Hello All.
I found this posting from April 2004 which shows the use of macros and named
constants.
http://lists.iptel.org/pipermail/serdev/2004-April/001838.html
I'd like to use these in my ser.cfg, but when I do I get syntax errors upon
restarting ser.
Can anyone tell me how to use something like:
define('SER_IP', '192.168.0.1')
Regards,
Paul
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
Sorry if this is a re-post, I did not see it come through the list in
the almot 24 hours since I sent it. Could someone please help me with
this? I am running SER 0.8.14 and
Freeradius 1.0.0. They are on sperate servers, but I can use
radiusclient on the SER box and succesfully authenticate a test
account on the remote radius box. When my sipura spa-200 trys to
register to SER, SER does not appear to be making a request to radius.
I have followed the ser-radius how-to, and still no good. Below are my
configs and debug. Thank you all for the help that you have given me
in the past and hopefully someone can help with this question.
Config
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
#fork=yes
log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
alias=****************
alias=*****************
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
loadmodule "/usr/local/lib/ser/modules/group_radius.so"
loadmodule "/usr/local/lib/ser/modules/pa.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/msilo.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
# -- auth radius params --
modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
# -- URI radius params --
modparam("uri_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("uri_radius", "service_type", 10)
# -- Group radius params --
modparam("group_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("group_radius", "use_domain", 0)
# -- Presence params --
modparam("pa", "default_expires", 3600)
# -- Nathelper params --
modparam("nathelper", "natping_interval", 10)
# -- Msilo params --
modparam("msilo", "db_url", "sql://ser:********@*********/ser")
modparam("msilo", "db_table", "silo")
modparam("msilo", "expire_time", 36000)
modparam("msilo", "check_time", 20)
modparam("msilo", "clean_period", 3)
modparam("msilo", "use_contact", 1)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
# if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!radius_www_authorize("")) {
www_challenge("", "0"); # I have also
tried 1 in place of 0 #
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
# };
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
SER debug:
6(16294) SIP Request:
6(16294) method: <REGISTER>
6(16294) uri: <sip:192.168.1.119>
6(16294) version: <SIP/2.0>
6(16294) parse_headers: flags=1
6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16
6(16294) end of header reached, state=5
6(16294) parse_headers: Via found, flags=1
6(16294) parse_headers: this is the first via
6(16294) After parse_msg...
6(16294) preparing to run routing scripts...
6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header
6(16294) parse_headers: flags=128
6(16294) end of header reached, state=9
6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119]
6(16294) DEBUG: to body [test <sip:test@192.168.1.119>
]
6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER>
6(16294) DEBUG: is_maxfwd_present: value = 70
6(16294) DEBUG: add_param: tag=79b50153b98e6976
6(16294) end of header reached, state=29
6(16294) parse_headers: flags=256
6(16294) DEBUG: get_hdr_body : content_length=0
6(16294) found end of header
6(16294) find_first_route(): No Route headers found
6(16294) loose_route(): There is no Route HF
6(16294) check_nonce(): comparing
[414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and
[414c90ab7f933a6b3c06a4bbbca22ce39fbf8012]
10(16299) MSILO:clean_silo: cleaning stored messages - 20
Let's say I have 2 SER servers (ser1 and ser2). Both save to the same MySQL
location table and both use t_replicate to let each other know about new
REGISTER's. Lets say ser1 gets a REGISTER from a client and then calls
t_replicate to send it over to ser2 and both call save("location"). Doesn't
that cause ser1 and ser2 to write the same record at about the same time to
MySQL? Is there any way to prevent doubling the number of database writes?
Does anyone know what the replicate column is for in the location table?
----------------------------------------
Michael Shuler, C.E.O.
BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP)
682 High Point Lane
East Peoria, IL 61611
Office: (217) 585-0357
Cell: (309) 657-6365
Fax: (309) 213-3500
E-Mail: mike(a)bwsys.net
Customer Service: (877) 976-0711
At 11:32 PM 10/3/2004, Michael Shuler wrote:
>That's what I was looking for except SER seems to not like it as a global
>config option, is it supposed to be an option for a particular module?
its not a global option. it is an action. if you wish to use it all the
time, call it in beginning of your script.
