[OpenSER-Users] Radius accounting and Dialog
David Villasmil
david.villasmil.work at gmail.com
Fri Jun 13 14:08:19 CEST 2008
Just so you know... with eyebam, rtps do NOT go through the mediaproxy, but
with sjphone they do... strange, huh?
On Fri, Jun 13, 2008 at 1:58 PM, David Villasmil <
david.villasmil.work at gmail.com> wrote:
> No, it seems rtps are NOT flowing through mediaproxy... what am I doing
> wrong? I'm trying to force ALL calls through the mediasproxy, here's me
> openser.cfg:
>
>
> #
> # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
> #
> # simple quick-start config script
> # Please refer to the Core CookBook at
> http://www.openser.org/dokuwiki/doku.php
> # for a explanation of possible statements, functions and parameters.
> #
>
> # ----------- global configuration parameters ------------------------
>
> debug=4 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=no # (cmd line: -E)
> children=10
> port=5060
> listen=MY.OPENSER.IP.COM
> disable_dns_blacklist=true
>
> # ------------------ module loading ----------------------------------
> #set module path
> mpath="//lib/openser/modules/"
>
> # Uncomment this if you want to use SQL database
> #loadmodule "mysql.so"
>
> loadmodule "mysql.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "uri.so"
> loadmodule "uri_db.so"
> loadmodule "domain.so"
> loadmodule "permissions.so"
> #loadmodule "group.so"
> loadmodule "mi_fifo.so"
> loadmodule "lcr.so"
> loadmodule "avpops.so"
> loadmodule "xlog.so"
> loadmodule "nathelper.so"
> loadmodule "mediaproxy.so"
> loadmodule "acc.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> loadmodule "auth.so"
> loadmodule "auth_db.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
>
> modparam("registrar", "received_avp", "$avp(i:42)")
>
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "nat_bflag", 4)
>
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "password_column", "password")
>
> modparam("rr", "enable_full_lr", 1)
>
>
> #modparam("auth_db|permissions|uri_db|usrloc","db_url","mysql://openser:openserrw@localhost
> /openser")
>
> modparam("auth_db|permissions|usrloc|uri_db|domain|lcr|avpops|avp_url","db_url","mysql://openser:password@localhost
> /openser")
>
> modparam("permissions", "db_mode", 1)
> modparam("permissions", "trusted_table", "trusted")
>
> modparam("avpops", "avp_table", "usr_preferences")
>
> modparam("nathelper","rtpproxy_sock", "")
> modparam("nathelper","natping_interval", 0)
> modparam("nathelper","received_avp", "$avp(i:42)")
>
> modparam("mediaproxy","natping_interval",20)
> modparam("mediaproxy","mediaproxy_socket",
> "/var/run/mediaproxy/mediaproxy.sock")
> modparam("mediaproxy","sip_asymmetrics","/etc/openser/sip-clients")
> modparam("mediaproxy","rtp_asymmetrics","/ect/openser/rtp-clients")
>
> modparam("lcr", "contact_avp", "$avp(i:711)")
> modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)")
> modparam("lcr", "gw_uri_avp", "$avp(i:709)")
> modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)")
> modparam("lcr", "ruri_user_avp", "$avp(i:500)")
> modparam("lcr", "dm_flag", 25)
>
> modparam("acc", "radius_config",
> "/etc/radiusclient-ng/radiusclient.conf")
> modparam("acc", "radius_flag", 2)
> modparam("acc", "radius_missed_flag", 3)
> modparam("acc", "radius_extra",
> "User-Name=$Au;Calling-Station-Id=$from;Called-Station-Id=$to;Sip-Translated-Request-URI=$ruri;Sip-RPid=$avp(s:rpid);Source-IP=$si;Source-Port=$sp;Canonical-URI=$avp(s:can_uri);Billing-Party=$avp(s:billing_party);Divert-Reason=$avp(s:divert_reason);X-RTP-Stat=$hdr(X-RTP-Stat);Contact=$hdr(contact);Event=$hdr(event);SIP-Proxy-IP=$avp(s:sip_proxy_ip);ENUM-TLD=$avp(s:enum_tld)")
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> #
> # -- 1 -- Request Validation
> #
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> };
>
> if (msg:len >= 2048 ) {
> sl_send_reply("513", "Message too big");
> exit;
> };
>
> #
> # -- 2 -- Routing Preprocessing
> #
> ## Record-route all except Register
> ## Mark packets with nat=yes
> ## This mark will be used to identify the request in the loose
> ## route section
> # if(!is_method("REGISTER")){
> # if(nat_uac_test("19")){
> record_route(";nat=yes");
> # } else {
> # record_route();
> # };
> # };
>
> ##Loose_route packets
> if (has_totag()) {
> #sequential request withing a dialog should
> # take the path determined by record-routing
> if (loose_route()) {
> if(method=="BYE") {
