tm: extended the kemi callbacks after updates to prototype
[sip-router] / modules / tm / t_reply.c
1 /*
2  * Copyright (C) 2001-2003 FhG Fokus
3  *
4  * This file is part of Kamailio, a free SIP server.
5  *
6  * Kamailio is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version
10  *
11  * Kamailio is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
19  *
20  */
21
22 /** Defines:
23  *           TM_ONREPLY_FINAL_DROP_OK - allows dropping the final reply
24  *            from the tm onreply_routes, but comes with a small performance
25  *            hit (extra unlock()/lock() for each final reply when a onreply
26  *            route is set).
27  */
28
29 #ifdef EXTRA_DEBUG
30 #include <assert.h>
31 #endif
32 #include "../../comp_defs.h"
33 #include "../../hash_func.h"
34 #include "../../dprint.h"
35 #include "../../config.h"
36 #include "../../parser/parser_f.h"
37 #include "../../parser/parse_to.h"
38 #include "../../ut.h"
39 #include "../../timer.h"
40 #include "../../error.h"
41 #include "../../action.h"
42 #include "../../script_cb.h"
43 #include "../../dset.h"
44 #include "../../tags.h"
45 #include "../../route.h"
46 #include "../../data_lump.h"
47 #include "../../data_lump_rpl.h"
48 #include "../../usr_avp.h"
49 #ifdef WITH_XAVP
50 #include "../../usr_avp.h"
51 #endif
52 #include "../../atomic_ops.h" /* membar_write() */
53 #include "../../compiler_opt.h"
54 #ifdef USE_DST_BLACKLIST
55 #include "../../dst_blacklist.h"
56 #endif
57 #ifdef USE_DNS_FAILOVER
58 #include "../../dns_cache.h"
59 #include "../../cfg_core.h" /* cfg_get(core, core_cfg, use_dns_failover) */
60 #endif
61
62 #include "defs.h"
63 #include "config.h"
64 #include "h_table.h"
65 #include "t_hooks.h"
66 #include "t_funcs.h"
67 #include "t_reply.h"
68 #include "t_cancel.h"
69 #include "t_msgbuilder.h"
70 #include "t_lookup.h"
71 #include "t_fwd.h"
72 #include "../../fix_lumps.h"
73 #include "../../sr_compat.h"
74 #include "../../receive.h"
75 #include "../../onsend.h"
76 #include "../../kemi.h"
77 #include "t_stats.h"
78 #include "uac.h"
79
80
81 #ifdef NO_TM_ONREPLY_FINAL_DROP_OK
82 #undef TM_ONREPLY_FINAL_DROP_OK
83 #endif
84
85 /* private place where we create to-tags for replies */
86 /* janakj: made public, I need to access this value to store it in dialogs */
87 char tm_tags[TOTAG_VALUE_LEN];
88 /* bogdan: pack tm_tag buffer and len into a str to pass them to
89  * build_res_buf_from_sip_req() */
90 static str  tm_tag = {tm_tags,TOTAG_VALUE_LEN};
91 char *tm_tag_suffix;
92
93 /* where to go if there is no positive reply (>=300) */
94 static int goto_on_failure=0;
95 /* where to go if a failure is returned on a branch */
96 static int goto_on_branch_failure=0;
97 /* where to go on receipt of reply */
98 static int goto_on_reply=0;
99 /* where to go on receipt of reply without transaction context */
100 int goto_on_sl_reply=0;
101
102 /* remap 503 response code to 500 */
103 extern int tm_remap_503_500;
104
105 /* how to deal with winning branch reply selection in failure_route
106  * can be overwritten per transaction with t_drop_replies(...)
107  * Values:
108  * - 0 - all branches are kept (default, and default ser 2.1.x behaviour)
109  * - 1 - all branches are discarded
110  * - 2 - braches of last step of serial forking are discarded
111  * - 3 - all branches are discarded if a new leg of serial forking
112  *       is started (default kamailio 1.5.x behaviour)
113  */
114 int failure_reply_mode = 3;
115
116 /* responses priority (used by t_pick_branch)
117  *  0xx is used only for the initial value (=> should have no chance to be
118  *  selected => the highest value); 1xx is not used */
119 static unsigned short resp_class_prio[]={
120                         32000, /* 0-99, special */
121                         11000, /* 1xx, special, should never be used */
122                                 0,  /* 2xx, high priority (not used, 2xx are immediately
123                                          * forwarded and t_pick_branch will never be called if
124                                          * a 2xx was received) */
125                         3000,  /* 3xx */
126                         4000,  /* 4xx */
127                         5000,  /* 5xx */
128                         1000   /* 6xx, highest priority */
129 };
130
131 /* How to prioritize faked replies
132  * The value will be added to the default prio
133  * - 0 disabled
134  * - < 0 increase prio
135  * - > 0 decrease prio
136  */
137 int faked_reply_prio = 0;
138
139
140 int t_get_reply_totag(struct sip_msg *msg, str *totag)
141 {
142         if(msg==NULL || totag==NULL) {
143                 return -1;
144         }
145
146         calc_crc_suffix(msg, tm_tag_suffix);
147         *totag = tm_tag;
148
149         return 1;
150 }
151
152 static int picked_branch = -1;
153
154 /*! \brief returns the picked branch */
155 int t_get_picked_branch(void)
156 {
157         return picked_branch;
158 }
159
160
161
162
163 /* we store the reply_route # in private memory which is
164  * then processed during t_relay; we cannot set this value
165  * before t_relay creates transaction context or after
166  * t_relay when a reply may arrive after we set this
167  * value; that's why we do it how we do it, i.e.,
168  * *inside*  t_relay using hints stored in private memory
169  * before t_relay is called
170 */
171
172
173 void t_on_failure( unsigned int go_to )
174 {
175         struct cell *t = get_t();
176
177         /* in REPLY_ROUTE and FAILURE_ROUTE T will be set to current transaction;
178          * in REQUEST_ROUTE T will be set only if the transaction was already
179          * created; if not -> use the static variable */
180         if (!t || t==T_UNDEFINED )
181                 goto_on_failure=go_to;
182         else
183                 t->on_failure = go_to;
184 }
185
186
187 void t_on_branch_failure( unsigned int go_to )
188 {
189         struct cell *t = get_t();
190
191         /* in REPLY_ROUTE and FAILURE_ROUTE T will be set to current transaction;
192          * in REQUEST_ROUTE T will be set only if the transaction was already
193          * created; if not -> use the static variable */
194         if (!t || t==T_UNDEFINED )
195                 goto_on_branch_failure=go_to;
196         else
197                 t->on_branch_failure = go_to;
198 }
199
200
201 void t_on_reply( unsigned int go_to )
202 {
203         struct cell *t = get_t();
204
205         /* in REPLY_ROUTE and FAILURE_ROUTE T will be set to current transaction;
206          * in REQUEST_ROUTE T will be set only if the transaction was already
207          * created; if not -> use the static variable */
208         if (!t || t==T_UNDEFINED )
209                 goto_on_reply=go_to;
210         else
211                 t->on_reply = go_to;
212 }
213
214
215 unsigned int get_on_failure()
216 {
217         return goto_on_failure;
218 }
219
220 unsigned int get_on_branch_failure()
221 {
222         return goto_on_branch_failure;
223 }
224
225 unsigned int get_on_reply()
226 {
227         return goto_on_reply;
228 }
229
230 void tm_init_tags()
231 {
232         init_tags(tm_tags, &tm_tag_suffix,
233                 "SER-TM/tags", TM_TAG_SEPARATOR );
234 }
235
236 /* returns 0 if the message was previously acknowledged
237  * (i.e., no E2EACK callback is needed) and one if the
238  * callback shall be executed */
239 int unmatched_totag(struct cell *t, struct sip_msg *ack)
240 {
241         struct totag_elem *i;
242         str *tag;
243
244         if (parse_headers(ack, HDR_TO_F,0)==-1 ||
245                                 !ack->to ) {
246                 LM_ERR("To header is invalid\n");
247                 return 1;
248         }
249         tag=&get_to(ack)->tag_value;
250         i=t->fwded_totags;
251         while(i){
252                 membar_depends(); /* make sure we don't see some old i content
253                                                         (needed on CPUs like Alpha) */
254                 if (i->tag.len==tag->len
255                                 && memcmp(i->tag.s, tag->s, tag->len)==0) {
256                         LM_DBG("totag for e2e ACK found: %d\n", i->acked);
257                         /* mark totag as acked and return 1 if this was the first ack
258                          * and 0 otherwise */
259                         return (atomic_get_and_set_int(&i->acked, 1)==0);
260                 }
261                 i=i->next;
262         }
263         /* surprising: to-tag never sighted before */
264         return 1;
265 }
266
267 static inline void update_local_tags(struct cell *trans,
268                                 struct bookmark *bm, char *dst_buffer,
269                                 char *src_buffer /* to which bm refers */)
270 {
271         if (bm->to_tag_val.s) {
272                 trans->uas.local_totag.s=bm->to_tag_val.s-src_buffer+dst_buffer;
273                 trans->uas.local_totag.len=bm->to_tag_val.len;
274         }
275 }
276
277
278 /* append a newly received tag from a 200/INVITE to
279  * transaction's set; (only safe if called from within
280  * a REPLY_LOCK); it returns 1 if such a to tag already
281  * exists
282  */
283 inline static int update_totag_set(struct cell *t, struct sip_msg *ok)
284 {
285         struct totag_elem *i, *n;
286         str *tag;
287         char *s;
288
289         if (!ok->to || !ok->to->parsed) {
290                 LM_ERR("to header not parsed\n");
291                 return 0;
292         }
293         tag=&get_to(ok)->tag_value;
294         if (!tag->s) {
295                 LM_DBG("no tag in to header\n");
296                 return 0;
297         }
298
299         for (i=t->fwded_totags; i; i=i->next) {
300                 if (i->tag.len==tag->len
301                                 && memcmp(i->tag.s, tag->s, tag->len) ==0 ){
302                         /* to tag already recorded */
303                         LM_DBG("to-tag retransmission\n");
304                         return 1;
305                 }
306         }
307         /* that's a new to-tag -- record it */
308         shm_lock();
309         n=(struct totag_elem*) shm_malloc_unsafe(sizeof(struct totag_elem));
310         s=(char *)shm_malloc_unsafe(tag->len);
311         shm_unlock();
312         if (!s || !n) {
313                 LM_ERR("no more shm memory \n");
314                 if (n) shm_free(n);
315                 if (s) shm_free(s);
316                 return 0;
317         }
318         memset(n, 0, sizeof(struct totag_elem));
319         memcpy(s, tag->s, tag->len );
320         n->tag.s=s;n->tag.len=tag->len;
321         n->next=t->fwded_totags;
322         membar_write(); /* make sure all the changes to n are visible on all cpus
323                                          * before we update t->fwded_totags. This is needed for
324                                          * three reasons: the compiler might reorder some of the
325                                          * writes, the cpu/cache could also reorder them with
326                                          * respect to the visibility on other cpus
327                                          * (e.g. some of the changes to n could be visible on
328                                          * another cpu _after_ seeing t->fwded_totags=n) and
329                                          * the "readers" (unmatched_tags()) do not use locks and
330                                          * can be called simultaneously on another cpu.*/
331         t->fwded_totags=n;
332         LM_DBG("new totag \n");
333         return 0;
334 }
335
336
337 /*
338  * Build an ACK to a negative reply
339  */
340 static char *build_ack(struct sip_msg* rpl,struct cell *trans,int branch,
341         unsigned int *ret_len)
342 {
343         str to;
344
345         if (parse_headers(rpl,HDR_TO_F, 0)==-1 || !rpl->to ) {
346                 LM_ERR("cannot generate a HBH ACK if key HFs in reply missing\n");
347                 return NULL;
348         }
349         to.s=rpl->to->name.s;
350         to.len=rpl->to->len;
351
352         if (cfg_get(tm, tm_cfg, reparse_invite)) {
353                 /* build the ACK from the INVITE which was sent out */
354                 return build_local_reparse( trans, branch, ret_len,
355                                         ACK, ACK_LEN, &to
356         #ifdef CANCEL_REASON_SUPPORT
357                                         , 0
358         #endif /* CANCEL_REASON_SUPPORT */
359                                         );
360         } else {
361                 /* build the ACK from the reveived INVITE */
362                 return build_local( trans, branch, ret_len,
363                                         ACK, ACK_LEN, &to
364         #ifdef CANCEL_REASON_SUPPORT
365                                         , 0
366         #endif /* CANCEL_REASON_SUPPORT */
367                                         );
368         }
369 }
370
371
372 /*
373  * The function builds an ACK to 200 OK of local transactions, honoring the
374  * route set.
375  * The destination to which the message should be sent will be returned
376  * in the dst parameter.
377  * returns 0 on error and a pkg_malloc'ed buffer with length in ret_len
378  *  and intended destination in dst on success.
