookup'.
3/ Problem :
I observe that SER when translating the user@host part of the request
URI does not recopy the private parameters,
what I expected it to do.
=> I can not find any clear position in RFC 3261 (from my understanding
of the RFC).
Is it a bug in SER or does SER really implement the behaviour a standard
SIP proxy should have ?
Thanks for your answers
--
David Rio
Alcatel CIT - Rennes
ASD France
33 2 99 87 47 18
hi, I have just today started playing with SIPS at work and found ser fun.
BTW, all the following is done with micro$oft messenger 4.6 for testing (eugh!)
I have set it all up at home and am trying to connect from work. I know the
connection is getting through the firewall because a tcpdump shows all the
expected results, and I know that ser is running ok, because I can login from
my home workstations.
Does ser do any sort of access control based on ip addresses that may be
causing it to reject my external connections?
Also, I have set up the realm with mysql authentication and I can communicate
with others on the same domain, but should I be able to communicate with
other sips users of other private networks (as long as they allow it) without
any configuration.
Do I have to do something to make that work?
cheers, and well done with a very easy to quick to install product, my boss
loves it
--
Mat Harris OpenGPG Public Key ID: C37D57D9
mat.harris(a)genestate.com www.genestate.com
Hi!
I have writen a module, may be somebody is interested in it.
It is used to determinate if a user has appropriate permission to establish a
call. The permissions can be managed in configuration files very simular to
hosts.allow and hosts.deny. Every value in the configuration files are regular
expresions, so it is easy to define rules.
Example for a rule:
"^sip:361[0-9]*@abc.com$" EXCEPT "^sip:.*3@abc.com$", "^sip:.*4@abc.com$" : ALL
Every PSTN endpoint beginning with 361 except those ending with 3 or 4 can
establish calls with everybody.
In general: from_list [EXCEPT from_list] : to_list [EXCEPT to_list]
from_list and to_list are comma separated expressions
Expressions are treated as case insensitive POSIX Extended RegularExpressions.
Keyword ALL matches any expression.
--
---------------------------------------------------------------------------
Miklos Tirpak
Computer and Automation Research Institute e-mail : mtirpak(a)sztaki.hu
of the Hungarian Academy of Sciences phone : (361) 279-6011
H-1132. Budapest, Victor Hugo u 18-22 fax : (361) 279-6021
Hi,
I am thinking of locking the user hardphone MAC Address onto Layer 2 Switch level. This way even if the user move around their phone, it will be blocked.
The disadvantage is that it will create opreration nightmare and will only work in ETTx environment. In a broadband wireless environment, there may be no layer 2 switch in between the network and subsriber.
There are 2 categories of subscribers. One is only want to use their home phone just like what the legacy voice network do. They won't bother to know about username/password. (For example illiterate elderly citizen). I must cater for these kind of users. Yet provide a secure environment for them.
Another is subscribers who want to have more flexibility. They may have hardphone, softphone, pda, notebook who can logon everywhere in the on-net network.
These users may have more than one phone number to their home per user account. These users will have to be reseponsile for their username/password.
I am looking for all possibbilities and limitations there is before drawing any implementation plan.
So far, my testing is working well. SER, Cisco 7960, ATA186, Cisco Voice Gateway, Softphone/IPAQ w/WLAN, MSN Messenger, etc
Thanks
SSng
-----Original Message-----
From: Jan Janak [mailto:jan@iptel.org]
Sent: Tuesday, March 11, 2003 7:30 PM
To: Ng, Soo Sim
Cc: Jiri Kuthan; serusers(a)lists.iptel.org
Subject: Re: [Serusers] multiple registration on one user login
Hello,
do you still need such a restriction ?
Jan.
On 10-03 11:12, Ng, Soo Sim wrote:
> Thanks to all giving your thought and advice.
>
> SSng
>
> -----Original Message-----
> From: Jiri Kuthan [mailto:jiri@iptel.org]
> Sent: Thursday, March 06, 2003 6:49 AM
> To: Ng, Soo Sim; serusers(a)lists.iptel.org
> Subject: RE: [Serusers] multiple registration on one user login
>
>
> Hello,
>
> I fear that such a case can't be avoided with allowing only
> a single registration. If I steal your phone away from your
> desk, you will not register with it anymore, but I will and
> we will have exactly one valid registration. Leaving SIP
> phones with hard-wired passwords on your desk has simply the
> same potential as leaving your credit-card or cell-phone there.
