[Serusers] nathelper rewrite SDP problem

Maxim Sobolev sobomax at portaone.com
Fri Aug 20 14:53:53 CEST 2004 

Most likely that you have invoked one or more SDP rewriting functions on 
the same messages several times. It isn't supported. You can only invoke 
one SDP rewriting function on the message once, otherwise it will be 
messed up as a result.

-Maxim

zak Huang wrote:
> Hi all, 
> 
> I am using last stable SER and Nathelper from CVS and last RTPPROXY from CVS
> too.
> 
>      UA1--------> SER & RTPPROXY <--------- NAT <-------------- UA2
> 10.0.1.10           10.0.1.135                   10.0.1.118          
> 192.168.1.2
> 
> 
> 
> 1. When UA2 INVITE UA1 through SER , nathelper rewrite SDP. There is an error .
>     Connection  Information (c) :IN IP4 10.0.1.13510.0.1.135 
>                                                        ^^^^^^^^^^^^^^^^^^^^^^^^ 
> 2. UA1 couldn't INVITE UA2
> 
> Can you tell me how to correct it.
> 
> Attached is my ser.cfg.
> 
> Thanks in advanced:
> 
> kaz
> ------------------------------------------------------------------------------------------------------------------------
> 
> #
> # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
> #
> # simple quick-start config script
> #
> 
> # ----------- global configuration parameters ------------------------
> 
> #debug=3         # debug level (cmd line: -dddddddddd)
> #fork=yes
> #log_stderror=no	# (cmd line: -E)
> 
> /* Uncomment these lines to enter debugging mode 
> debug=7
> fork=no
> log_stderror=yes
> */
> 
> check_via=no	# (cmd. line: -v)
> dns=no           # (cmd. line: -r)
> rev_dns=no      # (cmd. line: -R)
> #port=5060
> #children=4
> fifo="/tmp/ser_fifo"
> 
> # ------------------ module loading ----------------------------------
> 
> # Uncomment this if you want to use SQL database
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/acc.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
> 
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> 
> # Nathelper
> loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> 
> 
> # ----------------- setting module-specific parameters ---------------
> modparam("acc", "log_level", 1)
> modparam("acc", "log_flag", 1)
> 
> modparam("acc", "report_ack", 1)
> modparam("acc", "db_flag", 1 )
> # report to syslog: From, i-uri, status, digest id
> modparam("acc", "log_fmt", "fisu" )
> 
> 
> # -- usrloc params --
> 
> #modparam("usrloc", "db_mode",   0)
> 
> # Uncomment this if you want to use SQL database 
> # for persistent storage and comment the previous line
> modparam("usrloc", "db_mode", 2)
> 
> # -- auth params --
> # Uncomment if you are using auth module
> #
> modparam("auth_db", "calculate_ha1", yes)
> #
> # If you set "calculate_ha1" parameter to yes (which true in this config), 
> # uncomment also the following parameter)
> #
> modparam("auth_db", "password_column", "password")
> 
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
> 
> #modparam("acc", "db_url", "sql://root:@localhost/ser")
> 
> modparam("registrar", "nat_flag", 6)
> modparam("nathelper", "natping_interval", 30)
> modparam("nathelper", "ping_nated_only", 1)
> 
> # -------------------------  request routing logic -------------------
> 
> # main routing logic
> 
> route{
> 
> 	# initial sanity checks -- messages with
> 	# max_forwards==0, or excessively long requests
> 	if (!mf_process_maxfwd_header("10")) {
> 		sl_send_reply("483","Too Many Hops");
> 		break;
> 	};
> 	if ( msg:len > max_len ) {
> 		sl_send_reply("513", "Message too big");
> 		break;
> 	};
> 
> 	# !! Nathelper
> 	# Special handling for NATed clients; first, NAT test is
> 	# executed: it looks for via!=received and RFC1918 addresses
> 	# in Contact (may fail if line-folding is used); also,
> 	# the received test should, if completed, should check all
> 	# vias for rpesence of received
> 	if (nat_uac_test("3")) {
> 		# Allow RR-ed requests, as these may indicate that
> 		# a NAT-enabled proxy takes care of it; unless it is
> 		# a REGISTER
> 
> 		if (method == "REGISTER" || ! search("^Record-Route:")){
> 	   	    log("LOG: Someone trying to register from private IP, rewriting\n");
> 		    fix_nated_contact(); # Rewrite contact with source IP of signalling
> 		    if (method == "INVITE") {
> 		        fix_nated_sdp("1"); # Add direction=active to SDP
> 		    };
> 		    force_rport(); # Add rport parameter to topmost Via
> 		    setflag(6);    # Mark as NATed
> 		};
> 	};
> 
> 
> 	# we record-route all messages -- to make sure that
> 	# subsequent messages will go through our proxy; that's
> 	# particularly good if upstream and downstream entities
> 	# use different transport protocol
> 	record_route();
>         setflag(1);	
> 	# loose-route processing
> 	if (loose_route()) {
> 		append_hf("P-hint: rr-enforced\r\n"); 
> 		route(1);
> #		t_relay();
> 		break;
> 	};
> 
> 	if (!uri==myself) {
> 		# mark routing logic in request
> 		append_hf("P-hint: outbound\r\n"); 
> 		route(1);
> 		break;
> 	};
> 
> 	# if the request is for other domain use UsrLoc
> 	# (in case, it does not work, use the following command
> 	# with proper names and addresses in it)
> 	if (uri==myself) {
> 
> 		if (method=="INVITE") {
> #			record_route();
> 			if (isflagset(6)) {
> 				force_rtp_proxy();
> 			};
>      		};
> 
> 		if (method=="REGISTER") {
> 
> 		# Uncomment this if you want to use digest authentication
> 			if (!www_authorize("iptel.org", "subscriber")) {
> 				www_challenge("iptel.org", "0");
> 				break;
> 			};
> 
> 			save("location");
> 			break;
> 		};
> 
>                 lookup("aliases");
> 		if(!uri==myself){
> 				append_hf("P-hint: outbound alias\r\n"); 
> 				route(1);
> 				break;
> 		};
> 		# native SIP destinations are handled using our USRLOC DB
> 		if (!lookup("location")) {
> 			sl_send_reply("404", "Not Found");
> 			break;
> 		};
> 	};
> 	# forward to current uri now; use stateful forwarding; that
> 	# works reliably even if we forward from TCP to UDP
> 	append_hf("P-hint: usrloc applied\r\n"); 	
> 	route(1);
> }
> 
> route[1] 
> {
> #	if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){
> #        	sl_send_reply("479", "We don't forward to private IP addresses");
> #        	break;
> #        };
>         if (isflagset(6)) {
>         	force_rtp_proxy();
>         	t_on_reply("1");
>         	append_hf("P-Behind-NAT: Yes\r\n");
>         };
> 	# send it out now; use stateful forwarding as it works reliably
> 	# even for UDP2TCP
> 	if (!t_relay()) {
> 		sl_reply_error();
> 	};
> }
> 
> onreply_route[1] {
>     if (status =~ "(183)|2[0-9][0-9]") {
>         fix_nated_contact();
>         force_rtp_proxy();
>     };
> }
> 
> 
> onreply_route[2] {
>     # NATed transaction ?
>     if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>         fix_nated_contact();
> 	force_rtp_proxy();
>     # otherwise, is it a transaction behind a NAT and we did not
>     # know at time of request processing ? (RFC1918 contacts)
>     } else if (nat_uac_test("1")) {
>         fix_nated_contact();
>     };
> }
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
> 
>

More information about the sr-users mailing list