[Serusers] Re: Serusers Digest, Vol 23, Issue 4

hi list.. i am winda i make SER and it work well in local network. when i establish SER server in public network. it cannot run. i have read the milist and the solution are nethelper and mediaproxy/rtp proxy. i want ask how to start to make nathelper+rtp proxy? please explain me step by step?... oh ya.. i also read about rtp proxy, maxim's rtp proxy and media proxy. can you explain me what is the different? Thanks for help....:-) serusers-request(a)lists.iptel.org wrote: Send Serusers mailing list submissions to serusers(a)lists.iptel.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.iptel.org/mailman/listinfo/serusers or, via email, send a message with subject or body 'help' to serusers-request(a)lists.iptel.org You can reach the person managing the list at serusers-owner(a)lists.iptel.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Serusers digest..." Today's Topics: 1. FREEBSD ser cvs adn 0.90 ERROR ( ) 2. Re: http / https in Userloc db (Jan Janak) 3. Re: http / https in Userloc db (Martin Koenig) 4. Re: RTP Wiretapping (Java Rockx) 5. Re: http / https in Userloc db (Jan Janak) 6. Re: http / https in Userloc db (Marian Dumitru) 7. compiling LCR into 0.10-dev (Iqbal) 8. Re: http / https in Userloc db (Jan Janak) 9. serweb question (johnny Laura) 10. Problem with SER and RADIUS on the different machine (Alex Jeon) 11. Re: serweb question (Alistair Cunningham) 12. Re: RTP Wiretapping (Steve Blair) 13. Got Error in Nathelper "extract_mediaip: no `c=' in SDP" (Markus Monka) 14. Re: username of from with avp_check (Marian Dumitru) 15. RE: Outbound proxy definition (Vitaly Nikolaev) 16. problem (soft phoe is onfigured with SIP Express Router) (anil pal) 17. Re: rtpproxy must be located on the same machine with SIP server?? (Mohammad Khan) 18. Claims of ser-0.9 RFC3261 Violation (Java Rockx) 19. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev) 20. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx) 21. Mediaproxy error (Terry Mac Millan) 22. Re: Claims of ser-0.9 RFC3261 Violation (Klaus Darilion) 23. RE: Claims of ser-0.9 RFC3261 Violation (Linda Xiao) 24. SER+SERWEB+MSILO (harry gaillac) 25. log question (Mohammad Khan) 26. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev) 27. RE: log question (Vitaly Nikolaev) 28. Re: Mediaproxy error (Terry Mac Millan) 29. RE: Claims of ser-0.9 RFC3261 Violation (Jain, Rajnish) 30. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx) 31. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx) 32. compiling LCR into 0.10-dev (Juha Heinanen) 33. Re: compiling LCR into 0.10-dev (Iqbal) 34. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx) 35. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev) 36. :-(( (Mohammad Khan) ---------------------------------------------------------------------- Message: 1 Date: Wed, 02 Mar 2005 14:03:08 +0800 From: " " Subject: [Serusers] FREEBSD ser cvs adn 0.90 ERROR To: serusers(a)lists.iptel.org Message-ID: <20050302060308.CCE8F13D(a)mail.fivewall.com> Content-Type: text/plain; charset= Hi! all FreeBSD 5.3,latest cvs and 0.90 have problem when /usr/local/sbin/serctl get ser# ps -ax PID TT STAT TIME COMMAND 0 ?? DLs 0:00.01 [swapper] 1 ?? SLs 0:00.07 /sbin/init -- 2 ?? DL 0:00.03 [g_event] 3 ?? DL 0:00.12 [g_up] 4 ?? DL 0:00.30 [g_down] 5 ?? DL 0:00.00 [thread taskq] 6 ?? DL 0:00.00 [kqueue taskq] 7 ?? IL 0:00.00 [acpi_task0] 8 ?? IL 0:00.00 [acpi_task1] 9 ?? IL 0:00.00 [acpi_task2] 10 ?? DL 0:00.00 [ktrace] 11 ?? RL 6:47.97 [idle] 12 ?? WL 0:00.00 [irq1: atkbd0] 13 ?? WL 0:00.00 [irq3: sio1] 14 ?? WL 0:00.00 [irq4: sio0] 15 ?? WL 0:00.00 [irq5:] 16 ?? WL 0:00.00 [irq6: fdc0] 17 ?? WL 0:00.00 [irq7: ppc0] 18 ?? WL 0:00.00 [irq8: rtc] 19 ?? WL 0:00.00 [irq9: acpi0] 20 ?? WL 0:00.00 [irq10:] 21 ?? WL 0:00.00 [irq11:] 22 ?? WL 0:00.00 [irq12: psm0] 23 ?? WL 0:00.00 [irq13:] 24 ?? WL 0:00.06 [irq14: ata0] 25 ?? WL 0:00.00 [irq15: ata1] 26 ?? WL 0:00.00 [irq16:] 27 ?? WL 0:00.00 [irq17: bt0] 28 ?? WL 0:00.04 [irq18: lnc0] 29 ?? WL 0:00.00 [irq19: uhci0] 30 ?? WL 0:00.00 [irq20:] 31 ?? WL 0:00.00 [irq21:] 32 ?? WL 