outdated files moved to obsoleted

etc/obsoleted/backup.cfg

@@ -0,0 +1,141 @@
+#
+# $Id$
+#
+# iptel.org real world configuration
+#
+
+# ----------- global configuration parameters ------------------------
+
+debug=4          # debug level (cmd line: -dddddddddd)
+fork=no
+#log_stderror=no	# (cmd line: -E)
+log_stderror=yes	# (cmd line: -E)
+#check_via=yes     # (cmd. line: -v)
+#check_via=0
+dns=on           # (cmd. line: -r)
+rev_dns=yes      # (cmd. line: -R)
+port=5069
+#port=8060
+children=1
+
+# advertise IP address in Via (as opposed to advertising DNS name
+# which is annoying for downstream servers and some phones can
+# not handle DNS at all)
+listen=195.37.77.100
+#listen=bat.iptel.org
+
+# ------------------ module loading ----------------------------------
+
+loadmodule "../sip_router/modules/sl/sl.so"
+loadmodule "../sip_router/modules/print/print.so"
+#loadmodule "../sip_router/modules/tm/tm.so"
+loadmodule "../sip_router/modules/acc/acc.so"
+loadmodule "../sip_router/modules/rr/rr.so"
+loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
+loadmodule "../sip_router/modules/mysql/mysql.so"
+loadmodule "../sip_router/modules/usrloc/usrloc.so"
+loadmodule "../sip_router/modules/auth/auth.so"
+loadmodule "../sip_router/modules/cpl/cpl.so"
+
+# ----------------- setting module-specific parameters ---------------
+
+# -- usrloc params --
+
+modparam("usrloc", "use_database",   1)
+modparam("usrloc", "table",          "location")
+modparam("usrloc", "user_column",    "user")
+modparam("usrloc", "contact_column", "contact")
+modparam("usrloc", "expires_column", "expires")
+modparam("usrloc", "q_column",       "q")
+modparam("usrloc", "callid_column",  "callid")
+modparam("usrloc", "cseq_column",    "cseq")
+modparam("usrloc", "flush_interval", 60)
+modparam("usrloc", "db_url",         "sql://root:@localhost/ser")
+
+# -- auth params --
+
+modparam("auth", "db_url",        "sql://root:@localhost/ser")
+modparam("auth", "user_column",   "user_id")
+# nonce generation secret; particularly useful if multiple servers
+# in a proxy farm are configured to authenticate
+modparam("auth", "secret",        "439tg8h349g8hq349t9384hg")
+# calculate_ha1=false means password column includes ha1 strings;
+# if it was false, plain-text passwords would be assumed
+
+# the database credentials in hashed form
+modparam("auth", "calculate_ha1", false)
+modparam("auth", "password_column", "ha1")
+# password_column, realm_column, group_table, group_user_column,
+#   group_group_column are set to their default values
+# password_column_2 allows to deal with clients who put domain name
+#   in authentication credentials when calculate_ha1=false (if true,
+#   it works); if set to a value and USER_DOMAIN_HACK was enabled
+#   in defs.h, authentication will still work
+modparam("auth", "password_column_2", "ha1b")
+
+# the database in plain-text alternative:
+#modparam("auth", "calculate_ha1", true )
+#modparam("auth", "password_column", "password")
+
+modparam("auth", "nonce_expire",  300)
+modparam("auth", "retry_count",   3)
+
+# -- acc params --
+# report ACKs too for sake of completeness -- as we account PSTN
+# destinations which are RR, ACKs should show up
+modparam("acc", "report_ack", 1)
+# don't bother me with early media reports (I don't like 183 
+# too much anyway...ever thought of timer C hitting after
+# listening to music-on-hold for five minutes?)
+modparam("acc", "early_media", 0)
+modparam("acc", "log_level", 1)
+# that is the flag for which we will account -- don't forget to
+# set the same one :-)
+modparam("acc", "acc_flag", 1 )
+# we are interested only in succesful transactions
+modparam("acc", "failed_transactions", 0 )
+
+# -- tm params --
+modparam("tm", "fr_timer", 30 )
+modparam("tm", "fr_inv_timer", 60 )
+
+# -------------------------  request routing logic -------------------
+
+# main routing logic
+
+route{
+
+	# filter local stateless ACK generated by authentication of mf replies
+	sl_filter_ACK();
+
+	# filter too old messages
+	log("LOG: Checking maxfwd\n");
+	if (!mf_process_maxfwd_header("10")) {
+		log("LOG: Too many hops\n");
+		sl_send_reply("483","Too Many Hops");
+		break;
+	};
+
+	if (method=="REGISTER") {
+		log("LOG Request is REGISTER\n");
+		if (!www_authorize(	"bat.iptel.org" /* realm */, 
+			 				"subscriber" /* table name */ )) {
+			log("LOG: REGISTER has no credentials, sending challenge\n");
+ 			www_challenge(	"bat.iptel.org" /* realm */, 
+							"0" /* no qop -- M$ can't deal with it */);
+			break;
+		};
+		# prohibit attempts to grab someone else's To address 
+		# using  valid credentials
+		if (!is_user("replicator")) {
+			log("LOG: To Cheating attempt\n");
+			sl_send_reply("403", "That is ugly -- use To=id next time");
+			break;
+		};
+			
+		# update Contact database
+       	log("LOG: REGISTER is authorized, saving location\n");
+		save_contact("location");
+		break;
+	};
+}

etc/obsoleted/bat.cfg

@@ -0,0 +1,88 @@
+#
+# iptel.org real world configuration for secondary host
+#
+# $Id$
+#
+
+debug=4          # debug level (cmd line: -dddddddddd)
+#fork=yes
+fork=no
+#log_stderror=no	# (cmd line: -E)
+log_stderror=yes	# (cmd line: -E)
+check_via=yes     # (cmd. line: -v)
+dns=on           # (cmd. line: -r)
+rev_dns=yes      # (cmd. line: -R)
+port=5060
+children=1
+
+# advertise IP address in Via (as opposed to advertising DNS name
+# which is annoying for downstream servers and some phones can
+# not handle DNS at all)
+listen=195.37.77.100
+
+loadmodule "../sip_router/modules/sl/sl.so"
+loadmodule "../sip_router/modules/print/print.so"
+loadmodule "../sip_router/modules/tm/tm.so"
+loadmodule "../sip_router/modules/acc/acc.so"
+loadmodule "../sip_router/modules/rr/rr.so"
+loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
+loadmodule "../sip_router/modules/mysql/mysql.so"
+loadmodule "../sip_router/modules/usrloc/usrloc.so"
+loadmodule "../sip_router/modules/auth/auth.so"
+loadmodule "../sip_router/modules/cpl/cpl.so"
+
+modparam("usrloc", "use_database",   1)
+modparam("usrloc", "use_database",   0)
+
+modparam("usrloc", "table",          "location")
+modparam("usrloc", "user_column",    "user")
+modparam("usrloc", "contact_column", "contact")
+modparam("usrloc", "expires_column", "expires")
+modparam("usrloc", "q_column",       "q")
+modparam("usrloc", "callid_column",  "callid")
+modparam("usrloc", "cseq_column",    "cseq")
+modparam("usrloc", "flush_interval", 60)
+modparam("usrloc", "db_url",         "sql://csps:47csps11@dbhost/csps107")
+
+modparam("auth", "db_url",         "sql://csps:47csps11@dbhost/csps107")
+modparam("auth", "table",         "subscriber")
+modparam("auth", "user_column",         "user_id")
+
+modparam("acc", "report_ack", 1)
+modparam("acc", "early_media", 1)
+modparam("acc", "log_level", 1)
+modparam("acc", "acc_flag", 1 )
+modparam("acc", "failed_transactions", 1 )
+
+modparam("tm", "fr_timer", 10 )
+modparam("tm", "fr_inv_timer", 30 )
+
+
+route{
+
+
+	# filter local stateless ACK generated by authentication of mf replies
+	sl_filter_ACK();
+
+	# filter too old messages
+        log("Checking maxfwd\n");
+	if (!mf_process_maxfwd_header("10")) {
+		log("Too many hops\n");
+		sl_send_reply("483","Too Many Hops");
+		break;
+	};
+
+	# Do strict routing if route headers present
+	rewriteFromRoute();
+
+	sethost("iptel.org");
+	if (uri=~"sip:0") 
+		setflag(1);
+
+	if (method=="INVITE")
+		addRecordRoute();
+
+	# we now know we may, we now where, let it go out now!
+	t_relay();
+}
+

etc/obsoleted/blb.cfg

@@ -0,0 +1,96 @@
+#
+# iptel.org real world configuration
+#
+# $Id$
+#
+
+# ----------- global configuration parameters ------------
+
+debug=4          # debug level (cmd line: -dddddddddd)
+#fork=yes
+fork=no
+#log_stderror=no	# (cmd line: -E)
+log_stderror=yes	# (cmd line: -E)
+#check_via=yes     # (cmd. line: -v)
+check_via=no# (cmd. line: -v)
+dns=on           # (cmd. line: -r)
+rev_dns=yes      # (cmd. line: -R)
+port=5060
+children=1
+
+# advertise IP address in Via (as opposed to advertising DNS name
+# which is annoying for downstream servers and some phones can
+# not handle DNS at all)
+listen=195.37.77.100
+#listen=bat.iptel.org
+
+# ------------------ module loading ----------------
+
+loadmodule "../sip_router/modules/print/print.so"
+#loadmodule "../sip_router/modules/tm/tm.so"
+loadmodule "../sip_router/modules/sl/sl.so"
+loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
+
+# ----------------- setting module-specific parameters -------
+
+# -- tm params --
+modparam("tm", "fr_timer", 12 )
+modparam("tm", "fr_inv_timer", 12 )
+modparam("tm", "wt_timer", 3 )
+modparam("tm", "retr_timer2", 1 )
+modparam("tm", "retr_timer1p1", 1 )
+modparam("tm", "retr_timer1p2", 1 )
+modparam("tm", "retr_timer1p3", 1 )
+
+
+route{
+    # filter local stateless ACK generated by authentication of mf replies
+    sl_filter_ACK();
+
+	if (len_gt( max_len )) {
+#	if (len_gt( 100 )) {
+		sl_send_reply("513", "Riesengross -- Message too large");
+		log("XXX Riessengross: dropped\n");
+		break;
+	};
+
+
+    # filter too old messages
+    log("LOG: Checking maxfwd\n");
+    if (!mf_process_maxfwd_header("0")) {
+        log("LOG: Too many hops\n");
+        sl_send_reply("483","Too Many Hops");
+        break;
+    };
+
+#	if (uri=~"jiri@") {
+#		seturi("sip:[email protected]");
+#		log("jiri");
+#	};
+
+#	seturi("sip:[email protected]:5064");
+	seturi("sip:[email protected]");
+#	t_fork_on_no_response("sip:[email protected]");
+#	sethost("iptel.org");
+#	seturi("sip:[email protected]:9");
+	t_fork_to_uri("sip:[email protected]:5064");
+#	if (not method=="ACK") seturi("sip:[email protected]:5060");
+	if (!t_relay()) {
+#	if (!t_relay_to("iptel.org", "5060")) {
+		sl_reply_error();
+		break;
+	};
+
+#   THERE IT IS
+#	seturi("sip:[email protected]:5060");
+#	t_fork_on_no_response("sip:[email protected]");
+#	t_relay();
+
+
+#	t_relay_to("iptel.org","5060");
+#	forward( uri:host, uri:port );
+#	strip(9);
+#	t_relay_to( "localhost", "9" );
+
+}
+

