misc/examples: update default webrtc cfg to current main kamailio.cfg state

misc/examples/webrtc/kamailio-default-websocket.cfg

@@ -1,6 +1,6 @@
 #!KAMAILIO
 #
-# Kamailio SIP Server v5.3 - default configuration script
+# Kamailio SIP Server v6.0 - default configuration script
 #     - web: https://www.kamailio.org
 #     - git: https://github.com/kamailio/kamailio
 #
@@ -15,11 +15,16 @@
 #       #!subst, #!substdef, ...
 #     - lines starting with //
 #     - blocks enclosed in between /* */
+# Note: the config performs symmetric SIP signaling
+#     - it sends the reply to the source address of the request
+#     - remove the use of force_rport() for asymmetric SIP signaling
 #
 # Several features can be enabled using '#!define WITH_FEATURE' directives:
 #
 # *** To run in debug mode:
 #     - define WITH_DEBUG
+#     - debug level increased to 3, logs still sent to syslog
+#     - debugger module loaded with cfgtrace enabled
 #
 # *** To enable mysql:
 #     - define WITH_MYSQL
@@ -27,7 +32,7 @@
 # *** To enable authentication execute:
 #     - enable mysql
 #     - define WITH_AUTH
-#     - add users using 'kamctl'
+#     - add users using 'kamctl' or 'kamcli'
 #
 # *** To enable IP authentication execute:
 #     - enable mysql
@@ -42,14 +47,21 @@
 # *** To enable presence server execute:
 #     - enable mysql
 #     - define WITH_PRESENCE
+#     - if modified headers or body in config must be used by presence handling:
+#     - define WITH_MSGREBUILD
 #
 # *** To enable nat traversal execute:
 #     - define WITH_NAT
-#     - define WITH_RTPPROXY
+#     - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
 #     - install RTPProxy: http://www.rtpproxy.org
-#     - start RTPProxy
+#     - start RTPProxy:
 #        rtpproxy -l _your_public_ip_ -s udp:localhost:7722
-#     - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
+#
+# *** To use RTPEngine (instead of RTPProxy) for nat traversal execute:
+#     - define WITH_RTPENGINE
+#     - install RTPEngine: https://github.com/sipwise/rtpengine
+#     - start RTPEngine:
+#        rtpengine --listen-ng=127.0.0.1:2223 ...
 #
 # *** To enable PSTN gateway routing execute:
 #     - define WITH_PSTN
@@ -72,9 +84,9 @@
 #     - adjust CFGDIR/tls.cfg as needed
 #     - define WITH_TLS
 #
-# *** To enable XMLRPC support execute:
-#     - define WITH_XMLRPC
-#     - adjust route[XMLRPC] for access policy
+# *** To enable JSONRPC over HTTP(S) support execute:
+#     - define WITH_JSONRPC
+#     - adjust event_route[xhttp:request] for access policy
 #
 # *** To enable WebSocket support execute:
 #     - define WITH_WEBSOCKET
@@ -84,6 +96,9 @@
 #       block if more than 16 requests in 2 seconds and ban for 300 seconds)
 #     - define WITH_ANTIFLOOD
 #
+# *** To load htable module execute:
+#     - define WITH_HTABLE
+#
 # *** To block 3XX redirect replies execute:
 #     - define WITH_BLOCK3XX
 #
@@ -124,13 +139,18 @@ import_file "kamailio-local.cfg"
 #!define WITH_WEBSOCKET
 
 # *** Value defines - IDs used later in config
+#!ifdef WITH_DEBUG
+#!define DBGLEVEL 3
+#!else
+#!define DBGLEVEL 2
+#!endif
+
 #!ifdef WITH_MYSQL
 # - database URL - used to connect to database server by modules such
 #       as: auth_db, acc, usrloc, a.s.o.
-#!ifndef DBURL
-#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
-#!endif
+#!trydef DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
 #!endif
+
 #!ifdef WITH_MULTIDOMAIN
 # - the value for 'use_domain' parameters
 #!define MULTIDOMAIN 1
@@ -138,27 +158,29 @@ import_file "kamailio-local.cfg"
 #!define MULTIDOMAIN 0
 #!endif
 
+#!ifdef WITH_ANTIFLOOD
+# - hash table 'ipban' used to store blocked IP addresses
+#!trydef WITH_HTABLE
+#!endif
+
 # - flags
-#   FLT_ - per transaction (message) flags
-#	FLB_ - per branch flags
+# FLT_ - per transaction (message) flags
 #!define FLT_ACC 1
 #!define FLT_ACCMISSED 2
 #!define FLT_ACCFAILED 3
 #!define FLT_NATS 5
 