>I do agree that the Via line should show the correct values in it and that
>is true of all of my other NAT'ed clients who sit behind LinkSys, Netgear,
>etc. routers. However also in RFC3581 shows how symmetric NAT is to work
>and although a client *should* be able to detect its IP/PORT that the NAT
>router will be using for it, it does state that this is not bullet proof and
>the proxy should compensate for it i.e. the force_rport option. Please let
>me know if I am misunderstanding the RFC.
You are not interpreting it entirely correctly. RFC3581 does not override
RFC2361. Again, using force_rport will break will RFC-3581-unaware clients
that don't happen to be symmetric.
-jiri
At 10:59 PM 10/3/2004, Michael Shuler wrote:
>SER doesn't seem to be returning the Unauthorized message to the correct
>port, but it does get at least the right IP.
It does return the replies to correct port. RFC3261 mandates the replies
to be sent to the port advertised in Via, which is implicitely 5060.
Solid clients are symmetric and advertise it as specified in RFC3581;
then SER sends replies back symmetrically. You can force it do it
anyhow using force_rport at the risk of confusing non-symmetric clients.
-jiri
> You will notice the REGISTER
>is received on 216.43.27.75:56059 but the Unauthorized is sent back to
>216.43.27.75:5060. Is there any way to get SER to send back to the correct
>port so symmetrical NAT will work correctly?
>
>
>
>
>U 216.43.27.75:56059 -> 198.88.216.87:5060
> REGISTER sip:bwsys.net SIP/2.0..Via: SIP/2.0/UDP
>192.168.1.119:5060;branch=z9hG4bK2309979991..From: SafeWayLine1
><sip:SafeWayLi
> ne1(a)bwsys.net>;tag=1023220770..To: SafeWayLine1
><sip:SafeWayLine1@bwsys.net>..Call-ID: 3966543944@192.168.1.119..CSeq: 15
>REGIS
> TER..Contact: <sip:SafeWayLine1@192.168.1.119:5060>..max-forwards:
>70..user-agent: Azacall200..expires: 60..Content-Length: 0..
> ..
>
>#
>U 198.88.216.87:5060 -> 216.43.27.75:5060
> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
>192.168.1.119:5060;branch=z9hG4bK2309979991;received=216.43.27.75..From:
>SafeWayLine
> 1 <sip:SafeWayLine1@bwsys.net>;tag=1023220770..To: SafeWayLine1
><sip:SafeWayLine1@bwsys.net>;tag=ceb07c727e9d78dd71cafc9196e2f4
> a7.535c..Call-ID: 3966543944@192.168.1.119..CSeq: 15
>REGISTER..WWW-Authenticate: Digest realm="bwsys.net", nonce="416067d1a3983
> 6e4022698b6217bab605b990a18", qop="auth"..Server: Sip EXpress router
>(0.8.14 (i386/linux))..Content-Length: 0....
>
>
>----------------------------------------
>
>Michael Shuler, C.E.O.
>BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP)
>682 High Point Lane
>East Peoria, IL 61611
>Office: (217) 585-0357
>Cell: (309) 657-6365
>Fax: (309) 213-3500
>E-Mail: mike(a)bwsys.net
>Customer Service: (877) 976-0711
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
SER doesn't seem to be returning the Unauthorized message to the correct
port, but it does get at least the right IP. You will notice the REGISTER
is received on 216.43.27.75:56059 but the Unauthorized is sent back to
216.43.27.75:5060. Is there any way to get SER to send back to the correct
port so symmetrical NAT will work correctly?
U 216.43.27.75:56059 -> 198.88.216.87:5060
REGISTER sip:bwsys.net SIP/2.0..Via: SIP/2.0/UDP
192.168.1.119:5060;branch=z9hG4bK2309979991..From: SafeWayLine1
<sip:SafeWayLi
ne1(a)bwsys.net>;tag=1023220770..To: SafeWayLine1
<sip:SafeWayLine1@bwsys.net>..Call-ID: 3966543944@192.168.1.119..CSeq: 15
REGIS
TER..Contact: <sip:SafeWayLine1@192.168.1.119:5060>..max-forwards:
70..user-agent: Azacall200..expires: 60..Content-Length: 0..
