27 Oct
2004
27 Oct
'04
1:46 p.m.
I am use ser-0.8.14 in gentoo.
my project is of:
|--------| |----------| |---------|
| | |ser-0.8.14| internet |firewall |
| lan + |<======>|+ rtpproxy|<======================>|nat
|<==========> client (msn/phone)
| phones | | | |proxy |
| + msn | |----------| |---------|
|--------|
192.168.1.0/24 192.168.1.1/200.48.60.186/248
the rtpproxy this running
ps aux
root 1570 0.0 0.3 1984 360 ? Ss 12:15 0:00
/root/rtpproxy/rtpproxy
but in the moment to initialize the being it leaves these errors;
as I can fix it?
0(1788) mod_init(): Database connection opened successfuly
acc - initializing
exec - initializing
print - initializing
textops - initializing
0(0) INFO: udp_init: SO_RCVBUF is initially 108544
0(0) INFO: udp_init: SO_RCVBUF is finally 217088
0(0) INFO: udp_init: SO_RCVBUF is initially 108544
0(0) INFO: udp_init: SO_RCVBUF is finally 217088
1(1793) ERROR: send_rtpp_command: can't read reply from a RTP proxy
1(1793) WARNING: rtpp_test: can't get version of the RTP proxy
1(1793) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
2(1794) ERROR: send_rtpp_command: can't read reply from a RTP proxy
2(1794) WARNING: rtpp_test: can't get version of the RTP proxy
2(1794) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
localhost init.d # 9(1816) INFO: fifo process starting: 1816
3(1795) ERROR: send_rtpp_command: can't read reply from a RTP proxy
3(1795) WARNING: rtpp_test: can't get version of the RTP proxy
3(1795) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
5(1806) ERROR: send_rtpp_command: can't read reply from a RTP proxy
5(1806) WARNING: rtpp_test: can't get version of the RTP proxy
5(1806) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
6(1807) ERROR: send_rtpp_command: can't read reply from a RTP proxy
6(1807) WARNING: rtpp_test: can't get version of the RTP proxy
6(1807) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
4(1805) ERROR: send_rtpp_command: can't read reply from a RTP proxy
4(1805) WARNING: rtpp_test: can't get version of the RTP proxy
4(1805) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
7(1808) ERROR: send_rtpp_command: can't read reply from a RTP proxy
7(1808) WARNING: rtpp_test: can't get version of the RTP proxy
7(1808) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
9(1816) ERROR: send_rtpp_command: can't read reply from a RTP proxy
9(1816) WARNING: rtpp_test: can't get version of the RTP proxy
9(1816) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
9(1816) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
8(1815) ERROR: send_rtpp_command: can't read reply from a RTP proxy
8(1815) WARNING: rtpp_test: can't get version of the RTP proxy
8(1815) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
10(1839) ERROR: send_rtpp_command: can't read reply from a RTP proxy
10(1839) WARNING: rtpp_test: can't get version of the RTP proxy
10(1839) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
12(1842) ERROR: send_rtpp_command: can't read reply from a RTP proxy
12(1842) WARNING: rtpp_test: can't get version of the RTP proxy
12(1842) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
11(1841) ERROR: send_rtpp_command: can't read reply from a RTP proxy
11(1841) WARNING: rtpp_test: can't get version of the RTP proxy
11(1841) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
0(1788) ERROR: send_rtpp_command: can't read reply from a RTP proxy
0(1788) WARNING: rtpp_test: can't get version of the RTP proxy
0(1788) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
14(1848) ERROR: send_rtpp_command: can't read reply from a RTP proxy
14(1848) WARNING: rtpp_test: can't get version of the RTP proxy
14(1848) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
15(1849) ERROR: send_rtpp_command: can't read reply from a RTP proxy
15(1849) WARNING: rtpp_test: can't get version of the RTP proxy
15(1849) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
13(1847) ERROR: send_rtpp_command: can't read reply from a RTP proxy
13(1847) WARNING: rtpp_test: can't get version of the RTP proxy
13(1847) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
11(1841) ERROR: mk_proxy: could not resolve hostname: "cwafrica.com.pe"
11(1841) ERROR: uri2proxy: bad host name in URI <sip:rbolivar@cwafrica.com.pe>
11(1841) ERROR: t_forward_nonack: failure to add branches
11(1841) ERROR: mk_proxy: could not resolve hostname: "cwafrica.com.pe"
11(1841) ERROR: uri2proxy: bad host name in URI <sip:rbolivar@cwafrica.com.pe>
11(1841) ERROR: t_forward_nonack: failure to add branches
and script is:
# ------------- version 0.8.11-0
# ------------- Initial global variables
debug=3
fork=yes
log_stderror=yes
listen=200.60.219.116
listen=127.0.0.1
alias=cwafrica.com.pe
alias=200.60.219.116
dns=no
rev_dns=no
port=5060
children=4
# check_via - Turn on or off Via host checking when forwarding replies.
# Default is no. arcane. looks for discrepancy between name and
# ip address when forwarding replies.
check_via=yes
# syn_branch - Shall the server use stateful synonym branches? It is
# faster but not reboot-safe. Default is yes.
syn_branch=yes
# memlog - Debugging level for final memory statistics report. Default
# is L_DBG -- memory statistics are dumped only if debug is set high.
memlog=3
# sip_warning - Should replies include extensive warnings? By default
# yes, it is good for trouble-shooting.
sip_warning=yes
# fifo - FIFO special file pathname
fifo="/tmp/ser_fifo"
fifo_mode=0666
# server_signature - Should locally-generated messages include server's
# signature? By default yes, it is good for trouble-shooting.
server_signature=yes
# reply_to_via - A hint to reply modules whether they should send reply
# to IP advertised in Via. Turned off by default, which means that
# replies are sent to IP address from which requests came.
reply_to_via=no
# user | uid - uid to be used by the server. 99 = nobody.
#uid="nobody"
# group | gid - gid to be used by the server. 99 = nobody.
#gid="nobody"
# mhomed -- enable calculation of outbound interface; useful on
# multihomed servers.
mhomed=0
# ------------- external module loading
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/exec.so"
loadmodule "/usr/lib/ser/modules/group.so"
loadmodule "/usr/lib/ser/modules/print.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/nathelper.so"
# ------------- tm parameters
modparam("tm", "fr_timer", 12)
modparam("tm", "fr_inv_timer", 24)
# ------------- rr parameters
# set ";lr" tag to .;lr=true.
modparam("rr", "enable_full_lr", 1)
# ------------- accounting parameters
modparam("acc", "log_missed_flag", 3)
modparam("acc", "log_level", 1)
modparam("acc", "log_flag", 1)
# ------------- usrloc parameters
# 2 enables write-back to persistent mysql storage for speed
# disable=0, write-through=1
modparam("usrloc", "db_mode", 2)
# minimize write back window - default is 60 seconds
modparam("usrloc", "timer_interval", 10)
# database location
modparam("usrloc", "db_url",
"sql://ser:heslo@localhost/ser")
# ------------- auth parameters
# database location
modparam("auth_db", "db_url",
"sql://ser:heslo@localhost/ser")
# allows clear text passwords in the mysql database
modparam("auth_db", "calculate_ha1", yes)
# name of password column in mysql database
modparam("auth_db", "password_column", "password")
# ------------- routing logic
route {
# ------------- routine checks
# stop forwarding at 10 hops to prevent infinite loops
if (!mf_process_maxfwd_header("10")) {
log(1, "LOG: Too many hops\n");
sl_send_reply("483", "Too many hops");
break;
};
# rutas perdidas
loose_route();
# prevents private ip space from being used
#if (search("^(Contact|m):
.*(a)(192\.168\.|10\.|172\.16|(ilse\.)?cwafrica\.com\.pe)")) {
# contacto sdp
if (status=~"2[0-9][0-9]"){
fix_nated_contact();
fix_nated_sdp("3");
}
/* registration (uses rewritten contacts) */
if (method=="REGISTER") {
save("location");
break;
};
if (method=="INVITE") {
record_route();
if (isflagset(1)) { # ATA ?
fix_nated_sdp("3");
};
/* set up reply processing */
t_on_reply("1");
};
if (method == "INVITE" || method == "CANCEL") {
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
/* set up reply processing and forward statefuly */
t_relay();
# metodo se ve despues
# if (method=="REGISTER") {
# log(1, "LOG: Someone trying to register from private IP\n");
# sl_send_reply("479", "Please don't use private IP addresses"
);
# break;
# };
#};
# separate the destination r-uri from the set of proxies that must
be traversed
loose_route();
# if the host portion of the request uri is not local, send it directly
# to route processing.
if (!(uri==myself)) {
route(2);
break;
};
# All REGISTER attempts are processed and must always be authenticated
if (method=="REGISTER") {
# make sure that users don't register infinite loops
if (search("^(Contact|m):
.*(a)(200\.60\.219\.116|(ilse\.)?cwafrica\.com\.pe)")) {
log(1, "LOG: alert: someone trying to set aor==contact\n");
sl_send_reply("476", "No Server Address in Contacts Allowed" );
break;
};
# challenge/response
if (!www_authorize("cwafrica.com.pe", "subscriber")) {
www_challenge("cwafrica.com.pe", "0");
break;
};
# only registered users are allowed
if (!is_user("replicator") & !check_to()) {
log(1, "LOG: unregistered user registration attempt\n");
sl_send_reply("403", "Only registered users are allowed");
break;
};
# it is an authenticated request, update Contact database now
if (!save("location")) {
sl_reply_error();
};
break;
};
# process traffic local to BigU and the PSTN
# Find the canonical username
lookup("aliases");
# check domain again, if it is not still local after the alias
# table lookup, just send it on its way. We do not authenticate
# traffic we forward
if
(!(uri=~"^sip:(.+@)?(200\.60\.219\.116|(ilse\.)?cwafrica\.com\.pe)([:;\?].*)?$"))
{
route(5);
break;
};
# now check for destinations through the gateway. 911 and 9911
# are always sent to the gateway. The assumption is that other all
# numeric usernames between 5 and 20 digits are really pstn numbers
# and so they are routed to the gateway
if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") |
(uri=~"sip:[0-9]{5,20}@.*") ) {
route(3);
break;
};
# does the user wish redirection on no availability? (i.e., is he
# in the voicemail (ser->grp) group?)
if (is_user_in("Request-URI", "voicemail")) {
t_on_failure("4");
setflag(4);
};
# handle local SIP destinations not found in usrloc db
# mostly offline or non-existent users
if (!lookup("location")) {
route(4);
break;
};
# check whether some inventive user has uploaded gateway
# contacts to usrloc to bypass authorization logic
if (uri=~"@200.60.219.118([;:].*)*" ) {
log(1, "LOG: Gateway address in UsrLoc\n");
route(3);
break;
};
# this flag is used with the acc module to report missed calls
# to syslog.
setflag(3);
# do it (words to live by)
append_hf("P-hint: USRLOC\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
} /* end of initial routing logic */
# ------------- process traffic leaving BigU for Internet
route[2] {
# outbound requests are allowed only for registered BigU users
if (!(src_ip==200.60.219.116) &
!(proxy_authorize("cwafrica.com.pe", "subscriber"))) {
# ACK and CANCEL have no security mechanisms so they are just
# noted
if (method=="ACK" | method=="BYE") {
log(1, "LOG: failed outbound authentication for ACK granted\n");
} else if (method=="CANCEL") {
log(1, "LOG: failed outbound authentication for CANCEL granted\n");
} else {
proxy_challenge("cwafrica.com.pe", "0");
break;
};
};
# to maintain credibility of our proxy, we check From in INVITEs
if (!src_ip==200.60.219.116 & method=="INVITE" & !check_from()) {
log(1, "LOG: Spoofed from attempt\n");
sl_send_reply("403", "Use From=id next time");
break;
};
append_hf("P-hint: OUTBOUND ON INTERNET\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- process traffic leaving Internet for PSTN
route[3] {
# all calls through the gateway must be record routed to assure
# acl acceptance on the gateway
record_route();
# send out emergency calls to pstn gateway immediately
if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") ) {
rewritehostport("200.60.219.118:5060");
forward(uri:host, uri:port);
break;
};
# five digit numeric addresses are internal freebies sent to the pbx
# without authentication
if (uri=~"^sip:[0-9]{5}@(200.60.219.116|(ilse\,)?\.cwafrica\.com\.pe)") {
rewritehostport("200.60.219.118:5060");
forward(uri:host, uri:port);
break;
};
# all numeric addresses beginning with 9 go to the pbx on the way
# to the PSTN
# first the caller needs to be authenticated
if (uri=~"^sip:9[0-9]*@(200.60.219.116|(ilse\.)?cwafrica\.edu\.pe)") {
if (!(src_ip==200.60.219.116 | method==ACK | method=="CANCEL" |
method=="BYE")) {
if (!proxy_authorize("cwafrica.com.pe", "subscriber")) {
proxy_challenge( "cwafrica.com.pe","0");
break;
} else if (method=="INVITE" & !check_from()) {
log(1, "LOG: Spoofed from attempt\n");
sl_send_reply("403", "Use From=id next time");
break;
};
};
if (method=="INVITE") {
# if the r-uri begins 91, does the authenticated user have
# permission for long distance
if (uri=~"sip:91[0-9]*@.*") {
if (!is_user_in("credentials", "ld")) {
sl_send_reply("403", "Local calls only");
break;
};
};
};
# authenticated and authorized, now accounting is set
setflag(1);
};
rewritehostport("200.60.219.118:5060");
append_hf("P-hint: GATEWAY\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- process calls for users offline
route[4] {
if (!t_newtran()) {
sl_reply_error();
};
if (!t_reply("404", "Not Found")) {
sl_reply_error();
};
break;
}
# ------------- process aliased outbound traffic
# inbound requests that have been aliased to a non-BigU domain
# are not authenticated by BigU
route[5] {
append_hf("P-hint: ALIASED-OUTBOUND\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- CC-Diversion to voicemail
failure_route[4] {
append_branch("sip:80000@200.60.219.118");
append_urihf("CC-Diversion: ", "\r\n");
append_hf("P-hint: OFFLINE-VOICEMAIL\r\n");
t_relay();
}
28 Oct
28 Oct
9:23 a.m.
Use modparam("nathelper", "rtpproxy_sock",
"<listen_socket_of_rtp_proxy>")
Jan.
On 27-10 12:46, Walter Willis wrote:
I am use ser-0.8.14 in gentoo.
my project is of:
|--------| |----------| |---------|
| | |ser-0.8.14| internet |firewall |
| lan + |<======>|+ rtpproxy|<======================>|nat
|<==========> client (msn/phone)
| phones | | | |proxy |
| + msn | |----------| |---------|
|--------|
192.168.1.0/24 192.168.1.1/200.48.60.186/248
the rtpproxy this running
ps aux
root 1570 0.0 0.3 1984 360 ? Ss 12:15 0:00
/root/rtpproxy/rtpproxy
but in the moment to initialize the being it leaves these errors;
as I can fix it?
0(1788) mod_init(): Database connection opened successfuly
acc - initializing
exec - initializing
print - initializing
textops - initializing
0(0) INFO: udp_init: SO_RCVBUF is initially 108544
0(0) INFO: udp_init: SO_RCVBUF is finally 217088
0(0) INFO: udp_init: SO_RCVBUF is initially 108544
0(0) INFO: udp_init: SO_RCVBUF is finally 217088
1(1793) ERROR: send_rtpp_command: can't read reply from a RTP proxy
1(1793) WARNING: rtpp_test: can't get version of the RTP proxy
1(1793) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
2(1794) ERROR: send_rtpp_command: can't read reply from a RTP proxy
2(1794) WARNING: rtpp_test: can't get version of the RTP proxy
2(1794) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
localhost init.d # 9(1816) INFO: fifo process starting: 1816
3(1795) ERROR: send_rtpp_command: can't read reply from a RTP proxy
3(1795) WARNING: rtpp_test: can't get version of the RTP proxy
3(1795) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
5(1806) ERROR: send_rtpp_command: can't read reply from a RTP proxy
5(1806) WARNING: rtpp_test: can't get version of the RTP proxy
5(1806) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
6(1807) ERROR: send_rtpp_command: can't read reply from a RTP proxy
6(1807) WARNING: rtpp_test: can't get version of the RTP proxy
6(1807) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
4(1805) ERROR: send_rtpp_command: can't read reply from a RTP proxy
4(1805) WARNING: rtpp_test: can't get version of the RTP proxy
4(1805) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
7(1808) ERROR: send_rtpp_command: can't read reply from a RTP proxy
7(1808) WARNING: rtpp_test: can't get version of the RTP proxy
7(1808) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
9(1816) ERROR: send_rtpp_command: can't read reply from a RTP proxy
9(1816) WARNING: rtpp_test: can't get version of the RTP proxy
9(1816) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
9(1816) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
8(1815) ERROR: send_rtpp_command: can't read reply from a RTP proxy
8(1815) WARNING: rtpp_test: can't get version of the RTP proxy
8(1815) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
10(1839) ERROR: send_rtpp_command: can't read reply from a RTP proxy
10(1839) WARNING: rtpp_test: can't get version of the RTP proxy
10(1839) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
12(1842) ERROR: send_rtpp_command: can't read reply from a RTP proxy
12(1842) WARNING: rtpp_test: can't get version of the RTP proxy
12(1842) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
11(1841) ERROR: send_rtpp_command: can't read reply from a RTP proxy
11(1841) WARNING: rtpp_test: can't get version of the RTP proxy
11(1841) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
0(1788) ERROR: send_rtpp_command: can't read reply from a RTP proxy
0(1788) WARNING: rtpp_test: can't get version of the RTP proxy
0(1788) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
14(1848) ERROR: send_rtpp_command: can't read reply from a RTP proxy
14(1848) WARNING: rtpp_test: can't get version of the RTP proxy
14(1848) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
15(1849) ERROR: send_rtpp_command: can't read reply from a RTP proxy
15(1849) WARNING: rtpp_test: can't get version of the RTP proxy
15(1849) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
13(1847) ERROR: send_rtpp_command: can't read reply from a RTP proxy
13(1847) WARNING: rtpp_test: can't get version of the RTP proxy
13(1847) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
11(1841) ERROR: mk_proxy: could not resolve hostname: "cwafrica.com.pe"
11(1841) ERROR: uri2proxy: bad host name in URI <sip:rbolivar@cwafrica.com.pe>
11(1841) ERROR: t_forward_nonack: failure to add branches
11(1841) ERROR: mk_proxy: could not resolve hostname: "cwafrica.com.pe"
11(1841) ERROR: uri2proxy: bad host name in URI <sip:rbolivar@cwafrica.com.pe>
11(1841) ERROR: t_forward_nonack: failure to add branches
and script is:
# ------------- version 0.8.11-0
# ------------- Initial global variables
debug=3
fork=yes
log_stderror=yes
listen=200.60.219.116
listen=127.0.0.1
alias=cwafrica.com.pe
alias=200.60.219.116
dns=no
rev_dns=no
port=5060
children=4
# check_via - Turn on or off Via host checking when forwarding replies.
# Default is no. arcane. looks for discrepancy between name and
# ip address when forwarding replies.
check_via=yes
# syn_branch - Shall the server use stateful synonym branches? It is
# faster but not reboot-safe. Default is yes.
syn_branch=yes
# memlog - Debugging level for final memory statistics report. Default
# is L_DBG -- memory statistics are dumped only if debug is set high.
memlog=3
# sip_warning - Should replies include extensive warnings? By default
# yes, it is good for trouble-shooting.
sip_warning=yes
# fifo - FIFO special file pathname
fifo="/tmp/ser_fifo"
fifo_mode=0666
# server_signature - Should locally-generated messages include server's
# signature? By default yes, it is good for trouble-shooting.
server_signature=yes
# reply_to_via - A hint to reply modules whether they should send reply
# to IP advertised in Via. Turned off by default, which means that
# replies are sent to IP address from which requests came.
reply_to_via=no
# user | uid - uid to be used by the server. 99 = nobody.
#uid="nobody"
# group | gid - gid to be used by the server. 99 = nobody.
#gid="nobody"
# mhomed -- enable calculation of outbound interface; useful on
# multihomed servers.
mhomed=0
# ------------- external module loading
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/exec.so"
loadmodule "/usr/lib/ser/modules/group.so"
loadmodule "/usr/lib/ser/modules/print.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/nathelper.so"
# ------------- tm parameters
modparam("tm", "fr_timer", 12)
modparam("tm", "fr_inv_timer", 24)
# ------------- rr parameters
# set ";lr" tag to .;lr=true.
modparam("rr", "enable_full_lr", 1)
# ------------- accounting parameters
modparam("acc", "log_missed_flag", 3)
modparam("acc", "log_level", 1)
modparam("acc", "log_flag", 1)
# ------------- usrloc parameters
# 2 enables write-back to persistent mysql storage for speed
# disable=0, write-through=1
modparam("usrloc", "db_mode", 2)
# minimize write back window - default is 60 seconds
modparam("usrloc", "timer_interval", 10)
# database location
modparam("usrloc", "db_url",
"sql://ser:heslo@localhost/ser")
# ------------- auth parameters
# database location
modparam("auth_db", "db_url",
"sql://ser:heslo@localhost/ser")
# allows clear text passwords in the mysql database
modparam("auth_db", "calculate_ha1", yes)
# name of password column in mysql database
modparam("auth_db", "password_column", "password")
# ------------- routing logic
route {
# ------------- routine checks
# stop forwarding at 10 hops to prevent infinite loops
if (!mf_process_maxfwd_header("10")) {
log(1, "LOG: Too many hops\n");
sl_send_reply("483", "Too many hops");
break;
};
# rutas perdidas
loose_route();
# prevents private ip space from being used
#if (search("^(Contact|m):
.*(a)(192\.168\.|10\.|172\.16|(ilse\.)?cwafrica\.com\.pe)")) {
# contacto sdp
if (status=~"2[0-9][0-9]"){
fix_nated_contact();
fix_nated_sdp("3");
}
/* registration (uses rewritten contacts) */
if (method=="REGISTER") {
save("location");
break;
};
if (method=="INVITE") {
record_route();
if (isflagset(1)) { # ATA ?
fix_nated_sdp("3");
};
/* set up reply processing */
t_on_reply("1");
};
if (method == "INVITE" || method == "CANCEL") {
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
/* set up reply processing and forward statefuly */
t_relay();
# metodo se ve despues
# if (method=="REGISTER") {
# log(1, "LOG: Someone trying to register from private IP\n");
# sl_send_reply("479", "Please don't use private IP
addresses" );
# break;
# };
#};
# separate the destination r-uri from the set of proxies that must
be traversed
loose_route();
# if the host portion of the request uri is not local, send it directly
# to route processing.
if (!(uri==myself)) {
route(2);
break;
};
# All REGISTER attempts are processed and must always be authenticated
if (method=="REGISTER") {
# make sure that users don't register infinite loops
if (search("^(Contact|m):
.*(a)(200\.60\.219\.116|(ilse\.)?cwafrica\.com\.pe)")) {
log(1, "LOG: alert: someone trying to set aor==contact\n");
sl_send_reply("476", "No Server Address in Contacts Allowed"
);
break;
};
# challenge/response
if (!www_authorize("cwafrica.com.pe", "subscriber")) {
www_challenge("cwafrica.com.pe", "0");
break;
};
# only registered users are allowed
if (!is_user("replicator") & !check_to()) {
log(1, "LOG: unregistered user registration attempt\n");
sl_send_reply("403", "Only registered users are allowed");
break;
};
# it is an authenticated request, update Contact database now
if (!save("location")) {
sl_reply_error();
};
break;
};
# process traffic local to BigU and the PSTN
# Find the canonical username
lookup("aliases");
# check domain again, if it is not still local after the alias
# table lookup, just send it on its way. We do not authenticate
# traffic we forward
if
(!(uri=~"^sip:(.+@)?(200\.60\.219\.116|(ilse\.)?cwafrica\.com\.pe)([:;\?].*)?$"))
{
route(5);
break;
};
# now check for destinations through the gateway. 911 and 9911
# are always sent to the gateway. The assumption is that other all
# numeric usernames between 5 and 20 digits are really pstn numbers
# and so they are routed to the gateway
if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") |
(uri=~"sip:[0-9]{5,20}@.*") ) {
route(3);
break;
};
# does the user wish redirection on no availability? (i.e., is he
# in the voicemail (ser->grp) group?)
if (is_user_in("Request-URI", "voicemail")) {
t_on_failure("4");
setflag(4);
};
# handle local SIP destinations not found in usrloc db
# mostly offline or non-existent users
if (!lookup("location")) {
route(4);
break;
};
# check whether some inventive user has uploaded gateway
# contacts to usrloc to bypass authorization logic
if (uri=~"@200.60.219.118([;:].*)*" ) {
log(1, "LOG: Gateway address in UsrLoc\n");
route(3);
break;
};
# this flag is used with the acc module to report missed calls
# to syslog.
setflag(3);
# do it (words to live by)
append_hf("P-hint: USRLOC\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
} /* end of initial routing logic */
# ------------- process traffic leaving BigU for Internet
route[2] {
# outbound requests are allowed only for registered BigU users
if (!(src_ip==200.60.219.116) &
!(proxy_authorize("cwafrica.com.pe", "subscriber"))) {
# ACK and CANCEL have no security mechanisms so they are just
# noted
if (method=="ACK" | method=="BYE") {
log(1, "LOG: failed outbound authentication for ACK granted\n");
} else if (method=="CANCEL") {
log(1, "LOG: failed outbound authentication for CANCEL granted\n");
} else {
proxy_challenge("cwafrica.com.pe", "0");
break;
};
};
# to maintain credibility of our proxy, we check From in INVITEs
if (!src_ip==200.60.219.116 & method=="INVITE" & !check_from()) {
log(1, "LOG: Spoofed from attempt\n");
sl_send_reply("403", "Use From=id next time");
break;
};
append_hf("P-hint: OUTBOUND ON INTERNET\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- process traffic leaving Internet for PSTN
route[3] {
# all calls through the gateway must be record routed to assure
# acl acceptance on the gateway
record_route();
# send out emergency calls to pstn gateway immediately
if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") ) {
rewritehostport("200.60.219.118:5060");
forward(uri:host, uri:port);
break;
};
# five digit numeric addresses are internal freebies sent to the pbx
# without authentication
if (uri=~"^sip:[0-9]{5}@(200.60.219.116|(ilse\,)?\.cwafrica\.com\.pe)") {
rewritehostport("200.60.219.118:5060");
forward(uri:host, uri:port);
break;
};
# all numeric addresses beginning with 9 go to the pbx on the way
# to the PSTN
# first the caller needs to be authenticated
if (uri=~"^sip:9[0-9]*@(200.60.219.116|(ilse\.)?cwafrica\.edu\.pe)") {
if (!(src_ip==200.60.219.116 | method==ACK | method=="CANCEL" |
method=="BYE")) {
if (!proxy_authorize("cwafrica.com.pe", "subscriber")) {
proxy_challenge( "cwafrica.com.pe","0");
break;
} else if (method=="INVITE" & !check_from()) {
log(1, "LOG: Spoofed from attempt\n");
sl_send_reply("403", "Use From=id next time");
break;
};
};
if (method=="INVITE") {
# if the r-uri begins 91, does the authenticated user have
# permission for long distance
if (uri=~"sip:91[0-9]*@.*") {
if (!is_user_in("credentials", "ld")) {
sl_send_reply("403", "Local calls only");
break;
};
};
};
# authenticated and authorized, now accounting is set
setflag(1);
};
rewritehostport("200.60.219.118:5060");
append_hf("P-hint: GATEWAY\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- process calls for users offline
route[4] {
if (!t_newtran()) {
sl_reply_error();
};
if (!t_reply("404", "Not Found")) {
sl_reply_error();
};
break;
}
# ------------- process aliased outbound traffic
# inbound requests that have been aliased to a non-BigU domain
# are not authenticated by BigU
route[5] {
append_hf("P-hint: ALIASED-OUTBOUND\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};
}
# ------------- CC-Diversion to voicemail
failure_route[4] {
append_branch("sip:80000@200.60.219.118");
append_urihf("CC-Diversion: ", "\r\n");
append_hf("P-hint: OFFLINE-VOICEMAIL\r\n");
t_relay();
}
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7416
days inactive
7417
days old
1 comments
2 participants
participants (2)
-
Jan Janak -
Walter Willis