+# FLB_ - per branch flags
 #!define FLB_NATB 6
 #!define FLB_NATSIPPING 7
 
 ####### Global Parameters #########
 
-### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
-#!ifdef WITH_DEBUG
-debug=4
-log_stderror=yes
-#!else
-debug=2
+/* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */
+debug=DBGLEVEL
+
+/* set to 'yes' to print log messages to terminal or use '-E' cli option */
 log_stderror=no
-#!endif
 
 memdbg=5
 memlog=5
@@ -166,27 +188,36 @@ memlog=5
 log_facility=LOG_LOCAL0
 log_prefix="{$mt $hdr(CSeq) $ci} "
 
-/* number of SIP routing processes */
+/* number of SIP routing processes for each UDP socket
+ * - value inherited by tcp_children and sctp_children when not set explicitely */
 children=8
 
 /* uncomment the next line to disable TCP (default on) */
 # disable_tcp=yes
 
+/* number of SIP routing processes for all TCP/TLS sockets */
+# tcp_children=8
+
+/* UDP receiving mode:
+ * - 0: multi-process (default)
+ * - 1: multi-threaded with async worker group 'udp'
+ * - 2: per socket configuration (see core cookbook) */
+# async_workers_group="name=udp;workers=8"
+# udp_receiver_mode = 1
+
 /* uncomment the next line to disable the auto discovery of local aliases
  * based on reverse DNS on IPs (default on) */
 # auto_aliases=no
 
-/* add local domain aliases */
+/* add local domain aliases - it can be set many times */
 # alias="sip.mydomain.com"
 
-/* uncomment and configure the following line if you want Kamailio to
- * bind on a specific interface/port/proto (default bind on all available) */
+/* listen sockets - if none set, Kamailio binds to all local IP addresses
+ * - basic prototype (full prototype can be found in Wiki - Core Cookbook):
+ *      listen=[proto]:[localip]:[lport] advertise [publicip]:[pport]
+ * - it can be set many times to add more sockets to listen to */
 # listen=udp:10.0.0.10:5060
 
-#!ifdef WITH_TLS
-enable_tls=yes
-#!endif
-
 /* life time of TCP connection when there is no traffic
  * - a bit higher than registration expires to cope with UA behind NAT */
 tcp_connection_lifetime=3605
@@ -196,6 +227,34 @@ tcp_accept_no_cl=yes
 tcp_rd_buf_size=16384
 #!endif
 
+/* upper limit for TCP connections (it includes the TLS connections) */
+tcp_max_connections=2048
+
+/* upper limit for TCP connections for one ip address - default 1024 */
+#tcp_accept_iplimit=1024
+
+#!ifdef WITH_JSONRPC
+tcp_accept_no_cl=yes
+#!endif
+
+#!ifdef WITH_TLS
+enable_tls=yes
+
+/* upper limit for TLS connections */
+tls_max_connections=2048
+
+/* For OpenSSL 3 integration
+ * functions calling libssl3 can be invoked in a transient thread
+ * 0: disable threaded calls
+ * 1: use thread executors for process #0 only
+ * 2: no thread executors, but use atfork handler to reset thread-locals to NULL */
+tls_threads_mode=2
+
+#!endif
+
+/* set it to yes to enable sctp and load sctp.so module */
+enable_sctp=no
+
 ####### Custom Parameters #########
 
 /* These parameters can be modified at runtime via RPC interface
@@ -228,10 +287,19 @@ voicemail.srv_port = "5060" desc "VoiceMail Port"
 /* set paths to location of modules */
 # mpath="/usr/local/lib/kamailio/modules/"
 
+# when using TLS with OpenSSL it is recommended to load this module
+# first so that OpenSSL is initialized correctly
+#!ifdef WITH_TLS
+loadmodule "tls.so"
+#!endif
+
 #!ifdef WITH_MYSQL
 loadmodule "db_mysql.so"
 #!endif
 
+#!ifdef WITH_JSONRPC
+loadmodule "xhttp.so"
+#!endif
 loadmodule "jsonrpcs.so"
 loadmodule "kex.so"
 loadmodule "corex.so"
@@ -244,6 +312,7 @@ loadmodule "maxfwd.so"
 loadmodule "usrloc.so"
 loadmodule "registrar.so"
 loadmodule "textops.so"
+loadmodule "textopsx.so"
 loadmodule "siputils.so"
 loadmodule "xlog.so"
 loadmodule "sanity.so"
@@ -251,6 +320,7 @@ loadmodule "ctl.so"
 loadmodule "cfg_rpc.so"
 loadmodule "acc.so"
 loadmodule "counters.so"
+loadmodule "dlgs.so"
 
