[Users] nat_helper: multiple media IP address in SDP

Dmitry Lyubimkov loft at onego.ru
Tue Apr 11 18:17:58 CEST 2006


We had the same problem with SDP.
There are very many UA with this mistake error
To bypass this restriction we have added after
force_rtp_proxy();
Also such command
subst("/^c=IN IP4 ([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)(.*)/c=IN IP4
11.22.33.44\5/i");

Dmitry

------------------------------

Message: 6
Date: Tue, 11 Apr 2006 16:51:22 +0200
From: "Nicolas Olivier" <nolivier at alphalink.fr>
Subject: Re: [Users] nat_helper: multiple media IP address in SDP
To: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
Cc: users at openser.org
Message-ID: <443BC26A.8040407 at alphalink.fr>
Content-Type: text/plain;	format=flowed;	charset="ISO-8859-1"



Ok, I may have a look to the csv.
Thanks for the help.

regards,
Nicolas

Bogdan-Andrei Iancu wrote:
> Hi,
> 
> Nicolas Olivier wrote:
> 
>  >
>  > Hi Bogdan,
>  >
>  > Ok, I understand now. But I still encounter the problem because:
>  > - rtpproxy only rewrites the c= from media part (but it should be
fine
>  > as you said) despite what a quick look in the rtpproxy code
comments
>  > say ("We have to change ports in m-lines, and also change IP
addresses
>  > in c-lines which can be placed either in session header (fallback
for
>  > all medias) or media description.")
> 
> yes, the nathelper will change the c= from session header only if it
> finds a media section without a local c= (which means the default c=
> from session hdr will be used).
> 
>  > - the centrex (which is an asterisk by the way) take only into
account
>  > the c= from the session part, not the one from media part
> 
> in the CVS devel there is a flag that force also changing of session
c= :
>     http://openser.org/docs/modules/1.1.x/nathelper.html#AEN275 , the
> "c" flag
> 
> regards,
> bogdan
> 
>  >
>  >
>  >
>  > regards,
>  > Nicolas
>  >
>  > Bogdan-Andrei Iancu wrote:
>  >
>  >> Hi Nicolas,
>  >>
>  >> it;s perfectly ok - see the SDP RFC : an SDP may contain a default

> c= in
>  >> the session part; each media section (m=) may contain an ip (c=);
if it
>  >> doesn't the session c= will be used.
>  >>
>  >> regards,
>  >> bogdan
>  >>
>  >> Nicolas Olivier wrote:
>  >>
>  >>  >
>  >>  > Hi,
>  >>  >
>  >>  > I've got a gateway which is only used for rounting and rtp
proxying
>  >>  > between providers and centrexes.
>  >>  >
>  >>  > On reply to an INVITE, one of our provider send back a "183
Session
>  >>  > Progress". The problem is that in the SDP block, we've got 2 
> media IP
>  >>  > address and rtpproxy only rewrite one.
>  >>  >
>  >>  > Finally, the provider establish rtp session with our gateway,
and 
> our
>  >>  > centrex directly with the provider.
>  >>  >
>  >>  >   provider                  gateway                  centrex
>  >>  > 172.16.0.10               192.168.1.10
192.168.1.20
>  >>  >      RTP     ------------->   RTP      ------------>   RTP
>  >>  >       ^-------------------------------------------------|
>  >>  >
>  >>  > So my questions are, is it possible to have multiple IP address
in
>  >> SDP
>  >>  > and if so, how can I tell rtpproxy to rewrite all of them.
>  >>  >
>  >>  > Coming from provider:
>  >>  >
>  >>  > SIP/2.0 183 Session Progress.
>  >>  > Via: SIP/2.0/UDP
>  >>  > 192.168.1.10;branch=z9hG4bKdd67.a4cc2c44.0,SIP/2.0/UDP
>  >>  > 192.168.1.20:5062;branch=z9hG4bKdd67.08f45a33.0,SIP/2.0/UDP
>  >>  > 192.168.1.20:5060;branch=z9hG4bK4af242b7.
>  >>  > From: "02" <sip:0143132445 at 192.168.1.20>;tag=as226ce7b9.
>  >>  > To: <sip:0123456789 at 192.168.1.20:5062>;tag=3123AAA8-20C5.
>  >>  > Date: Tue, 11 Apr 2006 09:10:29 GMT.
>  >>  > Call-ID: 079ab6663e403ff44a1107e5111b075f at 192.168.1.20.
>  >>  > Server: Cisco-SIPGateway/IOS-12.x.
>  >>  > CSeq: 102 INVITE.
>  >>  > Allow-Events: telephone-event.
>  >>  > Contact: <sip:677238#0123456789 at 172.16.0.10:5060>.
>  >>  > Record-Route:
>  >>  >
>  >> 
>
<sip:192.168.1.10;ftag=as226ce7b9;lr=on>,<sip:192.168.1.20:5062;ftag=as2
26ce7b9;lr=on>. 
> 
>  >>
>  >>  >
>  >>  > Content-Disposition: session;handling=required.
>  >>  > Content-Type: application/sdp.
>  >>  > Content-Length: 261.
>  >>  > .
>  >>  > v=0.
>  >>  > o=CiscoSystemsSIP-GW-UserAgent 3448 4768 IN IP4 172.16.0.10.
>  >>  > s=SIP Call.
>  >>  > c=IN IP4 172.16.0.10.
>  >>  > t=0 0.
>  >>  > m=audio 18322 RTP/AVP 18 101.
>  >>  > c=IN IP4 172.16.0.10.
>  >>  > a=rtpmap:18 G729/8000.
>  >>  > a=fmtp:18 annexb=no.
>  >>  > a=rtpmap:101 telephone-event/8000.
>  >>  > a=fmtp:101 0-16.
>  >>  >
>  >>  > Forwarded to centrex:
>  >>  >
>  >>  > SIP/2.0 183 Session Progress.
>  >>  > Via: SIP/2.0/UDP
>  >>  > 192.168.1.20:5062;branch=z9hG4bK43a4.3e96aba3.0,SIP/2.0/UDP
>  >>  > 192.168.1.20:5060;branch=z9hG4bK3213db83.
>  >>  > From: "02" <sip:0143132445 at 192.168.1.20>;tag=as1a2f900d.
>  >>  > To: <sip:0123456789 at 192.168.1.20:5062>;tag=3121D1B4-1BFD.
>  >>  > Date: Tue, 11 Apr 2006 09:08:28 GMT.
>  >>  > Call-ID: 08467c5e299ab833106517c63d3edc2e at 192.168.1.20.
>  >>  > Server: Cisco-SIPGateway/IOS-12.x.
>  >>  > CSeq: 102 INVITE.
>  >>  > Allow-Events: telephone-event.
>  >>  > Contact: <sip:677238#0123456789 at 172.16.0.10:5060>.
>  >>  > Record-Route:
>  >>  >
>  >> 
>
<sip:192.168.1.10;ftag=as1a2f900d;lr=on>,<sip:192.168.1.20:5062;ftag=as1
a2f900d;lr=on>. 
> 
>  >>
>  >>  >
>  >>  > Content-Disposition: session;handling=required.
>  >>  > Content-Type: application/sdp.
>  >>  > Content-Length: 277.
>  >>  > .
>  >>  > v=0.
>  >>  > o=CiscoSystemsSIP-GW-UserAgent 565 174 IN IP4 172.16.0.10.
>  >>  > s=SIP Call.
>  >>  > c=IN IP4 172.16.0.10.
>  >>  > t=0 0.
>  >>  > m=audio 36296 RTP/AVP 18 101.
>  >>  > c=IN IP4 192.168.1.10.
>  >>  > a=rtpmap:18 G729/8000.
>  >>  > a=fmtp:18 annexb=no.
>  >>  > a=rtpmap:101 telephone-event/8000.
>  >>  > a=fmtp:101 0-16.
>  >>  > a=nortpproxy:yes.
>  >>  >
>  >>  >
>  >>  > openser.cfg
>  >>  >
>  >>  > (...)
>  >>  >
>  >>  >  onreply_route[1] {
>  >>  >          if (status =~ "(180)|(183)|2[0-9][0-9]") {
>  >>  >                  fix_nated_contact();
>  >>  >                  if (!search("^Content-Length:[ ]*0")) {
>  >>  >                          force_rtp_proxy();
>  >>  >                  };
>  >>  >          } else if (nat_uac_test("1")) {
>  >>  >                  fix_nated_contact();
>  >>  >          };
>  >>  >  }
>  >>  >
>  >>  > (...)
>  >>  >
>  >>  > Best regards,
>  >>  > Nicolas Olivier
>  >>  >
>  >>  >
>  >>  > _______________________________________________
>  >>  > Users mailing list
>  >>  > Users at openser.org
>  >>  > http://openser.org/cgi-bin/mailman/listinfo/users
>  >>  >
>  >>
>  >
> 




------------------------------

Message: 7
Date: Tue, 11 Apr 2006 16:52:14 +0200
From: Cesc <cesc.santa at gmail.com>
Subject: Re: [Users] Allow only TLS connections
To: "Thorsten.Haupt at t-systems.com" <Thorsten.Haupt at t-systems.com>
Cc: users at openser.org
Message-ID:
	<ce8208420604110752i733143d8k5b565ac45b0cfda2 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6
c17b007ea61fa37b86b391ce1b2a80f#tcp



