Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!substdef "!MY_IP_ADDR!188.xxx.59.171!g"
- #!substdef "!MY_PVT_ADDR!10.10.1.9!g"
- #!substdef "!MY_DOMAIN!erx-staging-db01.mydomain.com!g"
- #!substdef "!MY_WS_PORT!80!g"
- #!substdef "!MY_WSS_PORT!443!g"
- #!substdef "!MY_WS_ADDR!tcp:MY_IP_ADDR:MY_WS_PORT!g"
- #!substdef "!MY_WSS_ADDR!tls:MY_IP_ADDR:MY_WSS_PORT!g"
- #!substdef "!MY_SIP_PORT!5060!g"
- #!substdef "!MY_SIPS_PORT!5061!g"
- ##!define LOCAL_TEST_RUN
- #!define SIP_DUMP
- #!define WITH_TLS
- #!define WITH_WEBSOCKETS
- #!define WITH_ASTERISK
- #!ifndef DBURL
- #!define DBURL "mysql://retracted"
- #!endif
- # - flags
- # FLT_ - per transaction (message) flags
- # FLB_ - per branch flags
- #!define FLT_ACC 1
- #!define FLT_ACCMISSED 2
- #!define FLT_ACCFAILED 3
- #!define FLT_NATS 5
- #!define FLB_NATB 6
- #!define FLB_NATSIPPING 7
- ####### Global Parameters #########
- ### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
- #!ifdef WITH_DEBUG
- debug=4
- log_stderror=yes
- #!else
- debug=2
- log_stderror=no
- #!endif
- memdbg=5
- memlog=5
- log_facility=LOG_LOCAL0
- fork=yes
- children=4
- #!ifdef WITH_TLS
- enable_tls=1
- #!endif
- listen=udp:MY_PVT_ADDR:MY_SIP_PORT
- # listen=udp:MY_IP_ADDR:MY_SIPS_PORT
- # listen=tcp:MY_IP_ADDR:MY_SIP_PORT
- # listen=tcp:MY_IP_ADDR:MY_SIPS_PORT
- #!ifdef WITH_TLS
- listen=tls:MY_IP_ADDR:MY_SIPS_PORT
- #!endif
- #!ifdef WITH_WEBSOCKETS
- # listen=MY_WS_ADDR
- #!ifdef WITH_TLS
- listen=MY_WSS_ADDR
- #!endif
- #!endif
- tcp_max_connections=25000
- tcp_connection_lifetime=3605
- tcp_accept_no_cl=yes
- tcp_rd_buf_size=16384
- server_header="Server: TLS Kamailio Server"
- #!ifdef LOCAL_TEST_RUN
- debug=2
- mpath="modules"
- #!else
- debug=2
- mpath = "/usr/local/lib64/kamailio/modules/:/usr/lib/x86_64-linux-gnu/kamailio/modules/"
- #!endif
- loadmodule "tm.so"
- loadmodule "sl.so"
- loadmodule "rr.so"
- loadmodule "pv.so"
- loadmodule "maxfwd.so"
- loadmodule "usrloc.so"
- loadmodule "registrar.so"
- loadmodule "textops.so"
- loadmodule "siputils.so"
- loadmodule "xlog.so"
- loadmodule "sanity.so"
- loadmodule "ctl.so"
- loadmodule "kex.so"
- loadmodule "corex.so"
- loadmodule "nathelper.so"
- loadmodule "nat_traversal.so"
- loadmodule "path.so"
- loadmodule "stun.so"
- loadmodule "dialog.so"
- loadmodule "dispatcher.so"
- #!ifdef SIP_DUMP
- loadmodule "sipdump.so"
- #!endif
- #!ifdef WITH_TLS
- loadmodule "tls.so"
- #!endif
- #!ifdef WITH_WEBSOCKETS
- loadmodule "xhttp.so"
- loadmodule "websocket.so"
- loadmodule "rtpengine.so"
- #!endif
- # ----------------- setting module-specific parameters ---------------
- # ----- tm params -----
- # auto-discard branches from previous serial forking leg
- modparam("tm", "failure_reply_mode", 3)
- # default retransmission timeout: 30sec
- modparam("tm", "fr_timer", 30000)
- # default invite retransmission timeout after 1xx: 120sec
- modparam("tm", "fr_inv_timer", 120000)
- # ----- rr params -----
- # add value to ;lr param to cope with most of the UAs
- modparam("rr", "enable_full_lr", 1)
- # do not append from tag to the RR (no need for this script)
- modparam("rr", "append_fromtag", 0)
- # ----- registrar params -----
- modparam("registrar", "method_filtering", 1)
- # max value for expires of registrations
