[Serusers] Call loop problem
Luca Corti
cortez at tiscali.it
Fri Jan 21 14:09:39 CET 2005
Hello,
I'm running ser 0.8.14 on Debian Sarge installed from debian packages
found on the ser site. I can register fine with the proxy, but when
trying to place a call I get "Too many Hops" errors. Disabling the hops
check the calls loop.
You can find my ser.cfg below.
Any help would be greatly appreciated.
thanks
Luca
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
listen=217.171.33.250
listen=127.0.0.1
alias=news.cdlan.net
alias=217.171.33.250
# Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/nathelper.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# Autenticazione al db
modparam("usrloc", "db_url", "sql://ser:s3r@localhost/ser")
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this
config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# secret
modparam("auth", "secret", "r4nd0ms3cr3t")
# Autenticazione al db
modparam("auth_db", "db_url", "sql://ser:s3r@localhost/ser")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# Autenticazione al db
modparam("uri", "db_url", "sql://ser:s3r@localhost/ser")
# !! Nathelper
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind
NAT
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# prevents private ip space from being used
#if (search("^(Contact|m): .*@(192\.168\.|10\.|172\.16)")) {
# if (method=="REGISTER") {
# log(1, "LOG: Someone trying to register from
private IP\n");
# sl_send_reply("479", "Please don't use private
IP addresses" );
# break;
# };
#};
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:"))
{
log("LOG: Someone trying to register from private
IP, rewriting\n");
# This will work only for user agents that support
symmetric
# communication. We tested quite many of them and
majority is
# smart enough to be symmetric. In some phones it
takes a configuration
# option. With Cisco 7960, it is called
NAT_Enable=Yes, with kphone it is
# called "symmetric media" and "symmetric
signalling".
fix_nated_contact(); # Rewrite contact with source
IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to
SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (method=="REGISTER") {
# make sure that users don't register infinite loops
if (search("^(Contact|m): .*@(217\.171\.33\.250|(news
\.)?cdlan\.net)")) {
log(1, "LOG: alert: someone trying to set
aor==contact\n");
sl_send_reply("476", "No Server Address in
Contacts Allowed" );
break;
};
lookup("aliases");
# Uncomment this if you want to use digest
authentication
if (!www_authorize("news.cdlan.net", "subscriber")) {
www_challenge("news.cdlan.net", "0");
break;
};
# only registered users are allowed
if (!is_user("replicator") & !check_to()) {
log(1, "LOG: unregistered user registration
attempt\n");
sl_send_reply("403", "Only registered users are
allowed");
break;
};
# If not authenticated
if (!save("location")) {
sl_reply_error();
};
break;
};
lookup("aliases");
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
route(1);
}
route[1] {
# !! Nathelper
if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)"
&& !search("^Route:")){
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies; apply to all transactions (for
example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}
CONFIDENTIALITY NOTICE
This message and its attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately, delete this message and do not disclose the contents to any other person, do not use it for any purpose or store or copy the information in any medium.
More information about the sr-users
mailing list