Greetings,
Proxy compiled with TLS support, tls is not turned on Routing script inclulded below. Underlying database is Sybase. The following is happening: There are 25 users having as a contact each other. Softphone is Bria. Without any calls, just subscribe/notify proxy is running out of the socket in one hour. The users are or outside coming via corp firewall, or if inside, the route is setup the way the going via corp firewall, so they are natted. Proxy is in DMS on the same network as firewall. There are no problems with nat traversal.
Daniel, could you please take look at the script?
Thanks a lot, Toly.
this is from log:
<receive.c: 206> receive_msg: cleaning up 08/15 20:12:58 29156 debug <ip_addr.c: 109> tcpconn_new: new tcp connection to: xxx.xxx.xxx.xx 08/15 20:12:58 29156 debug <tcp_main.c: 402> tcpconn_new: on port 58544, type 2 08/15 20:12:58 29156 debug <tcp_main.c: 497> tcpconn_add: hashes: 96, 45 08/15 20:12:58 29156 debug <tcp_main.c: 993> handle_new_connect: new connection: 0xb6485590 98 flags: 0002 08/15 20:12:58 29156 debug <tcp_main.c: 935> WARNING: send2child: no free tcp receiver, connection passed to the least busy one (1)
this is routing script:
log_facility=LOG_LOCAL2
debug=7 fork=yes log_stderror=no
listen=PROXY_ENV # This is where OpenSER installed port=5070 children=20
tcp_connect_timeout=2 tcp_max_connections=8192
reply_to_via = no sip_warning = yes check_via = no
dns=no rev_dns=no disable_dns_blacklist=true
disable_tls = 1 listen = tls:PROXY_ENV:5061 tls_verify_server = 1 tls_verify_client = 0 tls_require_client_certificate = 0 tls_method = SSLv23 tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
###########################################################33 ###########################################################33 ###########################################################33
mpath = "/usr/local/lib/openser/modules"
loadmodule "uac.so"
loadmodule "psybase.so"
loadmodule "pike.so" modparam("pike", "remove_latency", 120) modparam("pike", "reqs_density_per_unit", 10000) modparam("pike", "sampling_time_unit", 60)
loadmodule "mi_fifo.so" modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") modparam("mi_fifo", "fifo_mode", 0666 ) modparam("mi_fifo", "reply_dir", "/tmp/" ) modparam("mi_fifo", "reply_indent", "\t" )
loadmodule "xlog.so" modparam("xlog", "buf_size", 4096) modparam("xlog", "force_color", 0)
loadmodule "avpops.so" modparam("avpops", "db_url", "psybase://DB_USR:DB_PWD@DB_SRV/DB_DB") modparam("avpops", "avp_table", "usr_preferences") modparam("avpops", "use_domain", 1)
loadmodule "sl.so" modparam("sl", "enable_stats", 1)
loadmodule "tm.so" modparam("tm", "fr_timer", 30) modparam("tm", "fr_inv_timer", 120) modparam("tm", "wt_timer", 5) modparam("tm", "delete_timer", 2) modparam("tm", "noisy_ctimer", 0) modparam("tm", "ruri_matching", 1) modparam("tm", "via1_matching", 1) modparam("tm", "unix_tx_timeout", 2) modparam("tm", "restart_fr_on_each_reply", 1) modparam("tm", "pass_provisional_replies", 0)
loadmodule "maxfwd.so" modparam("maxfwd", "max_limit", 256)
loadmodule "uri.so"
loadmodule "uri_db.so" modparam("uri_db", "db_url", "psybase://DB_USR:DB_PWD@DB_SRV/DB_DB")
loadmodule "alias_db.so" modparam("alias_db", "db_url", "psybase://DB_USR:DB_PWD@DB_SRV/DB_DB") modparam("alias_db", "user_column", "username") modparam("alias_db", "domain_column", "domain") modparam("alias_db", "alias_user_column", "alias_username") modparam("alias_db", "alias_domain_column", "alias_domain") modparam("alias_db", "use_domain", 0)
loadmodule "dispatcher.so" modparam("dispatcher", "list_file", "/usr/local/etc/openser/dispatcher.list") #modparam("dispatcher", "dst_avp", "$avp(i:271)") #modparam("dispatcher", "grp_avp", "$avp(i:272)") #modparam("dispatcher", "cnt_avp", "$avp(i:273)") modparam("dispatcher", "flags", 2 ) # failover mode set flag=2