etc/obsoleted/secondary.cfg

@@ -0,0 +1,245 @@
+#
+# iptel.org real world configuration for secondary host
+#
+# $Id$
+#
+
+debug=3          # debug level (cmd line: -dddddddddd)
+#fork=yes
+fork=no
+#log_stderror=no	# (cmd line: -E)
+log_stderror=yes	# (cmd line: -E)
+check_via=yes     # (cmd. line: -v)
+dns=on           # (cmd. line: -r)
+rev_dns=yes      # (cmd. line: -R)
+port=5060
+children=1
+
+# advertise IP address in Via (as opposed to advertising DNS name
+# which is annoying for downstream servers and some phones can
+# not handle DNS at all)
+listen=195.37.77.100
+
+loadmodule "../sip_router/modules/sl/sl.so"
+loadmodule "../sip_router/modules/print/print.so"
+loadmodule "../sip_router/modules/tm/tm.so"
+loadmodule "../sip_router/modules/acc/acc.so"
+loadmodule "../sip_router/modules/rr/rr.so"
+loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
+loadmodule "../sip_router/modules/mysql/mysql.so"
+loadmodule "../sip_router/modules/usrloc/usrloc.so"
+loadmodule "../sip_router/modules/auth/auth.so"
+loadmodule "../sip_router/modules/cpl/cpl.so"
+
+modparam("usrloc", "use_database",   1)
+modparam("usrloc", "use_database",   0)
+
+modparam("usrloc", "table",          "location")
+modparam("usrloc", "user_column",    "user")
+modparam("usrloc", "contact_column", "contact")
+modparam("usrloc", "expires_column", "expires")
+modparam("usrloc", "q_column",       "q")
+modparam("usrloc", "callid_column",  "callid")
+modparam("usrloc", "cseq_column",    "cseq")
+modparam("usrloc", "flush_interval", 60)
+modparam("usrloc", "db_url",         "sql://csps:47csps11@dbhost/csps107")
+
+modparam("auth", "db_url",         "sql://csps:47csps11@dbhost/csps107")
+modparam("auth", "table",         "subscriber")
+modparam("auth", "user_column",         "user_id")
+
+
+route{
+
+
+
+
+	# filter local stateless ACK generated by authentication of mf replies
+	sl_filter_ACK();
+
+	# filter too old messages
+        log("Checking maxfwd\n");
+	if (!mf_process_maxfwd_header("10")) {
+		log("Too many hops\n");
+		sl_send_reply("483","Too Many Hops");
+		break;
+	};
+
+        # Do strict routing if route headers present
+	rewriteFromRoute();
+
+	# divert voicemail requests
+    if (uri=~"mail\.iptel\.org" | uri=~":5066") {
+	
+
+		log("Request is for voicemail\n");
+		sethost("iptel.org");
+		t_relay_to("fox.iptel.org", "5066");
+		break;
+	};
+
+	# process requests for iptel.org (note the wildcard in
+	# the regex end -- that captures URIs which have port
+	# numbers or parameters in them); also include gateway
+	# here too -- we RR to the gateway which means that its
+	# address shows up in d-uri of subsequent requests after
+	# having called rewriteFromRoute and we want the requests
+	# to go through our PSTN authorization code 
+	if (uri=~"[@:]iptel\.org([;:].*)*" | uri=~"[@:]195\.37\.77\.101([;:].*)*" |
+		uri=~"@195\.37\.77\.110([;:].*)*" ) {
+		log("Request is for iptel.org\n");	
+
+		# registers always MUST be authenticated to
+		# avoid stealing incoming calls	
+		if (method=="REGISTER") {
+			log("Request is REGISTER\n");
+			if (!authorize("iptel.org")) {
+				log("REGISTER has no credentials, sending challenge\n");
+				challenge("iptel.org", "noqop");
+				break;
+			};
+			# prohibit attempts to grab someone else's To address 
+			# using  valid credentials
+			if (!check_to()) {
+				log("Cheating attempt\n");
+				sl_send_reply("403", "What a nasty guy you are");
+				break;
+			};
+				
+			# update Contact database
+        	log("REGISTER is authorized, saving location\n");
+			save_contact("location");
+			break;
+		};
+
+		# various aliases (might use a database in future)
+		if (uri=~"sip:9040@.*") {
+			setuser("jiri");
+		};
+		# special measure for our US friends
+		if (uri=~"sip:17@") {
+			seturi("sip:[email protected]");
+		};
+
+#		if (uri=~"sip:jiri@.*" & method=="INVITE") {
+#			t_fork_to("[email protected]");
+#		};
+#		if (uri=~"sip:jiri@.*" & method=="INVITE") {
+#			t_fork_to("195.37.77.110", "5060");
+#		};
+
+		# now it's about PSTN destinations through our gateway;
+		# note that 8.... is exempted for numerical destinations
+		if (uri=~"sip:[0-79][0-9]*@.*") {
+
+			# label this transaction to be accounted
+			t_setflag("acc");
+	
+			# free call destinations ... no authentication needed
+			if (uri=~"sip:001795061546@.*" | uri=~"sip:0016097265544.*" | uri=~"sip:[79][0-9][0-9][0-9]@.*") {
+				log("Free PSTN\n");
+			} else {
+				# all other PSTN destinations only for authenticated users
+				# (Cisco GW, which has no digest support, is authenticated
+				# by its IP address -- that's for sure not very strong;
+				# wth confirmed that we filter packets coming from outside
+				# and bearing SRC IP address of a Fokus network)
+				if (!(src_ip==195.37.77.110) & !(authorize("iptel.org"))) {
+					challenge("iptel.org", "noqop");
+					break;
+				};
+		
+				# authorize only for INVITEs -- RR/Contact may result in weird
+				# things showing up in d-uri that would break our logic; our
+				# major concern is INVITE which causes PSTN costs anyway
+
+				if (method=="INVITE") {
+
+					# does the authenticated user have a permission for local
+					# calls? (i.e., is he in the "local" group?)
+					if (uri=~"sip:0[1-9][0-9]+@.*") {
+						if (!is_in_group("local")) {
+							sl_send_reply("403", "Local Toodle Noodle...");
+							break;
+					};
+					# the same for long-distance
+					} else if (uri=~"sip:00[1-9][0-9]+@.*") {
+						if (uri=~"sip:001[089]" | uri=~"sip:00900.*" ) {
+							sl_send_reply("403", "Added Value Destinations not permitted...");
+							break;
+					};
+					if (!is_in_group("ld")) {
+						sl_send_reply("403", "LD Toodle Noodle...");
+						break;
+					};
+				# the same for international calls
+				} else if (uri=~"sip:000[1-9][0-9]+@.*") {
+					if (!is_in_group("int")) {
+						sl_send_reply("403", "International Toodle Noodle...");
+						break;
+					};
+				# everything else (e.g., interplanetary calls) is denied
+				} else {
+					sl_send_reply("403", "interplanetary Toodle Noodle...");
+					break;
+				};
+
+				};
+			;
+			};
+			# requests to gateway must be record-route because the GW accepts
+			# only reqeusts coming from our proxy
+			if (method=="INVITE")
+				addRecordRoute();
+			# if you have passed through all the checks, let your call go to GW!
+			rewritehostport("195.37.77.110:5060");
+		} else {
+			/* added by Bogdan for cpl demo - Dorgham request*/
+			if (uri=~"sip:test@.*" && method=="INVITE")
+			{
+       			log("SER : runing CPL!! :)\n");
+       			if ( !cpl_run_script() )
+       			{
+           			log("SER : Error during running CPL script!\n");
+       			}else{
+           			if ( cpl_is_response_reject() ) {
+						log("SER: reject");
+               			sl_send_reply("603","I am not available!");
+               			break;
+           			}else if ( cpl_is_response_redirect() ) {
+               			log("SER : redirect\n");
+               			cpl_update_contact();
+               			sl_send_reply("302","Moved temporarily");
+               			break;
+           			};
+       			};
+   			};
+
+			# native SIP destinations are handled using our USRLOC DB
+			if (!lookup_contact("location")) {
+					log("Unable to lookup contact, sending 404\n");
+					sl_send_reply("404", "Not Found");
+					break;
+			};
+			# requests from gateway should be RR-ed too
+			if (src_ip==195.37.77.110 && method=="INVITE")  {
+				addRecordRoute();
+			};
+		};
+      } else {
+		# outbound requests are allowed only for our users -- we don't
+		# support relaying and don't like strangers bothering us
+		# with resolving DNS
+		log("that's a request to outside");
+		if (!(src_ip==195.37.77.110) & !(authorize("iptel.org"))) {
+			challenge("iptel.org", "noqop");
+			break;
+		};
+		# there should be check_from here too -- but I'm to tired
+		# to test it tonight
+	};
+
+	# we now know we may, we now where, let it go out now!
+	t_relay();
+}
+

etc/obsoleted/sms.cfg

@@ -0,0 +1,90 @@
+#
+# iptel.org real world configuration
+#
+# $Id$
+#
+
+# ----------- global configuration parameters ------------
+
+debug=4          # debug level (cmd line: -dddddddddd)
+#fork=yes
+fork=no
+#log_stderror=no	# (cmd line: -E)
+log_stderror=yes	# (cmd line: -E)
+check_via=yes     # (cmd. line: -v)
+dns=on           # (cmd. line: -r)
+rev_dns=yes      # (cmd. line: -R)
+port=5060
+children=1
+
+# advertise IP address in Via (as opposed to advertising DNS name
+# which is annoying for downstream servers and some phones can
+# not handle DNS at all)
+listen=195.37.77.100
+
+# ------------------ module loading ----------------
+
+loadmodule "../sip_router/modules/print/print.so"
+#loadmodule "../sip_router/modules/tm/tm.so"
+loadmodule "../sip_router/modules/sl/sl.so"
+loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
+
+# ----------------- setting module-specific parameters -------
+
+# -- tm params --
+modparam("tm", "fr_timer", 10 )
+modparam("tm", "fr_inv_timer", 10 )
+modparam("tm", "wt_timer", 10 )
+
+
+route{
+    # filter local stateless ACK generated by authentication of mf replies
+    sl_filter_ACK();
+
+	if (len_gt( max_len )) {
+#	if (len_gt( 100 )) {
+		sl_send_reply("513", "Riesengross -- Message too large");
+		log("XXX Riessengross: dropped\n");
+		break;
+	};
+
+
+    # filter too old messages
+#    log("LOG: Checking maxfwd\n");
+#    if (!mf_process_maxfwd_header("0")) {
+#        log("LOG: Too many hops\n");
+#        sl_send_reply("483","Too Many Hops");
+#        break;
+#    };
+
+	# UAS script implementation
+
+	# if that is not a new transaction... (t_newtran is a new
+	# function which atomicaly adds a transaction if there is
+	# none)
+	if (! t_newtran()) {
+		# retransmit whatever we have
+		t_retransmit_reply();
+	} else {
+		# do what you want to do
+		# if (send_sms()) {
+		# this is just a thing which stands for sth real
+		if (len_gt( max_len )) {
+			# things went well, send ok upstream
+			if (!t_send_reply("200", "yes sir, SMS sent over")) {
+				# if replying failed, retry statelessly
+				sl_reply_error();
+			};
+		} else {
+			if (!t_send_reply("500", "SMS error :-(")) {
+				# if replying failed, retry statelessly
+				sl_reply_error();
+			};
+		};
+		# transaction conclude it -- junk it now (it will
+		# stay there until WAIT timer hits)
+		t_release();
+	};
+	t_unref();
+}
+

