Re: [OpenSIPS-Users] rewritehost() and AVP

2010-11-18 Thread Anton Zagorskiy 
Thanks, this is work.

Can you explain why rewritehost() doesn't accept AVP? Where AVP doesn't work
too?






WBR, Anton Zagorskiy
VoIP Developer, Oyster Telecom
Phone.: +7 812 601-0666
Fax: +7 812 601-0593
a.zagors...@oyster-telecom.ru
www.oyster-telecom.ru



> -Original Message-
> From: users-boun...@lists.opensips.org [mailto:users-
> boun...@lists.opensips.org] On Behalf Of Ovidiu Sas
> Sent: Wednesday, November 17, 2010 7:35 PM
> To: OpenSIPS users mailling list
> Subject: Re: [OpenSIPS-Users] rewritehost() and AVP
> 
> Deal with the host and port via PVs:
> http://www.opensips.org/Resources/DocsCoreVar16#toc59
> http://www.opensips.org/Resources/DocsCoreVar16#toc64
> 
> 
> Regards,
> Ovidiu Sas
> 
> On Wed, Nov 17, 2010 at 10:58 AM, Anton Zagorskiy
>  wrote:
> > Hello.
> > How to pass a value to the rewritehost() function using AVP?
> >
> > 1. Code
> > $avp(i:50) = "192.168.0.01";
> > rewritehostport("$avp(i:50)");
> > route(1)
> >
> > raises errors:
> > ERROR:core:parse_uri: bad port in uri (error at char ) in state 8)
> parsed:
> > (21) / (22)
> > ERROR:core:parse_sip_msg_uri: bad uri 
> >
> > 2. Code
> > $avp(i:50) = "192.168.0.01";
> > rewritehostport($avp(i:50)); # Without qoutes
> > route(1)
> >
> > raises errors during stratup:
> > CRITICAL:core:yyerror: parse error in config file, line 747, column
> 28-38:
> > syntax error
> > CRITICAL:core:yyerror: parse error in config file, line 747, column
> 38-39:
> > bad argument, string expected
> >
> >
> >
> > WBR, Anton Zagorskiy
> > VoIP Developer, Oyster Telecom
> > Phone.: +7 812 601-0666
> > Fax: +7 812 601-0593
> > a.zagors...@oyster-telecom.ru
> > www.oyster-telecom.ru
> >
> >
> >
> >
> >
> > ___
> > Users mailing list
> > Users@lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> 
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] PRESENCE module in real life

2010-11-18 Thread Konstantin Cherkasov 
Hi All!
Does anybody use PRESENCE module in a production environment?
But in our case it seems to be broken and completely unusable (very poor 
performance and server crashes).

In the list of modules PRESENCE is marked like "stable".

"Stable" - what does this mean?
"Without known bugs and ready for production" OR "stable unusable"?

-- 
 Konstantin Cherkasov


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] PRESENCE module in real life

2010-11-18 Thread Anca Vamanu 

Hi Konstantin,

What version are you using?
Yes, presence is used in production for a couple of years now.

Regards,

--
Anca Vamanu
www.voice-system.ro



On 11/18/2010 11:50 AM, Konstantin Cherkasov wrote:

Hi All!
Does anybody use PRESENCE module in a production environment?
But in our case it seems to be broken and completely unusable (very poor 
performance and server crashes).

In the list of modules PRESENCE is marked like "stable".

"Stable" - what does this mean?
"Without known bugs and ready for production" OR "stable unusable"?
   


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Opensips do not route ACK to Asterisk

2010-11-18 Thread Anca Vamanu 

Hi,

You might be in this case:

# ACK without matching transaction ->
# ignore and discard
exit;

I suggest you to put a log there and print the callid and if that 
message appear search in the log for the corresponding messages - 
INVITE, 200OK and ACK and send them here to see if actually there is a 
problem with the ACK.


Regards,

--
Anca Vamanu
www.voice-system.ro



On 11/17/2010 10:52 AM, t0mmy wrote:

Dear all,

i'm having scenario where opensips 1.6.3 and asterisk is on the same host.
Opensips binds on port 5060 and asterisk on 5061.

Opensips handles user registration, nat traversal  and "redirect" callls to
Asterisk PBX (configured as pstn gateway in address table and there is no
407 proxy auth req so they trust each other :))  . Asterisk then via sip
trunk send calls to our  provider.

  Rtp proxy for nat traversal also running on same machine started and
opensips do not report any errors.   ( started like  rtpproxy -l
public_ip_opensips_and* -s udp:127.0.0.1:7890 -F -u rtpproxy). RTP proxy use
default udp range 1-35000 and asterisk use 36000-65534 range.


UA is X-lite and behind nat.
Calls are getting connected but they drop after 30 sec. X-lite recive 200 ok
from * and sends back ACK. But ACK not getting to Asterisk. Asterisk reports
retransmit timeout error.



  I'm think that problem is like they say in sip-retransmit file


- A SIP middlebox (SBC) that rewrites contact: headers
   so that we can't reach the other side with our reply
   or the ACK.
- A badly configured SIP proxy that forgets to add
   record-route headers to make sure that signalling works.

When X-lite is in lan where is opensips error do not exists.  Calls are
working perfect!


Here is 200 ok that asterisk keep retransmiting:

^[[0KRetransmitting #2 (no NAT) to 192.168.1.42:5060:
SIP/2.0 200 OK
v: SIP/2.0/UDP
192.168.1.42;branch=z9hG4bKe31e.f8aa9df6.0;received=192.168.1.42
v: SIP/2.0/UDP
PUBLIC_IP_OF_UA:59788;rport=59788;received=PUBLIC_IP_OF_UA;branch=z9hG4bK-d8754z-c754d54c1f044c74-1---d8754z-
Record-Route:
f: "tommy2";tag=740b0d14
t: "7890100";tag=as57556733
i: YjNjZThlNjljMjk2ODE5MmU1NDNiNTJhMTY5ZDg2MWQ.
CSeq: 2 INVITE
Server: Asterisk PBX
^[[0Kllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
INFO, PUBLISH
k: replaces, timer
m:
c: application/sdp
l: 261

In opensips.cfg file i have this 2 section that involves ACK:

if ( is_method("ACK") ) {


if ( t_check_trans() ) {
# non loose-route, but stateful ACK; 
must be an ACK after
# a 487 or e.g. 404 from upstream server
t_relay();
exit;
} else {
# ACK without matching transaction ->
# ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}

and :


# preloaded route checking
if (loose_route()) {
xlog("L_ERR",
"Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
if (!is_method("ACK"))
sl_send_reply("403","Preload Route denied");
append_hf("P-hint: rr-enforced\r\n");
route(1);
}


i'm sending calls this way :


route[4] {
   # PSTN route #
   rewritehostport("192.168.1.42:5061");
route(1);
exit;
}



  I hope there is solution for this and what to thanks in advanced anyone who
try to help .
Please help

Cheers

T0mmy
   


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] rewritehost() and AVP

2010-11-18 Thread Anca Vamanu 

Hi Anton,

Not all functions accept avp's as arguments - rewritehost doesn't accept 
them because this has not been implemented :).


Regards,

--
Anca Vamanu
www.voice-system.ro



On 11/18/2010 11:38 AM, Anton Zagorskiy wrote:

Thanks, this is work.

Can you explain why rewritehost() doesn't accept AVP? Where AVP doesn't work
too?






