[Users] nat_helper: multiple media IP address in SDP

Nicolas Olivier nolivier at alphalink.fr
Wed Apr 12 09:30:58 CEST 2006


Hi Dmitry,

Thanks, it works like a charm.

Nicolas

Dmitry Lyubimkov wrote:
> We had the same problem with SDP.
> There are very many UA with this mistake error
> To bypass this restriction we have added after
> force_rtp_proxy();
> Also such command
> subst("/^c=IN IP4 ([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)(.*)/c=IN IP4
> 11.22.33.44\5/i");
> 
> Dmitry
> 
> ------------------------------
> 
> Message: 6
> Date: Tue, 11 Apr 2006 16:51:22 +0200
> From: "Nicolas Olivier" <nolivier at alphalink.fr>
> Subject: Re: [Users] nat_helper: multiple media IP address in SDP
> To: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
> Cc: users at openser.org
> Message-ID: <443BC26A.8040407 at alphalink.fr>
> Content-Type: text/plain;       format=flowed;  charset="ISO-8859-1"
> 
> 
> 
> Ok, I may have a look to the csv.
> Thanks for the help.
> 
> regards,
> Nicolas
> 
> Bogdan-Andrei Iancu wrote:
>  > Hi,
>  >
>  > Nicolas Olivier wrote:
>  >
>  >  >
>  >  > Hi Bogdan,
>  >  >
>  >  > Ok, I understand now. But I still encounter the problem because:
>  >  > - rtpproxy only rewrites the c= from media part (but it should be
> fine
>  >  > as you said) despite what a quick look in the rtpproxy code
> comments
>  >  > say ("We have to change ports in m-lines, and also change IP
> addresses
>  >  > in c-lines which can be placed either in session header (fallback
> for
>  >  > all medias) or media description.")
>  >
>  > yes, the nathelper will change the c= from session header only if it
>  > finds a media section without a local c= (which means the default c=
>  > from session hdr will be used).
>  >
>  >  > - the centrex (which is an asterisk by the way) take only into
> account
>  >  > the c= from the session part, not the one from media part
>  >
>  > in the CVS devel there is a flag that force also changing of session
> c= :
>  >     http://openser.org/docs/modules/1.1.x/nathelper.html#AEN275 , the
>  > "c" flag
>  >
>  > regards,
>  > bogdan
>  >
>  >  >
>  >  >
>  >  >
>  >  > regards,
>  >  > Nicolas
>  >  >
>  >  > Bogdan-Andrei Iancu wrote:
>  >  >
>  >  >> Hi Nicolas,
>  >  >>
>  >  >> it;s perfectly ok - see the SDP RFC : an SDP may contain a default
> 
>  > c= in
>  >  >> the session part; each media section (m=) may contain an ip (c=);
> if it
>  >  >> doesn't the session c= will be used.
>  >  >>
>  >  >> regards,
>  >  >> bogdan
>  >  >>
>  >  >> Nicolas Olivier wrote:
>  >  >>
>  >  >>  >
>  >  >>  > Hi,
>  >  >>  >
>  >  >>  > I've got a gateway which is only used for rounting and rtp
> proxying
>  >  >>  > between providers and centrexes.
>  >  >>  >
>  >  >>  > On reply to an INVITE, one of our provider send back a "183
> Session
>  >  >>  > Progress". The problem is that in the SDP block, we've got 2
>  > media IP
>  >  >>  > address and rtpproxy only rewrite one.
>  >  >>  >
>  >  >>  > Finally, the provider establish rtp session with our gateway,
> and
>  > our
>  >  >>  > centrex directly with the provider.
>  >  >>  >
>  >  >>  >   provider                  gateway                  centrex
>  >  >>  > 172.16.0.10               192.168.1.10
> 192.168.1.20
>  >  >>  >      RTP     ------------->   RTP      ------------>   RTP
>  >  >>  >       ^-------------------------------------------------|
>  >  >>  >
>  >  >>  > So my questions are, is it possible to have multiple IP address
> in
>  >  >> SDP
>  >  >>  > and if so, how can I tell rtpproxy to rewrite all of them.
