API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 15th, 2022
45
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 70.16 KB | None | 0 0
raw download clone embed print report
  1. #!substdef "!MY_IP_ADDR!188.xxx.59.171!g"
  2. #!substdef "!MY_PVT_ADDR!10.10.1.9!g"
  3. #!substdef "!MY_DOMAIN!erx-staging-db01.mydomain.com!g"
  4. #!substdef "!MY_WS_PORT!80!g"
  5. #!substdef "!MY_WSS_PORT!443!g"
  6. #!substdef "!MY_WS_ADDR!tcp:MY_IP_ADDR:MY_WS_PORT!g"
  7. #!substdef "!MY_WSS_ADDR!tls:MY_IP_ADDR:MY_WSS_PORT!g"
  8. #!substdef "!MY_SIP_PORT!5060!g"
  9. #!substdef "!MY_SIPS_PORT!5061!g"
  10.  
  11. ##!define LOCAL_TEST_RUN
  12. #!define SIP_DUMP
  13. #!define WITH_TLS
  14. #!define WITH_WEBSOCKETS
  15. #!define WITH_ASTERISK
  16.  
  17. #!ifndef DBURL
  18. #!define DBURL "mysql://retracted"
  19. #!endif
  20.  
  21. # - flags
  22. # FLT_ - per transaction (message) flags
  23. # FLB_ - per branch flags
  24. #!define FLT_ACC 1
  25. #!define FLT_ACCMISSED 2
  26. #!define FLT_ACCFAILED 3
  27. #!define FLT_NATS 5
  28.  
  29. #!define FLB_NATB 6
  30. #!define FLB_NATSIPPING 7
  31.  
  32.  
  33. ####### Global Parameters #########
  34. ### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
  35. #!ifdef WITH_DEBUG
  36. debug=4
  37. log_stderror=yes
  38. #!else
  39. debug=2
  40. log_stderror=no
  41. #!endif
  42.  
  43. memdbg=5
  44. memlog=5
  45.  
  46. log_facility=LOG_LOCAL0
  47.  
  48. fork=yes
  49. children=4
  50.  
  51. #!ifdef WITH_TLS
  52. enable_tls=1
  53. #!endif
  54.  
  55. listen=udp:MY_PVT_ADDR:MY_SIP_PORT
  56. # listen=udp:MY_IP_ADDR:MY_SIPS_PORT
  57.  
  58. # listen=tcp:MY_IP_ADDR:MY_SIP_PORT
  59. # listen=tcp:MY_IP_ADDR:MY_SIPS_PORT
  60.  
  61. #!ifdef WITH_TLS
  62. listen=tls:MY_IP_ADDR:MY_SIPS_PORT
  63. #!endif
  64.  
  65. #!ifdef WITH_WEBSOCKETS
  66. # listen=MY_WS_ADDR
  67. #!ifdef WITH_TLS
  68. listen=MY_WSS_ADDR
  69. #!endif
  70. #!endif
  71.  
  72. tcp_max_connections=25000
  73. tcp_connection_lifetime=3605
  74. tcp_accept_no_cl=yes
  75. tcp_rd_buf_size=16384
  76.  
  77. server_header="Server: TLS Kamailio Server"
  78.  
  79. #!ifdef LOCAL_TEST_RUN
  80. debug=2
  81. mpath="modules"
  82. #!else
  83. debug=2
  84. mpath = "/usr/local/lib64/kamailio/modules/:/usr/lib/x86_64-linux-gnu/kamailio/modules/"
  85. #!endif
  86.  
  87. loadmodule "tm.so"
  88. loadmodule "sl.so"
  89. loadmodule "rr.so"
  90. loadmodule "pv.so"
  91. loadmodule "maxfwd.so"
  92. loadmodule "usrloc.so"
  93. loadmodule "registrar.so"
  94. loadmodule "textops.so"
  95. loadmodule "siputils.so"
  96. loadmodule "xlog.so"
  97. loadmodule "sanity.so"
  98. loadmodule "ctl.so"
  99. loadmodule "kex.so"
  100. loadmodule "corex.so"
  101. loadmodule "nathelper.so"
  102. loadmodule "nat_traversal.so"
  103. loadmodule "path.so"
  104. loadmodule "stun.so"
  105. loadmodule "dialog.so"
  106. loadmodule "dispatcher.so"
  107.  
  108. #!ifdef SIP_DUMP
  109. loadmodule "sipdump.so"
  110. #!endif
  111.  
  112. #!ifdef WITH_TLS
  113. loadmodule "tls.so"
  114. #!endif
  115.  
  116. #!ifdef WITH_WEBSOCKETS
  117. loadmodule "xhttp.so"
  118. loadmodule "websocket.so"
  119. loadmodule "rtpengine.so"
  120. #!endif
  121.  
  122. # ----------------- setting module-specific parameters ---------------
  123.  
  124. # ----- tm params -----
  125. # auto-discard branches from previous serial forking leg
  126. modparam("tm", "failure_reply_mode", 3)
  127. # default retransmission timeout: 30sec
  128. modparam("tm", "fr_timer", 30000)
  129. # default invite retransmission timeout after 1xx: 120sec
  130. modparam("tm", "fr_inv_timer", 120000)
  131.  
  132. # ----- rr params -----
  133. # add value to ;lr param to cope with most of the UAs
  134. modparam("rr", "enable_full_lr", 1)
  135. # do not append from tag to the RR (no need for this script)
  136. modparam("rr", "append_fromtag", 0)
  137.  
  138. # ----- registrar params -----
  139. modparam("registrar", "method_filtering", 1)
  140. # max value for expires of registrations
  141. modparam("registrar", "max_expires", 3600)
  142.  
  143. # ----- usrloc params -----
  144. modparam("usrloc", "db_url", "DBURL")
  145. modparam("usrloc", "db_mode", 0)
  146.  
  147. # ----- corex params -----
  148. modparam("corex", "alias_subdomains", "MY_DOMAIN")
  149.  
  150. modparam("path", "use_received", 1)
  151.  
  152. #!ifdef WITH_TLS
  153. # ----- tls params -----
  154. modparam("tls", "config", "/etc/kamailio/tls.cfg")
  155. modparam("tls", "tls_force_run", 11)
  156. #!endif
  157.  
  158. #!ifdef SIP_DUMP
  159. # ----- sipdump params -----
  160. modparam("sipdump", "enable", 1)
  161. modparam("sipdump", "folder", "/var/log/kamailio/sip/")
  162. #!endif
  163.  
  164. # ----- rtpproxy params -----
  165. modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:22222")
  166. modparam("rtpengine", "extra_id_pv", "$avp(extra_id)")
  167.  
  168. # ----- nathelper params -----
  169. modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
  170.  
  171. # ----- nat_traversal params -----
  172. modparam("nat_traversal", "keepalive_interval", 25)
  173. modparam("nat_traversal", "keepalive_from", "sip:keepalive@everyring.io")
  174.  
  175. # ----- dialog params -----
  176. modparam("dialog", "default_timeout", 43200 )
  177. modparam("dialog", "db_mode", 0 ) # no database writes
  178. modparam("dialog", "dlg_flag", 3 )
  179. modparam("dialog", "hash_size", 4096 )
  180.  
  181. # ----- dispatcher params -----
  182. #modparam("dispatcher", "db_url", DBURL) #Use DBURL variable for database parameters
  183. modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
  184. modparam("dispatcher", "ds_ping_interval", 10) #How often to ping destinations to check status
  185. modparam("dispatcher", "ds_ping_method", "OPTIONS") #Send SIP Options ping
  186. modparam("dispatcher", "ds_probing_threshold", 10) #How many failed pings in a row do we need before we consider it down
  187. modparam("dispatcher", "ds_inactive_threshold", 10) #How many sucessful pings in a row do we need before considering it up
  188. modparam("dispatcher", "ds_ping_latency_stats", 1) #Enables stats on latency
  189. modparam("dispatcher", "ds_probing_mode", 1) #Keeps pinging gateways when state is known (to detect change in state)
  190.  
  191. ####### Routing Logic ########
  192.  
  193. # Main SIP request routing logic
  194. # - processing of any incoming SIP request starts with this route
  195. # - note: this is the same as route { ... }
  196. request_route {
  197. xlog("L_INFO", "Received new request $rm at $Ri\n");
  198. # xlog("L_INFO", "From fU:$fU fd:$fd fu:$fu to du:$du\n");
  199. if (($Rp == MY_WS_PORT || $Rp == MY_WSS_PORT) && !(proto == WS || proto == WSS)) {
  200. xlog("L_WARN", "SIP request received on $Rp\n");
  201. sl_send_reply("403", "Forbidden");
  202. exit;
  203. }
  204.  
  205. if ($Ri == "MY_PVT_ADDR") {
  206. xlog("L_INFO", "Request received on private address\n");
  207. }
  208.  
  209. # per request initial checks
  210. route(REQINIT);
  211.  
  212. # NAT detection
  213. route(NATDETECT);
  214.  
  215. # handle requests within SIP dialogs
  216. route(WITHINDLG);
  217.  
  218. ### only initial requests (no To tag)
  219.  
  220. # CANCEL processing
  221. if (is_method("CANCEL")) {
  222. if (t_check_trans()) {
  223. t_relay();
  224. }
  225. exit;
  226. }
  227.  
  228. t_check_trans();
  229.  
  230.  
  231. # record routing for dialog forming requests (in case they are routed)
  232. # - remove preloaded route headers
  233. remove_hf("Route");
  234. if (is_method("INVITE")) {
  235. xlog("L_INFO", "Received INVITE, do reord_route \n");
  236. record_route();
  237. }
  238.  
  239. # handle registrations
  240. route(REGISTRAR);
  241. if ($rU==$null) {
  242. # request with no Username in RURI
  243. sl_send_reply("484", "Address Incomplete");
  244. exit;
  245. }
  246.  
  247. # user location service
  248. route(LOCATION);
  249.  
  250. route(RELAY);
  251. }
  252.  
  253. route[RELAY] {
  254. xlog("L_INFO", "Do relaying\n");
  255.  
  256. if (has_body("application/sdp")) {
  257. if(is_method("INVITE") && (!route(FROMASTERISK))) {
  258. xlog("L_INFO", "Calling RTPEngine on request side from subscriber side\n");
  259. rtpengine_manage("SDES-off direction=external direction=internal");
  260. } else {
  261. xlog("L_INFO", "Calling RTPEngine on request side from asterisk side\n");
  262. rtpengine_manage("SDES-off direction=internal direction=external");
  263. }
  264. }
  265.  
  266.  
  267. if (!t_relay()) {
  268. xlog("L_INFO", "Relay failed \n");
  269. sl_reply_error();
  270. }
  271. xlog("L_INFO", "Relay successful \n");
  272. exit;
  273. }
  274.  
  275. # Per SIP request initial checks
  276. route[REQINIT] {
  277. xlog("L_INFO", "Initial request checks \n");
  278. if (!mf_process_maxfwd_header("10")) {
  279. sl_send_reply("483", "Too Many Hops");
  280. exit;
  281. }
  282.  
  283. if (!sanity_check("1511", "7")) {
  284. xlog("Malformed SIP message from $si:$sp\n");
  285. exit;
  286. }
  287.  
  288. if (uri == myself && is_method("OPTIONS") && !(uri=~"sip:.*[@]+.*")) {
  289. options_reply();
  290. exit;
  291. }
  292. }
  293.  
  294. # Handle requests within SIP dialogs
  295. route[WITHINDLG] {
  296. if (has_totag()) {
  297. # sequential request withing a dialog should
  298. # take the path determined by record-routing
  299. if (loose_route()) {
  300. #!ifdef WITH_WEBSOCKETS
  301. if ($du == "") {
  302. if (!handle_ruri_alias()) {
  303. xlog("L_ERR", "Bad alias <$ru>\n");
  304. sl_send_reply("400", "Bad Request");
  305. exit;
  306. }
  307. }
  308. #!endif
  309. route(RELAY);
  310. } else {
  311. if ( is_method("ACK") ) {
  312. if ( t_check_trans() ) {
  313. # no loose-route, but stateful ACK;
  314. # must be an ACK after a 487
  315. # or e.g. 404 from upstream server
  316. t_relay();
  317. exit;
  318. } else {
  319. # ACK without matching transaction...
  320. # ignore and discard
  321. exit;
  322. }
  323. }
  324. sl_send_reply("404", "Not Found");
  325. }
  326. exit;
  327. }
  328. }
  329.  
  330. # Handle SIP registrations
  331. route[REGISTRAR] {
  332. if (is_method("REGISTER")) {
  333. xlog("L_INFO", "Processing REGISTER in route[REGISTRAR]\n");
  334.  
  335. if(isflagset(FLT_NATS)) {
  336. setbflag(FLB_NATB);
  337. }
  338.  
  339. if (!save("location")) {
  340. sl_reply_error();
  341. }
  342. xlog("L_INFO", "Successfully processed REGISTER in route[REGISTRAR]\n");
  343. exit;
  344. }
  345. }
  346.  
  347. # USER location service
  348. route[LOCATION] {
  349. xlog("L_INFO", "Location service for $ru \n");
  350. #if (!is_subscriber("$ru", "subscriber", "1")) {
  351. # t_newtran();
  352. # send_reply("404", "Not Found");
  353. # exit;
  354. #}
  355.  
  356. #!ifdef WITH_ASTERISK
  357. if(is_method("INVITE") && (!route(FROMASTERISK))) {
  358. # if new call from out there - send to Asterisk
  359. # - non-INVITE request are routed directly by Kamailio
  360. # - traffic from Asterisk is routed also directy by Kamailio
  361. xlog("L_INFO", "This invite is from customer to asterisk\n");
  362. route(TOASTERISK);
  363. exit;
  364. }
  365. #!endif
  366.  
  367. xlog("L_INFO", "Going for location lookup\n");
  368.  
  369. if (!lookup("location")) {
  370. xlog("L_INFO", "Lookup failed, rc: $rc\n");
  371. $var(rc) = $rc;
  372. t_newtran();
  373. switch ($var(rc)) {
  374. case -1:
  375. send_reply("480", "Temporarily Unavailable");
  376. exit;
  377. case -2:
  378. send_reply("405", "Method Not Allowed");
  379. exit;
  380. case -3:
  381. send_reply("500", "Server Internal Error");
  382. exit;
  383. }
  384. }
  385. xlog("L_INFO", "Location lookup completed rc: $rc for $ru\n");
  386. }
  387.  
  388. #!ifdef WITH_WEBSOCKETS
  389. onreply_route {
  390. if (($Rp == MY_WS_PORT || $Rp == MY_WSS_PORT) && !(proto == WS || proto == WSS)) {
  391. xlog("L_WARN", "SIP response received on $Rp\n");
  392. drop;
  393. }
  394.  
  395. if (nat_uac_test(64)) {
  396. # Do NAT traversal stuff for replies to a WebSocket connection
  397. # - even if it is not behind a NAT!
  398. # This won't be needed in the future if Kamailio and the
  399. # WebSocket client support Outbound and Path.
  400. add_contact_alias();
  401. }
  402. if (has_body("application/sdp")) {
  403. xlog("L_INFO", "Calling RTPEngine on response side\n");
  404. rtpengine_manage();
  405. }
  406. }
  407.  
  408. event_route[xhttp:request] {
  409. set_reply_close();
  410. set_reply_no_connect();
  411.  
  412. if ($Rp != MY_WS_PORT
  413. #!ifdef WITH_TLS
  414. && $Rp != MY_WSS_PORT
  415. #!endif
  416. ) {
  417. xlog("L_WARN", "HTTP request received on $Rp\n");
  418. xhttp_reply("403", "Forbidden", "", "");
  419. exit;
  420. }
  421.  
  422. xlog("L_DBG", "HTTP Request Received\n");
  423.  
  424. if ($hdr(Upgrade)=~"websocket" && $hdr(Connection)=~"Upgrade" && $rm=~"GET") {
  425.  
  426. # Validate Host - make sure the client is using the correct alias for WebSockets
  427. if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
  428. xlog("L_WARN", "Bad host $hdr(Host)\n");
  429. xhttp_reply("403", "Forbidden", "", "");
  430. exit;
  431. }
  432.  
  433. # Optional... validate Origin - make sure the client is from an
  434. # authorised website. For example,
  435. #
  436. # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
  437. # && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
  438. # xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
  439. # xhttp_reply("403", "Forbidden", "", "");
  440. # exit;
  441. # }
  442.  
  443. # Optional... perform HTTP authentication
  444.  
  445. # ws_handle_handshake() exits (no further configuration file
  446. # processing of the request) when complete.
  447. if (ws_handle_handshake())
  448. {
  449. # Optional... cache some information about the
  450. # successful connection
  451. exit;
  452. }
  453. }
  454.  
  455. xhttp_reply("404", "Not Found", "", "");
  456. }
  457.  
  458. event_route[websocket:closed] {
  459. xlog("L_INFO", "WebSocket connection from $si:$sp has closed\n");
  460. }
  461. #!endif
  462.  
  463. route[NATDETECT] {
  464. force_rport();
  465.  
  466. #!ifdef WITH_WEBSOCKETS
  467. # 64 - Test if the source connection of signaling is a WebSocket
  468. if (nat_uac_test(64)) {
  469. xlog("L_INFO", "Inside webrtc nat_uac_test\n");
  470. # NAT traversal WebSocket
  471. if (is_method("REGISTER")) {
  472. fix_nated_register();
  473. } else {
  474. if (!add_contact_alias()) {
  475. xlog("L_ERR", "Error aliasing contact <$ct>\n");
  476. sl_send_reply("400", "Bad Request");
  477. exit;
  478. }
  479. }
  480. setflag(FLT_NATS);
  481. return;
  482. }
  483. #!endif
  484.  
  485. # 1 - The “Contact” header field is searched for occurrence of RFC1918 or RFC6598 addresses.
  486. # 2 - the "received" test is used: address in the “Via” header is compared against source IP address of signaling
  487. # 16 - Test if the source port is different from the port in the “Via” header
  488. # Why magic number of 19?
  489. if (nat_uac_test(19)) {
  490. xlog("L_INFO", "Inside uac_test_19\n");
  491. if (is_method("REGISTER")) {
  492. fix_nated_register();
  493. }
  494. fix_contact();
  495. nat_keepalive();
  496. }
  497. setflag(FLT_NATS);
  498. return;
  499. }
  500.  
  501. #!ifdef WITH_ASTERISK
  502. # Test if coming from Asterisk
  503. route[FROMASTERISK] {
  504. if ($Ri == "MY_PVT_ADDR")
  505. return 1;
  506. return -1;
  507. }
  508.  
  509. # Send to Asterisk
  510. route[TOASTERISK] {
  511. xlog("Routing to asterisk");
  512. ds_select_dst(1, 4);
  513. t_on_failure("DISPATCH_FAILURE");
  514. route(RELAY);
  515. exit;
  516. }
  517. #!endif
  518.  
  519. route[DISPATCH_FAILURE]{
  520. xlog("Trying next destination");
  521. ds_next_dst();
  522. route(RELAY);
  523.  
  524. }
  525.  
  526.  
  527.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!