loadmodule "usrloc.so" modparam("usrloc", "timer_interval", 60) modparam("usrloc", "db_url", "psybase://DB_USR:DB_PWD@DB_SRV/DB_DB") modparam("usrloc", "db_mode", 2) modparam("usrloc", "use_domain", 1) modparam("usrloc", "nat_bflag", 6)
loadmodule "textops.so"
loadmodule "acc.so" # set the reporting log level modparam("acc", "log_level", 1) # number of flag, which will be used for accounting; if a message is # labeled with this flag, its completion status will be reported modparam("acc", "log_flag", 1 ) #modparam("acc", "log_flag", 0 ) modparam("acc", "db_flag", 1 ) modparam("acc", "log_missed_flag", 1 ) modparam("acc", "db_missed_flag", 1 ) modparam("acc", "db_table_acc", "acc") modparam("acc", "db_url", "psybase://DB_USR:DB_PWD@DB_SRV/DB_DB") modparam("acc", "log_extra", "src_ip=$si;src_user=$fU;src_domain=$fd;dst_user=$rU;dst_domain=$rd") modparam("acc", "db_extra", "src_ip=$si;src_user=$fU;src_domain=$fd;dst_user=$rU;dst_domain=$rd") modparam("acc", "report_cancels", 1)
loadmodule "auth.so" modparam("auth", "nonce_expire", 300) modparam("auth", "rpid_suffix", ";party=calling;id-type=subscriber;screen=yes") modparam("auth", "rpid_avp", "$avp(s:rpid)")
loadmodule "auth_db.so" modparam("auth_db", "db_url", "psybase://DB_USR:DB_PWD@DB_SRV/DB_DB") modparam("auth_db", "user_column", "username") modparam("auth_db", "domain_column", "domain") modparam("auth_db", "password_column", "password") modparam("auth_db", "password_column_2", "ha1b") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "use_domain", 0) modparam("auth_db", "load_credentials", "rpid")
loadmodule "domain.so" modparam("domain", "db_url", "psybase://DB_USR:DB_PWD@DB_SRV/DB_DB") modparam("domain", "db_mode", 1) modparam("domain", "domain_table", "domain") modparam("domain", "domain_col", "domain")
loadmodule "mediaproxy.so" modparam("mediaproxy","natping_interval", 10) modparam("mediaproxy","mediaproxy_socket", "/var/run/proxydispatcher.sock") modparam("mediaproxy","sip_asymmetrics","/usr/local/etc/openser/sip-asymmetric-clients") modparam("mediaproxy","rtp_asymmetrics","/usr/local/etc/openser/rtp-asymmetric-clients")
loadmodule "nathelper.so" modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_disable", 1) modparam("nathelper", "rtpproxy_disable_tout", 60) modparam("nathelper", "rtpproxy_tout", 1) modparam("nathelper", "rtpproxy_retr", 5) modparam("nathelper", "received_avp", "$avp(i:801)") modparam("nathelper", "sipping_from", "sip:pinger@parusivoip.net") modparam("nathelper", "sipping_method", "OPTIONS") modparam("nathelper", "sipping_bflag", 7)
loadmodule "registrar.so" modparam("registrar", "received_avp", "$avp(i:801)") modparam("registrar", "default_expires", 60) modparam("registrar", "min_expires", 50) modparam("registrar", "max_expires", 0) modparam("registrar", "default_q", 0) modparam("registrar", "append_branches", 1) modparam("registrar", "case_sensitive", 0) modparam("registrar", "received_param", "received") modparam("registrar", "max_contacts", 0) modparam("registrar", "retry_after", 0) modparam("registrar", "method_filtering", 0) modparam("registrar", "path_mode", 2) modparam("registrar", "path_use_received", 0)
loadmodule "rr.so" modparam("rr", "enable_full_lr", 1) modparam("rr", "append_fromtag", 1) modparam("rr", "enable_double_rr", 1) modparam("rr", "add_username", 0)
loadmodule "permissions.so" modparam("permissions", "db_url", "psybase://DB_USR:DB_PWD@DB_SRV/DB_DB") modparam("permissions", "db_mode", 1)
######################################################################## ######################################################################## ########################################################################
