#!KAMAILIO # # InteractiveMedia SBC configuration - Server Call Logic # ####### Include definitions ######### include_file "definitions.cfg" # *** Value defines - IDs used later in config #!ifdef WITH_DEBUG #!define DBGLEVEL 3 #!else #!define DBGLEVEL 2 #!endif #!ifdef WITH_MYSQL # - database URL - used to connect to database server by modules such # as: auth_db, acc, usrloc, a.s.o. #!trydef DBURL "mysql://DB_USER:DB_PASS@DB_HOST/kamailio" #!endif #!ifdef WITH_MULTIDOMAIN # - the value for 'use_domain' parameters #!define MULTIDOMAIN 1 #!else #!define MULTIDOMAIN 0 #!endif # - flags # FLT_ - per transaction (message) flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5 # FLB_ - per branch flags #!define FLB_NATB 6 #!define FLB_NATSIPPING 7 ####### Global Parameters ######### /* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */ debug=DBGLEVEL /* set to 'yes' to print log messages to terminal or use '-E' cli option */ log_stderror=no memdbg=5 memlog=5 log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} " server_header="Server: SERVER_HEADER" user_agent_header="Server: UA_HEADER" /* number of SIP routing processes for each UDP socket * - value inherited by tcp_children and sctp_children when not set explicitely */ children=8 /* uncomment the next line to disable TCP (default on) */ # disable_tcp=yes /* number of SIP routing processes for all TCP/TLS sockets */ # tcp_children=8 /* uncomment the next line to disable the auto discovery of local aliases * based on reverse DNS on IPs (default on) */ # auto_aliases=no /* add local domain aliases - it can be set many times */ include_file "aliases.cfg" /* listen sockets - if none set, Kamailio binds to all local IP addresses * - basic prototype (full prototype can be found in Wiki - Core Cookbook): * listen=[proto]:[localip]:[lport] advertise [publicip]:[pport] * - it can be set many times to add more sockets to listen to */ ## Listen on UDP listen=udp:PRIVATE_IP4_ADDR:SIP_PORT advertise PUBLICIP4_ADDR:SIP_PORT name "extifudp" listen=udp:PRIVATE_IP4_ADDR:SIP_INTERNAL_PORT name "intifudp" #listen=udp:PRIVPN_IP4_ADDR:SIP_INTERNAL_PORT name "intvpnudp" #listen=udp:PRIVPN_IP4_ADDR:SIP_INTERNAL_TEST_PORT name "intvpntestudp" ## Listen on TCP listen=tcp:PRIVATE_IP4_ADDR:SIP_PORT advertise PUBLICIP4_ADDR:SIP_PORT name "extiftcp" listen=tcp:PRIVATE_IP4_ADDR:SIP_INTERNAL_PORT name "intiftcp" #listen=tcp:PRIVPN_IP4_ADDR:SIP_INTERNAL_PORT name "intvpntcp" #!ifdef WITH_TLS enable_tls=yes ## Listen on TLS Port listen=tls:PRIVATE_IP4_ADDR:SIPS_PORT advertise PUBLICIP4_ADDR:SIPS_PORT name "extiftls" listen=tls:PRIVATE_IP4_ADDR:SIPS_INTERNAL_PORT name "intiftls" listen=tls:PRIVPN_IP4_ADDR:SIPS_INTERNAL_PORT name "intvpntls" /* upper limit for TLS connections */ tls_max_connections=2048 #!endif /* life time of TCP connection when there is no traffic * - a bit higher than registration expires to cope with UA behind NAT */ tcp_connection_lifetime=3605 /* upper limit for TCP connections (it includes the TLS connections) */ tcp_max_connections=2048 #!ifdef WITH_XHTTP tcp_accept_no_cl=yes ## Listen on HTTP Port listen=tcp:PRIVATE_IP4_ADDR:HTTP_PORT #!endif #!ifdef WITH_JSONRPC tcp_accept_no_cl=yes #!endif /* set it to yes to enable sctp and load sctp.so module */ enable_sctp=no /* set it to yes to execute onsend_route block for received replies that are sent out */ onsend_route_reply=yes ####### Custom Parameters ######### /* These parameters can be modified runtime via RPC interface * - see the documentation of 'cfg_rpc' module. * * Format: group.id = value 'desc' description * Access: $sel(cfg_get.group.id) or @cfg_get.group.id */ #!ifdef WITH_PSTN /* PSTN GW Routing * * - pstn.gw_ip: valid IP or hostname as string value, example: * pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address" * * - by default is empty to avoid misrouting */ pstn.gw_ip = "" desc "PSTN GW Address" pstn.gw_port = "" desc "PSTN GW Port" #!endif #!ifdef WITH_VOICEMAIL /* VoiceMail Routing on offline, busy or no answer * * - by default Voicemail server IP is empty to avoid misrouting */ voicemail.srv_ip = "" desc "VoiceMail IP Address" voicemail.srv_port = "5060" desc "VoiceMail Port" #!endif ####### Modules Section ######## /* set paths to location of modules */ # mpath="/usr/lib64/kamailio/modules/" #!ifdef WITH_JSONRPC loadmodule "xhttp.so" #!endif loadmodule "jsonrpcs.so" loadmodule "kex.so" loadmodule "corex.so" loadmodule "tm.so" loadmodule "tmx.so" loadmodule "sl.so" loadmodule "rr.so" loadmodule "pv.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "textopsx.so" loadmodule "siputils.so" loadmodule "xlog.so" loadmodule "sanity.so" loadmodule "ctl.so" loadmodule "cfg_rpc.so" loadmodule "acc.so" loadmodule "counters.so" loadmodule "dialog.so" loadmodule "phonenum.so" loadmodule "sdpops.so" loadmodule "ipops.so" #!ifdef WITH_TLS loadmodule "tls.so" #!endif #!ifdef WITH_SQLOPS loadmodule "sqlops.so" #!endif #!ifdef WITH_MYSQL loadmodule "db_mysql.so" #!ifdef WITH_CUSTOMER_CHECK loadmodule "auth.so" loadmodule "auth_db.so" loadmodule "permissions.so" #!endif #!endif #!ifdef WITH_AUTH loadmodule "auth.so" loadmodule "auth_db.so" #!ifdef WITH_IPAUTH loadmodule "permissions.so" #!endif #!endif #!ifdef WITH_ALIASDB loadmodule "alias_db.so" #!endif #!ifdef WITH_SPEEDDIAL loadmodule "speeddial.so" #!endif #!ifdef WITH_MULTIDOMAIN loadmodule "domain.so" #!endif #!ifdef WITH_PRESENCE loadmodule "presence.so" loadmodule "presence_xml.so" #!endif #!ifdef WITH_NAT loadmodule "nathelper.so" #!ifdef WITH_RTPENGINE loadmodule "rtpengine.so" #!else loadmodule "rtpproxy.so" #!endif #!else #!ifdef WITH_RTPENGINE loadmodule "rtpengine.so" #!endif #!endif #!ifdef WITH_ANTIFLOOD loadmodule "htable.so" loadmodule "pike.so" #!endif #!ifdef WITH_DISPATCHER loadmodule "dispatcher.so" #!endif #!ifdef WITH_XHTTP loadmodule "xhttp.so" #!endif #!ifdef WITH_DEBUG loadmodule "debugger.so" #!endif # ----------------- setting module-specific parameters --------------- # ----- jsonrpcs params ----- modparam("jsonrpcs", "pretty_format", 1) /* set the path to RPC fifo control file */ # modparam("jsonrpcs", "fifo_name", "/run/kamailio/kamailio_rpc.fifo") /* set the path to RPC unix socket control file */ # modparam("jsonrpcs", "dgram_socket", "/run/kamailio/kamailio_rpc.sock") #!ifdef WITH_JSONRPC modparam("jsonrpcs", "transport", 7) #!endif # ----- ctl params ----- /* set the path to RPC unix socket control file */ # modparam("ctl", "binrpc", "unix:/run/kamailio/kamailio_ctl") # ----- sanity params ----- modparam("sanity", "autodrop", 0) # ----- tm params ----- # auto-discard branches from previous serial forking leg modparam("tm", "failure_reply_mode", 3) # default retransmission timeout: 30sec modparam("tm", "fr_timer", 30000) # default invite retransmission timeout after 1xx: 120sec modparam("tm", "fr_inv_timer", 120000) # ----- rr params ----- # set next param to 1 to add value to ;lr param (helps with some UAs) modparam("rr", "enable_full_lr", 0) # do not append from tag to the RR (no need for this script) modparam("rr", "append_fromtag", 0) # ----- registrar params ----- modparam("registrar", "method_filtering", 1) /* uncomment the next line to disable parallel forking via location */ # modparam("registrar", "append_branches", 0) /* uncomment the next line not to allow more than 10 contacts per AOR */ # modparam("registrar", "max_contacts", 10) /* max value for expires of registrations */ modparam("registrar", "max_expires", 3600) /* set it to 1 to enable GRUU */ modparam("registrar", "gruu_enabled", 0) /* set it to 0 to disable Path handling */ modparam("registrar", "use_path", 1) /* save Path even if not listed in Supported header */ modparam("registrar", "path_mode", 0) # ----- acc params ----- /* what special events should be accounted ? */ modparam("acc", "early_media", 1) modparam("acc", "report_ack", 1) modparam("acc", "report_cancels", 1) /* by default ww do not adjust the direct of the sequential requests. * if you enable this parameter, be sure the enable "append_fromtag" * in "rr" module */ modparam("acc", "detect_direction", 0) /* account triggers (flags) */ modparam("acc", "log_flag", FLT_ACC) modparam("acc", "log_missed_flag", FLT_ACCMISSED) modparam("acc", "log_extra", "callid=$ci;from_user=$dlg_var(fU);from_domain=$dlg_var(fd);src_ip=$dlg_var(si);" "to_user=$dlg_var(tU);to_domain=$dlg_var(td);dst_user=$dlg_var(rU);dst_domain=$dlg_var(rd);diversion_hd=$dlg_var(divh);sip_call_dir=$dlg_var(calldir)") modparam("acc", "log_facility", "LOG_LOCAL0") modparam("acc", "failed_transaction_flag", FLT_ACCFAILED) /* account cdr settings */ modparam("acc", "cdr_enable", 1) modparam("acc", "cdr_log_enable", 1) modparam("acc", "cdr_expired_dlg_enable", 