Ravi:
It would be helpful to send the list the output from the
ngrep command so we can see exactly what is happening
when the registration fails. Sending this to the list will get
your question answered quicker especially since I am headed
out of town for a week.
Thanks,Steve
ravi kuru wrote:
> Hi Steve,
>
> I am Ravi and I did configure SER with Mysql.
> I created user in subscriber table then I did try to register with
> that user using xlite, but registration is failling.
>
> Can you please help me find solution for this.
>
> this is my ser.cfg file
>
>
> debug=4 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=yes # (cmd line: -E)
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> port=5060
> #children=4
> fifo="/tmp/ser_fifo"
>
> # ------------------ module loading ----------------------------------
>
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> modparam("usrloc", "db_url","sql://ser:heslo@localhost/ser")
> modparam("auth_db", "db_url","sql://ser:heslo@localhost/ser")
> modparam("auth_db", "user_column", "username")
> modparam("auth_db", "password_column", "password")
>
> modparam("usrloc", "db_mode", 2)
>
> modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_db", "password_column", "password")
>
> modparam("rr", "enable_full_lr", 1)
>
>
> route{
>
> log (1, "in the routing\n");
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if ( msg:len > max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> log (1, "Trying to record_route\n");
> record_route();
> # loose-route processing
> if (loose_route()) {
> t_relay();
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addressres in it)
> log (1, "Trying to myself************************\n");
> if (uri == myself) {
>
> if (method=="REGISTER") {
> log (1, "Trying to
> register******************************\n");
> # Uncomment this if you want to use digest authentication
> if (!www_authorize("", "subscriber")) {
> log (1, "Trying to
> challenge***************\n");
> www_challenge("", "0");
> break;
> };
> log (1, "Trying to location\n");
>
> save("location");
> break;
> };
>
> # native SIP destinations are handled using our USRLOC DB
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> break;
> };
> };
> # forward to current uri now; use stateful forwarding; that
> # works reliably even if we forward from TCP to UDP
> if (!t_relay()) {
> sl_reply_error();
> };
>
> }
>
>
> Thanks for your help
> Ravi
--
ISC Network Engineering
The University of Pennsylvania
3401 Walnut Street, Suite 221A
Philadelphia, PA 19104
voice: 215-573-8396
215-746-8001
fax: 215-898-9348
sip:blairs@upenn.edu
Hi
I read a post sometime back about it being possible to use lcr with
0.9.0, but cant seem to locate it (so much for google :-)), if neone has
it working give me a shout, works a treat with 0.10-dev, never tried it
with 0.9
Iqbal
Had SER running on Fedora Core 3. Moved unit to a different LAN.
"SIP_DOMAIN" EXPORT environmental variable refuses to change although
changed in /etc/profile, ser.cfg, /etc/bashrc, MySQL table, etc. Searched
every file on the drive using grep to locate the IP address with no luck.
Every time I reboot, the SIP_DOMAIN variable reflects old IP address. I
pulled most of my hair out and enough curse words to make a sailor blush.
Can anyone help me out???
Jim Campbell
Hello,
I have a problem with SER. The server starts successfully:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mar 3 12:14:11 localhost ser: WARNING: could not rev. resolve 159.199.75.160
Mar 3 12:14:11 localhost ser: Listening on
Mar 3 12:14:11 localhost ser: 127.0.0.1 [127.0.0.1]:5060
Mar 3 12:14:11 localhost ser: 159.199.75.160
[159.199.75.160]:5060
Mar 3 12:14:11 localhost ser: Aliases: localhost:5060
localhost.localdomain:5060
Mar 3 12:14:11 localhost ser: Listening on
Mar 3 12:14:11 localhost ser: 127.0.0.1 [127.0.0.1]:5060
Mar 3 12:14:11 localhost ser: 159.199.75.160
[159.199.75.160]:5060
Mar 3 12:14:11 localhost ser: Aliases: localhost:5060
localhost.localdomain:5060
Mar 3 12:14:11 localhost ser: Listening on
Mar 3 12:14:11 localhost ser: 127.0.0.1 [127.0.0.1]:5060
Mar 3 12:14:11 localhost ser: 159.199.75.160
[159.199.75.160]:5060
Mar 3 12:14:11 localhost ser: Aliases: localhost:5060
localhost.localdomain:5060
Mar 3 12:14:11 localhost ser: Iniciación de ser succeeded
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
But when I send him a REGISTER message, the server do nothing.
