sr-users February 2005

sr-users@lists.kamailio.org

215 participants
467 discussions

[Serusers] serctl moni question : REGISTER PROBLEM?

by Ricardo Martinez

Thanks Chris. Now you mention, in fact i was doing some ethereal debugs and i have found some problems with my REGISTER's messages, specially from NAT'd endpoints. Could this be the cause of the increasing number of "WAITING" in my monitor? I'm seeing this debug from a REGISTER transaction:: U 200.xx.xx.xx:5060 -> xx.xx.154.35:5060 REGISTER sip:sip.mydomain.com SIP/2.0. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-a2202b91. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 33 REGISTER. Max-Forwards: 70. Authorization: Digest username="Username1",realm="sip.mydomain.com",nonce="420d1c9d4b50d5cd531d756 e150514fdf7075880",uri="sip:5555848141@sip.mydomain.com",algorithm=MD5,respo nse="075c1cee957db126b0ea06ac88b25f22",qop=auth,nc=00000002,cnonce="394307ed ". Contact: 5555848141 <sip:5555848141@200.xx.xx.xx:5060>;expires=600. Warning: 399 spa "Restricted Cone NAT Dectected". User-Agent: Linksys/RT31P2-2.0.10(LIc). Content-Length: 0. Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER. Supported: x-sipura. . ## U xx.xx.154.35:5060 -> 200.xx.xx.xx:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-a2202b91. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=6eb14299de2cc731d173c135064daec5.4858. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 33 REGISTER. WWW-Authenticate: Digest realm="sip.mydomain.com", nonce="420d1ef86fb6cf9709576f1e81b628556d3c932e", qop="auth", stale=true. Server: Sip EXpress router (0.8.14-3 (i386/linux)). Content-Length: 0. Warning: 392 xx.xx.154.35:5060 "Noisy feedback tells: pid=18215 req_src_ip=200.xx.xx.xx req_src_port=5060 in_uri=sip:sip.mydomain.com out_uri=sip:sip.mydomain.com via_cnt==1". . ## U 200.xx.xx.xx:5060 -> xx.xx.154.35:5060 REGISTER sip:sip.mydomain.com SIP/2.0. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-a2202b91. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 33 REGISTER. Max-Forwards: 70. Authorization: Digest username="Username1",realm="sip.mydomain.com",nonce="420d1c9d4b50d5cd531d756 e150514fdf7075880",uri="sip:5555848141@sip.mydomain.com",algorithm=MD5,respo nse="c145f825cc6c14e1e27b6b17f1b2c332",qop=auth,nc=00000003,cnonce="394307ed ". Contact: 5555848141 <sip:5555848141@200.xx.xx.xx:5060>;expires=600. Warning: 399 spa "Restricted Cone NAT Dectected". User-Agent: Linksys/RT31P2-2.0.10(LIc). Content-Length: 0. Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER. Supported: x-sipura. . ## U xx.xx.154.35:5060 -> 200.xx.xx.xx:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-a2202b91. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=6eb14299de2cc731d173c135064daec5.4858. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 33 REGISTER. WWW-Authenticate: Digest realm="sip.mydomain.com", nonce="420d1ef86fb6cf9709576f1e81b628556d3c932e", qop="auth", stale=true. Server: Sip EXpress router (0.8.14-3 (i386/linux)). Content-Length: 0. Warning: 392 xx.xx.154.35:5060 "Noisy feedback tells: pid=18214 req_src_ip=200.xx.xx.xx req_src_port=5060 in_uri=sip:sip.mydomain.com out_uri=sip:sip.mydomain.com via_cnt==1". . ## U 200.xx.xx.xx:5060 -> xx.xx.154.35:5060 REGISTER sip:sip.mydomain.com SIP/2.0. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-a2202b91. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 33 REGISTER. Max-Forwards: 70. Authorization: Digest username="Username1",realm="sip.mydomain.com",nonce="420d1c9d4b50d5cd531d756 e150514fdf7075880",uri="sip:5555848141@sip.mydomain.com",algorithm=MD5,respo nse="c145f825cc6c14e1e27b6b17f1b2c332",qop=auth,nc=00000003,cnonce="394307ed ". Contact: 5555848141 <sip:5555848141@200.xx.xx.xx:5060>;expires=600. Warning: 399 spa "Restricted Cone NAT Dectected". User-Agent: Linksys/RT31P2-2.0.10(LIc). Content-Length: 0. Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER. Supported: x-sipura. . ## U xx.xx.154.35:5060 -> 200.xx.xx.xx:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-a2202b91. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=6eb14299de2cc731d173c135064daec5.4858. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 33 REGISTER. WWW-Authenticate: Digest realm="sip.mydomain.com", nonce="420d1ef937646ad8e71e1c566161be30607c89da", qop="auth", stale=true. Server: Sip EXpress router (0.8.14-3 (i386/linux)). Content-Length: 0. Warning: 392 xx.xx.154.35:5060 "Noisy feedback tells: pid=18215 req_src_ip=200.xx.xx.xx req_src_port=5060 in_uri=sip:sip.mydomain.com out_uri=sip:sip.mydomain.com via_cnt==1". . ## U 200.xx.xx.xx:5060 -> xx.xx.154.35:5060 REGISTER sip:sip.mydomain.com SIP/2.0. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-14bd512b. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 34 REGISTER. Max-Forwards: 70. Authorization: Digest username="Username1",realm="sip.mydomain.com",nonce="420d1ef86fb6cf9709576f1 e81b628556d3c932e",uri="sip:5555848141@sip.mydomain.com",algorithm=MD5,respo nse="901a43b3665d197579ed76483032841d",qop=auth,nc=00000001,cnonce="97900177 ". Contact: 5555848141 <sip:5555848141@200.xx.xx.xx:5060>;expires=600. Warning: 399 spa "Restricted Cone NAT Dectected". User-Agent: Linksys/RT31P2-2.0.10(LIc). Content-Length: 0. Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER. Supported: x-sipura. . ## U xx.xx.154.35:5060 -> 200.xx.xx.xx:5060 SIP/2.0 200 OK. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-14bd512b. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=6eb14299de2cc731d173c135064daec5.3c44. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 34 REGISTER. Contact: <sip:5555848141@200.xx.xx.xx:5060>;q=0.00;expires=600. Server: Sip EXpress router (0.8.14-3 (i386/linux)). Content-Length: 0. Warning: 392 xx.xx.154.35:5060 "Noisy feedback tells: pid=18214 req_src_ip=200.xx.xx.xx req_src_port=5060 in_uri=sip:sip.mydomain.com out_uri=sip:sip.mydomain.com via_cnt==1". . #### U 200.xx.xx.xx:5060 -> xx.xx.154.35:5060 REGISTER sip:sip.mydomain.com SIP/2.0. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-14bd512b. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 34 REGISTER. Max-Forwards: 70. Authorization: Digest username="Username1",realm="sip.mydomain.com",nonce="420d1ef86fb6cf9709576f1 e81b628556d3c932e",uri="sip:5555848141@sip.mydomain.com",algorithm=MD5,respo nse="c03835111b84859ce7a63a83f9ef5045",qop=auth,nc=00000002,cnonce="97900177 ". Contact: 5555848141 <sip:5555848141@200.xx.xx.xx:5060>;expires=600. Warning: 399 spa "Restricted Cone NAT Dectected". User-Agent: Linksys/RT31P2-2.0.10(LIc). Content-Length: 0. Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER. Supported: x-sipura. . ## U xx.xx.154.35:5060 -> 200.xx.xx.xx:5060 SIP/2.0 200 OK. Via: SIP/2.0/UDP 200.xx.xx.xx:5060;branch=z9hG4bK-14bd512b. From: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=a5e753635c69bee8o0. To: 5555848141 <sip:5555848141@sip.mydomain.com>;tag=6eb14299de2cc731d173c135064daec5.3c44. Call-ID: 316c6f5b-e5ea970f(a)192.168.0.104. CSeq: 34 REGISTER. Contact: <sip:5555848141@200.xx.xx.xx:5060>;q=0.00;expires=600. Server: Sip EXpress router (0.8.14-3 (i386/linux)). Content-Length: 0. Warning: 392 xx.xx.154.35:5060 "Noisy feedback tells: pid=18216 req_src_ip=200.xx.xx.xx req_src_port=5060 in_uri=sip:sip.mydomain.com out_uri=sip:sip.mydomain.com via_cnt==1". . Can someone help me to understand why this is happening. I don't understand why my endpoint is sending the REGISTER message with the Authentication parameters!!? I really hope that someone can help me!!! Thanks in advance. Ricardo Javier Martinez Ogalde > -----Mensaje original----- > De: Chris [mailto:ser@cannes.f9.co.uk] > Enviado el: Viernes, 11 de Febrero de 2005 15:16 > Para: 'Ricardo Martinez'; serusers(a)lists.iptel.org > Asunto: RE: [Serusers] serctl moni question. > > > I had it once (350 waiting) when I was running on a very old slow PII > machine > and I had a UA trying to re-register continuously after failure. > use ethereal to see what is coming into to your ser. > Mine was fixed by stopping continuous retries without gap > and making register succeed :)) > Chris > > -----Original Message----- > From: serusers-bounces(a)lists.iptel.org > [mailto:serusers-bounces@lists.iptel.org] On > Behalf Of Ricardo Martinez > Sent: 11 February 2005 20:06 > To: 'serusers(a)lists.iptel.org' > Subject: RE: [Serusers] serctl moni question. > > Hello again. > Have anyone idea about this issue? > Thanks! > > Ricardo Martinez.- > > > > > -----Mensaje original----- > > De: Ricardo Martinez [mailto:rmartinez@redvoiss.net] > > Enviado el: Jueves, 10 de Febrero de 2005 16:29 > > Para: 'serusers(a)lists.iptel.org' > > Asunto: [Serusers] serctl moni question. > > > > > > Hello list. > > I used the "serctl moni" command and i have found these > > statistics : > > > > > > Transaction Statistics > > Current: 0 (40 waiting) Total: 584 (0 local) > > Replied localy: 1082 > > Completion status 6xx: 27, 5xx: 7, 4xx: 212, 3xx: 0,2xx: 356 > > > > I'm particular interested in the Transactions Statics - > > Current and the 40 > > Waiting. > > Does this means something? > > > > Thanks in advance. > > > > Ricardo Martinez > > > > _______________________________________________ > > Serusers mailing list > > serusers(a)lists.iptel.org > > http://lists.iptel.org/mailman/listinfo/serusers > > > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10/02/2005 > > > -- > No virus found in this outgoing message. > Checked by AVG Anti-Virus. > Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10/02/2005 > >