- modparam("registrar", "max_expires", 3600)
- # ----- usrloc params -----
- modparam("usrloc", "db_url", "DBURL")
- modparam("usrloc", "db_mode", 0)
- # ----- corex params -----
- modparam("corex", "alias_subdomains", "MY_DOMAIN")
- modparam("path", "use_received", 1)
- #!ifdef WITH_TLS
- # ----- tls params -----
- modparam("tls", "config", "/etc/kamailio/tls.cfg")
- modparam("tls", "tls_force_run", 11)
- #!endif
- #!ifdef SIP_DUMP
- # ----- sipdump params -----
- modparam("sipdump", "enable", 1)
- modparam("sipdump", "folder", "/var/log/kamailio/sip/")
- #!endif
- # ----- rtpproxy params -----
- modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:22222")
- modparam("rtpengine", "extra_id_pv", "$avp(extra_id)")
- # ----- nathelper params -----
- modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
- # ----- nat_traversal params -----
- modparam("nat_traversal", "keepalive_interval", 25)
- modparam("nat_traversal", "keepalive_from", "sip:keepalive@everyring.io")
- # ----- dialog params -----
- modparam("dialog", "default_timeout", 43200 )
- modparam("dialog", "db_mode", 0 ) # no database writes
- modparam("dialog", "dlg_flag", 3 )
- modparam("dialog", "hash_size", 4096 )
- # ----- dispatcher params -----
- #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters
- modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
- modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status
- modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping
- modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down
- modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up
- modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency
- modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
- ####### Routing Logic ########
- # Main SIP request routing logic
- # - processing of any incoming SIP request starts with this route
- # - note: this is the same as route { ... }
- request_route {
- xlog("L_INFO", "Received new request $rm at $Ri\n");
- # xlog("L_INFO", "From fU:$fU fd:$fd fu:$fu to du:$du\n");
- if (($Rp == MY_WS_PORT || $Rp == MY_WSS_PORT) && !(proto == WS || proto == WSS)) {
- xlog("L_WARN", "SIP request received on $Rp\n");
- sl_send_reply("403", "Forbidden");
- exit;
- }
- if ($Ri == "MY_PVT_ADDR") {
- xlog("L_INFO", "Request received on private address\n");
- }
- # per request initial checks
- route(REQINIT);
- # NAT detection
- route(NATDETECT);
- # handle requests within SIP dialogs
- route(WITHINDLG);
- ### only initial requests (no To tag)
- # CANCEL processing
- if (is_method("CANCEL")) {
- if (t_check_trans()) {
- t_relay();
- }
- exit;
- }
- t_check_trans();
- # record routing for dialog forming requests (in case they are routed)
- # - remove preloaded route headers
- remove_hf("Route");
- if (is_method("INVITE")) {
- xlog("L_INFO", "Received INVITE, do reord_route \n");
- record_route();
- }
- # handle registrations
- route(REGISTRAR);
- if ($rU==$null) {
- # request with no Username in RURI
- sl_send_reply("484", "Address Incomplete");
- exit;
- }
- # user location service
- route(LOCATION);
- route(RELAY);
- }
- route[RELAY] {
- xlog("L_INFO", "Do relaying\n");
- if (has_body("application/sdp")) {
- if(is_method("INVITE") && (!route(FROMASTERISK))) {
