Hi Samuel,
Now that presence is working I'm checking xcap possibilities.
I see that IM xcap authorization is not working.
I don't know what to use in:
>if (authorize_message("im-rules.xml")){
My client (Eyebeam) does not use im-rules.xml , but it uses privacy-lists.xml and that file is in privacy-lists folder.
How should I change the configuration line to use this file ?
Regards,
ilker
-----Original Message-----
From: samuel [mailto:samu60@gmail.com]
Sent: Tuesday, May 16, 2006 5:26 PM
To: Vaclav Kubart
Cc: İlker Aktuna (Koç.net); serusers(a)iptel.org
Subject: Re: [Serusers] PA error sending notifies
2006/5/16, Vaclav Kubart <vaclav.kubart(a)iptel.org>:
> reply inline...
> > If you are using XCAP authentication for MESSAGEs, there's a
> > function called authorize_message that needs to have as parameter
> > the file name of the IM ruleset.
> > For user sam, in xcap-root/im-rules/users/sam/im-rules.xml there are
> > the rules for this function. The XML file is similar to the
> > presence-rules but has important differences (correct me if I'm
> > wrong,
> > Vaclav!!!):
> > *it only has a blacklist parameter (no whitelist!!)
>
> It doesn't depend on name of the rule (blacklist/whitelist/...) it
> depends on the action (block, ...). You can have as many rules as you
> want, but to explicitly enable something (whitelist) is needless
> because MESSSAGEs are allowed by default (at the end of the presence
> handbook I tried to describe im-rules the same way as presence-rules
> are described in their draft).
>
> > *the namespace is different (so be carefull in copy&paste from the
> > presence-rules!!!) and, as Vaclav poitned out "proprietary" from
> > iptel.
>
> And the action element name differs: <im-handling> is used instead of
> <sub-handling>.
>
Uops...I haven't noticed :P thanks!
> Vaclav
>
> >
> > About the structure I have: x86 debian testing. Libraries versions I
> > don't know exactly but the ones in the testing repository EXCEPT a
> > library which I had to get for serweb from the stable version...but
> > it's not affecting SER part.
> >
> > Samuel.
> > 2006/5/16, ?lker Aktuna (Koç. net ) <ilkera(a)koc.net>:
> > >
> > >
> > >
> > >
> > >Hi,
> > >
> > >What did you mean by following:
> > >
> > >>Instead of
> > >>>
> > >>> if (authorize_message("http://localhost/xcap")) {
> > >>
> > >>there should be
> > >>
> > >>if (authorize_message("im-rules.xml")){
> > >
> > >Btw, did you receive my email with following questions :
> > >
> > >>> I have the same problem with notification and other presence
> > >>> messages
> > >with you.
> > >>> Can you tell me which Linux distribution you are using Ser on ?
> > >>> Also please include version numbers for libraries that are
> > >>> required by
> > >Ser.
> > >>>
> > >>> I am trying to find similarities between yours and my ser server.
> > >
> > >Regards,
> > >ilker
> > >
> > >-----Original Message-----
> > >From: serusers-bounces(a)iptel.org
> > >[mailto:serusers-bounces@iptel.org] On Behalf Of samuel
> > >Sent: Monday, May 15, 2006 7:13 PM
> > >To: Vaclav Kubart
> > >Cc: serusers(a)iptel.org
> > >Subject: Re: [Serusers] PA error sending notifies
> > >
> > >Let's see if I can finish the e-mail before gmail decides it's
> > >enough...:P
> > >
> > >006/5/15, samuel <samu60(a)gmail.com>:
> > >> Following with the handbook...
> > >
> > >>
> > >> the authorize message in the sample confgi files has as parameter
> > >> the xcap root while it should have the xml file containing the auth.rules.
> > >
> > >
> > >Instead of
> > >
> > >>
> > >> if (authorize_message("http://localhost/xcap")) {
> > >
> > >there should be
> > >
> > >if (authorize_message("im-rules.xml")){
> > >
> > >>
> > >>
> > >>
> > >> 2006/5/15, samuel <samu60(a)gmail.com>:
> > >> > First of all, I have to thank you for the time you spent
> > >> > writing the handbook, it's really really helpfull....I wish all
> > >> > SER related parts had this docs..