19 years, 9 months

[Serusers] HELPME SER+NATHELPER+RTPPROXY

by Sergio Gerardo Festa

Hello it help that version I have to use so that operate correctly SER+NAT+RTPPROXY SER version =? Nathelper version =? Rtpproxy version=? thanks Saludos. borro

19 years, 9 months

Re: [Serusers] accessing mySQL db by means of external scripts...

by Esteban Maestre

Hi Marian, so I have to look into the internal DB API if I want to know the commands, isn't it? where can I find informaction on the internal DB API? In the code itself? Imagine I want to use the table 'preferences' -currently unused by my configuration, but created by the script- in a way I define, so I could store some users' preferences, like, for instance, which users I don't want to receive SUBSCRIBEs from, whether I want not to receive receive calls from a concrete user, etc... A user is able, my means of an instant message, activate and deactivate these preferences following concrete syntax format. Am I trying to do something wrong accessing DB by means of mySQL queries from external scripts called by means of 'exec' module? I don't know whether there is a simpler way to do so... Thanks again, Esteban > Hi Esteban, > > if you want to use DB transparently to which backend SER use, try the DB fifo commands - all commands from the internal DB API are exported via FIFO server. > > Best regards, > Marian > > Esteban Maestre wrote: >> Hi, SERusers... >> >> I have a question: in case i want to access and write into mySQL ser database tables from an external script I call by using exec_msg(), will this data remain there permanently? Will SER overwrite it? >> >> Thanks in advance... :) >> >> >> Esteban >> >> _______________________________________________ >> Serusers mailing list >> serusers(a)lists.iptel.org >> http://lists.iptel.org/mailman/listinfo/serusers >> > > -- > Voice System > http://www.voice-system.ro > > >

