eliphas

kamailio webrtc/sip multidomain proxy

May 6th, 2021 (edited)
615
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!KAMAILIO
  2. #
  3.  
  4. #!substdef "!AST_IP4_ADDR!172.16.1.1!g"
  5. #!substdef "!AST_SIP_PORT!5062!g"
  6.  
  7. #!define FROM_AST 21
  8. #!define FROM_SIP 22
  9. #!define FROM_WSS 23
  10.  
  11. ##!define WITH_MYSQL
  12. ##!define WITH_AUTH
  13. ##!define WITH_USRLOCDB
  14. #!define WITH_TLS
  15. ##!define WITH_HOMER
  16. #!define WITH_WEBSOCKETS
  17. ##!define WITH_ANTIFLOOD
  18. ##!define WITH_IPV6
  19. ##!define WITH_BRIDGE_ON_FAIL
  20. ##!define WITH_LOCALHOST_WS
  21. ##!define WITH_LOCALHOST_SIP
  22.  
  23. #!substdef "!MY_SIP_PORT!5060!g"
  24. #!substdef "!MY_SIPS_PORT!5061!g"
  25. #!substdef "!MY_WS_PORT!8090!g"
  26. #!substdef "!MY_WSS_PORT!8091!g"
  27.  
  28. #!substdef "!MY_IP4_ADDR!172.16.1.1!g"
  29. #!substdef "!IP4_LOCALHOST!127.0.0.1!g"
  30. #!substdef "!MY_WS4_ADDR!tcp:MY_IP4_ADDR:MY_WS_PORT!g"
  31. #!substdef "!MY_WSS4_ADDR!tls:MY_IP4_ADDR:MY_WSS_PORT!g"
  32. #!substdef "!LOCALHOST_WS4_ADDR!tcp:IP4_LOCALHOST:MY_WS_PORT!g"
  33. #!substdef "!LOCALHOST_WSS4_ADDR!tls:IP4_LOCALHOST:MY_WSS_PORT!g"
  34.  
  35. #!ifdef WITH_IPV6
  36. #!substdef "!MY_IP6_ADDR![XXXXXX-XXXXXX]!g"
  37. #!substdef "!IP6_LOCALHOST![::1]!g"
  38. #!substdef "!MY_WS6_ADDR!tcp:MY_IP6_ADDR:MY_WS_PORT!g"
  39. #!substdef "!MY_WSS6_ADDR!tls:MY_IP6_ADDR:MY_WSS_PORT!g"
  40. #!substdef "!LOCALHOST_WS6_ADDR!tcp:IP6_LOCALHOST:MY_WS_PORT!g"
  41. #!substdef "!LOCALHOST_WSS6_ADDR!tls:IP6_LOCALHOST:MY_WSS_PORT!g"
  42. #!endif
  43.  
  44. #!substdef "!MY_DOMAIN!mydomain.example.com!g"
  45.  
  46. # *** Value defines - IDs used later in config
  47. #!ifdef WITH_MYSQL
  48. # - database URL - used to connect to database server by modules such
  49. #        as: auth_db, acc, usrloc, a.s.o.
  50. #!ifndef DBURL
  51. #!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
  52. #!endif
  53. #!endif
  54.  
  55. # - flags
  56. #    FLT_ - per transaction (message) flags
  57. #   FLB_ - per branch flags
  58. #!define FLT_NATS 5
  59.  
  60. #!define FLB_NATB 6
  61. #!define FLB_NATSIPPING 7
  62. #!define FLB_RTPWS 8
  63. #!define FLB_IPV6 9
  64. #!define FLB_V4V6 10
  65. #!define FLB_BRIDGE 11
  66.  
  67. ####### Global Parameters #########
  68.  
  69. ### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
  70. #!ifdef WITH_DEBUG
  71. debug=4
  72. log_stderror=yes
  73. #!else
  74. debug=2
  75. log_stderror=yes
  76. #!endif
  77.  
  78. memdbg=5
  79. memlog=5
  80.  
  81. log_facility=LOG_LOCAL0
  82.  
  83. fork=yes
  84. children=4
  85.  
  86. port=MY_SIP_PORT
  87. tls_port_no=MY_SIPS_PORT
  88.  
  89. #!ifdef WITH_TLS
  90. enable_tls=yes
  91. #!endif
  92.  
  93.  
  94. listen=MY_IP4_ADDR:MY_SIP_PORT
  95. #!ifdef WITH_LOCALHOST_SIP
  96. listen=IP4_LOCALHOST
  97. #!endif
  98. #!ifdef WITH_IPV6
  99. listen=MY_IP6_ADDR
  100. #!ifdef WITH_LOCALHOST_SIP
  101. listen=IP6_LOCALHOST
  102. #!endif
  103. #!endif
  104.  
  105. #!ifdef WITH_WEBSOCKETS
  106. listen=MY_WS4_ADDR
  107. #!ifdef WITH_LOCALHOST_WS
  108. listen=LOCALHOST_WS4_ADDR
  109. #!endif
  110. #!ifdef WITH_IPV6
  111. listen=MY_WS6_ADDR
  112. #!ifdef WITH_LOCALHOST_WS
  113. listen=LOCALHOST_WS6_ADDR
  114. #!endif
  115. #!endif
  116. #!ifdef WITH_TLS
  117. listen=MY_WSS4_ADDR
  118. #!ifdef WITH_LOCALHOST_WS
  119. listen=LOCALHOST_WSS4_ADDR
  120. #!endif
  121. #!ifdef WITH_IPV6
  122. listen=MY_WSS6_ADDR
  123. #!ifdef WITH_LOCALHOST_WS
  124. listen=LOCALHOST_WSS6_ADDR
  125. #!endif
  126. #!endif
  127. #!endif
  128. #!endif
  129.  
  130. use_dns_cache = on          # Use KAMAILIO internal DNS cache
  131. use_dns_failover = on       # Depends on KAMAILIO internal DNS cache
  132. dns_srv_loadbalancing = on      #
  133. dns_try_naptr = on          #
  134. dns_retr_time=1         # Time in seconds before retrying a DNS request
  135. dns_retr_no=3               # Number of DNS retransmissions before giving up
  136.  
  137. # Set protocol preference order - ignore target priority
  138. dns_naptr_ignore_rfc= yes        # Ignore target NAPTR priority
  139. dns_tls_pref=50         # First priority: TLS
  140. dns_tcp_pref=30         # Second priority: TCP
  141. dns_udp_pref=10         # Third priority: UDP
  142.  
  143. tcp_connection_lifetime=3604
  144. tcp_accept_no_cl=yes
  145. tcp_rd_buf_size=16384
  146.  
  147.  
  148. # set paths to location of modules (to sources or installation folders)
  149. #!ifdef WITH_SRCPATH
  150. mpath="modules/"
  151. #!else
  152. mpath="/usr/lib/x86_64-linux-gnu/kamailio/modules/"
  153. #!endif
  154.  
  155. #!ifdef WITH_MYSQL
  156. loadmodule "db_mysql.so"
  157. #!endif
  158.  
  159. loadmodule "path.so"
  160.  
  161. loadmodule "kex.so"
  162. loadmodule "corex.so"
  163. loadmodule "tm.so"
  164. loadmodule "tmx.so"
  165. loadmodule "sl.so"
  166. loadmodule "rr.so"
  167. loadmodule "pv.so"
  168. loadmodule "maxfwd.so"
  169. loadmodule "usrloc.so"
  170. loadmodule "registrar.so"
  171. loadmodule "textops.so"
  172. loadmodule "siputils.so"
  173. loadmodule "xlog.so"
  174. loadmodule "sanity.so"
  175. loadmodule "ctl.so"
  176. loadmodule "cfg_rpc.so"
  177. loadmodule "sdpops.so"
  178. loadmodule "textopsx.so"
  179.  
  180. #!ifdef WITH_AUTH
  181. loadmodule "auth.so"
  182. loadmodule "auth_db.so"
  183. #!ifdef WITH_IPAUTH
  184. loadmodule "permissions.so"
  185. #!endif
  186. #!endif
  187.  
  188. #!ifdef WITH_PRESENCE
  189. loadmodule "presence.so"
  190. loadmodule "presence_xml.so"
  191. #!endif
  192.  
  193. #!ifdef WITH_TLS
  194. loadmodule "tls.so"
  195. #!endif
  196.  
  197. #!ifdef WITH_HOMER
  198. loadmodule "siptrace.so"
  199. #!endif
  200.  
  201. #!ifdef WITH_WEBSOCKETS
  202. loadmodule "xhttp.so"
  203. loadmodule "websocket.so"
  204. loadmodule "nathelper.so"
  205. loadmodule "rtpengine.so"
  206. #!endif
  207.  
  208. #!ifdef WITH_ANTIFLOOD
  209. loadmodule "htable.so"
  210. loadmodule "pike.so"
  211. #!endif
  212.  
  213. #!ifdef WITH_DEBUG
  214. loadmodule "debugger.so"
  215. #!endif
  216.  
  217. # ----------------- setting module-specific parameters ---------------
  218.  
  219.  
  220. # ----- rr params -----
  221. # add value to ;lr param to cope with most of the UAs
  222. modparam("rr", "enable_full_lr", 1)
  223. # do not append from tag to the RR (no need for this script)
  224. modparam("rr", "append_fromtag", 0)
  225.  
  226.  
  227. # ----- registrar params -----
  228. modparam("registrar", "method_filtering", 1)
  229. # max value for expires of registrations
  230. modparam("registrar", "max_expires", 3600)
  231.  
  232.  
  233. # ----- usrloc params -----
  234. /* enable DB persistency for location entries */
  235. #!ifdef WITH_USRLOCDB
  236. modparam("usrloc", "db_url", DBURL)
  237. modparam("usrloc", "db_mode", 2)
  238. #!endif
  239.  
  240.  
  241. # ----- auth_db params -----
  242. #!ifdef WITH_AUTH
  243. modparam("auth_db", "db_url", DBURL)
  244. modparam("auth_db", "calculate_ha1", 1)
  245. modparam("auth_db", "password_column", "password")
  246. modparam("auth_db", "load_credentials", "")
  247. #!endif
  248.  
  249. #!ifdef WITH_PRESENCE
  250. # ----- presence params -----
  251. modparam("presence", "db_url", DBURL)
  252.  
  253. # ----- presence_xml params -----
  254. modparam("presence_xml", "db_url", DBURL)
  255. modparam("presence_xml", "force_active", 1)
  256. #!endif
  257.  
  258.  
  259. ##!ifdef WITH_NAT
  260. # ----- rtpproxy params -----
  261. modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223")
  262. modparam("rtpengine", "extra_id_pv", "$avp(extra_id)")
  263.  
  264. # ----- nathelper params -----
  265. modparam("nathelper", "natping_interval", 30)
  266. modparam("nathelper", "ping_nated_only", 1)
  267. modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
  268. modparam("nathelper", "sipping_from", "sip:pinger@XXXX-XXXX")
  269. modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
  270. modparam("usrloc", "nat_bflag", FLB_NATB)
  271. ##!endif
  272.  
  273. # ----- corex params -----
  274. modparam("corex", "alias_subdomains", "MY_DOMAIN")
  275.  
  276. #!ifdef WITH_TLS
  277. # ----- tls params -----
  278. modparam("tls", "config", "/etc/kamailio/tls.cfg")
  279. modparam("tls", "tls_force_run", 1)
  280. #!endif
  281.  
  282. #!ifdef WITH_WEBSOCKETS
  283. modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
  284. #!endif
  285.  
  286. #!ifdef WITH_HOMER
  287. #Siptrace
  288. modparam("siptrace", "duplicate_uri", "sip:127.0.0.1:9060")
  289. modparam("siptrace", "hep_mode_on", 1)
  290. modparam("siptrace", "trace_to_database", 0)
  291. modparam("siptrace", "trace_flag", 22)
  292. modparam("siptrace", "trace_on", 1)
  293. #!endif
  294.  
  295. #!ifdef WITH_ANTIFLOOD
  296. # ----- pike params -----
  297. modparam("pike", "sampling_time_unit", 2)
  298. modparam("pike", "reqs_density_per_unit", 16)
  299. modparam("pike", "remove_latency", 4)
  300.  
  301. # ----- htable params -----
  302. # ip ban htable with autoexpire after 5 minutes
  303. modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
  304. #!endif
  305.  
  306. #!ifdef WITH_DEBUG
  307. # ----- debugger params -----
  308. modparam("debugger", "cfgtrace", 1)
  309. #!endif
  310.  
  311. ####### Routing Logic ########
  312. request_route {
  313. #!ifdef WITH_HOMER
  314.     # start duplicate the SIP message here
  315.     sip_trace();
  316.     setflag(22);
  317. #!endif
  318.  
  319.     # per request initial checks
  320.     route(REQINIT);
  321.  
  322.     if (is_method("PUBLISH|SUBSCRIBE")) {
  323.         send_reply("405", "Method Not Allowed yet");
  324.         exit;
  325.     }
  326.  
  327.     # set flags indicating direction
  328.     if ($si == "AST_IP4_ADDR" && $sp == AST_SIP_PORT) {
  329.         setflag(FROM_AST);
  330.         xlog("L_INFO", "START AST $rm from $fu $pr:$si:$sp\n");
  331.     } else {
  332.         if (proto == WS || proto == WSS) {
  333.             setflag(FROM_WSS);
  334.             if (! is_method("REGISTER"))
  335.                 xlog("L_INFO", "START WSS $rm from $fu $pr:$si:$sp\n");
  336.         } else {
  337.             setflag(FROM_SIP);
  338.             if (! is_method("REGISTER"))
  339.                 xlog("L_INFO", "START SIP $rm from $fu $pr:$si:$sp\n");
  340.         }
  341.     }
  342.  
  343.  
  344. #   # remove unwanted codecs
  345. #   if (has_body("application/sdp")) {
  346. #       sdp_keep_codecs_by_name("PCMU,OPUS");
  347. #   }
  348.  
  349.  
  350. #!ifdef WITH_WEBSOCKETS
  351.     if (nat_uac_test(64)) {
  352.         # Do NAT traversal stuff for requests from a WebSocket
  353.         # connection - even if it is not behind a NAT!
  354.         # This won't be needed in the future if Kamailio and the
  355.         # WebSocket client support Outbound and Path.
  356.         force_rport();
  357.         if (is_method("REGISTER")) {
  358.             fix_nated_register();
  359.         } else if (!add_contact_alias()) {
  360.             xlog("L_ERR", "Error aliasing contact <$ct>\n");
  361.             sl_send_reply("400", "Bad Request");
  362.             exit;
  363.         }
  364.     }
  365. #!endif
  366.  
  367.     # NAT detection
  368.     route(NATDETECT);
  369.  
  370.     # CANCEL processing
  371.     if (is_method("CANCEL")) {
  372.         if (t_check_trans()) {
  373.             route(RELAY);
  374.         }
  375.         exit;
  376.     }
  377.  
  378.     # handle requests within SIP dialogs
  379.     route(WITHINDLG);
  380.  
  381.     ### only initial requests (no To tag)
  382.  
  383.     t_check_trans();
  384.  
  385.     # authentication
  386. #   route(AUTH);
  387.  
  388.     # record routing for dialog forming requests (in case they are routed)
  389.     # - remove preloaded route headers
  390.     remove_hf("Route");
  391.     if (is_method("INVITE|SUBSCRIBE")) {
  392.         record_route();
  393.     }
  394.  
  395.     if (is_method("REGISTER")) {
  396.         if (! isflagset(FROM_AST)) {
  397.             if (defined($au)) { # with auth, lets track success
  398.                 $avp(user) = $au;
  399.                 $avp(realm) = $ar;
  400.                 $avp(contact) = $ct;
  401.                 #xlog("L_INFO", "Track register: $avp(user) $avp(realm)\n");
  402.                 t_on_reply("HANDLE_REGISTER_REPLY");
  403.             }
  404.             add_path();
  405.         }
  406.     }
  407.  
  408.     # from or to asterisk?
  409.     if (! isflagset(FROM_AST)) {
  410.         $du = "sip:AST_IP4_ADDR:AST_SIP_PORT";
  411.     } else {
  412.         if (is_method("INVITE")) { # see if it is local user
  413.             if (lookup("mydomain.example.com")) {
  414.                 xlog("L_INFO", "Found locally: $ru\n");
  415.             } else {
  416.                 xlog("L_INFO", "Relay remote invite: $fu x $rd x $ru\n");
  417.                 #send_reply("404", "Not Found locally");
  418.                 #exit;
  419.             }
  420.         }
  421.     }
  422.     route(RELAY);
  423.  
  424.  
  425. #   # dispatch requests to foreign domains
  426. #   route(SIPOUT);
  427. #
  428. #   ### requests for my local domains
  429. #
  430. #   # handle presence related requests
  431. #   route(PRESENCE);
  432. #
  433. #   # handle registrations
  434. #   route(REGISTRAR);
  435. #
  436. #   if ($rU == $null) {
  437. #       # request with no Username in RURI
  438. #       sl_send_reply("484","Address Incomplete");
  439. #       exit;
  440. #   }
  441. #
  442. #   # user location service
  443. #   route(LOCATION);
  444. }
  445.  
  446. onreply_route[HANDLE_REGISTER_REPLY]
  447. {
  448.     # save user
  449.     if (status=~"2[0-9][0-9]") {
  450.         xlog("L_INFO", "Registering $ft $rd $avp(user)@$avp(realm)\n");
  451.         # why can't save($avp(realm))...
  452.         save("mydomain.example.com");
  453.     }
  454. }
  455.  
  456.  
  457. # Wrapper for relaying requests
  458. route[RELAY] {
  459.     # enable additional event routes for forwarded requests
  460.     # - serial forking, RTP relaying handling, a.s.o.
  461.     if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
  462.         if (!t_is_set("branch_route")) {
  463.             t_on_branch("MANAGE_BRANCH");
  464.         }
  465.     }
  466.  
  467.     if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
  468.         if (!t_is_set("onreply_route")) {
  469.             t_on_reply("MANAGE_REPLY");
  470.         }
  471.     }
  472.  
  473.     if (is_method("INVITE")) {
  474.         if (!t_is_set("failure_route")) {
  475.             t_on_failure("MANAGE_FAILURE");
  476.         }
  477.     }
  478.  
  479.     if (!t_relay()) {
  480.         sl_reply_error();
  481.     }
  482.     exit;
  483. }
  484.  
  485. # Per SIP request initial checks
  486. route[REQINIT] {
  487. #!ifdef WITH_ANTIFLOOD
  488.     # flood dection from same IP and traffic ban for a while
  489.     # be sure you exclude checking trusted peers, such as pstn gateways
  490.     # - local host excluded (e.g., loop to self)
  491.     if (src_ip != myself) {
  492.         if ($sht(ipban=>$si) != $null) {
  493.             # ip is already blocked
  494.             xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
  495.             exit;
  496.         }
  497.  
  498.         if (!pike_check_req()) {
  499.             xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
  500.             $sht(ipban=>$si) = 1;
  501.             exit;
  502.         }
  503.     }
  504. #!endif
  505.  
  506.     if (!mf_process_maxfwd_header("10")) {
  507.         sl_send_reply("483","Too Many Hops");
  508.         exit;
  509.     }
  510.  
  511.     if (!sanity_check("1511", "7")) {
  512.         xlog("Malformed SIP message from $si:$sp\n");
  513.         exit;
  514.     }
  515. }
  516.  
  517. # Handle requests within SIP dialogs
  518. route[WITHINDLG] {
  519.     if (has_totag()) {
  520.         # sequential request withing a dialog should
  521.         # take the path determined by record-routing
  522.         if (loose_route()) {
  523. #!ifdef WITH_WEBSOCKETS
  524.             if ($du == "") {
  525.                 if (!handle_ruri_alias()) {
  526.                     xlog("L_ERR", "Bad alias <$ru>\n");
  527.                     sl_send_reply("400", "Bad Request");
  528.                     exit;
  529.                 }
  530.             }
  531. #!endif
  532.             route(DLGURI);
  533.             if (is_method("ACK")) {
  534.                 # ACK is forwarded statelessy
  535.                 route(NATMANAGE);
  536.             } else if (is_method("NOTIFY")) {
  537.                 # Add Record-Route for in-dialog NOTIFY as per RFC 6665.
  538.                 record_route();
  539.             }
  540.             route(RELAY);
  541.         } else {
  542.             if (is_method("SUBSCRIBE") && uri == myself) {
  543.                 # in-dialog subscribe requests
  544.                 route(PRESENCE);
  545.                 exit;
  546.             }
  547.             if (is_method("ACK")) {
  548.                 if (t_check_trans()) {
  549.                     # no loose-route, but stateful ACK;
  550.                     # must be an ACK after a 487
  551.                     # or e.g. 404 from upstream server
  552.                     route(RELAY);
  553.                     exit;
  554.                 } else {
  555.                     # ACK without matching transaction ... ignore and discard
  556.                     exit;
  557.                 }
  558.             }
  559.             sl_send_reply("404","Not here");
  560.         }
  561.         exit;
  562.     }
  563. }
  564.  
  565. # Handle SIP registrations
  566. route[REGISTRAR] {
  567.     if (is_method("REGISTER")) {
  568.         if (isflagset(FLT_NATS)) {
  569.             setbflag(FLB_NATB);
  570.             # uncomment next line to do SIP NAT pinging
  571.             ## setbflag(FLB_NATSIPPING);
  572.         }
  573.  
  574. #!ifdef WITH_IPV6
  575.         if (af == INET6) {
  576.             setbflag(FLB_IPV6);
  577.         }
  578. #!endif
  579.  
  580.         if (!save("location")) {
  581.             sl_reply_error();
  582.         }
  583.  
  584.         exit;
  585.     }
  586. }
  587.  
