[OpenSIPS-Users] I never see 404 not found
sajjad purmohseni
spurmohseni at yahoo.com
Fri Sep 7 14:22:30 CEST 2012
Hello Muhammad thanks for reply.
I think you mean invalidity of the "To URI"; But I am telling about invalidity of the "From URI" or the caller contact. In authentication process I expect to receive "404 not found" after sending second Invite or Register messages; but I receive 401 or 407. Is int normal action by server or it can send "404 not found" about invalid "From URI" to tell client that the contact URI is invalid?
--------------------------------------------------
kind regards;
Sajad Pourmohseni
________________________________
From: Muhammad Shahzad <shaheryarkh at googlemail.com>
To: sajjad purmohseni <spurmohseni at yahoo.com>; OpenSIPS users mailling list <users at lists.opensips.org>
Sent: Friday, September 7, 2012 1:45 PM
Subject: Re: [OpenSIPS-Users] I never see 404 not found
Yes because you have enabled proxy authentication of every method except REGISTER. Here is where you are doing this.
# authenticate if from local subscriber (uncomment to enable auth)
# authenticate all initial non-REGISTER request that pretend to be
# generated by local subscriber (domain from FROM URI is local)
if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/
##if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/
{
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
exit;
}
This gets called BEFORE you check for destination, which is right way to do it. The caller should authenticate itself before callee is checked.
Thank you.
On Thu, Sep 6, 2012 at 5:07 PM, sajjad purmohseni <spurmohseni at yahoo.com> wrote:
Hi all
>
>I use sipp tool accompanying opensips server to generate normal SIP traffic. I successfuly enable authentication in opensips; added some users in database and performed authentication proccess in register and invite requests. I see valid authentication as username and passwords are valid and failure in authentication as password is invalid. After sending first invite and receiving 407 (proxy auth req) message; In my scenario an Invite message is sent with authentication header containing valid nonce. My problem is that when URI of re-Invite request is invalid I receive 407 instead of 404 (not found).
>I'm so grateful about any help.
>
>
>This is my opensips config file (opensips.cfg):
>
>
>
>
>
>#
># $Id: opensips.cfg 5503 2009-03-22 16:22:32Z bogdan_iancu $
>#
># OpenSIPS basic configuration script
># by Anca Vamanu <anca at voice-system.ro>
>#
># Please refer to the Core CookBook at:
># http://www.opensips.org/index.php?n=Resources.DocsCookbooks
># for a explanation of possible statements, functions and parameters.
>#
>
>####### Global Parameters #########
>#debug=3
>log_stderror=no
>log_facility=LOG_LOCAL0
>fork=yes
>children=4
>/* uncomment the following lines to enable debugging */
>debug=6
>#fork=no
>#log_stderror=yes
>/* uncomment the next line to disable TCP (default on) */
>#disable_tcp=yes
>/* uncomment the next line to enable the auto temporary blacklisting of
> not available destinations (default disabled) */
>#disable_dns_blacklist=no
>/* uncomment the next line to enable IPv6 lookup after IPv4 dns
> lookup failures (default disabled) */
>#dns_try_ipv6=yes
>/* uncomment the next line to disable the auto discovery of local aliases
> based on revers DNS on IPs (default on) */
>#auto_aliases=no
>/* uncomment the following lines to enable TLS support (default off) */
>#disable_tls = no
>#listen = tls:your_IP:5061
>#tls_verify_server = 1
>#tls_verify_client = 1
>#tls_require_client_certificate = 0
>#tls_method = TLSv1
>#tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem"
>#tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem"
>#tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem"
>port=5060
>/* uncomment and configure the following line if you want opensips to
> bind on a specific interface/port/proto (default bind on all available) */
>listen=udp:194.225.238.244:5060
>
>####### Modules Section ########
>#set module path
>mpath="/usr/local/lib64/opensips/modules/"
>/* uncomment next line for MySQL DB support */
>loadmodule "db_mysql.so"
>loadmodule "signaling.so"
>loadmodule "sl.so"
>loadmodule "tm.so"
>loadmodule "rr.so"
>loadmodule "maxfwd.so"
>loadmodule "usrloc.so"
>loadmodule "registrar.so"
>loadmodule "textops.so"
>loadmodule "mi_fifo.so"
>loadmodule "uri_db.so"
>loadmodule "uri.so"
>loadmodule "xlog.so"
>loadmodule "acc.so"
>/* uncomment next lines for MySQL based authentication support
> NOTE: a DB (like db_mysql) module must be also loaded */
>loadmodule "auth.so"
>loadmodule "auth_db.so"
>/* uncomment next line for aliases support
> NOTE: a DB (like db_mysql) module must be also loaded */
>#loadmodule "alias_db.so"
>/* uncomment next line for multi-domain support
> NOTE: a DB (like db_mysql) module must be also loaded
> NOTE: be sure and enable multi-domain support in all used
modules
> (see "multi-module params" section ) */
>#loadmodule "domain.so"
>/* uncomment the next two lines for presence server support
> NOTE: a DB (like db_mysql) module must be also loaded */
>#loadmodule "presence.so"
>#loadmodule "presence_xml.so"
>
># ----------------- setting module-specific parameters ---------------
>
># ----- mi_fifo params -----
>modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>
># ----- rr params -----
># add value to ;lr param to cope with most of the UAs
>modparam("rr", "enable_full_lr", 1)
># do not append from tag to the RR (no need for this script)
>modparam("rr", "append_fromtag", 0)
>
># ----- registrar params -----
>modparam("registrar", "method_filtering", 1)
>/* uncomment the next line to disable parallel forking via location */
># modparam("registrar", "append_branches", 0)
>/* uncomment the next line not to allow more than 10 contacts per AOR */
>#modparam("registrar", "max_contacts", 10)
>
># ----- usrloc params -----
>modparam("usrloc", "db_mode", 0)
>/* uncomment the following lines if you want to enable DB persistency
> for location entries */
>#modparam("usrloc", "db_mode", 2)
>#modparam("usrloc", "db_url",
># "mysql://opensips:opensipsrw@localhost/opensips")
>
># ----- uri_db params -----
>/* by default we disable the DB support in the module as we do not need it
> in this configuration */
>modparam("uri_db", "use_uri_table", 0)
>modparam("uri_db", "db_url", "")
>
># ----- acc params -----
>/* what sepcial events should be accounted ? */
>modparam("acc", "early_media", 1)
>modparam("acc", "report_ack", 1)
>modparam("acc", "report_cancels", 1)
>/* by default ww do not adjust the direct of the sequential requests.
> if you enable this parameter, be sure the enable "append_fromtag"
> in "rr" module */
>modparam("acc", "detect_direction", 0)
>/* account triggers (flags) */
>modparam("acc", "failed_transaction_flag", 3)
>modparam("acc", "log_flag", 1)
>modparam("acc", "log_missed_flag", 2)
>/* uncomment the following lines to enable DB accounting also */
>modparam("acc", "db_flag", 1)
>modparam("acc", "db_missed_flag", 2)
>
># ----- auth_db params -----
>/* uncomment the following lines if you want to enable the DB based
> authentication */
>modparam("auth_db", "calculate_ha1", yes)
>modparam("auth_db", "password_column", "password")
>modparam("auth_db", "db_url",
> "mysql://opensips:opensipsrw@localhost/opensips")
>modparam("auth_db", "load_credentials", "")
>
># ----- alias_db params -----
>/* uncomment the following lines if you want to enable the DB based
> aliases */
>#modparam("alias_db", "db_url",
># "mysql://opensips:opensipsrw@localhost/opensips")
>
># ----- domain params -----
>/* uncomment the following lines to enable multi-domain detection
> support */
>#modparam("domain", "db_url",
># "mysql://opensips:opensipsrw@localhost/opensips")
>#modparam("domain", "db_mode", 1) # Use caching
>
># ----- multi-module params -----
>/* uncomment the following line if you want to enable multi-domain support
> in the modules (dafault off) */
>#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
>
># ----- presence params -----
>/* uncomment the following lines if you want to enable presence */
>#modparam("presence|presence_xml", "db_url",
># "mysql://opensips:opensipsrw@localhost/opensips")
>#modparam("presence_xml", "force_active", 1)
>#modparam("presence", "server_address", "sip:192.168.1.2:5060")
>
>####### Routing Logic ########
>
># main request routing logic
>route{
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> }
> if (has_totag()) {
> # sequential request withing a dialog should
> # take the path determined by record-routing
> if (loose_route()) {
> if (is_method("BYE")) {
> setflag(1); # do accounting ...
> setflag(3); # ... even if the transaction fails
> } else if (is_method("INVITE")) {
> # even if in most of the cases is useless, do RR for
> # re-INVITEs alos, as some buggy clients do change route set
> # during the dialog.
> record_route();
> }
> # route it out to whatever destination was set by loose_route()
> # in $du (destination URI).
> route(1);
> } else {
> /* uncomment the following lines if
you want to enable presence */
> ##if (is_method("SUBSCRIBE") && $rd == "your.server.ip.address") {
> ## # in-dialog subscribe requests
> ## route(2);
> ## exit;
> ##}
> if ( is_method("ACK") ) {
> if ( t_check_trans() ) {
> # non loose-route, but stateful ACK; must be an ACK after
> # a 487 or e.g. 404 from upstream server
> t_relay();
> exit;
> } else {
> # ACK without matching transaction ->
> # ignore and discard
> exit;
> }
> }
> sl_send_reply("404","Not
here");
> }
> exit;
> }
> #initial requests
> # CANCEL processing
> if (is_method("CANCEL"))
> {
> if (t_check_trans())
> t_relay();
> exit;
> }
> t_check_trans();
> # authenticate if from local subscriber (uncomment to enable auth)
> # authenticate all initial non-REGISTER request that pretend to be
> # generated by local subscriber (domain from FROM URI is local)
> if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/
> ##if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/
> {
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> if (!check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
> # caller authenticated
> }
> # preloaded route checking
> if (loose_route()) {
> xlog("L_ERR",
> "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
> if (!is_method("ACK"))
> sl_send_reply("403","Preload Route denied");
> exit;
> }
> # record routing
> if (!is_method("REGISTER|MESSAGE"))
> record_route();
> # account only INVITEs
> if (is_method("INVITE")) {
> setflag(1); # do accounting
> }
> if (!uri==myself)
> ## replace with following line if multi-domain support is used
> ##if (!is_uri_host_local())
> {
> append_hf("P-hint: outbound\r\n");
> # if you have some interdomain connections via TLS
> ##if($rd=="tls_domain1.net") {
> ## t_relay("tls:domain1.net");
> ## exit;
> ##} else if($rd=="tls_domain2.net") {
> ## t_relay("tls:domain2.net");
> ## exit;
> ##}
> route(1);
> }
> # requests for my domain
> ## uncomment this if you want to enable presence server
> ## and comment the next 'if' block
> ## NOTE: uncomment also the definition of route[2] from below
> ##if( is_method("PUBLISH|SUBSCRIBE"))
> ## route(2);
> if (is_method("PUBLISH"))
> {
> sl_send_reply("503", "Service Unavailable");
> exit;
> }
>
> if (is_method("REGISTER"))
> {
> # authenticate the REGISTER requests (uncomment to enable auth)
> if (!www_authorize("", "subscriber"))
> {
> www_challenge("", "0");
> exit;
> }
> if (!check_to())
> {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
> if (!save("location"))
> sl_reply_error();
> exit;
> }
> if ($rU==NULL) {
> # request with no Username in RURI
> sl_send_reply("484","Address Incomplete");
> exit;
> }
> # apply DB based aliases (uncomment to enable)
> ##alias_db_lookup("dbaliases");
> if (!lookup("location")) {
> switch ($retcode) {
> case -1:
> case -3:
> t_newtran();
> t_reply("404", "Not Found");
> exit;
> case -2:
> sl_send_reply("405", "Method Not Allowed");
> exit;
> }
> }
> # when routing via usrloc, log the missed calls also
> setflag(2);
> route(1);
>}
>
>route[1] {
> # for INVITEs enable some additional helper routes
> if (is_method("INVITE")) {
> t_on_branch("2");
> t_on_reply("2");
> t_on_failure("1");
> }
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
>}
>
># Presence route
>/* uncomment the whole following route for enabling presence
> NOTE: do not forget to enable the call of this route from the main
> route */
>##route[2]
>##{
>## if (!t_newtran())
>## {
>## sl_reply_error();
>## exit;
>## };
>##
>## if(is_method("PUBLISH"))
>## {
>## handle_publish();
>## t_release();
>## }
>## else
>## if( is_method("SUBSCRIBE"))
>## {
>## handle_subscribe();
>## t_release();
>## }
>##
>## exit;
>##}
>
>branch_route[2] {
> xlog("new branch at $ru\n");
>}
>
>onreply_route[2] {
> xlog("incoming reply\n");
>}
>
>failure_route[1] {
> if (t_was_cancelled()) {
> exit;
> }
> # uncomment the following lines if you want to block client
> # redirect based on 3xx replies.
> ##if (t_check_status("3[0-9][0-9]")) {
> ##t_reply("404","Not found");
> ## exit;
> ##}
> # uncomment the following lines if you want to redirect the failed
> # calls to a different new destination
> ##if (t_check_status("486|408")) {
> ## sethostport("192.168.2.100:5060");
> ## # do not set the missed call flag again
> ## t_relay();
> ##}
>}
>
>
>
>
>_______________________________________________
>Users mailing list
>Users at lists.opensips.org
>http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
--
Muhammad Shahzad
-----------------------------------
CISCO Rich Media Communication Specialist (CRMCS)
CISCO Certified Network Associate (CCNA)
Cell: +92 334 422 40 88
MSN: shari_786pk at hotmail.com
Email: shaheryarkh at googlemail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120907/2154f211/attachment-0001.htm>
More information about the Users
mailing list