19 years, 9 months

[Serusers] pa and some things I've noticed, using ser 0.9.0

by Conny Holzhey

Hi all, I'm running ser on a port diffrent from 5060, and I found some confusing behaviour when dealing with presence. I've set the port in the ser.cfg file to 5059. When sending a PUBLISH message, it seems that I have to specify the port number in the message start-line, i.e. the message starts with PUBLISH sip:conny@192.168.123.2:5059 SIP/2.0, and then ser answers with 200 ok. If I skip the port number, I get a 408, Request Timeout. Is there some configuration I'm missing that would fix this? Or is this the correct behaviour? Actually I don't think that there should be a port number in the PUBLISH, as this is mixing my (client) Request-URI with the server port number. But I'm not sure, because so far I've tested my client only on the same machine than the server, and this is sometimes a bit confusing.... Same thing seems to be with REGISTER, and SUBSCRIBE, i.e. sending SUBSCRIBE sip:user@192.168.123.2:5059 SIP/2.0 works for some reason. When I get a NOTIFY from ser, there is a minor issue with the pidf document, the tuple start tag looks like <tuple id="9r28r49">ser"> When sending a subscribe with a header Expires: 0, ser seemingly doesn't send a NOTIFY. This makes sense, as this is used to indicate that the client wants to un-subscribe. On the other hand RFC 3856 says: > The subscriber can terminate the subscription by sending a SUBSCRIBE, > within the dialog, with an Expires header field (which indicates > duration of the subscription) value of zero. This causes an > immediate termination of the subscription. A NOTIFY request is then > generated by the presence agent with the most recent state. > > Is there somewhere a public server running ser/pa that I could use for testing my command-line PUA? Regards, Conny -- I'm looking for a job! Specially in telecommunication software development, testing, design, management ... preferably contract, in germany or somewhere nice. Anyone able to help, please contact me via http://holzhey.de, thanks.

19 years, 9 months

RE: [Serusers] serctl moni question.

by Ricardo Martinez

Hello again. Have anyone idea about this issue? Thanks! Ricardo Martinez.- > -----Mensaje original----- > De: Ricardo Martinez [mailto:rmartinez@redvoiss.net] > Enviado el: Jueves, 10 de Febrero de 2005 16:29 > Para: 'serusers(a)lists.iptel.org' > Asunto: [Serusers] serctl moni question. > > > Hello list. > I used the "serctl moni" command and i have found these > statistics : > > > Transaction Statistics > Current: 0 (40 waiting) Total: 584 (0 local) > Replied localy: 1082 > Completion status 6xx: 27, 5xx: 7, 4xx: 212, 3xx: 0,2xx: 356 > > I'm particular interested in the Transactions Statics - > Current and the 40 > Waiting. > Does this means something? > > Thanks in advance. > > Ricardo Martinez > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers >

19 years, 9 months

Re: [Serusers] file missing -> init.d

by info＠beeplove.com

Armando Alvarez <armando.alvarez(a)tripcomm.com> wrote on 02/11/2005, 06:32:56 PM: > Armando, 1. get a source copy of SER. 2. Unzip it 3. go to rpm directory 4. look for ser.init thats the file you need for init.d Let me know, if you need further help regarding this. -- Mohammad Khan sip:beeplove@iptel.org

19 years, 9 months

[Serusers] file missing -> init.d

by Armando Alvarez

Hello, I had installed the ser-0.8.14_linux_i386.tar.gz in my PC that is using Linux White Box. But in the 3rd point says that I have to include an init.d script. How can I create that? If somebody knows where to find it, please tell me. Its gonna be a glad notice. Regards, Armando Álvarez. Mexico City