 #!ifdef WITH_AUTH
 loadmodule "auth.so"
@@ -279,24 +349,21 @@ loadmodule "presence_xml.so"
 
 #!ifdef WITH_NAT
 loadmodule "nathelper.so"
-#!ifdef WITH_RTPPROXY
+#!ifdef WITH_RTPENGINE
+loadmodule "rtpengine.so"
+#!else
 loadmodule "rtpproxy.so"
 #!endif
 #!endif
 
-#!ifdef WITH_TLS
-loadmodule "tls.so"
+#!ifdef WITH_HTABLE
+loadmodule "htable.so"
 #!endif
 
 #!ifdef WITH_ANTIFLOOD
-loadmodule "htable.so"
 loadmodule "pike.so"
 #!endif
 
-#!ifdef WITH_XMLRPC
-loadmodule "xmlrpc.so"
-#!endif
-
 #!ifdef WITH_DEBUG
 loadmodule "debugger.so"
 #!endif
@@ -315,11 +382,17 @@ modparam("jsonrpcs", "pretty_format", 1)
 # modparam("jsonrpcs", "fifo_name", "/run/kamailio/kamailio_rpc.fifo")
 /* set the path to RPC unix socket control file */
 # modparam("jsonrpcs", "dgram_socket", "/run/kamailio/kamailio_rpc.sock")
+#!ifdef WITH_JSONRPC
+modparam("jsonrpcs", "transport", 7)
+#!endif
 
 # ----- ctl params -----
 /* set the path to RPC unix socket control file */
 # modparam("ctl", "binrpc", "unix:/run/kamailio/kamailio_ctl")
 
+# ----- sanity params -----
+modparam("sanity", "autodrop", 0)
+
 # ----- tm params -----
 # auto-discard branches from previous serial forking leg
 modparam("tm", "failure_reply_mode", 3)
@@ -334,6 +407,12 @@ modparam("rr", "enable_full_lr", 0)
 # do not append from tag to the RR (no need for this script)
 modparam("rr", "append_fromtag", 0)
 
+# ----- dlgs params -----
+modparam("dlgs", "timer_interval", 10)
+modparam("dlgs", "init_lifetime", 180)
+modparam("dlgs", "active_lifetime", 7200)
+modparam("dlgs", "finish_lifetime", 10)
+
 # ----- registrar params -----
 modparam("registrar", "method_filtering", 1)
 /* uncomment the next line to disable parallel forking via location */
@@ -344,6 +423,10 @@ modparam("registrar", "method_filtering", 1)
 modparam("registrar", "max_expires", 3600)
 /* set it to 1 to enable GRUU */
 modparam("registrar", "gruu_enabled", 0)
+/* set it to 0 to disable Path handling */
+modparam("registrar", "use_path", 1)
+/* save Path even if not listed in Supported header */
+modparam("registrar", "path_mode", 0)
 
 # ----- acc params -----
 /* what special events should be accounted ? */
@@ -372,11 +455,13 @@ modparam("acc", "db_extra",
 #!endif
 
 # ----- usrloc params -----
+modparam("usrloc", "timer_interval", 60)
+modparam("usrloc", "timer_procs", 1)
+modparam("usrloc", "use_domain", MULTIDOMAIN)
 /* enable DB persistency for location entries */
 #!ifdef WITH_USRLOCDB
 modparam("usrloc", "db_url", DBURL)
 modparam("usrloc", "db_mode", 2)
-modparam("usrloc", "use_domain", MULTIDOMAIN)
 #!endif
 
 # ----- auth_db params -----
@@ -390,7 +475,7 @@ modparam("auth_db", "use_domain", MULTIDOMAIN)
 # ----- permissions params -----
 #!ifdef WITH_IPAUTH
 modparam("permissions", "db_url", DBURL)
-modparam("permissions", "db_mode", 1)
+modparam("permissions", "load_backends", 1)
 #!endif
 
 #!endif
@@ -424,11 +509,13 @@ modparam("presence_xml", "force_active", 1)
 #!endif
 
 #!ifdef WITH_NAT
-#!ifdef WITH_RTPPROXY
+#!ifdef WITH_RTPENGINE
+# ----- rtpengine params -----
+modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223")
+#!else
 # ----- rtpproxy params -----
 modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
 #!endif
-
 # ----- nathelper params -----
 modparam("nathelper", "natping_interval", 30)
 modparam("nathelper", "ping_nated_only", 1)
@@ -450,16 +537,14 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
 modparam("pike", "sampling_time_unit", 2)
 modparam("pike", "reqs_density_per_unit", 16)
 modparam("pike", "remove_latency", 4)
+#!endif
 
+#!ifdef WITH_HTABLE
 # ----- htable params -----
+#!ifdef WITH_ANTIFLOOD
 /* ip ban htable with autoexpire after 5 minutes */
 modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
 #!endif
-
-#!ifdef WITH_XMLRPC
-# ----- xmlrpc params -----
-modparam("xmlrpc", "route", "XMLRPC");
-modparam("xmlrpc", "url_match", "^/RPC")
 #!endif
 
 #!ifdef WITH_DEBUG
@@ -484,6 +569,7 @@ request_route {
 
 	# CANCEL processing
 	if (is_method("CANCEL")) {
+		dlgs_update();
 		if (t_check_trans()) {
 			route(RELAY);
 		}
@@ -510,7 +596,7 @@ request_route {
 	# record routing for dialog forming requests (in case they are routed)
 	# - remove preloaded route headers
 	remove_hf("Route");
-	if (is_method("INVITE|SUBSCRIBE")) {
+	if (is_method("INVITE|SUBSCRIBE|REFER")) {
 		record_route();
 	}
 
@@ -536,11 +622,17 @@ request_route {
 		exit;
 	}
 
+	if(is_method("INVITE")) {
+		dlgs_init("$fu", "$tu", "srcip=$si");
+	}
+
 	# dispatch destinations to PSTN
 	route(PSTN);
 
 	# user location service
 	route(LOCATION);
+
+	return;
 }
 
 # Wrapper for relaying requests
@@ -559,13 +651,19 @@ route[RELAY] {
 	}
 
 	if (!t_relay()) {
-		sl_reply_error();
+		send_reply_error();
 	}
 	exit;
 }
 
 # Per SIP request initial checks
 route[REQINIT] {
+	# no connect for sending replies
+	set_reply_no_connect();
+	# enforce symmetric signaling
+	# - send back replies to the source address of request
+	force_rport();
+
 #!ifdef WITH_ANTIFLOOD
 	# flood detection from same IP and traffic ban for a while
 	# be sure you exclude checking trusted peers, such as pstn gateways
@@ -577,13 +675,13 @@ route[REQINIT] {
 			exit;
 		}
 		if (!pike_check_req()) {
-			xlog("L_ALERT", "ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
+			xalert("ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
 			$sht(ipban=>$si) = 1;
 			exit;
 		}
 	}
 #!endif
-	if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") {
+	if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent|pplsip") {
 		# silent drop for scanners - uncomment next line if want to reply
 		# sl_send_reply("200", "OK");
 		exit;
@@ -600,7 +698,7 @@ route[REQINIT] {
 	}
 
 	if(!sanity_check("17895", "7")) {
-		xlog("Malformed SIP message from $si:$sp\n");
+		xlog("Malformed SIP request from $si:$sp\n");
 		exit;
 	}
 }
@@ -613,14 +711,15 @@ route[WITHINDLG] {
 	# take the path determined by record-routing
 	if (loose_route()) {
 		route(DLGURI);
+		dlgs_update();
 		if (is_method("BYE")) {
 			setflag(FLT_ACC); # do accounting ...
 			setflag(FLT_ACCFAILED); # ... even if the transaction fails
 		} else if ( is_method("ACK") ) {
 			# ACK is forwarded statelessly
 			route(NATMANAGE);
-		} else if ( is_method("NOTIFY") ) {
-			# Add Record-Route for in-dialog NOTIFY as per RFC 6665.
+		} else if ( is_method("NOTIFY|REFER") ) {
+			# Add Record-Route for in-dialog NOTIFY and REFER (RFC6665, RFC3515)
 			record_route();
 		}
 		route(RELAY);
@@ -660,7 +759,7 @@ route[REGISTRAR] {
 #!endif
 	}
 	if (!save("location")) {
-		sl_reply_error();
+		send_reply_error();
 	}
 	exit;
 }
@@ -721,8 +820,12 @@ route[PRESENCE] {
 	}
 
 #!ifdef WITH_PRESENCE
+#!ifdef WITH_MSGREBUILD
+	# apply changes in case the request headers or body were modified
+	msg_apply_changes();
+#!endif
 	if (!t_newtran()) {
-		sl_reply_error();
+		send_reply_error();
 		exit;
 	}
 
@@ -787,7 +890,6 @@ route[AUTH] {
 # Caller NAT detection
 route[NATDETECT] {
 #!ifdef WITH_NAT
-	force_rport();
 	if (nat_uac_test("83")) {
 		if (is_method("REGISTER")) {
 			fix_nated_register();
@@ -802,7 +904,7 @@ route[NATDETECT] {
 	return;
 }
 
-# RTPProxy control and signaling updates for NAT traversal
+# RTP relaying management and signaling updates for NAT traversal
 route[NATMANAGE] {
 #!ifdef WITH_NAT
 	if (is_request()) {
@@ -814,7 +916,13 @@ route[NATMANAGE] {
 	}
 	if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;
 
-#!ifdef WITH_RTPPROXY
+#!ifdef WITH_RTPENGINE
+	if(nat_uac_test("8")) {
+		rtpengine_manage("SIP-source-address replace-origin replace-session-connection");
+	} else {
+		rtpengine_manage("replace-origin replace-session-connection");
+	}
+#!else
 	if(nat_uac_test("8")) {
 		rtpproxy_manage("co");
 	} else {
@@ -835,6 +943,15 @@ route[NATMANAGE] {
 				set_contact_alias();
 		}
 	}
+
+	if(isbflagset(FLB_NATB) || nat_uac_test("64")) {
+		# no connect message in a dialog involving NAT traversal
+		if (is_request()) {
+			if(has_totag()) {
+				set_forward_no_connect();
+			}
+		}
+	}
 #!endif
 	return;
 }
@@ -853,7 +970,7 @@ route[DLGURI] {
 route[SIPOUT] {
 	if (uri==myself) return;
 
-	append_hf("P-hint: outbound\r\n");
+	append_hf("P-Hint: outbound\r\n");
 	route(RELAY);
 	exit;
 }
@@ -899,21 +1016,23 @@ route[PSTN] {
 	return;
 }
 
-# XMLRPC routing
-#!ifdef WITH_XMLRPC
-route[XMLRPC] {
-	# allow XMLRPC from localhost
-	if ((method=="POST" || method=="GET")
-			&& (src_ip==127.0.0.1)) {
-		# close connection only for xmlrpclib user agents (there is a bug in
-		# xmlrpclib: it waits for EOF before interpreting the response).
-		if ($hdr(User-Agent) =~ "xmlrpclib")
-			set_reply_close();
-		set_reply_no_connect();
-		dispatch_rpc();
+# JSONRPC over HTTP(S) routing
+#!ifdef WITH_JSONRPC
+event_route[xhttp:request] {
+	set_reply_close();
+	set_reply_no_connect();
+	if(src_ip!=127.0.0.1) {
+		xhttp_reply("403", "Forbidden", "text/html",
+				"<html><body>Not allowed from $si</body></html>");
 		exit;
 	}
-	send_reply("403", "Forbidden");
+	if ($hu =~ "^/RPC") {
+		jsonrpc_dispatch();
+		exit;
+	}
+
+	xhttp_reply("200", "OK", "text/html",
+				"<html><body>Wrong URL $hu</body></html>");
 	exit;
 }
 #!endif
@@ -950,14 +1069,25 @@ route[TOVOICEMAIL] {
 branch_route[MANAGE_BRANCH] {
 	xdbg("new branch [$T_branch_idx] to $ru\n");
 	route(NATMANAGE);
+	return;
 }
 
 # Manage incoming replies
+reply_route {
+	if(!sanity_check("17604", "6")) {
+		xlog("Malformed SIP response from $si:$sp\n");
+		drop;
+	}
+	return;
+}
+
+# Manage incoming replies in transaction context
 onreply_route[MANAGE_REPLY] {
 	xdbg("incoming reply\n");
 	if(status=~"[12][0-9][0-9]") {
 		route(NATMANAGE);
 	}
+	return;
 }
 
 # Manage failure routing cases
@@ -991,6 +1121,7 @@ failure_route[MANAGE_FAILURE] {
 		exit;
 	}
 #!endif
+	return;
 }
 
 #!ifdef WITH_WEBSOCKET
@@ -1015,5 +1146,6 @@ event_route[xhttp:request] {
 		}
 	}
 	xhttp_reply("404", "Not Found", "", "");
+	return;
 }
 #!endif