> #Account BYE transactions
> setflag(2);
> };
>
> #Check authentication of re-invites
> if(method=="INVITE" && (!allow_trusted())) {
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","1");
> exit;
> } else if (!check_from()) {
> sl_send_reply("403", "Forbidden, use From=ID");
> exit;
> };
> };
> if(method=="BYE" || method=="CANCEL") {
> end_media_session();
> };
> ##Detect requests in the dialog behind NAT and flag with 6
> # if(nat_uac_test("19") || search("^Route:.*;nat=yes")){
> append_hf("P-hint: LR|fixcontact,setflag6\r\n");
> fix_contact();
> setbflag(6);
> # };
> route(1);
> } else {
> sl_send_reply("404","Not here");
> }
> exit;
> }
>
> #CANCEL processing
> if (is_method("CANCEL")) {
> if (t_check_trans()) {
> end_media_session();
> t_relay();
> };
> exit;
> }
>
> t_check_trans();
> #
> # -- 3 -- Determine Request Target
> #
> if (method=="REGISTER") {
> route(2);
> } else {
> route(3);
> };
> }
>
>
> route[1] {
> #
> # -- 4 -- Forward request to target
> #
> # Forward statefully
> t_on_reply("1");
> t_on_failure("1");
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> }
>
> route[2] {
> ## Register request handler
> if (is_uri_host_local()) {
> if (!www_authorize("", "subscriber")) {
> www_challenge("", "1");
> exit;
> };
>
> if (!check_to()) {
> sl_send_reply("403", "Forbidden");
> exit;
> };
>
> # if(!search("^Contact:[ ]*\*") && client_nat_test("7")) {
> setbflag(6);
> fix_nated_register();
> force_rport();
> # };
> save("location");
> exit;
>
> } else if {
>
> sl_send_reply("403", "Forbidden");
>
> };
> }
>
> route[3] {
> ## Requests handler
>
> if (method=="INVITE") {
> # Account INVITE packets
> setflag(2);
> # Account Missed calls
> setflag(3);
> # Radius Extra
> $avp(s:sip_proxy_ip)="MY.OPENSER.IP.COM";
> };
>
> if (is_from_local()){
> # From an internal domain -> check the credentials and the FROM
> if(!allow_trusted()){
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> exit;
> } else if(!check_from()) {
> sl_send_reply("403", "Forbidden, use From=ID");
> exit;
> };
> };
>
> # if (client_nat_test("3")) {
> append_hf("P-hint:
> route(3)|setflag7,forcerport,fix_contact\r\n");
> setbflag(7);
> force_rport();
> fix_contact();
> # };
>
> #unconditional call forward
> if(avp_db_load("$ru/username","$avp(s:callfwd)")) {
> avp_pushto("$ru", "$avp(s:callfwd)");
> route(1);
> exit;
> }
>
> consume_credentials();
>
> #verify aliases, if found replace R-URI.
> lookup("aliases");
>
> if (is_uri_host_local()) {
> # -- Inbound to Inbound
> route(10);
> } else {
> # -- Inbound to outbound
> route(11);
> };
>
> } else {
>
> #From an external domain ->do not check credentials
> #Verify aliases, if found replace R-URI.
> lookup("aliases");
> if (is_uri_host_local()) {
> #-- Outbound to inbound
> route(12);
> } else {
> # -- Outbound to outbound
> route(13);
> };
> };
> }
>
> route[4] {
> # routing to the public network
> if (!load_gws()) {
> sl_send_reply("503", "Unable to load gateways");
> exit;
> }
>
> if(!next_gw()){
> sl_send_reply("503", "Unable to find a gateway");
> exit;
> }
> t_on_failure("2");
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> }
>
> route[6] {
> #
> # -- NAT handling --
> #
> #if (isbflagset(6) || isbflagset(7)) {
> append_hf("P-hint: Route[6]: mediaproxy \r\n");
> use_media_proxy();
> #};
> }
>
> route[10] {
> #from an internal domain -> inbound
> #Native SIP destinations are handled using the location table
> #Gateway destinations are handled by regular expressions
> append_hf("P-hint: inbound->inbound \r\n");
>
> if (uri=~"^sip:613") { # ECHO TEST
> route(6);
> rewritehostport("fwdnat2.pulver.com:5060");
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> };
>
> if (uri=~"^sip:301") { # ECHO TEST
> route(6);
> rewritehostport("blueface.ie");
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> };
>
> #
> # if (uri=~"^sip:1[2-9][0-9]{9}@") {
> # if (is_user_in("credentials","ld")) {
> # strip(1);
> # prefix("+1");
> # route(6);
> # route(4);
> # exit;
> # } else {
> # sl_send_reply("403", "No permissions for long distance");
> # exit;
> # };
> # };
> #
> # if (uri=~"^sip:011[0-9]*@") {
> # if (is_user_in("credentials","int")) {
> # strip(3);
> # prefix("+");
> # route(6);
> # route(4);
> # exit;
> # } else {
> # sl_send_reply("403", "No permissions for international
> calls");
> # };
> # };
>
> if (!lookup("location")) {
> if (does_uri_exist()) {
> ## User not registered at this time.
> ## Use the IP Address of your e-mail server
> revert_uri();
> prefix("u");
> rewritehostport("192.168.1.171"); #Use the IP address of your
> voicemail server
> route(6);
> route(1);
> } else {
> sl_send_reply("404", "Not Found");
> exit;
> }
> sl_send_reply("404", "Not Found");
> exit;
> };
> route(6);
> route(1);
> }
>
> route[11] {
> # from an internal domain -> outbound
> # Simply route the call outbound using DNS search
> append_hf("P-hint: inbound->outbound \r\n");
> route(1);
> }
>
> route[12] {
> # From an external domain -> inbound
> # Verify aliases, if found replace R-URI.
> lookup("aliases");
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> exit;
> };
> route(1);
> }
>
> route[13] {
> #From an external domain outbound
> #we are not accepting these calls
> append_hf("P-hint: outbound->inbound \r\n");
> sl_send_reply("403", "Forbidden");
> exit;
> }
>
> failure_route[1] {
> ##--
> ##-- If cancelled, exit.
> ##--
> if (t_was_cancelled()) {
> exit;
> };
> ##--
> ##-- If busy send to the e-mail server, prefix the "b"
> ##-- character to indicate busy.
> ##--
> if (t_check_status("486")) {
> revert_uri();
> prefix("b");
> rewritehostport("192.168.1.171");
> append_branch();
> route(1);
> exit;
> };
> ##--
> ##-- If timeout (408) or unavailable temporarily (480),
> ##-- prefix the uri with the "u"character to indicate
> ##-- unanswered and send to the e-mail
> ##-- sever
> ##--
> if (t_check_status("408") || t_check_status("480")) {
> revert_uri();
> prefix("u");
> rewritehostport("192.168.1.171");
> append_branch();
> route(1);
> exit;
> };
> }
>
> failure_route[2] {
> if(!next_gw()) {
> t_reply("503", "Service not available, no more gateways");
> exit;
> };
> t_on_failure("2");
> t_relay();
> }
>
>
> onreply_route[1] {
> #
> #-- On-replay block routing --
> #
> # if (client_nat_test("1")) {
> append_hf("P-hint: Onreply-route - fixcontact \r\n");
> fix_contact();
> # };
>
> # if ((isbflagset(6) || isbflagset(7)) &&
> (status=~"(180)|(183)|2[0-9][0-9]")) {
> # if (search("^Content-Type:[ ]*application/sdp")) {
> append_hf("P-hint: onreply_route|usemediaproxy \r\n");
> use_media_proxy();
> # };
> # };
> exit;
> }
>
>
>
> I tried commenting out all tests for NAT... but nothing
>
> On Fri, Jun 13, 2008 at 1:34 PM, David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> Yes, I have audio. Attahced is the ngrep
>>
>>
>>
>> On Fri, Jun 13, 2008 at 11:12 AM, Raúl Alexis Betancor Santana <
>> rabs at dimension-virtual.com> wrote:
>>
>>> On Fri, Jun 13, 2008 at 10:27:55AM +0200, David Villasmil wrote:
>>> > That's what I thought. I just setup mediaproxy and making some tests.
>>> > Its working as far a audio is concerned. But all calls have a duration
>>> > of 0 seconds! Even though audio is flowing through mo it does't seem
>>> > to realize it and shows a messgae of "timeout", in this timeout,
>>> > though there's data flowing. But it still sends the STOP to the
>>> > radius.
>>> >
>>> > anyone knows why? Has this happen to anyone?
>>> >
>>> > thanks a lot.
>>>
>>> A complete ngrep trace would be need to check what it's happening
>>>
>>> Have you audio both ways and still receive the timeout ?
>>>
>>> --
>>> Saludos
>>>
>>> Raúl Alexis Betancor Santana
>>> Dimensión Virtual S.L.
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.openser.org
>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080613/88a60063/attachment.htm>
More information about the sr-users
mailing list