API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 30th, 2012
240
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.35 KB | None | 0 0
raw download clone embed print report
  1. #!KAMAILIO
  2.  
  3. ####### Defined Values #########
  4.  
  5. # *** Value defines - IDs used later in config
  6. #!define DBURL "postgres://xxxx:xxxx@1.1.1.1/db"
  7.  
  8. # - flags
  9. # FLT_ - per transaction (message) flags
  10. # FLB_ - per branch flags
  11. #!define FLT_ACC 1
  12. #!define FLT_ACCMISSED 2
  13. #!define FLT_ACCFAILED 3
  14. #!define FLT_NATS 4
  15. #!define FLT_FIXUSER 5
  16. #!define FLT_FROMPROXY 7
  17. #!define FLT_FROMUSER 8
  18. #!define FLT_TOUSER 10
  19. #!define FLT_SIPTRACE 11
  20. #!define FLT_LIMIT 12
  21. #!define FLT_DIALOG 13
  22.  
  23. #!define FLB_NATB 15
  24. #!define FLB_NATSIPPING 16
  25.  
  26.  
  27. ####### Global Parameters #########
  28.  
  29. #debug=4
  30. #log_stderror=yes
  31.  
  32. debug=0
  33. log_stderror=no
  34.  
  35. memdbg=5
  36. memlog=5
  37.  
  38. log_facility=LOG_LOCAL0
  39.  
  40. #fork=no
  41. fork=yes
  42. children=2
  43. tcp_children=1
  44. #disable_tcp=yes
  45. syn_branch=0
  46. auto_aliases=no
  47. alias="sip.domain.com"
  48.  
  49. /* uncomment and configure the following line if you want Kamailio to
  50. bind on a specific interface/port/proto (default bind on all available) */
  51. #listen=udp:C.C.C.C4:5060
  52. #listen=udp:127.0.0.1:5060
  53.  
  54. /* port to listen to
  55. * - can be specified more than once if needed to listen on many ports */
  56. port=5060
  57.  
  58. # life time of TCP connection when there is no traffic
  59. # - a bit higher than registration expires to cope with UA behind NAT
  60. tcp_connection_lifetime=3605
  61.  
  62. server_header="Server: 5Nine SIP Registrar"
  63. user_agent_header="User-Agent: 5Nine SIP Registrar"
  64.  
  65. ####### Custom Parameters #########
  66.  
  67. # These parameters can be modified runtime via RPC interface
  68. # - see the documentation of 'cfg_rpc' module.
  69. #
  70. # Format: group.id = value 'desc' description
  71. # Access: $sel(cfg_get.group.id) or @cfg_get.group.id
  72. #
  73.  
  74. proxy1.bindip = "C.C.C.C" desc "Proxy 1 IP Address"
  75. proxy1.bindport = "5060" desc "Proxy 1 Port"
  76.  
  77. proxy2.bindip = "E.E.E.E" desc "Proxy 2 IP Address"
  78. proxy2.bindport = "5060" desc "Proxy 2 Port"
  79.  
  80. ####### Modules Section ########
  81.  
  82. mpath="/usr/lib64/kamailio/modules_k/:/usr/lib64/kamailio/modules/"
  83.  
  84. loadmodule "db_postgres.so"
  85. #loadmodule "mi_fifo.so"
  86. loadmodule "mi_datagram.so"
  87. #loadmodule "mi_xmlrpc.so"
  88. loadmodule "kex.so"
  89. loadmodule "tm.so"
  90. loadmodule "sl.so"
  91. loadmodule "rr.so"
  92. loadmodule "pv.so"
  93. loadmodule "maxfwd.so"
  94. loadmodule "usrloc.so"
  95. loadmodule "registrar.so"
  96. loadmodule "textops.so"
  97. loadmodule "siputils.so"
  98. loadmodule "xlog.so"
  99. loadmodule "sanity.so"
  100. loadmodule "ctl.so"
  101. loadmodule "mi_rpc.so"
  102. loadmodule "acc.so"
  103. loadmodule "auth.so"
  104. loadmodule "auth_db.so"
  105. loadmodule "nathelper.so"
  106. loadmodule "rtpproxy.so"
  107. loadmodule "htable.so"
  108. loadmodule "pike.so"
  109.  
  110. # ----- mi_fifo params -----
  111. #modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
  112.  
  113. # ----- mi_datagram params -----
  114. modparam("mi_datagram", "socket_name", "udp:127.0.0.1:8033")
  115.  
  116. # ----- tm params -----
  117. # auto-discard branches from previous serial forking leg
  118. modparam("tm", "failure_reply_mode", 3)
  119. # default retransmission timeout: 2sec
  120. modparam("tm", "fr_timer", 2000)
  121. # default invite retransmission timeout after 1xx: 120sec
  122. modparam("tm", "fr_inv_timer", 120000)
  123.  
  124. # ----- rr params -----
  125. modparam("rr", "append_fromtag", 1)
  126.  
  127. # ----- pv params -----
  128. modparam("pv","avp_aliases",
  129. "acct_id=i:100;user_id=i:101;ouser=i:102;received=i:103;def_clid=i:104;
  130. channels=i:105;route=i:106;fail_route=i:107;aor=i:108")
  131.  
  132. # ----- registrar params -----
  133. modparam("registrar", "method_filtering", 1)
  134. modparam("registrar", "default_expires", 3600)
  135. modparam("registrar", "min_expires", 120)
  136. modparam("registrar", "max_expires", 7200)
  137. modparam("registrar", "max_contacts", 10)
  138. modparam("registrar", "aor_avp", "$avp(aor)")
  139.  
  140. # ----- acc params -----
  141. /* what special events should be accounted ? */
  142. modparam("acc", "early_media", 0)
  143. modparam("acc", "report_ack", 0)
  144. modparam("acc", "report_cancels", 0)
  145. /* by default ww do not adjust the direct of the sequential requests.
  146. if you enable this parameter, be sure the enable "append_fromtag"
  147. in "rr" module */
  148. modparam("acc", "detect_direction", 0)
  149. /* account triggers (flags) */
  150. modparam("acc", "log_flag", FLT_ACC)
  151. modparam("acc", "log_missed_flag", FLT_ACCMISSED)
  152. modparam("acc", "log_extra",
  153. "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
  154. modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
  155.  
  156. # ----- usrloc params -----
  157. /* enable DB persistency for registration entries */
  158. modparam("usrloc", "db_url", DBURL)
  159. modparam("usrloc", "db_mode", 2)
  160. modparam("usrloc", "timer_interval", 120)
  161.  
  162. # ----- auth_db params -----
  163. modparam("auth_db", "db_url", DBURL)
  164. modparam("auth_db", "calculate_ha1", 1)
  165. modparam("auth_db", "user_column", "ep_id")
  166. modparam("auth_db", "password_column", "password")
  167. modparam("auth_db", "load_credentials", "channels;default_clid;user_id")
  168. modparam("auth_db", "version_table", 0)
  169.  
  170. # ----- rtpproxy params -----
  171. modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
  172.  
  173. # ----- nathelper params -----
  174. modparam("nathelper", "natping_interval", 45)
  175. modparam("nathelper", "ping_nated_only", 1)
  176. modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
  177. modparam("nathelper", "sipping_from", "sip:pinger@sip.domain.com")
  178.  
  179. # params needed for NAT traversal in other modules
  180. modparam("nathelper|registrar", "received_avp", "$avp(received)")
  181. modparam("usrloc", "nat_bflag", FLB_NATB)
  182.  
  183. # ----- pike params -----
  184. modparam("pike", "sampling_time_unit", 2)
  185. modparam("pike", "reqs_density_per_unit", 16)
  186. modparam("pike", "remove_latency", 4)
  187.  
  188. # ----- htable params -----
  189. # ip ban htable with autoexpire after 5 minutes
  190. modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
  191.  
  192.  
  193. # Main SIP request routing logic
  194. route {
  195. route(LOOKUPSRC);
  196.  
  197. # per request initial checks
  198. route(REQINIT);
  199.  
  200. # NAT detection
  201. route(NATDETECT);
  202.  
  203. # handle requests within SIP dialogs
  204. route(WITHINDLG);
  205.  
  206. ### only initial requests (no To tag)
  207.  
  208. # CANCEL processing
  209. if (is_method("CANCEL")) {
  210. if (t_check_trans()) {
  211. t_relay();
  212. }
  213. exit;
  214. }
  215.  
  216. t_check_trans();
  217.  
  218. # record routing for dialog forming requests (in case they are routed)
  219. # - remove preloaded route headers
  220. remove_hf("Route");
  221. if (!is_method("REGISTER|MESSAGE"))
  222. record_route();
  223.  
  224. # authentication
  225. route(AUTH);
  226.  
  227. if (is_method("INVITE")) {
  228. setflag(FLT_ACC); # do accounting
  229.  
  230. if (!isflagset(FLT_FROMPROXY)) {
  231. # Send all INVITEs to our proxies
  232. $rd = "sip.domain.com";
  233. route(RELAY);
  234. }
  235. }
  236.  