0:00.00 [irq22:] 33 ?? WL 0:00.00 [irq23:] 34 ?? WL 0:00.00 [irq0: clk] 35 ?? WL 0:00.63 [swi5: clock sio] 36 ?? WL 0:00.00 [swi4: vm] 37 ?? WL 0:00.03 [swi1: net] 38 ?? DL 0:00.04 [yarrow] 39 ?? WL 0:00.00 [swi6:+] 40 ?? WL 0:00.00 [swi2: camnet] 41 ?? WL 0:00.00 [swi3: cambio] 42 ?? WL 0:00.00 [swi6: acpitaskq] 43 ?? WL 0:00.00 [swi6: task queue] 44 ?? WL 0:00.06 [swi6:+] 45 ?? DL 0:00.00 [usb0] 46 ?? DL 0:00.00 [usbtask] 47 ?? WL 0:00.00 [swi0: sio] 48 ?? DL 0:00.00 [fdc0] 49 ?? DL 0:00.00 [pagedaemon] 50 ?? DL 0:00.00 [vmdaemon] 51 ?? DL 0:00.59 [pagezero] 52 ?? DL 0:00.00 [bufdaemon] 53 ?? DL 0:00.03 [syncer] 54 ?? DL 0:00.00 [vnlru] 55 ?? DL 0:00.01 [hpt_wt] 56 ?? IL 0:00.00 [nfsiod 0] 57 ?? IL 0:00.00 [nfsiod 1] 58 ?? IL 0:00.00 [nfsiod 2] 59 ?? IL 0:00.00 [nfsiod 3] 60 ?? DL 0:00.07 [schedcpu] 179 ?? Is 0:00.00 adjkerntz -i 245 ?? Ss 0:00.03 /sbin/dhclient lnc0 272 ?? Is 0:00.00 /sbin/devd 292 ?? Ss 0:00.04 /usr/sbin/syslogd -s 367 ?? Ss 0:00.01 /usr/sbin/usbd 403 ?? Ss 0:00.03 /usr/sbin/sshd 409 ?? Ss 0:00.04 sendmail: accepting connections (sendmail) 413 ?? Is 0:00.01 sendmail: Queue runner@00:30:00 for /var/spool/client 425 ?? Ss 0:00.02 /usr/sbin/cron -s 439 ?? Ss 0:00.18 /usr/local/sbin/httpd 471 ?? I 0:00.07 /usr/local/sbin/ser -P /var/run/ser.pid 472 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 473 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 474 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 475 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 476 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 477 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 478 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 479 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 480 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 481 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 482 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 483 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 484 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 485 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 486 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 487 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 488 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid 489 ?? S 0:00.08 /usr/local/sbin/ser -P /var/run/ser.pid 490 ?? S 0:00.04 /usr/local/sbin/ser -P /var/run/ser.pid 491 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid 492 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid 493 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid 494 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid 495 ?? S 0:00.04 /usr/local/sbin/ser -P /var/run/ser.pid 496 ?? S 0:00.02 /usr/local/sbin/ser -P /var/run/ser.pid 497 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid 498 ?? S 0:00.02 /usr/local/sbin/ser -P /var/run/ser.pid 499 ?? I 0:00.00 /usr/local/sbin/httpd 500 ?? I 0:00.00 /usr/local/sbin/httpd 501 ?? I 0:00.00 /usr/local/sbin/httpd 502 ?? I 0:00.00 /usr/local/sbin/httpd 503 ?? I 0:00.00 /usr/local/sbin/httpd 524 ?? Is 0:00.01 /usr/sbin/inetd -wW -C 60 583 ?? Ss 0:00.08 sshd: lynx [priv] (sshd) 586 ?? S 0:00.09 sshd: lynx@ttyp0 (sshd) 587 p0 Ss 0:00.04 -sh (sh) 588 p0 S 0:00.05 su 589 p0 S 0:00.08 _su (csh) 595 p0 R+ 0:00.03 ps -ax 536 v0 Is+ 0:00.01 /usr/libexec/getty Pc ttyv0 537 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1 538 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2 539 v3 Is+ 0:00.01 /usr/libexec/getty Pc ttyv3 540 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4 541 v5 Is+ 0:00.01 /usr/libexec/getty Pc ttyv5 542 v6 Is+ 0:00.01 /usr/libexec/getty Pc ttyv6 543 v7 Is+ 0:00.01 /usr/libexec/getty Pc ttyv7 443 con- I 0:00.04 /bin/sh /usr/local/bin/mysqld_safe --user=mysql --dat 468 con- S 0:01.00 /usr/local/libexec/mysqld --basedir=/usr/local --data ser# serctl moni [: unexpected operator [: -ne: unexpected operator ser# ---- ZhongShan Ether Network Security Inc --------------------------------------------------------- ------------------------------ Message: 2 Date: Wed, 2 Mar 2005 12:39:16 +0100 From: Jan Janak Subject: Re: [Serusers] http / https in Userloc db To: Marian Dumitru Cc: serusers(a)lists.iptel.org, Martin Koenig Message-ID: <20050302113916.GF3487(a)localhost.localdomain> Content-Type: text/plain; charset=iso-8859-2 On 02-03 10:32, Marian Dumitru wrote: That's one interesting question. What is a valid contact ? A regular proxy would not be able to contact URI with http scheme, that's clear. But that does not mean yet that the contact is not valid, because RFC3261 allows any sort of URI to appear there. On the other hand, a redirect server would just take this URI, put it into a 3xx response and send it back the the calling UA. If the calling UA is unable to reach the called party, it might display the contents of the HTTP URL or do some other magic. For that reason I think that there should be no limitation of what gets into the user location database. Jan. ------------------------------ Message: 3 Date: Wed, 02 Mar 2005 13:08:39 +0100 From: Martin Koenig Subject: Re: [Serusers] http / https in Userloc db To: Jan Janak Cc: serusers(a)lists.iptel.org Message-ID: <4225ACC7.8060500(a)toplink-plannet.de> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Jan, if any uri (according to RFC) is allowed in URI, then ser should not issue an error message on lookup("location"): Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0 parsed: (4) / (23) Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri: http://192.168.0.206:80 Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0 parsed: (4) / (25) Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri: https://192.168.0.206:443 Especially not a "bad_uri" error message, because it is not a bad uri indeed. Some debug-warning about ignoring this or that contact because it was not SIP/SIPS will do. What do you think? Either way, I think there is need for some cleanup. Regards, Martin Jan Janak schrieb: ------------------------------ Message: 4 Date: Wed, 2 Mar 2005 07:16:59 -0500 From: Java Rockx Subject: Re: [Serusers] RTP Wiretapping To: ser(a)cannes.f9.co.uk Cc: serusers(a)lists.iptel.org Message-ID: <359a65820503020416142a33c(a)mail.gmail.com> Content-Type: text/plain; charset=US-ASCII I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP. User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy. Regards, Paul On Wed, 2 Mar 2005 08:00:24 -0000, Chris wrote: ------------------------------ Message: 5 Date: Wed, 2 Mar 2005 13:42:03 +0100 From: Jan Janak Subject: Re: [Serusers] http / https in Userloc db To: Martin Koenig Cc: serusers(a)lists.iptel.org Message-ID: <20050302124203.GG3487(a)localhost.localdomain> Content-Type: text/plain; charset=iso-8859-2 The error message is not issued by lookup("location"), it is issued by t_relay() when you try to forward the message to the HTTP URI. It should be easy to write a function that would be called before t_relay (or after lookup) and that would filter out URI schemes unsupported by SER. For the Request-URI you can do that from the script: if (uri =~ "^http") { do something }; But that would not check additional branches used for parallel forking. Jan. On 02-03 13:08, Martin Koenig wrote: ------------------------------ Message: 6 Date: Wed, 02 Mar 2005 14:04:12 +0100 From: Marian Dumitru Subject: Re: [Serusers] http / https in Userloc db To: Jan Janak Cc: serusers(a)lists.iptel.org, Martin Koenig Message-ID: <4225B9CC.304(a)voice-sistem.ro> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Hi Jan, So some URI checking is required and indeed, if you want to allow clients to perform that magic you mentioned, the checking should be done after extracting the URIs from usrloc. But should be very clear if a contact URI can or cannot be involved in SIP signaling - used for forwarding. One note here - it's interesting what will be the impact on nathelper when it will start doing NAT ping to non-SIP URIs :-). Anyhow, the best place to do the checking is before t_relay(). If you do th filtering immediately after lookup(), you will loose the Redirect Server functionality. Best regards, Marian Jan Janak wrote: === message truncated === __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com