Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!KAMAILIO
- #
- #!define WITH_MYSQL
- #!define WITH_AUTH
- #!define WITH_USRLOCDB
- #!define WITH_NAT
- #!define WITH_ANTIFLOOD
- #
- #
- # Kamailio (OpenSER) SIP Server v5.0 - default configuration script
- # - web: http://www.kamailio.org
- # - git: http://sip-router.org
- #
- # Direct your questions about this file to: <sr-users@lists.sip-router.org>
- #
- # Refer to the Core CookBook at http://www.kamailio.org/wiki/
- # for an explanation of possible statements, functions and parameters.
- #
- # Several features can be enabled using '#!define WITH_FEATURE' directives:
- #
- # *** To run in debug mode:
- # - define WITH_DEBUG
- #
- # *** To enable mysql:
- # - define WITH_MYSQL
- #
- # *** To enable authentication execute:
- # - enable mysql
- # - define WITH_AUTH
- # - add users using 'kamctl'
- #
- # *** To enable IP authentication execute:
- # - enable mysql
- # - enable authentication
- # - define WITH_IPAUTH
- # - add IP addresses with group id '1' to 'address' table
- #
- # *** To enable persistent user location execute:
- # - enable mysql
- # - define WITH_USRLOCDB
- #
- # *** To enable presence server execute:
- # - enable mysql
- # - define WITH_PRESENCE
- #
- # *** To enable nat traversal execute:
- # - define WITH_NAT
- # - install RTPProxy: http://www.rtpproxy.org
- # - start RTPProxy:
- # rtpproxy -l _your_public_ip_ -s udp:localhost:7722
- # - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
- #
- # *** To enable PSTN gateway routing execute:
- # - define WITH_PSTN
- # - set the value of pstn.gw_ip
- # - check route[PSTN] for regexp routing condition
- #
- # *** To enable database aliases lookup execute:
- # - enable mysql
- # - define WITH_ALIASDB
- #
- # *** To enable speed dial lookup execute:
- # - enable mysql
- # - define WITH_SPEEDDIAL
- #
- # *** To enable multi-domain support execute:
- # - enable mysql
- # - define WITH_MULTIDOMAIN
- #
- # *** To enable TLS support execute:
- # - adjust CFGDIR/tls.cfg as needed
- # - define WITH_TLS
- #
- # *** To enable XMLRPC support execute:
- # - define WITH_XMLRPC
- # - adjust route[XMLRPC] for access policy
- #
- # *** To enable anti-flood detection execute:
- # - adjust pike and htable=>ipban settings as needed (default is
- # block if more than 16 requests in 2 seconds and ban for 300 seconds)
- # - define WITH_ANTIFLOOD
- #
- # *** To block 3XX redirect replies execute:
- # - define WITH_BLOCK3XX
- #
- # *** To enable VoiceMail routing execute:
- # - define WITH_VOICEMAIL
- # - set the value of voicemail.srv_ip
- # - adjust the value of voicemail.srv_port
- #
- # *** To enhance accounting execute:
- # - enable mysql
- # - define WITH_ACCDB
- # - add following columns to database
- #!ifdef ACCDB_COMMENT
- ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
- ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
- ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default '';
- ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
- ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
- ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
- ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
- ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
- ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default '';
- ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
- ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
- ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
- #!endif
- ####### Include Local Config If Exists #########
- import_file "kamailio-local.cfg"
- ####### Defined Values #########
- # *** Value defines - IDs used later in config
- #!ifdef WITH_MYSQL
- # - database URL - used to connect to database server by modules such
- # as: auth_db, acc, usrloc, a.s.o.
- #!ifndef DBURL
- #!define DBURL "mysql://kamailiou:kamailiou1234@localhost/kamailio"
- #!endif
- #!endif
- #!ifdef WITH_MULTIDOMAIN
- # - the value for 'use_domain' parameters
- #!define MULTIDOMAIN 1
- #!else
- #!define MULTIDOMAIN 0
- #!endif
- # - flags
- # FLT_ - per transaction (message) flags
- # FLB_ - per branch flags
- #!define FLT_ACC 1
- #!define FLT_ACCMISSED 2
- #!define FLT_ACCFAILED 3
- #!define FLT_NATS 5
- #!define FLB_NATB 6
- #!define FLB_NATSIPPING 7
- #!substdef "!MY_IP_ADDR!192.168.20.67!g"
- #!substdef "!MY_DOMAIN!pf-dialer.crvoicecloud.com!g"
- #!substdef "!MY_WS_PORT!8080!g"
- #!substdef "!MY_WSS_PORT!4443!g"
- #!substdef "!MY_MSRP_PORT!9080!g"
- #!substdef "!MY_WS_ADDR!tcp:MY_IP_ADDR:MY_WS_PORT!g"
