Hi Reda,
my pitfall was that the probing takes 30seconds until the gateway is active
until startup. So if i test it right after kamctl restart the gateway
was inactive.
Now i seems that my working multihomed config needs some help to fix
nat for dispatching. For locatet user it works, for dispatching i run
into nat-nightmare again
(wrong Contact Header on private ip side and so one)....
Any hints?
# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route
# - note: this is the same as route { ... }
request_route {
xlog("begin routing\n");
setflag(1); # log this msg
#acc:
setflag(2);
setflag(3);
setflag(4);
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
# per request initial checks
route(REQINIT);
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER") {
record_route();
};
if (method=="BYE" || method=="CANCEL") {
unforce_rtp_proxy();
xlog("L_DBG","BYE OR CANCEL. Dialog lifetime:
$DLG_lifetime Status: $DLG_status\n");
if ($DLG_status==5)
{
route(6);
}
}
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
xlog("loose_route ***************\n");
if ((method=="INVITE" || method=="REFER") && !has_totag())
{
sl_send_reply("403", "Forbidden");
return;
};
if (method=="BYE" && $DLG_status==5)
{
xlog("L_DBG","BYE. Dialog lifetime: $DLG_lifetime Status:
$DLG_status\n");
route(6);
}
if (method=="INVITE") {
route(5);
if (!proxy_authorize("$td","subscriber")) {
proxy_challenge("$td","0");
return;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
return;
};
consume_credentials();
setflag(6);
force_rport();
fix_nated_contact();
if (dst_ip == 172.20.100.74){
rtpproxy_manage("fiewc","212.59.42.189");
}
else
{
rtpproxy_manage("feiwc","172.20.100.74");
}
};
route(1);
return;
};
if (method=="CANCEL")
{
xlog("L_DBG","CANCEL. Dialog lifetime: $DLG_lifetime
Status: $DLG_status\n");
route(6);
}
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
xlog("call type processing\n");
if (uri!=myself) {
route(4);
route(1);
return;
};
if (method=="ACK") {
route(1);
return;
} else if (method=="CANCEL") {
route(1);
return;
} else if (method=="INVITE") {
route(5);
route(3);
return;
} else if (method=="REGISTER") {
route(2);
return;
};
xlog("lookup aliases\n");
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
return;
};
xlog("!lookup location\n");
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
return;
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" && isflagset(6)) {
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
setflag(6);
fix_nated_register();
force_rport();
sl_send_reply("100", "Trying");
if (!www_authorize("$td","subscriber")) {
www_challenge("$td","0");
return;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
return;
};
consume_credentials();
if (!save("location")) {
log(1,"Error :-(.\n");
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
xlog("route-3\n");
setflag(6);
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
return;
};
#!ifdef WITH_DISPATCHER
if (!lookup("location")) {
if(ds_select_domain("1", "4")) {
xlog("DISPATCHER ds_select_dst\n");
route(4);
#route(1);
forward();
return;
}
}
#!endif
if (!lookup("location")) {
xlog("404 User not found\n");
sl_send_reply("404", "User Not Found");
return;
};
route(4);
route(1);
}
route[4] {
# -----------------------------------------------------------------
# NAT Traversal Section
# -----------------------------------------------------------------
force_rport();
fix_nated_contact();
if (dst_ip == 172.20.100.74){
xlog("INVITE 4 intern extern\n");
rtpproxy_manage("fiewc","222.222.222.222");
}
else
{
xlog("INVITE 4 extern intern\n");
rtpproxy_manage("feiwc","172.20.100.74");
}
}
route[5] {
# ----------------------------------------------------------------
# Save here CDR Variables
# ----------------------------------------------------------------
#save sourceIP
$sht(a=>$ci::srcip) = $si;
$sht(a=>$ci::fromdplname) = $fn;
$sht(a=>$ci::touri) = $tu;
$sht(a=>$ci::fromuri) = $fu;
$sht(a=>$ci::useragent) = $ua;
}
route[6] {
# ----------------------------------------------------------------
# Write CDR via Perl and free previously CDR Variables
# ----------------------------------------------------------------
#save variables from htable in AVPs, so we can access them from perl
(without memory leak)
$avp(s:4com_srcip)=$sht(a=>$ci::srcip);
$avp(s:4com_fromdplname)=$sht(a=>$ci::fromdplname);
$avp(s:4com_touri)=$sht(a=>$ci::touri);
$avp(s:4com_fromuri)=$sht(a=>$ci::fromuri);
$avp(s:4com_useragent)=$sht(a=>$ci::useragent);
$avp(s:4com_invtrytime)=$sht(a=>$ci::invtrytime);
#write CDR
perl_exec("write_cdr");
#free all variables saved in hashtable
sht_rm_name_re("a=>$ci::.*");
}
onreply_route[1] {
rtpproxy_manage("fwc");
fix_nated_contact();
#if (is_gflag("0")) log(1,"-- 0 ist gesetzt.\n");
#if (is_gflag("1")) log(1,"-- 1 ist gesetzt.\n");
#if (is_gflag("2")) log(1,"-- 2 ist gesetzt.\n");
#if (is_gflag("3")) log(1,"-- 3 ist gesetzt.\n");
#if (is_gflag("1"))
#{
# log(1,"Recording this Call\n");
# start_recording();
#}
#else
#{
# log(1,"NOT recording this Call\n");
#}
xlog("L_DBG", "-- Status: $rs METHOD $rm Reason $rr\n");
if ($rm=="INVITE")
{
xlog("L_DBG", "Method is INVITE\n");
if ($rs=~"1[0-9][0-9]")
{
xlog("L_DBG", "Status is in 100-class Trying\n");
$sht(a=>$ci::invtrytime) = $Ts;
#perl_exec("got_invite_trying");
}
else if ($rs=~"4[0-9][0-9]")
{
xlog("L_DBG", "Status is in 400-class - ClientErrors\n");
#xlog("L_DBG", "SI aus shared: $sht(a=>$ci::srcip)\n");
#perl_exec("write_cdr");
#sht_rm_name_re("a=>$ci::.*");
route(6);
}
}
}
####
# Per SIP request initial checks
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
# flood dection from same IP and traffic ban for a while
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself)
{
if($sht(ipban=>$si)!=$null)
{
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
exit;
}
if (!pike_check_req())
{
xlog("L_ALERT","ALERT: pike blocking $rm from $fu
(IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
#!endif
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(!sanity_check("1511", "7"))
{
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
--
Mit freundlichen Grüßen
*Karsten Horsmann*