[OpenSER-Users] Radius accounting and Dialog

David Villasmil david.villasmil.work at gmail.com
Fri Jun 13 14:08:19 CEST 2008


Just so you know... with eyebam, rtps do NOT go through the mediaproxy, but
with sjphone they do... strange, huh?

On Fri, Jun 13, 2008 at 1:58 PM, David Villasmil <
david.villasmil.work at gmail.com> wrote:

> No, it seems rtps are NOT flowing through mediaproxy... what am I doing
> wrong? I'm trying to force ALL calls through the mediasproxy, here's me
> openser.cfg:
>
>
> #
> # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
> #
> # simple quick-start config script
> # Please refer to the Core CookBook at
> http://www.openser.org/dokuwiki/doku.php
> # for a explanation of possible statements, functions and parameters.
> #
>
> # ----------- global configuration parameters ------------------------
>
> debug=4            # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=no    # (cmd line: -E)
> children=10
> port=5060
> listen=MY.OPENSER.IP.COM
> disable_dns_blacklist=true
>
> # ------------------ module loading ----------------------------------
> #set module path
> mpath="//lib/openser/modules/"
>
> # Uncomment this if you want to use SQL database
> #loadmodule "mysql.so"
>
> loadmodule "mysql.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "uri.so"
> loadmodule "uri_db.so"
> loadmodule "domain.so"
> loadmodule "permissions.so"
> #loadmodule "group.so"
> loadmodule "mi_fifo.so"
> loadmodule "lcr.so"
> loadmodule "avpops.so"
> loadmodule "xlog.so"
> loadmodule "nathelper.so"
> loadmodule "mediaproxy.so"
> loadmodule "acc.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> loadmodule "auth.so"
> loadmodule "auth_db.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
>
> modparam("registrar", "received_avp", "$avp(i:42)")
>
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "nat_bflag", 4)
>
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "password_column", "password")
>
> modparam("rr", "enable_full_lr", 1)
>
>
> #modparam("auth_db|permissions|uri_db|usrloc","db_url","mysql://openser:openserrw@localhost
> /openser")
>
> modparam("auth_db|permissions|usrloc|uri_db|domain|lcr|avpops|avp_url","db_url","mysql://openser:password@localhost
> /openser")
>
> modparam("permissions", "db_mode", 1)
> modparam("permissions", "trusted_table", "trusted")
>
> modparam("avpops", "avp_table", "usr_preferences")
>
> modparam("nathelper","rtpproxy_sock", "")
> modparam("nathelper","natping_interval", 0)
> modparam("nathelper","received_avp", "$avp(i:42)")
>
> modparam("mediaproxy","natping_interval",20)
> modparam("mediaproxy","mediaproxy_socket",
> "/var/run/mediaproxy/mediaproxy.sock")
> modparam("mediaproxy","sip_asymmetrics","/etc/openser/sip-clients")
> modparam("mediaproxy","rtp_asymmetrics","/ect/openser/rtp-clients")
>
> modparam("lcr", "contact_avp", "$avp(i:711)")
> modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)")
> modparam("lcr", "gw_uri_avp", "$avp(i:709)")
> modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)")
> modparam("lcr", "ruri_user_avp", "$avp(i:500)")
> modparam("lcr", "dm_flag", 25)
>
> modparam("acc", "radius_config",
> "/etc/radiusclient-ng/radiusclient.conf")
> modparam("acc", "radius_flag",        2)
> modparam("acc", "radius_missed_flag", 3)
> modparam("acc", "radius_extra",
> "User-Name=$Au;Calling-Station-Id=$from;Called-Station-Id=$to;Sip-Translated-Request-URI=$ruri;Sip-RPid=$avp(s:rpid);Source-IP=$si;Source-Port=$sp;Canonical-URI=$avp(s:can_uri);Billing-Party=$avp(s:billing_party);Divert-Reason=$avp(s:divert_reason);X-RTP-Stat=$hdr(X-RTP-Stat);Contact=$hdr(contact);Event=$hdr(event);SIP-Proxy-IP=$avp(s:sip_proxy_ip);ENUM-TLD=$avp(s:enum_tld)")
> # -------------------------  request routing logic -------------------
>
> # main routing logic
>
> route{
>
>     #
>     # -- 1 -- Request Validation
>     #
>     if (!mf_process_maxfwd_header("10")) {
>         sl_send_reply("483","Too Many Hops");
>         exit;
>     };
>
>     if (msg:len >=  2048 ) {
>         sl_send_reply("513", "Message too big");
>         exit;
>     };
>
>     #
>     # -- 2 -- Routing Preprocessing
>     #
>     ## Record-route all except Register
>     ## Mark packets with nat=yes
>     ## This mark will be used to identify the request in the loose
>     ## route section
> #    if(!is_method("REGISTER")){
> #        if(nat_uac_test("19")){
>             record_route(";nat=yes");
> #        } else {
> #            record_route();
> #        };
> #    };
>
>     ##Loose_route packets
>     if (has_totag()) {
>         #sequential request withing a dialog should
>         # take the path determined by record-routing
>         if (loose_route()) {
>            if(method=="BYE") {
>                #Account BYE transactions
>                setflag(2);
>            };
>
>             #Check authentication of re-invites
>             if(method=="INVITE" && (!allow_trusted())) {
>                 if (!proxy_authorize("","subscriber")) {
>                 proxy_challenge("","1");
>                 exit;
>             } else if (!check_from()) {
>                 sl_send_reply("403", "Forbidden, use From=ID");
>                 exit;
>             };
>         };
>         if(method=="BYE" || method=="CANCEL") {
>             end_media_session();
>         };
>         ##Detect requests in the dialog behind NAT and flag with 6
> #            if(nat_uac_test("19") || search("^Route:.*;nat=yes")){
>                 append_hf("P-hint: LR|fixcontact,setflag6\r\n");
>                 fix_contact();
>                 setbflag(6);
> #            };
>             route(1);
>         } else {
>             sl_send_reply("404","Not here");
>         }
>         exit;
>     }
>
>     #CANCEL processing
>     if (is_method("CANCEL")) {
>         if (t_check_trans()) {
>             end_media_session();
>             t_relay();
>         };
>         exit;
>     }
>
>     t_check_trans();
>     #
>     # -- 3 -- Determine Request Target
>     #
>     if (method=="REGISTER") {
>         route(2);
>     } else {
>         route(3);
>     };
> }
>
>
> route[1] {
>     #
>     # -- 4 -- Forward request to target
>     #
>     # Forward statefully
>     t_on_reply("1");
>     t_on_failure("1");
>     if (!t_relay()) {
>         sl_reply_error();
>     };
>     exit;
> }
>
> route[2] {
>     ## Register request handler
>     if (is_uri_host_local()) {
>         if (!www_authorize("", "subscriber")) {
>             www_challenge("", "1");
>             exit;
>         };
>
>         if (!check_to()) {
>             sl_send_reply("403", "Forbidden");
>             exit;
>         };
>
> #        if(!search("^Contact:[ ]*\*") && client_nat_test("7")) {
>             setbflag(6);
>             fix_nated_register();
>             force_rport();
> #        };
>         save("location");
>         exit;
>
>     } else if {
>
>         sl_send_reply("403", "Forbidden");
>
>     };
> }
>
> route[3] {
>     ## Requests handler
>
>     if (method=="INVITE") {
>         # Account INVITE packets
>         setflag(2);
>         # Account Missed calls
>         setflag(3);
>         # Radius Extra
>         $avp(s:sip_proxy_ip)="MY.OPENSER.IP.COM";
>     };
>
>     if (is_from_local()){
>         # From an internal domain -> check the credentials and the FROM
>         if(!allow_trusted()){
>             if (!proxy_authorize("","subscriber")) {
>                 proxy_challenge("","0");
>                 exit;
>             } else if(!check_from()) {
>             sl_send_reply("403", "Forbidden, use From=ID");
>             exit;
>           };
>         };
>
> #        if (client_nat_test("3")) {
>             append_hf("P-hint:
> route(3)|setflag7,forcerport,fix_contact\r\n");
>             setbflag(7);
>             force_rport();
>             fix_contact();
> #        };
>
>         #unconditional call forward
>         if(avp_db_load("$ru/username","$avp(s:callfwd)")) {
>             avp_pushto("$ru", "$avp(s:callfwd)");
>             route(1);
>             exit;
>         }
>
>         consume_credentials();
>
>         #verify aliases, if found replace R-URI.
>         lookup("aliases");
>
>         if (is_uri_host_local()) {
>             # -- Inbound to Inbound
>             route(10);
>         } else {
>             # -- Inbound to outbound
>             route(11);
>         };
>
>     } else {
>
>         #From an external domain ->do not check credentials
>         #Verify aliases, if found replace R-URI.
>         lookup("aliases");
>             if (is_uri_host_local()) {
>                 #-- Outbound to inbound
>                 route(12);
>             } else {
>                 # -- Outbound to outbound
>                 route(13);
>             };
>     };
> }
>
> route[4] {
>     # routing to the public network
>     if (!load_gws()) {
>         sl_send_reply("503", "Unable to load gateways");
>         exit;
>     }
>
>     if(!next_gw()){
>         sl_send_reply("503", "Unable to find a gateway");
>      exit;
>     }
>     t_on_failure("2");
>     if (!t_relay()) {
>         sl_reply_error();
>     };
>     exit;
> }
>
> route[6] {
>     #
>     # -- NAT handling --
>     #
>     #if (isbflagset(6) || isbflagset(7)) {
>         append_hf("P-hint: Route[6]: mediaproxy \r\n");
>         use_media_proxy();
>     #};
> }
>
> route[10] {
>     #from an internal domain -> inbound
>     #Native SIP destinations are handled using the location table
>     #Gateway destinations are handled by regular expressions
>     append_hf("P-hint: inbound->inbound \r\n");
>
>     if (uri=~"^sip:613") {     # ECHO TEST
>         route(6);
>         rewritehostport("fwdnat2.pulver.com:5060");
>         if (!t_relay()) {
>             sl_reply_error();
>         };
>         exit;
>     };
>
>     if (uri=~"^sip:301") {     # ECHO TEST
>         route(6);
>         rewritehostport("blueface.ie");
>         if (!t_relay()) {
>             sl_reply_error();
>         };
>         exit;
>     };
>
> #
> #    if (uri=~"^sip:1[2-9][0-9]{9}@") {
> #        if (is_user_in("credentials","ld")) {
> #            strip(1);
> #            prefix("+1");
> #            route(6);
> #            route(4);
> #            exit;
> #        } else {
> #            sl_send_reply("403", "No permissions for long distance");
> #            exit;
> #        };
> #    };
> #
> #    if (uri=~"^sip:011[0-9]*@") {
> #        if (is_user_in("credentials","int")) {
> #            strip(3);
> #            prefix("+");
> #            route(6);
> #            route(4);
> #            exit;
> #        } else {
> #            sl_send_reply("403", "No permissions for international
> calls");
> #        };
> #    };
>
>     if (!lookup("location")) {
>         if (does_uri_exist()) {
>             ## User not registered at this time.
>             ## Use the IP Address of your e-mail server
>             revert_uri();
>             prefix("u");
>             rewritehostport("192.168.1.171"); #Use the IP address of your
> voicemail server
>             route(6);
>             route(1);
>         } else {
>             sl_send_reply("404", "Not Found");
>          exit;
>         }
>         sl_send_reply("404", "Not Found");
>         exit;
>     };
>     route(6);
>     route(1);
> }
>
> route[11] {
>      # from an internal domain -> outbound
>      # Simply route the call outbound using DNS search
>      append_hf("P-hint: inbound->outbound \r\n");
>      route(1);
> }
>
> route[12] {
>      # From an external domain -> inbound
>      # Verify aliases, if found replace R-URI.
>      lookup("aliases");
>      if (!lookup("location")) {
>           sl_send_reply("404", "Not Found");
>           exit;
>      };
>      route(1);
> }
>
> route[13] {
>      #From an external domain outbound
>      #we are not accepting these calls
>      append_hf("P-hint: outbound->inbound \r\n");
>      sl_send_reply("403", "Forbidden");
>      exit;
> }
>
> failure_route[1] {
>     ##--
>     ##-- If cancelled, exit.
>     ##--
>     if (t_was_cancelled()) {
>         exit;
>     };
>     ##--
>     ##-- If busy send to the e-mail server, prefix the "b"
>     ##-- character to indicate busy.
>     ##--
>     if (t_check_status("486")) {
>         revert_uri();
>         prefix("b");
>         rewritehostport("192.168.1.171");
>         append_branch();
>         route(1);
>         exit;
>     };
>     ##--
>     ##-- If timeout (408) or unavailable temporarily (480),
>     ##-- prefix the uri with the "u"character to indicate
>     ##-- unanswered and send to the e-mail
>     ##-- sever
>     ##--
>     if (t_check_status("408") || t_check_status("480")) {
>         revert_uri();
>         prefix("u");
>         rewritehostport("192.168.1.171");
>         append_branch();
>         route(1);
>         exit;
>     };
> }
>
> failure_route[2] {
>     if(!next_gw()) {
>         t_reply("503", "Service not available, no more gateways");
>         exit;
>     };
>     t_on_failure("2");
>     t_relay();
> }
>
>
> onreply_route[1] {
> #
> #-- On-replay block routing --
> #
> #    if (client_nat_test("1")) {
>         append_hf("P-hint: Onreply-route - fixcontact \r\n");
>         fix_contact();
> #    };
>
> #    if ((isbflagset(6) || isbflagset(7)) &&
> (status=~"(180)|(183)|2[0-9][0-9]")) {
> #        if (search("^Content-Type:[ ]*application/sdp")) {
>             append_hf("P-hint: onreply_route|usemediaproxy \r\n");
>             use_media_proxy();
> #        };
> #    };
>     exit;
> }
>
>
>
> I tried commenting out all tests for NAT... but nothing
>
> On Fri, Jun 13, 2008 at 1:34 PM, David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> Yes, I have audio. Attahced is the ngrep
>>
>>
>>
>> On Fri, Jun 13, 2008 at 11:12 AM, Raúl Alexis Betancor Santana <
>> rabs at dimension-virtual.com> wrote:
>>
>>> On Fri, Jun 13, 2008 at 10:27:55AM +0200, David Villasmil wrote:
>>> > That's what I thought. I just setup mediaproxy and making some tests.
>>> > Its working as far a audio is concerned. But all calls have a duration
>>> > of 0 seconds! Even though audio is flowing through mo it does't seem
>>> > to realize it and shows a messgae of "timeout", in this timeout,
>>> > though there's data flowing. But it still sends the STOP to the
>>> > radius.
>>> >
>>> > anyone knows why? Has this happen to anyone?
>>> >
>>> > thanks a lot.
>>>
>>> A complete ngrep trace would be need to check what it's happening
>>>
>>> Have you audio both ways and still receive the timeout ?
>>>
>>> --
>>> Saludos
>>>
>>> Raúl Alexis Betancor Santana
>>> Dimensión Virtual S.L.
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.openser.org
>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080613/88a60063/attachment.htm 


More information about the Users mailing list