6 Jun
2003
6 Jun
'03
6:14 p.m.
I do not know why reply_route seems to call the
main route block again. I do know that if I comment out
the authentication code in the main route block my forwarding
works. If I do not comment it out, then the forwarding
fails with an 'Unauthorized' directed at the pstn gateway.
Yes, the script is related...I get a call from the PSTN for
the phone number 1234. 1234 doesn't answer, so my on_negative
attempts to forward to 5678. The forward to 5678 fails because
no authentication is present because the source IP address isn't
any longer the pstn gateway AND the main route block code is
being executed again from the on_negative callback. I am not
doing any additional authentication in the callback, I assume
the Unauthorized is coming from the main script.
I asked Jiri earlier if another 'packet' (sip message) was forwarded to
the routing engine...perhaps on locahost. That would explain the
re-execution of the main route block and it would explain the
mechanics of an on_negative callback execution.
I'll take a look at 0.8.11.
Thanks,
---greg
-----Original Message-----
From: Andy Blen [mailto:andy.blen@iptel.org]
Sent: Friday, June 06, 2003 9:54 AM
To: Greg Fausak; 'Jan Janak'
Cc: serusers(a)lists.iptel.org; sip(a)august.net
Subject: RE: [Serusers] Forwarding to another number if busy
At 03:48 PM 6/6/2003, Greg Fausak wrote:
--snip--
My code looks like:
If(src_ip == my.pstn.gateway.address)
{
...
}
Else
{
if(!www_authorize())
{
www_challenge();
};
}
This means that calls can come from my gateway without
authentication. Later on in the script:
...
t_on_negative("9");
if(!t_relay())
{
sl_reply_error();
break;
};
}
reply_route[9]
{
log(1,"REPLY_ROUTE:");
revert_uri();
setuser("nextnumber");
t_relay();
}
-----
This logic only works if I get rid of
my authentication/challenge logic. Because the
T_relay() src_ip address is NOT the pstn.gateway
address after the reply_route executes!
? I'm puzzled -- does the script above somehow relate to the problem
you are describing? You only check src_ip in route{} which is called
only once, so why do you care about what happens after reply_route{}?
So, I tried putting a line in the reply_route that
did:
setflag(9);
And changed the beginning of my script:
If(src_ip == my.pstn.gateway.address | isflagset(9))
{
...
}
Else
{
if(!www_authorize())
{
www_challenge();
};
}
Why do you re-check authentication in reply_route? The authentication
has been already verified on the original request and it buys no
security to do it again with the same request later.
This doesn't work. I know the flag was set in
the reply_route, but
it is not recognized in the main script.
I guess neither src_ip nor flag were copied to reply_route context
in 8.10. That should have changed in 8.11, in case you need it.
a.