[serusers]: trusted table(permissions module)

Kamal.Mann at t-systems.com Kamal.Mann at t-systems.com
Sat Nov 4 08:18:56 CET 2006 

Hi All
In current scenario when a sip invite message comes to SER from my SIP_AS; SER take this massage trusted (as I defined in trusted table) but after this in my INVITE route(3) it sends it to route(1) default message handler. I am enclosing my ser.cfg; please take a glance on it. 

Thanks in anticipation
Kamal Mann
-----Original Message-----
From: John Shellhouse [mailto:jwshel at hotmail.com] 
Sent: Friday, November 03, 2006 9:17 PM
To: Mann, Kamal
Subject: RE: [serusers]: trusted table(permissions module)

Hi,

you've already tried something more filled in like this...


if (!proxy_authorize("somedomain.com","subscriber")) {
proxy_challenge("somedomain.com","0");
break;
} else if (method == "INVITE" & !check_from()) {
log("from!=digest\n");
sl_send_reply("403", "Use From=ID");

break;
};
consume_credentials();

T


>From: <Kamal.Mann at t-systems.com>
>To: <andrey.kouprianov at gmail.com>, <serusers at iptel.org>
>Subject: RE: [serusers]: trusted table(permissions module)
>Date: Fri, 3 Nov 2006 15:40:26 +0100
>
>Hi All
>Now SER is trusting packates from trusted table IP and in the following 
>part of route(3) of Invite message handler allow_trusted results 'true' and 
>it directly bypasses this code.
>if (!allow_trusted())
>{
>	if (!proxy_authorize("","subscriber"))
>	{
>		proxy_challenge("","0");
>		break;
>	}
>	else if (!check_from())
>	{
>		sl_send_reply("403", "Use From=ID");
>		break;
>	};
>	consume_credentials();
>};
>But after in route(1) its sending 407-proxy auth required to trusted ip of 
>sip_AS. Please help me out of this dilemma.
>
>Thanks in anticipation
>Kamal Mann
>
>-----Original Message-----
>From: serusers-bounces at lists.iptel.org 
>[mailto:serusers-bounces at lists.iptel.org] On Behalf Of Andrey Kuprianov
>Sent: Thursday, November 02, 2006 1:13 PM
>To: serusers at iptel.org
>Subject: Re: [serusers]: trusted table(permissions module)
>
>The one you attached, didnt have a semicolon. Anyway, try using a
>fresh copy of a ready made ser.cfg.
>
>   Bests,
>
>    Andrey.
>
>On 11/2/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > Yup I always do the same, Might be copy paste error. Its having 
>semicolon & working fine here.
> >
> > Regards
> > Kamal Mann
> >
> > -----Original Message-----
> > From: Andrey Kuprianov [mailto:andrey.kouprianov at gmail.com]
> > Sent: Thursday, November 02, 2006 10:34 AM
> > To: serusers at iptel.org
> > Subject: Re: [serusers]: trusted table(permissions module)
> >
> > Hi Kamal,
> >
> > Whenever you modified your ser.cfg did you restart SER after? Did you
> > check your ser.cfg for errors using "ser -c" command? I found some
> > errors in your ser.cfg code. For instance, inside the main route
> > block, your "if", which processes INVITEs, is missing a semicolon at
> > the end of the block.
> >
> > if (method=="INVITE")
> > {
> > #       sl_send_reply("404", "INVITE  ");
> >        route(3);
> >                break;
> > }   <----- missing semicolon here
> >
> >
> > If you are comfortable with your current ser.cfg, that's ok, but I'd
> > suggest you start with a fresh one, make your trusted table work, and
> > then add a "REFER" processing, like in your currect ser.cfg. Just
> > download one fresh ser.cfg from iptel.org site and add your
> > allow_trusted() "if" clause there.
> >
> >  Regards,
> >
> >    Andrey.
> >
> >
> > On 11/2/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > > Hi
> > > Please find ser.cfg enclosed.
> > >
> > > Trusted table entry:
> > > +---------------+-------+--------------+
> > > | src_ip        | proto | from_pattern |
> > > +---------------+-------+--------------+
> > > | 10.25.119.156 | any   | ^sip:.*$     |
> > > +---------------+-------+--------------+
> > > 1 row in set (0.00 sec)
> > >
> > > Thanks in anticipation
> > > Kamal Mann
> > > -----Original Message-----
> > > From: serusers-bounces at lists.iptel.org 
>[mailto:serusers-bounces at lists.iptel.org] On Behalf Of Andrey Kuprianov
> > > Sent: Wednesday, November 01, 2006 7:03 PM
> > > To: serusers at iptel.org
> > > Subject: Re: [serusers]: trusted table(permissions module)
> > >
> > >  Hi Kamal,
> > >
> > > I understand your setup. Nevertheless, it will be difficult to figure
> > > out your problem, w/o your ser.cfg file at hand. Also, send a trusted
> > > table query result (i.e. that row which contains entry for your
> > > SIP-AS).
> > >
> > >   Regards,
> > >
> > >     Andrey.
> > >
> > > On 11/1/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > > > Hi All
> > > > In my scenario I need ser to communicate with my SIP-AS. This SIP-AS 
>is having an application xyz running on it. This XYZ sends an invite to URI 
>"A at xcv.de" which is a subscriber in SER and this is in TO header of Invite 
>msg & FROM header contains another URI test at xcv.de but this URI 
>(test at xcv.de) isn't registered / subscribed to SER. I need SER trust all 
>packets from SIP-AS ip. BUT SER is sending 407 reply of INVITE to XYZ 
>application! IP in trusted table is of SIP-AS on top of which XYZ 
>application is running.
> > > >
> > > > Thanks in anticipation
> > > > Kamal Mann
> > > >
> > > > -----Original Message-----
> > > > From: Maciej ¯wirski [mailto:mzwirek at poczta.fm]
> > > > Sent: Wednesday, November 01, 2006 3:20 PM
> > > > To: serusers at lists.iptel.org
> > > > Subject: Re: [serusers]: trusted table(permissions module)
> > > >
> > > > Kamal.Mann at t-systems.com wrote:
> > > >
> > > > > Hi All
> > > > >
> > > > > I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted 
>table so
> > > > > that any packet sent from 10.25.119.156 would be trusted by SER 
>and
> > > > > don't ask for its credentials. But SER is replying *407- proxy* 
>auth
> > > > > needed!!  After this I tried with permissions.allow file:
> > > > >
> > > > Hi,
> > > > I had the same issue while interconnecting SER and Asterisk. It 
>turned
> > > > out to be an issue on Asterisk side (I had the same user added for 
>SER
> > > > and Asterisk, so the poor thing couldn't authorize either :)) So you
> > > > could check if the 407 you're getting is from SER or from the remote 
>host.
> > > >
> > > > Regards,
> > > > Maciej Zwirski
> > > >
> > > > 
>----------------------------------------------------------------------
> > > > Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
> > > >
> > > > _______________________________________________
> > > > Serusers mailing list
> > > > Serusers at lists.iptel.org
> > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > > _______________________________________________
> > > > Serusers mailing list
> > > > Serusers at lists.iptel.org
> > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > >
> > >
> > >
> >
>_______________________________________________
>Serusers mailing list
>Serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers

_________________________________________________________________
Get FREE company branded e-mail accounts and business Web site from 
Microsoft Office Live 
http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ser_attache.txt
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061104/d811be26/attachment.txt>

More information about the sr-users mailing list