My SIP_DOMAIN=localhost, and the REGISTER message arrives to the PC where the
server is running.
I have not changed the ser.cfg which becomes with the installation.
Can anybody help me?
hi all,
I set up ser + serweb + asterisk with 2 ip300 Polycom.
ip300 Polycom supporting SUBSCRIBE/NOTIFY/MESSAGE
methods.
When i set one phone offline (phone is powered and
registered in location table) i can't store IM in
msilo
table.IM is sent to phone
if i switch off phone IM is stored in msilo table but
when I switch on the phone IM is not dumped to phone.
Can I use presence instead of location in order to
store IM ?
Harry
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
Hi,
I have tested ser with a T1 trunk GW not behind NAT, but using fixed IP. I then disable the use of rtpproxy and nathelper. However, when I use PSTN call to a SIP UA, only ringtones could be heard but no voice passing through it.
Does it mean that rtpproxy + nathelper must be used even in the case when UA and PSTN GW are not behind NAT/Firewall?
Thomas
Conditions as follows :
* SER runs on a Public IP
* SER works without auth & database modules,
* Nearly all user behind NAT (but routers configured to do port forwarding for TCP/UDP 5060) to help SER in some cases,
* Users numbers in format of 833XXXXXXX 834XXXXXXX and they should call each P2P-SIP-Calls (if not behind NAT),
* If a user need to call PSTN end point (SIP Gateway located at 212.154.32.154) the call traffic should flow over SER to SIP Gateway via T1 connection already located between that systems so SER handles all voice traffic by help of RTP Proxy.
* UA's registers on SER (Zyxel Prestige 2000, Zyxel Prestige 200W, Cisco ATA186 etc.)
Problem is users cannot call each other (if i comment lines for nathelper they can call)
It's clear i think, and below is my ser.cfg, what do i need extra or erase.
<-<-<-<-< MY SER.CFG STARTS HERE >->->->->
#
# $Id nathelper.cfg,v 1.1.2.1 20050301 by Ozan Blotter Exp $
#
# simple quick-start config script including nathelper support
# This default script includes nathelper support. To make it work
# you will also have to install Maxim's RTP proxy. The proxy is enforced
# if one of the parties is behind a NAT.
#
# If you have an endpoing in the public internet which is known to
# support symmetric RTP (Cisco PSTN gateway or voicemail, for example),
# then you don't have to force RTP proxy. If you don't want to enforce
# RTP proxy for some destinations than simply use t_relay() instead of
# route(1)
#
# Sections marked with !! Nathelper contain modifications for nathelper
#
# NOTE !! This config is EXPERIMENTAL !
#
# ----------- global configuration parameters ------------------------
# debug=3 # debug level (cmd line -dddddddddd)
# fork=yes
# log_stderror=no # (cmd line -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line -v)
dns=no # (cmd. line -r)
rev_dns=no # (cmd. line -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# !! Nathelper
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# !! Nathelper
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 10) # Ping interval 10 seconds
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len > max_len ) {
sl_send_reply("513", "Message Too Big");
break;
};
# if ((method=="NOTIFY")&& search("^Event: Keep-Alive")) {
# ls_send_reply("200","OK");
# break;
# };
# !! Nathelper
# Special handling for NATed clients; first, NAT test is
# executed it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding is used); also,
# the received test should, if completed, should check all
# vias for rpesence of received
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method=="REGISTER" || ! search("^Record-Route:")) {
# log("LOG: Someone trying to register from private IP, rewriting\$
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart enough to be symmetric. In some phones it takes a configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it $