1) modparam("acc", "cdr_facility", "LOG_LOCAL0") modparam("acc", "cdr_extra", "callid=$ci;from_user=$dlg_var(fU);from_domain=$dlg_var(fd);src_ip=$dlg_var(si);" "to_user=$dlg_var(tU);to_domain=$dlg_var(td);dst_user=$dlg_var(rU);dst_domain=$dlg_var(rd);diversion_hd=$dlg_var(divh);" "sip_resp_code=$dlg_var(sipcode);sip_resp_message=$dlg_var(sipmsg);sip_error_dsc=$dlg_var(errordsc);" "tel_cctel=$dlg_var(cctel);tel_ccname=$dlg_var(ccname);tel_ltype=$dlg_var(ltype);tel_ndesc=$dlg_var(ndesc);sip_call_dir=$dlg_var(calldir)") /* enhanced DB accounting */ #!ifdef WITH_ACCDB modparam("acc", "db_flag", FLT_ACC) modparam("acc", "db_missed_flag", FLT_ACCMISSED) modparam("acc", "db_url", DBURL) modparam("acc", "db_extra", "src_user=$fU;src_domain=$fd;src_ip=$si;" "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") #!endif # ----- usrloc params ----- modparam("usrloc", "timer_interval", 60) modparam("usrloc", "timer_procs", 1) modparam("usrloc", "use_domain", MULTIDOMAIN) /* enable DB persistency for location entries */ #!ifdef WITH_USRLOCDB modparam("usrloc", "db_url", DBURL) modparam("usrloc", "db_mode", 2) #!endif # ----- auth_db params ----- #!ifdef WITH_AUTH modparam("auth_db", "db_url", DBURL) modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db", "load_credentials", "") modparam("auth_db", "use_domain", MULTIDOMAIN) # ----- permissions params ----- #!ifdef WITH_IPAUTH modparam("permissions", "db_url", DBURL) modparam("permissions", "load_backends", 1) #!endif #!endif # ----- alias_db params ----- #!ifdef WITH_ALIASDB modparam("alias_db", "db_url", DBURL) modparam("alias_db", "use_domain", MULTIDOMAIN) #!endif # ----- speeddial params ----- #!ifdef WITH_SPEEDDIAL modparam("speeddial", "db_url", DBURL) modparam("speeddial", "use_domain", MULTIDOMAIN) #!endif # ----- domain params ----- #!ifdef WITH_MULTIDOMAIN modparam("domain", "db_url", DBURL) /* register callback to match myself condition with domains list */ modparam("domain", "register_myself", 1) #!endif #!ifdef WITH_PRESENCE # ----- presence params ----- modparam("presence", "db_url", DBURL) # ----- presence_xml params ----- modparam("presence_xml", "db_url", DBURL) modparam("presence_xml", "force_active", 1) #!endif #!ifdef WITH_NAT #!ifdef WITH_RTPENGINE # ----- rtpengine params ----- modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223") modparam("rtpengine", "extra_id_pv", "$avp(rtpeid)") #!else # ----- rtpproxy params ----- modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722") #!endif # ----- nathelper params ----- modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_bflag", FLB_NATSIPPING) modparam("nathelper", "sipping_from", "sip:pinger@kamailio.org") # params needed for NAT traversal in other modules modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)") modparam("usrloc", "nat_bflag", FLB_NATB) #!else #!ifdef WITH_RTPENGINE # ----- rtpengine params ----- modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223") modparam("rtpengine", "extra_id_pv", "$avp(rtpeid)") #!endif #!endif #!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "TLS_CONFIG") #!endif #!ifdef WITH_ANTIFLOOD # ----- pike params ----- modparam("pike", "sampling_time_unit", 2) modparam("pike", "reqs_density_per_unit", 16) modparam("pike", "remove_latency", 4) # ----- htable params ----- /* ip ban htable with autoexpire after 5 minutes */ modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") #!endif #!ifdef WITH_DISPATCHER modparam("dispatcher", "list_file", "DISPATCHER_LIST") modparam("dispatcher", "ds_default_sockname", "intifudp") modparam("dispatcher", "ds_ping_method", "OPTIONS") modparam("dispatcher", "ds_ping_interval", 30) modparam("dispatcher", "ds_ping_from", "sip:PRIVATE_IP4_ADDR") modparam("dispatcher", "ds_ping_reply_codes", "code=200;code=484") modparam("dispatcher", "ds_probing_mode", 1) modparam("dispatcher", "ds_probing_threshold", 1) modparam("dispatcher", "flags", 2) modparam("dispatcher", "xavp_dst", "_dsdst_") modparam("dispatcher", "xavp_ctx", "_dsctx_") #!endif #!ifdef WITH_XHTTP # ----- xhttp params ----- modparam("xhttp", "url_match", "^/status/") #!endif #!ifdef WITH_DEBUG # ----- debugger params ----- modparam("debugger", "cfgtrace", 1) modparam("debugger", "log_level_name", "exec") #!endif #!ifdef WITH_SQLOPS modparam("sqlops","sqlcon","cb=>mysql://DB_USER:DB_PASS@DB_HOST/kamailio") modparam("sqlops", "connect_mode", 2) #!endif #!ifdef WITH_MYSQL modparam("db_mysql", "opt_ssl_mode", 1) #!endif #!ifdef WITH_CUSTOMER_CHECK modparam("permissions", "db_url", DBURL) modparam("auth_db", "db_url", DBURL) #!endif ####### Routing Logic ######## /* Main SIP request routing logic * - processing of any incoming SIP request starts with this route * - note: this is the same as route { ... } */ request_route { # Activate Dialog manage if (!is_method("OPTIONS")) { xlog("L_DEBUG","Incoming Request <$mb>\n"); # activate dialog manage dlg_manage(); } # customer check route(CUSTOMERCHECK); # per request initial checks route(REQINIT); # NAT detection route(NATDETECT); # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) { route(RELAY); } exit; } # handle retransmissions if (!is_method("ACK")) { if(t_precheck_trans()) { t_check_trans(); exit; } t_check_trans(); } # handle requests within SIP dialogs route(WITHINDLG); ### only initial requests (no To tag) # authentication route(AUTH); # record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) { record_route(); } # account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting } # dispatch requests to foreign domains route(SIPOUT); ### requests for my local domains # handle presence related requests route(PRESENCE); # handle registrations route(REGISTRAR); if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # dispatch destinations to PSTN route(PSTN); # user location service route(LOCATION); } # Wrapper for relaying requests route[RELAY] { # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); } if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY"); } if (is_method("INVITE")) { if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE"); } if (is_method("INVITE") && !has_totag()) { if(phonenum_match("$fU", "src")) { if($phn(src=>valid)==1) { $dlg_var(cctel) = $phn(src=>cctel); $dlg_var(ccname) = $phn(src=>ccname); $dlg_var(ltype) = $phn(src=>ltype); $dlg_var(ndesc) = $phn(src=>ndesc); } else { xlog("L_DEBUG","phonenum_match returned 'Not Valid'\n"); $dlg_var(cctel) = ""; $dlg_var(ccname) = ""; $dlg_var(ltype) = ""; $dlg_var(ndesc) = ""; } } $dlg_var(divh) = $di; $dlg_var(fU) = $fU; $dlg_var(fd) = $fd; $dlg_var(si) = $si; $dlg_var(tU) = $tU; $dlg_var(td) = $td; $dlg_var(rU) = $rU; $dlg_var(rd) = $rd; $dlg_var(location) = ""; $dlg_var(sipproto) = ""; $dlg_var(rtpproto) = ""; $dlg_var(dsturi) = ""; $dlg_var(callend) = ""; } #!ifdef WITH_SQLOPS if (is_method("INVITE")) { if (is_myself("$ru") || has_totag()) { if (is_ip_rfc1918("$si")) { if (is_in_subnet("$si", "LOCALSUBNET")) { $dlg_var(location) = "int"; } else { $dlg_var(location) = "vpn"; } } } else { if (sql_xquery("cb", "select location, sipproto, rtpproto from routing where sipdomain = '$rd'", "ra") == 1) { $dlg_var(location) = $xavp(ra=>location); $dlg_var(sipproto) = $xavp(ra=>sipproto); $dlg_var(rtpproto) = $xavp(ra=>rtpproto); sql_result_free("ra"); } } } #!endif #!ifdef WITH_RTPENGINE route(RTPENGINE); #!endif xlog("L_DEBUG","DEBUG: Incoming CallId [$ci] processing user[$rU] in request uri[$ru]\n"); # In-dialog requests, including REINVITE, must follow the Route set established by the initial INVITE. if (has_totag()) { if (is_method("BYE")) { if ($si == $dlg_var(si)) { $dlg_var(callend) = "caller"; } else { $dlg_var(callend) = "called"; } } xlog("L_INFO","INFO: event=rx_request calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='received $rm for $rd'\n"); if (!t_relay()) { $dlg_var(sipcode) = "500"; $dlg_var(sipmsg) = "Internal Server Error"; $dlg_var(errordsc) = "In-dialog request relay failed"; xlog("L_WARN","WARN: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$dlg_var(sipcode) respmess=$dlg_var(sipmsg) cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='t_relay for in-dialog request returned $rc'\n"); send_reply("500", "Internal Server Error"); } exit; } if (is_myself("$ru")) { ### Dispatch Calls to MediaServers $dlg_var(calldir) = "Inbound"; if (dst_port == SIP_INTERNAL_TEST_PORT) { ### Staging xlog("L_DEBUG", "DEBUG: Route call to STAGING\n"); $var(group) = 2; } else { ### Prod xlog("L_DEBUG", "DEBUG: Route call to PROD\n"); $var(group) = 1; } xlog("L_INFO","INFO: event=rx_request calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$du callend=$dlg_var(callend) label='t_relay to Media Server'\n"); if(!ds_select_dst("$var(group)", "4")) { $dlg_var(sipcode) = "503"; $dlg_var(sipmsg) = "Service Unavailable"; $dlg_var(errordsc) = "Routing to MediaServer