19 years, 9 months

[Serusers] Minor Help

by Terry Mac Millan

Good day all, I am running ser-0.8.14 and sems 2004-07-27 on a Linux box with the config attached below. The way that the config stands at the moment, It currently logs BYE and PRACK traffice to syslog and the MySQL database. I have tried a few places to try to get it to log the INVITE's so that I can account for the traffic. This config is also a slightly modified version of the sample config from the SIP.edu cookbook. At current I do not have a gateway box to the PSTN. If it is possible, could someone with much more knowledge of ser assist me in cleaning up of the route statements, and provide the correct location to put the setflag(1); so that INVITE's are recorded to the accounting logs. Or if possible, someone provide a config that will do what I am looking for that I can adjust the settings to my setup and get working on my machine. Thanks Terry ----- Attached ser.cfg file ----- # ------------- version 0.8.11-0 # ------------- Initial global variables debug=3 fork=yes log_stderror=no listen=216.94.106.12 listen=127.0.0.1 # hostname matching an alias will satisfy the condition uri==myself". # dns - Uses dns to check if it is necessary to add a "received=" field # to a via. Default is no. # rev_dns - Same as dns but use reverse DNS. dns=no rev_dns=no port=5061 children=4 # check_via - Turn on or off Via host checking when forwarding replies. # Default is no. arcane. looks for discrepancy between name and # ip address when forwarding replies. check_via=yes # syn_branch - Shall the server use stateful synonym branches? It is # faster but not reboot-safe. Default is yes. #syn_branch=yes # memlog - Debugging level for final memory statistics report. Default # is L_DBG -- memory statistics are dumped only if debug is set high. memlog=3 # sip_warning - Should replies include extensive warnings? By default # yes, it is good for trouble-shooting. sip_warning=yes # fifo - FIFO special file pathname fifo="/tmp/ser_fifo" # server_signature - Should locally-generated messages include server's # signature? By default yes, it is good for trouble-shooting. server_signature=yes # reply_to_via - A hint to reply modules whether they should send reply # to IP advertised in Via. Turned off by default, which means that # replies are sent to IP address from which requests came. reply_to_via=no # user | uid - uid to be used by the server. 99 = nobody. #uid="sip" # group | gid - gid to be used by the server. 99 = nobody. gid="sip" # mhomed -- enable calculation of outbound interface; useful on # multihomed servers. mhomed=0 # ------------- external module loading loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/exec.so" loadmodule "/usr/local/lib/ser/modules/group.so" loadmodule "/usr/local/lib/ser/modules/print.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/uri.so" # ------------- tm parameters modparam("tm", "fr_timer", 12) modparam("tm", "fr_inv_timer", 24) # ------------- rr parameters # set ";lr" tag to ";lr=true" modparam("rr", "enable_full_lr", 1) # ------------- accounting parameters modparam("acc", "db_missed_flag", 3) modparam("acc", "db_flag", 1) modparam("acc", "log_missed_flag", 3) modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1) modparam("acc", "db_url", "sql://ser:xxxx@localhost/ser") modparam("acc", "report_cancels", 0) modparam("acc", "report_ack", 0) modparam("acc", "log_fmt", "cdfimorstup") modparam("acc", "failed_transactions", 1) # ------------- usrloc parameters # 2 enables write-back to persistent mysql storage for speed # disable=0, write-through=1 modparam("usrloc", "db_mode", 2) # minimize write back window - default is 60 seconds modparam("usrloc", "timer_interval", 10) # database location modparam("usrloc", "db_url", "sql://ser:xxxx@localhost/ser") # ------------- auth parameters # database location modparam("auth_db", "db_url", "sql://ser:xxxx@localhost/ser") # allows clear text passwords in the mysql database modparam("auth_db", "calculate_ha1", yes) # name of password column in mysql database modparam("auth_db", "password_column", "password") # ------------- routing logic route { # ------------- routine checks # stop forwarding at 10 hops to prevent infinite loops if (!mf_process_maxfwd_header("10")) { log(1, "LOG: Too many hops\n"); sl_send_reply("483", "Too many hops"); break; }; # prevents private ip space from being used if (search("^(Contact|m): .*(a)(192\.168\.|10\.|172\.16)")) { if (method=="REGISTER") { log(1, "LOG: Someone trying to register from private IP\n"); sl_send_reply("479", "Please don't use private IP addresses" ); break; }; }; # separate the destination r-uri from the set of proxies that must be traversed loose_route(); # if the host portion of the request uri is not local, send it directly # to route processing. if (!(uri==myself)) { route(2); break; }; # All REGISTER attempts are processed and must always be authenticated if (method=="REGISTER") { # make sure that users don't register infinite loops if (search("^(Contact|m): .*(a)(216\.94\.106\.12|(hostthe3rd\.)