>
> What can be done about fraud?
>
> User education -- don't leave your money and phone unattended.
> Hotline -- report stolen phones to lock the account.
> PIN Lock -- use phones which can log-off and log-on (I'm not aware
> of any now -- only 3com used to do that)
>
> -Jiri
>
> ps -- ability to move is a feature. I know people who are very glad
> to use Vonage's US phone number and move with their ATAs and the
> US phone number around in Europe.
>
> At 11:37 PM 3/5/2003, Ng, Soo Sim wrote:
> >Jiri,
> >
> >Scenario is providing IP Telephony to the household.
> >I am more concern about the security of the Hardphone. I am thinking of auto-provisioned the hardphone (eg C7960, ATA186) without subsriber intervention. What the subscriber know is their phone # (Just like legacy phone system).
> >
> >Since the Hardphone is 'hard-coded', the phone can move round the vicinity of the redisential area and still able to make a call. Potentially this will lead to abuse, as someone may take the phone to a different location when owner is not around and make a 'free' call, return back the phone and the billing still charge the original subsriber.
> >
> >Any other suggestion to counter this issue is much appreacited.
> >
> >SSng
> >
> >-----Original Message-----
> >From: Jiri Kuthan [mailto:jiri@iptel.org]
> >Sent: Wednesday, March 05, 2003 12:18 AM
> >To: Ng, Soo Sim; serusers(a)lists.iptel.org
> >Subject: Re: [Serusers] multiple registration on one user login
> >
> >
> >At 03:08 PM 3/4/2003, Ng, Soo Sim wrote:
> >>I have such requirements. In providing sip-based residential ip telephony, I would like to restrict each home subsriber is only allowed to register one UA per account. This would make easy for billing purposes and for security reasons.
> >>
> >>Is there a way to achieve this requirement with SER?
> >
> >If that is your desparate wish, it is little overhead to make you happy.
> >I'm still not sure though, it is a useful thing.
> >
> >Maybe an operator can make more revennues if my wife can accept calls at
> >any phone in my building and initiate calls in parallel with my doughter.
> >
> >What are exactly the billing/security reasons here?
> >
> >-Jiri
>
> --
> Jiri Kuthan http://iptel.org/~jiri/
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
Sorry, auth was excluded from compilation by default.
Either update sip_router/Makefile from the repository
or edit sip_router/Makefile, look for line containing excluded_modules,
remove auth from it and do again make all.
Jan.
PS: Please CC the mailing list too.
On 12-03 16:39, David Beckemeyer wrote:
>
> Thanks for your help.
>
> For some reason modules/auth/auth.so didn't get built so that ser.cfg
> doesn't start.
>
> ser: ERROR: load_module: could not open module <./modules/auth/auth.so>: ./modules/auth/auth.so: cannot open shared object file: No such file or directory
> ser: parse error (40,13-36): failed to load module
> ser: parse error (92,26-27): unknown command, missing loadmodule?
> ser: INFO: signal 15 received
>
> It looks like the Makefile nevver tried to build that module.
>
> Other modules got built, as follows:
> modules/acc/acc.so
> modules/auth_db/auth_db.so
> modules/dbtext/dbtext.so
> modules/domain/domain.so
> modules/enum/enum.so
> modules/exec/exec.so
> modules/group/group.so
> modules/maxfwd/maxfwd.so
> modules/pike/pike.so
> modules/print/print.so
> modules/registrar/registrar.so
> modules/rr/rr.so
> modules/sl/sl.so
> modules/textops/textops.so
> modules/tm/tm.so
> modules/uri/uri.so
> modules/usrloc/usrloc.so
> modules/vm/vm_mod.so
>
> On Thu, Mar 13, 2003 at 01:15:26AM +0100, Jan Janak wrote:
> > Hello David,
> >
> > attached please find updated ser.cfg with authentication enabled using
> > plaintext files instead of mysql.
> >
> > Do the following:
> > 1) Get the latest CVS snapshot (yes, again)
> > 2) Compile it, but do not install it (don't do make install)
> > 3) Create a directory where your plaintext files containing database
> > tables will be stored
> > 4) Put attached "subscriber" and "location" files in the directory
> > 5) Edit attached ser.cfg
> > 6) Replace /home/janakj/ser with path to the directory (2 occurrencies)
> > 7) save ser.cfg in sip_router directory (the CVS snaphot)
> > 7) Edit subscriber and replace jan with your username, heslo with your
> > password and iptel.org with your domain
> > 8) cd sip_router
> > 9) ./ser -f ser.cfg
> >
> > Please report any problems to us.
> >
> > Jan.
> >
> > PS: See sip_router/modules/dbtext/Readme for description of format of
> > the plaintext files.
> >
> > On 12-03 13:57, David Beckemeyer wrote:
> > >
> > > Unstable indeed. I built SER from CVS and even using the
> > > stock (no DB) ser.cfg, it won't start, and reports:
> > >
> > > ERROR: bad config file (16 errors)
> > >
> > > ser: parse error (36,13-47): failed to load module
> > > ser: set_mod_param(): Parameter not found
> > > ser: parse error (46,34-35): Can't set module parameter
> > > ser: parse error (70,36-37): unknown command, missing loadmodule?
> > > ser: parse error (71,38-39): unknown command, missing loadmodule?
> > > ser: parse error (75,41-42): unknown command, missing loadmodule?
> > > ser: parse error (80,19-20): unknown command, missing loadmodule?
> > > ser: parse error (95,19-20): unknown command, missing loadmodule?
> > > ser: parse error (100,25-26): unknown command, missing loadmodule?
> > > ser: parse error (101,36-37): unknown command, missing loadmodule?
> > > ser: parse error (106,15-16): unknown command, missing loadmodule?
> > > ser: parse error (107,18-19): unknown command, missing loadmodule?
> > > ser: INFO: signal 15 received
> > >
> > > On Wed, Mar 12, 2003 at 08:40:04PM +0100, Daniel-Constantin MIERLA wrote:
> > > >
> > > >
> > > > Hello,
> > > > see dbtext for that. But notice that the module has not been thoroughly
> > > > tested. It is not included in v0.8.10 so you have to use a CVS snapshot
> > > > which is quite unstable these days due to lots of changes. If you want
> > > > to use it before the new release of ser is out you might get weird
> > > > situations, but you can provide us some help with testing ... It is your
> > > > choice ...
> > > >
> > > > -.-
> > > > Best regards,
> > > > Daniel
> > > >
> > > >
> > > > David Beckemeyer wrote:
> > > >
> > > > >I'm trying to get SER up and I need auth. I'm not a Mysql user
> > > > >and, frankly, I'd rather not need to learn it, just to get
> > > > >authentication support. I wish there were a middle-ground
> > > > >between no-auth at all and a full-blown Mysql installation.
> > > > >
> > > > >I tried the Cookbook approach, using Dan Austin's HOWTO for
> > > > >setting up Mysql for SER, but the commands do not work as shown
> > > > >so I'm left with learning Mysql through and through to debug
> > > > >why those cookbook commands don't work.
> > > > >
> > > > >I'm very familiar with SIP and I want to test SER, not a new Sql
> > > > >server DB engine. It seems like Mysql is a distraction to that
> > > > >effort.
> > > > >
> > > > >Is anyone working on something like a flat-file module to
> > > > >replace Mysql? Any pointers for the best place to start on
> > > > >developing such a module (i.e. shortcuts)?
