Hello to all Im trying to put OpenSER to work with TLS. I created the certificates, and configured openser.cfg. ("openser -c" shows no errors) But when I start OpenSER, there are no errors, but the server doesn't start: It says this (with debug level 4) :
Listening on Aliases: *: mex.fccn.pt:* *: XXX.XXX.XXX.XXX:*
0(22549) fm_malloc_init: F_OPTIMIZE=16384, /ROUNDTO=2048 0(22549) fm_malloc_init: F_HASH_SIZE=2067, fm_block size=16548 0(22549) fm_malloc_init(0xf4eb1000, 33554432), start=0xf4eb1000 0(22549) shm_mem_init: success 0(0) core dump limits set to 4294967295 0(0) DEBUG: init_mod: postgres postgres - initializing 0(0) DEBUG: init_mod: sl_module stateless - initializing 0(0) DEBUG: register_fifo_cmd: new command (sl_stats) registered 0(0) unixsock_register_cmd: New command (sl_stats) registered 0(0) DEBUG: MD5 calculated: 1d0376a2244771bba12e9da5f03652d9 0(0) DEBUG: init_mod: tm 0(0) TM - (size of cell=2832, sip_msg=768) initializing... 0(0) Call-ID initialization: '6efffbed' 0(0) DEBUG: register_fifo_cmd: new command (t_uac_dlg) registered 0(0) DEBUG: register_fifo_cmd: new command (t_uac_cancel) registered 0(0) DEBUG: register_fifo_cmd: new command (t_hash) registered 0(0) DEBUG: register_fifo_cmd: new command (t_reply) registered 0(0) unixsock_register_cmd: New command (t_uac_dlg) registered 0(0) unixsock_register_cmd: New command (t_uac_cancel) registered 0(0) unixsock_register_cmd: New command (t_hash) registered 0(0) unixsock_register_cmd: New command (t_reply) registered [root@mex openser-1.0.1-tls]# 0(0) DEBUG: lock_initialize: lock initialization started 0(0) DEBUG: register_fifo_cmd: new command (t_stats) registered 0(0) unixsock_register_cmd: New command (t_stats) registered
and nothing happens... OpenSER isnt runnig :( --------------------------------------------------------------------------------------------------------------
this is a part of my openser.cfg:
listen = tls:XXX.XXX.XXX.XXX
tls_port_no = 5062 tls_method=SSLv23
tls_certificate="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/cacert.pem" tls_private_key="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/private/cakey.pem" tls_ca_list="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/certs/01.pem"
tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
tls_verify = 1 tls_require_certificate = 1 tls_handshake_timeout=119 # number of seconds tls_send_timeout=121 # number of seconds
If you know whats the problem, please tell me :) Thanks Joao Pereira
Hello,
did you check with "ps auxw | grep openser"? Wasn't there any openser process running. From the logs looks like openser started ok (tm module initialized succesfully - is it tm you last module in the loadmodule list?).
Cheers, Daniel
On 03/22/06 14:21, Joao Pereira wrote:
Yes, I did "ps fax" and there was no OpenSER. How can I find the error? Even with a higher debug level, there are no errors in the stdout: (debug level = 8)
Listening on Aliases: *: mex.fccn.pt:* *: XXX.XXX.XXX.XXX:*
0(22568) fm_malloc_init: F_OPTIMIZE=16384, /ROUNDTO=2048 0(22568) fm_malloc_init: F_HASH_SIZE=2067, fm_block size=16548 0(22568) fm_malloc_init(0xf4eb1000, 33554432), start=0xf4eb1000 0(22568) shm_mem_init: success 0(0) core dump limits set to 4294967295 0(0) DEBUG: init_mod: postgres postgres - initializing 0(0) DEBUG: init_mod: sl_module stateless - initializing 0(0) DEBUG: register_fifo_cmd: new command (sl_stats) registered 0(0) unixsock_register_cmd: New command (sl_stats) registered 0(0) DEBUG: MD5 calculated: 1d0376a2244771bba12e9da5f03652d9 0(0) DEBUG: init_mod: tm 0(0) TM - (size of cell=2832, sip_msg=768) initializing... 0(0) Call-ID initialization: '2ffddfe3' 0(0) DEBUG: register_fifo_cmd: new command (t_uac_dlg) registered 0(0) DEBUG: register_fifo_cmd: new command (t_uac_cancel) registered 0(0) DEBUG: register_fifo_cmd: new command (t_hash) registered 0(0) DEBUG: register_fifo_cmd: new command (t_reply) registered 0(0) unixsock_register_cmd: New command (t_uac_dlg) registered 0(0) unixsock_register_cmd: New command (t_uac_cancel) registered 0(0) unixsock_register_cmd: New command (t_hash) registered 0(0) unixsock_register_cmd: New command (t_reply) registered [root@mex openser-1.0.1-tls]# 0(0) DEBUG: lock_initialize: lock initialization started 0(0) DEBUG: register_fifo_cmd: new command (t_stats) registered 0(0) unixsock_register_cmd: New command (t_stats) registered
Could be a problem in the certificates? Joao Pereira
Daniel-Constantin Mierla wrote:
Hello,the version I m using is 1.0.1-tls and its crashing on startup.
Thats the end of the output with debug level =6
Listening on Aliases: *: mex.fccn.pt:* *: XXX.XXX.XXX.XXX:*
WARNING: no fork mode and no udp listen address found 0(3486) fm_malloc_init: F_OPTIMIZE=16384, /ROUNDTO=2048 0(3486) fm_malloc_init: F_HASH_SIZE=2067, fm_block size=16548 0(3486) fm_malloc_init(0xf4eb1000, 33554432), start=0xf4eb1000 0(3486) shm_mem_init: success 0(0) core dump limits set to 4294967295 0(0) DEBUG: init_mod: postgres postgres - initializing 0(0) DEBUG: init_mod: sl_module stateless - initializing 0(0) DEBUG: register_fifo_cmd: new command (sl_stats) registered 0(0) unixsock_register_cmd: New command (sl_stats) registered 0(0) DEBUG: MD5 calculated: 1d0376a2244771bba12e9da5f03652d9 0(0) DEBUG: init_mod: tm 0(0) TM - (size of cell=2832, sip_msg=768) initializing... 0(0) Call-ID initialization: '7abab1f5' 0(0) DEBUG: register_fifo_cmd: new command (t_uac_dlg) registered 0(0) DEBUG: register_fifo_cmd: new command (t_uac_cancel) registered 0(0) DEBUG: register_fifo_cmd: new command (t_hash) registered 0(0) DEBUG: register_fifo_cmd: new command (t_reply) registered 0(0) unixsock_register_cmd: New command (t_uac_dlg) registered 0(0) unixsock_register_cmd: New command (t_uac_cancel) registered 0(0) unixsock_register_cmd: New command (t_hash) registered 0(0) unixsock_register_cmd: New command (t_reply) registered 0(0) DEBUG: lock_initialize: lock initialization started 0(0) DEBUG: register_fifo_cmd: new command (t_stats) registered 0(0) unixsock_register_cmd: New command (t_stats) registered Segmentation fault (core dumped)
Previously I installed the version 1.0.0-tls. But I belieave the 1.0.1 "make install" overwrites the previous openser, and the problem shouldnt be this. Thanks Joao Pereira
Bogdan-Andrei Iancu wrote:
just to exclude the possibility of mixing between the version, please remove all openser installed binaries (modules and executable) and do a new install to get a clean installation. Also check by 'ls' for the date of the binaries to be the same.....
if still crashing, get the core backtrace.
regards, bogdan
Joao Pereira wrote:
I already did it, I deleted the file /usr/local/sbin/openser and all modules in: /usr/local/lib/openser/modules/
I installed again openser 1.0.1-tls and the problem persists.
The core file has 34 Mb, so I putted it in: sip.startel.pt/core/
Thanks for the help. Joao Pereira
Bogdan-Andrei Iancu wrote:
Hi Joao,
do you compiled openser by yourself or you installed the binaries? to be able to get info from core is essential to have the correct binary.
so, to simplify the thinks, please extract the backtrace from the core by yourself: 1) enter gdb: gdb openser_binar_file core_file 2) get backtrace : bt
send me all the output of gdb from the beginning.
thanks, bogdan
Joao Pereira wrote:
Hello I compiled openser myself. Now I tried openser with a simpler configuration and it worked...
I had an openser.cfg that uses RTPproxy and TLS.... and the seg fault happened when I used that file. Now with a simpler openser.cfg (like the sample) just with TLS, openser started :)
I will try to find the problem in the openser_rtpproxy_tls configuration file... both files are in attachment Thank you very much for the help Joao
Bogdan-Andrei Iancu wrote:
# this script is very similar to the sample that comes with openser1.0.1-tls
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=yes # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=yes # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/openser_fifo"
# # uncomment the following lines for TLS support disable_tls = 0 listen = tls:XXX.XXX.XXX.XXX:5061 tls_verify = 1 tls_require_certificate = 0 tls_method = TLSv1 tls_certificate ="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/cacert.pem" tls_private_key ="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/private/cakey.pem" tls_ca_list ="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/certs/01.pem"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database #loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/local/lib/openser/modules/auth.so" #loadmodule "/usr/local/lib/openser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay_to_tls("IP_domain1","port_domain1"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay_to_tls("IP_domain2","port_domain2"); # exit; #} route(1); };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication #if (!www_authorize("openser.org", "subscriber")) { # www_challenge("openser.org", "0"); # exit; #};
save("location"); exit; };
lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };
route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }
# FCCN # WG Multimedia # with postgres, RTPproxy and NAThelper # ----------- global configuration parameters ------------------------
#nivel de debug (0-9) default=0 debug=6
fork=no log_stderror=yes
#tls listen = tls:XXX.XXX.XXX.XXX:5061
#tls_port_no = 5061 tls_method=TLSv1
tls_certificate="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/cacert.pem" tls_private_key="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/private/cakey.pem" tls_ca_list="/services/openser/openser-1.0.1-tls/tls/tools/rootCA/certs/01.pem"
#tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
tls_verify = 1 tls_require_certificate = 1 tls_handshake_timeout=119 # number of seconds tls_send_timeout=121 # number of seconds
# check_via - Turn on or off Via host checking when forwarding replies. # Default is no. arcane. looks for discrepancy between name and # ip address when forwarding replies. check_via=no # (cmd. line: -v)
# dns - Uses dns to check if it is necessary to add a "received=" field # to a via. Default is no. # rev_dns - Same as dns but use reverse DNS. dns=yes # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060
alias=XXX.XXX.XXX.XXX alias=mex.fccn.pt
# memlog - Debugging level for final memory statistics report. Default # is L_DBG -- memory statistics are dumped only if debug is set high. memlog=1
# sip_warning - Should replies include extensive warnings? # By default yes, it is good for trouble-shooting. sip_warning=no
#numero de processos q serao lancados em cada protocolo de transporte children=3 fifo="/tmp/openser_fifo" #permissoes do ficheiro FIFO #fifo_mode=438 # 666 fifo_mode=0666 fifo_db_url="postgres://fccn:fccn@XXX.XXX.XXX.XXX:5432/fccn"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/openser/modules/postgres.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
loadmodule "/usr/local/lib/openser/modules/acc.so"
# Uncomment this if you want digest authentication loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so"
loadmodule "/usr/local/lib/openser/modules/exec.so" loadmodule "/usr/local/lib/openser/modules/group.so"
# openser #loadmodule "/usr/local/lib/openser/modules/print.so"
#loadmodule "/usr/local/lib/openser/modules/mediaproxy.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/domain.so" loadmodule "/usr/local/lib/openser/modules/xlog.so" loadmodule "/usr/local/lib/openser/modules/speeddial.so" loadmodule "/usr/local/lib/openser/modules/options.so" loadmodule "/usr/local/lib/openser/modules/avpops.so" loadmodule "/usr/local/lib/openser/modules/permissions.so" #loadmodule "/usr/local/lib/opsener/modules/xdz_tools.so"
loadmodule "/usr/local/lib/openser/modules/nathelper.so"
# ENUM loadmodule "/usr/local/lib/openser/modules/enum.so"
# ----------------- setting module-specific parameters ---------------
# ENUM modparam("enum", "domain_suffix", "e164.org.")
# -- nathelper params -- modparam("nathelper", "natping_interval", 15) modparam("nathelper", "ping_nated_only", 1)
# ------------- exec parameters modparam("exec", "setvars", 1) modparam("exec", "time_to_kill", 10)
# ------------- tm parameters modparam("tm", "fr_timer", 15) modparam("tm", "fr_inv_timer", 22) modparam("tm", "wt_timer", 5) modparam("tm", "fr_inv_timer_avp", "inv_timeout")
# ------------- use_domain setting modparam("registrar|auth_db|group|db_url|speeddial", "use_domain", 0)
# ------------- domain parameters modparam("domain", "db_mode", 1)
# -- usrloc params --
modparam("usrloc|group|uri_db|domain|speeddial|permissions","db_url","postgres://fccn:fccn@XXX.XXX.XXX.XXX:5432/fccn") modparam("usrloc", "use_domain", 0) modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "user_column", "username") modparam("usrloc", "contact_column", "contact") modparam("usrloc", "expires_column", "expires") modparam("usrloc", "q_column", "q") modparam("usrloc", "callid_column", "callid") modparam("usrloc", "cseq_column", "cseq") modparam("usrloc", "method_column", "method") modparam("usrloc", "timer_interval", 30) modparam("usrloc", "desc_time_order", 1)
# -- auth params --
# modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "user_column", "username") modparam("auth_db", "domain_column", "dominio") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") #modparam("auth_db", "use_rpid", 0) modparam("auth_db","db_url","postgres://fccn:fccn@XXX.XXX.XXX.XXX:5432/fccn") #openser modparam("auth_db", "avps_column_int", "domn") #openser modparam("auth_db", "avps_column_str", "uuid|rpid")
# -- acc params modparam("acc", "db_url", "postgres://fccn:fccn@XXX.XXX.XXX.XXX:5432/fccn") modparam ("acc", "log_level", 1)#log_level convem estar a 9 modparam("acc", "log_flag", 1) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 1)
#Defines what parts of header fields will be printed to syslog #c = Call-Id #d = To tag (Dst) #f = From #i = Inbound Request-URI #m = Method #o = Outbound Request-URI #r = fRom #s = Status #t = To #u = digest Username #p = username Part of inbound Request-URI #modparam("acc", "log_fmt", "cdfimorstup")
modparam("acc", "early_media", 1) #openser modparam("acc", "failed_transactions", 1) modparam("acc", "report_cancels", 1) modparam("acc", "report_ack", 0)
# ------------ media proxy settings #modparam("mediaproxy", "natping_interval", 30) #modparam("mediaproxy", "sip_asymmetrics","/usr/local/etc/ser/sip-asymmetric-clients") #modparam("mediaproxy", "rtp_asymmetrics","/usr/local/etc/ser/rtp-asymmetric-clients")
# ------------- registration parameters modparam("registrar", "nat_flag", 6) modparam("registrar", "min_expires", 60) modparam("registrar", "max_expires", 86400) modparam("registrar", "default_expires", 3600) modparam("registrar", "desc_time_order", 1) modparam("registrar", "append_branches", 1)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
#-------------- AVPOPS parameters modparam("avpops", "avp_url","postgres://fccn:fccn@XXX.XXX.XXX.XXX:5432/fccn") modparam("avpops", "avp_table", "usr_preferences") modparam("avpops", "avp_aliases","voicemail=i:500;calltype=i:700;fwd_no_answer_type=i:701;fwd_busy_type=i:702") modparam("avpops","username_column","utilizador")
# ------------- logging parameters modparam("xlog", "buf_size", 8192)
# ------------- permissions settings modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted")
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); return; };
if (msg:len > max_len ) { sl_send_reply("513", "Message too big"); return; };
# -------------------------------------------------- # NOTIFY Keep-Alive Section # -------------------------------------------------- if ((method=="NOTIFY") && search("^Event: keep-alive")) { sl_send_reply("200", "OK"); return; };
if ((method=="NOTIFY") && (uri=~"^sip:700@")) { sl_send_reply("200", "OK"); return; };
# -------------------------------------------------- # OPTIONS Section # -------------------------------------------------- if (method=="OPTIONS") { options_reply(); return; };
# -------------------------------------------------- # NAT Test Section #1 # --------------------------------------------------
# versao para o RTPproxy if (method=="REGISTER" && nat_uac_test("3")) { fix_nated_contact();
force_rport(); setflag(2); };
# -------------------------------------------------- # Click2Dial Section # -------------------------------------------------- if (src_ip=="XXX.XXX.XXX.XXX" && (search("^From: <sip:700@") || search("^To: <sip:700@"))) { setflag(14); };
################### # TLS ###################
# if somene claims to belong to our domain in From, # challenge him (skip REGISTERs -- we will chalenge them later) if (from_uri==myself) { setflag(1); if ( (method=="INVITE" || method=="SUBSCRIBE" || method=="MESSAGE") && !(src_ip==myself) ) { if (!(proxy_authorize( "mex.fccn.pt", "utilizador" ))) { proxy_challenge("mex.fccn.pt","0"/*no-qop*/); return;; }; if (!check_from()) { log("LOG: From Cheating attempt in INVITE\n"); sl_send_reply("403", "That is ugly -- use From=id next time (OB)"); return;; }; }; # non-REGISTER from other domain } else if ( method=="INVITE" && uri!=myself ) { sl_send_reply("403", "No relaying"); return;; };
################### # TLS ###################
/* ************ requests for our domain ********** */ if (method=="REGISTER") { if (!www_authorize( "mex.fccn.pt", "subscriber" )) { # challenge if none or invalid credentials www_challenge( "mex.fccn.pt" /* realm */, "0" /* no qop -- some phones can't deal with it */); return; }; if (!check_to()) { log("LOG: To Cheating attempt\n"); sl_send_reply("403", "That is ugly -- use To=id in REGISTERs"); return; }; # it is an authenticated request, update Contact database now if (!save("location")) { sl_reply_error(); }; return;; };
# -------------------------------------------------- # Accounting Section # NOTE: We test for flag 14 because we do not want to record Click2Dial # entries # --------------------------------------------------
if ((method=="INVITE" || method=="BYE" || method=="CANCEL"||method=="ACK" ||method=="REGISTER") && !isflagset(14)) { setflag(1); };
# -------------------------------------------------- # NAT Tear-Down Section # --------------------------------------------------
# versao para o RTPproxy if ((method == "BYE" || method == "CANCEL")) { unforce_rtp_proxy(); };
# -------------------------------------------------- # Record Route Section # -------------------------------------------------- # we record-route all messages -- to make sure that subsequent messages # will go through our proxy; that's particularly good if upstream and # downstream entities use different transport protocol if (!method=="REGISTER") { record_route(); };
# -------------------------------------------------- # Loose Route Section # # Grant route routing if route headers present # -------------------------------------------------- if (loose_route()) { log(1, "LOG: routing 1\n"); route(2); return; };
# -------------------------------------------------- # NAT Test Section #1 # --------------------------------------------------
# versao para o RTPproxy if (nat_uac_test("3") && !search("^Record-Route:")) { force_rport(); fix_nated_contact(); };
################### # TLS ###################
/* ******* check for requests targeted out of our domain ******* */ if ( uri!=myself ) { append_hf("P-hint: OUTBOUND\r\n"); if (uri=~".*@switch.ch") { t_relay_to_tls("switch.ch","5061"); # } else if (uri=~".*@domC.net") { # t_relay_to_tls("domC.net","5061"); } else { # route(1); log(1, "LOG: PARA DOMINIOS EXTERNOS\n"); }; return;; };
# -------------------------------------------------- # descomentar quando estiver feita a ligacao para a PSTN # Load ACL Section # Garante a proteccao do acesso ao gateway PSTN # -------------------------------------------------- if (method=="INVITE" && !isflagset(14)) {
if (is_user_in("Request-URI", "voicemail")) { setflag(31); };
if (is_from_local() || is_uri_host_local()) {
# As tags int ou free-pstn devem estar defenidas # para cada utilizador na tabela grupo e identificam # as suas permissoes if (is_user_in("From", "411")) { setflag(30); };
if (is_user_in("From", "int")) { setflag(29); };
if (is_user_in("From", "free-pstn")) { # a flag 28 significa que pode ligar para a PSTN setflag(28); };
if (avp_db_load("$from/username", "s:callidblock")) { if (avp_check("s:callidblock", "eq/y/i")) { setflag(25); }; }; };
if (avp_db_load("$ruri/username", "s:anoncallrej")) { if (avp_check("s:anoncallrej", "eq/y/i")) { setflag(24); }; }; };
# -------------------------------------------------- # Anonymous Call Rejection Section # -------------------------------------------------- if (isflagset(24) && (method=="INVITE") && search("^(f|F)rom:.*(a|A)nonymous")) { route(8); return; };
# -------------------------------------------------- # URI Compare Section # -------------------------------------------------- # Here we compare the "from" and "to" to see if the caller is dialing # their own extension. If so then we route to voicemail if needed if (method=="INVITE") { avp_write("$from", "i:34"); if (avp_check("i:34", "eq/$ruri/i")) { if (isflagset(31)) { route(5); return; } else { sl_send_reply("486", "Busy"); return; }; }; };
# -------------------------------------------------- # Do Not Disturb Section # -------------------------------------------------- if (avp_db_load("$ruri/username", "s:donotdisturb")) { if (avp_check("s:donotdisturb", "eq/y/i")) { route(5); return; }; };
# -------------------------------------------------- # Blind Call Forwarding Section # -------------------------------------------------- if (method=="INVITE") {
# here we must store the current (aka original) R-URI because if # we set call forwarding and the forwarded number is busy then we # need to use this original R-URI to determine which voicemail # box we should go to if (isflagset(31)) { avp_write("$ruri", "$voicemail"); };
if (avp_db_load("$ruri/username", "s:callfwd")) {
avp_pushto("$ruri", "s:callfwd");
# lookup the call fowarding number to see if it is a served # sip number or a PSTN number
# check forwarding number rules route(1);
if (avp_check("$calltype", "eq/-/i")) { sl_send_reply("503", "Service Unavailable"); return; };
}; };
# -------------------------------------------------- # Call Routing Section # -------------------------------------------------- if (!lookup("location")) { log(1, "LOG: CALL ROUTING SECTION \n");
# if flag 31 (ie voicemail) is set and we made it here this means # the user's phone is not registered anywhere. We'll forward to # voicemail after this block because we need to check the call # forward settings first if (isflagset(31)) {
# flag 19 means the user has voicemail but is not online # so we need to remember to send to voicemail if call # forwarding is not enabled setflag(19); };
if (method=="INVITE") {
# se o pedido nao e para o nosso dominio # reenvia para os dominios externos if( !uri=~"@mex.fccn.pt" ) { log(1, "LOG: ENCAMINHA PARA DOMINIOS EXTERNOS\n"); if (!method=="REGISTER") record_route(); t_relay(); return; }
# ENUM # is this an ENUM destination (leading +?) if (method=="INVITE" && uri=~"sip:+[0-9]{12}@") { log(1, "LOG: ENUUUUM 12\n"); if (!enum_query("e2u+sip")){ # if parameter empty, it defaults to "e2u+sip" log(1, "LOG: ENUM siiiiiiiiiiiiiiiiiiiiim\n"); # enum_query("e164.fccn.pt."); # E2U+sip enum_query("e164.org."); # E2U+sip # enum_query("e164.arpa."); if (!method=="REGISTER") record_route(); t_relay(); } return; };
# ENUM # is this an ENUM destination (leading +?) if (method=="INVITE" && uri=~"sip:+[0-9]{11}@") { log(1, "LOG: ENUUUUM 11\n"); if (!enum_query("e2u+sip")){ # if parameter empty, it defaults to "e2u+sip" log(1, "LOG: ENUM siiiiiiiiiiiiiiiiiiiiim\n"); # enum_query("e164.fccn.pt."); enum_query("e164.org."); # enum_query("e164.arpa."); if (!method=="REGISTER") record_route(); t_relay();
} return; };
# se a chamada tem 3 numeros # envia para o PSTN Gateway if (uri=~"^sip:[0-9]{3}@") { log(1, "LOG: NUMERO COM 3 DIGITOS \n");
route(3);
return; };
# se a chamada tem 2 numeros # envia para o PSTN Gateway if (uri=~"^sip:[0-9]{2}@") { log(1, "LOG: NUMERO COM 2 DIGITOS \n");
route(3);
return; };
sl_send_reply("404", "Utilizador nao Encontrado"); return; }; };
# Call Forwarding Section if (method=="INVITE") { log(1, "LOG: CALL FORWARDING SECTION\n");
# save R-URI in a temp AVP for later use avp_write("$ruri", "i:99");
# only load the forward no answer option if voice mail is not enabled if (!isflagset(31)) {
if (avp_db_load("$ruri/username", "s:fwdnoanswer")) { route(1);
if (!avp_check("$calltype", "eq/-/i")) {
if (avp_check("$calltype", "eq/dom/i")) { avp_write("dom", "$fwd_no_answer_type"); } else if (avp_check("$calltype", "eq/int/i")) { avp_write("int", "$fwd_no_answer_type"); } else { avp_write("sip", "$fwd_no_answer_type"); }
setflag(27); }; }; };
if (avp_db_load("$ruri/username", "s:fwdbusy")) { route(1);
if (!avp_check("$calltype", "eq/-/i")) {
if (avp_check("$calltype", "eq/dom/i")) { avp_write("dom", "$fwd_busy_type"); } else if (avp_check("$calltype", "eq/int/i")) { avp_write("int", "$fwd_busy_type"); } else { avp_write("sip", "$fwd_busy_type"); }
setflag(26); }; };
avp_pushto("$ruri", "i:99"); };
if (isflagset(19)) { log(1, "LOG: ULTIMO CICLO ANTES DOS ROUTES\n");
# send to voicemail route(5); } else { log(1, "LOG: routing 2\n");
route(2); };
} #route
route[1] { log(1, "LOG: ROUTE 1 \n");
avp_write("-", "$calltype");
if (uri=~"^sip:1[0-9]{10}@") { strip(1); };
if ((uri=~"^sip:70[1|2]@") || (uri=~"^sip:411 at .*") || (uri=~"^sip:911 at .*") || (uri=~"^sip:900[0-9]{7}@") || (uri=~"^sip:976[0-9]{7}@")) { return; };
lookup("aliases"); if (!lookup("location")) {
if (uri=~"^sip:[0-9]{10}@") {
# test for domestic PSTN number if (isflagset(28)) { avp_write("dom", "$calltype"); };
} else if (uri=~"^sip:011[0-9]*@") {
# test for international PSTN number
if (isflagset(29)) { avp_write("int", "$calltype"); }; };
return; };
avp_write("sip", "$calltype");
}
route[2] { log(1, "LOG: ROUTE 2\n");
#check if the NAT Flag is set if (isflagset(6)) { if(!force_rtp_proxy()) { log(1, "LOG: force_rtp_prpoxy FAILED!\n"); } else { log(1, "LOG: force_rtp_proxy() succeeded!\n"); }; };
if (isflagset(25)) { log(1, "LOG: ENTROU NUM IF DENTRO DO ROUTE2\n"); replace("^From:(.*)>" , "From: "Anonymous" <sip:someone at anonymous.invalid>"); };
# versao para o RTPproxy if (method=="INVITE" || method=="ACK") { log(1, "LOG: FORCE_RTPPROXY\n"); force_rtp_proxy(); };
t_on_failure("1"); t_on_reply("1");
if (!t_relay()) {
# versao para o RTPproxy if (method=="INVITE" || method=="ACK") { unforce_rtp_proxy(); };
sl_reply_error(); };
}
# encaminhamento para o Gateway PSTN route[3] { log(1, "LOG: ROUTE 3 \n");
# SIP->PSTN calls get 45 seconds to timeout avp_write("i:45", "inv_timeout");
rewritehost("XXX.XXX.XXX.XXX:1720");
# versao para o RTPproxy if (method=="INVITE" || method=="ACK") { force_rtp_proxy(); };
if (isflagset(31)) { t_on_failure("1"); };
t_on_reply("1");
if (!t_relay()) {
sl_reply_error(); }; }
route[4] { log(1, "LOG: ROUTE 4 \n");
if (isflagset(25)) { replace("^From:(.*)>" , "From: "Anonymous" <sip:someone at anonymous.invalid>"); };
rewritehostport("99.99.99.100:5060"); append_branch();
t_on_reply("1");
if (!t_relay()) {
# versao para o RTPproxy if (method=="INVITE" || method=="ACK") { unforce_rtp_proxy(); };
sl_reply_error(); }; }
route[5] { log(1, "LOG: ROUTE 5 \n");
# versao para o RTPproxy if (method=="INVITE" || method=="ACK") { force_rtp_proxy(); };
rewritehostport("99.99.99.100:5060");
t_on_reply("1");
if (!t_relay()) {
# versao para o RTPproxy if (method=="INVITE" || method=="ACK") { unforce_rtp_proxy(); };
sl_reply_error(); }; }
onreply_route[1] { log(1, "LOG: ON REPLY ROUTE 1 \n"); # Not all 2xx messages have a content body so here we # make sure our Content-Length > 0 to avoid a parse error if (status=~"(180)|(183)|2[0-9][0-9]") {
if (!search("^Content-Length:\ 0")) { force_rtp_proxy(); }; };
if (nat_uac_test("1")) { fix_nated_contact(); }; }
failure_route[1] { log(1, "LOG: FAILURE ROUTE 1 \n"); # if caller hung up then don't sent to voicemail if (t_check_status("487")) { return; };
if (isflagset(26) && t_check_status("486")) {
# forward busy is flag 26 if (avp_pushto("$ruri", "s:fwdbusy")) { avp_delete("s:fwdbusy"); append_branch(); resetflag(26); # test for domestic PSTN gateway if (avp_check("$fwd_busy_type", "eq/dom/i")) { # test for domestic PSTN gateway #route(3); #sl_send_reply("503", "Gateway PSTN Indisponivel"); #} else if (avp_check("$fwd_busy_type", "eq/int/i")) { # test for international PSTN gateway # route(6); # } else { # default to sip call log(1, "LOG: routing 3\n");
route(2); };
return; }; };
# here we can have either voicemail __OR__ forward no answer if (isflagset(27) && t_check_status("408")) {
# forward no answer is flag 27
if (avp_pushto("$ruri", "s:fwdnoanswer")) { avp_delete("s:fwdnoanswer"); append_branch(); resetflag(27);
if (avp_check("$fwd_no_answer_type", "eq/dom/i")) { # test for domestic PSTN gateway #route(3); #sl_send_reply("503", "Gateway PSTN Indisponivel"); #} else if (avp_check("$fwd_no_answer_type", "eq/int/i")) { # test for international PSTN gateway # route(6); #} else { # default to sip call log(1, "LOG: routing 5\n");
route(2); };
return; };
} else if (isflagset(31) && avp_pushto("$ruri", "$voicemail")) {
avp_delete("$voicemail"); route(4); return; }; }
onreply_route[2] { log(1, "LOG: ONREPLY ROUTE 2 \n"); log(1, "LOG: entered onreply_route[2] now... \n");
if(isflagset(6)) { # && status =~"(183)|2[0-9][0-9]") { log(1, "LOG: TRansaction was sent to a NATed client --> fix_nated_contact() and force_rtp_proxy().\n"); if(!fix_nated_contact()) { log(1, "LOG: fix_nated_contact() FAILED!\n"); } else { log(1, "LOG: fix_nated_contact() succeded.\n"); };
if(!force_rtp_proxy()) { log(1, "LOG: force_rtp_proxy() FAILED!\n"); } else { log(1, "LOG: force_rtp_proxy() succeded.\n"); };
append_hf("P-hint: fixed NAT contact for response\r\n");
} else if (nat_uac_test("1")) { log(1, "LOG: Uncaught NAT. => fix_nated_contact()\n"); if(!fix_nated_contact()) { log(1, "LOG: fix_nated_contact() FAILED!\n"); } else { log(1, "LOG: fix_nated_contact() succeded.\n"); }; };
}
-
Bogdan-Andrei Iancu -
Daniel-Constantin Mierla -
Joao Pereira