  588. # USER location service
  589. route[LOCATION] {
  590.     if (!lookup("location")) {
  591.         $var(rc) = $rc;
  592.         t_newtran();
  593.         switch ($var(rc)) {
  594.             case -1:
  595.             case -3:
  596.                 send_reply("404", "Not Found");
  597.                 exit;
  598.             case -2:
  599.                 send_reply("405", "Method Not Allowed");
  600.                 exit;
  601.         }
  602.     }
  603.  
  604.     route(RELAY);
  605.     exit;
  606. }
  607.  
  608. # Presence server route
  609. route[PRESENCE] {
  610.     if (!is_method("PUBLISH|SUBSCRIBE")) {
  611.         return;
  612.     }
  613.  
  614.     if (is_method("SUBSCRIBE") && $hdr(Event) == "message-summary") {
  615.         # returns here if no voicemail server is configured
  616.         sl_send_reply("404", "No voicemail service");
  617.         exit;
  618.     }
  619.  
  620. #!ifdef WITH_PRESENCE
  621.     if (!t_newtran()) {
  622.         sl_reply_error();
  623.         exit;
  624.     }
  625.  
  626.     if (is_method("PUBLISH")) {
  627.         handle_publish();
  628.         t_release();
  629.     } else if (is_method("SUBSCRIBE")) {
  630.         handle_subscribe();
  631.         t_release();
  632.     }
  633.     exit;
  634. #!endif
  635.  
  636.     # if presence enabled, this part will not be executed
  637.     if (is_method("PUBLISH") || $rU == $null) {
  638.         sl_send_reply("404", "Not here");
  639.         exit;
  640.     }
  641.     return;
  642. }
  643.  
  644. # Authentication route
  645. route[AUTH] {
  646. #!ifdef WITH_AUTH
  647.     if (is_method("REGISTER") || from_uri == myself) {
  648.         # authenticate requests
  649.         if (!auth_check("$fd", "subscriber", "1")) {
  650.             auth_challenge("$fd", "0");
  651.             exit;
  652.         }
  653.         # user authenticated - remove auth header
  654.         if (!is_method("REGISTER|PUBLISH")) {
  655.             consume_credentials();
  656.         }
  657.     }
  658.     # if caller is not local subscriber, then check if it calls
  659.     # a local destination, otherwise deny, not an open relay here
  660.     if (from_uri != myself && uri != myself) {
  661.         sl_send_reply("403","Not relaying");
  662.         exit;
  663.     }
  664.  
  665. #!endif
  666.     return;
  667. }
  668.  
  669. # Caller NAT detection route
  670. route[NATDETECT] {
  671. #!ifdef WITH_IPV6
  672.     if(af==INET6) {
  673.         return;
  674.     }
  675. #!endif
  676.  
  677.     force_rport();
  678.     if (nat_uac_test("19")) {
  679.         if (is_method("REGISTER")) {
  680.             fix_nated_register();
  681.         } else if (is_first_hop()) {
  682.             set_contact_alias();
  683.         }
  684.         setflag(FLT_NATS);
  685.     }
  686.     return;
  687. }
  688.  
  689. # NAT handling
  690. route[NATMANAGE] {
  691.     if (is_request()) {
  692.         if (has_totag()) {
  693.             if (check_route_param("nat=yes")) {
  694.                 setbflag(FLB_NATB);
  695.             }
  696.  
  697.             if (check_route_param("rtp=bridge")) {
  698.                 setbflag(FLB_BRIDGE);
  699.             }
  700.  
  701.             if (check_route_param("rtp=ws")) {
  702.                 setbflag(FLB_RTPWS);
  703.             }
  704.  
  705. #!ifdef WITH_IPV6
  706.             if (check_route_param("rtp=v46")) {
  707.                 setbflag(FLB_V4V6);
  708.             }
  709. #!endif
  710.         }
  711.     }
  712.  
  713.     if (!isbflagset(FLB_BRIDGE)) {
  714.         return;
  715.     }
  716.  
  717.     if (
  718.         !(isflagset(FLT_NATS)
  719.         || isbflagset(FLB_NATB)
  720.         || isbflagset(FLB_RTPWS)
  721. #!ifdef WITH_IPV6
  722.         || isbflagset(FLB_V4V6)
  723. #!endif
  724.     )) {
  725.         return;
  726.     }
  727.  
  728.     $xavp(r=>$T_branch_idx) = "replace-origin replace-session-connection";
  729.  
  730.     if (!nat_uac_test("8")) {
  731.         $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " trust-address";
  732.     }
  733.  
  734.  
  735.     if (is_request()) {
  736.         if (!has_totag()) {
  737.             if (!t_is_failure_route()) {
  738.                 $avp(extra_id) = @via[1].branch + $T_branch_idx;
  739.                 $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " via-branch=extra";
  740.             }
  741.         }
  742.     }
  743.  