- #!substdef "!MY_WSS_ADDR!tls:MY_IP_ADDR:MY_WSS_PORT!g"
- #!substdef "!MY_MSRP_ADDR!tls:MY_IP_ADDR:MY_MSRP_PORT!g"
- #!substdef "!MSRP_MIN_EXPIRES!1800!g"
- #!substdef "!MSRP_MAX_EXPIRES!3600!g"
- #!define WITH_TLS
- #!define WITH_WEBSOCKETS
- #!define WITH_MSRP
- ####### Global Parameters #########
- ### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
- #!ifdef WITH_DEBUG
- debug=4
- log_stderror=no
- #!else
- debug=3
- log_stderror=no
- #!endif
- memdbg=5
- memlog=5
- log_facility=LOG_LOCAL0
- fork=yes
- children=4
- /* uncomment the next line to disable TCP (default on) */
- #disable_tcp=yes
- /* uncomment the next line to disable the auto discovery of local aliases
- based on reverse DNS on IPs (default on) */
- #auto_aliases=no
- /* add local domain aliases */
- alias="192.168.20.67"
- alias="pf-dialer.crvoicecloud.com"
- /* uncomment and configure the following line if you want Kamailio to
- bind on a specific interface/port/proto (default bind on all available) */
- listen=udp:127.0.0.1:5060
- listen=udp:192.168.20.67:5060
- /* port to listen to
- * - can be specified more than once if needed to listen on many ports */
- #port=5060
- #!ifdef WITH_TLS
- enable_tls=yes
- #!endif
- listen=MY_IP_ADDR
- #!ifdef WITH_WEBSOCKETS
- listen=MY_WS_ADDR
- #!ifdef WITH_TLS
- listen=MY_WSS_ADDR
- #!endif
- #!endif
- #!ifdef WITH_MSRP
- listen=MY_MSRP_ADDR
- #!endif
- tcp_connection_lifetime=3604
- tcp_accept_no_cl=yes
- tcp_rd_buf_size=16384
- # life time of TCP connection when there is no traffic
- # - a bit higher than registration expires to cope with UA behind NAT
- #tcp_connection_lifetime=3605
- ####### Custom Parameters #########
- # These parameters can be modified runtime via RPC interface
- # - see the documentation of 'cfg_rpc' module.
- #
- # Format: group.id = value 'desc' description
- # Access: $sel(cfg_get.group.id) or @cfg_get.group.id
- #
- #!ifdef WITH_PSTN
- # PSTN GW Routing
- #
- # - pstn.gw_ip: valid IP or hostname as string value, example:
- # pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
- #
- # - by default is empty to avoid misrouting
- pstn.gw_ip = "" desc "tos.cloud.goautodial.com GW Address"
- pstn.gw_port = "" desc "PSTN GW Port"
- #!endif
- #!ifdef WITH_VOICEMAIL
- # VoiceMail Routing on offline, busy or no answer
- #
- # - by default Voicemail server IP is empty to avoid misrouting
- voicemail.srv_ip = "" desc "VoiceMail IP Address"
- voicemail.srv_port = "5060" desc "VoiceMail Port"
- #!endif
- # don't advertise server headers
- server_signature=no
- sip_warning=0
- ####### Modules Section ########
- # set paths to location of modules (to sources or installation folders)
- #!ifdef WITH_SRCPATH
- mpath="modules/"
- #!else
- mpath="/usr/lib64/kamailio/modules/"
- #mpath="/usr/lib/x86_64-linux-gnu/kamailio/modules/"
- #!endif
- #!ifdef WITH_MYSQL
- loadmodule "db_mysql.so"
- #!endif
- #loadmodule "topoh.so"
- #loadmodule "mi_fifo.so"
- loadmodule "jsonrpcs.so"
- loadmodule "kex.so"
- loadmodule "corex.so"
- loadmodule "tm.so"
- loadmodule "tmx.so"
- loadmodule "sl.so"
- loadmodule "rr.so"
- loadmodule "pv.so"
- loadmodule "maxfwd.so"
- loadmodule "usrloc.so"
- loadmodule "registrar.so"
- loadmodule "textops.so"
- loadmodule "siputils.so"
- loadmodule "xlog.so"
- loadmodule "sanity.so"
- loadmodule "ctl.so"
- loadmodule "cfg_rpc.so"
- loadmodule "acc.so"
- #!ifdef WITH_AUTH
- loadmodule "auth.so"
- loadmodule "auth_db.so"
- #!ifdef WITH_IPAUTH
- loadmodule "permissions.so"
- #!endif
- #!endif
- #!ifdef WITH_ALIASDB
- loadmodule "alias_db.so"
- #!endif
- #!ifdef WITH_SPEEDDIAL
- loadmodule "speeddial.so"
- #!endif
- #!ifdef WITH_MULTIDOMAIN
- loadmodule "domain.so"
- #!endif
- #!ifdef WITH_PRESENCE
- loadmodule "presence.so"
- loadmodule "presence_xml.so"
- #!endif
- #!ifdef WITH_NAT
- loadmodule "nathelper.so"
- loadmodule "rtpengine.so"
- #loadmodule "rtpproxy.so"
- #!endif
- #!ifdef WITH_TLS
- loadmodule "tls.so"
- #!endif
- #!ifdef WITH_MSRP
- loadmodule "msrp.so"
- #loadmodule "htable.so"
- loadmodule "cfgutils.so"
- #!endif
- #!ifdef WITH_WEBSOCKETS
- loadmodule "xhttp.so"
- loadmodule "websocket.so"
- loadmodule "sdpops.so"
- loadmodule "textopsx.so"
- loadmodule "dialog.so"
- loadmodule "sst.so"
- #!endif
- #!ifdef WITH_ANTIFLOOD
- loadmodule "htable.so"
- loadmodule "pike.so"
- #!endif
- #!ifdef WITH_XMLRPC
- loadmodule "xmlrpc.so"
- #!endif
- #!ifdef WITH_DEBUG
- loadmodule "debugger.so"
- #!endif
- # ----------------- setting module-specific parameters ---------------
- # ---- topoh params -----
- #modparam("topoh", "mask_key", "Gu3ssWh@T1tS2016")
- #modparam("topoh", "mask_ip", "10.0.0.1")
- #modparam("topoh", "mask_callid", 1)
- # ----- mi_fifo params -----
- #modparam("mi_fifo", "fifo_name", "/var/run/kamailio/kamailio_fifo")
- # ----- jsonrpcs params -----
- modparam("jsonrpcs", "pretty_format", 1)
- /* set the path to RPC fifo control file */
- modparam("jsonrpcs", "fifo_name", "/var/run/kamailio/kamailio_rpc.fifo")
- /* set the path to RPC unix socket control file */
- modparam("jsonrpcs", "dgram_socket", "/var/run/kamailio/kamailio_rpc.sock")
- # ----- tm params -----
- # auto-discard branches from previous serial forking leg
- modparam("tm", "failure_reply_mode", 3)
- # default retransmission timeout: 30sec
- modparam("tm", "fr_timer", 30000)
- # default invite retransmission timeout after 1xx: 120sec
- modparam("tm", "fr_inv_timer", 120000)
- # ----- rr params -----
- # set next param to 1 to add value to ;lr param (helps with some UAs)
- modparam("rr", "enable_full_lr", 0)
- # do not append from tag to the RR (no need for this script)
- modparam("rr", "append_fromtag", 0)
- # ----- registrar params -----
- modparam("registrar", "method_filtering", 1)
- /* uncomment the next line to disable parallel forking via location */
- modparam("registrar", "append_branches", 0)
- /* uncomment the next line not to allow more than 100 contacts per AOR */
- modparam("registrar", "max_contacts", 100)
- # max value for expires of registrations
- modparam("registrar", "max_expires", 3600)
- # set it to 1 to enable GRUU
- modparam("registrar", "gruu_enabled", 0)
- # ----- acc params -----
- /* what special events should be accounted ? */
- modparam("acc", "early_media", 0)
- modparam("acc", "report_ack", 0)
- modparam("acc", "report_cancels", 0)
- /* by default ww do not adjust the direct of the sequential requests.
- if you enable this parameter, be sure the enable "append_fromtag"
- in "rr" module */
- modparam("acc", "detect_direction", 0)
- /* account triggers (flags) */
- modparam("acc", "log_flag", FLT_ACC)
- modparam("acc", "log_missed_flag", FLT_ACCMISSED)
- modparam("acc", "log_extra",
- "src_user=$fU;src_domain=$fd;src_ip=$si;"
- "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
- modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
- /* enhanced DB accounting */
- #!ifdef WITH_ACCDB
- modparam("acc", "db_flag", FLT_ACC)
- modparam("acc", "db_missed_flag", FLT_ACCMISSED)
- modparam("acc", "db_url", DBURL)
- modparam("acc", "db_extra",
- "src_user=$fU;src_domain=$fd;src_ip=$si;"
- "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
- #!endif
- # ----- usrloc params -----
- /* enable DB persistency for location entries */
- #!ifdef WITH_USRLOCDB
- modparam("usrloc", "db_url", DBURL)
- modparam("usrloc", "db_mode", 1)
- modparam("usrloc", "use_domain", MULTIDOMAIN)
- modparam("usrloc", "timer_interval", 60)
- modparam("usrloc", "timer_procs", 4)
- #!endif
- # ----- auth_db params -----
- #!ifdef WITH_AUTH
- modparam("auth_db", "db_url", DBURL)
- modparam("auth_db", "calculate_ha1", 0)
- modparam("auth_db", "password_column", "ha1")
- modparam("auth_db", "load_credentials", "")
- modparam("auth_db", "use_domain", MULTIDOMAIN)
- modparam("auth", "nonce_count", 1) # enable nonce_count support
- modparam("auth", "qop", "auth") # enable qop=auth
- modparam("auth", "nonce_expire", 60)
- modparam("auth", "nonce_auth_max_drift", 2)
- # For REGISTER requests we hash the Request-URI, Call-ID, and source IP of the
- # request into the nonce string. This ensures that the generated credentials
- # cannot be used with another registrar, user agent with another source IP
- # address or Call-ID. Note that user agents that change Call-ID with every
- # REGISTER message will not be able to register if you enable this.
- modparam("auth", "auth_checks_register", 11)
- # For dialog-establishing requests (such as the original INVITE, OPTIONS, etc)
- # we hash the Request-URI and source IP. Hashing Call-ID and From tags takes
- # some extra precaution, because these checks could render some UA unusable.
- modparam("auth", "auth_checks_no_dlg", 9)
- # For mid-dialog requests, such as re-INVITE, we can hash source IP and
- # Request-URI just like in the previous case. In addition to that we can hash
- # Call-ID and From tag because these are fixed within a dialog and are
- # guaranteed not to change. This settings effectively restrict the usage of
- # generated credentials to a single user agent within a single dialog.
- modparam("auth", "auth_checks_in_dlg", 15)
- # ----- permissions params -----
- #!ifdef WITH_IPAUTH
- modparam("permissions", "db_url", DBURL)
- modparam("permissions", "db_mode", 1)
- #!endif
- #!endif
- # ----- alias_db params -----
- #!ifdef WITH_ALIASDB
- modparam("alias_db", "db_url", DBURL)
- modparam("alias_db", "use_domain", MULTIDOMAIN)
- #!endif
- # ----- speeddial params -----
- #!ifdef WITH_SPEEDDIAL
- modparam("speeddial", "db_url", DBURL)
- modparam("speeddial", "use_domain", MULTIDOMAIN)
- #!endif
- # ----- domain params -----
- #!ifdef WITH_MULTIDOMAIN
- modparam("domain", "db_url", DBURL)
- # register callback to match myself condition with domains list
- modparam("domain", "register_myself", 1)
- #!endif
- #!ifdef WITH_PRESENCE
- # ----- presence params -----
- modparam("presence", "db_url", DBURL)
- # ----- presence_xml params -----
- modparam("presence_xml", "db_url", DBURL)
- modparam("presence_xml", "force_active", 1)
- #!endif
- #!ifdef WITH_NAT
- # ----- rtpengine params -----
- modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:5066")
- modparam("rtpengine", "rtpengine_disable_tout", 20)
- #modparam("rtpengine", "db_url", DBURL)
- # ----- nathelper params -----
- modparam("nathelper", "natping_interval", 30)
- modparam("nathelper", "ping_nated_only", 1)
- modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
- modparam("nathelper", "sipping_from", "sip:pinger@kamailio.org")
- # params needed for NAT traversal in other modules
- modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
- modparam("usrloc", "nat_bflag", FLB_NATB)
- #!endif
- #!ifdef WITH_TLS
- # ----- tls params -----
- modparam("tls", "config", "/etc/kamailio/tls.cfg")
- #modparam("tls", "private_key", "/etc/httpd/certs/essentialSSL/wildcard.goautodial.com.key")
- #modparam("tls", "certificate", "/etc/httpd/certs/essentialSSL/wildcard.goautodial.com.crt")
- #modparam("tls", "ca_list", "/etc/httpd/certs/essentialSSL/wildcard.goautodial.com.ca-bundle")
- #!endif
- #!ifdef WITH_WEBSOCKETS
- # ----- nathelper params -----
- modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
- # Note: leaving NAT pings turned off here as nathelper is _only_ being used for
- # WebSocket connections. NAT pings are not needed as WebSockets have
- # their own keep-alives.
- modparam("dialog", "dlg_flag", 10)
- modparam("dialog", "track_cseq_updates", 0)
- modparam("dialog", "dlg_match_mode", 2)
- modparam("dialog", "timeout_avp", "$avp(i:10)")
- # Set the sst modules timeout_avp to be the same value
- modparam("sst", "timeout_avp", "$avp(i:10)")
- modparam("sst", "sst_flag", 11)
- #!endif
- #!ifdef WITH_MSRP
- # ----- htable params -----
- modparam("htable", "htable", "msrp=>size=8;autoexpire=MSRP_MAX_EXPIRES;")
- #!endif
- #!ifdef WITH_ANTIFLOOD
- # ----- pike params -----
- modparam("pike", "sampling_time_unit", 2)
- modparam("pike", "reqs_density_per_unit", 32)
- modparam("pike", "remove_latency", 4)
- # ----- htable params -----
- # ip ban htable with autoexpire after 5 minutes
- # modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
- #!endif
- #!ifdef WITH_XMLRPC
- # ----- xmlrpc params -----
- modparam("xmlrpc", "route", "XMLRPC");
- modparam("xmlrpc", "url_match", "^/RPC")
- #!endif
- #!ifdef WITH_DEBUG
- # ----- debugger params -----
- modparam("debugger", "cfgtrace", 1)
- modparam("debugger", "log_level_name", "exec")
- #!endif
- ####### Routing Logic ########
- # Main SIP request routing logic
- # - processing of any incoming SIP request starts with this route
- # - note: this is the same as route { ... }
- request_route {
- # per request initial checks
- route(REQINIT);
- #!ifdef WITH_WEBSOCKETS
- if (nat_uac_test(64)) {
- # Do NAT traversal stuff for requests from a WebSocket
- # connection - even if it is not behind a NAT!
- # This won't be needed in the future if Kamailio and the
- # WebSocket client support Outbound and Path.
- force_rport();
- if (is_method("REGISTER")) {
- fix_nated_register();
- } else {
- if (!add_contact_alias()) {
- xlog("L_ERR", "Error aliasing contact <$ct>\n");
- sl_send_reply("400", "Bad Request");
- exit;
- }
- }
- }
- #!endif
- # NAT detection
- route(NATDETECT);
- # CANCEL processing
- if (is_method("CANCEL")) {
- if (t_check_trans()) {
- route(RELAY);
- }
- exit;
- }
- # handle requests within SIP dialogs
- route(WITHINDLG);
- ### only initial requests (no To tag)
- # handle retransmissions
- if(t_precheck_trans()) {
- t_check_trans();
- exit;
- }
- t_check_trans();
- # authentication
- route(AUTH);
- # record routing for dialog forming requests (in case they are routed)
- # - remove preloaded route headers
- remove_hf("Route");
- if (is_method("INVITE|SUBSCRIBE"))
- record_route();
- # account only INVITEs
- if (is_method("INVITE")) {
- setflag(FLT_ACC); # do accounting
- setflag(10); # set the dialog flag
- setflag(11); # Set the sst flag
- }
- if (is_method("UPDATE")) {
- setflag(FLT_ACC); # do accounting
- setflag(10); # set the dialog flag
- setflag(11); # Set the sst flag
- }
- # dispatch requests to foreign domains
- route(SIPOUT);
- ### requests for my local domains
- # handle presence related requests
- route(PRESENCE);
- # handle registrations
- route(REGISTRAR);
- if ($rU==$null) {
- # request with no Username in RURI
- sl_send_reply("484","Address Incomplete");
- exit;
- }
- # dispatch destinations to PSTN
- route(PSTN);
- # user location service
- route(LOCATION);
- route(RELAY);
- }
- # Wrapper for relaying requests
- route[RELAY] {
- # enable additional event routes for forwarded requests
- # - serial forking, RTP relaying handling, a.s.o.
- if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
- if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
- }
- if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
- if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
- }
- if (is_method("INVITE")) {
- dlg_manage();
- route(SETUP_BY_TRANSPORT);
- if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
- }
- if (!t_relay()) {
- sl_reply_error();
- }
- exit;
- }
- route[SETUP_BY_TRANSPORT] {
- if ($ru =~ "transport=ws") {
- xlog("L_INFO", "Request going to WS");
- if(sdp_with_transport("RTP/SAVPF")) {
- xlog("L_INFO", "RTP/SAVPF detected");
- rtpengine_manage("force trust-address replace-origin replace-session-connection ICE=force");
- t_on_reply("REPLY_WS_TO_WS");
- return;
- }
- rtpengine_manage("trust-address replace-origin replace-session-connection ICE=force RTP/SAVPF rtcp-mux-offer rtcp-mux-accept SDES-off");
- t_on_reply("REPLY_FROM_WS");
- }
- else if ($proto =~ "ws") {
- xlog("L_INFO", "Request coming from WS");
- rtpengine_manage("RTP/AVP");
- t_on_reply("REPLY_TO_WS");
- }
- else {
- xlog("L_INFO", "This is a classic phone call");
- rtpengine_manage("trust-address replace-origin replace-session-connection RTP/AVP");
- t_on_reply("MANAGE_CLASSIC_REPLY");
- }
- }
- onreply_route[REPLY_WS_TO_WS] {
- xlog("L_INFO", "WS to WS");
- if(status=~"[12][0-9][0-9]") {
- rtpengine_manage("force trust-address replace-origin replace-session-connection ICE=force");
- route(NATMANAGE);
- }
- }
- onreply_route[REPLY_FROM_WS] {
- xlog("L_INFO", "Reply from webrtc client: $rs");
- if(status=~"[12][0-9][0-9]") {
- rtpengine_manage("trust-address replace-origin replace-session-connection ICE=remove RTP/AVP rtcp-mux-offer rtcp-mux-accept SDES-off");
- route(NATMANAGE);
- }
- }
- onreply_route[REPLY_TO_WS] {
- xlog("L_INFO", "Reply from softphone: $rs");
- if (t_check_status("183")) {
- change_reply_status("180", "Ringing");
- remove_body();
- exit;
- }
- if(!(status=~"[12][0-9][0-9]"))
- return;
- rtpengine_manage("froc+SP");
- route(NATMANAGE);
- }
- onreply_route[MANAGE_CLASSIC_REPLY] {
- xlog("L_INFO", "Boring reply from softphone: $rs");
- if(status=~"[12][0-9][0-9]") {
- xlog("L_INFO", "rtpengine_manage - trust-address replace-origin replace-session-connection RTP/AVP");
- rtpengine_manage("trust-address replace-origin replace-session-connection RTP/AVP");
- route(NATMANAGE);
- }
- }
- # Per SIP request initial checks
- route[REQINIT] {
- #!ifdef WITH_ANTIFLOOD
- # flood dection from same IP and traffic ban for a while
- # be sure you exclude checking trusted peers, such as pstn gateways
- # - local host excluded (e.g., loop to self)
- if(src_ip!=myself) {
- if($sht(ipban=>$si)!=$null) {
- # ip is already blocked
- xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
- exit;
- }
- if (!pike_check_req()) {
- xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
- $sht(ipban=>$si) = 1;
- exit;
- }
- }
- if($ua =~ "friendly-scanner") {
- sl_send_reply("200", "OK");
- exit;
- }
- #!endif
- if (!mf_process_maxfwd_header("10")) {
- sl_send_reply("483","Too Many Hops");
- exit;
- }
- if(is_method("OPTIONS") && uri==myself && $rU==$null) {
- sl_send_reply("200","Keepalive");
- exit;
- }
- if(!sanity_check("1511", "7")) {
- xlog("Malformed SIP message from $si:$sp\n");
- exit;
- }
- }
- # Handle requests within SIP dialogs
- route[WITHINDLG] {
- if (!has_totag()) return;
- # sequential request withing a dialog should
- # take the path determined by record-routing
- if (loose_route()) {
- #!ifdef WITH_WEBSOCKETS
- if ($du == "") {
- if (!handle_ruri_alias()) {
- xlog("L_ERR", "Bad alias <$ru>\n");
- sl_send_reply("400", "Bad Request");
- exit;
- }
- }
- #!endif
- route(DLGURI);
- if (is_method("BYE")) {
- setflag(FLT_ACC); # do accounting ...
- setflag(FLT_ACCFAILED); # ... even if the transaction fails
- }
- else if ( is_method("ACK") ) {
- # ACK is forwarded statelessy
- route(NATMANAGE);
- }
- else if ( is_method("NOTIFY") ) {
- # Add Record-Route for in-dialog NOTIFY as per RFC 6665.
- record_route();
- }
- route(RELAY);
- exit;
- }
- if (is_method("SUBSCRIBE") && uri == myself) {
- # in-dialog subscribe requests
- route(PRESENCE);
- exit;
- }
- if ( is_method("ACK") ) {
- if ( t_check_trans() ) {
- # no loose-route, but stateful ACK;
- # must be an ACK after a 487
- # or e.g. 404 from upstream server
- route(RELAY);
- exit;
- } else {
- # ACK without matching transaction ... ignore and discard
- exit;
- }
- }
- sl_send_reply("404","Not here");
- exit;
- }
- # Handle SIP registrations
- route[REGISTRAR] {
- if (!is_method("REGISTER")) return;
- if(isflagset(FLT_NATS)) {
- setbflag(FLB_NATB);
- #!ifdef WITH_NATSIPPING
- # do SIP NAT pinging
- setbflag(FLB_NATSIPPING);
- #!endif
- }
- if (!save("location", "0x04"))
- sl_reply_error();
- exit;
- }
- # User location service
- route[LOCATION] {
- #!ifdef WITH_SPEEDDIAL
- # search for short dialing - 2-digit extension
- if($rU=~"^[0-9][0-9]$")
- if(sd_lookup("speed_dial"))
- route(SIPOUT);
- #!endif
- #!ifdef WITH_ALIASDB
- # search in DB-based aliases
- if(alias_db_lookup("dbaliases"))
- route(SIPOUT);
- #!endif
- $avp(oexten) = $rU;
- if (!lookup("location")) {
- $var(rc) = $rc;
- route(TOVOICEMAIL);
- t_newtran();
- switch ($var(rc)) {
- case -1:
- case -3:
- send_reply("404", "Not Found");
- exit;
- case -2:
- send_reply("405", "Method Not Allowed");
- exit;
- }
- }
- # when routing via usrloc, log the missed calls also
- if (is_method("INVITE")) {
- setflag(FLT_ACCMISSED);
- }
- # t_on_failure("UA_FAILURE");
- route(RELAY);
- exit;
- }
- # Presence server processing
- route[PRESENCE] {
- if(!is_method("PUBLISH|SUBSCRIBE"))
- return;
- if(is_method("SUBSCRIBE") && $hdr(Event)=="message-summary") {
- route(TOVOICEMAIL);
- # returns here if no voicemail server is configured
- sl_send_reply("404", "No voicemail service");
- exit;
- }
- #!ifdef WITH_PRESENCE
- if (!t_newtran()) {
- sl_reply_error();
- exit;
- }
- if(is_method("PUBLISH")) {
- handle_publish();
- t_release();
- } else if(is_method("SUBSCRIBE")) {
- handle_subscribe();
- t_release();
- }
- exit;
- #!endif
- # if presence enabled, this part will not be executed
- if (is_method("PUBLISH") || $rU==$null) {
- sl_send_reply("404", "Not here");
- exit;
- }
- return;
- }
- # IP authorization and user uthentication
- route[AUTH] {
- #!ifdef WITH_AUTH
- #!ifdef WITH_IPAUTH
- if((!is_method("REGISTER")) && allow_source_address()) {
- # source IP allowed
- return;
- }
- #!endif
- if (is_method("REGISTER") || from_uri==myself)
- {
- # authenticate requests
- if (!auth_check("$fd", "subscriber", "1")) {
- auth_challenge("$fd", "0");
- exit;
- }
- # user authenticated - remove auth header
- if(!is_method("REGISTER|PUBLISH"))
- consume_credentials();
- }
- # if caller is not local subscriber, then check if it calls
- # a local destination, otherwise deny, not an open relay here
- if (from_uri!=myself && uri!=myself) {
- sl_send_reply("403","Not relaying");
- exit;
- }
- #!endif
- return;
- }
- # Caller NAT detection
- route[NATDETECT] {
- #!ifdef WITH_NAT
- force_rport();
- if (nat_uac_test("19")) {
- if (is_method("REGISTER")) {
- fix_nated_register();
- } else {
- if(is_first_hop())
- set_contact_alias();
- }
- setflag(FLT_NATS);
- }
- #!endif
- return;
- }
- # RTPengine control and singaling updates for NAT traversal
- route[NATMANAGE] {
- #!ifdef WITH_NAT
- if (is_request()) {
- if(has_totag()) {
- if(check_route_param("nat=yes")) {
- setbflag(FLB_NATB);
- }
- }
- }
- if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
- return;
- if (is_request()) {
- if (!has_totag()) {
- if(t_is_branch_route()) {
- add_rr_param(";nat=yes");
- }
- }
- }
- if (is_reply()) {
- if(isbflagset(FLB_NATB)) {
- if(is_first_hop())
- set_contact_alias();
- }
- }
- #!endif
- return;
- }
- # URI update for dialog requests
- route[DLGURI] {
- #!ifdef WITH_NAT
- if(!isdsturiset()) {
- handle_ruri_alias();
- }
- #!endif
- return;
- }
- # Routing to foreign domains
- route[SIPOUT] {
- if (uri==myself) return;
- append_hf("P-hint: outbound\r\n");
- route(RELAY);
- exit;
- }
- # PSTN GW routing
- route[PSTN] {
- #!ifdef WITH_PSTN
- # check if PSTN GW IP is defined
- if (strempty($sel(cfg_get.pstn.gw_ip))) {
- xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n");
- return;
- }
- # route to PSTN dialed numbers starting with '+' or '00'
- # (international format)
- # - update the condition to match your dialing rules for PSTN routing
- if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
- return;
- # only local users allowed to call
- if(from_uri!=myself) {
- sl_send_reply("403", "Not Allowed");
- exit;
- }
- if (strempty($sel(cfg_get.pstn.gw_port))) {
- $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
- } else {
- $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip) + ":"
- + $sel(cfg_get.pstn.gw_port);
- }
- route(RELAY);
- exit;
- #!endif
- return;
- }
- # XMLRPC routing
- #!ifdef WITH_XMLRPC
- route[XMLRPC] {
- # allow XMLRPC from localhost
- if ((method=="POST" || method=="GET")
- && (src_ip==127.0.0.1)) {
- # close connection only for xmlrpclib user agents (there is a bug in
- # xmlrpclib: it waits for EOF before interpreting the response).
- if ($hdr(User-Agent) =~ "xmlrpclib")
- set_reply_close();
- set_reply_no_connect();
- dispatch_rpc();
- exit;
- }
- send_reply("403", "Forbidden");
- exit;
- }
- #!endif
- # Routing to voicemail server
- route[TOVOICEMAIL] {
- #!ifdef WITH_VOICEMAIL
- if(!is_method("INVITE|SUBSCRIBE"))
- return;
- # check if VoiceMail server IP is defined
- if (strempty($sel(cfg_get.voicemail.srv_ip))) {
- xlog("SCRIPT: VoiceMail rotuing enabled but IP not defined\n");
- return;
- }
- if(is_method("INVITE")) {
- if($avp(oexten)==$null)
- return;
- $ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip)
- + ":" + $sel(cfg_get.voicemail.srv_port);
- } else {
- if($rU==$null)
- return;
- $ru = "sip:" + $rU + "@" + $sel(cfg_get.voicemail.srv_ip)
- + ":" + $sel(cfg_get.voicemail.srv_port);
- }
- route(RELAY);
- exit;
- #!endif
- return;
- }
- # Manage outgoing branches
- branch_route[MANAGE_BRANCH] {
- xdbg("new branch [$T_branch_idx] to $ru\n");
- route(NATMANAGE);
- }
- # Manage incoming replies
- onreply_route[MANAGE_REPLY] {
- xdbg("incoming reply\n");
- if(status=~"[12][0-9][0-9]")
- route(NATMANAGE);
- }
- # Manage failure routing cases
- failure_route[MANAGE_FAILURE] {
- route(NATMANAGE);
- if (t_is_canceled()) {
- exit;
- }
- #!ifdef WITH_BLOCK3XX
- # block call redirect based on 3xx replies.
- if (t_check_status("3[0-9][0-9]")) {
- t_reply("404","Not found");
- exit;
- }
- #!endif
- #!ifdef WITH_VOICEMAIL
- # serial forking
- # - route to voicemail on busy or no answer (timeout)
- if (t_check_status("486|408")) {
- $du = $null;
- route(TOVOICEMAIL);
- exit;
- }
- #!endif
- }
- #!ifdef WITH_WEBSOCKETS
- onreply_route {
- if ((($Rp == MY_WS_PORT || $Rp == MY_WSS_PORT)
- && !(proto == WS || proto == WSS)) || $Rp == MY_MSRP_PORT) {
- xlog("L_WARN", "SIP response received on $Rp\n");
- drop;
- exit;
- }
- if (nat_uac_test(64)) {
- # Do NAT traversal stuff for replies to a WebSocket connection
- # - even if it is not behind a NAT!
- # This won't be needed in the future if Kamailio and the
- # WebSocket client support Outbound and Path.
- add_contact_alias();
- }
- }
- event_route[xhttp:request] {
- set_reply_close();
- set_reply_no_connect();
- if ($Rp != MY_WS_PORT
- #!ifdef WITH_TLS
- && $Rp != MY_WSS_PORT
- #!endif
- ) {
- xlog("L_WARN", "HTTP request received on $Rp\n");
- xhttp_reply("403", "Forbidden", "", "");
- exit;
- }
- xlog("L_DBG", "HTTP Request Received\n");
- if ($hdr(Upgrade)=~"websocket"
- && $hdr(Connection)=~"Upgrade"
- && $rm=~"GET") {
- # Validate Host - make sure the client is using the correct
- # alias for WebSockets
- # Sasa: commented out, see http://sip-router.1086192.n5.nabble.com/Testing-the-Websocket-module-with-sipml5-org-td65069.html
- #if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
- # xlog("L_WARN", "Bad host $hdr(Host)\n");
- # xhttp_reply("403", "Forbidden", "", "");
- # exit;
- #}
- # Optional... validate Origin - make sure the client is from an
- # authorised website. For example,
- #
- # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
- # && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
- # xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
- # xhttp_reply("403", "Forbidden", "", "");
- # exit;
- # }
- # Optional... perform HTTP authentication
- # ws_handle_handshake() exits (no further configuration file
- # processing of the request) when complete.
