[Serusers] Forwarding to another number if busy
Greg Fausak
greg at august.net
Fri Jun 6 17:14:23 CEST 2003
I do not know why reply_route seems to call the
main route block again. I do know that if I comment out
the authentication code in the main route block my forwarding
works. If I do not comment it out, then the forwarding
fails with an 'Unauthorized' directed at the pstn gateway.
Yes, the script is related...I get a call from the PSTN for
the phone number 1234. 1234 doesn't answer, so my on_negative
attempts to forward to 5678. The forward to 5678 fails because
no authentication is present because the source IP address isn't
any longer the pstn gateway AND the main route block code is
being executed again from the on_negative callback. I am not
doing any additional authentication in the callback, I assume
the Unauthorized is coming from the main script.
I asked Jiri earlier if another 'packet' (sip message) was forwarded to
the routing engine...perhaps on locahost. That would explain the
re-execution of the main route block and it would explain the
mechanics of an on_negative callback execution.
I'll take a look at 0.8.11.
Thanks,
---greg
> -----Original Message-----
> From: Andy Blen [mailto:andy.blen at iptel.org]
> Sent: Friday, June 06, 2003 9:54 AM
> To: Greg Fausak; 'Jan Janak'
> Cc: serusers at lists.iptel.org; sip at august.net
> Subject: RE: [Serusers] Forwarding to another number if busy
>
>
> At 03:48 PM 6/6/2003, Greg Fausak wrote:
> --snip--
> >My code looks like:
> >
> >If(src_ip == my.pstn.gateway.address)
> >{
> > ...
> >}
> >Else
> >{
> > if(!www_authorize())
> > {
> > www_challenge();
> > };
> >}
> >
> >This means that calls can come from my gateway without
> >authentication. Later on in the script:
> > ...
> >
> > t_on_negative("9");
> > if(!t_relay())
> > {
> > sl_reply_error();
> > break;
> > };
> >}
> >
> >reply_route[9]
> >{
> > log(1,"REPLY_ROUTE:");
> > revert_uri();
> >
> > setuser("nextnumber");
> > t_relay();
> >}
> >
> >-----
> >
> >This logic only works if I get rid of
> >my authentication/challenge logic. Because the
> >T_relay() src_ip address is NOT the pstn.gateway
> >address after the reply_route executes!
>
> ? I'm puzzled -- does the script above somehow relate to the problem
> you are describing? You only check src_ip in route{} which is called
> only once, so why do you care about what happens after reply_route{}?
>
> >So, I tried putting a line in the reply_route that did:
> >
> >setflag(9);
> >
> >And changed the beginning of my script:
> >
> >If(src_ip == my.pstn.gateway.address | isflagset(9))
> >{
> > ...
> >}
> >Else
> >{
> > if(!www_authorize())
> > {
> > www_challenge();
> > };
> >}
>
> Why do you re-check authentication in reply_route? The authentication
> has been already verified on the original request and it buys no
> security to do it again with the same request later.
>
> >This doesn't work. I know the flag was set in the reply_route, but
> >it is not recognized in the main script.
>
> I guess neither src_ip nor flag were copied to reply_route context
> in 8.10. That should have changed in 8.11, in case you need it.
>
> a.
>
More information about the sr-users
mailing list