sr-users March 2006

sr-users@lists.kamailio.org

223 participants
506 discussions

RE: [Users] Error while parsing headers
by Douglas Garstang 31 Mar '06

31 Mar '06

Bogdan, Well it must be related to Polycom phones in general then, because we have 35 or so deployed here and a _lot_ of them are doing it. I doubt it's a 'bad' phone... it must be something in the Polycom firmware. Douglas. > -----Original Message----- > From: Bogdan-Andrei Iancu [mailto:bogdan@voice-system.ro] > Sent: Friday, March 31, 2006 1:37 AM > To: Douglas Garstang > Cc: OpenSER > Subject: Re: [Users] Error while parsing headers > > > the error is generated if the header parsing failed (when > searching for > auth headers). You should got before more errors related to parsing. > > probably some UA sends bogus messages. > > regards, > bogdan > > Douglas Garstang wrote: > > >Can someone tell me what this means? OpenSER is sending it > to syslog regularly. > > > >find_credentials(): Error while parsing headers > > > >It seems to be tied to a registration, but isn't happening > on all registrations, and even when it does happen, the > registration still goes ok. > > > >Thanks. > >Doug. > > > > > >_______________________________________________ > >Users mailing list > >Users(a)openser.org > >http://openser.org/cgi-bin/mailman/listinfo/users > > > > > > > >

1 0

[Serusers] ser_ctl XML-RPC
by David Terry 31 Mar '06

31 Mar '06

Hi serusers, When is the new XML-RPC ser_ctl in CVS going to be added to the stable release? Also, will the new interface display users from an in-memory user location table? (similar to old "serctl ul show"). Thanks.

2 1

[Serusers] please help.....
by "한승전" 31 Mar '06

31 Mar '06

please help..... If i restart MySQL(version 5.0.19), SER shows next error message. Mar 31 22:37:18 localhost /usr/local/sbin/ser[32701]: submit_query(): MySQL server has gone away Mar 31 22:37:18 localhost /usr/local/sbin/ser[32701]: submit_query(): Error while submitting query Mar 31 22:37:18 localhost /usr/local/sbin/ser[32701]: get_ha1(): Error while querying database Mar 31 22:37:22 localhost /usr/local/sbin/ser[32703]: Binding '1234(a)192.9.2.1','sip:1234@192.9.2.11:5060' has expired As appear in upside message, SER does not auto-reconnect to mysql. If MySQL restarted, SER must be able to do Auto-Reconnect. Is no there way that SER can do Auto-Reconnect to MySQL?

