<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div>Hi Bogdan,<br><br>Thanks for clarify the things.<br>:)<br></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: 13px;"><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: bold;">From:</span></b> Bogdan-Andrei Iancu <bogdan@voice-system.ro><br><b><span style="font-weight: bold;">To:</span></b> OpenSIPS users mailling list <users@lists.opensips.org><br><b><span style="font-weight: bold;">Sent:</span></b> Monday, August 9, 2010 13:10:14<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [OpenSIPS-Users] Fw: proxy_authorize("","subscriber") bug ??<br></font><br>Hi Pasan,<br><br>That's right - if you did t_newtran(), avoid using t_checktran()
again!<br><br>Regards,<br>Bogdan<br><br>Pasan Meemaduma wrote:<br>> Hi Bogdan,<br>><br>> The problem was with my INVITE dispatch route.<br>><br>> following is my complete script.<br>><br>><br>> if (!allow_trusted()) {<br>> t_newtran();<br>> proxy_authorize("","subscriber");<br>><br>> $var(x) = $retcode;<br>> xlog("L_INFO","------return code after auth is $var(x) \n");<br>> if ($var(x)<0) {<br>><br>> if(!lookup("location")){<br>> xlog("L_INFO","------challenging to $fU \n");<br>> proxy_challenge("","0");<br>> exit;<br>>
}<br>> } else if (!check_from()) {<br>> sl_send_reply("403", "Spoofed From-URI detected");<br>> xlog("L_INFO","Spoofed From-URI detected ! from --> <br>> $fu -- IP $si PORT:$sp");<br>> exit;<br>> }<br>> if(is_present_hf("Proxy-Authorization")){<br>> consume_credentials();# Changed on 2010-06-25<br>> }<br>> }<br>><br>> if (!lookup("location")) {<br>> rewritehostport("192.168.102.5:5070");<br>><br>> }<br>> append_hf("P-hint: usrloc
applied\r\n");<br>> route(1);<br>><br>><br>> route[1] {<br>><br>> # if(is_method("INVITE")) {<br>> # if(t_check_trans())<br>> # {<br>> # xlog("L_INFO", "Duplicate message $ruri M=$rm F=$fu <br>> IP=$si \n");<br>> # exit;<br>> # }<br>> # send it out now; use stateful forwarding as it works reliably<br>> # even for UDP2TCP<br>> # xlog("L_INFO", "Request leaving server - M=$rm RURI=$ru F=$fu <br>> T=$tu IP=$si ID=$ci\n");<br>> if (!t_relay()) {<br>> xlog("L_INFO", "(Rewriting) t_relay 1 - M=$rm RURI=$ru <br>> F=$fu T=$tu IP=$si
ID=$ci\n");<br>> sl_reply_error();<br>> }<br>> t_on_reply("1");<br>> exit;<br>> }<br>><br>> The commented lines has cause opensips to drop the packet as a <br>> duplicate one (Initial INVITE and subsequent retransmissions) . If I'm <br>> using t_newtran(); in auth route how to I check the duplicate messages ?<br>><br>> If I'm using t_newtran() don't I need to use t_check_trans() to check <br>> for duplicates ?<br>><br>> can I create transactions for other requests which by pass the auth <br>> route as follow in route[1] ?<br>><br>> route[1] {<br>><br>> if(is_method("INVITE")) {<br>> if(!t_check_trans())<br>> {<br>>
t_newtran();<br>> xlog("L_INFO", "creating transaction $ruri M=$rm F=$fu <br>> IP=$si \n");<br>> exit;<br>> }<br>> # send it out now; use stateful forwarding as it works reliably<br>> # even for UDP2TCP<br>> # xlog("L_INFO", "Request leaving server - M=$rm RURI=$ru F=$fu <br>> T=$tu IP=$si ID=$ci\n");<br>> if (!t_relay()) {<br>> xlog("L_INFO", "(Rewriting) t_relay 1 - M=$rm RURI=$ru <br>> F=$fu T=$tu IP=$si ID=$ci\n");<br>> sl_reply_error();<br>> }<br>> t_on_reply("1");<br>> exit;<br>>
}<br>><br>><br>> If I can clarify these things I can apply the changes in the <br>> production server.<br>><br>> Thanks<br>><br>><br>> ------------------------------------------------------------------------<br>> *From:* Bogdan-Andrei Iancu <<a ymailto="mailto:bogdan@voice-system.ro" href="mailto:bogdan@voice-system.ro">bogdan@voice-system.ro</a>><br>> *To:* OpenSIPS users mailling list <<a ymailto="mailto:users@lists.opensips.org" href="mailto:users@lists.opensips.org">users@lists.opensips.org</a>><br>> *Sent:* Wednesday, August 4, 2010 22:44:53<br>> *Subject:* Re: [OpenSIPS-Users] Fw: proxy_authorize("","subscriber") <br>> bug ??<br>><br>> Hi Pasan,<br>><br>> please enable full logging (set debug=6) and make a log capture for the<br>> whole registration process - like first REGISTER, challenge, second<br>> REGISTER...<br>><br>> Because in the first set of logs, I