WBR, Anton Zagorskiy
VoIP Developer, Oyster Telecom
Phone.: +7 812 601-0666
Fax: +7 812 601-0593
a.zagors...@oyster-telecom.ru
www.oyster-telecom.ru



   

-Original Message-
From: users-boun...@lists.opensips.org [mailto:users-
boun...@lists.opensips.org] On Behalf Of Ovidiu Sas
Sent: Wednesday, November 17, 2010 7:35 PM
To: OpenSIPS users mailling list
Subject: Re: [OpenSIPS-Users] rewritehost() and AVP

Deal with the host and port via PVs:
http://www.opensips.org/Resources/DocsCoreVar16#toc59
http://www.opensips.org/Resources/DocsCoreVar16#toc64


Regards,
Ovidiu Sas

On Wed, Nov 17, 2010 at 10:58 AM, Anton Zagorskiy
  wrote:
 

Hello.
How to pass a value to the rewritehost() function using AVP?

1. Code
$avp(i:50) = "192.168.0.01";
rewritehostport("$avp(i:50)");
route(1)

raises errors:
ERROR:core:parse_uri: bad port in uri (error at char ) in state 8)
   

parsed:
 

(21) /  (22)
ERROR:core:parse_sip_msg_uri: bad uri

2. Code
$avp(i:50) = "192.168.0.01";
rewritehostport($avp(i:50)); # Without qoutes
route(1)

raises errors during stratup:
CRITICAL:core:yyerror: parse error in config file, line 747, column
   

28-38:
 

syntax error
CRITICAL:core:yyerror: parse error in config file, line 747, column
   

38-39:
 

bad argument, string expected



WBR, Anton Zagorskiy
VoIP Developer, Oyster Telecom
Phone.: +7 812 601-0666
Fax: +7 812 601-0593
a.zagors...@oyster-telecom.ru
www.oyster-telecom.ru





___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

   

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
 


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/user


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Static Routes in OpenSIPS proxy

2010-11-18 Thread andrea 

Hello Bogdan,

Thanks for the reply.
I've already implemented my static routing in a different way, as follows:

 # account only INVITEs
if (is_method("INVITE")) {
setflag(1); # do accounting
  if (uri=~"^sip:56[0-9][0...@.*") {
  rewritehostport("150.217.4.23:5060");
  route(1);
  return;
   }

Because the incoming requested uri was 5...@ip_address_proxy, i perform the
check .
Then set the correct host destination with rewritehost, setting the host of
the Pbx where the users 56XX were registered.
The implementation  works fine, what do you think about it?

Regards,
Andrea
 
-- 
View this message in context: 
http://opensips-open-sip-server.1449251.n2.nabble.com/Re-Static-Routes-in-OpenSIPS-proxy-tp5663203p5751151.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] SIP presence and aliases

2010-11-18 Thread John Khvatov 
Hello all.

Is it possible to implement sip presence with sip aliases? In case of PUBLISH 
it's seems that I can change presentity URI. But what about SUBSCRIBE/NOTIFY 
methods?

-- 
WBR, John Khvatov


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] SIP presence and aliases

2010-11-18 Thread Anca Vamanu 

Hi John,

It is the same for SUBSCRIBE - the presentity uri is in RURI, so if you 
change it before calling handle_subscribe it should work.


Regards,

--
Anca Vamanu
www.voice-system.ro



On 11/18/2010 12:58 PM, John Khvatov wrote:

Hello all.

Is it possible to implement sip presence with sip aliases? In case of PUBLISH 
it's seems that I can change presentity URI. But what about SUBSCRIBE/NOTIFY 
methods?
   


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Presence server performance

2010-11-18 Thread Anca Vamanu 

Hi John,

On 11/15/2010 05:34 PM, John Khvatov wrote:

Hello all.

I'm testing performance of OpenSIPS presence server. I got bad results... Any 
ideas how to improve it?

My test scenario (SIPp xml config: http://dev.sgu.ru/pub/pubsub.xml):

SIPpPresence Server
  | PUBLISH |
  |>|
  | |
  | 200 OK  |
  |<|
  | |
  | SUBSCRIBE (on publised uri) |
  |>|
  | |
  | 200 OK  |
  |<|
  | |
  | NOTIFY  |
  |<|
  | |
  | 200 OK  |
  |>|

After 10.000 calls (10.000 scenario) OpenSIPS began to write warnings about 
memory to log:
WARNING:core:fm_malloc: Not enough free memory, will atempt defragmenation

   
OpenSIPS presence server stores in memory the subscription dialogs and 
also some publish related information(not the body). So the fact that 
after 1 calls the memory gets filled up for 64MB is in the normal 
limits I think(~6.4k per presence dialog). The shared memory is also 
used by tm to hold the transactions and you must also take into 
considerations that the memory is not completely filled up, and it might 
have empty spaces but if at allocation a larger chunk is required, it 
can not be provided (this is solved with defragmentation).



Results with 100 calls per second:
Total calls: 74454
Calls per second: 16.485 cps
Successful calls:  73772
Failed calls: 382
(With 10.000 "total calls" OpenSIPS shows 100 cps, almost zero failed calls)


Results with 1000 calls per second:
Total calls 20857
Calls per second: 12.696 cps
Successful calls: 15360
Failed calls: 2497

   
Yes, this is not a good result .. the reason is that presence processing 
is quite costly - it requires querying the database all the time - 
because the Publish information is not stored in memory (the bodies 
might be very large). So probably the conclusion of your tests is that 
if you want more then 100 cps, you should use a cluster of presence 
servers :) .

These results are very interesting, thank you for sharing.

Regards,

--
Anca Vamanu
www.voice-system.ro



SUBSCRIBE to one of 500.000 published user is running 1-2 sec..

System configuration.
OS: Debian squeeze/sid (Not tuned)
Processor: Intel Xeon E5345
RAM: 1G (OpenSIPS executed with -m 64 option. Memory is still available during 
tests)
OpenSIPS: Version 1.6.3. Config is very simple: handle_subscribe()&&  
handle_publish(). fallback2db disabled. Storage postgresql 8.4.
   


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] PRESENCE module in real life

2010-11-18 Thread Konstantin Cherkasov 
Hi!

We just did some performance tests
http://lists.opensips.org/pipermail/users/2010-November/015454.html

And we were very surprised because we expected better scalability from
OpenSIPS .


> Yes, presence is used in production for a couple of years now.

At what scale? "small office" or "carrier-grade" ?
I'm not being sarcastic. Just want to know what presence in OpenSIPS
is really good for.

-- 
Konstantin Cherkasov

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] Handle end of a transaction/dialog

2010-11-18 Thread Anton Zagorskiy 
Hello.

I need to control how much SIP dialogs (established or pending) has each
domain. If that value is equal to certain constant then I should drop any
new INVITE from that domain.
There is no problem with catching initial requests, but with terminating.
How can I control that an openSIPS transaction is in the terminating stage?






WBR, Anton Zagorskiy
VoIP Developer, Oyster Telecom
Phone.: +7 812 601-0666
Fax: +7 812 601-0593
a.zagors...@oyster-telecom.ru
www.oyster-telecom.ru





___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] Private Memory vs Shared Memory

2010-11-18 Thread Sven Schulz 
Just a few generic questions: What is the difference between shared and
private memory in opensips? And how does each relate to the child processes?
Also, is there a good guideline to what these should be set in relation to
how much RAM is installed.
Thanks,

Sven Schulz
Penn State University
Telecommunications and Network Services
814.865.6116
sip:s...@psu.edu


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] New to OpenSIPS

2010-11-18 Thread Dave Singer 
Learning opensips is not like learning a programming language like C, ruby,
puthon, etc. It is very important to get an understanding of how sip flows
and opensips works (get the big picture) then get into the details of how to
manipulate things.
Checkout the past webinars on the Webinars
page
First two I'd look at are:
SIP introduction 
OpenSIPS default script 
You may want to get and start playing with the live
DVDavailable
that you can use in a virtual server or a spare computer without
installing.
Further, look at the
tutorialsfor specific
goals.
OpenSIPS Admin 
Course

The "Cookbooks " page is
basically the links to reference manual type documentation of functions,
features, variables etc. But it helps to have an understanding of how
opensips works from the suggested webinars.
Opensips IRC on freenode is quite active as well as the mailing list. Be
sure to ask questions there. But remember that like other opensource
software you are not paying for support so don't have an attitude of
expecting fast answers.