?rivernet\.net)")) { log(1, "LOG: alert: someone trying to set aor==contact\n"); sl_send_reply("476", "No Server Address in Contacts Allowed" ); break; }; # challenge/response if (!www_authorize("hostthe3rd.rivernet.net", "subscriber")) { www_challenge("hostthe3rd.rivernet.net", "0"); break; }; # only registered users are allowed if (!is_user("replicator") & !check_to()) { log(1, "LOG: unregistered user registration attempt\n"); sl_send_reply("403", "Only registered users are allowed"); break; }; # it is an authenticated request, update Contact database now if (!save("location")) { sl_reply_error(); }; break; }; # process traffic local to BigU and the PSTN # Find the canonical username lookup("aliases"); # check domain again, if it is not still local after the alias # table lookup, just send it on its way. We do not authenticate # traffic we forward if (!(uri=~"^sip:(.+@)?(216\.94\.106\.12|(hostthe3rd\.)?rivernet\.net)([:;\?].* )?$")) { route(5); break; }; # now check for destinations through the gateway. 911 and 9911 # are always sent to the gateway. The assumption is that other all # numeric usernames between 5 and 20 digits are really pstn numbers # and so they are routed to the gateway # if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") | (uri=~"sip:[0-9]{5,20}@.*") ) { # route(3); # break; # }; # does the user wish redirection on no availability? (i.e., is he # in the voicemail (ser->grp) group?) if (is_user_in("Request-URI", "voicemail")) { t_on_failure("4"); setflag(4); }; # handle local SIP destinations not found in usrloc db # mostly offline or non-existent users if (!lookup("location")) { route(4); break; }; # check whether some inventive user has uploaded gateway # contacts to usrloc to bypass authorization logic if (uri=~"@216\.94\.106\.1([;:].*)*" ) { log(1, "LOG: Gateway address in UsrLoc\n"); route(3); break; }; # this flag is used with the acc module to report missed calls # to syslog. setflag(3); # do it (words to live by) append_hf("P-hint: USRLOC\r\n"); if (!t_relay()) { sl_reply_error(); break; }; } /* end of initial routing logic */ # ------------- process traffic leaving BigU for Internet route[2] { # outbound requests are allowed only for registered BigU users if (!(src_ip==216.94.106.12) & !(proxy_authorize("hostthe3rd.rivernet.net", "subscriber"))) { # ACK and CANCEL have no security mechanisms so they are just # noted if (method=="ACK" | method=="BYE") { log(1, "LOG: failed outbound authentication for ACK granted\n"); } else if (method=="CANCEL") { log(1, "LOG: failed outbound authentication for CANCEL granted\n"); } else { setflag(1); proxy_challenge("hostthe3rd.rivernet.net", "0"); break; }; setflag(1); }; # to maintain credibility of our proxy, we check From in INVITEs if (!src_ip==216.94.106.12 & method=="INVITE" & !check_from()) { log(1, "LOG: Spoofed from attempt\n"); sl_send_reply("403", "Use From=id next time"); break; }; append_hf("P-hint: OUTBOUND ON INTERNET\r\n"); setflag(1); if (!t_relay()) { sl_reply_error(); break; }; } # ------------- process traffic leaving Internet for PSTN # # At this time, I have no external gateway to PSTN # route[3] { # all calls through the gateway must be record routed to assure # acl acceptance on the gateway record_route(); # send out emergency calls to pstn gateway immediately # if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") ) { # rewritehostport("10.1.2.5:5060"); # forward(uri:host, uri:port); # break; # }; # five digit numeric addresses are internal freebies sent to the pbx # without authentication # if (uri=~"^sip:[0-9]{5}@(10.1.2.3|(proxy\,)?\.bigu\.edu)") { # rewritehostport("10.1.2.5:5060"); # forward(uri:host, uri:port); # break; # }; # all numeric addresses beginning with 9 go to the pbx on the way # to the PSTN # first the caller needs to be authenticated if (uri=~"^sip:9[0-9]*@(216.94.106.12|(hostthe3rd\.)?rivernet\.net)") { if (!(src_ip==216.94.106.12 | method==ACK | method=="CANCEL" | method=="BYE")) { if (!proxy_authorize("hostthe3rd.rivernet.net", "subscriber")) { proxy_challenge( "hostthe3rd.rivernet.net","0"); break; } else if (method=="INVITE" & !check_from()) { log(1, "LOG: Spoofed from attempt\n"); sl_send_reply("403", "Use From=id next time"); break; }; }; # if (method=="INVITE") { # if the r-uri begins 91, does the authenticated user have # permission for long distance # if (uri=~"sip:91[0-9]*@.*") { # if (!is_user_in("credentials", "ld")) { # sl_send_reply("403", "Local calls only"); # break; # }; # }; # }; # authenticated and authorized, now accounting is set setflag(1); }; # rewritehostport("10.1.2.5:5060"); # append_hf("P-hint: GATEWAY\r\n"); # if (!t_relay()) { # sl_reply_error(); # break; # }; } # ------------- process calls for users offline route[4] { if (!t_newtran()) { sl_reply_error(); }; if (!t_reply("404", "Not Found")) { sl_reply_error(); }; break; } # ------------- process aliased outbound traffic # inbound requests that have been aliased to a non-BigU domain # are not authenticated by BigU route[5] { append_hf("P-hint: ALIASED-OUTBOUND\r\n"); if (!t_relay()) { sl_reply_error(); break; }; } # ------------- CC-Diversion to voicemail # # I have SEMS installed on the machine, just don't have the intigration code in the cfg yet # failure_route[4] { # append_branch("sip:80000@216.94.106.12"); append_urihf("CC-Diversion: ", "\r\n"); # append_hf("P-hint: OFFLINE-VOICEMAIL\r\n"); # t_relay(); }

