kamailio-default-websocket.cfg 28 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151
  1. #!KAMAILIO
  2. #
  3. # Kamailio SIP Server v6.0 - default configuration script
  4. # - web: https://www.kamailio.org
  5. # - git: https://github.com/kamailio/kamailio
  6. #
  7. # Direct your questions about this file to: <[email protected]>
  8. #
  9. # Refer to the Core CookBook at https://www.kamailio.org/wikidocs/
  10. # for an explanation of possible statements, functions and parameters.
  11. #
  12. # Note: the comments can be:
  13. # - lines starting with #, but not the pre-processor directives,
  14. # which start with #!, like #!define, #!ifdef, #!endif, #!else, #!trydef,
  15. # #!subst, #!substdef, ...
  16. # - lines starting with //
  17. # - blocks enclosed in between /* */
  18. # Note: the config performs symmetric SIP signaling
  19. # - it sends the reply to the source address of the request
  20. # - remove the use of force_rport() for asymmetric SIP signaling
  21. #
  22. # Several features can be enabled using '#!define WITH_FEATURE' directives:
  23. #
  24. # *** To run in debug mode:
  25. # - define WITH_DEBUG
  26. # - debug level increased to 3, logs still sent to syslog
  27. # - debugger module loaded with cfgtrace enabled
  28. #
  29. # *** To enable mysql:
  30. # - define WITH_MYSQL
  31. #
  32. # *** To enable authentication execute:
  33. # - enable mysql
  34. # - define WITH_AUTH
  35. # - add users using 'kamctl' or 'kamcli'
  36. #
  37. # *** To enable IP authentication execute:
  38. # - enable mysql
  39. # - enable authentication
  40. # - define WITH_IPAUTH
  41. # - add IP addresses with group id '1' to 'address' table
  42. #
  43. # *** To enable persistent user location execute:
  44. # - enable mysql
  45. # - define WITH_USRLOCDB
  46. #
  47. # *** To enable presence server execute:
  48. # - enable mysql
  49. # - define WITH_PRESENCE
  50. # - if modified headers or body in config must be used by presence handling:
  51. # - define WITH_MSGREBUILD
  52. #
  53. # *** To enable nat traversal execute:
  54. # - define WITH_NAT
  55. # - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
  56. # - install RTPProxy: http://www.rtpproxy.org
  57. # - start RTPProxy:
  58. # rtpproxy -l _your_public_ip_ -s udp:localhost:7722
  59. #
  60. # *** To use RTPEngine (instead of RTPProxy) for nat traversal execute:
  61. # - define WITH_RTPENGINE
  62. # - install RTPEngine: https://github.com/sipwise/rtpengine
  63. # - start RTPEngine:
  64. # rtpengine --listen-ng=127.0.0.1:2223 ...
  65. #
  66. # *** To enable PSTN gateway routing execute:
  67. # - define WITH_PSTN
  68. # - set the value of pstn.gw_ip
  69. # - check route[PSTN] for regexp routing condition
  70. #
  71. # *** To enable database aliases lookup execute:
  72. # - enable mysql
  73. # - define WITH_ALIASDB
  74. #
  75. # *** To enable speed dial lookup execute:
  76. # - enable mysql
  77. # - define WITH_SPEEDDIAL
  78. #
  79. # *** To enable multi-domain support execute:
  80. # - enable mysql
  81. # - define WITH_MULTIDOMAIN
  82. #
  83. # *** To enable TLS support execute:
  84. # - adjust CFGDIR/tls.cfg as needed
  85. # - define WITH_TLS
  86. #
  87. # *** To enable JSONRPC over HTTP(S) support execute:
  88. # - define WITH_JSONRPC
  89. # - adjust event_route[xhttp:request] for access policy
  90. #
  91. # *** To enable WebSocket support execute:
  92. # - define WITH_WEBSOCKET
  93. #
  94. # *** To enable anti-flood detection execute:
  95. # - adjust pike and htable=>ipban settings as needed (default is
  96. # block if more than 16 requests in 2 seconds and ban for 300 seconds)
  97. # - define WITH_ANTIFLOOD
  98. #
  99. # *** To load htable module execute:
  100. # - define WITH_HTABLE
  101. #
  102. # *** To block 3XX redirect replies execute:
  103. # - define WITH_BLOCK3XX
  104. #
  105. # *** To block 401 and 407 authentication replies execute:
  106. # - define WITH_BLOCK401407
  107. #
  108. # *** To enable VoiceMail routing execute:
  109. # - define WITH_VOICEMAIL
  110. # - set the value of voicemail.srv_ip
  111. # - adjust the value of voicemail.srv_port
  112. #
  113. # *** To enhance accounting execute:
  114. # - enable mysql
  115. # - define WITH_ACCDB
  116. # - add following columns to database
  117. #!ifdef ACCDB_COMMENT
  118. ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
  119. ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
  120. ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default '';
  121. ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
  122. ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
  123. ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
  124. ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
  125. ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
  126. ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default '';
  127. ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
  128. ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
  129. ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
  130. #!endif
  131. ####### Include Local Config If Exists #########
  132. import_file "kamailio-local.cfg"
  133. ####### Defined Values #########
  134. #!define WITH_NAT
  135. #!define WITH_TLS
  136. #!define WITH_WEBSOCKET
  137. # *** Value defines - IDs used later in config
  138. #!ifdef WITH_DEBUG
  139. #!define DBGLEVEL 3
  140. #!else
  141. #!define DBGLEVEL 2
  142. #!endif
  143. #!ifdef WITH_MYSQL
  144. # - database URL - used to connect to database server by modules such
  145. # as: auth_db, acc, usrloc, a.s.o.
  146. #!trydef DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
  147. #!endif
  148. #!ifdef WITH_MULTIDOMAIN
  149. # - the value for 'use_domain' parameters
  150. #!define MULTIDOMAIN 1
  151. #!else
  152. #!define MULTIDOMAIN 0
  153. #!endif
  154. #!ifdef WITH_ANTIFLOOD
  155. # - hash table 'ipban' used to store blocked IP addresses
  156. #!trydef WITH_HTABLE
  157. #!endif
  158. # - flags
  159. # FLT_ - per transaction (message) flags
  160. #!define FLT_ACC 1
  161. #!define FLT_ACCMISSED 2
  162. #!define FLT_ACCFAILED 3
  163. #!define FLT_NATS 5
  164. # FLB_ - per branch flags
  165. #!define FLB_NATB 6
  166. #!define FLB_NATSIPPING 7
  167. ####### Global Parameters #########
  168. /* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */
  169. debug=DBGLEVEL
  170. /* set to 'yes' to print log messages to terminal or use '-E' cli option */
  171. log_stderror=no
  172. memdbg=5
  173. memlog=5
  174. log_facility=LOG_LOCAL0
  175. log_prefix="{$mt $hdr(CSeq) $ci} "
  176. /* number of SIP routing processes for each UDP socket
  177. * - value inherited by tcp_children and sctp_children when not set explicitely */
  178. children=8
  179. /* uncomment the next line to disable TCP (default on) */
  180. # disable_tcp=yes
  181. /* number of SIP routing processes for all TCP/TLS sockets */
  182. # tcp_children=8
  183. /* UDP receiving mode:
  184. * - 0: multi-process (default)
  185. * - 1: multi-threaded with async worker group 'udp'
  186. * - 2: per socket configuration (see core cookbook) */
  187. # async_workers_group="name=udp;workers=8"
  188. # udp_receiver_mode = 1
  189. /* uncomment the next line to disable the auto discovery of local aliases
  190. * based on reverse DNS on IPs (default on) */
  191. # auto_aliases=no
  192. /* add local domain aliases - it can be set many times */
  193. # alias="sip.mydomain.com"
  194. /* listen sockets - if none set, Kamailio binds to all local IP addresses
  195. * - basic prototype (full prototype can be found in Wiki - Core Cookbook):
  196. * listen=[proto]:[localip]:[lport] advertise [publicip]:[pport]
  197. * - it can be set many times to add more sockets to listen to */
  198. # listen=udp:10.0.0.10:5060
  199. /* life time of TCP connection when there is no traffic
  200. * - a bit higher than registration expires to cope with UA behind NAT */
  201. tcp_connection_lifetime=3605
  202. #!ifdef WITH_WEBSOCKET
  203. tcp_accept_no_cl=yes
  204. tcp_rd_buf_size=16384
  205. #!endif
  206. /* upper limit for TCP connections (it includes the TLS connections) */
  207. tcp_max_connections=2048
  208. /* upper limit for TCP connections for one ip address - default 1024 */
  209. #tcp_accept_iplimit=1024
  210. #!ifdef WITH_JSONRPC
  211. tcp_accept_no_cl=yes
  212. #!endif
  213. #!ifdef WITH_TLS
  214. enable_tls=yes
  215. /* upper limit for TLS connections */
  216. tls_max_connections=2048
  217. /* For OpenSSL 3 integration
  218. * functions calling libssl3 can be invoked in a transient thread
  219. * 0: disable threaded calls
  220. * 1: use thread executors for process #0 only
  221. * 2: no thread executors, but use atfork handler to reset thread-locals to NULL */
  222. tls_threads_mode=2
  223. #!endif
  224. /* set it to yes to enable sctp and load sctp.so module */
  225. enable_sctp=no
  226. ####### Custom Parameters #########
  227. /* These parameters can be modified at runtime via RPC interface
  228. * - see the documentation of 'cfg_rpc' module.
  229. *
  230. * Format: group.id = value 'desc' description
  231. * Access: $sel(cfg_get.group.id) or @cfg_get.group.id */
  232. #!ifdef WITH_PSTN
  233. /* PSTN GW Routing
  234. *
  235. * - pstn.gw_ip: valid IP or hostname as string value, example:
  236. * pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
  237. *
  238. * - by default is empty to avoid misrouting */
  239. pstn.gw_ip = "" desc "PSTN GW Address"
  240. pstn.gw_port = "" desc "PSTN GW Port"
  241. #!endif
  242. #!ifdef WITH_VOICEMAIL
  243. /* VoiceMail Routing on offline, busy or no answer
  244. *
  245. * - by default Voicemail server IP is empty to avoid misrouting */
  246. voicemail.srv_ip = "" desc "VoiceMail IP Address"
  247. voicemail.srv_port = "5060" desc "VoiceMail Port"
  248. #!endif
  249. ####### Modules Section ########
  250. /* set paths to location of modules */
  251. # mpath="/usr/local/lib/kamailio/modules/"
  252. # when using TLS with OpenSSL it is recommended to load this module
  253. # first so that OpenSSL is initialized correctly
  254. #!ifdef WITH_TLS
  255. loadmodule "tls.so"
  256. #!endif
  257. #!ifdef WITH_MYSQL
  258. loadmodule "db_mysql.so"
  259. #!endif
  260. #!ifdef WITH_JSONRPC
  261. loadmodule "xhttp.so"
  262. #!endif
  263. loadmodule "jsonrpcs.so"
  264. loadmodule "kex.so"
  265. loadmodule "corex.so"
  266. loadmodule "tm.so"
  267. loadmodule "tmx.so"
  268. loadmodule "sl.so"
  269. loadmodule "rr.so"
  270. loadmodule "pv.so"
  271. loadmodule "maxfwd.so"
  272. loadmodule "usrloc.so"
  273. loadmodule "registrar.so"
  274. loadmodule "textops.so"
  275. loadmodule "textopsx.so"
  276. loadmodule "siputils.so"
  277. loadmodule "xlog.so"
  278. loadmodule "sanity.so"
  279. loadmodule "ctl.so"
  280. loadmodule "cfg_rpc.so"
  281. loadmodule "acc.so"
  282. loadmodule "counters.so"
  283. loadmodule "dlgs.so"
  284. #!ifdef WITH_AUTH
  285. loadmodule "auth.so"
  286. loadmodule "auth_db.so"
  287. #!ifdef WITH_IPAUTH
  288. loadmodule "permissions.so"
  289. #!endif
  290. #!endif
  291. #!ifdef WITH_ALIASDB
  292. loadmodule "alias_db.so"
  293. #!endif
  294. #!ifdef WITH_SPEEDDIAL
  295. loadmodule "speeddial.so"
  296. #!endif
  297. #!ifdef WITH_MULTIDOMAIN
  298. loadmodule "domain.so"
  299. #!endif
  300. #!ifdef WITH_PRESENCE
  301. loadmodule "presence.so"
  302. loadmodule "presence_xml.so"
  303. #!endif
  304. #!ifdef WITH_NAT
  305. loadmodule "nathelper.so"
  306. #!ifdef WITH_RTPENGINE
  307. loadmodule "rtpengine.so"
  308. #!else
  309. loadmodule "rtpproxy.so"
  310. #!endif
  311. #!endif
  312. #!ifdef WITH_HTABLE
  313. loadmodule "htable.so"
  314. #!endif
  315. #!ifdef WITH_ANTIFLOOD
  316. loadmodule "pike.so"
  317. #!endif
  318. #!ifdef WITH_DEBUG
  319. loadmodule "debugger.so"
  320. #!endif
  321. #!ifdef WITH_WEBSOCKET
  322. loadmodule "xhttp.so"
  323. loadmodule "websocket.so"
  324. #!endif
  325. # ----------------- setting module-specific parameters ---------------
  326. # ----- jsonrpcs params -----
  327. modparam("jsonrpcs", "pretty_format", 1)
  328. /* set the path to RPC fifo control file */
  329. # modparam("jsonrpcs", "fifo_name", "/run/kamailio/kamailio_rpc.fifo")
  330. /* set the path to RPC unix socket control file */
  331. # modparam("jsonrpcs", "dgram_socket", "/run/kamailio/kamailio_rpc.sock")
  332. #!ifdef WITH_JSONRPC
  333. modparam("jsonrpcs", "transport", 7)
  334. #!endif
  335. # ----- ctl params -----
  336. /* set the path to RPC unix socket control file */
  337. # modparam("ctl", "binrpc", "unix:/run/kamailio/kamailio_ctl")
  338. # ----- sanity params -----
  339. modparam("sanity", "autodrop", 0)
  340. # ----- tm params -----
  341. # auto-discard branches from previous serial forking leg
  342. modparam("tm", "failure_reply_mode", 3)
  343. # default retransmission timeout: 30sec