see that -3 is returned, which is<br>> "stale nonce" - see<br>> <a href="http://www.opensips.org/html/docs/modules/1.6.x/auth_db.html#id228268" target="_blank">http://www.opensips.org/html/docs/modules/1.6.x/auth_db.html#id228268</a><br>><br>> Regards,<br>> Bogdan<br>><br>> Pasan Meemaduma wrote:<br>> > Hi Bogdan,<br>> ><br>> > I had to setup a test opensips server to try your suggestion as I<br>> > can't do much testing on production server.<br>> ><br>> > When I have following in auth route opensips doesn't allow call being<br>> > routed properly<br>> ><br>> ><br>> > if (!allow_trusted()) {<br>> > t_newtran();<br>> > proxy_authorize("","subscriber");<br>> ><br>> > $var(x) = $retcode;<br>> > xlog("L_INFO","------return code
after auth is $var(x) \n");<br>> > if ($var(x)<0) {<br>> > xlog("L_INFO","------var(x) < 0 \n");<br>> ><br>> > if(!lookup("location") ){<br>> > xlog("L_INFO","------challenging to $fU \n");<br>> > proxy_challenge("","0");<br>> > exit;<br>> > }<br>> > } else if (!check_from()) {<br>> > sl_send_reply("403", "Spoofed From-URI detected");<br>> > xlog("L_INFO","Spoofed From-URI detected ! from --><br>> > $fu -- IP $si
PORT:$sp");<br>> > exit;<br>> > }<br>> > if(is_present_hf("Proxy-Authorization")){<br>> > consume_credentials();# Changed on 2010-06-25<br>> > }<br>> > }<br>> ><br>> > I get the following in the /var/log/messages<br>> ><br>> > ug 4 14:24:01 devserver /usr/sbin/opensips[12766]:<br>> > INFO:xlog:mod_init: initializing...<br>> > Aug 4 14:24:01 devserver /usr/sbin/opensips[12766]:<br>> > INFO:textops:hname_fixup: using hdr type (16) instead of<br>> > <Proxy-Authorization><br>> > Aug 4 14:24:01 devserver /usr/sbin/opensips[12766]:<br>> > INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb<br>> > Aug 4 14:24:10 devserver
/usr/sbin/opensips[12768]: ------return code<br>> > after auth is -4<br>> > Aug 4 14:24:10 devserver /usr/sbin/opensips[12768]: ------var(x) < 0<br>> > Aug 4 14:24:10 devserver /usr/sbin/opensips[12768]: ------challenging<br>> > to 1001<br>> > Aug 4 14:24:10 devserver /usr/sbin/opensips[12771]: ------return code<br>> > after auth is 1<br>> > Aug 4 14:24:18 devserver /usr/sbin/opensips[12771]: ------return code<br>> > after auth is 1<br>> > Aug 4 14:24:19 devserver /usr/sbin/opensips[12769]: ------return code<br>> > after auth is -4<br>> > Aug 4 14:24:19 devserver /usr/sbin/opensips[12769]: ------var(x) < 0<br>> > Aug 4 14:24:26 devserver /usr/sbin/opensips[12771]: ------return code<br>> > after auth is 1<br>> > Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------return code<br>> > after auth is -3<br>>
> Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------var(x) < 0<br>> > Aug 4 14:24:42 devserver /usr/sbin/opensips[12768]: ------challenging<br>> > to 1001<br>> ><br>> > -------------------------------------------------<br>> ><br>> ><br>> > But if I try commenting the t_newtran It route the call successfully.<br>> ><br>> > # t_newtran(); <--- commented<br>> > <br>> ><br>> > Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]:<br>> > INFO:textops:mod_init: initializing...<br>> > Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]:<br>> > INFO:uac:mod_init: initializing...<br>> > Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]:<br>> > INFO:xlog:mod_init: initializing...<br>> > Aug 4 14:23:23 devserver
/usr/sbin/opensips[12710]:<br>> > INFO:textops:hname_fixup: using hdr type (16) instead of<br>> > <Proxy-Authorization><br>> > Aug 4 14:23:23 devserver /usr/sbin/opensips[12710]:<br>> > INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb<br>> > Aug 4 14:23:29 devserver /usr/sbin/opensips[12713]: ------return code<br>> > after auth is -4<br>> > Aug 4 14:23:29 devserver /usr/sbin/opensips[12713]: ------var(x) < 0<br>> > Aug 4 14:23:29 devserver /usr/sbin/opensips[12713]: ------challenging<br>> > to 1001<br>> > Aug 4 14:23:29 devserver /usr/sbin/opensips[12715]: ------return code<br>> > after auth is 1<br>> ><br>> ><br>> > Looks like we can't t_newtran() like above. any clue ?<br>> ><br>> > Thanks<br>> > <br>> ><br>> ><br>><br>><br>>
------------------------------------------------------------------------<br>><br>> _______________________________________________<br>> Users mailing list<br>> <a ymailto="mailto:Users@lists.opensips.org" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>> <br><br><br>-- <br>Bogdan-Andrei Iancu<br>OpenSIPS Bootcamp<br>20 - 24 September 2010, Frankfurt, Germany<br>www.voice-system.ro<br><br><br>_______________________________________________<br>Users mailing list<br><a ymailto="mailto:Users@lists.opensips.org" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></div></div>
</div><br></body></html>