Also consider http://www.opensips.org/Training/EBootcamp.

I sure wish these resources were available when I first started with openser
(opensips) a few years ago. I have recently gone through some of these and
still found them helpful.

For performance check the Performance
tests page
and search the Mailing lists
 and Forums  for results users
have found.

Good luck
Dave (cando)

On Wed, Nov 17, 2010 at 11:54 AM, Austin Smith wrote:

> Greetings!
>
>
>
> I am new to opensips and am looking for a good place to start learning the
> application.
>
>
>
> I am curious if there is any recommended hardware or solid benchmarking
> statistics available somewhere.  Next I will need to learn on the
> configuration aspects of the software.  I am not looking for “cookbook”
> material, but rather language references and structure guidelines.
>
>
>
> Can anyone advise where these items may be available?
>
>
>
> Many thanks-
>
>
>
> Austin Smith,* **A+, NET+, SMBE, MCSA*
>
> *Director of Information Techology*
>
> *Digital Compass*
>
>
>
> (404) 410-2708 direct
>
> (404) 410-2701 fax
>
> 6 Concourse Parkway, #1500
>
> Atlanta, GA 30328
>
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK

2010-11-18 Thread Maciej Bylica 
Guys

So the only wayout is to request my SIP operator to be complied with
the standards?

Thanks
Maciej


> Dear ALL,
>
> During clearing my misconfigurations I found following errors in log file:
> ERROR:uri:check_username: No authorized credentials found (error in scripts)
> ERROR:uri:check_username: Call {www,proxy}_authorize before calling
> check_* functions!
>
> After closer look it turnes out that it is generated due to lack of
> totag in ACK method as a response to 487 Request Terminated.
> ACK is omitting has_totag() part of configuration and then again is
> asked for proxy auth.
>
> The call is generated by UA registered with Opensips, then t_relayed
> to OPERATOR_1 and his MGW to PSTN.
> UA-->OPENSIPS->OPERATOR_1_SIPPROXY>MGW
>
> The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY
> 1. (A)INVITE ->(B)
> 2. (A)<--180 RIGING--(B)
> 3. (A)CANCEL--->(B)
> 4. (A)<--OK(B)
> 5. (A)<-487 Request Terminated---(B)
> 6. (A)ACK->(B)
> and it looks the same, but:
>
> - CANCEL should be sent by (A) without To tag
> - OK should be sent by (B) with To tag
> - 487 with the same To tag
> - ACK should be sent by (A) with exactly the same To tag.
>
> Unfortunately it is not my case :(
> - I am fine with CANCEL
> - I am receiving proper OK with To tag
> - and here is the source of my problem. 487 is sent by (B) without
> totag proposed in OK message previously sent.
> - ACK is obviously using the same totag as OK, so im my case no totag
> is incorporated into ACK method.
> The after-effect is that ACK is asked for proxy auth.
>
> I am asking you guys to tell me how to cope with the cases like above.
>
>
> Thanks in advance,
> Maciej
>

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK

2010-11-18 Thread Iñaki Baz Castillo 
2010/11/13 Maciej Bylica :
> The call is generated by UA registered with Opensips, then t_relayed
> to OPERATOR_1 and his MGW to PSTN.
> UA-->OPENSIPS->OPERATOR_1_SIPPROXY>MGW
>
> The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY
> 1. (A)INVITE ->(B)
> 2. (A)<--180 RIGING--(B)
> 3. (A)CANCEL--->(B)
> 4. (A)<--OK(B)
> 5. (A)<-487 Request Terminated---(B)
> 6. (A)ACK->(B)
> and it looks the same, but:
>
> - CANCEL should be sent by (A) without To tag
> - OK should be sent by (B) with To tag
> - 487 with the same To tag

Wrong. 200 OK for CANCEL is sent by the proxy (CANCEL is hop by hop).
However 487 is sent by the UAS (not by the proxy) and of course the
UAS doesn't know which To tag has chosen the proxy for the 200
(CANCEL). Also, there could be multiple UAS's (parallel forking).