  344. modparam("tm", "fr_timer", 30000)
  345. # default invite retransmission timeout after 1xx: 120sec
  346. modparam("tm", "fr_inv_timer", 120000)
  347. # ----- rr params -----
  348. # set next param to 1 to add value to ;lr param (helps with some UAs)
  349. modparam("rr", "enable_full_lr", 0)
  350. # do not append from tag to the RR (no need for this script)
  351. modparam("rr", "append_fromtag", 0)
  352. # ----- dlgs params -----
  353. modparam("dlgs", "timer_interval", 10)
  354. modparam("dlgs", "init_lifetime", 180)
  355. modparam("dlgs", "active_lifetime", 7200)
  356. modparam("dlgs", "finish_lifetime", 10)
  357. # ----- registrar params -----
  358. modparam("registrar", "method_filtering", 1)
  359. /* uncomment the next line to disable parallel forking via location */
  360. # modparam("registrar", "append_branches", 0)
  361. /* uncomment the next line not to allow more than 10 contacts per AOR */
  362. # modparam("registrar", "max_contacts", 10)
  363. /* max value for expires of registrations */
  364. modparam("registrar", "max_expires", 3600)
  365. /* set it to 1 to enable GRUU */
  366. modparam("registrar", "gruu_enabled", 0)
  367. /* set it to 0 to disable Path handling */
  368. modparam("registrar", "use_path", 1)
  369. /* save Path even if not listed in Supported header */
  370. modparam("registrar", "path_mode", 0)
  371. # ----- acc params -----
  372. /* what special events should be accounted ? */
  373. modparam("acc", "early_media", 0)
  374. modparam("acc", "report_ack", 0)
  375. modparam("acc", "report_cancels", 0)
  376. /* by default we do not adjust the direct of the sequential requests.
  377. * if you enable this parameter, be sure the enable "append_fromtag"
  378. * in "rr" module */
  379. modparam("acc", "detect_direction", 0)
  380. /* account triggers (flags) */
  381. modparam("acc", "log_flag", FLT_ACC)
  382. modparam("acc", "log_missed_flag", FLT_ACCMISSED)
  383. modparam("acc", "log_extra",
  384. "src_user=$fU;src_domain=$fd;src_ip=$si;"
  385. "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
  386. modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
  387. /* enhanced DB accounting */
  388. #!ifdef WITH_ACCDB
  389. modparam("acc", "db_flag", FLT_ACC)
  390. modparam("acc", "db_missed_flag", FLT_ACCMISSED)
  391. modparam("acc", "db_url", DBURL)
  392. modparam("acc", "db_extra",
  393. "src_user=$fU;src_domain=$fd;src_ip=$si;"
  394. "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
  395. #!endif
  396. # ----- usrloc params -----
  397. modparam("usrloc", "timer_interval", 60)
  398. modparam("usrloc", "timer_procs", 1)
  399. modparam("usrloc", "use_domain", MULTIDOMAIN)
  400. /* enable DB persistency for location entries */
  401. #!ifdef WITH_USRLOCDB
  402. modparam("usrloc", "db_url", DBURL)
  403. modparam("usrloc", "db_mode", 2)
  404. #!endif
  405. # ----- auth_db params -----
  406. #!ifdef WITH_AUTH
  407. modparam("auth_db", "db_url", DBURL)
  408. modparam("auth_db", "calculate_ha1", yes)
  409. modparam("auth_db", "password_column", "password")
  410. modparam("auth_db", "load_credentials", "")
  411. modparam("auth_db", "use_domain", MULTIDOMAIN)
  412. # ----- permissions params -----
  413. #!ifdef WITH_IPAUTH
  414. modparam("permissions", "db_url", DBURL)
  415. modparam("permissions", "load_backends", 1)
  416. #!endif
  417. #!endif
  418. # ----- alias_db params -----
  419. #!ifdef WITH_ALIASDB
  420. modparam("alias_db", "db_url", DBURL)
  421. modparam("alias_db", "use_domain", MULTIDOMAIN)
  422. #!endif
  423. # ----- speeddial params -----
  424. #!ifdef WITH_SPEEDDIAL
  425. modparam("speeddial", "db_url", DBURL)
  426. modparam("speeddial", "use_domain", MULTIDOMAIN)
  427. #!endif
  428. # ----- domain params -----
  429. #!ifdef WITH_MULTIDOMAIN
  430. modparam("domain", "db_url", DBURL)
