[Serusers] Re: Serusers Digest, Vol 23, Issue 4 - sr-users

3 Mar 2005


      hi list..
i am winda 
i make SER and it work well in local network. when i establish SER server in public network. it cannot run. i have read the milist and the solution are nethelper and mediaproxy/rtp proxy. i want ask how to start to make nathelper+rtp proxy? please explain me step by step?...
oh ya.. i also read about  rtp proxy, maxim's rtp proxy and media proxy. can you explain me what is the different?
Thanks for help....:-)
serusers-request@lists.iptel.org wrote:
Send Serusers mailing list submissions to
serusers@lists.iptel.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.iptel.org/mailman/listinfo/serusers
or, via email, send a message with subject or body 'help' to
serusers-request@lists.iptel.org
You can reach the person managing the list at
serusers-owner@lists.iptel.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Serusers digest..."
Today's Topics:
1. FREEBSD ser cvs adn 0.90 ERROR ( )
2. Re: http / https in Userloc db (Jan Janak)
3. Re: http / https in Userloc db (Martin Koenig)
4. Re: RTP Wiretapping (Java Rockx)
5. Re: http / https in Userloc db (Jan Janak)
6. Re: http / https in Userloc db (Marian Dumitru)
7. compiling LCR into 0.10-dev (Iqbal)
8. Re: http / https in Userloc db (Jan Janak)
9. serweb question (johnny Laura)
10. Problem with SER and RADIUS on the different machine (Alex Jeon)
11. Re: serweb question (Alistair Cunningham)
12. Re: RTP Wiretapping (Steve Blair)
13. Got Error in Nathelper "extract_mediaip: no `c=' in SDP"
(Markus Monka)
14. Re: username of from with avp_check (Marian Dumitru)
15. RE: Outbound proxy definition (Vitaly Nikolaev)
16. problem (soft phoe is onfigured with SIP Express Router)
(anil pal)
17. Re: rtpproxy must be located on the same machine with SIP
server?? (Mohammad Khan)
18. Claims of ser-0.9 RFC3261 Violation (Java Rockx)
19. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev)
20. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx)
21. Mediaproxy error (Terry Mac Millan)
22. Re: Claims of ser-0.9 RFC3261 Violation (Klaus Darilion)
23. RE: Claims of ser-0.9 RFC3261 Violation (Linda Xiao)
24. SER+SERWEB+MSILO (harry gaillac)
25. log question (Mohammad Khan)
26. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev)
27. RE: log question (Vitaly Nikolaev)
28. Re: Mediaproxy error (Terry Mac Millan)
29. RE: Claims of ser-0.9 RFC3261 Violation (Jain, Rajnish)
30. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx)
31. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx)
32. compiling LCR into 0.10-dev (Juha Heinanen)
33. Re: compiling LCR into 0.10-dev (Iqbal)
34. Re: Claims of ser-0.9 RFC3261 Violation (Java Rockx)
35. RE: Claims of ser-0.9 RFC3261 Violation (Vitaly Nikolaev)
36. :-(( (Mohammad Khan)
----------------------------------------------------------------------
Message: 1
Date: Wed, 02 Mar 2005 14:03:08 +0800
From: " " 
Subject: [Serusers] FREEBSD ser cvs adn 0.90 ERROR
To: serusers@lists.iptel.org
Message-ID: 20050302060308.CCE8F13D@mail.fivewall.com
Content-Type: text/plain; charset=
Hi! all
FreeBSD 5.3,latest cvs and 0.90 have problem when /usr/local/sbin/serctl get
ser# ps -ax
PID TT STAT TIME COMMAND
0 ?? DLs 0:00.01 [swapper]
1 ?? SLs 0:00.07 /sbin/init --
2 ?? DL 0:00.03 [g_event]
3 ?? DL 0:00.12 [g_up]
4 ?? DL 0:00.30 [g_down]
5 ?? DL 0:00.00 [thread taskq]
6 ?? DL 0:00.00 [kqueue taskq]
7 ?? IL 0:00.00 [acpi_task0]
8 ?? IL 0:00.00 [acpi_task1]
9 ?? IL 0:00.00 [acpi_task2]
10 ?? DL 0:00.00 [ktrace]
11 ?? RL 6:47.97 [idle]
12 ?? WL 0:00.00 [irq1: atkbd0]
13 ?? WL 0:00.00 [irq3: sio1]
14 ?? WL 0:00.00 [irq4: sio0]
15 ?? WL 0:00.00 [irq5:]
16 ?? WL 0:00.00 [irq6: fdc0]
17 ?? WL 0:00.00 [irq7: ppc0]
18 ?? WL 0:00.00 [irq8: rtc]
19 ?? WL 0:00.00 [irq9: acpi0]
20 ?? WL 0:00.00 [irq10:]
21 ?? WL 0:00.00 [irq11:]
22 ?? WL 0:00.00 [irq12: psm0]
23 ?? WL 0:00.00 [irq13:]
24 ?? WL 0:00.06 [irq14: ata0]
25 ?? WL 0:00.00 [irq15: ata1]
26 ?? WL 0:00.00 [irq16:]
27 ?? WL 0:00.00 [irq17: bt0]
28 ?? WL 0:00.04 [irq18: lnc0]
29 ?? WL 0:00.00 [irq19: uhci0]
30 ?? WL 0:00.00 [irq20:]
31 ?? WL 0:00.00 [irq21:]
32 ?? WL 0:00.00 [irq22:]
33 ?? WL 0:00.00 [irq23:]
34 ?? WL 0:00.00 [irq0: clk]
35 ?? WL 0:00.63 [swi5: clock sio]
36 ?? WL 0:00.00 [swi4: vm]
37 ?? WL 0:00.03 [swi1: net]
38 ?? DL 0:00.04 [yarrow]
39 ?? WL 0:00.00 [swi6:+]
40 ?? WL 0:00.00 [swi2: camnet]
41 ?? WL 0:00.00 [swi3: cambio]
42 ?? WL 0:00.00 [swi6: acpitaskq]
43 ?? WL 0:00.00 [swi6: task queue]
44 ?? WL 0:00.06 [swi6:+]
45 ?? DL 0:00.00 [usb0]
46 ?? DL 0:00.00 [usbtask]
47 ?? WL 0:00.00 [swi0: sio]
48 ?? DL 0:00.00 [fdc0]
49 ?? DL 0:00.00 [pagedaemon]
50 ?? DL 0:00.00 [vmdaemon]
51 ?? DL 0:00.59 [pagezero]
52 ?? DL 0:00.00 [bufdaemon]
53 ?? DL 0:00.03 [syncer]
54 ?? DL 0:00.00 [vnlru]
55 ?? DL 0:00.01 [hpt_wt]
56 ?? IL 0:00.00 [nfsiod 0]
57 ?? IL 0:00.00 [nfsiod 1]
58 ?? IL 0:00.00 [nfsiod 2]
59 ?? IL 0:00.00 [nfsiod 3]
60 ?? DL 0:00.07 [schedcpu]
179 ?? Is 0:00.00 adjkerntz -i
245 ?? Ss 0:00.03 /sbin/dhclient lnc0
272 ?? Is 0:00.00 /sbin/devd
292 ?? Ss 0:00.04 /usr/sbin/syslogd -s
367 ?? Ss 0:00.01 /usr/sbin/usbd
403 ?? Ss 0:00.03 /usr/sbin/sshd
409 ?? Ss 0:00.04 sendmail: accepting connections (sendmail)
413 ?? Is 0:00.01 sendmail: Queue runner@00:30:00 for /var/spool/client
425 ?? Ss 0:00.02 /usr/sbin/cron -s
439 ?? Ss 0:00.18 /usr/local/sbin/httpd
471 ?? I 0:00.07 /usr/local/sbin/ser -P /var/run/ser.pid
472 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
473 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
474 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
475 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
476 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
477 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
478 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
479 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
480 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
481 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
482 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
483 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
484 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
485 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
486 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
487 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
488 ?? I 0:00.00 /usr/local/sbin/ser -P /var/run/ser.pid
489 ?? S 0:00.08 /usr/local/sbin/ser -P /var/run/ser.pid
490 ?? S 0:00.04 /usr/local/sbin/ser -P /var/run/ser.pid
491 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
492 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
493 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
494 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
495 ?? S 0:00.04 /usr/local/sbin/ser -P /var/run/ser.pid
496 ?? S 0:00.02 /usr/local/sbin/ser -P /var/run/ser.pid
497 ?? S 0:00.03 /usr/local/sbin/ser -P /var/run/ser.pid
498 ?? S 0:00.02 /usr/local/sbin/ser -P /var/run/ser.pid
499 ?? I 0:00.00 /usr/local/sbin/httpd
500 ?? I 0:00.00 /usr/local/sbin/httpd
501 ?? I 0:00.00 /usr/local/sbin/httpd
502 ?? I 0:00.00 /usr/local/sbin/httpd
503 ?? I 0:00.00 /usr/local/sbin/httpd
524 ?? Is 0:00.01 /usr/sbin/inetd -wW -C 60
583 ?? Ss 0:00.08 sshd: lynx [priv] (sshd)
586 ?? S 0:00.09 sshd: lynx@ttyp0 (sshd)
587 p0 Ss 0:00.04 -sh (sh)
588 p0 S 0:00.05 su
589 p0 S 0:00.08 _su (csh)
595 p0 R+ 0:00.03 ps -ax
536 v0 Is+ 0:00.01 /usr/libexec/getty Pc ttyv0
537 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1
538 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2
539 v3 Is+ 0:00.01 /usr/libexec/getty Pc ttyv3
540 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4
541 v5 Is+ 0:00.01 /usr/libexec/getty Pc ttyv5
542 v6 Is+ 0:00.01 /usr/libexec/getty Pc ttyv6
543 v7 Is+ 0:00.01 /usr/libexec/getty Pc ttyv7
443 con- I 0:00.04 /bin/sh /usr/local/bin/mysqld_safe --user=mysql --dat
468 con- S 0:01.00 /usr/local/libexec/mysqld --basedir=/usr/local --data
ser# serctl moni
[: unexpected operator
[: -ne: unexpected operator
ser#
----
ZhongShan Ether Network Security Inc 
---------------------------------------------------------
------------------------------
Message: 2
Date: Wed, 2 Mar 2005 12:39:16 +0100
From: Jan Janak 
Subject: Re: [Serusers] http / https in Userloc db
To: Marian Dumitru 
Cc: serusers@lists.iptel.org, Martin Koenig
Message-ID: 20050302113916.GF3487@localhost.localdomain
Content-Type: text/plain; charset=iso-8859-2
On 02-03 10:32, Marian Dumitru wrote:
...
Hi Martin,
As far as I know it could be one of the new SNOM specific feature - it 
advertise the http location of the web configuration page. But if recall 
correctly, the header name should by WWW-Contact, not Contact.
Anyhow, it will be a good idea for register to check the contact 
validity before inserting into usrloc.
That's one interesting question. What is a valid contact ? A regular
proxy would not be able to contact URI with http scheme, that's clear.
But that does not mean yet that the contact is not valid, because
RFC3261 allows any sort of URI to appear there.
On the other hand, a redirect server would just take this URI, put it
into a 3xx response and send it back the the calling UA. If the calling
UA is unable to reach the called party, it might display the contents
of the HTTP URL or do some other magic.
For that reason I think that there should be no limitation of what
gets into the user location database.
Jan.
------------------------------
Message: 3
Date: Wed, 02 Mar 2005 13:08:39 +0100
From: Martin Koenig 
Subject: Re: [Serusers] http / https in Userloc db
To: Jan Janak 
Cc: serusers@lists.iptel.org
Message-ID: 4225ACC7.8060500@toplink-plannet.de
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Jan,
if any uri (according to RFC) is allowed in URI, then ser should not 
issue an error message on lookup("location"):
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0 
parsed: (4) / (23)
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri: 
http://192.168.0.206:80
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0 
parsed: (4) / (25)
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri: 
https://192.168.0.206:443
Especially not a "bad_uri" error message, because it is not a bad uri 
indeed. Some debug-warning about ignoring this or that contact because 
it was not SIP/SIPS will do. What do you think?
Either way, I think there is need for some cleanup.
Regards,
Martin
Jan Janak schrieb:
...
On 02-03 10:32, Marian Dumitru wrote:
...
Hi Martin,
As far as I know it could be one of the new SNOM specific feature - it 
advertise the http location of the web configuration page. But if recall 
correctly, the header name should by WWW-Contact, not Contact.
Anyhow, it will be a good idea for register to check the contact 
validity before inserting into usrloc.
That's one interesting question. What is a valid contact ? A regular
proxy would not be able to contact URI with http scheme, that's clear.
But that does not mean yet that the contact is not valid, because
RFC3261 allows any sort of URI to appear there.
On the other hand, a redirect server would just take this URI, put it
into a 3xx response and send it back the the calling UA. If the calling
UA is unable to reach the called party, it might display the contents
of the HTTP URL or do some other magic.
For that reason I think that there should be no limitation of what
gets into the user location database.
Jan.

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
------------------------------
Message: 4
Date: Wed, 2 Mar 2005 07:16:59 -0500
From: Java Rockx 
Subject: Re: [Serusers] RTP Wiretapping
To: ser@cannes.f9.co.uk
Cc: serusers@lists.iptel.org
Message-ID: 359a65820503020416142a33c@mail.gmail.com
Content-Type: text/plain; charset=US-ASCII
I was thinking about having a group called "spy" in the grp table and
anyone with this ACL would be sent to a modified mediaproxy that would
capture the RTP.
User that don't have the "spy" ACL would be handled normally and if
NAT traversal is needed then use an unmodified media proxy.
Regards,
Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris wrote:
...
Why not use a from/to etc detection in .cfg (using database...)
to trigger a remote proxy through the requesting agency
They then have the capture issue
and you have no monitor or delivery issues?
Might require conditions of their placement of a proxy?
(but is their problem)
Regards
Chris
-----Original Message-----
From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On
Behalf Of Java Rockx
Sent: 26 February 2005 14:29
To: serusers@lists.iptel.org
Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications
Assistance for Law Enforcement Act (CALEA) that Congress passed which
basically says that VoIP providers should have the ability to wiretap
conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be
CALEA compliant? I assume I should be able to modify mediaproxy to
write RTP streams to disk, but I'm unclear on how to "mix" both sides
of the conversation.
Can anyone help with a suggestion?
Regards,
Paul

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
------------------------------
Message: 5
Date: Wed, 2 Mar 2005 13:42:03 +0100
From: Jan Janak 
Subject: Re: [Serusers] http / https in Userloc db
To: Martin Koenig 
Cc: serusers@lists.iptel.org
Message-ID: 20050302124203.GG3487@localhost.localdomain
Content-Type: text/plain; charset=iso-8859-2
The error message is not issued by lookup("location"), it is issued by
t_relay() when you try to forward the message to the HTTP URI.
It should be easy to write a function that would be called before
t_relay (or after lookup) and that would filter out URI schemes
unsupported by SER.
For the Request-URI you can do that from the script:
if (uri =~ "^http") {
do something
};
But that would not check additional branches used for parallel forking.
Jan.
On 02-03 13:08, Martin Koenig wrote:
...
Jan,
if any uri (according to RFC) is allowed in URI, then ser should not 
issue an error message on lookup("location"):
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0 
parsed: (4) / (23)
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri: 
http://192.168.0.206:80
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0 
parsed: (4) / (25)
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri: 
https://192.168.0.206:443
Especially not a "bad_uri" error message, because it is not a bad uri 
indeed. Some debug-warning about ignoring this or that contact because 
it was not SIP/SIPS will do. What do you think?
Either way, I think there is need for some cleanup.
Regards,
Martin
Jan Janak schrieb:
...
On 02-03 10:32, Marian Dumitru wrote:
...
Hi Martin,
As far as I know it could be one of the new SNOM specific feature - it 
advertise the http location of the web configuration page. But if recall 
correctly, the header name should by WWW-Contact, not Contact.
Anyhow, it will be a good idea for register to check the contact 
validity before inserting into usrloc.
That's one interesting question. What is a valid contact ? A regular
proxy would not be able to contact URI with http scheme, that's clear.
But that does not mean yet that the contact is not valid, because
RFC3261 allows any sort of URI to appear there.
On the other hand, a redirect server would just take this URI, put it
into a 3xx response and send it back the the calling UA. If the calling
UA is unable to reach the called party, it might display the contents
of the HTTP URL or do some other magic.
For that reason I think that there should be no limitation of what
gets into the user location database.
Jan.

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
------------------------------
Message: 6
Date: Wed, 02 Mar 2005 14:04:12 +0100
From: Marian Dumitru 
Subject: Re: [Serusers] http / https in Userloc db
To: Jan Janak 
Cc: serusers@lists.iptel.org, Martin Koenig
Message-ID: 4225B9CC.304@voice-sistem.ro
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Hi Jan,
So some URI checking is required and indeed, if you want to allow 
clients to perform that magic you mentioned, the checking should be done 
after extracting the URIs from usrloc.
But should be very clear if a contact URI can or cannot be involved in 
SIP signaling - used for forwarding. One note here - it's interesting 
what will be the impact on nathelper when it will start doing NAT ping 
to non-SIP URIs :-).
Anyhow, the best place to do the checking is before t_relay(). If you do 
th filtering immediately after lookup(), you will loose the Redirect 
Server functionality.
Best regards,
Marian
Jan Janak wrote:
...
The error message is not issued by lookup("location"), it is issued by
t_relay() when you try to forward the message to the HTTP URI.
It should be easy to write a function that would be called before
t_relay (or after lookup) and that would filter out URI schemes
unsupported by SER.
For the Request-URI you can do that from the script:
if (uri =~ "^http") {
do something
};
But that would not check additional branches used for parallel forking.
Jan.
On 02-03 13:08, Martin Koenig wrote:
...
Jan,
if any uri (according to RFC) is allowed in URI, then ser should not 
issue an error message on lookup("location"):
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0 
parsed: (4) / (23)
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri: 
http://192.168.0.206:80
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: parse_uri: bad uri, state 0 
parsed: (4) / (25)
Mar 2 12:58:17 s-p1 ser[1711]: ERROR: uri2proxy: bad_uri: 
https://192.168.0.206:443
Especially not a "bad_uri" error message, because it is not a bad uri 
indeed. Some debug-warning about ignoring this or that contact because 
it was not SIP/SIPS will do. What do you think?
Either way, I think there is need for some cleanup.
Regards,
Martin
Jan Janak schrieb:
...
On 02-03 10:32, Marian Dumitru wrote:
...
Hi Martin,
As far as I know it could be one of the new SNOM specific feature - it
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com