..
#
U 198.88.216.87:5060 -> 216.43.27.75:5060
SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
192.168.1.119:5060;branch=z9hG4bK2309979991;received=216.43.27.75..From:
SafeWayLine
1 <sip:SafeWayLine1@bwsys.net>;tag=1023220770..To: SafeWayLine1
<sip:SafeWayLine1@bwsys.net>;tag=ceb07c727e9d78dd71cafc9196e2f4
a7.535c..Call-ID: 3966543944@192.168.1.119..CSeq: 15
REGISTER..WWW-Authenticate: Digest realm="bwsys.net", nonce="416067d1a3983
6e4022698b6217bab605b990a18", qop="auth"..Server: Sip EXpress router
(0.8.14 (i386/linux))..Content-Length: 0....
----------------------------------------
Michael Shuler, C.E.O.
BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP)
682 High Point Lane
East Peoria, IL 61611
Office: (217) 585-0357
Cell: (309) 657-6365
Fax: (309) 213-3500
E-Mail: mike(a)bwsys.net
Customer Service: (877) 976-0711
I made a copy of the location table for users having a mailbox.
While getting the data from the Database,
ser crashes.
ser.cfg
-----
if ( lookup(voicemail) ) {
}
syslog(DEBUG 10)
-----
Oct 3 13:48:39 ser04 /usr/sbin/ser[16453]: query="select
username,contact,expires,q,callid,cseq,replicate,state,flags,user_agent
from voicebox "
Oct 3 13:48:59 ser04 exiting on signal 15
strace -f
-----
18845 read(4, "\0078702713\30sip:123456@217.11.29.3"...,69)=69
18845 read(4, "\1\0\0\275", 4) = 4
18845 read(4, "\376", 1) = 1
18845 --- SIGSEGV (Segmentation fault) ---
18845 +++ killed by SIGSEGV +++
DB has 5299 rows.
some of the Callids are "NULL". After updating the Entry for Callid with
a random
Id ser starts as usual.
Any Ideas?
Greets
Markus
I want to log ONLY authentication failures but I can't figure out how to
detect a failure from www_authorize() after a www_challenge() has been
issued. Does www_authorize() return different values if the challenge info
is already in there and it really did fail the lookup? Looking at the
source code I don't see where it does. Here is what I propose gets added:
www_authorize would return the following:
-2 NEEDS_CHALLENGE
-1 NOT_AUTHORIZED
0 ERROR
1 AUTHORIZED
Line 174 of authorize.c in the auth_db module I added the following but it
wouldn't compile and I'm not really sure why since its part of the enum:
case NO_CREDENTIALS return -2;
BUT if that did work here is an example of a piece of ser.cfg that would
work...
if(method == "REGISTER" && uri == myself)
{
# Make sure they are a valid user on our proxy
if(www_authorize("bwsys.net", "sipfriends") == -2)
{
www_challenge("bwsys.net", "1");
break;
}
elseif(www_authorize("bwsys.net", "sipfriends") == -1)
{
xlog("L_INFO", "Authentication Failed For
%ct, URI = %ru");
}
elseif(www_authorize("bwsys.net", "sipfriends") == 0)
{
xlog("L_INFO", "Internal Authentication
Failure For %ct, URI = %ru");
}
else
{
save("location");
break;
};
};
----------------------------------------
Michael Shuler, C.E.O.
BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP)
682 High Point Lane
East Peoria, IL 61611
Office: (217) 585-0357
Cell: (309) 657-6365
Fax: (309) 213-3500
E-Mail: mike(a)bwsys.net
Customer Service: (877) 976-0711
I am trying to RUN a SER SIP proxy and to start a serweb. I have
done everything but the web interface is not working. When I enter the
username and password - nothing happens abd I dont know where to look
for error logging. can yu please explaim it to me ?