route { if ( is_method("REGISTER") ) { if ( !pike_check_req() ) { xlog("L_NOTICE", "TRACKING [0] ALARM - TOO MANY HITS ON REGISTER on IP=$si !!"); exit; } }; if ( is_method("INVITE") ) { if ( !pike_check_req() ) { xlog("L_NOTICE", "TRACKING [0] ALARM - TOO MANY HITS ON INVITE on IP=$si !!"); exit; } };
# ----------------------------------------------------------------- # Sanity Check Section # ----------------------------------------------------------------- if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); exit; };
if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); exit; };
xlog("L_NOTICE", "TRACKING [0] NEW REQUEST - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); force_rport();
# ----------------------------------------------------------------- # Record Route Section and Acc section # -----------------------------------------------------------------
if (method=="INVITE" && nat_uac_test("19")) { record_route_preset("PROXY_ENV:5070;nat=yes"); # This is where OpenSER installed xlog("L_NOTICE", "TRACKING [0] RECORD ROUTE PRESET- M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); } else if (method!="REGISTER") { xlog("L_NOTICE", "TRACKING [0] RECORD ROUTE - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); record_route(); };
append_hf("P-hint: rr-enforced\r\n");
if ( search("User-Agent: Parus.*") && is_method("BYE|REFER")) {
# check the transport of callee $avp(i:44) = $(ru{uri.user}); if ( $avp(i:44) != $tU ) { $avp(i:45) = $avp(i:44); } else { $avp(i:45) = $tU; }
avp_db_query("exec oserIsTcpTransport @to_user='$avp(i:45)', @td='$td'", "$avp(i:11)"); xlog("L_NOTICE", "TRACKING [0] BYE FROM ASTERISK - M=$rm RURI=$ru F=$fu T=$tu TU=$tU IP=$si ID=$si AVP11=$avp(i:11) AVP44=$avp(i:44) TD=$td"); if ( $avp(i:11) == "tcp" ) { xlog("L_NOTICE", "TRACKING [0] BYE FROM ASTERISK TRANSPORT IS TCP - M=$rm RURI=$ru F=$fu T=$tu TU=$tU IP=$si ID=$si"); add_uri_param("transport=tcp"); } else if ( $avp(i:11) == "tls" ) { xlog("L_NOTICE", "TRACKING [0] BYE FROM ASTERISK TRANSPORT IS TLS - M=$rm RURI=$ru F=$fu T=$tu TU=$tU IP=$si ID=$si"); add_uri_param("transport=tls"); } else if ( $avp(i:11) == "udp" ) { xlog("L_NOTICE", "TRACKING [0] BYE FROM ASTERISK TRANSPORT IS UDP - M=$rm RURI=$ru F=$fu T=$tu TU=$tU IP=$si ID=$si"); add_uri_param("transport=udp"); } else { xlog("L_NOTICE", "TRACKING [0] BYE FROM ASTERISK TRANSPORT IS NOT TCP - M=$rm RURI=$ru F=$fu T=$tu TU=$tU IP=$si ID=$si"); } }
# ----------------------------------------------------------------- # ACC Section # ----------------------------------------------------------------- if ( is_method("CANCEL|BYE|INVITE|MESSAGE") ) { setflag(1); };
# ----------------------------------------------------------------- # Call Tear Down Section # ----------------------------------------------------------------- if ( is_method("BYE|CANCEL") ) { xlog("L_NOTICE", "TRACKING [0] CALL TEAR DOWN: END_MEDIA_SESSION - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); end_media_session(); };
# ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route()) { xlog("L_NOTICE", "TRACKING LOOSE_ROUTE - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); if (!has_totag()) { xlog("L_NOTICE", "TRACKING LOOSE_ROUTE Initial loose-routing rejected - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); sl_send_reply("403", "Initial Loose-Routing Rejected"); exit; }
if ( is_method("INVITE") ) { if ( !allow_trusted() ) { if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); xlog("L_NOTICE", "TRACKING LOOSE_ROUTE proxy authorization failed - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); exit; } if (!check_from()) { sl_send_reply("403", "Spoofed from-URI Detected"); xlog("L_NOTICE", "TRACKING LOOSE_ROUTE spoofed from-URI etectet - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); exit; } consume_credentials(); xlog("L_NOTICE", "TRACKING LOOSE_ROUTE proxy authorized - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); }; };
if ( (nat_uac_test("19") || search("^Route:.*;nat=yes")) && is_method("INVITE|REFER|ACK") ) { setbflag(6); # NONONO fix_nated_contact() xlog("L_NOTICE", "TRACKING LOOSE_ROUTE using media proxy - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); use_media_proxy(); };
route(1); exit; };
# ----------------------------------------------------------------- # Call Type Processing Section # -----------------------------------------------------------------
if ( !is_uri_host_local() ) { if ( is_from_local() || allow_trusted() ) { xlog("L_NOTICE", "TRACKING[0] IS_FROM_LOCAL OR TRUSTED - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); } else { xlog("L_NOTICE", "TRACKING[0] NOT IS_FROM_LOCAL OR NOT TRUSTED - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); sl_send_reply("403", "Forbidden"); exit; } };
if ( is_method("CANCEL|BYE") ) { route(4); exit; } else if ( is_method("ACK") ) { route(1); exit; } else if ( is_method("INVITE") ) { route(3); exit; } else if ( is_method("REGISTER") ) { route(2); exit; } else if ( is_method("OPTIONS") ) { route(11); exit; } else if ( is_method("MESSAGE") ) { xlog("L_NOTICE", "TRACKING [14] ROUTE14 - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$si"); route(14); exit; };
if (!lookup("location")) { sl_send_reply("404", "User Not Found"); exit; };
xlog("L_NOTICE", "TRACKING[0] calling default route(1) M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); route(1); }
# ----------------------------------------------------------------- # Default Message Handler # ----------------------------------------------------------------- route[1] { xlog("L_NOTICE", "TRACKING [1] - M=$rm RURI=$ru D-URI=$du F=$fu T=$tu IP=$si ID=$si"); if(isbflagset(6)) { xlog("L_NOTICE", "TRACKING [1] USING NATed reply - M=$rm RURI=$ru D-URI=$du F=$fu T=$tu IP=$si ID=$si"); t_on_reply("1"); } else { xlog("L_NOTICE", "TRACKING [1] USING Standard reply - M=$rm RURI=$ru D-URI=$du F=$fu T=$tu IP=$si ID=$si"); t_on_reply("2"); }
if (!t_relay()) { xlog("L_NOTICE", "TRACKING [1] t_relay() Failed - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; exit; }
# ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- route[2] {
sl_send_reply("100", "Trying"); if (!www_authorize("","subscriber")) { www_challenge("","0"); exit; }; if (!check_to()) { sl_send_reply("401", "Unauthorized"); exit; }; consume_credentials();
if (!search("^Contact:\ +*") && nat_uac_test("19")) { fix_nated_register(); setbflag(6); setbflag(7); xlog("L_NOTICE", "TRACKING [2] Fixed nated register - M=$rm RURI=$ru D-URI=$du F=$fu T=$tu IP=$si ID=$si");
}
if (!save("location")) { xlog("L_NOTICE", "TRACKING [2] Saving contact failed - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); sl_reply_error(); }; xlog("L_NOTICE", "TRACKING [2] Registration successful - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci");
}
# ----------------------------------------------------------------- # INVITE Message Handler # ----------------------------------------------------------------- route[3] {
xlog("L_NOTICE", "TRACKING [3] - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci");
if ( !allow_trusted() ) { if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); xlog("L_NOTICE", "TRACKING [3] proxy authorization failed - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); exit; } if (!check_from()) { sl_send_reply("403", "Spoofed from-URI Detected"); xlog("L_NOTICE", "TRACKING [3] spoofed from-URI etectet - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); exit; } consume_credentials(); };
if (client_nat_test("3")) { fix_nated_contact(); setbflag(6); xlog("L_NOTICE", "TRACKING [3] FIX_NATED_CONTACT - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); };
if ( alias_db_lookup("dbaliases") ) { xlog("L_NOTICE", "TRACKING [3] callee was aliased - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); }
if ( !is_domain_local("$rd") ) { xlog("L_NOTICE", "TRACKING [3] call for foreign domain M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); route(5); route(1); exit; }
if ( does_uri_exist() ) { xlog("L_NOTICE", "TRACKING [3] callee was local - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); if (lookup("location")) { xlog("L_NOTICE", "TRACKING [3] LOOKUP LOCATION SUCC - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); append_hf("P-hint: usrloc applied\r\n"); remove_hf("Alert-Info"); if ( proto==tls ) { append_hf("Alert-Info: 1\r\n"); } route(5); t_on_branch("1"); route(1); exit; } };
xlog("L_NOTICE", "TRACKING [3] SOFTPHONE LOOKUP LOCATION NOT SUCC M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci");
# # call pstn handler # if ( route(7) ) { xlog("L_NOTICE", "TRACKING [3] call to PSTN handler successful M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); exit; # will never hit it } else { xlog("L_NOTICE", "TRACKING [3] call to PSTN handler failed M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); exit; # exit for now }
# # never hit this for now, possibly in the future if # forward to different domain or so # xlog("L_NOTICE", "TRACKING[3] calling default route(1) M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci");
route(1); exit; }
# ----------------------------------------------------------------- # PSTN call section # ----------------------------------------------------------------- route[7] { xlog("L_NOTICE", "TRACKING [37] PSTN SECTION M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci");
if (uri =~ "^sip:011.*@.*") { xlog("L_NOTICE", "TRACKING [37] PSTN SECTION ATTEMPT TO MAKE INTERNATIONAL CALL M=$rm RURI=$ru F=$fu T=$tu TU=$tu"); sl_send_reply("403", "Forbidden - no international calls"); return (-1); };
if ($(tU{s.len}) > 11 ) { strip(1); xlog("L_NOTICE", "TRACKING [37] PSTN SECTION MORE THEN 11 DIGITS M=$rm RURI=$ru F=$fu T=$tu TU=$tu"); sl_send_reply("403", "Forbidden - no international calls"); return (-1);
}
if ($(tU{s.len}) == 11 ) { strip(1); xlog("L_NOTICE", "TRACKING [37] PSTN SECTION STRIP ONE DIGIT M=$rm RURI=$ru F=$fu T=$tu TU=$tu"); }
if ( ($(rU{s.len}) != 10) && ($(rU{s.len}) != 2) && ($(rU{s.len}) != 3) && ($(rU{s.len}) != 4) && ($(rU{s.len}) != 1) ) { xlog("L_NOTICE", "TRACKING [37] S.LEN != 10 or 1 or 2 or 3 or 4 M=$rm RURI=$ru F=$fu T=$tu rU=$rU IP=$si ID=$ci"); sl_send_reply("403", "Forbidden - invalid number"); xlog("L_NOTICE", "TRACKING [7] LEAVING PSTN SECTION M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); return (-1); };
if (uri =~ "^sip:[2-9]{1}[0-9]{2}[2-9]{1}[0-9]{2}[0-9]{4}@.*") { xlog("L_NOTICE", "TRACKING [37] PSTN OUTBOUND $fU -> $ruri "); avp_db_query("exec oserGetCallIdForBvox @fU='$fU', @from_domain='$fd'", "$avp(i:12)"); uac_replace_from("$avp(i:12)"); xlog("L_NOTICE", "TRACKING [37] REPLACED FROM PSTN avp = $avp(i:12[1]) $fU -> $ruri "); route(5); # select next gateway simulates NEXTONE # 1 - DEV, 2 - PROD asterisk, 3 - john's nextone, 4 - prod nextone, 5 - qa ds_select_domain("GWGROUPID", "4"); t_on_failure("2"); xlog("L_NOTICE", "TRACKING [37] DISPATCHER FORWARD PSTN $fu -> $ruri "); route(1); return (1); # will never hit this
