|
|
@@ -41,6 +41,7 @@
|
|
|
# - install RTPProxy: http://www.rtpproxy.org
|
|
|
# - start RTPProxy:
|
|
|
# rtpproxy -l _your_public_ip_ -s udp:localhost:7722
|
|
|
+# - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
|
|
|
#
|
|
|
# *** To enable PSTN gateway routing execute:
|
|
|
# - define WITH_PSTN
|
|
|
@@ -497,8 +498,7 @@ request_route {
|
|
|
route(NATDETECT);
|
|
|
|
|
|
# CANCEL processing
|
|
|
- if (is_method("CANCEL"))
|
|
|
- {
|
|
|
+ if (is_method("CANCEL")) {
|
|
|
if (t_check_trans())
|
|
|
t_relay();
|
|
|
exit;
|
|
|
@@ -509,6 +509,11 @@ request_route {
|
|
|
|
|
|
### only initial requests (no To tag)
|
|
|
|
|
|
+ # handle retransmissions
|
|
|
+ if(t_precheck_trans()) {
|
|
|
+ t_check_trans();
|
|
|
+ exit;
|
|
|
+ }
|
|
|
t_check_trans();
|
|
|
|
|
|
# authentication
|
|
|
@@ -521,8 +526,7 @@ request_route {
|
|
|
record_route();
|
|
|
|
|
|
# account only INVITEs
|
|
|
- if (is_method("INVITE"))
|
|
|
- {
|
|
|
+ if (is_method("INVITE")) {
|
|
|
setflag(FLT_ACC); # do accounting
|
|
|
}
|
|
|
|
|
|
@@ -537,10 +541,9 @@ request_route {
|
|
|
# handle registrations
|
|
|
route(REGISTRAR);
|
|
|
|
|
|
- if ($rU==$null)
|
|
|
- {
|
|
|
+ if ($rU==$null) {
|
|
|
# request with no Username in RURI
|
|
|
- sl_send_reply("484","Address Incomplete");
|
|
|
+ sl_send_reply("484", "Address Incomplete");
|
|
|
exit;
|
|
|
}
|
|
|
|
|
|
@@ -580,21 +583,22 @@ route[REQINIT] {
|
|
|
# flood dection from same IP and traffic ban for a while
|
|
|
# be sure you exclude checking trusted peers, such as pstn gateways
|
|
|
# - local host excluded (e.g., loop to self)
|
|
|
- if(src_ip!=myself)
|
|
|
- {
|
|
|
- if($sht(ipban=>$si)!=$null)
|
|
|
- {
|
|
|
+ if(src_ip!=myself) {
|
|
|
+ if($sht(ipban=>$si)!=$null) {
|
|
|
# ip is already blocked
|
|
|
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
|
|
|
exit;
|
|
|
}
|
|
|
- if (!pike_check_req())
|
|
|
- {
|
|
|
+ if (!pike_check_req()) {
|
|
|
xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
|
|
|
$sht(ipban=>$si) = 1;
|
|
|
exit;
|
|
|
}
|
|
|
}
|
|
|
+ if($ua =~ "friendly-scanner") {
|
|
|
+ sl_send_reply("200", "OK");
|
|
|
+ exit;
|
|
|
+ }
|
|
|
#!endif
|
|
|
|
|
|
if (!mf_process_maxfwd_header("10")) {
|
|
|
@@ -602,8 +606,12 @@ route[REQINIT] {
|
|
|
exit;
|
|
|
}
|
|
|
|
|
|
- if(!sanity_check("1511", "7"))
|
|
|
- {
|
|
|
+ if(is_method("OPTIONS") && uri==myself && $rU==$null) {
|
|
|
+ sl_send_reply("200","Keepalive");
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(!sanity_check("1511", "7")) {
|
|
|
xlog("Malformed SIP message from $si:$sp\n");
|
|
|
exit;
|
|
|
}
|
|
|
@@ -611,66 +619,67 @@ route[REQINIT] {
|
|
|
|
|
|
# Handle requests within SIP dialogs
|
|
|
route[WITHINDLG] {
|
|
|
- if (has_totag()) {
|
|
|
- # sequential request withing a dialog should
|
|
|
- # take the path determined by record-routing
|
|
|
- if (loose_route()) {
|
|
|
- route(DLGURI);
|
|
|
- if (is_method("BYE")) {
|
|
|
- setflag(FLT_ACC); # do accounting ...
