I do not know why reply_route seems to call the main route block again. I do know that if I comment out the authentication code in the main route block my forwarding works. If I do not comment it out, then the forwarding fails with an 'Unauthorized' directed at the pstn gateway.
Yes, the script is related...I get a call from the PSTN for the phone number 1234. 1234 doesn't answer, so my on_negative attempts to forward to 5678. The forward to 5678 fails because no authentication is present because the source IP address isn't any longer the pstn gateway AND the main route block code is being executed again from the on_negative callback. I am not doing any additional authentication in the callback, I assume the Unauthorized is coming from the main script.
I asked Jiri earlier if another 'packet' (sip message) was forwarded to the routing engine...perhaps on locahost. That would explain the re-execution of the main route block and it would explain the mechanics of an on_negative callback execution.
I'll take a look at 0.8.11.
Thanks,
---greg
-----Original Message----- From: Andy Blen [mailto:andy.blen@iptel.org] Sent: Friday, June 06, 2003 9:54 AM To: Greg Fausak; 'Jan Janak' Cc: serusers@lists.iptel.org; sip@august.net Subject: RE: [Serusers] Forwarding to another number if busy
At 03:48 PM 6/6/2003, Greg Fausak wrote: --snip--
My code looks like:
If(src_ip == my.pstn.gateway.address) { ... } Else { if(!www_authorize()) { www_challenge(); }; }
This means that calls can come from my gateway without authentication. Later on in the script: ...
t_on_negative("9"); if(!t_relay()) { sl_reply_error(); break; };}
reply_route[9] { log(1,"REPLY_ROUTE:"); revert_uri();
setuser("nextnumber"); t_relay();}
This logic only works if I get rid of my authentication/challenge logic. Because the T_relay() src_ip address is NOT the pstn.gateway address after the reply_route executes!
? I'm puzzled -- does the script above somehow relate to the problem you are describing? You only check src_ip in route{} which is called only once, so why do you care about what happens after reply_route{}?
So, I tried putting a line in the reply_route that did:
setflag(9);
And changed the beginning of my script:
If(src_ip == my.pstn.gateway.address | isflagset(9)) { ... } Else { if(!www_authorize()) { www_challenge(); }; }
Why do you re-check authentication in reply_route? The authentication has been already verified on the original request and it buys no security to do it again with the same request later.
This doesn't work. I know the flag was set in the reply_route, but it is not recognized in the main script.
I guess neither src_ip nor flag were copied to reply_route context in 8.10. That should have changed in 8.11, in case you need it.
a.