[SR-Users] incorrect port 0 in reply from rtp proxy

Mokhtar Bengana mokhtar.bengana at gmail.com
Wed Jun 8 04:31:17 CEST 2011


I am still unable to fix the one way audio for my outgoing calls. I
tried different flags for nat_uac_test and force_rtp_proxy and nothing
made a difference.  Wireshack is not showing an rtp stream being
initiated from the callee back to my natted caller ip. I have included
my routing logic and appreciate any help figuring out why rtpproxy is
not engaged in both legs of the rtp stream.


# - flags
#   FLT_ - per transaction (message) flags
#       FLB_ - per branch flags
#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_NATS 5
#!define FLB_NATB 6
#!define FLB_NATSIPPING 7


#!ifdef WITH_NAT
# ----- rtpproxy params -----
modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:22222")

# ----- nathelper params -----
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
modparam("nathelper", "sipping_from", "sip:pinger at mydomain.com")

# params needed for NAT traversal in other modules
modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB)
#!endi


####### Routing Logic ########


# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route
route {

        # per request initial checks
        route(REQINIT);

        # NAT detection
        route(NAT);

        # handle requests within SIP dialogs
        route(WITHINDLG);

        ### only initial requests (no To tag)

        # CANCEL processing
        if (is_method("CANCEL"))
        {
                if (t_check_trans())
                        t_relay();
                exit;
        }

        t_check_trans();

        # authentication
        route(AUTH);

        # record routing for dialog forming requests (in case they are routed)
        # - remove preloaded route headers
        remove_hf("Route");
        if (is_method("INVITE|SUBSCRIBE"))
                record_route();

        # account only INVITEs
        if (is_method("INVITE"))
        {
                setflag(FLT_ACC); # do accounting
        }

        # dispatch requests to foreign domains
        route(SIPOUT);

        ### requests for my local domains

        # handle presence related requests
        route(PRESENCE);

        # handle registrations
        route(REGISTRAR);

        if ($rU==$null)
        {
                # request with no Username in RURI
                sl_send_reply("484","Address Incomplete");
                exit;
        }

        # dispatch destinations to PSTN
        route(PSTN);

        # user location service
        route(LOCATION);

        route(RELAY);
}


route[RELAY] {
#!ifdef WITH_NAT
        if (check_route_param("nat=yes")) {
                setbflag(FLB_NATB);
        }
        if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
                route(RTPPROXY);
        }
#!endif

        /* example how to enable some additional event routes */
        if (is_method("INVITE")) {
                #t_on_branch("BRANCH_ONE");
                t_on_reply("REPLY_ONE");
                t_on_failure("FAIL_ONE");
        }

        if (!t_relay()) {
                sl_reply_error();
        }
        exit;
}

# Per SIP request initial checks
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
        # flood dection from same IP and traffic ban for a while
        # be sure you exclude checking trusted peers, such as pstn gateways
        # - local host excluded (e.g., loop to self)
        if(src_ip!=myself)
        {
                if($sht(ipban=>$si)!=$null)
                {
                        # ip is already blocked
                        xdbg("request from blocked IP - $rm from $fu
(IP:$si:$sp)\n");
                        exit;
                }
                if (!pike_check_req())
                {
                        xlog("L_ALERT","ALERT: pike blocking $rm from
$fu (IP:$si:$sp)\n");
                        $sht(ipban=>$si) = 1;
                        exit;
                }
        }
#!endif

        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                exit;
        }

        if(!sanity_check("1511", "7"))
        {
                xlog("Malformed SIP message from $si:$sp\n");
                exit;
        }
}

# Handle requests within SIP dialogs
route[WITHINDLG] {
        if (has_totag()) {
                # sequential request withing a dialog should
                # take the path determined by record-routing
                if (loose_route()) {
                        if (is_method("BYE")) {
                                setflag(FLT_ACC); # do accounting ...
                                setflag(FLT_ACCFAILED); # ... even if
the transaction fails
                        }
                        route(RELAY);
                } else {
                        if (is_method("SUBSCRIBE") && uri == myself) {
                                # in-dialog subscribe requests
                                route(PRESENCE);
                                exit;
                        }
                        if ( is_method("ACK") ) {
                                if ( t_check_trans() ) {
                                        # no loose-route, but stateful ACK;
                                        # must be an ACK after a 487
                                        # or e.g. 404 from upstream server
                                        t_relay();
                                        exit;
                                } else {
                                        # ACK without matching
transaction ... ignore and discard
                                        exit;
                                }
                        }
                        sl_send_reply("404","Not here");
                }
                exit;
        }
}

# Handle SIP registrations
route[REGISTRAR] {
        if (is_method("REGISTER"))
        {
                if(isflagset(FLT_NATS))
                {
                        setbflag(FLB_NATB);
                        # uncomment next line to do SIP NAT pinging
                        setbflag(FLB_NATSIPPING);
                }
                if (!save("location"))
                        sl_reply_error();

                exit;
        }
}

# USER location service
route[LOCATION] {

#!ifdef WITH_ALIASDB
        # search in DB-based aliases
        alias_db_lookup("dbaliases");
#!endif

        if (!lookup("location")) {
                switch ($rc) {
                        case -1:
                        case -3:
                                t_newtran();
                                t_reply("404", "Not Found");
                                exit;
                        case -2:
                                sl_send_reply("405", "Method Not Allowed");
                                exit;
                }
        }

        # when routing via usrloc, log the missed calls also
        if (is_method("INVITE"))
        {
                setflag(FLT_ACCMISSED);
        }
}

# Presence server route
route[PRESENCE] {
        if(!is_method("PUBLISH|SUBSCRIBE"))
                return;

#!ifdef WITH_PRESENCE
        if (!t_newtran())
        {
                sl_reply_error();
                exit;
        };

        if(is_method("PUBLISH"))
        {
                handle_publish();
                t_release();
        }
        else
        if( is_method("SUBSCRIBE"))
        {
                handle_subscribe();
                t_release();
        }
        exit;
#!endif

        # if presence enabled, this part will not be executed
        if (is_method("PUBLISH") || $rU==$null)
        {
                sl_send_reply("404", "Not here");
                exit;
        }
        return;
}

# Authentication route
route[AUTH] {
#!ifdef WITH_AUTH
        if (is_method("REGISTER"))
        {
                # authenticate the REGISTER requests (uncomment to enable auth)
                if (!www_authorize("$td", "subscriber"))
                {
                        www_challenge("$td", "0");
                        exit;
                }

                if ($au!=$tU)
                {
                        sl_send_reply("403","Forbidden auth ID");
                        exit;
                }
        } else {

#!ifdef WITH_IPAUTH
                if(allow_source_address())
                {
                        # source IP allowed
                        return;
                }
#!endif

                # authenticate if from local subscriber
                if (from_uri==myself)
                {
                        if (!proxy_authorize("$fd", "subscriber")) {
                                proxy_challenge("$fd", "0");
                                exit;
                        }
                        if (is_method("PUBLISH"))
                        {
                                if ($au!=$tU) {
                                        sl_send_reply("403","Forbidden
auth ID");
                                        exit;
                                }
                        } else {
                                if ($au!=$fU) {
                                        sl_send_reply("403","Forbidden
auth ID");
                                        exit;
                                }
                        }

                        consume_credentials();
                        # caller authenticated
                } else {
                        # caller is not local subscriber, then check if it calls
                        # a local destination, otherwise deny, not an
open relay here
                        if (!uri==myself)
                        {
                                sl_send_reply("403","Not relaying");
                                exit;
                        }
                }
        }
#!endif
        return;
}

# Caller NAT detection route
route[NAT] {
#!ifdef WITH_NAT
        force_rport();
        if (nat_uac_test("31")) {
                if (method=="REGISTER") {
                        fix_nated_register();
                } else {
                        fix_nated_contact();
                }
                setflag(FLT_NATS);
        }
#!endif
        return;
}

# RTPProxy control
route[RTPPROXY] {
#!ifdef WITH_NAT
        if (is_method("BYE")) {
                unforce_rtp_proxy();
        } else if (is_method("INVITE")){
                force_rtp_proxy("s");
        }
        if (!has_totag()) add_rr_param(";nat=yes");
#!endif
        return;
}

# Routing to foreign domains
route[SIPOUT] {
        if (!uri==myself)
        {
                append_hf("P-hint: outbound\r\n");
                route(RELAY);
        }
}

# PSTN GW routing
route[PSTN] {
#!ifdef WITH_PSTN
        # check if PSTN GW IP is defined
        if (strempty($sel(cfg_get.pstn.gw_ip))) {
                xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not
defined\n");
                return;
        }

        # route to PSTN dialed numbers starting with '+' or '00'
        #     (international format)
        # - update the condition to match your dialing rules for PSTN routing
        if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
                return;

        # only local users allowed to call
        if(from_uri!=myself) {
                sl_send_reply("403", "Not Allowed");
                exit;
        }

        $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);

        route(RELAY);
        exit;
#!endif

        return;
}

# XMLRPC routing
#!ifdef WITH_XMLRPC
route[XMLRPC]
{
        # allow XMLRPC from localhost
        if ((method=="POST" || method=="GET")
                        && (src_ip==127.0.0.1)) {
                # close connection only for xmlrpclib user agents
(there is a bug in
                # xmlrpclib: it waits for EOF before interpreting the response).
                if ($hdr(User-Agent) =~ "xmlrpclib")
                        set_reply_close();
                set_reply_no_connect();
                dispatch_rpc();
                exit;
        }
        send_reply("403", "Forbidden");
        exit;
}
#!endif

# Sample branch router
branch_route[BRANCH_ONE] {
        xdbg("new branch at $ru\n");
}

# Sample onreply route
onreply_route[REPLY_ONE] {
        xdbg("incoming reply\n");
#!ifdef WITH_NAT
        if ((isflagset(FLT_NATS) || isbflagset(FLB_NATB))
                        && status=~"(183)|(2[0-9][0-9])") {
                force_rtp_proxy();
        }
        if (isbflagset("6")) {
                fix_nated_contact();
        }
#!endif
}

# Sample failure route
failure_route[FAIL_ONE] {
#!ifdef WITH_NAT
        if (is_method("INVITE")
                        && (isbflagset(FLB_NATB) || isflagset(FLT_NATS))) {
                unforce_rtp_proxy();
        }
#!endif

        if (t_is_canceled()) {
                exit;
        }

        # uncomment the following lines if you want to block client
        # redirect based on 3xx replies.
        ##if (t_check_status("3[0-9][0-9]")) {
        ##t_reply("404","Not found");
        ##      exit;
        ##}

        # uncomment the following lines if you want to redirect the failed
        # calls to a different new destination
        ##if (t_check_status("486|408")) {
        ##      sethostport("192.168.2.100:5060");
        ##      append_branch();
        ##      # do not set the missed call flag again
        ##      t_relay();
        ##}
}



On Mon, Jun 6, 2011 at 10:52 PM, Alex Balashov
<abalashov at evaristesys.com> wrote:
> What are the syntax issues?
>
> P.S. has_sdp() doesn't actually exist.
>
> --
> Alex Balashov - Principal
> Evariste Systems LLC
> 260 Peachtree Street NW
> Suite 2200
> Atlanta, GA 30303
> Tel: +1-678-954-0670
> Fax: +1-404-961-1892
> Web: http://www.evaristesys.com/
>
> On Jun 6, 2011, at 11:48 PM, Mokhtar Bengana <mokhtar.bengana at gmail.com> wrote:
>
>> Andrew,
>>
>> I am trying to use rtpproxy_offer/answer on the ONREPLY ROUTE but I am
>> having some syntax issues. Here is the example I am using. Any help
>> with the syntax appreciated.
>>
>>
>> route {
>> ...
>>    if (is_method("INVITE")) {
>>        if (has_sdp()) {
>>            if (rtpproxy_offer())
>>                t_on_reply("1");
>>        } else {
>>            t_on_reply("2");
>>        }
>>    }
>>    if (is_method("ACK") && has_sdp())
>>        rtpproxy_answer();
>> ...
>> }
>>
>> onreply_route[1]
>> {
>> ...
>>    if (has_sdp())
>>        rtpproxy_answer();
>> ...
>> }
>>
>> onreply_route[2]
>> {
>> ...
>>    if (has_sdp())
>>        rtpproxy_offer();
>> ...
>> }
>>
>> On Mon, Jun 6, 2011 at 5:37 AM, Andrew Pogrebennyk
>> <andrew.pogrebennyk at portaone.com> wrote:
>>> Mokhtar, could you please make sure that you are calling route(RTPPROXY) in
>>> reply route as well, as Alex suggested?
>>>
>>> On 03.06.2011 16:33, Mokhtar Bengana wrote:
>>>>
>>>> This is how I configured rtpproxy. Not sure why rtpproxy is not
>>>> engaged both ways. Thanks for your help.
>>>
>>> --
>>> Sincerely,
>>> Andrew Pogrebennyk
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>



More information about the sr-users mailing list