  431. /* register callback to match myself condition with domains list */
  432. modparam("domain", "register_myself", 1)
  433. #!endif
  434. #!ifdef WITH_PRESENCE
  435. # ----- presence params -----
  436. modparam("presence", "db_url", DBURL)
  437. # ----- presence_xml params -----
  438. modparam("presence_xml", "db_url", DBURL)
  439. modparam("presence_xml", "force_active", 1)
  440. #!endif
  441. #!ifdef WITH_NAT
  442. #!ifdef WITH_RTPENGINE
  443. # ----- rtpengine params -----
  444. modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223")
  445. #!else
  446. # ----- rtpproxy params -----
  447. modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
  448. #!endif
  449. # ----- nathelper params -----
  450. modparam("nathelper", "natping_interval", 30)
  451. modparam("nathelper", "ping_nated_only", 1)
  452. modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
  453. modparam("nathelper", "sipping_from", "sip:[email protected]")
  454. # params needed for NAT traversal in other modules
  455. modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
  456. modparam("usrloc", "nat_bflag", FLB_NATB)
  457. #!endif
  458. #!ifdef WITH_TLS
  459. # ----- tls params -----
  460. modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
  461. #!endif
  462. #!ifdef WITH_ANTIFLOOD
  463. # ----- pike params -----
  464. modparam("pike", "sampling_time_unit", 2)
  465. modparam("pike", "reqs_density_per_unit", 16)
  466. modparam("pike", "remove_latency", 4)
  467. #!endif
  468. #!ifdef WITH_HTABLE
  469. # ----- htable params -----
  470. #!ifdef WITH_ANTIFLOOD
  471. /* ip ban htable with autoexpire after 5 minutes */
  472. modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
  473. #!endif
  474. #!endif
  475. #!ifdef WITH_DEBUG
  476. # ----- debugger params -----
  477. modparam("debugger", "cfgtrace", 1)
  478. modparam("debugger", "log_level_name", "exec")
  479. #!endif
  480. ####### Routing Logic ########
  481. /* Main SIP request routing logic
  482. * - processing of any incoming SIP request starts with this route
  483. * - note: this is the same as route { ... } */
  484. request_route {
  485. # per request initial checks
  486. route(REQINIT);
  487. # NAT detection
  488. route(NATDETECT);
  489. # CANCEL processing
  490. if (is_method("CANCEL")) {
  491. dlgs_update();
  492. if (t_check_trans()) {
  493. route(RELAY);
  494. }
  495. exit;
  496. }
  497. # handle retransmissions
  498. if (!is_method("ACK")) {
  499. if(t_precheck_trans()) {
  500. t_check_trans();
  501. exit;
  502. }
  503. t_check_trans();
  504. }
  505. # handle requests within SIP dialogs
  506. route(WITHINDLG);
  507. ### only initial requests (no To tag)
  508. # authentication
  509. route(AUTH);
  510. # record routing for dialog forming requests (in case they are routed)
  511. # - remove preloaded route headers
  512. remove_hf("Route");
  513. if (is_method("INVITE|SUBSCRIBE|REFER")) {
  514. record_route();
  515. }
  516. # account only INVITEs
  517. if (is_method("INVITE")) {
  518. setflag(FLT_ACC); # do accounting
  519. }
  520. # dispatch requests to foreign domains
  521. route(SIPOUT);
  522. ### requests for my local domains
  523. # handle presence related requests
  524. route(PRESENCE);
  525. # handle registrations
  526. route(REGISTRAR);
  527. if ($rU==$null) {
  528. # request with no Username in RURI
  529. sl_send_reply("484", "Address Incomplete");
  530. exit;
  531. }
  532. if(is_method("INVITE")) {
  533. dlgs_init("$fu", "$tu", "srcip=$si");
  534. }
  535. # dispatch destinations to PSTN
  536. route(PSTN);
  537. # user location service
  538. route(LOCATION);
  539. return;
  540. }
  541. # Wrapper for relaying requests
  542. route[RELAY] {
  543. # enable additional event routes for forwarded requests
  544. # - serial forking, RTP relaying handling, a.s.o.
