Related
We are using Magento 2 with Varnish cache
We only get Varnish Cache HIT on very few /catalogsearch/result/ pages, and we really can not figure out why we don't get cache HIT on all /catalogsearch/result/ pages.
Please help us in the right direction :-)
Ex.
we always get HIT on this url
https://www.babygear.dk/catalogsearch/result/?q=bog
We always get MISS on a lot of other search queries
https://www.babygear.dk/catalogsearch/result/?q=black
https://www.babygear.dk/catalogsearch/result/?q=box
https://www.babygear.dk/catalogsearch/result/?q=box
Here is our varnish.vlc
# VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 5
vcl 4.0;
import std;
# The minimal Varnish version is 5.0
# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'
backend default {
.host = "127.0.0.1";
.port = "8080";
.first_byte_timeout = 600s;
}
acl purge {
"127.0.0.1";
}
sub vcl_recv {
if (req.method == "PURGE") {
if (client.ip !~ purge) {
return (synth(405, "Method not allowed"));
}
# To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
# has been added to the response in your backend server config. This is used, for example, by the
# capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
}
if (req.http.X-Magento-Tags-Pattern) {
ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
}
if (req.http.X-Pool) {
ban("obj.http.X-Pool ~ " + req.http.X-Pool);
}
return (synth(200, "Purged"));
}
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
# We only deal with GET and HEAD by default
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}
# Bypass shopping cart, checkout
if (req.url ~ "/checkout") {
return (pass);
}
# Bypass health check requests
if (req.url ~ "/pub/health_check.php") {
return (pass);
}
# Set initial grace period usage status
set req.http.grace = "none";
# normalize url in case of leading HTTP scheme and domain
set req.url = regsub(req.url, "^http[s]?://", "");
# collect all cookies
std.collect(req.http.Cookie);
# Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
# No point in compressing these
unset req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
set req.http.Accept-Encoding = "deflate";
} else {
# unknown algorithm
unset req.http.Accept-Encoding;
}
}
# Remove all marketing get parameters to minimize the cache objects
if (req.url ~ "(\?|&)(gclid|ff|fp|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
set req.url = regsuball(req.url, "(gclid|ff|fp|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
set req.url = regsub(req.url, "[?|&]+$", "");
}
# Static files caching
if (req.url ~ "^/(pub/)?(media|static)/") {
# Static files should not be cached by default
#return (pass);
# But if you use a few locales and don't use CDN you can enable caching static files by commenting previous line (#return (pass);) and uncommenting next 3 lines
unset req.http.Https;
unset req.http.X-Forwarded-Proto;
unset req.http.Cookie;
}
return (hash);
}
sub vcl_hash {
if (req.http.cookie ~ "X-Magento-Vary=") {
hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1"));
}
# For multi site configurations to not cache each other's content
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
# To make sure http users don't see ssl warning
if (req.http.X-Forwarded-Proto) {
hash_data(req.http.X-Forwarded-Proto);
}
if (req.url ~ "/graphql") {
call process_graphql_headers;
}
}
sub process_graphql_headers {
if (req.http.Store) {
hash_data(req.http.Store);
}
if (req.http.Content-Currency) {
hash_data(req.http.Content-Currency);
}
}
sub vcl_backend_response {
set beresp.grace = 3d;
if (beresp.http.content-type ~ "text") {
set beresp.do_esi = true;
}
if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") {
set beresp.do_gzip = true;
}
if (beresp.http.X-Magento-Debug) {
set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
}
# cache only successfully responses
if (beresp.status != 200) {
set beresp.ttl = 0s;
set beresp.uncacheable = true;
return (deliver);
} elsif (beresp.http.Cache-Control ~ "private") {
set beresp.uncacheable = true;
set beresp.ttl = 44400s;
return (deliver);
}
# validate if we need to cache it and prevent from setting cookie
if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
unset beresp.http.set-cookie;
}
# If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
if (beresp.ttl <= 0s ||
beresp.http.Surrogate-control ~ "no-store" ||
(!beresp.http.Surrogate-Control &&
beresp.http.Cache-Control ~ "no-cache|no-store") ||
beresp.http.Vary == "*") {
# Mark as Hit-For-Pass for the next 2 minutes
set beresp.ttl = 120s;
set beresp.uncacheable = true;
}
return (deliver);
}
sub vcl_deliver {
if (resp.http.X-Magento-Debug) {
if (resp.http.x-varnish ~ " ") {
set resp.http.X-Magento-Cache-Debug = "HIT";
set resp.http.Grace = req.http.grace;
} else {
set resp.http.X-Magento-Cache-Debug = "MISS";
}
} #else {
# unset resp.http.Age;
# }
# Not letting browser to cache non-static files.
if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media|static)/") {
set resp.http.Pragma = "no-cache";
set resp.http.Expires = "-1";
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
}
unset resp.http.X-Magento-Debug;
unset resp.http.X-Magento-Tags;
unset resp.http.X-Powered-By;
unset resp.http.Server;
unset resp.http.X-Varnish;
unset resp.http.Via;
unset resp.http.Link;
}
sub vcl_hit {
if (obj.ttl >= 0s) {
# Hit within TTL period
return (deliver);
}
if (std.healthy(req.backend_hint)) {
if (obj.ttl + 3000000s > 0s) {
# Hit after TTL expiration, but within grace period
set req.http.grace = "normal (healthy server)";
return (deliver);
} else {
# Hit after TTL and grace expiration
return (miss);
}
} else {
# server is not healthy, retrieve from cache
set req.http.grace = "unlimited (unhealthy server)";
return (deliver);
}
}
It's a bit tough to judge what's really going on, because there's both a Varnish cache in front of Magento and Cloudflare as the CDN.
A no-cache/no-store Cache-Control value
What I am seeing in general for your searches, is the following Cache-Control value:
cache-control: no-store, no-cache, must-revalidate, max-age=0
Based on this value, Varnish will decide not to cache. In the response headers of must of your search results you will see that Age: 0 is set. This means that Varnish doesn't hold the value in cache.
A cached search result that shouldn't be cacheable
However, weirdly enough https://www.babygear.dk/catalogsearch/result/?q=bog does have a an Age header with a value greater than zero:
age: 38948
This means it's been in cache for 38948 seconds. But really, this shouldn't be happening, because the page is not supposed to be cacheable.
Making search results cacheable:
Please make sure you have a Cache-Control header that allows caching, if you want to cache search results.
Example:
Cache-Control: public, s-maxage=3600
Debugging using Varnishlog
If you really want to know what happens in behind the scenes in Varnish, you can perform some debugging using the varnishlog binary.
You could run the following command to get debug output:
varnishlog -g request -q "ReqUrl eq '/catalogsearch/result/\?q=bog'"
This will print some very verbose logs on how Varnish treats the URL that causes the hit. You can add this output to your question, and I can try to examine what's going on.
FYI: I wrote a very detailed blog post about varnishlog a couple of years ago. Please go to https://feryn.eu/blog/varnishlog-measure-varnish-cache-performance/ to have a look, and to learn.
What's Cloudflare doing?
All that being said, I have no clue what the impact of Cloudflare is on the cacheability of the website. The varnishlog output will give us some insight, but if those results diverge from reality, Cloudflare is probably getting in our way.
Keep this in mind while debugging.
Inside vcl_recv Add
# Bypass search requests
if (req.url ~ "/catalogsearch") {
return (pass);
}
check .htaccess file for Cache-Control setting.
I'm trying to configure my OpenSIPS server to allow TLS encrypted communications.
At first, I'm trying with the build-in certificates that OpenSIPS provide.
What I've done until now is generating a new Residential Script (opensips_residential.cfg) in which ENABLE_TCP & ENABLE_TLS have been enabled.
Now I have two configuration files, opensips.cfg with the follow lines:
#
# $Id$
#
# OpenSIPS residential configuration script
# by OpenSIPS Solutions <team#opensips-solutions.com>
#
# This script was generated via "make menuconfig", from
# the "Residential" scenario.
# You can enable / disable more features / functionalities by
# re-generating the scenario with different options.#
#
# Please refer to the Core CookBook at:
# http://www.opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#
####### Global Parameters #########
log_level=3
log_stderror=no
log_facility=LOG_LOCAL0
children=4
/* uncomment the following line to enable debugging */
#debug_mode=yes
/* uncomment the next line to enable the auto temporary blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
/* comment the next line to enable the auto discovery of local aliases
based on revers DNS on IPs */
auto_aliases=no
listen=udp:192.168.1.57:5060 # CUSTOMIZE ME
####### Modules Section ########
#set module path
mpath="/usr/local//lib64/opensips/modules/"
#### SIGNALING module
loadmodule "signaling.so"
#### StateLess module
loadmodule "sl.so"
#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timeout", 5)
modparam("tm", "fr_inv_timeout", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)
#### MAX ForWarD module
loadmodule "maxfwd.so"
#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"
#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
#### URI module
loadmodule "uri.so"
modparam("uri", "use_uri_table", 0)
#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc", "nat_bflag", "NAT")
modparam("usrloc", "db_mode", 0)
#### REGISTRAR module
loadmodule "registrar.so"
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
#### UDP protocol
loadmodule "proto_udp.so"
####### Routing Logic ########
# main request routing logic
route{
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if (has_totag()) {
# sequential requests within a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
# do accunting, even if the transaction fails
do_accounting("log","failed");
} else if (is_method("INVITE")) {
# even if in most of the cases is useless, do RR for
# re-INVITEs alos, as some buggy clients do change route set
# during the dialog.
record_route();
}
# route it out to whatever destination was set by loose_route()
# in $du (destination URI).
route(relay);
} else {
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# non loose-route, but stateful ACK; must be an ACK after
# a 487 or e.g. 404 from upstream server
t_relay();
exit;
} else {
# ACK without matching transaction ->
# ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
if ( !(is_method("REGISTER") ) ) {
if (from_uri==myself)
{
} else {
# if caller is not local, then called number must be local
if (!uri==myself) {
send_reply("403","Rely forbidden");
exit;
}
}
}
# preloaded route checking
if (loose_route()) {
xlog("L_ERR",
"Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
if (!is_method("ACK"))
sl_send_reply("403","Preload Route denied");
exit;
}
# record routing
if (!is_method("REGISTER|MESSAGE"))
record_route();
# account only INVITEs
if (is_method("INVITE")) {
do_accounting("log");
}
if (!uri==myself) {
append_hf("P-hint: outbound\r\n");
route(relay);
}
# requests for my domain
if (is_method("PUBLISH|SUBSCRIBE"))
{
sl_send_reply("503", "Service Unavailable");
exit;
}
if (is_method("REGISTER"))
{
if (!save("location"))
sl_reply_error();
exit;
}
if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# do lookup with method filtering
if (!lookup("location","m")) {
t_newtran();
t_reply("404", "Not Found");
exit;
}
# when routing via usrloc, log the missed calls also
do_accounting("log","missed");
route(relay);
}
route[relay] {
# for INVITEs enable some additional helper routes
if (is_method("INVITE")) {
t_on_branch("per_branch_ops");
t_on_reply("handle_nat");
t_on_failure("missed_call");
}
if (!t_relay()) {
send_reply("500","Internal Error");
};
exit;
}
branch_route[per_branch_ops] {
xlog("new branch at $ru\n");
}
onreply_route[handle_nat] {
xlog("incoming reply\n");
}
failure_route[missed_call] {
if (t_was_cancelled()) {
exit;
}
# uncomment the following lines if you want to block client
# redirect based on 3xx replies.
##if (t_check_status("3[0-9][0-9]")) {
##t_reply("404","Not found");
## exit;
##}
}
And the other configuration file is the one that I generated with menuconfig tool:
#
# OpenSIPS residential configuration script
# by OpenSIPS Solutions <team#opensips-solutions.com>
#
# This script was generated via "make menuconfig", from
# the "Residential" scenario.
# You can enable / disable more features / functionalities by
# re-generating the scenario with different options.#
#
# Please refer to the Core CookBook at:
# http://www.opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#
####### Global Parameters #########
log_level=3
log_stderror=no
log_facility=LOG_LOCAL0
children=4
/* uncomment the following lines to enable debugging */
#debug_mode=yes
/* uncomment the next line to enable the auto temporary blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
/* comment the next line to enable the auto discovery of local aliases
based on revers DNS on IPs */
auto_aliases=no
listen=udp:192.168.1.57:5060 # CUSTOMIZE ME
listen=tcp:192.168.1.57:5060 # CUSTOMIZE ME
listen=tls:192.168.1.57:5061 # CUSTOMIZE ME
####### Modules Section ########
#set module path
mpath="/usr/local/lib/opensips/modules/"
#### SIGNALING module
loadmodule "signaling.so"
#### StateLess module
loadmodule "sl.so"
#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timeout", 5)
modparam("tm", "fr_inv_timeout", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)
#### MAX ForWarD module
loadmodule "maxfwd.so"
#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"
#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
#### URI module
loadmodule "uri.so"
modparam("uri", "use_uri_table", 0)
#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc", "nat_bflag", "NAT")
modparam("usrloc", "db_mode", 0)
#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
loadmodule "proto_udp.so"
loadmodule "proto_tcp.so"
loadmodule "proto_tls.so"
modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "0")
modparam("proto_tls","tls_method", "TLSv1")
modparam("proto_tls","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem")
modparam("proto_tls","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem")
modparam("proto_tls","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem")
####### Routing Logic ########
# main request routing logic
route{
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if (has_totag()) {
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
# do accounting even if the transaction fails
do_accounting("log","failed");
} else if (is_method("INVITE")) {
# even if in most of the cases is useless, do RR for
# re-INVITEs alos, as some buggy clients do change route set
# during the dialog.
record_route();
}
# route it out to whatever destination was set by loose_route()
# in $du (destination URI).
route(relay);
} else {
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# non loose-route, but stateful ACK; must be an ACK after
# a 487 or e.g. 404 from upstream server
t_relay();
exit;
} else {
# ACK without matching transaction ->
# ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
if ( !(is_method("REGISTER") ) ) {
if (from_uri==myself)
{
} else {
# if caller is not local, then called number must be local
if (!uri==myself) {
send_reply("403","Rely forbidden");
exit;
}
}
}
# preloaded route checking
if (loose_route()) {
xlog("L_ERR",
"Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
if (!is_method("ACK"))
sl_send_reply("403","Preload Route denied");
exit;
}
# record routing
if (!is_method("REGISTER|MESSAGE"))
record_route();
# account only INVITEs
if (is_method("INVITE")) {
do_accounting("log");
}
if (!uri==myself) {
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
## CUSTOMIZE IF NEEDED
##if ($rd=="tls_domain1.net"
## || $rd=="tls_domain2.net"
##) {
## force_send_socket(tls:127.0.0.1:5061); # CUSTOMIZE
##}
route(relay);
}
# requests for my domain
if (is_method("PUBLISH|SUBSCRIBE"))
{
sl_send_reply("503", "Service Unavailable");
exit;
}
if (is_method("REGISTER"))
{
if ( proto==TCP || proto==TLS || 0 ) setflag(TCP_PERSISTENT);
if (!save("location"))
sl_reply_error();
exit;
}
if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# do lookup with method filtering
if (!lookup("location","m")) {
t_newtran();
t_reply("404", "Not Found");
exit;
}
# when routing via usrloc, log the missed calls also
do_accounting("log","missed");
route(relay);
}
route[relay] {
# for INVITEs enable some additional helper routes
if (is_method("INVITE")) {
t_on_branch("per_branch_ops");
t_on_reply("handle_nat");
t_on_failure("missed_call");
}
if (!t_relay()) {
send_reply("500","Internal Error");
};
exit;
}
branch_route[per_branch_ops] {
xlog("new branch at $ru\n");
}
onreply_route[handle_nat] {
xlog("incoming reply\n");
}
failure_route[missed_call] {
if (t_was_cancelled()) {
exit;
}
# uncomment the following lines if you want to block client
# redirect based on 3xx replies.
##if (t_check_status("3[0-9][0-9]")) {
##t_reply("404","Not found");
## exit;
##}
}
I don't know if I have to replace my opensips.cfg file with opensips_residential.cfg. I have tried that and when I attempt to start my server with command 'opensipsctl start' I get several errors, I can provide them in another message if it's necessary.
If using opensipsctl start, look for the # STARTOPTIONS= variable in /usr/local/opensips/etc/opensipsctlrc, and define it as:
STARTOPTIONS="-f /path/to/opensips_residential.cfg"
When installing OpenSIPS from packages, note that the initscript's config file path becomes /etc/opensips/opensips.cfg, and you will have to edit/replace this file for changes to take effect.
Make sure you have your certs path setup properly, I also wouldn't use a self-signed cert. Go to letsencrypt get a cert and put the path on your opensips.cfg file. Replace your existing config with the new generated configuration.
I'm trying to send e-mail via lua+nginx.
Lapis (Lua) code
local smtp = require("socket.smtp")
app:get("/ee", function(self)
local from = "<mail0#mydns.name>"
local rcpt = {
"<mail1#gmail.com>"
}
local mesgt = {
headers = {
to = "PP <mail1#gmail.com>",
cc = '"V.V." <mail2#gmail.com>',
subject = "My first message"
},
body = "I hope this works. If it does, I can send you another 1000 copies."
}
local r, e = smtp.send{
from = from,
rcpt = rcpt,
source = smtp.message(mesgt),
server = "127.0.0.1",
port = 25
}
return "R:" .. tostring(r) .. " E: " .. tostring(e)
end)
gives timeout error (after several seconds passed): "R: nil E: timeout"
Nginx config is:
http{
server{
listen 9000;
location = /cgi-bin/nginxauth.cgi {
add_header Auth-Status OK;
add_header Auth-Server 127.0.0.1; # backend ip
add_header Auth-Port 25; # backend port
return 200;
}
}
}
mail {
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
server {
server_name mydns.name;
listen 25;
protocol smtp;
proxy on;
timeout 5s;
proxy_pass_error_message on;
#smtp_auth login plain;
xclient on;
smtp_auth none;
}
}
I do not understand the core of mail server. How to configure? How to use nginx server? I think timeout error appears due to mail-server just redirect but doesnt process email data, am I right? Or what have I do to fix with error?
Is it possible to send media rtp packets from one rtpproxy server to another rtpproxy server?
In my scenario , i am registering voip account via opensips proxy server. We have rtpproxy and opensips server hosted on same place. opensips changes c= and m= lines of SDP accordingly but when packet goes to voip switch , its rtpproxy server also changes SDP. So Peer1 is sending packets to hout hosted rtpproxy server and peer2 sending rtp packets to voip switch's rtpproxy server.
SIP packets : Peer <--> opensips <--> asterisk
RTP packets peer1 <--> rtpproxy1 =X= rtpproxy2 <-->peer2
here no connection between rtpproxy1 and rtpproxy 2 so no media transfer between peer1 and peer2. Please help to solve this problem.
my opensips.cfg file is as below.
#
# $Id: opensips.cfg 9742 2013-02-05 10:24:48Z vladut-paiu $
#
# OpenSIPS residential configuration script
# by OpenSIPS Solutions <team#opensips-solutions.com>
#
# This script was generated via "make menuconfig", from
# the "Residential" scenario.
# You can enable / disable more features / functionalities by
# re-generating the scenario with different options.#
#
# Please refer to the Core CookBook at:
# http://www.opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#
####### Global Parameters #########
debug=4
log_stderror=no
log_facility=LOG_LOCAL0
fork=yes
children=4
sip_warning=yes
mhomed=1
/* uncomment the following lines to enable debugging */
#debug=6
#fork=no
#log_stderror=yes
/* uncomment the next line to enable the auto temporary blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
/* comment the next line to enable the auto discovery of local aliases
based on revers DNS on IPs */
auto_aliases=yes
#listen=udp:127.0.0.1:5060 # CUSTOMIZE ME
listen=udp:192.168.1.28:5080
disable_tcp=yes
listen=tcp:192.168.1.28:5080
disable_tls = yes
listen = tls:192.168.1.28:5081
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = "/usr/local/etc/opensips/tls/server/server-cert.pem"
tls_private_key = "/usr/local/etc/opensips/tls/server/server-privkey.pem"
tls_ca_list = "/usr/local/etc/opensips/tls/server/server-calist.pem"
####### Modules Section ########
#set module path
mpath="/usr/local/lib64/opensips/modules/"
#### Auth db module
loadmodule "db_mysql.so"
loadmodule "auth_db.so"
loadmodule "auth.so"
modparam("auth_db", "db_url", "mysql://root:admin#localhost/opensips")
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "use_domain", 1)
modparam("auth", "nonce_expire", 300)
modparam("auth", "rpid_suffix", ";party=calling;id-type=subscriber;screen=yes")
modparam("auth", "rpid_avp", "$avp(rpid)")
# !! Nathelper
loadmodule "nathelper.so"
#loadmodule "nat_traversal.so"
loadmodule "rtpproxy.so"
loadmodule "textops.so"
# ----------------- setting module-specific parameters ---------------
modparam("rtpproxy", "rtpproxy_sock", "udp:192.168.1.28:7890")
# !! Nathelper
modparam("nathelper","sipping_bflag",7)
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
modparam("nathelper", "force_socket", "udp:192.168.1.28:7890")
modparam("nathelper", "nortpproxy_str", "a=sdpmangled:yes\r\n")
#### SIGNALING module
loadmodule "signaling.so"
#### StateLess module
loadmodule "sl.so"
#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timer", 5)
modparam("tm", "fr_inv_timer", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)
#### MAX ForWarD module
loadmodule "maxfwd.so"
#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"
#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
#### URI module
loadmodule "uri.so"
modparam("uri", "use_uri_table", 0)
modparam("uri", "use_domain", 0)
modparam("uri", "db_url", "mysql://root:admin#localhost/opensips")
#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc","nat_bflag",6)
modparam("usrloc", "db_mode", 0)
#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
modparam("registrar", "default_expires", 3600)
modparam("registrar", "min_expires", 60)
modparam("registrar", "max_expires", 0)
modparam("registrar", "default_q", 0)
modparam("registrar", "case_sensitive", 0)
modparam("registrar", "received_param", "received")
modparam("registrar", "max_contacts", 0)
modparam("registrar", "retry_after", 0)
modparam("registrar", "received_avp", "$avp(i:801)")
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
modparam("registrar","received_avp", "$avp(42)")
modparam("nathelper","received_avp", "$avp(42)")
#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
modparam("acc", "failed_transaction_flag", "ACC_FAILED")
/* account triggers (flags) */
modparam("acc", "log_flag", "ACC_DO")
modparam("acc", "log_missed_flag", "ACC_MISSED")
loadmodule "dialog.so"
#loadmodule "load_balancer.so"
loadmodule "domain.so"
modparam("domain", "db_url","mysql://root:admin#localhost/opensips") # CUSTOMIZE ME
modparam("domain", "db_mode", 1) # Use caching
modparam("auth_db|usrloc|uri", "use_domain", 1)
loadmodule "drouting.so"
modparam("drouting", "db_url","mysql://root:admin#localhost/opensips") # CUSTOMIZE ME
loadmodule "event_route.so"
#loadmodule "mediaproxy.so"
loadmodule "alias_db.so"
modparam("alias_db", "db_url","mysql://root:admin#localhost/opensips") # CUSTOMIZE ME
loadmodule "dialplan.so"
modparam("dialplan", "db_url","mysql://root:admin#localhost/opensips") # CUSTOMIZE ME
#loadmodule "presence_xcapdiff.so"
#loadmodule "permissions.so"
####### Routing Logic ########
# main routing logic
# main request routing logic
route
{
#xlog("L_INFO","CVAPP: route($rm/$du/$fu/$tu)");
#script_trace( 1, "$rm from $si, ruri=$ru", "me");
#xlog("L_INFO", "route[0] New request - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10"))
{
xlog("mf_process_maxfwd_header....... \n");
sl_send_reply("483", "Too Many Hops");
exit;
};
if (msg:len > 4096)
{
xlog(" method msg:len > 2048 \n");
sl_send_reply("513", "Message Overflow");
exit;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER")
{
record_route();
}
else
{
if(nat_uac_test("19"))
{
record_route(";nat=yes");
}
else
{
record_route();
}
}
if (method=="BYE" || method=="CANCEL")
{
unforce_rtp_proxy();
}
# -----------------------------------------------------------------
# Loose Route Section nat_uac_test("3")
# -----------------------------------------------------------------
if (loose_route())
{
xlog(" method loose_route() \n");
if ((method=="INVITE" || method=="REFER") && !has_totag())
{
sl_send_reply("403", "Forbidden");
exit;
};
if (method=="INVITE")
{
fix_nated_sdp("1");
if (nat_uac_test("19"))
{
xlog(" method fix_nated_contact() \n");
#setflag(6);
setbflag(6);
setbflag(7);
setbflag(8);
force_rport();
fix_nated_contact("2");
};
rtpproxy_answer();
};
route(1);
exit;
};
#xlog("L_INFO","CVAPP: has_totag initial request");
/* if(loose_route())
{
if(!has_totag())
{
xlog("L_INFO", "route[0] Initial loose-routing rejected - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
sl_send_reply("403", "Initial Loose-Routing Rejected");
exit;
}
if(nat_uac_test("19") || search("^Route:.*;nat=yes"))
{
xlog("L_INFO", "route[0] Initial loose-routing 19 - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
fix_nated_contact();
setbflag(6);
}
xlog("loose_route route5....... \n");
route(5);
} */
/* else {
xlog("L_INFO","CVAPP: loose_route was false");
if ( is_method("ACK") ) {
xlog("L_INFO","CVAPP: is ACK");
if ( t_check_trans() ) {
xlog("L_INFO","CVAPP: found matching transaction");
# non loose-route, but stateful ACK; must be an ACK after
# a 487 or e.g. 404 from upstream server
t_relay();
exit;
} else {
xlog("L_INFO","CVAPP: no matching transaction");
# ACK without matching transaction ->
# ignore and discard
exit;
}
}
xlog("L_INFO","CVAPP: sending 404 Not here");
sl_send_reply("404","Not here");
}
*/
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself)
{
#xlog("L_INFO", "uri!=myself1...........\n");
route(4);
route(1);
exit;
};
if (method=="ACK")
{
xlog(" method==ACK \n");
route(1);
exit;
}
if (method=="CANCEL")
{
xlog(" method==CANCEL \n");
route(1);
exit;
}
else if (method=="INVITE")
{
xlog(" method==INVITE \n");
route(3);
exit;
}
else if (method=="REGISTER")
{
xlog(" method==REGISTER \n");
route(2);
exit;
};
lookup("aliases");
if (uri!=myself)
{
xlog(" uri!=myself2... \n");
route(4);
route(1);
exit;
};
if (!lookup("location"))
{
xlog(" !lookup(location) \n");
sl_send_reply("404", "User Not Found");
exit;
};
route(1);
}
route[1]
{
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
# if client or server know to be behind a NAT, enable relay
if (isflagset(6) || isflagset(7)) {
xlog("route[1] Default Message Handler \n");
force_rport();
fix_nated_contact();
rtpproxy_answer();
};
t_on_reply("1");
if (subst_uri('/(sip:.*);nat=yes/\1/')){
xlog("subst_uri ..............\n");
setbflag(6);
};
if (!t_relay())
{
if (method=="INVITE" && isbflagset(6))
{
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2]
{
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
xlog("route[2] REGISTER Message Handler \n");
if (!search("^Contact:[ ]*\*") && nat_uac_test("19"))
{
xlog(" !search()...... \n");
#setflag(6);
setbflag(6);
setbflag(8);
#fix_nated_register();
fix_nated_contact();
force_rport();
};
sl_send_reply("100", "Trying");
if (!save("location"))
{
sl_reply_error();
};
}
route[3]
{
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
#if (nat_uac_test("19"))
#{
# setflag(6);
#}
xlog("route[3] INVITE Message Handler \n");
#linha incluida por mim para fazer com que todo INVITE utilize o rtpproxy
#setflag(6);
setbflag(6);
setbflag(8);
lookup("aliases");
if (uri!=myself)
{
route(4);
route(1);
exit;
};
if (!lookup("location"))
{
sl_send_reply("404", "User Not Found");
exit;
};
route(4);
route(1);
}
route[4]
{
# -----------------------------------------------------------------
# NAT Traversal Section
# -----------------------------------------------------------------
if (isbflagset(6))
{
force_rport();
fix_nated_contact();
rtpproxy_answer();
}
}
route[5]
{
if(isbflagset(6))
{
xlog("L_INFO", "route[5] ...............");
if(!isflagset(22) && !search("^Content-Length:[ ]*0"))
{
setflag(22);
# force_rtp_proxy();
# fix_nated_sdp("9");
if(has_body("application/sdp"))
{
xlog("L_INFO", "has_body rtpproxy_answer IP...............");
#rtpproxy_offer();
fix_nated_sdp("10","192.168.1.28");
rtpproxy_answer("r","192.168.1.28");
}
}
# if (rtpproxy_offer())
# {
# t_on_reply("2");
# }
t_on_reply("2");
}
else
{
t_on_reply("1");
}
if(!isflagset(21))
{
t_on_failure("1");
}
if(isflagset(29))
{
append_branch();
}
/* if(is_present_hf("Proxy-Authorization"))
{
consume_credentials();
}
*/
xlog("L_INFO", "route[3] Request leaving server, D-URI='$du' - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
# no 100 (we already sent it) and no DNS blacklisting
# if(!t_relay("0x05"))
if(!t_relay())
{
sl_reply_error();
if(is_method("INVITE") && isbflagset(6))
{
xlog("L_INFO", "route[3] unforce rtp proxy\n");
unforce_rtp_proxy();
}
}
exit;
}
onreply_route[1]
{
#rtpproxy_answer();
#force_rport();
#fix_nated_contact();
#rtpproxy_answer();
#rtpproxy_offer("i");
#rtpproxy_answer("cowf","192.168.1.28");
if (is_method("INVITE") || is_method("ACK") )
{
if(has_body("application/sdp"))
{
$var(mline) = $(rb{sdp.line,m});
xlog("The first m line in the SDP body is $var(mline)\n");
force_rport();
#fix_nated_contact();
fix_nated_sdp("3");
rtpproxy_offer("i");
}
}
#rtpproxy_answer("cowf","192.168.1.28");
if (isbflagset(6) && status=~"2[0-9][0-9]")
{
if (!search("^Content-Length:[ ]*0"))
{
xlog("onreply_route[1] if1 \n");
rtpproxy_answer();
};
};
if (nat_uac_test("1"))
{
xlog("onreply_route[1] if2 \n");
fix_nated_contact();
};
}
onreply_route[2]
{
xlog("L_INFO", "onreply_route[2] NAT-Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
if(nat_uac_test("1"))
{
fix_nated_contact();
}
if(isbflagset(6) && status=~"2[0-9][0-9]")
{
if(!search("^Content-Length:[ ]*0"))
{
#force_rtp_proxy();
xlog("L_INFO", "onreply_route[2] - calling rtpproxy_answer()\n");
#fix_nated_sdp("3");
rtpproxy_answer();
}
}
exit;
}
failure_route[1]{
xlog("failure_route[1] if2 \n");
}
Change rtpproxy_offer(i) to rtpproxy_offer("corw") in your onreply_route[2] function.
rtpproxy_offer("corw");
When the first SIP proxy receives the initial INVITE, it will allocate ports on the first rtpproxy and modify the SDP body so that traffic destinated to the UAC is sent to this rtpproxy. When the INVITE reaches the second SIP proxy (or B2BUA if it is Asterisk), it will allocate ports on the second rtpproxy and modify the SDP body so that traffic destinated to the UAC is sent to this rtpproxy. The opposite will also happen when replies with SDP body are received by the proxies.
Therefore, the traffic will flow as follows:
UAC <-> rtpproxy1 <-> rtpproxy2 <-> UAS
And, there is no special configuration for the two rtpproxy to send each other traffic. Each rtpproxy is simply seen by the other as the UA (UAS or UAC).
I was able to connect opensips and rtpproxy server. I am able to call without rtpproxy / I configured opensip.cfg file for rtpproxy and opensip connection but i am getting error when i call any number.
Apr 12 19:15:46 jpc /usr/local/sbin/opensips[8099]: ERROR:rtpproxy:force_rtp_proxy: Unable to parse body
Apr 12 19:15:46 jpc rtpproxy[8076]: DBUG:handle_command: received command "8097_5 Lc0,8,101 EmT25eujw9 66.109.20.153 17242 zTZujAf~s;1 as232a3dd2;1"
Apr 12 19:15:46 jpc rtpproxy[8076]: INFO:handle_command: lookup request failed: session EmT25eujw9, tags zTZujAf~s;1/as232a3dd2;1 not found
Apr 12 19:15:46 jpc rtpproxy[8076]: DBUG:doreply: sending reply "8097_5 0 27.113.254.248#012"
Apr 12 19:15:46 jpc /usr/local/sbin/opensips[8097]: ERROR:rtpproxy:force_rtp_proxy_body: incorrect port 0 in reply from rtp proxy
Apr 12 19:15:46 jpc /usr/local/sbin/opensips[8099]: ERROR:rtpproxy:force_rtp_proxy: Unable to parse body
Apr 12 19:15:46 jpc /usr/local/sbin/opensips[8097]: ERROR:rtpproxy:force_rtp_proxy: Unable to parse body
Apr 12 19:16:02 jpc /usr/local/sbin/opensips[8096]: ERROR:rtpproxy:force_rtp_proxy: Unable to parse body
Apr 12 19:16:07 jpc rtpproxy[8076]: DBUG:handle_command: received command "8097_6 D EmT25eujw9 as232a3dd2 zTZujAf~s"
Apr 12 19:16:07 jpc rtpproxy[8076]: INFO:handle_command: delete request failed: session EmT25eujw9, tags as232a3dd2/zTZujAf~s not found
Apr 12 19:16:07 jpc rtpproxy[8076]: DBUG:doreply: sending reply "8097_6 E8#012"
Apr 12 19:16:07 jpc /usr/local/sbin/opensips[8100]: ERROR:rtpproxy:force_rtp_proxy: Unable to parse body
Please help. How can i resolve this error?
My opensips.cfg file is as below :
#
# $Id: opensips.cfg 9742 2013-02-05 10:24:48Z vladut-paiu $
#
# OpenSIPS residential configuration script
# by OpenSIPS Solutions <team#opensips-solutions.com>
#
# This script was generated via "make menuconfig", from
# the "Residential" scenario.
# You can enable / disable more features / functionalities by
# re-generating the scenario with different options.#
#
# Please refer to the Core CookBook at:
# http://www.opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#
####### Global Parameters #########
debug=3
log_stderror=no
log_facility=LOG_LOCAL0
fork=yes
children=4
/* uncomment the following lines to enable debugging */
#debug=6
#fork=no
#log_stderror=yes
/* uncomment the next line to enable the auto temporary blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
/* comment the next line to enable the auto discovery of local aliases
based on revers DNS on IPs */
auto_aliases=yes
#listen=udp:127.0.0.1:5060 # CUSTOMIZE ME
listen=udp:192.168.1.28:5080
disable_tcp=yes
listen=tcp:192.168.1.28:5080
disable_tls = yes
listen = tls:192.168.1.28:5081
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = "/usr/local/etc/opensips/tls/server/server-cert.pem"
tls_private_key = "/usr/local/etc/opensips/tls/server/server-privkey.pem"
tls_ca_list = "/usr/local/etc/opensips/tls/server/server-calist.pem"
####### Modules Section ########
#set module path
mpath="/usr/local/lib64/opensips/modules/"
#### Auth db module
loadmodule "db_mysql.so"
loadmodule "auth_db.so"
loadmodule "auth.so"
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "use_domain", 1)
modparam("auth_db", "db_url", "mysql://root:admin#localhost/opensips")
# !! Nathelper
loadmodule "nathelper.so"
#loadmodule "nat_traversal.so"
loadmodule "rtpproxy.so"
loadmodule "textops.so"
# ----------------- setting module-specific parameters ---------------
modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:7890")
# !! Nathelper
modparam("nathelper","sipping_bflag",8)
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
#### SIGNALING module
loadmodule "signaling.so"
#### StateLess module
loadmodule "sl.so"
#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timer", 5)
modparam("tm", "fr_inv_timer", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)
#### MAX ForWarD module
loadmodule "maxfwd.so"
#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"
#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
#### URI module
loadmodule "uri.so"
modparam("uri", "use_uri_table", 0)
#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc","nat_bflag",6)
modparam("usrloc", "db_mode", 0)
#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
modparam("registrar","received_avp", "$avp(42)")
modparam("nathelper","received_avp", "$avp(42)")
mhomed=1
#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
modparam("acc", "failed_transaction_flag", "ACC_FAILED")
/* account triggers (flags) */
modparam("acc", "log_flag", "ACC_DO")
modparam("acc", "log_missed_flag", "ACC_MISSED")
####### Routing Logic ########
# main routing logic
route
{
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10"))
{
sl_send_reply("483", "Too Many Hops");
exit;
};
if (msg:len > max_len)
{
sl_send_reply("513", "Message Overflow");
exit;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER")
{
record_route();
};
if (method=="BYE" || method=="CANCEL")
{
unforce_rtp_proxy();
}
# -----------------------------------------------------------------
# Loose Route Section nat_uac_test("3")
# -----------------------------------------------------------------
if (loose_route())
{
if ((method=="INVITE" || method=="REFER") && !has_totag())
{
sl_send_reply("403", "Forbidden");
exit;
};
if (method=="INVITE")
{
if (nat_uac_test("19"))
{
#setflag(6);
setbflag(6);
setbflag(8);
force_rport();
fix_nated_contact();
};
rtpproxy_answer();
};
route(1);
exit;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself)
{
route(4);
route(1);
exit;
};
if (method=="ACK")
{
route(1);
exit;
}
if (method=="CANCEL")
{
route(1);
exit;
}
else if (method=="INVITE")
{
route(3);
exit;
}
else if (method=="REGISTER")
{
route(2);
exit;
};
lookup("aliases");
if (uri!=myself)
{
route(4);
route(1);
exit;
};
if (!lookup("location"))
{
sl_send_reply("404", "User Not Found");
exit;
};
route(1);
}
route[1]
{
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
# if client or server know to be behind a NAT, enable relay
if (isflagset(6) || isflagset(7)) {
force_rport();
fix_nated_contact();
rtpproxy_answer();
};
t_on_reply("1");
if (!t_relay())
{
if (method=="INVITE" && isbflagset(6))
{
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2]
{
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
xlog("route[2] REGISTER Message Handler \n");
if (!search("^Contact:[ ]*\*") && nat_uac_test("19"))
{
#setflag(6);
setbflag(6);
setbflag(8);
#fix_nated_register();
fix_nated_contact();
force_rport();
};
sl_send_reply("100", "Trying");
if (!save("location"))
{
sl_reply_error();
};
}
route[3]
{
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
#if (nat_uac_test("19"))
#{
# setflag(6);
#}
xlog("route[3] INVITE Message Handler \n");
#linha incluida por mim para fazer com que todo INVITE utilize o rtpproxy
#setflag(6);
setbflag(6);
setbflag(8);
lookup("aliases");
if (uri!=myself)
{
route(4);
route(1);
exit;
};
if (!lookup("location"))
{
sl_send_reply("404", "User Not Found");
exit;
};
route(4);
route(1);
}
route[4]
{
# -----------------------------------------------------------------
# NAT Traversal Section
# -----------------------------------------------------------------
if (isbflagset(6))
{
force_rport();
fix_nated_contact();
rtpproxy_answer();
}
}
onreply_route[1]
{
#rtpproxy_answer();
force_rport();
fix_nated_contact();
rtpproxy_answer();
#rtpproxy_offer();
if (isbflagset(6) && status=~"(180)|(183)|2[0-9][0-9]")
{
xlog("onreply_route[1] if1 \n");
if (!search("^Content-Length:[ ]*0"))
{
rtpproxy_answer();
};
};
if (nat_uac_test("1"))
{
xlog("onreply_route[1] if2 \n");
fix_nated_contact();
};
}
#=================================================================================
/*
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# !! Nathelper
# Special handling for NATed clients; first, NAT test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding is used); also,
# the received test should, if completed, should check all
# vias for rpesence of received
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (is_method("REGISTER") || !is_present_hf("Record-Route")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart enough to be symmetric. In some phones it takes a configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is
# called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of signalling
if ( is_method("INVITE") ) {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setbflag(6); # Mark as NATed
# if you want sip nat pinging
# setbflag(8);
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!is_method("REGISTER")) record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
exit;
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
exit;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
# if (!www_authorize("siphub.org", "subscriber")) {
# www_challenge("siphub.org", "0");
# return;
# };
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
exit;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
# !! Nathelper
if (uri=~"[#:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){
sl_send_reply("479", "We don't forward to private IP addresses");
exit;
};
# if client or server know to be behind a NAT, enable relay
if (isbflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies; apply to all transactions (for example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}
*/
You need dump packet which result error "unable parse body"
Very likly that is packet without any rtp data.
You SHOULD NOT use rtpproxy_offer/rtpproxy_answer for such packets.