I don’t seem to be able to get a match when I send a call from my gw to ser registered user. Debug indicates that user Not found in usrloc even though the database shows the users registered. I am able to make out bound calls the gw just fine. If anyone can shed some light in it it would be great.

 

Thanks

 

=============================================================================================================

mysql> select * from location;

+----------+--------+------------------------+----------+---------------------+-------+----------------------------------+------+----------------+-----------+-------+-------+----------------------------+

| username | domain | contact                | received | expires             | q     | callid                           | cseq | last_modified  | replicate | state | flags | user_agent                 |

+----------+--------+------------------------+----------+---------------------+-------+----------------------------------+------+----------------+-----------+-------+-------+----------------------------+

| 9901     |        | sip:9901@69.250.205.31 | NULL     | 2005-02-26 03:31:09 | -1.00 | e5201b3819008718@192.168.199.102 |  107 | 20050226033016 |         0 |     0 |     0 | Grandstream BT100 1.0.5.11 |

+----------+--------+------------------------+----------+---------------------+-------+----------------------------------+------+----------------+-----------+-------+-------+----------------------------+

1 row in set (0.01 sec)

 

====debugt output===============================================================================================

 

20(18672) parse_headers: flags=256

20(18672) find_first_route: No Route headers found

20(18672) loose_route: There is no Route HF

20(18672) lookup(): '9901' Not found in usrloc

 

=============================================================================================================

 

U 69.19.88.16:5060 -> 69.19.88.19:5060

  INVITE sip:9901@69.19.88.19 SIP/2.0..Via: SIP/2.0/UDP 69.19.88.16:5060;branch=z9hG4bK2fb13d17..From: "Cell Phone   MD" <sip:4103532264

  @69.19.88.16>;tag=as149fbe93..To: <sip:9901@69.19.88.19>..Contact: <sip:4103532264@69.19.88.16>..Call-ID: 745bcf587074e77d4a8118dc212

  ccba7@69.19.88.16..CSeq: 102 INVITE..User-Agent: Asterisk PBX..Date: Sat, 26 Feb 2005 08:41:01 GMT..Allow: INVITE, ACK, CANCEL, OPTIONS

  , BYE, REFER..Content-Type: application/sdp..Content-Length: 240....v=0..o=root 11581 11581 IN IP4 69.19.88.16..s=session..c=IN IP4 66.

  159.88.16..t=0 0..m=audio 14934 RTP/AVP 0 8 101..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:1

  01 0-16..a=silenceSupp:off - - - -..

#

U 69.19.88.19:5060 -> 69.19.88.16:5060

  SIP/2.0 100 trying -- your call is important to us..Via: SIP/2.0/UDP 69.19.88.16:5060;branch=z9hG4bK2fb13d17..From: "Cell Phone   MD" <

  sip:4103532264@69.19.88.16>;tag=as149fbe93..To: <sip:9901@69.19.88.19>..Call-ID: 745bcf587074e77d4a8118dc212ccba7@69.19.88.16..CSeq:

  102 INVITE..Server: Sip EXpress router (0.9.0 (i386/linux))..Content-Length: 0..Warning: 392 69.19.88.19:5060 "Noisy feedback tells:  p

  id=18682 req_src_ip=69.19.88.16 req_src_port=5060 in_uri=sip:9901@69.19.88.19 out_uri=sip:9901@69.19.88.16:5060 via_cnt==1"....

#

U 69.19.88.19:5060 -> 69.19.88.16:5060

  INVITE sip:9901@69.19.88.16:5060 SIP/2.0..Max-Forwards: 10..Record-Route: <sip:69.19.88.19;ftag=as149fbe93;lr=on>..Via: SIP/2.0/UDP 66

  .159.88.19;branch=z9hG4bK96c9.80b8ddd7.0..Via: SIP/2.0/UDP 69.19.88.16:5060;branch=z9hG4bK2fb13d17..From: "Cell Phone   MD" <sip:410353

  2264@69.19.88.16>;tag=as149fbe93..To: <sip:9901@69.19.88.19>..Contact: <sip:4103532264@69.19.88.16>..Call-ID: 745bcf587074e77d4a8118d

  c212ccba7@69.19.88.16..CSeq: 102 INVITE..User-Agent: Asterisk PBX..Date: Sat, 26 Feb 2005 08:41:01 GMT..Allow: INVITE, ACK, CANCEL, OPT

  IONS, BYE, REFER..Content-Type: application/sdp..Content-Length: 240..P-hint: GATEWAY....v=0..o=root 11581 11581 IN IP4 69.19.88.16..s=

  session..c=IN IP4 69.19.88.16..t=0 0..m=audio 14934 RTP/AVP 0 8 101..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:101 telephone

  -event/8000..a=fmtp:101 0-16..a=silenceSupp:off - - - -..

#

U 69.19.88.16:5060 -> 69.19.88.19:5060

  SIP/2.0 482 Loop Detected..Via: SIP/2.0/UDP 69.19.88.19;branch=z9hG4bK96c9.80b8ddd7.0..Via: SIP/2.0/UDP 69.19.88.16:5060;branch=z9hG4b

  K2fb13d17..From: "Cell Phone   MD" <sip:4103532264@69.19.88.16>;tag=as149fbe93..To: <sip:9901@69.19.88.19>;tag=as149fbe93..Call-ID: 74

  5bcf587074e77d4a8118dc212ccba7@69.19.88.16..CSeq: 102 INVITE..User-Agent: Asterisk PBX..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER

  ..Contact: <sip:4103532264@69.19.88.16>..Content-Length: 0....

 

 

==ser.cfg===========================================================================================================

 

 

#

# $Id: serconf.sh,v 1.3 2003/11/03 13:03:58 janakj Exp $

#

# autogenerated SER configuration

#

# user: uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

# system: Linux baltodb.popdial.com 2.6.10-1.760_FC3 #1 Wed Feb 2 00:14:23 EST 2005 i686 i686 i386 GNU/Linux

# date: Sat Feb 26 02:57:50 EST 2005

#

 

# ----------- global configuration parameters ------------------------

 

/*

debug=4

fork=yes

port=5060

log_stderror=no

memlog=5

*/

mhomed=yes

 

fifo="/tmp/ser_fifo"

 

alias=baltodb.popdial.com

 

# uncomment to override config values for test

# /*

debug=4             # debug level (cmd line: -ddd)

fork=yes

port=5060

log_stderror=yes            # (cmd line: -E)

fifo="/tmp/ser_fifox"

# */

 

 

check_via=no                # (cmd. line: -v)

dns=no              # (cmd. line: -r)

rev_dns=no          # (cmd. line: -R)

children=16

# if changing fifo mode to a more restrictive value, put

# decimal value in there, e.g. dec(rw|rw|rw)=dec(666)=438

#fifo_mode=438

 

# ------------------ module loading ----------------------------------

 

loadmodule "/usr/local/lib/ser/modules/tm.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"

loadmodule "/usr/local/lib/ser/modules/acc.so"

loadmodule "/usr/local/lib/ser/modules/rr.so"

loadmodule "/usr/local/lib/ser/modules/maxfwd.so"

loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/usrloc.so"

loadmodule "/usr/local/lib/ser/modules/registrar.so"

loadmodule "/usr/local/lib/ser/modules/auth.so"

loadmodule "/usr/local/lib/ser/modules/auth_db.so"

loadmodule "/usr/local/lib/ser/modules/textops.so"

loadmodule "/usr/local/lib/ser/modules/uri.so"

loadmodule "/usr/local/lib/ser/modules/group.so"

loadmodule "/usr/local/lib/ser/modules/msilo.so"

loadmodule "/usr/local/lib/ser/modules/enum.so"

loadmodule "/usr/local/lib/ser/modules/uri_db.so"

 

 

 

 

# ----------------- setting module-specific parameters ---------------

 

# all DB urls here

#modparam("usrloc|acc|auth_db|group|msilo|uri", "db_url","mysql://ser:heslo@localhost/ser")

modparam("usrloc|acc|auth_db|group|msilo|uri_db", "db_url","mysql://ser:heslo@localhost/ser")

 

# -- usrloc params --

/* 0 -- dont use mysql, 1 -- write_through, 2--write_back */

modparam("usrloc", "db_mode",   2)

modparam("usrloc", "timer_interval", 10)

 

# -- auth params --

 

modparam("auth_db", "calculate_ha1", yes)

#modparam("auth_db", "user_column",   "user_id")

modparam("auth_db", "password_column",   "password")

modparam("auth", "nonce_expire",  300)

 

# -- rr params --

# add value to ;lr param to make some broken UAs happy

modparam("rr", "enable_full_lr", 1)

 

# -- acc params --

# that is the flag for which we will account -- don't forget to

modparam("acc", "db_flag", 1 )

modparam("acc", "db_missed_flag", 3 )

 

# -- tm params --

modparam("tm", "fr_timer", 20 )

modparam("tm", "fr_inv_timer", 90 )

modparam("tm", "wt_timer", 20 )

 

# -- msilo params

modparam("msilo", "registrar", "sip:registrar@baltodb.popdial.com")

 

# -- enum params --

#

modparam("enum", "domain_suffix", "e164.arpa.")

 

 

# -------------------------  request routing logic -------------------

 

# main routing logic

 

route{

 

            /* ********* ROUTINE CHECKS  ********************************** */

 

            # filter too old messages

            if (!mf_process_maxfwd_header("10")) {

                        log("LOG: Too many hops\n");

                        sl_send_reply("483","Alas Too Many Hops");

                        break;

            };

            #if (len_gt( max_len )) {

            if ( msg:len > max_len ) {

                        sl_send_reply("513", "Message too large sorry");

                        break;

            };

 

 

            # Make sure that requests dont advertise addresses

            # from private IP space (RFC1918) in Contact HF

            # (note: does not match with folded lines)

            if (search("^(Contact|m): .*@(192\.168\.|10\.|172\.16)")) {

                        # allow RR-ed requests, as these may indicate that

                        # a NAT-enabled proxy takes care of it; unless it is

                        # a REGISTER

                        if ((method=="REGISTER" || ! search("^Record-Route:"))

                                                            && !( src_ip==192.168.0.0/16 ||

                                                                        src_ip==10.0.0.0/8 || src_ip==172.16.0.0/12 )) {

                                    log("LOG: Someone trying to register from private IP again\n");

                                    sl_send_reply("479", "We dont accept private IP contacts" );

                                    break;

                        };

            };

 

            # anti-spam -- if somene claims to belong to our domain in From,

            # challenge him (skip REGISTERs -- we will chalenge them later)

            if (search("(From|F):.*(baltodb\.popdial\.com|66\.159\.88\.19)")) {

                        # invites forwarded to other domains, like FWD may cause subsequent

                        # request to come from there but have iptel in From -> verify

                        # only INVITEs (ignore FIFO/UAC's requests, i.e. src_ip==myself)

                        if (method=="INVITE" &  !(src_ip==69.19.88.19)) {

                                    if  (!(proxy_authorize(      "baltodb.popdial.com" /* realm */,

                                                            "subscriber" /* table name */ ))) {

                                                proxy_challenge("baltodb.popdial.com" /* realm */, "0" /* no-qop */);

                                                break;

                                    };

                                    # to maintain outside credibility of our proxy, we enforce

                                    # username in From to equal digest username; user with

                                    # "john.doe" id could advertise "bill.gates" in From otherwise;

                                    if (!check_from()) {

                                                log("LOG: From Cheating attempt in INVITE\n");

                                                sl_send_reply("403", "That is ugly -- use From=id next time (OB)");

                                                break;

                                    };

                                    # we better don't consume credentials -- some requests may be

                                    # spiraled through our server (sfo@iptel->7141@iptel) and the

                                    # subsequent iteration may challenge too, for example because of

                                    # iptel claim in From; UACs then give up because they

                        # already submitted credentials for the given realm

                                    #consume_credentials();

                        }; # INVITEs claiming to come from our domain

            } else if (method=="INVITE" && !(uri=~"[@:\.](baltodb\.popdial\.com|66\.159\.88\.19)([;:].*)*"

                                    # ... and we serve our gateway too if present

                                    | uri=~"@66\.159\.88\.16([;:].*)*" )) {

                        #the INVITE neither claims to come from our domain nor is it targeted to it

                        # -> junk it

                        sl_send_reply("403", "No relaying");

                        break;

            };

 

 

            /* ********* RR ********************************** */

            # to be safe, record route everything; UAs may use different

            # transport protocols and need to have SER in path

            record_route();

            # if route forces us to forward to some explicit destination,

            # do so; check however first that a cheater didn't preload

            # a gateway destination to bypass PSTN ACLs

 

            if (loose_route()) {

                                                if (uri=~"sip:[+0-9]+@66\.159\.88\.16") {

                                    # it is gateway -- proceed to ACLs

                                    route(3);

                                    break;

                        };

                        # route HF determined next hop; forward there

                        append_hf("P-hint: rr-enforced\r\n");

                        t_relay();

                        break;

            };

 

 

            /*  *********  check for requests targeted out of our domain... ******* */

            # sign of our domain: there is '@' (username) or  : (nothing) in

            # front of our domain name          ; ('.' is not there -- we handle all

            # xxx.iptel.org as outbound hosts);if none of these cases matches,

            # proceed with processing of outbound requests in route[2]

            if (!(uri=~"[@:](sip[\.)?(baltodb\.popdial\.com|66\.159\.88\.19)([;:].*)*" | uri=~"@66\.159\.88\.16([;:].*)*")) {

                        route(2);

                        break;

            };

 

 

            /* ************ requests for our domain ********** */

 

 

            /* now, the request is for sure for our domain */

 

 

            # registers always MUST be authenticated to

            # avoid stealing incoming calls   

            if (method=="REGISTER") {

 

                        # Make sure that user's dont register infinite loops

                        # (note: does not match with folded lines)

                        if (search("^(Contact|m): .*@(baltodb\.popdial\.com|66\.159\.88\.19)")) {

                                    log(1, "LOG: alert: someone trying to set aor==contact\n");

                                    sl_send_reply("476", "No Server Address in Contacts Allowed" );

                                    break;

                        };

                                                if (search("^(Contact|m): .*66\.159\.88\.16")) {

                                    log(1, "LOG: alert: protected contacts\n");

                                    sl_send_reply("476", "No Server Address in Contacts Allowed" );

                                    break;

                        };

 

                        if (!www_authorize(         "baltodb.popdial.com" /* realm */,

                                                                                    "subscriber" /* table name */ )) {

                                    # challenge if none or invalid credentials

                                    www_challenge( "baltodb.popdial.com" /* realm */,

                                                                                    "0" /* no qop -- some phones can't deal with it */);

                                    break;

                        };

 

                        # prohibit attempts to grab someone else's To address

                        # using  valid credentials;

 

                        if (!check_to()) {

                                    log("LOG: To Cheating attempt\n");

                                    sl_send_reply("403", "That is ugly -- use To=id in REGISTERs");

                                    break;

                        };

                        # it is an authenticated request, update Contact database now

                        if (!save("location")) {

                                    sl_reply_error();

                        };

                        m_dump();

                        break;

            };

 

            # some UACs might be fooled by Contacts our UACs generate to make MSN

            # happy (web-im, e.g.) -- tell its urneachable

            if (uri=~"sip:daemon@" ) {

                        sl_send_reply("410", "daemon is gone");

                        break;

            };

 

            # is this an ENUM destination (leading +?)? give it a try, if the lookup

            # doesn't change URI, just continue

            if (uri=~"sip:\+[0-9]+@") {

                        if (!enum_query("voice")) { # if parameter empty, it defaults to "e2u+sip"

                                    enum_query(""); # E2U+sip

                        };

            } else {

                        # aliases  (take precedences over PSTN number; provisioning interface

                        # is set up to assinge aliases beginning with 8)

                        lookup("aliases");

            };

 

 

            # check again, if it is still for our domain after aliases are resolved

            if (!(uri=~"[@:](sip[\.)?(baltodb\.popdial\.com|66\.159\.88\.19)([;:].*)*" | uri=~"@66\.159\.88\.16([;:].*)*")) {

                        route(5);

                        break;

            };

 

                        # now check if it's about PSTN destinations through our gateway;

            # note that 8.... is exempted for numerical non-gw destinations

            if (uri=~"sip:\+?[0-79][0-9]*@.*") {

                        route(3);

                        break;

            };

 

            # native SIP destinations are handled using our USRLOC DB

            if (!lookup("location")) {

                        # handle user which was not found ...

                        route(4);

                        break;

            };

            # check whether some inventive user has uploaded  gateway

            # contacts to UsrLoc to bypass our authorization logic

                                    if (uri=~"sip:[+0-9]+@66\.159\.88\.16") {

                                    # it is gateway -- proceed to ACLs

                                    route(3);

                                    break;

                        };

 

            /* ... and also report on missed calls ... */

            setflag(3);

 

            # we now know we may, we know where, let it go out now!

            append_hf("P-hint: USRLOC\r\n");

            if (!t_relay()) {

                        sl_reply_error();

                        break;

            };

}

#------------------- OUTBOUND ----------------------------------------

 

# routing logic for outbound requests targeted out of our domain

# (keep in mind messages to our users can end up here too: for example,

#  an INVITE may be UsrLoc-ed, then the other party uses outbound

#  proxy with r-uri=the usr_loced addredd (typically IP))

route[2] {

            append_hf("P-hint: OUTBOUND\r\n");

            t_relay();

}

 

#------- ALIASED OUTBOUND --------------------------------------------

 

# routing logic for inbound requests aliased outbound; unlike

# with real outbound requests we do not force authentication

# as these calls are server by our server and we do not want

# to disqualify unathenticated request originatiors from other

# domains

route[5] {

            append_hf("P-hint: ALIASED-OUTBOUND\r\n");

            t_relay();

}

 

#----------------- PSTN ----------------------------------------------

 

# logic for calls to the PSTN

route[3] {

            # turn accounting on

            setflag(1);

 

            /* require all who call PSTN to be members of the "int" group;

               apply ACLs only to INVITEs -- we don't need to protect other requests, as they

               don't imply charges; also it could cause troubles when a call comes in via PSTN

               and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would

               fail then; exempt Cisco gateway from authentication by IP address -- it does not

               support digest

            */

            if (method=="INVITE" && (!src_ip==69.19.88.16)) {

                        if (!proxy_authorize(        "baltodb.popdial.com" /* realm */,

                                                                        "subscriber" /* table name */))  {

                                    proxy_challenge( "baltodb.popdial.com" /* realm */, "0" /* no qop */ );

                                    break;

                        };

                        # let's check from=id ... avoids accounting confusion

                        if (method=="INVITE" & !check_from()) {

                                    log("LOG: From Cheating attempt\n");

                                    sl_send_reply("403", "That is ugly -- use From=id next time (gw)");

                                    break;

                        };

 

                        if(!is_user_in("credentials", "int")) {

                                    sl_send_reply("403", "NO PSTN Privileges...");

                                    break;

                        };

                        consume_credentials();

 

            }; # INVITE to authorized PSTN

 

            # if you have passed through all the checks, let your call go to GW!

            rewritehostport("69.19.88.16:5060");

 

            # snom conditioner

            if (method=="INVITE" && search("User-Agent: snom")) {

                        replace("100rel, ", "");

            };

 

            append_hf("P-hint: GATEWAY\r\n");

            # use UDP to guarantee well-known sender port (TCP ephemeral)

            t_relay_to_udp("69.19.88.16","5060");

}

 

 

 

/* *********** handling of unavailable user ******************* */

 

route[4] {

/**/

            # message store

            if (method=="MESSAGE") {

                        t_newtran();

                        if (m_store("0")) {

                                    t_reply("202", "Accepted for Later Delivery");

                        } else {

                                    t_reply("503", "Service Unavailable");

                        };

                        break;

            };

/**/

            # non-Voip -- just send "off-line"

            if (!(method=="INVITE" || method=="ACK" || method=="CANCEL")) {

                        sl_send_reply("404", "Not Found");

                        break;

            };

            # voicemail subscribers ...

            t_newtran();

            t_reply("404", "Not Found");

            # we account missed incoming calls; previous statteful processing

            # guarantees that retransmissions are not accounted

            if (method=="INVITE") {

                        acc_db_request("404 missed call", "missed_calls");

            };

}