<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt">Hi Bogdan,<br><br>The problem was with my INVITE dispatch route.<br><br>following is my complete script.<br><br><br> if (!allow_trusted()) {<br> t_newtran();<br> proxy_authorize("","subscriber");<br><br> $var(x) = $retcode;<br> xlog("L_INFO","------return code after auth is $var(x) \n");<br> if ($var(x)<0) {<br><br> if(!lookup("location")){<br> xlog("L_INFO","------challenging to $fU
\n");<br> proxy_challenge("","0");<br> exit;<br> }<br> } else if (!check_from()) {<br> sl_send_reply("403", "Spoofed From-URI detected");<br> xlog("L_INFO","Spoofed From-URI detected ! from --> $fu -- IP $si PORT:$sp");<br> exit;<br> }<br> if(is_present_hf("Proxy-Authorization")){<br>
consume_credentials();# Changed on 2010-06-25<br> }<br> }<br><br> if (!lookup("location")) {<br> rewritehostport("192.168.102.5:5070");<br><br> }<br> append_hf("P-hint: usrloc applied\r\n");<br> route(1);<br><br><br>route[1] {<br><br><span style="font-weight: bold;"># if(is_method("INVITE")) {</span><br style="font-weight: bold;"><span style="font-weight: bold;"># if(t_check_trans())</span><br style="font-weight: bold;"><span style="font-weight: bold;"># {</span><br style="font-weight: bold;"><span style="font-weight:
bold;"># xlog("L_INFO", "Duplicate message $ruri M=$rm F=$fu IP=$si \n"); </span><br style="font-weight: bold;"><span style="font-weight: bold;"># exit;</span><br style="font-weight: bold;"><span style="font-weight: bold;"># }</span><br style="font-weight: bold;"> # send it out now; use stateful forwarding as it works reliably<br> # even for UDP2TCP<br> # xlog("L_INFO", "Request leaving server - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");<br> if (!t_relay()) {<br> xlog("L_INFO", "(Rewriting) t_relay 1 - M=$rm RURI=$ru F=$fu T=$tu IP=$si
ID=$ci\n");<br> sl_reply_error();<br> }<br> t_on_reply("1");<br> exit;<br>}<br><br>The commented lines has cause opensips to drop the packet as a duplicate one (Initial INVITE and subsequent retransmissions) . If I'm using t_newtran(); in auth route how to I check the duplicate messages ?<br><br>If I'm using t_newtran() don't I need to use <span style="font-weight: bold;">t_check_trans() to check for duplicates ?<br><br>can I create transactions for other requests which by pass the auth route as follow in route[1] ?<br><br></span>route[1] {<br>
<br>
<span style="font-weight: bold;"> if(is_method("INVITE")) {</span><br style="font-weight: bold;">
<span style="font-weight: bold;"> if(!t_check_trans())</span><br style="font-weight: bold;">
<span style="font-weight: bold;"> {<br> t_newtran();</span><br style="font-weight: bold;">
<span style="font-weight: bold;"> xlog("L_INFO", "creating transaction $ruri M=$rm F=$fu IP=$si \n"); </span><br style="font-weight: bold;">
<span style="font-weight: bold;"> exit;</span><br style="font-weight: bold;">
<span style="font-weight: bold;"> }</span><br style="font-weight: bold;">
# send it out now; use stateful forwarding as it works reliably<br>
# even for UDP2TCP<br>
# xlog("L_INFO", "Request leaving server - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");<br>
if (!t_relay()) {<br>
xlog("L_INFO", "(Rewriting) t_relay 1 - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");<br>
sl_reply_error();<br>
}<br>
t_on_reply("1");<br>
exit;<br>
}<br>
<br><span style="font-weight: bold;"><br>If I can clarify these things I can apply the changes in the production server.<br><br></span>Thanks<br><div><br></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: 13px;"><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: bold;">From:</span></b> Bogdan-Andrei Iancu <bogdan@voice-system.ro><br><b><span style="font-weight: bold;">To:</span></b> OpenSIPS users mailling list <users@lists.opensips.org><br><b><span style="font-weight: bold;">Sent:</span></b> Wednesday, August 4, 2010 22:44:53<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [OpenSIPS-Users] Fw: proxy_authorize("","subscriber") bug ??<br></font><br>Hi Pasan,<br><br>please enable full logging (set debug=6) and make a log capture for the <br>whole registration process - like first REGISTER,