etc/obsoleted/test.cfg

@@ -0,0 +1,331 @@
+#
+# $Id$
+#
+# iptel.org real world configuration
+#
+
+# ----------- global configuration parameters ------------------------
+
+debug=3          # debug level (cmd line: -dddddddddd)
+#fork=yes
+fork=no
+#log_stderror=no	# (cmd line: -E)
+log_stderror=yes	# (cmd line: -E)
+check_via=yes     # (cmd. line: -v)
+dns=on           # (cmd. line: -r)
+rev_dns=yes      # (cmd. line: -R)
+#port=5060
+port=8060
+children=1
+
+# advertise IP address in Via (as opposed to advertising DNS name
+# which is annoying for downstream servers and some phones can
+# not handle DNS at all)
+listen=195.37.77.100
+
+# ------------------ module loading ----------------------------------
+
+loadmodule "../sip_router/modules/sl/sl.so"
+loadmodule "../sip_router/modules/print/print.so"
+loadmodule "../sip_router/modules/tm/tm.so"
+loadmodule "../sip_router/modules/acc/acc.so"
+loadmodule "../sip_router/modules/rr/rr.so"
+loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
+loadmodule "../sip_router/modules/mysql/mysql.so"
+loadmodule "../sip_router/modules/usrloc/usrloc.so"
+loadmodule "../sip_router/modules/auth/auth.so"
+loadmodule "../sip_router/modules/cpl/cpl.so"
+
+# ----------------- setting module-specific parameters ---------------
+
+# -- usrloc params --
+
+modparam("usrloc", "use_database",   1)
+modparam("usrloc", "table",          "location")
+modparam("usrloc", "user_column",    "user")
+modparam("usrloc", "contact_column", "contact")
+modparam("usrloc", "expires_column", "expires")
+modparam("usrloc", "q_column",       "q")
+modparam("usrloc", "callid_column",  "callid")
+modparam("usrloc", "cseq_column",    "cseq")
+modparam("usrloc", "flush_interval", 60)
+modparam("usrloc", "db_url",         "sql://csps:47csps11@dbhost/csps107")
+
+# -- auth params --
+
+modparam("auth", "db_url",        "sql://csps:47csps11@dbhost/csps107")
+modparam("auth", "user_column",   "user_id")
+# nonce generation secret; particularly useful if multiple servers
+# in a proxy farm are configured to authenticate
+modparam("auth", "secret",        "439tg8h349g8hq349t9384hg")
+# calculate_ha1=false means password column includes ha1 strings;
+# if it was false, plain-text passwords would be assumed
+modparam("auth", "calculate_ha1", false)
+modparam("auth", "nonce_expire",  300)
+modparam("auth", "retry_count",   5)
+# password_column, realm_column, group_table, group_user_column,
+#   group_group_column are set to their default values
+# password_column_2 allows to deal with clients who put domain name
+#   in authentication credentials when calculate_ha1=false (if true,
+#   it works); if set to a value and USER_DOMAIN_HACK was enabled
+#   in defs.h, authentication will still work
+
+# -- acc params --
+# report ACKs too for sake of completeness -- as we account PSTN
+# destinations which are RR, ACKs should show up
+modparam("acc", "report_ack", 1)
+# don't bother me with early media reports (I don't like 183 
+# too much anyway...ever thought of timer C hitting after
+# listening to music-on-hold for five minutes?)
+modparam("acc", "early_media", 0)
+modparam("acc", "log_level", 1)
+# that is the flag for which we will account -- don't forget to
+# set the same one :-)
+modparam("acc", "acc_flag", 1 )
+# we are interested only in succesful transactions
+modparam("acc", "failed_transactions", 0 )
+
+# -- tm params --
+modparam("tm", "fr_timer", 10 )
+modparam("tm", "fr_inv_timer", 30 )
+
+# -------------------------  request routing logic -------------------
+
+# main routing logic
+
+route{
+
+	# filter local stateless ACK generated by authentication of mf replies
+	sl_filter_ACK();
+
+	# filter too old messages
+	log("Checking maxfwd\n");
+	if (!mf_process_maxfwd_header("10")) {
+		log("Too many hops\n");
+		sl_send_reply("483","Too Many Hops");
+		break;
+	};
+
+	# Do strict routing if route headers present
+	rewriteFromRoute();
+
+	# divert voicemail requests
+    if (uri=~"mail\.iptel\.org" | uri=~":5066") {
+		log("Request is for voicemail\n");
+		sethost("iptel.org");
+		t_relay_to("fox.iptel.org", "5066");
+		break;
+	};
+
+	# if this request is not for our domain, fall over to
+	# outbound request processing; include gateway's address
+	# in matching too -- we RR requests to it, so that
+	# its address may show up in subsequent requests
+	# after rewriteFromRoute
+	
+	if (!(uri=~"[@:]iptel\.org([;:].*)*" 
+		| uri=~"[@:]195\.37\.77\.101([;:].*)*" |
+		uri=~"@195\.37\.77\.110([;:].*)*" )) {
+		route(2);
+	};
+	# here we continue with requests for our domain...
+
+	# various aliases (might use a database in future)
+	if (uri=~"sip:9040@") {
+		seturi("[email protected]");
+	};
+	if (uri=~"sip:17@") {
+		seturi("sip:[email protected]");
+	};
+	# check again, if it is still for our domain after aliases
+	if ( !(uri=~"[@:]iptel\.org([;:].*)*" | 
+		uri=~"[@:]195\.37\.77\.101([;:].*)*" |
+		uri=~"@195\.37\.77\.110([;:].*)*" )) {
+		route(2);
+	};
+	log("Request is for iptel.org\n");	
+
+	# registers always MUST be authenticated to
+	# avoid stealing incoming calls	
+	if (method=="REGISTER") {
+		log("Request is REGISTER\n");
+		if (!www_authorize(	"iptel.org" /* realm */, 
+			 				"subscriber" /* table name */ )) {
+			log("REGISTER has no credentials, sending challenge\n");
+			www_challenge(	"iptel.org" /* realm */, 
+							"0" /* no qop -- M$ can't deal with it */);
+			break;
+		};
+		# prohibit attempts to grab someone else's To address 
+		# using  valid credentials
+		if (!check_to()) {