  237. ### requests for my local domains
  238.  
  239. # handle registrations
  240. route(REGISTRAR);
  241.  
  242. if ($rU==$null) {
  243. # request with no Username in RURI
  244. sl_send_reply("484","Address Incomplete");
  245. exit;
  246. }
  247.  
  248. # registered users
  249. route(LOCATION);
  250.  
  251. # nothing matched
  252. sl_send_reply("404", "Not Found");
  253. }
  254.  
  255.  
  256. # Lookup source of request
  257. route[LOOKUPSRC] {
  258.  
  259. if($si==$sel(cfg_get.proxy1.bindip) && $sp==$sel(cfg_get.proxy1.bindport))
  260. setflag(FLT_FROMPROXY);
  261.  
  262. if($si==$sel(cfg_get.proxy2.bindip) && $sp==$sel(cfg_get.proxy2.bindport))
  263. setflag(FLT_FROMPROXY);
  264. }
  265.  
  266.  
  267. # Per SIP request initial checks
  268. route[REQINIT] {
  269. # calls from our proxies have already been checked
  270. if (isflagset(FLT_FROMPROXY))
  271. return;
  272.  
  273. # flood dection from same IP and traffic ban for a while
  274. # be sure you exclude checking trusted peers, such as pstn gateways
  275. # - local host excluded (e.g., loop to self)
  276. if(src_ip!=myself) {
  277. if($sht(ipban=>$si)!=$null) {
  278. # ip is already blocked
  279. xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
  280. exit;
  281. }
  282. if (!pike_check_req()) {
  283. xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
  284. $sht(ipban=>$si) = 1;
  285. exit;
  286. }
  287. }
  288.  
  289. if (!mf_process_maxfwd_header("10")) {
  290. sl_send_reply("483","Too Many Hops");
  291. exit;
  292. }
  293.  
  294. if(!sanity_check("1511", "7")) {
  295. xlog("L_INFO","Malformed SIP message from $si:$sp\n");
  296. exit;
  297. }
  298.  
  299. if (is_method("PUBLISH|MESSAGE|SUBSCRIBE|REFER")) {
  300. sl_send_reply("405", "Method not allowed");
  301. exit;
  302. }
  303. }
  304.  
  305.  
  306. # Caller NAT detection route
  307. route[NATDETECT] {
  308. if (is_method("INVITE")) {
  309. if (nat_uac_test("31")) {
  310. force_rport();
  311. fix_nated_contact();
  312. setflag(FLT_NATS);
  313. }
  314. } else {
  315. if (nat_uac_test("19")) {
  316. force_rport();
  317. if (is_method("REGISTER")) {
  318. fix_nated_register();
  319. } else {
  320. fix_nated_contact();
  321. }
  322. setflag(FLT_NATS);
  323. }
  324. }
  325. return;
  326. }
  327.  
  328.  
  329. # Handle requests within SIP dialogs
  330. route[WITHINDLG] {
  331. if (has_totag()) {
  332. # sequential request withing a dialog should
  333. # take the path determined by record-routing
  334. if (loose_route()) {
  335. if (is_method("BYE")) {
  336. setflag(FLT_ACC); # do accounting ...
  337. setflag(FLT_ACCFAILED); # ... even if the transaction fails
  338. }
  339. if (is_method("ACK")) {
  340. # ACK is forwarded statelessy
  341. route(NATMANAGE);
  342. }
  343. route(RELAY);
  344. } else {
  345. if ( is_method("ACK") ) {
  346. if (t_check_trans()) {
  347. # no loose-route, but stateful ACK;
  348. # must be an ACK after a 487
  349. # or e.g. 404 from upstream server
  350. t_relay();
  351. exit;
  352. } else {
  353. # ACK without matching transaction ... ignore and discard
  354. exit;
  355. }
  356. }
  357. sl_send_reply("404","Not here");
  358. }
  359. exit;
  360. }
  361. }
  362.  
  363.  
  364. # Authentication route
  365. route[AUTH] {
  366.  
  367. if (isflagset(FLT_FROMPROXY))
  368. return;
  369.  
  370. if (is_method("REGISTER")) {
  371.  
  372. # authenticate the REGISTER requests
  373. if (!www_authorize("$td", "endpoints")) {
  374. www_challenge("$td", "0");
  375. exit;
  376. }
  377.  
  378. } else {
  379. setflag(FLT_FROMUSER);
  380. }
  381. return;
  382. }
  383.  
  384.  
  385. route[RELAY] {
  386.  
