Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- route{
- if($ua =~ "friendly-scanner"){
- # estamos identificando o tipo de ataque baseado no user agente e saindo sem resposta
- # neste caso a tendencia é que ele para de tentar
- xlog("L_NOTICE", "Auth error for $fU@$fd from $si cause -1");
- xlog("FRIENDLY-SCANNER: UA: $ua From_TAG: $ft From_URI: $fu Received IP: $Ri IP SOURCE: $si");
- exit;
- }
- force_rport();
- if (nat_uac_test("23")) {
- if (is_method("REGISTER")) {
- fix_nated_register();
- setbflag(NAT);
- } else {
- fix_nated_contact();
- setflag(NAT);
- }
- }
- if (!mf_process_maxfwd_header("10")) {
- sl_send_reply("483","Too Many Hops");
- exit;
- }
- if(method=="OPTIONS"){
- sl_send_reply("200", "OK");
- exit;
- }
- if (has_totag()) {
- # sequential request withing a dialog should
- # take the path determined by record-routing
- if (loose_route()) {
- # validate the sequential request against dialog
- if ( $DLG_status!=NULL && !validate_dialog() ) {
- xlog("In-Dialog $rm from $si (callid=$ci) is not valid according to dialog\n");
- ## exit;
- }
- if (is_method("BYE")) {
- setflag(ACC_DO); # do accounting ...
- setflag(ACC_FAILED); # ... even if the transaction fails
- } else if (is_method("INVITE")) {
- # even if in most of the cases is useless, do RR for
- # re-INVITEs alos, as some buggy clients do change route set
- # during the dialog.
- record_route();
- }
- if (check_route_param("nat=yes"))
- setflag(NAT);
- # route it out to whatever destination was set by loose_route()
- # in $du (destination URI).
- route(relay);
- } else {
- if (is_method("SUBSCRIBE") && $rd == "127.0.0.1:5060") { # CUSTOMIZE ME
- # in-dialog subscribe requests
- route(handle_presence);
- exit;
- }
- if ( is_method("ACK") ) {
- if ( t_check_trans() ) {
- # non loose-route, but stateful ACK; must be an ACK after
- # a 487 or e.g. 404 from upstream server
- t_relay();
- exit;
- } else {
- # ACK without matching transaction ->
- # ignore and discard
- exit;
- }
- }
- sl_send_reply("404","Not here");
- }
- exit;
- }
- # CANCEL processing
- if (is_method("CANCEL"))
- {
- if (t_check_trans())
- t_relay();
- exit;
- }
- t_check_trans();
- if ( !(is_method("REGISTER") && is_from_local()) ) {
- # authenticate if from local subscriber
- # authenticate all initial non-REGISTER request that pretend to be
- # generated by local subscriber (domain from FROM URI is local)
- if (!proxy_authorize("", "subscriber")) {
- proxy_challenge("", "0");
- exit;
- }
- if (!db_check_from()) {
- sl_send_reply("403","Forbidden auth ID");
- exit;
- }
- consume_credentials();
- # caller authenticated
- } else {
- # if caller is not local, then called number must be local
- if (!is_uri_host_local()) {
- send_reply("403","Rely forbidden");
- exit;
- }
- }
- # preloaded route checking
- if (loose_route()) {
- xlog("L_ERR",
- "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
- if (!is_method("ACK"))
- sl_send_reply("403","Preload Route denied");
- exit;
- }
- # record routing
- if (!is_method("REGISTER|MESSAGE"))
- record_route();
- # account only INVITEs
- if (is_method("INVITE")) {
- # create dialog with timeout
- if ( !create_dialog("B") ) {
- send_reply("500","Internal Server Error");
- exit;
- }
- setflag(ACC_DO); # do accounting
- }
- if (!is_uri_host_local()) {
- append_hf("P-hint: outbound\r\n");
- route(relay);
- }
- # requests for my domain
- if( is_method("PUBLISH|SUBSCRIBE"))
- route(handle_presence);
- if (!is_method("REGISTER"))
- record_route();
- if (is_method("REGISTER"))
- {
- # authenticate the REGISTER requests
- if (!www_authorize("", "subscriber"))
- {
- www_challenge("", "0");
- exit;
- }
- if (!db_check_to())
- {
- sl_send_reply("403","Forbidden auth ID");
- exit;
- }
- if ( 0 ) setflag(TCP_PERSISTENT);
- if (!save("location"))
- sl_reply_error();
- exit;
- }
- if ($rU==NULL) {
- # request with no Username in RURI
- sl_send_reply("484","Address Incomplete");
- exit;
- }
- if ($rU=~"^0+") {
- $rd="10.1.1.247";
- $rp=5060;
- route(relay);
- exit;
- }
- # do lookup with method filtering
- if (!lookup("location","m")) {
- if (!db_does_uri_exist()) {
- send_reply("420","Bad Extension");
- exit;
- }
- t_newtran();
- t_reply("404", "Not Found");
- exit;
- }
- if (isbflagset(NAT)) setflag(NAT);
- # when routing via usrloc, log the missed calls also
- setflag(ACC_MISSED);
- route(relay);
- }
- route[relay] {
- # for INVITEs enable some additional helper routes
- if (is_method("INVITE")) {
- if (isflagset(NAT)) {
- rtpproxy_offer("ro");
- }
- t_on_branch("per_branch_ops");
- t_on_reply("handle_nat");
- t_on_failure("missed_call");
- }
- if (isflagset(NAT)) {
- add_rr_param(";nat=yes");
- }
- if (!t_relay()) {
- send_reply("500","Internal Error");
- };
- exit;
- }
- # Presence route
- route[handle_presence]
- {
- if (!t_newtran())
- {
- sl_reply_error();
- exit;
- }
- if(is_method("PUBLISH"))
- {
- handle_publish();
- }
- else
- if( is_method("SUBSCRIBE"))
- {
- handle_subscribe();
- }
- exit;
- }
- branch_route[per_branch_ops] {
- xlog("new branch at $ru\n");
- }
- onreply_route[handle_nat] {
- if (nat_uac_test("1"))
- fix_nated_contact();
- if ( isflagset(NAT) )
- rtpproxy_answer("ro");
- xlog("incoming reply\n");
- }
- failure_route[missed_call] {
- if (t_was_cancelled()) {
- exit;
- }
- # uncomment the following lines if you want to block client
- # redirect based on 3xx replies.
- ##if (t_check_status("3[0-9][0-9]")) {
- ##t_reply("404","Not found");
- ## exit;
- ##}
- }
- local_route {
- if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
- acc_db_request("200 Dialog Timeout", "acc");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement