From 7b434329dcd321964932ccedf80eb91697918361 Mon Sep 17 00:00:00 2001 From: lazedo Date: Sat, 16 Mar 2019 01:54:11 +0000 Subject: [PATCH] registrar stats & cache authn_err --- kamailio/registrar-role.cfg | 74 ++++++++++++++++++++++++++++++------- 1 file changed, 61 insertions(+), 13 deletions(-) diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg index 6144bd6..913ad8c 100644 --- a/kamailio/registrar-role.cfg +++ b/kamailio/registrar-role.cfg @@ -110,6 +110,27 @@ modparam("nathelper", "natping_processes", 0) #!endif #!endif +## stats ## +modparam("statistics","variable", "registrar:force_failover") +modparam("statistics","variable", "registrar:cached") +modparam("statistics","variable", "registrar:ip_realm") +modparam("statistics","variable", "registrar:new_tran") +modparam("statistics","variable", "registrar:amqp_not_available") +modparam("statistics","variable", "registrar:challenge") +modparam("statistics","variable", "registrar:amqp_async_error") +modparam("statistics","variable", "registrar:amqp_returned") +modparam("statistics","variable", "registrar:amqp_timeout") +modparam("statistics","variable", "registrar:drops") +modparam("statistics","variable", "registrar:authn_err") +modparam("statistics","variable", "registrar:authn_resp") +modparam("statistics","variable", "registrar:authn_unknown") +modparam("statistics","variable", "registrar:save_error") +modparam("statistics","variable", "registrar:missing_expires") +modparam("statistics","variable", "registrar:missing_expires_allowed") +modparam("statistics","variable", "registrar:min_expires") +modparam("statistics","variable", "registrar:min_expires_allowed") + + ##### registrar realtime params ##### kazoo.registrar_error_min_expires = REGISTRAR_ERROR_MIN_EXPIRES descr "send error when UAS sends expires < min-expires" kazoo.registrar_error_missing_expires = REGISTRAR_ERROR_MISSING_EXPIRES descr "send error when UAS do not send expires header" @@ -159,47 +180,58 @@ route[HANDLE_REGISTER] route(PUSHER_ATTEMPT_REGISTRATION); #!endif + if($sel(cfg_get.kazoo.registrar_failover) == 1) { + xlog("L_INFO", "$ci|log|register|forcing failover\n"); + update_stat("registrar:force_failover", "+1"); + drop; + } + if($sel(cfg_get.kazoo.registrar_force_query) == 0) { - $xavp(regcfg=>match_received) = $su; - if($sht(auth_cache=>$Au) != $null - && registered("location", "$rz:$Au", 2, 1) == 1 - && $(xavp(ulattrs=>custom_channel_vars){s.len}) > 1) - && $sel(cfg_get.kazoo.registrar_failover) == 0 { - $var(password) = $sht(auth_cache=>$Au); - route(SAVE_LOCATION); - exit; + if($sht(auth_cache=>$Au) == "authn_err") { + xlog("L_WARNING", "$ci|end|issuing auth challenge to cached failed registration attempt for $Au from IP $si:$sp\n"); + update_stat("registrar:challenge", "+1"); + auth_challenge("$fd", "5"); + } else if($sht(auth_cache=>$Au) != $null) { + $xavp(regcfg=>match_received) = $su; + if(registered("location", "$rz:$Au", 2, 1) == 1) { + if($(xavp(ulattrs=>custom_channel_vars){s.len}) > 1) { + $var(password) = $sht(auth_cache=>$Au); + update_stat("registrar:cached", "+1"); + route(SAVE_LOCATION); + exit; + } + } } } if($td =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}" || $fd =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}") { xlog("L_INFO", "$ci|log|register|invalid domain\n"); + update_stat("registrar:ip_realm", "+1"); drop; } if (!t_newtran()) { xlog("L_ERROR", "$ci|log|failed to create transaction to query for authentication credentials for $Au $si:$sp\n"); + update_stat("registrar:new_tran", "+1"); drop; } if($sel(cfg_get.kazoo.registrar_check_amqp_availability) == 1) { if($xavp(amqpc=>default::MY_AMQP_ZONE) == 0) { xlog("L_WARNING", "$ci|end|register|no amqp connection available for default worker in zone MY_AMQP_ZONE\n"); + update_stat("registrar:amqp_not_available", "+1"); t_drop(); } } - if($sel(cfg_get.kazoo.registrar_failover) == 1) { - xlog("L_INFO", "$ci|log|register|forcing failover\n"); - t_drop(); - } - route(REGISTRAR_BOUNDS); $var(auth) = pv_auth_check("$fd", "$uuid(g)", "0", "0"); if($var(auth) != -2) { xlog("L_INFO", "$ci|end|challenging $Au $si:$sp\n"); $var(auth) = auth_challenge("$fd", "21"); + update_stat("registrar:challenge", "+1"); if($var(auth) != 1) { xlog("L_ERROR", "$ci|register|error creating or sending challenge to registration attempt for $fu from $si:$sp\n"); t_drop(); @@ -219,6 +251,7 @@ route[HANDLE_REGISTER] xlog("L_DEBUG", "$ci|amqp|publishing to $def(REGISTRAR_AMQP_EXCHANGE) => $var(amqp_routing_key) : $def(REGISTRAR_AMQP_FLAGS) : $var(amqp_payload_request)\n"); if(kazoo_async_query("$def(REGISTRAR_AMQP_EXCHANGE)", $var(amqp_routing_key), $var(amqp_payload_request), "KZ_AUTHORIZATION_REPLY", "KZ_AUTHORIZATION_TIMEOUT", "$def(REGISTRAR_AMQP_FLAGS)") != 1) { xlog("L_INFO", "$ci|log|failed to send registrar query for authentication credentials for $Au $si:$sp\n"); + update_stat("registrar:amqp_async_error", "+1"); t_drop(); } } @@ -227,9 +260,12 @@ failure_route[KZ_AUTHORIZATION_TIMEOUT] { if($(kzR{kz.json,Event-Name}) == "message_returned" ) { xlog("L_WARNING", "$ci|amqp|message was returned by broker $(kzR{kz.json,Error-Code}) $(kzR{kz.json,Error-Reason})\n"); + update_stat("registrar:amqp_returned", "+1"); } else { xlog("L_WARNING", "$ci|end|failed $T_reply_code $T_reply_reason [$T(id_index):$T(id_label)] querying directory for authentication credentials for $Au $si:$sp\n"); + update_stat("registrar:amqp_timeout", "+1"); } + update_stat("registrar:drops", "+1"); t_drop(); } @@ -242,16 +278,22 @@ onreply_route[KZ_AUTHORIZATION_REPLY] $var(password) = $(kzR{kz.json,Auth-Password}); $var(nonce) = $adn; if( $(kzR{kz.json,Event-Name}) == "authn_err" ) { + $sht(auth_cache=>$Au) = "authn_err"; + update_stat("registrar:authn_err", "+1"); #!ifdef ANTIFLOOD_ROLE route(ANITFLOOD_FAILED_AUTH); #!endif + update_stat("registrar:challenge", "+1"); auth_challenge("$fd", "5"); xlog("L_INFO", "$ci|end|challenging $Au $si:$sp via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n"); exit; } else if( $(kzR{kz.json,Event-Name}) == "authn_resp" ) { + update_stat("registrar:authn_resp", "+1"); xlog("L_INFO", "$ci|log|authenticating $Au via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n"); route(CHECK_AUTHORIZATION); } else { + update_stat("registrar:authn_unknown", "+1"); + update_stat("registrar:drops", "+1"); xlog("L_INFO", "$ci|log|unhandle response from directory $Au via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version})\n"); t_drop(); } @@ -268,6 +310,7 @@ route[CHECK_AUTHORIZATION] #!endif xlog("L_WARNING", "$ci|end|issuing auth challenge to failed registration attempt for $Au from IP $si:$sp\n"); + update_stat("registrar:challenge", "+1"); auth_challenge("$fd", "5"); exit; } @@ -299,6 +342,7 @@ route[SAVE_LOCATION] $var(save_result) = save("location", "0x04"); if($var(save_result) < 0) { xlog("L_WARNING", "$ci|end|not expected result $var(save_result) when saving $Au registration from IP $si:$sp\n"); + update_stat("registrar:save_error", "+1"); exit; } else { if($var(save_result) == 1) { @@ -440,8 +484,10 @@ route[REGISTRAR_BOUNDS] if($sel(cfg_get.kazoo.registrar_error_missing_expires) == 1) { xlog("L_WARNING", "$ci|end|missing expires registering $Au from IP $si:$sp\n"); send_reply("400", "Missing Expires"); + update_stat("registrar:missing_expires", "+1"); exit; } else { + update_stat("registrar:missing_expires_allowed", "+1"); xlog("L_WARNING", "$ci|end|allowing missing expires registering $Au from IP $si:$sp\n"); } } @@ -452,8 +498,10 @@ route[REGISTRAR_BOUNDS] xlog("L_WARNING", "$ci|end|expires $var(expires) too brief (configured $def(REGISTRAR_MIN_EXPIRES)) registering $Au from IP $si:$sp\n"); append_to_reply("Min-Expires: $def(REGISTRAR_MIN_EXPIRES)\r\n"); send_reply("423", "Interval Too Brief"); + update_stat("registrar:min_expires", "+1"); exit; } else { + update_stat("registrar:min_expires_allowed", "+1"); xlog("L_WARNING", "$ci|end|allowing expires $var(expires) too brief (configured $def(REGISTRAR_MIN_EXPIRES)) registering $Au from IP $si:$sp\n"); } }