>  >  >>  >
>  >  >>  > Coming from provider:
>  >  >>  >
>  >  >>  > SIP/2.0 183 Session Progress.
>  >  >>  > Via: SIP/2.0/UDP
>  >  >>  > 192.168.1.10;branch=z9hG4bKdd67.a4cc2c44.0,SIP/2.0/UDP
>  >  >>  > 192.168.1.20:5062;branch=z9hG4bKdd67.08f45a33.0,SIP/2.0/UDP
>  >  >>  > 192.168.1.20:5060;branch=z9hG4bK4af242b7.
>  >  >>  > From: "02" <sip:0143132445 at 192.168.1.20>;tag=as226ce7b9.
>  >  >>  > To: <sip:0123456789 at 192.168.1.20:5062>;tag=3123AAA8-20C5.
>  >  >>  > Date: Tue, 11 Apr 2006 09:10:29 GMT.
>  >  >>  > Call-ID: 079ab6663e403ff44a1107e5111b075f at 192.168.1.20.
>  >  >>  > Server: Cisco-SIPGateway/IOS-12.x.
>  >  >>  > CSeq: 102 INVITE.
>  >  >>  > Allow-Events: telephone-event.
>  >  >>  > Contact: <sip:677238#0123456789 at 172.16.0.10:5060>.
>  >  >>  > Record-Route:
>  >  >>  >
>  >  >>
>  >
> <sip:192.168.1.10;ftag=as226ce7b9;lr=on>,<sip:192.168.1.20:5062;ftag=as2
> 26ce7b9;lr=on>.
>  >
>  >  >>
>  >  >>  >
>  >  >>  > Content-Disposition: session;handling=required.
>  >  >>  > Content-Type: application/sdp.
>  >  >>  > Content-Length: 261.
>  >  >>  > .
>  >  >>  > v=0.
>  >  >>  > o=CiscoSystemsSIP-GW-UserAgent 3448 4768 IN IP4 172.16.0.10.
>  >  >>  > s=SIP Call.
>  >  >>  > c=IN IP4 172.16.0.10.
>  >  >>  > t=0 0.
>  >  >>  > m=audio 18322 RTP/AVP 18 101.
>  >  >>  > c=IN IP4 172.16.0.10.
>  >  >>  > a=rtpmap:18 G729/8000.
>  >  >>  > a=fmtp:18 annexb=no.
>  >  >>  > a=rtpmap:101 telephone-event/8000.
>  >  >>  > a=fmtp:101 0-16.
>  >  >>  >
>  >  >>  > Forwarded to centrex:
>  >  >>  >
>  >  >>  > SIP/2.0 183 Session Progress.
>  >  >>  > Via: SIP/2.0/UDP
>  >  >>  > 192.168.1.20:5062;branch=z9hG4bK43a4.3e96aba3.0,SIP/2.0/UDP
>  >  >>  > 192.168.1.20:5060;branch=z9hG4bK3213db83.
>  >  >>  > From: "02" <sip:0143132445 at 192.168.1.20>;tag=as1a2f900d.
>  >  >>  > To: <sip:0123456789 at 192.168.1.20:5062>;tag=3121D1B4-1BFD.
>  >  >>  > Date: Tue, 11 Apr 2006 09:08:28 GMT.
>  >  >>  > Call-ID: 08467c5e299ab833106517c63d3edc2e at 192.168.1.20.
>  >  >>  > Server: Cisco-SIPGateway/IOS-12.x.
>  >  >>  > CSeq: 102 INVITE.
>  >  >>  > Allow-Events: telephone-event.
>  >  >>  > Contact: <sip:677238#0123456789 at 172.16.0.10:5060>.
>  >  >>  > Record-Route:
>  >  >>  >
>  >  >>
>  >
> <sip:192.168.1.10;ftag=as1a2f900d;lr=on>,<sip:192.168.1.20:5062;ftag=as1
> a2f900d;lr=on>.
>  >
>  >  >>
>  >  >>  >
>  >  >>  > Content-Disposition: session;handling=required.
>  >  >>  > Content-Type: application/sdp.
>  >  >>  > Content-Length: 277.
>  >  >>  > .
>  >  >>  > v=0.
>  >  >>  > o=CiscoSystemsSIP-GW-UserAgent 565 174 IN IP4 172.16.0.10.
>  >  >>  > s=SIP Call.
>  >  >>  > c=IN IP4 172.16.0.10.
>  >  >>  > t=0 0.
>  >  >>  > m=audio 36296 RTP/AVP 18 101.
>  >  >>  > c=IN IP4 192.168.1.10.
>  >  >>  > a=rtpmap:18 G729/8000.
>  >  >>  > a=fmtp:18 annexb=no.
>  >  >>  > a=rtpmap:101 telephone-event/8000.
>  >  >>  > a=fmtp:101 0-16.
>  >  >>  > a=nortpproxy:yes.
>  >  >>  >
>  >  >>  >
>  >  >>  > openser.cfg
>  >  >>  >
>  >  >>  > (...)
>  >  >>  >
>  >  >>  >  onreply_route[1] {
>  >  >>  >          if (status =~ "(180)|(183)|2[0-9][0-9]") {
>  >  >>  >                  fix_nated_contact();
>  >  >>  >                  if (!search("^Content-Length:[ ]*0")) {
>  >  >>  >                          force_rtp_proxy();
>  >  >>  >                  };
>  >  >>  >          } else if (nat_uac_test("1")) {
>  >  >>  >                  fix_nated_contact();
>  >  >>  >          };
>  >  >>  >  }
>  >  >>  >
>  >  >>  > (...)
>  >  >>  >
>  >  >>  > Best regards,
>  >  >>  > Nicolas Olivier
>  >  >>  >
>  >  >>  >
>  >  >>  > _______________________________________________
>  >  >>  > Users mailing list
>  >  >>  > Users at openser.org
>  >  >>  > http://openser.org/cgi-bin/mailman/listinfo/users
>  >  >>  >
>  >  >>
>  >  >
>  >
> 
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Tue, 11 Apr 2006 16:52:14 +0200
> From: Cesc <cesc.santa at gmail.com>
> Subject: Re: [Users] Allow only TLS connections
> To: "Thorsten.Haupt at t-systems.com" <Thorsten.Haupt at t-systems.com>
> Cc: users at openser.org
> Message-ID:
>         <ce8208420604110752i733143d8k5b565ac45b0cfda2 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6 
> <http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6>
> c17b007ea61fa37b86b391ce1b2a80f#tcp
> 
> 
> 
> On 4/11/06, Thorsten.Haupt at t-systems.com <Thorsten.Haupt at t-systems.com>
> wrote:
>  > I searched for this function, but I didn't found it :-(
>  > Knows anyone the correct code, not only pseudo-code?
>  >
>  > Torsten
>  >
>  > -----Ursprьngliche Nachricht-----
>  > Von: Cesc [mailto:cesc.santa at gmail.com]
>  > Gesendet: Dienstag, 11. April 2006 14:03
>  > An: Haupt, Thorsten
>  > Cc: users at openser.org
>  > Betreff: Re: [Users] Allow only TLS connections
>  >
>  > I think in openser there is a function to check what transport the
> message came in ... you can do something like:
>  > if ( transport != TLS ) {
>  >           send error to UA
>  >           break;
>  > }
>  >
>  > Cesc
>  >
>  > On 4/11/06, Thorsten.Haupt at t-systems.com
> <Thorsten.Haupt at t-systems.com> wrote:
>  > >
>  > >
>  > > Hello,
>  > >
>  > > I use OpenSER in a testing environment for VoIP security. My clients
>  > > connect via TLS. If I deactivate UDP/5060 on the server, it doesn't
> work correct.
>  > > Some Clients can't connect and others can't establish calls. I read
> in
>  > > another thread, that UDP is mandatory for SIP and that the server
> need it.
>  > >
>  > > But how can I prevent users from connecting via UDP and force them
> to
>  > > use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But
> is
>  > > this the correct way? Are there any parameters server-side to force
>  > > users to connect via TLS?
>  > >
>  > > Thanks for response.
>  > > Torsten
>  > > _______________________________________________
>  > > Users mailing list
>  > > Users at openser.org
>  > > http://openser.org/cgi-bin/mailman/listinfo/users
>  > >
>  > >
>  > >
>  >
>  > _______________________________________________
>  > Users mailing list
>  > Users at openser.org
>  > http://openser.org/cgi-bin/mailman/listinfo/users
>  >
> 
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Tue, 11 Apr 2006 17:16:49 +0200
> From: Andreas Granig <andreas.granig at inode.info>
> Subject: [Users] Overlapping AVPs
> To: users at openser.org
> Message-ID: <443BC861.6040303 at inode.info>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Hi,
> 
> Me again, sorry, but the docs aren't really noisy about AVP details...
> 
> So if I have user preferences for both the caller and callee and load
> them from DB and print them using the following:
> 
>    avp_db_load("$avp($uuid_caller)", "");
>    avp_db_load("$avp($uuid_callee)", "");
>    avp_print();
> 
> then they may overlap because of the same ID (say "i:102" for toggling
> some specific feature on/off), but according to the debug output both
> are present:
> 
>    INFO:avpops:print_avp: p=0x4056db90, flags=100
>    INFO:                   id=<102>
>    INFO:                   val_int=<1>
> 
>    INFO:avpops:print_avp: p=0x4056dc68, flags=100
>    INFO:                   id=<102>
>    INFO:                   val_int=<0>
> 
> So is it possible to selectively access the avp-value of both
> $uuid_caller and $uuid_callee? Something like $avp(i:102)[0] and
> $avp(i:102)[1] maybe?
> 
> Thanks,
> Andy
> 
> 
> 
> ------------------------------
> 
> Message: 9
> Date: Tue, 11 Apr 2006 17:54:56 +0200
> From: "D'Addelfio Davide" <Davide.D'Addelfio at italtel.it>
> Subject: R: [Users] load from db table
> To: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
> Cc: users at openser.org
> Message-ID: <82C94EFCF026F74EB91A2048B1C963A504065277 at BESONE.corp.dom>
> Content-Type: text/plain;       charset="iso-8859-1"
> 
> Hi Bogdan, I'm trying to setup my config file , did the same
> 
> modparam("avpops", "db_scheme",
> "scheme0:username_col=from;value_col=timestamp;value_type=string;table=a
> cc")
> modparam("avpops","avp_aliases","timestamp=i:800")
> 
> if (method=="INVITE")
> avp_db_load("$from","$timestamp/$scheme0");
> 
> I'm not sure that is correct...
> 
> log gives me these errors
> 
> Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: submit_query: You
> have an error in your SQL syntax.  Check the manual that corresponds to
> your MySQL server version for the right syntax to use near 'from='bob''
> at line 1
> Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: db_query: Error
> while submitting query
> Apr 11 08:42:59 localhost /usr/sbin/openser[13752]:
> ERROR:avpops:load_avps: db_load failed
> 
> Any thought?
> 
> Thanks
> Davide
> 
> -----Messaggio originale-----
> Da: users-bounces at openser.org [mailto:users-bounces at openser.org] Per
> conto di Bogdan-Andrei Iancu
> Inviato: martedм 11 aprile 2006 16.12
> A: D'Addelfio Davide
> Cc: users at openser.org
> Oggetto: Re: [Users] load from db table
> 
> Hi,
> 
> see:
>     http://www.voice-system.ro/docs/avpops/ar01s06.html#avp_db_load
> 
> the "db_scheme" example.
> 
> regards,
> bogdan
> 
> D'Addelfio Davide wrote:
> 
>  >Hi Bogdan,
>  >
>  >i setup my openser.cfg to store SIP messages into acc tables of mysql,
>  >using extra accounting to store also the body part of the message.
>  >Now i need that openser read into that db's table, in particular in
> some
>  >rows of db.
>  >If I use avp_db_load it works only over usr_preference table, instead I
>  >want it looks into acc table.
>  >
>  >How can I do?
>  >
>  >Thanks for help
>  >Davide
>  > 
>  >
> 
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
> 
> 
> End of Users Digest, Vol 11, Issue 27
> *************************************
> 
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
> 





More information about the Users mailing list