# called symmetric media and symmetric signalling.
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
if (!(uri=~"sip:(833)|(834)")) {
t_relay_to_udp("212.154.32.154","5060");
save("location");
break;
};
# lookup(aliases);
# if (!uri==myself) {
# append_hf("P-hint: outbound alias\r\n");
# route(1);
# break;
# };
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
# !! Nathelper
if (uri=~"[@:](192\.168\.|10\.172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !searc$
sl_send_reply("479", "We don't forward to private IP addresses");
break;
};
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies; apply to all transactions (for example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
if (!search("^Content-Length:\0")){
force_rtp_proxy();
};
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
if (!search("^Content-Length:\0")){
force_rtp_proxy();
};
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}
<-<-<-<-< MY SER.CFG ENDS HERE >->->->->
hi list..
i am winda
i make SER and it work well in local network. when i establish SER server in public network. it cannot run. i have read the milist and the solution are nethelper and mediaproxy/rtp proxy. i want ask how to start to make nathelper+rtp proxy? please explain me step by step?...
oh ya.. i also read about rtp proxy, maxim's rtp proxy and media proxy. can you explain me what is the different?
Thanks for help....:-)
serusers-request(a)lists.iptel.org wrote:
Send Serusers mailing list submissions to
serusers(a)lists.iptel.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.iptel.org/mailman/listinfo/serusers
or, via email, send a message with subject or body 'help' to
serusers-request(a)lists.iptel.org
You can reach the person managing the list at
serusers-owner(a)lists.iptel.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Serusers digest..."
Today's Topics:
1. FREEBSD ser cvs adn 0.90 ERROR ( )
2. Re: http / https in Userloc db (Jan Janak)
3. Re: http / https in Userloc db (Martin Koenig)
4. Re: RTP Wiretapping (Java Rockx)
5. Re: http / https in Userloc db (Jan Janak)
6. Re: http / https in Userloc db (Marian Dumitru)
7. compiling LCR into 0.10-dev (Iqbal)
8. Re: http / https in Userloc db (Jan Janak)
9. serweb question (johnny Laura)
10. Problem with SER and RADIUS on the different machine (Alex Jeon)
11. Re: serweb question (Alistair Cunningham)
12. Re: RTP Wiretapping (Steve Blair)
13. Got Error in Nathelper "extract_mediaip: no `c=' in SDP"
(Markus Monka)
14. Re: username of from with avp_check (Marian Dumitru)
15. RE: Outbound proxy definition (Vitaly Nikolaev)
16. problem (soft phoe is onfigured with SIP Express Router)
(anil pal)
17. Re: rtpproxy must be located on the same machine with SIP
server?? (Mohammad Khan)
18. Claims of ser-0.9 RFC3261 Violation (Java Rockx)
19. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev)
20. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx)
21. Mediaproxy error (Terry Mac Millan)
22. Re: Claims of ser-0.9 RFC3261 Violation (Klaus Darilion)
23. RE: Claims of ser-0.9 RFC3261 Violation (Linda Xiao)
24. SER+SERWEB+MSILO (harry gaillac)
25. log question (Mohammad Khan)
26. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev)
27. RE: log question (Vitaly Nikolaev)
28. Re: Mediaproxy error (Terry Mac Millan)
29. RE: Claims of ser-0.9 RFC3261 Violation (Jain, Rajnish)
30. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx)
31. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx)
32. compiling LCR into 0.10-dev (Juha Heinanen)
33. Re: compiling LCR into 0.10-dev (Iqbal)
34. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx)
35. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev)
36. :-(( (Mohammad Khan)
----------------------------------------------------------------------
Message: 1
Date: Wed, 02 Mar 2005 14:03:08 +0800
From: " "
Subject: [Serusers] FREEBSD ser cvs adn 0.90 ERROR
To: serusers(a)lists.iptel.org
Message-ID: <20050302060308.CCE8F13D(a)mail.fivewall.com>
Content-Type: text/plain; charset=
Hi! all
FreeBSD 5.3,latest cvs and 0.90 have problem when /usr/local/sbin/serctl get
ser# ps -ax
PID TT STAT TIME COMMAND
0 ?? DLs 0:00.01 [swapper]
1 ?? SLs 0:00.07 /sbin/init --
2 ?? DL 0:00.03 [g_event]
3 ?? DL 0:00.12 [g_up]
4 ?? DL 0:00.30 [g_down]
5 ?? DL 0:00.00 [thread taskq]
6 ?? DL 0:00.00 [kqueue taskq]
7 ?? IL 0:00.00 [acpi_task0]
8 ?? IL 0:00.00 [acpi_task1]
9 ?? IL 0:00.00 [acpi_task2]
10 ?? DL 0:00.00 [ktrace]
11 ?? RL 6:47.97 [idle]
12 ?? WL 0:00.00 [irq1: atkbd0]
13 ?? WL 0:00.00 [irq3: sio1]
14 ?? WL 0:00.00 [irq4: sio0]
15 ?? WL 0:00.00 [irq5:]
16 ?? WL 0:00.00 [irq6: fdc0]
17 ?? WL 0:00.00 [irq7: ppc0]
18 ?? WL 0:00.00 [irq8: rtc]
19 ?? WL 0:00.00 [irq9: acpi0]
20 ?? WL 0:00.00 [irq10:]
21 ?? WL 0:00.00 [irq11:]
22 ?? WL 0:00.00 [irq12: psm0]
23 ?? WL 0:00.00 [irq13:]
24 ?? WL 0:00.06 [irq14: ata0]
25 ?? WL 0:00.00 [irq15: ata1]
26 ?? WL 0:00.00 [irq16:]
27 ?? WL 0:00.00 [irq17: bt0]
28 ?? WL 0:00.04 [irq18: lnc0]
29 ?? WL 0:00.00 [irq19: uhci0]
30 ?? WL 0:00.00 [irq20:]
31 ?? WL 0:00.00 [irq21:]
32 ?? WL 0:00.00 [irq22:]
33 ?? WL 0:00.00 [irq23:]
34 ?? WL 0:00.00 [irq0: clk]
35 ?? WL 0:00.63 [swi5: clock sio]
36 ?? WL 0:00.00 [swi4: vm]
37 ?? WL 0:00.03 [swi1: net]
38 ?? DL 0:00.04 [yarrow]
39 ?? WL 0:00.00 [swi6:+]
40 ?? WL 0:00.00 [swi2: camnet]
41 ?? WL 0:00.00 [swi3: cambio]
42 ?? WL 0:00.00 [swi6: acpitaskq]
43 ?? WL 0:00.00 [swi6: task queue]
44 ?? WL 0:00.06 [swi6:+]
45 ?? DL 0:00.00 [usb0]
46 ?? DL 0:00.00 [usbtask]
47 ?? WL 0:00.00 [swi0: sio]
48 ?? DL 0:00.00 [fdc0]
49 ?? DL 0:00.00 [pagedaemon]
50 ?? DL 0:00.00 [vmdaemon]
51 ?? DL 0:00.59 [pagezero]
52 ?? DL 0:00.00 [bufdaemon]
53 ?? DL 0:00.03 [syncer]
54 ?? DL 0:00.00 [vnlru]
55 ?? DL 0:00.01 [hpt_wt]
56 ?? IL 0:00.00 [nfsiod 0]
57 ?? IL 0:00.00 [nfsiod 1]
58 ?? IL 0:00.00 [nfsiod 2]
59 ?? IL 0:00.00 [nfsiod 3]
60 ?? DL 0:00.07 [schedcpu]
179 ?? Is 0:00.00 adjkerntz -i
245 ?? Ss 0:00.03 /sbin/dhclient lnc0
272 ?? Is 0:00.00 /sbin/devd
292 ?? Ss 0:00.04 /usr/sbin/syslogd -s
367 ?? Ss 0:00.01 /usr/sbin/usbd
403 ?? Ss 0:00.03 /usr/sbin/sshd
409 ?? Ss 0:00.04 sendmail: accepting connections (sendmail)
413 ?? Is 0:00.01 sendmail: Queue runner@00:30:00 for /var/spool/client
425 ?? Ss 0:00.02 /usr/sbin/cron -s
439 ?? Ss 0:00.18 /usr/local/sbin/httpd
471 ?? I 0:00.07 /usr/local/sbin/ser -P /var/run/ser.pid
472 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
473 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
474 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
475 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
476 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
477 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
478 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
479 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
480 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
481 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
482 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
483 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
484 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
485 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
486 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
487 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
488 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
489 ?? S 0:00.08 /usr/local/sbin/ser -P /var/run/ser.pid
490 ?? S 0:00.04 /usr/local/sbin/ser -P /var/run/ser.pid
491 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
492 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
493 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
494 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
495 ?? S 0:00.04 /usr/local/sbin/ser -P /var/run/ser.pid
496 ?? S 0:00.02 /usr/local/sbin/ser -P /var/run/ser.pid
497 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
498 ?? S 0:00.02 /usr/local/sbin/ser -P /var/run/ser.pid
499 ?? I 0:00.00 /usr/local/sbin/httpd
500 ?? I 0:00.00 /usr/local/sbin/httpd
501 ?? I 0:00.00 /usr/local/sbin/httpd
502 ?? I 0:00.00 /usr/local/sbin/httpd
503 ?? I 0:00.00 /usr/local/sbin/httpd
524 ?? Is 0:00.01 /usr/sbin/inetd -wW -C 60
583 ?? Ss 0:00.08 sshd: lynx [priv] (sshd)
586 ?? S 0:00.09 sshd: lynx@ttyp0 (sshd)
587 p0 Ss 0:00.04 -sh (sh)
588 p0 S 0:00.05 su
589 p0 S 0:00.08 _su (csh)
595 p0 R+ 0:00.03 ps -ax
536 v0 Is+ 0:00.01 /usr/libexec/getty Pc ttyv0
537 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1
538 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2
539 v3 Is+ 0:00.01 /usr/libexec/getty Pc ttyv3
540 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4
541 v5 Is+ 0:00.01 /usr/libexec/getty Pc ttyv5
542 v6 Is+ 0:00.01 /usr/libexec/getty Pc ttyv6
543 v7 Is+ 0:00.01 /usr/libexec/getty Pc ttyv7
443 con- I 0:00.04 /bin/sh /usr/local/bin/mysqld_safe --user=mysql --dat
468 con- S 0:01.00 /usr/local/libexec/mysqld --basedir=/usr/local --data
ser# serctl moni
[: unexpected operator
[: -ne: unexpected operator
ser#
----
ZhongShan Ether Network Security Inc
---------------------------------------------------------
------------------------------
Message: 2
Date: Wed, 2 Mar 2005 12:39:16 +0100
From: Jan Janak
Subject: Re: [Serusers] http / https in Userloc db
To: Marian Dumitru
Cc: serusers(a)lists.iptel.org, Martin Koenig
Message-ID: <20050302113916.GF3487(a)localhost.localdomain>
Content-Type: text/plain; charset=iso-8859-2
On 02-03 10:32, Marian Dumitru wrote:
> Hi Martin,
>
> As far as I know it could be one of the new SNOM specific feature - it
> advertise the http location of the web configuration page. But if recall
> correctly, the header name should by WWW-Contact, not Contact.
>
> Anyhow, it will be a good idea for register to check the contact
> validity before inserting into usrloc.
That's one interesting question. What is a valid contact ? A regular
proxy would not be able to contact URI with http scheme, that's clear.
But that does not mean yet that the contact is not valid, because
RFC3261 allows any sort of URI to appear there.
On the other hand, a redirect server would just take this URI, put it
into a 3xx response and send it back the the calling UA. If the calling
UA is unable to reach the called party, it might display the contents
of the HTTP URL or do some other magic.
For that reason I think that there should be no limitation of what
gets into the user location database.
Jan.
------------------------------
Message: 3
Date: Wed, 02 Mar 2005 13:08:39 +0100
From: Martin Koenig
Subject: Re: [Serusers] http / https in Userloc db
To: Jan Janak
Cc: serusers(a)lists.iptel.org
Message-ID: <4225ACC7.8060500(a)toplink-plannet.de>
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Jan,
if any uri (according to RFC) is allowed in URI, then ser should not
issue an error message on lookup("location"):
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0
parsed: (4) / (23)
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri:
http://192.168.0.206:80
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0
parsed: (4) / (25)
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri:
https://192.168.0.206:443
Especially not a "bad_uri" error message, because it is not a bad uri
indeed. Some debug-warning about ignoring this or that contact because
it was not SIP/SIPS will do. What do you think?
Either way, I think there is need for some cleanup.
Regards,
Martin
Jan Janak schrieb:
>On 02-03 10:32, Marian Dumitru wrote:
>
>
>>Hi Martin,
>>
>>As far as I know it could be one of the new SNOM specific feature - it
>>advertise the http location of the web configuration page. But if recall
>>correctly, the header name should by WWW-Contact, not Contact.
>>
>>Anyhow, it will be a good idea for register to check the contact
>>validity before inserting into usrloc.
>>
>>
>
> That's one interesting question. What is a valid contact ? A regular
> proxy would not be able to contact URI with http scheme, that's clear.
> But that does not mean yet that the contact is not valid, because
> RFC3261 allows any sort of URI to appear there.
>
> On the other hand, a redirect server would just take this URI, put it
> into a 3xx response and send it back the the calling UA. If the calling
> UA is unable to reach the called party, it might display the contents
> of the HTTP URL or do some other magic.
>
> For that reason I think that there should be no limitation of what
> gets into the user location database.
>
> Jan.
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>
------------------------------
Message: 4
Date: Wed, 2 Mar 2005 07:16:59 -0500
From: Java Rockx
Subject: Re: [Serusers] RTP Wiretapping
To: ser(a)cannes.f9.co.uk
Cc: serusers(a)lists.iptel.org
Message-ID: <359a65820503020416142a33c(a)mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII
I was thinking about having a group called "spy" in the grp table and
anyone with this ACL would be sent to a modified mediaproxy that would
capture the RTP.
User that don't have the "spy" ACL would be handled normally and if
NAT traversal is needed then use an unmodified media proxy.
Regards,
Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris wrote:
> Why not use a from/to etc detection in .cfg (using database...)
> to trigger a remote proxy through the requesting agency
> They then have the capture issue
> and you have no monitor or delivery issues?
> Might require conditions of their placement of a proxy?
> (but is their problem)
> Regards
> Chris
>
> -----Original Message-----
> From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On
> Behalf Of Java Rockx
> Sent: 26 February 2005 14:29
> To: serusers(a)lists.iptel.org
> Subject: [Serusers] RTP Wiretapping
>
> Hi All.
>
> I'm located in the US and would like to comply with the Communications
> Assistance for Law Enforcement Act (CALEA) that Congress passed which
> basically says that VoIP providers should have the ability to wiretap
> conversations for the FBI upon request.
>
> I use mediaproxy for NAT traversal. So my question is how can I be
> CALEA compliant? I assume I should be able to modify mediaproxy to
> write RTP streams to disk, but I'm unclear on how to "mix" both sides
> of the conversation.
>
> Can anyone help with a suggestion?