  545. if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
  546. if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
  547. }
  548. if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
  549. if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
  550. }
  551. if (is_method("INVITE")) {
  552. if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
  553. }
  554. if (!t_relay()) {
  555. send_reply_error();
  556. }
  557. exit;
  558. }
  559. # Per SIP request initial checks
  560. route[REQINIT] {
  561. # no connect for sending replies
  562. set_reply_no_connect();
  563. # enforce symmetric signaling
  564. # - send back replies to the source address of request
  565. force_rport();
  566. #!ifdef WITH_ANTIFLOOD
  567. # flood detection from same IP and traffic ban for a while
  568. # be sure you exclude checking trusted peers, such as pstn gateways
  569. # - local host excluded (e.g., loop to self)
  570. if(src_ip!=myself) {
  571. if($sht(ipban=>$si)!=$null) {
  572. # ip is already blocked
  573. xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
  574. exit;
  575. }
  576. if (!pike_check_req()) {
  577. xalert("ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
  578. $sht(ipban=>$si) = 1;
  579. exit;
  580. }
  581. }
  582. #!endif
  583. if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent|pplsip") {
  584. # silent drop for scanners - uncomment next line if want to reply
  585. # sl_send_reply("200", "OK");
  586. exit;
  587. }
  588. if (!mf_process_maxfwd_header("10")) {
  589. sl_send_reply("483", "Too Many Hops");
  590. exit;
  591. }
  592. if(is_method("OPTIONS") && uri==myself && $rU==$null) {
  593. sl_send_reply("200", "Keepalive");
  594. exit;
  595. }
  596. if(!sanity_check("17895", "7")) {
  597. xlog("Malformed SIP request from $si:$sp\n");
  598. exit;
  599. }
  600. }
  601. # Handle requests within SIP dialogs
  602. route[WITHINDLG] {
  603. if (!has_totag()) return;
  604. # sequential request within a dialog should
  605. # take the path determined by record-routing
  606. if (loose_route()) {
  607. route(DLGURI);
  608. dlgs_update();
  609. if (is_method("BYE")) {
  610. setflag(FLT_ACC); # do accounting ...
  611. setflag(FLT_ACCFAILED); # ... even if the transaction fails
  612. } else if ( is_method("ACK") ) {
  613. # ACK is forwarded statelessly
  614. route(NATMANAGE);
  615. } else if ( is_method("NOTIFY|REFER") ) {
  616. # Add Record-Route for in-dialog NOTIFY and REFER (RFC6665, RFC3515)
  617. record_route();
  618. }
  619. route(RELAY);
  620. exit;
  621. }
  622. if (is_method("SUBSCRIBE") && uri == myself) {
  623. # in-dialog subscribe requests
  624. route(PRESENCE);
  625. exit;
  626. }
  627. if ( is_method("ACK") ) {
  628. if ( t_check_trans() ) {
  629. # no loose-route, but stateful ACK;
  630. # must be an ACK after a 487
  631. # or e.g. 404 from upstream server
  632. route(RELAY);
  633. exit;
  634. } else {
  635. # ACK without matching transaction ... ignore and discard
  636. exit;
  637. }
  638. }
  639. sl_send_reply("404", "Not here");
  640. exit;
  641. }
  642. # Handle SIP registrations
  643. route[REGISTRAR] {
  644. if (!is_method("REGISTER")) return;
  645. if(isflagset(FLT_NATS)) {
  646. setbflag(FLB_NATB);
  647. #!ifdef WITH_NATSIPPING
  648. # do SIP NAT pinging
  649. setbflag(FLB_NATSIPPING);
  650. #!endif
  651. }
  652. if (!save("location")) {
  653. send_reply_error();
  654. }
  655. exit;
  656. }
  657. # User location service
  658. route[LOCATION] {
  659. #!ifdef WITH_SPEEDDIAL
  660. # search for short dialing - 2-digit extension
  661. if($rU=~"^[0-9][0-9]$") {
  662. if(sd_lookup("speed_dial")) {
  663. route(SIPOUT);
  664. }
  665. }
  666. #!endif
  667. #!ifdef WITH_ALIASDB
  668. # search in DB-based aliases
  669. if(alias_db_lookup("dbaliases")) {
  670. route(SIPOUT);
  671. }
  672. #!endif
  673. $avp(oexten) = $rU;
  674. if (!lookup("location")) {
  675. $var(rc) = $rc;
  676. route(TOVOICEMAIL);
  677. t_newtran();
  678. switch ($var(rc)) {
  679. case -1:
  680. case -3:
  681. send_reply("404", "Not Found");
  682. exit;
  683. case -2:
  684. send_reply("405", "Method Not Allowed");
  685. exit;
  686. }
  687. }
  688. # when routing via usrloc, log the missed calls also
  689. if (is_method("INVITE")) {
  690. setflag(FLT_ACCMISSED);
  691. }
  692. route(RELAY);
  693. exit;
  694. }
  695. # Presence server processing
  696. route[PRESENCE] {
  697. if(!is_method("PUBLISH|SUBSCRIBE")) return;
  698. if(is_method("SUBSCRIBE") && $hdr(Event)=="message-summary") {
  699. route(TOVOICEMAIL);
  700. # returns here if no voicemail server is configured
  701. sl_send_reply("404", "No voicemail service");
  702. exit;
  703. }
  704. #!ifdef WITH_PRESENCE
  705. #!ifdef WITH_MSGREBUILD
  706. # apply changes in case the request headers or body were modified
  707. msg_apply_changes();
  708. #!endif
  709. if (!t_newtran()) {
  710. send_reply_error();
  711. exit;
  712. }
  713. if(is_method("PUBLISH")) {
  714. handle_publish();
  715. t_release();
  716. } else if(is_method("SUBSCRIBE")) {
  717. handle_subscribe();
  718. t_release();
  719. }
  720. exit;
  721. #!endif
  722. # if presence enabled, this part will not be executed
  723. if (is_method("PUBLISH") || $rU==$null) {
  724. sl_send_reply("404", "Not here");
  725. exit;
  726. }
  727. return;
  728. }
  729. # IP authorization and user authentication
  730. route[AUTH] {
  731. #!ifdef WITH_AUTH
  732. #!ifdef WITH_IPAUTH
  733. if((!is_method("REGISTER")) && allow_source_address()) {
  734. # source IP allowed
  735. return;
  736. }
  737. #!endif
  738. if (is_method("REGISTER") || from_uri==myself) {
  739. # authenticate requests
  740. if (!auth_check("$fd", "subscriber", "1")) {
  741. auth_challenge("$fd", "0");
  742. exit;
  743. }
  744. # user authenticated - remove auth header
  745. if(!is_method("REGISTER|PUBLISH"))
  746. consume_credentials();
  747. }
  748. # if caller is not local subscriber, then check if it calls
  749. # a local destination, otherwise deny, not an open relay here
  750. if (from_uri!=myself && uri!=myself) {
  751. sl_send_reply("403", "Not relaying");
  752. exit;
  753. }
  754. #!else
  755. # authentication not enabled - do not relay at all to foreign networks
  756. if(uri!=myself) {
  757. sl_send_reply("403", "Not relaying");
  758. exit;
  759. }
  760. #!endif
  761. return;
  762. }
  763. # Caller NAT detection
  764. route[NATDETECT] {
  765. #!ifdef WITH_NAT
  766. if (nat_uac_test("83")) {
  767. if (is_method("REGISTER")) {
  768. fix_nated_register();
  769. } else {
  770. if(is_first_hop()) {
  771. set_contact_alias();
  772. }
  773. }
  774. setflag(FLT_NATS);
  775. }
  776. #!endif
  777. return;
  778. }
  779. # RTP relaying management and signaling updates for NAT traversal
  780. route[NATMANAGE] {
  781. #!ifdef WITH_NAT
  782. if (is_request()) {
  783. if(has_totag()) {
  784. if(check_route_param("nat=yes")) {
  785. setbflag(FLB_NATB);
  786. }
  787. }
  788. }
  789. if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;
  790. #!ifdef WITH_RTPENGINE
  791. if(nat_uac_test("8")) {
  792. rtpengine_manage("SIP-source-address replace-origin replace-session-connection");
  793. } else {
  794. rtpengine_manage("replace-origin replace-session-connection");
  795. }
  796. #!else
  797. if(nat_uac_test("8")) {
  798. rtpproxy_manage("co");
  799. } else {
  800. rtpproxy_manage("cor");
  801. }
  802. #!endif
  803. if (is_request()) {
  804. if (!has_totag()) {
  805. if(t_is_branch_route()) {
  806. add_rr_param(";nat=yes");
  807. }
  808. }
  809. }
  810. if (is_reply()) {
  811. if(isbflagset(FLB_NATB) || nat_uac_test("64")) {
  812. if(is_first_hop())
  813. set_contact_alias();
  814. }
  815. }
  816. if(isbflagset(FLB_NATB) || nat_uac_test("64")) {
  817. # no connect message in a dialog involving NAT traversal
  818. if (is_request()) {
  819. if(has_totag()) {
  820. set_forward_no_connect();
  821. }
  822. }
  823. }
  824. #!endif
  825. return;
  826. }
  827. # URI update for dialog requests
  828. route[DLGURI] {
  829. #!ifdef WITH_NAT
  830. if(!isdsturiset()) {
  831. handle_ruri_alias();
  832. }
  833. #!endif
  834. return;
  835. }
  836. # Routing to foreign domains
  837. route[SIPOUT] {
  838. if (uri==myself) return;
  839. append_hf("P-Hint: outbound\r\n");
  840. route(RELAY);
  841. exit;
  842. }
  843. # PSTN GW routing
  844. route[PSTN] {
  845. #!ifdef WITH_PSTN
  846. # check if PSTN GW IP is defined
  847. if (strempty($sel(cfg_get.pstn.gw_ip))) {
  848. xlog("SCRIPT: PSTN routing enabled but pstn.gw_ip not defined\n");