  744.     if (is_reply()) {
  745.         $avp(extra_id) = @via[2].branch + $T_branch_idx;
  746.         $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " via-branch=extra";
  747.     }
  748.  
  749. #!ifdef WITH_IPV6
  750.     if (af == INET && isbflagset(FLB_IPV6)) { # IPv4 --> IPv6
  751.         $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " address-family=IP6";
  752.     } else if (af == INET6 && !isbflagset(FLB_IPV6)) { # IPv6 --> IPv4
  753.         $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " address-family=IP4";
  754.     }
  755. #!endif
  756.  
  757.     if (isbflagset(FLB_RTPWS)) {
  758.         if ($proto =~ "ws") { # web --> SIP
  759.             $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-demux DTLS=off SDES-off ICE=remove RTP/AVP";
  760.         } else { # SIP --> web
  761.             $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " rtcp-mux-offer generate-mid DTLS=passive SDES-off ICE=force RTP/SAVPF";
  762.         }
  763.     } else {
  764.         if ($proto =~ "ws") { # web --> web
  765.             $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + " generate-mid DTLS=passive SDES-off ICE=force";
  766.         }
  767.         # else {
  768.             # $xavp(r=>$T_branch_idx) = $xavp(r=>$T_branch_idx) + "";
  769.         # }
  770.     }
  771.  
  772.     xlog("L_INFO", "NATMANAGE branch_id:$T_branch_idx ruri: $ru, method:$rm, status:$rs, extra_id: $avp(extra_id), rtpengine_manage: $xavp(r=>$T_branch_idx)\n");
  773.  
  774.     #rtpengine_manage($xavp(r=>$T_branch_idx));
  775.  
  776.     if (is_request()) {
  777.         if (!has_totag()) {
  778.             if (t_is_branch_route()) {
  779.                 if (isbflagset(FLB_NATB)) {
  780.                     add_rr_param(";nat=yes");
  781.                 }
  782.  
  783.                 if (isbflagset(FLB_BRIDGE)) {
  784.                     add_rr_param(";rtp=bridge");
  785.                 }
  786.  
  787.                 if (isbflagset(FLB_RTPWS)) {
  788.                     add_rr_param(";rtp=ws");
  789.                 }
  790.  
  791. #!ifdef WITH_IPV6
  792.                 if (isbflagset(FLB_V4V6)) {
  793.                     add_rr_param(";rtp=v46");
  794.                 }
  795. #!endif
  796.             }
  797.         }
  798.     }
  799.  
  800.     if (is_reply()) {
  801.         if (isbflagset(FLB_NATB)) {
  802.             if (is_first_hop()) {
  803.                 if (af == INET) {
  804.                     set_contact_alias();
  805.                 }
  806.             }
  807.         }
  808.     }
  809.     return;
  810. }
  811.  
  812. # URI update for dialog requests
  813. route[DLGURI] {
  814.     if (!isdsturiset()) {
  815.         handle_ruri_alias();
  816.     }
  817.     return;
  818. }
  819.  
  820. # Routing to foreign domains
  821. route[SIPOUT] {
  822.     if (!uri == myself) {
  823.         append_hf("P-hint: outbound\r\n");
  824.         route(RELAY);
  825.     }
  826. }
  827.  
  828. route[BRIDGING] {
  829.     if (!has_totag()) {
  830.         if ($proto =~ "ws" && !($ru =~ "transport=ws")) { # Coming from WS, NOT to WS
  831.             setbflag(FLB_RTPWS); # Need bridging
  832.         } else if (!($proto =~ "ws") && $ru =~ "transport=ws") { # Coming from NOT WS, going to WS
  833.             setbflag(FLB_RTPWS); # Need bridging
  834.         }
  835.  
  836. #!ifdef WITH_IPV6
  837.         if (af == INET6 && !isbflagset(FLB_IPV6)) {
  838.             setbflag(FLB_V4V6);
  839.         } else if(af == INET && isbflagset(FLB_IPV6)) {
  840.             setbflag(FLB_V4V6);
  841.         }
  842. #!endif
  843.     }
  844. }
  845.  
  846. # manage outgoing branches
  847. branch_route[MANAGE_BRANCH] {
  848.     xlog("L_INFO", "MANAGE_BRANCH: New branch [$T_branch_idx] to $ru\n");
  849.  
  850.     #t_on_branch_failure("rtpengine");
  851.  
  852. #!ifndef WITH_BRIDGE_ON_FAIL
  853.     setbflag(FLB_BRIDGE);
  854. #!endif
  855.  
  856.     route(BRIDGING);
  857.     route(NATMANAGE);
  858. }
  859.  
  860. # manage incoming replies
  861. onreply_route[MANAGE_REPLY] {
  862.     xdbg("incoming reply\n");
  863.     if (status =~ "[12][0-9][0-9]") {
  864.         route(NATMANAGE);
  865.     }
  866. }
  867.  
  868. # manage failure routing cases
  869. failure_route[MANAGE_FAILURE] {
  870.     xlog("L_INFO", "Failure: $rs");
  871. }
  872.  
  873. #!ifdef WITH_WEBSOCKETS
  874. onreply_route {
  875.     if ((($Rp == MY_WS_PORT || $Rp == MY_WSS_PORT)
  876.         && !(proto == WS || proto == WSS))) {
  877.         xlog("L_WARN", "SIP response received on $Rp\n");
  878.         drop;
  879.     }
  880.  
  881.     if (nat_uac_test(64)) {
  882.         # Do NAT traversal stuff for replies to a WebSocket connection
  883.         # - even if it is not behind a NAT!
  884.         # This won't be needed in the future if Kamailio and the
  885.         # WebSocket client support Outbound and Path.
  886.         add_contact_alias();
  887.     }
  888. }
  889.  
  890. event_route[tm:branch-failure:rtpengine] {
  891.     xlog("L_INFO", "BRANCH FAILED: $sel(via[1].branch) + $T_branch_idx\n");
  892.  
  893. #!ifdef WITH_BRIDGE_ON_FAIL
  894.     if (!isbflagset(FLB_BRIDGE) && t_check_status("415|488")) {
  895.         t_reuse_branch();
  896.         setbflag(FLB_BRIDGE);
  897.         xlog("L_INFO", "event_route[branch-failure:rtpengine]: trying again\n");
  898.  
  899.         route(RELAY);
  900.     } else {
  901.         $avp(extra_id) = @via[1].branch + $T_branch_idx;
  902.         rtpengine_delete("via-branch=extra");
  903.         xlog("L_INFO", "event_route[branch-failure:rtpengine]: failed\n");
  904.     }
  905. #!else
  906.     $avp(extra_id) = @via[1].branch + $T_branch_idx;
  907.     rtpengine_delete("via-branch=extra");
  908. #!endif
  909. }
  910.  
  911. event_route[xhttp:request] {
  912.     set_reply_close();
  913.     set_reply_no_connect();
  914.  
  915.     if ($Rp != MY_WS_PORT
  916. #!ifdef WITH_TLS
  917.         && $Rp != MY_WSS_PORT
  918. #!endif
  919.     ) {
  920.         xlog("L_WARN", "HTTP request received on $Rp\n");
  921.         xhttp_reply("403", "Forbidden", "", "");
  922.         exit;
  923.     }
  924.  
  925.     xlog("L_INFO", "HTTP Request Received\n");
  926.  
  927.     if ($hdr(Upgrade) =~ "websocket"
  928.         && $hdr(Connection) =~ "Upgrade"
  929.         && $rm =~ "GET"
  930.     ) {
  931.  
  932.         # Validate Host - make sure the client is using the correct
  933.         # alias for WebSockets
  934.         if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
  935.             xlog("L_WARN", "Bad host $hdr(Host)\n");
  936.             xhttp_reply("403", "Forbidden", "", "");
  937.             exit;
  938.         }
  939.  
  940.         # Optional... validate Origin - make sure the client is from an
  941.         # authorised website.   For example,
  942.         #
  943.         # if ($hdr(Origin) != "https://example.com"
  944.         #   && $hdr(Origin) != "https://example.com") {
  945.         #   xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
  946.         #   xhttp_reply("403", "Forbidden", "", "");
  947.         #   exit;
  948.         # }
  949.  
  950.         # Optional... perform HTTP authentication
  951.  
  952.         # ws_handle_handshake() exits (no further configuration file
  953.         # processing of the request) when complete.
  954.         if (ws_handle_handshake()) {
  955.             # Optional... cache some information about the
  956.             # successful connection
  957.             exit;
  958.         }
  959.     }
  960.  
  961.     xhttp_reply("404", "Not Found", "", "");
  962. }
  963.  
  964. event_route[websocket:closed] {
  965.     xlog("L_INFO", "WebSocket connection from $si:$sp has closed\n");
  966. }
  967. #!endif
  968.  
RAW Paste Data