9 Oct
2007
9 Oct
'07
2:34 p.m.
Hi Tim,
can you get and send me the output in full debug mode (debug=6) ?
if too bug, just send it to me privately....and also be sure to get the
whole call...
regards,
bogdan
Tim Madorma wrote:
Hi,
I'm interested in using DNS blacklisting to stop transmitting SIP
requests towards UAS endpoints that are non-responsive. I am on
version 1.2, but I can't get it to work properly.
Here is what I am trying to do:
1) I get a message from a UAC that needs to be sent towards 1 of 4
destination UAS endpoints.
2) I setup the OpenSER to perform an SRV lookup which returns a record
that has four A records associated with it. It looks as follows:
;; QUESTION SECTION:
;_sip._udp.aimcidfilter.com. IN SRV
;; ANSWER SECTION:
_sip._udp.aimcidfilter.com. 60 IN SRV 1 100 5061 spinner.eng.rr.com.
_sip._udp.aimcidfilter.com. 60 IN SRV 2 100 5061 bart.eng.rr.com.
_sip._udp.aimcidfilter.com. 60 IN SRV 3 50 5061 homer.eng.rr.com.
_sip._udp.aimcidfilter.com. 60 IN SRV 3 50 5061 crunch.eng.rr.com.
3) The OpenSER does a gethostbyname which performs a DNS A record
lookup and gets a response for spinner.eng.rr.com.
4) When the OpenSER sends towards spinner.eng.rr.com, it does not get
a SIP response from it. *It is at this point I was hoping that OpenSER
would blacklist this UAS endpoint*, but for each incoming request that
is received by the OpenSER, it continues to resolve the domain in the
same manner and sends towards spinner.eng.rr.com even though there is
no SIP response.
Is what I am trying to do in accordance with how OpenSER blacklisting
is supposed to work?
I am trying to have OpenSER send towards bart.eng.rr.com when
spinner.eng.rr.com is not responding or is not reachable.
My configuration is as below. Note that I have even tried to disable
sending towards spinner.eng.rr.com by manually adding a dst_blacklist
entry - that doesn't even seem to work for me.. Am I doing something
wrong?
I have also attached a log file.
Here is my output from openserctl
# openserctl fifo list_blacklists
200 OK
List:: net_filter owner=13 flags=1
Rule:: flags=0
IP:: 65.185.233.55
Mask:: 255.255.255.255
Proto:: 0
Port:: 5061
List:: dns owner=17 flags=6
---------------
#
# Openser.cfg
# ----------- global configuration parameters ------------------------
debug=5 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
maxbuffer=1048576
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#reply_to_via=1
children=4
log_facility=LOG_LOCAL4
dns_use_search_list=no
dns_servers_no=2
user="sipproxy"
group="sipproxy"
disable_dns_blacklist=no
disable_dns_failover=no
dns_try_ipv6=no
dns_retr_time=2
dns_retr_no=2
dst_blacklist = net_filter:{ ( any , 65.185.233.55, 5061 , "" )} #
block towards spinner
listen=udp:65.185.232.62:5060
alias=65.185.233.104:5060
# LOAD OpenSER MODULES
mpath="/sw/lib/openser/modules/"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "acc.so"
loadmodule "mi_fifo.so"
loadmodule "xlog.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
modparam("acc", "log_level", 2)
modparam("acc", "log_flag", 1)
modparam("acc","report_cancels", 1)
modparam("acc","failed_transaction_flag", 1)
modparam("acc","log_extra", "req_uri=$rU")
modparam("tm", "fr_timer", 5)
modparam("tm","fr_inv_timer",5)
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages within a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
route(1);
};
if (method=="OPTIONS") {
sl_send_reply("200", "OK");
exit;
}
if (uri =~ "^sip:feature_fs@" || method=="NOTIFY") {
xlog("L_DBG", "TWC: received incoming message:\n
<$mb>\n");
seturi("sip:feature_fs@aimcidfilter.com");
setflag(1);
route(1);
} else {
sl_send_reply("404", "Not Found");
};
}
#####################################################
# Default Message Handler
#####################################################
route[1] {
# Send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users