- xlog("L_INFO", "Calling RTPEngine on request side from subscriber side\n");
- rtpengine_manage("SDES-off direction=external direction=internal");
- } else {
- xlog("L_INFO", "Calling RTPEngine on request side from asterisk side\n");
- rtpengine_manage("SDES-off direction=internal direction=external");
- }
- }
- if (!t_relay()) {
- xlog("L_INFO", "Relay failed \n");
- sl_reply_error();
- }
- xlog("L_INFO", "Relay successful \n");
- exit;
- }
- # Per SIP request initial checks
- route[REQINIT] {
- xlog("L_INFO", "Initial request checks \n");
- if (!mf_process_maxfwd_header("10")) {
- sl_send_reply("483", "Too Many Hops");
- exit;
- }
- if (!sanity_check("1511", "7")) {
- xlog("Malformed SIP message from $si:$sp\n");
- exit;
- }
- if (uri == myself && is_method("OPTIONS") && !(uri=~"sip:.*[@]+.*")) {
- options_reply();
- exit;
- }
- }
- # Handle requests within SIP dialogs
- route[WITHINDLG] {
- if (has_totag()) {
- # sequential request withing a dialog should
- # take the path determined by record-routing
- if (loose_route()) {
- #!ifdef WITH_WEBSOCKETS
- if ($du == "") {
- if (!handle_ruri_alias()) {
- xlog("L_ERR", "Bad alias <$ru>\n");
- sl_send_reply("400", "Bad Request");
- exit;
- }
- }
- #!endif
- route(RELAY);
- } else {
- if ( is_method("ACK") ) {
- if ( t_check_trans() ) {
- # no loose-route, but stateful ACK;
- # must be an ACK after a 487
- # or e.g. 404 from upstream server
- t_relay();
- exit;
- } else {
- # ACK without matching transaction...
- # ignore and discard
- exit;
- }
- }
- sl_send_reply("404", "Not Found");
- }
- exit;
- }
- }
- # Handle SIP registrations
- route[REGISTRAR] {
- if (is_method("REGISTER")) {
- xlog("L_INFO", "Processing REGISTER in route[REGISTRAR]\n");
- if(isflagset(FLT_NATS)) {
- setbflag(FLB_NATB);
- }
- if (!save("location")) {
- sl_reply_error();
- }
- xlog("L_INFO", "Successfully processed REGISTER in route[REGISTRAR]\n");
- exit;
- }
- }
- # USER location service
- route[LOCATION] {
- xlog("L_INFO", "Location service for $ru \n");
- #if (!is_subscriber("$ru", "subscriber", "1")) {
- # t_newtran();
- # send_reply("404", "Not Found");
- # exit;
- #}
- #!ifdef WITH_ASTERISK
- if(is_method("INVITE") && (!route(FROMASTERISK))) {
- # if new call from out there - send to Asterisk
- # - non-INVITE request are routed directly by Kamailio
- # - traffic from Asterisk is routed also directy by Kamailio
- xlog("L_INFO", "This invite is from customer to asterisk\n");
- route(TOASTERISK);
- exit;
- }
- #!endif
- xlog("L_INFO", "Going for location lookup\n");
- if (!lookup("location")) {
- xlog("L_INFO", "Lookup failed, rc: $rc\n");
- $var(rc) = $rc;
- t_newtran();
- switch ($var(rc)) {
- case -1:
- send_reply("480", "Temporarily Unavailable");
- exit;
- case -2:
- send_reply("405", "Method Not Allowed");
- exit;
- case -3:
- send_reply("500", "Server Internal Error");
- exit;
- }
- }
- xlog("L_INFO", "Location lookup completed rc: $rc for $ru\n");
- }
- #!ifdef WITH_WEBSOCKETS
- onreply_route {
- if (($Rp == MY_WS_PORT || $Rp == MY_WSS_PORT) && !(proto == WS || proto == WSS)) {
- xlog("L_WARN", "SIP response received on $Rp\n");
- drop;
- }
- if (nat_uac_test(64)) {
- # Do NAT traversal stuff for replies to a WebSocket connection
- # - even if it is not behind a NAT!
- # This won't be needed in the future if Kamailio and the
- # WebSocket client support Outbound and Path.
- add_contact_alias();
- }
- if (has_body("application/sdp")) {
- xlog("L_INFO", "Calling RTPEngine on response side\n");
- rtpengine_manage();
- }
- }
- event_route[xhttp:request] {
- set_reply_close();
- set_reply_no_connect();
- if ($Rp != MY_WS_PORT
- #!ifdef WITH_TLS
- && $Rp != MY_WSS_PORT
- #!endif
- ) {
- xlog("L_WARN", "HTTP request received on $Rp\n");
- xhttp_reply("403", "Forbidden", "", "");
- exit;
- }
- xlog("L_DBG", "HTTP Request Received\n");
- if ($hdr(Upgrade)=~"websocket" && $hdr(Connection)=~"Upgrade" && $rm=~"GET") {
- # Validate Host - make sure the client is using the correct alias for WebSockets
- if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
- xlog("L_WARN", "Bad host $hdr(Host)\n");
- xhttp_reply("403", "Forbidden", "", "");
- exit;
- }
- # Optional... validate Origin - make sure the client is from an
- # authorised website. For example,
- #
- # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
- # && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
- # xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
- # xhttp_reply("403", "Forbidden", "", "");
- # exit;
- # }
- # Optional... perform HTTP authentication
- # ws_handle_handshake() exits (no further configuration file
- # processing of the request) when complete.
- if (ws_handle_handshake())
- {
- # Optional... cache some information about the
- # successful connection
- exit;
- }
- }
- xhttp_reply("404", "Not Found", "", "");
- }
- event_route[websocket:closed] {
- xlog("L_INFO", "WebSocket connection from $si:$sp has closed\n");
- }
- #!endif
- route[NATDETECT] {
- force_rport();
- #!ifdef WITH_WEBSOCKETS
- # 64 - Test if the source connection of signaling is a WebSocket
- if (nat_uac_test(64)) {
- xlog("L_INFO", "Inside webrtc nat_uac_test\n");
- # NAT traversal WebSocket
- if (is_method("REGISTER")) {
- fix_nated_register();
- } else {
- if (!add_contact_alias()) {
- xlog("L_ERR", "Error aliasing contact <$ct>\n");
- sl_send_reply("400", "Bad Request");
- exit;
- }
- }
- setflag(FLT_NATS);
- return;
- }
- #!endif
- # 1 - The “Contact” header field is searched for occurrence of RFC1918 or RFC6598 addresses.
- # 2 - the "received" test is used: address in the “Via” header is compared against source IP address of signaling
- # 16 - Test if the source port is different from the port in the “Via” header
- # Why magic number of 19?
- if (nat_uac_test(19)) {
- xlog("L_INFO", "Inside uac_test_19\n");
- if (is_method("REGISTER")) {
- fix_nated_register();
- }
- fix_contact();
- nat_keepalive();
- }
- setflag(FLT_NATS);
- return;
- }
- #!ifdef WITH_ASTERISK
- # Test if coming from Asterisk
- route[FROMASTERISK] {
- if ($Ri == "MY_PVT_ADDR")
- return 1;
- return -1;
- }
- # Send to Asterisk
- route[TOASTERISK] {
- xlog("Routing to asterisk");
- ds_select_dst(1, 4);
- t_on_failure("DISPATCH_FAILURE");
- route(RELAY);
- exit;
- }
- #!endif
- route[DISPATCH_FAILURE]{
- xlog("Trying next destination");
- ds_next_dst();
- route(RELAY);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement