[SR-Users] Kamailio how to make UAC challenge on Dispatcher failure route

Daniel-Constantin Mierla miconda at gmail.com
Wed Mar 17 08:15:33 CET 2021


Hello,

try to do always the uac_replace_from() inside a branch_route[].

Cheers,
Daniel

On 16.03.21 14:10, Antonio Couto wrote:
> I have one Kamailio that makes an outbound register on two Asterisk.
> I have a dispatcher with that same two Asterisk destinations, on
> INVITE message I call replace_from("", ) in order
> to call a internal extension and on failure route I receive 401 and call 
>
> the process of authorization is OK.
>
> The problem is that if the first Asterisk fail and I get 500 on
> failure route I can not call replace_from() because
> is not valid on the block.
>
> Is there any way to make this type of authorization process after
> receiving a 500 on failure route of dispatcher ?
>
> Below my cfg file.
>
> Thanks in advance.
> Antonio Couto
>
> #!KAMAILIO
> #!ifdef WITH_DEBUG
> #!define DBGLEVEL 3
> #!else
> #!define DBGLEVEL 2
> #!endif
>
> # - flags
> # FLT_ - per transaction (message) flags
> # FLB_ - per branch flags
> #!define FLT_ACC 1
> #!define FLT_ACCMISSED 2
> #!define FLT_ACCFAILED 3
> #!define FLT_NATS 5
>
> #!define FLB_NATB 6
> #!define FLB_NATSIPPING 7
>
> ####### Global Parameters #########
>
> /* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */
> debug=DBGLEVEL
>
> /* set to 'yes' to print log messages to terminal or use '-E' cli option */
> log_stderror=no
>
> memdbg=5
> memlog=5
>
> log_facility=LOG_LOCAL0
> log_prefix="{$mt $hdr(CSeq) $ci} "
>
> children=8
> auto_aliases=no
> enable_tls=no
> enable_sctp=no
> tcp_accept_no_cl=yes
>
> # SIP port
> listen=udp:192.168.0.201:5060 <http://192.168.0.201:5060/>
> # xhttp port
> listen=tcp:127.0.0.1:8181 <http://127.0.0.1:8181/>
>
> loadmodule "xhttp.so"
> loadmodule "jsonrpcs.so"
> loadmodule "kex.so"
> loadmodule "corex.so"
> loadmodule "tm.so"
> loadmodule "tmx.so"
> loadmodule "sl.so"
> loadmodule "rr.so"
> loadmodule "pv.so"
> loadmodule "maxfwd.so"
> loadmodule "textops.so"
> loadmodule "siputils.so"
> loadmodule "xlog.so"
> loadmodule "sanity.so"
> loadmodule "ctl.so"
> loadmodule "acc.so"
> loadmodule "dispatcher.so"
> loadmodule "htable.so"
> loadmodule "db_text.so"
> loadmodule "dialog.so"
> loadmodule "uac.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # ----- jsonrpcs params -----
> modparam("jsonrpcs", "pretty_format", 1)
> modparam("jsonrpcs", "transport", 1)
>
> # ----- sanity params -----
> modparam("sanity", "autodrop", 0)
>
> # ----- tm params -----
> # default retransmission timeout: 2sec
> modparam("tm", "fr_timer", 1500)
> # default invite retransmission timeout after 1xx: 40sec
> modparam("tm", "fr_inv_timer", 40000)
>
> # ----- rr params -----
> # set next param to 1 to add value to ;lr param (helps with some UAs)
> modparam("rr", "enable_full_lr", 0)
> modparam("rr", "append_fromtag", 1)
>
> # account triggers (flags)
> modparam("acc", "log_flag", FLT_ACC)
> modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
> modparam("acc", "log_extra",
> 	"src_user=$fU;src_domain=$fd;src_ip=$si;"
> 	"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>
> # ----- dispatcher params -----
> modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
> modparam("dispatcher", "flags", 2)
> modparam("dispatcher", "xavp_dst", "_dsdst_")
> modparam("dispatcher", "xavp_ctx", "_dsctx_")
> modparam("dispatcher", "ds_ping_method", "OPTIONS")
> modparam("dispatcher", "ds_ping_from", "sip:proxy at kamailio.org <mailto:sip%3Aproxy at kamailio.org>")
> modparam("dispatcher", "ds_ping_interval", 1)
> modparam("dispatcher", "ds_probing_mode", 1)
> modparam("dispatcher", "ds_probing_threshold", 1)
> modparam("dispatcher", "ds_inactive_threshold", 1)
> modparam("dispatcher", "ds_timer_mode", 1)
>
> modparam("db_text", "db_mode", 1)
> modparam("db_text", "emptystring", 1)
>
> modparam("dialog", "dlg_flag", 4)
> modparam("dialog", "track_cseq_updates", 1)
>
> modparam("uac", "restore_dlg", 1)
> modparam("uac", "reg_db_url", "text:///etc/kamailio/dbtext")
> modparam("uac", "reg_db_table", "uacreg")
> modparam("uac", "reg_timer_interval", 60)
> modparam("uac", "reg_retry_interval", 60)
> modparam("uac", "reg_contact_addr", "192.168.0.201:5060 <http://192.168.0.201:5060/>")
> modparam("uac","auth_username_avp","$avp(auser)")
> modparam("uac","auth_password_avp","$avp(apass)")
> modparam("uac","auth_realm_avp","$avp(arealm)")
>
> ####### Routing Logic ########
>
> # main request routing logic
> request_route {
>
> 	# per request initial checks
> 	route(REQINIT);
>
> 	# CANCEL processing
> 	if (is_method("CANCEL")) {
> 		if (t_check_trans()) {
> 			route(RELAY);
> 		}
> 		exit;
> 	}
>
> 	# handle retransmissions
> 	if (!is_method("ACK")) {
> 		if(t_precheck_trans()) {
> 			t_check_trans();
> 			exit;
> 		}
> 		t_check_trans();
> 	}
>
> 	# handle requests within SIP dialogs
> 	route(WITHINDLG);
>
> 	# record routing for dialog forming requests (in case they are routed)
> 	# - remove preloaded route headers
> 	remove_hf("Route");
> 	
> 	if (is_method("INVITE|SUBSCRIBE")) {
> 		record_route();
> 	}
>
> 	# account only INVITEs
> 	if (is_method("INVITE")) {
> 		setflag(FLT_ACC); # do accounting
> 	}
>
> 	if ($rU==$null) {
> 		# request with no Username in RURI
> 		sl_send_reply("484","Address Incomplete");
> 		exit;
> 	}
>
> 	# dispatch destinations
> 	if (is_method("INVITE")) {
> 		route(DISPATCH);
> 	}
> 	else {
> 		sl_send_reply("501","Not Implemented");
> 		exit;
> 	}
> }
>
> # Dispatch requests
> route[DISPATCH] {
>
> 	if ($si == "192.168.0.44" and $sp == 5060) {
> 		xlog("L_ALERT","from switch $si:$sp)\n");
> 		$var(groupid) = "2";
> 	}
> 	else{
> 		xlog("L_ALERT","from others $si:$sp)\n");
> 		$var(groupid) = "1";
> 	}
>
> 	if(!ds_select_dst($var(groupid), "11")) {
> 		send_reply("503", "Service Unavailable");
> 		exit;
> 	}
>
>   if ($du =~ "192.168.0.210") {
> 		xlog("L_ALERT", "SCRIPT: uac_replace_from\n");
>     uac_replace_from("", "sip:4000 at 192.168.0.201:5060 <http://sip:4000@192.168.0.201:5060/>");
> 	}
> 	
> 	xlog("L_ALERT", "SCRIPT: going to <$ru> via <$du> (attrs: $xavp(_dsdst_=>attrs))\n");
> 	t_on_failure("RTF_DISPATCH");
> 	route(RELAY);
> 	exit;
> }
>
> failure_route[RTF_DISPATCH] {
> 	$var(ts) = t_get_status_code();
> 	xlog("L_ALERT","ALERT: failure_route[RTF_DISPATCH]] from $si:$rp status:$var(ts)\n");
> 	if (t_is_canceled()) {
> 		exit;
> 	}
>
> 	if(t_check_status("401|407")) {
>     $avp(auser) = "4000";
>     $avp(apass) = "1234";
> 		$avp(arealm) = "asterisk";
>     if (uac_auth()) {
> 			route(RELAY);
>     }
>     exit;
>   }
>
> 	if (t_check_status("500") or (t_branch_timeout() and !t_branch_replied())) {
> 		if (ds_next_dst()) {
> 			xlog("L_ALERT", "retrying to <$ru> via <$du> (attrs: $xavp(_dsdst_=>attrs))\n");
> 			t_on_failure("RTF_DISPATCH");
> 			route(RELAY);
> 			exit;
> 		}
> 	}
> }
>
> # Per SIP request initial checks
> route[REQINIT] {
> 	if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent") {
> 		# silent drop for scanners - uncomment next line if want to reply
> 		# sl_send_reply("200", "OK");
> 		exit;
> 	}
> 	if (!mf_process_maxfwd_header("10")) {
> 		sl_send_reply("483","Too Many Hops");
> 		exit;
> 	}
> 	if(is_method("OPTIONS") && uri==myself && $rU==$null) {
> 		sl_send_reply("200","Keepalive");
> 		exit;
> 	}
> 	if(!sanity_check("17895", "7")) {
> 		xlog("Malformed SIP request from $si:$sp\n");
> 		exit;
> 	}
> }
>
> # Handle requests within SIP dialogs
> route[WITHINDLG] {
> 	if (!has_totag()) {
> 		return;
> 	}
> 	# sequential request withing a dialog should
> 	# take the path determined by record-routing
> 	if (loose_route()) {
> 		if (is_method("BYE")) {
> 			setflag(FLT_ACC); # do accounting ...
> 			setflag(FLT_ACCFAILED); # ... even if the transaction fails
> 		} 
> 		route(RELAY);
> 		exit;
> 	}
> 	if (is_method("ACK")) {
> 		if (t_check_trans()) {
> 			# no loose-route, but stateful ACK;
> 			# must be an ACK after a 487
> 			# or e.g. 404 from upstream server
> 			route(RELAY);
> 			exit;
> 		} else {
> 			# ACK without matching transaction ... ignore and discard
> 			exit;
> 		}
> 	}
> 	sl_send_reply("500","Server Internal Error");
> 	exit;
> }
>
> # Wrapper for relaying requests
> route[RELAY] {
> 	# enable additional event routes for forwarded requests
> 	# - serial forking, RTP relaying handling, a.s.o.
> 	if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
> 		if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
> 	}
> 	if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
> 		if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
> 	}
> 	if (is_method("INVITE")) {
> 		if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
> 	}
> 	if (!t_relay()) {
> 		sl_reply_error();
> 	}
> 	exit;
> }
>
> # jsonrpc dispatch
> event_route[xhttp:request] {
> 	if ($hu =~ "^/RPC") {
> 		jsonrpc_dispatch();
> 	}
> 	else {
> 		xhttp_reply("200", "OK", "text/html",
> 		"<html><body>Wrong URL $hu</body></html>");
> 	}
> }
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210317/95d7b5ef/attachment.htm>


More information about the sr-users mailing list