} else { xlog("L_NOTICE", "TRACKING [37] Attempt to dial invalid number $fu -> $tu"); sl_send_reply("403", "Forbidden - invalid number"); xlog("L_NOTICE", "TRACKING [37] LEAVING PSTN SECTION M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); return (-1); }; }
# ----------------------------------------------------------------- # DEV / TEST section # ----------------------------------------------------------------- route[6] { xlog("L_NOTICE", "TRACKING [6] DEV / TEST SECTION M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci");
}
# ----------------------------------------------------------------- # CANCEL or BYE handler # ----------------------------------------------------------------- route[4] { xlog("L_NOTICE", "TRACKING [4] - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); if (client_nat_test("3")) { fix_nated_contact(); xlog("L_NOTICE", "TRACKING [4] FIX_NATED_CONTACT - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); }; route(1); }
# ----------------------------------------------------------------- # NAT traversal section # ----------------------------------------------------------------- route[5] { xlog("L_NOTICE", "TRACKING [5] NAT TRAVERSAL SECTION - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); if (isbflagset(6)) { if (!isflagset(8)) { setflag(8); xlog("L_NOTICE", "TRACKING [5] BFLAG 6 IS SET, USING MEDIA PROXY - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); avp_printf("$avp(i:450)", "$dd"); if (avp_check("$avp(i:450)", "eq/$src_ip/g")) { xlog("L_NOTICE", "TRACKING [5] LOOKUP SUCC, FLAGS 6 AND 7 BEHIND SAME NAT $fu -> $tu $dd $src_ip"); } use_media_proxy(); }; }; }
# ------------------------------------------------------------------------ # OPTIONS Message Handling # ------------------------------------------------------------------------ route[11] { xlog("L_NOTICE", "TRACKING [11] OPTIONS - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci"); if(nat_uac_test("19")) { fix_nated_contact(); setbflag(6); } xlog("L_NOTICE", "TRACKING [11] - M=$rm RURI=$ru D-URI=$du F=$fu T=$tu IP=$si ID=$si"); sl_send_reply("200", "Got it"); exit; }
# ----------------------------------------------------------------- # NAT reply route # ----------------------------------------------------------------- onreply_route[1] {
xlog("L_NOTICE", "TRACKING ONREPLY_ROUTE[1] NAT REPLY M=$rm S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci");
if (nat_uac_test("1")) { xlog("L_NOTICE", "TRACKING ONREPLY_ROUTE[1] CLIENT_NAT_TEST FIXED NATED CONTACT M=$rm S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci"); fix_nated_contact(); };
# we are checking here for a progressing return... ie a 180 Ringing or # 183 session progress -- if this occurs we don't care from here on # about failures as a gateway is handling the call...
if( status =~ "18[0-9]" ) { xlog( "L_NOTICE", "TRACKING ONREPLY_ROUTE[1] [$Tf] ORR: $ci -- SIP-$rs Reset t_on_failure()\n"); t_on_failure("0"); } else { xlog( "L_NOTICE", "TRACKING ONREPLY_ROUTE[1] [$Tf] ORR: $ci -- $rs $rr\n" ); }
if ( isbflagset(6) && (status=~"(180)|(183)|2[0-9][0-9]")) { #if (!search("^Content-Length:\ +0")) { if ( $cl > 0 ) { xlog("L_NOTICE", "TRACKING ONREPLY_ROUTE[1] USE MEDIA PROXY M=$rm S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci"); use_media_proxy(); }; };
exit; }
# ----------------------------------------------------------------- # standard reply route # ----------------------------------------------------------------- onreply_route[2] { xlog("L_NOTICE", "TRACKING ONREPLY_ROUTE[2] STANDARD REPLY- M=$rm S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n"); # we are checking here for a progressing return... ie a 180 Ringing or # 183 session progress -- if this occurs we don't care from here on # about failures as a gateway is handling the call...
if( status =~ "18[0-9]" ) { xlog( "L_NOTICE", "TRACKING ONREPLY_ROUTE[2] [$Tf] ORR: $ci -- SIP-$rs Reset t_on_failure()\n"); t_on_failure("0"); } else { xlog( "L_NOTICE", "TRACKING ONREPLY_ROUTE[2] [$Tf] ORR: $ci -- $rs $rr\n" ); } exit; }
# ----------------------------------------------------------------- # FAILURE route # ----------------------------------------------------------------- failure_route[1] { xlog("L_NOTICE", "TRACKING FAILURE_ROUTE [1] - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci");
if(t_check_status("408|500|503")) { if ( t_check_status("408") ) { if ( ds_next_domain() ) { xlog("L_NOTICE", "TRACKING FAILURE_ROUTE [1] TRYING NEXT GW - M=$rm S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n"); t_on_failure("1"); route(1); return; } } else { xlog("L_NOTICE", "TRACKING FAILURE_ROUTE [1] NOT 408 STATUS - M=$rm S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n"); t_reply("503", "Service not available"); return; } } }
# ----------------------------------------------------------------- # FAILURE route # ----------------------------------------------------------------- failure_route[2] {
# If fr_timer expires t_check_status("408") is true, although $rs is <null> if( t_check_status("408") ){ xlog( "L_NOTICE", "TRACKING FAILURE_ROUTE [2] [$Tf] FR: $ci -- TIMEOUT for Gateway $rd\n" ); } else { xlog( "L_NOTICE", "TRACKING FAILURE_ROUTE [2] [$Tf] FR: $ci -- $rs reason $rr\n" ); }
# basically what we do is # 1. not worry about reasonable failures (ie busy, wrong number etc...) # 2. go to next destination gateway # 3. if no destination gateway then 503 (service unavailable)
# 403 -- typically ISDN network says 'not a valid number' etc.. if( t_check_status("403") ){ xlog("L_NOTICE", "TRACKING FAILURE_ROUTE [2] [$Tf] FR: $ci -- SIP-$rs Forbidden -> ISDN Cause Code 1\n" ); end_media_session(); return; }
# 408 -- timeout -- typically the end party has not answered # Since we cancel t_on_failure() on a provisional response we should not be # getting a 408 timeout from a gateway at this stage.. it will just "fall through" #if( t_check_status("408") ){ # xlog("L_NOTICE", "TRACKING FAILURE_ROUTE [2] [$Tf] FR: $ci -- SIP-$rs Timeout\n" ); # return; #}
# 486 -- User Busy if( t_check_status("486") ){ xlog("L_NOTICE", "TRACKING FAILURE_ROUTE [2] [$Tf] FR: $ci -- SIP-$rs Destination Busy\n" ); end_media_session(); return; }
# 487 -- Request Cancelled (usually in response to a CANCEL transaction) if( t_check_status("487") ){ xlog("L_NOTICE", "TRACKING FAILURE_ROUTE [2] [$Tf] FR: $ci -- SIP-$rs Request Cancelled\n" ); end_media_session(); return; }
# ok... so at this stage we try the next gateway (unless we don't have one) # if no next gateway we bail... if( ds_next_domain() ){ #t_on_reply("1"); t_on_failure("2"); xlog( "L_NOTICE", "TRACKING FAILURE_ROUTE [2] [$Tf] FR: $ci Next gateway $fU -> $tU via $rd\n" ); route(1); return; } else { xlog( "L_NOTICE", "TRACKING FAILURE_ROUTE [2] [$Tf] FR: $ci No more gateways -> 503.\n" ); end_media_session(); t_reply("503", "Service unavailable -- no more gateways" ); return; }
}
# ----------------------------------------------------------------- # BRANCH route # ----------------------------------------------------------------- branch_route[1] { if (isbflagset(6)) { xlog("L_NOTICE", "TRACKING BRANCH_ROUTE[1] Branch marked as NATed- M=$rm branch=$T_branch_idx, branch flags=$bf F=$fu T=$tu IP=$si ID=$ci"); } else { xlog("L_NOTICE", "TRACKING BRANCH_ROUTE[1] Branch marked as not NATed- M=$rm branch=$T_branch_idx, branch flags=$bf F=$fu T=$tu IP=$si ID=$ci"); } }
# ------------------------------------------------------------------------ # MESSAGE Message Handling # ------------------------------------------------------------------------ route[14] { if (!lookup("location")) { sl_send_reply("404", "User Not Found"); exit; };
route(1); }
Hello,
they are debug or warning messages. What do you mean by proxy is running out of the socket in one hour?
Cheers, Daniel
On 08/16/08 04:56, toly wrote:
Greetings,
Proxy compiled with TLS support, tls is not turned on Routing script inclulded below. Underlying database is Sybase. The following is happening: There are 25 users having as a contact each other. Softphone is Bria. Without any calls, just subscribe/notify proxy is running out of the socket in one hour. The users are or outside coming via corp firewall, or if inside, the route is setup the way the going via corp firewall, so they are natted. Proxy is in DMS on the same network as firewall. There are no problems with nat traversal.
Daniel, could you please take look at the script?
Thanks a lot, Toly.
this is from log:
<receive.c: 206> receive_msg: cleaning up 08/15 20:12:58 29156 debug <ip_addr.c: 109> tcpconn_new: new tcp connection to: xxx.xxx.xxx.xx 08/15 20:12:58 29156 debug <tcp_main.c: 402> tcpconn_new: on port 58544, type 2 08/15 20:12:58 29156 debug <tcp_main.c: 497> tcpconn_add: hashes: 96, 45 08/15 20:12:58 29156 debug <tcp_main.c: 993> handle_new_connect: new connection: 0xb6485590 98 flags: 0002 08/15 20:12:58 29156 debug <tcp_main.c: 935> WARNING: send2child: no free tcp receiver, connection passed to the least busy one (1)
this is routing script: [...]
Daniel,
Could you explain what does these messages mean? Lack or resources? I have configured children=20. What are the calculation for number of children?
Thanks, Toly
Hello,
On 08/19/08 04:09, toly wrote:
Daniel,
Could you explain what does these messages mean? Lack or resources? I have configured children=20. What are the calculation for number of children?
the number of children depends on the load of the server. If you have lot of tcp traffic, it is recommended to create more tcp children than udp children. Socket management is a matter of operating system, do you have lot of connections open at same time? Are there other applications doing tcp?
Cheers, Daniel
Thanks, Toly
Hello Daniel,
I have currently 25 users having as a contact each other, so it's 25 times 25 sending subscribe/notify. UA - bria is set to TCP transport. So far it's 25 people inside the company, from 9 am all 25 are registered, so I guess it's 25 connections. Until today tcp_connection_lifetime was not set so according to the doc it was 120. I set it up to 3600. parameter children was set 28 parameter tcp_children parameter was not set, I set it up to 40. The other application which is using tcp is sybase module which connects to remote database. With children=28 there are 428 connection to sybase.
Suppose there will be few thousand users, all UA's on tcp transport. Then I will have to have tcp_children set to such high number?
Will changing transport for UA's solve this problem?
I found other thread which discusses the same issue: http://www.mail-archive.com/devel@lists.openser.org/msg02011.html
Do you know by the chance what are children and tcp_children values set up at iptel.org?
Thanks, Toly
-
Daniel-Constantin Mierla -
toly