  387. if (is_method("INVITE")) {
  388. t_on_branch("BRANCH_ONE");
  389. t_on_reply("REPLY_ONE");
  390. t_on_failure("FAIL_ONE");
  391. }
  392.  
  393. if (!t_relay()) {
  394. sl_reply_error();
  395. }
  396. exit;
  397. }
  398.  
  399.  
  400. # Handle SIP registrations
  401. route[REGISTRAR] {
  402. if (is_method("REGISTER")) {
  403. if (isflagset(FLT_NATS)) {
  404. setbflag(FLB_NATB);
  405. setbflag(FLB_NATSIPPING);
  406. }
  407. # Use auth username as aor
  408. $avp(aor) = "sip:" + $Au;
  409.  
  410. if (isflagset(FLT_NATS)) {
  411. # Don't store NATed registrations in the db
  412. if (!save("registrations", "0x01"))
  413. sl_reply_error();
  414. } else {
  415. if (!save("registrations"))
  416. sl_reply_error();
  417. }
  418.  
  419. # Replicate the request to other proxy
  420. route(REGFWD);
  421. exit;
  422. }
  423. }
  424.  
  425.  
  426. route[LOCATION] {
  427. # Only our proxies can route to registered users
  428. if (!isflagset(FLT_FROMPROXY)) {
  429. sl_send_reply("403", "Unauthorized");
  430. }
  431.  
  432. if (!lookup("registrations")) {
  433. switch ($rc) {
  434. case -1:
  435. case -3:
  436. sl_send_reply("480", "Temporarily Unavailable");
  437. exit;
  438. case -2:
  439. sl_send_reply("405", "Method Not Allowed");
  440. exit;
  441. }
  442. }
  443.  
  444. # when routing via usrloc, log the missed calls also
  445. if (is_method("INVITE")) {
  446. setflag(FLT_ACCMISSED);
  447. setflag(FLT_FIXUSER);
  448. $rU=$avp(ouser);
  449. }
  450.  
  451. route(RELAY);
  452. exit;
  453. }
  454.  
  455.  
  456. # RTPProxy control
  457. route[NATMANAGE] {
  458. if (is_request()) {
  459. if(has_totag()) {
  460. if(check_route_param("nat=yes")) {
  461. setbflag(FLB_NATB);
  462. }
  463. }
  464. }
  465. if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
  466. return;
  467.  
  468. rtpproxy_manage();
  469.  
  470. if (is_request()) {
  471. if (!has_totag()) {
  472. add_rr_param(";nat=yes");
  473. }
  474. }
  475.  
  476. if (is_reply()) {
  477. if(isbflagset(FLB_NATB)) {
  478. fix_nated_contact();
  479. }
  480. }
  481. return;
  482. }
  483.  
  484. # Forward REGISTER to Proxies
  485. route[REGFWD] {
  486. if (!is_method("REGISTER"))
  487. return;
  488.  
  489. subst('/^From:(.*)sip:.*@[a-zA-Z0-9.:]+(.*)$/From:\1sip:$au@sip.domain.com\2/ig');
  490. subst('/^To:(.*)sip:.*@[a-zA-Z0-9.:]+(.*)$/To:\1sip:$au@sip.domain.com\2/ig');
  491.  
  492. # If UAC is behind NAT, rewrite the Contact
  493. if (isflagset(FLT_NATS))
  494. subst('/^Contact:(.*)sip:(.*)@[a-zA-Z0-9.:]+(.*)$/Contact:\1sip:$au@$Ri:$Rp\3/ig');
  495.  
  496. $du = "sip:" + $sel(cfg_get.proxy1.bindip) + ":" + $sel(cfg_get.proxy1.bindport);
  497. t_replicate($du);
  498.  
  499. $du = "sip:" + $sel(cfg_get.proxy2.bindip) + ":" + $sel(cfg_get.proxy2.bindport);
  500. t_replicate($du);
  501.  
  502. }
  503.  
  504. # outgoing branches
  505. branch_route[BRANCH_ONE] {
  506. if (isflagset(FLT_FIXUSER)) {
  507. $rU=$avp(ouser);
  508. }
  509.  
  510. xdbg("new branch at $ru\n");
  511. route(NATMANAGE);
  512. }
  513.  
  514. onreply_route[REPLY_ONE] {
  515. xdbg("incoming reply\n");
  516.  
  517. if (status=~"[12][0-9][0-9]")
  518. route(NATMANAGE);
  519. }
  520.  
  521. # manage failure routing cases
  522. failure_route[FAIL_ONE] {
  523. route(NATMANAGE);
  524.  
  525. if (t_is_canceled())
  526. exit;
  527.  
  528. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!