[OpenSIPS-Users] topology hiding

Wilmar Campos wilmar.campos at gmail.com
Wed Feb 5 15:31:28 CET 2014


Thanks for your colaboration.

Here is the complete script:

route
{
    #########################
    ## Beginning of Script
    xlog("L_INFO", "$ci|start|recieved $oP request $rm $ou | ru $ru");
    xlog("L_INFO", "$ci|log|source $si:$sp");
    xlog("L_INFO", "$ci|log|from $fu $(fu{uri.host})");
    xlog("L_INFO", "$ci|log|to $tu");
    xlog("L_INFO", "$ci|log|rU $rU");

    #########################

    if (!pike_check_req()) {
        xlog("L_ALERT", "$ci|PIKE ACTIVE|pike active $(fu{uri.host})");
acc_db_request("201 PIKE Active","acc_bye");
        exit;
    };

    if (has_totag()  && (uri == myself)  &&
is_method("INVITE|ACK|BYE|UPDATE"))
    {
if(loose_route()) {
if(!match_dialog())
exit;

if(!t_relay())
t_reply_error();

exit;
} else {
if(is_method("ACK")) {
if(t_check_trans()) {
t_relay();
exit;
}

exit;
}

sl_send_reply("404", "Not here");
}

exit;
}

    if (is_method("CANCEL")) {
        xlog("L_INFO", "$ci|log|CANCEL CALL: rU $rU | tu $tu | fu $fu | rd
$rd");

        if (t_check_trans())
                t_relay();
        exit;
    }

    t_check_trans();

    if (is_method("OPTIONS") ) {
        options_reply();
exit;
    };

if (!is_method("REGISTER|MESSAGE"))
        record_route();

if(loose_route()) {
xlog("L_ERR","Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");

if (!is_method("ACK"))
send_reply("403","Preload Route denied");
exit;
}
}

if ($rU==NULL) {
send_reply("484","Address Incomplete");
acc_db_request("484 Address Incomplete","acc_bye");
exit;
}


Thanks

Wilmar


On Wed, Feb 5, 2014 at 7:19 AM, Vlad Paiu <vladpaiu at opensips.org> wrote:

> Hello,
>
> The sequential processing part is a little bit wrong - you should have
>
>                 if (loose_route() || match_dialog()) {
>                         if ($DLG_status==NULL) {
>
>                                 xlog(" cannot match request to a dialog
> \n");
>                                 # something wrong - might want to drop
> such requests
>                         }
>
>
> Can you please also post a trace of the traffic flow when the Route header
> gets that bogus \304 header ? Trying to replicate this on my side and see
> what's wrong.
>
>
> Best Regards,
>
> Vlad Paiu
> OpenSIPS Developer
> http://www.opensips-solutions.com
>
> On 03.02.2014 20:36, BJ Quinn wrote:
>
>> Oh and the only manual manipulation of the route headers was an attempt
>> to get rid of that \304 in the header.
>>
>> I think the \304 thing may be a red herring for now.  I still can't get
>> the topology hiding to work.  Below is my config file.  It's literally the
>> default config file with nothing changed but I've put in my IP address on
>> the listen line, added a couple of aliases, added UAC module to try to
>> change the from header (that works) and the dialog module and a couple of
>> modifications to the route to make topology hiding work (not working for
>> me).
>>
>> Am I putting this in the wrong part of the route?
>>
>> Thx
>>
>> -BJ Quinn
>>
>> ---
>> debug=3
>> log_stderror=no
>> log_facility=LOG_LOCAL0
>>
>> fork=yes
>> children=4
>>
>> auto_aliases=no
>>
>> listen=udp:xx.xx.xx.9:5060
>>
>> disable_tcp=yes
>>
>> disable_tls=yes
>>
>> alias=xx.xx.xx.76:5060
>> alias=xx.xx.xx.77:5060
>>
>> mpath="/usr/lib64/opensips/modules"
>>
>> loadmodule "signaling.so"
>>
>> loadmodule "sl.so"
>>
>> loadmodule "tm.so"
>> modparam("tm", "fr_timer", 5)
>> modparam("tm", "fr_inv_timer", 30)
>> modparam("tm", "restart_fr_on_each_reply", 0)
>> modparam("tm", "onreply_avp_mode", 1)
>>
>> loadmodule "rr.so"
>> modparam("rr", "append_fromtag", 0)
>>
>> loadmodule "maxfwd.so"
>>
>> loadmodule "sipmsgops.so"
>>
>> loadmodule "mi_fifo.so"
>> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>> modparam("mi_fifo", "fifo_mode", 0666)
>>
>> loadmodule "uri.so"
>> modparam("uri", "use_uri_table", 0)
>>
>> loadmodule "usrloc.so"
>> modparam("usrloc", "nat_bflag", "NAT")
>> modparam("usrloc", "db_mode",   0)
>>
>> loadmodule "registrar.so"
>> modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
>>
>> loadmodule "acc.so"
>> modparam("acc", "early_media", 0)
>> modparam("acc", "report_cancels", 0)
>> modparam("acc", "detect_direction", 0)
>> modparam("acc", "failed_transaction_flag", "ACC_FAILED")
>> modparam("acc", "log_flag", "ACC_DO")
>> modparam("acc", "log_missed_flag", "ACC_MISSED")
>>
>> # added to rewrite from header
>> loadmodule "uac.so"
>> loadmodule "uac_auth.so"
>> modparam("uac","restore_mode","manual")
>>
>> #added for topology hiding
>> loadmodule "dialog.so"
>>
>> route{
>>         if (!mf_process_maxfwd_header("10")) {
>>                 sl_send_reply("483","Too Many Hops");
>>                 exit;
>>         }
>>
>>         if (has_totag()) {
>>                 if (loose_route()) {
>>                         # added for topology hiding
>>                         if ($DLG_status==NULL && !match_dialog() ) {
>>                                 xlog(" cannot match request to a dialog
>> \n");
>>                         }
>>                         #/added for topology hiding
>>
>>                         if (is_method("BYE")) {
>>                                 setflag(ACC_DO);
>>                                 setflag(ACC_FAILED);
>>                         } else if (is_method("INVITE")) {
>>                                 record_route();
>>                         }
>>
>>                         route(relay);
>>                 } else {
>>
>>                         if ( is_method("ACK") ) {
>>                                 if ( t_check_trans() ) {
>>                                         t_relay();
>>                                         exit;
>>                                 } else {
>>                                         exit;
>>                                 }
>>                         }
>>                         sl_send_reply("404","Not here");
>>                 }
>>                 exit;
>>         }
>>
>>         if (is_method("CANCEL"))
>>         {
>>                 if (t_check_trans())
>>                         t_relay();
>>                 exit;
>>         }
>>
>>         t_check_trans();
>>
>>         if ( !(is_method("REGISTER")  ) ) {
>>                 if (from_uri==myself)
>>                 {
>>                 } else {
>>                         if (!uri==myself) {
>>                                 send_reply("403","Rely forbidden");
>>                                 exit;
>>                         }
>>                 }
>>         }
>>
>>         if (loose_route()) {
>>                 xlog("L_ERR",
>>                 "Attempt to route with preloaded Route's
>> [$fu/$tu/$ru/$ci]");
>>                 if (!is_method("ACK"))
>>                         sl_send_reply("403","Preload Route denied");
>>                 exit;
>>         }
>>
>>         if (!is_method("REGISTER|MESSAGE"))
>>                 record_route();
>>
>>         if (is_method("INVITE")) {
>>
>>                 setflag(ACC_DO); # do accounting
>>         }
>>
>>          if (is_method("INVITE")) {
>>                 # rewrite from header
>>                 uac_replace_from("sip:$fU at xx.xx.xx.9");
>>                 # trying to fix that /304 problem
>>                 #remove_hf("Route");
>>                 #append_hf("Route: <sip:xx.xx.xx.9;lr>");
>>                 create_dialog();
>>                 topology_hiding();
>>                 exit;
>>          }
>>
>>         if (!uri==myself) {
>>                 append_hf("P-hint: outbound\r\n");
>>                 route(relay);
>>         }
>>
>>         if (is_method("PUBLISH|SUBSCRIBE"))
>>         {
>>                 sl_send_reply("503", "Service Unavailable");
>>                 exit;
>>         }
>>
>>         if (is_method("REGISTER"))
>>         {
>>                 if (   0 ) setflag(TCP_PERSISTENT);
>>                 if (!save("location"))
>>                         sl_reply_error();
>>
>>                 exit;
>>         }
>>
>>         if ($rU==NULL) {
>>                 sl_send_reply("484","Address Incomplete");
>>                 exit;
>>         }
>>
>>         if (!lookup("location","m")) {
>>                 t_newtran();
>>                 t_reply("404", "Not Found");
>>                 exit;
>>         }
>>
>>         setflag(ACC_MISSED);
>>         route(relay);
>> }
>>
>>
>> route[relay] {
>>         if (is_method("INVITE")) {
>>                 t_on_branch("per_branch_ops");
>>                 t_on_reply("handle_nat");
>>                 t_on_failure("missed_call");
>>         }
>>
>>         if (!t_relay()) {
>>                 send_reply("500","Internal Error");
>>         };
>>         exit;
>> }
>>
>>
>>
>>
>> branch_route[per_branch_ops] {
>>         xlog("new branch at $ru\n");
>> }
>>
>>
>> onreply_route[handle_nat] {
>>
>>         xlog("incoming reply\n");
>> }
>>
>>
>> failure_route[missed_call] {
>>         if (t_was_cancelled()) {
>>                 exit;
>>         }
>> }
>>
>>
>> ---
>>
>> ----- Original Message -----
>> From: "BJ Quinn" <bjquinn at seidal.com>
>> To: "OpenSIPS users mailling list" <users at lists.opensips.org>
>> Sent: Monday, February 3, 2014 10:27:22 AM
>> Subject: Re: [OpenSIPS-Users] topology hiding
>>
>> Thanks, I'll do that. What about the topology hiding? Am I doing that
>> incorrectly?
>>
>> -BJ
>>
>> ----- Original Message -----
>> From: "Vlad Paiu" <vladpaiu at opensips.org>
>> To: users at lists.opensips.org
>> Sent: Monday, February 3, 2014 7:46:41 AM
>> Subject: Re: [OpenSIPS-Users] topology hiding
>>
>> Hello,
>>
>> No, you should not regex out those bogus characters, this seems like a
>> bug - could you please send us to SIP trace for your scenario so I can
>> understand how and when it's happening ? Are you currently doing any
>> manual manipulation on the Route headers in your script ?
>>
>> Also, if possible, Please open an issue on
>> https://github.com/OpenSIPS/opensips/issue for this so we can better
>> keep track of it.
>>
>>
>> Best Regards,
>>
>> Vlad Paiu
>> OpenSIPS Developer
>> http://www.opensips-solutions.com
>>
>> On 01.02.2014 02:26, BJ Quinn wrote:
>>
>>> Hi,
>>>
>>> I'd like to use topology_hiding(), but I can't quite understand how to
>>> integrate it into the routing part of the configuration file. I have my
>>> opensips box on a public IP and some machines initiating calls through the
>>> opensips box that are also on public IPs, so no NAT going on or anything
>>> like that. However, a couple of the carriers we're trying to use don't like
>>> seeing the IP address of the machines initiating the call (in Route and
>>> Contact headers, etc.) and that's causing problems including some carriers
>>> don't think the call has set up properly (even though it goes through),
>>> which leads to missing BYEs. Anyway, seems like topology_hiding() is a
>>> great idea anyway, regardless of the fact that I've had a carrier
>>> specifically request it.
>>>
>>> I'm using 1.10. So I've started with the basic Residential scenario made
>>> from osipsconfig. I didn't check any of the options (like ENABLE_TCP,
>>> USE_ALIASES, etc.) and modified only my IP address and added a couple of
>>> aliases for the machines making the calls. I added the following outside of
>>> the routing logic to load the dialog module to make topology_hiding()
>>> available.
>>>
>>> loadmodule "dialog.so"
>>>
>>> Then, under "if(has_totag()) { if (loose_route()) {" I added --
>>>
>>> if ($DLG_status==NULL && !match_dialog() ) {
>>> xlog(" cannot match request to a dialog \n");
>>> }
>>>
>>> And outside of the "if(has_totag())" section I added --
>>>
>>> if (is_method("INVITE")) {
>>> create_dialog();
>>> topology_hiding();
>>> }
>>>
>>> Without these added sections, things are fine on some carriers and with
>>> other carriers I have the problems described above which causes me to want
>>> to enable topology hiding. With these added sections, I get 408 timeouts
>>> since it appears that the opensips box is responding NOT HERE to the
>>> carrier's 200 OKs.
>>>
>>> Also, possibly unrelated, in either case I'm getting a weird "\304"
>>> added to my Route header. Should I just replace the Route header and regex
>>> that out?
>>>
>>> Route: <sip:xx.xx.xx.xx:\304;lr>
>>>
>>> Thanks!
>>>
>>> -BJ Quinn
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140205/be1941d5/attachment-0001.htm>


More information about the Users mailing list