- if (ws_handle_handshake())
- {
- # Optional... cache some information about the
- # successful connection
- exit;
- }
- }
- xhttp_reply("404", "Not Found", "", "");
- }
- event_route[websocket:closed] {
- xlog("L_INFO", "WebSocket connection from $si:$sp has closed\n");
- }
- failure_route[UA_FAILURE] {
- xlog("L_INFO", "Triggered UA_FAILURE\n");
- if (t_check_status("488") && sdp_content()) {
- if (sdp_get_line_startswith("$avp(mline)", "m=")) {
- if ($avp(mline) =~ "SAVPF") {
- $avp(rtpengine_offer_flags) = "froc-sp";
- $avp(rtpengine_answer_flags) = "froc+SP";
- } else {
- $avp(rtpengine_offer_flags) = "froc+SP";
- $avp(rtpengine_answer_flags) = "froc-sp";
- }
- }
- append_branch();
- rtpengine_offer($avp(rtpengine_offer_flags));
- t_on_reply("RTPPROXY_REPLY");
- route(RELAY);
- }
- }
- onreply_route[RTPPROXY_REPLY] {
- xlog("L_INFO", "Triggered RTPPROXY_REPLY\n");
- if (status =~ "18[03]") {
- change_reply_status(180, "Ringing");
- remove_body();
- } else if (status =~ "2[0-9][0-9]" && sdp_content()) {
- rtpengine_answer($avp(rtpengine_answer_flags));
- }
- }
- #!endif
- #!ifdef WITH_MSRP
- event_route[msrp:frame-in] {
- msrp_reply_flags("1");
- if ((($Rp == MY_WS_PORT || $Rp == MY_WSS_PORT)
- && !(proto == WS || proto == WSS)) && $Rp != MY_MSRP_PORT) {
- xlog("L_WARN", "MSRP request received on $Rp\n");
- msrp_reply("403", "Action-not-allowed");
- exit;
- }
- if (msrp_is_reply()) {
- msrp_relay();
- } else if($msrp(method)=="AUTH") {
- if($msrp(nexthops)>0) {
- msrp_relay();
- exit;
- }
- if (!www_authenticate("MY_DOMAIN", "subscriber",
- "$msrp(method)")) {
- if (auth_get_www_authenticate("MY_DOMAIN", "1",
- "$var(wauth)")) {
- msrp_reply("401", "Unauthorized",
- "$var(wauth)");
- } else {
- msrp_reply("500", "Server Error");
- }
- exit;
- }
- if ($hdr(Expires) != $null) {
- $var(expires) = (int) $hdr(Expires);
- if ($var(expires) < MSRP_MIN_EXPIRES) {
- msrp_reply("423", "Interval Out-of-Bounds",
- "Min-Expires: MSRP_MIN_EXPIRES\r\n");
- exit;
- } else if ($var(expires) > MSRP_MAX_EXPIRES) {
- msrp_reply("423", "Interval Out-of-Bounds",
- "Max-Expires: MSRP_MAX_EXPIRES\r\n");
- exit;
- }
- } else {
- $var(expires) = MSRP_MAX_EXPIRES;
- }
- $var(cnt) = $var(cnt) + 1;
- pv_printf("$var(sessid)", "s.$(pp).$(var(cnt)).$(RANDOM)");
- $sht(msrp=>$var(sessid)::srcaddr) = $msrp(srcaddr);
- $sht(msrp=>$var(sessid)::srcsock) = $msrp(srcsock);
- $shtex(msrp=>$var(sessid)) = $var(expires) + 5;
- # - Use-Path: the MSRP address for server + session id
- $var(hdrs) = "Use-Path: msrps://MY_IP_ADDR:MY_MSRP_PORT/"
- + $var(sessid) + ";tcp\r\n"
- + "Expires: " + $var(expires) + "\r\n";
- msrp_reply("200", "OK", "$var(hdrs)");
- } else if ($msrp(method)=="SEND" || $msrp(method)=="REPORT") {
- if ($msrp(nexthops)>1) {
- if ($msrp(method)!="REPORT") {
- msrp_reply("200", "OK");
- }
- msrp_relay();
- exit;
- }
- $var(sessid) = $msrp(sessid);
- if ($sht(msrp=>$var(sessid)::srcaddr) == $null) {
- # one more hop, but we don't have address in htable
- msrp_reply("481", "Session-does-not-exist");
- exit;
- } else if ($msrp(method)!="REPORT") {
- msrp_reply("200", "OK");
- }
- msrp_relay_flags("1");
- msrp_set_dst("$sht(msrp=>$var(sessid)::srcaddr)",
- "$sht(msrp=>$var(sessid)::srcsock)");
- msrp_relay();
- } else {
- msrp_reply("501", "Request-method-not-understood");
- }
- }
- #!endif
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement