[Serusers] mal fuction with rtpproxy

Jan Janak jan at iptel.org
Thu Oct 28 15:23:36 CEST 2004


Use modparam("nathelper", "rtpproxy_sock", "<listen_socket_of_rtp_proxy>")

  Jan.

On 27-10 12:46, Walter Willis wrote:
> I am use ser-0.8.14 in gentoo.
> my project is of:
> 
> |--------|        |----------|                        |---------|
> |        |        |ser-0.8.14|   internet             |firewall |
> | lan +  |<======>|+ rtpproxy|<======================>|nat     
> |<==========> client (msn/phone)
> | phones |        |          |                        |proxy    |
> | + msn  |        |----------|                        |---------|
> |--------|
> 192.168.1.0/24    192.168.1.1/200.48.60.186/248
> 
> 
> 
> the rtpproxy this running     
> ps aux   
> 
> root      1570  0.0  0.3  1984  360 ?        Ss   12:15   0:00
> /root/rtpproxy/rtpproxy
> 
> 
> 
> but in the moment to initialize the being it leaves these errors;    
> as I can fix it?
> 
>  0(1788) mod_init(): Database connection opened successfuly
> acc - initializing
> exec - initializing
> print - initializing
> textops - initializing
>  0(0) INFO: udp_init: SO_RCVBUF is initially 108544
>  0(0) INFO: udp_init: SO_RCVBUF is finally 217088
>  0(0) INFO: udp_init: SO_RCVBUF is initially 108544
>  0(0) INFO: udp_init: SO_RCVBUF is finally 217088
>  1(1793) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  1(1793) WARNING: rtpp_test: can't get version of the RTP proxy
>  1(1793) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
>  2(1794) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  2(1794) WARNING: rtpp_test: can't get version of the RTP proxy
>  2(1794) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
> localhost init.d #  9(1816) INFO: fifo process starting: 1816
>  3(1795) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  3(1795) WARNING: rtpp_test: can't get version of the RTP proxy
>  3(1795) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
>  5(1806) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  5(1806) WARNING: rtpp_test: can't get version of the RTP proxy
>  5(1806) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
>  6(1807) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  6(1807) WARNING: rtpp_test: can't get version of the RTP proxy
>  6(1807) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
>  4(1805) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  4(1805) WARNING: rtpp_test: can't get version of the RTP proxy
>  4(1805) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
>  7(1808) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  7(1808) WARNING: rtpp_test: can't get version of the RTP proxy
>  7(1808) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
>  9(1816) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  9(1816) WARNING: rtpp_test: can't get version of the RTP proxy
>  9(1816) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
>  9(1816) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
>  8(1815) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  8(1815) WARNING: rtpp_test: can't get version of the RTP proxy
>  8(1815) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
> 10(1839) ERROR: send_rtpp_command: can't read reply from a RTP proxy
> 10(1839) WARNING: rtpp_test: can't get version of the RTP proxy
> 10(1839) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
> 12(1842) ERROR: send_rtpp_command: can't read reply from a RTP proxy
> 12(1842) WARNING: rtpp_test: can't get version of the RTP proxy
> 12(1842) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
> 11(1841) ERROR: send_rtpp_command: can't read reply from a RTP proxy
> 11(1841) WARNING: rtpp_test: can't get version of the RTP proxy
> 11(1841) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
>  0(1788) ERROR: send_rtpp_command: can't read reply from a RTP proxy
>  0(1788) WARNING: rtpp_test: can't get version of the RTP proxy
>  0(1788) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
> 14(1848) ERROR: send_rtpp_command: can't read reply from a RTP proxy
> 14(1848) WARNING: rtpp_test: can't get version of the RTP proxy
> 14(1848) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
> 15(1849) ERROR: send_rtpp_command: can't read reply from a RTP proxy
> 15(1849) WARNING: rtpp_test: can't get version of the RTP proxy
> 15(1849) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
> 13(1847) ERROR: send_rtpp_command: can't read reply from a RTP proxy
> 13(1847) WARNING: rtpp_test: can't get version of the RTP proxy
> 13(1847) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily
> 11(1841) ERROR: mk_proxy: could not resolve hostname: "cwafrica.com.pe"
> 11(1841) ERROR: uri2proxy: bad host name in URI <sip:rbolivar at cwafrica.com.pe>
> 11(1841) ERROR: t_forward_nonack: failure to add branches
> 11(1841) ERROR: mk_proxy: could not resolve hostname: "cwafrica.com.pe"
> 11(1841) ERROR: uri2proxy: bad host name in URI <sip:rbolivar at cwafrica.com.pe>
> 11(1841) ERROR: t_forward_nonack: failure to add branches
> 
> 
> and script is:
> 
> 
> 
> 
> # ------------- version 0.8.11-0
> # ------------- Initial global variables
> 
> debug=3
> fork=yes
> log_stderror=yes
> 
> listen=200.60.219.116
> listen=127.0.0.1
> 
> alias=cwafrica.com.pe
> alias=200.60.219.116
> 
> dns=no
> rev_dns=no
> 
> port=5060
> children=4
> 
> # check_via - Turn on or off Via host checking when forwarding replies.