379  */
380 static char *build_local_ack(struct sip_msg* rpl, struct cell *trans,
381                                                                 int branch, unsigned int *ret_len,
382                                                                 struct dest_info*  dst)
383 {
384 #ifdef WITH_AS_SUPPORT
385         struct retr_buf *local_ack, *old_lack;
386
387         /* do we have the ACK cache, previously build? */
388         if ((local_ack = trans->uac[0].local_ack) && local_ack->buffer_len) {
389                 LM_DBG("reusing ACK retr. buffer.\n");
390                 *ret_len = local_ack->buffer_len;
391                 *dst = local_ack->dst;
392                 return local_ack->buffer;
393         }
394
395         /* the ACK will be built (and cached) by the AS (ack_local_uac()) */
396         if (trans->flags & T_NO_AUTO_ACK)
397                 return NULL;
398
399         if (! (local_ack = local_ack_rb(rpl, trans, branch, /*hdrs*/NULL,
400                         /*body*/NULL))) {
401                 LM_ERR("failed to build local ACK retransmission buffer (T@%p).\n",
402                                 trans);
403                 return NULL;
404         }
405
406         /* set the new buffer, but only if not already set (concurrent 2xx) */
407         /* a memory write barrier is needed to make sure the local_ack
408          * content is fully written, before we try to add it to the transaction
409          * -- andrei */
410         membar_write_atomic_op();
411         if ((old_lack = (struct retr_buf *)atomic_cmpxchg_long(
412                         (void *)&trans->uac[0].local_ack, 0, (long)local_ack))) {
413                 /* buffer already set: trash current and use the winning one */
414                 LM_INFO("concurrent 2xx to local INVITE detected (T@%p).\n", trans);
415                 free_local_ack(local_ack);
416                 local_ack = old_lack;
417         }
418
419         *ret_len = local_ack->buffer_len;
420         *dst = local_ack->dst;
421         return local_ack->buffer;
422 #else /* ! WITH_AS_SUPPORT */
423         return build_dlg_ack(rpl, trans, branch, /*hdrs*/NULL, /*body*/NULL,
424                         ret_len, dst);
425 #endif /* WITH_AS_SUPPORT */
426 }
427
428
429 inline static void start_final_repl_retr( struct cell *t )
430 {
431         if (unlikely(!is_local(t) && t->uas.request->REQ_METHOD==METHOD_INVITE )){
432                 /* crank timers for negative replies */
433                 if (t->uas.status>=300) {
434                         if (start_retr(&t->uas.response)!=0)
435                                 LM_CRIT("BUG: start retr failed for %p\n", &t->uas.response);
436                         return;
437                 }
438                 /* local UAS retransmits too */
439                 if (t->relayed_reply_branch==-2 && t->uas.status>=200) {
440                         /* we retransmit 200/INVs regardless of transport --
441                          * even if TCP used, UDP could be used upstream and
442                          * loose the 200, which is not retransmitted by proxies
443                         */
444                         if (force_retr( &t->uas.response )!=0)
445                                 LM_CRIT("BUG: force retr failed for %p\n", &t->uas.response);
446                         return;
447                 }
448         }
449 }
450
451
452
453 static int _reply_light( struct cell *trans, char* buf, unsigned int len,
454                                 unsigned int code,
455                                 char *to_tag, unsigned int to_tag_len, int lock,
456                                 struct bookmark *bm     )
457 {
458         struct retr_buf *rb;
459         unsigned int buf_len;
460         struct cancel_info cancel_data;
461         struct tmcb_params onsend_params;
462         int rt, backup_rt;
463         struct run_act_ctx ctx;
464         struct sip_msg pmsg;
465
466         init_cancel_info(&cancel_data);
467         if (!buf)
468         {
469                 LM_ERR("response building failed\n");
470                 /* determine if there are some branches to be canceled */
471                 if ( is_invite(trans) ) {
472                         prepare_to_cancel(trans, &cancel_data.cancel_bitmap, 0);
473                 }
474                 /* and clean-up, including cancellations, if needed */
475                 goto error;
476         }
477
478         if (lock) LOCK_REPLIES( trans );
479         if (trans->uas.status>=200) {
480                 LM_ERR("can't generate %d reply when a final %d was sent out\n",
481                                 code, trans->uas.status);
482                 goto error2;
483         }
484
485         rb = & trans->uas.response;
486         rb->activ_type=code;
487
488         trans->uas.status = code;
489         buf_len = rb->buffer ? len : len + REPLY_OVERBUFFER_LEN;
490         rb->buffer = (char*)shm_resize( rb->buffer, buf_len );
491         /* puts the reply's buffer to uas.response */
492         if (! rb->buffer ) {
493                         LM_ERR("cannot allocate shmem buffer\n");
494                         goto error3;
495         }
496         update_local_tags(trans, bm, rb->buffer, buf);
497
498         rb->buffer_len = len ;
499         memcpy( rb->buffer , buf , len );
500         /* needs to be protected too because what timers are set depends
501          * on current transactions status */
502         /* t_update_timers_after_sending_reply( rb ); */
503         update_reply_stats( code );
504         trans->relayed_reply_branch=-2;
505         t_stats_rpl_generated();
506         t_stats_rpl_sent();
507         if (lock) UNLOCK_REPLIES( trans );
508
509         /* do UAC cleanup procedures in case we generated
510          * a final answer whereas there are pending UACs */
511         if (code>=200) {
512                 if (unlikely(is_local(trans))) {
513                         if(unlikely(has_tran_tmcbs(trans, TMCB_LOCAL_COMPLETED)))
514                                 run_trans_callbacks(TMCB_LOCAL_COMPLETED, trans,
515                                                                         0, FAKED_REPLY, code);
516                 } else {
517                         if(unlikely(has_tran_tmcbs(trans, TMCB_RESPONSE_READY))) {
518                                 run_trans_callbacks_with_buf(TMCB_RESPONSE_READY, rb,
519                                         trans->uas.request, FAKED_REPLY, code);
520                         }
521                 }
522                 cleanup_uac_timers( trans );
523                 if (is_invite(trans)){
524                         prepare_to_cancel(trans, &cancel_data.cancel_bitmap, 0);
525 #ifdef CANCEL_REASON_SUPPORT
526                         cancel_data.reason.cause=code;
527 #endif /* CANCEL_REASON_SUPPORT */
528                         cancel_uacs( trans, &cancel_data, F_CANCEL_B_KILL );
529                 }
530                 start_final_repl_retr(  trans );
531         }
532
533         if (code==100) {
534                 if(unlikely(has_tran_tmcbs(trans, TMCB_REQUEST_PENDING)))
535                         run_trans_callbacks_with_buf(TMCB_REQUEST_PENDING, rb,
536                                         trans->uas.request, FAKED_REPLY, code);
537         }
538
539         /* send it out */
540         /* first check if we managed to resolve topmost Via
541          * -- if not yet, don't try to retransmit
542         */
543         /*
544          * response.dst.send_sock might be unset if the process that created
545          * the original transaction has not finished initialising the
546          * retransmission buffer (see t_newtran/ init_rb).
547          * If reply_to_via is set and via contains a host name (and not an ip)
548          * the chances for this increase a lot.
549          */
550         if (unlikely(!trans->uas.response.dst.send_sock)) {
551                 LM_ERR("no resolved dst to send reply to\n");
552         } else {
553                 if (likely(SEND_PR_BUFFER( rb, buf, len )>=0)){
554                         if (unlikely(code>=200 && !is_local(trans) &&
555                                                 has_tran_tmcbs(trans, TMCB_RESPONSE_OUT)) ){
556                                 INIT_TMCB_ONSEND_PARAMS(onsend_params, trans->uas.request,
557                                                                 FAKED_REPLY, rb, &rb->dst,
558                                                                 buf, len, TMCB_LOCAL_F, rb->branch, code);
559                                 run_trans_callbacks_off_params(TMCB_RESPONSE_OUT, trans,
560                                                 &onsend_params);
561                         }
562                         if (unlikely(has_tran_tmcbs(trans, TMCB_RESPONSE_SENT))){
563                                 INIT_TMCB_ONSEND_PARAMS(onsend_params, trans->uas.request,
564                                                                 FAKED_REPLY, rb, &rb->dst,
565                                                                 buf, len, TMCB_LOCAL_F, rb->branch, code);
566                                 run_trans_callbacks_off_params(TMCB_RESPONSE_SENT, trans,
567                                                 &onsend_params);
568                         }
569
570                         rt = route_lookup(&event_rt, "tm:local-response");
571                         if (unlikely(rt >= 0 && event_rt.rlist[rt] != NULL))
572                         {
573                                 if (likely(build_sip_msg_from_buf(&pmsg, buf, len,
574                                                                 inc_msg_no()) == 0))
575                                 {
576                                         struct onsend_info onsnd_info;
577
578                                         onsnd_info.to=&(trans->uas.response.dst.to);
579                                         onsnd_info.send_sock=trans->uas.response.dst.send_sock;
580                                         onsnd_info.buf=buf;
581                                         onsnd_info.len=len;
582                                         p_onsend=&onsnd_info;
583
584                                         backup_rt = get_route_type();
585                                         set_route_type(LOCAL_ROUTE);
586                                         init_run_actions_ctx(&ctx);
587                                         run_top_route(event_rt.rlist[rt], &pmsg, 0);
588                                         set_route_type(backup_rt);
589                                         p_onsend=0;
590
591                                         free_sip_msg(&pmsg);
592                                 }
593                         }
594
595                 }
596                 LM_DBG("reply sent out. buf=%p: %.20s..., shmem=%p: %.20s\n",
597                         buf, buf, rb->buffer, rb->buffer );
598         }
599         if (code>=200) {
600                 /* start wait timer after finishing with t so that this function can
601                  * be safely called from a fr_timer which allows quick timer dels
602                  * (timer_allow_del()) (there's no chance of having the wait handler
603                  *  executed while we still need t) --andrei */
604                 put_on_wait(trans);
605         }
606         pkg_free( buf ) ;
607         LM_DBG("finished\n");
608         return 1;
609
610 error3:
611         prepare_to_cancel(trans, &cancel_data.cancel_bitmap, 0);
612 error2:
613         if (lock) UNLOCK_REPLIES( trans );
614         pkg_free ( buf );
615 error:
616         /* do UAC cleanup */
617         cleanup_uac_timers( trans );
618         if ( is_invite(trans) && cancel_data.cancel_bitmap )
619                 cancel_uacs( trans, &cancel_data, F_CANCEL_B_KILL);
620         /* we did not succeed -- put the transaction on wait */
621         put_on_wait(trans);
622         return -1;
623 }
624
625
626 /* send a UAS reply
627  * returns 1 if everything was OK or -1 for error
628  */
629 static int _reply( struct cell *trans, struct sip_msg* p_msg,
630         unsigned int code, char * text, int lock )
631 {
632         unsigned int len;
633         char * buf, *dset;
634         struct bookmark bm;
635         int dset_len;
636         str reason;
637
638         if (code>=200) set_kr(REQ_RPLD);
639         /* compute the buffer in private memory prior to entering lock;
640          * create to-tag if needed */
641
642         /* if that is a redirection message, dump current message set to it */
643         if (code>=300 && code<400) {
644                 dset=print_dset(p_msg, &dset_len);
645                 if (dset) {
646                         add_lump_rpl(p_msg, dset, dset_len, LUMP_RPL_HDR);
647                 }
648         }
649
650         reason.s = text;
651         reason.len = strlen(text);
652         if (code>=180 && p_msg->to
653                                 && (get_to(p_msg)->tag_value.s==0
654                                         || get_to(p_msg)->tag_value.len==0)) {
655                 calc_crc_suffix( p_msg, tm_tag_suffix );
656                 buf = build_res_buf_from_sip_req(code, &reason, &tm_tag, p_msg,
657                                 &len, &bm);
658                 return _reply_light( trans, buf, len, code,
659                         tm_tag.s, TOTAG_VALUE_LEN, lock, &bm);
660         } else {
661                 buf = build_res_buf_from_sip_req(code, &reason, 0 /*no to-tag*/,
662                         p_msg, &len, &bm);
663                 return _reply_light(trans,buf,len,code,
664                         0, 0, /* no to-tag */lock, &bm);
665         }
666 }
667
668 /** create or restore a "fake environment" for running a failure_route,
669  * OR an "async environment" depending on is_async_value (0=std failure-faked, 1=async)
670  * if msg is set -> it will fake the env. vars conforming with the msg; if NULL
671  * the env. will be restore to original.
672  * Side-effect: mark_ruri_consumed() for faked env only.
673  */
674 void faked_env(struct cell *t, struct sip_msg *msg, int is_async_env) {
675         static int backup_route_type;
676         static struct cell *backup_t;
677         static int backup_branch;
678         static unsigned int backup_msgid;
679         static avp_list_t* backup_user_from, *backup_user_to;
680         static avp_list_t* backup_domain_from, *backup_domain_to;
681         static avp_list_t* backup_uri_from, *backup_uri_to;
682 #ifdef WITH_XAVP
683         static sr_xavp_t **backup_xavps;
684 #endif
685         static struct socket_info* backup_si;
686
687         static struct lump *backup_add_rm;
688         static struct lump *backup_body_lumps;
689         static struct lump_rpl *backup_reply_lump;
690
691
692         if (msg) {
693                 /* remember we are back in request processing, but process
694                  * a shmem-ed replica of the request; advertise it in route type;
695                  * for example t_reply needs to know that
696                  */
697                 backup_route_type = get_route_type();
698
699                 if (is_async_env) {
700                         set_route_type(t->async_backup.backup_route);
701                         if (t->async_backup.ruri_new) {
702                                 ruri_mark_new();
703                         }
704                 } else {
705                         set_route_type(FAILURE_ROUTE);
706                         /* don't bother backing up ruri state, since failure route
707                          * is called either on reply or on timer and in both cases
708                          * the ruri should not be used again for forking */
709                         ruri_mark_consumed();  /* in failure route we assume ruri
710                                                                         * should not be used again for forking */
711                 }
712                 /* also, tm actions look in beginning whether transaction is
713                  * set -- whether we are called from a reply-processing
714                  * or a timer process, we need to set current transaction;
715                  * otherwise the actions would attempt to look the transaction
716                  * up (unnecessary overhead, refcounting)
717                  */
718
719                 /* backup */
720                 backup_t = get_t();
721                 backup_branch = get_t_branch();
722                 backup_msgid = global_msg_id;
723                 /* fake transaction and message id */
724                 global_msg_id = msg->id;
725
726                 if (is_async_env) {
727                         set_t(t, t->async_backup.backup_branch);
728                 } else {
729                         set_t(t, T_BR_UNDEFINED);
730                 }
731
732                 /* make available the avp list from transaction */
733                 backup_uri_from = set_avp_list(AVP_TRACK_FROM | AVP_CLASS_URI,
734                                 &t->uri_avps_from);
735                 backup_uri_to = set_avp_list(AVP_TRACK_TO | AVP_CLASS_URI,
736                                 &t->uri_avps_to);
737                 backup_user_from = set_avp_list(AVP_TRACK_FROM | AVP_CLASS_USER,
738                                 &t->user_avps_from);
739                 backup_user_to = set_avp_list(AVP_TRACK_TO | AVP_CLASS_USER,
740                                 &t->user_avps_to);
741                 backup_domain_from = set_avp_list(AVP_TRACK_FROM | AVP_CLASS_DOMAIN,
742                                 &t->domain_avps_from);
743                 backup_domain_to = set_avp_list(AVP_TRACK_TO | AVP_CLASS_DOMAIN,
744                                 &t->domain_avps_to);
745 #ifdef WITH_XAVP
746                 backup_xavps = xavp_set_list(&t->xavps_list);
747 #endif
748                 /* set default send address to the saved value */
749                 backup_si = bind_address;
750                 bind_address = t->uac[0].request.dst.send_sock;
751                 /* backup lump lists */
752                 backup_add_rm = t->uas.request->add_rm;
753                 backup_body_lumps = t->uas.request->body_lumps;
754                 backup_reply_lump = t->uas.request->reply_lump;
755         } else {
756                 /* restore original environment */
757                 set_t(backup_t, backup_branch);
758                 global_msg_id = backup_msgid;
759                 set_route_type(backup_route_type);
760                 /* restore original avp list */
761                 set_avp_list(AVP_TRACK_FROM | AVP_CLASS_USER, backup_user_from);
762                 set_avp_list(AVP_TRACK_TO | AVP_CLASS_USER, backup_user_to);
763                 set_avp_list(AVP_TRACK_FROM | AVP_CLASS_DOMAIN, backup_domain_from);
764                 set_avp_list(AVP_TRACK_TO | AVP_CLASS_DOMAIN, backup_domain_to);
765                 set_avp_list(AVP_TRACK_FROM | AVP_CLASS_URI, backup_uri_from);
766                 set_avp_list(AVP_TRACK_TO | AVP_CLASS_URI, backup_uri_to);
767 #ifdef WITH_XAVP
768                 xavp_set_list(backup_xavps);
769 #endif
770                 bind_address = backup_si;
771                 /* restore lump lists */
772                 t->uas.request->add_rm = backup_add_rm;
773                 t->uas.request->body_lumps = backup_body_lumps;
774                 t->uas.request->reply_lump = backup_reply_lump;
775         }
776 }
777
778 /**
779  * helper function to clone back to pkg fields that can change in fake_req
780  */
781 int fake_req_clone_str_helper(str *src, str *dst, char *txt)
782 {
783         /* src string can change -- make a private copy */
784         if (src->s!=0 && src->len!=0) {
785                 dst->s=pkg_malloc(src->len+1);
786                 if (!dst->s) {
787                         LM_ERR("no pkg mem to clone %s back to faked msg\n", txt);
788                         return -1;
789                 }
790                 dst->len=src->len;
791                 memcpy(dst->s, src->s, dst->len);
792                 dst->s[dst->len]=0;
793         }else{
794                 /* in case src->len==0, but src->s!=0 (extra safety) */
795                 dst->s = 0;
796         }
797         return 0;
798 }
799
800 /**
801  * fake a semi-private sip message using transaction's shared memory message
802  */
803 int fake_req(struct sip_msg *faked_req,
804                 struct sip_msg *shmem_msg, int extra_flags, struct ua_client *uac)
805 {
806         /* on_failure_reply faked msg now copied from shmem msg (as opposed
807          * to zero-ing) -- more "read-only" actions (exec in particular) will
808          * work from reply_route as they will see msg->from, etc.; caution,
809          * rw actions may append some pkg stuff to msg, which will possibly be
810          * never released (shmem is released in a single block) */
811         memcpy( faked_req, shmem_msg, sizeof(struct sip_msg));
812
813         /* if we set msg_id to something different from current's message
814          * id, the first t_fork will properly clean new branch URIs */
815         faked_req->id=shmem_msg->id-1;
816         /* msg->parsed_uri_ok must be reset since msg_parsed_uri is
817          * not cloned (and cannot be cloned) */
818         faked_req->parsed_uri_ok = 0;
819
820         faked_req->msg_flags|=extra_flags; /* set the extra tm flags */
821
822         /* path_vec was cloned in shm and can change -- make a private copy */
823         if(fake_req_clone_str_helper(&shmem_msg->path_vec, &faked_req->path_vec,
824                                 "path_vec")<0) {
825                 goto error00;
826         }
827         /* dst_uri was cloned in shm and can change -- make a private copy */
828         if(fake_req_clone_str_helper(&shmem_msg->dst_uri, &faked_req->dst_uri,
829                                 "dst_uri")<0) {
830                 goto error01;
831         }
832         /* new_uri was cloned in shm and can change -- make a private copy */
833         if(fake_req_clone_str_helper(&shmem_msg->new_uri, &faked_req->new_uri,
834                                 "new_uri")<0) {
835                 goto error02;
836         }
837
838         if(uac) setbflagsval(0, uac->branch_flags);
839         else setbflagsval(0, 0);
840
841         return 1;
842
843 error02:
844         if (faked_req->dst_uri.s) {
845                 pkg_free(faked_req->dst_uri.s);
846                 faked_req->dst_uri.s = 0;
847                 faked_req->dst_uri.len = 0;
848         }
849 error01:
850         if (faked_req->path_vec.s) {
851                 pkg_free(faked_req->path_vec.s);
852                 faked_req->path_vec.s = 0;
853                 faked_req->path_vec.len = 0;
854         }
855 error00:
856         return 0;
857 }
858
859 void free_faked_req(struct sip_msg *faked_req, struct cell *t)
860 {
861         struct hdr_field *hdr;
862
863         reset_new_uri(faked_req);
864         reset_dst_uri(faked_req);
865
866         /* free all types of lump that were added in failure handlers */
867         del_nonshm_lump( &(faked_req->add_rm) );
868         del_nonshm_lump( &(faked_req->body_lumps) );
869         del_nonshm_lump_rpl( &(faked_req->reply_lump) );
870
871         /* free header's parsed structures that were added by failure handlers */
872         for( hdr=faked_req->headers ; hdr ; hdr=hdr->next ) {
873                 if ( hdr->parsed && hdr_allocs_parse(hdr) &&
874                 (hdr->parsed<(void*)t->uas.request ||
875                 hdr->parsed>=(void*)t->uas.end_request)) {
876                         /* header parsed filed doesn't point inside uas.request memory
877                          * chunck -> it was added by failure funcs.-> free it as pkg */
878                         LM_DBG("removing hdr->parsed %d\n",
879                                         hdr->type);
880                         clean_hdr_field(hdr);
881                         hdr->parsed = 0;
882                 }
883         }
884         /* free parsed body added by failure handlers */
885         if (faked_req->body) {
886                 if(faked_req->body->free)
887                         faked_req->body->free(&faked_req->body);
888                 faked_req->body = 0;
889         }
890
891         /* free sip_msg_t fileds that can be set in pkg */
892         reset_path_vector(faked_req);
893         reset_instance(faked_req);
894         reset_ruid(faked_req);
895         reset_ua(faked_req);
896         msg_ldata_reset(faked_req);
897 }
898
899
900 /* return 1 if a failure_route processes */
901 int run_failure_handlers(struct cell *t, struct sip_msg *rpl,
902                                         int code, int extra_flags)
903 {
904         static struct sip_msg faked_req;
905         struct sip_msg *shmem_msg = t->uas.request;
906         int on_failure;
907         sr_kemi_eng_t *keng = NULL;
908
909         on_failure = t->uac[picked_branch].on_failure;
910
911         /* failure_route for a local UAC? */
912         if (!shmem_msg) {
913                 LM_WARN("no UAC support (%d, %d) \n", on_failure, t->tmcb_hl.reg_types);
914                 return 0;
915         }
916
917         /* don't start faking anything if we don't have to */
918         if (unlikely(!on_failure && !has_tran_tmcbs( t, TMCB_ON_FAILURE))) {
919                 LM_WARN("no failure handler (%d, %d)\n", on_failure,
920                                 t->tmcb_hl.reg_types);
921                 return 1;
922         }
923
924         if (!fake_req(&faked_req, shmem_msg, extra_flags, &t->uac[picked_branch])) {
925                 LM_ERR("fake_req failed\n");
926                 return 0;
927         }
928         /* fake also the env. conforming to the fake msg */
929         faked_env( t, &faked_req, 0);
930         /* DONE with faking ;-) -> run the failure handlers */
931
932         if (unlikely(has_tran_tmcbs( t, TMCB_ON_FAILURE)) ) {
933                 run_trans_callbacks( TMCB_ON_FAILURE, t, &faked_req, rpl, code);
934         }
935         if (on_failure) {
936                 /* avoid recursion -- if failure_route forwards, and does not
937                  * set next failure route, failure_route will not be reentered
938                  * on failure */
939                 t->on_failure=0;
940                 /* if continuing on timeout of a suspended transaction, reset the flag */
941                 t->flags &= ~T_ASYNC_SUSPENDED;
942                 if (exec_pre_script_cb(&faked_req, FAILURE_CB_TYPE)>0) {
943                         /* run a failure_route action if some was marked */
944                         keng = sr_kemi_eng_get();
945                         if(unlikely(keng!=NULL)) {
946                                 if(keng->froute(&faked_req, FAILURE_ROUTE,
947                                                 sr_kemi_cbname_lookup_idx(on_failure), NULL)<0) {
948                                         LM_ERR("error running failure route kemi callback\n");
949                                 }
950                         } else {
951                                 if (run_top_route(failure_rt.rlist[on_failure], &faked_req, 0)<0)
952                                         LM_ERR("error running run_top_route for failure handler\n");
953                         }
954                         exec_post_script_cb(&faked_req, FAILURE_CB_TYPE);
955                 }
956                 /* update message flags, if changed in failure route */
957                 t->uas.request->flags = faked_req.flags;
958         }
959
960         /* restore original environment and free the fake msg */
961         faked_env( t, 0, 0);
962         free_faked_req(&faked_req,t);
963
964         /* if failure handler changed flag, update transaction context */
965         shmem_msg->flags = faked_req.flags;
966         return 1;
967 }
968
969
970 /* return 1 if a failure_route processes */
971 int run_branch_failure_handlers(struct cell *t, struct sip_msg *rpl,
972                                         int code, int extra_flags)
973 {
974         static struct sip_msg faked_req;
975         struct sip_msg *shmem_msg = t->uas.request;
976         int on_branch_failure;
977         sr_kemi_eng_t *keng = NULL;
978
979         on_branch_failure = t->uac[picked_branch].on_branch_failure;
980
981         /* failure_route for a local UAC? */
982         if (!shmem_msg) {
983                 LM_WARN("no UAC support (%d, %d) \n",
984                         on_branch_failure, t->tmcb_hl.reg_types);
985                 return 0;
986         }
987
988         /* don't start faking anything if we don't have to */
989         if (unlikely((on_branch_failure < 0)
990                                 && !has_tran_tmcbs( t, TMCB_ON_BRANCH_FAILURE))) {
991                 LM_WARN("no branch_failure handler (%d, %d)\n",
992                                 on_branch_failure, t->tmcb_hl.reg_types);
993                 return 1;
994         }
995
996         if (!fake_req(&faked_req, shmem_msg, extra_flags, &t->uac[picked_branch])) {
997                 LM_ERR("fake_req failed\n");
998                 return 0;
999         }
1000         /* fake also the env. conforming to the fake msg */
1001         faked_env( t, &faked_req, 0);
1002         set_route_type(BRANCH_FAILURE_ROUTE);
1003         set_t(t, picked_branch);
1004         /* DONE with faking ;-) -> run the branch_failure handlers */
1005
1006         if (unlikely(has_tran_tmcbs( t, TMCB_ON_BRANCH_FAILURE)) ) {
1007                 run_trans_callbacks( TMCB_ON_BRANCH_FAILURE, t, &faked_req, rpl, code);
1008         }
1009         if (on_branch_failure >= 0) {
1010                 t->on_branch_failure = 0;
1011                 if (exec_pre_script_cb(&faked_req, BRANCH_FAILURE_CB_TYPE)>0) {
1012                         /* run a branch_failure_route action if some was marked */
1013                         keng = sr_kemi_eng_get();
1014                         if(unlikely(keng!=NULL)) {
1015                                 if(keng->froute(&faked_req, BRANCH_FAILURE_ROUTE,
1016                                                 sr_kemi_cbname_lookup_idx(on_branch_failure), NULL)<0) {
1017                                         LM_ERR("error running branch failure route kemi callback\n");
1018                                 }
1019                         } else {
1020                                 if (run_top_route(event_rt.rlist[on_branch_failure],
1021                                                         &faked_req, 0)<0)
1022                                         LM_ERR("error in run_top_route\n");
1023                         }
1024                         exec_post_script_cb(&faked_req, BRANCH_FAILURE_CB_TYPE);
1025                 }
1026                 /* update message flags, if changed in branch_failure route */
1027                 t->uas.request->flags = faked_req.flags;
1028         }
1029
1030         /* restore original environment and free the fake msg */
1031         faked_env( t, 0, 0);
1032         free_faked_req(&faked_req,t);
1033
1034         /* if branch_failure handler changed flag, update transaction context */
1035         shmem_msg->flags = faked_req.flags;
1036         return 1;
1037 }
1038
1039
1040
1041 /* 401, 407, 415, 420, and 484 have priority over the other 4xx*/
1042 inline static short int get_4xx_prio(unsigned char xx)
1043 {
1044         switch(xx){
1045                 case  1:
1046                 case  7:
1047                 case 15:
1048                 case 20:
1049                 case 84:
1050                         return xx;
1051                         break;
1052         }
1053         return 100+xx;
1054 }
1055
1056
1057
1058 /* returns response priority, lower number => highest prio
1059  *
1060  * responses                    priority val
1061  *  0-99                        32000+reponse         (special)
1062  *  1xx                         11000+reponse         (special)
1063  *  700-999                     10000+response        (very low)
1064  *  5xx                          5000+xx              (low)
1065  *  4xx                          4000+xx
1066  *  3xx                          3000+xx
1067  *  6xx                          1000+xx              (high)
1068  *  2xx                          0000+xx              (highest)
1069  */
1070 inline static short int get_prio(unsigned int resp, struct sip_msg *rpl)
1071 {
1072         int class;
1073         int xx;
1074         int prio;
1075
1076         class=resp/100;
1077
1078         if (class<7){
1079                 xx=resp%100;
1080                 prio = resp_class_prio[class]+((class==4)?get_4xx_prio(xx):xx);
1081         } else {
1082                 prio = 10000+resp; /* unknown response class => return very low prio */
1083         }
1084         if (rpl == FAKED_REPLY) {
1085                 /* Add faked_reply penalty */
1086                 return prio + faked_reply_prio;
1087         } else {
1088                 return prio;
1089         }
1090 }
1091
1092
1093
1094 /* select a branch for forwarding; returns:
1095  * 0..X ... branch number
1096  * -1   ... error
1097  * -2   ... can't decide yet -- incomplete branches present
1098  */
1099 int t_pick_branch(int inc_branch, int inc_code, struct cell *t, int *res_code)
1100 {
1101         int best_b, best_s, b;
1102         sip_msg_t *rpl;
1103
1104         best_b=-1; best_s=0;
1105         for ( b=0; b<t->nr_of_outgoings ; b++ ) {
1106                 rpl = t->uac[b].reply;
1107
1108                 /* "fake" for the currently processed branch */
1109                 if (b==inc_branch) {
1110                         if (get_prio(inc_code, rpl)<get_prio(best_s, rpl)) {
1111                                 best_b=b;
1112                                 best_s=inc_code;
1113                         }
1114                         continue;
1115                 }
1116                 /* skip 'empty branches'
1117                  * An empty branch without a final response is still considered
1118                  * to be a pending, incomplete branch. */
1119                 if ((!t->uac[b].request.buffer) && (t->uac[b].last_received>=200))
1120                         continue;
1121                 /* there is still an unfinished UAC transaction (we ignore unfinished
1122                  * blind UACs) wait now! */
1123                 if ( t->uac[b].last_received<200 && !((t->flags&T_ASYNC_CONTINUE)
1124                                         && b==t->async_backup.blind_uac))
1125                         return -2;
1126                 /* if reply is null => t_send_branch "faked" reply, skip over it */
1127                 if ( rpl &&
1128                                 get_prio(t->uac[b].last_received, rpl)<get_prio(best_s, rpl) ) {
1129                         best_b =b;
1130                         best_s = t->uac[b].last_received;
1131                 }
1132         } /* find lowest branch */
1133
1134         *res_code=best_s;
1135         return best_b;
1136 }
1137
1138 /* The same as t_pick_branch(), but allows also
1139  * blind branches to be picked up.
1140  * This function should be used only in failure_route
1141  * to check which response has been
1142  * picked up by t_pick_branch().
1143  * returns:
1144  * 0..X ... branch number
1145  * -1   ... error
1146  * -2   ... can't decide yet -- incomplete branches present
1147  */
1148 int t_pick_branch_blind(struct cell *t, int *res_code)
1149 {
1150         int best_b, best_s, b;
1151         sip_msg_t *rpl;
1152
1153         best_b=-1; best_s=0;
1154         for ( b=0; b<t->nr_of_outgoings ; b++ ) {
1155                 /* there is still an unfinished UAC transaction; wait now! */
1156                 if ( t->uac[b].last_received<200 )
1157                         return -2;
1158                 /* if reply is null => t_send_branch "faked" reply, skip over it */
1159                 rpl = t->uac[b].reply;
1160                 if ( rpl &&
1161                                 get_prio(t->uac[b].last_received, rpl)<get_prio(best_s, rpl) ) {
1162                         best_b = b;
1163                         best_s = t->uac[b].last_received;
1164                 }
1165         } /* find lowest branch */
1166
1167         *res_code=best_s;
1168         return best_b;
1169 }
1170
1171 /* flag indicating whether it is requested
1172  * to drop the already saved replies or not */
1173 static unsigned char drop_replies;
1174
1175 /* This is the neurological point of reply processing -- called
1176  * from within a REPLY_LOCK, t_should_relay_response decides
1177  * how a reply shall be processed and how transaction state is
1178  * affected.
1179  *
1180  * Checks if the new reply (with new_code status) should be sent or not
1181  *  based on the current
1182  * transaction status.
1183  *
1184  * @param cancel_data - initialized cancel_info structure.
1185  * Returns      - branch number (0,1,...) which should be relayed
1186  *         -1 if nothing to be relayed
1187  * WARNING: cancel_data should be initialized prior to calling this function.
1188  */
1189 static enum rps t_should_relay_response( struct cell *Trans , int new_code,
1190         int branch , int *should_store, int *should_relay,
1191         struct cancel_info *cancel_data, struct sip_msg *reply )
1192 {
1193         int branch_cnt;
1194         int picked_code;
1195         int new_branch;
1196         int inv_through;
1197         int extra_flags;
1198         int i;
1199         int replies_dropped;
1200
1201         /* note: this code never lets replies to CANCEL go through;
1202          * we generate always a local 200 for CANCEL; 200s are
1203          * not relayed because it's not an INVITE transaction;
1204          * >= 300 are not relayed because 200 was already sent out
1205         */
1206         LM_DBG("->>>>>>>>> T_code=%d, new_code=%d\n",Trans->uas.status,new_code);
1207         inv_through=new_code>=200 && new_code<300 && is_invite(Trans);
1208         /* if final response sent out, allow only INVITE 2xx  */
1209         if ( Trans->uas.status >= 200 ) {
1210                 if (inv_through) {
1211                         LM_DBG("200 INV after final sent\n");
1212                         *should_store=0;
1213                         Trans->uac[branch].last_received=new_code;
1214                         *should_relay=branch;
1215                         return RPS_PUSHED_AFTER_COMPLETION;
1216                 }
1217                 /* except the exception above, too late  messages will be discarded */
1218                 goto discard;
1219         }
1220
1221         /* if final response received at this branch, allow only INVITE 2xx */
1222         if (Trans->uac[branch].last_received>=200
1223                         && !(inv_through && Trans->uac[branch].last_received<300)) {
1224                 /* don't report on retransmissions */
1225                 if (Trans->uac[branch].last_received==new_code) {
1226                         LM_DBG("final reply retransmission\n");
1227                         goto discard;
1228                 }
1229                 /* if you FR-timed-out, faked a local 408  and 487 came or
1230                  *  faked a CANCEL on a non-replied branch don't
1231                  * report on it either */
1232                 if ((Trans->uac[branch].last_received==487) ||
1233                                 (Trans->uac[branch].last_received==408 && new_code==487)) {
1234                         LM_DBG("%d came for a %d branch (ignored)\n",
1235                                         new_code, Trans->uac[branch].last_received);
1236                         goto discard;
1237                 }
1238                 /* this looks however how a very strange status rewrite attempt;
1239                  * report on it */
1240                 LM_ERR("status rewrite by UAS: stored: %d, received: %d\n",
1241                         Trans->uac[branch].last_received, new_code);
1242                 goto discard;
1243         }
1244
1245
1246         /* no final response sent yet */
1247         /* negative replies subject to fork picking */
1248         if (new_code >=300 ) {
1249
1250                 Trans->uac[branch].last_received=new_code;
1251
1252                 /* also append the current reply to the transaction to
1253                  * make it available in failure routes - a kind of "fake"
1254                  * save of the final reply per branch */
1255                 if (unlikely(has_tran_tmcbs(Trans,
1256                                                         TMCB_ON_BRANCH_FAILURE_RO|TMCB_ON_BRANCH_FAILURE)
1257                                                 || (Trans->uac[branch].on_branch_failure) )) {
1258                         Trans->uac[branch].reply = reply;
1259                         extra_flags=
1260                                 ((Trans->uac[branch].request.flags & F_RB_TIMEOUT)?
1261                                                         FL_TIMEOUT:0) |
1262                                 ((Trans->uac[branch].request.flags & F_RB_REPLIED)?
1263                                                         FL_REPLIED:0);
1264                         tm_ctx_set_branch_index(branch);
1265                         picked_branch = branch;
1266                         run_branch_failure_handlers( Trans, Trans->uac[branch].reply,
1267                                                                         new_code, extra_flags);
1268                         Trans->uac[branch].reply = 0;
1269                 }
1270
1271
1272                 /* if all_final return lowest */
1273                 picked_branch=t_pick_branch(branch,new_code, Trans, &picked_code);
1274                 if (picked_branch==-2) { /* branches open yet */
1275                         *should_store=1;
1276                         *should_relay=-1;
1277                         if (new_code>=600 && new_code<=699){
1278                                 if (!(Trans->flags & (T_6xx | T_DISABLE_6xx))){
1279                                         /* cancel only the first time we get a 6xx and only
1280                                          * if the 6xx handling is not disabled */
1281                                         prepare_to_cancel(Trans, &cancel_data->cancel_bitmap, 0);
1282                                         Trans->flags|=T_6xx;
1283 #ifdef CANCEL_REASON_SUPPORT
1284                                         cancel_data->reason.cause=new_code;
1285 #endif /* CANCEL_REASON_SUPPORT */
1286                                 }
1287                         }
1288                         return RPS_STORE;
1289                 }
1290                 if (picked_branch==-1) {
1291                         LM_CRIT("error -- lowest==-1\n");
1292                         goto error;
1293                 }
1294
1295                 /* no more pending branches -- try if that changes after
1296                  * a callback; save branch count to be able to determine
1297                  * later if new branches were initiated */
1298                 branch_cnt=Trans->nr_of_outgoings;
1299                 /* also append the current reply to the transaction to
1300                  * make it available in failure routes - a kind of "fake"
1301                  * save of the final reply per branch */
1302                 Trans->uac[branch].reply = reply;
1303                 Trans->flags&=~T_6xx;   /* clear the 6xx flag , we want to
1304                                                                  * allow new branches from the failure route */
1305
1306                 drop_replies = failure_reply_mode;
1307                 replies_dropped = 0;
1308                 tm_ctx_set_branch_index(picked_branch);
1309                 /* run ON_FAILURE handlers ( route and callbacks) */
1310                 if (unlikely(has_tran_tmcbs( Trans, TMCB_ON_FAILURE_RO|TMCB_ON_FAILURE)
1311                                                 || Trans->uac[picked_branch].on_failure )) {
1312                         extra_flags=
1313                                 ((Trans->uac[picked_branch].request.flags & F_RB_TIMEOUT)?
1314                                                         FL_TIMEOUT:0) |
1315                                 ((Trans->uac[picked_branch].request.flags & F_RB_REPLIED)?
1316                                                         FL_REPLIED:0);
1317                         tm_ctx_set_branch_index(picked_branch);
1318                         run_failure_handlers( Trans, Trans->uac[picked_branch].reply,
1319                                                                         picked_code, extra_flags);
1320                         if (unlikely((drop_replies==3 && branch_cnt<Trans->nr_of_outgoings)
1321                                                 || (drop_replies!=0 && drop_replies!=3))
1322                                         ) {
1323                                 /* drop all the replies that we have already saved */
1324                                 i = 0;
1325                                 if(drop_replies==2)
1326                                 {
1327                                         for(i=branch_cnt-1; i>=0; i--)
1328                                                 if(Trans->uac[i].flags&TM_UAC_FLAG_FB)
1329                                                         break;
1330                                         if(i<0) i=0;
1331                                 }
1332                                 for (; i<branch_cnt; i++) {
1333                                         if (Trans->uac[i].reply &&
1334                                         (Trans->uac[i].reply != FAKED_REPLY) &&
1335                                         (Trans->uac[i].reply->msg_flags & FL_SHM_CLONE))
1336                                                 /* we have to drop the reply
1337                                                  * which is already in shm mem */
1338                                                 sip_msg_free(Trans->uac[i].reply);
1339
1340                                         Trans->uac[i].reply = 0;
1341                                 }
1342                                 /* make sure that the selected reply is not relayed even if
1343                                 there is not any new branch added -- should not happen */
1344                                 picked_branch = -1;
1345                                 replies_dropped = 1;
1346                         }
1347                 }
1348
1349                 /* now reset it; after the failure logic, the reply may
1350                  * not be stored any more and we don't want to keep into
1351                  * transaction some broken reference */
1352                 Trans->uac[branch].reply = 0;
1353
1354                 /* look if the callback perhaps replied transaction; it also
1355                  * covers the case in which a transaction is replied localy
1356                  * on CANCEL -- then it would make no sense to proceed to
1357                  * new branches bellow
1358                 */
1359                 if (Trans->uas.status >= 200) {
1360                         *should_store=0;
1361                         *should_relay=-1;
1362                         /* this might deserve an improvement -- if something
1363                          * was already replied, it was put on wait and then,
1364                          * returning RPS_COMPLETED will make t_on_reply
1365                          * put it on wait again; perhaps splitting put_on_wait
1366                          * from send_reply or a new RPS_ code would be healthy
1367                         */
1368                         return RPS_COMPLETED;
1369                 }
1370                 /* look if the callback/failure_route introduced new branches ... */
1371                 if (branch_cnt<Trans->nr_of_outgoings){
1372                         /* the new branches might be already "finished" => we
1373                          * must use t_pick_branch again */
1374                         new_branch=t_pick_branch((replies_dropped==0)?
1375                                                         branch :
1376                                                         -1, /* make sure we do not pick
1377                                                                 the current branch */
1378                                                 new_code,
1379                                                 Trans,
1380                                                 &picked_code);
1381
1382                         if (new_branch<0){
1383                                 if (likely(replies_dropped==0)) {
1384                                         if (new_branch==-2) { /* branches open yet */
1385                                                 *should_store=1;
1386                                                 *should_relay=-1;
1387                                                 return RPS_STORE;
1388                                         }
1389                                         /* error, use the old picked_branch */
1390                                 } else {
1391                                         if (new_branch==-2) { /* branches open yet */
1392                                                 /* we are not allowed to relay the reply */
1393                                                 *should_store=0;
1394                                                 *should_relay=-1;
1395                                                 return RPS_DISCARDED;
1396                                         } else {
1397                                                 /* There are no open branches,
1398                                                 and all the newly created branches failed
1399                                                 as well. We are not allowed to send back
1400                                                 the previously picked-up branch, thus,
1401                                                 let us reply with an error instead. */
1402                                                 goto branches_failed;
1403                                         }
1404                                 }
1405                         }else{
1406                                 /* found a new_branch */
1407                                 picked_branch=new_branch;
1408                         }
1409                 } else if (unlikely(replies_dropped)) {
1410                         /* Either the script writer did not add new branches
1411                         after calling t_drop_replies(), or tm was unable
1412                         to add the new branches to the transaction. */
1413                         goto branches_failed;
1414                 }
1415
1416                 /* really no more pending branches -- return lowest code */
1417                 *should_store=0;
1418                 *should_relay=picked_branch;
1419                 /* we dont need 'prepare_to_cancel' here -- all branches
1420                  * known to have completed */
1421                 /* prepare_to_cancel( Trans, cancel_bitmap, 0 ); */
1422                 return RPS_COMPLETED;
1423         }
1424
1425         /* not >=300 ... it must be 2xx or provisional 1xx */
1426         if (new_code>=100) {
1427 #ifdef WITH_AS_SUPPORT
1428                         /* need a copy of the message for ACK generation */
1429                         *should_store = (inv_through && is_local(Trans) &&
1430                                         (Trans->uac[branch].last_received < 200) &&
1431                                         (Trans->flags & T_NO_AUTO_ACK)) ? 1 : 0;
1432 #else
1433                 *should_store=0;
1434 #endif
1435                 /* 1xx and 2xx except 100 will be relayed */
1436                 Trans->uac[branch].last_received=new_code;
1437                 *should_relay= new_code==100? -1 : branch;
1438                 if (new_code>=200 ) {
1439                         prepare_to_cancel( Trans, &cancel_data->cancel_bitmap, 0);
1440 #ifdef CANCEL_REASON_SUPPORT
1441                         cancel_data->reason.cause=new_code;
1442 #endif /* CANCEL_REASON_SUPPORT */
1443                         return RPS_COMPLETED;
1444                 } else return RPS_PROVISIONAL;
1445         }
1446
1447 error:
1448         /* reply_status didn't match -- it must be something weird */
1449         LM_CRIT("error - oh my gooosh! We don't know whether to relay %d\n",
1450                 new_code);
1451 discard:
1452         *should_store=0;
1453         *should_relay=-1;
1454         return RPS_DISCARDED;
1455
1456 branches_failed:
1457         *should_store=0;
1458         if (is_local(Trans)){
1459                 /* for local transactions use the current reply */
1460                 *should_relay=branch;
1461         }else{
1462                 *should_relay=-1;
1463                 /* We have hopefully set tm_error in failure_route when
1464                         the branches failed. If not, reply with E_UNSPEC */
1465                 if ((kill_transaction_unsafe(Trans,
1466                                 tm_error ? tm_error : E_UNSPEC)) <=0 ){
1467                         LM_ERR("reply generation failed\n");
1468                 }
1469         }
1470         return RPS_COMPLETED;
1471 }
1472
1473 /* Retransmits the last sent inbound reply.
1474  * input: p_msg==request for which I want to retransmit an associated reply
1475  * Returns  -1 - error
1476  *           1 - OK
1477  */
1478 int t_retransmit_reply( struct cell *t )
1479 {
1480         static char b[BUF_SIZE];
1481         int len;
1482
1483         /* first check if we managed to resolve topmost Via
1484          * -- if not yet, don't try to retransmit
1485         */
1486         /*
1487          * response.dst.send_sock might be unset if the process that created
1488          * the original transaction has not finished initialising the
1489          * retransmission buffer (see t_newtran/ init_rb).
1490          * If reply_to_via is set and via contains a host name (and not an ip)
1491          * the chances for this increase a lot.
1492          */
1493         if (!t->uas.response.dst.send_sock) {
1494                 LOG(L_WARN, "WARNING: t_retransmit_reply: "
1495                         "no resolved dst to retransmit\n");
1496                 return -1;
1497         }
1498
1499         /* we need to lock the transaction as messages from
1500          * upstream may change it continuously
1501         */
1502         LOCK_REPLIES( t );
1503
1504         if (!t->uas.response.buffer) {
1505                 DBG("DBG: t_retransmit_reply: nothing to retransmit\n");
1506                 goto error;
1507         }
1508
1509         len=t->uas.response.buffer_len;
1510         if ( len==0 || len>BUF_SIZE )  {
1511                 DBG("DBG: t_retransmit_reply: "
1512                         "zero length or too big to retransmit: %d\n", len);
1513                 goto error;
1514         }
1515         memcpy( b, t->uas.response.buffer, len );
1516         UNLOCK_REPLIES( t );
1517         SEND_PR_BUFFER( & t->uas.response, b, len );
1518         if (unlikely(has_tran_tmcbs(t, TMCB_RESPONSE_SENT))){
1519                 /* we don't know if it's a retransmission of a local reply or a
1520                  * forwarded reply */
1521                 run_trans_callbacks_with_buf(TMCB_RESPONSE_SENT, &t->uas.response,
1522                                 0, 0, TMCB_RETR_F);
1523         }
1524         LM_DBG("reply retransmitted. buf=%p: %.9s..., shmem=%p: %.9s\n",
1525                 b, b, t->uas.response.buffer, t->uas.response.buffer );
1526         return 1;
1527
1528 error:
1529         UNLOCK_REPLIES(t);
1530         return -1;
1531 }
1532
1533
1534
1535 int t_reply( struct cell *t, struct sip_msg* p_msg, unsigned int code,
1536         char * text )
1537 {
1538         return _reply( t, p_msg, code, text, 1 /* lock replies */ );
1539 }
1540
1541 int t_reply_unsafe( struct cell *t, struct sip_msg* p_msg, unsigned int code,
1542         char * text )
1543 {
1544         return _reply( t, p_msg, code, text, 0 /* don't lock replies */ );
1545 }
1546
1547
1548
1549 void set_final_timer( struct cell *t )
1550 {
1551         start_final_repl_retr(t);
1552         put_on_wait(t);
1553 }
1554
1555
1556 void cleanup_uac_timers( struct cell *t )
1557 {
1558         int i;
1559
1560         /* reset FR/retransmission timers */
1561         for (i=0; i<t->nr_of_outgoings; i++ ){
1562                 stop_rb_timers(&t->uac[i].request);
1563         }
1564         LM_DBG("RETR/FR timers reset\n");
1565 }
1566
1567 static int store_reply( struct cell *trans, int branch, struct sip_msg *rpl)
1568 {
1569 #               ifdef EXTRA_DEBUG
1570                 if (trans->uac[branch].reply) {
1571                         LM_ERR("replacing stored reply; aborting\n");
1572                         abort();
1573                 }
1574 #               endif
1575
1576                 /* when we later do things such as challenge aggregation,
1577                  * we should parse the message here before we conserve
1578                  * it in shared memory; -jiri
1579                 */
1580                 if (rpl==FAKED_REPLY)
1581                         trans->uac[branch].reply=FAKED_REPLY;
1582                 else
1583                         trans->uac[branch].reply = sip_msg_cloner( rpl, 0 );
1584
1585                 if (! trans->uac[branch].reply ) {
1586                         LOG(L_ERR, "ERROR: store_reply: can't alloc' clone memory\n");
1587                         return 0;
1588                 }
1589
1590                 return 1;
1591 }
1592
1593
1594
1595 /* returns the number of authenticate replies (401 and 407) received so far
1596  *  (FAKED_REPLYes are excluded)
1597  *  It must be called with the REPLY_LOCK held */
1598 inline static int auth_reply_count(struct cell *t, struct sip_msg* crt_reply)
1599 {
1600         int count;
1601         int r;
1602
1603         count=0;
1604         if (crt_reply && (crt_reply!=FAKED_REPLY) &&
1605                         (crt_reply->REPLY_STATUS ==401 || crt_reply->REPLY_STATUS ==407))
1606                 count=1;
1607         for (r=0; r<t->nr_of_outgoings; r++){
1608                 if (t->uac[r].reply && (t->uac[r].reply!=FAKED_REPLY) &&
1609                                 (t->uac[r].last_received==401 || t->uac[r].last_received==407))
1610                         count++;
1611         }
1612         return count;
1613 }
1614
1615
1616
1617 /* must be called with the REPY_LOCK held */
1618 inline static char* reply_aggregate_auth(int code, char* txt, str* new_tag,
1619                                                                         struct cell* t, unsigned int* res_len,
1620                                                                         struct bookmark* bm)
1621 {
1622         int r;
1623         struct hdr_field* hdr;
1624         struct lump_rpl** first;
1625         struct lump_rpl** crt;
1626         struct lump_rpl* lst;
1627         struct lump_rpl*  lst_end;
1628         struct sip_msg* req;
1629         char* buf;
1630         str reason;
1631
1632         first=0;
1633         lst_end=0;
1634         req=t->uas.request;
1635
1636         for (r=0; r<t->nr_of_outgoings; r++){
1637                 if (t->uac[r].reply && (t->uac[r].reply!=FAKED_REPLY) &&
1638                         (t->uac[r].last_received==401 || t->uac[r].last_received==407)){
1639                         for (hdr=t->uac[r].reply->headers; hdr; hdr=hdr->next){
1640                                 if (hdr->type==HDR_WWW_AUTHENTICATE_T ||
1641                                                 hdr->type==HDR_PROXY_AUTHENTICATE_T){
1642                                         crt=add_lump_rpl2(req, hdr->name.s, hdr->len,
1643                                                         LUMP_RPL_HDR|LUMP_RPL_NODUP|LUMP_RPL_NOFREE);
1644                                         if (crt==0){
1645                                                 /* some kind of error, better stop */
1646                                                 LM_ERR("add_lump_rpl2 failed\n");
1647                                                 goto skip;
1648                                         }
1649                                         lst_end=*crt;
1650                                         if (first==0) first=crt;
1651                                 }
1652                         }
1653                 }
1654         }
1655 skip:
1656         reason.s = txt;
1657         reason.len = strlen(txt);
1658         buf=build_res_buf_from_sip_req(code, &reason, new_tag, req, res_len, bm);
1659         /* clean the added lumps */
1660         if (first){
1661                 lst=*first;
1662                 *first=lst_end->next; /* "detach" the list of added rpl_lumps */
1663                 lst_end->next=0; /* terminate lst */
1664                 del_nonshm_lump_rpl(&lst);
1665                 if (lst){
1666                         LM_CRIT("rpl_lump list contains shm alloc'ed lumps\n");
1667                         abort();
1668                 }
1669         }
1670         return buf;
1671 }
1672
1673
1674
1675 /* this is the code which decides what and when shall be relayed
1676  * upstream; note well -- it assumes it is entered locked with
1677  * REPLY_LOCK and it returns unlocked!
1678  * If do_put_on_wait==1 and this is the final reply, the transaction
1679  * wait timer will be started (put_on_wait(t)).
1680  *
1681  * @param cancel_data - initialized cancel_info structure.
1682  *
1683  * WARNING: cancel_data should be initialized prior to calling this function.
1684 */
1685 enum rps relay_reply( struct cell *t, struct sip_msg *p_msg, int branch,
1686         unsigned int msg_status, struct cancel_info *cancel_data,
1687         int do_put_on_wait )
1688 {
1689         int relay;
1690         int save_clone;
1691         char *buf;
1692         /* length of outbound reply */
1693         unsigned int res_len;
1694         int relayed_code;
1695         struct sip_msg *relayed_msg;
1696         struct sip_msg *reply_bak;
1697         struct bookmark bm;
1698         int totag_retr;
1699         enum rps reply_status;
1700         /* retransmission structure of outbound reply and request */
1701         struct retr_buf *uas_rb;
1702         str* to_tag;
1703         str reason;
1704         struct tmcb_params onsend_params;
1705         struct ip_addr ip;
1706
1707         /* keep compiler warnings about use of uninit vars silent */
1708         res_len=0;
1709         buf=0;
1710         relayed_msg=0;
1711         relayed_code=0;
1712         totag_retr=0;
1713
1714         /* remember, what was sent upstream to know whether we are
1715          * forwarding a first final reply or not */
1716
1717         /* *** store and relay message as needed *** */
1718         reply_status = t_should_relay_response(t, msg_status, branch,
1719                 &save_clone, &relay, cancel_data, p_msg );
1720         LM_DBG("branch=%d, save=%d, relay=%d icode=%d\n",
1721                 branch, save_clone, relay, t->uac[branch].icode);
1722
1723         /* store the message if needed */
1724         if (save_clone) /* save for later use, typically branch picking */
1725         {
1726                 if (!store_reply( t, branch, p_msg ))
1727                         goto error01;
1728         }
1729
1730         uas_rb = & t->uas.response;
1731         if (relay >= 0 ) {
1732                 /* initialize sockets for outbound reply */
1733                 uas_rb->activ_type=msg_status;
1734                 /* only messages known to be relayed immediately will be
1735                  * be called on; we do not evoke this callback on messages
1736                  * stored in shmem -- they are fixed and one cannot change them
1737                  * anyway */
1738                 if (unlikely(msg_status<300 && branch==relay
1739                                         && has_tran_tmcbs(t,TMCB_RESPONSE_FWDED)) ) {
1740                         run_trans_callbacks( TMCB_RESPONSE_FWDED, t, t->uas.request,
1741                                 p_msg, msg_status );
1742                 }
1743                 /* try building the outbound reply from either the current
1744                  * or a stored message */
1745                 relayed_msg = branch==relay ? p_msg :  t->uac[relay].reply;
1746                 if (relayed_msg==FAKED_REPLY) {
1747                         if(t->flags & T_CANCELED) {
1748                                 /* transaction canceled - send 487 */
1749                                 relayed_code = 487;
1750                         } else {
1751                                 relayed_code = branch==relay
1752                                         ? msg_status : t->uac[relay].last_received;
1753                         }
1754                         /* use to_tag from the original request, or if not present,
1755                          * generate a new one */
1756                         if (relayed_code>=180 && t->uas.request->to
1757                                         && (get_to(t->uas.request)->tag_value.s==0
1758                                                 || get_to(t->uas.request)->tag_value.len==0)) {
1759                                 calc_crc_suffix( t->uas.request, tm_tag_suffix );
1760                                 to_tag=&tm_tag;
1761                         } else {
1762                                 to_tag=0;
1763                         }
1764                         if (cfg_get(tm, tm_cfg, tm_aggregate_auth) &&
1765                                                 (relayed_code==401 || relayed_code==407) &&
1766                                                 (auth_reply_count(t, p_msg)>1)){
1767                                 /* aggregate 401 & 407 www & proxy authenticate headers in
1768                                  *  a "FAKE" reply*/
1769
1770                                 /* temporarily "store" the current reply */
1771                                 reply_bak=t->uac[branch].reply;
1772                                 t->uac[branch].reply=p_msg;
1773                                 buf=reply_aggregate_auth(relayed_code,
1774                                                 error_text(relayed_code), to_tag, t, &res_len, &bm);
1775                                 /* revert the temporary "store" reply above */
1776                                 t->uac[branch].reply=reply_bak;
1777                         }else{
1778                                 reason.s = error_text(relayed_code);
1779                                 reason.len = strlen(reason.s);
1780                                 buf = build_res_buf_from_sip_req( relayed_code,
1781                                                 &reason, to_tag,
1782                                                 t->uas.request, &res_len, &bm );
1783                         }
1784                 } else {
1785                         relayed_code=relayed_msg->REPLY_STATUS;
1786                         if (relayed_code==503 && tm_remap_503_500){
1787                                 /* replace a final 503 with a 500:
1788                                  * generate a "FAKE" reply and a new to_tag (for easier
1789                                  *  debugging)*/
1790                                 relayed_msg=FAKED_REPLY;
1791                                 if ((get_to(t->uas.request)->tag_value.s==0
1792                                                         || get_to(t->uas.request)->tag_value.len==0)) {
1793                                         calc_crc_suffix( t->uas.request, tm_tag_suffix );
1794                                         to_tag=&tm_tag;
1795                                 } else {
1796                                         to_tag=0;
1797                                 }
1798                                 /* don't relay a 503, replace it w/ 500 (rfc3261) */
1799                                 reason.s = error_text(relayed_code);
1800                                 reason.len = strlen(reason.s);
1801                                 buf=build_res_buf_from_sip_req(500, &reason,
1802                                                                         to_tag, t->uas.request, &res_len, &bm);
1803                                 relayed_code=500;
1804                         }else if (cfg_get(tm, tm_cfg, tm_aggregate_auth) &&
1805                                                 (relayed_code==401 || relayed_code==407) &&
1806                                                 (auth_reply_count(t, p_msg)>1)){
1807                                 /* aggregate 401 & 407 www & proxy authenticate headers in
1808                                  *  a "FAKE" reply*/
1809                                 if ((get_to(t->uas.request)->tag_value.s==0
1810                                                         || get_to(t->uas.request)->tag_value.len==0)) {
1811                                         calc_crc_suffix( t->uas.request, tm_tag_suffix );
1812                                         to_tag=&tm_tag;
1813                                 } else {
1814                                         to_tag=0;
1815                                 }
1816                                 /* temporarily "store" the current reply */
1817                                 reply_bak=t->uac[branch].reply;
1818                                 t->uac[branch].reply=p_msg;
1819                                 buf=reply_aggregate_auth(relayed_code,
1820                                                 error_text(relayed_code), to_tag, t, &res_len, &bm);
1821                                 /* revert the temporary "store" reply above */
1822                                 t->uac[branch].reply=reply_bak;;
1823                                 relayed_msg=FAKED_REPLY; /* mark the relayed_msg as a "FAKE" */
1824                         }else{
1825                                 buf = build_res_buf_from_sip_res( relayed_msg, &res_len );
1826                                 /* if we build a message from shmem, we need to remove
1827                                  * via delete lumps which are now stirred in the shmem-ed
1828                                  * structure
1829                                 */
1830                                 if (branch!=relay) {
1831                                         free_via_clen_lump(&relayed_msg->add_rm);
1832                                 }
1833                                 /* update send_flags with possible additions from the
1834                                  * reply route */
1835                                 SND_FLAGS_OR(&uas_rb->dst.send_flags, &uas_rb->dst.send_flags,
1836                                                                 &relayed_msg->rpl_send_flags);
1837                         }
1838                 }
1839                 update_reply_stats( relayed_code );
1840                 t_stats_rpl_sent();
1841                 if (!buf) {
1842                         LM_ERR("no mem for outbound reply buffer\n");
1843                         goto error02;
1844                 }
1845
1846                 /* attempt to copy the message to UAS's shmem:
1847                  * - copy to-tag for ACK matching as well
1848                  *   -  allocate little a bit more for provisional as
1849                  *   larger messages are likely to follow and we will be
1850                  *   able to reuse the memory frag
1851                 */
1852                 uas_rb->buffer = (char*)shm_resize( uas_rb->buffer, res_len +
1853                         (msg_status<200 ?  REPLY_OVERBUFFER_LEN : 0));
1854                 if (!uas_rb->buffer) {
1855                         LM_ERR("cannot alloc reply shmem\n");
1856                         goto error03;
1857                 }
1858                 uas_rb->buffer_len = res_len;
1859                 memcpy( uas_rb->buffer, buf, res_len );
1860                 if (relayed_msg==FAKED_REPLY) { /* to-tags for local replies */
1861                         update_local_tags(t, &bm, uas_rb->buffer, buf);
1862                         t_stats_rpl_generated();
1863                 }
1864
1865                 /* update the status ... */
1866                 t->uas.status = relayed_code;
1867                 t->relayed_reply_branch = relay;
1868
1869                 if ( unlikely(is_invite(t) && relayed_msg!=FAKED_REPLY
1870                 && relayed_code>=200 && relayed_code < 300
1871                 && has_tran_tmcbs( t,
1872                                 TMCB_RESPONSE_OUT|TMCB_RESPONSE_READY
1873                                 |TMCB_E2EACK_IN|TMCB_E2EACK_RETR_IN))) {
1874                         totag_retr=update_totag_set(t, relayed_msg);
1875                 }
1876         }; /* if relay ... */
1877
1878         UNLOCK_REPLIES( t );
1879
1880         /* send it now (from the private buffer) */
1881         if (relay >= 0) {
1882                 if (unlikely(!totag_retr && has_tran_tmcbs(t, TMCB_RESPONSE_READY))){
1883                         run_trans_callbacks_with_buf(TMCB_RESPONSE_READY, uas_rb,
1884                                         t->uas.request, relayed_msg, relayed_code);
1885                 }
1886                 /* Set retransmission timer before the reply is sent out to avoid
1887                 * race conditions
1888                 *
1889                 * Call start_final_repl_retr/put_on_wait() only if we really send out
1890                 * the reply. It can happen that the reply has been already sent from
1891                 * failure_route or from a callback and the timer has been already
1892                 * started. (Miklos)
1893                 */
1894                 if (reply_status == RPS_COMPLETED) {
1895                         start_final_repl_retr(t);
1896                 }
1897                 if (likely(uas_rb->dst.send_sock)) {
1898                         if (onsend_route_enabled(SIP_REPLY) && p_msg
1899                                                 && (p_msg != FAKED_REPLY)) {
1900                                 if (run_onsend(p_msg, &uas_rb->dst, buf, res_len)==0){
1901                                         su2ip_addr(&ip, &(uas_rb->dst.to));
1902                                         LM_ERR("reply to %s:%d(%d) dropped"
1903                                                         " (onsend_route)\n", ip_addr2a(&ip),
1904                                                         su_getport(&(uas_rb->dst.to)), uas_rb->dst.proto);
1905                                         /* workaround for drop - reset send_sock to skip sending out */
1906                                         uas_rb->dst.send_sock = 0;
1907                                 }
1908                         }
1909                 }
1910
1911                 if (likely(uas_rb->dst.send_sock)) {
1912                         if (SEND_PR_BUFFER( uas_rb, buf, res_len ) >= 0){
1913                                 if (unlikely(!totag_retr
1914                                                         && has_tran_tmcbs(t, TMCB_RESPONSE_OUT))){
1915                                         LOCK_REPLIES( t );
1916                                         run_trans_callbacks_with_buf( TMCB_RESPONSE_OUT, uas_rb,
1917                                                         t->uas.request, relayed_msg, relayed_code);
1918                                         UNLOCK_REPLIES( t );
1919                                 }
1920                                 if (unlikely(has_tran_tmcbs(t, TMCB_RESPONSE_SENT))){
1921                                         INIT_TMCB_ONSEND_PARAMS(onsend_params, t->uas.request,
1922                                                                         relayed_msg, uas_rb, &uas_rb->dst, buf,
1923                                                                         res_len,
1924                                                                         (relayed_msg==FAKED_REPLY)?TMCB_LOCAL_F:0,
1925                                                                         uas_rb->branch, relayed_code);
1926                                         LOCK_REPLIES( t );
1927                                         run_trans_callbacks_off_params(TMCB_RESPONSE_SENT, t,
1928                                                         &onsend_params);
1929                                         UNLOCK_REPLIES( t );
1930                                 }
1931                         }
1932                 } else {
1933                         LM_NOTICE("dst no longer set - skipped sending the reply out\n");
1934                 }
1935                 /* Call put_on_wait() only if we really send out
1936                 * the reply. It can happen that the reply has been already sent from
1937                 * failure_route  or from a callback and the timer has been already
1938                 * started. (Miklos)
1939                 *
1940                 * put_on_wait() should always be called after we finished dealling
1941                 * with t, because otherwise the wait timer might fire before we
1942                 *  finish with t, and by the time we want to use t it could
1943                 *  be already deleted. This could happen only if this function is
1944                 *  called from timer (fr_timer) (the timer doesn't refcnt) and the
1945                 *  timer allows quick dels (timer_allow_del()). --andrei
1946                 */
1947                 if (do_put_on_wait && (reply_status == RPS_COMPLETED)) {
1948                         put_on_wait(t);
1949                 }
1950                 pkg_free( buf );
1951         }
1952
1953         /* success */
1954         return reply_status;
1955
1956 error03:
1957         pkg_free( buf );
1958 error02:
1959         if (save_clone) {
1960                 if (t->uac[branch].reply!=FAKED_REPLY)
1961                         sip_msg_free( t->uac[branch].reply );
1962                 t->uac[branch].reply = NULL;
1963         }
1964 error01:
1965         t_reply_unsafe( t, t->uas.request, 500, "Reply processing error" );
1966         cancel_data->cancel_bitmap=0;   /* t_reply_unsafe already canceled
1967                                                                         * everything needed */
1968         UNLOCK_REPLIES(t);
1969         /* if (is_invite(t)) cancel_uacs( t, *cancel_bitmap, 0);
1970          *  -- not needed, t_reply_unsafe took care of this */
1971
1972         /* a serious error occurred -- attempt to send an error reply;
1973          * it will take care of clean-ups  */
1974
1975         /* failure */
1976         return RPS_ERROR;
1977 }
1978
1979 /* this is the "UAC" above transaction layer; if a final reply
1980  * is received, it triggers a callback; note well -- it assumes
1981  * it is entered locked with REPLY_LOCK and it returns unlocked!
1982  *
1983  * @param cancel_data - initialized cancel_info structure.
1984  *
1985  * WARNING: cancel_data should be initialized prior to calling this function.
1986 */
1987 enum rps local_reply( struct cell *t, struct sip_msg *p_msg, int branch,
1988         unsigned int msg_status, struct cancel_info *cancel_data)
1989 {
1990         /* how to deal with replies for local transaction */
1991         int local_store, local_winner;
1992         enum rps reply_status;
1993         struct sip_msg *winning_msg;
1994         int winning_code;
1995         int totag_retr;
1996
1997         /* keep warning 'var might be used un-inited' silent */
1998         winning_msg=0;
1999         winning_code=0;
2000         totag_retr=0;
2001
2002         cancel_data->cancel_bitmap=0;
2003
2004         reply_status=t_should_relay_response( t, msg_status, branch,
2005                 &local_store, &local_winner, cancel_data, p_msg );
2006         LM_DBG("branch=%d, save=%d, winner=%d\n",
2007                 branch, local_store, local_winner );
2008         if (local_store) {
2009                 if (!store_reply(t, branch, p_msg))
2010                         goto error;
2011         }
2012         if (local_winner>=0) {
2013                 winning_msg= branch==local_winner
2014                         ? p_msg :  t->uac[local_winner].reply;
2015                 if (winning_msg==FAKED_REPLY) {
2016                         t_stats_rpl_generated();
2017                         winning_code = branch==local_winner
2018                                 ? msg_status : t->uac[local_winner].last_received;
2019                 } else {
2020                         winning_code=winning_msg->REPLY_STATUS;
2021                 }
2022                 t->uas.status = winning_code;
2023                 update_reply_stats( winning_code );
2024                 t_stats_rpl_sent();
2025                 if (unlikely(is_invite(t) && winning_msg!=FAKED_REPLY
2026                                         && winning_code>=200 && winning_code <300
2027                                         && has_tran_tmcbs(t, TMCB_LOCAL_COMPLETED) ))  {
2028                                 totag_retr=update_totag_set(t, winning_msg);
2029                 }
2030         }
2031         UNLOCK_REPLIES(t);
2032
2033         if (local_winner >= 0
2034                 && cfg_get(tm, tm_cfg, pass_provisional_replies)
2035                 && winning_code < 200) {
2036                         /* no retr. detection for provisional replies &
2037                          * TMCB_LOCAL_RESPONSE_OUT */
2038                         if (unlikely(has_tran_tmcbs(t, TMCB_LOCAL_RESPONSE_OUT) )) {
2039                                 run_trans_callbacks( TMCB_LOCAL_RESPONSE_OUT, t, 0,
2040                                                                                 winning_msg, winning_code);
2041                         }
2042         }
2043
2044         if (local_winner>=0 && winning_code>=200 ) {
2045                 LM_DBG("local transaction completed %d/%d (totag retr: %d/%d)\n",
2046                                 winning_code, local_winner, totag_retr, t->tmcb_hl.reg_types);
2047                 if (!totag_retr) {
2048                         if (unlikely(has_tran_tmcbs(t,TMCB_LOCAL_COMPLETED) ))
2049                                 run_trans_callbacks( TMCB_LOCAL_COMPLETED, t, 0,
2050                                         winning_msg, winning_code );
2051                 }
2052         }
2053         return reply_status;
2054
2055 error:
2056         prepare_to_cancel(t, &cancel_data->cancel_bitmap, 0);
2057         UNLOCK_REPLIES(t);
2058         cleanup_uac_timers(t);
2059         if (p_msg && p_msg!=FAKED_REPLY && get_cseq(p_msg)->method.len==INVITE_LEN
2060                 && memcmp( get_cseq(p_msg)->method.s, INVITE, INVITE_LEN)==0){
2061                 cancel_uacs( t, cancel_data, F_CANCEL_B_KILL);
2062         }
2063         cancel_data->cancel_bitmap=0; /* we've already took care of everything */
2064         put_on_wait(t);
2065         return RPS_ERROR;
2066 }
2067
2068
2069
2070
2071
2072 /*  This function is called whenever a reply for our module is received;
2073  *  we need to register  this function on module initialization;
2074  *  Returns :   0 - core router stops
2075  *              1 - core router relay statelessly
2076  */
2077 int reply_received( struct sip_msg  *p_msg )
2078 {
2079
2080         int msg_status;
2081         int last_uac_status;
2082         char *ack;
2083         unsigned int ack_len;
2084         int branch;
2085         /* has the transaction completed now and we need to clean-up? */
2086         int reply_status;
2087         int onreply_route;
2088         struct cancel_info cancel_data;
2089         struct ua_client *uac;
2090         struct cell *t;
2091         struct dest_info  lack_dst;
2092         avp_list_t* backup_user_from, *backup_user_to;
2093         avp_list_t* backup_domain_from, *backup_domain_to;
2094         avp_list_t* backup_uri_from, *backup_uri_to;
2095 #ifdef WITH_XAVP
2096         sr_xavp_t **backup_xavps;
2097 #endif
2098         int replies_locked;
2099 #ifdef USE_DNS_FAILOVER
2100         int branch_ret;
2101         int prev_branch;
2102 #endif
2103 #ifdef USE_DST_BLACKLIST
2104         int blst_503_timeout;
2105         struct hdr_field* hf;
2106 #endif
2107         struct tmcb_params onsend_params;
2108         struct run_act_ctx ctx;
2109         struct run_act_ctx *bctx;
2110         sr_kemi_eng_t *keng = NULL;
2111
2112         /* make sure we know the associated transaction ... */
2113         if (t_check( p_msg  , &branch )==-1)
2114                 goto trans_not_found;
2115         /*... if there is none, tell the core router to fwd statelessly */
2116         t=get_t();
2117         if ( (t==0)||(t==T_UNDEFINED))
2118                 goto trans_not_found;
2119
2120         /* if transaction found, increment the rpl_received counter */
2121         t_stats_rpl_received();
2122
2123         if (unlikely(branch==T_BR_UNDEFINED))
2124                 LM_CRIT("BUG: invalid branch - report to developers\n");
2125         tm_ctx_set_branch_index(branch);
2126         init_cancel_info(&cancel_data);
2127         msg_status=p_msg->REPLY_STATUS;
2128         replies_locked=0;
2129
2130         uac=&t->uac[branch];
2131         LM_DBG("org. status uas=%d, uac[%d]=%d local=%d is_invite=%d)\n",
2132                 t->uas.status, branch, uac->last_received,
2133                 is_local(t), is_invite(t));
2134         last_uac_status=uac->last_received;
2135
2136         /* it's a cancel ... ? */
2137         if (get_cseq(p_msg)->method.len==CANCEL_LEN
2138                 && memcmp( get_cseq(p_msg)->method.s, CANCEL, CANCEL_LEN)==0
2139                 /* .. which is not e2e ? ... */
2140                 && is_invite(t) ) {
2141                         /* ... then just stop timers */
2142                         if ( msg_status >= 200 )
2143                                 stop_rb_timers(&uac->local_cancel); /* stop retr & fr */
2144                         else
2145                                 stop_rb_retr(&uac->local_cancel);  /* stop only retr */
2146                         LM_DBG("reply to local CANCEL processed\n");
2147                         goto done;
2148         }
2149
2150         onreply_route=uac->on_reply;
2151         if ( msg_status >= 200 ){
2152 #ifdef TM_ONREPLY_FINAL_DROP_OK
2153 #warning Experimental tm onreply_route final reply DROP support active
2154                 if (onreply_route)
2155                         /* stop only retr., but leave the final reply timers on,
2156                          * in case the final reply is dropped in the on_reply route */
2157                         stop_rb_retr(&uac->request);
2158                 else
2159 #endif /* TM_ONREPLY_FINAL_DROP_OK */
2160                         /* stop final response timer  & retr. if I got a final response */
2161                         stop_rb_timers(&uac->request);
2162                 /* acknowledge negative INVITE replies (do it before detailed
2163                  * on_reply processing, which may take very long, like if it
2164                  * is attempted to establish a TCP connection to a fail-over dst */
2165                 if (is_invite(t)) {
2166                         if (msg_status >= 300) {
2167                                 ack = build_ack(p_msg, t, branch, &ack_len);
2168                                 if (ack) {
2169                                         if (SEND_PR_BUFFER(&uac->request, ack, ack_len)>=0) {
2170                                                 if (unlikely(has_tran_tmcbs(t, TMCB_REQUEST_SENT))){
2171                                                         INIT_TMCB_ONSEND_PARAMS(onsend_params,
2172                                                                         t->uas.request, p_msg, &uac->request,
2173                                                                         &uac->request.dst, ack, ack_len,
2174                                                                         TMCB_LOCAL_F, branch, TYPE_LOCAL_ACK);
2175                                                         run_trans_callbacks_off_params(TMCB_REQUEST_SENT,
2176                                                                         t, &onsend_params);
2177                                                 }
2178                                         }
2179                                         if (unlikely(has_tran_tmcbs(t, TMCB_ACK_NEG_IN))){
2180                                                 INIT_TMCB_ONSEND_PARAMS(onsend_params,
2181                                                                 t->uas.request, p_msg, &uac->request,
2182                                                                 &uac->request.dst, ack, ack_len,
2183                                                                 TMCB_LOCAL_F, branch, TYPE_LOCAL_ACK);
2184                                                 run_trans_callbacks_off_params(TMCB_ACK_NEG_IN,
2185                                                                 t, &onsend_params);
2186                                         }
2187                                         shm_free(ack);
2188                                 }
2189                         } else if (is_local(t) /*&& 200 <= msg_status < 300*/) {
2190                                 ack = build_local_ack(p_msg, t, branch, &ack_len, &lack_dst);
2191                                 if (ack) {
2192                                         if (msg_send(&lack_dst, ack, ack_len)<0)
2193                                                 LM_ERR("error while sending local ACK\n");
2194                                         else if (unlikely(has_tran_tmcbs(t, TMCB_REQUEST_SENT))){
2195                                                         INIT_TMCB_ONSEND_PARAMS(onsend_params,
2196                                                                         t->uas.request, p_msg, &uac->request,
2197                                                                         &lack_dst, ack, ack_len, TMCB_LOCAL_F,
2198                                                                         branch, TYPE_LOCAL_ACK);
2199                                                         run_trans_callbacks_off_params(TMCB_REQUEST_SENT,
2200                                                                         t, &onsend_params);
2201                                         }
2202 #ifndef WITH_AS_SUPPORT
2203                                         shm_free(ack);
2204 #endif
2205                                 }
2206                         }
2207                 }
2208         }else{
2209                 /* if branch already canceled re-transmit or generate cancel
2210                  * TODO: check if it really makes sense to do it for non-invites too */
2211                 if (uac->request.flags & F_RB_CANCELED){
2212                         if (uac->local_cancel.buffer_len){
2213                                 membar_read(); /* make sure we get the current value of
2214                                                                 * local_cancel */
2215                                 /* re-transmit if cancel already built */
2216                                 DBG("tm: reply_received: branch CANCEL retransmit\n");
2217                                 if (SEND_BUFFER( &uac->local_cancel)>=0){
2218                                         if (unlikely (has_tran_tmcbs(t, TMCB_REQUEST_SENT)))
2219                                                 run_trans_callbacks_with_buf(TMCB_REQUEST_SENT,
2220                                                                 &uac->local_cancel, 0, 0, TMCB_LOCAL_F);
2221                                 }
2222                                 /* retrs. should be already started so do nothing */
2223                         }else if (atomic_cmpxchg_long((void*)&uac->local_cancel.buffer, 0,
2224                                                                                 (long)BUSY_BUFFER)==0){
2225                                 /* try to rebuild it if empty (not set or marked as BUSY).
2226                                  * if BUSY or set just exit, a cancel will be (or was) sent
2227                                  * shortly on this branch */
2228                                 LM_DBG("branch CANCEL created\n");
2229 #ifdef CANCEL_REASON_SUPPORT
2230                                 if (t->uas.cancel_reas) {
2231                                         /* cancel reason was saved, use it */
2232                                         cancel_branch(t, branch, t->uas.cancel_reas,
2233                                                                                         F_CANCEL_B_FORCE_C);
2234                                 } else {
2235                                         /* note that in this case we do not know the reason,
2236                                          * we only know it's a final reply (either locally
2237                                          * generated via script t_reply(), timeout, a received
2238                                          * 2xx or 6xx) => try to use t->uas.status as the reason */
2239                                         cancel_data.reason.cause =
2240                                                 (t->uas.status>=200)?t->uas.status:CANCEL_REAS_UNKNOWN;
2241                                         cancel_branch(t, branch, &cancel_data.reason,
2242                                                                                                                 F_CANCEL_B_FORCE_C);
2243                                 }
2244 #else /* CANCEL_REASON_SUPPORT */
2245                                 cancel_branch(t, branch, F_CANCEL_B_FORCE_C);
2246 #endif /* CANCEL_REASON_SUPPORT */
2247                         }
2248                         goto done; /* nothing to do */
2249                 }
2250                 if (is_invite(t)){
2251                         /* stop only retr. (and not fr) */
2252                         stop_rb_retr(&uac->request);
2253                 }else{
2254                         /* non-invite: increase retransmissions interval (slow now) */
2255                         switch_rb_retr_to_t2(&uac->request);
2256                 }
2257         }
2258         /* pre-set the ignore BLST_503 flag in the message, if the
2259          * corresponding branch had it set on send */
2260         p_msg->fwd_send_flags.blst_imask|=
2261                 uac->request.dst.send_flags.blst_imask & BLST_503;
2262         /* processing of on_reply block */
2263         if (onreply_route) {
2264                 set_route_type(TM_ONREPLY_ROUTE);
2265
2266                 /* lock onreply_route, for safe avp usage */
2267                 LOCK_REPLIES( t );
2268                 replies_locked=1;
2269
2270                 /* transfer transaction flag to message context */
2271                 if (t->uas.request) p_msg->flags=t->uas.request->flags;
2272                 /* set the as avp_list the one from transaction */
2273
2274                 backup_uri_from = set_avp_list(AVP_TRACK_FROM | AVP_CLASS_URI,
2275                                 &t->uri_avps_from );
2276                 backup_uri_to = set_avp_list(AVP_TRACK_TO | AVP_CLASS_URI,
2277                                 &t->uri_avps_to );
2278                 backup_user_from = set_avp_list(AVP_TRACK_FROM | AVP_CLASS_USER,
2279                                 &t->user_avps_from );
2280                 backup_user_to = set_avp_list(AVP_TRACK_TO | AVP_CLASS_USER,
2281                                 &t->user_avps_to );
2282                 backup_domain_from = set_avp_list(AVP_TRACK_FROM | AVP_CLASS_DOMAIN,
2283                                 &t->domain_avps_from );
2284                 backup_domain_to = set_avp_list(AVP_TRACK_TO | AVP_CLASS_DOMAIN,
2285                                 &t->domain_avps_to );
2286 #ifdef WITH_XAVP
2287                 backup_xavps = xavp_set_list(&t->xavps_list);
2288 #endif
2289                 setbflagsval(0, uac->branch_flags);
2290                 if(msg_status>last_uac_status) {
2291                         /* current response (msg) status is higher that the last received
2292                          * on the same branch - set it temporarily so functions in onreply_route
2293                          * can access it (e.g., avoid sending CANCEL by forcing another t_relply()
2294                          * in onreply_route when a negative sip response was received) */
2295                         uac->last_received = msg_status;
2296                 }
2297
2298                 /* Pre- and post-script callbacks have already
2299                  * been executed by the core. (Miklos)
2300                  */
2301                 keng = sr_kemi_eng_get();
2302                 if(unlikely(keng!=NULL)) {
2303                         bctx = sr_kemi_act_ctx_get();
2304                         init_run_actions_ctx(&ctx);
2305                         sr_kemi_act_ctx_set(&ctx);
2306                         keng->froute(p_msg, TM_ONREPLY_ROUTE,
2307                                         sr_kemi_cbname_lookup_idx(onreply_route), NULL);
2308                         sr_kemi_act_ctx_set(bctx);
2309                 } else {
2310                         run_top_route(onreply_rt.rlist[onreply_route], p_msg, &ctx);
2311                 }
2312
2313                 /* restore brach last_received as before executing onreply_route */
2314                 uac->last_received = last_uac_status;
2315                 /* transfer current message context back to t */
2316                 if (t->uas.request) t->uas.request->flags=p_msg->flags;
2317                 getbflagsval(0, &uac->branch_flags);
2318
2319                 /* restore original avp list */
2320                 set_avp_list( AVP_TRACK_FROM | AVP_CLASS_URI, backup_uri_from );
2321                 set_avp_list( AVP_TRACK_TO | AVP_CLASS_URI, backup_uri_to );
2322                 set_avp_list( AVP_TRACK_FROM | AVP_CLASS_USER, backup_user_from );
2323                 set_avp_list( AVP_TRACK_TO | AVP_CLASS_USER, backup_user_to );
2324                 set_avp_list( AVP_TRACK_FROM | AVP_CLASS_DOMAIN, backup_domain_from );
2325                 set_avp_list( AVP_TRACK_TO | AVP_CLASS_DOMAIN, backup_domain_to );
2326 #ifdef WITH_XAVP
2327                 xavp_set_list(backup_xavps);
2328 #endif
2329                 /* handle a possible DROP in the script, but only if this
2330                  * is not a final reply (final replies already stop the timers
2331                  * and droping them might leave a transaction living forever) */
2332 #ifdef TM_ONREPLY_FINAL_DROP_OK
2333                 if (unlikely(ctx.run_flags&DROP_R_F))
2334 #else
2335                 if (unlikely((ctx.run_flags&DROP_R_F) && (msg_status<200)))
2336 #endif /* TM_ONREPLY_FINAL_DROP_OK */
2337                 {
2338                         if (likely(replies_locked)) {
2339                                 replies_locked = 0;
2340                                 UNLOCK_REPLIES( t );
2341                         }
2342                         goto done;
2343                 }
2344 #ifdef TM_ONREPLY_FINAL_DROP_OK
2345                 if (msg_status >= 200) {
2346                         /* stop final reply timers, now that we executed the onreply route
2347                          * and the reply was not DROPed */
2348                         if (likely(replies_locked)){
2349                                 /* if final reply => we have to execute stop_rb_timers,
2350                                  * but with replies unlocked to avoid a possible deadlock
2351                                  * (if the timer is currently running, stop_rb_timers()
2352                                  * will wait until the timer handler ends, but the
2353                                  * final_response_handler() will try to lock replies
2354                                  * => deadlock).
2355                                 */
2356                                 UNLOCK_REPLIES( t );
2357                                 replies_locked=0;
2358                         }
2359                         stop_rb_timers(&uac->request);
2360                 }
2361 #endif /* TM_ONREPLY_FINAL_DROP_OK */
2362                 /* Re-read the status code, it can be changed in the route block. */
2363 #ifdef EXTRA_DEBUG
2364                 /* The class of provisional and positive final replies
2365                  * cannot be changed. */
2366                 if (((msg_status < 300) || (p_msg->REPLY_STATUS < 300))
2367                         && (msg_status/100 != p_msg->REPLY_STATUS/100)
2368                 ) {
2369                         LM_ERR("the class of provisional and"
2370                                 " positive final replies should not be changed!\n");
2371                 }
2372 #endif /* EXTRA_DEBUG */
2373                 msg_status=p_msg->REPLY_STATUS;
2374         }
2375 #ifdef USE_DST_BLACKLIST
2376                 /* add temporary to the blacklist the source of a 503 reply */
2377                 if ( (msg_status==503) && cfg_get(tm, tm_cfg, tm_blst_503) &&
2378                                 /* check if the request sent on the branch had the the
2379                                  * blst 503 ignore flags set or it was set in the onreply_r*/
2380                                 should_blacklist_su(BLST_503, &p_msg->fwd_send_flags,
2381                                                                                 p_msg->rcv.proto, &p_msg->rcv.src_su)
2382                                 ){
2383                         blst_503_timeout=cfg_get(tm, tm_cfg, tm_blst_503_default);
2384                         if ((parse_headers(p_msg, HDR_RETRY_AFTER_F, 0)==0) &&
2385                                 (p_msg->parsed_flag & HDR_RETRY_AFTER_F)){
2386                                 for (hf=p_msg->headers; hf; hf=hf->next)
2387                                         if (hf->type==HDR_RETRY_AFTER_T){
2388                                                 /* found */
2389                                                 blst_503_timeout=(unsigned)(unsigned long)hf->parsed;
2390                                                 blst_503_timeout=MAX_unsigned(blst_503_timeout,
2391                                                                         cfg_get(tm, tm_cfg, tm_blst_503_min));
2392                                                 blst_503_timeout=MIN_unsigned(blst_503_timeout,
2393                                                                         cfg_get(tm, tm_cfg, tm_blst_503_max));
2394                                                 break;
2395                                         }
2396                         }
2397                         if (blst_503_timeout){
2398                                 dst_blacklist_force_su_to(BLST_503, p_msg->rcv.proto,
2399                                                                                         &p_msg->rcv.src_su, p_msg,
2400                                                                                         S_TO_TICKS(blst_503_timeout));
2401                         }
2402                 }
2403 #endif /* USE_DST_BLACKLIST */
2404 #ifdef USE_DNS_FAILOVER
2405                 /* if this is a 503 reply, and the destination resolves to more ips,
2406                  *  add another branch/uac.