>
> Regards,
> Paul
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
>
>
------------------------------
Message: 5
Date: Wed, 2 Mar 2005 13:42:03 +0100
From: Jan Janak
Subject: Re: [Serusers] http / https in Userloc db
To: Martin Koenig
Cc: serusers(a)lists.iptel.org
Message-ID: <20050302124203.GG3487(a)localhost.localdomain>
Content-Type: text/plain; charset=iso-8859-2
The error message is not issued by lookup("location"), it is issued by
t_relay() when you try to forward the message to the HTTP URI.
It should be easy to write a function that would be called before
t_relay (or after lookup) and that would filter out URI schemes
unsupported by SER.
For the Request-URI you can do that from the script:
if (uri =~ "^http") {
do something
};
But that would not check additional branches used for parallel forking.
Jan.
On 02-03 13:08, Martin Koenig wrote:
> Jan,
>
> if any uri (according to RFC) is allowed in URI, then ser should not
> issue an error message on lookup("location"):
>
> Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0
> parsed: (4) / (23)
> Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri:
> http://192.168.0.206:80
> Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0
> parsed: (4) / (25)
> Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri:
> https://192.168.0.206:443
>
> Especially not a "bad_uri" error message, because it is not a bad uri
> indeed. Some debug-warning about ignoring this or that contact because
> it was not SIP/SIPS will do. What do you think?
>
> Either way, I think there is need for some cleanup.
>
> Regards,
> Martin
>
> Jan Janak schrieb:
>
> >On 02-03 10:32, Marian Dumitru wrote:
> >
> >
> >>Hi Martin,
> >>
> >>As far as I know it could be one of the new SNOM specific feature - it
> >>advertise the http location of the web configuration page. But if recall
> >>correctly, the header name should by WWW-Contact, not Contact.
> >>
> >>Anyhow, it will be a good idea for register to check the contact
> >>validity before inserting into usrloc.
> >>
> >>
> >
> > That's one interesting question. What is a valid contact ? A regular
> > proxy would not be able to contact URI with http scheme, that's clear.
> > But that does not mean yet that the contact is not valid, because
> > RFC3261 allows any sort of URI to appear there.
> >
> > On the other hand, a redirect server would just take this URI, put it
> > into a 3xx response and send it back the the calling UA. If the calling
> > UA is unable to reach the called party, it might display the contents
> > of the HTTP URL or do some other magic.
> >
> > For that reason I think that there should be no limitation of what
> > gets into the user location database.
> >
> > Jan.
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers(a)lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
>
------------------------------
Message: 6
Date: Wed, 02 Mar 2005 14:04:12 +0100
From: Marian Dumitru
Subject: Re: [Serusers] http / https in Userloc db
To: Jan Janak
Cc: serusers(a)lists.iptel.org, Martin Koenig
Message-ID: <4225B9CC.304(a)voice-sistem.ro>
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Hi Jan,
So some URI checking is required and indeed, if you want to allow
clients to perform that magic you mentioned, the checking should be done
after extracting the URIs from usrloc.
But should be very clear if a contact URI can or cannot be involved in
SIP signaling - used for forwarding. One note here - it's interesting
what will be the impact on nathelper when it will start doing NAT ping
to non-SIP URIs :-).
Anyhow, the best place to do the checking is before t_relay(). If you do
th filtering immediately after lookup(), you will loose the Redirect
Server functionality.
Best regards,
Marian
Jan Janak wrote:
> The error message is not issued by lookup("location"), it is issued by
> t_relay() when you try to forward the message to the HTTP URI.
>
> It should be easy to write a function that would be called before
> t_relay (or after lookup) and that would filter out URI schemes
> unsupported by SER.
>
> For the Request-URI you can do that from the script:
>
> if (uri =~ "^http") {
> do something
> };
>
> But that would not check additional branches used for parallel forking.
>
> Jan.
