sr-users March 2007

sr-users@lists.kamailio.org

192 participants
380 discussions

by Klaus Darilion

Hi! I thought setting the tcp_connection_lifetime to 0 should keep them open endlessly, but in my case the proxy closes the TCP connection ~10 seconds after the last SIP message. What am I doing wrong? regards klaus -- Klaus Darilion nic.at

17 years, 7 months

[Users] NEW FEATURE: IP blacklists

by Bogdan-Andrei Iancu

Hi everybody, OpenSER 1.2.0 has new feature - IP Blacklist support. This is a low level filtering engine for the outgoing requests; low level, because the filtering is done based on IP, protocol, port, etc. Its primary purposes will be to prevent sending requests to critical IPs (like GWs) due DNS or to avoid sending to destinations that are known to be unavailable (temporary or permanent). Because of flexibility concerns, the filtering rules can be groups inside multiple lists. A rule: - matches based on IP/mask, proto, port and text pattern criteria - can be reversed applied A list: - can be read-only - it does not change during execution - have timeout per elements - elements expires after a configured timeout. How to use: =========== currently there are 2 ways of using the blacklists: 1) statically defining list in the configuration file and selecting which ones should be used for each request. You can define blacklists as follow: # filter out requests going to ips of my gws dst_blacklist = gw:{( tcp , 192.168.2.100 , 5060 , "" ),( any , 192.168.2.101 , 0 , "" )} # block requests going to "evil" networks dst_blacklist = net_filter:{ ( any , 192.168.1.100/255.255.255.0 , 0 , "" )} # block message requests with nasty words dst_blacklist = msg_filter:{ ( any , 192.168.20.0/255.255.255.0 , 0 , "MESSAGE*ugly_word" )} # block requests not going to a specific subnet dst_blacklist = net_filter2:{ !( any , 192.168.30.0/255.255.255.0 , 0 , "" )} a rule is defined by: protocol : TCP, UDP, TLS or "any" for anything port : number or 0 for any ip/mask test patter - is a filename like matching (see "man 3 fnmatch") applied on the outgoing request buffer (first_line+hdrs+body) From routing script, you can use the use_blacklist("name") function to select what blacklist to be applied for the current request. More than one list can be selected. If the destination address matches on of the selected rules, the send will fail. 2) via DNS The DNS resolver, when configured with failover, can automatically store in a temporary blacklist the failed destinations. This will prevent (for a limited period of time) openser to send requests to destination known as failed. So, the blacklist can be used as a memory for the DNS resolver. To use it, you have to enabled it - the rest is done automatically. disable_dns_blacklist = no By default is enabled. The temporary blacklist created by DNS resolver is named "dns" and it is by default selected for usage (no need use the use_blacklist() function. The rules from this list have a life time of 4 minutes - you can change it at compile time, from blacklists.h . To give you an internal snapshot, a new MI function - "list_blacklists" - was added to print all existent blacklists and their rules. Any suggestions/reports are welcome! regards, bogdan

17 years, 7 months

[Users] What does this mean?

by nick

pre_auth(): Credentials with given realm not found After looking around google it seems to be based on the fact that the first sip: value doesn't contain the userid (if I understand correctly...) I can't figure out exactly why the RURI is coming in this fashion.. Should I be changing something in the clients, or my config?? These worked on an older config, now with this section, they just don't get accepted. I've tried it with and without sipserver.mobilia.it in the realm. I've also tried it with the server generating ha1 and static ha1 (from the ha1 and ha1b fields in the db), no difference. I have use domain 1 in registrar and auth_db, and strip "sipserver." sl_send_reply("100", "Trying"); if(!www_authorize("", "subscriber")) { xlog("L_INFO", "Register authentication failed - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); www_challenge("", "1"); exit; } Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: New request - M=REGISTER RURI=sip:mobilia.it F=sip:rice@mobilia.it T=sip:rice@mobilia.it IP=x.x.x.105 ID=fmq-17240(a)x.x.x.105 Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: parse_headers: flags=100 Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: get_hdr_field: cseq <CSeq>: <100> <REGISTER> Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: DEBUG:maxfwd:is_maxfwd_present: value = 70 Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: parse_headers: flags=200 Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: DEBUG: get_hdr_body : content_length=0 Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: found end of header Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: find_first_route: No Route headers found Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: loose_route: There is no Route HF Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: parse_headers: flags=ffffffffffffffff Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: check_via_address(x.x.x.105, x.x.x.105, 0) Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: parse_headers: flags=4000 Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: pre_auth(): Credentials with given realm not found Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: Register authentication failed - M=REGISTER RURI=sip:mobilia.it F=sip:rice@mobilia.it T=sip:rice@mobilia.it IP=x.x.x.105 ID=fmq-17240(a)x.x.x.105 Mar 29 12:07:40 sipserver /usr/local/sbin/openser[22732]: build_auth_hf(): 'WWW-Authenticate: Digest realm="mobilia.it", nonce="460b9118a6a044d8837a01f924be2a9a3b7e0271", qop="auth"^M '

17 years, 7 months

[Users] Simple xcap-emulator for OpenSER

by Adrian Georgescu

Hello, We wrote a simple xcap emulator to be able to manage the XCAP documents used by OpenSER presence agent, by using PHP scripts in combination with Apache web server. I have tested it against OpenSER with MySQL and Eyebeam for Apple. Klaus Darilion has tested it against Postgress and Eyebeam for Windows. The software can be downloaded from: http://download.dns-hosting.info/XCAP/xcap-0.5.tar.gz Regards, Adrian

