Hi,
I am making some progress. I still can not call "internal" sip-sip numbers, but now, instead of insisting on forwarding to the gateway, SER 404's. Debug says that the called party is not in usrloc, although I can see the entry in the location table in the db.
I have attached my ser.cfg, output from debug, and ngrep in the hope that someone can show me the error of my ways.
-------------ser.cfg------------------------------------------
# # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=4 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode #debug=7 #fork=no #log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=yes # (cmd. line: -R) #port=5060 children=4 fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/ser/modules/mysql.so" loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr//lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/domain.so" loadmodule "/usr/lib/ser/modules/auth.so" loadmodule "/usr/lib/ser/modules/auth_db.so" loadmodule "/usr/lib/ser/modules/acc.so" loadmodule "/usr/lib/ser/modules/exec.so" loadmodule "/usr/lib/ser/modules/group.so" #loadmodule "/usr/lib/ser/modules/msilo.so" #loadmodule "/usr/lib/ser/modules/print.so" #loadmodule "/usr/lib/ser/modules/textops.so" #loadmodule "/usr/lib/ser/modules/jabber.so" loadmodule "/usr/lib/ser/modules/uri.so" #loadmodule "/usr/lib/ser/modules/vm.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # #modparam("usrloc", "db_url", "sql://ser:<password>@localhost/ser")
modparam("usrloc", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("auth_db", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("group", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("uri", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("domain", "db_url", "sql://ser:heslo@wlgcd1:3306/ser")
modparam("auth_db", "calculate_ha1", yes)
# # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# -- acc params -- modparam("acc", "log_level", 1) # that is the flag for which we will account -- don't forget to # set the same one :-) modparam("acc", "log_flag", 2 )
# ------------------------- Domains Covered ------------------------ alias="fx.net.nz" alias="vixen" alias="vixen.fx.net.nz" alias="202.53.189.50" alias="special.fx.net.nz" alias="wlgvx1.fx.net.nz" #alias="202.53.189.23" #alias="202.49.159.10"
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages if (!mf_process_maxfwd_header("10")) { log("LOG: Too many hops\n"); sl_send_reply("483","Too Many Hops"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Wow -- Message too large"); break; };
/* ********* RR ********************************** */
/* grant Route routing if route headers present */ if (loose_route()) { t_relay(); break; };
setflag(2);
/* record-route INVITEs -- all subsequent requests must visit us */ if (method=="INVITE") { record_route(); };
lookup("aliases");
if (uri==myself) { if (method=="REGISTER") { # digest authentication log(1,"request for registration"); if (!www_authorize("vixen.fx.net.nz", "subscriber")) { www_challenge("vixen.fx.net.nz", "0"); break; }; # setflag(3); save("location"); break; }; }
# now check if it really is a PSTN destination which should be handled # by our gateway; if not, and the request is an invitation, drop it -- # we cannot terminate it in PSTN; relay non-INVITE requests -- it may # be for example BYEs sent by gateway to call originator if (!uri=~"sip:+?[0-9]+@.*") {if (method=="INVITE") { sl_send_reply("403", "Call cannot be served here"); } else { forward(uri:host, uri:port); }; break; };
# account completed transactions via syslog setflag(1);
# free call destinations ... no authentication needed if ( is_user_in("Request-URI", "local") /* free destinations */ | uri=~"sip:[8][0-9][0-9][0-9]@.*" /* local PBX */ | uri=~"sip:98[0-9][0-9][0-9][0-9]") { log("free call");
} else if (src_ip==202.7.4.40) { # our gateway doesn't support digest authentication; # verify that a request is coming from it by source # address log("gateway-originated request"); } else { # in all other cases, we need to check the request against # access control lists; first of all, verify request # originator's identity
if (!proxy_authorize( "vixen.fx.net.nz" /* realm */, "subscriber" /* table name */)) { proxy_challenge( "vixen.fx.net.nz" /* realm */, "0" /* no qop */ ); break; };
# authorize only for INVITEs -- RR/Contact may result in weird # things showing up in d-uri that would break our logic; our # major concern is INVITE which causes PSTN costs
if (method=="INVITE") {
# does the authenticated user have a permission for local # calls (destinations beginning with a single zero)? # (i.e., is he in the "local" group?) if (uri=~"sip:0[1-9][0-9]+@.*") { if (!is_user_in("credentials", "local")) { sl_send_reply("403", "No permission for local calls"); break; }; # the same for long-distance (destinations begin with two zeros") } else if (uri=~"sip:00[1-9][0-9]+@.*") { if (!is_user_in("credentials", "ld")) { sl_send_reply("403", " no permission for LD "); break; }; # the same for international calls (three zeros) } else if (uri=~"sip:000[1-9][0-9]+@.*") { if (!is_user_in("credentials", "int")) { sl_send_reply("403", "International permissions needed"); break; }; # everything else (e.g., interplanetary calls) is denied } else { sl_send_reply("403", "Forbidden"); break; };
}; # INVITE to authorized PSTN
};
# if you have passed through all the checks, let your call go to the next stage! # native SIP destinations are handled using our USRLOC DB
if(!lookup("aliases")){ log(1,"Couldn't find any matching alias"); sl_send_reply("404", "User does not exist"); break; }; if(!lookup("location")) { log(1,"unable to locate user");
# attempt handoff to PSTN. log( "Forwarding to PSTN\n" ); rewritehost( "202.7.4.40" ); forward( "202.7.4.40", 5060 ); ----------end ser.cfg----------------------------------------
-------------------debug-------------------------------------
Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: SIP Request: Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: method: <INVITE> Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: uri: sip:8923@202.53.189.50;user=phone Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: version: <SIP/2.0> Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: flags=1 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: end of header reached, state=5 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: Via found, flags=1 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: this is the first via Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: After parse_msg... Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: preparing to run routing scripts... Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG : is_maxfwd_present: searching for max_forwards header Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: flags=128 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: end of header reached, state=9 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: get_hdr_field: <To> [37]; uri=[sip:8923@202.53.189.50;user=phone] Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: to body [sip:8923@202.53.189.50;user=phone^M ] Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: get_hdr_field: cseq <CSeq>: <1> <INVITE> Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: get_hdr_body : content_length=250 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: found end of header Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: is_maxfwd_present: max_forwards header not found! Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: flags=256 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: find_first_route(): No Route headers found Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: loose_route(): There is no Route HF Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: add_param: tag=4082266747 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: end of header reached, state=29 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: lookup(): '8923' Not found in usrloc Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_self - checking if host==us: 13==9 && [202.53.189.50] == [127.0.0.1] Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_self - checking if port 5060 matches port 5060 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_self - checking if host==us: 13==13 && [202.53.189.50] == [202.53.189.50] Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_self - checking if port 5060 matches port 5060 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: query="select grp from grp where username='8923' AND grp='local'" Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: is_user_in(): User is in group 'local' Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: free call Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: lookup(): '8923' Not found in usrloc Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: Couldn't find any matching alias Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: flags=-1 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_via_address(202.53.189.24, 202.53.189.24, 2) Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG:destroy_avp_list: destroing list (nil) Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: receive_msg: cleaning up Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: SIP Request: Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: method: <ACK> Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: uri: sip:8923@202.53.189.50;user=phone Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: version: <SIP/2.0> Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: parse_headers: flags=1 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: end of header reached, state=5 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: parse_headers: Via found, flags=1 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: parse_headers: this is the first via Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: After parse_msg... Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: preparing to run routing scripts... Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: parse_headers: flags=4 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG: add_param: tag=b27e1a1d33761e85846fc98f5f3a7e58.bfe0 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: end of header reached, state=29 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG: get_hdr_field: <To> [79]; uri=[sip:8923@202.53.189.50;user=phone] Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG: to body [sip:8923@202.53.189.50;user=phone] Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG: sl_filter_ACK : local ACK found -> dropping it! Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG:destroy_avp_list: destroing list (nil) Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: receive_msg: cleaning up ------------------------end debug---------------------------------
-------------------------ngrep port 5060--------------------------
# U 202.53.189.24:5060 -> 202.53.189.50:5060 INVITE sip:8923@202.53.189.50;user=phone SIP/2.0..Via: SIP/2.0/UDP 202.53.189.24:5060..From: sip:4748880@202.53.189.50;user=phone;t ag=3978441923..To: sip:8923@202.53.189.50;user=phone..Call-ID: 2139243568@202.53.189.24..CSeq: 1 INVITE..Contact: <sip:4748880@202 .53.189.24:5060;user=phone;transport=udp>..User-Agent: Cisco ATA v2.15 ata18x (020927a)..Expires: 300..Content-Length: 252..Content-T ype: application/sdp....v=0..o=4748880 12924 12924 IN IP4 202.53.189.24..s=ATA186 Call..c=IN IP4 202.53.189.24..t=0 0..m=audio 16384 R TP/AVP 0 4 8 101..a=rtpmap:0 PCMU/8000/1..a=rtpmap:4 G723/8000/1..a=rtpmap:8 PCMA/8000/1..a=rtpmap:101 telephone-event/8000..a=fmtp:10 1 0-15.. # U 202.53.189.50:5060 -> 202.53.189.24:5060 SIP/2.0 404 User does not exist..Via: SIP/2.0/UDP 202.53.189.24:5060..From: sip:4748880@202.53.189.50;user=phone;tag=3978441923..To : sip:8923@202.53.189.50;user=phone;tag=b27e1a1d33761e85846fc98f5f3a7e58.bfe0..Call-ID: 2139243568@202.53.189.24..CSeq: 1 INVITE..S erver: Sip EXpress router (0.8.14 (i386/linux))..Content-Length: 0..Warning: 392 202.53.189.50:5060 "Noisy feedback tells: pid=4231 r eq_src_ip=202.53.189.24 req_src_port=5060 in_uri=sip:8923@202.53.189.50;user=phone out_uri=sip:8923@202.53.189.50;user=phone via_cnt== 1".... # U 202.53.189.24:5060 -> 202.53.189.50:5060 ACK sip:8923@202.53.189.50;user=phone SIP/2.0..Via: SIP/2.0/UDP 202.53.189.24:5060..From: sip:4748880@202.53.189.50;user=phone;tag= 3978441923..To: sip:8923@202.53.189.50;user=phone;tag=b27e1a1d33761e85846fc98f5f3a7e58.bfe0..Call-ID: 2139243568@202.53.189.24..CSe q: 1 ACK..User-Agent: Cisco ATA v2.15 ata18x (020927a)..Content-Length: 0.... exit
--------------------end-----------------------------------------
-
Jamie Baddeley