|
|
|
- setflag(FLT_ACCFAILED); # ... even if the transaction fails
|
|
|
- }
|
|
|
- else if ( is_method("ACK") ) {
|
|
|
- # ACK is forwarded statelessy
|
|
|
- route(NATMANAGE);
|
|
|
- }
|
|
|
- else if ( is_method("NOTIFY") ) {
|
|
|
- # Add Record-Route for in-dialog NOTIFY as per RFC 6665.
|
|
|
- record_route();
|
|
|
- }
|
|
|
- route(RELAY);
|
|
|
- } else {
|
|
|
- if (is_method("SUBSCRIBE") && uri == myself) {
|
|
|
- # in-dialog subscribe requests
|
|
|
- route(PRESENCE);
|
|
|
- exit;
|
|
|
- }
|
|
|
- if ( is_method("ACK") ) {
|
|
|
- if ( t_check_trans() ) {
|
|
|
- # no loose-route, but stateful ACK;
|
|
|
- # must be an ACK after a 487
|
|
|
- # or e.g. 404 from upstream server
|
|
|
- t_relay();
|
|
|
- exit;
|
|
|
- } else {
|
|
|
- # ACK without matching transaction ... ignore and discard
|
|
|
- exit;
|
|
|
- }
|
|
|
- }
|
|
|
- sl_send_reply("404","Not here");
|
|
|
+ if (!has_totag()) return;
|
|
|
+
|
|
|
+ # sequential request withing a dialog should
|
|
|
+ # take the path determined by record-routing
|
|
|
+ if (loose_route()) {
|
|
|
+ route(DLGURI);
|
|
|
+ if (is_method("BYE")) {
|
|
|
+ setflag(FLT_ACC); # do accounting ...
|
|
|
+ setflag(FLT_ACCFAILED); # ... even if the transaction fails
|
|
|
+ }
|
|
|
+ else if ( is_method("ACK") ) {
|
|
|
+ # ACK is forwarded statelessy
|
|
|
+ route(NATMANAGE);
|
|
|
+ }
|
|
|
+ else if ( is_method("NOTIFY") ) {
|
|
|
+ # Add Record-Route for in-dialog NOTIFY as per RFC 6665.
|
|
|
+ record_route();
|
|
|
}
|
|
|
+ route(RELAY);
|
|
|
exit;
|
|
|
}
|
|
|
+
|
|
|
+ if (is_method("SUBSCRIBE") && uri == myself) {
|
|
|
+ # in-dialog subscribe requests
|
|
|
+ route(PRESENCE);
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+ if ( is_method("ACK") ) {
|
|
|
+ if ( t_check_trans() ) {
|
|
|
+ # no loose-route, but stateful ACK;
|
|
|
+ # must be an ACK after a 487
|
|
|
+ # or e.g. 404 from upstream server
|
|
|
+ t_relay();
|
|
|
+ exit;
|
|
|
+ } else {
|
|
|
+ # ACK without matching transaction ... ignore and discard
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ sl_send_reply("404", "Not here");
|
|
|
+ exit;
|
|
|
}
|
|
|
|
|
|
# Handle SIP registrations
|
|
|
route[REGISTRAR] {
|
|
|
- if (is_method("REGISTER"))
|
|
|
- {
|
|
|
- if(isflagset(FLT_NATS))
|
|
|
- {
|
|
|
- setbflag(FLB_NATB);
|
|
|
- # uncomment next line to do SIP NAT pinging
|
|
|
- ## setbflag(FLB_NATSIPPING);
|
|
|
- }
|
|
|
- if (!save("location"))
|
|
|
- sl_reply_error();
|
|
|
+ if (!is_method("REGISTER")) return;
|
|
|
|
|
|
- exit;
|
|
|
+ if(isflagset(FLT_NATS)) {
|
|
|
+ setbflag(FLB_NATB);
|
|
|
+#!ifdef WITH_NATSIPPING
|
|
|
+ # do SIP NAT pinging
|
|
|
+ setbflag(FLB_NATSIPPING);
|
|
|
+#!endif
|
|
|
}
|
|
|
+ if (!save("location"))
|
|
|
+ sl_reply_error();
|
|
|
+
|
|
|
+ exit;
|
|
|
}
|
|
|
|
|
|
-# USER location service
|
|
|
+# User location service
|
|
|
route[LOCATION] {
|
|
|
|
|
|
#!ifdef WITH_SPEEDDIAL
|
|
|
@@ -703,8 +712,7 @@ route[LOCATION] {
|
|
|
}
|
|
|
|
|
|
# when routing via usrloc, log the missed calls also
|
|
|
- if (is_method("INVITE"))
|
|
|
- {
|
|
|
+ if (is_method("INVITE")) {
|
|
|
setflag(FLT_ACCMISSED);
|
|
|
}
|
|
|
}
|
|
|
@@ -715,20 +723,15 @@ route[PRESENCE] {
|
|
|
return;
|
|
|
|
|
|
#!ifdef WITH_PRESENCE
|
|
|
- if (!t_newtran())
|
|
|
- {
|
|
|
+ if (!t_newtran()) {
|
|
|
sl_reply_error();
|
|
|
exit;
|
|
|
- };
|
|
|
+ }
|
|
|
|
|
|
- if(is_method("PUBLISH"))
|
|
|
- {
|
|
|
+ if(is_method("PUBLISH")) {
|
|
|
handle_publish();
|
|
|
t_release();
|
|
|
- }
|
|
|
- else
|
|
|
- if( is_method("SUBSCRIBE"))
|
|
|
- {
|
|
|
+ } else if( is_method("SUBSCRIBE")) {
|
|
|
handle_subscribe();
|
|
|
t_release();
|
|
|
}
|
|
|
@@ -736,8 +739,7 @@ route[PRESENCE] {
|
|
|
#!endif
|
|
|
|
|
|
# if presence enabled, this part will not be executed
|
|
|
- if (is_method("PUBLISH") || $rU==$null)
|
|
|
- {
|
|
|
+ if (is_method("PUBLISH") || $rU==$null) {
|
|
|
sl_send_reply("404", "Not here");
|
|
|
exit;
|
|
|
}
|
|
|
@@ -749,15 +751,13 @@ route[AUTH] {
|
|
|
#!ifdef WITH_AUTH
|
|
|
|
|
|
#!ifdef WITH_IPAUTH
|
|
|
- if((!is_method("REGISTER")) && allow_source_address())
|
|
|
- {
|
|
|
+ if((!is_method("REGISTER")) && allow_source_address()) {
|
|
|
# source IP allowed
|
|
|
return;
|
|
|
}
|
|
|
#!endif
|
|
|
|
|
|
- if (is_method("REGISTER") || from_uri==myself)
|
|
|
- {
|
|
|
+ if (is_method("REGISTER") || from_uri==myself) {
|
|
|
# authenticate requests
|
|
|
if (!auth_check("$fd", "subscriber", "1")) {
|
|
|
auth_challenge("$fd", "0");
|
|
|
@@ -769,8 +769,7 @@ route[AUTH] {
|
|
|
}
|
|
|
# if caller is not local subscriber, then check if it calls
|
|
|
# a local destination, otherwise deny, not an open relay here
|
|
|
- if (from_uri!=myself && uri!=myself)
|
|
|
- {
|
|
|
+ if (from_uri!=myself && uri!=myself) {
|
|
|
sl_send_reply("403","Not relaying");
|
|
|
exit;
|
|
|
}
|
|
|
@@ -787,7 +786,8 @@ route[NATDETECT] {
|
|
|
if (is_method("REGISTER")) {
|
|
|
fix_nated_register();
|
|
|
} else {
|
|
|
- add_contact_alias();
|
|
|
+ if(is_first_hop())
|
|
|
+ set_contact_alias();
|
|
|
}
|
|
|
setflag(FLT_NATS);
|
|
|
}
|
|
|
@@ -808,16 +808,19 @@ route[NATMANAGE] {
|
|
|
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
|
|
|
return;
|
|
|
|
|
|
- rtpproxy_manage();
|
|
|
+ rtpproxy_manage("co");
|
|
|
|
|
|
if (is_request()) {
|
|
|
if (!has_totag()) {
|
|
|
- add_rr_param(";nat=yes");
|
|
|
+ if(t_is_branch_route()) {
|
|
|
+ add_rr_param(";nat=yes");
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
if (is_reply()) {
|
|
|
if(isbflagset(FLB_NATB)) {
|
|
|
- add_contact_alias();
|
|
|
+ if(is_first_hop())
|
|
|
+ set_contact_alias();
|
|
|
}
|
|
|
}
|
|
|
#!endif
|
|
|
@@ -836,11 +839,11 @@ route[DLGURI] {
|
|
|
|
|
|
# Routing to foreign domains
|
|
|
route[SIPOUT] {
|
|
|
- if (!uri==myself)
|
|
|
- {
|
|
|
- append_hf("P-hint: outbound\r\n");
|
|
|
- route(RELAY);
|
|
|
- }
|
|
|
+ if (uri==myself) return;
|
|
|
+
|
|
|
+ append_hf("P-hint: outbound\r\n");
|
|
|
+ route(RELAY);
|
|
|
+ exit;
|
|
|
}
|
|
|
|
|
|
# PSTN GW routing
|
|
|
@@ -897,7 +900,7 @@ route[XMLRPC] {
|
|
|
}
|
|
|
#!endif
|
|
|
|
|
|
-# route to voicemail server
|
|
|
+# Routing to voicemail server
|
|
|
route[TOVOICEMAIL] {
|
|
|
#!ifdef WITH_VOICEMAIL
|
|
|
if(!is_method("INVITE"))
|
|
|
@@ -920,20 +923,20 @@ route[TOVOICEMAIL] {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
-# manage outgoing branches
|
|
|
+# Manage outgoing branches
|
|
|
branch_route[MANAGE_BRANCH] {
|
|
|
xdbg("new branch [$T_branch_idx] to $ru\n");
|
|
|
route(NATMANAGE);
|
|
|
}
|
|
|
|
|
|
-# manage incoming replies
|
|
|
+# Manage incoming replies
|
|
|
onreply_route[MANAGE_REPLY] {
|
|
|
xdbg("incoming reply\n");
|
|
|
if(status=~"[12][0-9][0-9]")
|
|
|
route(NATMANAGE);
|
|
|
}
|
|
|
|
|
|
-# manage failure routing cases
|
|
|
+# Manage failure routing cases
|
|
|
failure_route[MANAGE_FAILURE] {
|
|
|
route(NATMANAGE);
|
|
|
|
|
|
@@ -959,6 +962,7 @@ failure_route[MANAGE_FAILURE] {
|
|
|
#!endif
|
|
|
}
|
|
|
|
|
|
+# Handling HTTP events
|
|
|
#!ifdef WITH_XHTTP
|
|
|
event_route[xhttp:request] {
|
|
|
#!ifdef WITH_XHTTP_RPC
|
Daniel-Constantin Mierla