17 years, 7 months

[Users] WeSIP C2C and freeswitch

by Helmut Kuper

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I try to use WeSIP C2C with UACs registered to freeswitch. freeswitch never answeres the INVITEs for caller (that INVITE with no SDP and from=to=caller's sip address). So my question is, is it because freeswitch maybe doesn't support rfc 3725? If so, is there any C2C proven SIP-PBX I can use instead? Helmut -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7s8L4tZeNddg3dwRArGjAKCRJ+Kqi4FqdE2J9S/Q6t8L3VEVzwCgncCc G2rxVs9s3fqs+XgUXnsefRs= =RqW7 -----END PGP SIGNATURE-----

17 years, 7 months

[Users] How URI is parsed...

by Stuart Sheldon

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Newbe question: Can someone explain what causes a match when lookup() and does_uri_exist() is used? Does it look at the least significant characters is the URI? Does it drop certain leading numbers like '1'? Stu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFGDs0BK69Y+xPZrWYRAg5XAJ9kL3FNuImfu6wasPZ9z32uDYmoGwCfWKhW 5al96b0dhkmFNYnwBzyHmoY= =mNnn -----END PGP SIGNATURE-----

17 years, 7 months

Re: [Users] Openser on Sun Ultrasparc T1 Processors - Mismatch architecture detection

by Henning Westerholt

On Tuesday 27 March 2007 17:41, you wrote: > Hi Henning. > > I tested the compilation and it does not detect the architecture. > > I think that maybe is because of uname -p outputs sparc, and uname -m > outputs sun4v. > [..] Hi Sergio, thank you for the testing. I add another check to the patch according your suggestions, could please try it another time? Cheers, Henning

17 years, 7 months

re: [Users] postgres

by Mark Price

On 12/20/06, Klaus Darilion <klaus.mailinglists(a)pernau.at > wrote: > > Hi Mark! > > Postgres should work well - I use it since ser 0.8. Just make sure that > the hard disk does not get full, because this breaks the index inside > postgres and postgres is getting real slow (re-create the index if it > happens). > > Last time I tested openser_postgres.sh it worked fine. If you find a bug > please let us know. > > Please check to use the latest versions from CVS (for 1.1 use CVS > rel_1_1_0) The latest version from cvs doesn't work out of the box with openser build from the release tarball, because the release tarball doesn't included /usr/sbin/openser_gen_ha1 (although I could get past this by replacing it with the md5sum equivelant). However, the release tarball doesn't work because of this bug: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1518732&group_… So, 1. is the cvs version of rel_1_1_0 considered safe for production use? 2. if so and there are important fixes such as this in CVS, would openser.org consider releasing a point release containing such changes? Thanks, Mark Price

17 years, 7 months

[Users] OpenSER v1.2.0 released

by Daniel-Constantin Mierla

Hello, version 1.2.0 of OpenSER has been released. It is major release, which means that you get along a lot of new features and improvements to existing ones in old versions. The configuration file and database structure suffered some changers, please read careful release notes to learn how to update. Just to list few of the new features: - SIMPLE Presence support (http://openser.org/dokuwiki/doku.php/presence:presence-module) - SNMP (http://openser.org/docs/modules/devel/snmpstats.html) - PERL API (http://openser.org/docs/modules/devel/perl.html) - JAVA SIP Servlet Application Server (http://wesip.eu) - script variables and transformations (http://openser.org/dokuwiki/doku.php/transformations:devel) - DNS failover - IP blacklists - XMPP IM gateway - XMLRPC - SIP session timers - secure federation peering - retransmission timer accuracy - usrloc refurbished for better performances - automatic error handling - AVPs in reply routes Read full release notes at: http://www.openser.org/mos/view/OpenSER-v1.2.x-Release-Notes/ Source tarball can be downloaded from: http://www.openser.org/pub/openser/latest/src/ Or SourceForge: http://sourceforge.net/project/showfiles.php?group_id=139143&package_id=224… This is the first release coming out o SVN. Old CVS repository was migrated to SVN, and with these, a few changes apply to get sources from repository. Please read instructions from download page: http://www.openser.org/mos/view/Download/ Migration instructions (although not complete, I'm sure) are available at: http://openser.org/dokuwiki/doku.php/install:1.1.x-to-1.2.x The documentation for modules is posted at: http://openser.org/docs/modules/1.2.x/ We would like to thank to all developers and contributors for their work with coding and testing for this new release. Cheers, Daniel

17 years, 7 months

[Users] how to handle REFER 302-moved temporarily

by zm23

Hello All, I am trying to find out the proper/best way to handle REFERs coming from phone. My setup is as follows: Cisco gw openser phone gw 2 DID 1234 -----> Invite -----------------> --------------------> <----- 302 refer <--------------------- <--------------------302 moved.... new #5678 sent back After receiving new invite, openser sends it out to another gateway 5678 ----> invite ----------------------> ---------------------------------------------------> yet i am still seeing the 302 messages sent back from proxy to cisco gw. <------------------------------- -- 302 moved Call does connect to 5678 but is dropped after few seconds with only one way audio. What needs to be done so that when second invite hits proxy, there are no more 302s sent back? Should I process the 302 in proxy itself? What is the best way to make the 2nd call to 5678 so that it can be identified as a separate call? Thank you in advance for your help in this regards. -- Zahid

17 years, 7 months

← Newer
1
2
3
4
5
6
7
...
38
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users March 2007