> > > > >
> > > > >Thanks,
> > > > >
> > > > > - david
> > > > >
> > > > >_______________________________________________
> > > > >Serusers mailing list
> > > > >serusers(a)lists.iptel.org
> > > > >http://lists.iptel.org/mailman/listinfo/serusers
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Serusers mailing list
> > > > serusers(a)lists.iptel.org
> > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers(a)lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
>
> > #
> > # $Id: dbtext.cfg,v 1.2 2003/03/13 00:07:28 janakj Exp $
> > #
> > # simple quick-start config script
> > #
> >
> > # ----------- global configuration parameters ------------------------
> >
> > debug=3 # debug level (cmd line: -dddddddddd)
> > fork=yes
> > log_stderror=no # (cmd line: -E)
> >
> > /*
> > debug=7
> > fork=no
> > log_stderror=yes
> > */
> >
> > check_via=no # (cmd. line: -v)
> > dns=no # (cmd. line: -r)
> > rev_dns=no # (cmd. line: -R)
> > port=5060
> > children=4
> > fifo="/tmp/ser_fifo"
> >
> > # ------------------ module loading ----------------------------------
> >
> > # Uncomment this if you want to use SQL database
> > loadmodule "./modules/dbtext/dbtext.so"
> >
> > loadmodule "./modules/sl/sl.so"
> > loadmodule "./modules/tm/tm.so"
> > loadmodule "./modules/rr/rr.so"
> > loadmodule "./modules/maxfwd/maxfwd.so"
> > loadmodule "./modules/usrloc/usrloc.so"
> > loadmodule "./modules/registrar/registrar.so"
> >
> > # Uncomment this if you want digest authentication
> > # mysql.so must be loaded !
> > loadmodule "./modules/auth/auth.so"
> > loadmodule "./modules/auth_db/auth_db.so"
> >
> > # ----------------- setting module-specific parameters ---------------
> >
> > # -- usrloc params --
> >
> > #modparam("usrloc", "db_mode", 0)
> >
> > # Uncomment this if you want to use SQL database
> > # for persistent storage and comment the previous line
> > modparam("usrloc", "db_mode", 1)
> > modparam("usrloc", "db_url", "/home/janakj/ser")
> > modparam("auth_db", "db_url", "/home/janakj/ser")
> >
> > # -- auth params --
> > # Uncomment if you are using auth module
> > #
> > modparam("auth_db", "calculate_ha1", yes)
> > #
> > # If you set "calculate_ha1" parameter to yes (which true in this config),
> > # uncomment also the following parameter)
> > #
> > modparam("auth_db", "password_column", "password")
> >
> > # ------------------------- request routing logic -------------------
> >
> > # main routing logic
> >
> > route{
> >
> > # initial sanity checks -- messages with
> > # max_forwards==0, or excessively long requests
> > if (!mf_process_maxfwd_header("10")) {
> > sl_send_reply("483","Too Many Hops");
> > break;
> > };
> > if (len_gt( max_len )) {
> > sl_send_reply("513", "Message too big");
> > break;
> > };
> >
> > # Do strict routing if pre-loaded route headers present
> > loose_route();
> >
> > # if the request is for other domain use UsrLoc
> > # (in case, it does not work, use the following command
> > # with proper names and addresses in it)
> > if (uri==myself) {
> >
> > if (method=="REGISTER") {
> > if (!www_authorize("", "subscriber")) {
> > www_challenge("", "0");
> > break;
> > };
> >
> > save("location");
> > break;
> > };
> >
> > # native SIP destinations are handled using our USRLOC DB
> > if (!lookup("location")) {
> > sl_send_reply("404", "Not Found");
> > break;
> > };
> > };
> > # forward to current uri now
> > if (!t_relay()) {
> > sl_reply_error();
> > };
> >
> > }
> >
>
> > user(str) contact(str) expires(int) q(double) callid(str) cseq(int)
>
> > username(str) password(str) ha1(str) domain(str) ha1b(str)
> > jan:heslo:xxx:iptel.org:xxx
> >
>
>
>
I'm trying to get SER up and I need auth. I'm not a Mysql user
and, frankly, I'd rather not need to learn it, just to get
authentication support. I wish there were a middle-ground
between no-auth at all and a full-blown Mysql installation.
I tried the Cookbook approach, using Dan Austin's HOWTO for
setting up Mysql for SER, but the commands do not work as shown
so I'm left with learning Mysql through and through to debug
why those cookbook commands don't work.
I'm very familiar with SIP and I want to test SER, not a new Sql
server DB engine. It seems like Mysql is a distraction to that
effort.
Is anyone working on something like a flat-file module to
replace Mysql? Any pointers for the best place to start on
developing such a module (i.e. shortcuts)?
Thanks,
- david
Hi,
I saw many changes in CVS about radius. Is there any progress for radius?
The radius modules from release 0.8.10 are unfortunately not usable.
It seems there will be some fundamental changes in terms of radius_auth and
radius_acc. How will the new structure look?
Best regards
Yang