+			log("To Cheating attempt\n");
+			sl_send_reply("403", "That is ugly -- use To=id next time");
+			break;
+		};
+			
+		# update Contact database
+       	log("REGISTER is authorized, saving location\n");
+		save_contact("location");
+		break;
+	};
+
+	# now check if it's about PSTN destinations through our gateway;
+	# note that 8.... is exempted for numerical destinations
+	if (uri=~"sip:[0-79][0-9]*@.*") {
+		route(3);
+	}; 
+
+	# ---------- demo - begin --------------
+	/* added by Bogdan for cpl demo - Dorgham request*/
+	if (uri=~"sip:test@.*" && method=="INVITE")
+	{
+		log("SER : runing CPL!! :)\n");
+		if ( !cpl_run_script() )
+		{
+   			log("SER : Error during running CPL script!\n");
+		}else{
+   			if ( cpl_is_response_reject() ) {
+				log("SER: reject");
+       			sl_send_reply("603","I am not available!");
+       			break;
+   			}else if ( cpl_is_response_redirect() ) {
+       			log("SER : redirect\n");
+       			cpl_update_contact();
+       			sl_send_reply("302","Moved temporarily");
+       			break;
+   			};
+		};
+	};
+	# -------------- demo - end -------------
+
+	# native SIP destinations are handled using our USRLOC DB
+	if (!lookup_contact("location")) {
+		log("Unable to lookup contact, sending 404\n");
+		sl_send_reply("404", "Not Found");
+		break;
+	};
+	# check whether some inventive user has uploaded  gateway 
+	# contacts to UsrLoc to bypass our authorization logic
+	if (uri=~"@195\.37\.77\.110([;:].*)*" ) {
+		log("Weird! Gateway address in UsrLoc!\n");
+		route(3);
+	};
+
+	# requests from gateway should be RR-ed too
+	if (src_ip==195.37.77.110 && method=="INVITE")  {
+		addRecordRoute();
+	};
+
+	# we now know we may, we know where, let it go out now!
+	t_relay();
+}
+
+# routing logic for outbound requests targeted out of our domain
+route[2] {
+		# outbound requests are allowed only for our users -- we don't
+		# support relaying and don't like strangers bothering us
+		# with resolving DNS
+		log("that's a request to outside");
+		if (!(src_ip==195.37.77.110) & 
+			!(proxy_authorize(	"iptel.org" /* realm */,
+							"subscriber" /* table name */ ))) {
+			# see comments bellow on these ACK/CANCEL exceptions
+			if (method=="ACK" ) {
+				log("failed outbound authentication for ACK granted");
+			} else if (method=="CANCEL") {
+				log("failed outbound authentication for ACK granted");
+			} else proxy_challenge("iptel.org" /* realm */, "0" /* no-qop */);
+			break;
+		};
+		# to maintain credibility of our proxy, we check From to be
+		# equal of credential id -- all outbound request leaving our
+		# proxy are guaranteed to be generated by persons in "From"
+		if (!check_from()) {
+			log("From Cheating attempt\n");
+			sl_send_reply("403", "That is ugly -- use From=id next time");
+			break;
+		};
+
+		t_relay();
+}
+
+# logic for calls through our PSTN gateway
+route[3] {
+	# free call destinations ... no authentication needed
+	if (uri=~"sip:001795061546@.*" | uri=~"sip:0016097265544.*" 
+		| uri=~"sip:[79][0-9][0-9][0-9]@.*") {
+		log("Free PSTN\n");
+	} else {
+		# all other PSTN destinations only for authenticated users
+		# (Cisco GW, which has no digest support, is authenticated
+		# by its IP address -- that's for sure not very strong;
+		# wth confirmed that we filter packets coming from outside
+		# and bearing SRC IP address of our network)
+		if (!(src_ip==195.37.77.110) & 
+			!(proxy_authorize(	"iptel.org" /* realm */,
+								"subscriber" /* table name */)))  {
+			# we are forgiving and ignore improper credentials
+			# for ACK/CANCEL as bis-09 is somewhat cryptic about
+			# its use and many UACs have not gotten it right
+			if (method=="ACK" ) {
+				log("failed gw authentication for ACK granted");
+			} else if (method=="CANCEL") {
+				log("failed gw authentication for ACK granted");
+			} else proxy_challenge(	"iptel.org" /* realm */, 
+									"0" /* no qop */ );
+			break;
+		};
+		
+		# authorize only for INVITEs -- RR/Contact may result in weird
+		# things showing up in d-uri that would break our logic; our
+		# major concern is INVITE which causes PSTN costs anyway
+
+		if (method=="INVITE") {
+
+			# does the authenticated user have a permission for local
+			# calls? (i.e., is he in the "local" group?)
+			if (uri=~"sip:0[1-9][0-9]+@.*") {
+				if (!is_in_group("local")) {
+					sl_send_reply("403", "Local Toodle Noodle...");
+					break;
+				};
+			# the same for long-distance
+			} else if (uri=~"sip:00[1-9][0-9]+@.*") {
+				if (uri=~"sip:001[089]" | uri=~"sip:00900.*" ) {
+					sl_send_reply("403", "Added Value Destinations not permitted...");
+					break;
+				};
+				if (!is_in_group("ld")) {
+					sl_send_reply("403", "LD Toodle Noodle...");
+					break;
+				};
+			# the same for international calls
+			} else if (uri=~"sip:000[1-9][0-9]+@.*") {
+				if (!is_in_group("int")) {
+					sl_send_reply("403", "International Toodle Noodle...");
+					break;
+				};
+			# everything else (e.g., interplanetary calls) is denied
+			} else {
+				sl_send_reply("403", "interplanetary Toodle Noodle...");
+				break;
+			};
+
+		}; # INVITE to authorized PSTN
+
+	}; # authorized PSTN
+
+	# requests to gateway must be record-route because the GW accepts
+	# only reqeusts coming from our proxy
+	if (method=="INVITE")
+		addRecordRoute();
+
+	# if you have passed through all the checks, let your call go to GW!
+	rewritehostport("195.37.77.110:5060");
+
+	# tag this transaction for accounting
+	setflag(1);
+
+	t_relay();
+}

etc/obsoleted/tmtest.cfg

@@ -0,0 +1,247 @@
+#
+# $Id$
+#
+# iptel.org real world configuration
+#
+
+# ----------- global configuration parameters ------------------------
+
+#debug=8          # debug level (cmd line: -dddddddddd)
+debug=3
+#fork=yes
+fork=no
+children=2
+#log_stderror=no	# (cmd line: -E)
+log_stderror=yes	# (cmd line: -E)
+check_via=yes     # (cmd. line: -v)
+dns=on           # (cmd. line: -r)
+rev_dns=yes      # (cmd. line: -R)
+port=5060
+#port=8060
+
+# advertise IP address in Via (as opposed to advertising DNS name
+# which is annoying for downstream servers and some phones can
+# not handle DNS at all)
+listen=195.37.77.100
+
+# ------------------ module loading ----------------------------------
+
+loadmodule "../sip_router/modules/sl/sl.so"
+loadmodule "../sip_router/modules/print/print.so"
+#loadmodule "../sip_router/modules/tm/tm.so"
+loadmodule "../sip_router/modules/acc/acc.so"
+loadmodule "../sip_router/modules/rr/rr.so"
+loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
+#loadmodule "../sip_router/modules/mysql/mysql.so"
+loadmodule "../sip_router/modules/usrloc/usrloc.so"
+#loadmodule "../sip_router/modules/auth/auth.so"
+loadmodule "../sip_router/modules/cpl/cpl.so"
+
+# ----------------- setting module-specific parameters ---------------
+
+# -- usrloc params --
+
+modparam("usrloc", "use_database",   0)
+modparam("usrloc", "flush_interval", 3600)
+
+# -- acc params --
+# report ACKs too for sake of completeness -- as we account PSTN
+# destinations which are RR, ACKs should show up
+modparam("acc", "report_ack", 1)
+# don't bother me with early media reports (I don't like 183 
+# too much anyway...ever thought of timer C hitting after
+# listening to music-on-hold for five minutes?)
+modparam("acc", "early_media", 0)
+modparam("acc", "log_level", 1)
+# that is the flag for which we will account -- don't forget to
+# set the same one :-)
+modparam("acc", "acc_flag", 3 )
+# we are interested only in succesful transactions
+modparam("acc", "failed_transactions", 0 )
+
+# -- tm params --
+modparam("tm", "fr_timer", 10 )
+modparam("tm", "fr_inv_timer", 10 )
+modparam("tm", "wt_timer", 1000 )
+modparam("tm", "noisy_ctimer", 1 )
+
+# -------------------------  request routing logic -------------------
+
+# main routing logic
+
+route{
+
+	#t_uac();
+
+	# filter local stateless ACK generated by authentication of mf replies
+	sl_filter_ACK();
+
+	# filter too old messages
+	log("LOG: Checking maxfwd\n");
+	if (!mf_process_maxfwd_header("10")) {
+		log("LOG: Too many hops\n");
+		sl_send_reply("483","Too Many Hops");
+		break;
+	};
+
+	# len_gt *after* max_fwd, otherwise an "INVITE sip:[email protected]"
+	# will cause "message too big" for a short message
+
+	if (len_gt( max_len )) {
+		sl_send_reply("513", "Riesengross -- Message too large");
+		break;
+	};
+
+
+	# Do strict routing if route headers present
+	rewriteFromRoute();
+
+	# look at whether we need record-routing; 
+	# - we need it for calls  from gateways (otherwise, subsequent 
+	#   requests from the other # party will attempt to contact gateway 
+	#  	directly through blocked ports)
+	# - we need it for Windows Messanger's IM sessions to cross
+	#   firewalls -- we force all MESSAGEs to go via our server
+	#   to avoid blocking port numbers (some firewalls can do
+	#   standard SIP but are puzzled by Microsoft's proprietary
+	#   messaging session model)
+	# - some other places may decide to set the record-routing
+	#   flag (2 chosen) too; particularly, INVITEs to our gw
+	if ( (src_ip==195.37.77.110 & method=="INVITE") || method=="MESSAGE" || method=="INFO" )  {
+		setflag(2);
+	};
+
+
+	# if this request is not for our domain, fall over to
+	# outbound request processing; include gateway's address
+	# in matching too -- we RR requests to it, so that
+	# its address may show up in subsequent requests
+	# after rewriteFromRoute
+
+	# sign of our domain: there is @ (username), :
+    # (nothing) or . (host) in front of our domain name	
+	if (!(uri=~"bat\.iptel\.org([;:].*)*" 
+		| uri=~"[@:\.]195\.37\.77\.101([;:].*)*" |
+		uri=~"@195\.37\.77\.110([;:].*)*" )) {
+		route(2);
+		# break from route (2) return -- stop then !
+		break;
+	};
+	# here we continue with requests for our domain...
+
+	# registers always MUST be authenticated to
+	# avoid stealing incoming calls	
+	if (method=="REGISTER") {
+		log("LOG Request is REGISTER\n");
+		# prohibit attempts to grab someone else's To address 
+		# using  valid credentials; the only exception is the user
+		# 'replciator' permitted to generate 3-rd party registrations
+
+		# update Contact database
+       	log("LOG: REGISTER is authorized, saving location\n");
+		save_contact("location");
+		break;
+	};
+
+	# now check if it's about PSTN destinations through our gateway;
+	# note that 8.... is exempted for numerical destinations
+	if (uri=~"sip:\+?[0-79][0-9]*@.*") {
+		route(3);
+		# break from route (3) return -- stop then !
+		break;
+	}; 
+
+	# native SIP destinations are handled using our USRLOC DB
+	if (!lookup_contact("location")) {
+		if (method=="ACK") {
+			log("Ooops -- an ACK made it here -- probably UAC screwed up to-tags\n");
+			break;
+		};
+		log("LOG: Unable to lookup contact, sending 404\n");
+		sl_send_reply("404", "Not Found");
+		break;
+	};
+
+	# requests from gateway should be RR-ed too
+	if (isflagset(2)) {
+		addRecordRoute();
+	};
+
+	# we now know we may, we know where, let it go out now!
+	if (!t_relay()) {
+		sl_reply_error();
+		break;
+	};
+}
+#---------------------------------------------------------------------
+
+# routing logic for outbound requests targeted out of our domain
+# (beware, messages to our users can end up here too: for example,
+#  an INVITE may be UsrLoc-ed, then the other party uses outbound
+#  proxy with r-uri=the usr_loced addredd (typically IP))
+route[2] {
+
+		# requests from gateway should be RR-ed too
+		if (isflagset(2)) {
+			addRecordRoute();
+		};
+		if (!t_relay()) {
+			sl_reply_error();
+			break;
+		};
+}
+
+#---------------------------------------------------------------------
+
+# logic for calls through our PSTN gateway
+route[3] {
+	# if it is a MESSAGE pass it "as is" over to our SMS gateway
+	# (which unfortunately lives at a different host due to
+	# lack of serial interfaces)
+	if (method=="MESSAGE") {
+		# note that we don't do any admission control yet:
+		# anyone can SMS anywhere; 
+		setflag(1);
+		rewritehostport("195.37.77.100:5070");
+		if (!t_relay()) {
+			sl_reply_error(); 
+		};
+		break;
+	};
+	# continue with requests to PSTN gateway ...
+
+	# the international + prefix
+	if (uri=~"sip:\+" ) {
+		strip(1);
+		prefix("000");
+	};
+	# free call destinations ... no authentication needed
+	if (uri=~"sip:001795061546@.*" | uri=~"sip:0016097265544.*" 
+		| uri=~"sip:[79][0-9][0-9][0-9]@.*" 
+		| uri=~"sip:98[0-9][0-9][0-9][0-9]") {
+		log("LOG: Free PSTN\n");
+		# let's log free calls for now too ...
+		setflag(1);
+	} else {
+		# we passed all authorization checks for PSTN -- move on!
+		# tag this transaction for accounting
+		setflag(1);
+
+	}; # authorized PSTN
+
+	# requests to gateway must be record-routed because the GW accepts
+	# only reqeusts coming from our proxy
+	if (isflagset(2) || method=="INVITE")
+		addRecordRoute();
+
+	# if you have passed through all the checks, let your call go to GW!
+
+
+	rewritehostport("fox.iptel.org:5060");
+
+	if (!t_relay()) {
+		sl_reply_error(); 
+		break; 
+	};
+}
+

etc/obsoleted/to_fox.cfg

@@ -0,0 +1,95 @@
+#
+# iptel.org real world configuration
+#
+# $Id$
+#
+
+# ----------- global configuration parameters ------------
+
+debug=4          # debug level (cmd line: -dddddddddd)
+#fork=yes
+fork=no
+#log_stderror=no	# (cmd line: -E)
+log_stderror=yes	# (cmd line: -E)
+#check_via=yes     # (cmd. line: -v)
+check_via=no# (cmd. line: -v)
+dns=on           # (cmd. line: -r)
+rev_dns=yes      # (cmd. line: -R)
+port=5060
+children=1
+
+# advertise IP address in Via (as opposed to advertising DNS name
+# which is annoying for downstream servers and some phones can
+# not handle DNS at all)
+listen=195.37.77.100
+#listen=bat.iptel.org
+
+# ------------------ module loading ----------------
+
+loadmodule "../sip_router/modules/print/print.so"
+#loadmodule "../sip_router/modules/tm/tm.so"
+loadmodule "../sip_router/modules/sl/sl.so"
+loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
+
+# ----------------- setting module-specific parameters -------
+
+# -- tm params --
+modparam("tm", "fr_timer", 30 )
+modparam("tm", "fr_inv_timer", 30 )
+modparam("tm", "wt_timer", 3 )
+modparam("tm", "retr_timer2", 4 )
+modparam("tm", "retr_timer1p1", 4 )
+modparam("tm", "retr_timer1p2", 4 )
+modparam("tm", "retr_timer1p3", 4 )
+
+
+route{
+    # filter local stateless ACK generated by authentication of mf replies
+    sl_filter_ACK();
+
+	if (len_gt( max_len )) {
+#	if (len_gt( 100 )) {
+		sl_send_reply("513", "Riesengross -- Message too large");
+		log("XXX Riessengross: dropped\n");
+		break;
+	};
+
+
+    # filter too old messages
+    log("LOG: Checking maxfwd\n");
+    if (!mf_process_maxfwd_header("0")) {
+        log("LOG: Too many hops\n");
+        sl_send_reply("483","Too Many Hops");
+        break;
+    };
+
+#	if (uri=~"jiri@") {
+#		seturi("sip:[email protected]");
+#		log("jiri");
+#	};
+
+	seturi("sip:[email protected]");
+#	t_fork_on_no_response("sip:[email protected]");
+#	sethost("iptel.org");
+#	seturi("sip:[email protected]:9");
+#	t_fork_to_uri("sip:[email protected]:5064");
+#	if (not method=="ACK") seturi("sip:[email protected]:5060");
+	if (!t_relay()) {
+#	if (!t_relay_to("iptel.org", "5060")) {
+		sl_reply_error();
+		break;
+	};
+
+#   THERE IT IS
+#	seturi("sip:[email protected]:5060");
+#	t_fork_on_no_response("sip:[email protected]");
+#	t_relay();
+
+
+#	t_relay_to("iptel.org","5060");
+#	forward( uri:host, uri:port );
+#	strip(9);
+#	t_relay_to( "localhost", "9" );
+
+}
+