4 Sep
2008
4 Sep
'08
11:18 a.m.
hello,
I cannot load the acc.so module.The config file is
below:
# ------------- version 0.8.11-0
# ------------- Initial global variables
debug=3
fork=yes
log_stderror=no
listen=10.1.2.3
listen=127.0.0.1
# hostname matching an alias will satisfy the
condition uri==myself".
alias=bigu.edu
alias=10.1.2.3
# dns - Uses dns to check if it is necessary to add a
"received=" field
# to a via. Default is no.
# rev_dns - Same as dns but use reverse DNS.
dns=no
rev_dns=no
port=5060
children=4
# check_via - Turn on or off Via host checking when
forwarding replies.
# Default is no. arcane. looks for discrepancy between
name and
# ip address when forwarding replies.
check_via=yes
# syn_branch - Shall the server use stateful synonym
branches? It is
# faster but not reboot-safe. Default is yes.
syn_branch=yes
# memlog - Debugging level for final memory statistics
report. Default
# is L_DBG -- memory statistics are dumped only if
debug is set high.
memlog=3
# sip_warning - Should replies include extensive
warnings? By default
# yes, it is good for trouble-shooting.
sip_warning=yes
# fifo - FIFO special file pathname
fifo="/tmp/ser_fifo"
# server_signature - Should locally-generated messages
include server's
# signature? By default yes, it is good for
trouble-shooting.
server_signature=yes
# reply_to_via - A hint to reply modules whether they
should send reply
# to IP advertised in Via. Turned off by default,
which means that
# replies are sent to IP address from which requests
came.
reply_to_via=no
# user | uid - uid to be used by the server. 99 =
nobody.
uid="nobody"
# group | gid - gid to be used by the server. 99 =
nobody.
gid="nobody"
# mhomed -- enable calculation of outbound interface;
useful on
# multihomed servers.
mhomed=0
# ------------- external module loading
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/exec.so"
loadmodule "/usr/local/lib/ser/modules/group.so"
loadmodule "/usr/local/lib/ser/modules/print.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
# ------------- tm parameters
modparam("tm", "fr_timer", 12)
modparam("tm", "fr_inv_timer", 24)
# ------------- rr parameters
# set ";lr" tag to ?�?;lr=true?�?
modparam("rr", "enable_full_lr", 1)
# ------------- accounting parameters
modparam("acc", "log_missed_flag", 3)
modparam("acc", "log_level", 1)
modparam("acc", "log_flag", 1)
# ------------- usrloc parameters
# 2 enables write-back to persistent mysql storage for
speed
# disable=0, write-through=1
modparam("usrloc", "db_mode", 2)
# minimize write back window - default is 60 seconds
modparam("usrloc", "timer_interval", 10)
# database location
modparam("usrloc", "db_url",
"sql://ser:>password>@localhost/ser")
# ------------- auth parameters
# database location
modparam("auth_db", "db_url",
"sql://ser:>password>@localhost/ser")
# allows clear text passwords in the mysql database
modparam("auth_db", "calculate_ha1", yes)
# name of password column in mysql database
modparam("auth_db", "password_column", "password")
# ------------- routing logic
route {
# ------------- routine checks
# stop forwarding at 10 hops to prevent infinite
loops
if (!mf_process_maxfwd_header("10")) {
log(1, "LOG: Too many hops\n");
sl_send_reply("483", "Too many hops");
break;
};
# prevents private ip space from being used
if (search("^(Contact|m):
.*(a)(192\.168\.|10\.|172\.16)")) {
if (method=="REGISTER") {
log(1, "LOG: Someone trying to register from
private IP\n");
sl_send_reply("479", "Please don't use private
IP addresses" );
break;
};
};
# separate the destination r-uri from the set of
proxies that must be traversed
loose_route();
# if the host portion of the request uri is not
local, send it directly
# to route processing.
if (!(uri==myself)) {
route(2);
break;
};
# All REGISTER attempts are processed and must
always be authenticated
if (method=="REGISTER") {
# make sure that users don't register infinite
loops
if (search("^(Contact|m):
.*(a)(10\.1\.2\.3|(proxy\.)?bigu\.edu)")) {
log(1, "LOG: alert: someone trying to set
aor==contact\n");
sl_send_reply("476", "No Server Address in
Contacts Allowed" );
break;
};
# challenge/response
if (!www_authorize("bigu.edu", "subscriber")) {
www_challenge("bigu.edu", "0");
break;
};
# only registered users are allowed
if (!is_user("replicator") & !check_to()) {
log(1, "LOG: unregistered user registration
attempt\n");
sl_send_reply("403", "Only registered users are
allowed");
break;
};
# it is an authenticated request, update Contact
database now
if (!save("location")) {
sl_reply_error();
};
break;
};
# process traffic local to BigU and the PSTN
# Find the canonical username
lookup("aliases");
# check domain again, if it is not still local after
the alias
# table lookup, just send it on its way. We do not
authenticate
# traffic we forward
if
(!(uri=~"^sip:(.+@)?(10\.1\.2\.3|(proxy\.)?bigu\.edu)([:;\?].*)?$"))
{
route(5);
break;
};
# now check for destinations through the gateway.
911 and 9911
# are always sent to the gateway. The assumption is
that other all
# numeric usernames between 5 and 20 digits are
really pstn numbers
# and so they are routed to the gateway
if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") |
(uri=~"sip:[0-9]{5,20}@.*") ) {
route(3);
break;
};
# does the user wish redirection on no availability?
(i.e., is he
# in the voicemail (ser->grp) group?)
if (is_user_in("Request-URI", "voicemail")) {
t_on_failure("4");
setflag(4);
};
# handle local SIP destinations not found in usrloc
db
# mostly offline or non-existent users
if (!lookup("location")) {
route(4);
break;
};
# check whether some inventive user has uploaded
gateway
# contacts to usrloc to bypass authorization logic
if (uri=~"@10\.1\.2\.5([;:].*)*" ) {
log(1, "LOG: Gateway address in UsrLoc\n");
route(3);
break;
};
# this flag is used with the acc module to report
missed calls
# to syslog.
setflag(3);
# do it (words to live by)
append_hf("P-hint: USRLOC\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
} /* end of initial routing logic */
# ------------- process traffic leaving BigU for
Internet
route[2] {
# outbound requests are allowed only for registered
BigU users
if (!(src_ip==10.1.2.3) &
!(proxy_authorize("bigu.edu", "subscriber"))) {
# ACK and CANCEL have no security mechanisms so
they are just
# noted
if (method=="ACK" | method=="BYE") {
log(1, "LOG: failed outbound authentication for
ACK granted\n");
} else if (method=="CANCEL") {
log(1, "LOG: failed outbound authentication for
CANCEL granted\n");
} else {
proxy_challenge("bigu.edu", "0");
break;
};
};
# to maintain credibility of our proxy, we check
From in INVITEs
if (!src_ip==10.1.2.3 &
method=="INVITE" &
!check_from()) {
log(1, "LOG: Spoofed from attempt\n");
sl_send_reply("403", "Use From=id next time");
break;
};
append_hf("P-hint: OUTBOUND ON INTERNET\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- process traffic leaving Internet for
PSTN
route[3] {
# all calls through the gateway must be record
routed to assure
# acl acceptance on the gateway
record_route();
# send out emergency calls to pstn gateway
immediately
if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") )
{
rewritehostport("10.1.2.5:5060");
forward(uri:host, uri:port);
break;
};
# five digit numeric addresses are internal freebies
sent to the pbx
# without authentication
if
(uri=~"^sip:[0-9]{5}@(10.1.2.3|(proxy\,)?\.bigu\.edu)")
{
rewritehostport("10.1.2.5:5060");
forward(uri:host, uri:port);
break;
};
# all numeric addresses beginning with 9 go to the
pbx on the way
# to the PSTN
# first the caller needs to be authenticated
if
(uri=~"^sip:9[0-9]*@(10.1.2.3|(proxy\.)?bigu\.edu)") {
if (!(src_ip==10.1.2.3 | method==ACK |
method=="CANCEL" | method=="BYE")) {
if (!proxy_authorize("bigu.edu", "subscriber"))
{
proxy_challenge( "bigu.edu","0");
break;
} else if (method=="INVITE" & !check_from()) {
log(1, "LOG: Spoofed from attempt\n");
sl_send_reply("403", "Use From=id next time");
break;
};
};
if (method=="INVITE") {
# if the r-uri begins 91, does the authenticated
user have
# permission for long distance
if (uri=~"sip:91[0-9]*@.*") {
if (!is_user_in("credentials", "ld")) {
sl_send_reply("403", "Local calls only");
break;
};
};
};
# authenticated and authorized, now accounting is
set
setflag(1);
};
rewritehostport("10.1.2.5:5060");
append_hf("P-hint: GATEWAY\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- process calls for users offline
route[4] {
if (!t_newtran()) {
sl_reply_error();
};
if (!t_reply("404", "Not Found")) {
sl_reply_error();
};
break;
}
# ------------- process aliased outbound traffic
# inbound requests that have been aliased to a
non-BigU domain
# are not authenticated by BigU
route[5] {
append_hf("P-hint: ALIASED-OUTBOUND\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- CC-Diversion to voicemail
failure_route[4] {
append_branch("sip:80000@10.1.2.5");
append_urihf("CC-Diversion: ", "\r\n");
append_hf("P-hint: OFFLINE-VOICEMAIL\r\n");
t_relay();
}
Can anyone help
BR
Ivy
___________________________________________________________
�Ż����䣬�����������䣡
http://cn.mail.yahoo.com/
5923
days inactive
5923
days old
0 comments
1 participants
participants (1)
-
静 于