  849. return;
  850. }
  851. # route to PSTN dialed numbers starting with '+' or '00'
  852. # (international format)
  853. # - update the condition to match your dialing rules for PSTN routing
  854. if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$")) return;
  855. # only local users allowed to call
  856. if(from_uri!=myself) {
  857. sl_send_reply("403", "Not Allowed");
  858. exit;
  859. }
  860. # normalize target number for pstn gateway
  861. # - convert leading 00 to +
  862. if (starts_with("$rU", "00")) {
  863. strip(2);
  864. prefix("+");
  865. }
  866. if (strempty($sel(cfg_get.pstn.gw_port))) {
  867. $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
  868. } else {
  869. $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip) + ":"
  870. + $sel(cfg_get.pstn.gw_port);
  871. }
  872. route(RELAY);
  873. exit;
  874. #!endif
  875. return;
  876. }
  877. # JSONRPC over HTTP(S) routing
  878. #!ifdef WITH_JSONRPC
  879. event_route[xhttp:request] {
  880. set_reply_close();
  881. set_reply_no_connect();
  882. if(src_ip!=127.0.0.1) {
  883. xhttp_reply("403", "Forbidden", "text/html",
  884. "<html><body>Not allowed from $si</body></html>");
  885. exit;
  886. }
  887. if ($hu =~ "^/RPC") {
  888. jsonrpc_dispatch();
  889. exit;
  890. }
  891. xhttp_reply("200", "OK", "text/html",
  892. "<html><body>Wrong URL $hu</body></html>");
  893. exit;
  894. }
  895. #!endif
  896. # Routing to voicemail server
  897. route[TOVOICEMAIL] {
  898. #!ifdef WITH_VOICEMAIL
  899. if(!is_method("INVITE|SUBSCRIBE")) return;
  900. # check if VoiceMail server IP is defined
  901. if (strempty($sel(cfg_get.voicemail.srv_ip))) {
  902. xlog("SCRIPT: VoiceMail routing enabled but IP not defined\n");
  903. return;
  904. }
  905. if(is_method("INVITE")) {
  906. if($avp(oexten)==$null) return;
  907. $ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip)
  908. + ":" + $sel(cfg_get.voicemail.srv_port);
  909. } else {
  910. if($rU==$null) return;
  911. $ru = "sip:" + $rU + "@" + $sel(cfg_get.voicemail.srv_ip)
  912. + ":" + $sel(cfg_get.voicemail.srv_port);
  913. }
  914. route(RELAY);
  915. exit;
  916. #!endif
  917. return;
  918. }
  919. # Manage outgoing branches
  920. branch_route[MANAGE_BRANCH] {
  921. xdbg("new branch [$T_branch_idx] to $ru\n");
  922. route(NATMANAGE);
  923. return;
  924. }
  925. # Manage incoming replies
  926. reply_route {
  927. if(!sanity_check("17604", "6")) {
  928. xlog("Malformed SIP response from $si:$sp\n");
  929. drop;
  930. }
  931. return;
  932. }
  933. # Manage incoming replies in transaction context
  934. onreply_route[MANAGE_REPLY] {
  935. xdbg("incoming reply\n");
  936. if(status=~"[12][0-9][0-9]") {
  937. route(NATMANAGE);
  938. }
  939. return;
  940. }
  941. # Manage failure routing cases
  942. failure_route[MANAGE_FAILURE] {
  943. route(NATMANAGE);
  944. if (t_is_canceled()) exit;
  945. #!ifdef WITH_BLOCK3XX
  946. # block call redirect based on 3xx replies.
  947. if (t_check_status("3[0-9][0-9]")) {
  948. t_reply("404", "Not found");
  949. exit;
  950. }
  951. #!endif
  952. #!ifdef WITH_BLOCK401407
  953. # block call redirect based on 401, 407 replies.
  954. if (t_check_status("401|407")) {
  955. t_reply("404", "Not found");
  956. exit;
  957. }
  958. #!endif
  959. #!ifdef WITH_VOICEMAIL
  960. # serial forking
  961. # - route to voicemail on busy or no answer (timeout)
  962. if (t_check_status("486|408")) {
  963. $du = $null;
  964. route(TOVOICEMAIL);
  965. exit;
  966. }
  967. #!endif
  968. return;
  969. }
  970. #!ifdef WITH_WEBSOCKET
  971. event_route[xhttp:request] {
  972. set_reply_close();
  973. set_reply_no_connect();
  974. if ($hdr(Upgrade)=~"websocket"
  975. && $hdr(Connection)=~"Upgrade"
  976. && $rm=~"GET") {
  977. # Validate Host - make sure the client is using the correct
  978. # alias for WebSockets
  979. if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
  980. xlog("L_WARN", "Bad host $hdr(Host)\n");
  981. xhttp_reply("403", "Forbidden", "", "");
  982. exit;
  983. }
  984. if (ws_handle_handshake()) {
  985. # Optional... cache some information about the
  986. # successful connection
  987. exit;
  988. }
  989. }
  990. xhttp_reply("404", "Not Found", "", "");
  991. return;
  992. }
  993. #!endif