[OpenSIPS-Users] Nat_Traversal and keepalive messages

mmarzuola at interfree.it mmarzuola at interfree.it
Mon Dec 29 17:48:11 CET 2008


2008/12/29  :
>
> Hi all.
> I'm trying to use the nat_traversal module.
> Sniffing the traffic I have noticed that even if a user agent stops its registering, the keepalive messages (I chose NOTIFY) continue to be sent by proxy to the UAs who had previously registered.
> Is there a configuration error, or is there a way to stop these messages in case of no response from the UAs?

>nat_traversal keeps the keepalive in case there is an active INVITE or
>SUBSCRIBE dialog, or an alive REGISTER. Are you sure you didn't call
>"keepalive()" during an INVITE or SUBSCRIBE process from the same
>client?

Yes, I'm sure. 
This is my opensips.cfg:

####### Global Parameters #########

debug=3
log_stderror=no
log_facility=LOG_LOCAL0

fork=yes
children=4

/* uncomment the following lines to enable debugging */
#debug=6
#fork=no
#log_stderror=yes

/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes

/* uncomment the next line to enable the auto temporary blacklisting of
   not available destinations (default disabled) */
#disable_dns_blacklist=no

/* uncomment the next line to enable IPv6 lookup after IPv4 dns
   lookup failures (default disabled) */
#dns_try_ipv6=yes

/* uncomment the next line to disable the auto discovery of local aliases
   based on revers DNS on IPs (default on) */
#auto_aliases=no

/* uncomment the following lines to enable TLS support  (default off) */
#disable_tls = no
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem"
#tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem"
#tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem"


port=5060

/* uncomment and configure the following line if you want opensips to
   bind on a specific interface/port/proto (default bind on all available) */
listen=udp:10.10.45.158:5060


####### Modules Section ########

#set module path
mpath="/usr/local/lib/opensips/modules/"

/* uncomment next line for MySQL DB support */
loadmodule "db_mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "mi_datagram.so"
loadmodule "uri_db.so"
loadmodule "uri.so"
loadmodule "xlog.so"
loadmodule "acc.so"
loadmodule "siptrace.so"
loadmodule "avpops.so"
#loadmodule "dialog.so"
loadmodule "options.so"
loadmodule "mediaproxy.so"
loadmodule "nat_traversal.so"

/* uncomment next lines for MySQL based authentication support
   NOTE: a DB (like db_mysql) module must be also loaded */
loadmodule "auth.so"
loadmodule "auth_db.so"
/* uncomment next line for aliases support
   NOTE: a DB (like db_mysql) module must be also loaded */
#loadmodule "alias_db.so"
/* uncomment next line for multi-domain support
   NOTE: a DB (like db_mysql) module must be also loaded
   NOTE: be sure and enable multi-domain support in all used modules
         (see "multi-module params" section ) */
loadmodule "domain.so"
/* uncomment the next two lines for presence server support
   NOTE: a DB (like db_mysql) module must be also loaded */
#loadmodule "presence.so"
#loadmodule "presence_xml.so"


# ----------------- setting module-specific parameters ---------------


# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)

# ----- mi_datagram params -----
modparam("mi_datagram", "socket_name", "/tmp/opensips.sock")
modparam("mi_datagram", "unix_socket_mode", 0666)

# ----- rr params -----
# add value to ;lr param to cope with most of the UAs
modparam("rr", "enable_full_lr", 1)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 1)


# ----- rr params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
modparam("registrar", "received_avp", "$avp(s:received_uri)")


# ----- uri_db params -----
/* by default we disable the DB support in the module as we do not need it
   in this configuration */
modparam("uri_db", "use_uri_table", 0)
modparam("uri_db", "db_url", "")


# ----- acc params -----
/* what sepcial events should be accounted ? */
modparam("acc", "early_media", 1)
modparam("acc", "report_ack", 1)
modparam("acc", "report_cancels", 1)
/* by default ww do not adjust the direct of the sequential requests.
   if you enable this parameter, be sure the enable "append_fromtag"
   in "rr" module */
modparam("acc", "detect_direction", 1)
/* account triggers (flags) */
modparam("acc", "failed_transaction_flag", 3)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
/* uncomment the following lines to enable DB accounting also */
modparam("acc", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 2)
modparam("acc", "log_extra", "caller_id=$avp(s:user);callee_id=$tu;destination=$rd")
modparam("acc", "db_extra", "caller_id=$avp(s:user);callee_id=$tu;destination=$rd")

# ----- usrloc params -----
#modparam("usrloc", "db_mode",   0)
/* uncomment the following lines if you want to enable DB persistency
   for location entries */
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "db_url",
        "mysql://opensips:opensipsrw@localhost/opensips")


# ----- auth_db params -----
/* uncomment the following lines if you want to enable the DB based
   authentication */
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "db_url",
        "mysql://opensips:opensipsrw@localhost/opensips")
modparam("auth_db", "load_credentials", "")

# ----- siptrace params -----
modparam("siptrace", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
modparam("siptrace", "trace_on", 1)
modparam("siptrace", "table", "sip_trace")
modparam("siptrace", "traced_user_avp", "$avp(s:user)")

# -----xlog params -----
modparam("xlog", "buf_size", 4096)
modparam("xlog", "force_color", 0)

# -----avpops params -----
modparam("avpops", "avp_url", "mysql://opensips:opensipsrw@localhost/opensips")
modparam("avpops","avp_table","usr_preferences")

# ----- alias_db params -----
/* uncomment the following lines if you want to enable the DB based
   aliases */
#modparam("alias_db", "db_url",
#       "mysql://opensips:opensipsrw@localhost/opensips")


# ----- domain params -----
/* uncomment the following lines to enable multi-domain detection
   support */
modparam("domain", "db_url",
        "mysql://opensips:opensipsrw@localhost/opensips")
modparam("domain", "db_mode", 1)   # Use caching


# ----- multi-module params -----
/* uncomment the following line if you want to enable multi-domain support
   in the modules (dafault off) */
modparam("auth_db|usrloc|uri_db", "use_domain", 1)

# ----- mediaproxy params -----
modparam("mediaproxy", "disable", 0)
modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy/dispatcher.sock")

# ----- dialog params -----
#modparam("dialog", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
#modparam("dialog", "db_mode", 1)
#modparam("dialog", "table_name", "dialog")
#modparam("dialog", "db_update_period", 60)
#modparam("dialog", "dlg_flag", 4)

# ----- nat_traversal -----
modparam("nat_traversal", "keepalive_interval", 90)
modparam("nat_traversal", "keepalive_state_file", "/var/run/opensips/keepalive_state")

# ----- presence params -----
/* uncomment the following lines if you want to enable presence */
#modparam("presence|presence_xml", "db_url",
#       "mysql://opensips:opensipsrw@localhost/opensips")
#modparam("presence_xml", "force_active", 1)
#modparam("presence", "server_address", "sip:192.168.1.2:5060")


####### Routing Logic ########


# main request routing logic

route{

        xlog("L_INFO", "New request - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");

        if(!is_method("OPTIONS")) {
                sip_trace();
                $avp(s:user)="sip:" + $fU + "@" + $(fu{uri.domain});
        }

        if (!mf_process_maxfwd_header("10")) {
                xlog("L_INFO", "Too many hops\n");
                sl_send_reply("483","Too Many Hops");
                exit;
        }

        if (has_totag()) {
                # sequential request withing a dialog should
                # take the path determined by record-routing
                if (loose_route()) {
                        if (is_method("BYE")) {
                                setflag(1); # do accounting ...
                                setflag(3); # ... even if the transaction fails
                                end_media_session();
                        }
                        route(1);
                } else {
                        if ( is_method("ACK") ) {
                                if ( t_check_trans() ) {
                                        # non loose-route, but stateful ACK; must be an ACK after a 487 or e.g. 404 from upstream server
                                        t_relay();
                                        exit;
                                } else {
                                        # ACK without matching transaction ... ignore and discard.\n");
                                        exit;
                                }
                        }
                        sl_send_reply("404","Not here");
                }
                exit;
        }

        #initial requests

        # CANCEL processing
        if (is_method("CANCEL"))
        {
                if (t_check_trans())
                        t_relay();
                exit;
        }

        t_check_trans();

        # authenticate if from local subscriber (uncomment to enable auth)
        #if (!(method=="REGISTER") && $var(fromURI)=~".*@mysip.com")
        if ((method=="INVITE") && is_from_local())
                {
                if (!proxy_authorize("", "subscriber")) {
                        proxy_challenge("", "0");
                        exit;
                }
                if (!check_from()) {
                        sl_send_reply("403","Forbidden auth ID");
                        exit;
                }

                consume_credentials();
                xlog("L_INFO","caller autenticato\n");
                # caller authenticated
        }

        # record routing
        if (!is_method("REGISTER|MESSAGE")) {
                xlog("L_INFO", "Recording Route info\n");
                record_route();
        }

        # account only INVITEs
        if (is_method("INVITE")) {
                xlog("L_INFO", "Method is an INVITE\n");
                #setflag(4);
                setflag(1); # do accounting
                use_media_proxy();
        }
        #if (!uri==myself)
        /* replace with following line if multi-domain support is used */
        if (!is_uri_host_local())
        {
                xlog("L_INFO","messaggio per altra destinazione\n");
                append_hf("P-hint: outbound\r\n");
                # if you have some interdomain connections via TLS
                ##if($rd=="tls_domain1.net") {
                ##      t_relay("tls:domain1.net");
                ##      exit;
                ##} else if($rd=="tls_domain2.net") {
                ##      t_relay("tls:domain2.net");
                ##      exit;
                ##}
                route(1);
        }

        # requests for my domain

        /* uncomment this if you want to enable presence server
           and comment the next 'if' block
           NOTE: uncomment also the definition of route[2] from  below */
        ##if( is_method("PUBLISH|SUBSCRIBE"))
        ##              route(2);

        if (is_method("PUBLISH"))
        {
                sl_send_reply("503", "Service Unavailable");
                exit;
        }

        if (method==OPTIONS) {
                xlog("L_INFO","risposta per l'OPTIONS \n");
                options_reply();
        }

        if (is_method("REGISTER"))
        {
                if (client_nat_test("3")) {
                        nat_keepalive();
                        xlog("L_INFO","Nat test success\n");
                }
                force_rport();
                $avp(s:received_uri) = $source_uri;
                #authenticate the REGISTER requests (uncomment to enable auth)
                if (!www_authorize("", "subscriber"))
                        {
                        www_challenge("", "0");
                        exit;
                }

                if (!check_to())
                {
                        sl_send_reply("403","Forbidden auth ID");
                        exit;
                }

                if (!save("location"))
                        sl_reply_error();

                exit;
        }

        if ($rU==NULL) {
                # request with no Username in RURI
                sl_send_reply("484","Address Incomplete");
                exit;
        }

        # apply DB based aliases (uncomment to enable)
        ##alias_db_lookup("dbaliases");

        if (!lookup("location")) {
                switch ($retcode) {
                        case -1:
                        case -3:
                                t_newtran();
                                t_reply("404", "Not Found");
                                exit;
                        case -2:
                                sl_send_reply("405", "Method Not Allowed");
                                exit;
                }
        }

        # when routing via usrloc, log the missed calls also
        setflag(2);

        route(1);
}


route[1] {
        # for INVITEs enable some additional helper routes
        if (is_method("INVITE")) {
                t_on_branch("2");
                t_on_reply("2");
                t_on_failure("1");
        }

        if (!t_relay()) {
                sl_reply_error();
        };
        exit;
}

branch_route[2] {
        xlog("new branch at $ru\n");
}


onreply_route[2] {
        xlog("incoming reply\n");
        use_media_proxy();
}


failure_route[1] {
        if (t_was_cancelled()) {
                exit;
        }
}



----------------------------------------------------------------------------
Vuoi essere presente online? 
Vuoi dare voce alla tua attivita`? 
Acquista un dominio su domini.interfree.it.
A partire da 18,59 euro
----------------------------------------------------------------------------




More information about the Users mailing list