> > >> >
> > >> > I'll try to get familiar with the code of the notifications and
> > >> > I'll try to find something....which I don't thing so :P. I'll
> > >> > also merge the two functionalities (proxy + presence) in a
> > >> > unique config file to see if it works.
> > >> > I hope I can provide more info these following days.
> > >> >
> > >> > About the missing things in the presence handbook, probably the
> > >> > most important is the new xcap module because in the sample
> > >> > config files it's missing.
> > >> > Another thing is that in the XCAP structure description, the
> > >> > im-rules directory is missing, which might lead to
> > >> > misunderstandings. I downloaded the structure from the iptel's
> > >> > ftp and inside the im-rules there were several files
> > >> > corresponding to presence-rules which should be either removed
> > >> > or updated with the im-rules namespaces and removing the whitelist.
> > >> >
> > >> > Thanks,
> > >> >
> > >> > Samuel.
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > 2006/5/15, Vaclav Kubart <vaclav.kubart(a)iptel.org>:
> > >> > > Hi,
> > >> > > this problem I'm trying to solve with Ilker Aktuna. I try to
> > >> > > simulate it on my machine and let you know. Or if you solve
> > >> > > it,
> > >please
> > >let me know.
> > >> > > :-)
> > >> > >
> > >> > > Please, could you tell me, what things you were missing in
> > >> > > presence handbook? I'm trying to do it as useful as possible
> > >> > > and whatever ideas are welcome...
> > >> > >
> > >> > > Vaclav
> > >> > >
> > >> > > On Mon, May 15, 2006 at 01:38:02PM +0200, samuel wrote:
> > >> > > > Hi all,
> > >> > > >
> > >> > > > I recently had a few hours and start installing the
> > >> > > > presence staff and I have to say that I have it amost
> > >> > > > workign thanks to the presence handbook, the mailing list
> > >> > > > and, obviously, a little bit of code review..:P
> > >> > > >
> > >> > > > I have two SER instances, the "proxy" and the "presence server"
> > >> > > > (both with last CVS code) co-located in the same host and I
> > >> > > > have an issue when the "presence server" tries to send the
> > >> > > > NOTIFY requests. Below there's an attched log showing the
> > >> > > > problem (on IP a.b.c.d I've got the two instances):
> > >> > > >
> > >> > > > 3(30682) DEBUG notify.c:378: sending winfo notify
> > >> > > > 3(30682) DEBUG notify.c:383: winfo document created
> > >> > > > 3(30682) DEBUG notify.c:391: creating headers
> > >> > > > 3(30682) DEBUG notify.c:398: headers created
> > >> > > > 3(30682) DEBUG:tm:t_uac:
> > >> > > >
> > >next_hop=<sip:a.b.c.d;transport=tcp;ftag=c77b3f33;lr=on>
> > >> > > > 3(30682) t_uac: no socket found
> > >> > > > 3(30682) DEBUG notify.c:402: request sent with result -7
> > >> > > > 3(30682) ERROR: notify.c:404: Can't send watcherinfo
> > >> > > > notification (-7)
> > >> > > >
> > >> > > > This problem appears in other places, not only in the
> > >> > > > notifications for winfo so probably there's somthing in the
> > >> > > > selection of the outgoing socket directing to the local IP.
> > >> > > >
> > >> > > > >From the proxy part I just ust t_forward_nonack for the "SIMPLE"
> > >> > > > messages with record route....maybe adding the port in the
> > >> > > > record route should help?
> > >
> > >
> > >
> > >
> > >
> > >___________________________________________________________________
> > >___________________________________________________________________
> > >_______ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
> > >olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,
> > >icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
> > >acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
> > >geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu
> > >e-posta mesaji, hic bir sekilde, herhangi bir amac icin
> > >cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta
> > >mesaji viruslere karsi anti-virus sistemleri tarafindan
> > >taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma
> > >sistemleri ile kontrol ediliyor olsa bile - virus icermedigini
> > >garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir
> > >sorumlulugu kabul etmez.
> > >This message is intended solely for the use of the individual or
> > >entity to whom it is addressed , and may contain confidential
> > >information. If you are not the intended recipient of this message
> > >or you receive this mail in error, you should refrain from making
> > >any use of the contents and from opening any attachment. In that
> > >case, please notify the sender immediately and return the message
> > >to the sender, then, delete and destroy all copies.
> > >This e-mail message, can not be copied, published or sold for any reason.
> > >This e-mail message has been swept by anti-virus systems for the
> > >presence of computer viruses. In doing so, however, sender cannot
> > >warrant that virus or other forms of data corruption may not be
> > >present and do not take any responsibility in any occurrence.
> > >___________________________________________________________________
> > >___________________________________________________________________
> > >_______
> > >
>
<http://387555.sigclick.mailinfo.com/sigclick/05090E04/0C024D08/07084503/061…>
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________
Interesting.
There are some examples and documentation (may be "a bit" out of date)
of creating modules. Try to search archives of this mailing list.
Vaclav
On Fri, May 26, 2006 at 01:43:45PM +0200, rekik refka wrote:
> Hi,
> I have download silomail 1.0 for SER 0.8.14.
> This ser module allows sending a SIP instant message as regular e-mail. Such
> a feature may be useful for clients that are incapable of receiving SIP
> instant messages. Users with such clients can receive SIP instant messages
> using regular e-mail instead.
> I'm searching to make some modifications to this.
> But how can I insert it with SER 0.814.
> I have no idea how to add a new module and compile it.
> Can you help me.
> thanks in advance!
Hello all,
I'm setting up a load balancer using openser. The load balancing works great
and I'm now trying to work out the redundancy side of it.
In my route I have:
if (method=="INVITE")
{
record_route();
ds_select_dst("1", "0");
t_on_failure("1");
t_relay();
}
This works fine in that if the selected server is not up or takes too long
to answer, the call is route to failure_route[1]
And here's where I'm scratching my head. I would like the INVITE to be tried
on another server from the server farm. But how. Is there a way to send it
back to ds_select_dst and make sure it doesn't get sent back to the same
server?
thanks
Hi,
I want OpenSER to listen on udp:localhost:5060 for local health checks,
but I only need one process running on this interface (opposed to, say,
12 processes on the public interface). So is there a way to selectively
define the number of children per interface?
Thanks,
Andy
I tried the cacheless mode, it didn't work for me.
I'm just wondering , how did those people out there do their OUTBOUND
proxy ?
Can anyone give me some hint ?
Regards,
Sam
-----Original Message-----
From: Klaus Darilion [mailto:klaus.mailinglists@pernau.at]
Sent: Friday, May 26, 2006 4:57 PM
To: Sam Lee
Cc: users(a)openser.org
Subject: Re: [Users] 2 Openser Instances
Sam Lee wrote:
> Hi Klaus,
>
> Thanks for the quick reply. My purpose is one of the instance being a
> normal Openser, the other with a FORCE RTPproxy. This is so that if
> they have a symmetric NAT going on in their network, they can make use
> of this rtpproxy as an outbound proxy but still able to call those
> register with the normal openser.
>
> Care to explain what is cacheless userloc mode ? How do I set it ?
http://openser.org/docs/modules/devel/usrloc.html#AEN252
it's mode 3 (only available in CVS head)
>
> Because of the normal and force RTPproxy , these 2 instances has
> different routing patterns, and they are handled differently.
I still would use only one proxy and apply NAT traversal only for
clients which use the "NAT traversal" port on your openser.
The idea is:
...
if ( dst_port = 6060) { # needs NAT traversal
if (is_method("REGISTER")) {
setflag(9);
# this is the natflag specified in userloc module #
http://openser.org/docs/modules/1.0.x/registrar.html#AEN103
fix_nated_register();
} else {
# do all the NAT traversal, activate RTP proxy
}
}
# now do the normal call and REGISTER handling
...
...
lookup("location");
if(isflagset(9)) {
...#force rtp proxy
}
....
regards
klaus
>
> Any ideas ?
>
> Regards,
> Sam
>
> -----Original Message-----
> From: Klaus Darilion [mailto:klaus.mailinglists@pernau.at]
> Sent: Friday, May 26, 2006 4:28 PM
> To: Sam Lee
> Cc: users(a)openser.org
> Subject: Re: [Users] 2 Openser Instances
>
> 1. You can run several instances of openser on the same PC, but what
> is your purpose?
>
> 2. If 2 openser proxies share the same userloc database, you have to
> use the cacheless userloc mode
>
> 3. If you just want to listen on several ports, use a single proxy
> with multiple listen directives
>
> listen=udp:1.2.3.4:5060
> listen=udp:1.2.3.4:6060
> listen=udp:1.2.3.4:7060
>
> regards
> klaus
>
>
> Sam Lee wrote:
>> Have anyone tried running 2 separate instances on OpenSER (running on
>> different ports) ?
>> Both these instances are doing almost exactly the same thing, they
>> take in REGISTER and save them into the locations database. They all
>> do all the other processing like INVITE.
>>
>> Will this causes a problem in MYSQL ? I'm asking this because i got a
>> very strange problem. I register 1 UA to each instances. When i did a
>> ul show , it always only have either the UA from instance A or UA
>> from
>
>> instance B . Note, these 2 UA have different numbers. Why can't it
>> just save both into the MYSQL DB ?
>>
>> I would be glad to clarify any doubts. Please assist as far as you
> can.
>> Thanks!
>>
>> Regards,
>> Sam
>>
>>
>> ---------------------------------------------------------------------
>> -
>> --
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>
Hello list,
i have following code in my openser configuration to prevent that
everybody can make calls to PSTN:
process INVITE messages
-- snip
if( !allow_trusted() ) {
if( !proxy_authorize( "myrealm", "subscriber" ) ) {
proxy_challenge( "realm", "1" );
return;
} else if ( !check_from() ) {
sl_send_reply( "403", "Use From=ID" );
return;
};
consume_credentials();
};
-- snap
This works fine with snom200, snom360 and some other phones/ATA.
It isn't working with Linksys IPPhone SPA941, snom100 and the ATA
Linksys SPA 2001.
All these three devices aren't sending the credentials after they are
challenge to send them. I know this because the new INVITE message have
no digest information in it, the call isn't be placed and the following
error message from the logs of OpenSER:
/sbin/openser[3323]: find_credentials(): Error while parsing headers
I have also tried that the second parameter of proxy_challenge are 0
(zero) but that didn't helped.
Have anybody a clue where I can change this behaviour of the three
devices? Have I change some settings, etc of the phones/ATA?
Or maybe I have to change my code for the OpenSER? But I will avoid this
because I don't want to be an open relay.
Thanks in advance
Jens
Hi,
I am getting the problem with rtp proxy in the case of call forking from ser. After forking, one callee sends 183 session progress (early media),with this rtpsession is established in rtp proxy. Then other callee accept the call, starts sending media, in this case after calling recvfrom function ,raddr structure is not containing exact destination and port, it containts previous packet IP ,current packet port at comparing session IP and remote IPs, once IP is updated, canupdate flag is disabled, then for further invalid IP comparisons , it wont update the remote IP. Thats why rtp is not getting relayed to user agents. Why raddr variable is not containing correct IP and port, why it is showing corrupted information.
For my convention I am not checking canupdate flag, now it is disabled, then it is working now.Any suggitions.
Thanks,
kkmurthy
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
Gentlemen,
I would be most grateful, if someone could provide an example on how to use the new AVPops funktions (cvs head) to accompish multiple UAC registrations with authorisations uac_auth(); with external SIP providers.
Any shortcut on how to accomplish this (avoiding AVPops) or related examples would also be greatly appreciated.
TIA for your help.
Gerry