- updated with more examples

- extra accounting
- nat traversal with nathelper and rtpproxy
- easier system to enable features using sed command


git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5650 689a6050-402a-0410-94f2-e92a70836424

etc/kamailio.cfg

@@ -1,12 +1,56 @@
 #
 # $Id$
 #
-# Kamailion basic configuration script
+# Kamailio (OpenSER) SIP Server - basic configuration script
+#     - web: http://www.kamailio.org
+#     - svn: http://openser.svn.sourceforge.net/viewvc/openser/
 #
 # Direct your questions about this file to: <[email protected]>
 #
-# Please refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
-# for a explanation of possible statements, functions and parameters.
+# Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
+# for an explanation of possible statements, functions and parameters.
+#
+# There are comments showing how to enable different features in th econfig
+# file. Such commented code starts with #X# where X is a letter to identify
+# a feature. Delete entire #X# if you want to enable that feature. Next are
+# sed commands that help you enable such features.
+#
+# *** To enamble mysql execute:
+#     sed -i 's/#m#//g' kamailio.cfg
+#
+# *** To enamble authentication execute:
+#     - enable mysql
+#     sed -i 's/#a#//g' kamailio.cfg
+#     - add users using 'kamctl'
+#
+# *** To enamble persistent user location execute:
+#     - enable mysql
+#     sed -i 's/#u#//g' kamailio.cfg
+#
+# *** To enamble presence server execute:
+#     - enable mysql
+#     sed -i 's/#p#//g' kamailio.cfg
+#
+# *** To enamble nat traversal execute:
+#     sed -i 's/#n#//g' kamailio.cfg
+#     - install RTPProxy: http://www.rtpproxy.org
+#     - start RTPProxy:
+#        rtpproxy -l _your_public_ip_ -s udp:localhost:7722
+#
+# *** To enhance accounting execute:
+#     - enable mysql
+#     sed -i 's/#c#//g' kamailio.cfg
+#     - add folowing columns to database
+# ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
+# ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
+# ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
+# ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE missed_call ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
 #
 
 
@@ -64,7 +108,7 @@ port=5060
 mpath="/usr/local/lib/kamailio/modules/"
 
 /* uncomment next line for MySQL DB support */
-#loadmodule "db_mysql.so"
+#m#loadmodule "db_mysql.so"
 loadmodule "mi_fifo.so"
 loadmodule "sl.so"
 loadmodule "tm.so"
@@ -80,8 +124,8 @@ loadmodule "xlog.so"
 loadmodule "acc.so"
 /* uncomment next lines for MySQL based authentication support 
    NOTE: a DB (like db_mysql) module must be also loaded */
-#loadmodule "auth.so"
-#loadmodule "auth_db.so"
+#a#loadmodule "auth.so"
+#a#loadmodule "auth_db.so"
 /* uncomment next line for aliases support
    NOTE: a DB (like db_mysql) module must be also loaded */
 #loadmodule "alias_db.so"
@@ -92,9 +136,10 @@ loadmodule "acc.so"
 #loadmodule "domain.so"
 /* uncomment the next two lines for presence server support
    NOTE: a DB (like db_mysql) module must be also loaded */
-#loadmodule "presence.so"
-#loadmodule "presence_xml.so"
+#p#loadmodule "presence.so"
+#p#loadmodule "presence_xml.so"
 
+#n#loadmodule "nathelper.so"
 
 # ----------------- setting module-specific parameters ---------------
 
@@ -138,28 +183,32 @@ modparam("acc", "detect_direction", 0)
 modparam("acc", "failed_transaction_flag", 3)
 modparam("acc", "log_flag", 1)
 modparam("acc", "log_missed_flag", 2)
+modparam("acc", "log_extra", 
+	"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
 /* uncomment the following lines to enable DB accounting also */
-modparam("acc", "db_flag", 1)
-modparam("acc", "db_missed_flag", 2)
+#c#modparam("acc", "db_flag", 1)
+#c#modparam("acc", "db_missed_flag", 2)
+#c#modparam("domain", "db_url",
+#c#	"mysql://openser:openserrw@localhost/openser")
+#c#modparam("acc", "db_extra",
+#c#	"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
 
 
 # ----- usrloc params -----
-modparam("usrloc", "db_mode",   0)
 /* uncomment the following lines if you want to enable DB persistency
    for location entries */
-#modparam("usrloc", "db_mode",   2)
-#modparam("usrloc", "db_url",
-#	"mysql://openser:openserrw@localhost/openser")
-
+#u#modparam("usrloc", "db_mode",   2)
+#u#modparam("usrloc", "db_url",
+#u#	"mysql://openser:openserrw@localhost/openser")
 
 # ----- auth_db params -----
 /* uncomment the following lines if you want to enable the DB based
    authentication */
-#modparam("auth_db", "calculate_ha1", yes)
-#modparam("auth_db", "password_column", "password")
-#modparam("auth_db", "db_url",
-#	"mysql://openser:openserrw@localhost/openser")
-#modparam("auth_db", "load_credentials", "")
+#a#modparam("auth_db", "calculate_ha1", yes)
+#a#modparam("auth_db", "password_column", "password")
+#a#modparam("auth_db", "db_url",
+#a#	"mysql://openser:openserrw@localhost/openser")
+#a#modparam("auth_db", "load_credentials", "")
 
 
 # ----- alias_db params -----
@@ -185,11 +234,19 @@ modparam("usrloc", "db_mode",   0)
 
 # ----- presence params -----
 /* uncomment the following lines if you want to enable presence */
-#modparam("presence|presence_xml", "db_url",
-#	"mysql://openser:openserrw@localhost/openser")
-#modparam("presence_xml", "force_active", 1)
-#modparam("presence", "server_address", "sip:192.168.1.2:5060")
-
+#p#modparam("presence|presence_xml", "db_url",
+#p#	"mysql://openser:openserrw@localhost/openser")
+#p#modparam("presence_xml", "force_active", 1)
+#p#modparam("presence", "server_address", "sip:192.168.1.2:5060")
+
+# -- nathelper
+#n#modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7722")
+#n#modparam("nathelper", "natping_interval", 30)
+#n#modparam("nathelper", "ping_nated_only", 1)
+#n#modparam("nathelper", "sipping_bflag", 7)
+#n#modparam("nathelper", "sipping_from", "sip:[email protected]")
+#n#modparam("registrar|nathelper", "received_avp", "$avp(i:80)")
+#n#modparam("usrloc", "nat_bflag", 6)
 
 ####### Routing Logic ########
 
@@ -213,12 +270,11 @@ route{
 			}
 			route(1);
 		} else {
-			/* uncomment the following lines if you want to enable presence */
-			##if (is_method("SUBSCRIBE") && $rd == "your.server.ip.address") {
-			##	# in-dialog subscribe requests
-			##	route(2);
-			##	exit;
-			##}
+			if (is_method("SUBSCRIBE") && uri == myself) {
+				# in-dialog subscribe requests
+				route(2);
+				exit;
+			}
 			if ( is_method("ACK") ) {
 				if ( t_check_trans() ) {
 					# non loose-route, but stateful ACK; must be an ACK after a 487 or e.g. 404 from upstream server
@@ -246,21 +302,8 @@ route{
 
 	t_check_trans();
 
-	# authenticate if from local subscriber (uncomment to enable auth)
-	##if (!(method=="REGISTER") && from_uri==myself)
-	##{
-	##	if (!proxy_authorize("", "subscriber")) {
-	##		proxy_challenge("", "0");
-	##		exit;
-	##	}
-	##	if (!check_from()) {
-	##		sl_send_reply("403","Forbidden auth ID");
-	##		exit;
-	##	}
-	##
-	##	consume_credentials();
-	##	# caller authenticated
-	##}
+	# authentication
+	route(3);
 
 	# record routing
 	if (!is_method("REGISTER|MESSAGE"))
@@ -288,34 +331,11 @@ route{
 
 	# requests for my domain
 
-	/* uncomment this if you want to enable presence server 
-	   and comment the next 'if' block
-	   NOTE: uncomment also the definition of route[2] from  below */
-	##if( is_method("PUBLISH|SUBSCRIBE"))
-	##		route(2);
-
-	if (is_method("PUBLISH"))
-	{
-		sl_send_reply("503", "Service Unavailable");
-		exit;
-	}
-	
+	if( is_method("PUBLISH|SUBSCRIBE"))
+		route(2);
 
 	if (is_method("REGISTER"))
 	{
-		# authenticate the REGISTER requests (uncomment to enable auth)
-		##if (!www_authorize("", "subscriber"))
-		##{
-		##	www_challenge("", "0");
-		##	exit;
-		##}
-		##
-		##if (!check_to()) 
-		##{
-		##	sl_send_reply("403","Forbidden auth ID");
-		##	exit;
-		##}
-
 		if (!save("location"))
 			sl_reply_error();
 
@@ -352,59 +372,154 @@ route{
 
 
 route[1] {
+#n#	if (check_route_param("nat=yes")) {
+#n#		setbflag(6);
+#n#	}
+#n#	if (isflagset(5) || isbflagset(6)) {
+#n#		route(5);
+#n#	}
+
 	/* example how to enable some additional event routes */
-	##if (is_method("INVITE")) {
-	##	t_on_branch("2");
-	##	t_on_reply("2");
-	##	t_on_failure("1");
-	##}
+	if (is_method("INVITE")) {
+		#t_on_branch("1");
+		t_on_reply("1");
+		t_on_failure("1");
+	}
 
 	if (!t_relay()) {
 		sl_reply_error();
-	};
+	}
 	exit;
 }
 
 
 # Presence route
-/* uncomment the whole following route for enabling presence
-   NOTE: do not forget to enable the call of this route from the main
-     route */
-##route[2]
-##{
-##	if (!t_newtran())
-##	{
-##		sl_reply_error();
-##		exit;
-##	};
-##
-##	if(is_method("PUBLISH"))
-##	{
-##		handle_publish();
-##		t_release();
-##	}
-##	else
-##	if( is_method("SUBSCRIBE"))
-##	{
-##		handle_subscribe();
-##		t_release();
-##	}
-##
-##	exit;
-##}
-
-
-branch_route[2] {
-	xlog("new branch at $ru\n");
+/* uncomment the whole following route for enabling presence server */
+route[2]
+{
+#p#	if (!t_newtran())
+#p#	{
+#p#		sl_reply_error();
+#p#		exit;
+#p#	};
+#p#
+#p#	if(is_method("PUBLISH"))
+#p#	{
+#p#		handle_publish();
+#p#		t_release();
+#p#	}
+#p#	else
+#p#	if( is_method("SUBSCRIBE"))
+#p#	{
+#p#		handle_subscribe();
+#p#		t_release();
+#p#	}
+#p#	exit;
+	
+	# if presence enabled, this part will not be executed
+	if (is_method("PUBLISH") || $rU==null)
+	{
+		sl_send_reply("404", "Not here");
+		exit;
+	}
+	return;
+}
+
+# Authentication route
+/* uncomment the whole following route for enabling authentication */
+route[3] {
+#a#	if (is_method("REGISTER"))
+#a#	{
+#a#		# authenticate the REGISTER requests (uncomment to enable auth)
+#a#		if (!www_authorize("", "subscriber"))
+#a#		{
+#a#			www_challenge("", "0");
+#a#			exit;
+#a#		}
+#a#
+#a#		if ($au!=$tU) 
+#a#		{
+#a#			sl_send_reply("403","Forbidden auth ID");
+#a#			exit;
+#a#		}
+#a#	} else {
+#a#		# authenticate if from local subscriber (uncomment to enable auth)
+#a#		if (from_uri==myself)
+#a#		{
+#a#			if (!proxy_authorize("", "subscriber")) {
+#a#				proxy_challenge("", "0");
+#a#				exit;
+#a#			}
+#a#			if (is_method("PUBLISH"))
+#a#			{
+#a#				if ($au!=$tU) {
+#a#					sl_send_reply("403","Forbidden auth ID");
+#a#					exit;
+#a#				}
+#a#			} else {
+#a#				if ($au!=$fU) {
+#a#					sl_send_reply("403","Forbidden auth ID");
+#a#					exit;
+#a#				}
+#a#			}
+#a#
+#a#			consume_credentials();
+#a#			# caller authenticated
+#a#		}
+#a#	}
+	return;
 }
 
+# Caller NAT detection route
+/* uncomment the whole following route for enabling Caller NAT Detection */
+route[4]{
+#n#	force_rport();
+#n#	if (nat_uac_test("19")) {
+#n#		if (method=="REGISTER") {
+#n#			fix_nated_register();
+#n#		} else {
+#n#			fix_nated_contact();
+#n#		}
+#n#		setflag(5);
+#n#	}
+	return;
+}
+
+# RTPProxy control
+/* uncomment the whole following route for enabling RTPProxy Control */
+route[5] {
+#n#	if (is_method("BYE")) {
+#n#		unforce_rtp_proxy();
+#n#	} else if (is_method("INVITE")){
+#n#		force_rtp_proxy();
+#n#	}
+#n#	if (!has_totag()) add_rr_param(";nat=yes");
+	return;
+}
 
-onreply_route[2] {
-	xlog("incoming reply\n");
+branch_route[1] {
+	xdbg("new branch at $ru\n");
+}
+
+
+onreply_route[1] {
+	xdbg("incoming reply\n");
+
+#n#	if ((isflagset(5) || isbflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
+#n#		force_rtp_proxy();
+#n#	}
+#n#	if (isbflagset(6)) {
+#n#		fix_nated_contact();
+#n#	}
 }
 
 
 failure_route[1] {
+#n#	if (is_method("INVITE)
+#n#			&& (isbflagset(6) || isflagset(5))) {
+#n#		unforce_rtp_proxy();
+#n#	}
+
 	if (t_was_cancelled()) {
 		exit;
 	}