[Users] OpenSER as load balancer for several Asterisk servers

Edoardo Serra osdevel at webrainstorm.it
Wed Dec 20 19:24:10 CET 2006


At 17.21 20/12/2006, Klaus Darilion wrote:
>Then we have to go back to the beginning:
>Please send a complete ngrep Trace (not ethereal or tcpdump - they 
>are horrible to read) of the call:
>ngrep -t -W byline port 5060
>(make sure not to mix IP addresses when replacing them)
>And also send openser.cfg (remove passwords)

Here I am,
         dump with ngrep and openser.cfg follow.

The most strange thing, as you wuold notice, is that the 2 packets 
with 183 Session Progress contain the right IP addresses for the 
media path in SDP
Those IPs are changed in the 200 OK packets so subsequents packet go 
to the wrong server (the result is monodirectional audio)

IP and called number substitutions:
AAA.AAA.AAA.AAA stands for IP of Asterisk
OOO.OOO.OOO.OOO stands for IP of OpenSER
CCC.CCC.CCC.CCC stands for IP of client
3333333333 is the called number

Tnx in advance for help

Regards
Edoardo

---- Dump ----

interface: eth0
filter: ip and ( port 5060 )

#
U 2006/12/20 19:15:34.678287 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060
INVITE sip:3333333333 at OOO.OOO.OOO.OOO SIP/2.0.
Via: SIP/2.0/UDP 
192.168.1.207:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport.
Max-Forwards: 70.
Contact: <sip:webrainstorm at OOO.OOO.OOO.OOO:21722>.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, 
SUBSCRIBE, INFO.
Content-Type: application/sdp.
Proxy-Authorization: Digest 
username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333 at OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.
User-Agent: X-Lite release 1002tx stamp 29712.
Content-Length: 531.
.
v=0.
o=- 8 2 IN IP4 192.168.1.207.
s=<CounterPath eyeBeam 1.5>.
c=IN IP4 192.168.1.207.
t=0 0.
m=audio 51126 RTP/AVP 107 119 0 98 8 3 101.
a=alt:1 4 : j8K0NvX0 kXY4R7xZ 10.20.0.18 51126.
a=alt:2 3 : fLWQkZY+ MYtnqw0q 192.168.1.207 51126.
a=alt:3 2 : yXdwE+mU 41ew0wrw 192.168.33.1 51126.
a=alt:4 1 : 4uQ0NB/Z F+dp79Pq 192.168.8.1 51126.
a=fmtp:101 0-15.
a=rtpmap:107 BV32/16000.
a=rtpmap:119 BV32-FEC/16000.
a=rtpmap:98 iLBC/8000.
a=rtpmap:101 telephone-event/8000.
a=sendrecv.
a=x-rtp-session-id:6754D37B91D842568EE88680F168B966.

#
U 2006/12/20 19:15:34.679538 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060
.
.

#
U 2006/12/20 19:15:34.680057 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722
SIP/2.0 100 trying -- your call is important to us.
Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
Server: OpenSer (1.1.0-notls (i386/linux)).
Content-Length: 0.
Warning: 392 OOO.OOO.OOO.OOO:5060 "Noisy feedback tells:  pid=31932 
req_src_ip=CCC.CCC.CCC.CCC req_src_port=21722 
in_uri=sip:3333333333 at OOO.OOO.OOO.OOO 
out_uri=sip:3333333333 at OOO.OOO.OOO.OOO via_cnt==1".
.

#
U 2006/12/20 19:15:34.680156 OOO.OOO.OOO.OOO:5060 -> 
AAA.AAA.AAA.AAA:5060 5766 at 0:1480
........INVITE sip:3333333333 at OOO.OOO.OOO.OOO SIP/2.0.
Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710>.
Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0.
Via: SIP/2.0/UDP 
CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
Max-Forwards: 69.
Contact: <sip:webrainstorm at CCC.CCC.CCC.CCC:21722>.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, 
SUBSCRIBE, INFO.
Content-Type: application/sdp.
Proxy-Authorization: Digest 
username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333 at OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.
User-Agent: X-Lite release 1002tx stamp 29712.
Content-Length: 529.
P-hint: usrloc applied.
.
v=0.
o=- 8 2 IN IP4 CCC.CCC.CCC.CCC.
s=<CounterPath eyeBeam 1.5>.
c=IN IP4 CCC.CCC.CCC.CCC.
t=0 0.
m=audio 51126 RTP/AVP 107 119 0 98 8 3 101.
a=alt:1 4 : j8K0NvX0 kXY4R7xZ 10.20.0.18 51126.
a=alt:2 3 : fLWQkZY+ MYtnqw0q 192.168.1.207 51126.
a=alt:3 2 : yXdwE+mU 41ew0wrw 192.168.33.1 51126.
a=alt:4 1 : 4uQ0NB/Z F+dp79Pq 192.168.8.1 51126.
a=fmtp:101 0-15.
a=rtpmap:107 BV32/16000.
a=rtpmap:119 BV32-FEC/16000.
a=rtpmap:98 iLBC/8000.
a=rtpmap:101 telephone-event/8000.
a=sendrecv.
a=x-rtp-session-id:6754D37B91D842568EE88680F168B
#
U 2006/12/20 19:15:34.681110 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060
SIP/2.0 100 Trying.
Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO.
Via: SIP/2.0/UDP 
CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
User-Agent: Asterisk.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
Content-Length: 0.
.

#
U 2006/12/20 19:15:35.025207 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060
SIP/2.0 183 Session Progress.
Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO.
Via: SIP/2.0/UDP 
CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
User-Agent: Asterisk.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
Content-Type: application/sdp.
Content-Length: 291.
.
v=0.
o=root 20137 20137 IN IP4 AAA.AAA.AAA.AAA.
s=session.
c=IN IP4 AAA.AAA.AAA.AAA.
t=0 0.
m=audio 30502 RTP/AVP 98 3 8 0 101.
a=rtpmap:98 iLBC/8000.
a=rtpmap:3 GSM/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.

#
U 2006/12/20 19:15:35.025446 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722
SIP/2.0 183 Session Progress.
Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
User-Agent: Asterisk.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
Content-Type: application/sdp.
Content-Length: 291.
.
v=0.
o=root 20137 20137 IN IP4 AAA.AAA.AAA.AAA.
s=session.
c=IN IP4 AAA.AAA.AAA.AAA.
t=0 0.
m=audio 30502 RTP/AVP 98 3 8 0 101.
a=rtpmap:98 iLBC/8000.
a=rtpmap:3 GSM/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.

#
U 2006/12/20 19:15:39.290612 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060
SIP/2.0 180 Ringing.
Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO.
Via: SIP/2.0/UDP 
CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
User-Agent: Asterisk.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
Content-Length: 0.
.

#
U 2006/12/20 19:15:39.290784 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722
SIP/2.0 180 Ringing.
Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
User-Agent: Asterisk.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
Content-Length: 0.
.

#
U 2006/12/20 19:15:45.284233 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO.
Via: SIP/2.0/UDP 
CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710>.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
User-Agent: Asterisk.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
Content-Type: application/sdp.
Content-Length: 291.
.
v=0.
o=root 20137 20138 IN IP4 AAA.AAA.AAA.AAA.
s=session.
c=IN IP4 AAA.AAA.AAA.AAA.
t=0 0.
m=audio 30502 RTP/AVP 98 3 8 0 101.
a=rtpmap:98 iLBC/8000.
a=rtpmap:3 GSM/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.

#
U 2006/12/20 19:15:45.284766 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 
OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710>.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 INVITE.
User-Agent: Asterisk.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
Content-Type: application/sdp.
Content-Length: 291.
.
v=0.
o=root 20137 20138 IN IP4 OOO.OOO.OOO.OOO.
s=session.
c=IN IP4 OOO.OOO.OOO.OOO.
t=0 0.
m=audio 30502 RTP/AVP 98 3 8 0 101.
a=rtpmap:98 iLBC/8000.
a=rtpmap:3 GSM/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.

#
U 2006/12/20 19:15:45.523120 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060
ACK sip:3333333333 at AAA.AAA.AAA.AAA:5060 SIP/2.0.
Via: SIP/2.0/UDP 
192.168.1.207:21722;branch=z9hG4bK-d87543-1276651d53700b28-1--d87543-;rport.
Max-Forwards: 70.
Route: <sip:OOO.OOO.OOO.OOO;lr;ftag=1d106710>.
Contact: <sip:webrainstorm at OOO.OOO.OOO.OOO:21722>.
To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
CSeq: 2 ACK.
Proxy-Authorization: Digest 
username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333 at OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.
User-Agent: X-Lite release 1002tx stamp 29712.
Content-Length: 0.
.

#

---- openser.cfg ----

AAA.AAA.AAA.111 and AAA.AAA.AAA.222 are the 2 asterisks used for load balance
In the capure before only one of the 2 Asterisk boxes was in dispatcher.list


# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

#debug=3         # debug level (cmd line: -dddddddddd)
fork=yes
#log_stderror=no        # (cmd line: -E)

check_via=no    # (cmd. line: -v)
dns=no          # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
#children=4
#port=5060
fifo="/tmp/ser_fifo"

#uid=nobody
#gid=nobody

# ------------------ module loading ----------------------------------

loadmodule "/usr/lib/openser/modules/sl.so"
loadmodule "/usr/lib/openser/modules/tm.so"
loadmodule "/usr/lib/openser/modules/rr.so"
loadmodule "/usr/lib/openser/modules/maxfwd.so"
loadmodule "/usr/lib/openser/modules/usrloc.so"
loadmodule "/usr/lib/openser/modules/registrar.so"
loadmodule "/usr/lib/openser/modules/nathelper.so"
loadmodule "/usr/lib/openser/modules/textops.so"
loadmodule "/usr/lib/openser/modules/exec.so"
loadmodule "/usr/lib/openser/modules/uri.so"
loadmodule "/usr/lib/openser/modules/uri_db.so"
loadmodule "/usr/lib/openser/modules/dispatcher.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/openser/modules/mysql.so"
loadmodule "/usr/lib/openser/modules/auth.so"
loadmodule "/usr/lib/openser/modules/auth_db.so"

modparam("usrloc", "db_mode", 2)
modparam("usrloc", "db_url", "mysql://xxx:xxx@192.168.252.5/openser")

# abbassare il timer
modparam("usrloc", "timer_interval", 120)

modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "db_url", "mysql://xxx:xxx@192.168.252.5/voismartdb")

modparam("uri_db", "db_url", "mysql://xxx:xxx@192.168.252.5/openser")

modparam("rr", "enable_full_lr", 1)

modparam("registrar", "nat_flag", 6)
#modparam("registrar", "default_expires", 300)
modparam("registrar", "max_expires", 3600)
modparam("registrar", "min_expires", 60)
modparam("registrar", "append_branches", 0)
modparam("registrar", "desc_time_order", 1)

modparam("nathelper", "natping_interval", 20) # Ping interval 20 s
modparam("nathelper", "ping_nated_only", 1)   # Ping only clients behind NAT

modparam("dispatcher", "force_dst", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{
         # initial sanity checks -- messages with
         # max_forwards==0, or excessively long requests
         if (!mf_process_maxfwd_header("10")) {
                 sl_send_reply("483","Too Many Hops");
                 exit;
         };
         if ( msg:len > max_len ) {
                 sl_send_reply("513", "Message too big");
                 exit;
         };

         if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || 
(method=="NOTIFY") ) {
                 sl_send_reply("405", "Method Not Allowed");
                 exit;
         }

         if (!method=="REGISTER") {
                 record_route();
         };

         if ((src_ip==AAA.AAA.AAA.111) || (src_ip==AAA.AAA.AAA.222)) {
                 if (!lookup("location")) {
                         sl_send_reply("404", "Not Found");
                         exit;
                 };
                 # forward to current uri now; use stateful forwarding; that
                 # works reliably even if we forward from TCP to UDP
                 if (!t_relay()) {
                         sl_reply_error();
                 };
                 exit;
         };

         if (nat_uac_test("3")) {
                 if ((method=="REGISTER") || (method=="INVITE") || 
(method=="OPTIONS")) {
                         fix_nated_contact();
                         force_rport();
                         setflag(6);    # Mark as NATed
                 }
         }
         # if the request is for other domain use UsrLoc
         # (in case, it does not work, use the following command
         # with proper names and addresses in it)
         if (method=="REGISTER") {
                 if (!proxy_authorize("exorsa", "openser_view")) {
                         proxy_challenge("exorsa", "0");
                         exit;
                 }
                 if (!check_to()) {
                         sl_send_reply("403", "Digest username and 
URI username do NOT match! Stay away!");
                         exit;
                 }

                 save("location");

                 exit;
         };

         if (method=="INVITE") {
                 if (!proxy_authorize("exorsa", "openser_view")) {
                         proxy_challenge("exorsa", "0");
                         exit;
                 }

                 if (!check_from()) {
                         sl_send_reply("403", "Digest username and 
URI username do NOT match! Stay away!");
                         exit;
                 }
         }

         # loose-route processing
         if (loose_route()) {
                 # mark routing logic in request
                 append_hf("P-hint: rr-enforced\r\n");
                 route(1);
                 exit;
         };

         if (!uri==myself) {
                 # mark routing logic in request
                 append_hf("P-hint: outbound\r\n");
                 route(1);
                 exit;
         };

         append_hf("P-hint: usrloc applied\r\n");
         route(1);
}

route[1]
{
         # !! Nathelper
         if 
(uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && 
!search("^Route:")){
             sl_send_reply("479", "We don't forward to private IP addresses");
             exit;
         };

         # NAT processing of replies; apply to all transactions (for example,
         # re-INVITEs from public to private UA are hard to identify as
         # NATed at the moment of request processing); look at replies
         t_on_reply("1");

         # send it out now; use stateful forwarding as it works reliably
         # even for UDP2TCP
         if ((src_ip!=AAA.AAA.AAA.111) && (src_ip!=AAA.AAA.AAA.222)) {
                 ds_select_dst("2", "0");
         }

         if (!t_relay()) {
                 sl_reply_error();
         };
}

# !! Nathelper
onreply_route[1] {
     # NATed transaction ?
     if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
         fix_nated_contact();
     #force_rtp_proxy();
     # otherwise, is it a transaction behind a NAT and we did not
     # know at time of request processing ? (RFC1918 contacts)
     } else if (nat_uac_test("1")) {
         fix_nated_contact();
     };
}

Hope it helps.

Tnx again for your help

Regards

Edoardo





More information about the sr-users mailing list