[Serusers] Forwarding to another number if busy

Greg Fausak greg at august.net
Fri Jun 6 17:14:23 CEST 2003 

I do not know why reply_route seems to call the
 main route block again.  I do know that if I comment out
 the authentication code in the main route block my forwarding
 works.  If I do not comment it out, then the forwarding
 fails with an 'Unauthorized' directed at the pstn gateway.

Yes, the script is related...I get a call from the PSTN for
 the phone number 1234.  1234 doesn't answer, so my on_negative
 attempts to forward to 5678.  The forward to 5678 fails because
 no authentication is present because the source IP address isn't
 any longer the pstn gateway AND the main route block code is
 being executed again from the on_negative callback.  I am not
 doing any additional authentication in the callback, I assume
 the Unauthorized is coming from the main script.

I asked Jiri earlier if another 'packet' (sip message) was forwarded to
 the routing engine...perhaps on locahost.  That would explain the
 re-execution of the main route block and it would explain the
 mechanics of an on_negative callback execution.

I'll take a look at 0.8.11.

Thanks,

---greg


> -----Original Message-----
> From: Andy Blen [mailto:andy.blen at iptel.org] 
> Sent: Friday, June 06, 2003 9:54 AM
> To: Greg Fausak; 'Jan Janak'
> Cc: serusers at lists.iptel.org; sip at august.net
> Subject: RE: [Serusers] Forwarding to another number if busy
> 
> 
> At 03:48 PM 6/6/2003, Greg Fausak wrote:
> --snip--
> >My code looks like:
> >
> >If(src_ip == my.pstn.gateway.address)
> >{
> >        ...
> >}
> >Else
> >{
> >        if(!www_authorize())
> >        {
> >                www_challenge();
> >        };
> >}
> >
> >This means that calls can come from my gateway without
> >authentication.  Later on in the script:
> >        ...
> >
> >        t_on_negative("9");
> >        if(!t_relay())
> >        {
> >                sl_reply_error();
> >                break;
> >        };
> >}
> >
> >reply_route[9]
> >{
> >        log(1,"REPLY_ROUTE:");
> >        revert_uri();
> >
> >        setuser("nextnumber");
> >        t_relay();
> >}
> >
> >-----
> >
> >This logic only works if I get rid of
> >my authentication/challenge logic.  Because the
> >T_relay() src_ip address is NOT the pstn.gateway
> >address after the reply_route executes!
> 
> ? I'm puzzled -- does the script above somehow relate to the problem
> you are describing? You only check src_ip in route{} which is called 
> only once, so why do you care about what happens after reply_route{}?
> 
> >So, I tried putting a line in the reply_route that did:
> >
> >setflag(9);
> >
> >And changed the beginning of my script:
> >
> >If(src_ip == my.pstn.gateway.address | isflagset(9))
> >{
> >        ...
> >}
> >Else
> >{
> >        if(!www_authorize())
> >        {
> >                www_challenge();
> >        };
> >}
> 
> Why do you re-check authentication in reply_route? The authentication
> has been already verified on the original request and it buys no 
> security to do it again with the same request later.
> 
> >This doesn't work.  I know the flag was set in the reply_route, but
> >it is not recognized in the main script.
> 
> I guess neither src_ip nor flag were copied to reply_route context
> in 8.10. That should have changed in 8.11, in case you need it.
> 
> a. 
>

More information about the sr-users mailing list