2407                  *  This code is out of LOCK_REPLIES() to minimize the time the
2408                  *  reply lock is held (the lock won't be held while sending the
2409                  *   message)*/
2410                 if (cfg_get(core, core_cfg, use_dns_failover) && (msg_status==503)) {
2411                         branch_ret=add_uac_dns_fallback(t, t->uas.request,
2412                                                                                                 uac, !replies_locked);
2413                         prev_branch=-1;
2414                         /* unlock replies to avoid sending() while holding a lock */
2415                         if (unlikely(replies_locked)) {
2416                                 UNLOCK_REPLIES( t );
2417                                 replies_locked = 0;
2418                         }
2419                         while((branch_ret>=0) &&(branch_ret!=prev_branch)){
2420                                 prev_branch=branch_ret;
2421                                 branch_ret=t_send_branch(t, branch_ret, t->uas.request , 0, 1);
2422                         }
2423                 }
2424 #endif
2425
2426         if (unlikely(p_msg->msg_flags&FL_RPL_SUSPENDED)) {
2427                 goto skip_send_reply;
2428                 /* suspend the reply (async), no error */
2429         }
2430         if (unlikely(!replies_locked)){
2431                 LOCK_REPLIES( t );
2432                 replies_locked=1;
2433         }
2434         if ( is_local(t) ) {
2435                 reply_status=local_reply( t, p_msg, branch, msg_status, &cancel_data );
2436                 replies_locked=0;
2437                 if (reply_status == RPS_COMPLETED) {
2438                         /* no more UAC FR/RETR (if I received a 2xx, there may
2439                          * be still pending branches ...
2440                          */
2441                         cleanup_uac_timers( t );
2442                         if (is_invite(t)) cancel_uacs(t, &cancel_data, F_CANCEL_B_KILL);
2443                         /* There is no need to call set_final_timer because we know
2444                          * that the transaction is local */
2445                         put_on_wait(t);
2446                 }else if (unlikely(cancel_data.cancel_bitmap)){
2447                         /* cancel everything, even non-INVITEs (e.g in case of 6xx), use
2448                          * cancel_b_method for canceling unreplied branches */
2449                         cancel_uacs(t, &cancel_data, cfg_get(tm,tm_cfg, cancel_b_flags));
2450                 }
2451         } else {
2452                 reply_status=relay_reply( t, p_msg, branch, msg_status,
2453                                                                         &cancel_data, 1 );
2454                 replies_locked=0;
2455                 if (reply_status == RPS_COMPLETED) {
2456                         /* no more UAC FR/RETR (if I received a 2xx, there may
2457                          * be still pending branches ... */
2458                         cleanup_uac_timers( t );
2459                         /* 2xx is a special case: we can have a COMPLETED request
2460                          * with branches still open => we have to cancel them */
2461                         if (is_invite(t) && cancel_data.cancel_bitmap)
2462                                 cancel_uacs( t, &cancel_data,  F_CANCEL_B_KILL);
2463                         /* FR for negative INVITES, WAIT anything else */
2464                         /* Call to set_final_timer is embedded in relay_reply to avoid
2465                          * race conditions when reply is sent out and an ACK to stop
2466                          * retransmissions comes before retransmission timer is set.*/
2467                 }else if (unlikely(cancel_data.cancel_bitmap)){
2468                         /* cancel everything, even non-INVITEs (e.g in case of 6xx), use
2469                          * cancel_b_method for canceling unreplied branches */
2470                         cancel_uacs(t, &cancel_data, cfg_get(tm,tm_cfg, cancel_b_flags));
2471                 }
2472         }
2473         uac->request.flags|=F_RB_REPLIED;
2474
2475         if (reply_status==RPS_ERROR)
2476                 goto done;
2477
2478         /* update FR/RETR timers on provisional replies */
2479         if (is_invite(t) && msg_status<200 &&
2480                 ( cfg_get(tm, tm_cfg, restart_fr_on_each_reply) ||
2481                                 ( (last_uac_status<msg_status) &&
2482                                         ((msg_status>=180) || (last_uac_status==0)) )
2483                         ) ) { /* provisional now */
2484                 restart_rb_fr(& uac->request, t->fr_inv_timeout);
2485                 uac->request.flags|=F_RB_FR_INV; /* mark fr_inv */
2486         } /* provisional replies */
2487
2488 skip_send_reply:
2489
2490         if (likely(replies_locked)){
2491                 /* unlock replies if still locked coming via goto skip_send_reply */
2492                 UNLOCK_REPLIES(t);
2493                 replies_locked=0;
2494         }
2495
2496 done:
2497         tm_ctx_set_branch_index(T_BR_UNDEFINED);
2498         /* we are done with the transaction, so unref it - the reference
2499          * was incremented by t_check() function -bogdan*/
2500         t_unref(p_msg);
2501         /* don't try to relay statelessly neither on success
2502          * (we forwarded statefully) nor on error; on troubles,
2503          * simply do nothing; that will make the other party to
2504          * retransmit; hopefuly, we'll then be better off */
2505         return 0;
2506
2507 trans_not_found:
2508         /* transaction context was not found */
2509         if (goto_on_sl_reply) {
2510                 /* The script writer has a chance to decide whether to
2511                  * forward the reply or not.
2512                  * Pre- and post-script callbacks have already
2513                  * been execueted by the core. (Miklos)
2514                  */
2515                 return run_top_route(onreply_rt.rlist[goto_on_sl_reply], p_msg, 0);
2516         } else {
2517                 /* let the core forward the reply */
2518                 return 1;
2519         }
2520 }
2521
2522
2523
2524 int t_reply_with_body( struct cell *trans, unsigned int code,
2525                 str *text, str *body, str *new_header, str *to_tag )
2526 {
2527         struct lump_rpl *hdr_lump;
2528         struct lump_rpl *body_lump;
2529         str  s_to_tag;
2530         str  rpl;
2531         int  ret;
2532         struct bookmark bm;
2533
2534         if(to_tag) {
2535                 s_to_tag.s = to_tag->s;
2536                 s_to_tag.len = to_tag->len;
2537         } else {
2538                 s_to_tag.len = 0;
2539         }
2540
2541         /* mark the transaction as replied */
2542         if (code>=200) set_kr(REQ_RPLD);
2543
2544         /* add the lumps for new_header and for body (by bogdan) */
2545         if (new_header && new_header->len) {
2546                 hdr_lump = add_lump_rpl( trans->uas.request, new_header->s,
2547                                 new_header->len, LUMP_RPL_HDR );
2548                 if ( !hdr_lump ) {
2549                         LM_ERR("cannot add hdr lump\n");
2550                         goto error;
2551                 }
2552         } else {
2553                 hdr_lump = 0;
2554         }
2555
2556         /* body lump */
2557         if(body && body->len) {
2558                 body_lump = add_lump_rpl( trans->uas.request, body->s, body->len,
2559                         LUMP_RPL_BODY );
2560                 if (body_lump==0) {
2561                         LM_ERR("cannot add body lump\n");
2562                         goto error_1;
2563                 }
2564         } else {
2565                 body_lump = 0;
2566         }
2567
2568         rpl.s = build_res_buf_from_sip_req( code, text, &s_to_tag,
2569                                 trans->uas.request, (unsigned int*)&rpl.len, &bm);
2570
2571         /* since the msg (trans->uas.request) is a clone into shm memory, to avoid
2572          * memory leak or crashing (lumps are create in private memory) I will
2573          * remove the lumps by myself here (bogdan) */
2574         if ( hdr_lump ) {
2575                 unlink_lump_rpl( trans->uas.request, hdr_lump);
2576                 free_lump_rpl( hdr_lump );
2577         }
2578         if( body_lump ) {
2579                 unlink_lump_rpl( trans->uas.request, body_lump);
2580                 free_lump_rpl( body_lump );
2581         }
2582
2583         if (rpl.s==0) {
2584                 LM_ERR("failed in doing build_res_buf_from_sip_req()\n");
2585                 goto error;
2586         }
2587
2588         LM_DBG("buffer computed\n");
2589         // frees 'res.s' ... no panic !
2590         ret=_reply_light( trans, rpl.s, rpl.len, code,
2591                 s_to_tag.s, s_to_tag.len, 1 /* lock replies */, &bm );
2592         /* this is ugly hack -- the function caller may wish to continue with
2593          * transaction and I unref; however, there is now only one use from
2594          * vm/fifo_vm_reply and I'm currently to lazy to export UNREF; -jiri
2595          */
2596         UNREF(trans);
2597
2598         return ret;
2599 error_1:
2600         if ( hdr_lump ) {
2601                 unlink_lump_rpl( trans->uas.request, hdr_lump);
2602                 free_lump_rpl( hdr_lump );
2603         }
2604 error:
2605         return -1;
2606 }
2607
2608 /* drops all the replies to make sure
2609  * that none of them is picked up again
2610  */
2611 void t_drop_replies(int v)
2612 {
2613         /* It is too risky to free the replies that are in shm mem
2614         at the middle of failure_route block, because other functions might
2615         need them as well. And it can also happen that the current reply is not yet
2616         in shm mem, we are just going to clone it. So better to set a flag
2617         and check it after failure_route has ended. (Miklos) */
2618         drop_replies = v;
2619 }
2620
2621 int t_get_this_branch_instance(struct sip_msg *msg, str *instance)
2622 {
2623         struct cell *t;
2624         if (!msg || !instance)
2625         {
2626                 LM_ERR("Invalid params\n");
2627                 return -1;
2628         }
2629         if (get_route_type() != BRANCH_FAILURE_ROUTE)
2630         {
2631                 LM_ERR("Called t_get_this_branch_instance not in a"
2632                                 " branch_failure_route\n");
2633                 return -1;
2634         }
2635
2636         t = 0;
2637         /* first get the transaction */
2638         if (t_check(msg, 0 ) == -1) return -1;
2639         if ((t = get_t()) == 0) {
2640                 LM_ERR("cannot check status for a reply"
2641                                 " which has no T-state established\n");
2642                 return -1;
2643         }
2644         *instance = t->uac[get_t_branch()].instance;
2645         return 1;
2646 }
2647
2648 int t_get_this_branch_ruid(struct sip_msg *msg, str *ruid)
2649 {
2650         struct cell *t;
2651         if (!msg || !ruid)
2652         {
2653                 LM_ERR("Invalid params\n");
2654                 return -1;
2655         }
2656         if (get_route_type() != BRANCH_FAILURE_ROUTE)
2657         {
2658                 LM_ERR("Called t_get_this_branch_ruid not in a branch_failure_route\n");
2659                 return -1;
2660         }
2661
2662         t = 0;
2663         /* first get the transaction */
2664         if (t_check(msg, 0 ) == -1) return -1;
2665         if ((t = get_t()) == 0) {
2666                 LM_ERR("cannot check status for a reply "
2667                         "which has no T-state established\n");
2668                 return -1;
2669         }
2670         *ruid = t->uac[get_t_branch()].ruid;
2671         return 1;
2672 }
2673
2674
2675 /*
2676  * Syntax:
2677  *
2678  * ":tm.reply:[response file]\n
2679  * code\n
2680  * reason\n
2681  * trans_id\n
2682  * to_tag\n
2683  * [new headers]\n
2684  * \n
2685  * [Body]\n
2686  * .\n
2687  * \n"
2688  */
2689 void rpc_reply(rpc_t* rpc, void* c)
2690 {
2691         int ret;
2692         struct cell *trans;
2693         unsigned int hash_index, label, code;
2694         str ti, body, headers, tag, reason;
2695
2696         if (rpc->scan(c, "d", &code) < 1) {
2697                 rpc->fault(c, 400, "Reply code expected");
2698                 return;
2699         }
2700
2701         if (rpc->scan(c, "S", &reason) < 1) {
2702                 rpc->fault(c, 400, "Reason phrase expected");
2703                 return;
2704         }
2705
2706         if (rpc->scan(c, "S", &ti) < 1) {
2707                 rpc->fault(c, 400, "Transaction ID expected");
2708                 return;
2709         }
2710
2711         if (rpc->scan(c, "S", &tag) < 1) {
2712                 rpc->fault(c, 400, "To tag expected");
2713                 return;
2714         }
2715
2716         if (rpc->scan(c, "S", &headers) < 0) return;
2717         if (rpc->scan(c, "S", &body) < 0) return;
2718
2719         if(sscanf(ti.s,"%u:%u", &hash_index, &label) != 2) {
2720                 ERR("Invalid trans_id (%s)\n", ti.s);
2721                 rpc->fault(c, 400, "Invalid transaction ID");
2722                 return;
2723         }
2724         LM_DBG("hash_index=%u label=%u\n", hash_index, label);
2725
2726         if( t_lookup_ident(&trans, hash_index, label) < 0 ) {
2727                 ERR("Lookup failed\n");
2728                 rpc->fault(c, 481, "No such transaction");
2729                 return;
2730         }
2731
2732         /* it's refcounted now, t_reply_with body unrefs for me -- I can
2733          * continue but may not use T anymore  */
2734         ret = t_reply_with_body(trans, code, &reason, &body, &headers, &tag);
2735
2736         if (ret < 0) {
2737                 LM_ERR("Reply failed\n");
2738                 rpc->fault(c, 500, "Reply failed");
2739                 return;
2740         }
2741 }
2742
2743 /**
2744  * re-entrant locking of reply mutex
2745  */
2746 void tm_reply_mutex_lock(tm_cell_t *t)
2747 {
2748         int mypid;
2749
2750         mypid = my_pid();
2751         if (likely(atomic_get(&t->reply_locker_pid) != mypid)) {
2752                 lock(&t->reply_mutex);
2753                 atomic_set(&t->reply_locker_pid, mypid);
2754         } else {
2755                 /* locked within the same process that called us*/
2756                 t->reply_rec_lock_level++;
2757         }
2758 }
2759
2760 /**
2761  * re-entrant unlocking of reply mutex
2762  */
2763 void tm_reply_mutex_unlock(tm_cell_t *t)
2764 {
2765         if (likely(t->reply_rec_lock_level == 0)) {
2766                 atomic_set(&t->reply_locker_pid, 0);
2767                 unlock(&t->reply_mutex);
2768         } else  {
2769                 /* recursive locked => decrease rec. lock count */
2770                 t->reply_rec_lock_level--;
2771         }
2772 }