1 0

[Users] Persistent Data Storage
by voiceoverip 31 Mar '06

31 Mar '06

2 1

[Users] Radius Authentication failed ?
by Nguyen Duc Phi 31 Mar '06

31 Mar '06

I config openser authenticate from Radius. when softphone register to openser, Freeradius response "Sending Access-Accept" but openser inform "ERROR:auth_radius:radius_authorize_sterman: rc_auth failed" So softphone not registered. I search this title in google and find on "OpenSER Users Mailing List", I didnt find solution to fix problem. Could someone help me fix this problem ? Here is list of product's version I used. openser-1.0.1 OS : CentOS-4 x86_64 radiusclient-ng-0.5.2 freeradius-1.0.5 openser show debug : 8(8985) parse_headers: flags=ffffffffffffffff 8(8985) check_via_address(192.168.212.123, 192.168.212.123, 0) 8(8985) DEBUG:destroy_avp_list: destroying list (nil) 8(8985) receive_msg: cleaning up 7(8982) SIP Request: 7(8982) method: <REGISTER> 7(8982) uri: <sip:vdc.com.vn> 7(8982) version: <SIP/2.0> 7(8982) parse_headers: flags=2 7(8982) DEBUG: get_hdr_body : content_length=0 7(8982) get_hdr_field: cseq <CSeq>: <2> <REGISTER> 7(8982) DEBUG:parse_to:end of header reached, state=9 7(8982) DEBUG: get_hdr_field: <To> [23]; uri=[sip:5001@vdc.com.vn] 7(8982) DEBUG: to body [<sip:5001@vdc.com.vn> ] 7(8982) Found param type 235, <rport> = <n/a>; state=6 7(8982) Found param type 232, <branch> = <z9hG4bKc0a8d47b0131c9b1442b39c80000367c00000003>; state=16 7(8982) end of header reached, state=5 7(8982) parse_headers: Via found, flags=2 7(8982) parse_headers: this is the first via 7(8982) After parse_msg... 7(8982) preparing to run routing scripts... 7(8982) DEBUG:maxfwd:is_maxfwd_present: value = 70 7(8982) parse_headers: flags=200 7(8982) found end of header 7(8982) find_first_route: No Route headers found 7(8982) loose_route: There is no Route HF 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] == [127.0.0.1] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==13 && [vdc.com.vn] == [192.168.212.9] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] == [127.0.0.1] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==13 && [vdc.com.vn] == [192.168.212.9] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] == [127.0.0.1] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==13 && [vdc.com.vn] == [192.168.212.9] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] == [127.0.0.1] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==13 && [vdc.com.vn] == [192.168.212.9] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) check_nonce(): comparing [442b360523cece6362803c97fa7fb10b37680cd8] and [442b360523cece6362803c97fa7fb10b37680cd8] 7(8982) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed 7(8982) build_auth_hf(): 'WWW-Authenticate: Digest realm="vdc.com.vn", nonce="442b360523cece6362803c97fa7fb10b37680cd8" ' 7(8982) parse_headers: flags=ffffffffffffffff 7(8982) check_via_address(192.168.212.123, 192.168.212.123, 0) 7(8982) DEBUG:destroy_avp_list: destroying list (nil) 7(8982) receive_msg: cleaning up Radius show debug: rad_recv: Access-Request packet from host 192.168.212.9:32826, id=205, length=203 User-Name = "5001(a)vdc.com.vn" Digest-Attributes = 0x0a0635303031 Digest-Attributes = 0x010c7664632e636f6d2e766e Digest-Attributes = 0x022a34343262333630353233636563653633363238303363393766613766623130623337363830636438 Digest-Attributes = 0x04107369703a7664632e636f6d2e766e Digest-Attributes = 0x030a5245474953544552 Digest-Response = "1c3d532fc6c1c37004c6df6027e6242c" Service-Type = 0x0000000f00000000 Sip-Uri-User = "5001" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0xc0a8d40900000000 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' hints: Matched DEFAULT at 82 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "5001" Digest-Realm = "vdc.com.vn" Digest-Nonce = "442b360523cece6362803c97fa7fb10b37680cd8" Digest-URI = "sip:vdc.com.vn" Digest-Method = "REGISTER" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 0 rlm_realm: No '@' in User-Name = "5001", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: '5001' rlm_sql (sql): sql_set_user escaped user --> '5001' radius_xlat: 'SELECT 1 as id,'5001' as UserName,'User-Password' as Attribute,subscriber_password as Value,'==' as op FROM subscribers WHERE subscriber_username = '5001'AND subscriber_status=1' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: '' radius_xlat: 'SELECT 1 as id,'5001' as UserName,'Session-Timeout' as Attribute,getSessionTime('5001','')as Value,'=' as op FROM dual' radius_xlat: '' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 A1 = 5001:vdc.com.vn:test A2 = REGISTER:sip:vdc.com.vn H(A1) = 454e15015603bd4bd79faf0c5ddd3346 H(A2) = ac5bd79ed3d6bd2bddcb1cffafbbd09a KD = 454e15015603bd4bd79faf0c5ddd3346:442b360523cece6362803c97fa7fb10b37680cd8:ac5bd79ed3d6bd2bddcb1cffafbbd09a EXPECTED 1c3d532fc6c1c37004c6df6027e6242c RECEIVED 1c3d532fc6c1c37004c6df6027e6242c modcall[authenticate]: module "digest" returns ok for request 0 modcall: group authenticate returns ok for request 0 Login OK: [5001] (from client 192.168.212.9 port 3134307025) Sending Access-Accept of id 205 to 192.168.212.9:32826 Session-Timeout = 60 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 205 with timestamp 442b3adf Nothing to do. Sleeping until we see a request. Best regards, Nguyen

4 3

[Users] avpops syntax
by Klaus Darilion 31 Mar '06

31 Mar '06

Hi! IMO avpops syntax is a little bit confusing: avp_write(value,name): value --> name avp_pushto(destination,name): destination <-- name it would be more intuitive if source and destination are always in the same order. Further: is there still need for both functions? Maybe we could replace them with a single function due to the new AVPOPS syntax: avp_copy(source,destination) ??? regards klaus

2 1

[Users] CVS 31.03, TLS and dead tcp child
by mika.saari＠wipsl.com 31 Mar '06

31 Mar '06

Hi, I have tried to register to OpenSER CVS 31.03 with my SNOM 360 (5.3.6sw), disabled pretty all modules from OpenSER (radius, xlog, auth, ...) and always the server crashes. Is there something I have missed in configuration ? Thanks a lot for help, -Mika The error message and debug info seems like this: 11(24351) tcpconn_new: new tcp connection to: XXX.XX.XX.XXX 11(24351) tcpconn_new: on port 2171, type 3 11(24351) tls_tcpconn_init: Entered: Creating a whole new ssl connection 11(24351) tls_tcpconn_init: Looking up tls domain [XXX.XX.XX.XXX:5061] 11(24351) tls_tcpconn_init: Using default tls server settings 11(24351) tls_tcpconn_init: Setting in ACCEPT mode (server) 11(24351) tcpconn_add: hashes: 442, 1 11(24351) handle_new_connect: new connection: 0xb608f6a0 24 flags: 0002 11(24351) send2child: to tcp child 0 7(24347), 0xb608f6a0 7(24347) received n=4 con=0xb608f6a0, fd=19 7(24347) DBG: io_watch_add(0x810e580, 19, 2, 0xb608f6a0), fd_no=1 7(24347) tls_update_fd: New fd is 19 11(24351) DBG: handle_tcp_child: dead tcp child 0 (pid 24347, no 7) (shutting down?) 11(24351) DBG: io_watch_del (0x810e420, 17, -1, 0x0) fd_no=16 called 11(24351) ERROR: receive_fd: EOF on 15 11(24351) DBG: handle_ser_child: dead child 7, pid 24347 (shutting down?) 11(24351) DBG: io_watch_del (0x810e420, 15, -1, 0x0) fd_no=15 called 0(24339) child process 24347 exited by a signal 11 0(24339) core was generated 0(24339) INFO: terminating due to SIGCHLD 6(24346) INFO: signal 15 received 6(24346) Memory status (pkg):

2 3

RE: [Serusers] Ser as a presence server with other SIP proxy as registrar and rtp proxy
by İlker Aktuna (Koç.net) 31 Mar '06

31 Mar '06

Hi Vaclav, Thanks for the information. I changed my configuration for REGISTER messages and they were forwarded to my SIP proxy. But the clien't can't connect. I think that's because of authentication requirement on my SIP proxy. When I make the client connect directly to my SIP proxy I see the following SIP header on it: 12:09:22.967260: SIP: 193.243.202.97:5060 << 85.105.102.167:8359 payload: 792 bytes REGISTER sip:193.243.202.97 SIP/2.0 Via: SIP/2.0/UDP 192.168.2.6:8359;branch=z9hG4bK-d87543-c2540260b6061b1e-1--d87543-;rport Max-Forwards: 70 Contact: <sip:200000900568888888@192.168.2.6:8359;rinstance=c314db726308b27a> To: "900568888888"<sip:200000900568888888@193.243.202.97> From: "900568888888"<sip:200000900568888888@193.243.202.97>;tag=f72f1c2c Call-ID: 2748934b5d115c55@TkVUV09SS1lPTi5jb21wYW55MS50c3Q. CSeq: 2 REGISTER Expires: 3600 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO Supported: eventlist User-Agent: eyeBeam release 3014w stamp 26359 Authorization: Digest username="200000900568888888",realm="NcxSip",nonce="48058627",uri="sip:193.243.202.97",response="92be0838ca4f794d23d4bb3d34e12aa9",algorithm=MD5 Content-Length: 0 But if I make the client connect to SER and then forward the REGISTER message to my SIP proxy, I see the following SIP header arriving: 12:16:42.263635: SIP: 193.243.202.97:5060 << 193.243.207.107:10003 payload: 716 bytes REGISTER sip:193.243.202.97 SIP/2.0 Via: SIP/2.0/UDP 10.100.100.15;branch=z9hG4bKcee1.8c792d45.0 Via: SIP/2.0/UDP 192.168.2.6:8359;received=85.105.102.167;branch=z9hG4bK-d87543-aa1ee14dcf543535-1--d87543-;rport=10002 Max-Forwards: 16 Contact: <sip:200000900568888888@192.168.2.6:8359;rinstance=2c28e04a9c62f011> To: "900568888888"<sip:200000900568888888@193.243.202.97> From: "900568888888"<sip:200000900568888888@193.243.202.97>;tag=d37fe827 Call-ID: 6d7923631c258f31@TkVUV09SS1lPTi5jb21wYW55MS50c3Q. CSeq: 1 REGISTER Expires: 3600 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO Supported: eventlist User-Agent: eyeBeam release 3014w stamp 26359 Content-Length: 0 It seems that when the SIP message is forwarded through SER, the Authorization information is missing. How can I make SER to forward the message without modifying the message ? Also how can I modify user and domain information for the forwarded messages ? Thanks, ilker -----Original Message----- From: Vaclav Kubart [mailto:vaclav.kubart@iptel.org] Sent: Friday, March 31, 2006 8:37 AM To: İlker Aktuna (Koç.net) Cc: serusers(a)lists.iptel.org Subject: Re: [Serusers] Ser as a presence server with other SIP proxy as registrar and rtp proxy Hi, your solution is possible - separated presence server from other SIP communication. For forwarding you need cfg like this: if (method=="...") { # here put method name which should be forwarded if (!t_newtran()) { log(1, "newtran error\n"); sl_reply_error(); break; }; if (!t_forward_nonack("machine.domain.com", 5060)) { log(1, "forward failed\n"); t_reply("500", "Forward failed"); } break; } I'm using SER as proxy and other SER as presence server. Proxy forwards presence related messages to presence server, it looks like: <http://387555.sigclick.mailinfo.com/sigclick/070E0602/0C044804/034A03146179…> _____________________________________________________________________________________________________________________________________________ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence. _____________________________________________________________________________________________________________________________________________