19 years, 9 months

[Serusers] re: nathelper in 0.8.14

by Yair Hakak

hello, can anyone confirm that the "ping_nated_only" modparam was added to nathelper in 0.8.14? I am running 0.8.12 and ser doesn't start when i add the following line: modparam("nathelper", "ping_nated_only", 1) in the error log is: Feb 11 13:12:48 SMD50225 ser: set_mod_param_regex: parameter <ping_nated_only> not found in module <nathelper> also i get a whole bunch of unkown command errors, but one thing at a time. thanks, yair

19 years, 9 months

Re: [Serusers] SER and Radius, call control question.

by Tom Gaudasinski

What do you mean by the state of the call? Where in a sip header is that indicated? Daniel-Constantin Mierla wrote: > SER does not keep the state of the call, so it cannot cut the call. > You need a back-to-back user agent to do that. The previous mail was > about controlling the call before ringing the callee, based on > caller's profile. > > Vovida has an implementation of b2bua, but I never tried and I do not > know whether one can control it via Radius or not. To do it only with > ser you need to develop a new module to keep the state of the call. > > Daniel > > On 02/10/05 21:57, Tom Gaudasinski wrote: > >> Ok, so you're saying that the only way to do this is through the auth >> module? Any chance there can be something along the lines of a >> prepaid system done with SER? a constant query to radius and when >> call credits are exhausted, radius tells SER to cut the call? >> >> Daniel-Constantin Mierla wrote: >> >>> you can group the users so you know who is allowed to call or not a >>> certain destination. For RADIUS you have to use group_radius to >>> check user group membership. An example of how to allow/deny local, >>> long distance, international calls you can find in the examples >>> directory -- online on cvs at: >>> >>> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/examples/pstn.cfg?… >>> >>> >>> It uses the group module with database backend -- you would need to >>> replace module "group" with "group_radius". >>> >>> acc_*() methods are only for accounting purposes. >>> >>> Daniel >>> >>> On 02/10/05 20:30, Tom Gaudasinski wrote: >>> >>>> Greetings, >>>> I'd like to know a few things. First, can SER control whether a >>>> call is connected or not through radius? For example, SER contacts >>>> radius and radius returns whether the user is allowed to make the >>>> call or not, then SER dials out or not depending on the answer. So >>>> this could be per destination and per user, some users not being >>>> able to call to certain destinations. Is this possible? If so, >>>> could someone provide a small example. Also I'd like to know what >>>> acc_rad_request() returns, is it a bool? What is it's purpose, does >>>> it help with the formentioned problem, or is this acc_rad only to >>>> do with CDR style data dumping? >>>> >>>> Thank you. >>>> >>>> _______________________________________________ >>>> Serusers mailing list >>>> serusers(a)lists.iptel.org >>>> http://lists.iptel.org/mailman/listinfo/serusers >>>> >>> >> >

19 years, 9 months

← Newer
1
...
30
31
32
33
34
35
36
...
47
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users February 2005