> # Default is no. arcane. looks for discrepancy between name and
> # ip address when forwarding replies.
> 
> check_via=yes
> 
> # syn_branch - Shall the server use stateful synonym branches? It is
> # faster but not reboot-safe. Default is yes.
> 
> syn_branch=yes
> 
> # memlog - Debugging level for final memory statistics report. Default
> # is L_DBG -- memory statistics are dumped only if debug is set high.
> 
> memlog=3
> 
> # sip_warning - Should replies include extensive warnings? By default
> # yes, it is good for trouble-shooting.
> 
> sip_warning=yes
> 
> # fifo - FIFO special file pathname
> 
> fifo="/tmp/ser_fifo"
> fifo_mode=0666
> # server_signature - Should locally-generated messages include server's
> # signature? By default yes, it is good for trouble-shooting.
> 
> server_signature=yes
> 
> # reply_to_via - A hint to reply modules whether they should send reply
> # to IP advertised in Via. Turned off by default, which means that
> # replies are sent to IP address from which requests came.
> 
> reply_to_via=no
> 
> # user | uid - uid to be used by the server. 99 = nobody.
> 
> #uid="nobody"
> 
> # group | gid - gid to be used by the server. 99 = nobody.
> 
> #gid="nobody"
> 
> # mhomed -- enable calculation of outbound interface; useful on
> # multihomed servers.
> 
> mhomed=0
> 
> # ------------- external module loading
> 
> loadmodule "/usr/lib/ser/modules/mysql.so"
> loadmodule "/usr/lib/ser/modules/sl.so"
> loadmodule "/usr/lib/ser/modules/tm.so"
> loadmodule "/usr/lib/ser/modules/rr.so"
> loadmodule "/usr/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/lib/ser/modules/usrloc.so"
> loadmodule "/usr/lib/ser/modules/registrar.so"
> loadmodule "/usr/lib/ser/modules/auth.so"
> loadmodule "/usr/lib/ser/modules/auth_db.so"
> loadmodule "/usr/lib/ser/modules/acc.so"
> loadmodule "/usr/lib/ser/modules/exec.so"
> loadmodule "/usr/lib/ser/modules/group.so"
> loadmodule "/usr/lib/ser/modules/print.so"
> loadmodule "/usr/lib/ser/modules/textops.so"
> loadmodule "/usr/lib/ser/modules/uri.so"
> loadmodule "/usr/lib/ser/modules/nathelper.so"
> 
> # ------------- tm parameters
> 
> modparam("tm", "fr_timer", 12)
> modparam("tm", "fr_inv_timer", 24)
> 
> # ------------- rr parameters
> 
> # set ";lr" tag to .;lr=true.
> modparam("rr", "enable_full_lr", 1)
> 
> # ------------- accounting parameters
> 
> modparam("acc", "log_missed_flag", 3)
> modparam("acc", "log_level", 1)
> modparam("acc", "log_flag", 1)
> 
> # ------------- usrloc parameters
> 
> # 2 enables write-back to persistent mysql storage for speed
> # disable=0, write-through=1
> modparam("usrloc", "db_mode", 2)
> 
> # minimize write back window - default is 60 seconds
> modparam("usrloc", "timer_interval", 10)
> 
> # database location
> modparam("usrloc", "db_url", "sql://ser:heslo@localhost/ser")
> 
> # ------------- auth parameters
> 
> # database location
> modparam("auth_db", "db_url", "sql://ser:heslo@localhost/ser")
> 
> # allows clear text passwords in the mysql database
> modparam("auth_db", "calculate_ha1", yes)
> 
> # name of password column in mysql database
> modparam("auth_db", "password_column", "password")
> 
> # ------------- routing logic
> route {
> 
>   # ------------- routine checks
> 
>   # stop forwarding at 10 hops to prevent infinite loops
>   if (!mf_process_maxfwd_header("10")) {
>     log(1, "LOG: Too many hops\n");
>     sl_send_reply("483", "Too many hops");
>     break;
>   };
>    # rutas perdidas
>    loose_route();
> 
>   # prevents private ip space from being used
>   #if (search("^(Contact|m):
> .*@(192\.168\.|10\.|172\.16|(ilse\.)?cwafrica\.com\.pe)")) {
> # contacto sdp
> 	if (status=~"2[0-9][0-9]"){
> 		fix_nated_contact();
> 		fix_nated_sdp("3");
> 	}
> 	/* registration (uses rewritten contacts) */
> 	if (method=="REGISTER") {
> 		save("location");
> 		break;
> 	};
> 
> 	if (method=="INVITE") {
> 		record_route();
> 		if (isflagset(1)) { # ATA ?
> 			fix_nated_sdp("3");
> 		};
> 		/* set up reply processing */
> 		t_on_reply("1");
> 	};
> 
> 	if (method == "INVITE" || method == "CANCEL") {
> 		if (!lookup("location")) {
> 			sl_send_reply("404", "Not Found");
> 			break;
> 		};
> 	};
> 
> 	/* set up reply processing and forward statefuly */
> 	t_relay();
> 
> 
> 
> 
> #  metodo se ve despues
>   #  if (method=="REGISTER") {
>   #    log(1, "LOG: Someone trying to register from private IP\n");
>   #   sl_send_reply("479", "Please don't use private IP addresses" );
>   #    break;
>   #  };
>   #};
> 
>   # separate the destination r-uri from the set of proxies that must
> be traversed
>   loose_route();
> 
>   # if the host portion of the request uri is not local, send it directly
>   # to route processing.
>   if (!(uri==myself)) {
>     route(2);
>     break;
>   };
> 
>   # All REGISTER attempts are processed and must always be authenticated
>   if (method=="REGISTER") {
> 
>     # make sure that users don't register infinite loops
>     if (search("^(Contact|m):
> .*@(200\.60\.219\.116|(ilse\.)?cwafrica\.com\.pe)")) {
>       log(1, "LOG: alert: someone trying to set aor==contact\n");
>       sl_send_reply("476", "No Server Address in Contacts Allowed" );
>       break;
>     };
> 
>     # challenge/response
>     if (!www_authorize("cwafrica.com.pe", "subscriber")) {
>       www_challenge("cwafrica.com.pe", "0");
>       break;
>     };
> 
>     # only registered users are allowed
>     if (!is_user("replicator") & !check_to()) {
>       log(1, "LOG: unregistered user registration attempt\n");
>       sl_send_reply("403", "Only registered users are allowed");
>       break;
>     };
> 
>     # it is an authenticated request, update Contact database now
>     if (!save("location")) {
>       sl_reply_error();
>     };
>     break;
>   };
> 
>   # process traffic local to BigU and the PSTN
>   # Find the canonical username
>   lookup("aliases");
> 
>   # check domain again, if it is not still local after the alias
>   # table lookup, just send it on its way. We do not authenticate
>   # traffic we forward
>   if (!(uri=~"^sip:(.+@)?(200\.60\.219\.116|(ilse\.)?cwafrica\.com\.pe)([:;\?].*)?$"))
> {
>     route(5);
>     break;
>   };
> 
>   # now check for destinations through the gateway. 911 and 9911
>   # are always sent to the gateway. The assumption is that other all
>   # numeric usernames between 5 and 20 digits are really pstn numbers
>   # and so they are routed to the gateway
>   if ( (uri=~"^sip:911 at .*") | (uri=~"^sip:9911 at .*") |
> (uri=~"sip:[0-9]{5,20}@.*") ) {
>     route(3);
>     break;
>   };
> 
>   # does the user wish redirection on no availability? (i.e., is he
>   # in the voicemail (ser->grp) group?)
>   if (is_user_in("Request-URI", "voicemail")) {
>     t_on_failure("4");
>     setflag(4);
>   };
> 
>   # handle local SIP destinations not found in usrloc db
> 
>   # mostly offline or non-existent users
>   if (!lookup("location")) {
>     route(4);
>     break;
>   };
> 
>   # check whether some inventive user has uploaded gateway
>   # contacts to usrloc to bypass authorization logic
>   if (uri=~"@200.60.219.118([;:].*)*" ) {
>     log(1, "LOG: Gateway address in UsrLoc\n");
>     route(3);
>     break;
>   };
> 
>   # this flag is used with the acc module to report missed calls
>   # to syslog.