failed"; xlog("L_WARN", "WARN: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$dlg_var(sipcode) respmess=$dlg_var(sipmsg) cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$du callend=$dlg_var(callend) label='no destination available sending back 503'\n"); send_reply("503", "Service Unavailable"); } else { $dlg_var(dsturi)=$du; xlog("L_INFO","INFO: event=route_decision calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='t_relay to Media Server'\n"); t_on_failure("RTF_DISPATCH"); t_relay(); } } else { if (is_method("INVITE") && !has_totag()) { $dlg_var(calldir) = "Outbound"; } if ($dlg_var(sipproto) == "tcp") { if ($dlg_var(location) == "ext") $fsn = "extiftcp"; else if ($dlg_var(location) == "vpn") $fsn = "intvpntcp"; else $fsn = "intiftcp"; xlog("L_INFO","INFO: event=rx_request calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$rd proto=$dlg_var(sipproto) if=$fsn callend=$dlg_var(callend) label='route to $rd'\n"); if (!t_relay_to_tcp()) { $dlg_var(sipcode) = "503"; $dlg_var(sipmsg) = "Service Unavailable"; $dlg_var(errordsc) = "Routing to foreign domain failed"; xlog("L_WARN","WARN: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$dlg_var(sipcode) respmess=$dlg_var(sipmsg) cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$rd proto=$dlg_var(sipproto) callend=$dlg_var(callend) label='t_relay_to_tcp returned $rc, sending back 503'\n"); send_reply("503", "Service Unavailable"); } exit; } else if ($dlg_var(sipproto) == "tls") { if ($dlg_var(location) == "ext") $fsn = "extiftls"; else if ($dlg_var(location) == "vpn") $fsn = "intvpntls"; else $fsn = "intiftls"; xlog("L_INFO","INFO: event=rx_request calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$rd proto=$dlg_var(sipproto) if=$fsn callend=$dlg_var(callend) label='route to $rd'\n"); if (!t_relay_to_tls()) { $dlg_var(sipcode) = "503"; $dlg_var(sipmsg) = "Service Unavailable"; $dlg_var(errordsc) = "Routing to foreign domain failed"; xlog("L_WARN","WARN: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$dlg_var(sipcode) respmess=$dlg_var(sipmsg) cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$rd proto=$dlg_var(sipproto) callend=$dlg_var(callend) label='t_relay_to_tls returned $rc, sending back 503'\n"); send_reply("503", "Service Unavailable"); } exit; } else if ($dlg_var(sipproto) == "udp") { if ($dlg_var(location) == "ext") $fsn = "extifudp"; else if ($dlg_var(location) == "vpn") $fsn = "intvpnudp"; else $fsn = "intifudp"; } else { $fsn = "extifudp"; } xlog("L_INFO","INFO: event=rx_request calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$rd proto=$dlg_var(sipproto) if=$fsn callend=$dlg_var(callend) label='route to $rd'\n"); if (!t_relay()) { $dlg_var(sipcode) = "503"; $dlg_var(sipmsg) = "Service Unavailable"; $dlg_var(errordsc) = "Routing to foreign domain failed"; xlog("L_WARN","WARN: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$dlg_var(sipcode) respmess=$dlg_var(sipmsg) cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$rd proto=$dlg_var(sipproto) callend=$dlg_var(callend) label='t_relay returned $rc, sending back 503'\n"); send_reply("503", "Service Unavailable"); } } exit; } # Handle Customer IP - URI check route[CUSTOMERCHECK] { #!ifdef WITH_CUSTOMER_CHECK if (is_method("INVITE")) { xlog("L_INFO","allow_trusted: source IP $si, fromURI $fu, requestURI $ru\n"); if (!allow_trusted()) { xlog("L_INFO","allow_trusted: $si - $ru not allowed\n"); $dlg_var(sipcode) = "503"; $dlg_var(sipmsg) = "Service Unavailable"; $dlg_var(errordsc) = "Customer not allowed"; send_reply("503", "Service Unavailable"); exit; } else { xlog("L_INFO","allow_trusted: $si - $ru allowed\n"); } } #!endif return; } # Per SIP request initial checks route[REQINIT] { # no connect for sending replies set_reply_no_connect(); # enforce symmetric signaling # - send back replies to the source address of request force_rport(); #!ifdef WITH_ANTIFLOOD # flood detection from same IP and traffic ban for a while # be sure you exclude checking trusted peers, such as pstn gateways # - local host excluded (e.g., loop to self) if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { # ip is already blocked xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); exit; } if (!pike_check_req()) { xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); $sht(ipban=>$si) = 1; exit; } } #!endif if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent") { # silent drop for scanners - uncomment next line if want to reply # sl_send_reply("200", "OK"); exit; } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(is_method("OPTIONS") && uri==myself && $rU==$null) { sl_send_reply("200","Keepalive"); exit; } if(!sanity_check("17895", "7")) { xlog("Malformed SIP request from $si:$sp\n"); exit; } } # Handle requests within SIP dialogs route[WITHINDLG] { if (!has_totag()) return; # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { route(DLGURI); if (is_method("BYE")) { setflag(FLT_ACC); # do accounting ... setflag(FLT_ACCFAILED); # ... even if the transaction fails } else if ( is_method("ACK") ) { # ACK is forwarded statelessly route(NATMANAGE); } else if ( is_method("NOTIFY") ) { # Add Record-Route for in-dialog NOTIFY as per RFC 6665. record_route(); } route(RELAY); exit; } if (is_method("SUBSCRIBE") && uri == myself) { # in-dialog subscribe requests route(PRESENCE); exit; } if ( is_method("ACK") ) { if ( t_check_trans() ) { # no loose-route, but stateful ACK; # must be an ACK after a 487 # or e.g. 404 from upstream server route(RELAY); exit; } else { # ACK without matching transaction ... ignore and discard exit; } } sl_send_reply("404","Not here"); exit; } # Handle SIP registrations route[REGISTRAR] { if (!is_method("REGISTER")) return; if(isflagset(FLT_NATS)) { setbflag(FLB_NATB); #!ifdef WITH_NATSIPPING # do SIP NAT pinging setbflag(FLB_NATSIPPING); #!endif } if (!save("location")) { sl_reply_error(); } exit; } # User location service route[LOCATION] { #!ifdef WITH_SPEEDDIAL # search for short dialing - 2-digit extension if($rU=~"^[0-9][0-9]$") { if(sd_lookup("speed_dial")) { route(SIPOUT); } } #!endif #!ifdef WITH_ALIASDB # search in DB-based aliases if(alias_db_lookup("dbaliases")) { route(SIPOUT); } #!endif $avp(oexten) = $rU; if (!lookup("location")) { $var(rc) = $rc; route(TOVOICEMAIL); t_newtran(); switch ($var(rc)) { case -1: case -3: send_reply("404", "Not Found"); exit; case -2: send_reply("405", "Method Not Allowed"); exit; } } # when routing via usrloc, log the missed calls also if (is_method("INVITE")) { setflag(FLT_ACCMISSED); } route(RELAY); exit; } # Presence server processing route[PRESENCE] { if(!is_method("PUBLISH|SUBSCRIBE")) return; if(is_method("SUBSCRIBE") && $hdr(Event)=="message-summary") { route(TOVOICEMAIL); # returns here if no voicemail server is configured sl_send_reply("404", "No voicemail service"); exit; } #!ifdef WITH_PRESENCE #!ifdef WITH_MSGREBUILD # apply changes in case the request headers or body were modified msg_apply_changes(); #!endif if (!t_newtran()) { sl_reply_error(); exit; } if(is_method("PUBLISH")) { handle_publish(); t_release(); } else if(is_method("SUBSCRIBE")) { handle_subscribe(); t_release(); } exit; #!endif # if presence enabled, this part will not be executed if (is_method("PUBLISH") || $rU==$null) { sl_send_reply("404", "Not here"); exit; } return; } # IP authorization and user authentication route[AUTH] { #!ifdef WITH_AUTH #!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; } #!endif if (is_method("REGISTER") || from_uri==myself) { # authenticate requests if (!auth_check("$fd", "subscriber", "1")) { auth_challenge("$fd", "0"); exit; } # user authenticated - remove auth header if(!is_method("REGISTER|PUBLISH")) consume_credentials(); } # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (from_uri!=myself && uri!=myself) { sl_send_reply("403","Not relaying"); exit; } #!else # authentication not enabled - do not relay at all to foreign networks #xlog("L_INFO","Outbound Domain\n"); #if(uri!=myself) { # sl_send_reply("403","Not relaying"); # exit; #} #!endif return; } # Caller NAT detection route[NATDETECT] { #!ifdef WITH_NAT if (nat_uac_test("19")) { if (is_method("REGISTER")) { fix_nated_register(); } else { if(is_first_hop()) { set_contact_alias(); } } setflag(FLT_NATS); } #!endif return; } # RTPProxy control and signaling updates for NAT traversal route[NATMANAGE] { #!ifdef WITH_NAT if (is_request()) { if(has_totag()) { if(check_route_param("nat=yes")) { setbflag(FLB_NATB); } } } if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return; #!ifdef WITH_RTPENGINE if(nat_uac_test("8")) { rtpengine_manage("SIP-source-address replace-origin replace-session-connection"); } else { rtpengine_manage("replace-origin replace-session-connection"); } #!else if(nat_uac_test("8")) { rtpproxy_manage("co"); } else { rtpproxy_manage("cor"); } #!endif