challenge, second <br>REGISTER...<br><br>Because in the first set of logs, I see that -3 is returned, which is <br>"stale nonce" - see <br><a href="http://www.opensips.org/html/docs/modules/1.6.x/auth_db.html#id228268" target="_blank">http://www.opensips.org/html/docs/modules/1.6.x/auth_db.html#id228268</a><br><br>Regards,<br>Bogdan<br><br>Pasan Meemaduma wrote:<br>> Hi Bogdan,<br>><br>> I had to setup a test opensips server to try your suggestion as I <br>> can't do much testing on production server.<br>><br>> When I have following in auth route opensips doesn't allow call being <br>> routed properly<br>><br>><br>> if (!allow_trusted()) {<br>> t_newtran();<br>> proxy_authorize("","subscriber");<br>><br>> $var(x) = $retcode;<br>> xlog("L_INFO","------return code after auth is $var(x)
\n");<br>> if ($var(x)<0) {<br>> xlog("L_INFO","------var(x) < 0 \n");<br>><br>> if(!lookup("location") ){<br>> xlog("L_INFO","------challenging to $fU \n");<br>> proxy_challenge("","0");<br>> exit;<br>> }<br>> } else if (!check_from()) {<br>> sl_send_reply("403", "Spoofed From-URI detected");<br>> xlog("L_INFO","Spoofed From-URI detected ! from --> <br>> $fu -- IP $si PORT:$sp");<br>> exit;<br>>
}<br>> if(is_present_hf("Proxy-Authorization")){<br>> consume_credentials();# Changed on 2010-06-25<br>> }<br>> }<br>><br>> I get the following in the /var/log/messages<br>><br>> ug 4 14:24:01 devserver /usr/sbin/opensips[12766]: <br>> INFO:xlog:mod_init: initializing...<br>> Aug 4 14:24:01 devserver /usr/sbin/opensips[12766]: <br>> INFO:textops:hname_fixup: using hdr type (16) instead of <br>> <Proxy-Authorization><br>> Aug 4 14:24:01 devserver /usr/sbin/opensips[12766]: <br>> INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb<br>> Aug 4 14:24:10 devserver /usr/sbin/opensips[12768]: ------return code <br>> after auth is -4<br>> Aug 4 14:24:10 devserver /usr/sbin/opensips[12768]: ------var(x) < 0<br>> Aug 4
14:24:10 devserver /usr/sbin/opensips[12768]: ------challenging <br>> to 1001<br>> Aug 4 14:24:10 devserver /usr/sbin/opensips[12771]: ------return code <br>> after auth is 1<br>> Aug 4 14:24:18 devserver /usr/sbin/opensips[12771]: ------return code <br>> after auth is 1<br>> Aug 4 14:24:19 devserver /usr/sbin/opensips[12769]: ------return code <br>> after auth is -4<br>> Aug 4 14:24:19 devserver /usr/sbin/opensips[12769]: ------var(x) < 0<br>> Aug 4 14:24:26 devserver /usr/sbin/opensips[12771]: ------return code <br>> after auth is 1<br>> Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------return code <br>> after auth is -3<br>> Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------var(x) < 0<br>> Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------challenging <br>> to 1001<br>><br>>
-------------------------------------------------<br>><br>><br>> But if I try commenting the t_newtran It route the call successfully.<br>><br>> # t_newtran(); <--- commented<br>> <br>><br>> Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: <br>> INFO:textops:mod_init: initializing...<br>> Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: <br>> INFO:uac:mod_init: initializing...<br>> Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: <br>> INFO:xlog:mod_init: initializing...<br>> Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: <br>> INFO:textops:hname_fixup: using hdr type (16) instead of <br>> <Proxy-Authorization><br>> Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]: <br>> INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb<br>> Aug 4 14:23:29
devserver /usr/sbin/opensips[12713]: ------return code <br>> after auth is -4<br>> Aug 4 14:23:29 devserver /usr/sbin/opensips[12713]: ------var(x) < 0<br>> Aug 4 14:23:29 devserver /usr/sbin/opensips[12713]: ------challenging <br>> to 1001<br>> Aug 4 14:23:29 devserver /usr/sbin/opensips[12715]: ------return code <br>> after auth is 1<br>><br>><br>> Looks like we can't t_newtran() like above. any clue ?<br>><br>> Thanks<br>> <br>><br>><br><br></div></div>
</div><br></body></html>