Hi all,
I have seen a problem(?) with adding headers to sip messages using append_hf. SER never allowed me
to add a new header after proxy-authorization is enabled for INVITEs. In normal cases it permits
me to add custom headers. But, the following piece of code never worked:
if (!radius_proxy_authorize("")) {
proxy_challenge("", "0");
break;
}
prefix ("12345678");
append_hf ("Credit-Time: 360\r\n");
After spending some time with this, i was able to add the header like this:
if (!radius_proxy_authorize("")) {
proxy_challenge("", "0");
break;
}
if (is_present_hf ("Proxy-Authorization")){
remove_hf ("Proxy-Authorization");
}
prefix ("12345678");
append_hf ("Credit-Time: 360\r\n");
Any specific reason for this behaviour? Can anyone shed some light on why SER is not allowing me
to add new headers when there is a Proxy-Authorization header present?
Thanks,
=====
Girish Gopinath <gr_sh2003(a)yahoo.com>
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
Hi,
When I try to access the serweb admin login page or user login page, I
encounter the error and cannot access it:
Database error: pconnect(officehk123.vttsys.com, ser, $Password) failed.
MySQL Error: ()
Session halted.
What is the problem of my setting? Thank you.
Thomas
Hello All,
I am using compiled version of SER from the development tree. While i
started my proxy, i keepon receiving the following error message.
6(32094) ERROR: CSeq EoL expected
6(32094) ERROR: parse_cseq: bad cseq
6(32094) ERROR: get_hdr_field: bad cseq
6(32094) ERROR: bad header field
6(32094) ERROR: build_res_buf_from_sip_req: alas, parse_headers failed
7(32097) ERROR: CSeq EoL expected
7(32097) ERROR: parse_cseq: bad cseq
7(32097) ERROR: get_hdr_field: bad cseq
7(32097) ERROR: bad header field
7(32097) find_first_route(): Error while parsing headers
could anybody helpme out.
Raj.
Hi, i am testing RTPProxy with SER-0.8.14-4 and have 2 questions.
First, for what reason nathelper module insert "a=nortpproxy:yes" to SDP
when use force_rtp_proxy() ???
This cause UACs like Azatel and Cisco IOS warning about this unknown
attribute.
And the other, i see in my ser logs a message like:
"ERROR: send_rtpp_command: can't read reply from a RTP proxy"
when use unforce_rtp_proxy()
Thanks
Ezequiel Colombo
Hi All,
I found an interesting problem. Set up is using xlite, SER 0.8.12 with
digest authentication enabled. I just realized that after I get
registered with account A. Then change the "username" (keep authorization
user to A) in Xlite to someone's SIP account (B). I can make calls using
B's credits while registration I'm using is still A's. Is there a way to
fix this?
In xlite you have parameters:
Username: (use for actual call, pass on to GW (e.g. pstn)
Authorization User: (use for registration)
Password: (use for registration)
Hi all!
This is a "request for comments" and I would be happy If you give me
your opinions. And maybe we could see some of the results in ser. :-)
When configuring ser (editing the ser.cfg), IMO a big problem is the
mixture of routing logic and NAT traversal. Every time I think about
routing policies (inbound, outbound, in-dialog, out-dialog ...) I always
have to take care about the NAT traversal. ser.cfg would be much easier
to handle if we do not have to take care about NAT traversal. Therefore,
already several companies use dedicated NAT traversal devices which
will be configured as outbound proxy in the user agents (eg. Jasomi Peer
Point).
I want to use another ser instance as dedicated outbound proxy - that is
NAT traversal and nothing more (maybe some kind of protection using the
permissions and pike modules). AFAIK this is not possible with current
ser out-of-the-box. If this is wrong, please correct me and ignore the
rest of this email.
I came up with 2 solutions for this problem:
1. Using the "Path:" header as described in RFC3327
2. Enhance ser to rewrite the Contact: in the outbound proxy, store the
real contact, and forward to the main proxy.
Now, a bit more detailed for the follwing setup:
UA1 -- OBProxy -- mainProxy -- ..... UA2
1.
During registration, the OBP adds an "Path:" header with its SIP URI to
the REGISTER message. The mainProxy does not only save the AOR and the
Contact: URI, but also the Path: headers. If the main proxy "lookup()"
the contact of UA1, it also retrieves the stored Path and creates the
Route: headers. Therefore, the OBP stays always in the signaling path
for out-dialog transactions. To stay also in the signaling path for
in-dialog transaction, RecordRoute will be used (as usual).
Advantages: The OBProxy does not have to save()/lookup(), therefore no
kind of storage is required. Will be needed for 3GPP.
Disadv: The UA has to send keep-alive messages (CRLF) to keep the NAT
binding alive.
Todo: save() must also save the "Path", lookup() must retrieve the
"Path" and add it to the "Route". Adding the Path header can be done by
a new function or using "subst/append_hf".
2.
The outbound proxy receives a REGISTER with e.g.
Contact: <sip:klaus@10.0.0.4:5060>.
First it uses fix_nated_contact: =>
Contact: <sip:klaus@1.2.3.4:4321>.
Then it creates a new contact URI which uses the fixed contact as
username and the IP Address of the OBP as domain part, e.g:
Contact: <sip:klaus%401.2.3.4%3A4321@5.6.7.8>
Then, the outbound proxy saves in the location table the fixed contact
and the modified contact (instead of the AOR) and then it forwards the
modified REGISTER to the mainProxy.
Now, the main proxy will store <sip:klaus%401.2.3.4%3A4321@5.6.7.8> as
contact for the AOR of UA1. Thus, if the main proxy makes a "lookup()",
it will forward the requests to the OBP. Then the OBP also makes a
lookup and retreives the fixed contact address.
Todo: create a new "save_obp" function which rewrites the contact and
stores the fixed and new contact (instead of fixed contact and AOR).
What do you think about this? (I prefer Version 1)
I think this will be a good enhancement to ser and should not be that
hard to implement.
regards,
Klaus
I am getting following error on 0.8.12 release on
solaris
Nov 30 15:16:04 serz ./ser[19619]: [ID 767465
daemon.warning] Warning:
uac does not spread accross the whole hash table
Looking at the code:
#define RAND_MAX 32767
And
/* always use a power of 2 for hash table size */
#define T_TABLE_POWER 16
#define TABLE_ENTRIES (1 << (T_TABLE_POWER)) == 64K
int uac_init(void)
{
str src[3];
if (RAND_MAX < TABLE_ENTRIES) {
LOG(L_WARN, "Warning: uac does not
spread "
"accross the whole hash table\n");
}
<....>
}
So it seems that this condition will always be true.
Which seems like a bug in uac.c. However I don't
always see the error message even though tm module is
always loaded sny ideas why ?
Also I dont see any serious operational issues due to
this warning. Is that correct?
Thanks.
Rao.
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
Hello All,
I'm using ser 0.8.14 release from tarball.
version: 0.8.14 (i386/freebsd)
flags: STATS:Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
@(#) $Id: main.c,v 1.168.4.3 2004/06/28 15:41:21 andrei Exp $
main.c compiled on 17:34:33 Aug 5 2004 with gcc 3.3
And I have some problems with it - it crush sometimes (I think I can
reproduce it.)
GDB message:
Core was generated by `ser'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.5...done.
___CUTED__
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x2a1beed5 in clone_authorized_hooks (new=0x28338808, old=0x80cc750) at sip_msg.c:233
233 ((struct auth_body*)new->proxy_auth->parsed)->authorized = new_ptr;
I want to ask, is someone faced with this problem, if yes, is it fixed
in CVS 0.8.14 branch?
Thank you for help.
P.S. I can provide core dumps if someone interesting, also if I will
be able to reproduce it, I can dump all SIP signaling.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,.
Mike Tkachuk, ph:380-3433-47067
YES ISP, fx:380-3433-47067
Valova 17, mike|a|yes.net.ua
Kolomyia, www.yes.net.ua
Ukraine 78200 FWD: 66518
01.12.2004
ICQ# 57698805
MSN: mike_tkachuk|a|hotmail.com
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,.
Hi,
At work are planning to use SER to route traffic between a pstn gateway,
Asterisk, and direct lookups. We would like to set up the routing to try a
second gateway if it cannot contact the primary gateway. Below is the
config file and attached is the output from a sample session.
Ideally, we would like to see
If( ! forward to GW2)
Forward(GW1);
}
>From what I've read in the archives, forward() cannot be used (yes, I tried
it anyway:-) ). The config below does get to the failure_route but at that
point two errors appear:
1(21749) ERROR: t_forward_nonack: no branched for fwding
1(21749) ERROR: failure_route: t_relay_to failed
Any tips/pointers?
David
# ----------- global configuration parameters ------------------------
listen=XXX.XXX.XXX.XXX
alias=XXX.comalias=XXX.XXX.com
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode */
debug=7
fork=no
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- tm params --
#modparam("tm", "fr_timer", 10)
modparam("tm", "fr_inv_timer", 15)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
# if (!www_authorize("iptel.org",
"subscriber")) {
# www_challenge("iptel.org",
"0");
# break;
# };
save("location");
break;
};
if (method=="INVITE") {
# local user ids
if
(uri=~"^sip:1[0-9][0-9][0-9][0-9][0-9][0-9]@") {
forward("sip.dotality.com");
break;
};
# Phone #s
if
(uri=~"^sip:[2-9][0-9][0-9][0-9][0-9][0-9][0-9]@") {
log("---> TRYING GW2
<---\n");
t_on_failure("1");
t_relay_to_udp("gw2","5060");
break;
};
# native SIP destinations are handled
using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not
Found");
break;
};
# forward to current uri now; use
stateful forwarding; that
# works reliably even if we forward from
TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
};
};
}
# Fallback route for pstn gateways.
failure_route[1] {
log("---> TRYING GW1 <---\n");
t_relay_to_udp("GW1","5060");
break;
}
Hi guys,
I have a strange problem when tying to forward call to Quintum gw.
Callee is hearing what I speak but I don't hear anything.
Forwarding to another SER is ok. Both - users with real ips and natted.
Somebody can help me?
Here is my config file:
debug=10 # debug level (cmd line: -dddddddddd)
#fork=yes
log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#fork=no
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/group.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "db_url", "mysql://ser:heslo@192.168.2.15/ser")
modparam("usrloc","user_column","username")
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
#modparam("acc", "db_url", "mysql://ser:heslo@192.168.2.15/ser")
#modparam("acc", "log_level", 2)
#modparam("acc", "log_flag", 3)
#modparam("acc", "log_level", 1)
# number of flag, which will be used for accounting; if a message is
# labeled with this flag, its completion status will be reported
modparam("acc", "log_flag", 1)
modparam("acc", "log_fmt", "cdfimorstup")
modparam("acc", "db_url", "mysql://ser:heslo@192.168.2.15/ser")
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 1)
modparam("acc", "log_missed_flag", 1)
#modparam("acc", "report_cancels", 1)
modparam("acc", "report_ack", 1)
#modparam("mediaproxy", "mediaproxy_socket", "/var/run/proxydispatcher.sock")
#modparam("mediaproxy", "natping_interval", 20)
modparam("nathelper","rtpproxy_sock", "/var/run/rtpproxy.sock")
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
modparam("nathelper", "ping_nated_only", 1)
listen=193.2.6.17
# ------------------------- request routing logic -------------------
# main routing logic
route{
if (!mf_process_maxfwd_header("70")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
if (nat_uac_test("3")) {
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart enough to be symmetric. In some phones it takes a configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is
# called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
if (!method=="REGISTER") record_route();
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
break;
};
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("193.2.6.17", "subscriber")) {
www_challenge("193.2.6.17", "0");
break;
};
save("location");
break;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
break;
};
if (uri=~"^sip:[1-9]*@193.2.6.17") { # QUINTUM GW
rewritehost("194.24.1.6");
append_branch("194.24.1.6");
# t_relay_to_udp("194.24.1.6", "5060");
t_relay();
rewritehostport("194.24.1.6:5060");
append_hf("P-hint: VoipSwitch GATEWAY");
break;
}
} else {
if (uri=~"^sip:[0]*@193.2.6.17") { ### Other SER
setflag(1);
rewritehostport("bla.mydomain.com:5060");
append_branch("bla.mydomain.com");
t_relay();
break;
};
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
# };
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies; apply to all transactions (for example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}
Thanks In Advance!
Pavel Siderov