ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

registrar stats & cache authn_err

4.3
lazedo 7 years ago
committed by Luis Azedo
parent
a8899cd1fc
commit
7b434329dc
1 changed files with 61 additions and 13 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +61
    -13
      kamailio/registrar-role.cfg

+ 61
- 13
kamailio/registrar-role.cfg View File

@ -110,6 +110,27 @@ modparam("nathelper", "natping_processes", 0)
#!endif #!endif
#!endif #!endif
## stats ##
modparam("statistics","variable", "registrar:force_failover")
modparam("statistics","variable", "registrar:cached")
modparam("statistics","variable", "registrar:ip_realm")
modparam("statistics","variable", "registrar:new_tran")
modparam("statistics","variable", "registrar:amqp_not_available")
modparam("statistics","variable", "registrar:challenge")
modparam("statistics","variable", "registrar:amqp_async_error")
modparam("statistics","variable", "registrar:amqp_returned")
modparam("statistics","variable", "registrar:amqp_timeout")
modparam("statistics","variable", "registrar:drops")
modparam("statistics","variable", "registrar:authn_err")
modparam("statistics","variable", "registrar:authn_resp")
modparam("statistics","variable", "registrar:authn_unknown")
modparam("statistics","variable", "registrar:save_error")
modparam("statistics","variable", "registrar:missing_expires")
modparam("statistics","variable", "registrar:missing_expires_allowed")
modparam("statistics","variable", "registrar:min_expires")
modparam("statistics","variable", "registrar:min_expires_allowed")
##### registrar realtime params ##### ##### registrar realtime params #####
kazoo.registrar_error_min_expires = REGISTRAR_ERROR_MIN_EXPIRES descr "send error when UAS sends expires < min-expires" kazoo.registrar_error_min_expires = REGISTRAR_ERROR_MIN_EXPIRES descr "send error when UAS sends expires < min-expires"
kazoo.registrar_error_missing_expires = REGISTRAR_ERROR_MISSING_EXPIRES descr "send error when UAS do not send expires header" kazoo.registrar_error_missing_expires = REGISTRAR_ERROR_MISSING_EXPIRES descr "send error when UAS do not send expires header"
@ -159,47 +180,58 @@ route[HANDLE_REGISTER]
route(PUSHER_ATTEMPT_REGISTRATION); route(PUSHER_ATTEMPT_REGISTRATION);
#!endif #!endif
if($sel(cfg_get.kazoo.registrar_failover) == 1) {
xlog("L_INFO", "$ci|log|register|forcing failover\n");
update_stat("registrar:force_failover", "+1");
drop;
}
if($sel(cfg_get.kazoo.registrar_force_query) == 0) { if($sel(cfg_get.kazoo.registrar_force_query) == 0) {
$xavp(regcfg=>match_received) = $su;
if($sht(auth_cache=>$Au) != $null
&& registered("location", "$rz:$Au", 2, 1) == 1
&& $(xavp(ulattrs=>custom_channel_vars){s.len}) > 1)
&& $sel(cfg_get.kazoo.registrar_failover) == 0 {
$var(password) = $sht(auth_cache=>$Au);
route(SAVE_LOCATION);
exit;
if($sht(auth_cache=>$Au) == "authn_err") {
xlog("L_WARNING", "$ci|end|issuing auth challenge to cached failed registration attempt for $Au from IP $si:$sp\n");
update_stat("registrar:challenge", "+1");
auth_challenge("$fd", "5");
} else if($sht(auth_cache=>$Au) != $null) {
$xavp(regcfg=>match_received) = $su;
if(registered("location", "$rz:$Au", 2, 1) == 1) {
if($(xavp(ulattrs=>custom_channel_vars){s.len}) > 1) {
$var(password) = $sht(auth_cache=>$Au);
update_stat("registrar:cached", "+1");
route(SAVE_LOCATION);
exit;
}
}
} }
} }
if($td =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}" || if($td =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}" ||
$fd =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}") { $fd =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}") {
xlog("L_INFO", "$ci|log|register|invalid domain\n"); xlog("L_INFO", "$ci|log|register|invalid domain\n");
update_stat("registrar:ip_realm", "+1");
drop; drop;
} }
if (!t_newtran()) { if (!t_newtran()) {
xlog("L_ERROR", "$ci|log|failed to create transaction to query for authentication credentials for $Au $si:$sp\n"); xlog("L_ERROR", "$ci|log|failed to create transaction to query for authentication credentials for $Au $si:$sp\n");
update_stat("registrar:new_tran", "+1");
drop; drop;
} }
if($sel(cfg_get.kazoo.registrar_check_amqp_availability) == 1) { if($sel(cfg_get.kazoo.registrar_check_amqp_availability) == 1) {
if($xavp(amqpc=>default::MY_AMQP_ZONE) == 0) { if($xavp(amqpc=>default::MY_AMQP_ZONE) == 0) {
xlog("L_WARNING", "$ci|end|register|no amqp connection available for default worker in zone MY_AMQP_ZONE\n"); xlog("L_WARNING", "$ci|end|register|no amqp connection available for default worker in zone MY_AMQP_ZONE\n");
update_stat("registrar:amqp_not_available", "+1");
t_drop(); t_drop();
} }
} }
if($sel(cfg_get.kazoo.registrar_failover) == 1) {
xlog("L_INFO", "$ci|log|register|forcing failover\n");
t_drop();
}
route(REGISTRAR_BOUNDS); route(REGISTRAR_BOUNDS);
$var(auth) = pv_auth_check("$fd", "$uuid(g)", "0", "0"); $var(auth) = pv_auth_check("$fd", "$uuid(g)", "0", "0");
if($var(auth) != -2) { if($var(auth) != -2) {
xlog("L_INFO", "$ci|end|challenging $Au $si:$sp\n"); xlog("L_INFO", "$ci|end|challenging $Au $si:$sp\n");
$var(auth) = auth_challenge("$fd", "21"); $var(auth) = auth_challenge("$fd", "21");
update_stat("registrar:challenge", "+1");
if($var(auth) != 1) { if($var(auth) != 1) {
xlog("L_ERROR", "$ci|register|error creating or sending challenge to registration attempt for $fu from $si:$sp\n"); xlog("L_ERROR", "$ci|register|error creating or sending challenge to registration attempt for $fu from $si:$sp\n");
t_drop(); t_drop();
@ -219,6 +251,7 @@ route[HANDLE_REGISTER]
xlog("L_DEBUG", "$ci|amqp|publishing to $def(REGISTRAR_AMQP_EXCHANGE) => $var(amqp_routing_key) : $def(REGISTRAR_AMQP_FLAGS) : $var(amqp_payload_request)\n"); xlog("L_DEBUG", "$ci|amqp|publishing to $def(REGISTRAR_AMQP_EXCHANGE) => $var(amqp_routing_key) : $def(REGISTRAR_AMQP_FLAGS) : $var(amqp_payload_request)\n");
if(kazoo_async_query("$def(REGISTRAR_AMQP_EXCHANGE)", $var(amqp_routing_key), $var(amqp_payload_request), "KZ_AUTHORIZATION_REPLY", "KZ_AUTHORIZATION_TIMEOUT", "$def(REGISTRAR_AMQP_FLAGS)") != 1) { if(kazoo_async_query("$def(REGISTRAR_AMQP_EXCHANGE)", $var(amqp_routing_key), $var(amqp_payload_request), "KZ_AUTHORIZATION_REPLY", "KZ_AUTHORIZATION_TIMEOUT", "$def(REGISTRAR_AMQP_FLAGS)") != 1) {
xlog("L_INFO", "$ci|log|failed to send registrar query for authentication credentials for $Au $si:$sp\n"); xlog("L_INFO", "$ci|log|failed to send registrar query for authentication credentials for $Au $si:$sp\n");
update_stat("registrar:amqp_async_error", "+1");
t_drop(); t_drop();
} }
} }
@ -227,9 +260,12 @@ failure_route[KZ_AUTHORIZATION_TIMEOUT]
{ {
if($(kzR{kz.json,Event-Name}) == "message_returned" ) { if($(kzR{kz.json,Event-Name}) == "message_returned" ) {
xlog("L_WARNING", "$ci|amqp|message was returned by broker $(kzR{kz.json,Error-Code}) $(kzR{kz.json,Error-Reason})\n"); xlog("L_WARNING", "$ci|amqp|message was returned by broker $(kzR{kz.json,Error-Code}) $(kzR{kz.json,Error-Reason})\n");
update_stat("registrar:amqp_returned", "+1");
} else { } else {
xlog("L_WARNING", "$ci|end|failed $T_reply_code $T_reply_reason [$T(id_index):$T(id_label)] querying directory for authentication credentials for $Au $si:$sp\n"); xlog("L_WARNING", "$ci|end|failed $T_reply_code $T_reply_reason [$T(id_index):$T(id_label)] querying directory for authentication credentials for $Au $si:$sp\n");
update_stat("registrar:amqp_timeout", "+1");
} }
update_stat("registrar:drops", "+1");
t_drop(); t_drop();
} }
@ -242,16 +278,22 @@ onreply_route[KZ_AUTHORIZATION_REPLY]
$var(password) = $(kzR{kz.json,Auth-Password}); $var(password) = $(kzR{kz.json,Auth-Password});
$var(nonce) = $adn; $var(nonce) = $adn;
if( $(kzR{kz.json,Event-Name}) == "authn_err" ) { if( $(kzR{kz.json,Event-Name}) == "authn_err" ) {
$sht(auth_cache=>$Au) = "authn_err";
update_stat("registrar:authn_err", "+1");
#!ifdef ANTIFLOOD_ROLE #!ifdef ANTIFLOOD_ROLE
route(ANITFLOOD_FAILED_AUTH); route(ANITFLOOD_FAILED_AUTH);
#!endif #!endif
update_stat("registrar:challenge", "+1");
auth_challenge("$fd", "5"); auth_challenge("$fd", "5");
xlog("L_INFO", "$ci|end|challenging $Au $si:$sp via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n"); xlog("L_INFO", "$ci|end|challenging $Au $si:$sp via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n");
exit; exit;
} else if( $(kzR{kz.json,Event-Name}) == "authn_resp" ) { } else if( $(kzR{kz.json,Event-Name}) == "authn_resp" ) {
update_stat("registrar:authn_resp", "+1");
xlog("L_INFO", "$ci|log|authenticating $Au via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n"); xlog("L_INFO", "$ci|log|authenticating $Au via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version}) response\n");
route(CHECK_AUTHORIZATION); route(CHECK_AUTHORIZATION);
} else { } else {
update_stat("registrar:authn_unknown", "+1");
update_stat("registrar:drops", "+1");
xlog("L_INFO", "$ci|log|unhandle response from directory $Au via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version})\n"); xlog("L_INFO", "$ci|log|unhandle response from directory $Au via $(kzR{kz.json,App-Name})-$(kzR{kz.json,App-Version})\n");
t_drop(); t_drop();
} }
@ -268,6 +310,7 @@ route[CHECK_AUTHORIZATION]
#!endif #!endif
xlog("L_WARNING", "$ci|end|issuing auth challenge to failed registration attempt for $Au from IP $si:$sp\n"); xlog("L_WARNING", "$ci|end|issuing auth challenge to failed registration attempt for $Au from IP $si:$sp\n");
update_stat("registrar:challenge", "+1");
auth_challenge("$fd", "5"); auth_challenge("$fd", "5");
exit; exit;
} }
@ -299,6 +342,7 @@ route[SAVE_LOCATION]
$var(save_result) = save("location", "0x04"); $var(save_result) = save("location", "0x04");
if($var(save_result) < 0) { if($var(save_result) < 0) {
xlog("L_WARNING", "$ci|end|not expected result $var(save_result) when saving $Au registration from IP $si:$sp\n"); xlog("L_WARNING", "$ci|end|not expected result $var(save_result) when saving $Au registration from IP $si:$sp\n");
update_stat("registrar:save_error", "+1");
exit; exit;
} else { } else {
if($var(save_result) == 1) { if($var(save_result) == 1) {
@ -440,8 +484,10 @@ route[REGISTRAR_BOUNDS]
if($sel(cfg_get.kazoo.registrar_error_missing_expires) == 1) { if($sel(cfg_get.kazoo.registrar_error_missing_expires) == 1) {
xlog("L_WARNING", "$ci|end|missing expires registering $Au from IP $si:$sp\n"); xlog("L_WARNING", "$ci|end|missing expires registering $Au from IP $si:$sp\n");
send_reply("400", "Missing Expires"); send_reply("400", "Missing Expires");
update_stat("registrar:missing_expires", "+1");
exit; exit;
} else { } else {
update_stat("registrar:missing_expires_allowed", "+1");
xlog("L_WARNING", "$ci|end|allowing missing expires registering $Au from IP $si:$sp\n"); xlog("L_WARNING", "$ci|end|allowing missing expires registering $Au from IP $si:$sp\n");
} }
} }
@ -452,8 +498,10 @@ route[REGISTRAR_BOUNDS]
xlog("L_WARNING", "$ci|end|expires $var(expires) too brief (configured $def(REGISTRAR_MIN_EXPIRES)) registering $Au from IP $si:$sp\n"); xlog("L_WARNING", "$ci|end|expires $var(expires) too brief (configured $def(REGISTRAR_MIN_EXPIRES)) registering $Au from IP $si:$sp\n");
append_to_reply("Min-Expires: $def(REGISTRAR_MIN_EXPIRES)\r\n"); append_to_reply("Min-Expires: $def(REGISTRAR_MIN_EXPIRES)\r\n");
send_reply("423", "Interval Too Brief"); send_reply("423", "Interval Too Brief");
update_stat("registrar:min_expires", "+1");
exit; exit;
} else { } else {
update_stat("registrar:min_expires_allowed", "+1");
xlog("L_WARNING", "$ci|end|allowing expires $var(expires) too brief (configured $def(REGISTRAR_MIN_EXPIRES)) registering $Au from IP $si:$sp\n"); xlog("L_WARNING", "$ci|end|allowing expires $var(expires) too brief (configured $def(REGISTRAR_MIN_EXPIRES)) registering $Au from IP $si:$sp\n");
} }
} }


Write Preview
Loading…
Cancel
Save