> - ACK should be sent by (A) with exactly the same To tag.

Just a final 487 will be delivered by the proxy to the UAC (even in
case there is parallel forking) so the ACK must contain the same Totag
than the 487 received.


> Unfortunately it is not my case :(
> - I am fine with CANCEL
> - I am receiving proper OK with To tag
> - and here is the source of my problem. 487 is sent by (B) without
> totag proposed in OK message previously sent.

And that is correct.


> - ACK is obviously using the same totag as OK,

That is wrong. It should be the same Totag as the UAC receives in the 487.


> so im my case no totag is incorporated into ACK method.

> The after-effect is that ACK is asked for proxy auth.

The proxy should not be dialog aware (Totag value aware). It should
inspect just the transaction identifier (Via's branch and CSeq).


-- 
Iñaki Baz Castillo


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK

2010-11-18 Thread Maciej Bylica 
Iñaki,

Thank You for clearing a few things up.
Yes You are absolutely right with all signalization aspect, but
transaction identifier inspection really makes me think and again i
see that there are a lot aspects i need to take care of.
Could you pls point me to some hints describing the proper way to
build transaction inspection?

Thanks,
Maciej.


>> The call is generated by UA registered with Opensips, then t_relayed
>> to OPERATOR_1 and his MGW to PSTN.
>> UA-->OPENSIPS->OPERATOR_1_SIPPROXY>MGW
>>
>> The proper call flow should be (A) is UA, B is OPERATOR_1_SIPPROXY
>> 1. (A)INVITE ->(B)
>> 2. (A)<--180 RIGING--(B)
>> 3. (A)CANCEL--->(B)
>> 4. (A)<--OK(B)
>> 5. (A)<-487 Request Terminated---(B)
>> 6. (A)ACK->(B)
>> and it looks the same, but:
>>
>> - CANCEL should be sent by (A) without To tag
>> - OK should be sent by (B) with To tag
>> - 487 with the same To tag
>
> Wrong. 200 OK for CANCEL is sent by the proxy (CANCEL is hop by hop).
> However 487 is sent by the UAS (not by the proxy) and of course the
> UAS doesn't know which To tag has chosen the proxy for the 200
> (CANCEL). Also, there could be multiple UAS's (parallel forking).
>
>> - ACK should be sent by (A) with exactly the same To tag.
>
> Just a final 487 will be delivered by the proxy to the UAC (even in
> case there is parallel forking) so the ACK must contain the same Totag
> than the 487 received.
>
>
>> Unfortunately it is not my case :(
>> - I am fine with CANCEL
>> - I am receiving proper OK with To tag
>> - and here is the source of my problem. 487 is sent by (B) without
>> totag proposed in OK message previously sent.
>
> And that is correct.
>
>
>> - ACK is obviously using the same totag as OK,
>
> That is wrong. It should be the same Totag as the UAC receives in the 487.
>
>
>> so im my case no totag is incorporated into ACK method.
>
>> The after-effect is that ACK is asked for proxy auth.
>
> The proxy should not be dialog aware (Totag value aware). It should
> inspect just the transaction identifier (Via's branch and CSeq).
>
>
> --
> Iñaki Baz Castillo
> 
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK

2010-11-18 Thread Iñaki Baz Castillo 
2010/11/18 Maciej Bylica :
> Iñaki,
>
> Thank You for clearing a few things up.
> Yes You are absolutely right with all signalization aspect, but
> transaction identifier inspection really makes me think and again i
> see that there are a lot aspects i need to take care of.
> Could you pls point me to some hints describing the proper way to
> build transaction inspection?

It's well explained in RFC 3261.
An ACK for a [3456]XX response must have same branch and same CSeq
number (but "ACK" method) as the INVITE of the transaction.



-- 
Iñaki Baz Castillo


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] CANCELing the connection - no totag in ACK

2010-11-18 Thread Maciej Bylica 
Iñaki


> It's well explained in RFC 3261.
> An ACK for a [3456]XX response must have same branch and same CSeq
> number (but "ACK" method) as the INVITE of the transaction.

I meant some hints regarding script configuration, because as far as i
understand i should double check my .cfg
Okay i may proxy auth only INVITE methods - at this moment i do have
if (!(method=="REGISTER") && from_uri==myself)  /*no multidomain 
version*/ {
if (!proxy_authorize("", "subscriber")) {
xlog("L_INFO","proxy auth");
proxy_challenge("", "0");
exit;
}
so there wont be any problem to filter that out, but how to inspect
branch, CSeq - isn't that functionality hardcoded?

Thx,
Maciej.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] LDAP authentication issue

2010-11-18 Thread Indiver 

Hello Guys,

I'm trying to integrate ldap with opensips. For this purpose I configured
LDAP server and added 10 users there.
My ldap.cfg  file is

[sipaccounts]
ldap_version = 2
ldap_server_url = "ldap://192.168.1.106:389";
ldap_bind_dn = "cn=Manager,dc=example,dc=net"
ldap_bind_password = "password"
ldap_network_timeout = 500
ldap_client_bind_timeout = 500

I added the following pieces in the cfg file:

modparam("ldap", "config_file", "/usr/local/etc/opensips/ldap.cfg")
modparam("auth", "username_spec", "$avp(s:username)")
modparam("auth", "password_spec", "$avp(s:password)")
modparam("auth", "calculate_ha1", 1)

In route Block the following:

if (!(method=="REGISTER") && from_uri==myself) /*no multidomainversion*/
{
if (!is_present_hf("Proxy-Authorization")) {
proxy_challenge("", "0");
exit;
}
$avp(s:password)
   $var(username)=$rU;

if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(&(uid=$fU))"))
{
switch ($retcode)
{
case -1:
# no LDAP entry found
sl_send_reply("404", "example: User
NotFound");
exit;
case -2:
# internal error
sl_send_reply("500", "example :
Internalserver error");
exit;
default:
exit;
}

}

xlog("L_INFO", "example : ldap_search: found
[$retcode]entries for (uid=$fU)");

ldap_result("userPassword/$avp(s:password)");

# username to authenticate
#$avp(i:2) = $fU;

# do the authentication
if(!pv_proxy_authorize("")){
proxy_challenge("", "0");
exit;
}

# caller authenticated
}



if (is_method("REGISTER"))
{

   if (!is_present_hf("Authorization")) {
www_challenge("", "0");
exit;
}
$var(username)=$fU;
   
if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(&(uid=$fU))"))
{
switch ($retcode)
{
case -1:
# no LDAP entry found
sl_send_reply("404", "example: User
NotFound");
exit;
case -2:
# internal error
sl_send_reply("500", "example :
Internalserver error");
exit;
default:
exit;
}
}
xlog("L_INFO", "example : ldap_search: found
[$retcode]entries for (uid=$fU)");

if (!ldap_result("userPassword/$avp(s:password)"))
{
 switch ($retcode)
{
case -1:
# no SIPIdentityServiceLevel found
sl_send_reply("403", "example
:Forbidden");
exit;
case -2:
# internal error
sl_send_reply("500", example
:Internal server error");
exit;
default:
exit;
}
}
xlog("L_INFO", "example : ldap_result: password est
=$avp(s:password)");
# do the authentication
if(!pv_www_authorize("")){
www_challenge("", "0");
exit;
}
if (!save("location"))
sl_reply_error();

exit;
}

if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}

if (!lookup("location")) {
switch ($retcode) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not Allowed");
exit;
}
}

# when routing via usrl