sr-users July 2006

sr-users@lists.kamailio.org

206 participants
414 discussions

[Users] need help regarding AVPOPS module

by Tanzeel serfaraz

Hi users; i am new in openser and i am trying to implement AVPOPS module in openser specially TRUSTING IPExample: http://www.voice-system.ro/docs/avpops/ar01s08.html#ex_trusting) when i going to start openser after modification i got the messege like this: Starting OpenSER : PID file /var/run/openser.pid does not exist -- OpenSER start failed when i check the .conf file by wrote the command : # openser -c -f /usr/local/etc/openser/openser.cfg i got the message like this: MESSAGE: 0(7747) WARNING: fix_socket_list: could not rev. resolve 192.168.1.37 0(7747) WARNING: fix_socket_list: could not rev. resolve 192.168.1.37 Listening on udp: 127.0.0.1 [127.0.0.1]:5060 udp: 192.168.1.37 [192.168.1.37]:5060 tcp: 127.0.0.1 [127.0.0.1]:5060 tcp: 192.168.1.37 [192.168.1.37]:5060 Aliases: tcp: localhost:5060 tcp: localhost.localdomain:5060 tcp: tanzeel:5060 udp: localhost:5060 udp: localhost.localdomain:5060 udp: tanzeel:5060 config file ok, exiting... MY configuration file is this: # # $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/openser_fifo" listen=192.168.1.37 # # uncomment the following lines for TLS support #disable_tls = 0 #listen = tls:your_IP:5061 #tls_verify = 1 #tls_require_certificate = 0 #tls_method = TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/avpops.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/acc.so" loadmodule "/usr/local/lib/openser/modules/alias_db.so" loadmodule "/usr/local/lib/openser/modules/domain.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) ################AVPOPS Module Parameters ############ modparam("avpops", "avp_url", "mysql://openser:openserrw@localhost/openser") modparam("avpops", "avp_table", "usr_preferences") # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # if the request pretends to belong to a local domain if (is_from_local()) { #authenticate only INVITE and MESSAGES if (method=="INVITE" || method=="MESSAGE") { # is it a trusted IP address? - first load the trusted IPs (avp # NAME 't_ips" from DB table "ips") for the target domain (domain part # of RURI); then check if at least one value of 't_ips' AVPs equals # the source IP of the request if (!(avp_db_load("$ruri/domain","s:t_ips/ips") && avp_check("s:t_ips", "eq/$src_ip/gi"))) { # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); } } } # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay_to_tls("IP_domain1","port_domain1"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay_to_tls("IP_domain2","port_domain2"); # exit; #} route(1); }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!www_authorize("localhost", "subscriber")) { www_challenge("localhost", "0"); exit; }; save("location"); exit; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); } route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; } if someone have already configure that example kindly send it to me . Thank for help Regards __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

18 years, 4 months

RE: [Serusers] prevent INVITE without REGISTERing

by İlker Aktuna (Koç.net)

Hi, What if my proxy does not handle authenticating INVITE messages ? In that case I think the best way is to lookup location table for the source URI. If the source URI location matches the location in that table then we must permit INVITE message. How can I configure this ? Thanks, ilker -----Original Message----- From: serusers-bounces(a)lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Victor Stanescu Sent: Monday, July 10, 2006 1:49 PM Cc: serusers(a)iptel.org Subject: Re: [Serusers] prevent INVITE without REGISTERing Please read "domain" instead of "gtstelecom.ro": www_authorize("domain", "subscriber") and proxy_authorize("domain", "subscriber"), otherwise the code fragment will not be correct. I forgot to replace with a generic name. Victor Stanescu wrote: > I think it is easier to force him to authenticate the INVITE. If he is > able to authenticate the INVITE, why do you care if he is registered > or not? > > if (method=="REGISTER") { > if(!src_ip=="other") { > if (!www_authorize("gtstelecom.ro", "subscriber")) { > www_challenge("domain", "0"); > break; > }; > save("location"); > log("Replicating REGISTER\n"); > t_replicate("other", "5060"); > } else { > save("location"); > }; > break; > } else { > # this is an INVITE > if (!proxy_authorize("gtstelecom.ro", "subscriber")) { > proxy_challenge("domain", "1"); > break; > }; > # route the call > ... > }; > > İlker Aktuna (Koç.net) wrote: >> >> Hi all, >> >> Is it possible to prevent any user calling without registering ? What >> is the best way to do this ? >> I guess I'll have to check if the source URI exists in location table. >> What is the easiest way to do this ? >> >> If there is a more robust way to do it, please suggest... >> >> Thanks, >> ilker >> >> >> >> <http://387555.sigclick.mailinfo.com/sigclick/000F0500/07044803/01000 >> 749/0023725214.jpg> >> >> _____________________________________________________________________ >> _____________________________________________________________________ >> ___ >> >> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. >> Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir >> sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen >> e-posta mesajini kullaniciya hemen geri gonderiniz ve tum >> kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir >> sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para >> karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus >> sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta >> mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - >> virus icermedigini garanti etmez ve meydana gelebilecek zararlardan >> dogacak hicbir sorumlulugu kabul etmez. >> This message is intended solely for the use of the individual or >> entity to whom it is addressed , and may contain confidential >> information. If you are not the intended recipient of this message or >> you receive this mail in error, you should refrain from making any >> use of the contents and from opening any attachment. In that case, >> please notify the sender immediately and return the message to the >> sender, then, delete and destroy all copies. This e-mail message, can >> not be copied, published or sold for any reason. This e-mail message >> has been swept by anti-virus systems for the presence of computer >> viruses. In doing so, however, sender cannot warrant that virus or >> other forms of data corruption may not be present and do not take any >> responsibility in any occurrence. >> _____________________________________________________________________ >> _____________________________________________________________________ >> ___ >> >> >> >> --------------------------------------------------------------------- >> --- >> >> _______________________________________________ >> Serusers mailing list >> Serusers(a)lists.iptel.org >> http://lists.iptel.org/mailman/listinfo/serusers > _______________________________________________ > Serusers mailing list > Serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers _______________________________________________ Serusers mailing list Serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers <http://387555.sigclick.mailinfo.com/sigclick/07090207/00044900/0608064E/071…> _____________________________________________________________________________________________________________________________________________ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence. _____________________________________________________________________________________________________________________________________________

18 years, 4 months

[Serusers] selects for headers with "-"

by Luis Silva

Hi all! I'm trying to get the value of the header "P-Asserted-Identity" using selects, but because of the "-" I can't get the value. Do I need to use a different way for accessing this type of headers? tks in advance Regards, luis silva

18 years, 4 months

[Users] Force RTP proxy when calling NATed UAS

by Leonid Fainshtein

Hi, I would like to force RTP proxy for calls when UAC is located on the public Internet and the UAS is located behind a NAT system. The nat_uac_test() doesn't help in such situation because the INVITE is issued by endpoint located on the public Internet. In other words, I'm looking for a way to get info about the UAS. If it is located behind NAT than I would force RTP proxy. Thank you in advance, Leonid Fainshtein

18 years, 4 months

[Users] avp+radius+accounting

by Cseke Tamas

Hello, We 'd like to prefix something depend on some kind of group membership of users. During radius authorization radius set an avp e.g SIP-AVP prefix:123 I 'd like to set Request-URI according to this avp, but prefix("$avp(prefix)") don't work the uri will be sip:$avp(prefix)12233@... :) as i read pseudo variables is only enabled in xlog and some avpops functions. How can i solve this problem, Another question about acc module loadmodule "acc.so" modparam("acc", "radius_flag", 3) modparam("acc", "radius_missed_flag", 4) route{ #... setflag(3); setflag(4) #... } don't send accounting messages to radius, i must use acc_rad_request? Thanks any help, Tamas

18 years, 4 months

[Serusers] Radius Accounting

by Caxton

Hi all: I have installed radius server, and I also configure the "ser.cfg" for the radius accounting. However, there is a problem confues me. While the sip session have set up, the radiusclient send a Request-Account packet to radius server immediately, than radius server can save the start-up time of the session into database. But after the session terminated, radiusclient do nothing(it should send a Accounting-Stop packet to radius server)!! Therefore, I can not have a complete time record. I try to look up the solution in seruser mailing list, but I can not find what I want. Please help me, thanks. Sincerely Caxton -----ser.cfg----- [cut] # -- acc params -- modparam("acc", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("acc", "log_level", 2) modparam("acc", "radius_flag", 1) modparam("acc", "report_ack", 0) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n"); # Uncomment this if you want to use digest authentication if (!www_authorize("pc80.s206.tj.mcu.edu.tw", "subscriber")) { log(1, "REGISTER: Chanllenging user\n"); www_challenge(" pc80.s206.tj.mcu.edu.tw", "0"); break; }; save("location"); break; }; if(method=="INVITE") { log(1, "INVITE\n"); setflag(1); } if(method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); } if(method=="BYE"||method== "CANCEL") { log(1, "BYE or CANCEL\n"); setflag(1); } [cut]

18 years, 4 months

[Users] Ack is not received the openser, when the phone lefted up.

by raviprakash sunkara

Hi Users, I installed Openser server and Using the Nathelper with RtpProxy . The openser server and RtpProxy are located in the Same system with ip add (192.168.2.2) , And Public IP address is xx.xxx.xxx.xxx., openSER sip_doamin name is xx.xxx.xxx.xxx Ours Network connect for openser System is given below modem------xx.xxx.xxx.xxx.-------------> router(firewall) ---------------------------------> server 1 |________________ > server 2 | |_________________> server 3 ( openser and rtp ) For Testing i'm X-lite softphones with different network og openser system When made the call from one softphone to other softphones.. When caller calls to callee , after the phone rings , -- Thanks and Regards with cheers Sunkara Ravi Prakash (Voip Developer) Hyperion Technology Kondapur, Hi-tech city, Hyderabad. www.hyperion-tech.com +91-9985077535

18 years, 4 months

[Users] Problem with module dispatcher funtion ds_next_dst()

by Jose Gil Navarrete

Hi, somebody can help me?? I am trying to set up OpenSer 1.0.1 like dispatcher to loadbalance and failover but when I use ds_next_dst() for failover I obtain the next error: 0(19024) parse error (128,25-26): unknown command, missing loadmodule? ERROR: bad config file (1 errors) My config file is the next: loadmodule "/lib/openser/modules/sl.so" loadmodule "/lib/openser/modules/tm.so" loadmodule "/lib/openser/modules/rr.so" loadmodule "/lib/openser/modules/maxfwd.so" loadmodule "/lib/openser/modules/usrloc.so" loadmodule "/lib/openser/modules/registrar.so" loadmodule "/lib/openser/modules/textops.so" loadmodule "/lib/openser/modules/dispatcher.so" loadmodule "/lib/openser/modules/avpops.so" modparam("dispatcher", "list_file", "/usr/local/etc/openser/dispatcher.list") modparam("dispatcher", "force_dst", 1) modparam("dispatcher", "flags", 2) route{ if ( !mf_process_maxfwd_header("10") ) { sl_send_reply("483","To Many Hops"); drop(); }; ds_select_dst("2","0"); sl_send_reply("100","Trying"); forward(uri:host, uri:port); t_on_failure("1"); if (!t_relay()) { sl_reply_error(); return; }; } failure_route[1] { if (t_check_status("408")) { if (ds_next_dst()) { # On Failure: Choose next Proxy t_on_failure("1"); # Relay to Proxy t_relay(); } else { t_reply("503", "Service not available"); return; } } } I try to use modparam("dispatcher", "dst_avp_id", 100) but I obtain: 0(19260) set_mod_param_regex: parameter <dst_avp_id> not found in module <dispatcher> 0(19260) parse error (86,21-22): Can't set module parameter 0(19260) parse error (128,25-26): unknown command, missing loadmodule? ERROR: bad config file (2 errors) --------------------------------- Do You Yahoo!? La mejor conexión a Internet y 2GB extra a tu correo por $100 al mes. http://net.yahoo.com.mx

18 years, 4 months

[Serusers] print avps in cfg file

by Luis Silva

Hi all, it's just a simple question. How can I print avps in the cfg file? tks in advance ps - I searched in the avp and xlog modules and couldn't find anything.

18 years, 4 months

Fwd: [Serusers] Termination from SER to Asterisk

by CM0002＠aol.com

18 years, 4 months

← Newer
1
...
28
29
30
31
32
33
34
...
42
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users July 2006