[OpenSER-Users] Radius accounting and Dialog

David Villasmil david.villasmil.work at gmail.com
Fri Jun 13 13:58:30 CEST 2008


No, it seems rtps are NOT flowing through mediaproxy... what am I doing
wrong? I'm trying to force ALL calls through the mediasproxy, here's me
openser.cfg:


#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at
http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#

# ----------- global configuration parameters ------------------------

debug=4            # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no    # (cmd line: -E)
children=10
port=5060
listen=MY.OPENSER.IP.COM
disable_dns_blacklist=true

# ------------------ module loading ----------------------------------
#set module path
mpath="//lib/openser/modules/"

# Uncomment this if you want to use SQL database
#loadmodule "mysql.so"

loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "uri.so"
loadmodule "uri_db.so"
loadmodule "domain.so"
loadmodule "permissions.so"
#loadmodule "group.so"
loadmodule "mi_fifo.so"
loadmodule "lcr.so"
loadmodule "avpops.so"
loadmodule "xlog.so"
loadmodule "nathelper.so"
loadmodule "mediaproxy.so"
loadmodule "acc.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "auth.so"
loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

modparam("registrar", "received_avp", "$avp(i:42)")

modparam("usrloc", "db_mode", 2)
modparam("usrloc", "nat_bflag", 4)

modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")

modparam("rr", "enable_full_lr", 1)

#modparam("auth_db|permissions|uri_db|usrloc","db_url","mysql://openser:openserrw@localhost
/openser")
modparam("auth_db|permissions|usrloc|uri_db|domain|lcr|avpops|avp_url","db_url","mysql://openser:password@localhost
/openser")

modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")

modparam("avpops", "avp_table", "usr_preferences")

modparam("nathelper","rtpproxy_sock", "")
modparam("nathelper","natping_interval", 0)
modparam("nathelper","received_avp", "$avp(i:42)")

modparam("mediaproxy","natping_interval",20)
modparam("mediaproxy","mediaproxy_socket",
"/var/run/mediaproxy/mediaproxy.sock")
modparam("mediaproxy","sip_asymmetrics","/etc/openser/sip-clients")
modparam("mediaproxy","rtp_asymmetrics","/ect/openser/rtp-clients")

modparam("lcr", "contact_avp", "$avp(i:711)")
modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)")
modparam("lcr", "gw_uri_avp", "$avp(i:709)")
modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)")
modparam("lcr", "ruri_user_avp", "$avp(i:500)")
modparam("lcr", "dm_flag", 25)

modparam("acc", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "radius_flag",        2)
modparam("acc", "radius_missed_flag", 3)
modparam("acc", "radius_extra",
"User-Name=$Au;Calling-Station-Id=$from;Called-Station-Id=$to;Sip-Translated-Request-URI=$ruri;Sip-RPid=$avp(s:rpid);Source-IP=$si;Source-Port=$sp;Canonical-URI=$avp(s:can_uri);Billing-Party=$avp(s:billing_party);Divert-Reason=$avp(s:divert_reason);X-RTP-Stat=$hdr(X-RTP-Stat);Contact=$hdr(contact);Event=$hdr(event);SIP-Proxy-IP=$avp(s:sip_proxy_ip);ENUM-TLD=$avp(s:enum_tld)")
# -------------------------  request routing logic -------------------

# main routing logic

route{

    #
    # -- 1 -- Request Validation
    #
    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    };

    if (msg:len >=  2048 ) {
        sl_send_reply("513", "Message too big");
        exit;
    };

    #
    # -- 2 -- Routing Preprocessing
    #
    ## Record-route all except Register
    ## Mark packets with nat=yes
    ## This mark will be used to identify the request in the loose
    ## route section
#    if(!is_method("REGISTER")){
#        if(nat_uac_test("19")){
            record_route(";nat=yes");
#        } else {
#            record_route();
#        };
#    };

    ##Loose_route packets
    if (has_totag()) {
        #sequential request withing a dialog should
        # take the path determined by record-routing
        if (loose_route()) {
           if(method=="BYE") {
               #Account BYE transactions
               setflag(2);
           };

            #Check authentication of re-invites
            if(method=="INVITE" && (!allow_trusted())) {
                if (!proxy_authorize("","subscriber")) {
                proxy_challenge("","1");
                exit;
            } else if (!check_from()) {
                sl_send_reply("403", "Forbidden, use From=ID");
                exit;
            };
        };
        if(method=="BYE" || method=="CANCEL") {
            end_media_session();
        };
        ##Detect requests in the dialog behind NAT and flag with 6
#            if(nat_uac_test("19") || search("^Route:.*;nat=yes")){
                append_hf("P-hint: LR|fixcontact,setflag6\r\n");
                fix_contact();
                setbflag(6);
#            };
            route(1);
        } else {
            sl_send_reply("404","Not here");
        }
        exit;
    }

    #CANCEL processing
    if (is_method("CANCEL")) {
        if (t_check_trans()) {
            end_media_session();
            t_relay();
        };
        exit;
    }

    t_check_trans();
    #
    # -- 3 -- Determine Request Target
    #
    if (method=="REGISTER") {
        route(2);
    } else {
        route(3);
    };
}


route[1] {
    #
    # -- 4 -- Forward request to target
    #
    # Forward statefully
    t_on_reply("1");
    t_on_failure("1");
    if (!t_relay()) {
        sl_reply_error();
    };
    exit;
}

route[2] {
    ## Register request handler
    if (is_uri_host_local()) {
        if (!www_authorize("", "subscriber")) {
            www_challenge("", "1");
            exit;
        };

        if (!check_to()) {
            sl_send_reply("403", "Forbidden");
            exit;
        };

#        if(!search("^Contact:[ ]*\*") && client_nat_test("7")) {
            setbflag(6);
            fix_nated_register();
            force_rport();
#        };
        save("location");
        exit;

    } else if {

        sl_send_reply("403", "Forbidden");

    };
}

route[3] {
    ## Requests handler

    if (method=="INVITE") {
        # Account INVITE packets
        setflag(2);
        # Account Missed calls
        setflag(3);
        # Radius Extra
        $avp(s:sip_proxy_ip)="MY.OPENSER.IP.COM";
    };

    if (is_from_local()){
        # From an internal domain -> check the credentials and the FROM
        if(!allow_trusted()){
            if (!proxy_authorize("","subscriber")) {
                proxy_challenge("","0");
                exit;
            } else if(!check_from()) {
            sl_send_reply("403", "Forbidden, use From=ID");
            exit;
          };
        };

#        if (client_nat_test("3")) {
            append_hf("P-hint:
route(3)|setflag7,forcerport,fix_contact\r\n");
            setbflag(7);
            force_rport();
            fix_contact();
#        };

        #unconditional call forward
        if(avp_db_load("$ru/username","$avp(s:callfwd)")) {
            avp_pushto("$ru", "$avp(s:callfwd)");
            route(1);
            exit;
        }

        consume_credentials();

        #verify aliases, if found replace R-URI.
        lookup("aliases");

        if (is_uri_host_local()) {
            # -- Inbound to Inbound
            route(10);
        } else {
            # -- Inbound to outbound
            route(11);
        };

    } else {

        #From an external domain ->do not check credentials
        #Verify aliases, if found replace R-URI.
        lookup("aliases");
            if (is_uri_host_local()) {
                #-- Outbound to inbound
                route(12);
            } else {
                # -- Outbound to outbound
                route(13);
            };
    };
}

route[4] {
    # routing to the public network
    if (!load_gws()) {
        sl_send_reply("503", "Unable to load gateways");
        exit;
    }

    if(!next_gw()){
        sl_send_reply("503", "Unable to find a gateway");
     exit;
    }
    t_on_failure("2");
    if (!t_relay()) {
        sl_reply_error();
    };
    exit;
}

route[6] {
    #
    # -- NAT handling --
    #
    #if (isbflagset(6) || isbflagset(7)) {
        append_hf("P-hint: Route[6]: mediaproxy \r\n");
        use_media_proxy();
    #};
}

route[10] {
    #from an internal domain -> inbound
    #Native SIP destinations are handled using the location table
    #Gateway destinations are handled by regular expressions
    append_hf("P-hint: inbound->inbound \r\n");

    if (uri=~"^sip:613") {     # ECHO TEST
        route(6);
        rewritehostport("fwdnat2.pulver.com:5060");
        if (!t_relay()) {
            sl_reply_error();
        };
        exit;
    };

    if (uri=~"^sip:301") {     # ECHO TEST
        route(6);
        rewritehostport("blueface.ie");
        if (!t_relay()) {
            sl_reply_error();
        };
        exit;
    };

#
#    if (uri=~"^sip:1[2-9][0-9]{9}@") {
#        if (is_user_in("credentials","ld")) {
#            strip(1);
#            prefix("+1");
#            route(6);
#            route(4);
#            exit;
#        } else {
#            sl_send_reply("403", "No permissions for long distance");
#            exit;
#        };
#    };
#
#    if (uri=~"^sip:011[0-9]*@") {
#        if (is_user_in("credentials","int")) {
#            strip(3);
#            prefix("+");
#            route(6);
#            route(4);
#            exit;
#        } else {
#            sl_send_reply("403", "No permissions for international calls");
#        };
#    };

    if (!lookup("location")) {
        if (does_uri_exist()) {
            ## User not registered at this time.
            ## Use the IP Address of your e-mail server
            revert_uri();
            prefix("u");
            rewritehostport("192.168.1.171"); #Use the IP address of your
voicemail server
            route(6);
            route(1);
        } else {
            sl_send_reply("404", "Not Found");
         exit;
        }
        sl_send_reply("404", "Not Found");
        exit;
    };
    route(6);
    route(1);
}

route[11] {
     # from an internal domain -> outbound
     # Simply route the call outbound using DNS search
     append_hf("P-hint: inbound->outbound \r\n");
     route(1);
}

route[12] {
     # From an external domain -> inbound
     # Verify aliases, if found replace R-URI.
     lookup("aliases");
     if (!lookup("location")) {
          sl_send_reply("404", "Not Found");
          exit;
     };
     route(1);
}

route[13] {
     #From an external domain outbound
     #we are not accepting these calls
     append_hf("P-hint: outbound->inbound \r\n");
     sl_send_reply("403", "Forbidden");
     exit;
}

failure_route[1] {
    ##--
    ##-- If cancelled, exit.
    ##--
    if (t_was_cancelled()) {
        exit;
    };
    ##--
    ##-- If busy send to the e-mail server, prefix the "b"
    ##-- character to indicate busy.
    ##--
    if (t_check_status("486")) {
        revert_uri();
        prefix("b");
        rewritehostport("192.168.1.171");
        append_branch();
        route(1);
        exit;
    };
    ##--
    ##-- If timeout (408) or unavailable temporarily (480),
    ##-- prefix the uri with the "u"character to indicate
    ##-- unanswered and send to the e-mail
    ##-- sever
    ##--
    if (t_check_status("408") || t_check_status("480")) {
        revert_uri();
        prefix("u");
        rewritehostport("192.168.1.171");
        append_branch();
        route(1);
        exit;
    };
}

failure_route[2] {
    if(!next_gw()) {
        t_reply("503", "Service not available, no more gateways");
        exit;
    };
    t_on_failure("2");
    t_relay();
}


onreply_route[1] {
#
#-- On-replay block routing --
#
#    if (client_nat_test("1")) {
        append_hf("P-hint: Onreply-route - fixcontact \r\n");
        fix_contact();
#    };

#    if ((isbflagset(6) || isbflagset(7)) &&
(status=~"(180)|(183)|2[0-9][0-9]")) {
#        if (search("^Content-Type:[ ]*application/sdp")) {
            append_hf("P-hint: onreply_route|usemediaproxy \r\n");
            use_media_proxy();
#        };
#    };
    exit;
}



I tried commenting out all tests for NAT... but nothing
On Fri, Jun 13, 2008 at 1:34 PM, David Villasmil <
david.villasmil.work at gmail.com> wrote:

> Yes, I have audio. Attahced is the ngrep
>
>
>
> On Fri, Jun 13, 2008 at 11:12 AM, Raúl Alexis Betancor Santana <
> rabs at dimension-virtual.com> wrote:
>
>> On Fri, Jun 13, 2008 at 10:27:55AM +0200, David Villasmil wrote:
>> > That's what I thought. I just setup mediaproxy and making some tests.
>> > Its working as far a audio is concerned. But all calls have a duration
>> > of 0 seconds! Even though audio is flowing through mo it does't seem
>> > to realize it and shows a messgae of "timeout", in this timeout,
>> > though there's data flowing. But it still sends the STOP to the
>> > radius.
>> >
>> > anyone knows why? Has this happen to anyone?
>> >
>> > thanks a lot.
>>
>> A complete ngrep trace would be need to check what it's happening
>>
>> Have you audio both ways and still receive the timeout ?
>>
>> --
>> Saludos
>>
>> Raúl Alexis Betancor Santana
>> Dimensión Virtual S.L.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.openser.org
>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080613/0b551c22/attachment.htm 


More information about the Users mailing list