Re: [OpenSER-Users] Radius accounting and Dialog

the script didn't fit, here it is:

# # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. #

# ----------- global configuration parameters ------------------------

debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) children=10 port=5060 listen=MY.OPENSER.IP.COM disable_dns_blacklist=true

# ------------------ module loading ---------------------------------- #set module path mpath="//lib/openser/modules/"

# Uncomment this if you want to use SQL database #loadmodule "mysql.so"

loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "uri.so" loadmodule "uri_db.so" loadmodule "domain.so" loadmodule "permissions.so" #loadmodule "group.so" loadmodule "mi_fifo.so" loadmodule "lcr.so" loadmodule "avpops.so" loadmodule "xlog.so" loadmodule "mediaproxy.so" loadmodule "acc.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

modparam("registrar", "received_avp", "$avp(i:42)")

modparam("usrloc", "db_mode", 2) modparam("usrloc", "nat_bflag", 4)

modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password")

modparam("rr", "enable_full_lr", 1)

#modparam("auth_db|permissions|uri_db|usrloc","db_url","mysql://openser:openserrw@localhost /openser") modparam("auth_db|permissions|usrloc|uri_db|domain|lcr|avpops|avp_url","db_url","mysql://openser:password@localhost /openser")

modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted")

modparam("avpops", "avp_table", "usr_preferences")

modparam("mediaproxy","natping_interval",20) modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy/mediaproxy.sock") modparam("mediaproxy","sip_asymmetrics","/etc/openser/sip-clients") modparam("mediaproxy","rtp_asymmetrics","/ect/openser/rtp-clients")

modparam("lcr", "contact_avp", "$avp(i:711)") modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)") modparam("lcr", "gw_uri_avp", "$avp(i:709)") modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)") modparam("lcr", "ruri_user_avp", "$avp(i:500)") modparam("lcr", "dm_flag", 25)

modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") modparam("acc", "radius_flag", 2) modparam("acc", "radius_missed_flag", 3) modparam("acc", "radius_extra", "User-Name=$Au;Calling-Station-Id=$from;Called-Station-Id=$to;Sip-Translated-Request-URI=$ruri;Sip-RPid=$avp(s:rpid);Source-IP=$si;Source-Port=$sp;Canonical-URI=$avp(s:can_uri);Billing-Party=$avp(s:billing_party);Divert-Reason=$avp(s:divert_reason);X-RTP-Stat=$hdr(X-RTP-Stat);Contact=$hdr(contact);Event=$hdr(event);SIP-Proxy-IP=$avp(s:sip_proxy_ip);ENUM-TLD=$avp(s:enum_tld)") # ------------------------- request routing logic -------------------

# main routing logic

route{

# # -- 1 -- Request Validation # if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };

if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };

# # -- 2 -- Routing Preprocessing # ## Record-route all except Register ## Mark packets with nat=yes ## This mark will be used to identify the request in the loose ## route section if(!is_method("REGISTER")){ record_route(";nat=yes"); };

##Loose_route packets if (has_totag()) { #sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if(method=="BYE") { #Account BYE transactions setflag(2); };

#Check authentication of re-invites if(method=="INVITE" && (!allow_trusted())) { if (!proxy_authorize("","subscriber")) { proxy_challenge("","1"); exit; } else if (!check_from()) { sl_send_reply("403", "Forbidden, use From=ID"); exit; }; }; if(method=="BYE" || method=="CANCEL") { end_media_session(); };

##Detect requests in the dialog behind NAT and flag with 6 route(1); } else { sl_send_reply("404","Not here"); } exit; }

#CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) { end_media_session(); t_relay(); }; exit; }

t_check_trans(); # # -- 3 -- Determine Request Target # if (method=="REGISTER") { route(2); } else { route(3); }; }

route[1] { # # -- 4 -- Forward request to target # # Forward statefully t_on_reply("1"); t_on_failure("1"); if (!t_relay()) { sl_reply_error(); }; exit; }

route[2] { ## Register request handler if (is_uri_host_local()) { if (!www_authorize("", "subscriber")) { www_challenge("", "1"); exit; };

if (!check_to()) { sl_send_reply("403", "Forbidden"); exit; };

setbflag(6); force_rport(); save("location"); exit;

} else if {

sl_send_reply("403", "Forbidden");

}; }

route[3] { ## Requests handler

if (method=="INVITE") { # Account INVITE packets setflag(2); # Account Missed calls setflag(3); # Radius Extra $avp(s:sip_proxy_ip)="MY.OPENSER.IP.COM"; };

if (is_from_local()){ # From an internal domain -> check the credentials and the FROM if(!allow_trusted()){ if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); exit; } else if(!check_from()) { sl_send_reply("403", "Forbidden, use From=ID"); exit; }; };