>   setflag(3);
> 
>   # do it (words to live by)
>   append_hf("P-hint: USRLOC\r\n");
>   if (!t_relay()) {
>     sl_reply_error();
>     break;
>   };
> 
> } /* end of initial routing logic */
> 
> 
> # ------------- process traffic leaving BigU for Internet
> 
> route[2] {
> 
>   # outbound requests are allowed only for registered BigU users
>   if (!(src_ip==200.60.219.116) &
>     !(proxy_authorize("cwafrica.com.pe", "subscriber"))) {
> 
>     # ACK and CANCEL have no security mechanisms so they are just
>     # noted
>     if (method=="ACK" | method=="BYE") {
>       log(1, "LOG: failed outbound authentication for ACK granted\n");
>     } else if (method=="CANCEL") {
>       log(1, "LOG: failed outbound authentication for CANCEL granted\n");
>     } else {
>       proxy_challenge("cwafrica.com.pe", "0");
>       break;
>     };
>   };
> 
>   # to maintain credibility of our proxy, we check From in INVITEs
>   if (!src_ip==200.60.219.116 & method=="INVITE" & !check_from()) {
>     log(1, "LOG: Spoofed from attempt\n");
>     sl_send_reply("403", "Use From=id next time");
>     break;
>   };
> 
>   append_hf("P-hint: OUTBOUND ON INTERNET\r\n");
>   if (!t_relay()) {
>     sl_reply_error();
>     break;
>   };
> 
> }
> 
> 
> # ------------- process traffic leaving Internet for PSTN
> 
> route[3] {
> 
>   # all calls through the gateway must be record routed to assure
>   # acl acceptance on the gateway
>   record_route();
> 
>   # send out emergency calls to pstn gateway immediately
>   if ( (uri=~"^sip:911 at .*") | (uri=~"^sip:9911 at .*") ) {
>     rewritehostport("200.60.219.118:5060");
>     forward(uri:host, uri:port);
>     break;
>   };
> 
>   # five digit numeric addresses are internal freebies sent to the pbx
>   # without authentication
>   if (uri=~"^sip:[0-9]{5}@(200.60.219.116|(ilse\,)?\.cwafrica\.com\.pe)") {
>     rewritehostport("200.60.219.118:5060");
>     forward(uri:host, uri:port);
>     break;
>   };
> 
>   # all numeric addresses beginning with 9 go to the pbx on the way
>   # to the PSTN
> 
>   # first the caller needs to be authenticated
>   if (uri=~"^sip:9[0-9]*@(200.60.219.116|(ilse\.)?cwafrica\.edu\.pe)") {
>     if (!(src_ip==200.60.219.116 | method==ACK | method=="CANCEL" |
> method=="BYE")) {
>       if (!proxy_authorize("cwafrica.com.pe", "subscriber")) {
>         proxy_challenge( "cwafrica.com.pe","0");
>         break;
>       } else if (method=="INVITE" & !check_from()) {
>         log(1, "LOG: Spoofed from attempt\n");
>         sl_send_reply("403", "Use From=id next time");
>         break;
>       };
>     };
> 
>     if (method=="INVITE") {
> 
>       # if the r-uri begins 91, does the authenticated user have
>       # permission for long distance
>       if (uri=~"sip:91[0-9]*@.*") {
>         if (!is_user_in("credentials", "ld")) {
>           sl_send_reply("403", "Local calls only");
>           break;
>         };
>       };
>     };
> 
>     # authenticated and authorized, now accounting is set
>     setflag(1);
>   };
> 
>   rewritehostport("200.60.219.118:5060");
>   append_hf("P-hint: GATEWAY\r\n");
>   if (!t_relay()) {
>     sl_reply_error();
>     break;
>   };
> }
> 
> 
> # ------------- process calls for users offline
> 
> route[4] {
> 
>   if (!t_newtran()) {
>     sl_reply_error();
>   };
> 
>   if (!t_reply("404", "Not Found")) {
>     sl_reply_error();
>   };
>   break;
> }
> 
> 
> # ------------- process aliased outbound traffic
> # inbound requests that have been aliased to a non-BigU domain
> # are not authenticated by BigU
> 
> route[5] {
> 
>   append_hf("P-hint: ALIASED-OUTBOUND\r\n");
>   if (!t_relay()) {
>     sl_reply_error();
>     break;
>   };
> }
> 
> 
> # ------------- CC-Diversion to voicemail
> 
> failure_route[4] {
> 
>   append_branch("sip:80000 at 200.60.219.118");
>   append_urihf("CC-Diversion: ", "\r\n");
>   append_hf("P-hint: OFFLINE-VOICEMAIL\r\n");
>   t_relay();
> }
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers




More information about the sr-users mailing list