[serusers]: trusted table(permissions module)

Kamal.Mann at t-systems.com Kamal.Mann at t-systems.com
Mon Nov 6 06:46:32 CET 2006


Hi Andrey
Please find ethereal packet capture enclosed. SER n/w dump is 'SER_SERVER' and SIP_AS n/w dump is 'SAS_SERVER'.
SER IP = 10.25.119.155
SIP AS IP = 10.25.119.156
To URI is registered at SER end (dilip)
>From URI is Application Name (example) and neither created nor registered (WakeUpService) with SER.

Thanks in anticipation
Kamal Mann

-----Original Message-----
From: serusers-bounces at lists.iptel.org [mailto:serusers-bounces at lists.iptel.org] On Behalf Of Andrey Kuprianov
Sent: Monday, November 06, 2006 11:04 AM
To: serusers at iptel.org
Subject: Re: [serusers]: trusted table(permissions module)

  Hi Kamal,

Please (!), do network dump and send it here. Use tcpdump, ngrep,
Ethereal, anything to catch your network traffic on port 5060.

   Waiting for your traces,

    Andrey.

On 11/6/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> Hi Andrey,
> Yes you are right it not bypassing that part of code (route [3]).But why it is so? Its not trusting SIP AS IP! I had recompiled permissions module but still the same response!!
>
> Regards
> Kamal Mann
> -----Original Message-----
> From: serusers-bounces at lists.iptel.org [mailto:serusers-bounces at lists.iptel.org] On Behalf Of Andrey Kuprianov
> Sent: Saturday, November 04, 2006 6:20 PM
> To: serusers at iptel.org
> Subject: Re: [serusers]: trusted table(permissions module)
>
> Hi Kamal,
>
> Really, there are only 2 places in your ser.cfg, where proxy_authorize
> is called. One is inside route[3] block, and one, which is commented
> out is inside the main route block. Since, one proxy_authorize is
> commented out, this leaves the only a single proxy_authorize - the one
> inside route[3] block. Now... In your previous mail you said,
> "allow_trusted results 'true' and it directly bypasses this code."
> This means only one thing - there are *no more* proxy_authorize left
> to call...
>
> You also said "But after in route(1) its sending 407-proxy auth
> required to trusted ip of sip_AS". That is impossible. Your route[1]
> block cannot and does not send 407 response. There's simply no
> proxy_authorize code in there and SER does not do it automatically!
>
> I have several ideas (some of them were already presented in previous mails):
>
> 1. Something else (not SER) is sending 407 response. Catch network
> traffic (i.e. traces) and send them here to the list. Do it on both
> sides, SER and SIP-AS. This is critical.
> 2. Your SER is using some other configuration file (it's my best guess
> now), not the one that you've sent. Please, check thoroughly on this
> issue.
> 3. Do a fresh start with your configuration file. You will lose 1
> (maximum 2) hours, but at least it's gonna work.
>
> I really wish you best of luck on this one, man!
>
>  Andrey.
>
>
>
>
> On 11/4/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > Hi All
> > In current scenario when a sip invite message comes to SER from my SIP_AS; SER take this massage trusted (as I defined in trusted table) but after this in my INVITE route(3) it sends it to route(1) default message handler. I am enclosing my ser.cfg; please take a glance on it.
> >
> > Thanks in anticipation
> > Kamal Mann
> > -----Original Message-----
> > From: John Shellhouse [mailto:jwshel at hotmail.com]
> > Sent: Friday, November 03, 2006 9:17 PM
> > To: Mann, Kamal
> > Subject: RE: [serusers]: trusted table(permissions module)
> >
> > Hi,
> >
> > you've already tried something more filled in like this...
> >
> >
> > if (!proxy_authorize("somedomain.com","subscriber")) {
> > proxy_challenge("somedomain.com","0");
> > break;
> > } else if (method == "INVITE" & !check_from()) {
> > log("from!=digest\n");
> > sl_send_reply("403", "Use From=ID");
> >
> > break;
> > };
> > consume_credentials();
> >
> > T
> >
> >
> > >From: <Kamal.Mann at t-systems.com>
> > >To: <andrey.kouprianov at gmail.com>, <serusers at iptel.org>
> > >Subject: RE: [serusers]: trusted table(permissions module)
> > >Date: Fri, 3 Nov 2006 15:40:26 +0100
> > >
> > >Hi All
> > >Now SER is trusting packates from trusted table IP and in the following
> > >part of route(3) of Invite message handler allow_trusted results 'true' and
> > >it directly bypasses this code.
> > >if (!allow_trusted())
> > >{
> > >       if (!proxy_authorize("","subscriber"))
> > >       {
> > >               proxy_challenge("","0");
> > >               break;
> > >       }
> > >       else if (!check_from())
> > >       {
> > >               sl_send_reply("403", "Use From=ID");
> > >               break;
> > >       };
> > >       consume_credentials();
> > >};
> > >But after in route(1) its sending 407-proxy auth required to trusted ip of
> > >sip_AS. Please help me out of this dilemma.
> > >
> > >Thanks in anticipation
> > >Kamal Mann
> > >
> > >-----Original Message-----
> > >From: serusers-bounces at lists.iptel.org
> > >[mailto:serusers-bounces at lists.iptel.org] On Behalf Of Andrey Kuprianov
> > >Sent: Thursday, November 02, 2006 1:13 PM
> > >To: serusers at iptel.org
> > >Subject: Re: [serusers]: trusted table(permissions module)
> > >
> > >The one you attached, didnt have a semicolon. Anyway, try using a
> > >fresh copy of a ready made ser.cfg.
> > >
> > >   Bests,
> > >
> > >    Andrey.
> > >
> > >On 11/2/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > > > Yup I always do the same, Might be copy paste error. Its having
> > >semicolon & working fine here.
> > > >
> > > > Regards
> > > > Kamal Mann
> > > >
> > > > -----Original Message-----
> > > > From: Andrey Kuprianov [mailto:andrey.kouprianov at gmail.com]
> > > > Sent: Thursday, November 02, 2006 10:34 AM
> > > > To: serusers at iptel.org
> > > > Subject: Re: [serusers]: trusted table(permissions module)
> > > >
> > > > Hi Kamal,
> > > >
> > > > Whenever you modified your ser.cfg did you restart SER after? Did you
> > > > check your ser.cfg for errors using "ser -c" command? I found some
> > > > errors in your ser.cfg code. For instance, inside the main route
> > > > block, your "if", which processes INVITEs, is missing a semicolon at
> > > > the end of the block.
> > > >
> > > > if (method=="INVITE")
> > > > {
> > > > #       sl_send_reply("404", "INVITE  ");
> > > >        route(3);
> > > >                break;
> > > > }   <----- missing semicolon here
> > > >
> > > >
> > > > If you are comfortable with your current ser.cfg, that's ok, but I'd
> > > > suggest you start with a fresh one, make your trusted table work, and
> > > > then add a "REFER" processing, like in your currect ser.cfg. Just
> > > > download one fresh ser.cfg from iptel.org site and add your
> > > > allow_trusted() "if" clause there.
> > > >
> > > >  Regards,
> > > >
> > > >    Andrey.
> > > >
> > > >
> > > > On 11/2/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > > > > Hi
> > > > > Please find ser.cfg enclosed.
> > > > >
> > > > > Trusted table entry:
> > > > > +---------------+-------+--------------+
> > > > > | src_ip        | proto | from_pattern |
> > > > > +---------------+-------+--------------+
> > > > > | 10.25.119.156 | any   | ^sip:.*$     |
> > > > > +---------------+-------+--------------+
> > > > > 1 row in set (0.00 sec)
> > > > >
> > > > > Thanks in anticipation
> > > > > Kamal Mann
> > > > > -----Original Message-----
> > > > > From: serusers-bounces at lists.iptel.org
> > >[mailto:serusers-bounces at lists.iptel.org] On Behalf Of Andrey Kuprianov
> > > > > Sent: Wednesday, November 01, 2006 7:03 PM
> > > > > To: serusers at iptel.org
> > > > > Subject: Re: [serusers]: trusted table(permissions module)
> > > > >
> > > > >  Hi Kamal,
> > > > >
> > > > > I understand your setup. Nevertheless, it will be difficult to figure
> > > > > out your problem, w/o your ser.cfg file at hand. Also, send a trusted
> > > > > table query result (i.e. that row which contains entry for your
> > > > > SIP-AS).
> > > > >
> > > > >   Regards,
> > > > >
> > > > >     Andrey.
> > > > >
> > > > > On 11/1/06, Kamal.Mann at t-systems.com <Kamal.Mann at t-systems.com> wrote:
> > > > > > Hi All
> > > > > > In my scenario I need ser to communicate with my SIP-AS. This SIP-AS
> > >is having an application xyz running on it. This XYZ sends an invite to URI
> > >"A at xcv.de" which is a subscriber in SER and this is in TO header of Invite
> > >msg & FROM header contains another URI test at xcv.de but this URI
> > >(test at xcv.de) isn't registered / subscribed to SER. I need SER trust all
> > >packets from SIP-AS ip. BUT SER is sending 407 reply of INVITE to XYZ
> > >application! IP in trusted table is of SIP-AS on top of which XYZ
> > >application is running.
> > > > > >
> > > > > > Thanks in anticipation
> > > > > > Kamal Mann
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Maciej ¯wirski [mailto:mzwirek at poczta.fm]
> > > > > > Sent: Wednesday, November 01, 2006 3:20 PM
> > > > > > To: serusers at lists.iptel.org
> > > > > > Subject: Re: [serusers]: trusted table(permissions module)
> > > > > >
> > > > > > Kamal.Mann at t-systems.com wrote:
> > > > > >
> > > > > > > Hi All
> > > > > > >
> > > > > > > I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted
> > >table so
> > > > > > > that any packet sent from 10.25.119.156 would be trusted by SER
> > >and
> > > > > > > don't ask for its credentials. But SER is replying *407- proxy*
> > >auth
> > > > > > > needed!!  After this I tried with permissions.allow file:
> > > > > > >
> > > > > > Hi,
> > > > > > I had the same issue while interconnecting SER and Asterisk. It
> > >turned
> > > > > > out to be an issue on Asterisk side (I had the same user added for
> > >SER
> > > > > > and Asterisk, so the poor thing couldn't authorize either :)) So you
> > > > > > could check if the 407 you're getting is from SER or from the remote
> > >host.
> > > > > >
> > > > > > Regards,
> > > > > > Maciej Zwirski
> > > > > >
> > > > > >
> > >----------------------------------------------------------------------
> > > > > > Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
> > > > > >
> > > > > > _______________________________________________
> > > > > > Serusers mailing list
> > > > > > Serusers at lists.iptel.org
> > > > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > > > > _______________________________________________
> > > > > > Serusers mailing list
> > > > > > Serusers at lists.iptel.org
> > > > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >_______________________________________________
> > >Serusers mailing list
> > >Serusers at lists.iptel.org
> > >http://lists.iptel.org/mailman/listinfo/serusers
> >
> > _________________________________________________________________
> > Get FREE company branded e-mail accounts and business Web site from
> > Microsoft Office Live
> > http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
> >
> >
> > _______________________________________________
> > Serusers mailing list
> > Serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
> >
> >
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
_______________________________________________
Serusers mailing list
Serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SER_SERVER
Type: application/octet-stream
Size: 2553 bytes
Desc: SER_SERVER
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061106/df55efc8/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SAS_SERVER
Type: application/octet-stream
Size: 2553 bytes
Desc: SAS_SERVER
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061106/df55efc8/attachment-0001.obj>


More information about the sr-users mailing list