>
> On 02-03 13:08, Martin Koenig wrote:
>
>>Jan,
>>
>>if any uri (according to RFC) is allowed in URI, then ser should not
>>issue an error message on lookup("location"):
>>
>>Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0
>>parsed: (4) / (23)
>>Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri:
>>http://192.168.0.206:80
>>Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0
>>parsed: (4) / (25)
>>Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri:
>>https://192.168.0.206:443
>>
>>Especially not a "bad_uri" error message, because it is not a bad uri
>>indeed. Some debug-warning about ignoring this or that contact because
>>it was not SIP/SIPS will do. What do you think?
>>
>>Either way, I think there is need for some cleanup.
>>
>>Regards,
>>Martin
>>
>>Jan Janak schrieb:
>>
>>
>>>On 02-03 10:32, Marian Dumitru wrote:
>>>
>>>
>>>
>>>>Hi Martin,
>>>>
>>>>As far as I know it could be one of the new SNOM specific feature - it
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
I'm presently working on a SIP setup whereby there are 3 Cisco
routers which each have analog phones connected to them via FXS ports.
All 3 of these routers are connected via an underlying network. I
have a machine hanging off from one of these routers running ser. For
ease of labelling, I'll call these routers: router1, router2, and
router3 (SIP server directly connected to this router via ethernet).
I'm attempting to setup call forking using the UsrLoc database (this
will eventually be SQL, but for the sake of the short-term I'm just
storing UsrLoc in memory). The desired call forking setup looks
something like this:
router1 --> router2
--> router 3
router 2 --> router 1
--> router 3
router 3 --> router 1
--> router 2
I am able to complete calls between router1 and router3 (and
vice-versa) and carry on a conversation, but when calling between
router1 and router2 the call completes, but neither party can hear the
other. Ironically, router1 and router2 are sitting right next to each
other (though, connected via another router). However, The SIP proxy
is directly connected to router3. Doing a 'debug voip rtp' I see RTP
messages travel bidirectionally in a constant stream with correct IP
addresses and ports until the call ends, but at no point during the
conversation can either party hear the other. This would lead me to
believe that something other than SIP was at play, but when I bypass
the proxy (point the two routers directly at each other via the
dial-peer) call completion works and both parties can hear each other
(I set these up as SIP, not the default H.323). Below is my ser.cfg
file and the output of 'serctl ul show' for the static UsrLoc entries
that I've created. The routers are setup with simple dial-peers and a
sip-ua.
I've verified that there isn't any type of ACL or firewall to obstruct
the conversation. Every router is able to reach each other router as
well as the proxy server. I'm using private address space at present,
but NAT isn't being done at any point. I've pondered trying rtp_proxy
and forcing the bearer (RTP) traffic through the proxy, but that isn't
a particularly good solution for my environment.
Any help would be greatly appreciated. I'm hoping that it's just a
case of broken logic in my ser.cfg. Please CC: this address in your
reply as I'm not currently on the mailing list.
Most of the configuration is derived from the sample configurations
that I ran into.
---ser.cfg start---
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
#debug=7
#fork=no
#log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
listen=192.168.1.2
port=5060
mhomed=1
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
alias="ser"
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (method=="INVITE") record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
# if (!www_authorize("iptel.org", "subscriber")) {
# www_challenge("iptel.org", "0");
# break;
# };
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
---end ser.cfg---
---start static UsrLoc entries---
ser# ../../sbin/serctl ul show 222
200 OK
<sip:222@<router2 IP>:5060>;q=1.00;expires=1003718231
<sip:222@<router3 IP>:5060>;q=1.00;expires=1003718231
ser# ../../sbin/serctl ul show 111
200 OK
<sip:111@<router1 IP>:5060>;q=1.00;expires=1003718231
<sip:111@<router3 IP>:5060>;q=1.00;expires=1003718231
ser# ../../sbin/serctl ul show 333
200 OK
<sip:111@<router1 IP>:5060>;q=1.00;expires=1003718231
<sip:222@<router2 IP>:5060>;q=1.00;expires=1003718231
---end static UsrLoc entries---
Thank you.