On 4/11/06, Thorsten.Haupt at t-systems.com <Thorsten.Haupt at t-systems.com>
wrote:
> I searched for this function, but I didn't found it :-(
> Knows anyone the correct code, not only pseudo-code?
>
> Torsten
>
> -----Ursprьngliche Nachricht-----
> Von: Cesc [mailto:cesc.santa at gmail.com]
> Gesendet: Dienstag, 11. April 2006 14:03
> An: Haupt, Thorsten
> Cc: users at openser.org
> Betreff: Re: [Users] Allow only TLS connections
>
> I think in openser there is a function to check what transport the
message came in ... you can do something like:
> if ( transport != TLS ) {
>           send error to UA
>           break;
> }
>
> Cesc
>
> On 4/11/06, Thorsten.Haupt at t-systems.com
<Thorsten.Haupt at t-systems.com> wrote:
> >
> >
> > Hello,
> >
> > I use OpenSER in a testing environment for VoIP security. My clients
> > connect via TLS. If I deactivate UDP/5060 on the server, it doesn't
work correct.
> > Some Clients can't connect and others can't establish calls. I read
in
> > another thread, that UDP is mandatory for SIP and that the server
need it.
> >
> > But how can I prevent users from connecting via UDP and force them
to
> > use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But
is
> > this the correct way? Are there any parameters server-side to force
> > users to connect via TLS?
> >
> > Thanks for response.
> > Torsten
> > _______________________________________________
> > Users mailing list
> > Users at openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>



------------------------------

Message: 8
Date: Tue, 11 Apr 2006 17:16:49 +0200
From: Andreas Granig <andreas.granig at inode.info>
Subject: [Users] Overlapping AVPs
To: users at openser.org
Message-ID: <443BC861.6040303 at inode.info>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hi,

Me again, sorry, but the docs aren't really noisy about AVP details...

So if I have user preferences for both the caller and callee and load 
them from DB and print them using the following:

   avp_db_load("$avp($uuid_caller)", "");
   avp_db_load("$avp($uuid_callee)", "");
   avp_print();

then they may overlap because of the same ID (say "i:102" for toggling 
some specific feature on/off), but according to the debug output both 
are present:

   INFO:avpops:print_avp: p=0x4056db90, flags=100
   INFO:                   id=<102>
   INFO:                   val_int=<1>

   INFO:avpops:print_avp: p=0x4056dc68, flags=100
   INFO:                   id=<102>
   INFO:                   val_int=<0>

So is it possible to selectively access the avp-value of both 
$uuid_caller and $uuid_callee? Something like $avp(i:102)[0] and 
$avp(i:102)[1] maybe?

Thanks,
Andy



------------------------------

Message: 9
Date: Tue, 11 Apr 2006 17:54:56 +0200
From: "D'Addelfio Davide" <Davide.D'Addelfio at italtel.it>
Subject: R: [Users] load from db table
To: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
Cc: users at openser.org
Message-ID: <82C94EFCF026F74EB91A2048B1C963A504065277 at BESONE.corp.dom>
Content-Type: text/plain;	charset="iso-8859-1"

Hi Bogdan, I'm trying to setup my config file , did the same

modparam("avpops", "db_scheme",
"scheme0:username_col=from;value_col=timestamp;value_type=string;table=a
cc")
modparam("avpops","avp_aliases","timestamp=i:800")

if (method=="INVITE")
avp_db_load("$from","$timestamp/$scheme0");

I'm not sure that is correct...

log gives me these errors

Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: submit_query: You
have an error in your SQL syntax.  Check the manual that corresponds to
your MySQL server version for the right syntax to use near 'from='bob''
at line 1
Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: db_query: Error
while submitting query
Apr 11 08:42:59 localhost /usr/sbin/openser[13752]:
ERROR:avpops:load_avps: db_load failed

Any thought?

Thanks
Davide 

-----Messaggio originale-----
Da: users-bounces at openser.org [mailto:users-bounces at openser.org] Per
conto di Bogdan-Andrei Iancu
Inviato: martedм 11 aprile 2006 16.12
A: D'Addelfio Davide
Cc: users at openser.org
Oggetto: Re: [Users] load from db table

Hi,

see:
    http://www.voice-system.ro/docs/avpops/ar01s06.html#avp_db_load

the "db_scheme" example.

regards,
bogdan

D'Addelfio Davide wrote:

>Hi Bogdan,
>
>i setup my openser.cfg to store SIP messages into acc tables of mysql,
>using extra accounting to store also the body part of the message. 
>Now i need that openser read into that db's table, in particular in
some
>rows of db.
>If I use avp_db_load it works only over usr_preference table, instead I
>want it looks into acc table. 
>
>How can I do? 
>
>Thanks for help
>Davide 
>  
>


_______________________________________________
Users mailing list
Users at openser.org
http://openser.org/cgi-bin/mailman/listinfo/users



------------------------------

_______________________________________________
Users mailing list
Users at openser.org
http://openser.org/cgi-bin/mailman/listinfo/users


End of Users Digest, Vol 11, Issue 27
*************************************








More information about the sr-users mailing list