if (is_request()) { if (!has_totag()) { if(t_is_branch_route()) { add_rr_param(";nat=yes"); } } } if (is_reply()) { if(isbflagset(FLB_NATB)) { if(is_first_hop()) set_contact_alias(); } } if(isbflagset(FLB_NATB)) { # no connect message in a dialog involving NAT traversal if (is_request()) { if(has_totag()) { set_forward_no_connect(); } } } #!endif return; } # URI update for dialog requests route[DLGURI] { #!ifdef WITH_NAT if(!isdsturiset()) { handle_ruri_alias(); } #!endif return; } # Routing to foreign domains route[SIPOUT] { ##if (uri==myself) return; append_hf("P-Hint: outbound\r\n"); route(RELAY); exit; } # PSTN GW routing route[PSTN] { #!ifdef WITH_PSTN # check if PSTN GW IP is defined if (strempty($sel(cfg_get.pstn.gw_ip))) { xlog("SCRIPT: PSTN routing enabled but pstn.gw_ip not defined\n"); return; } # route to PSTN dialed numbers starting with '+' or '00' # (international format) # - update the condition to match your dialing rules for PSTN routing if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$")) return; # only local users allowed to call if(from_uri!=myself) { sl_send_reply("403", "Not Allowed"); exit; } # normalize target number for pstn gateway # - convert leading 00 to + if (starts_with("$rU", "00")) { strip(2); prefix("+"); } if (strempty($sel(cfg_get.pstn.gw_port))) { $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip); } else { $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip) + ":" + $sel(cfg_get.pstn.gw_port); } route(RELAY); exit; #!endif return; } # JSONRPC over HTTP(S) routing #!ifdef WITH_JSONRPC event_route[xhttp:request] { set_reply_close(); set_reply_no_connect(); if(src_ip!=127.0.0.1) { xhttp_reply("403", "Forbidden", "text/html", "Not allowed from $si"); exit; } if ($hu =~ "^/RPC") { jsonrpc_dispatch(); exit; } xhttp_reply("200", "OK", "text/html", "Wrong URL $hu"); exit; } #!endif # Routing to voicemail server route[TOVOICEMAIL] { #!ifdef WITH_VOICEMAIL if(!is_method("INVITE|SUBSCRIBE")) return; # check if VoiceMail server IP is defined if (strempty($sel(cfg_get.voicemail.srv_ip))) { xlog("SCRIPT: VoiceMail routing enabled but IP not defined\n"); return; } if(is_method("INVITE")) { if($avp(oexten)==$null) return; $ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip) + ":" + $sel(cfg_get.voicemail.srv_port); } else { if($rU==$null) return; $ru = "sip:" + $rU + "@" + $sel(cfg_get.voicemail.srv_ip) + ":" + $sel(cfg_get.voicemail.srv_port); } route(RELAY); exit; #!endif return; } failure_route[RTF_DISPATCH] { if (t_is_canceled()) { exit; } ### Next Destination - only for 486/503 or local timeout if (t_check_status("486") or t_check_status("503")) { xlog("L_WARN","WARN: event=route_result calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='attempt to forward to MediaServer failed'\n"); if(ds_next_dst()) { $dlg_var(dsturi)=$du; xlog("L_INFO", "INFO: event=route_decision calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='retry to MediaServer'\n"); t_on_failure("RTF_DISPATCH"); if (!t_relay()) { $dlg_var(sipcode) = "503"; $dlg_var(sipmsg) = "Service Unavailable"; $dlg_var(errordsc) = "Routing to MediaServer failed"; xlog("L_WARN", "WARN: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$dlg_var(sipcode) respmess=$dlg_var(sipmsg) cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$du callend=$dlg_var(callend) label='no destination available sending back 503'\n"); send_reply("503", "Service Unavailable"); exit; } exit; } exit; } ### Next Destination - only for local timeout if (t_branch_timeout() and !t_branch_replied()) { xlog("L_WARN","WARN: event=route_result calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='attempt to forward to MediaServer failed'\n"); if(ds_next_dst()) { $dlg_var(dsturi)=$du; xlog("L_INFO", "INFO: event=route_decision calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='retry to MediaServer'\n"); t_on_failure("RTF_DISPATCH"); if (!t_relay()) { $dlg_var(sipcode) = "503"; $dlg_var(sipmsg) = "Service Unavailable"; $dlg_var(errordsc) = "Routing to MediaServer failed"; xlog("L_WARN", "WARN: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$dlg_var(sipcode) respmess=$dlg_var(sipmsg) cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$du callend=$dlg_var(callend) label='no destination available sending back 503'\n"); send_reply("503", "Service Unavailable"); exit; } exit; } $dlg_var(sipcode) = "503"; $dlg_var(sipmsg) = "Service