#unconditional call forward if(avp_db_load("$ru/username","$avp(s:callfwd)")) { avp_pushto("$ru", "$avp(s:callfwd)"); route(1); exit; }

consume_credentials();

#verify aliases, if found replace R-URI. lookup("aliases");

if (is_uri_host_local()) { # -- Inbound to Inbound xlog("L_INFO","OPENSER: INBOUND -> INBOUND ($tU)"); route(10); } else { # -- Inbound to outbound xlog("L_INFO","OPENSER: INBOUND -> OUTBOUND ($tU)"); route(11); };

} else {

#From an external domain ->do not check credentials #Verify aliases, if found replace R-URI. lookup("aliases"); if (is_uri_host_local()) { xlog("L_INFO","OPENSER: OUTBOUND -> INBOUND ($tU)"); #-- Outbound to inbound route(12); } else { xlog("L_INFO","OPENSER: OUTBOUND -> OUTBOUND ($tU)"); # -- Outbound to outbound route(13); }; }; }

route[4] { # routing to the public network if (!load_gws()) { sl_send_reply("503", "Unable to load gateways"); exit; }

if(!next_gw()){ sl_send_reply("503", "Unable to find a gateway"); exit; } t_on_failure("2"); if (!t_relay()) { sl_reply_error(); }; exit; }

route[6] { # # -- NAT handling -- # append_hf("P-hint: Route[6]: mediaproxy \r\n"); use_media_proxy(); }

route[10] { #from an internal domain -> inbound #Native SIP destinations are handled using the location table #Gateway destinations are handled by regular expressions append_hf("P-hint: inbound->inbound \r\n");

xlog("L_INFO","LOOKING FOR: $tU"); if (uri=~"^sip:55613") { # ECHO TEST xlog("L_INFO","IN ROUTE 613"); route(6); rewritehostport("fwdnat2.pulver.com:5060"); if (!t_relay()) { sl_reply_error(); }; exit; };

if (uri=~"^sip:301") { # ECHO TEST route(6); rewritehostport("blueface.ie"); if (!t_relay()) { sl_reply_error(); }; exit; };

# # if (uri=~"^sip:1[2-9][0-9]{9}@") { # if (is_user_in("credentials","ld")) { # strip(1); # prefix("+1"); # route(6); # route(4); # exit; # } else { # sl_send_reply("403", "No permissions for long distance"); # exit; # }; # }; # # if (uri=~"^sip:011[0-9]*@") { # if (is_user_in("credentials","int")) { # strip(3); # prefix("+"); # route(6); # route(4); # exit; # } else { # sl_send_reply("403", "No permissions for international calls"); # }; # };

if (!lookup("location")) { if (does_uri_exist()) { ## User not registered at this time. ## Use the IP Address of your e-mail server revert_uri(); prefix("u"); rewritehostport("192.168.1.171"); #Use the IP address of your voicemail server route(6); route(1); } else { sl_send_reply("404", "Not Found"); exit; } sl_send_reply("404", "Not Found"); exit; }; route(6); route(1); }

route[11] { # from an internal domain -> outbound # Simply route the call outbound using DNS search append_hf("P-hint: inbound->outbound \r\n"); route(1); }

route[12] { # From an external domain -> inbound # Verify aliases, if found replace R-URI. lookup("aliases"); if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; route(1); }

route[13] { #From an external domain outbound #we are not accepting these calls append_hf("P-hint: outbound->inbound \r\n"); sl_send_reply("403", "Forbidden"); exit; }

failure_route[1] { ##-- ##-- If cancelled, exit. ##-- if (t_was_cancelled()) { exit; }; ##-- ##-- If busy send to the e-mail server, prefix the "b" ##-- character to indicate busy. ##-- if (t_check_status("486")) { revert_uri(); prefix("b"); rewritehostport("192.168.1.171"); append_branch(); route(1); exit; }; ##-- ##-- If timeout (408) or unavailable temporarily (480), ##-- prefix the uri with the "u"character to indicate ##-- unanswered and send to the e-mail ##-- sever ##-- if (t_check_status("408") || t_check_status("480")) { revert_uri(); prefix("u"); rewritehostport("192.168.1.171"); append_branch(); route(1); exit; }; }

failure_route[2] { if(!next_gw()) { t_reply("503", "Service not available, no more gateways"); exit; }; t_on_failure("2"); t_relay(); }

onreply_route[1] { # #-- On-replay block routing -- # append_hf("P-hint: onreply_route|usemediaproxy \r\n"); use_media_proxy(); exit; }