1 0

Fw: [Users] OpensSER and NAT
by Diego Zuaneti Arruda 31 Mar '06

31 Mar '06

1 client behind a NAT and 1 client behind another NAT. ----- Original Message ----- From: "Bogdan-Andrei Iancu" <bogdan(a)voice-system.ro> To: "Diego Zuaneti Arruda" <diego(a)fasternet.com.br> Cc: <users(a)openser.org> Sent: Friday, March 31, 2006 5:56 AM Subject: Re: [Users] OpensSER and NAT 2 clients behind *same* NAT ? regards, bodgan Diego Zuaneti Arruda wrote: > Somebody knows if exists some way of 2 customers NAT to talk without > that the traffic pass for the Server? > > Thanks > > >------------------------------------------------------------------------ > >_______________________________________________ >Users mailing list >Users(a)openser.org >http://openser.org/cgi-bin/mailman/listinfo/users > >

2 1

[Users] Problem with RPID and Radius
by Dmitry Lyubimkov 31 Mar '06

31 Mar '06

Subscribers pass authentication on Radius server. Except for the answer about successful or unsuccessful authentication OpenSER receives RPID field. Answer of RADUS server (FreeRadius) looks so: Sending Access-Accept of id 136 to 172.16.2.6:33413 SIP-AVP = "RPID:8142799202" Using commands if (uri=~"^sip:[0-9]+@.*") { if (method=="INVITE") { append_rpid_hf("<sip:","@voapp.ru>;party=calling;privacy=off"); }; }; RPID field is added in SIP heading Using another Radius the Server (from billing system) OpenSER receives such answer: Sending Access-Accept of id 127 to 172.16.2.6:33405 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = None Framed-MTU = 1500 SIP-AVP = "RPID:8142799202" h323-credit-amount = "h323-credit-amount=100.00" h323-credit-time = "h323-credit-time=72000" h323-return-code = "h323-return-code=0" h323-currency = "h323-currency=USD" At this RPID field it is not added in header. (The same code of OpenSER script works) But the most interesting still ahead! We remove support SIP-AVP in billing system. And proxy Radius messages through FreeRadius We receive from billing rad_recv: Access-Accept packet from host 62.33.22.13:1812, id=1, length=158 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = None Framed-MTU = 1500 h323-credit-amount = "h323-credit-amount=100.00" h323-credit-time = "h323-credit-time=72000" h323-return-code = "h323-return-code=0" h323-currency = "h323-currency=USD" FreeRadius itself adds RPID and sends to OpenSER the following packet Sending Access-Accept of id 185 to 172.16.2.6:33614 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = None Framed-MTU = 1500 h323-credit-amount = "h323-credit-amount=100.00" h323-credit-time = "h323-credit-time=72000" h323-return-code = "h323-return-code=0" h323-currency = "h323-currency=USD" SIP-AVP = "RPID:8142799202" But RPID is understood correctly and it is added in heading part of SIP message. The difference between "bad" and "good" RADIUS message only in a place where meets SIP-AVP = "RPID:8142799202" In the first case this field goes in the middle, in the second case it is the last. To what such selectivity can be connected? How it can in OpenSER be corrected? Dmitry

2 2

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users March 2006