Unavailable"; $dlg_var(errordsc) = "Routing to MediaServer failed"; xlog("L_WARN", "WARN: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$dlg_var(sipcode) respmess=$dlg_var(sipmsg) cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$du callend=$dlg_var(callend) label='no destination available sending back 503'\n"); send_reply("503", "Service Unavailable"); exit; } } # Manage outgoing branches branch_route[MANAGE_BRANCH] { xdbg("new branch [$T_branch_idx] to $ru\n"); route(NATMANAGE); } # Manage SL responses event_route[sl:filtered-ack] { xlog("sl:filtered-ack ACK to local reply absorbed\n"); xlog("L_DEBUG", "<$mb>\n"); } event_route[sl:local-response] { if(sanity_check("4") and !is_method("OPTIONS|ACK|BYE|CANCEL|REGISTER|PUBLISH")){ $dlg_var(sipcode) = $rs; $dlg_var(sipmsg) = $rr; } xlog("L_DEBUG", "<$mb>\n"); } # Manage incoming replies reply_route { if(!is_method("OPTIONS|ACK|BYE|CANCEL|REGISTER|PUBLISH")){ $dlg_var(sipcode) = $rs; $dlg_var(sipmsg) = $rr; } if(!is_method("OPTIONS")){ xlog("L_DEBUG","Incoming Reply <$mb>\n"); } if(!sanity_check("17604", "6")) { xlog("Malformed SIP response from $si:$sp\n"); drop; } } # Manage incoming replies in transaction context onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); if (t_check_trans()) { xlog("L_INFO", "INFO: event=rx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label=''\n"); } if(status=~"[12][0-9][0-9]") { route(NATMANAGE); } # if (has_body("application/sdp")) { # rtpengine_manage("SIP-source-address replace-origin replace-session-connection"); # } #!ifdef WITH_RTPENGINE route(RTPENGINE); #!endif } # Manage SIP requests send out onsend_route { if ($rs != $null) { xlog("L_INFO", "INFO: event=tx_reply calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='outgoing reply to $sndto(ip):$sndto(port)'\n"); } else { xlog("L_INFO", "INFO: event=tx_request calldirection=$dlg_var(calldir) srcip=$si srcport=$sp callid=$ci ruri=$ru method=$rm respcode=$rs respmess=$rr cseq=$cs fromuser=$fU fromtag=$ft touser=$tU totag=$tt dsturi=$dlg_var(dsturi) callend=$dlg_var(callend) label='outgoing request to $sndto(ip):$sndto(port)'\n"); } } # Manage failure routing cases failure_route[MANAGE_FAILURE] { route(NATMANAGE); if (t_is_canceled()) exit; #!ifdef WITH_BLOCK3XX # block call redirect based on 3xx replies. if (t_check_status("3[0-9][0-9]")) { t_reply("404","Not found"); exit; } #!endif #!ifdef WITH_BLOCK401407 # block call redirect based on 401, 407 replies. if (t_check_status("401|407")) { t_reply("404","Not found"); exit; } #!endif #!ifdef WITH_VOICEMAIL # serial forking # - route to voicemail on busy or no answer (timeout) if (t_check_status("486|408")) { $du = $null; route(TOVOICEMAIL); exit; } #!endif } #!ifdef WITH_RTPENGINE route[SET_RTP_DIRECTION] { # If the Source IP is an RFC1918 address, it's coming from an internal endpoint, so the call is going out if (is_ip_rfc1918("$si")) { if (is_in_subnet("$si", "LOCALSUBNET")) { if ($dlg_var(location) == "int") { $dlg_var(rtp_direction) = "direction=internal direction=internal"; } else if ($dlg_var(location) == "vpn") { $dlg_var(rtp_direction) = "direction=internal direction=intvpn"; } else { $dlg_var(rtp_direction) = "direction=internal direction=external"; } } else { $dlg_var(rtp_direction) = "direction=intvpn direction=internal"; } } else { $dlg_var(rtp_direction) = "direction=external direction=internal"; } } route[SET_RTP_MEDIA] { $dlg_var(rtp_media) = "RTP"; if (is_ip_rfc1918("$si")) { if ($dlg_var(rtpproto) != "") { $dlg_var(rtp_media) = $(dlg_var(rtpproto){s.toupper}); } else { $dlg_var(rtp_media) = ""; } } } route[BUILD_RTPENGINE_PARAMETER] { route(SET_RTP_DIRECTION); # returns $dlg_var(rtp_direction) route(SET_RTP_MEDIA); # returns $dlg_var(rtp_Media) $avp(rtpeid) = $ci + "::" + $ft; $var(rtp_param) = "replace-origin replace-session-connection via-branch=extra " + $dlg_var(rtp_direction) + " " + $dlg_var(rtp_media); xlog("L_INFO", "[RTPENGINE]: id=[$avp(rtpeid)] Param=[$var(rtp_param)]\n"); rtpengine_manage($var(rtp_param)); } route[RTPENGINE] { if ( is_method("INVITE") ) { if ( sdp_content() ) { route(BUILD_RTPENGINE_PARAMETER); } } if ( is_method("ACK") ) { if ( sdp_content() ) { route(BUILD_RTPENGINE_PARAMETER); } } } #!endif #!ifdef WITH_XHTTP event_route[xhttp:request] { xlog("L_INFO", "URL is $hu\n"); xhttp_reply("200", "OK", "text/html","OK - [$si:$sp]"); } #!endif